Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-11554

p11tool --list-all displays incorrect object Type (it seems to be guessed from object Label)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-9.3.0
    • gnutls
    • None
    • Low
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:
      When user tries to list objects on token with p11tool and these objects were created by different tool, output displays incorrect object types if certain Label is present.

      Version-Release number of selected component (if applicable):
      gnutls-utils-3.6.14-7.el8_3.x86_64

      How reproducible:
      always

      Steps to Reproduce:
      1. insert token or create software token with softhsm:

      1. softhsm2-util --init-token --slot 0 --so-pin 1234 --pin 123456 --label Token1
        2. create objects on token with pkcs11-tool
      2. pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token1 --pin 123456 -v --key-type rsa:1024
      3. pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token1 --pin 123456 -v --key-type EC:prime256v1
      4. pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token1 --label OpenDNSSEC1 --pin 123456 -v --key-type rsa:1024
      5. pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token1 --label OpenDNSSEC1 --pin 123456 -v --key-type EC:prime256v1
        3. List token to see its URL:
      6. p11tool --list-tokens
        4. list objects with p11tool
      7. p11tool --list-all TOKEN-URL

      Actual results:
      Type of both Public keys with label OpenDNSSEC1 is "Public key (RSA-1024)" while one should be Public key (EC...). Types of Public keys without labels does not contain information about nature of the public key and only says "Public key".

      1. p11tool --list-all
        Object 0:
        URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5a2e89373d269f;token=OpenDNSSEC1;object=OpenDNSSEC1;type=public
        Type: Public key (RSA-1024)
        Label: OpenDNSSEC1
        Flags: CKA_WRAP/UNWRAP;
        ID:

      Object 1:
      URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5a2e89373d269f;token=OpenDNSSEC1;type=public
      Type: Public key
      Label:
      Flags: CKA_WRAP/UNWRAP;
      ID:

      Object 2:
      URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5a2e89373d269f;token=OpenDNSSEC1;type=public
      Type: Public key
      Label:
      Flags: CKA_WRAP/UNWRAP;
      ID:

      Object 3:
      URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=7d5a2e89373d269f;token=OpenDNSSEC1;object=OpenDNSSEC1;type=public
      Type: Public key (RSA-1024)
      Label: OpenDNSSEC1
      Flags: CKA_WRAP/UNWRAP;
      ID:

      Expected results:
      Type of one of the public keys with label OpenDNSSEC1 should be RSA while another one should be EC. p11tool should not guess Type from label.

      Additional info:
      If user generates keys by p11tool and list them with pkcs11-tool there is no such an issue.

              dueno@redhat.com Daiki Ueno
              mhavrila Marek Havrila (Inactive)
              Daiki Ueno Daiki Ueno
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: