Class representing a logical connection between an application and a token
Inheritance: IDisposable
        /// <summary>
        /// Logs a user into a token interactively.
        /// This method should be used only for testing purposes with PKCS11-MOCK module.
        /// </summary>
        /// <param name="session">Instance of the extended class</param>
        public static void InteractiveLogin(this HLA41.Session session)
        {
            CKR rv = session.LowLevelPkcs11.C_InteractiveLogin(session.SessionId);

            if (rv != CKR.CKR_OK)
            {
                throw new Pkcs11Exception("C_InteractiveLogin", rv);
            }
        }
Example #2
0
        /// <summary>
        /// Closes a session between an application and a token
        /// </summary>
        /// <param name="session">Session</param>
        public void CloseSession(Session session)
        {
            if (session == null)
                throw new ArgumentNullException("session");

            session.CloseSession();
        }
Example #3
0
 /// <summary>
 /// Creates the data object.
 /// </summary>
 /// <param name='session'>Read-write session with user logged in</param>
 /// <returns>Object handle</returns>
 public static ObjectHandle CreateDataObject(Session session)
 {
     // Prepare attribute template of new data object
     List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_DATA));
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_APPLICATION, Settings.ApplicationName));
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, "Data object content"));
     
     // Create object
     return session.CreateObject(objectAttributes);
 }
Example #4
0
 /// <summary>
 /// Generates asymetric key pair.
 /// </summary>
 /// <param name='session'>Read-write session with user logged in</param>
 /// <param name='publicKeyHandle'>Output parameter for public key object handle</param>
 /// <param name='privateKeyHandle'>Output parameter for private key object handle</param>
 public static void GenerateKeyPair(Session session, out ObjectHandle publicKeyHandle, out ObjectHandle privateKeyHandle)
 {
     // The CKA_ID attribute is intended as a means of distinguishing multiple key pairs held by the same subject
     byte[] ckaId = session.GenerateRandom(20);
     
     // Prepare attribute template of new public key
     List<ObjectAttribute> publicKeyAttributes = new List<ObjectAttribute>();
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true));
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true));
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY_RECOVER, true));
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_WRAP, true));
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_MODULUS_BITS, 1024));
     publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }));
     
     // Prepare attribute template of new private key
     List<ObjectAttribute> privateKeyAttributes = new List<ObjectAttribute>();
     privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
     privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true));
     privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
     privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
     privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true));
     privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
     privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true));
     privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true));
     privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true));
     
     // Specify key generation mechanism
     Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN);
     
     // Generate key pair
     session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle);
 }
Example #5
0
 /// <summary>
 /// Generates symetric key.
 /// </summary>
 /// <param name='session'>Read-write session with user logged in</param>
 /// <returns>Object handle</returns>
 public static ObjectHandle GenerateKey(Session session)
 {
     // Prepare attribute template of new key
     List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true));
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_DERIVE, true));
     objectAttributes.Add(new ObjectAttribute(CKA.CKA_EXTRACTABLE, true));
     
     // Specify key generation mechanism
     Mechanism mechanism = new Mechanism(CKM.CKM_DES3_KEY_GEN);
     
     // Generate key
     return session.GenerateKey(mechanism, objectAttributes);
 }
Example #6
0
        /// <summary>
        /// Signs single-part data, where the signature is an appendix to the data
        /// </summary>
        /// <param name="session">Instance of the extended class</param>
        /// <param name="mechanism">Signature mechanism</param>
        /// <param name="keyHandle">Signature key</param>
        /// <param name="data">Data to be signed</param>
        /// <param name="pin">Pin of user</param>
        /// <returns>Signature</returns>
        public static byte[] Sign(this HLA41.Session session, HLA41.Mechanism mechanism, HLA41.ObjectHandle keyHandle, byte[] data, byte[] pin)
        {
            if (session.Disposed)
            {
                throw new ObjectDisposedException(session.GetType().FullName);
            }

            if (mechanism == null)
            {
                throw new ArgumentNullException("mechanism");
            }

            if (keyHandle == null)
            {
                throw new ArgumentNullException("keyHandle");
            }

            if (data == null)
            {
                throw new ArgumentNullException("data");
            }

            byte[] pinValue    = null;
            uint   pinValueLen = 0;

            if (pin != null)
            {
                pinValue    = pin;
                pinValueLen = Convert.ToUInt32(pin.Length);
            }

            var ckMechanism40 = (LLA41.CK_MECHANISM) typeof(HLA41.Mechanism).GetField("_ckMechanism", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(mechanism);

            CKR rv = session.LowLevelPkcs11.C_SignInit(session.SessionId, ref ckMechanism40, keyHandle.ObjectId);

            if (rv != CKR.CKR_OK)
            {
                throw new Pkcs11Exception("C_SignInit", rv);
            }

            rv = session.LowLevelPkcs11.C_Login(session.SessionId, CKU.CKU_CONTEXT_SPECIFIC, pinValue, pinValueLen);
            if (rv != CKR.CKR_OK)
            {
                throw new Pkcs11Exception("C_Login", rv);
            }

            uint signatureLen = 0;

            rv = session.LowLevelPkcs11.C_Sign(session.SessionId, data, Convert.ToUInt32(data.Length), null, ref signatureLen);
            if (rv != CKR.CKR_OK)
            {
                throw new Pkcs11Exception("C_Sign", rv);
            }

            byte[] signature = new byte[signatureLen];
            rv = session.LowLevelPkcs11.C_Sign(session.SessionId, data, Convert.ToUInt32(data.Length), signature, ref signatureLen);
            if (rv != CKR.CKR_OK)
            {
                throw new Pkcs11Exception("C_Sign", rv);
            }

            if (signature.Length != signatureLen)
            {
                Array.Resize(ref signature, Convert.ToInt32(signatureLen));
            }

            return(signature);
        }