cardcontact / sc-hsm-embedded Goto Github PK

View Code? Open in Web Editor NEW

94.0 94.0 31.0 22 MB

PKCS#11 and CSP-Minidriver library for the SmartCard-HSM and STARCOS based signature cards

License: BSD 3-Clause "New" or "Revised" License

Shell 0.07% C 96.52% XSLT 1.30% HTML 0.27% JavaScript 1.48% Batchfile 0.04% Makefile 0.20% M4 0.12%

sc-hsm-embedded's People

Contributors

Stargazers

Watchers

sc-hsm-embedded's Issues

Client authentication in Firefox fails for RSA keys with TLS1.3

TLS 1.3 requires the use of RSA PSS for client authentication. Firefox uses CKM_RSA_PKCS_PSS, while the module provides for CKM_SHA1_RSA_PKCS_PSS and CKM_SHA256_RSA_PKCS_PSS as well as two proprietary modes CKM_SC_HSM_PSS_SHA1 and CKM_SC_HSM_PSS_SHA256.

The missing CKM_RSA_PKCS_PSS maps to CKM_SC_HSM_PSS_SHA1 and CKM_SC_HSM_PSS_SHA256 depending on the hash length passed in as parameter to the function.

Android support

Is there any way to add support for android (arm64-v8 or other) as well?

Currently when attempting to cross-compile for arm64 android, I'm running into the error that libpcsclite is not able to be located. The android ndk toolchain does not currently provide pcsc libraries. Do you know if there is a workaround for this to build this for arm64 android?

BNotK Cards not recognized after fd5b2a6

Commit fd5b2a6 changed the card driver selection to cards with a known ATR. As the ATR changed between the development samples and release cards, the new ATR was not recognized.

Label is always SmartCard-HSM

The HSM label is always 'SmartCard-HSM' and not the label set when initializing the HSM.

When initializing the HSM with a specific label:

sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares 1 --label 'hsm2'

It is not shown as the token label:

pkcs11-tool --module /usr/lib/libsc-hsm-pkcs11.so --login --pin 648219 --list-slots

Output:

Available slots:
Slot 0 (0xd): Lenovo Integrated Smart Card Reader 03 00
  (empty)
Slot 1 (0x1): Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
  token label        : SmartCard-HSM
  token manufacturer : CardContact (www.cardcontact.de)
  token model        : SmartCard-HSM
  token flags        : readonly, login required, PIN initialized, token initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : 
Slot 2 (0x5): Nitrokey Nitrokey HSM (010000000000000000000000) 01 00
  token label        : SmartCard-HSM
  token manufacturer : CardContact (www.cardcontact.de)
  token model        : SmartCard-HSM
  token flags        : readonly, login required, PIN initialized, token initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : 
Slot 3 (0x9): Nitrokey Nitrokey HSM (010000000000000000000000) 02 00
  token label        : SmartCard-HSM
  token manufacturer : CardContact (www.cardcontact.de)
  token model        : SmartCard-HSM
  token flags        : readonly, login required, PIN initialized, token initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         :

The OpenSC module does show the label:

Available slots:
Slot 0 (0x0): Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
  token label        : hsm3 (UserPIN)
  token manufacturer : www.CardContact.de
  token model        : PKCS#15 emulated
  token flags        : rng, login required, PIN initialized, token initialized
  hardware version   : 24.13
  firmware version   : 2.0
  serial num         : DENK0100485
Slot 1 (0x4): Nitrokey Nitrokey HSM (010000000000000000000000) 01 00
  token label        : hsm2 (UserPIN)
  token manufacturer : www.CardContact.de
  token model        : PKCS#15 emulated
  token flags        : rng, login required, PIN initialized, token initialized
  hardware version   : 24.13
  firmware version   : 2.0
  serial num         : DENK0100436
Slot 2 (0x8): Nitrokey Nitrokey HSM (010000000000000000000000) 02 00
  token label        : hsm1 (UserPIN)
  token manufacturer : www.CardContact.de
  token model        : PKCS#15 emulated
  token flags        : rng, login required, PIN initialized, token initialized
  hardware version   : 24.13
  firmware version   : 2.0
  serial num         : DENK0100186
Slot 3 (0xc): Lenovo Integrated Smart Card Reader 03 00
  (empty)

This is problematic when using multiple HSM's with mod_nss:

certutil -d /etc/nss/db -h all -L

Output:

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

Enter Password or Pin for "SmartCard-HSM":
Enter Password or Pin for "SmartCard-HSM":
Enter Password or Pin for "SmartCard-HSM":
[...]
SmartCard-HSM:rsa2048                                        u,u,u
SmartCard-HSM:rsa2048                                        u,u,u
SmartCard-HSM:rsa2048                                        u,u,u
SmartCard-HSM:ECprime256v1                                   u,u,u
SmartCard-HSM:ECprime256v1                                   u,u,u
SmartCard-HSM:ECprime256v1                                   u,u,u
SmartCard-HSM:rsa1024                                        u,u,u
SmartCard-HSM:rsa1024                                        u,u,u
SmartCard-HSM:rsa1024                                        u,u,u

modutil -list -dbdir /etc/nss/db/

Output:

  2. hsm
  library name: /usr/lib/libsc-hsm-pkcs11.so
   slots: 4 slots attached
  status: loaded

   slot: Lenovo Integrated Smart Card Reader 03 00
  token: 

   slot: Nitrokey Nitrokey HSM (010000000000000000000000) 00 00
  token: SmartCard-HSM

   slot: Nitrokey Nitrokey HSM (010000000000000000000000) 01 00
  token: SmartCard-HSM

   slot: Nitrokey Nitrokey HSM (010000000000000000000000) 02 00
  token: SmartCard-HSM

It is impossible to select different HSM's in mod_nss now, thus not allowing for load balancing on the same host.

It's set here:

https://github.com/CardContact/sc-hsm-embedded/blob/master/src/pkcs11/token-sc-hsm.c#L1018

Input exceeding the APDU buffer truncated when signing

For signing algorithms that support hashing in the card, the input is silently truncated if the message size exceeds the APDU buffer size. This leads to a failing signature verification.

Applications should take care to verify created signatures, if card bases hashing is used and middleware should ensure that messages exceeding the APDU buffer are rejected.

SC-HSM PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) on OpenSC 0.21 & 0.22

Bonjour Community & Support,

I have SmartCard-HSM with an RSA-2048 bit key and certificate which fails with pkcs11-tool (OpenSC version 0.21 & 0.22) and receive
PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) on OpenSC 0.21 & 0.22

but works perfectly fine with pkcs11-tool (OpenSC version 0.15)

################################################################
OUTPUT on OpenSC 0.21 & 0.22 on Debian 11

pkcs11-tool -l -t
Using slot 0 with a present token (0x0)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
seeding (C_SeedRandom) not supported
seems to be OK
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signatures (currently only for RSA)
testing key 0 (httpdcert)
error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.

################################################################

################################################################
OUTPUT on OpenSC 0.15 on Windows Server 2019
C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs11-tool.exe -t -l
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN: 2022-01-20 12:34:47.201 cannot lock memory, sensitive data may be paged to disk
C_SeedRandom() and C_GenerateRandom():
seeding (C_SeedRandom) not supported
seems to be OK
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signatures (currently only RSA signatures)
testing key 0 (httpdcert)
all 4 signature functions seem to work
testing signature mechanisms:
RSA-X-509: OK
RSA-PKCS: OK
SHA1-RSA-PKCS: OK
MD5-RSA-PKCS: OK
RIPEMD160-RSA-PKCS: OK
SHA256-RSA-PKCS: OK
Verify (currently only for RSA):
testing key 0 (httpdcert)
RSA-X-509: OK
RSA-PKCS: OK
SHA1-RSA-PKCS: OK
MD5-RSA-PKCS: OK
RIPEMD160-RSA-PKCS: OK
Unwrap: not implemented
Decryption (RSA)
testing key 0 (httpdcert)
RSA-X-509: OK
RSA-PKCS: OK
No errors

C:\Program Files (x86)\OpenSC Project\OpenSC\tools>

File sc-hsm-minidriver.vcxproj not found

File solution file sc-hsm-embedded.sln references to an inexistent sc-hsm-minidriver\sc-hsm-minidriver.vcxproj. ¿How can I build the minidriver?

Regards

Use static slot id bound to reader name

Slot ids are allocated sequentially when readers are detected or virtual slots are created. Therefore slot ids may change if the reader detection or card insertion occurs in different sequence.

This issue can be resolved if the slot id is derived from the reader name, e.g. using a CRC32 over the reader name reported by PC/SC. Virtual slots for that reader will get an incremented slot id.

As the slot id may not be unique, this feature must be explicitly enabled by defining the PKCS11_READER_FILTER environment variable (e.g. PKCS11_READER_FILER=*)

[probably a bug] ECDSA (NIST P-384)/SHA384-signed certificates are not recognized on Windows 10

Description of the problem: If the HSM token hosts both RSA and ECDSA certificates (the latter based on NIST P-384 curve and signed by SHA-384), only the RSA-based ones are detected by Windows.

Note: It is not clear what causes the problem. Consider this issue primarily as a request for comment.

Expected result: ECDSA certificates to be accessible as Windows Digital IDs

Is reproducible: Yes, always (three fresh Windows 10 Pro and one Windows 10 Enterprise installations are currently being examined)

Environment: Freshly installed Windows 10 Pro/Enterprise with all security updates applied; OpenSC 0.24, shm-middleware-x64-2.12, SHA-384 and SHA-512 support is added to the Registry.

Other symptoms: Mozilla Firefox and Thunderbird are capable of displaying all certificates installed in the token (both RSA and ECDSA-based) and operating with them, provided the correct PKCS#11 module is configured with the NSS (either sc-hsm-pkcs11.dll or opensc-pkcs11.dll). Google Chrome, Brave, and Microsoft Edge can operate only with the RSA-based certificates hosted by the token. Adobe Acrobat can operate with the RSA-based certificates natively (no custom PKCS#11 provider is configured). If PKCS#11 provider is loaded in Adobe Acrobat (either sc-hsm-pkcs11.dll or opensc-pkcs11.dll), the ECDSA-based certificates become visible in the list with DigitalIDs, but due to the limitation of Adobe Acrobat and its well-know lack of cryptography support, those ECDSA certificates cannot be used for signing through any PKCS#11 provider (correct me if I am wrong). FoxitReader cannot utilize ECDSA certificates at all (regardless of the provider).

Logs and tests: (see the attached file - output generated by The Microsoft Smart Card Resource Manager) It misses to show two ECDSA-based certificates installed inside the token and shows information only about the RSA-based certificates stored there.
log_windows_ecdsa_sha384_issues.log

sc-hsm-pkcs11-test reports 7 test failures on Nitrokey HSM2 3.4

This is Nitrokey HSM2 running:

SmartCard-HSM Version 3.4 on JCOP 3 Free memory 81356 byte

Using https://github.com/CardContact/sc-hsm-embedded/tree/1498977b9512547a1b240c436604ac89df8973b6 like this:

 ./sc-hsm-pkcs11-test --module /usr/local/lib/libsc-hsm-pkcs11.so --pin 111111

gives me the following output:

Script started on Wed Oct 21 20:58:59 2020
Command: ./sc-hsm-pkcs11-test --module /usr/local/lib/libsc-hsm-pkcs11.so --pin 111111
PKCS11 unit test running.
Calling C_GetFunctionList Calling C_Initialize - CKR_OK : Passed
Calling C_GetInfo - CKR_OK : Passed
Calling C_GetSlotList - CKR_OK : Passed
Calling C_GetSlotInfo for slot 1 - CKR_OK : Passed
Slot manufacturer: CardContact
Slot ID : Slot description: 1 : Nitrokey Nitrokey HSM (DENK01037780000         ) 00 00
Slot flags: 7
Calling C_GetTokenInfo - CKR_OK : Passed
Token label       : DEV2
Token manufacturer: CardContact (www.cardcontact.de)
Token model       : SmartCard-HSM
Token flags       : 40d
Calling C_OpenSession - CKR_OK : Passed
Calling C_OpenSession - CKR_OK : Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 2 - Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 0 - Passed
Calling C_CloseSession - CKR_OK : Passed
Calling C_CloseSession with wrong handle - CKR_SESSION_HANDLE_INVALID : Passed
Calling C_CloseSession - CKR_OK : Passed
Calling C_OpenSession - CKR_OK : Passed
Calling C_OpenSession - CKR_OK : Passed
Calling C_Login(SO) - CKR_SESSION_READ_ONLY_EXISTS : Passed
Calling C_Login(SO) - CKR_SESSION_READ_ONLY : Passed
Calling C_Login(USER) - CKR_OK : Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 3 - Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 1 - Passed
Calling C_OpenSession - CKR_OK : Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 3 - Passed
Calling C_CloseSession - CKR_OK : Passed
Calling C_Logout - CKR_OK : Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 2 - Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 0 - Passed
Calling C_CloseAllSessions - CKR_OK : Passed
- CKR_OK : Passed
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
  CKA_CLASS = 1 [0x1]
  CKA_TOKEN = TRUE [1]
  CKA_PRIVATE = FALSE [0]
  CKA_LABEL = 432E446576417574 "C.DevAut"
  CKA_VALUE = 7F2181E47F4E819D5F290100420D444544494E4B303130303030317F494F060A04007F000702020202038641046057FB1A4BAC0BA9E22F7EB064416AD7E4D9ABE1820CEC04E2BDFBC0EF0A6F037E3F2CCB882E9055A6B93EDB9E9D59908663BA6C9143603B0FFAF2CDE6DD09575F201044454E4B3031303337373830303030307F4C10060B2B0601040181C31F0301015301005F25060200000301075F24060203010002055F3740265BF746F538D630334EC1F9448B86131D83F8A51A1456CD8E933F45DE21E7A22023288A470F611C88B9D4D088FFD94A92AFBFCFD8F8BC5B050DB2ED2F03A7B8
  CKA_CERTIFICATE_TYPE = 2147483649 [0x80000001]
  CKA_CERTIFICATE_CATEGORY = 1 [0x1]
  CKA_TRUSTED = FALSE [0]
  CKA_MODIFIABLE = FALSE [0]
  CKA_CVC_INNER_CAR = 444544494E4B30313030303031 "DEDINK0100001"
  CKA_CVC_CHR = 44454E4B303130333737383030303030 "DENK010377800000"
  CKA_CVC_CED = 020000030107
  CKA_CVC_CXD = 020301000205
  CKA_CVC_CHAT = 060B2B0601040181C31F030101530100
Calling C_FindObjects - CKR_OK : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
  CKA_CLASS = 1 [0x1]
  CKA_TOKEN = TRUE [1]
  CKA_PRIVATE = FALSE [0]
  CKA_LABEL = 432E44494341 "C.DICA"
  CKA_VALUE = 7F2181E27F4E819B5F290100420E44455352434143433130303030317F494F060A04007F000702020202038641049D49CD087301C950E17E52D4BBCE94E609CC7842B89B23CBA7916CCCDAF38EF21D42F5DAE5340A2408792017393AE288AF34E248214770CE7DD63FD31D99A3585F200D444544494E4B303130303030317F4C10060B2B0601040181C31F0301015301805F25060105010002065F24060203010002055F37406D599B539CA77221D1A133BEDCAF0DE1CC102680D50E1D5960070A3DB9E31F128075C22B2CC194857A4D6490DE00B2AE1FF2C39262A8BC4EA4E5394CC129D0BA
  CKA_CERTIFICATE_TYPE = 2147483649 [0x80000001]
  CKA_CERTIFICATE_CATEGORY = 2 [0x2]
  CKA_TRUSTED = TRUE [1]
  CKA_MODIFIABLE = FALSE [0]
  CKA_CVC_INNER_CAR = 4445535243414343313030303031 "DESRCACC100001"
  CKA_CVC_CHR = 444544494E4B30313030303031 "DEDINK0100001"
  CKA_CVC_CED = 010501000206
  CKA_CVC_CXD = 020301000205
  CKA_CVC_CHAT = 060B2B0601040181C31F030101530180
Calling C_FindObjects - CKR_OK : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
  CKA_CLASS = 1 [0x1]
  CKA_TOKEN = TRUE [1]
  CKA_PRIVATE = FALSE [0]
  CKA_LABEL = 4B65793031 "Key01"
  CKA_VALUE = 308202F3308201DBA003020102020900B327AEAB3198E5B6300D06092A864886F70D01010B05003010310E300C06035504030C055465737431301E170D3230313031333037333630395A170D3231313031333037333630395A3010310E300C06035504030C05546573743130820122300D06092A864886F70D01010105000382010F003082010A0282010100CB7272C9E0C4079B95E7EB08CCCA814985945EC7922C0B5E75BE953D77003CF7707835ACCDB988F996E399EF1CE4699272BCEDF4B7A4B6362B4EB6956454652535016C945C44E0A0D7297B2BBF13B8906AD835E504FEBFDD82B1A38CA1783DE1A1FB33816CFE41456DD27A53735285D4B43F12F6A54380234A6185689102FA15E86D45A7E7B985633D1F1D68D7AB31290BD6CE09553623D791E8EF125F5F4D568846F1820EF4A3AFDFF6FA31135F4C8BE5CBAA73703043C2A6C5C8132CF32B22D771321B263DF2735AE8A99755D9E6EA10D54465DAF829F19D5E48E6A40E28C2C610FCF2242CE5F273E9197E2A9E46BA38168E4B80DD7F45AADD95FF12F89D4D0203010001A350304E301D0603551D0E0416041442118753D8E9CE35C88AEB9AF9A8EDE09E3E38B1301F0603551D2304183016801442118753D8E9CE35C88AEB9AF9A8EDE09E3E38B1300C0603551D13040530030101FF300D06092A864886F70D01010B050003820101008E930085D24F3FDA8B4CF29E6AD9DF7451B61A48816EC01860A0CDC1700A263F0F6B15F0BC6B86AA75A146E4C74F38206DAB335F8656994EA8384BF26F13B722ECDD5CDCB8056C7ED700A27FCFCEEDCC82F8032D50FBF93F0344F43949EF74F19DD0058FE7EB779DB040B8284C694D6928518A4B67FF75562EC8B4434195D971A6BA46D26039808A3244FAE3F010E3414ABFC64C4C7253CCB25B4429436677AC77A5B8813EA4EE4B284A5E871BDB3A231EB6EBB6F5A8D42F427EA13BCA1CFDB83F27EC6A0B47EF6C26C564A818F784CBC6629E1B3A0EA15970DAEC9198ACB0C85E129432276BC4D8FF77AD67486A51F7B6BF1EC116F9F728A998D31987B8472D
  CKA_CERTIFICATE_TYPE = 0 [0x0]
  CKA_CERTIFICATE_CATEGORY = 1 [0x1]
  CKA_ISSUER = 3010310E300C06035504030C055465737431
  CKA_SERIAL_NUMBER = 020900B327AEAB3198E5B6
  CKA_TRUSTED = FALSE [0]
  CKA_SUBJECT = 3010310E300C06035504030C055465737431
  CKA_ID = 01
  CKA_MODIFIABLE = TRUE [1]
Calling C_FindObjects - CKR_OK : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
  CKA_CLASS = 2 [0x2]
  CKA_TOKEN = TRUE [1]
  CKA_PRIVATE = FALSE [0]
  CKA_LABEL = 4B65793031 "Key01"
  CKA_TRUSTED = FALSE [0]
  CKA_KEY_TYPE = CKK_RSA
  CKA_ID = 01
  CKA_ENCRYPT = TRUE [1]
  CKA_WRAP = FALSE [0]
  CKA_VERIFY = TRUE [1]
  CKA_VERIFY_RECOVER = TRUE [1]
  CKA_DERIVE = FALSE [0]
  CKA_MODULUS = CB7272C9E0C4079B95E7EB08CCCA814985945EC7922C0B5E75BE953D77003CF7707835ACCDB988F996E399EF1CE4699272BCEDF4B7A4B6362B4EB6956454652535016C945C44E0A0D7297B2BBF13B8906AD835E504FEBFDD82B1A38CA1783DE1A1FB33816CFE41456DD27A53735285D4B43F12F6A54380234A6185689102FA15E86D45A7E7B985633D1F1D68D7AB31290BD6CE09553623D791E8EF125F5F4D568846F1820EF4A3AFDFF6FA31135F4C8BE5CBAA73703043C2A6C5C8132CF32B22D771321B263DF2735AE8A99755D9E6EA10D54465DAF829F19D5E48E6A40E28C2C610FCF2242CE5F273E9197E2A9E46BA38168E4B80DD7F45AADD95FF12F89D4D
  CKA_MODULUS_BITS = 2048 [0x800]
  CKA_PUBLIC_EXPONENT = 010001
  CKA_LOCAL = TRUE [1]
  CKA_KEY_GEN_MECHANISM = -1 [0xFFFFFFFF]
  CKA_MODIFIABLE = TRUE [1]
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 2 - Passed
Calling C_Login User - CKR_OK : Passed
Find a private key after loginCalling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
- CKR_OK : Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 3 - Passed
Calling C_Logout - CKR_OK : Passed
Find a private key after logoutCalling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
- CKR_ARGUMENTS_BAD : Passed
C_SignInit - CKR_KEY_HANDLE_INVALID : Passed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 2 - Passed
Calling C_GetTokenInfo Token flags 40d - Passed
Calling C_Login User - CKR_OK : Failed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 3 - Failed
Calling C_GetTokenInfo Token flags 40d - Failed
Calling C_Login User - CKR_USER_ALREADY_LOGGED_IN : Failed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 3 - Failed
Calling C_GetTokenInfo Token flags 40d - Failed
Calling C_Login User - CKR_USER_ALREADY_LOGGED_IN : Failed
Calling C_GetSessionInfo - CKR_OK : Passed
Session state 3 - Passed
Calling C_GetTokenInfo Token flags 40d - Passed
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
  CKA_CLASS = 1 [0x1]
  CKA_TOKEN = TRUE [1]
  CKA_PRIVATE = FALSE [0]
  CKA_LABEL = 432E446576417574 "C.DevAut"
  CKA_VALUE = 7F2181E47F4E819D5F290100420D444544494E4B303130303030317F494F060A04007F000702020202038641046057FB1A4BAC0BA9E22F7EB064416AD7E4D9ABE1820CEC04E2BDFBC0EF0A6F037E3F2CCB882E9055A6B93EDB9E9D59908663BA6C9143603B0FFAF2CDE6DD09575F201044454E4B3031303337373830303030307F4C10060B2B0601040181C31F0301015301005F25060200000301075F24060203010002055F3740265BF746F538D630334EC1F9448B86131D83F8A51A1456CD8E933F45DE21E7A22023288A470F611C88B9D4D088FFD94A92AFBFCFD8F8BC5B050DB2ED2F03A7B8
  CKA_CERTIFICATE_TYPE = 2147483649 [0x80000001]
  CKA_CERTIFICATE_CATEGORY = 1 [0x1]
  CKA_TRUSTED = FALSE [0]
  CKA_MODIFIABLE = FALSE [0]
  CKA_CVC_INNER_CAR = 444544494E4B30313030303031 "DEDINK0100001"
  CKA_CVC_CHR = 44454E4B303130333737383030303030 "DENK010377800000"
  CKA_CVC_CED = 020000030107
  CKA_CVC_CXD = 020301000205
  CKA_CVC_CHAT = 060B2B0601040181C31F030101530100
Calling C_FindObjects - CKR_OK : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
  CKA_CLASS = 1 [0x1]
  CKA_TOKEN = TRUE [1]
  CKA_PRIVATE = FALSE [0]
  CKA_LABEL = 432E44494341 "C.DICA"
  CKA_VALUE = 7F2181E27F4E819B5F290100420E44455352434143433130303030317F494F060A04007F000702020202038641049D49CD087301C950E17E52D4BBCE94E609CC7842B89B23CBA7916CCCDAF38EF21D42F5DAE5340A2408792017393AE288AF34E248214770CE7DD63FD31D99A3585F200D444544494E4B303130303030317F4C10060B2B0601040181C31F0301015301805F25060105010002065F24060203010002055F37406D599B539CA77221D1A133BEDCAF0DE1CC102680D50E1D5960070A3DB9E31F128075C22B2CC194857A4D6490DE00B2AE1FF2C39262A8BC4EA4E5394CC129D0BA
  CKA_CERTIFICATE_TYPE = 2147483649 [0x80000001]
  CKA_CERTIFICATE_CATEGORY = 2 [0x2]
  CKA_TRUSTED = TRUE [1]
  CKA_MODIFIABLE = FALSE [0]
  CKA_CVC_INNER_CAR = 4445535243414343313030303031 "DESRCACC100001"
  CKA_CVC_CHR = 444544494E4B30313030303031 "DEDINK0100001"
  CKA_CVC_CED = 010501000206
  CKA_CVC_CXD = 020301000205
  CKA_CVC_CHAT = 060B2B0601040181C31F030101530180
Calling C_FindObjects - CKR_OK : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
  CKA_CLASS = 1 [0x1]
  CKA_TOKEN = TRUE [1]
  CKA_PRIVATE = FALSE [0]
  CKA_LABEL = 4B65793031 "Key01"
  CKA_VALUE = 308202F3308201DBA003020102020900B327AEAB3198E5B6300D06092A864886F70D01010B05003010310E300C06035504030C055465737431301E170D3230313031333037333630395A170D3231313031333037333630395A3010310E300C06035504030C05546573743130820122300D06092A864886F70D01010105000382010F003082010A0282010100CB7272C9E0C4079B95E7EB08CCCA814985945EC7922C0B5E75BE953D77003CF7707835ACCDB988F996E399EF1CE4699272BCEDF4B7A4B6362B4EB6956454652535016C945C44E0A0D7297B2BBF13B8906AD835E504FEBFDD82B1A38CA1783DE1A1FB33816CFE41456DD27A53735285D4B43F12F6A54380234A6185689102FA15E86D45A7E7B985633D1F1D68D7AB31290BD6CE09553623D791E8EF125F5F4D568846F1820EF4A3AFDFF6FA31135F4C8BE5CBAA73703043C2A6C5C8132CF32B22D771321B263DF2735AE8A99755D9E6EA10D54465DAF829F19D5E48E6A40E28C2C610FCF2242CE5F273E9197E2A9E46BA38168E4B80DD7F45AADD95FF12F89D4D0203010001A350304E301D0603551D0E0416041442118753D8E9CE35C88AEB9AF9A8EDE09E3E38B1301F0603551D2304183016801442118753D8E9CE35C88AEB9AF9A8EDE09E3E38B1300C0603551D13040530030101FF300D06092A864886F70D01010B050003820101008E930085D24F3FDA8B4CF29E6AD9DF7451B61A48816EC01860A0CDC1700A263F0F6B15F0BC6B86AA75A146E4C74F38206DAB335F8656994EA8384BF26F13B722ECDD5CDCB8056C7ED700A27FCFCEEDCC82F8032D50FBF93F0344F43949EF74F19DD0058FE7EB779DB040B8284C694D6928518A4B67FF75562EC8B4434195D971A6BA46D26039808A3244FAE3F010E3414ABFC64C4C7253CCB25B4429436677AC77A5B8813EA4EE4B284A5E871BDB3A231EB6EBB6F5A8D42F427EA13BCA1CFDB83F27EC6A0B47EF6C26C564A818F784CBC6629E1B3A0EA15970DAEC9198ACB0C85E129432276BC4D8FF77AD67486A51F7B6BF1EC116F9F728A998D31987B8472D
  CKA_CERTIFICATE_TYPE = 0 [0x0]
  CKA_CERTIFICATE_CATEGORY = 1 [0x1]
  CKA_ISSUER = 3010310E300C06035504030C055465737431
  CKA_SERIAL_NUMBER = 020900B327AEAB3198E5B6
  CKA_TRUSTED = FALSE [0]
  CKA_SUBJECT = 3010310E300C06035504030C055465737431
  CKA_ID = 01
  CKA_MODIFIABLE = TRUE [1]
Calling C_FindObjects - CKR_OK : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
  CKA_CLASS = 2 [0x2]
  CKA_TOKEN = TRUE [1]
  CKA_PRIVATE = FALSE [0]
  CKA_LABEL = 4B65793031 "Key01"
  CKA_TRUSTED = FALSE [0]
  CKA_KEY_TYPE = CKK_RSA
  CKA_ID = 01
  CKA_ENCRYPT = TRUE [1]
  CKA_WRAP = FALSE [0]
  CKA_VERIFY = TRUE [1]
  CKA_VERIFY_RECOVER = TRUE [1]
  CKA_DERIVE = FALSE [0]
  CKA_MODULUS = CB7272C9E0C4079B95E7EB08CCCA814985945EC7922C0B5E75BE953D77003CF7707835ACCDB988F996E399EF1CE4699272BCEDF4B7A4B6362B4EB6956454652535016C945C44E0A0D7297B2BBF13B8906AD835E504FEBFDD82B1A38CA1783DE1A1FB33816CFE41456DD27A53735285D4B43F12F6A54380234A6185689102FA15E86D45A7E7B985633D1F1D68D7AB31290BD6CE09553623D791E8EF125F5F4D568846F1820EF4A3AFDFF6FA31135F4C8BE5CBAA73703043C2A6C5C8132CF32B22D771321B263DF2735AE8A99755D9E6EA10D54465DAF829F19D5E48E6A40E28C2C610FCF2242CE5F273E9197E2A9E46BA38168E4B80DD7F45AADD95FF12F89D4D
  CKA_MODULUS_BITS = 2048 [0x800]
  CKA_PUBLIC_EXPONENT = 010001
  CKA_LOCAL = TRUE [1]
  CKA_KEY_GEN_MECHANISM = -1 [0xFFFFFFFF]
  CKA_MODIFIABLE = TRUE [1]
Calling C_FindObjects - CKR_OK : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
Calling C_GetAttributeValue - CKR_ATTRIBUTE_TYPE_INVALID : Passed
  CKA_CLASS = 3 [0x3]
  CKA_TOKEN = TRUE [1]
  CKA_PRIVATE = TRUE [1]
  CKA_LABEL = 4B65793031 "Key01"
  CKA_KEY_TYPE = CKK_RSA
  CKA_ID = 01
  CKA_SENSITIVE = TRUE [1]
  CKA_DECRYPT = TRUE [1]
  CKA_UNWRAP = FALSE [0]
  CKA_SIGN = TRUE [1]
  CKA_SIGN_RECOVER = TRUE [1]
  CKA_DERIVE = FALSE [0]
  CKA_MODULUS = CB7272C9E0C4079B95E7EB08CCCA814985945EC7922C0B5E75BE953D77003CF7707835ACCDB988F996E399EF1CE4699272BCEDF4B7A4B6362B4EB6956454652535016C945C44E0A0D7297B2BBF13B8906AD835E504FEBFDD82B1A38CA1783DE1A1FB33816CFE41456DD27A53735285D4B43F12F6A54380234A6185689102FA15E86D45A7E7B985633D1F1D68D7AB31290BD6CE09553623D791E8EF125F5F4D568846F1820EF4A3AFDFF6FA31135F4C8BE5CBAA73703043C2A6C5C8132CF32B22D771321B263DF2735AE8A99755D9E6EA10D54465DAF829F19D5E48E6A40E28C2C610FCF2242CE5F273E9197E2A9E46BA38168E4B80DD7F45AADD95FF12F89D4D
  CKA_PUBLIC_EXPONENT = 010001
  CKA_EXTRACTABLE = FALSE [0]
  CKA_LOCAL = TRUE [1]
  CKA_NEVER_EXTRACTABLE = TRUE [1]
  CKA_ALWAYS_SENSITIVE = TRUE [1]
  CKA_KEY_GEN_MECHANISM = 0 [0x0]
  CKA_MODIFIABLE = TRUE [1]
  CKA_ALWAYS_AUTHENTICATE = FALSE [0]
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Calling C_GenerateRandom(1) - CKR_OK : Passed
Calling C_GenerateRandom(4096) - CKR_OK : Passed
C_OpenSession (Thread 0, Slot=1) 7 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Closing Session 7
C_OpenSession (Thread 0, Slot=1) 8 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling findObject (Thread 0, Session 8, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_GetAttributeValue (Thread 0, Session 8, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 8, Slot=1) - CKR_OK : Passed
C_Sign (Thread 0, Session 8, Slot=1) - CKR_OK : Passed
Signature size = 256
C_Sign (Thread 0, Session 8, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_Sign (Thread 0, Session 8, Slot=1) - CKR_OK : Passed
Signature:
7AEA8B13CC1D8854EDC3DF95F3AC600643384959F5060BA2CA1F06F53C88FB2825480DD0C65253929C58C451F53CB1A6B4B15276F7A9D61E785993A4FEC361C20F840B8F19262F8BDECA38C6DB364595665BF8EA0F59CE6D0509909720D18513268A72ADB5F0382E583FD9DC41AC64044330BB08F50091EC0A8A332E57076180FB65C615A1BD46D46AAE684789C4FE1C401C820CA1AEFBE0E8D65FA031BD65ABE5C6800B3BC8835B528D12404AB88E5740B716126A4FB94FD5BED6A9989F7524E87BD7B37EC2773112757F90601A0803EECF71DC508BB111CC86A0BB8342293F1046A394F3E7F4562B81F61CBE26F8C60A8D2D91B0DC83E3691DC5AD5A05F642
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_FindObject for public key (Thread 0, Session 8, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 8, Slot=1) - Multipart - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 8, Slot=1 - Part #1) - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 8, Slot=1 - Part #2) - CKR_OK : Passed
C_SignFinal (Thread 0, Session 8, Slot=1) - CKR_OK : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 8, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 8, Slot=1) - CKR_OK : Passed
Signature:
7AEA8B13CC1D8854EDC3DF95F3AC600643384959F5060BA2CA1F06F53C88FB2825480DD0C65253929C58C451F53CB1A6B4B15276F7A9D61E785993A4FEC361C20F840B8F19262F8BDECA38C6DB364595665BF8EA0F59CE6D0509909720D18513268A72ADB5F0382E583FD9DC41AC64044330BB08F50091EC0A8A332E57076180FB65C615A1BD46D46AAE684789C4FE1C401C820CA1AEFBE0E8D65FA031BD65ABE5C6800B3BC8835B528D12404AB88E5740B716126A4FB94FD5BED6A9989F7524E87BD7B37EC2773112757F90601A0803EECF71DC508BB111CC86A0BB8342293F1046A394F3E7F4562B81F61CBE26F8C60A8D2D91B0DC83E3691DC5AD5A05F642
Calling findObject (Thread 0, Session 8, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Key 1 not found (Thread 0, Session 8, Slot=1)
Closing Session 8
C_OpenSession (Thread 0, Slot=1) 9 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling findObject (Thread 0, Session 9, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_GetAttributeValue (Thread 0, Session 9, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 9, Slot=1) - CKR_OK : Passed
C_Sign (Thread 0, Session 9, Slot=1) - CKR_OK : Passed
Signature size = 256
C_Sign (Thread 0, Session 9, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_Sign (Thread 0, Session 9, Slot=1) - CKR_OK : Passed
Signature:
AB52507F6E5EB4E00965308EAE068E77F6E692AF6703F7860740F8C36122407A03F79F9659CB351BA556AD49333D8F544D817B6C7BB475DDF6F1B60CE4946D7CC59D513893FDA92976371BC6BF5394BA90953CDCB3C11D11E9BF244EE4C87D7AC4CB6F8CDC007B2E30FAC7459A54ED6EAE288111127C5CBC1D79544016292CA6275440455F2DAAB799DEF363085D0D408A44FD4887C53B9910B3C0591CABD1C7701A29AFAEFBB69FA759E2481FA752B5FE418E066E346C1A98A8B24D3878260D2F2D73DD80D4B56FEC8F798982432532827E0B73EA51BF97EE78B35F1D9B7A5374DD2C049EB617923F99E481AC4B9266213104DF01E5BB7A4884D1D27DF35925
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_FindObject for public key (Thread 0, Session 9, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 9, Slot=1) - Multipart - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 9, Slot=1 - Part #1) - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 9, Slot=1 - Part #2) - CKR_OK : Passed
C_SignFinal (Thread 0, Session 9, Slot=1) - CKR_OK : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 9, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 9, Slot=1) - CKR_OK : Passed
Signature:
2CE80A70AA24B4E887F17C9D05283F59F6C3888FD0B736D6B891AB7DF1FA5CD9AB9C9777C4C5166446252DDABAEB5D3F9C555D6C5EFD1255B0CF4517FE7C800075B8B03C50D308402F591D334DC091A27FB6EEB6EF817C0657122A1B82E02BF8E820ABD46F03F2715FF88BF8A115A1B8CD577D88F9018204C41ECC4247488353D0BBEA0AF095095F7C915C3755A08A558BC610A8B518A8179230E599E753C511E5516E39782D8D8DE4DC1DEC22B144B536DD6D8A34EA217B7B56B1F0AFEFAD8594EDD1CA8DEAEC949DF9CF5123A081C16357A6256FB3FC9B5691C38E69C750B8D473CA4DAD8635E70FEE931D099C9EE867AA09EC5B4D83BD87E58BD17F4D498B
Calling findObject (Thread 0, Session 9, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Key 1 not found (Thread 0, Session 9, Slot=1)
Closing Session 9
C_OpenSession (Thread 0, Slot=1) 10 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling findObject (Thread 0, Session 10, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_GetAttributeValue (Thread 0, Session 10, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 10, Slot=1) - CKR_OK : Passed
C_Sign (Thread 0, Session 10, Slot=1) - CKR_OK : Passed
Signature size = 256
C_Sign (Thread 0, Session 10, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_Sign (Thread 0, Session 10, Slot=1) - CKR_OK : Passed
Signature:
7768360A84E9019CFD4C25604132D36E67A1D7913A92DFECECD862C5EFC26871638C1031E7A55B9083FA0F29193F467B0B35F5F5440A0C0142CBF607DFDE9DB08387397C26835ECE22B2DECCAE5AA11D1CA0DE7B00D23C2314BA166CAEAEED23D046CFA2F49F84F5481E8D262F7ED563EDFA542ED533658BB3C9A9F1A673E338F5A8457C20F0B0C463578BE8058841DC1B9D39140EAD724F7C2283AD23BE99CACD8A0F5D85960FE7874BF88B29484C721036644948E43C2DE25D85BF44F38BA2BC3D2AB8E125C8F2024B6DDD45BA069C7FBD2CFF76DBC22764FEC02E1B13B57AF68AEA950EEF57F220C1886E958BF21BBAC498B7209107B15FE1362EE5189394
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_FindObject for public key (Thread 0, Session 10, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 10, Slot=1) - Multipart - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 10, Slot=1 - Part #1) - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 10, Slot=1 - Part #2) - CKR_OK : Passed
C_SignFinal (Thread 0, Session 10, Slot=1) - CKR_OK : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 10, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 10, Slot=1) - CKR_OK : Passed
Signature:
7768360A84E9019CFD4C25604132D36E67A1D7913A92DFECECD862C5EFC26871638C1031E7A55B9083FA0F29193F467B0B35F5F5440A0C0142CBF607DFDE9DB08387397C26835ECE22B2DECCAE5AA11D1CA0DE7B00D23C2314BA166CAEAEED23D046CFA2F49F84F5481E8D262F7ED563EDFA542ED533658BB3C9A9F1A673E338F5A8457C20F0B0C463578BE8058841DC1B9D39140EAD724F7C2283AD23BE99CACD8A0F5D85960FE7874BF88B29484C721036644948E43C2DE25D85BF44F38BA2BC3D2AB8E125C8F2024B6DDD45BA069C7FBD2CFF76DBC22764FEC02E1B13B57AF68AEA950EEF57F220C1886E958BF21BBAC498B7209107B15FE1362EE5189394
Calling findObject (Thread 0, Session 10, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Key 1 not found (Thread 0, Session 10, Slot=1)
Closing Session 10
C_OpenSession (Thread 0, Slot=1) 11 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling findObject (Thread 0, Session 11, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_GetAttributeValue (Thread 0, Session 11, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 11, Slot=1) - CKR_OK : Passed
C_Sign (Thread 0, Session 11, Slot=1) - CKR_OK : Passed
Signature size = 256
C_Sign (Thread 0, Session 11, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_Sign (Thread 0, Session 11, Slot=1) - CKR_OK : Passed
Signature:
AC182FA088414A6CEBC76A28D5636F2E02D23D5E514C5AA5536267283D2214EE626101A292FFF9585F097A72FA2193684A83FE683E5099C178E19D5260C657ABC37F20F67A8CE3946B7920F068082A2A1E7467E81908C476CC37E2F31A49309B2C7730E9C1829FEBED20C17DBF8153B5C8D0E5C99DED1EFCA10390354C396574753C112223A5E08AE07672266515714CA9E36B3104EF0401FF0925101E54A814649FA8835BBD1695E6573AEACD7E7A5B85BE52E180B5818A5358EEAD6A137E2C8C27C9AD4063EBDD8BD598F8E0DFE6944F5DEF48787F8C12C384796BDE48F28B1DC615915E52CCAE6503943D7EA14DAC8C39AB502BC48A2B19FA17E2AB458CFC
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_FindObject for public key (Thread 0, Session 11, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 11, Slot=1) - Multipart - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 11, Slot=1 - Part #1) - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 11, Slot=1 - Part #2) - CKR_OK : Passed
C_SignFinal (Thread 0, Session 11, Slot=1) - CKR_OK : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 11, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 11, Slot=1) - CKR_OK : Passed
Signature:
7DBBEE788374C8CD0A754CA78DB6D3446C46CFD44EA4A81784F682A0DC06B1C17C78E00B639DC0CB20D9BEBDC90FB79A0788B7733E8C954E97A1D922589DE726BBB503C648F91FEC21709D980E4A8B60C7AE0542A58DD5008E20DEFEC71F28D9BAA547B29D66622946620DFC024FA66C26DC4C5B4CA0E75A1C4C1D4D2A2EFC88AAA15C94CFAA3D62644F7481CECB8291EB8A39501AF0E81ED3296A461F28A25C8D514AAA624664DD60EB130370891E0B4D86D492E58A84BB3FFA9F94E40C851B092D7803D11BBDC5251BD3EF945220D88C5482F98842408F1D904EF605B46989CC2B58F3C3F7AC7B2C961CD556286D763A655BB31A6583D421D2C6B93A5DDC78
Calling findObject (Thread 0, Session 11, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Key 1 not found (Thread 0, Session 11, Slot=1)
Closing Session 11
C_OpenSession (Thread 0, Slot=1) 12 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling findObject (Thread 0, Session 12, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_GetAttributeValue (Thread 0, Session 12, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 12, Slot=1) - CKR_OK : Passed
C_Sign (Thread 0, Session 12, Slot=1) - CKR_OK : Passed
Signature size = 256
C_Sign (Thread 0, Session 12, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_Sign (Thread 0, Session 12, Slot=1) - CKR_OK : Passed
Signature:
20B63D6459995DB3BD10C55E9C26F1F0CE69FBD858A59F20B0D6CFCD045D1BDA045DED71C6612A4F195A43957115AE810DDB33F99B934DC9836070748E03EE033E4DB47D21EF9A8B763AAB3162FA6389D9EBAD5FC846E9662674EB547834F845B4B083B37ECCF3A358F963DC21B3435232231FC36A18C8B1F38F9EADA4C44A4597A5D4BE9C17626D47ED4ECD8841498D781E3E946B2B2D50B0BDF91D260E413A320B4A8735238ADEC62F83AFCA7AA99BC1AE3BB908010DBE025B4CBFCB564A875B4FB807E0B125EE91E60E7BA11EFCF90BF2293C0BBA642646379B78945AD029EE641FF9F3D148A05A6284A8FCFFD326EC211304FBD58BB493311ACF8A2B1C6C
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_FindObject for public key (Thread 0, Session 12, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 12, Slot=1) - Multipart - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 12, Slot=1 - Part #1) - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 12, Slot=1 - Part #2) - CKR_OK : Passed
C_SignFinal (Thread 0, Session 12, Slot=1) - CKR_OK : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 12, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 12, Slot=1) - CKR_OK : Passed
Signature:
3301BD6B70AED761E3BEB63811CE329263C9FD2B8B2009E17DFC1DB7646236A10255138BE51A20F8FF9847389A0F23B645DD24F75902BEC2C632398ED6018A655F9BB6C036077FAC455EAA195DEAC9C7860ACAF04B4B3E72A4D2C20E485A65878B3CACCE3591F9570571EC7DA7591F8D0FF1260355C990FD2F34A827ADFF46B9191A3F831D1FA490306BA5944026DC8B40D6BFA8A60FCE9E01CB086232196282E626DEC4DB0015CC5B1AD81470092E1E44FE7673D26E299850AB10AF366D80F979F6862082C126DD8181AF1AB21AEC47FF065434DF92BB6563C1B4CAFB6675F7D94CE2B9A9B47575BB5D60C505296B9469305510493ADAF63EB596319E0321AD
Calling findObject (Thread 0, Session 12, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Key 1 not found (Thread 0, Session 12, Slot=1)
Closing Session 12
C_OpenSession (Thread 0, Slot=1) 13 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling findObject (Thread 0, Session 13, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_GetAttributeValue (Thread 0, Session 13, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 13, Slot=1) - CKR_OK : Passed
C_Sign (Thread 0, Session 13, Slot=1) - CKR_OK : Passed
Signature size = 256
C_Sign (Thread 0, Session 13, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_Sign (Thread 0, Session 13, Slot=1) - CKR_OK : Passed
Signature:
B0E21899E9676F72DB4EA55DE8B0D41BA0986513171F6229C3B9E2B5B638BFB223AD04CCE5488146D50106887D01F17A0C6F52958EC4DFAB1EE52B161FBE9D38995D462FBC2B582FF924EF67FEAA7FC58662A6EE33ED1CDD853F8E57DCCF0984BA176F5E43B135B5D7A54DEBAD1BD1A914BA9B96B3EF3E454D520D95E8DD7D53849E0ACC8DFAF048306AC93BD8D1A86C8D64AA48AFED7289FD692DCD5DD73118652F71F0A95D7EF27FE121B0BD2C365F904F644B5F66B8CE6F06DD4C7D324BD37C5A531FEDE4C81747C0B5921F3D84611318FF30F0CBC248C4B67B92472BDDAA2E08F29A9191726DA2F1C3B05A806EE3E87E07ED2F743FCD8B9F8122B795CCB9
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
C_FindObject for public key (Thread 0, Session 13, Slot=1) - CKR_OK : Passed
C_SignInit (Thread 0, Session 13, Slot=1) - Multipart - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 13, Slot=1 - Part #1) - CKR_OK : Passed
C_SignUpdate (Thread 0, Session 13, Slot=1 - Part #2) - CKR_OK : Passed
C_SignFinal (Thread 0, Session 13, Slot=1) - CKR_OK : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 13, Slot=1) - CKR_BUFFER_TOO_SMALL : Passed
Signature size = 256
C_SignFinal (Thread 0, Session 13, Slot=1) - CKR_OK : Passed
Signature:
ADD0BF869A00C72D74A9831B41A685DE4FBE490E646D501D12B2056724AFD43C6E6476C0453F1B94EC767607C01705F03F89B0D58AD3CB065BB2058C7EEDDC73B699E914B23133D2DF5380D35305A90604D0217262BD37B0E07310F168332311EA6B0C03FD81C04E32BB2B8584F1A2FA51589FDE902CDD780D66A818E9D9E36051F6C45F4E24AB1FCAEAC57A0C0233C2AFCB24CF5C404A4BE8C88A37FFF8D3ACE1F9145B16D45FB43B8051DA3EEEE30B3613CE5B23B75F43DE13C26F6AD829F3BD1165308AB09DACBCBB224B4CC3F794299180934A4EFC0A79E0BD8D38CE77AC9C66939BD77E51A8705AA5057B4700860D14E18B342403798A664C600908B333
Calling findObject (Thread 0, Session 13, Slot=1)
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Key 1 not found (Thread 0, Session 13, Slot=1)
Closing Session 13
C_OpenSession (Thread 0, Slot=1) 14 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Closing Session 14
C_OpenSession (Thread 0, Slot=1) 15 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Closing Session 15
C_OpenSession (Thread 0, Slot=1) 16 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Closing Session 16
C_OpenSession (Thread 0, Slot=1) 17 - CKR_OK : Passed
C_Login User (Thread 0, Slot=1) - CKR_USER_ALREADY_LOGGED_IN : Passed
Calling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
Closing Session 17
Calling C_CloseSession - CKR_OK : Passed
Calling C_Finalize - CKR_OK : Passed
Unit test finished.
251 tests performed.
7 tests failed.

Command exit status: 1
Script done on Wed Oct 21 20:59:09 2020

Add support for OS X

Add OS X as runtime environment for pkcs#11 module

Add write support

Add write support to generate keys and store certificates

Add CSP-Minidriver for Windows

Add a CSP-Minidriver.

Port sc-hsm-tool from OpenSC

Port the sc-hsm-tool from OpenSC to sc-hsm-embedded.

Microsoft CSP-Minidriver

Can the Mini-drrver be built such that it calls another PKC#11 library - or is it set up so that it has to call the inbuilt PKCS#11 library?

miniscule issue: missing dependency check for pcsclite

Neither autoreconf -fi nor ./configure notice when libpcsclite is missing. make fails in the middle later when the header files aren't found.
Installing libpcsclite-dev.deb solves this issue. That can be deduced; but it's cleaner when all dependencies get checked before make, and missing ones explicitly named.
I'd set this at low priority - just writing it down so it doesn't get lost entirely.

Import Key from another HSM to SC-HSM (WRAP/UNWRAP)

Hi,
I have some RSA keys in SoftHSM and SafeNet HSM, and I would like to import them to SC-HSM.
Usually, I should be able to export "WRAP" them under another 3DES transport key (secret key) and then, Import "UN-WRAP" them to any other HSM, but I am not sure that I can do this with SC-HSM, any suggestion?

Supporting 3DES and DES

Hi,
I believe that the SC-HSM does not support the DES/3DES operation, correct?
I think it only supports the following mechanism:
CKM_SHA_1
CKM_SHA256
CKM_SHA384
CKM_SHA512
CKM_MD5
CKM_RIPEMD160
CKM_GOSTR3411
CKM_ECDSA
CKM_ECDSA_SHA1
CKM_ECDH1_COFACTOR_DERIVE
CKM_ECDH1_DERIVE
CKM_ECDSA_KEY_PAIR_GEN
CKM_RSA_X_509
CKM_RSA_PKCS
CKM_SHA1_RSA_PKCS
CKM_SHA256_RSA_PKCS
CKM_SHA384_RSA_PKCS
CKM_SHA512_RSA_PKCS
CKM_MD5_RSA_PKCS
CKM_RIPEMD160_RSA_PKCS
CKM_RSA_PKCS_KEY_PAIR_GEN
I am using it to personalize Java card, and I need to calculate the session keys using the DES/3DES Key Key Derivation mechanism Any suggestion?

Module returns wrong CKR if private operation not allowed for key on Starcos

Returns CKR_DEVICE_ERROR if signing operation not supported.
Returns CKR_ENCRYPTED_DATA_INVALID if decryption operation not supported.

Should return CKR_KEY_FUNCTION_NOT_PERMITTED if card returns SW1/SW2=6A81.

Not able to get CKA_VALUE with C_GetAttributeValue of a Secret Key

Hi,

I'm trying to extract the value of an AES Key, which is set to be extractable, via C_GetAttributeValue. However, I get as a return CKR_ATTRIBUTE_TYPE_INVALID which should not be happen since acording to the PKCS#11 specifications concerning the AES secret key object, the CKA_VALUE attribute should contain the key value. Since I can use the key to encrypt data it has to have a value.

I tested my code with the SoftHSMv2 and there I'm able to extract the key value.

Library returns supported key size wrong

According to the PKCS#11 v. 2.4 specs the length of supported keys for AES mechanisms should be in Bytes. The library returns the length in Bits.

$ pkcs11-tool --module ~/Development/sc-hsm-embedded/src/pkcs11/.libs/libsc-hsm-pkcs11.so -M
Using slot 0 with a present token (0x1)
Supported mechanisms:
  // [...]
  AES-CBC, keySize={128,256}, hw, encrypt, decrypt
  AES-CMAC, keySize={128,256}, hw, sign
  // [...]
  AES-KEY-GEN, keySize={128,256}, hw, generate
  // [...]

https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html#_Toc441755753 (3.5 Data types for mechanisms) states that length unit (Bits or Bytes) is mechanism dependent and http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html#_Toc416960049 (2.8.2 AES secret key objects) states that the AES secret key length should be specified in Bytes

Duplicate slot ids when using PKCS11_PREALLOCATE_VIRTUAL_SLOTS

When pre-allocating slots with PKCS11_PREALLOCATE_VIRTUAL_SLOTS duplicate slot id are generated, causing duplicate reader names in the list of slots shown with pkcs11-tool -L

Unable to install sc-hsm-driver-x64 in Windows 10

Hi,
I am not able to install sc-hsm-driver-x64, it gives me an error failed to install the driver.
using the certutil -scinfo I able to test the certification and it recognized by the windows, and XCA is fully function and able to recognize the token as well.
if try to use IE to login to https://devnet.cardcontact.de/ the IE recognize the certification and it gives me choice, to select the reader however it display that Identiv uTrust 3522 embd SE Token, the smart card required drivers that are not present in this system.
I also install the Firefox and I try to add the security device, and I am trying to select the c:\WINDOWS\System32\opensc-pkcs11.dll but is not shown in the folder to add in Firefox wizard, even I check myself in the System32 and both opensc-minidriver.dll and opensc-pkcs11.dll are there in the folder.
The windows regedit indicate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\SmartCard-HSM-CL and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\SmartCard-HSM is correctly register.
Regards,
Amr

sc-hsm-pkcs11-test: "Find a private key after login" test failure on an empty token

As of 4f26f20 I get the following running the tests on an freshly initialized Nitrokey HSM 2:

Script started on Sat Jan 28 11:55:01 2023
Command: ./src/tests/sc-hsm-pkcs11-test --module src/pkcs11/.libs/libsc-hsm-pkcs11.so
 --pin 000000 --invasive
PKCS11 unit test running.

and then:

Find a private key after loginCalling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
- CKR_ARGUMENTS_BAD : Failed

Quick analysis:

At the time the testLogin()

sc-hsm-embedded/src/tests/sc-hsm-pkcs11-test.c

Line 2833 in 4f26f20

testLogin(p11, session);

is run, there is no private key on the token at all.

If I run the following sequence instead:

radziecki> sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 000000                                                                
Using reader with a card: Nitrokey Nitrokey HSM (DENK01045710000         ) 00 00
radziecki> /usr/local/bin/pkcs11-tool -l -p 000000 --module ./src/pkcs11/.libs/libsc-hsm-pkcs11.so --keypairgen --key-type rsa:1024 --id 10                                   
Using slot 0 with a present token (0x1)
Key pair generated:
Private Key Object; RSA 
  label:      
  ID:         10
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; RSA 1024 bits
  label:      
  ID:         10
  Usage:      encrypt, verify
  Access:     local
radziecki> ./src/tests/sc-hsm-pkcs11-test --module src/pkcs11/.libs/libsc-hsm-pkcs11.so --pin 000000 --invasive                           PKCS11 unit test running.           
Calling C_GetFunctionList Calling C_Initialize - CKR_OK : Passed
Calling C_GetInfo - CKR_OK : Passed
Calling C_GetSlotList - CKR_OK : Passed
Calling C_GetSlotInfo for slot 1 - CKR_OK : Passed
Slot manufacturer: CardContact
Slot ID : Slot description: 1 : Nitrokey Nitrokey HSM (DENK01045710000         ) 00 00
Slot flags: 7
Calling C_GetTokenInfo - CKR_OK : Passed
...

then I finally get

Unit test finished.
455 tests performed.
0 tests failed.

Identive SCT3522CC [CCID Interface] token not utilized on Linux (neither OpenSC or Smart Card Shell can utilize it)

I got this token:

https://www.cardomatic.de/en/p/utrust-token-pro

in fact, four of it. The token (with idVendor=04e6 and idProduct=5817) is recognized by the PCSC Lite properly. As suggested, I also applied the script:

https://github.com/CardContact/sc-hsm-embedded/blob/master/etc/add-sc-hsm-usb-id.sh

to upgrade the PCSC Lite drivers' database to the most recent one that supports the token, but it appears that database was already up-to-date (pcsc-lite-1.9.4-1.el9.x86_64 package, officially bundled and packaged by Red Hat for Red Hat Enterprise Linux 9). The OpenSC package (opensc-0.23.0) cannot recognize the token:

$ pkcs15-tool -T
Using reader with a card: Identive SCT3522CC token [CCID Interface] (55521904600919) 00 00
Failed to connect to card: Card is invalid or cannot be handled

$ pkcs11-tool -L
Available slots:
Slot 0 (0x0): Identive SCT3522CC token [CCID Interface] (55521904600919) 00 00
  (token not recognized)

I compiled OpenSC 0.24.0 and tried with that version. The result displayed by running pkcs15-tool and pkcs11-tool repeats what is shown above. No improvement.

The Smart Card Shell (latest) cannot recognize that token either:

>_scsh3.setProperty("reader","Identive SCT3522CC token [CCID Interface] (55521904600919) 00 00");
>load("keymanager/keymanager.js");
GPError: Card (CARD_INVALID_SW/27270) - "Unexpected SW1/SW2=6A86 (Checking error: Incorrect P1-P2) received" in /home/vesso/CardContact/scsh3/scsh/sc-hsm/SmartCardHSM.js#1436
    at /home/vesso/CardContact/scsh3/scsh/sc-hsm/SmartCardHSM.js#1436
    at /home/vesso/CardContact/scsh3/scsh/sc-hsm/SmartCardHSM.js#94
    at /home/vesso/CardContact/scsh3/keymanager/keymanager.js#198
    at /home/vesso/CardContact/scsh3/keymanager/keymanager.js#42
    at /home/vesso/CardContact/scsh3/keymanager/keymanager.js#2457

>

The PKI-as-a-service portal at https://www.pki-as-a-service.net also cannot recognize the token:

"The card in your reader or the attached USB-Token is not a valid SmartCard-HSM."

Note that at the same time all tools and platforms mentioned perfectly recognize and work with Identiv uTrust 3512 SAM slot Token [CCID Interface] (idVendor=04e6, idProduct=5816).

So the question is how can one utilize Identive SCT3522CC [CCID Interface] tokens on Linux?

Path issue with sc-hsm-pkcs11-test in mac package

Using the TLS 1.3 release, installed using the standard package. The PKCS11 unit test appears to expect to use the linux .so file, rather than the mac dylib.

mistial@Mistials-MacBook-Pro lib % cd /Library/sc-hsm-pkcs11/bin
mistial@Mistials-MacBook-Pro bin % ./sc-hsm-pkcs11-test 
PKCS11 unit test running.
dlopen failed with dlopen(/usr/local/lib/libsc-hsm-pkcs11.so, 0x0002): tried: '/usr/local/lib/libsc-hsm-pkcs11.so' (no such file), '/usr/lib/libsc-hsm-pkcs11.so' (no such file)
mistial@Mistials-MacBook-Pro bin %

CKF_PROTECTED_AUTHENTICATION_PATH not indicated in virtual slots

When using a PINPAD reader and PKCS11_PREALLOCATE_VIRTUAL_SLOTS, then the PINPAD indicator is not properly propagated to virtual slots:

asc@calzone:~/projects/sc-hsm-embedded/src/pkcs11/.libs$ PKCS11_PREALLOCATE_VIRTUAL_SLOTS=2 pkcs11-tool --module /usr/local/lib/libsc-hsm-pkcs11.so -L
Available slots:
Slot 0 (0x1): REINER SCT cyberJack RFID komfort (5968333780) 00 00
token label : STARCOS.eUserPKI
token manufacturer : Giesecke & Devrient
token model : 3.5ID ECC C1 BNK
token flags : readonly, login required, PIN initialized, PIN pad present, token initialized
hardware version : 0.0
firmware version : 3.5
serial num :
Slot 1 (0x2): REINER SCT cyberJack RFID komfort (5968333780) 00 00.2
token label : STARCOS.QES1
token manufacturer : Giesecke & Devrient
token model : 3.5ID ECC C1 BNK
token flags : readonly, login required, PIN initialized, token initialized
hardware version : 0.0
firmware version : 3.5
serial num :
Slot 2 (0x3): REINER SCT cyberJack RFID komfort (5968333780) 00 00.3
token label : STARCOS.QES2
token manufacturer : Giesecke & Devrient
token model : 3.5ID ECC C1 BNK
token flags : readonly, login required, PIN initialized, token initialized
hardware version : 0.0
firmware version : 3.5
serial num :

The issue exists because PKCS11_PREALLOCATE_VIRTUAL_SLOTS creates virtual slots before SCardConnect and thus before the readers PINPAD capability is queried.

When creating virtual slots, the data from the primary slot is copied (thus usually preserving the PINPAD flag).

Porting the smart cards to opensc?

Do you think it might be possible to port the smart cards supported here (StarCos 3.5) to opensc?
OpenSC/OpenSC#1054

Thanks for considering

Key Usage Limit missing

I bought just recently Nitrokey HSM2 and I wanted to validate a few things on it. I wanted to create a keypair with Key usage limit over pcks11 but that didnt work. I have looked up attributes to use from here: https://github.com/CardContact/sc-hsm-embedded/blob/master/src/sc-hsm/sc-hsm-pkcs11.h. I was able to create a key but couldn't set the key use limit. I then tried using scsh3 and modified keymanager.js to input key limit and it worked.
I was able to see it in scsh3 and also after performing more signing operations than specified limit I was getting errors.

I then wrote a script to dump every attribute from objects using pkcs11js library and this is what im getting:

##################################### [ C.DevAut ] #####################################

Listing Attributes: 

Attribute: 0 <Buffer 01 00 00 00 00 00 00 00>
Attribute: 1 <Buffer 01>
Attribute: 2 <Buffer 00>
Attribute: 3 <Buffer 43 2e 44 65 76 41 75 74>
Attribute: 11 <Buffer 7f 21 81 e4 7f 4e 81 9d 5f 29 01 00 42 0d 44 45 44 49 4e 4b 30 31 30 30 30 30 31 7f 49 4f 06 0a 04 00 7f 00 07 02 02 02 02 03 86 41 04 65 f1 29 f5 b7 ... 182 more bytes>
Attribute: 80 <Buffer 01 00 00 80 00 00 00 00>
Attribute: 86 <Buffer 00>
Attribute: 87 <Buffer 01 00 00 00 00 00 00 00>
Attribute: 102 <Buffer >
Attribute: 170 <Buffer 00>
Attribute: 80000100 <Buffer 44 45 44 49 4e 4b 30 31 30 30 30 30 31>
Attribute: 80000102 <Buffer 44 45 4e 4b 30 31 30 34 34 34 39 30 30 30 30 30>
Attribute: 80000103 <Buffer 02 00 00 07 00 06>
Attribute: 80000104 <Buffer 02 03 01 00 02 05>
Attribute: 80000105 <Buffer 06 0b 2b 06 01 04 01 81 c3 1f 03 01 01 53 01 00>



##################################### [ C.DICA ] #####################################

Listing Attributes: 

Attribute: 0 <Buffer 01 00 00 00 00 00 00 00>
Attribute: 1 <Buffer 01>
Attribute: 2 <Buffer 00>
Attribute: 3 <Buffer 43 2e 44 49 43 41>
Attribute: 11 <Buffer 7f 21 81 e2 7f 4e 81 9b 5f 29 01 00 42 0e 44 45 53 52 43 41 43 43 31 30 30 30 30 31 7f 49 4f 06 0a 04 00 7f 00 07 02 02 02 02 03 86 41 04 9d 49 cd 08 ... 180 more bytes>
Attribute: 80 <Buffer 01 00 00 80 00 00 00 00>
Attribute: 86 <Buffer 01>
Attribute: 87 <Buffer 02 00 00 00 00 00 00 00>
Attribute: 102 <Buffer >
Attribute: 170 <Buffer 00>
Attribute: 80000100 <Buffer 44 45 53 52 43 41 43 43 31 30 30 30 30 31>
Attribute: 80000102 <Buffer 44 45 44 49 4e 4b 30 31 30 30 30 30 31>
Attribute: 80000103 <Buffer 01 05 01 00 02 06>
Attribute: 80000104 <Buffer 02 03 01 00 02 05>
Attribute: 80000105 <Buffer 06 0b 2b 06 01 04 01 81 c3 1f 03 01 01 53 01 80>



##################################### [ miot ] #####################################

Listing Attributes: 

Attribute: 0 <Buffer 02 00 00 00 00 00 00 00>
Attribute: 1 <Buffer 01>
Attribute: 2 <Buffer 00>
Attribute: 3 <Buffer 6d 69 6f 74>
Attribute: 86 <Buffer 00>
Attribute: 100 <Buffer 03 00 00 00 00 00 00 00>
Attribute: 101 <Buffer >
Attribute: 102 <Buffer 9a bb ae d4 39 5a 6e d9 ee c1 23 3a 42 50 84 33 12 2c bc 3b>
Attribute: 104 <Buffer 01>
Attribute: 106 <Buffer 00>
Attribute: 10a <Buffer 01>
Attribute: 10b <Buffer 01>
Attribute: 10c <Buffer 00>
Attribute: 110 <Buffer >
Attribute: 111 <Buffer >
Attribute: 163 <Buffer 01>
Attribute: 166 <Buffer ff ff ff ff ff ff ff ff>
Attribute: 170 <Buffer 01>
Attribute: 180 <Buffer 06 08 2a 86 48 ce 3d 03 01 07>
Attribute: 181 <Buffer 04 41 04 5e 68 7d d8 5c 7d 2a ec cc a6 15 a7 d3 14 38 fd 2a 6a a4 19 a9 d0 0d 54 e2 c8 18 d3 a2 88 dd 90 fb a0 ba 00 12 ed dd 8d 8f 1e c3 3e 3b 51 46 ... 17 more bytes>
Attribute: 80000110 <Buffer 67 82 01 ed 7f 21 82 01 93 7f 4e 82 01 4b 5f 29 01 00 42 10 44 45 4e 4b 30 31 30 34 34 34 39 30 30 30 30 30 7f 49 82 01 1d 06 0a 04 00 7f 00 07 02 02 ... 447 more bytes>



##################################### [ miot ] #####################################

Listing Attributes: 

Attribute: 0 <Buffer 03 00 00 00 00 00 00 00>
Attribute: 1 <Buffer 01>
Attribute: 2 <Buffer 01>
Attribute: 3 <Buffer 6d 69 6f 74>
Attribute: 100 <Buffer 03 00 00 00 00 00 00 00>
Attribute: 101 <Buffer >
Attribute: 102 <Buffer 9a bb ae d4 39 5a 6e d9 ee c1 23 3a 42 50 84 33 12 2c bc 3b>
Attribute: 103 <Buffer 01>
Attribute: 105 <Buffer 00>
Attribute: 107 <Buffer 00>
Attribute: 108 <Buffer 01>
Attribute: 109 <Buffer 00>
Attribute: 10c <Buffer 00>
Attribute: 110 <Buffer >
Attribute: 111 <Buffer >
Attribute: 162 <Buffer 00>
Attribute: 163 <Buffer 01>
Attribute: 164 <Buffer 01>
Attribute: 165 <Buffer 01>
Attribute: 166 <Buffer 00 00 00 00 00 00 00 00>
Attribute: 170 <Buffer 01>
Attribute: 180 <Buffer 06 08 2a 86 48 ce 3d 03 01 07>
Attribute: 202 <Buffer 00>
Attribute: 210 <Buffer 00>

According to your spec Key Use Limit should be at 0x80000108. But I cannot see this at any object. Am I doing something wrong?

Edit:
Also CKA_SC_HSM_ALGORITHM_LIST which I have specified and is visible in scsh3 is missing from pcks11 attributes.

Provide tray tool implementing RAMoverHTTP

Write a QT application that installs as a tray icon and which replaces the OCF Web Client required for PKI-as-a-Service.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

cardcontact / sc-hsm-embedded Goto Github PK

sc-hsm-embedded's People

Contributors

Stargazers

Watchers

Forkers

sc-hsm-embedded's Issues

Recommend Projects

Recommend Topics

Recommend Org