[Softhsm-develop] SoftHSM v2 inconsistencies with regards to v1

Jerry Lundström jerry.lundstrom at iis.se
Thu Oct 2 11:37:06 UTC 2014


Hi,

So I found some issues during my testing of my Perl module and SoftHSMv2
with regards to v1, a few of them where just different return codes so
they are not listed here.

- C_Login with CKU_CONTEXT_SPECIFIC
This will always returns CKR_OPERATION_NOT_INITIALIZED because its not
handled (there is a TODO in the source).

- C_Login while already logged in
This returns CKR_SESSION_READ_ONLY_EXISTS while v1 returns
CKR_USER_ANOTHER_ALREADY_LOGGED_IN.

- Unable to use object/key handle after C_Logout
In runObjectCheck() for v1 a key pair is created then the user is logged
out to run tests while logged out and later on the user is logged back
in to do the same. This does not work in v2, the object/key handle
received while logged in does not work after logout/login,
CKR_OBJECT_HANDLE_INVALID is received from for example
C_GetAttributeValue, C_SetAttributeValue and C_DestroyObject.
This problem also affected sign/verify/encrypt and decrypt tests, had to
turn off a bunch of tests.

- Encrypt and decrypt operations not separated
In runDecryptCheck() a encrypt and decrypt operation is initiated at the
same time, v1 could handle this but v2 does not.

- Decrypting data with the wrong key returns CKR_GENERAL_ERROR
This happens in v2 but in v1 CKR_ENCRYPTED_DATA_INVALID is returned
which is a much better error.

-- 
Jerry Lundström - Software Engineer
.SE - The Internet Infrastructure Foundation
http://www.iis.se/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/softhsm-develop/attachments/20141002/1a735aab/attachment.bin>


More information about the Softhsm-develop mailing list