/// <summary>
/// Creates a Cryptoki signature object with the specified session context, algorithm and key.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The signature algorithm and parameters.</param>
/// <param name="key">The key used to sign the input data.</param>
public CryptokiSign(Session session, Mechanism mechanism, CryptoKey key) :
base(session, false)
{
m_signatureLength = (key.Size + 7) / 8;
m_mech = mechanism;
m_key = key;
}
/// <summary>
/// Initializes a new instance of the HashAlgorithm class.
/// </summary>
/// <param name="serviceProvider">The name of the service provider which implements the hash algorithm</param>
/// <param name="mechanism">The hash algorithm type</param>
public HashAlgorithm(HashAlgorithmType hashAlgorithm, string serviceProvider = "")
: base(new Session(serviceProvider, (MechanismType)hashAlgorithm), true)
{
m_mechanism = new Mechanism((MechanismType)hashAlgorithm);
m_hashSize = -1;
Initialize();
}
/// <summary>
/// Initializes a new instance of the HashAlgorithm class.
/// </summary>
/// <param name="session">The Cryptoki session context the hash algorithm will execute in.</param>
/// <param name="mechanism">The hash algorithm type</param>
public HashAlgorithm(HashAlgorithmType hashAlgorithm, Session session)
: base(session, false)
{
m_mechanism = new Mechanism((MechanismType)hashAlgorithm);
m_hashSize = -1;
Initialize();
}
/// <summary>
/// Creates the Cryptoki digest object with specified crypto provider, digest algorithm, and hash size.
/// </summary>
/// <param name="providerName">The crypto provider which will perform the digest operations.</param>
/// <param name="mechanism">The digest algorithm and paramters.</param>
/// <param name="hashSize">The size of the resulting hash value, in bits.</param>
public CryptokiDigest(string providerName, Mechanism mechanism, int hashSize)
: base(new Session(providerName, mechanism.Type), true)
{
m_hashSize = (hashSize + 7) / 8;
if (m_hashSize == 0) throw new ArgumentException();
m_mechanism = mechanism;
}
/// <summary>
/// Creates the Cryptoki digest object with specified session context, digest algorithm, and hash size.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The digest algorithm and paramters.</param>
/// <param name="hashSize">The size of the resulting hash value, in bits.</param>
public CryptokiDigest(Session session, Mechanism mechanism, int hashSize)
: base(session, false)
{
m_hashSize = (hashSize + 7) / 8;
if (m_hashSize == 0) throw new ArgumentException();
m_mechanism = mechanism;
}
/// <summary>
/// Creates the encryptor object with the specified session context, decryption algorithm, key, and input/output block sizes
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The encryption algorithm and paramters.</param>
/// <param name="key">The key that will be used to perform the encryption.</param>
/// <param name="inputBlockSize">The input block size, in bits.</param>
/// <param name="outputBlockSize">The output block size, in bits.</param>
public Encryptor(Session session, Mechanism mechanism, CryptoKey key, int inputBlockSize, int outputBlockSize) :
base(session, false)
{
m_inputBlockSize = (inputBlockSize + 7) / 8;
m_outputBlockSize = (outputBlockSize+ 7) / 8;
m_mech = mechanism;
m_key = key;
}
/// <summary>
/// Creates the decryptor object with the specified session context, decryption algorithm, key, and input/output block sizes
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The decryption algorithm and paramters.</param>
/// <param name="key">The key that will be used to perform the decryption.</param>
/// <param name="inputBlockSize">The input block size, in bits.</param>
/// <param name="outputBlockSize">The output block size, in bits.</param>
public Decryptor(Session session, Mechanism mechanism, CryptoKey key, int inputBlockSize, int outputBlockSize) :
base(session, false)
{
m_inputBlockSize = (inputBlockSize + 7) / 8;
m_outputBlockSize = (outputBlockSize + 7) / 8;
m_mech = mechanism;
m_key = key;
}
/// <summary>
/// Creates the Cryptoki digest object with specified session context, digest algorithm, and hash size.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The digest algorithm and paramters.</param>
/// <param name="hashSize">The size of the resulting hash value, in bits.</param>
public CryptokiDigest(Session session, Mechanism mechanism, int hashSize)
: base(session, false)
{
m_hashSize = (hashSize + 7) / 8;
if (m_hashSize == 0)
{
throw new ArgumentException();
}
m_mechanism = mechanism;
}
/// <summary>
/// Creates the Cryptoki digest object with specified crypto provider, digest algorithm, and hash size.
/// </summary>
/// <param name="providerName">The crypto provider which will perform the digest operations.</param>
/// <param name="mechanism">The digest algorithm and paramters.</param>
/// <param name="hashSize">The size of the resulting hash value, in bits.</param>
public CryptokiDigest(string providerName, Mechanism mechanism, int hashSize)
: base(new Session(providerName, mechanism.Type), true)
{
m_hashSize = (hashSize + 7) / 8;
if (m_hashSize == 0)
{
throw new ArgumentException();
}
m_mechanism = mechanism;
}
private void Init(CryptoKey key, int keySize)
{
LegalKeySizesValue = s_legalKeySizes;
m_signMech = new Mechanism(MechanismType.ECDSA);
HashAlgorithm = MechanismType.SHA256;
if (key == null)
{
KeySize = keySize;
}
else
{
if (key.Type != CryptoKey.KeyType.EC)
{
throw new ArgumentException();
}
KeyPair = key;
}
}
public CryptokiDecryptDigest(Session session, Mechanism digestMechanism, Mechanism cryptoMechanism, CryptoKeyHandle cryptoKey) :
base(session, true)
{
//m_decryptor = new Decryptor(m_session, cryptoMechanism, cryptoKey);
//m_digest = new CryptokiDigest(m_session, digestMechanism);
}
private extern void EncryptInit(Session session, Mechanism mechanism, CryptoKey key);
private extern void SignInit(Session session, Mechanism mechanism, CryptoKey key);
/// <summary>
/// Creates the signature verification object with specified the session context, signature algorithm and key.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The signature algorithm.</param>
/// <param name="key">The key used to verify the signature value.</param>
public CryptokiVerify(Session session, Mechanism mechanism, CryptoKey key) :
base(session, false)
{
m_mech = mechanism;
m_key = key;
}
public CryptokiDecryptVerify(Session session, Mechanism cryptoMechanism, CryptoKeyHandle cryptoKey, Mechanism signMechanism, CryptoKeyHandle signKey) :
base(session, true)
{
//m_decryptor = new Decryptor(m_session, cryptoMechanism, cryptoKey);
//m_verify = new CryptokiVerify(m_session, signMechanism, signKey);
}
public MFTestResults HmacTest_Compare()
{
bool testResult = false;
if (!m_isEmulator) return MFTestResults.Skip;
try
{
CryptokiAttribute[] secretKey = new CryptokiAttribute[]
{
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Class , new byte[] { 4, 0, 0, 0}),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.KeyType, new byte[] { 0x10, 0, 0, 0}),
new CryptokiAttribute(CryptokiAttribute.CryptokiType.Value , new byte[20])
};
Mechanism mech = new Mechanism(MechanismType.SHA_1_HMAC);
using (Session openSession = new Session("", mech.Type))
{
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(openSession))
{
rng.GetBytes(secretKey[2].Value);
}
using (CryptoKey keyOpen = CryptoKey.LoadKey(openSession, secretKey))
{
string dataToSign = "This is a simple message to be encrypted";
byte[] data = System.Text.UTF8Encoding.UTF8.GetBytes(dataToSign);
using (KeyedHashAlgorithm hmacOpenSSL = new KeyedHashAlgorithm(KeyedHashAlgorithmType.HMACSHA1, keyOpen))
{
byte[] hmac1 = hmacOpenSSL.ComputeHash(data);
using (Session emuSession = new Session("Emulator_Crypto", mech.Type))
{
using (CryptoKey keyEmu = CryptoKey.LoadKey(emuSession, secretKey))
{
using (KeyedHashAlgorithm hmacEmu = new KeyedHashAlgorithm(KeyedHashAlgorithmType.HMACSHA1, keyEmu))
{
byte[] hmac2 = hmacEmu.ComputeHash(data);
testResult = true;
for (int i = 0; i < hmac1.Length; i++)
{
if (hmac1[i] != hmac2[i])
{
testResult = false;
break;
}
}
}
}
}
}
}
}
}
catch (Exception ex)
{
Log.Exception("Unexpected Exception", ex);
}
return (testResult ? MFTestResults.Pass : MFTestResults.Fail);
}
private static extern CryptoKey UnwrapKeyInternal(Session session, Mechanism mechanism, CryptoKey unwrappingKey, byte[] wrappedKey, CryptokiAttribute[] keyTemplate);
private static extern CryptoKey GenerateKeyPairInternal(Session session, Mechanism mechanism, CryptokiAttribute[] publicKeyTemplate, CryptokiAttribute[] privateKeyTemplate);
private extern CryptoKey DeriveKeyInternal(Mechanism mechanism, CryptokiAttribute[] template);
/// <summary>
/// Derives a CryptoKey object with the specified key algorithm and key attribute template
/// </summary>
/// <param name="mechanism">The Cryptoki session context.</param>
/// <param name="template">The key attribute template.</param>
/// <returns></returns>
public CryptoKey DeriveKey(Mechanism mechanism, CryptokiAttribute[] template)
{
if (m_isDisposed) throw new ObjectDisposedException();
CryptoKey ret = DeriveKeyInternal(mechanism, template);
m_session.AddSessionObject(ret);
return ret;
}
private extern void VerifyInit(Session session, Mechanism mechanism, CryptoKey key);
/// <summary>
/// Creates the signature verification object with specified the session context, signature algorithm and key.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The signature algorithm.</param>
/// <param name="key">The key used to verify the signature value.</param>
public CryptokiVerify(Session session, Mechanism mechanism, CryptoKey key) :
base(session, false)
{
m_mech = mechanism;
m_key = key;
}
/// <summary>
/// Generates a new CryptoKey within the specified session context with the specified key mechanism and key template.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The key algorithm and parameters.</param>
/// <param name="template">The key attribute template that defines the resulting key's properties.</param>
/// <returns></returns>
public static CryptoKey GenerateKey(Session session, Mechanism mechanism, CryptokiAttribute[] template)
{
CryptoKey ret = GenerateKeyInternal(session, mechanism, template);
session.AddSessionObject(ret);
return ret;
}
/// <summary>
/// Generates a new CryptoKey object that represents a public/private key pair.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The key algorithm and parameters.</param>
/// <param name="publicKeyTemplate">The public key attribute template.</param>
/// <param name="privateKeyTemplate">The private key attribute template.</param>
/// <returns></returns>
public static CryptoKey GenerateKeyPair(Session session, Mechanism mechanism, CryptokiAttribute[] publicKeyTemplate, CryptokiAttribute[] privateKeyTemplate)
{
CryptoKey ret = GenerateKeyPairInternal(session, mechanism, publicKeyTemplate, privateKeyTemplate);
session.AddSessionObject(ret);
return ret;
}
private extern void Init(Mechanism mechanism);
/// <summary>
/// Unwraps the specified key data with the given wrapping key and mechanism.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The key wrapping mechanism or algorithm.</param>
/// <param name="wrappingKey">The key that will be used to unwrap the specifed keyData.</param>
/// <param name="keyData">The encrypted key data.</param>
/// <param name="keyTemplate">The key attribute template.</param>
/// <returns>The unwrapped key object.</returns>
public static CryptoKey UnwrapKey(Session session, Mechanism mechanism, CryptoKey wrappingKey, byte[] keyData, CryptokiAttribute[] keyTemplate)
{
CryptoKey ret = UnwrapKeyInternal(session, mechanism, wrappingKey, keyData, keyTemplate);
if (ret != null)
{
session.AddSessionObject(ret);
}
return ret;
}
public CryptokiSignEncrypt(Session session, Mechanism signMechanism, CryptoKeyHandle signKey, Mechanism cryptoMechanism, CryptoKeyHandle cryptoKey) :
base(session, true)
{
//m_encryptor = new Encryptor(m_session, cryptoMechanism, cryptoKey);
//m_sign = new CryptokiSign(m_session, signMechanism, signKey);
}
private static extern CryptoKey GenerateKeyInternal(Session session, Mechanism mechanism, CryptokiAttribute[] template);
public CryptokiDecryptVerify(Session session, Mechanism cryptoMechanism, CryptoKeyHandle cryptoKey, Mechanism signMechanism, CryptoKeyHandle signKey) :
base(session, true)
{
//m_decryptor = new Decryptor(m_session, cryptoMechanism, cryptoKey);
//m_verify = new CryptokiVerify(m_session, signMechanism, signKey);
}
public static extern byte[] WrapKey(Session session, Mechanism mechanism, CryptoKey wrappingKey, CryptoKey key);
public CryptokiDecryptDigest(Session session, Mechanism digestMechanism, Mechanism cryptoMechanism, CryptoKeyHandle cryptoKey) :
base(session, true)
{
//m_decryptor = new Decryptor(m_session, cryptoMechanism, cryptoKey);
//m_digest = new CryptokiDigest(m_session, digestMechanism);
}
private extern void Init(Mechanism mechanism);
/// <summary>
/// Creates a symmetric TripleDES encryptor object with the specified key (Key) and initialization vector (IV).
/// </summary>
/// <param name="key">The secret key to use for the symmetric algorithm.</param>
/// <param name="iv">The initialization vector to use for the symmetric algorithm.</param>
/// <returns>A symmetric TripleDES encryptor object.</returns>
public override ICryptoTransform CreateEncryptor(CryptoKey key, byte[] iv)
{
Mechanism mech = new Mechanism(MechanismType);
mech.Parameter = null;
if (iv != null)
{
mech.Parameter = (byte[])iv.Clone();
}
return new Encryptor(m_session, mech, key, BlockSize, BlockSize);
}
/// <summary>
/// Generates a random Key to be used for the algorithm.
/// </summary>
public override void GenerateKey()
{
CryptoKey key;
Mechanism mech = new Mechanism(Microsoft.SPOT.Cryptoki.MechanismType.DES3_KEY_GEN);
CryptokiAttribute[] attribs = new CryptokiAttribute[]
{
new CryptokiAttribute(CryptokiAttribute.CryptokiType.ValueLen, Utility.ConvertToBytes( KeySizeValue ))
};
key = CryptoKey.GenerateKey(m_session, mech, attribs);
if (KeyValue != null && OwnsKey)
{
KeyValue.Dispose();
}
KeyValue = key;
OwnsKey = true;
}
private void Init(CryptoKey key, int keySize)
{
LegalKeySizesValue = s_KeySizes;
m_keyGenMech = new Mechanism(MechanismType.DSA_KEY_PAIR_GEN);
m_signatureMech = new Mechanism(MechanismType.DSA);
m_hashAlgorithm = MechanismType.SHA_1;
if (key == null)
{
KeySize = keySize;
}
else
{
if (key.Type != CryptoKey.KeyType.DSA) throw new ArgumentException();
KeyPair = key;
}
}
public MFTestResults HmacTest_Test1()
{
bool testResult = false;
try
{
string dataToSign = "This is a simple message to be encrypted";
byte[] data = System.Text.UTF8Encoding.UTF8.GetBytes(dataToSign);
Mechanism mech = new Mechanism(MechanismType.SHA_1_HMAC);
using (Session openSession = new Session("", mech.Type))
{
using (KeyedHashAlgorithm hmacOpenSSL = new KeyedHashAlgorithm(KeyedHashAlgorithmType.HMACSHA1, openSession))
{
byte[] hmac1 = hmacOpenSSL.ComputeHash(data);
byte[] hmac2 = hmacOpenSSL.ComputeHash(data);
data[3] = (byte)((data[3] & 1) == 0 ? data[3] + 1 : data[3] - 1);
byte[] hmac3 = hmacOpenSSL.ComputeHash(data);
testResult = true;
bool difFound = false;
for (int i = 0; i < hmac1.Length; i++)
{
if (hmac1[i] != hmac2[i])
{
testResult = false;
break;
}
if (hmac1[i] != hmac1[3])
{
difFound = true;
}
}
testResult &= difFound;
}
}
}
catch (Exception ex)
{
Log.Exception("Unexpected Exception", ex);
}
return (testResult ? MFTestResults.Pass : MFTestResults.Fail);
}
public CryptokiSignEncrypt(Session session, Mechanism signMechanism, CryptoKeyHandle signKey, Mechanism cryptoMechanism, CryptoKeyHandle cryptoKey) :
base(session, true)
{
//m_encryptor = new Encryptor(m_session, cryptoMechanism, cryptoKey);
//m_sign = new CryptokiSign(m_session, signMechanism, signKey);
}
