Open saper opened 1 year ago
As of https://github.com/CardContact/sc-hsm-embedded/commit/4f26f202b28d5fe1c91a7a5b84061dd5b385b440 I get the following running the tests on an freshly initialized Nitrokey HSM 2:
Script started on Sat Jan 28 11:55:01 2023 Command: ./src/tests/sc-hsm-pkcs11-test --module src/pkcs11/.libs/libsc-hsm-pkcs11.so --pin 000000 --invasive PKCS11 unit test running.
and then:
Find a private key after loginCalling C_FindObjectsInit - CKR_OK : Passed Calling C_FindObjects - CKR_OK : Passed Calling C_FindObjectsFinal - CKR_OK : Passed - CKR_ARGUMENTS_BAD : Failed
Quick analysis:
At the time the testLogin() https://github.com/CardContact/sc-hsm-embedded/blob/4f26f202b28d5fe1c91a7a5b84061dd5b385b440/src/tests/sc-hsm-pkcs11-test.c#L2833 is run, there is no private key on the token at all.
testLogin()
If I run the following sequence instead:
radziecki> sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 000000 Using reader with a card: Nitrokey Nitrokey HSM (DENK01045710000 ) 00 00 radziecki> /usr/local/bin/pkcs11-tool -l -p 000000 --module ./src/pkcs11/.libs/libsc-hsm-pkcs11.so --keypairgen --key-type rsa:1024 --id 10 Using slot 0 with a present token (0x1) Key pair generated: Private Key Object; RSA label: ID: 10 Usage: decrypt, sign Access: sensitive, always sensitive, never extractable, local Public Key Object; RSA 1024 bits label: ID: 10 Usage: encrypt, verify Access: local radziecki> ./src/tests/sc-hsm-pkcs11-test --module src/pkcs11/.libs/libsc-hsm-pkcs11.so --pin 000000 --invasive PKCS11 unit test running. Calling C_GetFunctionList Calling C_Initialize - CKR_OK : Passed Calling C_GetInfo - CKR_OK : Passed Calling C_GetSlotList - CKR_OK : Passed Calling C_GetSlotInfo for slot 1 - CKR_OK : Passed Slot manufacturer: CardContact Slot ID : Slot description: 1 : Nitrokey Nitrokey HSM (DENK01045710000 ) 00 00 Slot flags: 7 Calling C_GetTokenInfo - CKR_OK : Passed ...
then I finally get
Unit test finished. 455 tests performed. 0 tests failed.
I have also noticed that if there is no AES key already, testAES() is skipped.
testAES()
After adding the AES key, I got
Unit test finished. 472 tests performed. 0 tests failed.
As of https://github.com/CardContact/sc-hsm-embedded/commit/4f26f202b28d5fe1c91a7a5b84061dd5b385b440 I get the following running the tests on an freshly initialized Nitrokey HSM 2:
and then:
Quick analysis:
At the time the
testLogin()
https://github.com/CardContact/sc-hsm-embedded/blob/4f26f202b28d5fe1c91a7a5b84061dd5b385b440/src/tests/sc-hsm-pkcs11-test.c#L2833 is run, there is no private key on the token at all.If I run the following sequence instead:
then I finally get