I have developed a worker service in C# Core that signs files using a certificate stored in a USB token with PKCS11Interop. The service creates two Tasks, each intended to sign files with a different USB token.
One Task is supposed to sign using one usb token, while the other Task signs using another usb token. However, I encounter the CKR_FUNCTION_NOT_PARALLEL error when running these Tasks simultaneously.
(C# Core 6.0 , Pkcs11Interop 5.1.2)
Can anyone help me understand why this error occurs and how to resolve it?
Here is what I did exactly: I have two USB tokens. Both are used with the same PKCS#11 library.
pkcs11Library = factory.Pkcs11LibraryFactory.LoadPkcs11Library(factory, libraryPath, AppType.SingleThreaded);
var slots = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent);
//slots.length >> 2
After that, I assign slot[0] to one Task and slot[1] to another Task. Both tasks attempt to sign in and sign. As a result, I get the CKR_FUNCTION_NOT_PARALLEL error.
However, if I perform the same process with two slots using different PKCS#11 libraries:
pkcs11Library1 = factory.Pkcs11LibraryFactory.LoadPkcs11Library(factory, libraryPath1, AppType.SingleThreaded);
var slot1 = pkcs11Library1.GetSlotList(SlotsType.WithTokenPresent)[0];
pkcs11Library2 = factory.Pkcs11LibraryFactory.LoadPkcs11Library(factory, libraryPath2, AppType.SingleThreaded);
var slot2 = pkcs11Library2.GetSlotList(SlotsType.WithTokenPresent)[0];
When I assign Slot1 and Slot2 to Tasks, it works without any problems.
I ensured that each Task starts with a separate PKCS11 library instance and a separate session.
If you're loading exactly the same PKCS#11 library in both Tasks then they need to share a single PKCS11 library instance.
PKCS#11 defines an application as a single process with single address space and one or multiple threads of control running in it. From application perspective, PKCS#11 library initialization and finalization are global events.