NUnit

Developer
Jun 28, 2012 at 8:11 AM

It looks like the current tests have a dependency on (non-free) Visual Studio professional libraries.

Has anyone looked at converting the tests to NUnit so the project can be built in SharpDevelop?

If not, would the ThalesSim project be happy to convert to NUnit if I provide a patch?

Many thanks,

Chris

Coordinator
Jun 28, 2012 at 9:27 AM

Originally ThalesSim used NUnit but I changed to the integrated VS unit testing for a more complete experience. I understand that this is an issue to devs that do not have a non-free VS license. You can remove this project from the project group and proceed without the test project, but I understand that this is not exactly ideal.

As I've posted a few weeks ago, development of ThalesSim is pretty much done and there will not be a next version. However, if you feel that not having NUnit testing is really a sticky point then I'd be willing to add another NUnit project to the project group if you can convert the test cases to NUnit (should be a rather straight forward process). I will not create a new release but I will post the NUnit project to the ThalesSim source and add a doc note for people that prefer to use NUnit for testing.

Let me know if that sounds acceptable.

Developer
Jun 28, 2012 at 9:40 AM

Hi Nick - that would be great.  Thank you.

I think there is still some interest in the project - would you be happy for me to fork it?

A really cheeky request now: would you be happy to convert the project to an Apache/BSD license.  The Apache license will give the project more options for the future.

Btw - great project Nick,  it's really helping me to understand the HSM.  We have HSM hardware at work, but it's not always so easy to get on them to have a play.

Coordinator
Jun 28, 2012 at 10:13 AM

There may be some interest in the project simply because (as you indicated) it's quite difficult to have an HSM handy at all times. That was my main motivation when I started this project. But regardless of the level of user interest, I believe that ThalesSim could go forward only if one or more of the active project members had extensive access to a new 9000 series HSM and also share that access with the other members. This is not currently the case and therefore it's increasingly difficult to understand how an unimplemented host command works in order to see how to best simulate it. Some commands are easy to understand and implement - for example, if you understand how the Visa PVV verification works then you can easily implement the CU command which both verifies an existing PVV and generates a new PVV. But things are not that easy if you want to implement, say, EI and GI if you haven't seen in action how such commands work.

I've obviously no problem with you forking the project. I think it would be great if you can add value for others by adding badly needed commands. I'm not sure about the licensing though...why would you want to move to a BSD license?

Developer
Jun 28, 2012 at 11:05 AM

Hi Nick, 

I don't think our security team will allow us to grant outside access to our HSM, however, my company is interested in implementing the EI and GI commands.  I'm hoping that we will be allowed to contribute them back.

The reason for the BSD license request is that the Simulator could be used for any purpose, even in commercial software.  For example, the ThalesSim could be the foundation of a SoftHSM.   At the moment, we would not even be able to reuse the TcpClient code in commercial software due to the GPL license.

Many thanks,

Chris

Coordinator
Jun 28, 2012 at 11:37 AM

I see your point. Not surprisingly, this has been discussed before and I've put a lot of thought into it. I feel that ThalesSim should not go down that road for two important reasons.

  1. I feel that Thales (and other HSM vendors) are providing solid security infrastructure. It is not possible to reach the security afforded by a h/w HSM using a s/w HSM. Not by a long shot. Using Thales HSMs provided me with a totally new perspective and I'm not at all comfortable with the notion that a s/w based HSM is "good enough" for some tasks. If all you really need is s/w based security, use the Windows Crypto API or an equivalent. I have been asked to implement a s/w based HSM as contract work a couple of times in the past. When I started explaining the security implications of s/w based key management, it became very clear that the prospects didn't really want to compromise their security but they just wanted something cheaper than a Thales HSM. There are other h/w devices on the market except Thales for that reason. Key management and security isn't the place to make compromises.
  2. The implementation methodology of ThalesSim does not adhere to clean room design principles and I feel that it's not safe to derive commercial software from it.

A SoftHSM is really the only thing that one would want to pursue by changing the license model. I'm just an average programmer and I feel that the rest of the code (like TcpClient) isn't something that another programmer would be hard-pressed to write from scratch, quite the contrary.

My initial attitude towards not changing the license isn't final. I'm open to discuss these points and be convinced otherwise.

Developer
Jun 28, 2012 at 12:23 PM

Hi Nick

A softHSM could have it's uses, for example bundled with commercial demo software.  The demo wouldn't be for production use.

What do you see as the advantage with the GPL license?

Many thanks,

Chris

Coordinator
Jun 28, 2012 at 12:28 PM

I understand. In that case, it's just as easy to bundle ThaleSim. The GPL doesn't forbid the use of an unlinked deliverable of an open source project by commercial software.

In the case of ThalesSim, I think that the sole purpose of the GPL license is that it requires that changes must be released under the same license.

Developer
Jun 28, 2012 at 12:49 PM

... anyway, back to the 9000 stuff.  I've an idea - it's a long shot:

If an integration test suite was put together for a command such as EI, it *may* be possible that we can run the tests against our 9000, and give the request and response data back to the ThalesSim team?

Btw Nick, where are you based - countrywise?

Coordinator
Jun 28, 2012 at 2:34 PM
Edited Jun 28, 2012 at 2:36 PM

On paper, this might work. It all depends on the chunks of the testing to be done. But in practice things are quite difficult. For one thing, imagine implementing the EI command this way. I'd create an EI request and give it to you to get back the EJ response. I'll get 15 because it would be an invalid request. After a couple of tries I'll get it right and eventually I'll get a secret key...but encrypted under LMK pair 34-35. At that point, I'd need to either (1) know the clear LMK values or (2) have a way to export the key in order to see the real key value because (a) I'll need to use the real key value in the simulator code and (b) I'll have to determine how a secret key is formatted under the LMK. Any organization that restricts access to HSM devices will definitely not allow (1) and may have a problem to do (2).

All these interactions can be done remotely over email but it's clear that they will take a disproportionately amount of time. An hour of unrestricted access can easily turn out to be a week's worth of email exchanges. That is the reason you see me very hesitant to work with this scheme. Another project user was once kind enough to expose an RG7000 to the internet and that access was quickly used to fix a bug in an implemented command. Sadly that RG7000 was an old model with older firmware and that situation didn't last. I even inquired about the possibility of purchasing a decommissioned HSM but quickly discovered that organizations typically have to implement destruction protocols and cannot sell or even give away their old HSMs. Regardless, I thank you for your gracious offer.

I'm based at Athens, Greece (GMT +2/+3).

Developer
Jul 7, 2012 at 6:32 PM

Hi Nick,

Is there a howto / list of steps for developing Thales commands?  

Many thanks,

Chris

Coordinator
Jul 7, 2012 at 10:31 PM

Not currently, no. My oversight. I'll write up a quick wiki article and post the link back to this discussion.

Coordinator
Jul 7, 2012 at 11:53 PM

Posted. Hope it's helpful.

Developer
Jul 8, 2012 at 11:45 AM

Hi Nick - the documentation is great.  Thank you!!!

Do you have similar notes on the process you follow for reverse engineering commands on a physical Thales device? 

Sorry that I'm being so demanding!

Many thanks,

Chris

Coordinator
Jul 8, 2012 at 9:12 PM

Not really Chris. I wouldn't say that there's such a thing as a "process". Once you understand the HSM somewhat its documentation will guide you at least to a degree, but it's still a pretty esoteric device.