safenet eToken 5100 pkcs11 bug(?)

Martin Meduna cybermedi at yahoo.com
Wed Jan 29 01:02:48 EST 2014


Guys, I am not able to get it run. I can not say where is the problem but it seams that the openssh client is not able to get list of rsa key from token. See two logs from pkcs11-spy. one is for "ssh  -I" the second is for "pkcs11-tool -O"
In the second log there is private_key visible or offered in the first one is not. 
I use openssh 6.4 version on Linux or Mac.


Log from ssh -I
0: C_GetFunctionList
2014-01-28 03:26:42.350
Returned:  0 CKR_OK

1: C_Initialize
2014-01-28 03:26:42.351
[in] pInitArgs = (nil)
Returned:  0 CKR_OK

2: C_GetInfo
2014-01-28 03:26:42.352
[out] pInfo: 
      cryptokiVersion:         2.20
      manufacturerID:         'SafeNet, Inc.                   '
      flags:                   0
      libraryDescription:     'SafeNet eToken PKCS#11          '
      libraryVersion:          8.3
Returned:  0 CKR_OK

3: C_GetSlotList
2014-01-28 03:26:42.352
[in] tokenPresent = 0x1
[out] pSlotList: 
Count is 1
[out] *pulCount = 0x1
Returned:  0 CKR_OK

4: C_GetSlotList
2014-01-28 03:26:42.352
[in] tokenPresent = 0x1
[out] pSlotList: 
Slot 0
[out] *pulCount = 0x1
Returned:  0 CKR_OK

5: C_GetTokenInfo
2014-01-28 03:26:42.352
[in] slotID = 0x0
[out] pInfo: 
      label:                  'mToken2                         '
      manufacturerID:         'SafeNet, Inc.                   '
      model:                  'eToken          '
      serialNumber:           '01db04cc        '
      ulMaxSessionCount:       0
      ulSessionCount:          0
      ulMaxRwSessionCount:     0
      ulRwSessionCount:        0
      ulMaxPinLen:             0
      ulMinPinLen:             0
      ulTotalPublicMemory:     73728
      ulFreePublicMemory:      54312
      ulTotalPrivateMemory:    73728
      ulFreePrivateMemory:     54312
      hardwareVersion:         8.0
      firmwareVersion:         1.0
      time:                   '                '
      flags:                   601
        CKF_RNG                          
        CKF_DUAL_CRYPTO_OPERATIONS       
        CKF_TOKEN_INITIALIZED            
Returned:  0 CKR_OK

6: C_OpenSession
2014-01-28 03:26:42.353
[in] slotID = 0x0
[in] flags = 0x6
pApplication=(nil)
Notify=(nil)
[out] *phSession = 0x3c60002
Returned:  0 CKR_OK

7: C_FindObjectsInit
2014-01-28 03:26:42.353
[in] hSession = 0x3c60002
[in] pTemplate[1]: 
    CKA_CLASS             CKO_PUBLIC_KEY       
Returned:  0 CKR_OK

8: C_FindObjects
2014-01-28 03:26:42.353
[in] hSession = 0x3c60002
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 0x8690003 matches
Returned:  0 CKR_OK

9: C_GetAttributeValue
2014-01-28 03:26:42.353
[in] hSession = 0x3c60002
[in] hObject = 0x8690003
[in] pTemplate[3]: 
    CKA_ID                0000000000000000 / 0
    CKA_MODULUS           0000000000000000 / 0
    CKA_PUBLIC_EXPONENT   0000000000000000 / 0
[out] pTemplate[3]: 
    CKA_ID                0000000000000000 / 0
    CKA_MODULUS           0000000000000000 / 256
    CKA_PUBLIC_EXPONENT   0000000000000000 / 3
Returned:  0 CKR_OK

10: C_FindObjects
2014-01-28 03:26:42.354
[in] hSession = 0x3c60002
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x0
Returned:  0 CKR_OK

11: C_FindObjectsFinal
2014-01-28 03:26:42.354
[in] hSession = 0x3c60002
Returned:  0 CKR_OK

12: C_Finalize
2014-01-28 03:26:42.354
Returned:  0 CKR_OK

Log from   pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/pkcs11-spy.so -

*************** OpenSC PKCS#11 spy *****************
Loaded: "/usr/lib/libeTPkcs11.so"

0: C_GetFunctionList
2014-01-28 04:00:43.576
Returned:  0 CKR_OK

1: C_Initialize
2014-01-28 04:00:43.576
[in] pInitArgs = (nil)
Returned:  0 CKR_OK

2: C_GetSlotList
2014-01-28 04:00:43.577
[in] tokenPresent = 0x0
[out] pSlotList: 
Count is 6
[out] *pulCount = 0x6
Returned:  0 CKR_OK

3: C_GetSlotList
2014-01-28 04:00:43.577
[in] tokenPresent = 0x0
[out] pSlotList: 
Slot 0
Slot 1
Slot 2
Slot 3
Slot 4
Slot 5
[out] *pulCount = 0x6
Returned:  0 CKR_OK

4: C_GetSlotInfo
2014-01-28 04:00:43.577
[in] slotID = 0x0
[out] pInfo: 
      slotDescription:        'AKS ifdh [Main Interface] 00 00 '
                              '                                '
      manufacturerID:         'SafeNet, Inc.                   '
      hardwareVersion:         1.0
      firmwareVersion:         0.0
      flags:                   7
        CKF_TOKEN_PRESENT                
        CKF_REMOVABLE_DEVICE             
        CKF_HW_SLOT                      
Returned:  0 CKR_OK

5: C_OpenSession
2014-01-28 04:00:43.578
[in] slotID = 0x0
[in] flags = 0x4
pApplication=(nil)
Notify=(nil)
[out] *phSession = 0x5670001
Returned:  0 CKR_OK

6: C_FindObjectsInit
2014-01-28 04:00:43.578
[in] hSession = 0x5670001
[in] pTemplate[0]: 
Returned:  0 CKR_OK

7: C_FindObjects
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 0x3c60002 matches
Returned:  0 CKR_OK

8: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_CLASS             00007fff3bd35a58 / 8
[out] pTemplate[1]: 
    CKA_CLASS             CKO_PRIVATE_KEY      
Returned:  0 CKR_OK

9: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_KEY_TYPE          00007fff3bd35a58 / 8
[out] pTemplate[1]: 
    CKA_KEY_TYPE          CKK_RSA            
Returned:  0 CKR_OK

10: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_CLASS             00007fff3bd35a58 / 8
[out] pTemplate[1]: 
    CKA_CLASS             CKO_PRIVATE_KEY      
Returned:  0 CKR_OK

11: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_LABEL             0000000000000000 / 0
[out] pTemplate[1]: 
    CKA_LABEL             0000000000000000 / 0
Returned:  0 CKR_OK

12: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_LABEL             0000000000bb14b0 / 0
[out] pTemplate[1]: 
    CKA_LABEL             0000000000bb14b0 / 0
Returned:  0 CKR_OK

13: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_ID                0000000000000000 / 0
[out] pTemplate[1]: 
    CKA_ID                0000000000000000 / 0
Returned:  0 CKR_OK

14: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_ID                0000000000bb14b0 / 0
[out] pTemplate[1]: 
    CKA_ID                0000000000bb14b0 / 0
Returned:  0 CKR_OK

15: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_DECRYPT           00007fff3bd35a5f / 1
[out] pTemplate[1]: 
    CKA_DECRYPT           True
Returned:  0 CKR_OK

16: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_SIGN              00007fff3bd35a5f / 1
[out] pTemplate[1]: 
    CKA_SIGN              True
Returned:  0 CKR_OK

17: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_? (0x80000001)    00007fff3bd35ab7 / 1
[out] pTemplate[1]: 
    CKA_? (0x80000001)    00007fff3bd35ab7 / 8
Returned:  0 CKR_OK

18: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_UNWRAP            00007fff3bd35a5f / 1
[out] pTemplate[1]: 
    CKA_UNWRAP            True
Returned:  0 CKR_OK

19: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_DERIVE            00007fff3bd35ab7 / 1
[out] pTemplate[1]: 
    CKA_DERIVE            False
Returned:  0 CKR_OK

20: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]: 
    CKA_ALWAYS_AUTHENTICATE  00007fff3bd35a5f / 1
[out] pTemplate[1]: 
    CKA_ALWAYS_AUTHENTICATE  False
Returned:  0 CKR_OK

21: C_FindObjects
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 0x8690003 matches
Returned:  0 CKR_OK

22: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_CLASS             00007fff3bd35a58 / 8
[out] pTemplate[1]: 
    CKA_CLASS             CKO_PUBLIC_KEY       
Returned:  0 CKR_OK

23: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_KEY_TYPE          00007fff3bd35a58 / 8
[out] pTemplate[1]: 
    CKA_KEY_TYPE          CKK_RSA            
Returned:  0 CKR_OK

24: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_CLASS             00007fff3bd35a58 / 8
[out] pTemplate[1]: 
    CKA_CLASS             CKO_PUBLIC_KEY       
Returned:  0 CKR_OK

25: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_MODULUS_BITS      00007fff3bd35a58 / 8
[out] pTemplate[1]: 
    CKA_MODULUS_BITS      00007fff3bd35a58 / 8
    00000000  00 08 00 00 00 00 00 00                          ........        
Returned:  0 CKR_OK

26: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_LABEL             0000000000000000 / 0
[out] pTemplate[1]: 
    CKA_LABEL             0000000000000000 / 0
Returned:  0 CKR_OK

27: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_LABEL             0000000000bb14d0 / 0
[out] pTemplate[1]: 
    CKA_LABEL             0000000000bb14d0 / 0
Returned:  0 CKR_OK

28: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_ID                0000000000000000 / 0
[out] pTemplate[1]: 
    CKA_ID                0000000000000000 / 0
Returned:  0 CKR_OK

29: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_ID                0000000000bb14d0 / 0
[out] pTemplate[1]: 
    CKA_ID                0000000000bb14d0 / 0
Returned:  0 CKR_OK

30: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_ENCRYPT           00007fff3bd35ab7 / 1
[out] pTemplate[1]: 
    CKA_ENCRYPT           True
Returned:  0 CKR_OK

31: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_VERIFY            00007fff3bd35ab7 / 1
[out] pTemplate[1]: 
    CKA_VERIFY            True
Returned:  0 CKR_OK

32: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]: 
    CKA_WRAP              00007fff3bd35ab7 / 1
[out] pTemplate[1]: 
    CKA_WRAP              True
Returned:  0 CKR_OK

33: C_FindObjects
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 0x8730004 matches
Returned:  0 CKR_OK

34: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]: 
    CKA_CLASS             00007fff3bd35a58 / 8
[out] pTemplate[1]: 
    CKA_CLASS             CKO_CERTIFICATE      
Returned:  0 CKR_OK

35: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]: 
    CKA_CERTIFICATE_TYPE  00007fff3bd35ab8 / 8
[out] pTemplate[1]: 
    CKA_CERTIFICATE_TYPE  CKC_X_509
Returned:  0 CKR_OK

36: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]: 
    CKA_LABEL             0000000000000000 / 0
[out] pTemplate[1]: 
    CKA_LABEL             0000000000000000 / 0
Returned:  0 CKR_OK

37: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]: 
    CKA_LABEL             0000000000bb14f0 / 0
[out] pTemplate[1]: 
    CKA_LABEL             0000000000bb14f0 / 0
Returned:  0 CKR_OK

38: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]: 
    CKA_ID                0000000000000000 / 0
[out] pTemplate[1]: 
    CKA_ID                0000000000000000 / 0
Returned:  0 CKR_OK

39: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]: 
    CKA_ID                0000000000bb14f0 / 0
[out] pTemplate[1]: 
    CKA_ID                0000000000bb14f0 / 0
Returned:  0 CKR_OK

40: C_FindObjects
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x0
Returned:  0 CKR_OK

41: C_FindObjectsFinal
2014-01-28 04:00:43.583
[in] hSession = 0x5670001
Returned:  0 CKR_OK

42: C_CloseSession
2014-01-28 04:00:43.583
[in] hSession = 0x5670001
Returned:  0 CKR_OK

43: C_Finalize
2014-01-28 04:00:43.583
Returned:  0 CKR_OK


log from ssh

OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.1.1.1 [192.1.1.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescription <SafeNet eToken PKCS#11> libraryVersion 8.3
debug1: label <mToken2> manufacturerID <SafeNet, Inc.> model <eToken> serial <01db04cc> flags 0x601
no keys



More information about the openssh-unix-dev mailing list