search

Nitrokey / nethsm-pkcs11

PKCS#11 module for NetHSM
Other
36 stars 10 forks source link

Implement coalescing of fetch_all #177

Closed sosthene-nitrokey closed 8 months ago

sosthene-nitrokey commented 9 months ago

Fix #174, built on top of #185

codecov[bot] commented 9 months ago

Codecov Report

Attention: 3 lines in your changes are missing coverage. Please review.

Comparison is base (629cecc) 90.36% compared to head (0a54f42) 90.59%.

Files Patch % Lines
pkcs11/src/backend/session.rs 98.79% 2 Missing :warning:
pkcs11/src/backend/key.rs 96.77% 1 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #177 +/- ## ========================================== + Coverage 90.36% 90.59% +0.22% ========================================== Files 31 31 Lines 6644 6792 +148 ========================================== + Hits 6004 6153 +149 + Misses 640 639 -1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

rcritten commented 9 months ago

While PR #185 works with listing certificates uploaded using p11tool with this patchset I do not see the certificates with certutil.

sosthene-nitrokey commented 9 months ago

Thank you for your feedback.

Can you please share your testing approach ? This patch it built on top of #185 and listing works for me.

rcritten commented 9 months ago

So I must have messed up something in earlier testing. Re-testing it and it does show the certificate as expected.

My methodology:

Build the module + patch and copy resulting shared library to /usr/lib64/pkcs11/nethsm-pkcs11-v1.1.0-x86_64-fedora.39.so (I haven't automated version detection yet).

Create /etc/pkcs11/modules/nethsm.conf with contents: module: /usr/lib64/pkcs11/nethsm-pkcs11-v1.1.0-x86_64-fedora.39.so

Create an NSS database and verify the token is visible:

# mkdir nssdb
# certutil -N -d /root/nssdb --empty-password
# modutil -list -dbdir /root/nssdb/
... snip ...
  2. p11-kit-proxy
        library name: p11-kit-proxy.so
        uri: pkcs11:library-manufacturer=PKCS%2311%20Kit;library-description=PKCS%2311%20Kit%20Proxy%20Module;library-version=1.1
        slots: 1 slot attached
        status: loaded

        slot: NetHSM
        token: LocalHSM
        uri: pkcs11:token=LocalHSM;manufacturer=Nitrokey%20GmbH;serial=0000000000;model=NetHSM

Run the test upload_certificate.sh (only modification is the path to the shared library).

# certutil -L -d nssdb/ -h all