How to login as Crypto User role

[ktikar]

Hi,

My HSM has another role which is "Crypto User" with the limited crypto operation that can be performed (encrypt/decrypt/sign/verify).

So, I can't use the following code to log in as Crypto User but I'm not sure why it doesn't.

pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType);

 slot = Helpers.GetUsableSlot(pkcs11Library);

session = slot.OpenSession(SessionType.ReadOnly);

session.Login(CKU.CKU_CONTEXT_SPECIFIC, passwd);

Anyone please kindly help.

P.S. It has no problem with the "Crypto Officer" role. It can use the ReadWrite session and CKU_USER type to log in.

Best regards,

[ktikar]

Hi Jaroslav,

I have config the debug log then login as Crypto User in the HSM itself tool. So, it looks like the Crypto User uses "-2147483647" but the CKU_CONTEXT_SPECIFIC is "2".

14:14:11 08016-14520:STRTLogin {Sesn=2 User=-2147483647 PIN=(8 "********") }

14:14:11 08016-14520:FINILogin CKR_OK(66526ms) {}

I have checked the CKU class in uint type then I can't perform typecasting to the negative value.

session.Login((CKU) LunaRoles.CKU_CU, passwd);

Please kindly help.

[ktikar]

Hi,

I have just checked the error message then I solved the problem!

Here is my solution.

1. Create enum for your HSM roles

public enum HsmRoles

    {

        CKU_SO = 0,

        CKU_CO = 1,

        CKU_CU = -2147483647

    }

2. Edit the login step (Cast to CKU type then uncheck to support negative value)

session.Login(unchecked((CKU) LunaRoles.CKU_CU), passwd);