Audit Log Categories and HSM Events
This section provides a summary of the audit log categories and their associated HSM events.
HSM Access
HSM Event | Description |
---|---|
LUNA_LOGIN |
C_Login. This event must be allowed to proceed even if the result should be logged but cannot (for example, due to a log full condition). |
LUNA_LOGOUT |
C_Logout. This event must be allowed to proceed even if the result should be logged but cannot (for example, due to a log full condition). |
LUNA_MODIFY_OBJECT | C_SetAttributeValue |
LUNA_OPEN_SESSION |
C_OpenSession. This event must be allowed to proceed even if the result should be logged but cannot (for example, due to a log full condition). |
LUNA_CLOSE_ALL_SESSIONS | C_CloseAllSessions |
LUNA_CLOSE_SESSION |
C_CloseSession This event must be allowed to proceed even if the result should be logged but cannot (for example, due to a log full condition). |
LUNA_OPEN_ACCESS | CA_OpenApplicationID |
LUNA_CLEAN_ACCESS | CA_Restart, CA_RestartForContainer |
LUNA_CLOSE_ACCESS | CA_CloseApplicationID |
LUNA_LOAD_CUSTOM_MODULE | CA_LoadModule |
LUNA_LOAD_ENCRYPTED_CUSTOM_MODULE | CA_LoadEncryptedModule |
LUNA_UNLOAD_CUSTOM_MODULE | CA_UnloadModule |
LUNA_EXECUTE_CUSTOM_COMMAND | CA_PerformModuleCall |
LUNA_HA_LOGIN | CA_HAGetLoginChallenge, CA_HAAnswerLoginChallenge, CA_HALogin, CA_HAAnswerMofNChallenge, HAActivateMofN |
Log External
HSM Event | Description |
---|---|
LUNA_LOG_EXTERNAL | CA_LogExternal |
HSM Management
HSM Event | Description |
---|---|
LUNA_ZEROIZE |
CA_FactoryReset This event is logged unconditionally. |
LUNA_INIT_TOKEN |
C_InitToken This event is logged unconditionally. |
LUNA_SET_PIN | C_SetPIN |
LUNA_INIT_PIN | C_InitPIN |
LUNA_CREATE_CONTAINER | CA_CreateContainer |
LUNA_DELETE_CONTAINER | CA_DeleteContainer, CA_DeleteContainerWithHandle |
LUNA_SEED_RANDOM | C_SeedRandom |
LUNA_EXTRACT_CONTEXTS | C_GetOperationState |
LUNA_INSERT_CONTEXTS | C_SetOperationState |
LUNA_SELF_TEST | C_PerformSelfTest |
LUNA_LOAD_CERT | CA_SetTokenCertificateSignature |
LUNA_HA_INIT | CA_HAInit |
LUNA_SET_HSM_POLICY | CA_SetHSMPolicy |
LUNA_SET_DESTRUCTIVE_HSM_POLICY | CA_SetDestructiveHSMPolicy |
LUNA_SET_CONTAINER_POLICY | CA_SetContainerPolicy |
LUNA_SET_CAPABILITY | Internal, for capability update |
LUNA_CREATE_LOGIN_CHALLENGE | CA_CreateLoginChallenge |
LUNA_REQUEST_CHALLENGE | CA_SIMInsert, CA_SIMMultiSign |
LUNA_PED_INIT_RPV | CA_InitializeRemotePEDVector |
LUNA_PED_DELETE_RPV | CA_DeleteRemotePEDVector |
LUNA_MTK_LOCK | Internal, for manufacturing |
LUNA_MTK_UNLOCK_CHALLENGE | Internal, for manufacturing |
LUNA_MTK_UNLOCK_RESPONSE | Internal, for manufacturing |
LUNA_MTK_RESTORE | CA_MTKRestore |
LUNA_MTK_RESPLIT | CA_MTKResplit |
LUNA_MTK_ZEROIZE | CA_MTKZeroize |
LUNA_FW_UPGRADE_INIT | CA_FirmwareUpdate |
LUNA_FW_UPGRADE_UPDATE | CA_FirmwareUpdate |
LUNA_FW_UPGRADE_FINAL | CA_FirmwareUpdate |
LUNA_FW_ROLLBACK | CA_FirmwareRollback |
LUNA_MTK_SET_STORAGE | CA_MTKSetStorage |
LUNA_SET_CONTAINER_SIZE | CA_SetContainerSize |
Key Management
HSM Event | Description |
---|---|
LUNA_CREATE_OBJECT | C_CreateObject |
LUNA_COPY_OBJECT | C_CopyObject |
LUNA_DESTROY_OBJECT | C_DestroyObject |
LUNA_DESTROY_MULTIPLE_OBJECTS | CA_DestroyMultipleObjects |
LUNA_GENERATE_KEY | C_GenerateKey |
LUNA_GENERATE_KEY_PAIR | C_GenerateKeyPair |
LUNA_WRAP_KEY | C_WrapKey |
LUNA_UNWRAP_KEY | C_UnwrapKey |
LUNA_DERIVE_KEY | C_DeriveKey |
LUNA_GET_RANDOM | C_GenerateRandom |
LUNA_CLONE_AS_SOURCE, LUNA_REPLICATE_AS_SOURCE | CA_CloneAsSource |
LUNA_CLONE_AS_TARGET_INIT, LUNA_REPLICATE_AS_TARGET_INIT | CA_CloneAsTargetInit |
LUNA_CLONE_AS_TARGET, LUNA_REPLICATE_AS_TARGET | CA_CloneAsTarget |
LUNA_GEN_TKN_KEYS | CA_GenerateTokenKeys |
LUNA_GEN_KCV | CA_ManualKCV, C_InitPIN, C_InitToken, CA_InitAudit |
LUNA_SET_LKCV | CA_SetLKCV |
LUNA_M_OF_N_GENERATE | CA_GenerateMofN_Common, CA_GenerateMofN |
LUNA_M_OF_N_ACTIVATE | CA_ActivateMofN |
LUNA_M_OF_N_MODIFY | CA_ActivateMofN |
LUNA_EXTRACT | CA_Extract |
LUNA_INSERT | CA_Insert |
LUNA_LKM_COMMAND | CA_LKMInitiatorChallenge, CA_LKMReceiverResponse, CA_LKMInitiatorComplete, CA_LKMReceiverComplete. |
LUNA_MODIFY_USAGE_COUNT | CA_ModifyUsageCount |
Key Usage and Key First Usage
HSM Event | Description |
---|---|
LUNA_ENCRYPT_INIT | C_EncryptInit |
LUNA_ENCRYPT | C_Encrypt |
LUNA_ENCRYPT_END | C_EncryptFinal |
LUNA_DECRYPT_INIT | C_DecryptInit |
LUNA_DECRYPT | C_Decrypt |
LUNA_DECRYPT_END | C_DecryptFinal |
LUNA_DIGEST_INIT | C_DigestInit |
LUNA_DIGEST | C_Digest |
LUNA_DIGEST_KEY | C_DigestKey |
LUNA_DIGEST_END | C_DigestFinal |
LUNA_SIGN_INIT | C_SignInit |
LUNA_SIGN | C_Sign |
LUNA_SIGN_END | C_SignFinal |
LUNA_VERIFY_INIT | C_VerifyInit |
LUNA_VERIFY | C_Verify |
LUNA_VERIFY_END | C_VerifyFinal |
LUNA_SIGN_SINGLEPART | C_Sign |
LUNA_VERIFY_SINGLEPART | C_Verify |
LUNA_WRAP_CSP | CA_CloneMofN_Common |
LUNA_M_OF_N_DUPLICATE | CA_DuplicateMofN |
LUNA_ENCRYPT_SINGLEPART | C_Encrypt |
LUNA_DECRYPT_SINGLEPART | C_Decrypt |
Audit Log Management
HSM Event | Description |
---|---|
LUNA_LOG_SET_TIME | CA_TimeSync |
LUNA_LOG_GET_TIME | CA_GetTime |
LUNA_LOG_SET_CONFIG |
CA_LogSetConfig This event must be allowed to proceed even if the result should be logged but cannot (for example, due to a log full condition). |
LUNA_LOG_GET_CONFIG |
CA_LogGetConfig This event must be allowed to proceed even if the result should be logged but cannot (for example, due to a log full condition). |
LUNA_LOG_VERIFY | CA_LogVerify |
LUNA_CREATE_AUDIT_CONTAINER ** |
CA_ InitAudit The event is logged unconditionally. |
LUNA_LOG_IMPORT_SECRET | CA_LogImportSecret |
LUNA_LOG_EXPORT_SECRET | CA_LogExportSecret |