Skip to content

Instantly share code, notes, and snippets.

@jvehent

jvehent/test duplicate key on hsm.md

Created January 14, 2019 14:11
Show Gist options
  • Save jvehent/c84ee197679512508b4aed1fe74dd9af to your computer and use it in GitHub Desktop.
Save jvehent/c84ee197679512508b4aed1fe74dd9af to your computer and use it in GitHub Desktop.
Download ZIP
Raw
test duplicate key on hsm.md

SoftHSM

$ go run testdupkeys.go
2019/01/14 09:07:36 starting routine 2
2019/01/14 09:07:36 starting routine 0
2019/01/14 09:07:36 starting routine 1
2019/01/14 09:08:00 routine 0 made ECDSA Key named "testdup1547474856": &{PKCS11PrivateKey:{PKCS11Object:{Handle:8 Slot:1623786617} PubKey:0xc000106600}} &{P:+39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 N:+39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 B:+27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 Gx:+26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 Gy:+8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 BitSize:384 Name:P-384}
2019/01/14 09:08:00 routine 2 made ECDSA Key named "testdup1547474856": &{PKCS11PrivateKey:{PKCS11Object:{Handle:9 Slot:1623786617} PubKey:0xc000106680}} &{P:+39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 N:+39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 B:+27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 Gx:+26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 Gy:+8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 BitSize:384 Name:P-384}
2019/01/14 09:08:00 routine 1 made ECDSA Key named "testdup1547474856": &{PKCS11PrivateKey:{PKCS11Object:{Handle:10 Slot:1623786617} PubKey:0xc000106920}} &{P:+39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 N:+39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 B:+27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 Gx:+26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 Gy:+8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 BitSize:384 Name:P-384}
2019/01/14 09:08:00 main thread made ECDSA Key named '\x02': testdup1547474856 &{PKCS11PrivateKey:{PKCS11Object:{Handle:13 Slot:1623786617} PubKey:0xc0001070a0}}%!(EXTRA *elliptic.CurveParams=&{39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 384 P-384})

CloudHSM

$ ./testdupkeys
        SDK Version: 2.03
2019/01/14 14:09:19 starting routine 2
2019/01/14 14:09:19 starting routine 0
2019/01/14 14:09:19 starting routine 1

C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013

C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013
2019/01/14 14:10:00 failed to make key testdup1547474959 in routine 0: pkcs11: 0x13: CKR_ATTRIBUTE_VALUE_INVALID

C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013

C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013
2019/01/14 14:10:00 failed to make key testdup1547474959 in routine 2: pkcs11: 0x13: CKR_ATTRIBUTE_VALUE_INVALID
2019/01/14 14:10:00 routine 1 made ECDSA Key named "testdup1547474959": &{PKCS11PrivateKey:{PKCS11Object:{Handle:524347 Slot:1} PubKey:0xc00000d9e0}} &{P:+39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 N:+39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 B:+27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 Gx:+26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 Gy:+8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 BitSize:384 Name:P-384}

C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013

C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013
2019/01/14 14:10:00 failed to make key testdup1547474959 in main thread: 2%!(EXTRA pkcs11.Error=pkcs11: 0x13: CKR_ATTRIBUTE_VALUE_INVALID)

Source

// This code requires a configuration file to initialize the crypto11
// library. Use the following config in a file named crypto11.config:
//      {
//      "Path" : "/opt/cloudhsm/lib/libcloudhsm_pkcs11.so",
//      "TokenLabel": "cavium",
//      "Pin" : "$CRYPTO_USER:$PASSWORD"
//      }
package main

import (
        "crypto/ecdsa"
        "crypto/elliptic"
        "fmt"
        "log"
        "sync"
        "time"

        "github.com/ThalesIgnite/crypto11"
)

var wg sync.WaitGroup

func main() {
        p11Ctx, err := crypto11.ConfigureFromFile("crypto11.config")
        if err != nil {
                log.Fatal(err)
        }
        slots, err := p11Ctx.GetSlotList(true)
        if err != nil {
                log.Fatalf("Failed to list PKCS#11 Slots: %s", err.Error())
        }
        if len(slots) < 1 {
                log.Fatal("No slot found")
        }

        // try to make 3 keys with the same label at the same time
        wg.Add(3)
        keyName := fmt.Sprintf("testdup%d", time.Now().Unix())
        i := 0
        go waitAndMakeKey(slots, i, keyName)
        i++
        go waitAndMakeKey(slots, i, keyName)
        i++
        go waitAndMakeKey(slots, i, keyName)

        wg.Wait()

        // now try to make a key with the same label after the routine are done
        ecdsakey, err := crypto11.GenerateECDSAKeyPairOnSlot(slots[0], []byte(keyName), []byte(keyName), elliptic.P384())
        if err != nil {
                log.Printf("failed to make key %s in main thread: %v", keyName, i, err)
        } else {
                log.Printf("main thread made ECDSA Key named %q: %+v %+v", i, keyName, ecdsakey, ecdsakey.Public().(*ecdsa.PublicKey).Params())
        }
}

func waitAndMakeKey(slots []uint, i int, keyName string) {
        defer wg.Done()
        log.Printf("starting routine %d", i)
        nextTime := time.Now().Truncate(time.Minute)
        nextTime = nextTime.Add(time.Minute)
        time.Sleep(time.Until(nextTime))
        ecdsakey, err := crypto11.GenerateECDSAKeyPairOnSlot(slots[0], []byte(keyName), []byte(keyName), elliptic.P384())
        if err != nil {
                log.Printf("failed to make key %s in routine %d: %v", keyName, i, err)
        } else {
                log.Printf("routine %d made ECDSA Key named %q: %+v %+v", i, keyName, ecdsakey, ecdsakey.Public().(*ecdsa.PublicKey).Params())
        }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment