-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 1.3.7
-
Fix Version/s: 1.3.8rc1
-
Component/s: PKCS#11 Interface
-
Labels:None
Fix CKU_CONTEXT_SPECIFIC and CKR_OPERATION_NOT_INITIALIZED
This usage scenario is not implemented in e.g. C_SignInit(). PKCS#11 says that CKR_OPERATION_NOT_INITIALIZED is the proper return value. SoftHSMv1 is not doing anything with this user type, if we want to be strict then SoftHSMv1 should also return this value.
Fix CKR_USER_ALREADY_LOGGED_IN
This is just an order of evaluation. This can differ between HSM:s. Both are doing the same checks but in different order. Except that SoftHSMv1 is not checking if the given user is already logged in, CKR_USER_ALREADY_LOGGED_IN.
CKF_DUAL_CRYPTO_OPERATIONS
The tests for SoftHSMv1 are using two different sessions, but the code in SoftHSMv1 is not checking if other crypto operations are active. The different crypto operations are not using the same resources within the session. Are you just using one session in your code?
SoftHSMv2 only allows one active crypto operation per session. This is because the crypto operations are using the same resources within the session.
See the definition for CKR_OPERATION_ACTIVE. You could check for the flag CKF_DUAL_CRYPTO_OPERATIONS but that is not set in non of the versions. SoftHSMv1 could have that one set if we want.