pkcs11.open_session_no_callback against Luna Network HSM crashed with SIGSEGV
#72
Comments
|
Hi, Thanks for reporting the issue! Is there any way for us to reproduce this locally? Otherwise we'll probably need a backtrace for that. Something that might help is a copy of the code you use in C to do the same thing, as it might be some of our conventions/defaults that are at fault here. Also, could you please let us know the version of the crate you're using - is it the from crates.io or some commit on |
|
I'm also wondering if it could be related to #70 |
As an alternative/on top of that, you could try and run both the C and Rust examples using the |
|
Interestingly, the crash is gone (in opening session) when $ export PKCS11_HSM_MODULE="/local/centos/pkcs11-logger/build/linux/pkcs11-logger-x64.so"
$ export PKCS11_LOGGER_LIBRARY_PATH="/usr/safenet/lunaclient/lib/libCryptoki2_64.so"
$ export PKCS11_LOGGER_LOG_FILE_PATH="/local/centos/logs/pkcs11-logger-output.log"
$ cargo test
Finished test [unoptimized + debuginfo] target(s) in 0.10s
Running unittests (target/debug/deps/my_project-8a5e42cd16d7b0c2)
running 1 test
test tests::test_open_session ... ok
test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.85s
# It crashed again when I removed the use of `pkcs11-logger`
$ export PKCS11_HSM_MODULE="/usr/safenet/lunaclient/lib/libCryptoki2_64.so"
$ cargo test
Finished test [unoptimized + debuginfo] target(s) in 0.10s
Running unittests (target/debug/deps/my_project-8a5e42cd16d7b0c2)
running 1 test
error: test failed, to rerun pass '--bin my_project'
Caused by:
process didn't exit successfully: `/local/centos/my_project/rust/target/debug/deps/my_project-8a5e42cd16d7b0c2` (signal: 11, SIGSEGV: invalid memory reference)This is the |
I tried both the one from |
|
As a temporary stopgap, instead of specifying the target SO file directly from export PKCS11_LOGGER_FLAGS="1"I suspect there is a bug somewhere in how the rust stack is loading or accessing the SO file. Perhaps in the libloading crate? |
|
BTW, I just tried calling Let me check out the current situation with the pkcs11 crate ... |
Interestingly, there's this open issue on their repo. Their workaround seems to be to use
That's... odd. We do support multiple attributes - the one thing we don't support, I think, is vendor-defined attributes, but I don't think there's a way to pass that to |
Running the unit test below would result in the Environment$ cargo tree | grep cryptoki
├── cryptoki v0.2.0
│ ├── cryptoki-sys v0.1.2
$ hostnamectl
...
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-1160.45.1.el7.x86_64
Architecture: x86-64
$ rustc --version
rustc 1.57.0 (f1edd0429 2021-11-29)Unit Testextern crate cryptoki;
use cryptoki::Pkcs11;
use cryptoki::types::slot_token::Slot;
use cryptoki::types::locking::CInitializeArgs;
use cryptoki::types::Flags;
use cryptoki::types::session::UserType;
use cryptoki::types::object::Attribute;
use cryptoki::types::object::AttributeType;
use cryptoki::types::object::ObjectClass;
use cryptoki::types::Bbool;
use std::env;
#[derive(Debug)]
struct ErrorWithStacktrace;
impl<T: std::error::Error> From<T> for ErrorWithStacktrace {
fn from(p: T) -> Self {
panic!("Error: {:#?}", p);
}
}
type Result<T> = std::result::Result<T, ErrorWithStacktrace>;
fn init_pkcs11() -> (Pkcs11, Slot) {
let pkcs11 = Pkcs11::new(
env::var("PKCS11_HSM_MODULE")
.unwrap_or_else(|_| "/usr/safenet/lunaclient/lib/libCryptoki2_64.so".to_string()),
).unwrap();
// initialize the library
pkcs11.initialize(CInitializeArgs::OsThreads).unwrap();
// find a slot, get the first one
let slot = pkcs11.get_slots_with_token().unwrap().remove(0);
println!("slot: {}", slot.id());
let passwd = env::var("passwd").unwrap_or_else(|_| "".to_string());
let _ = pkcs11.set_pin(slot, &passwd);
(pkcs11, slot)
}
#[test]
#[serial]
fn find_secret_key_by_label() -> Result<()> {
let (pkcs11, slot) = init_pkcs11();
// set flags
let mut flags = Flags::new();
flags.set_rw_session(true).set_serial_session(true);
// open a session
let session = pkcs11.open_session_no_callback(slot, flags).unwrap();
// log in the session
session.login(UserType::User).unwrap();
let key_label: String = "foo".to_owned();
let template = vec![
Attribute::Token(Bbool::True),
Attribute::Class(ObjectClass::SECRET_KEY),
Attribute::Label(key_label.into_bytes())
];
let secret_key = session.find_objects(&template)?.remove(0);
let attributes_result = session
.get_attributes(secret_key, &[AttributeType::KeyType, AttributeType::ValueLen]);
match attributes_result {
Ok(attributes) => println!("working with version: {:?}", attributes),
Err(e) => println!("error getting attributes: {:?}", e),
}
Ok(())
}Runningexport PKCS11_HSM_MODULE="/local/centos/pkcs11-logger/build/linux/pkcs11-logger-x64.so"
export PKCS11_LOGGER_LIBRARY_PATH="/usr/safenet/lunaclient/lib/libCryptoki2_64.so"
export PKCS11_LOGGER_LOG_FILE_PATH="/local/centos/logs/pkcs11-logger-output.log"
export passwd="<omitted>"
$ cargo test -- --nocapture
Finished test [unoptimized + debuginfo] target(s) in 0.11s
Running unittests (target/debug/deps/my_project-8a5e42cd16d7b0c2)
running 1 test
slot: 0
error getting attributes: NotSupported
test tests::find_secret_key_by_label ... ok
test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 1.46spkcs11-logger-output.log |
I tried various combinations, including:
So far none of it works. (I verified the change was in effect as I saw the debug message such as "Opening SO with RTLD_GLOBAL | RTLD_NOW" being output during Sample diff for such change: diff --git a/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs b/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs
index 16599f4..86d8697 100644
--- a/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs
+++ b/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs
@@ -2884,6 +2884,8 @@ pub type CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut ck_des_cbc_encrypt_data_param
pub type CK_AES_CBC_ENCRYPT_DATA_PARAMS = ck_aes_cbc_encrypt_data_params;
pub type CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR = *mut ck_aes_cbc_encrypt_data_params;
extern crate libloading;
+use libloading::os::unix::RTLD_NOW;
+use libloading::os::unix::RTLD_GLOBAL;
pub struct Pkcs11 {
__library: ::libloading::Library,
pub C_GetFunctionList: Result<
@@ -2896,7 +2898,10 @@ impl Pkcs11 {
where
P: AsRef<::std::ffi::OsStr>,
{
- let __library = ::libloading::Library::new(path)?;
+ // let __library = ::libloading::Library::new(path)?;
+ println!("Opening SO with RTLD_GLOBAL | RTLD_NOW");
+ let os_lib = libloading::os::unix::Library::open(Some(path), RTLD_GLOBAL | RTLD_NOW)?;
+ let __library = libloading::Library::from(os_lib);
let C_GetFunctionList = __library
.get("C_GetFunctionList".as_bytes())
.map(|sym| *sym); |
|
This work around fixes the SIGSEG crash. Yay! diff --combined cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs
index 4b98321,16599f4..0000000
--- a/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs
+++ b/cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs
@@@ -2896,10 -2896,7 +2896,10 @@@ impl Pkcs11
where
P: AsRef<::std::ffi::OsStr>,
{
- let __library = ::libloading::Library::new(path)?;
+ // https://github.com/nagisa/rust_libloading/issues/41#issuecomment-448303856
+ println!("Opening SO with 0x2 | 0x1000");
+ let os_lib = libloading::os::unix::Library::open(Some(path), 0x2 | 0x1000)?;
+ let __library = libloading::Library::from(os_lib);
let C_GetFunctionList = __library
.get("C_GetFunctionList".as_bytes())
.map(|sym| *sym); |
|
I wonder if this works across all x86_64 Linux platforms. If so, a simple change to |
|
Hmmm, I've been looking at your log for the get_attribute, I think the error is coming from the key type conversion instead. In the log the value appears to be in little endian encoding (I'm assuming it's an AES key?), however we treat those bytes as network endian. Looking through the spec I can't tell which one CK_ULONG should be following, as CKA_KEY_TYPE uses CK_KEY_TYPE, which is a ulong... Unfortunately I can't properly link, posting this on a phone 😅 but I'll look into it more tomorrow morning (and into the libloading issue as well) |
Affirmative. |
hansonchar
added a commit
to hansonchar/rust-cryptoki
that referenced
this issue
Dec 8, 2021
parallaxsecond#72 Signed-off-by: Hanson Char <[email protected]>
|
Hmm, ok, now I'm stumped. I ran the following test locally (with the current tip of And it worked: Got the following from The first two calls are done separately now (used to be one call in So if you run two calls with |
I think that's what I'd lean towards that, we can maybe put a handrolled implementation that's similar to the existing |
Using the latest tip of |
|
Nice!! That's great to hear. How tied are you to this fix being upstreamed to crates.io? |
|
Strangely though if I tried to access the I know the |
|
Oh, yes, I get the same, I think our way of handling We should really invest in more testing :) |
6 tasks
|
I read through this rapidly, would it be ok to close it then if it's working with edit: ah you did here Ionut 👍 #74 |
|
Yes. That makes sense.
…On Tue, Jan 4, 2022, 6:47 AM Hugues de Valon ***@***.***> wrote:
I read through this rapidly, would it be ok to close it then if it's
working with main? We can open a new issue about the Date handling maybe
—
Reply to this email directly, view it on GitHub
<#72 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFPWEMA5GQB2NTW5TR2MC3UUMCB5ANCNFSM5JN4V4XQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
@hansonchar - quick note, I've released v0.3.0 of |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It doesn’t seem
rust-cryptokican be used to open a pkcs11 session to the Thales eLab, i.e. Luna Network HSM without ending up in(signal: 11, SIGSEGV: invalid memory reference).Sample unit test:
Test run and failure
Note
ruststable vs nightly build doesn't seem to make any difference.Also, changing the
libloadingdependency to open the.sofile from:to:
doesn't seem to make any difference.
The text was updated successfully, but these errors were encountered: