search

kenh / keychain-pkcs11

A shared library that implements a PKCS#11 interface to the Apple Security framework
100 stars 10 forks source link

Fails to find slots #6

Closed mouse07410 closed 4 years ago

mouse07410 commented 4 years ago

MacOS 10.14.6 current/latest security patch applied. Xcode-11.2.1 with Command Line Tools 11.2.

Current master.

$ ./pkcs11_test 
PKCS#11 Version: 2.40
Lib manufacturer: U.S. Naval Research Lab         
Lib description: Keychain PKCS#11 Bridge Library 
Lib version: 1.0
Lib flags: 0
Error getting Slot List
$ lldb pkcs11_test 
(lldb) target create "pkcs11_test"
Current executable set to 'pkcs11_test' (x86_64).
(lldb) run
Process 82225 launched: '/Users/ur20980/src/keychain-pkcs11/pkcs11_test' (x86_64)
2019-11-18 12:03:13.127297-0500 pkcs11_test[82225:6628650] [general] C_GetFunctionList called
2019-11-18 12:03:13.127469-0500 pkcs11_test[82225:6628650] [general] C_GetFunctionList returning CKR_OK
2019-11-18 12:03:13.127477-0500 pkcs11_test[82225:6628650] [general] C_Initialize called
2019-11-18 12:03:13.127481-0500 pkcs11_test[82225:6628650] [general] init was set to NULL
2019-11-18 12:03:13.129897-0500 pkcs11_test[82225:6628650] [general] Program "pkcs11_test" is NOT set to ask for PIN, will let Security ask for the PIN
2019-11-18 12:03:13.129926-0500 pkcs11_test[82225:6628650] [general] Program "pkcs11_test" has the Keychain Certificate slot DISABLED
2019-11-18 12:03:13.129933-0500 pkcs11_test[82225:6628650] [general] C_Initalize returning CKR_OK
2019-11-18 12:03:13.129950-0500 pkcs11_test[82225:6628650] [general] C_GetInfo called
2019-11-18 12:03:13.129957-0500 pkcs11_test[82225:6628650] [general] C_GetInfo returning CKR_OK
PKCS#11 Version: 2.40
Lib manufacturer: U.S. Naval Research Lab         
Lib description: Keychain PKCS#11 Bridge Library 
Lib version: 1.0
Lib flags: 0
2019-11-18 12:03:13.129990-0500 pkcs11_test[82225:6628650] [general] C_GetSlotList called
2019-11-18 12:03:13.129994-0500 pkcs11_test[82225:6628650] [general] tokens_present = true, slot_list = 0x0, slot_num = 0
2019-11-18 12:03:13.130004-0500 pkcs11_test[82225:6628650] [general] Performing identity scan
2019-11-18 12:03:13.143299-0500 pkcs11_test[82225:6628650] [general] We have 14 identities, previously we had 0
2019-11-18 12:03:13.143321-0500 pkcs11_test[82225:6628650] [general] Rebuilding identity list and object tree
2019-11-18 12:03:13.154614-0500 pkcs11_test[82225:6628650] [general] 14 identities found
2019-11-18 12:03:13.154639-0500 pkcs11_test[82225:6628650] [general] Copying identity 1
2019-11-18 12:03:13.160282-0500 pkcs11_test[82225:6628650] [general] Persistent ref SecItemCopyMatching failed: OSStatus -26276
2019-11-18 12:03:13.160405-0500 pkcs11_test[82225:6628650] [general] C_GetSlotList returning CKR_FUNCTION_FAILED
Error getting Slot List
Process 82225 exited with status = 6 (0x00000006) 
(lldb) ^D
$ pkcs11-tool -L
Available slots:
Slot 0 (0x0): Yubico Yubikey 4 OTP+U2F+CCID
  token label        : xxxxxxxxxxx
  token manufacturer : piv_II
  token model        : PKCS#15 emulated
  token flags        : login required, rng, token initialized, PIN initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : fexxxxxxxxxxxxxx
  pin min/max        : 4/8
$
kenh commented 4 years ago

I THINK this has been adequately addressed by the 0.9.5 release. If it isn't, could you open a new issue?