keldonin
commented
5 years ago Hi @apipersenia, thank you for your interest in the toolkit.
Could it be that you are using SoftHSM v1? The list of mechanisms in your message looks similar to what can be found in the corresponding GitHub repo for softHSMv1 (in which case, p11slotinfo is telling you the truth):
// A list with the supported mechanisms
static CK_MECHANISM_TYPE supportedMechanisms[] = {
CKM_RSA_PKCS_KEY_PAIR_GEN,
CKM_RSA_PKCS,
CKM_RSA_X_509,
CKM_MD5,
CKM_RIPEMD160,
CKM_SHA_1,
CKM_SHA224,
CKM_SHA256,
CKM_SHA384,
CKM_SHA512,
CKM_MD5_RSA_PKCS,
CKM_RIPEMD160_RSA_PKCS,
CKM_SHA1_RSA_PKCS,
CKM_SHA256_RSA_PKCS,
CKM_SHA384_RSA_PKCS,
CKM_SHA512_RSA_PKCS,
CKM_SHA1_RSA_PKCS_PSS,
CKM_SHA256_RSA_PKCS_PSS,
CKM_SHA384_RSA_PKCS_PSS,
CKM_SHA512_RSA_PKCS_PSS
};I tried on my computer, using SoftHSMv2, and CKM_AES_GCM is a listed mechanism:
$ brew info softhsm
softhsm: stable 2.5.0 (bottled)
Cryptographic store accessible through a PKCS#11 interface
https://www.opendnssec.org/softhsm/
/usr/local/Cellar/softhsm/2.5.0 (16 files, 2.6MB) *
Poured from bottle on 2018-10-24 at 13:14:08
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/softhsm.rb
==> Dependencies
Required: openssl ✔
$ p11slotinfo -l /usr/local/lib/softhsm/libsofthsm2.so -s 0
Slot[0]
-------------
Slot Number : 346632485
Description : SoftHSM slot ID 0x14a93125
Manufacturer: SoftHSM project
Slot Flags : [ CKF_TOKEN_PRESENT ]
Token
-------------
Label : first token
Manufacturer: SoftHSM project
Token Flags : [ CKF_RNG CKF_LOGIN_REQUIRED CKF_USER_PIN_INITIALIZED CKF_RESTORE_KEY_NOT_NEEDED CKF_TOKEN_INITIALIZED ]
Mechanisms:
-----------
CKM_MD5 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000210)
CKM_SHA_1 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000220)
CKM_SHA224 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000255)
CKM_SHA256 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000250)
CKM_SHA384 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000260)
CKM_SHA512 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00000270)
CKM_MD5_HMAC --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000211)
CKM_SHA_1_HMAC --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000221)
CKM_SHA224_HMAC --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000256)
CKM_SHA256_HMAC --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000251)
CKM_SHA384_HMAC --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000261)
CKM_SHA512_HMAC --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000271)
CKM_RSA_PKCS_KEY_PAIR_GEN --- --- --- --- --- --- --- --- gkp --- --- --- SW (00000000)
CKM_RSA_PKCS enc dec --- sig --- vfy --- --- --- wra unw --- SW (00000001)
CKM_RSA_X_509 enc dec --- sig --- vfy --- --- --- --- --- --- SW (00000003)
CKM_MD5_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000005)
CKM_SHA1_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000006)
CKM_RSA_PKCS_OAEP enc dec --- --- --- --- --- --- --- wra unw --- SW (00000009)
CKM_SHA224_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000046)
CKM_SHA256_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000040)
CKM_SHA384_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000041)
CKM_SHA512_RSA_PKCS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000042)
CKM_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000000d)
CKM_SHA1_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000000e)
CKM_SHA224_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000047)
CKM_SHA256_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000043)
CKM_SHA384_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000044)
CKM_SHA512_RSA_PKCS_PSS --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000045)
CKM_GENERIC_SECRET_KEY_GEN --- --- --- --- --- --- --- gen --- --- --- --- SW (00000350)
CKM_DES_KEY_GEN --- --- --- --- --- --- --- gen --- --- --- --- SW (00000120)
CKM_DES2_KEY_GEN --- --- --- --- --- --- --- gen --- --- --- --- SW (00000130)
CKM_DES3_KEY_GEN --- --- --- --- --- --- --- gen --- --- --- --- SW (00000131)
CKM_DES_ECB enc dec --- --- --- --- --- --- --- --- --- --- SW (00000121)
CKM_DES_CBC enc dec --- --- --- --- --- --- --- --- --- --- SW (00000122)
CKM_DES_CBC_PAD enc dec --- --- --- --- --- --- --- --- --- --- SW (00000125)
CKM_DES_ECB_ENCRYPT_DATA --- --- --- --- --- --- --- --- --- --- --- der SW (00001100)
CKM_DES_CBC_ENCRYPT_DATA --- --- --- --- --- --- --- --- --- --- --- der SW (00001101)
CKM_DES3_ECB enc dec --- --- --- --- --- --- --- --- --- --- SW (00000132)
CKM_DES3_CBC enc dec --- --- --- --- --- --- --- --- --- --- SW (00000133)
CKM_DES3_CBC_PAD enc dec --- --- --- --- --- --- --- --- --- --- SW (00000136)
CKM_DES3_ECB_ENCRYPT_DATA --- --- --- --- --- --- --- --- --- --- --- der SW (00001102)
CKM_DES3_CBC_ENCRYPT_DATA --- --- --- --- --- --- --- --- --- --- --- der SW (00001103)
CKM_DES3_CMAC --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000138)
CKM_AES_KEY_GEN --- --- --- --- --- --- --- gen --- --- --- --- SW (00001080)
CKM_AES_ECB enc dec --- --- --- --- --- --- --- --- --- --- SW (00001081)
CKM_AES_CBC enc dec --- --- --- --- --- --- --- --- --- --- SW (00001082)
CKM_AES_CBC_PAD enc dec --- --- --- --- --- --- --- --- --- --- SW (00001085)
CKM_AES_CTR enc dec --- --- --- --- --- --- --- --- --- --- SW (00001086)
CKM_AES_GCM enc dec --- --- --- --- --- --- --- --- --- --- SW (00001087)
unknown mechanism --- --- --- --- --- --- --- --- --- wra unw --- SW (00002109)
CKM_AES_ECB_ENCRYPT_DATA --- --- --- --- --- --- --- --- --- --- --- der SW (00001104)
CKM_AES_CBC_ENCRYPT_DATA --- --- --- --- --- --- --- --- --- --- --- der SW (00001105)
CKM_AES_CMAC --- --- --- sig --- vfy --- --- --- --- --- --- SW (0000108a)
CKM_DSA_PARAMETER_GEN --- --- --- --- --- --- --- gen --- --- --- --- SW (00002000)
CKM_DSA_KEY_PAIR_GEN --- --- --- --- --- --- --- --- gkp --- --- --- SW (00000010)
CKM_DSA --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000011)
CKM_DSA_SHA1 --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000012)
CKM_DSA_SHA224 --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000013)
CKM_DSA_SHA256 --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000014)
CKM_DSA_SHA384 --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000015)
CKM_DSA_SHA512 --- --- --- sig --- vfy --- --- --- --- --- --- SW (00000016)
CKM_DH_PKCS_KEY_PAIR_GEN --- --- --- --- --- --- --- --- gkp --- --- --- SW (00000020)
CKM_DH_PKCS_PARAMETER_GEN --- --- --- --- --- --- --- gen --- --- --- --- SW (00002001)
CKM_DH_PKCS_DERIVE --- --- --- --- --- --- --- --- --- --- --- der SW (00000021)
CKM_ECDSA_KEY_PAIR_GEN --- --- --- --- --- --- --- --- gkp --- --- --- SW (00001040) ec: F^p --- --- nam unc ---
CKM_ECDSA --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001041) ec: F^p --- --- nam unc ---
CKM_ECDH1_DERIVE --- --- --- --- --- --- --- --- --- --- --- der SW (00001050)
CKM_GOSTR3411 --- --- hsh --- --- --- --- --- --- --- --- --- SW (00001210)
CKM_GOSTR3411_HMAC --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001211)
CKM_GOSTR3410_KEY_PAIR_GEN --- --- --- --- --- --- --- --- gkp --- --- --- SW (00001200)
CKM_GOSTR3410 --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001201)
CKM_GOSTR3410_WITH_GOSTR3411 --- --- --- sig --- vfy --- --- --- --- --- --- SW (00001202)
$ p11slotinfo -V
p11slotinfo belongs to pkcs11-tools v1.0.1 (Dec 18 2018)
arch/CPU/OS: x86_64/x86_64/darwin17.7.0
using openssl library: OpenSSL 1.0.2q 20 Nov 2018Can you check which version of softhsm you are using?
Regards,
apipersenia
Hi @keldonin! Thanks for working on this awesome utility. While playing with it, I was a little confused by the output of
p11slotinfo -l /usr/lib/softhsm/libsofthsm.so.SoftHSM has support for AES GCM but it does not show up as a supported mechanism in the output. Any thoughts?