search

aws-samples / aws-cloudhsm-pkcs11-examples

Sample applications demonstrating how to use the CloudHSM PKCS#11 library
Other
55 stars 39 forks source link

Add login_state and session_keys examples to show how p11 session state works #64

Closed TheEmpty closed 1 year ago

TheEmpty commented 1 year ago

Issue #, if available:

Description of changes:

Small fix for aes_cbc on Windows. Formatted via clang-format -i src/session/*.c

Tested on Windows and Linux

login_state:

Got the first slot which corresponds to your CloudHSM cluster, slot id = 2305843009213693953
Opening three sessions on the first slot.
Opened session1 on slot 2305843009213693953
Opened session2 on slot 2305843009213693953
Opened session3 on slot 2305843009213693953

Slot state: Connected to cluster: Not logged in
  * session1: Connected to cluster: Not logged in
  * session2: Connected to cluster: Not logged in
  * session3: Connected to cluster: Not logged in

Calling C_Login(session1, CU, pin, pin_length) on session 1 to authenticate the slot.
Successfully logged in to the slot via session1.
All sessions on the slot should now be authenticated with the single C_Login call,

Slot state: Connected to cluster: Authenticated
  * session1: Connected to cluster: Authenticated
  * session2: Connected to cluster: Authenticated
  * session3: Connected to cluster: Authenticated

Calling C_Login(session2, CU, pin, pin_length) on session 2 to authenticate the slot.
Expected: Failed to log in on session2 because the slot is already logged in.

Slot state: Connected to cluster: Authenticated
  * session1: Connected to cluster: Authenticated
  * session2: Connected to cluster: Authenticated
  * session3: Connected to cluster: Authenticated

Closing session1 via C_CloseSession(session1).
Even with session1 closed, we still expect session2 and session3 to be logged into the slot.

Slot state: Connected to cluster: Authenticated
  * session1: Disconnected from cluster
  * session2: Connected to cluster: Authenticated
  * session3: Connected to cluster: Authenticated

Calling C_Logout(session2) to log out of the slot.
Now we expect all open sessions on the slot to be logged out.

Slot state: Connected to cluster: Not logged in
  * session1: Disconnected from cluster
  * session2: Connected to cluster: Not logged in
  * session3: Connected to cluster: Not logged in

session_keys:

session1: Logging in to slot via session1.
session1: Creating a session EC key pair that will share the lifetime of session1.
session1: EC key pair's public key handle id: 4611686018427387905
session1: EC key pair's private key handle id: 4611686018427387906

session2: Signing 'hello world' with session1's private on session2: using key handle id: 4611686018427387906
session2: Successfully signed 'hello world'.

session3: Verify signature on session3 with session1's public key handle id: 4611686018427387905
session3: successfully verified.

session1: Closing session1.
session1: now that session1 is closed, the session key is now destroyed.

session2: Trying to sign 'hello world' with session1's private key handle id: 4611686018427387906
session2: Failed to sign with session 1's session key because the key handle was invalid after session 1 was closed.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.