Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sc-hsm-pkcs11-test: "Find a private key after login" test failure on an empty token #39

Open
saper opened this issue Jan 28, 2023 · 1 comment
Open

sc-hsm-pkcs11-test: "Find a private key after login" test failure on an empty token #39

saper opened this issue Jan 28, 2023 · 1 comment

Comments

@saper
Copy link
Contributor

saper commented Jan 28, 2023

As of 4f26f20 I get the following running the tests on an freshly initialized Nitrokey HSM 2:

Script started on Sat Jan 28 11:55:01 2023
Command: ./src/tests/sc-hsm-pkcs11-test --module src/pkcs11/.libs/libsc-hsm-pkcs11.so
 --pin 000000 --invasive
PKCS11 unit test running.

and then:

Find a private key after loginCalling C_FindObjectsInit - CKR_OK : Passed
Calling C_FindObjects - CKR_OK : Passed
Calling C_FindObjectsFinal - CKR_OK : Passed
- CKR_ARGUMENTS_BAD : Failed

Quick analysis:

At the time the testLogin()

sc-hsm-embedded/src/tests/sc-hsm-pkcs11-test.c

Line 2833 in 4f26f20

testLogin(p11, session);
is run, there is no private key on the token at all.

If I run the following sequence instead:

radziecki> sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 000000                                                                
Using reader with a card: Nitrokey Nitrokey HSM (DENK01045710000         ) 00 00
radziecki> /usr/local/bin/pkcs11-tool -l -p 000000 --module ./src/pkcs11/.libs/libsc-hsm-pkcs11.so --keypairgen --key-type rsa:1024 --id 10                                   
Using slot 0 with a present token (0x1)
Key pair generated:
Private Key Object; RSA 
  label:      
  ID:         10
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive, never extractable, local
Public Key Object; RSA 1024 bits
  label:      
  ID:         10
  Usage:      encrypt, verify
  Access:     local
radziecki> ./src/tests/sc-hsm-pkcs11-test --module src/pkcs11/.libs/libsc-hsm-pkcs11.so --pin 000000 --invasive                           PKCS11 unit test running.           
Calling C_GetFunctionList Calling C_Initialize - CKR_OK : Passed
Calling C_GetInfo - CKR_OK : Passed
Calling C_GetSlotList - CKR_OK : Passed
Calling C_GetSlotInfo for slot 1 - CKR_OK : Passed
Slot manufacturer: CardContact
Slot ID : Slot description: 1 : Nitrokey Nitrokey HSM (DENK01045710000         ) 00 00
Slot flags: 7
Calling C_GetTokenInfo - CKR_OK : Passed
...

then I finally get

Unit test finished.
455 tests performed.
0 tests failed.
@saper
Copy link
Contributor Author

saper commented Jan 28, 2023

I have also noticed that if there is no AES key already, testAES() is skipped.

After adding the AES key, I got

Unit test finished.
472 tests performed.
0 tests failed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@saper