PKCS11: Fix populating metaobjects at login (#28)

Yubico · Aug 8, 2024 · c02539c · c02539c
1 parent e22085c
commit c02539c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 8 deletions.
diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml
@@ -74,12 +74,12 @@ jobs:
         working-directory: yubihsm-shell/resources/tests/bash
         run: ./cmdline_test.sh $GITHUB_WORKSPACE/yubihsm-shell/build/src/yubihsm-shell $DEFAULT_CONNECTOR_URL
 
-#      - name: run pkcs11-tool tests
-#        working-directory: yubihsm-shell/resources/tests/bash
-#        run: |
-#          echo "connector=$DEFAULT_CONNECTOR_URL" > yubihsm_pkcs11.conf
-#          export YUBIHSM_PKCS11_CONF=`pwd`/yubihsm_pkcs11.conf
-#          ./opensc_test.sh $GITHUB_WORKSPACE/yubihsm-shell/build/pkcs11/yubihsm_pkcs11.so
+      - name: run pkcs11-tool tests
+        working-directory: yubihsm-shell/resources/tests/bash
+        run: |
+          echo "connector=$DEFAULT_CONNECTOR_URL" > yubihsm_pkcs11.conf
+          export YUBIHSM_PKCS11_CONF=`pwd`/yubihsm_pkcs11.conf
+          ./opensc_test.sh $GITHUB_WORKSPACE/yubihsm-shell/build/pkcs11/yubihsm_pkcs11.so
 
       - name: clone the YubicoLabs/yubihsm_sunpkcs11_tests repository
         uses: actions/checkout@v4

diff --git a/pkcs11/yubihsm_pkcs11.c b/pkcs11/yubihsm_pkcs11.c
@@ -6380,6 +6380,15 @@ CK_DEFINE_FUNCTION(CK_RV, C_LoginUser)
   }
 
   list_iterate(&session->slot->pkcs11_sessions, login_sessions);
+  populate_cache_with_data_opaques(session->slot);
+
+  yubihsm_pkcs11_object_desc *authkey_desc =
+    _get_object_desc(session->slot, key_id, YH_AUTHENTICATION_KEY, 0xffff);
+  if (authkey_desc == NULL) {
+    DBG_ERR("Failed to read authentication key info.");
+    goto c_l_out;
+  }
+  session->slot->authkey_domains = authkey_desc->object.domains;
 
   DOUT;
 

diff --git a/resources/tests/bash/opensc_test.sh b/resources/tests/bash/opensc_test.sh
@@ -15,8 +15,8 @@ set -e
 echo "******************* Generation Tests ********************* "
 pkcs11-tool --module $MODULE --login --pin 0001password --keypairgen --id 100 --key-type EC:secp384r1
 pkcs11-tool --module $MODULE --login --pin 0001password --keypairgen --id 2 --key-type EC:prime256v1
-pkcs11-tool --module $MODULE --login --pin 0001password --keypairgen --id 4 --key-type rsa:2048
-pkcs11-tool --module $MODULE --login --pin 0001password --keypairgen --id 5 --key-type rsa:3072
+pkcs11-tool --module $MODULE --login --pin 0001password --keypairgen --id 4 --key-type rsa:2048 --usage-sign
+pkcs11-tool --module $MODULE --login --pin 0001password --keypairgen --id 5 --key-type rsa:3072 --usage-sign
 
 echo "******************* Signing Tests ********************* "
 echo "this is test data" > data.txt