Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guide on Utimaco simulator #12

Closed
longnt89 opened this issue Feb 1, 2021 · 4 comments
Closed

Guide on Utimaco simulator #12

longnt89 opened this issue Feb 1, 2021 · 4 comments

Comments

@longnt89
Copy link

longnt89 commented Feb 1, 2021

Hi @bentonstark ,

As you have successfully tested your library on a Utimaco simulator, I'd like to make some questions because currently I have to create a Python application (using your py-hsm library) that sends requests to a Utimaco cryptoserver PCIe. Before testing the application on a physical device (commercially used) I need to make sure that it works correctly on a simulator.

For some information:

  • I already recompiled libhsm.dll and added its' full directory path to the PATH system variable (I'm using Windows 10).
  • I already installed Utimaco CryptoServerSetup and its SDK v2.90, which provides also a simulator.
  • I'm using Python 3, my test application is written on Jupyter notebook.
  • I already installed py-hsm via pip.

However, when I tried to use your sample code to just make some login to the cryptoserver, for example:
c = HsmClient(pkcs11_lib="C:\Windows\System32\cs_pkcs11_R2.dll")
c.open_session(slot=0)
c.login(pin="123456")
c.logout()
c.close_session()

(Suppose that I put cs_pkcs11_R2.dll to C:\windows\system32)

That one returned such error:

'open_session: PKCS#11 C_OpenSession on slot 0 failed with return value 3. CKR_SLOT_ID_INVALID

I tried to read the Utimaco dev guide, I used CAT tool to initialize the slot 0 but it always gave me such error.

Honestly, I have no idea of what should I do to make some test with the simulator, could you give me a hint or if you have always kept your code that tested on a Utimaco simulator would it be possible to send me your code or its instruction?

Many thanks for your help.
@bentonstark
Copy link
Owner

bentonstark commented Feb 1, 2021
edited
Loading

It has been several years since I installed and used the Utimaco Simulator and used it on Linux rather than Windows. So it sounds like you are using the java -jar p11cat.jar program.

The good news is that it appears you have loaded the HSM P11 library and it is talking to some degree with the simulator. I think the next step is to look at the log files of the simulator for clues. You should be able to set the log file location in the cs_pkcs11_R2.cfg file. The simulator has two main parts: (1) server (2) client.

Below is the config file I used on the Linux client to connect to the Utimaco Simulator server (SecurityServer-V3.21.0.zip) running in Wine. That version is going to be probably be old so things may have changed. Your Logpath should be some value path on your Windows host. Set the Logging level to 4. Also check the SlotCount value.

cs_pkcs11_R2.cfg

[Global]
# Path to the logfile (name of logfile is attached by the API)
Logpath = /tmp
# Loglevel (0 = NONE; 1 = ERROR; 2 = WARNING; 3 = INFO; 4 = TRACE)
Logging = 4
# Maximum size of the logfile in bytes (file is rotated with an backupfile
if full)
Logsize = 10mb
# Created/Generated keys are stored in an external or internal database
KeysExternal = false
# If true, every session establishes its own connection
SlotMultiSession = true
# Maximum number of slots that can be used
SlotCount = 1
# If true, leading zeroes of decryption operations will be kept
KeepLeadZeros = false
# Prevents expiring session after inactivity of 15 minutes
KeepAlive = false
# Timeout of the open connection command in ms
ConnectionTimeout = 5000
# Timeout of command execution in ms
CommandTimeout = 60000
[CryptoServer]
Device = 3001@127.0.0.1

Now if you still have issues there is another test you should perform which is to test that libhsm and py-hsm are working properly on Windows. To do that you can use SoftHSM2 which is a free program from OpenDNSSEC that emulates a mostly PKCS-11 compliant HSM. Now again I used softhsm on Linux where it is a native application you can install with your distro package manager. But it appears someone has ported it to Windows.
https://github.com/disig/SoftHSM2-for-Windows
https://github.com/opendnssec/SoftHSMv2

@longnt89
Copy link
Author

longnt89 commented Feb 4, 2021

Thank you for your great response @bentonstark
I'll give it a try absolutely!

@E-genin
Copy link

E-genin commented Nov 8, 2022
edited
Loading

@longnt89 or @bentonstark , any hint on how to recompile the libhsm library in Windows ?
When I try to do it from visual studio, it says that it cannot find some files ChrystokiConfiguration.cpp, c_bridge.cpp and other files

@bentonstark
Copy link
Owner

bentonstark commented Nov 8, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bentonstark @longnt89 @E-genin