public bool IsVulnerableToROCA(Pkcs11CertificateInfo certificateInfo)
{
X509CertificateParser x509CertificateParser = new X509CertificateParser();
X509Certificate x509Certificate = x509CertificateParser.ReadCertificate(certificateInfo.CkaValue);
RsaKeyParameters rsaKeyParameters = x509Certificate.GetPublicKey() as RsaKeyParameters;
return(RocaVulnerabilityTester.IsVulnerable(rsaKeyParameters));
}
private List <Pkcs11CertificateInfo> ReadCertificates()
{
List <Pkcs11CertificateInfo> infos = new List <Pkcs11CertificateInfo>();
using (Session session = _slot.OpenSession(SessionType.ReadWrite))
{
List <ObjectAttribute> searchTemplate = new List <ObjectAttribute>();
searchTemplate.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
List <ObjectHandle> foundObjects = session.FindAllObjects(searchTemplate);
foreach (ObjectHandle foundObject in foundObjects)
{
// Read attributes required for sane object presentation
List <ulong> attributes = new List <ulong>();
attributes.Add((ulong)CKA.CKA_PRIVATE);
attributes.Add((ulong)CKA.CKA_CERTIFICATE_TYPE);
attributes.Add((ulong)CKA.CKA_LABEL);
attributes.Add((ulong)CKA.CKA_ID);
attributes.Add((ulong)CKA.CKA_VALUE);
List <ObjectAttribute> requiredAttributes = session.GetAttributeValue(foundObject, attributes);
// Read attributes configured for specific object class and type
attributes = new List <ulong>();
foreach (ClassAttribute classAttribute in Pkcs11Admin.Instance.Config.CertificateAttributes.CommonAttributes)
{
attributes.Add(classAttribute.Value);
}
ulong certType = requiredAttributes[1].GetValueAsUlong();
if (Pkcs11Admin.Instance.Config.CertificateAttributes.TypeSpecificAttributes.ContainsKey(certType))
{
foreach (ClassAttribute classAttribute in Pkcs11Admin.Instance.Config.CertificateAttributes.TypeSpecificAttributes[certType])
{
attributes.Add(classAttribute.Value);
}
}
List <ObjectAttribute> configuredAttributes = session.GetAttributeValue(foundObject, attributes);
// Read object storage size
ulong?storageSize = ReadObjectSize(session, foundObject);
// Construct info object
Pkcs11CertificateInfo info = new Pkcs11CertificateInfo(foundObject, configuredAttributes, storageSize)
{
CkaPrivate = requiredAttributes[0].GetValueAsBool(),
CkaCertificateType = requiredAttributes[1].GetValueAsUlong(),
CkaLabel = requiredAttributes[2].GetValueAsString(),
CkaId = requiredAttributes[3].GetValueAsByteArray(),
CkaValue = requiredAttributes[4].GetValueAsByteArray()
};
infos.Add(info);
}
}
return(infos);
}
public void ExportCertificate(Pkcs11CertificateInfo objectInfo, out string fileName, out byte[] fileContent)
{
if (this._disposed)
{
throw new ObjectDisposedException(this.GetType().FullName);
}
if (objectInfo == null)
{
throw new ArgumentNullException("objectInfo");
}
fileName = (!string.IsNullOrEmpty(objectInfo.CkaLabel)) ? Utils.NormalizeFileName(objectInfo.CkaLabel + ".cer") : "certificate.cer";
fileContent = objectInfo.CkaValue;
}