safenet eToken 5100 pkcs11 bug(?)

Markus Friedl mfriedl at gmail.com
Thu Jan 30 06:46:20 EST 2014


please try the current snapshot

Am 28.01.2014 um 15:02 schrieb Martin Meduna <cybermedi at yahoo.com>:

> Guys, I am not able to get it run. I can not say where is the problem but it seams that the openssh client is not able to get list of rsa key from token. See two logs from pkcs11-spy. one is for "ssh  -I" the second is for "pkcs11-tool -O"
> In the second log there is private_key visible or offered in the first one is not. 
> I use openssh 6.4 version on Linux or Mac.
> 
> 
> Log from ssh -I
> 0: C_GetFunctionList
> 2014-01-28 03:26:42.350
> Returned:  0 CKR_OK
> 
> 1: C_Initialize
> 2014-01-28 03:26:42.351
> [in] pInitArgs = (nil)
> Returned:  0 CKR_OK
> 
> 2: C_GetInfo
> 2014-01-28 03:26:42.352
> [out] pInfo: 
>      cryptokiVersion:         2.20
>      manufacturerID:         'SafeNet, Inc.                   '
>      flags:                   0
>      libraryDescription:     'SafeNet eToken PKCS#11          '
>      libraryVersion:          8.3
> Returned:  0 CKR_OK
> 
> 3: C_GetSlotList
> 2014-01-28 03:26:42.352
> [in] tokenPresent = 0x1
> [out] pSlotList: 
> Count is 1
> [out] *pulCount = 0x1
> Returned:  0 CKR_OK
> 
> 4: C_GetSlotList
> 2014-01-28 03:26:42.352
> [in] tokenPresent = 0x1
> [out] pSlotList: 
> Slot 0
> [out] *pulCount = 0x1
> Returned:  0 CKR_OK
> 
> 5: C_GetTokenInfo
> 2014-01-28 03:26:42.352
> [in] slotID = 0x0
> [out] pInfo: 
>      label:                  'mToken2                         '
>      manufacturerID:         'SafeNet, Inc.                   '
>      model:                  'eToken          '
>      serialNumber:           '01db04cc        '
>      ulMaxSessionCount:       0
>      ulSessionCount:          0
>      ulMaxRwSessionCount:     0
>      ulRwSessionCount:        0
>      ulMaxPinLen:             0
>      ulMinPinLen:             0
>      ulTotalPublicMemory:     73728
>      ulFreePublicMemory:      54312
>      ulTotalPrivateMemory:    73728
>      ulFreePrivateMemory:     54312
>      hardwareVersion:         8.0
>      firmwareVersion:         1.0
>      time:                   '                '
>      flags:                   601
>        CKF_RNG                          
>        CKF_DUAL_CRYPTO_OPERATIONS       
>        CKF_TOKEN_INITIALIZED            
> Returned:  0 CKR_OK
> 
> 6: C_OpenSession
> 2014-01-28 03:26:42.353
> [in] slotID = 0x0
> [in] flags = 0x6
> pApplication=(nil)
> Notify=(nil)
> [out] *phSession = 0x3c60002
> Returned:  0 CKR_OK
> 
> 7: C_FindObjectsInit
> 2014-01-28 03:26:42.353
> [in] hSession = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_CLASS             CKO_PUBLIC_KEY       
> Returned:  0 CKR_OK
> 
> 8: C_FindObjects
> 2014-01-28 03:26:42.353
> [in] hSession = 0x3c60002
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x1
> Object 0x8690003 matches
> Returned:  0 CKR_OK
> 
> 9: C_GetAttributeValue
> 2014-01-28 03:26:42.353
> [in] hSession = 0x3c60002
> [in] hObject = 0x8690003
> [in] pTemplate[3]: 
>    CKA_ID                0000000000000000 / 0
>    CKA_MODULUS           0000000000000000 / 0
>    CKA_PUBLIC_EXPONENT   0000000000000000 / 0
> [out] pTemplate[3]: 
>    CKA_ID                0000000000000000 / 0
>    CKA_MODULUS           0000000000000000 / 256
>    CKA_PUBLIC_EXPONENT   0000000000000000 / 3
> Returned:  0 CKR_OK
> 
> 10: C_FindObjects
> 2014-01-28 03:26:42.354
> [in] hSession = 0x3c60002
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x0
> Returned:  0 CKR_OK
> 
> 11: C_FindObjectsFinal
> 2014-01-28 03:26:42.354
> [in] hSession = 0x3c60002
> Returned:  0 CKR_OK
> 
> 12: C_Finalize
> 2014-01-28 03:26:42.354
> Returned:  0 CKR_OK
> 
> Log from   pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/pkcs11-spy.so -
> 
> *************** OpenSC PKCS#11 spy *****************
> Loaded: "/usr/lib/libeTPkcs11.so"
> 
> 0: C_GetFunctionList
> 2014-01-28 04:00:43.576
> Returned:  0 CKR_OK
> 
> 1: C_Initialize
> 2014-01-28 04:00:43.576
> [in] pInitArgs = (nil)
> Returned:  0 CKR_OK
> 
> 2: C_GetSlotList
> 2014-01-28 04:00:43.577
> [in] tokenPresent = 0x0
> [out] pSlotList: 
> Count is 6
> [out] *pulCount = 0x6
> Returned:  0 CKR_OK
> 
> 3: C_GetSlotList
> 2014-01-28 04:00:43.577
> [in] tokenPresent = 0x0
> [out] pSlotList: 
> Slot 0
> Slot 1
> Slot 2
> Slot 3
> Slot 4
> Slot 5
> [out] *pulCount = 0x6
> Returned:  0 CKR_OK
> 
> 4: C_GetSlotInfo
> 2014-01-28 04:00:43.577
> [in] slotID = 0x0
> [out] pInfo: 
>      slotDescription:        'AKS ifdh [Main Interface] 00 00 '
>                              '                                '
>      manufacturerID:         'SafeNet, Inc.                   '
>      hardwareVersion:         1.0
>      firmwareVersion:         0.0
>      flags:                   7
>        CKF_TOKEN_PRESENT                
>        CKF_REMOVABLE_DEVICE             
>        CKF_HW_SLOT                      
> Returned:  0 CKR_OK
> 
> 5: C_OpenSession
> 2014-01-28 04:00:43.578
> [in] slotID = 0x0
> [in] flags = 0x4
> pApplication=(nil)
> Notify=(nil)
> [out] *phSession = 0x5670001
> Returned:  0 CKR_OK
> 
> 6: C_FindObjectsInit
> 2014-01-28 04:00:43.578
> [in] hSession = 0x5670001
> [in] pTemplate[0]: 
> Returned:  0 CKR_OK
> 
> 7: C_FindObjects
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x1
> Object 0x3c60002 matches
> Returned:  0 CKR_OK
> 
> 8: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_CLASS             00007fff3bd35a58 / 8
> [out] pTemplate[1]: 
>    CKA_CLASS             CKO_PRIVATE_KEY      
> Returned:  0 CKR_OK
> 
> 9: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_KEY_TYPE          00007fff3bd35a58 / 8
> [out] pTemplate[1]: 
>    CKA_KEY_TYPE          CKK_RSA            
> Returned:  0 CKR_OK
> 
> 10: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_CLASS             00007fff3bd35a58 / 8
> [out] pTemplate[1]: 
>    CKA_CLASS             CKO_PRIVATE_KEY      
> Returned:  0 CKR_OK
> 
> 11: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_LABEL             0000000000000000 / 0
> [out] pTemplate[1]: 
>    CKA_LABEL             0000000000000000 / 0
> Returned:  0 CKR_OK
> 
> 12: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_LABEL             0000000000bb14b0 / 0
> [out] pTemplate[1]: 
>    CKA_LABEL             0000000000bb14b0 / 0
> Returned:  0 CKR_OK
> 
> 13: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_ID                0000000000000000 / 0
> [out] pTemplate[1]: 
>    CKA_ID                0000000000000000 / 0
> Returned:  0 CKR_OK
> 
> 14: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_ID                0000000000bb14b0 / 0
> [out] pTemplate[1]: 
>    CKA_ID                0000000000bb14b0 / 0
> Returned:  0 CKR_OK
> 
> 15: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_DECRYPT           00007fff3bd35a5f / 1
> [out] pTemplate[1]: 
>    CKA_DECRYPT           True
> Returned:  0 CKR_OK
> 
> 16: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_SIGN              00007fff3bd35a5f / 1
> [out] pTemplate[1]: 
>    CKA_SIGN              True
> Returned:  0 CKR_OK
> 
> 17: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_? (0x80000001)    00007fff3bd35ab7 / 1
> [out] pTemplate[1]: 
>    CKA_? (0x80000001)    00007fff3bd35ab7 / 8
> Returned:  0 CKR_OK
> 
> 18: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_UNWRAP            00007fff3bd35a5f / 1
> [out] pTemplate[1]: 
>    CKA_UNWRAP            True
> Returned:  0 CKR_OK
> 
> 19: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_DERIVE            00007fff3bd35ab7 / 1
> [out] pTemplate[1]: 
>    CKA_DERIVE            False
> Returned:  0 CKR_OK
> 
> 20: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]: 
>    CKA_ALWAYS_AUTHENTICATE  00007fff3bd35a5f / 1
> [out] pTemplate[1]: 
>    CKA_ALWAYS_AUTHENTICATE  False
> Returned:  0 CKR_OK
> 
> 21: C_FindObjects
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x1
> Object 0x8690003 matches
> Returned:  0 CKR_OK
> 
> 22: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_CLASS             00007fff3bd35a58 / 8
> [out] pTemplate[1]: 
>    CKA_CLASS             CKO_PUBLIC_KEY       
> Returned:  0 CKR_OK
> 
> 23: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_KEY_TYPE          00007fff3bd35a58 / 8
> [out] pTemplate[1]: 
>    CKA_KEY_TYPE          CKK_RSA            
> Returned:  0 CKR_OK
> 
> 24: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_CLASS             00007fff3bd35a58 / 8
> [out] pTemplate[1]: 
>    CKA_CLASS             CKO_PUBLIC_KEY       
> Returned:  0 CKR_OK
> 
> 25: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_MODULUS_BITS      00007fff3bd35a58 / 8
> [out] pTemplate[1]: 
>    CKA_MODULUS_BITS      00007fff3bd35a58 / 8
>    00000000  00 08 00 00 00 00 00 00                          ........        
> Returned:  0 CKR_OK
> 
> 26: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_LABEL             0000000000000000 / 0
> [out] pTemplate[1]: 
>    CKA_LABEL             0000000000000000 / 0
> Returned:  0 CKR_OK
> 
> 27: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_LABEL             0000000000bb14d0 / 0
> [out] pTemplate[1]: 
>    CKA_LABEL             0000000000bb14d0 / 0
> Returned:  0 CKR_OK
> 
> 28: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_ID                0000000000000000 / 0
> [out] pTemplate[1]: 
>    CKA_ID                0000000000000000 / 0
> Returned:  0 CKR_OK
> 
> 29: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_ID                0000000000bb14d0 / 0
> [out] pTemplate[1]: 
>    CKA_ID                0000000000bb14d0 / 0
> Returned:  0 CKR_OK
> 
> 30: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_ENCRYPT           00007fff3bd35ab7 / 1
> [out] pTemplate[1]: 
>    CKA_ENCRYPT           True
> Returned:  0 CKR_OK
> 
> 31: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_VERIFY            00007fff3bd35ab7 / 1
> [out] pTemplate[1]: 
>    CKA_VERIFY            True
> Returned:  0 CKR_OK
> 
> 32: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]: 
>    CKA_WRAP              00007fff3bd35ab7 / 1
> [out] pTemplate[1]: 
>    CKA_WRAP              True
> Returned:  0 CKR_OK
> 
> 33: C_FindObjects
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x1
> Object 0x8730004 matches
> Returned:  0 CKR_OK
> 
> 34: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]: 
>    CKA_CLASS             00007fff3bd35a58 / 8
> [out] pTemplate[1]: 
>    CKA_CLASS             CKO_CERTIFICATE      
> Returned:  0 CKR_OK
> 
> 35: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]: 
>    CKA_CERTIFICATE_TYPE  00007fff3bd35ab8 / 8
> [out] pTemplate[1]: 
>    CKA_CERTIFICATE_TYPE  CKC_X_509
> Returned:  0 CKR_OK
> 
> 36: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]: 
>    CKA_LABEL             0000000000000000 / 0
> [out] pTemplate[1]: 
>    CKA_LABEL             0000000000000000 / 0
> Returned:  0 CKR_OK
> 
> 37: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]: 
>    CKA_LABEL             0000000000bb14f0 / 0
> [out] pTemplate[1]: 
>    CKA_LABEL             0000000000bb14f0 / 0
> Returned:  0 CKR_OK
> 
> 38: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]: 
>    CKA_ID                0000000000000000 / 0
> [out] pTemplate[1]: 
>    CKA_ID                0000000000000000 / 0
> Returned:  0 CKR_OK
> 
> 39: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]: 
>    CKA_ID                0000000000bb14f0 / 0
> [out] pTemplate[1]: 
>    CKA_ID                0000000000bb14f0 / 0
> Returned:  0 CKR_OK
> 
> 40: C_FindObjects
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x0
> Returned:  0 CKR_OK
> 
> 41: C_FindObjectsFinal
> 2014-01-28 04:00:43.583
> [in] hSession = 0x5670001
> Returned:  0 CKR_OK
> 
> 42: C_CloseSession
> 2014-01-28 04:00:43.583
> [in] hSession = 0x5670001
> Returned:  0 CKR_OK
> 
> 43: C_Finalize
> 2014-01-28 04:00:43.583
> Returned:  0 CKR_OK
> 
> 
> log from ssh
> 
> OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to 192.1.1.1 [192.1.1.1] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescription <SafeNet eToken PKCS#11> libraryVersion 8.3
> debug1: label <mToken2> manufacturerID <SafeNet, Inc.> model <eToken> serial <01db04cc> flags 0x601
> no keys
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list