Unknown error code on ARMv7

[ximon18]

When running on a Raspberry Pi 4b target (an ARMv7 architecture platform) keyls fails with an unknown error code:

$ keyls pkcs11:0:********@/home/pi/yubihsm/yubihsm-shell-2.3.0b/build/pkcs11/yubihsm_pkcs11.so
Error: PKCS#11: unknown (0xb6d0884000000000)

I traced this failure to the call to the Ctx::new() fn in the pkcs11 crate, specifically to the invocation of the C_GetFunctionList() PKCS#11 function). Using LD_DEBUG we see that immediately after looking up the C_GetFunctionList symbol the library is then finished with.

     14246:     calling init: /home/pi/yubihsm/yubihsm-shell-2.3.0b/build/pkcs11/yubihsm_pkcs11.so
     14246:     
     14246:     opening file=/home/pi/yubihsm/yubihsm-shell-2.3.0b/build/pkcs11/yubihsm_pkcs11.so [0]; direct_opencount=1
     14246:     
     14246:     symbol=C_GetFunctionList;  lookup in file=/home/pi/yubihsm/yubihsm-shell-2.3.0b/build/pkcs11/yubihsm_pkcs11.so [0]
     14246:     binding file /home/pi/yubihsm/yubihsm-shell-2.3.0b/build/pkcs11/yubihsm_pkcs11.so [0] to /home/pi/yubihsm/yubihsm-shell-2.3.0b/build/pkcs11/yubihsm_pkcs11.so [0]: normal symbol `C_GetFunctionList'
     14246:     
     14246:     calling fini: /home/pi/yubihsm/yubihsm-shell-2.3.0b/build/pkcs11/yubihsm_pkcs11.so [0]

Injected eprintln!() calls in a local copy of the PKCS#11 v0.5.0 crate around the call showed the print before the call but not the print after the call:

let func: libloading::Symbol<
    unsafe extern "C" fn(CK_FUNCTION_LIST_PTR_PTR) -> CK_RV,
> = lib.get(b"C_GetFunctionList")?;
eprintln!("BEFORE");
match func(list.as_mut_ptr()) {
    CKR_OK => (),
    err => return Err(Error::Pkcs11(err)),
}
eprintln!("AFTER");

Note that pkcs11-tool didn't have any such problems using the same PKCS#11 library file on the same Raspberry Pi 4b host.

Also note that a quick test using the cryptoki crate instead of the pkcs11 crate showed that the pkcs11 crate fails but the cryptoki crate succeeds.

[ximon18]

After merging PR #3 the issue is solved.

Environment:

$ cat /etc/issue
Raspbian GNU/Linux 11 \n \l

$ uname -a
Linux pi2gb 5.10.63-v7l+ #1488 SMP Thu Nov 18 16:15:28 GMT 2021 armv7l GNU/Linux

$ lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 004: ID 1050:0030 Yubico.com YubiHSM
Bus 001 Device 002: ID 2109:3431 VIA Labs, Inc. Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

$ pkcs11-tool --module /home/pi/yubihsm/yubihsm-shell-2.3.0b/build/pkcs11/yubihsm_pkcs11.so -I
Cryptoki version 2.40
Manufacturer     Yubico (www.yubico.com)
Library          YubiHSM PKCS#11 Library (ver 2.30)
Using slot 0 with a present token (0x0)

Clone and compile:

$ git clone https://github.com/ximon18/keyls.git
$ cd keyls
$ git log -1
commit 8df38e2205958ce64a933a546369a9ba62cc0130 (HEAD -> main, origin/main, origin/HEAD)
Author: Ximon Eighteen <3304436+ximon18@users.noreply.github.com>
Date:   Tue Jan 4 13:28:36 2022 +0100

    Switch `pkcs11` crate for `cryptoki` instead (#3)
    
    Use the `cryptoki` crate instead of the `pkcs11` crate as the latter fails on ARMv7 when invoking `C_GetFunctionList()`.
$ cargo build

Test:

$ target/debug/keyls pkcs11:0:********@/home/pi/yubihsm/yubihsm-shell-2.3.0b/build/pkcs11/yubihsm_pkcs11.so
Using PKCS#11 slot id 0 (0x0)
Found 4 keys
+------+-------------+----------------------+-----------+--------+
| ID   | Type        | Name                 | Algorithm | Length |
+------+-------------+----------------------+-----------+--------+
| 1EB1 | Private Key | Ximons test key pair | RSA       |        |
| 1EB1 | Public Key  | Ximons test key pair | RSA       | 2048   |
| AB51 | Private Key | Ximons test key pair | RSA       |        |
| AB51 | Public Key  | Ximons test key pair | RSA       | 2048   |
+------+-------------+----------------------+-----------+--------+

Note: Also tested by building on an x86_64 host with the command:

$ cross build --target armv7-unknown-linux-gnueabihf --release