Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

loading multiple modules with pkcs11-tool #784

Closed
syedelec opened this issue Jun 3, 2016 · 3 comments
Closed

loading multiple modules with pkcs11-tool #784

syedelec opened this issue Jun 3, 2016 · 3 comments

Comments

@syedelec
Copy link

syedelec commented Jun 3, 2016

Hi,

I just have some questions regarding OpenSC implementation and sub projects.

I have currently a software implementation library for PKCS#11 API functions (C_Login, C_Verify, C_Encrypt ...), not regarding any hardware. Lets assume it is lib_pkcs11.so

1:

I want to use it with pkcs11-tool however, this library (lib_pkcs11.so) uses functions from another shared library (lets assume lib_other.so) so if I write :
pkcs11-tool --module /path/to/lib_pkcs11.so

I have the error :
pkcs11-tool: symbol lookup error: /path/to/lib_pkcs11.so: undefined symbol: <symbol>

Is is possible to add another module to look for it into pkcs11-tool --module option ?
I tried pkcs11-tool --module /path/to/lib_pkcs11.so /path/to/lib_other.so but it's not working.

2:

I want to use the same library (lib_pkcs11.so) using OpenSSL PKCS#11 engine to perform basic operations for example digest SHA1 using openssl.
I still have the problem to load both library lib_pkcs11.so and lib_other.so.
I'm using command :

openssl engine dynamic -pre SO_PATH:/path/to/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/path/to/lib_pkcs11.so -t -c

If I'm understand well, MODULE_PATH correspond to library containing implementation for PKCS#11 API so corresponding to my software implementation lib_pkcs11.so.

3:

I don't understand what is the difference between libp11.so, opensc-pkcs11.so and pkcs11-helper and why engine_pkcs11 has been merged into libp11.

Thank you very much for your help.
@dengert
Copy link
Member

dengert commented Jun 3, 2016 

Your library needs to be linked as dynamic library,  also called a
module.  Libtool  can do this  using the -module option which is how
OpenSC builds the module.  Search for: dynamic library. 

dlopen is uses to load the module. 

For example see:
http://www.yolinux.com/TUTORIALS/LibraryArchives-StaticAndDynamic.html

With a PKCS#11 module, only one function is exported and that is
C_GetFunctionList, that returns a list of function pointers to the
reset of the PKCS#11 functions. 



On 6/3/2016 6:03 AM, Sid-Ali wrote:


  Hi, 
  I just have some questions regarding OpenSC implementation and
    sub projects.
  I have currently a software implementation library for PKCS#11
    API functions (C_Login, C_Verify, C_Encrypt ...), not regarding
    any hardware. Lets assume it is lib_pkcs11.so
  1:
  I want to use it with pkcs11-tool however, this library
    (lib_pkcs11.so) uses functions from another shared library (lets
    assume lib_other.so) so if I write :
    pkcs11-tool --module /path/to/lib_pkcs11.so
  I have the error :
    pkcs11-tool: symbol lookup error: /path/to/lib_pkcs11.so:
      undefined symbol: <symbol>
  Is is possible to add another module to look for it into
    pkcs11-tool --module option ?
    I tried pkcs11-tool --module /path/to/lib_pkcs11.so
      /path/to/lib_other.so but it's not working.
  2:
  I want to use the same library (lib_pkcs11.so) using OpenSSL PKCS#11
      engine to perform basic operations for example digest SHA1
    using openssl.
    I still have the problem to load both library lib_pkcs11.so and
    lib_other.so.
    I'm using command :
  openssl engine dynamic -pre
      SO_PATH:/path/to/engine_pkcs11.so -pre ID:pkcs11 -pre
      LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/path/to/lib_pkcs11.so
      -t -c
  If I'm understand well, MODULE_PATH correspond to library
    containing implementation for PKCS#11 API so corresponding to my
    software implementation lib_pkcs11.so.
  3:
  I don't understand what is the difference between libp11.so,
    opensc-pkcs11.so and pkcs11-helper and why engine_pkcs11 has
    been merged into libp11.
  Thank you very much for your help.
  —
    You are receiving this because you are subscribed to this
    thread.
    Reply to this email directly, view it on
      GitHub, or mute
      the thread.









--

Douglas E. Engert DEEngert@gmail.com

@dengert
Copy link
Member

dengert commented Jun 3, 2016

The point of a module is that it is self contained, and linked with all the shared libraries it needs. It should not have any link dependencies on routines in the calling application. It can uses different versions of libraries then the application uses. Other examples of modules include PAM modules and browsers plugins.

opensc-pkcs11.so is the OpenSC module to implement the PKCS#11 API. It is inked with libopensc.so and other OpenSC libs.

libp11 is a helper library designed to make it easier to use PKCS#11 in applications without having to program to the PKCS#11 API. It will dlopen a pkcs#11 module.

engine_pkcs11 was an OpenSSL engine module that used libp11 it was so dependent on the versions of OpenSSL and libp11, that it is now included in libp11 as the libp11 can be uses as the engine too.

pkcs11-helper (Which I have never used) is another library to make using PKCS#11 "easier" to use.

pkcs11-spy is a PKCS#11 API module that traces all calls and returns of another PKCS#11 module that pkcs11-spy dlopens.

@syedelec
Copy link
Author

syedelec commented Jun 6, 2016

@dengert Thank you very much, it's much clearer now.
I close the question.

@syedelec syedelec closed this as completed Jun 6, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dengert @syedelec