safenet eToken 5100 pkcs11 bug(?)
Markus Friedl
mfriedl at gmail.com
Thu Jan 30 06:46:20 EST 2014
please try the current snapshot
Am 28.01.2014 um 15:02 schrieb Martin Meduna <cybermedi at yahoo.com>:
> Guys, I am not able to get it run. I can not say where is the problem but it seams that the openssh client is not able to get list of rsa key from token. See two logs from pkcs11-spy. one is for "ssh -I" the second is for "pkcs11-tool -O"
> In the second log there is private_key visible or offered in the first one is not.
> I use openssh 6.4 version on Linux or Mac.
>
>
> Log from ssh -I
> 0: C_GetFunctionList
> 2014-01-28 03:26:42.350
> Returned: 0 CKR_OK
>
> 1: C_Initialize
> 2014-01-28 03:26:42.351
> [in] pInitArgs = (nil)
> Returned: 0 CKR_OK
>
> 2: C_GetInfo
> 2014-01-28 03:26:42.352
> [out] pInfo:
> cryptokiVersion: 2.20
> manufacturerID: 'SafeNet, Inc. '
> flags: 0
> libraryDescription: 'SafeNet eToken PKCS#11 '
> libraryVersion: 8.3
> Returned: 0 CKR_OK
>
> 3: C_GetSlotList
> 2014-01-28 03:26:42.352
> [in] tokenPresent = 0x1
> [out] pSlotList:
> Count is 1
> [out] *pulCount = 0x1
> Returned: 0 CKR_OK
>
> 4: C_GetSlotList
> 2014-01-28 03:26:42.352
> [in] tokenPresent = 0x1
> [out] pSlotList:
> Slot 0
> [out] *pulCount = 0x1
> Returned: 0 CKR_OK
>
> 5: C_GetTokenInfo
> 2014-01-28 03:26:42.352
> [in] slotID = 0x0
> [out] pInfo:
> label: 'mToken2 '
> manufacturerID: 'SafeNet, Inc. '
> model: 'eToken '
> serialNumber: '01db04cc '
> ulMaxSessionCount: 0
> ulSessionCount: 0
> ulMaxRwSessionCount: 0
> ulRwSessionCount: 0
> ulMaxPinLen: 0
> ulMinPinLen: 0
> ulTotalPublicMemory: 73728
> ulFreePublicMemory: 54312
> ulTotalPrivateMemory: 73728
> ulFreePrivateMemory: 54312
> hardwareVersion: 8.0
> firmwareVersion: 1.0
> time: ' '
> flags: 601
> CKF_RNG
> CKF_DUAL_CRYPTO_OPERATIONS
> CKF_TOKEN_INITIALIZED
> Returned: 0 CKR_OK
>
> 6: C_OpenSession
> 2014-01-28 03:26:42.353
> [in] slotID = 0x0
> [in] flags = 0x6
> pApplication=(nil)
> Notify=(nil)
> [out] *phSession = 0x3c60002
> Returned: 0 CKR_OK
>
> 7: C_FindObjectsInit
> 2014-01-28 03:26:42.353
> [in] hSession = 0x3c60002
> [in] pTemplate[1]:
> CKA_CLASS CKO_PUBLIC_KEY
> Returned: 0 CKR_OK
>
> 8: C_FindObjects
> 2014-01-28 03:26:42.353
> [in] hSession = 0x3c60002
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x1
> Object 0x8690003 matches
> Returned: 0 CKR_OK
>
> 9: C_GetAttributeValue
> 2014-01-28 03:26:42.353
> [in] hSession = 0x3c60002
> [in] hObject = 0x8690003
> [in] pTemplate[3]:
> CKA_ID 0000000000000000 / 0
> CKA_MODULUS 0000000000000000 / 0
> CKA_PUBLIC_EXPONENT 0000000000000000 / 0
> [out] pTemplate[3]:
> CKA_ID 0000000000000000 / 0
> CKA_MODULUS 0000000000000000 / 256
> CKA_PUBLIC_EXPONENT 0000000000000000 / 3
> Returned: 0 CKR_OK
>
> 10: C_FindObjects
> 2014-01-28 03:26:42.354
> [in] hSession = 0x3c60002
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x0
> Returned: 0 CKR_OK
>
> 11: C_FindObjectsFinal
> 2014-01-28 03:26:42.354
> [in] hSession = 0x3c60002
> Returned: 0 CKR_OK
>
> 12: C_Finalize
> 2014-01-28 03:26:42.354
> Returned: 0 CKR_OK
>
> Log from pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/pkcs11-spy.so -
>
> *************** OpenSC PKCS#11 spy *****************
> Loaded: "/usr/lib/libeTPkcs11.so"
>
> 0: C_GetFunctionList
> 2014-01-28 04:00:43.576
> Returned: 0 CKR_OK
>
> 1: C_Initialize
> 2014-01-28 04:00:43.576
> [in] pInitArgs = (nil)
> Returned: 0 CKR_OK
>
> 2: C_GetSlotList
> 2014-01-28 04:00:43.577
> [in] tokenPresent = 0x0
> [out] pSlotList:
> Count is 6
> [out] *pulCount = 0x6
> Returned: 0 CKR_OK
>
> 3: C_GetSlotList
> 2014-01-28 04:00:43.577
> [in] tokenPresent = 0x0
> [out] pSlotList:
> Slot 0
> Slot 1
> Slot 2
> Slot 3
> Slot 4
> Slot 5
> [out] *pulCount = 0x6
> Returned: 0 CKR_OK
>
> 4: C_GetSlotInfo
> 2014-01-28 04:00:43.577
> [in] slotID = 0x0
> [out] pInfo:
> slotDescription: 'AKS ifdh [Main Interface] 00 00 '
> ' '
> manufacturerID: 'SafeNet, Inc. '
> hardwareVersion: 1.0
> firmwareVersion: 0.0
> flags: 7
> CKF_TOKEN_PRESENT
> CKF_REMOVABLE_DEVICE
> CKF_HW_SLOT
> Returned: 0 CKR_OK
>
> 5: C_OpenSession
> 2014-01-28 04:00:43.578
> [in] slotID = 0x0
> [in] flags = 0x4
> pApplication=(nil)
> Notify=(nil)
> [out] *phSession = 0x5670001
> Returned: 0 CKR_OK
>
> 6: C_FindObjectsInit
> 2014-01-28 04:00:43.578
> [in] hSession = 0x5670001
> [in] pTemplate[0]:
> Returned: 0 CKR_OK
>
> 7: C_FindObjects
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x1
> Object 0x3c60002 matches
> Returned: 0 CKR_OK
>
> 8: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_CLASS 00007fff3bd35a58 / 8
> [out] pTemplate[1]:
> CKA_CLASS CKO_PRIVATE_KEY
> Returned: 0 CKR_OK
>
> 9: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_KEY_TYPE 00007fff3bd35a58 / 8
> [out] pTemplate[1]:
> CKA_KEY_TYPE CKK_RSA
> Returned: 0 CKR_OK
>
> 10: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_CLASS 00007fff3bd35a58 / 8
> [out] pTemplate[1]:
> CKA_CLASS CKO_PRIVATE_KEY
> Returned: 0 CKR_OK
>
> 11: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_LABEL 0000000000000000 / 0
> [out] pTemplate[1]:
> CKA_LABEL 0000000000000000 / 0
> Returned: 0 CKR_OK
>
> 12: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_LABEL 0000000000bb14b0 / 0
> [out] pTemplate[1]:
> CKA_LABEL 0000000000bb14b0 / 0
> Returned: 0 CKR_OK
>
> 13: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_ID 0000000000000000 / 0
> [out] pTemplate[1]:
> CKA_ID 0000000000000000 / 0
> Returned: 0 CKR_OK
>
> 14: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_ID 0000000000bb14b0 / 0
> [out] pTemplate[1]:
> CKA_ID 0000000000bb14b0 / 0
> Returned: 0 CKR_OK
>
> 15: C_GetAttributeValue
> 2014-01-28 04:00:43.579
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_DECRYPT 00007fff3bd35a5f / 1
> [out] pTemplate[1]:
> CKA_DECRYPT True
> Returned: 0 CKR_OK
>
> 16: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_SIGN 00007fff3bd35a5f / 1
> [out] pTemplate[1]:
> CKA_SIGN True
> Returned: 0 CKR_OK
>
> 17: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_? (0x80000001) 00007fff3bd35ab7 / 1
> [out] pTemplate[1]:
> CKA_? (0x80000001) 00007fff3bd35ab7 / 8
> Returned: 0 CKR_OK
>
> 18: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_UNWRAP 00007fff3bd35a5f / 1
> [out] pTemplate[1]:
> CKA_UNWRAP True
> Returned: 0 CKR_OK
>
> 19: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_DERIVE 00007fff3bd35ab7 / 1
> [out] pTemplate[1]:
> CKA_DERIVE False
> Returned: 0 CKR_OK
>
> 20: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x3c60002
> [in] pTemplate[1]:
> CKA_ALWAYS_AUTHENTICATE 00007fff3bd35a5f / 1
> [out] pTemplate[1]:
> CKA_ALWAYS_AUTHENTICATE False
> Returned: 0 CKR_OK
>
> 21: C_FindObjects
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x1
> Object 0x8690003 matches
> Returned: 0 CKR_OK
>
> 22: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_CLASS 00007fff3bd35a58 / 8
> [out] pTemplate[1]:
> CKA_CLASS CKO_PUBLIC_KEY
> Returned: 0 CKR_OK
>
> 23: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_KEY_TYPE 00007fff3bd35a58 / 8
> [out] pTemplate[1]:
> CKA_KEY_TYPE CKK_RSA
> Returned: 0 CKR_OK
>
> 24: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_CLASS 00007fff3bd35a58 / 8
> [out] pTemplate[1]:
> CKA_CLASS CKO_PUBLIC_KEY
> Returned: 0 CKR_OK
>
> 25: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_MODULUS_BITS 00007fff3bd35a58 / 8
> [out] pTemplate[1]:
> CKA_MODULUS_BITS 00007fff3bd35a58 / 8
> 00000000 00 08 00 00 00 00 00 00 ........
> Returned: 0 CKR_OK
>
> 26: C_GetAttributeValue
> 2014-01-28 04:00:43.580
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_LABEL 0000000000000000 / 0
> [out] pTemplate[1]:
> CKA_LABEL 0000000000000000 / 0
> Returned: 0 CKR_OK
>
> 27: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_LABEL 0000000000bb14d0 / 0
> [out] pTemplate[1]:
> CKA_LABEL 0000000000bb14d0 / 0
> Returned: 0 CKR_OK
>
> 28: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_ID 0000000000000000 / 0
> [out] pTemplate[1]:
> CKA_ID 0000000000000000 / 0
> Returned: 0 CKR_OK
>
> 29: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_ID 0000000000bb14d0 / 0
> [out] pTemplate[1]:
> CKA_ID 0000000000bb14d0 / 0
> Returned: 0 CKR_OK
>
> 30: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_ENCRYPT 00007fff3bd35ab7 / 1
> [out] pTemplate[1]:
> CKA_ENCRYPT True
> Returned: 0 CKR_OK
>
> 31: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_VERIFY 00007fff3bd35ab7 / 1
> [out] pTemplate[1]:
> CKA_VERIFY True
> Returned: 0 CKR_OK
>
> 32: C_GetAttributeValue
> 2014-01-28 04:00:43.581
> [in] hSession = 0x5670001
> [in] hObject = 0x8690003
> [in] pTemplate[1]:
> CKA_WRAP 00007fff3bd35ab7 / 1
> [out] pTemplate[1]:
> CKA_WRAP True
> Returned: 0 CKR_OK
>
> 33: C_FindObjects
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x1
> Object 0x8730004 matches
> Returned: 0 CKR_OK
>
> 34: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]:
> CKA_CLASS 00007fff3bd35a58 / 8
> [out] pTemplate[1]:
> CKA_CLASS CKO_CERTIFICATE
> Returned: 0 CKR_OK
>
> 35: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]:
> CKA_CERTIFICATE_TYPE 00007fff3bd35ab8 / 8
> [out] pTemplate[1]:
> CKA_CERTIFICATE_TYPE CKC_X_509
> Returned: 0 CKR_OK
>
> 36: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]:
> CKA_LABEL 0000000000000000 / 0
> [out] pTemplate[1]:
> CKA_LABEL 0000000000000000 / 0
> Returned: 0 CKR_OK
>
> 37: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]:
> CKA_LABEL 0000000000bb14f0 / 0
> [out] pTemplate[1]:
> CKA_LABEL 0000000000bb14f0 / 0
> Returned: 0 CKR_OK
>
> 38: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]:
> CKA_ID 0000000000000000 / 0
> [out] pTemplate[1]:
> CKA_ID 0000000000000000 / 0
> Returned: 0 CKR_OK
>
> 39: C_GetAttributeValue
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] hObject = 0x8730004
> [in] pTemplate[1]:
> CKA_ID 0000000000bb14f0 / 0
> [out] pTemplate[1]:
> CKA_ID 0000000000bb14f0 / 0
> Returned: 0 CKR_OK
>
> 40: C_FindObjects
> 2014-01-28 04:00:43.582
> [in] hSession = 0x5670001
> [in] ulMaxObjectCount = 0x1
> [out] ulObjectCount = 0x0
> Returned: 0 CKR_OK
>
> 41: C_FindObjectsFinal
> 2014-01-28 04:00:43.583
> [in] hSession = 0x5670001
> Returned: 0 CKR_OK
>
> 42: C_CloseSession
> 2014-01-28 04:00:43.583
> [in] hSession = 0x5670001
> Returned: 0 CKR_OK
>
> 43: C_Finalize
> 2014-01-28 04:00:43.583
> Returned: 0 CKR_OK
>
>
> log from ssh
>
> OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to 192.1.1.1 [192.1.1.1] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescription <SafeNet eToken PKCS#11> libraryVersion 8.3
> debug1: label <mToken2> manufacturerID <SafeNet, Inc.> model <eToken> serial <01db04cc> flags 0x601
> no keys
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list