- by mv
Configuring Oracle iPlanet Web Server / Oracle Traffic Director to
use crypto accelerators on T4-1 servers
Jyri had written a technical article on Configuring
Solaris Cryptographic Framework and Sun Java System Web Server 7 on
Systems With UltraSPARC T1 Processors. I tried to find out what has changed since then in T4.
I have used a T4-1 SPARC system with Solaris 10. Results slightly vary for Solaris 11. For Solaris 11, the T4 optimization was implemented in
libsoftcrypto.so while it was in
pkcs11_softtoken_extra.so for Solaris 10.
Overview
of T4 processors is here
in this blog.
Many thanx to Chi-Chang Lin and Julien for their help.
1. Install Oracle iPlanet Web Server / Oracle
Traffic Director. Go to instance/config directory.
# cd
/opt/oracle/webserver7/https-hostname.fqdn/config
2. List default PKCS#11 Modules
#
../../bin/modutil -dbdir . -listListing of PKCS #11
Modules-----------------------------------------------------------1.
NSS Internal PKCS #11 Moduleslots: 2 slots attachedstatus:
loadedslot: NSS Internal Cryptographic Servicestoken: NSS
Generic Crypto Servicesslot: NSS User Private Key and
Certificate Servicestoken: NSS Certificate DB2. Root
Certslibrary name: libnssckbi.soslots: 1 slot
attachedstatus: loadedslot: NSS Builtin Objectstoken:
Builtin Object
Token-----------------------------------------------------------
3. Initialize the soft token data store in the
$HOME/.sunw/pkcs11_softtoken/ directory
# pktool setpin
keystore=pkcs11Enter token passphrase: olderpasswordCreate
new passphrase: passwordRe-enter new passphrase:
passwordPassphrase changed.
4. Offload crypto operations to Solaris Crypto
Framework on T4
$
../../bin/modutil -dbdir . -nocertdb -add SCF -libfile
/usr/lib/libpkcs11.so -mechanisms RSA:AES:SHA1:MD5
Module "SCF"
added to database.
Note that
-nocertdb means modutil won't try to open
the NSS softoken key database. It doesn't even have to be present.
PKCS#11 library used is /usr/lib/libpkcs11.so.
If the server is running in 64 bit mode, we have to use
/usr/lib/64/libpkcs11.so
Unlike T1 and T2, in T4 we do not have to disable
mechanisms in softtoken provider using cryptoadm.
5. List again to check that a new module SCF is
added
#
../../bin/modutil -dbdir . -list
Listing of PKCS
#11
Modules-----------------------------------------------------------1.
NSS Internal PKCS #11 Moduleslots: 2 slots attachedstatus:
loadedslot: NSS Internal Cryptographic Servicestoken: NSS
Generic Crypto Servicesslot: NSS User Private Key and
Certificate Servicestoken: NSS Certificate DB2.
SCFlibrary name: /usr/lib/libpkcs11.soslots: 2 slots
attachedstatus: loadedslot: Sun Metaslottoken: Sun
Metaslotslot: n2rng/0 SUNW_N2_Random_Number_Generator
token:
n2rng/0 SUNW_N2_RNG
3. Root Certs
library
name: libnssckbi.so
slots: 1 slot attached
status:
loaded
slot: NSS Builtin Objects
token: Builtin
Object
Token-----------------------------------------------------------
6. Create certificate in “Sun Metaslot” :
I have used certutil, but you must use
Admin Server CLI / GUI
#
../../bin/certutil -S -x -n "Server-Cert" -t "CT,CT,CT"
-s "CN=*.fqdn" -d . -h "Sun Metaslot"Enter
Password or Pin for "Sun Metaslot": password
7. Verify that the certificate is created
properly in “Sun Metslaot”
#
../../bin/certutil -L -d . -h "Sun Metaslot"Certificate
Nickname Trust AttributesSSL,S/MIME,JAR/XPIEnter Password or
Pin for "Sun Metaslot": passwordSun
Metaslot:Server-Cert CTu,Cu,Cu#
8. Associate this newly created certificate
to http listener using Admin CLI/GUI. After that server.xml should
have
<http-listener>
... <ssl> <server-cert-nickname>Sun
Metaslot:Server-Cert</server-cert-nicknamer> </ssl>
Note the prefix "Sun
Metaslot"
9. Disable PKCS#11 bypass
To use the accelerated AES algorithm,
turn off PKCS#11 bypass, and configure modutil to have the AES
mechanism go to the Metaslot.
After you disable PKCS#11 bypasss using Admin GUI/CLI, check that server.xml should have
<server> .... <pkcs11> <enabled>1</enabled>
<allow-bypass>0</allow-bypass> </pkcs11>
With PKCS#11 bypass enabled,
Oracle iPlanet Web Server will only use the RSA capability of the
T4, provided certificate and key are stored in the T4 slot
(Metaslot). Actually, the RSA op is never bypassed in NSS, it's
always done with PKCS#11 calls. So the bypass settings won't affect
the behavior of the probes for RSA at all. The only thing that
matters if where the RSA key and certificate live, ie. which PKCS#11
token, and thus which PKCS#11 module gets called to do the work. If
your certificate/key are in the NSS certificate/key db, you will see
libsoftokn3/libfreebl libraries doing the RSA work. If
they are in the Sun Metaslot, it should be the Solaris code.
10. Start the server instance
#
../bin/startserv Oracle iPlanet Web Server 7.0.16 B09/14/2012
03:33Please enter the PIN for the "Sun Metaslot" token:
password...info: HTTP3072:
http-listener-1: https://hostname.fqdn:80 ready to accept
requestsinfo: CORE3274: successful server startup
11.
Figure out which process to run this DTrace script on
# ps -eaf | grep webservd | grep -v
dogwebservd 18224 18223 0
13:17:25 ? 0:07 webservd -d
/opt/oracle/webserver7/https-hostname.fqdn/config -r
/opt/root 18225 18224 0 13:17:25 ?
0:00 webservd -d
/opt/oracle/webserver7/https-hostname.fqdn/config -r /opt/
(For Oracle Traffic Director look for process named "trafficd")
We see that the
child process id is “18225”
12. Clients for testing :
You can use any browser. I used NSS tool tstclnt for testing
$cat > req.txtGET
/index.html HTTP/1.0
For checking both RSA and AES, I used cipher “:0035”
which is TLS_RSA_WITH_AES_256_CBC_SHA
$./tstclnt -h
hostname -p 80 -d . -T -f -o -v -c “:0035” < req.txt
13. How do I make sure that crypto accelerator is
being used
13.1 Create DTrace script
The following D script should be able to uncover whether
T4-specific crypto routine are being called or not. It also displays
stats per second.
# cat >
t4crypto.d#!/usr/sbin/dtrace
-spid$target::*rsa*:entry,pid$target::*yf*:entry{ @ops[probemod,
probefunc] = count();}tick-1sec{ printa(@ops); trunc(@ops);}
Invoke with './t4crypto.d -p <pid>
'
13.2 EXPECTED PROBES FOR Solaris 10 :
If offloading to T4 HW are correctly set up, the expected DTrace
output would have these probes and libraries
library
Operations
PROBES
pkcs11_softtoken_extra.so
RSA
soft_decrypt_rsa_pkcs_decode,
soft_encrypt_rsa_pkcs_encode soft_rsa_crypt_init_common soft_rsa_decrypt, soft_rsa_encrypt soft_rsa_decrypt_common, soft_rsa_encrypt_common
AES
yf_aes_instructions_present yf_aes_expand256, yf_aes256_cbc_decrypt, yf_aes256_cbc_encrypt, yf_aes256_load_keys_for_decrypt,
yf_aes256_load_keys_for_encrypt,
Note
that these are for 256, same for 128, 192...
these are for
cbc, same for ecb, ctr, cfb128...
DES
yf_des_expand, yf_des_instructions_present yf_des_encrypt
libmd_psr.so
MD5
yf_md5_multiblock,
yf_md5_instruction_present
SHA1
yf_sha1_instruction_present, yf_sha1_multibloc
13.3
SAMPLE OUTPUT FOR CIPHER TLS_RSA_WITH_AES_256_CBC_SHA
(0x0035)
ON T4 SPARC SOLARIS 10 WITHOUT PKCS#11
BYPASS
# ./t4crypto.d
-p 18225
pkcs11_softtoken_extra.so.1
soft_decrypt_rsa_pkcs_decode 1
pkcs11_softtoken_extra.so.1
soft_rsa_crypt_init_common 1
pkcs11_softtoken_extra.so.1
soft_rsa_decrypt 1
pkcs11_softtoken_extra.so.1
big_mp_mul_yf 2
pkcs11_softtoken_extra.so.1
mpm_yf_mpmul 2
pkcs11_softtoken_extra.so.1
mpmul_arr_yf 2
pkcs11_softtoken_extra.so.1
rijndael_key_setup_enc_yf 2
pkcs11_softtoken_extra.so.1
soft_rsa_decrypt_common 2
pkcs11_softtoken_extra.so.1
yf_aes_expand256 2
pkcs11_softtoken_extra.so.1
yf_aes256_cbc_decrypt 3
pkcs11_softtoken_extra.so.1
yf_aes256_load_keys_for_decrypt 3
pkcs11_softtoken_extra.so.1
big_mont_mul_yf 6
pkcs11_softtoken_extra.so.1
mm_yf_montmul 6
pkcs11_softtoken_extra.so.1
yf_des_instructions_present 6
pkcs11_softtoken_extra.so.1
yf_aes256_cbc_encrypt 8
pkcs11_softtoken_extra.so.1
yf_aes256_load_keys_for_encrypt 8
pkcs11_softtoken_extra.so.1
yf_mpmul_present 8
pkcs11_softtoken_extra.so.1
yf_aes_instructions_present 13
pkcs11_softtoken_extra.so.1
yf_des_encrypt 18
libmd_psr.so.1
yf_md5_multiblock 41
libmd_psr.so.1
yf_md5_instruction_present 72
libmd_psr.so.1
yf_sha1_instruction_present 82
libmd_psr.so.1
yf_sha1_multiblock 82
This indicates
that both RSA and AES ops are done in Solaris Crypto Framework.
13.4
SAMPLE OUTPUT FOR CIPHER TLS_RSA_WITH_AES_256_CBC_SHA
(0x0035)
ON T4 SPARC SOLARIS 10 WITH
PKCS#11 BYPASS
#
./t4crypto.d -p 18225
pkcs11_softtoken_extra.so.1
soft_decrypt_rsa_pkcs_decode 1
pkcs11_softtoken_extra.so.1
soft_rsa_crypt_init_common 1
pkcs11_softtoken_extra.so.1
soft_rsa_decrypt 1
pkcs11_softtoken_extra.so.1
soft_rsa_decrypt_common 1
pkcs11_softtoken_extra.so.1
big_mp_mul_yf 2
pkcs11_softtoken_extra.so.1
mpm_yf_mpmul 2
pkcs11_softtoken_extra.so.1
mpmul_arr_yf 2
pkcs11_softtoken_extra.so.1
big_mont_mul_yf 6
pkcs11_softtoken_extra.so.1
mm_yf_montmul 6
pkcs11_softtoken_extra.so.1
yf_mpmul_present 8
For this cipher,
when I enable PKCS#11 bypass, Only RSA probes are being hit AES
probes are not being hit.
13.5
ustack() for RSA operations /
probefunc == "soft_rsa_decrypt" /
Shows that
libnss3.so is calling C_*
functions of libpkcs11.so
which is calling functions of pkcs11_softtoken_extra.so
for both cases with and without
bypass.
When PKCS#11 bypass is disabled
(allow-bypass is 0)
pkcs11_softtoken_extra.so.1`soft_rsa_decrypt
pkcs11_softtoken_extra.so.1`soft_rsa_decrypt_common+0x94
pkcs11_softtoken_extra.so.1`soft_unwrapkey+0x258
pkcs11_softtoken_extra.so.1`C_UnwrapKey+0x1ec
libpkcs11.so.1`meta_unwrap_key+0x17c
libpkcs11.so.1`meta_UnwrapKey+0xc4
libpkcs11.so.1`C_UnwrapKey+0xfc
libnss3.so`pk11_AnyUnwrapKey+0x6b8
libnss3.so`PK11_PubUnwrapSymKey+0x8c
libssl3.so`ssl3_HandleRSAClientKeyExchange+0x1a0
libssl3.so`ssl3_HandleClientKeyExchange+0x154
libssl3.so`ssl3_HandleHandshakeMessage+0x440
libssl3.so`ssl3_HandleHandshake+0x11c
libssl3.so`ssl3_HandleRecord+0x5e8
libssl3.so`ssl3_GatherCompleteHandshake+0x5c
libssl3.so`ssl_GatherRecord1stHandshake+0x30
libssl3.so`ssl_Do1stHandshake+0xec
libssl3.so`ssl_SecureRecv+0x1c8
libssl3.so`ssl_Recv+0x9c
libns-httpd40.so`__1cNDaemonSessionDrun6M_v_+0x2dc
When PKCS#11 bypass is enabled
(allow-bypass is 1)
pkcs11_softtoken_extra.so.1`soft_rsa_decrypt
pkcs11_softtoken_extra.so.1`soft_rsa_decrypt_common+0x94
pkcs11_softtoken_extra.so.1`C_Decrypt+0x164
libpkcs11.so.1`meta_do_operation+0x27c
libpkcs11.so.1`meta_Decrypt+0x4c
libpkcs11.so.1`C_Decrypt+0xcc
libnss3.so`PK11_PrivDecryptPKCS1+0x1ac
libssl3.so`ssl3_HandleRSAClientKeyExchange+0xe4
libssl3.so`ssl3_HandleClientKeyExchange+0x154
libssl3.so`ssl3_HandleHandshakeMessage+0x440
libssl3.so`ssl3_HandleHandshake+0x11c
libssl3.so`ssl3_HandleRecord+0x5e8
libssl3.so`ssl3_GatherCompleteHandshake+0x5c
libssl3.so`ssl_GatherRecord1stHandshake+0x30
libssl3.so`ssl_Do1stHandshake+0xec
libssl3.so`ssl_SecureRecv+0x1c8
libssl3.so`ssl_Recv+0x9c
libns-httpd40.so`__1cNDaemonSessionDrun6M_v_+0x2dc
libnsprwrap.so`ThreadMain+0x1c
libnspr4.so`_pt_root+0xe8
13.6
ustack() FOR AES operations /
probefunc == "yf_aes256_cbc_encrypt" /
When PKCS#11
bypass is disabled (allow-bypass is 0)
pkcs11_softtoken_extra.so.1`yf_aes256_cbc_encrypt
pkcs11_softtoken_extra.so.1`aes_block_process_contiguous_whole_blocks+0xb4
pkcs11_softtoken_extra.so.1`aes_crypt_contiguous_blocks+0x1cc
pkcs11_softtoken_extra.so.1`soft_aes_encrypt_common+0x22c
pkcs11_softtoken_extra.so.1`C_EncryptUpdate+0x10c
libpkcs11.so.1`meta_do_operation+0x1fc
libpkcs11.so.1`meta_EncryptUpdate+0x4c
libpkcs11.so.1`C_EncryptUpdate+0xcc
libnss3.so`PK11_CipherOp+0x1a0
libssl3.so`ssl3_CompressMACEncryptRecord+0x264
libssl3.so`ssl3_SendRecord+0x300
libssl3.so`ssl3_FlushHandshake+0x54
libssl3.so`ssl3_SendFinished+0x1fc
libssl3.so`ssl3_HandleFinished+0x314
libssl3.so`ssl3_HandleHandshakeMessage+0x4ac
libssl3.so`ssl3_HandleHandshake+0x11c
libssl3.so`ssl3_HandleRecord+0x5e8
libssl3.so`ssl3_GatherCompleteHandshake+0x5c
libssl3.so`ssl_GatherRecord1stHandshake+0x30
libssl3.so`ssl_Do1stHandshake+0xec
Shows that
libnss3.so is calling C_* functions of libpkcs11.so which is calling
functions of pkcs11_softtoken_extra.so
However when PKCS#11
bypass is disabled (allow-bypass is 1) this
stack isn't getting called.
14.
LIST OF ALL THE PROBES MATCHED BY D SCRIPT FOR REFERENCE
# ./t4crypto.d
-p 18225 -l
ID PROVIDER
MODULE FUNCTION NAME
...
55720 pid18225
libmd_psr.so.1 yf_md5_instruction_present entry
55721 pid18225
libmd_psr.so.1 yf_sha256_instruction_present entry
55722 pid18225
libmd_psr.so.1 yf_sha512_instruction_present entry
55723 pid18225
libmd_psr.so.1 yf_sha1_instruction_present entry
55724 pid18225
libmd_psr.so.1 yf_sha256 entry
55725 pid18225
libmd_psr.so.1 yf_sha256_multiblock entry
55726 pid18225
libmd_psr.so.1 yf_sha512 entry
55727 pid18225
libmd_psr.so.1 yf_sha512_multiblock entry
55728 pid18225
libmd_psr.so.1 yf_sha1 entry
55729 pid18225
libmd_psr.so.1 yf_sha1_multiblock entry
55730 pid18225
libmd_psr.so.1 yf_md5 entry
55731 pid18225
libmd_psr.so.1 yf_md5_multiblock entry
55732
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_instructions_present
entry
55733 pid18225
pkcs11_softtoken_extra.so.1 rijndael_key_setup_enc_yf entry
55734
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_expand128 entry
55735
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_encrypt128 entry
55736
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_decrypt128 entry
55737
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_expand192 entry
55738
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_encrypt192 entry
55739
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_decrypt192 entry
55740
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_expand256 entry
55741
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_encrypt256 entry
55742
pid18225 pkcs11_softtoken_extra.so.1 yf_aes_decrypt256 entry
55743
pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_load_keys_for_encrypt
entry
55744
pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_load_keys_for_encrypt
entry
55745
pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_load_keys_for_encrypt
entry
55746
pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_ecb_encrypt entry
55747
pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_ecb_encrypt entry
55748
pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_ecb_encrypt entry
55749
pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_cbc_encrypt entry
55750
pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_cbc_encrypt entry
55751
pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_cbc_encrypt entry
55752
pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_ctr_crypt entry
55753
pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_ctr_crypt entry
55754
pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_ctr_crypt entry
55755
pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_cfb128_encrypt entry
55756
pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_cfb128_encrypt entry
55757
pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_cfb128_encrypt entry
55758
pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_load_keys_for_decrypt
entry
55759
pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_load_keys_for_decrypt
entry
55760
pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_load_keys_for_decrypt
entry
55761
pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_ecb_decrypt entry
55762
pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_ecb_decrypt entry
55763
pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_ecb_decrypt entry
55764
pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_cbc_decrypt entry
55765
pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_cbc_decrypt entry
55766
pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_cbc_decrypt entry
55767
pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_cfb128_decrypt entry
55768
pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_cfb128_decrypt entry
55769
pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_cfb128_decrypt entry
55771 pid18225
pkcs11_softtoken_extra.so.1 yf_des_instructions_present entry
55772 pid18225
pkcs11_softtoken_extra.so.1 yf_des_expand entry
55773 pid18225
pkcs11_softtoken_extra.so.1 yf_des_encrypt entry
55774 pid18225
pkcs11_softtoken_extra.so.1 yf_mpmul_present entry
55775 pid18225
pkcs11_softtoken_extra.so.1 yf_montmul_present entry
55776 pid18225
pkcs11_softtoken_extra.so.1 mm_yf_montmul entry
55777 pid18225
pkcs11_softtoken_extra.so.1 mm_yf_montsqr entry
55778 pid18225
pkcs11_softtoken_extra.so.1 mm_yf_restore_func entry
55779 pid18225
pkcs11_softtoken_extra.so.1 mm_yf_ret_from_mont_func entry
55780 pid18225
pkcs11_softtoken_extra.so.1 mm_yf_execute_slp entry
55781 pid18225
pkcs11_softtoken_extra.so.1 big_modexp_ncp_yf entry
55782 pid18225
pkcs11_softtoken_extra.so.1 big_mont_mul_yf entry
55783 pid18225
pkcs11_softtoken_extra.so.1 mpmul_arr_yf entry
55784 pid18225
pkcs11_softtoken_extra.so.1 big_mp_mul_yf entry
55785 pid18225
pkcs11_softtoken_extra.so.1 mpm_yf_mpmul entry
55786 pid18225
libns-httpd40.so nsapi_rsa_set_priv_fn entry
...
55795 pid18225
libnss3.so prepare_rsa_priv_key_export_for_asn1 entry
55796 pid18225
libresolv.so.2 sunw_dst_rsaref_init entry
55797 pid18225
libnssutil3.so NSS_Get_SEC_UniversalStringTemplate entry
...
55813
pid18225 libsoftokn3.so prepare_low_rsa_priv_key_for_asn1 entry
55814
pid18225 libsoftokn3.so rsa_FormatOneBlock entry
55815
pid18225 libsoftokn3.so rsa_FormatBlock entry
55816
pid18225 libnssdbm3.so lg_prepare_low_rsa_priv_key_for_asn1 entry
55817
pid18225 libfreebl_32fpu_3.so rsa_build_from_primes entry
55818
pid18225 libfreebl_32fpu_3.so rsa_is_prime entry
55819
pid18225 libfreebl_32fpu_3.so rsa_get_primes_from_exponents entry
55820
pid18225 libfreebl_32fpu_3.so rsa_PrivateKeyOpNoCRT entry
55821
pid18225 libfreebl_32fpu_3.so rsa_PrivateKeyOpCRTNoCheck entry
55822
pid18225 libfreebl_32fpu_3.so rsa_PrivateKeyOpCRTCheckedPubKey entry
55823
pid18225 pkcs11_kernel.so.1 key_gen_rsa_by_value entry
55824
pid18225 pkcs11_kernel.so.1 get_rsa_private_key entry
55825
pid18225 pkcs11_kernel.so.1 get_rsa_public_key entry
55826
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_encrypt entry
55827
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_decrypt entry
55828
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_crypt_init_common entry
55829
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_encrypt_common entry
55830
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_decrypt_common entry
55831
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_sign_verify_init_common
entry
55832
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_sign_common entry
55833
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_verify_common entry
55834
pid18225 pkcs11_softtoken_extra.so.1 generate_rsa_key entry
55835
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_genkey_pair entry
55836
pid18225 pkcs11_softtoken_extra.so.1 get_rsa_sha1_prefix entry
55837
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_digest_sign_common
entry
55838
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_digest_verify_common
entry
55839
pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_verify_recover entry
55840
pid18225 pkcs11_softtoken_extra.so.1 rsa_pri_to_asn1 entry
55841
pid18225 pkcs11_softtoken_extra.so.1 asn1_to_rsa_pri entry
55842
pid18225 pkcs11_softtoken_extra.so.1 soft_encrypt_rsa_pkcs_encode
entry
55843
pid18225 pkcs11_softtoken_extra.so.1 soft_decrypt_rsa_pkcs_decode
entry
55844
pid18225 pkcs11_softtoken_extra.so.1 soft_sign_rsa_pkcs_encode entry
55845
pid18225 pkcs11_softtoken_extra.so.1 soft_verify_rsa_pkcs_decode
entry
55770 profile
tick-1sec