static void Main(string[] args)
{
Library.C_Initialize();
CK_SLOT_ID[] slots = Library.C_GetSlotList(true);
CK_SLOT_ID slot = slots[0];
CK_SESSION_HANDLE session = Library.C_OpenSession(slot);
CK_OBJECT_HANDLE hKey = Library.C_GenerateKey(session, new CK_MECHANISM(CK.CKM_AES_KEY_GEN), new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CK.CKA_TOKEN, true),
new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_SECRET_KEY),
new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_AES),
new CK_ATTRIBUTE(CK.CKA_VALUE_LEN, 32),
});
CK_ATTRIBUTE[] t = new CK_ATTRIBUTE[]
{
new CK_ATTRIBUTE(CK.CKA_ID),
new CK_ATTRIBUTE(CK.CKA_CLASS),
new CK_ATTRIBUTE(CK.CKA_KEY_TYPE),
};
Library.C_GetAttributeValue(session, hKey, t);
byte[] iv = Library.C_GenerateRandom(session, 12);
byte[] plain = Encoding.UTF8.GetBytes("TEST PLAIN DATA");
CK_MECHANISM mech = new CK_MECHANISM(CK.CKM_AES_GCM, new CK_GCM_PARAMS(iv, null, 96));
Library.C_EncryptInit(session, mech, hKey);
byte[] enc = Library.C_Encrypt(session, plain);
Library.C_DecryptInit(session, mech, hKey);
byte[] dec = Library.C_Decrypt(session, enc);
if (!Enumerable.SequenceEqual(dec, plain))
{
throw new Exception("ENC/DEC mismatch");
}
}
public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, EncryptedData encryptedData)
{
_logger.LogInformation("decrypt called from key manager class for keyName : " + keyName + " and keyID : " + keyId);
Console.WriteLine("decrypt called");
user.ThrowIfNull(nameof(user));
keyName.ThrowIfNull(nameof(keyName));
keyId.ThrowIfNull(nameof(keyId));
encryptedData.ThrowIfNull(nameof(encryptedData));
//use ukc to decrypt
byte[] keyNameBytes = Encoding.UTF8.GetBytes(keyName);
ulong keyUID = (ulong)Convert.ToUInt64(keyId, 16);
CK_OBJECT_HANDLE pubKey;
CK_OBJECT_HANDLE prvKey;
CK_OBJECT_HANDLE publicTest;
Library.C_Initialize();
CK_SLOT_ID[] slots = Library.C_GetSlotList(true);
CK_SLOT_ID slot = slots[0];
CK_SESSION_HANDLE session = Library.C_OpenSession(slot);
Library.C_FindObjectsInit(session, new CK_ATTRIBUTE[]
{
new CK_ATTRIBUTE(CK.CKA_TOKEN, true),
new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PRIVATE_KEY),
new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_RSA),
//new CK_ATTRIBUTE(CK.CKA_ID, keyNameBytes),
new CK_ATTRIBUTE(CK.DYCKA_UID, keyUID)
});
CK_OBJECT_HANDLE[] foundKeyHandles = Library.C_FindObjects(session, 1);
Library.C_FindObjectsFinal(session);
CK_ATTRIBUTE n = new CK_ATTRIBUTE(CK.CKA_MODULUS);
CK_ATTRIBUTE e = new CK_ATTRIBUTE(CK.CKA_PUBLIC_EXPONENT);
CK_ATTRIBUTE privateKeyUid = new CK_ATTRIBUTE(CK.DYCKA_UID);
if (foundKeyHandles.Length == 0)
{
throw new Exception("key" + keyName + " not found");
}
//CK_OBJECT_HANDLE hKey = new CK_OBJECT_HANDLE(vOut);
_logger.LogInformation("encryptedData.Value = " + encryptedData.Value);
//byte[] plainData = Encoding.UTF8.GetBytes(encryptedData.Value);
byte[] plainData = Convert.FromBase64String(encryptedData.Value);
Console.WriteLine("Set RSA padding params");
CK_RSA_PKCS_OAEP_PARAMS oaepParams = new CK_RSA_PKCS_OAEP_PARAMS();
oaepParams.hashAlg = CK.CKM_SHA256;
oaepParams.mgf = CK.CKG_MGF1_SHA256;
CK_MECHANISM mech_rsa = new CK_MECHANISM(CK.CKM_RSA_PKCS_OAEP, oaepParams);
Library.C_DecryptInit(session, mech_rsa, foundKeyHandles[0]);
byte[] decrypted = Library.C_Decrypt(session, plainData);
return(new DecryptedData(Convert.ToBase64String(decrypted)));
_logger.LogInformation("Faild to decrypt");
throw new Exception("Faild to decrypt");
}
public KeyData GetPublicKey(Uri requestUri, string keyName)
{
_logger.LogInformation("get public key : " + keyName);
//requestUri.ThrowIfNull(nameof(requestUri));
keyName.ThrowIfNull(nameof(keyName));
PublicKeyCache cache = null;
//use ukc to search the key
byte[] keyNameBytes = Encoding.UTF8.GetBytes(keyName);
Library.C_Initialize();
CK_SLOT_ID[] slots = Library.C_GetSlotList(true);
CK_SLOT_ID slot = slots[0];
CK_SESSION_HANDLE session = Library.C_OpenSession(slot);
Library.C_FindObjectsInit(session, new CK_ATTRIBUTE[]
{
new CK_ATTRIBUTE(CK.CKA_TOKEN, true),
new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PRIVATE_KEY),
new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_RSA),
new CK_ATTRIBUTE(CK.CKA_ID, keyNameBytes),
//new CK_ATTRIBUTE(CK.DYCKA_UID , keyUID)
});
CK_OBJECT_HANDLE[] foundKeyHandles = Library.C_FindObjects(session, 1);
Library.C_FindObjectsFinal(session);
CK_ATTRIBUTE n = new CK_ATTRIBUTE(CK.CKA_MODULUS);
CK_ATTRIBUTE e = new CK_ATTRIBUTE(CK.CKA_PUBLIC_EXPONENT);
CK_ATTRIBUTE privateKeyUid = new CK_ATTRIBUTE(CK.DYCKA_UID);
if (foundKeyHandles.Length == 0)
{
throw new Exception("key" + keyName + " not found");
}
//get public key
Library.C_GetAttributeValue(session, foundKeyHandles[0], new CK_ATTRIBUTE[]
{
n,
e,
privateKeyUid
});
string nStrBase64 = Convert.ToBase64String((byte[])n.pValue);
var KeyId = Convert.ToString((long)privateKeyUid.pValue, 16);
//var key = keyStore.GetActiveKey(keyName);
var publicKey = new PublicKey(nStrBase64, 65537);
//publicKey.KeyId = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId;
publicKey.KeyId = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId;
string keyUrl = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId;
if (!publicKey.KeyId.Contains("https"))
{
publicKey.KeyId = publicKey.KeyId.Replace("http", "https");
}
publicKey.KeyType = "RSA";
publicKey.Algorithm = "RS256";
// if(key.ExpirationTimeInDays.HasValue)
// {
// cache = new PublicKeyCache(
// DateTime.UtcNow.AddDays(
// key.ExpirationTimeInDays.Value).ToString("yyyy-MM-ddTHH:mm:ss", sg.CultureInfo.InvariantCulture));
// }
return(new KeyData(publicKey, cache));
}
