eID reading with c# PKCS11 wrapper .NET slow when deployed to clients (Citrix/RDP)
505 views
Skip to first unread message
Nick
Oct 23, 2017, 4:47:26 AM10/23/17
to eID Middleware
Hi,
We recently rewrote the eID part in our .NET application using your c# PKCS11 wrapper and the latest middleware.
On our dev. computers (Windows 10) it takes about max. 5 seconds to read all data from the eID-card, which is fine.
But when deploying the software to our clients servers (Citrix or RDP), testing the same code suddenly takes a lot longer (> 20 seconds).
Although the card-reader starts reading immediately and the led stops flashing after a few seconds (same as locally), the code seems to 'freeze' for a longer time on session.FindObjects(50).
We've tested this on multiple server configurations (Win server 2008, 2012, 2012R2,...) and all of them seem to behave more or less the same (maybe a few seconds difference).
I've tried 32bit/64bit/... builds but this made no difference.
Do you have any explanation or fix for this behavior?
The code we are using is pretty standard i think, for example:
...
Dim slotlist As Slot() = m.GetSlotList(True)
If slotlist.Length > 0 Then
Dim slot As Slot = slotlist(0)
Dim session As Session = slot.Token.OpenSession(True)
Dim classAttribute As New ByteArrayAttribute(CKA.CLASS)
classAttribute.Value = BitConverter.GetBytes(CKO.DATA)
session.FindObjectsInit(New P11Attribute() {classAttribute})
Dim foundObjects As P11Object() = session.FindObjects(50)
...
Kind regards,
Nick
We recently rewrote the eID part in our .NET application using your c# PKCS11 wrapper and the latest middleware.
On our dev. computers (Windows 10) it takes about max. 5 seconds to read all data from the eID-card, which is fine.
But when deploying the software to our clients servers (Citrix or RDP), testing the same code suddenly takes a lot longer (> 20 seconds).
Although the card-reader starts reading immediately and the led stops flashing after a few seconds (same as locally), the code seems to 'freeze' for a longer time on session.FindObjects(50).
We've tested this on multiple server configurations (Win server 2008, 2012, 2012R2,...) and all of them seem to behave more or less the same (maybe a few seconds difference).
I've tried 32bit/64bit/... builds but this made no difference.
Do you have any explanation or fix for this behavior?
The code we are using is pretty standard i think, for example:
...
Dim slotlist As Slot() = m.GetSlotList(True)
If slotlist.Length > 0 Then
Dim slot As Slot = slotlist(0)
Dim session As Session = slot.Token.OpenSession(True)
Dim classAttribute As New ByteArrayAttribute(CKA.CLASS)
classAttribute.Value = BitConverter.GetBytes(CKO.DATA)
session.FindObjectsInit(New P11Attribute() {classAttribute})
Dim foundObjects As P11Object() = session.FindObjects(50)
...
Kind regards,
Nick
Frederik Vernelen
Oct 23, 2017, 5:13:55 AM10/23/17
to eid...@googlegroups.com
Hello Nick,
Thank you for your detailed report.
About your observations with the card reader flashes: it is function FindObjectsInit that will trigger reading out the card data if it hasn't been cached yet.
And as you state that the code is freezing in FindObjects, reading out the card data does not seem to be where the error lays (as also confirmed by the card reader flashes).
The function FindObjects actually just fetches the previously read and parsed card data and returns (up to the requested amount of) objects that matches the search criteria.
This function can be (like all our pkcs11 function) protected by a mutex (wheather or not mutexes are used depends on the parameters of the C_initialize function).
Are you accessing our pkcs11 library in multiple threads, and specifying the usage of mutexes in C_initialize ?
A second place in this function that has blocking potential is a pcsc call to check if the card reader status hasn't been changed.
I've been looking into this a bit deeper and this one is likely causing the issue you observe.
"Each member of each structure in this array must be initialized to zero and then set to specific values as necessary. If this is not done, the function will fail in situations that involve remote card readers."
Not all members were initialized to zero, I'll fix that now and provide you with a new pkcs11.dll for testing if you like?
Wkr,
Frederik
--
Je hebt dit bericht ontvangen omdat je bent geabonneerd op de groep "eID Middleware" van Google Discussiegroepen.
Als je je wilt afmelden bij deze groep en geen e-mails van de groep meer wilt ontvangen, stuur je een e-mail naar eid-mw+unsubscribe@googlegroups.com.
Als je een bericht in deze groep wilt plaatsen, stuur je een e-mail naar eid...@googlegroups.com.
Bezoek deze groep op https://groups.google.com/group/eid-mw.
Ga naar https://groups.google.com/d/optout voor meer opties.
Nick
Oct 23, 2017, 7:39:11 AM10/23/17
to eID Middleware
Hello Frederik,
Thank you for your quick reply and info.
Normally we're not accessing the PKCS11 library in multiple threads for the moment.
I wrote a very simple test-application too, with only basic code to test the functionality on the remote servers for better debugging purposes, so there's really nothing special in there.
I have no experience with C_Initialize() yet and don't really know how to use this with the .NET wrapper...
If you can provide me with the new pkcs11.dll i'll test it and let you know if it improves anything.
Kind regards,
Nick
Op maandag 23 oktober 2017 11:13:55 UTC+2 schreef fvernelen:
Thank you for your quick reply and info.
Normally we're not accessing the PKCS11 library in multiple threads for the moment.
I wrote a very simple test-application too, with only basic code to test the functionality on the remote servers for better debugging purposes, so there's really nothing special in there.
I have no experience with C_Initialize() yet and don't really know how to use this with the .NET wrapper...
If you can provide me with the new pkcs11.dll i'll test it and let you know if it improves anything.
Kind regards,
Nick
Op maandag 23 oktober 2017 11:13:55 UTC+2 schreef fvernelen:
Als je je wilt afmelden bij deze groep en geen e-mails van de groep meer wilt ontvangen, stuur je een e-mail naar eid-mw+un...@googlegroups.com.
Frederik Vernelen
Oct 23, 2017, 9:15:11 AM10/23/17
to eid...@googlegroups.com
Hello Nick,
You can try with following signed build:
This is our quick-installer that will install the pkcs11 libraries in your OS system folder, depenping on where your C# app goed looking for them, you might need to copy them there.
(And if you do not use a full path, make sure no older pkcs11 lib is found sooner (e.g. because one is present next to your C# application))
Regarding the C_Initialize: if no changes are made to the c#-wrapper, it call it from within the contructor of the module (and without parameters, so no mutexes will be used).
Wkr,
Frederik
Als je je wilt afmelden bij deze groep en geen e-mails van de groep meer wilt ontvangen, stuur je een e-mail naar eid-mw+unsubscribe@googlegroups.com.
Nick
Oct 23, 2017, 9:58:04 AM10/23/17
to eID Middleware
Hi Frederik,
This build is not working for me. I first installed it on my own computer.
Because the servers are managed by our clients and are used in production I first need to verify it's working.
The software installs ok, but when i try to test it everything crashes:
- The installers 'Test' functionality crashes
- My application crashes upon calling ''GetSlotList(True) with following error: System.AccessViolationException: 'Attempted to read or write protected memory. This is often an indication that other memory is corrupt.'
- Firefox cannot be started and crashes everytime,...
After uninstalling this build and returning to the latest stable software, everything works again.
Nick
Op maandag 23 oktober 2017 15:15:11 UTC+2 schreef fvernelen:
This build is not working for me. I first installed it on my own computer.
Because the servers are managed by our clients and are used in production I first need to verify it's working.
The software installs ok, but when i try to test it everything crashes:
- The installers 'Test' functionality crashes
- My application crashes upon calling ''GetSlotList(True) with following error: System.AccessViolationException: 'Attempted to read or write protected memory. This is often an indication that other memory is corrupt.'
- Firefox cannot be started and crashes everytime,...
After uninstalling this build and returning to the latest stable software, everything works again.
Nick
Op maandag 23 oktober 2017 15:15:11 UTC+2 schreef fvernelen:
Frederik Vernelen
Oct 23, 2017, 10:31:21 AM10/23/17
to eid...@googlegroups.com
Hello Nick,
Sorry about that, a dumb mistake on my part, build a new testversion atm.
Als je je wilt afmelden bij deze groep en geen e-mails van de groep meer wilt ontvangen, stuur je een e-mail naar eid-mw+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages