private static Mechanism SelectMechanism(string id)
{
//dataEnvelope EncryptionAlgOid
//2.16.840.1.101.3.4.1.2
//DerObjectIdentifier("2.16.840.1.101.3.4") + HashAlgs.Branch("1" = IdSha256) + DerObjectIdentifier(Aes + ".2" = IdAes128Cbc)
Mechanism mechanism;
if (id == PkcsObjectIdentifiers.IdRsaesOaep.Id)
{
// RecipientInfos
//1.2.840.113549.1.1.7
//pkcs1 + .7 (.7 = IdRsaesOaep)
var mechanismParams = new CkRsaPkcsOaepParams(
(ulong)CKM.CKM_SHA_1,
(ulong)CKG.CKG_MGF1_SHA1,
(ulong)CKZ.CKZ_DATA_SPECIFIED, null);
mechanism = new Mechanism(CKM.CKM_RSA_PKCS_OAEP, mechanismParams);
return(mechanism);
}
if (id == PkcsObjectIdentifiers.RsaEncryption.Id)
{
mechanism = new Mechanism(CKM.CKM_RSA_PKCS);
return(mechanism);
}
throw new NotSupportedException(string.Format("No supported HSM mechanisms for pkcs-1 OBJECT IDENTIFIER ::={{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }}{0}", id));
}
public void _03_EncryptAndDecryptSinglePartOaepTest()
{
if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 1)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify mechanism parameters
CkRsaPkcsOaepParams mechanismParams = new CkRsaPkcsOaepParams((uint)CKM.CKM_SHA_1, (uint)CKG.CKG_MGF1_SHA1, (uint)CKZ.CKZ_DATA_SPECIFIED, null);
// Specify encryption mechanism with parameters
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_OAEP, mechanismParams);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
// Encrypt data
byte[] encryptedData = session.Encrypt(mechanism, publicKey, sourceData);
// Do something interesting with encrypted data
// Decrypt data
byte[] decryptedData = session.Decrypt(mechanism, privateKey, encryptedData);
// Do something interesting with decrypted data
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData));
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
public void _03_EncryptAndDecryptSinglePartOaepTest()
{
Helpers.CheckPlatform();
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify mechanism parameters
CkRsaPkcsOaepParams mechanismParams = new CkRsaPkcsOaepParams(NativeLongUtils.ConvertFromCKM(CKM.CKM_SHA_1), NativeLongUtils.ConvertFromCKG(CKG.CKG_MGF1_SHA1), NativeLongUtils.ConvertFromUInt32(CKZ.CKZ_DATA_SPECIFIED), null);
// Specify encryption mechanism with parameters
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_OAEP, mechanismParams);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
// Encrypt data
byte[] encryptedData = session.Encrypt(mechanism, publicKey, sourceData);
// Do something interesting with encrypted data
// Decrypt data
byte[] decryptedData = session.Decrypt(mechanism, privateKey, encryptedData);
// Do something interesting with decrypted data
Assert.IsTrue(ConvertUtils.BytesToBase64String(sourceData) == ConvertUtils.BytesToBase64String(decryptedData));
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
