public void _02_CancelFunctionTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RO (read-only) session
using (Session session = slot.OpenSession(true))
{
// Legacy functions should always return CKR_FUNCTION_NOT_PARALLEL
try
{
session.CancelFunction();
} catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_FUNCTION_NOT_PARALLEL)
throw;
}
}
}
}
public void _01_BasicInitTokenAndPinTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
TokenInfo tokenInfo = slot.GetTokenInfo();
// Check if token needs to be initialized
if (!tokenInfo.TokenFlags.TokenInitialized)
{
// Initialize token and SO (security officer) pin
slot.InitToken(Settings.SecurityOfficerPin, Settings.ApplicationName);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as SO (security officer)
session.Login(CKU.CKU_SO, Settings.SecurityOfficerPin);
// Initialize user pin
session.InitPin(Settings.NormalUserPin);
session.Logout();
}
}
}
}
public void _01_BasicOperationStateTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RO (read-only) session
using (Session session = slot.OpenSession(true))
{
// Get operation state
byte[] state = session.GetOperationState();
// Do something interesting with operation state
Assert.IsNotNull(state);
// Let's set state so the test is complete
// Note that CK_INVALID_HANDLE is passed in as encryptionKey and authenticationKey
session.SetOperationState(state, new ObjectHandle(), new ObjectHandle());
}
}
}
public void _02_DigestMultiPartTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RO session
using (Session session = slot.OpenSession(true))
{
// Specify digesting mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_SHA_1);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
byte[] digest = null;
// Multipart digesting can be used i.e. for digesting of streamed data
using (MemoryStream inputStream = new MemoryStream(sourceData))
{
// Digest data
digest = session.Digest(mechanism, inputStream);
}
// Do something interesting with digest value
Assert.IsTrue(Convert.ToBase64String(digest) == "e1AsOh9IyGCa4hLN+2Od7jlnP14=");
}
}
}
public void _02_CopyObjectTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Create object that can be copied
ObjectHandle objectHandle = Helpers.CreateDataObject(session);
// Copy object
ObjectHandle copiedObjectHandle = session.CopyObject(objectHandle, null);
// Do something interesting with new object
session.DestroyObject(copiedObjectHandle);
session.DestroyObject(objectHandle);
session.Logout();
}
}
}
public void _01_GetAttributeValueTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Create object
ObjectHandle objectHandle = Helpers.CreateDataObject(session);
// Prepare list of empty attributes we want to read
List<CKA> attributes = new List<CKA>();
attributes.Add(CKA.CKA_LABEL);
attributes.Add(CKA.CKA_VALUE);
// Get value of specified attributes
List<ObjectAttribute> objectAttributes = session.GetAttributeValue(objectHandle, attributes);
// Do something interesting with attribute value
Assert.IsTrue(objectAttributes[0].GetValueAsString() == Settings.ApplicationName);
session.DestroyObject(objectHandle);
session.Logout();
}
}
}
public void _01_BasicSignEncryptAndDecryptVerifyTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate asymetric key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify signing mechanism
Mechanism signingMechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS);
// Generate symetric key
ObjectHandle secretKey = Helpers.GenerateKey(session);
// Generate random initialization vector
byte[] iv = session.GenerateRandom(8);
// Specify encryption mechanism with initialization vector as parameter
Mechanism encryptionMechanism = new Mechanism(CKM.CKM_DES3_CBC, iv);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Passw0rd");
// Sign and encrypt data
byte[] signature = null;
byte[] encryptedData = null;
session.SignEncrypt(signingMechanism, privateKey, encryptionMechanism, secretKey, sourceData, out signature, out encryptedData);
// Do something interesting with signature and encrypted data
// Decrypt data and verify signature of data
byte[] decryptedData = null;
bool isValid = false;
session.DecryptVerify(signingMechanism, publicKey, encryptionMechanism, secretKey, encryptedData, signature, out decryptedData, out isValid);
// Do something interesting with decrypted data and verification result
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData));
Assert.IsTrue(isValid);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.DestroyObject(secretKey);
session.Logout();
}
}
}
public void _01_BasicWrapAndUnwrapKeyTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate asymetric key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Generate symetric key
ObjectHandle secretKey = Helpers.GenerateKey(session);
// Specify wrapping mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS);
// Wrap key
byte[] wrappedKey = session.WrapKey(mechanism, publicKey, secretKey);
// Do something interesting with wrapped key
Assert.IsNotNull(wrappedKey);
// Define attributes for unwrapped key
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_DERIVE, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_EXTRACTABLE, true));
// Unwrap key
ObjectHandle unwrappedKey = session.UnwrapKey(mechanism, privateKey, wrappedKey, objectAttributes);
// Do something interesting with unwrapped key
Assert.IsTrue(unwrappedKey.ObjectId != CK.CK_INVALID_HANDLE);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.DestroyObject(secretKey);
session.Logout();
}
}
}
public void _03_SingleThreadedInitializeTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
// If an application will not be accessing PKCS#11 library from multiple threads
// simultaneously, it should specify "false" as a value of "useOsLocking" parameter.
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, false))
{
// Do something interesting
}
}
public void _02_UsingPkcs11DisposeTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
// Pkcs11 class can be used in using statement which defines a scope
// at the end of which an object will be disposed.
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Do something interesting
}
}
public void _01_BasicGetInfoTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
LibraryInfo libraryInfo = pkcs11.GetInfo();
// Do something interesting with library information
Assert.IsFalse(String.IsNullOrEmpty(libraryInfo.ManufacturerId));
}
}
public void _01_BasicDigestEncryptAndDecryptDigestTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate symetric key
ObjectHandle generatedKey = Helpers.GenerateKey(session);
// Generate random initialization vector
byte[] iv = session.GenerateRandom(8);
// Specify encryption mechanism with initialization vector as parameter
Mechanism encryptionMechanism = new Mechanism(CKM.CKM_DES3_CBC, iv);
// Specify digesting mechanism
Mechanism digestingMechanism = new Mechanism(CKM.CKM_SHA_1);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Our new password");
// Encrypt and digest data
byte[] digest1 = null;
byte[] encryptedData = null;
session.DigestEncrypt(digestingMechanism, encryptionMechanism, generatedKey, sourceData, out digest1, out encryptedData);
// Do something interesting with encrypted data and digest
// Decrypt and digest data
byte[] digest2 = null;
byte[] decryptedData = null;
session.DecryptDigest(digestingMechanism, encryptionMechanism, generatedKey, encryptedData, out digest2, out decryptedData);
// Do something interesting with decrypted data and digest
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData));
Assert.IsTrue(Convert.ToBase64String(digest1) == Convert.ToBase64String(digest2));
session.DestroyObject(generatedKey);
session.Logout();
}
}
}
public void _02_LibraryInfoMatches()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
LibraryInfo libraryInfo = pkcs11.GetInfo();
// Empty URI
Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:");
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// Unknown path attribute in URI
pkcs11uri = new Pkcs11Uri(@"pkcs11:vendor=foobar");
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// All attributes matching
Pkcs11UriBuilder pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.LibraryManufacturer = libraryInfo.ManufacturerId;
pkcs11UriBuilder.LibraryDescription = libraryInfo.LibraryDescription;
pkcs11UriBuilder.LibraryVersion = libraryInfo.LibraryVersion;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// LibraryManufacturer nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.LibraryManufacturer = "foobar";
pkcs11UriBuilder.LibraryDescription = libraryInfo.LibraryDescription;
pkcs11UriBuilder.LibraryVersion = libraryInfo.LibraryVersion;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// LibraryDescription nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.LibraryManufacturer = libraryInfo.ManufacturerId;
pkcs11UriBuilder.LibraryDescription = "foobar";
pkcs11UriBuilder.LibraryVersion = libraryInfo.LibraryVersion;
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
// LibraryVersion nonmatching
pkcs11UriBuilder = new Pkcs11UriBuilder();
pkcs11UriBuilder.LibraryManufacturer = libraryInfo.ManufacturerId;
pkcs11UriBuilder.LibraryDescription = libraryInfo.LibraryDescription;
pkcs11UriBuilder.LibraryVersion = "0";
pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri();
Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, libraryInfo));
}
}
/// <summary>
/// Finds slot containing the token that matches criteria specified in Settings class
/// </summary>
/// <param name='pkcs11'>Initialized PKCS11 wrapper</param>
/// <returns>Slot containing the token that matches criteria</returns>
public static Slot GetUsableSlot(Pkcs11 pkcs11)
{
// Get list of available slots with token present
List<Slot> slots = pkcs11.GetSlotList(true);
Assert.IsNotNull(slots);
Assert.IsTrue(slots.Count > 0);
// First slot with token present is OK...
Slot matchingSlot = slots[0];
// ...unless there are matching criteria specified in Settings class
if (Settings.TokenSerial != null || Settings.TokenLabel != null)
{
matchingSlot = null;
foreach (Slot slot in slots)
{
TokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
throw;
}
if (tokenInfo == null)
continue;
if (!string.IsNullOrEmpty(Settings.TokenSerial))
if (0 != string.Compare(Settings.TokenSerial, tokenInfo.SerialNumber, StringComparison.Ordinal))
continue;
if (!string.IsNullOrEmpty(Settings.TokenLabel))
if (0 != string.Compare(Settings.TokenLabel, tokenInfo.Label, StringComparison.Ordinal))
continue;
matchingSlot = slot;
break;
}
}
Assert.IsTrue(matchingSlot != null, "Token matching criteria specified in Settings class is not present");
return matchingSlot;
}
public void _01_SlotListTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Get list of available slots
List<Slot> slots = pkcs11.GetSlotList(false);
// Do something interesting with slots
Assert.IsNotNull(slots);
Assert.IsTrue(slots.Count > 0);
}
}
public void _01_BasicTokenInfoTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Get token info
TokenInfo tokenInfo = slot.GetTokenInfo();
// Do something interesting with token info
Assert.IsFalse(String.IsNullOrEmpty(tokenInfo.ManufacturerId));
}
}
public void _01_BasicPkcs11DisposeTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
// Unmanaged PKCS#11 library is loaded by the constructor of Pkcs11 class.
// Every PKCS#11 library needs to be initialized with C_Initialize method
// which is also called automatically by the constructor of Pkcs11 class.
Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking);
// Do something interesting
// Unmanaged PKCS#11 library is unloaded by Dispose() method.
// C_Finalize should be the last call made by an application and it
// is also called automatically by Dispose() method.
pkcs11.Dispose();
}
public void _01_BasicSignAndVerifyRecoverTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify signing mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
// Sign data
byte[] signature = session.SignRecover(mechanism, privateKey, sourceData);
// Do something interesting with signature
// Verify signature
bool isValid = false;
byte[] recoveredData = session.VerifyRecover(mechanism, publicKey, signature, out isValid);
// Do something interesting with verification result and recovered data
Assert.IsTrue(isValid);
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(recoveredData));
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
public void _02_UsingSessionTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Session class can be used in using statement which defines a scope
// at the end of which the session will be closed automatically.
using (Session session = slot.OpenSession(true))
{
// Do something interesting in RO session
}
}
}
public void _01_BasicObjectFindingTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Let's create two objects so we can find something
ObjectHandle objectHandle1 = Helpers.CreateDataObject(session);
ObjectHandle objectHandle2 = Helpers.CreateDataObject(session);
// Prepare attribute template that defines search criteria
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_DATA));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
// Initialize searching
session.FindObjectsInit(objectAttributes);
// Get search results
List<ObjectHandle> foundObjects = session.FindObjects(2);
// Terminate searching
session.FindObjectsFinal();
// Do something interesting with found objects
Assert.IsTrue(foundObjects.Count == 2);
Assert.IsTrue((foundObjects[0].ObjectId != CK.CK_INVALID_HANDLE) && (foundObjects[1].ObjectId != CK.CK_INVALID_HANDLE));
session.DestroyObject(objectHandle2);
session.DestroyObject(objectHandle1);
session.Logout();
}
}
}
public void _01_BasicSessionTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RO (read-only) session
Session session = slot.OpenSession(true);
// Do something interesting in RO session
// Close session
session.CloseSession();
}
}
public void _01_SeedRandomTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RO (read-only) session
using (Session session = slot.OpenSession(true))
{
// Mix additional seed material into the token's random number generator
byte[] seed = ConvertUtils.Utf8StringToBytes("Additional seed material");
session.SeedRandom(seed);
// Do something interesting with random number generator
}
}
}
public void _02_BasicSlotListAndInfoTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Get list of available slots
List<Slot> slots = pkcs11.GetSlotList(false);
// Do something interesting with slots
Assert.IsNotNull(slots);
Assert.IsTrue(slots.Count > 0);
// Analyze first slot
SlotInfo slotInfo = slots[0].GetSlotInfo();
// Do something interesting with slot info
Assert.IsNotNull(slotInfo.ManufacturerId);
}
}
public void _02_GenerateRandomTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RO (read-only) session
using (Session session = slot.OpenSession(true))
{
// Get random or pseudo-random data
byte[] randomData = session.GenerateRandom(256);
// Do something interesting with random data
Assert.IsTrue(randomData.Length == 256);
}
}
}
public void _01_BasicDeriveKeyTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate symetric key
ObjectHandle baseKey = Helpers.GenerateKey(session);
// Generate random data needed for key derivation
byte[] data = session.GenerateRandom(24);
// Specify mechanism parameters
CkKeyDerivationStringData mechanismParams = new CkKeyDerivationStringData(data);
// Specify derivation mechanism with parameters
Mechanism mechanism = new Mechanism(CKM.CKM_XOR_BASE_AND_DATA, mechanismParams);
// Derive key
ObjectHandle derivedKey = session.DeriveKey(mechanism, baseKey, null);
// Do something interesting with derived key
Assert.IsTrue(derivedKey.ObjectId != CK.CK_INVALID_HANDLE);
session.DestroyObject(baseKey);
session.DestroyObject(derivedKey);
session.Logout();
}
}
}
public void _02_SecurityOfficerLoginTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as SO (security officer)
session.Login(CKU.CKU_SO, Settings.SecurityOfficerPin);
// Do something interesting as security officer
session.Logout();
}
}
}
public void _01_BasicMechanismListAndInfoTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Get supported mechanisms
List<CKM> mechanisms = slot.GetMechanismList();
Assert.IsTrue(mechanisms.Count > 0);
// Analyze first supported mechanism
MechanismInfo mechanismInfo = slot.GetMechanismInfo(mechanisms[0]);
// Do something interesting with mechanism info
Assert.IsNotNull(mechanismInfo.MechanismFlags);
}
}
public void _01_GenerateKeyTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Prepare attribute template of new key
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
// Specify key generation mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_DES3_KEY_GEN);
// Generate key
ObjectHandle objectHandle = session.GenerateKey(mechanism, objectAttributes);
// Do something interesting with generated key
// Destroy object
session.DestroyObject(objectHandle);
session.Logout();
}
}
}
public void _01_BasicSetPinTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Set new pin for the logged in user
session.SetPin(Settings.NormalUserPin, Settings.NormalUserPin);
session.Logout();
}
}
}
public void _01_CreateDestroyObjectTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1)
Assert.Inconclusive("Test cannot be executed on this platform");
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Prepare attribute template of new data object
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_DATA));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_APPLICATION, Settings.ApplicationName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, "Data object content"));
// Create object
ObjectHandle objectHandle = session.CreateObject(objectAttributes);
// Do something interesting with new object
// Destroy object
session.DestroyObject(objectHandle);
session.Logout();
}
}
}