Can't load token using partition information

[paulmgtech]

Hi,

I am using Cavium PCIe card for my HSM implementation.

I can't load token using:
CE.InitToken(INITSLOT, SO_PIN, "PARTITION_2".getBytes());

It's throwing below error:
11:49:23.743 [main] DEBUG com.hsm.rest.pkcs11.jacknji11.C - > C_InitToken slotID=1 pin=*** label="PARTITION_2 "
11:49:23.747 [main] DEBUG com.hsm.rest.pkcs11.jacknji11.C - < C_InitToken rv=0x00000007{ARGUMENTS_BAD}
Exception in thread "main" com.hsm.rest.pkcs11.jacknji11.CKRException: 0x00000007: ARGUMENTS_BAD
at com.hsm.rest.pkcs11.jacknji11.CE.InitToken(CE.java:273)
at org.pkcs11.jacknji11.Test.main(Test.java:163)
SDK Version: 2.03
HSM error 4000021c: Invalid Input Data/Params

C_InitToken failed with error CKR_ARGUMENTS_BAD : 0x00000007

can you please clarify that: is my approach correct when load token with specific partition of PCIe HSM card?
If so what I am missing or changes needed?

Many thanks
Paul

cc: @joelhockey , @primetomas

[paulmgtech]

Hi @primetomas
Do you have any idea why above error happened?

[primetomas]

No idea. I don't Init the token using P11 myself, we init the token with the cavium tools and then just use it through JackNJI11.

[paulmgtech]

Hi @primetomas

Thank you so much for your reply.

We have tried with your approach using Cfm2Util tool.
We got session handle using following method:

[root@localhost bin]# ./Cfm2Util -p PARTITION_2
Application is bound to the partition with name: PARTITION_2
SDK Version: 2.03

	Cfm2Initialize() returned app id : 02004000 
 session_handle 2004001 

 Current FIPS mode is: 00000002

And we have passed that same session handle as parameter for OpenSession and Login methods like below:

LongRef sesssionLonRef = new LongRef(0x2004001L);
        CE.OpenSession(INITSLOT, CK_SESSION_INFO.CKF_SERIAL_SESSION 
        		| CK_SESSION_INFO.CKF_RW_SESSION, null, null, sesssionLonRef);

CE.Login(sesssionLonRef.value, CKU.USER, USER_PIN);

We could login using this hard coded method. But it's going to PARTITION_1 only.

We tried a lot by changing other parameters using relevant methods. But nothing helped out.
Do you have any specific suggestion to login into other partition?

Your helps are greatly appreciated. Eagerly awaiting for your reply. :)

Many Thanks
Paul V

[primetomas]

First OpenSession is what gives you the session handle, you can not use an old session handle from another session. Sessions are created and destroyed, and you need to keep track of your sessions.
session = c.OpenSession(id, CK_SESSION_INFO.CKF_RW_SESSION | CK_SESSION_INFO.CKF_SERIAL_SESSION, null, null);

Id is the slotID that you want to open a session to. This is a long, with the slot ID, you can get that from ListSlots (or somewhere from Cavium tools).

PKCS#11 is not easy, and I don't know all details of it myself. You should study the standard specification to get an understanding of how slot IDs, slot labels and sessions work.

Regards,
Tomas

[paulmgtech]

Hi @primetomas,

Thanks for the information. Even I tried to list the slot information. Always it's come as 1 even I have many partitions in PCIe card.

Once again thanks for your guidance. I shall learn more about PKCS#11 as you guided.

Many Thanks
Paul