public void _02_LibraryInfoMatches()
{
Helpers.CheckPlatform();
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
CK_INFO libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// Empty attribute
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes(" ");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1;foo=bar");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// All attributes matching
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// LibraryManufacturer nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// LibraryDescription nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// LibraryVersion nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x00 }, Minor = new byte[] { 0x01 }
};
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
}
public void _03_SlotInfoMatches()
{
Helpers.CheckPlatform();
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
CK_SLOT_INFO slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
NativeULong slotId = 1;
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Empty attribute
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes(" ");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 1;
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1;foo=bar");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 1;
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// All attributes matching
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 1;
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Manufacturer nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 1;
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Description nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("foo");
slotId = 1;
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Slot id nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 2;
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
}
public void _05_ObjectAttributesMatches()
{
Helpers.CheckPlatform();
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
List <CK_ATTRIBUTE> objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_LABEL, "foobar"));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x01, 0x02, 0x03 }));
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes));
// Empty attribute
pkcs11uri = new Pkcs11Uri(@"pkcs11:type=private;object=;id=%01%02%03");
objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_LABEL, string.Empty));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x01, 0x02, 0x03 }));
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:type=private;object=foobar;id=%01%02%03;foo=bar");
objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_LABEL, "foobar"));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x01, 0x02, 0x03 }));
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes));
// All attributes matching
pkcs11uri = new Pkcs11Uri(@"pkcs11:type=private;object=foobar;id=%01%02%03");
objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_LABEL, "foobar"));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x01, 0x02, 0x03 }));
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes));
// Type nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:type=private;object=foobar;id=%01%02%03");
objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_LABEL, "foobar"));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x01, 0x02, 0x03 }));
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes));
// Object nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:type=private;object=foobar;id=%01%02%03");
objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_LABEL, "foo bar"));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x01, 0x02, 0x03 }));
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes));
// Id nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:type=private;object=foobar;id=%01%02%03");
objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_LABEL, "foobar"));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x04, 0x05, 0x06 }));
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes));
try
{
// Type present in URI but missing in list
pkcs11uri = new Pkcs11Uri(@"pkcs11:type=private;object=foobar;id=%01%02%03");
objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_LABEL, "foobar"));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x01, 0x02, 0x03 }));
Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes);
Assert.Fail("Exception expected but not thrown");
}
catch (Exception ex)
{
Assert.IsTrue(ex is Pkcs11UriException);
}
try
{
// Object present in URI but missing in list
pkcs11uri = new Pkcs11Uri(@"pkcs11:type=private;object=foobar;id=%01%02%03");
objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x01, 0x02, 0x03 }));
Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes);
Assert.Fail("Exception expected but not thrown");
}
catch (Exception ex)
{
Assert.IsTrue(ex is Pkcs11UriException);
}
try
{
// Id present in URI but missing in list
pkcs11uri = new Pkcs11Uri(@"pkcs11:type=private;object=foobar;id=%01%02%03");
objectAttributes = new List <CK_ATTRIBUTE>();
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY));
objectAttributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, new byte[] { 0x04, 0x05, 0x06 }));
Pkcs11UriUtils.Matches(pkcs11uri, objectAttributes);
Assert.Fail("Exception expected but not thrown");
}
catch (Exception ex)
{
Assert.IsTrue(ex is Pkcs11UriException);
}
}
public void _06_GetMatchingSlotList()
{
Helpers.CheckPlatform();
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath))
{
CKR rv = pkcs11.C_Initialize(Settings.InitArgs41);
Assert.IsTrue(rv == CKR.CKR_OK);
// Get all slots
NativeULong allSlotsCount = 0;
rv = pkcs11.C_GetSlotList(true, null, ref allSlotsCount);
Assert.IsTrue(rv == CKR.CKR_OK);
Assert.IsTrue(allSlotsCount > 0);
NativeULong[] allSlots = new NativeULong[allSlotsCount];
rv = pkcs11.C_GetSlotList(true, allSlots, ref allSlotsCount);
Assert.IsTrue(rv == CKR.CKR_OK);
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
NativeULong[] matchedSlots = null;
rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots);
Assert.IsTrue(rv == CKR.CKR_OK);
Assert.IsTrue(matchedSlots.Length == allSlots.Length);
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:vendor=foobar");
rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots);
Assert.IsTrue(rv == CKR.CKR_OK);
Assert.IsTrue(matchedSlots.Length == 0);
// All attributes matching one slot
CK_INFO libraryInfo = new CK_INFO();
rv = pkcs11.C_GetInfo(ref libraryInfo);
Assert.IsTrue(rv == CKR.CKR_OK);
CK_SLOT_INFO slotInfo = new CK_SLOT_INFO();
rv = pkcs11.C_GetSlotInfo(allSlots[0], ref slotInfo);
Assert.IsTrue(rv == CKR.CKR_OK);
CK_TOKEN_INFO tokenInfo = new CK_TOKEN_INFO();
rv = pkcs11.C_GetTokenInfo(allSlots[0], ref tokenInfo);
Assert.IsTrue(rv == CKR.CKR_OK);
Pkcs11UriBuilder pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.LibraryManufacturer = ConvertUtils.BytesToUtf8String(libraryInfo.ManufacturerId, true);
pkcs11UriBuilder.LibraryDescription = ConvertUtils.BytesToUtf8String(libraryInfo.LibraryDescription, true);
pkcs11UriBuilder.LibraryVersion = libraryInfo.LibraryVersion.ToString();
pkcs11UriBuilder.SlotManufacturer = ConvertUtils.BytesToUtf8String(slotInfo.ManufacturerId, true);
pkcs11UriBuilder.SlotDescription = ConvertUtils.BytesToUtf8String(slotInfo.SlotDescription, true);
pkcs11UriBuilder.SlotId = allSlots[0];
pkcs11UriBuilder.Token = ConvertUtils.BytesToUtf8String(tokenInfo.Label, true);
pkcs11UriBuilder.Manufacturer = ConvertUtils.BytesToUtf8String(tokenInfo.ManufacturerId, true);
pkcs11UriBuilder.Serial = ConvertUtils.BytesToUtf8String(tokenInfo.SerialNumber, true);
pkcs11UriBuilder.Model = ConvertUtils.BytesToUtf8String(tokenInfo.Model, true);
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots);
Assert.IsTrue(rv == CKR.CKR_OK);
Assert.IsTrue(matchedSlots.Length == 1);
// One attribute nonmatching
pkcs11UriBuilder.Serial = "foobar";
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots);
Assert.IsTrue(rv == CKR.CKR_OK);
Assert.IsTrue(matchedSlots.Length == 0);
rv = pkcs11.C_Finalize(IntPtr.Zero);
Assert.IsTrue(rv == CKR.CKR_OK);
}
}
public void _04_TokenInfoMatches()
{
Helpers.CheckPlatform();
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
CK_TOKEN_INFO tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Empty attribute
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes(" ");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar;foo=bar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// All attributes matching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Label nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// ManufacturerId nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// SerialNumber nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("012");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Model nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foo bar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
}
/// <summary>
/// Creates the PKCS#1 v1.5 RSA signature with SHA-1 mechanism
/// </summary>
/// <param name="data">Data that should be signed</param>
/// <param name="uri">PKCS#11 URI identifying PKCS#11 library, token and private key</param>
/// <returns>PKCS#1 v1.5 RSA signature</returns>
private byte[] SignData(byte[] data, string uri)
{
// Verify input parameters
if (data == null)
{
throw new ArgumentNullException("data");
}
if (string.IsNullOrEmpty(uri))
{
throw new ArgumentNullException("uri");
}
// Parse PKCS#11 URI
Pkcs11Uri pkcs11Uri = new Pkcs11Uri(uri);
// Verify that URI contains all information required to perform this operation
if (pkcs11Uri.ModulePath == null)
{
throw new Exception("PKCS#11 URI does not specify PKCS#11 library");
}
if (pkcs11Uri.PinValue == null)
{
throw new Exception("PKCS#11 URI does not specify PIN");
}
if (!pkcs11Uri.DefinesObject || pkcs11Uri.Type != CKO.CKO_PRIVATE_KEY)
{
throw new Exception("PKCS#11 URI does not specify private key");
}
// Load and initialize PKCS#11 library specified by URI
CKR rv = CKR.CKR_OK;
using (Pkcs11 pkcs11 = new Pkcs11(pkcs11Uri.ModulePath, true))
{
rv = pkcs11.C_Initialize(Settings.InitArgs40);
if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED))
{
Assert.Fail(rv.ToString());
}
// Obtain a list of all slots with tokens that match URI
uint[] slots = null;
rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11Uri, pkcs11, true, out slots);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
if ((slots == null) || (slots.Length == 0))
{
throw new Exception("None of the slots matches PKCS#11 URI");
}
// Open read only session with first token that matches URI
uint session = CK.CK_INVALID_HANDLE;
rv = pkcs11.C_OpenSession(slots[0], (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
// Login as normal user with PIN acquired from URI
byte[] pinValue = ConvertUtils.Utf8StringToBytes(pkcs11Uri.PinValue);
rv = pkcs11.C_Login(session, CKU.CKU_USER, pinValue, Convert.ToUInt32(pinValue.Length));
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
// Get list of object attributes for the private key specified by URI
CK_ATTRIBUTE[] attributes = null;
Pkcs11UriUtils.GetObjectAttributes(pkcs11Uri, out attributes);
// Find private key specified by URI
uint foundObjectCount = 0;
uint[] foundObjectIds = new uint[] { CK.CK_INVALID_HANDLE };
rv = pkcs11.C_FindObjectsInit(session, attributes, Convert.ToUInt32(attributes.Length));
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
rv = pkcs11.C_FindObjects(session, foundObjectIds, Convert.ToUInt32(foundObjectIds.Length), ref foundObjectCount);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
rv = pkcs11.C_FindObjectsFinal(session);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
if ((foundObjectCount == 0) || (foundObjectIds[0] == CK.CK_INVALID_HANDLE))
{
throw new Exception("None of the private keys match PKCS#11 URI");
}
// Create signature with the private key specified by URI
CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_SHA1_RSA_PKCS);
rv = pkcs11.C_SignInit(session, ref mechanism, foundObjectIds[0]);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
uint signatureLen = 0;
rv = pkcs11.C_Sign(session, data, Convert.ToUInt32(data.Length), null, ref signatureLen);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
Assert.IsTrue(signatureLen > 0);
byte[] signature = new byte[signatureLen];
rv = pkcs11.C_Sign(session, data, Convert.ToUInt32(data.Length), signature, ref signatureLen);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
if (signature.Length != signatureLen)
{
Array.Resize(ref signature, Convert.ToInt32(signatureLen));
}
// Release PKCS#11 resources
rv = pkcs11.C_Logout(session);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
rv = pkcs11.C_CloseSession(session);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
rv = pkcs11.C_Finalize(IntPtr.Zero);
if (rv != CKR.CKR_OK)
{
Assert.Fail(rv.ToString());
}
return(signature);
}
}
public void _02_LibraryInfoMatches()
{
if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 1)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
CK_INFO libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// Empty attribute
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes(" ");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1;foo=bar");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// All attributes matching
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// LibraryManufacturer nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// LibraryDescription nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x01 }, Minor = new byte[] { 0x00 }
};
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// LibraryVersion nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:library-manufacturer=foo;library-description=bar;library-version=1");
libraryInfo = new CK_INFO();
libraryInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
libraryInfo.LibraryDescription = ConvertUtils.Utf8StringToBytes("bar");
libraryInfo.LibraryVersion = new CK_VERSION()
{
Major = new byte[] { 0x00 }, Minor = new byte[] { 0x01 }
};
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
}
public void _04_TokenInfoMatches()
{
if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 1)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
CK_TOKEN_INFO tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Empty attribute
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes(" ");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar;foo=bar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// All attributes matching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Label nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// ManufacturerId nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// SerialNumber nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("012");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
// Model nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:token=foo;manufacturer=bar;serial=123;model=foobar");
tokenInfo = new CK_TOKEN_INFO();
tokenInfo.Label = ConvertUtils.Utf8StringToBytes("foo");
tokenInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
tokenInfo.SerialNumber = ConvertUtils.Utf8StringToBytes("123");
tokenInfo.Model = ConvertUtils.Utf8StringToBytes("foo bar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo));
}
public void _03_SlotInfoMatches()
{
if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 1)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
CK_SLOT_INFO slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
uint slotId = 1;
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Empty attribute
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes(" ");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 1;
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1;foo=bar");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 1;
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// All attributes matching
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 1;
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Manufacturer nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("bar");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 1;
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Description nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("foo");
slotId = 1;
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
// Slot id nonmatching
pkcs11uri = new Pkcs11Uri(@"pkcs11:slot-manufacturer=foo;slot-description=bar;slot-id=1");
slotInfo = new CK_SLOT_INFO();
slotInfo.ManufacturerId = ConvertUtils.Utf8StringToBytes("foo");
slotInfo.SlotDescription = ConvertUtils.Utf8StringToBytes("bar");
slotId = 2;
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, slotInfo, slotId));
}
