/// <summary>
/// Creates a Cryptoki signature object with the specified session context, algorithm and key.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The signature algorithm and parameters.</param>
/// <param name="key">The key used to sign the input data.</param>
public CryptokiSign(Session session, Mechanism mechanism, CryptoKey key) :
base(session, false)
{
m_signatureLength = (key.Size + 7) / 8;
m_mech = mechanism;
m_key = key;
}
protected override void Dispose(bool disposing)
{
try
{
if (disposing)
{
// Note: we always want to zeroize the sensitive key material
if (KeyValue != null)
{
if (OwnsKey)
{
//Array.Clear(KeyValue, 0, KeyValue.Length);
KeyValue.Dispose();
}
KeyValue = null;
}
if (IVValue != null)
{
Array.Clear(IVValue, 0, IVValue.Length);
IVValue = null;
}
}
}
finally
{
base.Dispose(disposing);
}
}
/// <summary>
/// Digests the value of a secret key.
/// </summary>
/// <param name="hKey"></param>
public void DigestKey(CryptoKey hKey)
{
if (!m_isInit) Init(m_mechanism);
m_isInit = true;
DigestKeyInternal(hKey);
}
/// <summary>
/// Creates the encryptor object with the specified session context, decryption algorithm, key, and input/output block sizes
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The encryption algorithm and paramters.</param>
/// <param name="key">The key that will be used to perform the encryption.</param>
/// <param name="inputBlockSize">The input block size, in bits.</param>
/// <param name="outputBlockSize">The output block size, in bits.</param>
public Encryptor(Session session, Mechanism mechanism, CryptoKey key, int inputBlockSize, int outputBlockSize) :
base(session, false)
{
m_inputBlockSize = (inputBlockSize + 7) / 8;
m_outputBlockSize = (outputBlockSize+ 7) / 8;
m_mech = mechanism;
m_key = key;
}
/// <summary>
/// Generates a random symmetric key for use in the signing process.
/// </summary>
/// <param name="keySize">Size of the symmetric key in bits</param>
private void GenerateKey(int keySize)
{
CryptokiAttribute[] attribs = new CryptokiAttribute[]
{
new CryptokiAttribute(CryptokiAttribute.CryptokiType.ValueLen, Utility.ConvertToBytes( keySize ))
};
KeyValue = CryptoKey.GenerateKey(m_session, new Mechanism(MechanismType.GENERIC_SECRET_KEY_GEN), attribs);
OwnsKey = true;
m_mechanism.Parameter = KeyValue.Handle;
Initialize();
}
private void Init(CryptoKey key, int keySize)
{
LegalBlockSizesValue = s_legalBlockSizes;
LegalKeySizesValue = s_legalKeySizes;
BlockSizeValue = 64;
if (key == null)
{
KeySizeValue = keySize;
GenerateKey();
}
else
{
if (key.Type != CryptoKey.KeyType.DES3 && key.Type != CryptoKey.KeyType.GENERIC_SECRET) throw new ArgumentException();
Key = key;
}
}
private void Init(CryptoKey key, int keySize)
{
LegalKeySizesValue = s_legalKeySizes;
m_signMech = new Mechanism(MechanismType.ECDSA);
HashAlgorithm = MechanismType.SHA256;
if (key == null)
{
KeySize = keySize;
}
else
{
if (key.Type != CryptoKey.KeyType.EC)
{
throw new ArgumentException();
}
KeyPair = key;
}
}
private static extern CryptoKey UnwrapKeyInternal(Session session, Mechanism mechanism, CryptoKey unwrappingKey, byte[] wrappedKey, CryptokiAttribute[] keyTemplate);
public static extern byte[] WrapKey(Session session, Mechanism mechanism, CryptoKey wrappingKey, CryptoKey key);
/// <summary>
/// Unwraps the specified key data with the given wrapping key and mechanism.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The key wrapping mechanism or algorithm.</param>
/// <param name="wrappingKey">The key that will be used to unwrap the specifed keyData.</param>
/// <param name="keyData">The encrypted key data.</param>
/// <param name="keyTemplate">The key attribute template.</param>
/// <returns>The unwrapped key object.</returns>
public static CryptoKey UnwrapKey(Session session, Mechanism mechanism, CryptoKey wrappingKey, byte[] keyData, CryptokiAttribute[] keyTemplate)
{
CryptoKey ret = UnwrapKeyInternal(session, mechanism, wrappingKey, keyData, keyTemplate);
if (ret != null)
{
session.AddSessionObject(ret);
}
return ret;
}
/// <summary>
/// Creates the signature verification object with specified the session context, signature algorithm and key.
/// </summary>
/// <param name="session">The Cryptoki session context.</param>
/// <param name="mechanism">The signature algorithm.</param>
/// <param name="key">The key used to verify the signature value.</param>
public CryptokiVerify(Session session, Mechanism mechanism, CryptoKey key) :
base(session, false)
{
m_mech = mechanism;
m_key = key;
}
private extern void EncryptInit(Session session, Mechanism mechanism, CryptoKey key);
private void Init(CryptoKey key, int keySize)
{
LegalKeySizesValue = s_KeySizes;
m_keyGenMech = new Mechanism(MechanismType.DSA_KEY_PAIR_GEN);
m_signatureMech = new Mechanism(MechanismType.DSA);
m_hashAlgorithm = MechanismType.SHA_1;
if (key == null)
{
KeySize = keySize;
}
else
{
if (key.Type != CryptoKey.KeyType.DSA) throw new ArgumentException();
KeyPair = key;
}
}
/// <summary>
/// Initializes a new instance of the DSACryptoServiceProvider class with the specified CryptoKey object.
/// </summary>
/// <param name="dsaKey">The key object which the Aes algorithm will use for cryptographic operations.</param>
public DSACryptoServiceProvider(CryptoKey dsaKey)
: base(dsaKey.Session, false)
{
Init(dsaKey, -1);
}
/// <summary>
/// Initializes a new instance of the TripleDESCryptoServiceProvider class.
/// </summary>
/// <param name="key">The key to be used for TripleDES operations.</param>
public TripleDESCryptoServiceProvider(CryptoKey key)
: base(key.Session, false)
{
Init(key, key.Size);
}
/// <summary> /// When overridden in a derived class, creates a symmetric decryptor object with the specified Key property and initialization vector (IV). /// </summary> /// <param name="hKey">The secret key to use for the symmetric algorithm.</param> /// <param name="rgbIV">The initialization vector to use for the symmetric algorithm.</param> /// <returns>A symmetric decryptor object.</returns> public abstract ICryptoTransform CreateDecryptor(CryptoKey hKey, byte[] rgbIV);
/// <summary>
/// Initializes a new instance of the KeyedHashAlgorithm class with the specified algorithm and key object.
/// </summary>
/// <param name="algorithm">The keyed hash algorithm to be used (HMACSHA1, HMACRIPEMD160, etc.)</param>
/// <param name="key">The Cryptoki key object that will be used to sign the hashed value.</param>
public KeyedHashAlgorithm(KeyedHashAlgorithmType algorithm, CryptoKey key)
: base((HashAlgorithmType)algorithm, key.Session)
{
Key = key;
OwnsKey = false;
}
/// <summary>
/// Initializes a new instance of the AesCryptoServiceProvider class for the specified CryptoKey object.
/// </summary>
/// <param name="key">The key object which the Aes algorithm will for cryptographic operations.</param>
public AesCryptoServiceProvider(CryptoKey key) :
base(key.Session, false)
{
Init(key, -1);
}
private void Init(CryptoKey key, int keySize)
{
LegalKeySizesValue = s_legalKeySizes;
if (key == null)
{
KeySize = DefaultKeySize;
}
else
{
if (key.Type != CryptoKey.KeyType.EC)
{
throw new ArgumentException();
}
KeyPair = key;
}
}
/// <summary>
/// Initializes a new instance of the ECDiffieHellmanCng class with a random key pair, using the specified Key object.
/// </summary>
/// <param name="key">The key object which the ECDH algorithm will use for cryptographic operations.</param>
public ECDiffieHellmanCryptoServiceProvider(CryptoKey key)
: base(key.Session, false)
{
Init(key, -1);
}
private extern void DigestKeyInternal(CryptoKey hKey);
/// <summary>
/// Creates a symmetric TripleDES encryptor object with the specified key (Key) and initialization vector (IV).
/// </summary>
/// <param name="key">The secret key to use for the symmetric algorithm.</param>
/// <param name="iv">The initialization vector to use for the symmetric algorithm.</param>
/// <returns>A symmetric TripleDES encryptor object.</returns>
public override ICryptoTransform CreateEncryptor(CryptoKey key, byte[] iv)
{
Mechanism mech = new Mechanism(MechanismType);
mech.Parameter = null;
if (iv != null)
{
mech.Parameter = (byte[])iv.Clone();
}
return new Encryptor(m_session, mech, key, BlockSize, BlockSize);
}
private extern void VerifyInit(Session session, Mechanism mechanism, CryptoKey key);
