|
public static GenerateKeyPair ( |
||
| session | Read-write session with user logged in | |
| publicKeyHandle | Output parameter for public key object handle | |
| privateKeyHandle | Output parameter for private key object handle | |
| 리턴 | void | |
public void _01_BasicSignEncryptAndDecryptVerifyTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate asymetric key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify signing mechanism
Mechanism signingMechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS);
// Generate symetric key
ObjectHandle secretKey = Helpers.GenerateKey(session);
// Generate random initialization vector
byte[] iv = session.GenerateRandom(8);
// Specify encryption mechanism with initialization vector as parameter
Mechanism encryptionMechanism = new Mechanism(CKM.CKM_DES3_CBC, iv);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Passw0rd");
// Sign and encrypt data
byte[] signature = null;
byte[] encryptedData = null;
session.SignEncrypt(signingMechanism, privateKey, encryptionMechanism, secretKey, sourceData, out signature, out encryptedData);
// Do something interesting with signature and encrypted data
// Decrypt data and verify signature of data
byte[] decryptedData = null;
bool isValid = false;
session.DecryptVerify(signingMechanism, publicKey, encryptionMechanism, secretKey, encryptedData, signature, out decryptedData, out isValid);
// Do something interesting with decrypted data and verification result
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData));
Assert.IsTrue(isValid);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.DestroyObject(secretKey);
session.Logout();
}
}
}
public void _01_BasicWrapAndUnwrapKeyTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate asymetric key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Generate symetric key
ObjectHandle secretKey = Helpers.GenerateKey(session);
// Specify wrapping mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS);
// Wrap key
byte[] wrappedKey = session.WrapKey(mechanism, publicKey, secretKey);
// Do something interesting with wrapped key
Assert.IsNotNull(wrappedKey);
// Define attributes for unwrapped key
List <ObjectAttribute> objectAttributes = new List <ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_DERIVE, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_EXTRACTABLE, true));
// Unwrap key
ObjectHandle unwrappedKey = session.UnwrapKey(mechanism, privateKey, wrappedKey, objectAttributes);
// Do something interesting with unwrapped key
Assert.IsTrue(unwrappedKey.ObjectId != CK.CK_INVALID_HANDLE);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.DestroyObject(secretKey);
session.Logout();
}
}
}
public void _02_SignAndVerifyMultiPartTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify signing mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
byte[] signature = null;
bool isValid = false;
// Multipart signing can be used i.e. for signing of streamed data
using (MemoryStream inputStream = new MemoryStream(sourceData))
{
// Sign data
// Note that in real world application we would rather use bigger read buffer i.e. 4096
signature = session.Sign(mechanism, privateKey, inputStream, 8);
}
// Do something interesting with signature
// Multipart verification can be used i.e. for signature verification of streamed data
using (MemoryStream inputStream = new MemoryStream(sourceData))
{
// Verify signature
// Note that in real world application we would rather use bigger read buffer i.e. 4096
session.Verify(mechanism, publicKey, inputStream, signature, out isValid, 8);
}
// Do something interesting with verification result
Assert.IsTrue(isValid);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
public void _03_EncryptAndDecryptSinglePartOaepTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify mechanism parameters
CkRsaPkcsOaepParams mechanismParams = new CkRsaPkcsOaepParams((ulong)CKM.CKM_SHA_1, (ulong)CKG.CKG_MGF1_SHA1, (ulong)CKZ.CKZ_DATA_SPECIFIED, null);
// Specify encryption mechanism with parameters
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_OAEP, mechanismParams);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
// Encrypt data
byte[] encryptedData = session.Encrypt(mechanism, publicKey, sourceData);
// Do something interesting with encrypted data
// Decrypt data
byte[] decryptedData = session.Decrypt(mechanism, privateKey, encryptedData);
// Do something interesting with decrypted data
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData));
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
public void _01_BasicSignAndVerifyRecoverTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify signing mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
// Sign data
byte[] signature = session.SignRecover(mechanism, privateKey, sourceData);
// Do something interesting with signature
// Verify signature
bool isValid = false;
byte[] recoveredData = session.VerifyRecover(mechanism, publicKey, signature, out isValid);
// Do something interesting with verification result and recovered data
Assert.IsTrue(isValid);
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(recoveredData));
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
public void _01_SignAndVerifySinglePartTest()
{
Helpers.CheckPlatform();
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify signing mechanism
Mechanism mechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
// Sign data
byte[] signature = session.Sign(mechanism, privateKey, sourceData);
// Do something interesting with signature
// Verify signature
bool isValid = false;
session.Verify(mechanism, publicKey, sourceData, signature, out isValid);
// Do something interesting with verification result
Assert.IsTrue(isValid);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
public void _02_GetInvalidAttributeValueTest()
{
if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(false))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Prepare list of empty attributes we want to read
List <CKA> attributes = new List <CKA>();
attributes.Add(CKA.CKA_LABEL);
attributes.Add(CKA.CKA_VALUE);
// Get value of specified attributes
List <ObjectAttribute> objectAttributes = session.GetAttributeValue(privateKey, attributes);
// Do something interesting with attribute value
Assert.IsTrue(objectAttributes[0].GetValueAsString() == Settings.ApplicationName);
Assert.IsTrue(objectAttributes[1].CannotBeRead == true);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
public void _02_GetInvalidAttributeValueTest()
{
Helpers.CheckPlatform();
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
Slot slot = Helpers.GetUsableSlot(pkcs11);
// Open RW session
using (Session session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
ObjectHandle publicKey = null;
ObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Prepare list of empty attributes we want to read
List <CKA> attributes = new List <CKA>();
attributes.Add(CKA.CKA_LABEL);
attributes.Add(CKA.CKA_VALUE);
// Get value of specified attributes
List <ObjectAttribute> objectAttributes = session.GetAttributeValue(privateKey, attributes);
// Do something interesting with attribute value
Assert.IsTrue(objectAttributes[0].GetValueAsString() == Settings.ApplicationName);
Assert.IsTrue(objectAttributes[1].CannotBeRead == true);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
