public void _01_BasicLoggingTest()
{
// Specify path to the log file
string logFilePath = Path.Combine(Path.GetTempPath(), @"Pkcs11Interop.log");
DeleteFile(logFilePath);
// Setup logger factory implementation
var loggerFactory = new SimplePkcs11InteropLoggerFactory();
loggerFactory.MinLogLevel = Pkcs11InteropLogLevel.Trace;
loggerFactory.DisableConsoleOutput();
loggerFactory.DisableDiagnosticsTraceOutput();
loggerFactory.EnableFileOutput(logFilePath);
// Set logger factory implementation that will be used by Pkcs11Interop library
Pkcs11InteropLoggerFactory.SetLoggerFactory(loggerFactory);
// Use Pkcs11Interop library as usual
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
ILibraryInfo libraryInfo = pkcs11Library.GetInfo();
// Verify that log file was created and contains some logs
Assert.IsTrue(File.Exists(logFilePath));
Assert.IsTrue(File.ReadAllText(logFilePath).Contains("Loading PKCS#11 library"));
}
DeleteFile(logFilePath);
}
public Pkcs11Signature(string libraryPath, ulong slotId)
{
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, libraryPath, AppType.MultiThreaded);
slot = pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent).Find(slot => slot.SlotId == slotId);
}
public void _03_GetObjectSizeTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Create object
IObjectHandle objectHandle = Helpers.CreateDataObject(session);
// Determine object size
ulong objectSize = session.GetObjectSize(objectHandle);
// Do something interesting with object size
Assert.IsTrue(objectSize > 0);
session.DestroyObject(objectHandle);
session.Logout();
}
}
}
public void _01_CreateDestroyObjectTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Prepare attribute template of new data object
List <IObjectAttribute> objectAttributes = new List <IObjectAttribute>();
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_DATA));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_APPLICATION, Settings.ApplicationName));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, Settings.ApplicationName));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.Create(CKA.CKA_VALUE, "Data object content"));
// Create object
IObjectHandle objectHandle = session.CreateObject(objectAttributes);
// Do something interesting with new object
// Destroy object
session.DestroyObject(objectHandle);
session.Logout();
}
}
}
public void _01_GetAttributeValueTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Create object
IObjectHandle objectHandle = Helpers.CreateDataObject(session);
// Prepare list of empty attributes we want to read
List <CKA> attributes = new List <CKA>();
attributes.Add(CKA.CKA_LABEL);
attributes.Add(CKA.CKA_VALUE);
// Get value of specified attributes
List <IObjectAttribute> objectAttributes = session.GetAttributeValue(objectHandle, attributes);
// Do something interesting with attribute value
Assert.IsTrue(objectAttributes[0].GetValueAsString() == Settings.ApplicationName);
session.DestroyObject(objectHandle);
session.Logout();
}
}
}
public void _02_CopyObjectTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Create object that can be copied
IObjectHandle objectHandle = Helpers.CreateDataObject(session);
// Copy object
IObjectHandle copiedObjectHandle = session.CopyObject(objectHandle, null);
// Do something interesting with new object
session.DestroyObject(copiedObjectHandle);
session.DestroyObject(objectHandle);
session.Logout();
}
}
}
public void _03_DigestKeyTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate symetric key
IObjectHandle generatedKey = Helpers.GenerateKey(session);
// Specify digesting mechanism
IMechanism mechanism = Settings.Factories.MechanismFactory.Create(CKM.CKM_SHA_1);
// Digest key
byte[] digest = session.DigestKey(mechanism, generatedKey);
// Do something interesting with digest value
Assert.IsNotNull(digest);
session.DestroyObject(generatedKey);
session.Logout();
}
}
}
public void _01_GenerateKeyTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Prepare attribute template of new key
List <IObjectAttribute> objectAttributes = new List <IObjectAttribute>();
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true));
// Specify key generation mechanism
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_DES3_KEY_GEN);
// Generate key
IObjectHandle objectHandle = session.GenerateKey(mechanism, objectAttributes);
// Do something interesting with generated key
// Destroy object
session.DestroyObject(objectHandle);
session.Logout();
}
}
}
public void _01_GetFunctionStatusTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RO (read-only) session
using (ISession session = slot.OpenSession(SessionType.ReadOnly))
{
// Legacy functions should always return CKR_FUNCTION_NOT_PARALLEL
try
{
session.GetFunctionStatus();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_FUNCTION_NOT_PARALLEL)
{
throw;
}
}
}
}
}
protected virtual void Dispose(bool disposing)
{
if (!this._disposed)
{
if (disposing)
{
// Dispose managed objects
if (Slots != null)
{
for (int i = 0; i < Slots.Count; i++)
{
Slots[i].Dispose();
Slots[i] = null;
}
}
if (_pkcs11Library != null)
{
_pkcs11Library.Dispose();
_pkcs11Library = null;
}
}
// Dispose unmanaged objects
_disposed = true;
}
}
public void _02_FindAllObjectsTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Let's create two objects so we can find something
IObjectHandle objectHandle1 = Helpers.CreateDataObject(session);
IObjectHandle objectHandle2 = Helpers.CreateDataObject(session);
// Prepare attribute template that defines search criteria
List <IObjectAttribute> objectAttributes = new List <IObjectAttribute>();
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_DATA));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
// Find all objects that match provided attributes
List <IObjectHandle> foundObjects = session.FindAllObjects(objectAttributes);
// Do something interesting with found objects
Assert.IsTrue(foundObjects.Count >= 2);
session.DestroyObject(objectHandle2);
session.DestroyObject(objectHandle1);
session.Logout();
}
}
}
public Pkcs11Library(string libraryPath, string loggerPath = null)
{
_path = libraryPath;
Pkcs11InteropFactories factories = Pkcs11Admin.Instance.Factories;
try
{
_pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, loggerPath ?? libraryPath, AppType.MultiThreaded);
}
catch (Pkcs11Exception ex)
{
if (ex.RV == CKR.CKR_CANT_LOCK)
{
_pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, loggerPath ?? libraryPath, AppType.SingleThreaded);
}
else
{
throw;
}
}
Info = GetPkcs11LibraryInfo();
Slots = GetPkcs11Slots();
}
public void _01_BasicInitTokenAndPinTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
ITokenInfo tokenInfo = slot.GetTokenInfo();
// Check if token needs to be initialized
if (!tokenInfo.TokenFlags.TokenInitialized)
{
// Initialize token and SO (security officer) pin
slot.InitToken(Settings.SecurityOfficerPin, Settings.ApplicationName);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as SO (security officer)
session.Login(CKU.CKU_SO, Settings.SecurityOfficerPin);
// Initialize user pin
session.InitPin(Settings.NormalUserPin);
session.Logout();
}
}
}
}
public void _02_DigestMultiPartTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RO session
using (ISession session = slot.OpenSession(SessionType.ReadOnly))
{
// Specify digesting mechanism
IMechanism mechanism = Settings.Factories.MechanismFactory.Create(CKM.CKM_SHA_1);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
byte[] digest = null;
// Multipart digesting can be used i.e. for digesting of streamed data
using (MemoryStream inputStream = new MemoryStream(sourceData))
{
// Digest data
digest = session.Digest(mechanism, inputStream);
}
// Do something interesting with digest value
Assert.IsTrue(ConvertUtils.BytesToBase64String(digest) == "e1AsOh9IyGCa4hLN+2Od7jlnP14=");
}
}
}
public void _03_SetAttributeValueTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Create object
IObjectHandle objectHandle = Helpers.CreateDataObject(session);
// Prepare list of attributes we want to set
List <IObjectAttribute> objectAttributes = new List <IObjectAttribute>();
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, Settings.ApplicationName + "_2"));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VALUE, "New data object content"));
// Set attributes
session.SetAttributeValue(objectHandle, objectAttributes);
// Do something interesting with modified object
session.DestroyObject(objectHandle);
session.Logout();
}
}
}
public void _02_GenerateKeyPairTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// The CKA_ID attribute is intended as a means of distinguishing multiple key pairs held by the same subject
byte[] ckaId = session.GenerateRandom(20);
// Prepare attribute template of new public key
List <IObjectAttribute> publicKeyAttributes = new List <IObjectAttribute>();
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, false));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, Settings.ApplicationName));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VERIFY, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VERIFY_RECOVER, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_WRAP, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODULUS_BITS, 1024));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }));
// Prepare attribute template of new private key
List <IObjectAttribute> privateKeyAttributes = new List <IObjectAttribute>();
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, Settings.ApplicationName));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SENSITIVE, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SIGN, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SIGN_RECOVER, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_UNWRAP, true));
// Specify key generation mechanism
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN);
// Generate key pair
IObjectHandle publicKeyHandle = null;
IObjectHandle privateKeyHandle = null;
session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle);
// Do something interesting with generated key pair
// Destroy keys
session.DestroyObject(privateKeyHandle);
session.DestroyObject(publicKeyHandle);
session.Logout();
}
}
}
public void _02_EncryptAndDecryptMultiPartTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate symetric key
IObjectHandle generatedKey = Helpers.GenerateKey(session);
// Generate random initialization vector
byte[] iv = session.GenerateRandom(8);
// Specify encryption mechanism with initialization vector as parameter
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_DES3_CBC, iv);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Our new password");
byte[] encryptedData = null;
byte[] decryptedData = null;
// Multipart encryption can be used i.e. for encryption of streamed data
using (MemoryStream inputStream = new MemoryStream(sourceData), outputStream = new MemoryStream())
{
// Encrypt data
// Note that in real world application we would rather use bigger read buffer i.e. 4096
session.Encrypt(mechanism, generatedKey, inputStream, outputStream, 8);
// Read whole output stream to the byte array so we can compare results more easily
encryptedData = outputStream.ToArray();
}
// Do something interesting with encrypted data
// Multipart decryption can be used i.e. for decryption of streamed data
using (MemoryStream inputStream = new MemoryStream(encryptedData), outputStream = new MemoryStream())
{
// Decrypt data
// Note that in real world application we would rather use bigger read buffer i.e. 4096
session.Decrypt(mechanism, generatedKey, inputStream, outputStream, 8);
// Read whole output stream to the byte array so we can compare results more easily
decryptedData = outputStream.ToArray();
}
// Do something interesting with decrypted data
Assert.IsTrue(ConvertUtils.BytesToBase64String(sourceData) == ConvertUtils.BytesToBase64String(decryptedData));
session.DestroyObject(generatedKey);
session.Logout();
}
}
}
public void _02_UsingPkcs11DisposeTest()
{
// Instance of class implementing IPkcs11Library interface can be used in using statement
// which defines a scope at the end of which an object will be disposed.
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Do something interesting
}
}
public void _03_SingleThreadedInitializeTest()
{
// If an application will not be accessing PKCS#11 library from multiple threads simultaneously,
// it should specify "AppType.SingleThreaded" as a value of "appType" parameter.
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, AppType.SingleThreaded))
{
// Do something interesting
}
}
public void _01_BasicGetInfoTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
ILibraryInfo libraryInfo = pkcs11Library.GetInfo();
// Do something interesting with library information
Assert.IsFalse(String.IsNullOrEmpty(libraryInfo.ManufacturerId));
}
}
public void _04_MultiThreadedInitializeTest()
{
// If an application will be accessing PKCS#11 library from multiple threads simultaneously,
// it should specify "AppType.MultiThreaded" as a value of "appType" parameter.
// PKCS#11 library will use the native operation system threading model for locking.
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, AppType.MultiThreaded))
{
// Do something interesting
}
}
public void _01_BasicSignEncryptAndDecryptVerifyTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate asymetric key pair
IObjectHandle publicKey = null;
IObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify signing mechanism
IMechanism signingMechanism = session.Factories.MechanismFactory.Create(CKM.CKM_SHA1_RSA_PKCS);
// Generate symetric key
IObjectHandle secretKey = Helpers.GenerateKey(session);
// Generate random initialization vector
byte[] iv = session.GenerateRandom(8);
// Specify encryption mechanism with initialization vector as parameter
IMechanism encryptionMechanism = session.Factories.MechanismFactory.Create(CKM.CKM_DES3_CBC, iv);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Passw0rd");
// Sign and encrypt data
byte[] signature = null;
byte[] encryptedData = null;
session.SignEncrypt(signingMechanism, privateKey, encryptionMechanism, secretKey, sourceData, out signature, out encryptedData);
// Do something interesting with signature and encrypted data
// Decrypt data and verify signature of data
byte[] decryptedData = null;
bool isValid = false;
session.DecryptVerify(signingMechanism, publicKey, encryptionMechanism, secretKey, encryptedData, signature, out decryptedData, out isValid);
// Do something interesting with decrypted data and verification result
Assert.IsTrue(ConvertUtils.BytesToBase64String(sourceData) == ConvertUtils.BytesToBase64String(decryptedData));
Assert.IsTrue(isValid);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.DestroyObject(secretKey);
session.Logout();
}
}
}
public void _05_Pkcs11WithGetFunctionListTest()
{
// Before an application can perform any cryptographic operations with PKCS#11 library
// it has to obtain function pointers for all the Cryptoki API routines present in the library.
// This can be done either via C_GetFunctionList() function or via platform specific native function - GetProcAddress() on Windows and dlsym() on Unix.
// InitType enum can be used to specify which approach should be used.
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType, InitType.WithFunctionList))
{
// Do something interesting
}
}
public void _03_WaitForSlotEventTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Wait for a slot event
bool eventOccured = false;
ulong slotId = 0;
pkcs11Library.WaitForSlotEvent(WaitType.NonBlocking, out eventOccured, out slotId);
Assert.IsFalse(eventOccured);
}
}
/// <summary>
/// Obtains a list of all PKCS#11 URI matching slots
/// </summary>
/// <param name="pkcs11Uri">PKCS#11 URI</param>
/// <param name="pkcs11Library">High level PKCS#11 wrapper</param>
/// <param name="slotsType">Type of slots to be obtained</param>
/// <returns>List of slots matching PKCS#11 URI</returns>
public static List <ISlot> GetMatchingSlotList(Pkcs11Uri pkcs11Uri, IPkcs11Library pkcs11Library, SlotsType slotsType)
{
if (pkcs11Uri == null)
{
throw new ArgumentNullException("pkcs11Uri");
}
if (pkcs11Library == null)
{
throw new ArgumentNullException("pkcs11Library");
}
List <ISlot> matchingSlots = new List <ISlot>();
ILibraryInfo libraryInfo = pkcs11Library.GetInfo();
if (!Matches(pkcs11Uri, libraryInfo))
{
return(matchingSlots);
}
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent);
if ((slots == null) || (slots.Count == 0))
{
return(matchingSlots);
}
foreach (ISlot slot in slots)
{
ISlotInfo slotInfo = slot.GetSlotInfo();
if (Matches(pkcs11Uri, slotInfo))
{
if (slotInfo.SlotFlags.TokenPresent)
{
ITokenInfo tokenInfo = slot.GetTokenInfo();
if (Matches(pkcs11Uri, tokenInfo))
{
matchingSlots.Add(slot);
}
}
else
{
if (slotsType == SlotsType.WithOrWithoutTokenPresent && Pkcs11UriSharedUtils.Matches(pkcs11Uri, null, null, null, null))
{
matchingSlots.Add(slot);
}
}
}
}
return(matchingSlots);
}
public void _01_SlotListTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Get list of available slots
List <ISlot> slots = pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent);
// Do something interesting with slots
Assert.IsNotNull(slots);
Assert.IsTrue(slots.Count > 0);
}
}
public void _01_BasicPkcs11DisposeTest()
{
// Unmanaged PKCS#11 library is usually loaded by the constructor of class implementing IPkcs11Library interface.
// Every PKCS#11 library needs to be initialized with C_Initialize method which is also called automatically by the constructor mentioned above.
IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType);
// Do something interesting
// Unmanaged PKCS#11 library is usually unloaded by Dispose() method of class implementing IPkcs11Library interface.
// C_Finalize should be the last call made by an application and it is also called automatically by Dispose() method mentioned above.
pkcs11Library.Dispose();
}
public void _01_BasicWrapAndUnwrapKeyTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate asymetric key pair
IObjectHandle publicKey = null;
IObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Generate symetric key
IObjectHandle secretKey = Helpers.GenerateKey(session);
// Specify wrapping mechanism
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_RSA_PKCS);
// Wrap key
byte[] wrappedKey = session.WrapKey(mechanism, publicKey, secretKey);
// Do something interesting with wrapped key
Assert.IsNotNull(wrappedKey);
// Define attributes for unwrapped key
List <IObjectAttribute> objectAttributes = new List <IObjectAttribute>();
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DERIVE, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXTRACTABLE, true));
// Unwrap key
IObjectHandle unwrappedKey = session.UnwrapKey(mechanism, privateKey, wrappedKey, objectAttributes);
// Do something interesting with unwrapped key
Assert.IsTrue(unwrappedKey.ObjectId != CK.CK_INVALID_HANDLE);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.DestroyObject(secretKey);
session.Logout();
}
}
}
public void _02_SignAndVerifyMultiPartTest()
{
using (IPkcs11Library pkcs11Library = Settings.Factories.Pkcs11LibraryFactory.LoadPkcs11Library(Settings.Factories, Settings.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11Library);
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(CKU.CKU_USER, Settings.NormalUserPin);
// Generate key pair
IObjectHandle publicKey = null;
IObjectHandle privateKey = null;
Helpers.GenerateKeyPair(session, out publicKey, out privateKey);
// Specify signing mechanism
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_SHA1_RSA_PKCS);
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world");
byte[] signature = null;
bool isValid = false;
// Multipart signing can be used i.e. for signing of streamed data
using (MemoryStream inputStream = new MemoryStream(sourceData))
{
// Sign data
// Note that in real world application we would rather use bigger read buffer i.e. 4096
signature = session.Sign(mechanism, privateKey, inputStream, 8);
}
// Do something interesting with signature
// Multipart verification can be used i.e. for signature verification of streamed data
using (MemoryStream inputStream = new MemoryStream(sourceData))
{
// Verify signature
// Note that in real world application we would rather use bigger read buffer i.e. 4096
session.Verify(mechanism, publicKey, inputStream, signature, out isValid, 8);
}
// Do something interesting with verification result
Assert.IsTrue(isValid);
session.DestroyObject(privateKey);
session.DestroyObject(publicKey);
session.Logout();
}
}
}
public void TestAccess()
{
// Specify the path to unmanaged PKCS#11 library provided by the cryptographic device vendor
string pkcs11LibraryPath = @"d:\Program Files\SoftHSM2\lib\softhsm2-x64.dll";
// Create factories used by Pkcs11Interop library
Pkcs11InteropFactories factories = new Pkcs11InteropFactories();
// Load unmanaged PKCS#11 library
using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, pkcs11LibraryPath, AppType.MultiThreaded))
{
// Show general information about loaded library
ILibraryInfo libraryInfo = pkcs11Library.GetInfo();
Console.WriteLine("Library");
Console.WriteLine(" Manufacturer: " + libraryInfo.ManufacturerId);
Console.WriteLine(" Description: " + libraryInfo.LibraryDescription);
Console.WriteLine(" Version: " + libraryInfo.LibraryVersion);
// Get list of all available slots
foreach (ISlot slot in pkcs11Library.GetSlotList(SlotsType.WithOrWithoutTokenPresent))
{
// Show basic information about slot
ISlotInfo slotInfo = slot.GetSlotInfo();
Console.WriteLine();
Console.WriteLine("Slot");
Console.WriteLine(" Manufacturer: " + slotInfo.ManufacturerId);
Console.WriteLine(" Description: " + slotInfo.SlotDescription);
Console.WriteLine(" Token present: " + slotInfo.SlotFlags.TokenPresent);
if (slotInfo.SlotFlags.TokenPresent)
{
// Show basic information about token present in the slot
ITokenInfo tokenInfo = slot.GetTokenInfo();
Console.WriteLine("Token");
Console.WriteLine(" Manufacturer: " + tokenInfo.ManufacturerId);
Console.WriteLine(" Model: " + tokenInfo.Model);
Console.WriteLine(" Serial number: " + tokenInfo.SerialNumber);
Console.WriteLine(" Label: " + tokenInfo.Label);
// Show list of mechanisms (algorithms) supported by the token
Console.WriteLine("Supported mechanisms: ");
foreach (CKM mechanism in slot.GetMechanismList())
{
Console.WriteLine(" " + mechanism);
}
}
}
}
}