public void _HL_12_02_Digest_Gost3411_12_512_Test()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find firsst slot with token present
IRutokenSlot slot = Helpers.GetUsableSlot(pkcs11);
// Open RO session
using (ISession session = slot.OpenSession(SessionType.ReadOnly))
{
// Specify digesting mechanism
var mechanism = Settings.Factories.MechanismFactory.Create((CKM)Extended_CKM.CKM_GOSTR3411_12_512);
byte[] sourceData = TestData.Digest_Gost3411_SourceData;
// Digest data
byte[] digest = session.Digest(mechanism, sourceData);
byte[] targetData = TestData.Digest_Gost3411_12_512_TargetData;
// Do something interesting with digest value
Assert.IsTrue(Convert.ToBase64String(digest) == Convert.ToBase64String(targetData));
}
}
}
public static void Block(IRutokenSlot slot, RutokenType tokenType)
{
using var session = slot.OpenSession(SessionType.ReadWrite);
var wrongPin = tokenType == RutokenType.RUTOKEN ? _wrongPin1_RutokenS : _wrongPin1;
var wrongPin2 = tokenType == RutokenType.RUTOKEN ? _wrongPin2_RutokenS : _wrongPin2;
while (true)
{
try
{
session.Login(CKU.CKU_SO, wrongPin);
session.Logout();
// Если успешно залогинились, то логинимся еще с другим паролем
try
{
session.Login(CKU.CKU_SO, wrongPin2);
session.Logout();
}
catch (Pkcs11Exception ex) when(ex.RV == CKR.CKR_PIN_LOCKED)
{
return;
}
}
catch (Pkcs11Exception ex) when(ex.RV == CKR.CKR_PIN_LOCKED)
{
return;
}
catch
{
// ignored
}
}
}
public static void Format(IRutokenSlot slot,
string currentAdminPin,
string newAdminPin, string newUserPin, string tokenLabel, RutokenFlag policy,
uint minAdminPinLength, uint minUserPinLength, uint maxAdminAttempts, uint maxUserAttempts,
uint smMode)
{
var factory = new RutokenInitParamFactory();
var rutokenInitParam = factory.Create(
newAdminPin, newUserPin,
tokenLabel,
new List <RutokenFlag> {
policy
},
minAdminPinLength, minUserPinLength,
maxAdminAttempts, maxUserAttempts, smMode, true);
try
{
slot.InitTokenExtended(currentAdminPin, rutokenInitParam);
}
catch (Pkcs11Exception ex) when(ex.RV == CKR.CKR_PIN_INCORRECT)
{
throw new CKRException(ex.RV, Resources.IncorrectPin);
}
}
public static void Unlock(IRutokenSlot slot, string adminPin)
{
new PinUnlockOperation().Invoke(slot, new BaseTokenOperationParams
{
LoginType = CKU.CKU_SO,
LoginPin = adminPin
});
}
public static void Set(IRutokenSlot slot, string userPin, string tokenName)
{
new SetTokenNameOperation().Invoke(slot, new SetTokenNameOperationParams
{
LoginType = CKU.CKU_USER,
LoginPin = userPin,
TokenName = tokenName
});
}
public static void Change <TOperation>(IRutokenSlot slot,
string oldPin, string newPin, CKU loginType) where TOperation : BaseTokenOperation <PinChangeOperationParams>, new()
{
new TOperation().Invoke(slot, new PinChangeOperationParams
{
LoginType = loginType,
OldPin = oldPin,
NewPin = newPin
});
}
public static void Format(IRutokenSlot slot, string adminPin, IEnumerable <IVolumeFormatInfoExtended> volumeInfos)
{
try
{
slot.FormatDrive(CKU.CKU_SO, adminPin, volumeInfos);
}
catch (Pkcs11Exception ex) when(ex.RV == CKR.CKR_PIN_INCORRECT)
{
throw new CKRException(ex.RV, Resources.IncorrectAdminPin);
}
}
public static void ChangePin2(IRutokenSlot slot, uint pinId)
{
try
{
slot.SetPIN2(pinId);
}
catch (Pkcs11Exception ex) when(ex.RV == CKR.CKR_PIN_INCORRECT)
{
throw new CKRException(ex.RV, Resources.IncorrectPin);
}
}
public static void ChangeLocalPin(IRutokenSlot slot,
string userPin, string localPin, uint localPinId)
{
try
{
slot.SetLocalPIN(userPin, localPin, localPinId);
}
catch (Pkcs11Exception ex) when(ex.RV == CKR.CKR_PIN_INCORRECT)
{
throw new CKRException(ex.RV, Resources.IncorrectPin);
}
}
public static IEnumerable <byte[]> Generate(IRutokenSlot slot, string adminPin,
ActivationPasswordCharacterSet characterSet, uint smMode)
{
var operationParams = new GenerateActivationPasswordsOperationParams
{
LoginType = CKU.CKU_SO,
LoginPin = adminPin,
CharacterSet = characterSet,
SmMode = smMode
};
new GenerateActivationPasswordsOperation().Invoke(slot, operationParams);
return(operationParams.ActivationPasswords);
}
public void _HL_20_08_EncryptAndDecrypt_Magma_CTR_ACPKM_Test()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Установление соединения с Рутокен в первом доступном слоте
IRutokenSlot slot = Helpers.GetUsableSlot(pkcs11);
// Открытие RW сессии
using (ISession session = slot.OpenRutokenSession(SessionType.ReadWrite))
{
// Выполнение аутентификации пользователя
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Генерация ключей для шифрования Магма
// Generate symetric key
IObjectHandle generatedKey = Helpers.GenerateMagmaKey(session);
var random = new Random();
byte[] initVector = new byte[Settings.MAGMA_BLOCK_SIZE / 2];
random.NextBytes(initVector);
byte[] mechaismParams = new byte[Settings.CTR_ACPKM_PERIOD_SIZE + Settings.MAGMA_BLOCK_SIZE / 2];
mechaismParams[0] = 0x01;
mechaismParams[1] = 0x00;
mechaismParams[2] = 0x00;
mechaismParams[3] = 0x00;
Array.Copy(initVector, 0, mechaismParams, Settings.CTR_ACPKM_PERIOD_SIZE, initVector.Length);
var mechanism = Settings.Factories.MechanismFactory.Create((CKM)Extended_CKM.CKM_MAGMA_CTR_ACPKM, mechaismParams);
byte[] sourceData = TestData.Encrypt_Gost28147_89_ECB_SourceData;
// Encrypt data
byte[] encryptedData = session.Encrypt(mechanism, generatedKey, sourceData);
// Decrypt data
byte[] decryptedData = session.Decrypt(mechanism, generatedKey, encryptedData);
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData));
session.DestroyObject(generatedKey);
// Завершение сессии
session.Logout();
}
}
}
public static void Change(IRutokenSlot slot,
ChangeVolumeAttributesParams volumeAttributes)
{
try
{
slot.ChangeVolumeAttributes(
volumeAttributes.VolumeOwner,
volumeAttributes.OwnerPin,
(uint)volumeAttributes.VolumeId,
volumeAttributes.AccessMode,
volumeAttributes.Permanent);
}
catch (Pkcs11Exception ex) when(ex.RV == CKR.CKR_PIN_INCORRECT)
{
throw new CKRException(ex.RV, Resources.IncorrectVolumeOwnerPin);
}
}
public void Invoke(IRutokenSlot slot, T operationParams)
{
using var session = slot.OpenRutokenSession(SessionType.ReadWrite);
try
{
session.Login(operationParams.LoginType, operationParams.LoginPin);
}
catch (Pkcs11Exception ex) when(ex.RV == CKR.CKR_PIN_INCORRECT)
{
throw new CKRException(ex.RV, Resources.IncorrectPin);
}
try
{
Payload(session, operationParams);
}
finally
{
session.Logout();
}
}
public static string Generate(IRutokenSlot slot, RutokenType tokenType, uint pinLength)
{
using var session = slot.OpenSession(SessionType.ReadOnly);
var pin = new byte[pinLength];
for (var i = 0; i < pinLength; i++)
{
var random = session.GenerateRandom(2);
if (tokenType == RutokenType.PINPAD_FAMILY)
{
pin[i] = (byte)(random[1] % 10 + 0x30);
}
else
{
pin[i] = oneByteLetters[random[1] % oneByteLetters.Length];
}
}
return(Encoding.ASCII.GetString(pin));
}
public void _HL_12_01_Digest_SHA1_Test()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
IRutokenSlot slot = Helpers.GetUsableSlot(pkcs11);
// Open RO session
using (ISession session = slot.OpenSession(SessionType.ReadOnly))
{
// Specify digesting mechanism
var mechanism = Settings.Factories.MechanismFactory.Create(CKM.CKM_SHA_1);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
// Digest data
byte[] digest = session.Digest(mechanism, sourceData);
// Do something interesting with digest value
Assert.IsTrue(Convert.ToBase64String(digest) == "e1AsOh9IyGCa4hLN+2Od7jlnP14=");
}
}
}
public void _HL_20_06_EncryptAndDecrypt_Magma_ECB_Test()
{
using (var pkcs11 = Settings.Factories.RutokenPkcs11LibraryFactory.LoadRutokenPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Установление соединения с Рутокен в первом доступном слоте
IRutokenSlot slot = Helpers.GetUsableSlot(pkcs11);
// Открытие RW сессии
using (ISession session = slot.OpenRutokenSession(SessionType.ReadWrite))
{
// Выполнение аутентификации пользователя
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Генерация ключей для шифрования Магма
// Generate symetric key
IObjectHandle generatedKey = Helpers.GenerateMagmaKey(session);
var mechanism = Settings.Factories.MechanismFactory.Create((CKM)Extended_CKM.CKM_MAGMA_ECB);
byte[] sourceData = TestData.Encrypt_Gost28147_89_ECB_SourceData;
// Encrypt data
byte[] encryptedData = session.Encrypt(mechanism, generatedKey, sourceData);
// Decrypt data
byte[] decryptedData = session.Decrypt(mechanism, generatedKey, encryptedData);
Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData));
session.DestroyObject(generatedKey);
// Завершение сессии
session.Logout();
}
}
}
/// <summary>
/// Finds slot containing the token that matches criteria specified in Settings class
/// </summary>
/// <param name='pkcs11'>Initialized PKCS11 wrapper</param>
/// <returns>Slot containing the token that matches criteria</returns>
public static IRutokenSlot GetUsableSlot(IRutokenPkcs11Library pkcs11)
{
// Get list of available slots with token present
List <IRutokenSlot> slots = pkcs11.GetRutokenSlotList(SlotsType.WithTokenPresent);
Assert.IsNotNull(slots);
Assert.IsTrue(slots.Count > 0);
// First slot with token present is OK...
IRutokenSlot matchingSlot = slots[0];
// ...unless there are matching criteria specified in Settings class
if (Settings.TokenSerial != null || Settings.TokenLabel != null)
{
matchingSlot = null;
foreach (IRutokenSlot slot in slots)
{
ITokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
{
throw;
}
}
if (tokenInfo == null)
{
continue;
}
if (!string.IsNullOrEmpty(Settings.TokenSerial))
{
if (0 != string.Compare(Settings.TokenSerial, tokenInfo.SerialNumber, StringComparison.Ordinal))
{
continue;
}
}
if (!string.IsNullOrEmpty(Settings.TokenLabel))
{
if (0 != string.Compare(Settings.TokenLabel, tokenInfo.Label, StringComparison.Ordinal))
{
continue;
}
}
matchingSlot = slot;
break;
}
}
Assert.IsTrue(matchingSlot != null, "Token matching criteria specified in Settings class is not present");
return(matchingSlot);
}
