/// <summary>
/// Logs a user into a token interactively.
/// This method should be used only for testing purposes with PKCS11-MOCK module.
/// </summary>
/// <param name="session">Instance of the extended class</param>
public static void InteractiveLogin(this HLA41.Session session)
{
CKR rv = session.LowLevelPkcs11.C_InteractiveLogin(session.SessionId);
if (rv != CKR.CKR_OK)
{
throw new Pkcs11Exception("C_InteractiveLogin", rv);
}
}
/// <summary>
/// Closes a session between an application and a token
/// </summary>
/// <param name="session">Session</param>
public void CloseSession(Session session)
{
if (session == null)
throw new ArgumentNullException("session");
session.CloseSession();
}
/// <summary>
/// Creates the data object.
/// </summary>
/// <param name='session'>Read-write session with user logged in</param>
/// <returns>Object handle</returns>
public static ObjectHandle CreateDataObject(Session session)
{
// Prepare attribute template of new data object
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_DATA));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_APPLICATION, Settings.ApplicationName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, "Data object content"));
// Create object
return session.CreateObject(objectAttributes);
}
/// <summary>
/// Generates asymetric key pair.
/// </summary>
/// <param name='session'>Read-write session with user logged in</param>
/// <param name='publicKeyHandle'>Output parameter for public key object handle</param>
/// <param name='privateKeyHandle'>Output parameter for private key object handle</param>
public static void GenerateKeyPair(Session session, out ObjectHandle publicKeyHandle, out ObjectHandle privateKeyHandle)
{
// The CKA_ID attribute is intended as a means of distinguishing multiple key pairs held by the same subject
byte[] ckaId = session.GenerateRandom(20);
// Prepare attribute template of new public key
List<ObjectAttribute> publicKeyAttributes = new List<ObjectAttribute>();
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY_RECOVER, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_WRAP, true));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_MODULUS_BITS, 1024));
publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }));
// Prepare attribute template of new private key
List<ObjectAttribute> privateKeyAttributes = new List<ObjectAttribute>();
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true));
privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true));
// Specify key generation mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN);
// Generate key pair
session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle);
}
/// <summary>
/// Generates symetric key.
/// </summary>
/// <param name='session'>Read-write session with user logged in</param>
/// <returns>Object handle</returns>
public static ObjectHandle GenerateKey(Session session)
{
// Prepare attribute template of new key
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_DERIVE, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_EXTRACTABLE, true));
// Specify key generation mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_DES3_KEY_GEN);
// Generate key
return session.GenerateKey(mechanism, objectAttributes);
}
/// <summary>
/// Signs single-part data, where the signature is an appendix to the data
/// </summary>
/// <param name="session">Instance of the extended class</param>
/// <param name="mechanism">Signature mechanism</param>
/// <param name="keyHandle">Signature key</param>
/// <param name="data">Data to be signed</param>
/// <param name="pin">Pin of user</param>
/// <returns>Signature</returns>
public static byte[] Sign(this HLA41.Session session, HLA41.Mechanism mechanism, HLA41.ObjectHandle keyHandle, byte[] data, byte[] pin)
{
if (session.Disposed)
{
throw new ObjectDisposedException(session.GetType().FullName);
}
if (mechanism == null)
{
throw new ArgumentNullException("mechanism");
}
if (keyHandle == null)
{
throw new ArgumentNullException("keyHandle");
}
if (data == null)
{
throw new ArgumentNullException("data");
}
byte[] pinValue = null;
uint pinValueLen = 0;
if (pin != null)
{
pinValue = pin;
pinValueLen = Convert.ToUInt32(pin.Length);
}
var ckMechanism40 = (LLA41.CK_MECHANISM) typeof(HLA41.Mechanism).GetField("_ckMechanism", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(mechanism);
CKR rv = session.LowLevelPkcs11.C_SignInit(session.SessionId, ref ckMechanism40, keyHandle.ObjectId);
if (rv != CKR.CKR_OK)
{
throw new Pkcs11Exception("C_SignInit", rv);
}
rv = session.LowLevelPkcs11.C_Login(session.SessionId, CKU.CKU_CONTEXT_SPECIFIC, pinValue, pinValueLen);
if (rv != CKR.CKR_OK)
{
throw new Pkcs11Exception("C_Login", rv);
}
uint signatureLen = 0;
rv = session.LowLevelPkcs11.C_Sign(session.SessionId, data, Convert.ToUInt32(data.Length), null, ref signatureLen);
if (rv != CKR.CKR_OK)
{
throw new Pkcs11Exception("C_Sign", rv);
}
byte[] signature = new byte[signatureLen];
rv = session.LowLevelPkcs11.C_Sign(session.SessionId, data, Convert.ToUInt32(data.Length), signature, ref signatureLen);
if (rv != CKR.CKR_OK)
{
throw new Pkcs11Exception("C_Sign", rv);
}
if (signature.Length != signatureLen)
{
Array.Resize(ref signature, Convert.ToInt32(signatureLen));
}
return(signature);
}
