KeyType IKeyManagementDriver.GetKeyType(int session, int hKey)
{
try
{
SessionData ctx = ((SessionDriver)this.Hal.Session).GetSessionCtx(session);
KeyData kd = ctx.ObjectCtx.GetObject(hKey).Data as KeyData;
if (kd == null)
{
unchecked
{
return((KeyType)(-1));
}
}
if (kd.KeyCsp is RSACryptoServiceProvider)
{
return(KeyType.RSA);
}
else if (kd.KeyCsp is AesCryptoServiceProvider)
{
return(KeyType.AES);
}
else if (kd.KeyCsp is TripleDESCryptoServiceProvider)
{
return(KeyType.DES3);
}
else if (kd.KeyCsp is DSACryptoServiceProvider)
{
return(KeyType.DSA);
}
else if (kd.KeyCsp is SecretKey)
{
return(KeyType.GENERIC_SECRET);
}
else if (kd.KeyCsp is ECDsaCng)
{
return(KeyType.EC);
}
else if (kd.KeyCsp is ECDiffieHellmanCng)
{
return(KeyType.EC);
}
}
catch
{
}
unchecked
{
return((KeyType)(-1));
}
}
bool IKeyManagementDriver.GetPublicKeyData(int session, int hKey, IntPtr data, ref int dataLen)
{
try
{
SessionData ctx = ((SessionDriver)this.Hal.Session).GetSessionCtx(session);
KeyData kd = ctx.ObjectCtx.GetObject(hKey).Data as KeyData;
if (kd == null)
{
return(false);
}
if (kd.KeyCsp is RSACryptoServiceProvider)
{
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)kd.KeyCsp;
byte [] key = rsa.ExportCspBlob(false);
if (dataLen < key.Length)
{
return(false);
}
Marshal.Copy(key, 0, data, key.Length);
dataLen = key.Length;
}
else if (kd.KeyCsp is DSACryptoServiceProvider)
{
DSACryptoServiceProvider dsa = (DSACryptoServiceProvider)kd.KeyCsp;
byte[] key = dsa.ExportCspBlob(false);
if (dataLen < key.Length)
{
return(false);
}
Marshal.Copy(key, 0, data, key.Length);
dataLen = key.Length;
}
else if (kd.KeyCsp is ECDsaCng)
{
ECDsaCng cng = (ECDsaCng)kd.KeyCsp;
byte[] key = cng.Key.Export(CngKeyBlobFormat.EccPublicBlob);
if (dataLen < (key.Length - 8))
{
return(false);
}
Marshal.Copy(key, 8, data, key.Length - 8);
dataLen = key.Length - 8;
}
else if (kd.KeyCsp is ECDiffieHellmanCng)
{
ECDiffieHellmanCng cng = (ECDiffieHellmanCng)kd.KeyCsp;
byte[] key = cng.Key.Export(CngKeyBlobFormat.EccPublicBlob);
if (dataLen < (key.Length - 8))
{
return(false);
}
Marshal.Copy(key, 8, data, key.Length - 8);
dataLen = key.Length - 8;
}
else if (kd.KeyCsp is SecretKey)
{
SecretKey key = (SecretKey)kd.KeyCsp;
if (dataLen < key.Data.Length)
{
return(false);
}
Marshal.Copy(key.Data, 0, data, key.Data.Length);
dataLen = key.Data.Length;
}
else if (kd.KeyCsp is AesCryptoServiceProvider)
{
AesCryptoServiceProvider aes = (AesCryptoServiceProvider)kd.KeyCsp;
if (dataLen < aes.Key.Length)
{
return(false);
}
Marshal.Copy(aes.Key, 0, data, aes.Key.Length);
dataLen = aes.Key.Length;
}
else
{
return(false);
}
}
catch
{
return(false);
}
return(true);
}
bool IKeyManagementDriver.DeriveKey(int session, int alg, IntPtr pParam, int paramLen, int hBaseKey, out int hKey)
{
hKey = -1;
try
{
SessionData ctx = ((SessionDriver)this.Hal.Session).GetSessionCtx(session);
KeyData kd = ctx.ObjectCtx.GetObject(hBaseKey).Data as KeyData;
if (kd == null)
{
return(false);
}
switch ((AlgorithmType)alg)
{
case AlgorithmType.ECDH1_DERIVE:
ECDH_Params ecdh = new ECDH_Params(pParam, paramLen);
ECDiffieHellmanCng ec = kd.KeyCsp as ECDiffieHellmanCng;
ECDiffieHellmanCng cng = new ECDiffieHellmanCng(ec.Key);
byte[] pubData = new byte[ecdh.PublicData.Length + 8];
pubData[0] = (byte)'E';
pubData[1] = (byte)'C';
pubData[2] = (byte)'K';
switch (ec.KeySize)
{
case 521:
pubData[3] = (byte)'5';
pubData[4] = (byte)((521 + 7) / 8);
break;
case 384:
pubData[3] = (byte)'3';
pubData[4] = (byte)((384 + 7) / 8);
break;
case 256:
pubData[3] = (byte)'1';
pubData[4] = (byte)((256 + 7) / 8);
break;
}
pubData[5] = 0;
pubData[6] = 0;
pubData[7] = 0;
Array.Copy(ecdh.PublicData, 0, pubData, 8, ecdh.PublicData.Length);
//CngKey otherPublicKey = CngKey.Import(pubData, CngKeyBlobFormat.EccPublicBlob);
ECDiffieHellmanPublicKey otherPublicKey = ECDiffieHellmanCngPublicKey.FromByteArray(pubData, CngKeyBlobFormat.EccPublicBlob);
//byte[] otherKeyData = otherPublicKey.Export(CngKeyBlobFormat.EccPublicBlob);
//Debug.Print(otherKeyData[0].ToString());
switch (ecdh.kdf)
{
case AlgorithmType.NULL_KEY_DERIVATION:
cng.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
cng.HashAlgorithm = CngAlgorithm.Sha1;
break;
case AlgorithmType.SHA1_KEY_DERIVATION:
cng.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
cng.HashAlgorithm = CngAlgorithm.Sha1;
break;
case AlgorithmType.SHA256_KEY_DERIVATION:
cng.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
cng.HashAlgorithm = CngAlgorithm.Sha256;
break;
case AlgorithmType.SHA512_KEY_DERIVATION:
cng.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
cng.HashAlgorithm = CngAlgorithm.Sha512;
break;
case AlgorithmType.MD5_KEY_DERIVATION:
cng.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
cng.HashAlgorithm = CngAlgorithm.MD5;
break;
case AlgorithmType.SHA224_HMAC:
case AlgorithmType.TLS_MASTER_KEY_DERIVE_DH:
default:
return(false);
}
cng.SecretPrepend = null;
cng.SecretAppend = null;
byte[] keyData = cng.DeriveKeyMaterial(otherPublicKey);
SecretKey key = new SecretKey(keyData.Length * 8, keyData);
hKey = ctx.ObjectCtx.AddObject(CryptokiObjectType.Key, new KeyData(keyData, key));
break;
default:
return(false);
}
}
catch
{
return(false);
}
return(true);
}
private bool Init(int session, AlgorithmType alg, AlgorithmType hash, int hKey, bool isVerify)
{
//bool bRet = false;
try
{
SessionData ctx = ((SessionDriver)this.Hal.Session).GetSessionCtx(session);
KeyData kd = null;
CryptokiObject obj = ctx.ObjectCtx.GetObject(hKey);
if (obj == null)
{
return(false);
}
if (obj.Type == CryptokiObjectType.Key)
{
kd = obj.Data as KeyData;
}
else if (obj.Type == CryptokiObjectType.Cert)
{
X509Certificate2 cert = obj.Data as X509Certificate2;
kd = new KeyData(null, cert);
}
else
{
return(false);
}
byte[] keyData = kd.KeyBytes;
// remove
if (((uint)((uint)hash & (uint)CryptokiObjectMgrDriver.CryptokiAttribType.SIGN_NO_NODIGEST_FLAG)) != 0)
{
m_signHash = true;
hash = (AlgorithmType)((uint)hash & ~(uint)CryptokiObjectMgrDriver.CryptokiAttribType.SIGN_NO_NODIGEST_FLAG);
}
else
{
m_signHash = false;
}
switch (alg)
{
case AlgorithmType.RSA_PKCS:
{
RSACryptoServiceProvider csp;
SignatureData sigData = isVerify ? ctx.VerifyCtx : ctx.SignCtx;
if (keyData != null)
{
csp = new RSACryptoServiceProvider();
csp.ImportCspBlob(keyData);
}
else
{
X509Certificate2 cert = kd.KeyCsp as X509Certificate2;
if (isVerify)
{
csp = cert.PublicKey.Key as RSACryptoServiceProvider;
}
else
{
csp = cert.PrivateKey as RSACryptoServiceProvider;
}
}
if (isVerify)
{
sigData.SignObject = new RSAPKCS1SignatureDeformatter(csp);
}
else
{
sigData.SignObject = new RSAPKCS1SignatureFormatter(csp);
}
switch (hash)
{
case AlgorithmType.SHA_1:
sigData.SignHashAlg = new SHA1CryptoServiceProvider();
if (isVerify)
{
((AsymmetricSignatureDeformatter)sigData.SignObject).SetHashAlgorithm("SHA1");
}
else
{
((AsymmetricSignatureFormatter)sigData.SignObject).SetHashAlgorithm("SHA1");
}
break;
case AlgorithmType.SHA256:
sigData.SignHashAlg = new SHA256CryptoServiceProvider();
if (isVerify)
{
((AsymmetricSignatureDeformatter)sigData.SignObject).SetHashAlgorithm("SHA256");
}
else
{
((AsymmetricSignatureFormatter)sigData.SignObject).SetHashAlgorithm("SHA256");
}
break;
case AlgorithmType.SHA512:
sigData.SignHashAlg = new SHA512CryptoServiceProvider();
if (isVerify)
{
((AsymmetricSignatureDeformatter)sigData.SignObject).SetHashAlgorithm("SHA512");
}
else
{
((AsymmetricSignatureFormatter)sigData.SignObject).SetHashAlgorithm("SHA512");
}
break;
case AlgorithmType.MD5:
sigData.SignHashAlg = new MD5CryptoServiceProvider();
if (isVerify)
{
((AsymmetricSignatureDeformatter)sigData.SignObject).SetHashAlgorithm("MD5");
}
else
{
((AsymmetricSignatureFormatter)sigData.SignObject).SetHashAlgorithm("MD5");
}
break;
// no hash, means that we are signing a hash value
case (AlgorithmType)(uint.MaxValue):
break;
default:
return(false);
}
}
break;
case AlgorithmType.ECDSA:
{
ECDsaCng csp = kd.KeyCsp as ECDsaCng;
if (csp == null)
{
return(false);
}
SignatureData sigData = isVerify ? ctx.VerifyCtx : ctx.SignCtx;
sigData.SignObject = csp;
switch (hash)
{
case AlgorithmType.SHA_1:
csp.HashAlgorithm = CngAlgorithm.Sha1;
sigData.SignHashAlg = new SHA1CryptoServiceProvider();
break;
case AlgorithmType.SHA256:
csp.HashAlgorithm = CngAlgorithm.Sha256;
sigData.SignHashAlg = new SHA256CryptoServiceProvider();
break;
case AlgorithmType.SHA384:
csp.HashAlgorithm = CngAlgorithm.Sha384;
sigData.SignHashAlg = new SHA384CryptoServiceProvider();
break;
case AlgorithmType.SHA512:
csp.HashAlgorithm = CngAlgorithm.Sha512;
sigData.SignHashAlg = new SHA512CryptoServiceProvider();
break;
case AlgorithmType.MD5:
csp.HashAlgorithm = CngAlgorithm.MD5;
sigData.SignHashAlg = new MD5CryptoServiceProvider();
break;
default:
return(false);
}
}
break;
case AlgorithmType.DSA:
{
DSACryptoServiceProvider csp = new DSACryptoServiceProvider();
csp.ImportCspBlob(keyData);
SignatureData sigData = isVerify ? ctx.VerifyCtx : ctx.SignCtx;
if (isVerify)
{
sigData.SignObject = new DSASignatureDeformatter(csp);
}
else
{
sigData.SignObject = new DSASignatureFormatter(csp);
}
switch (hash)
{
case AlgorithmType.SHA_1:
sigData.SignHashAlg = new SHA1CryptoServiceProvider();
if (isVerify)
{
((AsymmetricSignatureDeformatter)sigData.SignObject).SetHashAlgorithm("SHA1");
}
else
{
((AsymmetricSignatureFormatter)sigData.SignObject).SetHashAlgorithm("SHA1");
}
break;
case AlgorithmType.SHA256:
sigData.SignHashAlg = new SHA256CryptoServiceProvider();
if (isVerify)
{
((AsymmetricSignatureDeformatter)sigData.SignObject).SetHashAlgorithm("SHA256");
}
else
{
((AsymmetricSignatureFormatter)sigData.SignObject).SetHashAlgorithm("SHA256");
}
break;
case AlgorithmType.SHA512:
sigData.SignHashAlg = new SHA512CryptoServiceProvider();
if (isVerify)
{
((AsymmetricSignatureDeformatter)sigData.SignObject).SetHashAlgorithm("SHA512");
}
else
{
((AsymmetricSignatureFormatter)sigData.SignObject).SetHashAlgorithm("SHA512");
}
break;
case AlgorithmType.MD5:
sigData.SignHashAlg = new MD5CryptoServiceProvider();
if (isVerify)
{
((AsymmetricSignatureDeformatter)sigData.SignObject).SetHashAlgorithm("MD5");
}
else
{
((AsymmetricSignatureFormatter)sigData.SignObject).SetHashAlgorithm("MD5");
}
break;
default:
return(false);
}
}
break;
default:
return(false);
}
}
catch (Exception e)
{
Debug.Print("Exception: " + e.Message);
return(false);
}
return(true);
}
bool IDigestDriver.DigestInit(int session, int alg, int hHmacKey)
{
try
{
SessionData ctx = ((SessionDriver)this.Hal.Session).GetSessionCtx(session);
byte[] hmacKey = null;
if (hHmacKey != -1)
{
KeyData kd = ctx.ObjectCtx.GetObject(hHmacKey).Data as KeyData;
if (kd == null)
{
return(false);
}
hmacKey = kd.KeyBytes;
}
switch ((AlgorithmType)alg)
{
case AlgorithmType.SHA_1:
ctx.DigestCtx.Digest = new SHA1CryptoServiceProvider();
break;
case AlgorithmType.SHA256:
ctx.DigestCtx.Digest = new SHA256CryptoServiceProvider();
break;
case AlgorithmType.SHA384:
ctx.DigestCtx.Digest = new SHA384CryptoServiceProvider();
break;
case AlgorithmType.SHA512:
ctx.DigestCtx.Digest = new SHA512CryptoServiceProvider();
break;
case AlgorithmType.MD5:
ctx.DigestCtx.Digest = new MD5CryptoServiceProvider();
break;
case AlgorithmType.RIPEMD160:
ctx.DigestCtx.Digest = new RIPEMD160Managed();
break;
case AlgorithmType.RIPEMD160_HMAC:
ctx.DigestCtx.Digest = new HMACRIPEMD160(hmacKey);
break;
case AlgorithmType.MD5_HMAC:
if (hmacKey == null)
{
return(false);
}
ctx.DigestCtx.Digest = new HMACMD5(hmacKey);
break;
case AlgorithmType.SHA_1_HMAC:
if (hmacKey == null)
{
return(false);
}
ctx.DigestCtx.Digest = new HMACSHA1(hmacKey);
break;
case AlgorithmType.SHA256_HMAC:
if (hmacKey == null)
{
return(false);
}
ctx.DigestCtx.Digest = new HMACSHA256(hmacKey);
break;
case AlgorithmType.SHA384_HMAC:
if (hmacKey == null)
{
return(false);
}
ctx.DigestCtx.Digest = new HMACSHA384(hmacKey);
break;
case AlgorithmType.SHA512_HMAC:
if (hmacKey == null)
{
return(false);
}
ctx.DigestCtx.Digest = new HMACSHA512(hmacKey);
break;
default:
return(false);
}
}
catch
{
return(false);
}
return(true);
}
bool IEncryptionDriver.EncryptInit(int session, int alg, IntPtr algParam, int algParamLen, int hKey)
{
try
{
SessionData ctx = ((SessionDriver)this.Hal.Session).GetSessionCtx(session);
KeyData kd = null;
CryptokiObject obj = ctx.ObjectCtx.GetObject(hKey);
if (obj == null)
{
return(false);
}
if (obj.Type == CryptokiObjectType.Key)
{
kd = obj.Data as KeyData;
}
else if (obj.Type == CryptokiObjectType.Cert)
{
X509Certificate2 cert = obj.Data as X509Certificate2;
AsymmetricAlgorithm encAlg = cert.PublicKey.Key;
kd = new KeyData(null, encAlg);
}
else
{
return(false);
}
byte[] keyData = kd.KeyBytes;
byte[] IV = null;
if (algParam != IntPtr.Zero)
{
IV = new byte[algParamLen];
Marshal.Copy(algParam, IV, 0, algParamLen);
}
ctx.EncryptCtx.CryptoAlgorithm = (AlgorithmType)alg;
switch ((AlgorithmType)alg)
{
case AlgorithmType.DES3_CBC_PAD:
{
TripleDESCryptoServiceProvider des3 = new TripleDESCryptoServiceProvider();
des3.Padding = PaddingMode.PKCS7;
ctx.EncryptCtx.CryptoObject = des3;
ctx.EncryptCtx.CryptoTransform = des3.CreateEncryptor(keyData, IV);
}
break;
case AlgorithmType.DES3_CBC:
{
TripleDESCryptoServiceProvider des3 = new TripleDESCryptoServiceProvider();
des3.Padding = PaddingMode.None;
ctx.EncryptCtx.CryptoObject = des3;
ctx.EncryptCtx.CryptoTransform = des3.CreateEncryptor(keyData, IV);
}
break;
case AlgorithmType.AES_CBC_PAD:
{
AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.CBC;
ctx.EncryptCtx.CryptoObject = aes;
ctx.EncryptCtx.CryptoTransform = aes.CreateEncryptor(keyData, IV);
}
break;
case AlgorithmType.AES_ECB_PAD:
{
AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.ECB;
ctx.EncryptCtx.CryptoObject = aes;
ctx.EncryptCtx.CryptoTransform = aes.CreateEncryptor(keyData, IV);
}
break;
case AlgorithmType.AES_CBC:
{
AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
aes.Padding = PaddingMode.None;
aes.Mode = CipherMode.CBC;
ctx.EncryptCtx.CryptoObject = aes;
ctx.EncryptCtx.CryptoTransform = aes.CreateEncryptor(keyData, IV);
}
break;
case AlgorithmType.AES_ECB:
{
AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
aes.Padding = PaddingMode.None;
aes.Mode = CipherMode.ECB;
ctx.EncryptCtx.CryptoObject = aes;
ctx.EncryptCtx.CryptoTransform = aes.CreateEncryptor(keyData, IV);
}
break;
case AlgorithmType.RSA_PKCS:
if (keyData == null)
{
ctx.EncryptCtx.CryptoObject = kd.KeyCsp as IDisposable;
}
else
{
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
ctx.EncryptCtx.CryptoObject = rsa;
rsa.ImportCspBlob(keyData);
ctx.EncryptCtx.CryptoTransform = null;
}
break;
case AlgorithmType.DSA:
case AlgorithmType.DSA_SHA1:
if (keyData == null)
{
ctx.EncryptCtx.CryptoObject = kd.KeyCsp as IDisposable;
}
else
{
DSACryptoServiceProvider dsa = new DSACryptoServiceProvider();
ctx.EncryptCtx.CryptoObject = dsa;
ctx.EncryptCtx.CryptoTransform = null;
dsa.ImportCspBlob(keyData);
}
break;
default:
return(false);
}
}
catch (Exception e)
{
Debug.Print(e.ToString());
return(false);
}
return(true);
}
