static void Main(string[] args) { Library.C_Initialize(); CK_SLOT_ID[] slots = Library.C_GetSlotList(true); CK_SLOT_ID slot = slots[0]; CK_SESSION_HANDLE session = Library.C_OpenSession(slot); CK_OBJECT_HANDLE hKey = Library.C_GenerateKey(session, new CK_MECHANISM(CK.CKM_AES_KEY_GEN), new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CK.CKA_TOKEN, true), new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_SECRET_KEY), new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_AES), new CK_ATTRIBUTE(CK.CKA_VALUE_LEN, 32), }); CK_ATTRIBUTE[] t = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CK.CKA_ID), new CK_ATTRIBUTE(CK.CKA_CLASS), new CK_ATTRIBUTE(CK.CKA_KEY_TYPE), }; Library.C_GetAttributeValue(session, hKey, t); byte[] iv = Library.C_GenerateRandom(session, 12); byte[] plain = Encoding.UTF8.GetBytes("TEST PLAIN DATA"); CK_MECHANISM mech = new CK_MECHANISM(CK.CKM_AES_GCM, new CK_GCM_PARAMS(iv, null, 96)); Library.C_EncryptInit(session, mech, hKey); byte[] enc = Library.C_Encrypt(session, plain); Library.C_DecryptInit(session, mech, hKey); byte[] dec = Library.C_Decrypt(session, enc); if (!Enumerable.SequenceEqual(dec, plain)) { throw new Exception("ENC/DEC mismatch"); } }
public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, EncryptedData encryptedData) { _logger.LogInformation("decrypt called from key manager class for keyName : " + keyName + " and keyID : " + keyId); Console.WriteLine("decrypt called"); user.ThrowIfNull(nameof(user)); keyName.ThrowIfNull(nameof(keyName)); keyId.ThrowIfNull(nameof(keyId)); encryptedData.ThrowIfNull(nameof(encryptedData)); //use ukc to decrypt byte[] keyNameBytes = Encoding.UTF8.GetBytes(keyName); ulong keyUID = (ulong)Convert.ToUInt64(keyId, 16); CK_OBJECT_HANDLE pubKey; CK_OBJECT_HANDLE prvKey; CK_OBJECT_HANDLE publicTest; Library.C_Initialize(); CK_SLOT_ID[] slots = Library.C_GetSlotList(true); CK_SLOT_ID slot = slots[0]; CK_SESSION_HANDLE session = Library.C_OpenSession(slot); Library.C_FindObjectsInit(session, new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CK.CKA_TOKEN, true), new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PRIVATE_KEY), new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_RSA), //new CK_ATTRIBUTE(CK.CKA_ID, keyNameBytes), new CK_ATTRIBUTE(CK.DYCKA_UID, keyUID) }); CK_OBJECT_HANDLE[] foundKeyHandles = Library.C_FindObjects(session, 1); Library.C_FindObjectsFinal(session); CK_ATTRIBUTE n = new CK_ATTRIBUTE(CK.CKA_MODULUS); CK_ATTRIBUTE e = new CK_ATTRIBUTE(CK.CKA_PUBLIC_EXPONENT); CK_ATTRIBUTE privateKeyUid = new CK_ATTRIBUTE(CK.DYCKA_UID); if (foundKeyHandles.Length == 0) { throw new Exception("key" + keyName + " not found"); } //CK_OBJECT_HANDLE hKey = new CK_OBJECT_HANDLE(vOut); _logger.LogInformation("encryptedData.Value = " + encryptedData.Value); //byte[] plainData = Encoding.UTF8.GetBytes(encryptedData.Value); byte[] plainData = Convert.FromBase64String(encryptedData.Value); Console.WriteLine("Set RSA padding params"); CK_RSA_PKCS_OAEP_PARAMS oaepParams = new CK_RSA_PKCS_OAEP_PARAMS(); oaepParams.hashAlg = CK.CKM_SHA256; oaepParams.mgf = CK.CKG_MGF1_SHA256; CK_MECHANISM mech_rsa = new CK_MECHANISM(CK.CKM_RSA_PKCS_OAEP, oaepParams); Library.C_DecryptInit(session, mech_rsa, foundKeyHandles[0]); byte[] decrypted = Library.C_Decrypt(session, plainData); return(new DecryptedData(Convert.ToBase64String(decrypted))); _logger.LogInformation("Faild to decrypt"); throw new Exception("Faild to decrypt"); }
public KeyData GetPublicKey(Uri requestUri, string keyName) { _logger.LogInformation("get public key : " + keyName); //requestUri.ThrowIfNull(nameof(requestUri)); keyName.ThrowIfNull(nameof(keyName)); PublicKeyCache cache = null; //use ukc to search the key byte[] keyNameBytes = Encoding.UTF8.GetBytes(keyName); Library.C_Initialize(); CK_SLOT_ID[] slots = Library.C_GetSlotList(true); CK_SLOT_ID slot = slots[0]; CK_SESSION_HANDLE session = Library.C_OpenSession(slot); Library.C_FindObjectsInit(session, new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CK.CKA_TOKEN, true), new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PRIVATE_KEY), new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_RSA), new CK_ATTRIBUTE(CK.CKA_ID, keyNameBytes), //new CK_ATTRIBUTE(CK.DYCKA_UID , keyUID) }); CK_OBJECT_HANDLE[] foundKeyHandles = Library.C_FindObjects(session, 1); Library.C_FindObjectsFinal(session); CK_ATTRIBUTE n = new CK_ATTRIBUTE(CK.CKA_MODULUS); CK_ATTRIBUTE e = new CK_ATTRIBUTE(CK.CKA_PUBLIC_EXPONENT); CK_ATTRIBUTE privateKeyUid = new CK_ATTRIBUTE(CK.DYCKA_UID); if (foundKeyHandles.Length == 0) { throw new Exception("key" + keyName + " not found"); } //get public key Library.C_GetAttributeValue(session, foundKeyHandles[0], new CK_ATTRIBUTE[] { n, e, privateKeyUid }); string nStrBase64 = Convert.ToBase64String((byte[])n.pValue); var KeyId = Convert.ToString((long)privateKeyUid.pValue, 16); //var key = keyStore.GetActiveKey(keyName); var publicKey = new PublicKey(nStrBase64, 65537); //publicKey.KeyId = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId; publicKey.KeyId = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId; string keyUrl = requestUri.GetLeftPart(UriPartial.Path) + "/" + KeyId; if (!publicKey.KeyId.Contains("https")) { publicKey.KeyId = publicKey.KeyId.Replace("http", "https"); } publicKey.KeyType = "RSA"; publicKey.Algorithm = "RS256"; // if(key.ExpirationTimeInDays.HasValue) // { // cache = new PublicKeyCache( // DateTime.UtcNow.AddDays( // key.ExpirationTimeInDays.Value).ToString("yyyy-MM-ddTHH:mm:ss", sg.CultureInfo.InvariantCulture)); // } return(new KeyData(publicKey, cache)); }