public void _01_EncryptAndDecryptSinglePartTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate symetric key
IObjectHandle generatedKey = Helpers.GenerateKey(session);
// Generate random initialization vector
byte[] iv = session.GenerateRandom(8);
// Specify encryption mechanism with initialization vector as parameter
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_DES3_CBC, iv);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Our new password");
// Encrypt data
byte[] encryptedData = session.Encrypt(mechanism, generatedKey, sourceData);
// Do something interesting with encrypted data
// Decrypt data
byte[] decryptedData = session.Decrypt(mechanism, generatedKey, encryptedData);
// Do something interesting with decrypted data
Assert.IsTrue(ConvertUtils.BytesToBase64String(sourceData) == ConvertUtils.BytesToBase64String(decryptedData));
session.DestroyObject(generatedKey);
session.Logout();
}
}
}
/// <summary>
/// Generates asymetric key pair.
/// </summary>
/// <param name='session'>Read-write session with user logged in</param>
/// <param name='publicKeyHandle'>Output parameter for public key object handle</param>
/// <param name='privateKeyHandle'>Output parameter for private key object handle</param>
public static void GenerateKeyPair(ISession session, out IObjectHandle publicKeyHandle, out IObjectHandle privateKeyHandle)
{
// The CKA_ID attribute is intended as a means of distinguishing multiple key pairs held by the same subject
byte[] ckaId = session.GenerateRandom(20);
// Prepare attribute template of new public key
List <IObjectAttribute> publicKeyAttributes = new List <IObjectAttribute>();
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_TOKEN, true));
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_PRIVATE, false));
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_ID, ckaId));
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_ENCRYPT, true));
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_VERIFY, true));
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_VERIFY_RECOVER, true));
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_WRAP, true));
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_MODULUS_BITS, 1024));
publicKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }));
// Prepare attribute template of new private key
List <IObjectAttribute> privateKeyAttributes = new List <IObjectAttribute>();
privateKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_TOKEN, true));
privateKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_PRIVATE, true));
privateKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
privateKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_ID, ckaId));
privateKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_SENSITIVE, true));
privateKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_DECRYPT, true));
privateKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_SIGN, true));
privateKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_SIGN_RECOVER, true));
privateKeyAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_UNWRAP, true));
// Specify key generation mechanism
IMechanism mechanism = Settings.Factories.MechanismFactory.CreateMechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN);
// Generate key pair
session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle);
}
public void _HL_20_03_EncryptAndDecrypt_Gost28147_89_CBC_Test()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate symetric key
IObjectHandle generatedKey = Helpers.GenerateGost28147_89Key(session);
byte[] sourceData = TestData.Encrypt_CBC_Gost28147_89_ECB_SourceData;
// Получение синхропосылки
var random = new Random();
byte[] initVector = new byte[Settings.GOST28147_89_BLOCK_SIZE];
random.NextBytes(initVector);
// Encrypt data
byte[] encryptedData = Helpers.CBC_Gost28147_89_Encrypt(
session, sourceData, initVector, generatedKey);
// Decrypt data
byte[] decryptedData = Helpers.CBC_Gost28147_89_Decrypt(
session, encryptedData, initVector, generatedKey);
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData));
session.DestroyObject(generatedKey);
session.Logout();
}
}
}
private void LoadCertPrivateKeyHandle()
{
//Carga del certificado
List <IObjectAttribute> template = new List <IObjectAttribute>();
var f = new ObjectAttributeFactory();
template.Add(f.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
template.Add(f.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509));
List <IObjectHandle> pubKeyObjectHandle = session.FindAllObjects(template);
List <CKA> pubKeyAttrsToRead = new List <CKA>();
pubKeyAttrsToRead.Add(CKA.CKA_LABEL);
pubKeyAttrsToRead.Add(CKA.CKA_ID);
pubKeyAttrsToRead.Add(CKA.CKA_VALUE);
//La cédula tiene sólo un certificado
List <IObjectAttribute> pubKeyAttributes = session.GetAttributeValue(pubKeyObjectHandle[0], pubKeyAttrsToRead);
var certArray = pubKeyAttributes[2].GetValueAsByteArray();
X509CertificateParser _x509CertificateParser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate bcCert = _x509CertificateParser.ReadCertificate(certArray);
//El identificador del certificado
string ckaLabel = pubKeyAttributes[0].GetValueAsString();
//Recupera el handle a la clave privada utilizando el identificador del certificado
template.Clear();
template.Add(f.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
template.Add(f.Create(CKA.CKA_KEY_TYPE, CKK.CKK_RSA));
template.Add(f.Create(CKA.CKA_LABEL, ckaLabel));
privatekeyHandle = session.FindAllObjects(template)[0];
certPath = new Org.BouncyCastle.X509.X509Certificate[] { bcCert };
}
/// <summary>
/// Constructs internal context for Pkcs11X509Certificate class
/// </summary>
/// <param name="certHandle">High level PKCS#11 object handle of certificate object</param>
/// <param name="tokenContext">Internal context for Pkcs11Token class</param>
/// <returns>Internal context for Pkcs11X509Certificate class</returns>
private Pkcs11X509CertificateContext GetCertificateContext(IObjectHandle certHandle, Pkcs11TokenContext tokenContext)
{
using (ISession session = tokenContext.SlotContext.Slot.OpenSession(SessionType.ReadOnly))
{
List <IObjectAttribute> objectAttributes = session.GetAttributeValue(certHandle, new List <CKA>()
{
CKA.CKA_ID, CKA.CKA_LABEL, CKA.CKA_VALUE
});
byte[] ckaId = objectAttributes[0].GetValueAsByteArray();
string ckaLabel = objectAttributes[1].GetValueAsString();
byte[] ckaValue = objectAttributes[2].GetValueAsByteArray();
var certInfo = new Pkcs11X509CertificateInfo(ckaId, ckaLabel, ckaValue);
IObjectHandle privKeyHandle = FindKey(session, CKO.CKO_PRIVATE_KEY, ckaId, ckaLabel);
IObjectHandle pubKeyHandle = FindKey(session, CKO.CKO_PUBLIC_KEY, ckaId, ckaLabel);
bool keyUsageRequiresLogin = (privKeyHandle == null) ? false : GetCkaAlwaysAuthenticateValue(session, privKeyHandle);
return(new Pkcs11X509CertificateContext(certInfo, certHandle, privKeyHandle, pubKeyHandle, keyUsageRequiresLogin, tokenContext));
}
}
public void _01_BasicDeriveKeyTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate symetric key
IObjectHandle baseKey = Helpers.GenerateKey(session);
// Generate random data needed for key derivation
byte[] data = session.GenerateRandom(24);
// Specify mechanism parameters
ICkKeyDerivationStringData mechanismParams = Settings.Factories.MechanismParamsFactory.CreateCkKeyDerivationStringData(data);
// Specify derivation mechanism with parameters
IMechanism mechanism = Settings.Factories.MechanismFactory.Create(CKM.CKM_XOR_BASE_AND_DATA, mechanismParams);
// Derive key
IObjectHandle derivedKey = session.DeriveKey(mechanism, baseKey, null);
// Do something interesting with derived key
Assert.IsTrue(derivedKey.ObjectId != CK.CK_INVALID_HANDLE);
session.DestroyObject(baseKey);
session.DestroyObject(derivedKey);
session.Logout();
}
}
}
/// <summary>
/// Generates asymetric key pair.
/// </summary>
/// <param name = 'session' > Read - write session with user logged in</param>
/// <param name = 'publicKeyHandle' > Output parameter for public key object handle</param>
/// <param name = 'privateKeyHandle' > Output parameter for private key object handle</param>
public static void GenerateGost512KeyPair(ISession session, out IObjectHandle publicKeyHandle, out IObjectHandle privateKeyHandle, string keyPairId)
{
// Шаблон для генерации открытого ключа ГОСТ Р 34.10-2012 (256 бит)
var publicKeyAttributes = new List <IObjectAttribute>()
{
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, Settings.Gost512PublicKeyLabel),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, keyPairId),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, (uint)Extended_CKK.CKK_GOSTR3410_512),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, false),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_GOSTR3410_PARAMS, Settings.GostR3410_512_Parameters)
};
// Шаблон для генерации закрытого ключа ГОСТ Р 34.10-2012 (256 бит)
var privateKeyAttributes = new List <IObjectAttribute>()
{
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, Settings.Gost512PrivateKeyLabel),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, keyPairId),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, (uint)Extended_CKK.CKK_GOSTR3410_512),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_DERIVE, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_GOSTR3410_PARAMS, Settings.GostR3410_512_Parameters),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_GOSTR3411_PARAMS, Settings.GostR3411_512_Parameters)
};
// Specify key generation mechanism
var mechanism = Settings.Factories.MechanismFactory.Create((CKM)Extended_CKM.CKM_GOSTR3410_512_KEY_PAIR_GEN);
// Generate key pair
session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle);
Assert.IsTrue(publicKeyHandle.ObjectId != CK.CK_INVALID_HANDLE);
Assert.IsTrue(privateKeyHandle.ObjectId != CK.CK_INVALID_HANDLE);
}
public static void Derive_GostR3410_12_Key(ISession session, IObjectHandle publicKeyHandle, IObjectHandle privateKeyHandle,
byte[] ukm, out IObjectHandle derivedKeyHandle)
{
// Шаблон для создания ключа обмена
var derivedKeyAttributes = new List <IObjectAttribute>
{
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, Settings.DerivedGost28147_89KeyLabel),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_GOST28147),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, false),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODIFIABLE, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXTRACTABLE, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_SENSITIVE, false)
};
// Получаем публичный ключ по его Id
var attributes = new List <CKA>
{
CKA.CKA_VALUE
};
List <IObjectAttribute> publicKeyAttributes = session.GetAttributeValue(publicKeyHandle, attributes);
// Определение параметров механизма наследования ключа
var deriveMechanismParams =
Settings.Factories.RutokenMechanismParamsFactory.CreateCkGostR3410_12_DeriveParams(
(ulong)Extended_CKD.CKD_KDF_GOSTR3411_2012_256, publicKeyAttributes[0].GetValueAsByteArray(), ukm);
// Определяем механизм наследования ключа
IMechanism deriveMechanism = Settings.Factories.MechanismFactory.Create((CKM)Extended_CKM.CKM_GOSTR3410_12_DERIVE, deriveMechanismParams);
// Наследуем ключ
derivedKeyHandle = session.DeriveKey(deriveMechanism, privateKeyHandle, derivedKeyAttributes);
Assert.IsTrue(derivedKeyHandle.ObjectId != CK.CK_INVALID_HANDLE);
}
public void _HL_20_06_EncryptAndDecrypt_Magma_ECB_Test()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Установление соединения с Рутокен в первом доступном слоте
IRutokenSlot slot = Helpers.GetUsableSlot(pkcs11);
// Открытие RW сессии
using (ISession session = slot.OpenRutokenSession(SessionType.ReadWrite))
{
// Выполнение аутентификации пользователя
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Генерация ключей для шифрования Магма
// Generate symetric key
IObjectHandle generatedKey = Helpers.GenerateMagmaKey(session);
var mechanism = Settings.Factories.MechanismFactory.Create((CKM)Extended_CKM.CKM_MAGMA_ECB);
byte[] sourceData = TestData.Encrypt_Gost28147_89_ECB_SourceData;
// Encrypt data
byte[] encryptedData = session.Encrypt(mechanism, generatedKey, sourceData);
// Decrypt data
byte[] decryptedData = session.Decrypt(mechanism, generatedKey, encryptedData);
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData));
session.DestroyObject(generatedKey);
// Завершение сессии
session.Logout();
}
}
}
public void _02_GetInvalidAttributeValueTest()
{
using (IPkcs11 pkcs11 = Settings.Factories.Pkcs11Factory.CreatePkcs11(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
IObjectHandle publicKey = null;
IObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Prepare list of empty attributes we want to read
List <CKA> attributes = new List <CKA>();
attributes.Add(CKA.CKA_LABEL);
attributes.Add(CKA.CKA_VALUE);
// Get value of specified attributes
List <IObjectAttribute> objectAttributes = session.GetAttributeValue(privateKey, attributes);
// Do something interesting with attribute value
Assert.IsTrue(objectAttributes[0].GetValueAsString() == Settings.ApplicationName);
Assert.IsTrue(objectAttributes[1].CannotBeRead == true);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
public void _HL_21_05_SignAndVerify_MagmaMac_Test()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Установление соединения с Рутокен в первом доступном слоте
ISlot slot = Helpers.GetUsableSlot(pkcs11);
// Открытие RW сессии
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Выполнение аутентификации пользователя
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Генерация ключей для шифрования Магма
// Generate symetric key
IObjectHandle generatedKey = Helpers.GenerateMagmaKey(session, Helpers.KeyDestenation.ForSigVer);
// Инициализация хэш-функции
var signMechanism = Settings.Factories.MechanismFactory.Create((CKM)Extended_CKM.CKM_MAGMA_MAC);
byte[] sourceData = TestData.Digest_Gost3411_SourceData;
// Подпись данных
byte[] signature = session.Sign(signMechanism, generatedKey, sourceData);
// Проверка подписи для данных
bool isValid = false;
session.Verify(signMechanism, generatedKey, sourceData, signature, out isValid);
Assert.IsTrue(isValid);
session.DestroyObject(generatedKey);
session.Logout();
}
}
}
/// <summary>
/// Generates asymetric key pair.
/// </summary>
/// <param name = 'session' > Read - write session with user logged in</param>
/// <param name = 'publicKeyHandle' > Output parameter for public key object handle</param>
/// <param name = 'privateKeyHandle' > Output parameter for private key object handle</param>
/// <param name="keyPairId"></param>
public static void GenerateRSAKeyPair(ISession session, out IObjectHandle publicKeyHandle, out IObjectHandle privateKeyHandle, string keyPairId)
{
// Шаблон для генерации открытого ключа ГОСТ Р 34.10-2001
var publicKeyAttributes = new List <IObjectAttribute>()
{
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, Settings.RsaPublicKeyLabel),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, keyPairId),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_RSA),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, false),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODULUS_BITS, Settings.RsaModulusBits)
};
// Шаблон для генерации закрытого ключа ГОСТ Р 34.10-2001
var privateKeyAttributes = new List <IObjectAttribute>()
{
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, Settings.RsaPrivateKeyLabel),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, keyPairId),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_RSA),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true),
Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true),
};
// Specify key generation mechanism
var mechanism = Settings.Factories.MechanismFactory.Create(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN);
// Generate key pair
session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle);
Assert.IsTrue(publicKeyHandle.ObjectId != CK.CK_INVALID_HANDLE);
Assert.IsTrue(privateKeyHandle.ObjectId != CK.CK_INVALID_HANDLE);
}
/// <summary>
/// Initializes a new instance of the CkEcdh2DeriveParams class.
/// </summary>
/// <param name='kdf'>Key derivation function used on the shared secret value (CKD)</param>
/// <param name='sharedData'>Some data shared between the two parties</param>
/// <param name='publicData'>Other party's first EC public key value</param>
/// <param name='privateDataLen'>The length in bytes of the second EC private key</param>
/// <param name='privateData'>Key handle for second EC private key value</param>
/// <param name='publicData2'>Other party's second EC public key value</param>
public CkEcdh2DeriveParams(NativeULong kdf, byte[] sharedData, byte[] publicData, NativeULong privateDataLen, IObjectHandle privateData, byte[] publicData2)
{
_lowLevelStruct.Kdf = 0;
_lowLevelStruct.SharedDataLen = 0;
_lowLevelStruct.SharedData = IntPtr.Zero;
_lowLevelStruct.PublicDataLen = 0;
_lowLevelStruct.PublicData = IntPtr.Zero;
_lowLevelStruct.PrivateDataLen = 0;
_lowLevelStruct.PrivateData = 0;
_lowLevelStruct.PublicDataLen2 = 0;
_lowLevelStruct.PublicData2 = IntPtr.Zero;
_lowLevelStruct.Kdf = kdf;
if (sharedData != null)
{
_lowLevelStruct.SharedData = UnmanagedMemory.Allocate(sharedData.Length);
UnmanagedMemory.Write(_lowLevelStruct.SharedData, sharedData);
_lowLevelStruct.SharedDataLen = ConvertUtils.UInt64FromInt32(sharedData.Length);
}
if (publicData != null)
{
_lowLevelStruct.PublicData = UnmanagedMemory.Allocate(publicData.Length);
UnmanagedMemory.Write(_lowLevelStruct.PublicData, publicData);
_lowLevelStruct.PublicDataLen = ConvertUtils.UInt64FromInt32(publicData.Length);
}
_lowLevelStruct.PrivateDataLen = privateDataLen;
if (privateData == null)
{
throw new ArgumentNullException("privateData");
}
_lowLevelStruct.PrivateData = ConvertUtils.UInt64FromUInt64(privateData.ObjectId);
if (publicData2 != null)
{
_lowLevelStruct.PublicData2 = UnmanagedMemory.Allocate(publicData2.Length);
UnmanagedMemory.Write(_lowLevelStruct.PublicData2, publicData2);
_lowLevelStruct.PublicDataLen2 = ConvertUtils.UInt64FromInt32(publicData2.Length);
}
}
public bool TryGetVariableAndWrap(string name, IScriptModule module, out IObjectHandle obj)
{
return(_engine.TryGetVariableAndWrap(name, module, out obj));
}
public IObjectHandle CallObject(IObjectHandle obj, IScriptModule module, params object[] args)
{
return(_engine.CallObject(obj, module, args));
}
public IObjectHandle CallObject(IObjectHandle obj, params object[] args)
{
return(_engine.CallObject(obj, args));
}
public bool IsObjectCallable(IObjectHandle obj, IScriptModule module)
{
return(_engine.IsObjectCallable(obj, module));
}
public bool IsObjectCallable(IObjectHandle obj)
{
return(_engine.IsObjectCallable(obj));
}
public string GetObjectDocumentation(IObjectHandle obj)
{
return(_engine.GetObjectDocumentation(obj));
}
public bool TryGetObjectMemberValue(IObjectHandle obj, string name, IScriptModule module, out IObjectHandle value)
{
return(_engine.TryGetObjectMemberValue(obj, name, module, out value));
}
/// <summary>
/// Creates parameters for the CKM_KIP_DERIVE, CKM_KIP_WRAP and CKM_KIP_MAC mechanisms
/// </summary>
/// <param name='mechanism'>Underlying cryptographic mechanism (CKM)</param>
/// <param name='key'>Handle to a key that will contribute to the entropy of the derived key (CKM_KIP_DERIVE) or will be used in the MAC operation (CKM_KIP_MAC)</param>
/// <param name='seed'>Input seed</param>
/// <returns>Parameters for the CKM_KIP_DERIVE, CKM_KIP_WRAP and CKM_KIP_MAC mechanisms</returns>
public ICkKipParams CreateCkKipParams(ulong? mechanism, IObjectHandle key, byte[] seed)
{
return _factory.CreateCkKipParams(mechanism, key, seed);
}
/// <summary>
/// Creates parameters for the CKM_CMS_SIG mechanism
/// </summary>
/// <param name='certificateHandle'>Object handle for a certificate associated with the signing key</param>
/// <param name='signingMechanism'>Mechanism to use when signing a constructed CMS SignedAttributes value</param>
/// <param name='digestMechanism'>Mechanism to use when digesting the data</param>
/// <param name='contentType'>String indicating complete MIME Content-type of message to be signed or null if the message is a MIME object</param>
/// <param name='requestedAttributes'>DER-encoded list of CMS Attributes the caller requests to be included in the signed attributes</param>
/// <param name='requiredAttributes'>DER-encoded list of CMS Attributes (with accompanying values) required to be included in the resulting signed attributes</param>
/// <returns>Parameters for the CKM_CMS_SIG mechanism</returns>
public ICkCmsSigParams CreateCkCmsSigParams(IObjectHandle certificateHandle, ulong? signingMechanism, ulong? digestMechanism, string contentType, byte[] requestedAttributes, byte[] requiredAttributes)
{
return _factory.CreateCkCmsSigParams(certificateHandle, signingMechanism, digestMechanism, contentType, requestedAttributes, requiredAttributes);
}
/// <summary>
/// Initializes a new instance of the CkX942MqvDeriveParams class.
/// </summary>>
/// <param name='kdf'>Key derivation function used on the shared secret value (CKD)</param>
/// <param name='otherInfo'>Some data shared between the two parties</param>
/// <param name='publicData'>Other party's first X9.42 Diffie-Hellman public key value</param>
/// <param name='privateDataLen'>The length in bytes of the second X9.42 Diffie-Hellman private key</param>
/// <param name='privateData'>Key handle for second X9.42 Diffie-Hellman private key value</param>
/// <param name='publicData2'>Other party's second X9.42 Diffie-Hellman public key value</param>
/// <param name='publicKey'>Handle to the first party's ephemeral public key</param>
public CkX942MqvDeriveParams(NativeULong kdf, byte[] otherInfo, byte[] publicData, NativeULong privateDataLen, IObjectHandle privateData, byte[] publicData2, IObjectHandle publicKey)
{
_lowLevelStruct.Kdf = 0;
_lowLevelStruct.OtherInfoLen = 0;
_lowLevelStruct.OtherInfo = IntPtr.Zero;
_lowLevelStruct.PublicDataLen = 0;
_lowLevelStruct.PublicData = IntPtr.Zero;
_lowLevelStruct.PrivateDataLen = 0;
_lowLevelStruct.PrivateData = 0;
_lowLevelStruct.PublicDataLen2 = 0;
_lowLevelStruct.PublicData2 = IntPtr.Zero;
_lowLevelStruct.PublicKey = 0;
_lowLevelStruct.Kdf = kdf;
if (otherInfo != null)
{
_lowLevelStruct.OtherInfo = UnmanagedMemory.Allocate(otherInfo.Length);
UnmanagedMemory.Write(_lowLevelStruct.OtherInfo, otherInfo);
_lowLevelStruct.OtherInfoLen = ConvertUtils.UInt64FromInt32(otherInfo.Length);
}
if (publicData != null)
{
_lowLevelStruct.PublicData = UnmanagedMemory.Allocate(publicData.Length);
UnmanagedMemory.Write(_lowLevelStruct.PublicData, publicData);
_lowLevelStruct.PublicDataLen = ConvertUtils.UInt64FromInt32(publicData.Length);
}
_lowLevelStruct.PrivateDataLen = privateDataLen;
if (privateData == null)
{
throw new ArgumentNullException("privateData");
}
_lowLevelStruct.PrivateData = ConvertUtils.UInt64FromUInt64(privateData.ObjectId);
if (publicData2 != null)
{
_lowLevelStruct.PublicData2 = UnmanagedMemory.Allocate(publicData2.Length);
UnmanagedMemory.Write(_lowLevelStruct.PublicData2, publicData2);
_lowLevelStruct.PublicDataLen2 = ConvertUtils.UInt64FromInt32(publicData2.Length);
}
if (publicKey == null)
{
throw new ArgumentNullException("publicKey");
}
_lowLevelStruct.PublicKey = ConvertUtils.UInt64FromUInt64(publicKey.ObjectId);
}
/// <summary>
/// Creates parameters for the CKM_X9_42_MQV_DERIVE key derivation mechanism
/// </summary>>
/// <param name='kdf'>Key derivation function used on the shared secret value (CKD)</param>
/// <param name='otherInfo'>Some data shared between the two parties</param>
/// <param name='publicData'>Other party's first X9.42 Diffie-Hellman public key value</param>
/// <param name='privateDataLen'>The length in bytes of the second X9.42 Diffie-Hellman private key</param>
/// <param name='privateData'>Key handle for second X9.42 Diffie-Hellman private key value</param>
/// <param name='publicData2'>Other party's second X9.42 Diffie-Hellman public key value</param>
/// <param name='publicKey'>Handle to the first party's ephemeral public key</param>
/// <returns>Parameters for the CKM_X9_42_MQV_DERIVE key derivation mechanism</returns>
public ICkX942MqvDeriveParams CreateCkX942MqvDeriveParams(ulong kdf, byte[] otherInfo, byte[] publicData, ulong privateDataLen, IObjectHandle privateData, byte[] publicData2, IObjectHandle publicKey)
{
return(new CkX942MqvDeriveParams(ConvertUtils.UInt32FromUInt64(kdf), otherInfo, publicData, ConvertUtils.UInt32FromUInt64(privateDataLen), privateData, publicData2, publicKey));
}
/// <summary>
/// Create parameters for the CKM_ECMQV_DERIVE mechanism
/// </summary>>
/// <param name='kdf'>Key derivation function used on the shared secret value (CKD)</param>
/// <param name='sharedData'>Some data shared between the two parties</param>
/// <param name='publicData'>Other party's first EC public key value</param>
/// <param name='privateDataLen'>The length in bytes of the second EC private key</param>
/// <param name='privateData'>Key handle for second EC private key value</param>
/// <param name='publicData2'>Other party's second EC public key value</param>
/// <param name='publicKey'>Handle to the first party's ephemeral public key</param>
/// <returns>Parameters for the CKM_ECMQV_DERIVE mechanism</returns>
public ICkEcmqvDeriveParams CreateCkEcmqvDeriveParams(ulong kdf, byte[] sharedData, byte[] publicData, ulong privateDataLen, IObjectHandle privateData, byte[] publicData2, IObjectHandle publicKey)
{
return _factory.CreateCkEcmqvDeriveParams(kdf, sharedData, publicData, privateDataLen, privateData, publicData2, publicKey);
}
public string[] GetObjectCallSignatures(IObjectHandle obj)
{
return(_engine.GetObjectCallSignatures(obj));
}
/// <summary>
/// Creates parameters for the CKM_X9_42_MQV_DERIVE key derivation mechanism
/// </summary>>
/// <param name='kdf'>Key derivation function used on the shared secret value (CKD)</param>
/// <param name='otherInfo'>Some data shared between the two parties</param>
/// <param name='publicData'>Other party's first X9.42 Diffie-Hellman public key value</param>
/// <param name='privateDataLen'>The length in bytes of the second X9.42 Diffie-Hellman private key</param>
/// <param name='privateData'>Key handle for second X9.42 Diffie-Hellman private key value</param>
/// <param name='publicData2'>Other party's second X9.42 Diffie-Hellman public key value</param>
/// <param name='publicKey'>Handle to the first party's ephemeral public key</param>
/// <returns>Parameters for the CKM_X9_42_MQV_DERIVE key derivation mechanism</returns>
public ICkX942MqvDeriveParams CreateCkX942MqvDeriveParams(ulong kdf, byte[] otherInfo, byte[] publicData, ulong privateDataLen, IObjectHandle privateData, byte[] publicData2, IObjectHandle publicKey)
{
return _factory.CreateCkX942MqvDeriveParams(kdf, otherInfo, publicData, privateDataLen, privateData, publicData2, publicKey);
}
public string[] GetObjectMemberNames(IObjectHandle obj)
{
return(_engine.GetObjectMemberNames(obj));
}
public void _HL_30_01_SignJournalTest()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Установление соединения с Рутокен в первом доступном слоте
var slot = Helpers.GetUsableSlot(pkcs11);
// Открытие RW сессии
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Выполнение аутентификации пользователя
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Инициализация хэш-функции
var digestMechanism = Settings.Factories.MechanismFactory.Create((CKM)Extended_CKM.CKM_GOSTR3411_12_512);
byte[] sourceData = TestData.Digest_Gost3411_SourceData;
// Вычисление хэш-кода данных
byte[] dataDigest = session.Digest(digestMechanism, sourceData);
// Генерация ключевой пары ГОСТ Р 34.10-2012
IObjectHandle dataPublicKey = null;
IObjectHandle dataPrivateKey = null;
Helpers.GenerateGost512KeyPair(session, out dataPublicKey, out dataPrivateKey, Settings.Gost512KeyPairId1);
// Инициализация операции подписи данных по алгоритму ГОСТ Р 34.10-2012(512)
var signMechanism = Settings.Factories.MechanismFactory.Create((CKM)Extended_CKM.CKM_GOSTR3410_512);
// Подпись данных
byte[] dataSignature = session.Sign(signMechanism, dataPrivateKey, dataDigest);
// Проверка подписи для данных
bool isValid = false;
session.Verify(signMechanism, dataPublicKey, dataDigest, dataSignature, out isValid);
Assert.IsTrue(isValid);
// Получение журнала операций
byte[] journal = slot.GetJournal();
// Генерация ключевой пары ГОСТ Р 34.10-2012 для подписи журнала
IObjectHandle journalPublicKey = null;
IObjectHandle journalPrivateKey = null;
Helpers.GenerateGost512JournalKeyPair(session, out journalPublicKey, out journalPrivateKey);
// Вычисление хэш-кода журнала
byte[] journalDigest = session.Digest(digestMechanism, journal);
// Подпись журнала
byte[] journalSignature = session.Sign(signMechanism, journalPrivateKey, journalDigest);
// Проверка подписи журнала
isValid = false;
session.Verify(signMechanism, journalPublicKey, journalDigest, journalSignature, out isValid);
Assert.IsTrue(isValid);
// Уничтожение созданных ключей
session.DestroyObject(dataPrivateKey);
session.DestroyObject(dataPublicKey);
session.Logout();
}
}
}
public string[] GetObjectMemberNames(IObjectHandle obj, IScriptModule module)
{
return(_engine.GetObjectMemberNames(obj, module));
}