/SoftHSMv2

Unable to get tokens after upgrade to softhsm 2.2.0 #298

Closed
MartinBasti opened this Issue Mar 28, 2017 · 2 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@MartinBasti
@MartinBasti

MartinBasti commented Mar 28, 2017

Hello,
after upgrade to softhsm 2.2.0 I cannot get tokens using pkcs11 interface

# FreeIPA installed with DNS
# softhsm 2.1.0
$ export SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf

$ cat /etc/ipa/dnssec/softhsm2.conf
# SoftHSM v2 configuration file 
# File generated by IPA instalation
directories.tokendir = /var/lib/ipa/dnssec/tokens
objectstore.backend = file

$ pkcs11-list -p 5Po2ILa3LMRVSNc6eoOxvJnDeN4kdl -s 0 -m /usr/lib64/pkcs11/libsofthsm2.so
object[0]: handle 2 class 3 label[53] 'dnssec-replica:vm-126.example.com.' id[16] 0x0972b9b341a4fdf6... E:never
object[1]: handle 3 class 2 label[53] 'dnssec-replica:vm-126.example.com.' id[16] 0x0972b9b341a4fdf6...

# Upgrade to softhsm 2.2.0 on the same server, no changes to FreeIPA

$ pkcs11-list -p 5Po2ILa3LMRVSNc6eoOxvJnDeN4kdl -s 0 -m /usr/lib64/pkcs11/libsofthsm2.so
Unrecoverable error initializing PKCS#11: not found
Unrecoverable error initializing PKCS#11: not found

# our python helper
$ python2 /usr/lib/python2.*/site-packages/ipaserver/dnssec/localhsm.py
...
ipaserver.p11helper.Error: Error at open session: 0x3   # invalid slot ?

This is reproducible on both fedora and ubuntu.

Could you please point me to right direction how to debug this, because I'm currently lost. Was something pkcs11 related changed in 2.2.0 ?
@MartinBasti

MartinBasti commented Mar 28, 2017
Edited 1 time

I tried to initialize new token and result is the same

# softhsm 2.2.0
[root@vm-126 ~]# softhsm2-util --init-token --slot 1 --label test --pin 123456 --so-pin 123456
The token has been initialized.
[root@vm-126 ~]# pkcs11-list -p 123456 -s 1 -m /usr/lib64/pkcs11/libsofthsm2.so
slot 1
Unrecoverable error initializing PKCS#11: not found
Unrecoverable error initializing PKCS#11: not found

EDIT: after downgrade

Downgraded:
  softhsm.x86_64 2.1.0-1.fc25                                                                                                                                                                                      

Complete!
[root@vm-126 ~]# pkcs11-list -p 123456 -s 1 -m /usr/lib64/pkcs11/libsofthsm2.so
slot 1
@MartinBasti

MartinBasti commented Mar 29, 2017

It looks that I'm hitting this #199

So most likely it is issue on my side because application didn't expect that slot can be changed.

@MartinBasti MartinBasti closed this Mar 29, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment