Signing PDF with Pkcs11Interop

[Ebru Sezal]

Hi,

I try to use Pkcs11Interop library for our institutional project. But problem is, when i try to get value from token card, "attempted to read or write protected memory. This is often an indication that other memory is corrupt" error is getting from Pkcs11Interop. I couldn't find any solution. Please help me, thank you in advance.

Project is windows form application which is written with .Net Framework 4.5

Error: system.accessviolationexception {"Attempted to read or write protected memory. This is often an indication that other memory is corrupt."}

Error Stack Trace:  at Net.Pkcs11Interop.HighLevelAPI40.Session.GetAttributeValue(ObjectHandle objectHandle, List`1 attributes)

   at Net.Pkcs11Interop.HighLevelAPI40.Session.GetAttributeValue(ObjectHandle objectHandle, List`1 attributes)

   at EFinImza.Program.Main() in c:\HttpRoot\EFinImza\EFinImza\Program.cs:line 56

   at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)

   at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()

   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

   at System.Threading.ThreadHelper.ThreadStart()

Code is like this:

    static void Main()

        {

            try

            {

                string pkcs11Library = @"C:\Windows\System32\akisp11.dll";

                using (var pkcs11 = new Net.Pkcs11Interop.HighLevelAPI40.Pkcs11(pkcs11Library, false, false))

                {

                    LibraryInfo info = pkcs11.GetInfo();

                    foreach (Slot slot in pkcs11.GetSlotList(false))

                    {

                        SlotInfo slotInfo = slot.GetSlotInfo();

                        if (slotInfo.SlotFlags.TokenPresent)

                        {

                            TokenInfo tokenInfo = slot.GetTokenInfo();

                            Session session = slot.OpenSession(false);

                            String pin = "*****";

                            session.Login(CKU.CKU_USER, pin);

                            // get all objects using empty ObjectAttributes list

                            List<ObjectHandle> handles = session.FindAllObjects(new List<ObjectAttribute>());

                            List<CKA> attrs = new List<CKA>();

                            attrs.Add(CKA.CKA_LABEL);

                            foreach (ObjectHandle handle in handles)

                            {

                                List<ObjectAttribute> oAttrs = session.GetAttributeValue(handle, attrs);   //Error is getting here

                            }

                            session.CloseSession();

                        }

                    }

                    pkcs11.Dispose();

                }

                Application.EnableVisualStyles();

                Application.SetCompatibleTextRenderingDefault(false);

            }

            catch (Exception ex)

            {

                throw ex;

            }

        }

-- 

Saygılarımla / Kind Regards

Ebru SEZALYazılım Uzmanı / Software Specialist

T +90 216 445 93 79M +90 538 407 01 92F +90 216 445 92 87W www.fitsolutions.com.tr

Facebook Twitter LinkedIn Youtube HaritaDaha yeşil bir çevre için, bu mesajı yazdırmadan önce lütfen bir kez daha düşünün.For a greener environment, please reconsider before printing out this document.

[Jaroslav Imrich]

Hello,

as recommended in official documentation [0] before you start using Pkcs11Interop you should get familiar at least with "Chapter 2 - Scope", "Chapter 6 - General overview" and "Chapter 10 - Objects" of PKCS#11 v2.20 [1] specification.

Your code is first finding all objects regardless of their type (keys, certificates etc.) and then tries to read CKA_VALUE attribute of each individual object. CKA_VALUE is not valid attribute for all object types and I guess this might be causing your problems. Of course well behaving unmanaged PKCS#11 library would return CKR_ATTRIBUTE_TYPE_INVALID error instead of segfaulting but there are many poor quality PKCS#11 libraries out there that do not handle such corner cases well.

I recommend you to first read mentioned chapters of specification and then change the search template passed to FindAllObjects() method to search only for specific object types you are really interested in.

[0] https://github.com/Pkcs11Interop/Pkcs11Interop/tree/3.2.0#documentation
[1] https://github.com/Pkcs11Interop/Pkcs11Interop/blob/master/doc/rsa-pkcs11-2.20

Regards, Jaroslav

--
You received this message because you are subscribed to the Google Groups "Pkcs11Interop" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pkcs11interop+unsubscribe@googlegroups.com.
To post to this group, send email to pkcs11...@googlegroups.com.
Visit this group at https://groups.google.com/group/pkcs11interop.

[firdevsk...@hotmail.com]

I have a similar problem with this problem.

List<ObjectHandle> foundPublicKeys = session.FindAllObjects(publicKeyAttributes);

//the end of this code foundPublicKeys.Count = 0
in this part objects ie certificates do not come and I can not find the cause would you help ??