No slots

You must sign in to post in the forums.
11/26/2012 3:41:33 PM
dangerwit
Gravatar
Total Posts 5
View Posts

No slots

Hi there,

 

We run ncryptoki against a couple of HSM devices and are having an interesting issue: we are, at times, seeing any one of our 8 servers having "slot" issues at runtime.

 

Specifically, we are getting an "index was out of range" error when accessing slot zero.  (The code from the stack trace was at Cryptware.NCryptoki.SlotList.get_Item(Int32 idx)).

 

I assume this means that no slots were created during init, meaning no HSM device(s) were found during that init?  Is that a correct assumption?  What can I do to get more visibility on this error?  This is happening on other servers, but only very rarely.  Is there extra debug I can get from this?  (I want to remember some settings in the config file?)

 

Thanks,

*Phil

11/26/2012 3:42:55 PM
dangerwit
Gravatar
Total Posts 5
View Posts

Re: No slots

...and for what it's worth, we are running the C# code with ncryptoki against a Thales HSM (x2).

 

*Phil

11/26/2012 4:15:34 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: No slots

Hi,

check this:

slotList.Count > 0

if it is 0 this means that the underlying PKCS#11 module has returned 0 slots available.

Also, you can check with CryptokiExplorer that you can find in the SDK. In the combobox at top-left you will see the available slots.

 

11/26/2012 4:59:26 PM
dangerwit
Gravatar
Total Posts 5
View Posts

Re: No slots

Thank you, Ugo.  Yes, I do plan on adding null and count checks, but I was hoping you and/or other people may have insight as to the cause of why there are no slots available suddenly?  Is it a communication issue with the HSM device?  Is it simply because the underlying device is somehow unavailable?  I'm trying to determine the root cause -- in other words, exactly what could cause zero slots to be available?

 

12/6/2012 12:28:01 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: No slots

This depends on HSM.

I don't know what can cause this strange behaviour in your HSM. Maybe a connection or concurrency issue (i.e. more clients want to communicate with the HSM at the same time).

Anyway PKCS#11 specifications state that the available slots must be read during the function C_Initialize that in NCryptoki correspond to the method Cryptoki.Initialize. If after C_Initialize more slots become available they will be not visible untill a new C_Initialize is called.

Therefore you could try by checking the slot count. If it is 0 you may reinitialize the PKCS#11 module by calling Finalize to end the current session and then call Initialize again to reinizialize a new session with the PKCS#11 module. 

You must sign in to post in the forums.