Multi Threading Signing is not working.

[jigic...@gmail.com]

Dear All,

I am trying to do Digital Signing of XML via HSM using C#.NET language.
I am able to do the same via PKCS11Interop DLL.

But if I am trying to sign multiple threads then I am unable to access the library and it crashes.

Please find below Error and Code used

Error is : Method C_Initialize returned CKR_FUNCTION_FAILED at Net.Pkcs11Interop.HighLevelAPI4.Pkcs11..ctor(String libraryPath, Boolean useOsLocking) at Net.Pkcs11Interop.HighLevelAPI.Pkcs11..ctor(String libraryPath, Boolean useOsLocking)

public Slot GetUsableSlot(Pkcs11 pkcs11)
{
// Get list of available slots
List<Slot> slots = pkcs11.GetSlotList(true);
// Let's use first slot with token present
return slots[1];
}
public void SignTest()
{
using (Pkcs11 pkcs11 = new Pkcs11(Pkcs11LibraryPath, true))
{
Slot slot = GetUsableSlot(pkcs11);

// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, "xxxx");

...........................
...........................

[Jaroslav Imrich]

Hello Jignesh,

when using Pkcs11Interop (or PKCS#11 in general) from multiple threads you need to watch for three things:

1. There should be only one instance of Pkcs11 class shared between the threads (see [0] for more details)

2. Instance of Pkcs11 class should be initialized with native OS locking model enabled (see [1] for more details)

3. Separate instance of Session class should be used for each operation (see [1] for more details)

[0] https://github.com/jariq/Pkcs11Interop/issues/17#issuecomment-146329529
[1] https://github.com/jariq/Pkcs11Interop/issues/8#issuecomment-33725265

Regards, Jaroslav

--
You received this message because you are subscribed to the Google Groups "Pkcs11Interop" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pkcs11intero...@googlegroups.com.
To post to this group, send email to pkcs11...@googlegroups.com.
Visit this group at http://groups.google.com/group/pkcs11interop.

[jigic...@gmail.com]

Thanks a lot Jaroslav for your revert.

I have tried the combinations mentioned in the thread suggested.
Also tried some Trail and error of my own.
But still multi-threading is not working.

Combinations I have tried:
1. Global declaration of the PKCS11 object with native OS locking model enabled
2. Create new session object for every thread
3. Single session object and login for every thread.


I am still unable to access the PKCS11 library and it crashes.
I am trying to access keys stored in Thales HSM....

THANKING IN ADVANCE......
Jignesh Chavan

[Jaroslav Imrich]

On Mon, Oct 12, 2015 at 12:30 PM, <jigic...@gmail.com> wrote:

Thanks a lot Jaroslav for your revert.

I have tried the combinations mentioned in the thread suggested.
Also tried some Trail and error of my own.
But still multi-threading is not working.

Combinations I have tried:
1. Global declaration of the PKCS11 object with native OS locking model enabled
2. Create new session object for every thread
3. Single session object and login for every thread.


I am still unable to access the PKCS11 library and it crashes.
I am trying to access keys stored in Thales HSM....

Could you please use https://github.com/jariq/pkcs11-logger to capture all unmanaged calls made by your application and share the logs with me?
 
You can also enable debuging in the middleware of your HSM by adding these two lines into cknfastrc file:

CKNFAST_DEBUG=10
CKNFAST_DEBUGFILE=c:\logs\cknfast.log

Consult your HSM user guide for more info and please share log file - c:\logs\cknfast.log - with me.

I suggest you don't send logs to the public mailing list as they might contain sensitive information.

Regards, Jaroslav