Description
Issue
I cannot init_token with my HSM using cryptoki in my Rust application.
However, it works with SoftHSM2.
I also manage to init a token using my HSM client binary (not my Rust application).
Context
I'm using an HSM with a PIN Entry Device (PED) (see what is a PED).
It's a device, linked to the HSM, that requires to plug dongle (USB stick) for authentification.
To connect as SO, it's not possible to set a PIN. It is mandatory to use the PED.
So instead of entering a PIN on my PC, I plug a dongle on the PED to login.
For example, if I want to open a session I use this line :
let session = pkcs11.open_rw_session(slot)?;
session.login(UserType::So, None)?NOTE: I use None to indiacte to use the protected authentication path, in this case, it's the PED.
NOTE2: However, to login as UserType::User, I am allowed to set a PIN, in order to avoid using the PED. In this case, I use Some(&pin) to login as a User.
How to reproduce
If I use SoftHSM2, I indicate a pin I set beforehand (eg. "1234") and it works perfectly. But if I use my HSM, there's not pin set for the SO, so I indicate en empty pin (eg. "").
let slot = pkcs11.get_slots_with_initialized_token()?[0];
let pin = AuthPin::new(String::from(""));
pkcs11.init_token(slot, &pin, "reinitialized")?;init_token raises a CryptokiError(Pkcs11(GeneralError)).
Expected behaviour
Indicate "" (empty) pin and init the token successfully (that's what I'm doing using the HSM client binary), or using None, like in login().