[Softhsm-develop] SoftHSM v2 inconsistencies with regards to v1

Sat Oct 11 07:53:41 UTC 2014

On Thu, Oct 2, 2014 at 1:37 PM, Jerry Lundström <jerry.lundstrom at iis.se>
wrote:

> - C_Login with CKU_CONTEXT_SPECIFIC
> This will always returns CKR_OPERATION_NOT_INITIALIZED because its not
> handled (there is a TODO in the source).
>

This usage scenario is not implemented in e.g. C_SignInit(). PKCS#11 says
that CKR_OPERATION_NOT_INITIALIZED is the proper return value. SoftHSMv1 is
not doing anything with this user type, if we want to be strict then
SoftHSMv1 should also return this value.

> - C_Login while already logged in
> This returns CKR_SESSION_READ_ONLY_EXISTS while v1 returns
> CKR_USER_ANOTHER_ALREADY_LOGGED_IN.
>

This is just an order of evaluation. This can differ between HSM:s. Both
are doing the same checks but in different order. Except that SoftHSMv1 is
not checking if the given user is already logged in,
CKR_USER_ALREADY_LOGGED_IN.

> - Unable to use object/key handle after C_Logout
> In runObjectCheck() for v1 a key pair is created then the user is logged
> out to run tests while logged out and later on the user is logged back
> in to do the same. This does not work in v2, the object/key handle
> received while logged in does not work after logout/login,
> CKR_OBJECT_HANDLE_INVALID is received from for example
> C_GetAttributeValue, C_SetAttributeValue and C_DestroyObject.
> This problem also affected sign/verify/encrypt and decrypt tests, had to
> turn off a bunch of tests.
>

PKCS#11 says that handles for private objects will become invalid after
logout. When you login again, the private object will be assigned a new
handle. In SoftHSMv1, the handle is the ID in the database and will not
change during the lifetime of the object. In theory, the object handle is a
temporary ID and this is also true for SoftHSMv2.

> - Encrypt and decrypt operations not separated
> In runDecryptCheck() a encrypt and decrypt operation is initiated at the
> same time, v1 could handle this but v2 does not.
>

The tests for SoftHSMv1 are using two different sessions, but the code in
SoftHSMv1 is not checking if other crypto operations are active. The
different crypto operations are not using the same resources within the
session. Are you just using one session in your code?

SoftHSMv2 only allows one active crypto operation per session. This is
because the crypto operations are using the same resources within the
session.

See the definition for CKR_OPERATION_ACTIVE. You could check for the
flag CKF_DUAL_CRYPTO_OPERATIONS but that is not set in non of the versions.
SoftHSMv1 could have that one set if we want.

- Decrypting data with the wrong key returns CKR_GENERAL_ERROR
> This happens in v2 but in v1 CKR_ENCRYPTED_DATA_INVALID is returned
> which is a much better error.
>

SoftHSMv2 is using more abstraction layers than SoftHSMv1. The internal
decrypt function only has a boolean return value, where the negative result
could be other things than just CKR_ENCRYPTED_DATA_INVALID. More details
are given in the logs.

In total: There are some things that we can change in SoftHSMv1.

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/softhsm-develop/attachments/20141011/0c6284ff/attachment.htm>