can you help me to find out what is the code of the following message?
"Method C_OpenSession returned 2147484548"
I got this error while trying to open a session when the connection went out, so the cause is the lack of connectivity, but I'd like to know if this code can help me to manage better this case, to avoid further problem when there isn't connection to the HSM.
--
You received this message because you are subscribed to the Google Groups "Pkcs11Interop" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pkcs11interop+unsubscribe@googlegroups.com.
To post to this group, send email to pkcs11...@googlegroups.com.
Visit this group at https://groups.google.com/group/pkcs11interop.
the error, in my documentation, is CKR_SMS_ERROR: "General error from secure messaging system - probably caused by HSM failure or network failure".
This confirm the problem it happens when the connectivity is lacking.
The problem is when this happens, the service isn't able to resume the communication when the connectivity is back, until I restart manually the service managing the HSM access.
When the service starts, I call this:
private Pkcs11 _pkcs11 = null;
private Slot _slot = null;
private Session _session = null;
public async void InitPkcs11()
{
try
{
_pkcs11 = new Pkcs11(pathCryptoki, Inter_Settings.AppType);
_slot = Inter_Helpers.GetUsableSlot(_pkcs11, nSlot);
_session = _slot.OpenSession(SessionType.ReadOnly);
_session.Login(CKU.CKU_USER, Inter_Settings.NormalUserPin);
}
catch (Exception e)
{
...
}
}
When I have to use the HSM, I call something like:
using (var LocalSession = _slot.OpenSession(SessionType.ReadOnly))
{
...
}
And, when I fail the communication due to a connectivity lack, I call a function to reset the connection and try to change the slot:
private bool switching = false;
public async void SwitchSlot()
{
try
{
if (!switching)
{
switching = true;
if (nSlot == 0)
{
nSlot = 2;
}
else
{
nSlot = 0;
}
_session.Logout();
_slot.CloseAllSessions();
_pkcs11.Dispose();
InitPkcs11();
switching = false;
}
}
catch (Exception e)
{
...
}
}
But, this last snippet doens't work as expected: it try to change the slot, but it fails always to communicate with the HSM. If I restart the service manually (when the connectivity is back), it works like charms. So, I'm sure I'm doing something wrong in the SwitchSlot function, when I try to close the _session and open a new one.
Do you see any errors/misunderstoonding here?
"Method C_Logout returned 2147484548"
Which method is returnig this? This is in the excetpion branch of the SwitchSlot function.
We have 2 HSM, both linked to our production server. I can call them also from a test server. So, I just tried this: call the HSMs from the test server and simulate a network down.
But, as I start the service in the test service, the production one starts to fail the request to the HSM.
I make further tests, and I noticed the same behavior with Safenet tool: if, for example, I connect to the HSM with ctbrowse, my service starts haveing problems.
It's like if it gets in troubles when other software access the HSMs. Is it possible? Why? How can I avoid it?
I modified the code and I was ready to test it.
We have 2 HSM, both linked to our production server. I can call them also from a test server. So, I just tried this: call the HSMs from the test server and simulate a network down.
But, as I start the service in the test service, the production one starts to fail the request to the HSM.
I make further tests, and I noticed the same behavior with Safenet tool: if, for example, I connect to the HSM with ctbrowse, my service starts haveing problems.
It's like if it gets in troubles when other software access the HSMs. Is it possible? Why? How can I avoid it?
it fails to retrive the keys. For example:
using (var LocalSession = _slot.OpenSession(SessionType.ReadOnly))
{
List<ObjectHandle> foundObjects = LocalSession.FindAllObjects(objectAttributes);
if (foundObjects.Count > 0)
{}
else
{}
Here, it goes in the else branch, after this network problem...
So, I don't have a stackTrace since, there is no real error, but it starts to not found the key when I search for them... why?
Anyway, the HSM are 2 Safenet Protect Server Gold (external). Did you ever worked with this brand? Can be this info be useful?
Ok, I will try to contact them.
Anyway, the HSM are 2 Safenet Protect Server Gold (external). Did you ever worked with this brand? Can be this info be useful?
Very useful, thanks again!
Returning to the main topic, I just tested the new code you suggested to me.
Now the error is:
Method C_OpenSession returned 2147484548
The error code is the same as before.
So, the same as before, but on the OpenSession method now, when I try to use the HSM (so, not the Init function).
using (var LocalSession = _slot.OpenSession(SessionType.ReadOnly))
{
...
}
Also in this case, I had to restart the service to solve the issue and proceed with all the stuff.
What can I try here?
So, the same as before, but on the OpenSession method now, when I try to use the HSM (so, not the Init function).
using (var LocalSession = _slot.OpenSession(SessionType.ReadOnly))
{
...
}
Also in this case, I had to restart the service to solve the issue and proceed with all the stuff.
What can I try here?