-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with Slot ID masking #322
Comments
It does not need to be unmasked when getting the slot. The masked token serial number will be used as the Slot ID. Do you have more details on the error and how you are calling the functions? |
The masking is an internal mechanism in SoftHSM and should not be used by the calling application. You should search for a slot in the slot list containing the token with a given label and/or serial number. Then use this slot id when calling C_OpenSession. |
Consider the following scenario, I'm initializing the slots map using C_Initialize. How to retrieve the Slot information for Slot ID 0? And if we want to retrieve Slot information based on label, will the label be unique across all tokens? And how to retrieve Slot information using Label? or if we want to retrieve it using token serial, from where can we get token serial for Slot ID 0 ? Since I'm initializing a token at Slot ID 0, shouldn't I be able to retrieve it using Slot ID 0 ? |
Slot IDs are internal behaviour for PKCS #11 implementations, the standard does not specify whether they need to be consistent between individual loads of the library. The proper way to find a slot is to call C_GetSlotList and then iterate over slots until you find the one you are looking for. You will find that the way implementations assign slot IDs varies wildly, so if you want to build robust software that uses PKCS #11 you must not rely on slot IDs being fixed.
Op 23 mei 2017 om 21:53 heeft saividhya <notifications@github.com<mailto:notifications@github.com>> het volgende geschreven:
Consider the following scenario,
I'm initializing the slots map using C_Initialize.
Then I'm initializing a token with Slot ID 0 using C_InitToken(0,...)
Now after re-initializing(C_Initialize), if I want to get the Slot info using C_GetSlotInfo(0,...) , it throws "slotID is out of range error"
How to retrieve the Slot information for Slot ID 0?
And if we want to retrieve Slot information based on label, will the label be unique across all tokens? And how to retrieve Slot information using Label?
or if we want to retrieve it using token serial, from where can we get token serial for Slot ID 0 ?
Since I'm initializing a token at Slot ID 0, I should be able to retrieve it using Slot ID 0.
-
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#322 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ABpE7wGelZwRT-BNN6owXOWxPe1EajFcks5r8zkkgaJpZM4Niuik>.
|
Here you have some code illustrating how you can find a token (slot id) based on its label or serial number. The serial number will be unique, but there can be multiple tokens with the same label (the label is given by the user when initializing the token). https://github.com/opendnssec/SoftHSMv2/blob/develop/src/bin/common/findslot.cpp#L185 |
In SlotManager, while inserting into slots map, the Token Serial is masked and inserted as Slot ID.
But when a lookup is done later, based on Slot ID (for eg:- in C_OpenSession), the Slot ID is not unmasked. Because of which "slotID is out of range error" is thrown
The text was updated successfully, but these errors were encountered: