Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkcs11-tool --init core dumps or fails to work second time #563

Closed
bnevis-i opened this issue Jul 30, 2020 · 5 comments · Fixed by #572
Closed

pkcs11-tool --init core dumps or fails to work second time #563

bnevis-i opened this issue Jul 30, 2020 · 5 comments · Fixed by #572
Milestone
1.3.2

Comments

@bnevis-i
Copy link

Environment

Board: APL UPSquared with PTT
OS: Ubuntu 20.04 (opensc 0.20.0-3)
tpm2-tss: 4.2.1 (tarball)
tpm2-pkcs11: 1.3.1 (tarball)
tpm2-tools: Not installed
tpm2-abrmd: Not installed

Error message

pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --init-token --label tpmhsm --so-pin (redacted) --pin (redacted)
Using slot 0 with a present token (0x1)
Token successfully initialized
Segmentation fault (core dumped)

pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --init-token --label tpmhsm --so-pin (redacted) --pin (redacted)
Using slot 0 with a present token (0x1)
ERROR: step error: UNIQUE constraint failed: tokens.id
ERROR: Could not add token to db
error: PKCS11 function C_InitToken failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.
@williamcroberts
Copy link
Member

The return seems fine, I have set up so you cannot have N tokens with the same name in a TPM2_PKCS11_STORE. I think the abort is in pkcs11-tool.

Maybe run it valgrind or a debugger to see where it hits the abort call? I cannot reproduce.

@bnevis-i
Copy link
Author

Debugger output:

Using slot 0 with a present token (0x1)
Token successfully initialized

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff731e94e in twist_len (tstring=0x0) at src/lib/twist.c:157
157		size_t len = str->end - str->data;
(gdb) bt
#0  0x00007ffff731e94e in twist_len (tstring=0x0) at src/lib/twist.c:157
#1  0x00007ffff73176a5 in tpm_loadobj (ctx=0x5555555aabe0, phandle=4293479, auth=0x0, pub_data=0x0, priv_data=0x0, 
    handle=0x5555555aebc8) at src/lib/tpm.c:793
#2  0x00007ffff73106aa in session_ctx_login (ctx=0x5555555ad590, user=1, pin=0x7fffffffe39b "123456", pinlen=6)
    at src/lib/session_ctx.c:285
#3  0x00007ffff72f8fe0 in C_Login (session=72057594037927936, user_type=1, pin=0x7fffffffe39b "123456", pin_len=6)
    at src/pkcs11.c:451
#4  0x000055555555ef9a in ?? ()
#5  0x000055555555bec0 in ?? ()
#6  0x00007ffff78fc0b3 in __libc_start_main (main=0x55555555b420, argc=10, argv=0x7fffffffdfa8, init=<optimized out>, 
    fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdf98) at ../csu/libc-start.c:308
#7  0x000055555555e78e in ?? ()
(gdb) l
152	
153	size_t twist_len(twist tstring) {
154	
155		twist_hdr *str = from_twist_to_hdr(tstring);
156	
157		size_t len = str->end - str->data;
158		return len;
159	}
160	
161	twist twist_dup(twist tstring) {
(gdb) p *str
Cannot access memory at address 0xfffffffffffffff8
(gdb) p str
$1 = (twist_hdr *) 0xfffffffffffffff8
(gdb) p tstring
$2 = (twist) 0x0
(gdb) frame 1
#1  0x00007ffff73176a5 in tpm_loadobj (ctx=0x5555555aabe0, phandle=4293479, auth=0x0, pub_data=0x0, priv_data=0x0, 
    handle=0x5555555aebc8) at src/lib/tpm.c:793
793	    size_t len = twist_len(pub_data);
(gdb) list
788	        uint32_t phandle, twist auth,
789	        twist pub_data, twist priv_data,
790	        uint32_t *handle) {
791	
792	    TPM2B_PUBLIC pub = { .size = 0 };
793	    size_t len = twist_len(pub_data);
794	
795	    size_t offset = 0;
796	    TSS2_RC rval = Tss2_MU_TPM2B_PUBLIC_Unmarshal((uint8_t *)pub_data, len, &offset, &pub);
797	    if (rval != TSS2_RC_SUCCESS) {
(gdb) frame 2
#2  0x00007ffff73106aa in session_ctx_login (ctx=0x5555555ad590, user=1, pin=0x7fffffffe39b "(redacted)", pinlen=6)
    at src/lib/session_ctx.c:285
285	    bool res = tpm_loadobj(tpm, pobj_handle, pobjauth, sealpub, sealpriv, &sealobj->handle);
(gdb) l
280	    twist sealpriv = is_user(user) ? sealobj->userpriv : sealobj->sopriv;
281	
282	    uint32_t pobj_handle = tok->pobject.handle;
283	    twist pobjauth = tok->pobject.objauth;
284	
285	    bool res = tpm_loadobj(tpm, pobj_handle, pobjauth, sealpub, sealpriv, &sealobj->handle);
286	    if (!res) {
287	        goto error;
288	    }
289

@williamcroberts
Copy link
Member

williamcroberts commented Jul 31, 2020
edited
Loading

I see what the problem is. Trying to log into a token (--pin implicitly does a user login) before the user object is set up causes this condition. You need to call inittoken and then setpin initpin, but this should still be fixed (obviously).

williamcroberts pushed a commit to williamcroberts/tpm2-pkcs11 that referenced this issue Jul 31, 2020
C_Login: fix segfault when user pin not setup
f5b61ec 
A coomand like:
pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --init-token --label tpmhsm --so-pin foo --pin bar

Will cuase a C_Login even becuase --pin is specified. However, C_InitPIN
has not been called to initialize the userpin. This causes a NPD when
trying to load the user sealobjects public and private blobs.

Fixes: tpm2-software#563

Signed-off-by: William Roberts <william.c.roberts@intel.com>
@williamcroberts williamcroberts mentioned this issue Jul 31, 2020
Merged
williamcroberts pushed a commit to williamcroberts/tpm2-pkcs11 that referenced this issue Jul 31, 2020
C_Login: test for segfault when user pin not setup
c26f5f4 
A comand like:
pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --init-token --label tpmhsm --so-pin foo --pin bar

Will cuase a C_Login even becuase --pin is specified. However, C_InitPIN
has not been called to initialize the userpin. This causes a NPD when
trying to load the user sealobjects public and private blobs.

Related-to: tpm2-software#563

Signed-off-by: William Roberts <william.c.roberts@intel.com>
@williamcroberts williamcroberts mentioned this issue Jul 31, 2020
Closed
williamcroberts pushed a commit to williamcroberts/tpm2-pkcs11 that referenced this issue Jul 31, 2020
C_Login: fix segfault when user pin not setup
2330c4e 
A command like:
pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --init-token --label tpmhsm --so-pin foo --pin bar

Will cause a C_Login event becuase --pin is specified. However, C_InitPIN
has not been called to initialize the userpin. This causes an NPD when
trying to load the user sealobjects public and private blobs.

Fixes: tpm2-software#563

Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts pushed a commit to williamcroberts/tpm2-pkcs11 that referenced this issue Jul 31, 2020
C_Login: test for segfault when user pin not setup
bc763bf 
A command like:
pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --init-token --label tpmhsm --so-pin foo --pin bar

Will cause a C_Login event becuase --pin is specified. However, C_InitPIN
has not been called to initialize the userpin. This causes an NPD when
trying to load the user sealobjects public and private blobs.

Relates-to: tpm2-software#563

Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts pushed a commit to williamcroberts/tpm2-pkcs11 that referenced this issue Jul 31, 2020
C_Login: test for segfault when user pin not setup
43898f2 
A command like:
pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --init-token --label tpmhsm --so-pin foo --pin bar

Will cause a C_Login event becuase --pin is specified. However, C_InitPIN
has not been called to initialize the userpin. This causes an NPD when
trying to load the user sealobjects public and private blobs.

Relates-to: tpm2-software#563

Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts pushed a commit to williamcroberts/tpm2-pkcs11 that referenced this issue Jul 31, 2020
C_Login: fix segfault when user pin not setup
0c5e949 
A command like:
pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --init-token --label tpmhsm --so-pin foo --pin bar

Will cause a C_Login event because --pin is specified. However, C_InitPIN
has not been called to initialize the userpin. This causes an NPD when
trying to load the user sealobjects public and private blobs.

Fixes: tpm2-software#563

Signed-off-by: William Roberts <william.c.roberts@intel.com>
@williamcroberts
Copy link
Member

FYI this was fixed on master with aabb304. I have a fix + test on 1.X for 1.3.2 release and a test on master

@williamcroberts williamcroberts added this to the 1.3.2 milestone Jul 31, 2020
@williamcroberts williamcroberts linked a pull request Jul 31, 2020 that will close this issue
various fixes #572
Merged
@williamcroberts
Copy link
Member

williamcroberts commented Jul 31, 2020
edited
Loading

Theirs actually second bug in the ERROR: step error: UNIQUE constraint failed: tokens.id. That causes the token to be free'd and thus a mutex to be freed that is currently held. Ill have a fix for this coming up to.

williamcroberts pushed a commit to williamcroberts/tpm2-pkcs11 that referenced this issue Jul 31, 2020
C_Login: fix segfault when user pin not setup
dc0b0d7 
A command like:
pkcs11-tool --module /usr/lib/libtpm2_pkcs11.so --init-token --label tpmhsm --so-pin foo --pin bar

Will cause a C_Login event because --pin is specified. However, C_InitPIN
has not been called to initialize the userpin. This causes an NPD when
trying to load the user sealobjects public and private blobs.

Fixes: tpm2-software#563
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.3.2
Development

Successfully merging a pull request may close this issue.

various fixes williamcroberts/tpm2-pkcs11
2 participants
@williamcroberts @bnevis-i