Sample: wrap-comp:

Description: This sample demonstrates how to implement an extension to Cryptoki. In this sample a new C_WrapKey mechanism is defined.

wrap-comp has code samples for the following functionality:

>Registering a message handler

>Parsing request messages and switching between different commands codes

>Using the internal Cryptoki implementation to get services from the Luna Core.

>Generating Debug trace messages

>Constructing and returning a response message

The FM implements one command:

WC_CMD_GET_RSA_COMP:

Description:

Extracts a specific attribute from a RSA Private key, wrap it with a symmetric key and return the cryptogramme. The schematics of this function are the same as the Cryptoki C_WrapKey command.

Input:

Slot_num, hRSAObj, hDESObj, attribute_type

Output:

status, encrypted Component

Process:

Call C_OpenSession(slot_num)
Verify that hRSAObj is valid handle to a RSA Private key object with CKA_EXTRACTABLE=1
Verify hDESObj is valid handle to a CKK_DES3 with CKA_WRAP=1
CT_SetPrivilegeLevel(1)
Read selected attribute from hRSAPri object
Use hDESKey to CBC encrypt the component
CT_SetPrivilegeLevel(0)
Return status, encrypted component

wrap-comp Test Application

wrapcomptest [-sSlot] [-p<pin>]

-p<pin>	Specify CKU_USER pin of slot (used for batch mode).
-s#	Use slot # - (default 1) e.g. -s3

Description

The wrapcomptest application is used to exercise the wrapcomp sample FM.

The application logs into the HSM and generates a temporary RSA key pair. It then uses the FM to wrap and (partially display) each component.

The FM uses Cryptoki operations and requires a slot number.

To access the slot number and determine if the HSM supports FMs:

1.Launch lunacm and execute the command slot list

slot list

2.Record the slot number for the device.

3.Exit lunacm.

4.For Luna PCIe HSM 7, use ctfm q command to list available FM-capable HSMs.

For Luna Network HSM 7, use hsm fm status command.