BP-Tools: HSM Commander

 

BP-Tools icon

Introduction

The BP-Tools set consist of applications supporting payment transaction service development, testing and benchmarking. It currently consists of following components: Cryptographic Calculator, EMV Tool, HSM Commander and P3 Card Edit Tool.

EFTlab distributes BP-Tools under Creative Commons Legal Code Attribution-NoDerivs 3.0 Unported and completely free. This package comes with a full support and monthly releases instantly bringing new features.

This tutorial focuses on HSM Commander's functionality for Thales & SafeNet devices.

HSM Commander (BP-HCmd)

BP-HCMD and provides tools to any development related Thales & SafeNet HSM devices and contains following features: Command console and Load tester.

Command console

Command console is a tool for testing HSM responsiveness by sending various HSM commands and parsing the response. In current version it supports two main HSM providers on the market (Thales and SafeNet).

  • Thales HSM supports range of commands of the RG8XXX with compatibility overlap to RG9XXX.
  • SafeNet supports range of commands of the SafeNet Luna Mk. II.

Output for Thales RG8XXX 'A0' – Generate a key command:

[2014-09-08 11:20:34 AM] Command 'A0' sent to HSM.
 
[2014-09-08 11:20:34 AM] Response received from HSM.
[None an 008 M] : 'Message Header' = [00000000]
[None an 002 M] : 'Response Code' = [A1]
[None an 002 M] : 'Error Code' = [00]
[16H/1A+32H/1A+48H M] : 'Key under LMK' = [UE4709A3EC6EAA50CD383C5DC10E50A85]
[16H/1A+32H/1A+48H M] : 'Key under ZMK' = [U1BC846294725464467F3710419312DE6]
[VAR:..0x19 Hex 016 M] : 'Key Check Value' = [014C20]

As the list of supported commands still grows see the actual state in our knowledge base page Thales HSM command support

Load tester

Through the EFTlab's track of experience we discovered a need to measure HSM's performance for a local and remote service. Use case for its development what to benchmark the secondary HSM dedicated to the DR processing and located in a geographically separated DR server room, in case of primary HSM not being available. This case focused on the network bandwidth and resulting HSM latency.

HSM Load Tester measures Cryptographic performance by stream of following commands:

  • "GW" (Generate/Verify a MAC using a Triple-DES DUKPT MAC Key) for Thales RG8XXX simulation,
  • "00" for the SafeNet Luna Mk. II simulation;

to the HSM in several parallel threads. Result from this test gives a good overview on HSM performance from all aspects.

Output from benchmarking operation should read like this:

[2014-09-08 10:35:38 AM] Test finished.
--------------------------------------------------------------------------------
Response timed out:          1
Test duration [s]:           10
Average processing [trx/s]:  59.400002
DES ciphers done:            19569
DES ciphers average [DES/s]: 1841.599976
Data streams:                1
--------------------------------------------------------------------------------
Successful:                  593
Failed:                      1
--------------------------------------------------------------------------------
Total:                       594
--------------------------------------------------------------------------------

Summary

 

In this article, we went through the functionality of HSM Commander.

HSM Commander and other tools covered in BP-Tools suite were designed to help and assist payment industry people in their day to day tasks and make their work the most effective. Our team would be grateful if you would suggest any improvements to our applications or report completely new functionality needed. Feedback from our users like this is exactly what drives the development of its and helps us to share our experience to wide public.

BP-Tools

BP-Tools is a set of freeware applications for EFT testing, benchmarking and transaction service development.

See more...

Download...

Download Flyer...

BP-Sim

The Babylon Payments Simulator (BP-Sim) is a family of highly efficient regression and stress testing tools, designed for deployment in development and pre-production environments. BP-Sim allows users to perform an extensive range of tests across the chain of payment services.

See more...

Download Flyer...

BP-Processing

The Babylon Payments Processing Suite(BP-Processing) is a suite of EFTlab's products for realtime payment transaction processing and authorisation.

See more...