paulmgtech
commented
3 years ago Hi @primetomas Do you have any idea why above error happened?
Open paulmgtech opened 3 years ago
paulmgtech
commented
3 years ago Hi @primetomas Do you have any idea why above error happened?
primetomas
commented
3 years ago No idea. I don't Init the token using P11 myself, we init the token with the cavium tools and then just use it through JackNJI11.
paulmgtech
commented
3 years ago Hi @primetomas
Thank you so much for your reply.
We have tried with your approach using Cfm2Util tool. We got session handle using following method:
[root@localhost bin]# ./Cfm2Util -p PARTITION_2
Application is bound to the partition with name: PARTITION_2
SDK Version: 2.03
Cfm2Initialize() returned app id : 02004000
session_handle 2004001
Current FIPS mode is: 00000002And we have passed that same session handle as parameter for OpenSession and Login methods like below:
LongRef sesssionLonRef = new LongRef(0x2004001L);
CE.OpenSession(INITSLOT, CK_SESSION_INFO.CKF_SERIAL_SESSION
| CK_SESSION_INFO.CKF_RW_SESSION, null, null, sesssionLonRef);
CE.Login(sesssionLonRef.value, CKU.USER, USER_PIN);
We could login using this hard coded method. But it's going to PARTITION_1 only.
We tried a lot by changing other parameters using relevant methods. But nothing helped out. Do you have any specific suggestion to login into other partition?
Your helps are greatly appreciated. Eagerly awaiting for your reply. :)
Many Thanks Paul V
primetomas
commented
3 years ago First OpenSession is what gives you the session handle, you can not use an old session handle from another session. Sessions are created and destroyed, and you need to keep track of your sessions. session = c.OpenSession(id, CK_SESSION_INFO.CKF_RW_SESSION | CK_SESSION_INFO.CKF_SERIAL_SESSION, null, null);
Id is the slotID that you want to open a session to. This is a long, with the slot ID, you can get that from ListSlots (or somewhere from Cavium tools).
PKCS#11 is not easy, and I don't know all details of it myself. You should study the standard specification to get an understanding of how slot IDs, slot labels and sessions work.
Regards, Tomas
paulmgtech
commented
3 years ago Hi @primetomas,
Thanks for the information. Even I tried to list the slot information. Always it's come as 1 even I have many partitions in PCIe card.
Once again thanks for your guidance. I shall learn more about PKCS#11 as you guided.
Many Thanks Paul
Hi,
I am using Cavium PCIe card for my HSM implementation.
I can't load token using: CE.InitToken(INITSLOT, SO_PIN, "PARTITION_2".getBytes());
It's throwing below error: 11:49:23.743 [main] DEBUG com.hsm.rest.pkcs11.jacknji11.C - > C_InitToken slotID=1 pin=*** label="PARTITION_2 " 11:49:23.747 [main] DEBUG com.hsm.rest.pkcs11.jacknji11.C - < C_InitToken rv=0x00000007{ARGUMENTS_BAD} Exception in thread "main" com.hsm.rest.pkcs11.jacknji11.CKRException: 0x00000007: ARGUMENTS_BAD at com.hsm.rest.pkcs11.jacknji11.CE.InitToken(CE.java:273) at org.pkcs11.jacknji11.Test.main(Test.java:163) SDK Version: 2.03 HSM error 4000021c: Invalid Input Data/Params
C_InitToken failed with error CKR_ARGUMENTS_BAD : 0x00000007
can you please clarify that: is my approach correct when load token with specific partition of PCIe HSM card? If so what I am missing or changes needed?
Many thanks Paul
cc: @joelhockey , @primetomas