public void _01_EjectTokenTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { LibraryInfo libraryInfo = pkcs11.GetInfo(); if (libraryInfo.LibraryDescription != "Mock module" && libraryInfo.ManufacturerId != "Pkcs11Interop Project") Assert.Inconclusive("Test cannot be executed with this PKCS#11 library"); // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Eject token via vendor specific function C_EjectToken slot.EjectToken(); } }
public void _06_GetMatchingSlotList() { if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 0) { Assert.Inconclusive("Test cannot be executed on this platform"); } using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { CKR rv = pkcs11.C_Initialize(Settings.InitArgs40); Assert.IsTrue(rv == CKR.CKR_OK); // Get all slots uint allSlotsCount = 0; rv = pkcs11.C_GetSlotList(true, null, ref allSlotsCount); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(allSlotsCount > 0); uint[] allSlots = new uint[allSlotsCount]; rv = pkcs11.C_GetSlotList(true, allSlots, ref allSlotsCount); Assert.IsTrue(rv == CKR.CKR_OK); // Empty URI Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:"); uint[] matchedSlots = null; rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(matchedSlots.Length == allSlots.Length); // Unknown path attribute in URI pkcs11uri = new Pkcs11Uri(@"pkcs11:vendor=foobar"); rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(matchedSlots.Length == 0); // All attributes matching one slot CK_INFO libraryInfo = new CK_INFO(); rv = pkcs11.C_GetInfo(ref libraryInfo); Assert.IsTrue(rv == CKR.CKR_OK); CK_SLOT_INFO slotInfo = new CK_SLOT_INFO(); rv = pkcs11.C_GetSlotInfo(allSlots[0], ref slotInfo); Assert.IsTrue(rv == CKR.CKR_OK); CK_TOKEN_INFO tokenInfo = new CK_TOKEN_INFO(); rv = pkcs11.C_GetTokenInfo(allSlots[0], ref tokenInfo); Assert.IsTrue(rv == CKR.CKR_OK); Pkcs11UriBuilder pkcs11UriBuilder = new Pkcs11UriBuilder(); pkcs11UriBuilder.LibraryManufacturer = ConvertUtils.BytesToUtf8String(libraryInfo.ManufacturerId, true); pkcs11UriBuilder.LibraryDescription = ConvertUtils.BytesToUtf8String(libraryInfo.LibraryDescription, true); pkcs11UriBuilder.LibraryVersion = libraryInfo.LibraryVersion.ToString(); pkcs11UriBuilder.SlotManufacturer = ConvertUtils.BytesToUtf8String(slotInfo.ManufacturerId, true); pkcs11UriBuilder.SlotDescription = ConvertUtils.BytesToUtf8String(slotInfo.SlotDescription, true); pkcs11UriBuilder.SlotId = allSlots[0]; pkcs11UriBuilder.Token = ConvertUtils.BytesToUtf8String(tokenInfo.Label, true); pkcs11UriBuilder.Manufacturer = ConvertUtils.BytesToUtf8String(tokenInfo.ManufacturerId, true); pkcs11UriBuilder.Serial = ConvertUtils.BytesToUtf8String(tokenInfo.SerialNumber, true); pkcs11UriBuilder.Model = ConvertUtils.BytesToUtf8String(tokenInfo.Model, true); pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri(); rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(matchedSlots.Length == 1); // One attribute nonmatching pkcs11UriBuilder.Serial = "foobar"; pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri(); rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(matchedSlots.Length == 0); rv = pkcs11.C_Finalize(IntPtr.Zero); Assert.IsTrue(rv == CKR.CKR_OK); } }
public void _02_GenerateKeyPairTest() { if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1) { Assert.Inconclusive("Test cannot be executed on this platform"); } using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(SessionType.ReadWrite)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // The CKA_ID attribute is intended as a means of distinguishing multiple key pairs held by the same subject byte[] ckaId = session.GenerateRandom(20); // Prepare attribute template of new public key List <ObjectAttribute> publicKeyAttributes = new List <ObjectAttribute>(); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY_RECOVER, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_WRAP, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_MODULUS_BITS, 1024)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 })); // Prepare attribute template of new private key List <ObjectAttribute> privateKeyAttributes = new List <ObjectAttribute>(); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true)); // Specify key generation mechanism Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN); // Generate key pair ObjectHandle publicKeyHandle = null; ObjectHandle privateKeyHandle = null; session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle); // Do something interesting with generated key pair // Destroy keys session.DestroyObject(privateKeyHandle); session.DestroyObject(publicKeyHandle); session.Logout(); } } }
public void _01_BasicOperationStateTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs40); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); // Open RO (read-only) session NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, CKF.CKF_SERIAL_SESSION, IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Get length of state in first call NativeULong stateLen = 0; rv = pkcs11.C_GetOperationState(session, null, ref stateLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(stateLen > 0); // Allocate array for state byte[] state = new byte[stateLen]; // Get state in second call rv = pkcs11.C_GetOperationState(session, state, ref stateLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Let's set state so the test is complete rv = pkcs11.C_SetOperationState(session, state, ConvertUtils.UInt32FromInt32(state.Length), CK.CK_INVALID_HANDLE, CK.CK_INVALID_HANDLE); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _01_SignAndVerifySinglePartTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs41); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, NativeLongUtils.ConvertFromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate asymetric key pair NativeULong pubKeyId = CK.CK_INVALID_HANDLE; NativeULong privKeyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKeyPair(pkcs11, session, ref pubKeyId, ref privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify signing mechanism (needs no parameter => no unamanaged memory is needed) CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_SHA1_RSA_PKCS); // Initialize signing operation rv = pkcs11.C_SignInit(session, ref mechanism, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); // Get length of signature in first call NativeULong signatureLen = 0; rv = pkcs11.C_Sign(session, sourceData, NativeLongUtils.ConvertFromInt32(sourceData.Length), null, ref signatureLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(signatureLen > 0); // Allocate array for signature byte[] signature = new byte[signatureLen]; // Get signature in second call rv = pkcs11.C_Sign(session, sourceData, NativeLongUtils.ConvertFromInt32(sourceData.Length), signature, ref signatureLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with signature // Initialize verification operation rv = pkcs11.C_VerifyInit(session, ref mechanism, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Verify signature rv = pkcs11.C_Verify(session, sourceData, NativeLongUtils.ConvertFromInt32(sourceData.Length), signature, NativeLongUtils.ConvertFromInt32(signature.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with verification result rv = pkcs11.C_DestroyObject(session, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_DestroyObject(session, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
/// <summary> /// Obtains a list of all slots where token that matches PKCS#11 URI is present /// </summary> /// <param name="pkcs11Uri">PKCS#11 URI</param> /// <param name="pkcs11">Low level PKCS#11 wrapper</param> /// <param name="tokenPresent">Flag indicating whether the list obtained includes only those slots with a token present (true), or all slots (false)</param> /// <param name="slotList">List of slots matching PKCS#11 URI</param> /// <returns>CKR_OK if successful; any other value otherwise</returns> public static CKR GetMatchingSlotList(Pkcs11Uri pkcs11Uri, Pkcs11 pkcs11, bool tokenPresent, out ulong[] slotList) { if (pkcs11Uri == null) { throw new ArgumentNullException("pkcs11Uri"); } if (pkcs11 == null) { throw new ArgumentNullException("pkcs11"); } List <ulong> matchingSlots = new List <ulong>(); // Get library information CK_INFO libraryInfo = new CK_INFO(); CKR rv = pkcs11.C_GetInfo(ref libraryInfo); if (rv != CKR.CKR_OK) { slotList = new ulong[0]; return(rv); } // Check whether library matches URI if (!Matches(pkcs11Uri, libraryInfo)) { slotList = new ulong[0]; return(CKR.CKR_OK); } // Get number of slots in first call ulong slotCount = 0; rv = pkcs11.C_GetSlotList(false, null, ref slotCount); if (rv != CKR.CKR_OK) { slotList = new ulong[0]; return(rv); } if (slotCount < 1) { slotList = new ulong[0]; return(CKR.CKR_OK); } // Allocate array for slot IDs ulong[] slots = new ulong[slotCount]; // Get slot IDs in second call rv = pkcs11.C_GetSlotList(tokenPresent, slots, ref slotCount); if (rv != CKR.CKR_OK) { slotList = new ulong[0]; return(rv); } // Shrink array if needed if (slots.Length != Convert.ToInt32(slotCount)) { Array.Resize(ref slots, Convert.ToInt32(slotCount)); } // Match slots with Pkcs11Uri foreach (ulong slot in slots) { CK_SLOT_INFO slotInfo = new CK_SLOT_INFO(); rv = pkcs11.C_GetSlotInfo(slot, ref slotInfo); if (rv != CKR.CKR_OK) { slotList = new ulong[0]; return(rv); } // Check whether slot matches URI if (Matches(pkcs11Uri, slotInfo, slot)) { if ((slotInfo.Flags & CKF.CKF_TOKEN_PRESENT) == CKF.CKF_TOKEN_PRESENT) { CK_TOKEN_INFO tokenInfo = new CK_TOKEN_INFO(); rv = pkcs11.C_GetTokenInfo(slot, ref tokenInfo); if (rv != CKR.CKR_OK) { slotList = new ulong[0]; return(rv); } // Check whether token matches URI if (Matches(pkcs11Uri, tokenInfo)) { matchingSlots.Add(slot); } } else { if (!tokenPresent && Pkcs11UriSharedUtils.Matches(pkcs11Uri, null, null, null, null)) { matchingSlots.Add(slot); } } } } slotList = matchingSlots.ToArray(); return(CKR.CKR_OK); }
public void _03_EncryptAndDecryptSinglePartOaepTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs80); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, ConvertUtils.UInt64FromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate asymetric key pair NativeULong pubKeyId = CK.CK_INVALID_HANDLE; NativeULong privKeyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKeyPair(pkcs11, session, ref pubKeyId, ref privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify mechanism parameters CK_RSA_PKCS_OAEP_PARAMS mechanismParams = new CK_RSA_PKCS_OAEP_PARAMS(); mechanismParams.HashAlg = ConvertUtils.UInt64FromCKM(CKM.CKM_SHA_1); mechanismParams.Mgf = ConvertUtils.UInt64FromCKG(CKG.CKG_MGF1_SHA1); mechanismParams.Source = ConvertUtils.UInt64FromUInt32(CKZ.CKZ_DATA_SPECIFIED); mechanismParams.SourceData = IntPtr.Zero; mechanismParams.SourceDataLen = 0; // Specify encryption mechanism with parameters // Note that CkmUtils.CreateMechanism() automaticaly copies mechanismParams into newly allocated unmanaged memory. CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_RSA_PKCS_OAEP, mechanismParams); // Initialize encryption operation rv = pkcs11.C_EncryptInit(session, ref mechanism, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); // Get length of encrypted data in first call NativeULong encryptedDataLen = 0; rv = pkcs11.C_Encrypt(session, sourceData, ConvertUtils.UInt64FromInt32(sourceData.Length), null, ref encryptedDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(encryptedDataLen > 0); // Allocate array for encrypted data byte[] encryptedData = new byte[encryptedDataLen]; // Get encrypted data in second call rv = pkcs11.C_Encrypt(session, sourceData, ConvertUtils.UInt64FromInt32(sourceData.Length), encryptedData, ref encryptedDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with encrypted data // Initialize decryption operation rv = pkcs11.C_DecryptInit(session, ref mechanism, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Get length of decrypted data in first call NativeULong decryptedDataLen = 0; rv = pkcs11.C_Decrypt(session, encryptedData, ConvertUtils.UInt64FromInt32(encryptedData.Length), null, ref decryptedDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(decryptedDataLen > 0); // Allocate array for decrypted data byte[] decryptedData = new byte[decryptedDataLen]; // Get decrypted data in second call rv = pkcs11.C_Decrypt(session, encryptedData, ConvertUtils.UInt64FromInt32(encryptedData.Length), decryptedData, ref decryptedDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Array may need to be shrinked if (decryptedData.Length != ConvertUtils.UInt64ToInt32(decryptedDataLen)) { Array.Resize(ref decryptedData, ConvertUtils.UInt64ToInt32(decryptedDataLen)); } // Do something interesting with decrypted data Assert.IsTrue(ConvertUtils.BytesToBase64String(sourceData) == ConvertUtils.BytesToBase64String(decryptedData)); // In LowLevelAPI we have to free unmanaged memory taken by mechanism parameter UnmanagedMemory.Free(ref mechanism.Parameter); mechanism.ParameterLen = 0; rv = pkcs11.C_DestroyObject(session, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_DestroyObject(session, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _02_SetAttributeValueTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs40); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, ConvertUtils.UInt32FromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Create object NativeULong objectId = CK.CK_INVALID_HANDLE; rv = Helpers.CreateDataObject(pkcs11, session, ref objectId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Prepare list of attributes we want to set CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[2]; template[0] = CkaUtils.CreateAttribute(CKA.CKA_LABEL, "Hello world"); template[1] = CkaUtils.CreateAttribute(CKA.CKA_VALUE, "New data object content"); // Set attributes rv = pkcs11.C_SetAttributeValue(session, objectId, template, ConvertUtils.UInt32FromInt32(template.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // In LowLevelAPI we have to free unmanaged memory taken by attributes for (int i = 0; i < template.Length; i++) { UnmanagedMemory.Free(ref template[i].value); template[i].valueLen = 0; } rv = pkcs11.C_DestroyObject(session, objectId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _01_GetAttributeValueTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs40); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, ConvertUtils.UInt32FromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Create object NativeULong objectId = CK.CK_INVALID_HANDLE; rv = Helpers.CreateDataObject(pkcs11, session, ref objectId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Prepare list of empty attributes we want to read CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[2]; template[0] = CkaUtils.CreateAttribute(CKA.CKA_LABEL); template[1] = CkaUtils.CreateAttribute(CKA.CKA_VALUE); // Get size of each individual attribute value in first call rv = pkcs11.C_GetAttributeValue(session, objectId, template, ConvertUtils.UInt32FromInt32(template.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // In LowLevelAPI we have to allocate unmanaged memory for attribute value for (int i = 0; i < template.Length; i++) { template[i].value = UnmanagedMemory.Allocate(ConvertUtils.UInt32ToInt32(template[i].valueLen)); } // Get attribute value in second call rv = pkcs11.C_GetAttributeValue(session, objectId, template, ConvertUtils.UInt32FromInt32(template.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with attribute value byte[] ckaLabel = UnmanagedMemory.Read(template[0].value, ConvertUtils.UInt32ToInt32(template[0].valueLen)); Assert.IsTrue(ConvertUtils.BytesToBase64String(ckaLabel) == ConvertUtils.BytesToBase64String(Settings.ApplicationNameArray)); // In LowLevelAPI we have to free unmanaged memory taken by attributes for (int i = 0; i < template.Length; i++) { UnmanagedMemory.Free(ref template[i].value); template[i].valueLen = 0; } rv = pkcs11.C_DestroyObject(session, objectId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _01_GenerateKeyTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs81); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, NativeLongUtils.ConvertFromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Prepare attribute template of new key CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[4]; template[0] = CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY); template[1] = CkaUtils.CreateAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3); template[2] = CkaUtils.CreateAttribute(CKA.CKA_ENCRYPT, true); template[3] = CkaUtils.CreateAttribute(CKA.CKA_DECRYPT, true); // Specify key generation mechanism (needs no parameter => no unamanaged memory is needed) CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_DES3_KEY_GEN); // Generate key NativeULong keyId = CK.CK_INVALID_HANDLE; rv = pkcs11.C_GenerateKey(session, ref mechanism, template, NativeLongUtils.ConvertFromInt32(template.Length), ref keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // In LowLevelAPI we have to free unmanaged memory taken by attributes for (int i = 0; i < template.Length; i++) { UnmanagedMemory.Free(ref template[i].value); template[i].valueLen = 0; } // Do something interesting with generated key // Destroy object rv = pkcs11.C_DestroyObject(session, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _01_BasicSignAndVerifyRecoverTest() { if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1) { Assert.Inconclusive("Test cannot be executed on this platform"); } CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs81); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present ulong slotId = Helpers.GetUsableSlot(pkcs11); ulong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, Convert.ToUInt64(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate asymetric key pair ulong pubKeyId = CK.CK_INVALID_HANDLE; ulong privKeyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKeyPair(pkcs11, session, ref pubKeyId, ref privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify signing mechanism (needs no parameter => no unamanaged memory is needed) CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_RSA_PKCS); // Initialize signing operation rv = pkcs11.C_SignRecoverInit(session, ref mechanism, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); // Get length of signature in first call ulong signatureLen = 0; rv = pkcs11.C_SignRecover(session, sourceData, Convert.ToUInt64(sourceData.Length), null, ref signatureLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(signatureLen > 0); // Allocate array for signature byte[] signature = new byte[signatureLen]; // Get signature in second call rv = pkcs11.C_SignRecover(session, sourceData, Convert.ToUInt64(sourceData.Length), signature, ref signatureLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with signature // Initialize verification operation rv = pkcs11.C_VerifyRecoverInit(session, ref mechanism, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Get length of recovered data in first call ulong recoveredDataLen = 0; rv = pkcs11.C_VerifyRecover(session, signature, Convert.ToUInt64(signature.Length), null, ref recoveredDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(recoveredDataLen > 0); // Allocate array for recovered data byte[] recoveredData = new byte[recoveredDataLen]; // Verify signature and get recovered data in second call rv = pkcs11.C_VerifyRecover(session, signature, Convert.ToUInt64(signature.Length), recoveredData, ref recoveredDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with verification result and recovered data Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(recoveredData)); rv = pkcs11.C_DestroyObject(session, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_DestroyObject(session, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _02_GenerateKeyPairTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs81); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, NativeLongUtils.ConvertFromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // The CKA_ID attribute is intended as a means of distinguishing multiple key pairs held by the same subject byte[] ckaId = new byte[20]; rv = pkcs11.C_GenerateRandom(session, ckaId, NativeLongUtils.ConvertFromInt32(ckaId.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Prepare attribute template of new public key CK_ATTRIBUTE[] pubKeyTemplate = new CK_ATTRIBUTE[10]; pubKeyTemplate[0] = CkaUtils.CreateAttribute(CKA.CKA_TOKEN, true); pubKeyTemplate[1] = CkaUtils.CreateAttribute(CKA.CKA_PRIVATE, false); pubKeyTemplate[2] = CkaUtils.CreateAttribute(CKA.CKA_LABEL, Settings.ApplicationName); pubKeyTemplate[3] = CkaUtils.CreateAttribute(CKA.CKA_ID, ckaId); pubKeyTemplate[4] = CkaUtils.CreateAttribute(CKA.CKA_ENCRYPT, true); pubKeyTemplate[5] = CkaUtils.CreateAttribute(CKA.CKA_VERIFY, true); pubKeyTemplate[6] = CkaUtils.CreateAttribute(CKA.CKA_VERIFY_RECOVER, true); pubKeyTemplate[7] = CkaUtils.CreateAttribute(CKA.CKA_WRAP, true); pubKeyTemplate[8] = CkaUtils.CreateAttribute(CKA.CKA_MODULUS_BITS, 1024); pubKeyTemplate[9] = CkaUtils.CreateAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }); // Prepare attribute template of new private key CK_ATTRIBUTE[] privKeyTemplate = new CK_ATTRIBUTE[9]; privKeyTemplate[0] = CkaUtils.CreateAttribute(CKA.CKA_TOKEN, true); privKeyTemplate[1] = CkaUtils.CreateAttribute(CKA.CKA_PRIVATE, true); privKeyTemplate[2] = CkaUtils.CreateAttribute(CKA.CKA_LABEL, Settings.ApplicationName); privKeyTemplate[3] = CkaUtils.CreateAttribute(CKA.CKA_ID, ckaId); privKeyTemplate[4] = CkaUtils.CreateAttribute(CKA.CKA_SENSITIVE, true); privKeyTemplate[5] = CkaUtils.CreateAttribute(CKA.CKA_DECRYPT, true); privKeyTemplate[6] = CkaUtils.CreateAttribute(CKA.CKA_SIGN, true); privKeyTemplate[7] = CkaUtils.CreateAttribute(CKA.CKA_SIGN_RECOVER, true); privKeyTemplate[8] = CkaUtils.CreateAttribute(CKA.CKA_UNWRAP, true); // Specify key generation mechanism (needs no parameter => no unamanaged memory is needed) CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN); // Generate key pair NativeULong pubKeyId = CK.CK_INVALID_HANDLE; NativeULong privKeyId = CK.CK_INVALID_HANDLE; rv = pkcs11.C_GenerateKeyPair(session, ref mechanism, pubKeyTemplate, NativeLongUtils.ConvertFromInt32(pubKeyTemplate.Length), privKeyTemplate, NativeLongUtils.ConvertFromInt32(privKeyTemplate.Length), ref pubKeyId, ref privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // In LowLevelAPI we have to free unmanaged memory taken by attributes for (int i = 0; i < privKeyTemplate.Length; i++) { UnmanagedMemory.Free(ref privKeyTemplate[i].value); privKeyTemplate[i].valueLen = 0; } for (int i = 0; i < pubKeyTemplate.Length; i++) { UnmanagedMemory.Free(ref pubKeyTemplate[i].value); pubKeyTemplate[i].valueLen = 0; } // Do something interesting with generated key pair // Destroy object rv = pkcs11.C_DestroyObject(session, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_DestroyObject(session, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _01_BasicOperationStateTest() { if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 1) { Assert.Inconclusive("Test cannot be executed on this platform"); } CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs41); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present uint slotId = Helpers.GetUsableSlot(pkcs11); // Open RO (read-only) session uint session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, CKF.CKF_SERIAL_SESSION, IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Get length of state in first call uint stateLen = 0; rv = pkcs11.C_GetOperationState(session, null, ref stateLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(stateLen > 0); // Allocate array for state byte[] state = new byte[stateLen]; // Get state in second call rv = pkcs11.C_GetOperationState(session, state, ref stateLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Let's set state so the test is complete rv = pkcs11.C_SetOperationState(session, state, Convert.ToUInt32(state.Length), CK.CK_INVALID_HANDLE, CK.CK_INVALID_HANDLE); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _01_BasicDeriveKeyTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs81); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); // Open RW session NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, NativeLongUtils.ConvertFromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate symetric key NativeULong baseKeyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKey(pkcs11, session, ref baseKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate random data needed for key derivation byte[] data = new byte[24]; rv = pkcs11.C_GenerateRandom(session, data, NativeLongUtils.ConvertFromInt32(data.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify mechanism parameters // Note that we are allocating unmanaged memory that will have to be freed later CK_KEY_DERIVATION_STRING_DATA mechanismParams = new CK_KEY_DERIVATION_STRING_DATA(); mechanismParams.Data = UnmanagedMemory.Allocate(data.Length); UnmanagedMemory.Write(mechanismParams.Data, data); mechanismParams.Len = NativeLongUtils.ConvertFromInt32(data.Length); // Specify derivation mechanism with parameters // Note that CkmUtils.CreateMechanism() automaticaly copies mechanismParams into newly allocated unmanaged memory CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_XOR_BASE_AND_DATA, mechanismParams); // Derive key NativeULong derivedKey = CK.CK_INVALID_HANDLE; rv = pkcs11.C_DeriveKey(session, ref mechanism, baseKeyId, null, 0, ref derivedKey); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with derived key Assert.IsTrue(derivedKey != CK.CK_INVALID_HANDLE); // In LowLevelAPI we have to free all unmanaged memory we previously allocated UnmanagedMemory.Free(ref mechanismParams.Data); mechanismParams.Len = 0; // In LowLevelAPI we have to free unmanaged memory taken by mechanism parameter UnmanagedMemory.Free(ref mechanism.Parameter); mechanism.ParameterLen = 0; rv = pkcs11.C_DestroyObject(session, baseKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_DestroyObject(session, derivedKey); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
static void Main(string[] args) { try { // Инициализировать библиотеку Console.WriteLine("Library initialization"); using (var pkcs11 = new Pkcs11(Settings.RutokenEcpDllDefaultPath, Settings.OsLockingDefault)) { // Получить доступный слот Console.WriteLine("Checking tokens available"); Slot slot = Helpers.GetUsableSlot(pkcs11); // Открыть RW сессию в первом доступном слоте Console.WriteLine("Opening RW session"); using (Session session = slot.OpenSession(false)) { // Выполнить аутентификацию Пользователя Console.WriteLine("User authentication"); session.Login(CKU.CKU_USER, SampleConstants.NormalUserPin); try { // Формирование подписи Console.WriteLine("Signing..."); // Поиск закрытого ключа на токене Console.WriteLine(" Getting private key..."); List <ObjectHandle> privateKeys = session.FindAllObjects(PrivateKeyAttributes); Errors.Check("No private keys found", privateKeys.Count > 0); // Поиск сертификата на токене Console.WriteLine(" Getting certificate..."); List <ObjectHandle> certificates = session.FindAllObjects(CertificateAttributes); Errors.Check("No certificates found", certificates.Count > 0); // Подпись данных byte[] signature = session.PKCS7Sign(ConvertUtils.Utf8StringToBytes(SampleData.PKCS7_SignData), certificates[0], privateKeys[0], null, 0); // Распечатать буфер, содержащий подпись Console.WriteLine(" Signature buffer is:"); Helpers.PrintByteArray(signature); Console.WriteLine("Data has been signed successfully"); } finally { // Сбросить права доступа как в случае исключения, // так и в случае успеха. // Сессия закрывается автоматически. session.Logout(); } } } } catch (Pkcs11Exception ex) { Console.WriteLine($"Operation failed [Method: {ex.Method}, RV: {ex.RV}]"); } catch (Exception ex) { Console.WriteLine($"Operation failed [Message: {ex.Message}]"); } }
static void Main(string[] args) { try { // Инициализировать библиотеку Console.WriteLine("Library initialization"); using (var pkcs11 = new Pkcs11(Settings.RutokenEcpDllDefaultPath, Settings.OsLockingDefault)) { // Получить доступный слот Console.WriteLine("Checking tokens available"); Slot slot = Helpers.GetUsableSlot(pkcs11); // Открыть RW сессию в первом доступном слоте Console.WriteLine("Opening RW session"); using (Session session = slot.OpenSession(false)) { // Выполнить аутентификацию Пользователя Console.WriteLine("User authentication"); session.Login(CKU.CKU_USER, SampleConstants.NormalUserPin); try { // Получить данные для шифрования byte[] sourceData = SampleData.Encrypt_RSA_SourceData; // Получить ключ для шифрования Console.WriteLine("Getting public key..."); List <ObjectHandle> publicKeys = session.FindAllObjects(RsaPublicKeyAttributes); Errors.Check("No public keys found", publicKeys.Count > 0); // Инициализировать операцию шифрования var mechanism = new Mechanism(CKM.CKM_RSA_PKCS); // Зашифровать данные Console.WriteLine("Encrypting..."); byte[] encryptedData = session.Encrypt(mechanism, publicKeys[0], sourceData); // Распечатать буфер, содержащий зашифрованные данные Console.WriteLine(" Encrypting buffer is:"); Helpers.PrintByteArray(encryptedData); Console.WriteLine("Encryption has been completed successfully"); // Получить ключ для расшифрования Console.WriteLine("Getting private key..."); List <ObjectHandle> privateKeys = session.FindAllObjects(RsaPrivateKeyAttributes); Errors.Check("No private keys found", privateKeys.Count > 0); // Расшифровать данные Console.WriteLine("Decrypting..."); byte[] decryptedData = session.Decrypt(mechanism, privateKeys[0], encryptedData); // Распечатать буфер, содержащий расшифрованные данные Console.WriteLine(" Decrypted buffer is:"); Helpers.PrintByteArray(decryptedData); Console.WriteLine("Decryption has been completed successfully"); // Сравнить исходные данные с расшифрованными bool encryptionState = (Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData)); Errors.Check("Source data and decrypted data are not equal", encryptionState); Console.WriteLine("Source data and decrypted data are equal"); } finally { // Сбросить права доступа как в случае исключения, // так и в случае успеха. // Сессия закрывается автоматически. session.Logout(); } } } } catch (Pkcs11Exception ex) { Console.WriteLine($"Operation failed [Method: {ex.Method}, RV: {ex.RV}]"); } catch (Exception ex) { Console.WriteLine($"Operation failed [Message: {ex.Message}]"); } }
static void Main(string[] args) { try { // Инициализировать библиотеку Console.WriteLine("Library initialization"); using (var pkcs11 = new Pkcs11(Settings.RutokenEcpDllDefaultPath, Settings.OsLockingDefault)) { // Получить доступный слот Console.WriteLine("Checking tokens available"); Slot slot = Helpers.GetUsableSlot(pkcs11); // Определение поддерживаемых токеном механизмов Console.WriteLine("Checking mechanisms available"); List <CKM> mechanisms = slot.GetMechanismList(); Errors.Check(" No mechanisms available", mechanisms.Count > 0); bool isGostR3411Supported = mechanisms.Contains((CKM)Extended_CKM.CKM_GOSTR3411); Errors.Check(" CKM_GOSTR3411 isn`t supported!", isGostR3411Supported); // Открыть RW сессию в первом доступном слоте Console.WriteLine("Opening RW session"); using (Session session = slot.OpenSession(false)) { // Выполнить аутентификацию Пользователя Console.WriteLine("User authentication"); session.Login(CKU.CKU_USER, SampleConstants.NormalUserPin); try { // Получить данные для хэширования byte[] sourceData = SampleData.Digest_Gost3411_SourceData; // Инициализировать операцию хэширования var mechanism = new Mechanism((uint)Extended_CKM.CKM_GOSTR3411); // Вычислить хэш-код данных Console.WriteLine("Hashing data..."); byte[] hash = session.Digest(mechanism, sourceData); // Распечатать буфер, содержащий хэш-код Console.WriteLine(" Hashed buffer is:"); Helpers.PrintByteArray(hash); Console.WriteLine("Hashing has been completed successfully"); } finally { // Сбросить права доступа как в случае исключения, // так и в случае успеха. // Сессия закрывается автоматически. session.Logout(); } } } } catch (Pkcs11Exception ex) { Console.WriteLine($"Operation failed [Method: {ex.Method}, RV: {ex.RV}]"); } catch (Exception ex) { Console.WriteLine($"Operation failed [Message: {ex.Message}]"); } }
public void _01_BasicWrapAndUnwrapKeyTest() { if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 1) { Assert.Inconclusive("Test cannot be executed on this platform"); } CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs41); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present uint slotId = Helpers.GetUsableSlot(pkcs11); uint session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, Convert.ToUInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate asymetric key pair uint pubKeyId = CK.CK_INVALID_HANDLE; uint privKeyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKeyPair(pkcs11, session, ref pubKeyId, ref privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate symetric key uint keyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKey(pkcs11, session, ref keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify wrapping mechanism (needs no parameter => no unamanaged memory is needed) CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_RSA_PKCS); // Get length of wrapped key in first call uint wrappedKeyLen = 0; rv = pkcs11.C_WrapKey(session, ref mechanism, pubKeyId, keyId, null, ref wrappedKeyLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(wrappedKeyLen > 0); // Allocate array for wrapped key byte[] wrappedKey = new byte[wrappedKeyLen]; // Get wrapped key in second call rv = pkcs11.C_WrapKey(session, ref mechanism, pubKeyId, keyId, wrappedKey, ref wrappedKeyLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with wrapped key // Define attributes for unwrapped key CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[6]; template[0] = CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY); template[1] = CkaUtils.CreateAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3); template[2] = CkaUtils.CreateAttribute(CKA.CKA_ENCRYPT, true); template[3] = CkaUtils.CreateAttribute(CKA.CKA_DECRYPT, true); template[4] = CkaUtils.CreateAttribute(CKA.CKA_DERIVE, true); template[5] = CkaUtils.CreateAttribute(CKA.CKA_EXTRACTABLE, true); // Unwrap key uint unwrappedKeyId = 0; rv = pkcs11.C_UnwrapKey(session, ref mechanism, privKeyId, wrappedKey, wrappedKeyLen, template, Convert.ToUInt32(template.Length), ref unwrappedKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with unwrapped key rv = pkcs11.C_DestroyObject(session, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_DestroyObject(session, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_DestroyObject(session, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _02_EncryptAndDecryptMultiPartTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs80); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, ConvertUtils.UInt64FromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate symetric key NativeULong keyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKey(pkcs11, session, ref keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate random initialization vector byte[] iv = new byte[8]; rv = pkcs11.C_GenerateRandom(session, iv, ConvertUtils.UInt64FromInt32(iv.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify encryption mechanism with initialization vector as parameter. // Note that CkmUtils.CreateMechanism() automaticaly copies iv into newly allocated unmanaged memory. CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_DES3_CBC, iv); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Our new password"); byte[] encryptedData = null; byte[] decryptedData = null; // Multipart encryption functions C_EncryptUpdate and C_EncryptFinal can be used i.e. for encryption of streamed data using (MemoryStream inputStream = new MemoryStream(sourceData), outputStream = new MemoryStream()) { // Initialize encryption operation rv = pkcs11.C_EncryptInit(session, ref mechanism, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Prepare buffer for source data part // Note that in real world application we would rather use bigger buffer i.e. 4096 bytes long byte[] part = new byte[8]; // Prepare buffer for encrypted data part // Note that in real world application we would rather use bigger buffer i.e. 4096 bytes long byte[] encryptedPart = new byte[8]; NativeULong encryptedPartLen = ConvertUtils.UInt64FromInt32(encryptedPart.Length); // Read input stream with source data int bytesRead = 0; while ((bytesRead = inputStream.Read(part, 0, part.Length)) > 0) { // Encrypt each individual source data part encryptedPartLen = ConvertUtils.UInt64FromInt32(encryptedPart.Length); rv = pkcs11.C_EncryptUpdate(session, part, ConvertUtils.UInt64FromInt32(bytesRead), encryptedPart, ref encryptedPartLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Append encrypted data part to the output stream outputStream.Write(encryptedPart, 0, ConvertUtils.UInt64ToInt32(encryptedPartLen)); } // Get the length of last encrypted data part in first call byte[] lastEncryptedPart = null; NativeULong lastEncryptedPartLen = 0; rv = pkcs11.C_EncryptFinal(session, null, ref lastEncryptedPartLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Allocate array for the last encrypted data part lastEncryptedPart = new byte[lastEncryptedPartLen]; // Get the last encrypted data part in second call rv = pkcs11.C_EncryptFinal(session, lastEncryptedPart, ref lastEncryptedPartLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Append the last encrypted data part to the output stream outputStream.Write(lastEncryptedPart, 0, ConvertUtils.UInt64ToInt32(lastEncryptedPartLen)); // Read whole output stream to the byte array so we can compare results more easily encryptedData = outputStream.ToArray(); } // Do something interesting with encrypted data // Multipart decryption functions C_DecryptUpdate and C_DecryptFinal can be used i.e. for decryption of streamed data using (MemoryStream inputStream = new MemoryStream(encryptedData), outputStream = new MemoryStream()) { // Initialize decryption operation rv = pkcs11.C_DecryptInit(session, ref mechanism, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Prepare buffer for encrypted data part // Note that in real world application we would rather use bigger buffer i.e. 4096 bytes long byte[] encryptedPart = new byte[8]; // Prepare buffer for decrypted data part // Note that in real world application we would rather use bigger buffer i.e. 4096 bytes long byte[] part = new byte[8]; NativeULong partLen = ConvertUtils.UInt64FromInt32(part.Length); // Read input stream with encrypted data int bytesRead = 0; while ((bytesRead = inputStream.Read(encryptedPart, 0, encryptedPart.Length)) > 0) { // Decrypt each individual encrypted data part partLen = ConvertUtils.UInt64FromInt32(part.Length); rv = pkcs11.C_DecryptUpdate(session, encryptedPart, ConvertUtils.UInt64FromInt32(bytesRead), part, ref partLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Append decrypted data part to the output stream outputStream.Write(part, 0, ConvertUtils.UInt64ToInt32(partLen)); } // Get the length of last decrypted data part in first call byte[] lastPart = null; NativeULong lastPartLen = 0; rv = pkcs11.C_DecryptFinal(session, null, ref lastPartLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Allocate array for the last decrypted data part lastPart = new byte[lastPartLen]; // Get the last decrypted data part in second call rv = pkcs11.C_DecryptFinal(session, lastPart, ref lastPartLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Append the last decrypted data part to the output stream outputStream.Write(lastPart, 0, ConvertUtils.UInt64ToInt32(lastPartLen)); // Read whole output stream to the byte array so we can compare results more easily decryptedData = outputStream.ToArray(); } // Do something interesting with decrypted data Assert.IsTrue(ConvertUtils.BytesToBase64String(sourceData) == ConvertUtils.BytesToBase64String(decryptedData)); // In LowLevelAPI we have to free unmanaged memory taken by mechanism parameter (iv in this case) UnmanagedMemory.Free(ref mechanism.Parameter); mechanism.ParameterLen = 0; rv = pkcs11.C_DestroyObject(session, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _06_GetMatchingSlotList() { Helpers.CheckPlatform(); using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { CKR rv = pkcs11.C_Initialize(Settings.InitArgs81); Assert.IsTrue(rv == CKR.CKR_OK); // Get all slots NativeULong allSlotsCount = 0; rv = pkcs11.C_GetSlotList(true, null, ref allSlotsCount); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(allSlotsCount > 0); NativeULong[] allSlots = new NativeULong[allSlotsCount]; rv = pkcs11.C_GetSlotList(true, allSlots, ref allSlotsCount); Assert.IsTrue(rv == CKR.CKR_OK); // Empty URI Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:"); NativeULong[] matchedSlots = null; rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(matchedSlots.Length == allSlots.Length); // Unknown path attribute in URI pkcs11uri = new Pkcs11Uri(@"pkcs11:vendor=foobar"); rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(matchedSlots.Length == 0); // All attributes matching one slot CK_INFO libraryInfo = new CK_INFO(); rv = pkcs11.C_GetInfo(ref libraryInfo); Assert.IsTrue(rv == CKR.CKR_OK); CK_SLOT_INFO slotInfo = new CK_SLOT_INFO(); rv = pkcs11.C_GetSlotInfo(allSlots[0], ref slotInfo); Assert.IsTrue(rv == CKR.CKR_OK); CK_TOKEN_INFO tokenInfo = new CK_TOKEN_INFO(); rv = pkcs11.C_GetTokenInfo(allSlots[0], ref tokenInfo); Assert.IsTrue(rv == CKR.CKR_OK); Pkcs11UriBuilder pkcs11UriBuilder = new Pkcs11UriBuilder(); pkcs11UriBuilder.LibraryManufacturer = ConvertUtils.BytesToUtf8String(libraryInfo.ManufacturerId, true); pkcs11UriBuilder.LibraryDescription = ConvertUtils.BytesToUtf8String(libraryInfo.LibraryDescription, true); pkcs11UriBuilder.LibraryVersion = libraryInfo.LibraryVersion.ToString(); pkcs11UriBuilder.SlotManufacturer = ConvertUtils.BytesToUtf8String(slotInfo.ManufacturerId, true); pkcs11UriBuilder.SlotDescription = ConvertUtils.BytesToUtf8String(slotInfo.SlotDescription, true); pkcs11UriBuilder.SlotId = allSlots[0]; pkcs11UriBuilder.Token = ConvertUtils.BytesToUtf8String(tokenInfo.Label, true); pkcs11UriBuilder.Manufacturer = ConvertUtils.BytesToUtf8String(tokenInfo.ManufacturerId, true); pkcs11UriBuilder.Serial = ConvertUtils.BytesToUtf8String(tokenInfo.SerialNumber, true); pkcs11UriBuilder.Model = ConvertUtils.BytesToUtf8String(tokenInfo.Model, true); pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri(); rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(matchedSlots.Length == 1); // One attribute nonmatching pkcs11UriBuilder.Serial = "foobar"; pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri(); rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11uri, pkcs11, true, out matchedSlots); Assert.IsTrue(rv == CKR.CKR_OK); Assert.IsTrue(matchedSlots.Length == 0); rv = pkcs11.C_Finalize(IntPtr.Zero); Assert.IsTrue(rv == CKR.CKR_OK); } }
public void _01_EncryptAndDecryptSinglePartTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs80); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, ConvertUtils.UInt64FromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate symetric key NativeULong keyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKey(pkcs11, session, ref keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate random initialization vector byte[] iv = new byte[8]; rv = pkcs11.C_GenerateRandom(session, iv, ConvertUtils.UInt64FromInt32(iv.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify encryption mechanism with initialization vector as parameter. // Note that CkmUtils.CreateMechanism() automaticaly copies iv into newly allocated unmanaged memory. CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_DES3_CBC, iv); // Initialize encryption operation rv = pkcs11.C_EncryptInit(session, ref mechanism, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } byte[] sourceData = ConvertUtils.Utf8StringToBytes("Our new password"); // Get length of encrypted data in first call NativeULong encryptedDataLen = 0; rv = pkcs11.C_Encrypt(session, sourceData, ConvertUtils.UInt64FromInt32(sourceData.Length), null, ref encryptedDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(encryptedDataLen > 0); // Allocate array for encrypted data byte[] encryptedData = new byte[encryptedDataLen]; // Get encrypted data in second call rv = pkcs11.C_Encrypt(session, sourceData, ConvertUtils.UInt64FromInt32(sourceData.Length), encryptedData, ref encryptedDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with encrypted data // Initialize decryption operation rv = pkcs11.C_DecryptInit(session, ref mechanism, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Get length of decrypted data in first call NativeULong decryptedDataLen = 0; rv = pkcs11.C_Decrypt(session, encryptedData, ConvertUtils.UInt64FromInt32(encryptedData.Length), null, ref decryptedDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(decryptedDataLen > 0); // Allocate array for decrypted data byte[] decryptedData = new byte[decryptedDataLen]; // Get decrypted data in second call rv = pkcs11.C_Decrypt(session, encryptedData, ConvertUtils.UInt64FromInt32(encryptedData.Length), decryptedData, ref decryptedDataLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with decrypted data Assert.IsTrue(ConvertUtils.BytesToBase64String(sourceData) == ConvertUtils.BytesToBase64String(decryptedData)); // In LowLevelAPI we have to free unmanaged memory taken by mechanism parameter (iv in this case) UnmanagedMemory.Free(ref mechanism.Parameter); mechanism.ParameterLen = 0; rv = pkcs11.C_DestroyObject(session, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _01_BasicInitTokenAndPinTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs41); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); CK_TOKEN_INFO tokenInfo = new CK_TOKEN_INFO(); rv = pkcs11.C_GetTokenInfo(slotId, ref tokenInfo); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Check if token needs to be initialized if ((tokenInfo.Flags & CKF.CKF_TOKEN_INITIALIZED) != CKF.CKF_TOKEN_INITIALIZED) { // Token label is 32 bytes long string padded with blank characters byte[] label = new byte[32]; for (int i = 0; i < label.Length; i++) { label[i] = 0x20; } Array.Copy(Settings.ApplicationNameArray, 0, label, 0, Settings.ApplicationNameArray.Length); // Initialize token and SO (security officer) pin rv = pkcs11.C_InitToken(slotId, Settings.SecurityOfficerPinArray, NativeLongUtils.ConvertFromInt32(Settings.SecurityOfficerPinArray.Length), label); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Open RW session NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as SO (security officer) rv = pkcs11.C_Login(session, CKU.CKU_SO, Settings.SecurityOfficerPinArray, NativeLongUtils.ConvertFromInt32(Settings.SecurityOfficerPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Initialize user pin rv = pkcs11.C_InitPIN(session, Settings.NormalUserPinArray, NativeLongUtils.ConvertFromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _02_SignAndVerifyMultiPartTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs41); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, NativeLongUtils.ConvertFromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate asymetric key pair NativeULong pubKeyId = CK.CK_INVALID_HANDLE; NativeULong privKeyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKeyPair(pkcs11, session, ref pubKeyId, ref privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify signing mechanism (needs no parameter => no unamanaged memory is needed) CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_SHA1_RSA_PKCS); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); byte[] signature = null; // Multipart signature functions C_SignUpdate and C_SignFinal can be used i.e. for signing of streamed data using (MemoryStream inputStream = new MemoryStream(sourceData)) { // Initialize signing operation rv = pkcs11.C_SignInit(session, ref mechanism, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Prepare buffer for source data part // Note that in real world application we would rather use bigger buffer i.e. 4096 bytes long byte[] part = new byte[8]; // Read input stream with source data int bytesRead = 0; while ((bytesRead = inputStream.Read(part, 0, part.Length)) > 0) { // Process each individual source data part rv = pkcs11.C_SignUpdate(session, part, NativeLongUtils.ConvertFromInt32(bytesRead)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } // Get the length of signature in first call NativeULong signatureLen = 0; rv = pkcs11.C_SignFinal(session, null, ref signatureLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(signatureLen > 0); // Allocate array for signature signature = new byte[signatureLen]; // Get signature in second call rv = pkcs11.C_SignFinal(session, signature, ref signatureLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } // Do something interesting with signature // Multipart verification functions C_VerifyUpdate and C_VerifyFinal can be used i.e. for signature verification of streamed data using (MemoryStream inputStream = new MemoryStream(sourceData)) { // Initialize verification operation rv = pkcs11.C_VerifyInit(session, ref mechanism, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Prepare buffer for source data part // Note that in real world application we would rather use bigger buffer i.e. 4096 bytes long byte[] part = new byte[8]; // Read input stream with source data int bytesRead = 0; while ((bytesRead = inputStream.Read(part, 0, part.Length)) > 0) { // Process each individual source data part rv = pkcs11.C_VerifyUpdate(session, part, NativeLongUtils.ConvertFromInt32(bytesRead)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } // Verify signature rv = pkcs11.C_VerifyFinal(session, signature, NativeLongUtils.ConvertFromInt32(signature.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } // Do something interesting with verification result rv = pkcs11.C_DestroyObject(session, privKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_DestroyObject(session, pubKeyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _02_DigestMultiPartTest() { if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 1) { Assert.Inconclusive("Test cannot be executed on this platform"); } CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs41); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present uint slotId = Helpers.GetUsableSlot(pkcs11); uint session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify digesting mechanism (needs no parameter => no unamanaged memory is needed) CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_SHA_1); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); byte[] digest = null; // Multipart digesting functions C_DigestUpdate and C_DigestFinal can be used i.e. for digesting of streamed data using (MemoryStream inputStream = new MemoryStream(sourceData)) { // Initialize digesting operation rv = pkcs11.C_DigestInit(session, ref mechanism); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Prepare buffer for source data part // Note that in real world application we would rather use bigger buffer i.e. 4096 bytes long byte[] part = new byte[8]; // Read input stream with source data int bytesRead = 0; while ((bytesRead = inputStream.Read(part, 0, part.Length)) > 0) { // Digest each individual source data part rv = pkcs11.C_DigestUpdate(session, part, Convert.ToUInt32(bytesRead)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } // Get length of digest value in first call uint digestLen = 0; rv = pkcs11.C_DigestFinal(session, null, ref digestLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(digestLen > 0); // Allocate array for digest value digest = new byte[digestLen]; // Get digest value in second call rv = pkcs11.C_DigestFinal(session, digest, ref digestLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } // Do something interesting with digest value rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
static void Main(string[] args) { try { // Инициализировать библиотеку Console.WriteLine("Library initialization"); using (var pkcs11 = new Pkcs11(Settings.RutokenEcpDllDefaultPath, Settings.OsLockingDefault)) { // Получить доступный слот Console.WriteLine("Checking tokens available"); Slot slot = Helpers.GetUsableSlot(pkcs11); // Открыть RW сессию в первом доступном слоте Console.WriteLine("Opening RW session"); using (Session session = slot.OpenSession(false)) { // Выполнить аутентификацию Пользователя Console.WriteLine("User authentication"); session.Login(CKU.CKU_USER, SampleConstants.NormalUserPin); try { // Получить массив хэндлов объектов, соответствующих критериям поиска Console.WriteLine("Getting key pairs..."); var foundObjects = session.FindAllObjects(KeyPairAttributes); // Удалить ключи if (foundObjects.Count > 0) { Console.WriteLine("Destroying objects..."); int objectsCounter = 1; foreach (var foundObject in foundObjects) { Console.WriteLine($" Object №{objectsCounter}"); session.DestroyObject(foundObject); objectsCounter++; } Console.WriteLine("Objects have been destroyed successfully"); } else { Console.WriteLine("No objects found"); } } finally { // Сбросить права доступа как в случае исключения, // так и в случае успеха. // Сессия закрывается автоматически. session.Logout(); } } } } catch (Pkcs11Exception ex) { Console.WriteLine($"Operation failed [Method: {ex.Method}, RV: {ex.RV}]"); } catch (Exception ex) { Console.WriteLine($"Operation failed [Message: {ex.Message}]"); } }
public void _03_DigestKeyTest() { if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 1) { Assert.Inconclusive("Test cannot be executed on this platform"); } CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs41); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present uint slotId = Helpers.GetUsableSlot(pkcs11); uint session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, Convert.ToUInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Generate symetric key uint keyId = CK.CK_INVALID_HANDLE; rv = Helpers.GenerateKey(pkcs11, session, ref keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify digesting mechanism (needs no parameter => no unamanaged memory is needed) CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_SHA_1); // Initialize digesting operation rv = pkcs11.C_DigestInit(session, ref mechanism); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Digest key rv = pkcs11.C_DigestKey(session, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Get length of digest value in first call uint digestLen = 0; rv = pkcs11.C_DigestFinal(session, null, ref digestLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(digestLen > 0); // Allocate array for digest value byte[] digest = new byte[digestLen]; // Get digest value in second call rv = pkcs11.C_DigestFinal(session, digest, ref digestLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with digest value rv = pkcs11.C_DestroyObject(session, keyId); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
/// <summary> /// Creates the PKCS#1 v1.5 RSA signature with SHA-1 mechanism /// </summary> /// <param name="data">Data that should be signed</param> /// <param name="uri">PKCS#11 URI identifying PKCS#11 library, token and private key</param> /// <returns>PKCS#1 v1.5 RSA signature</returns> private byte[] SignData(byte[] data, string uri) { // Verify input parameters if (data == null) { throw new ArgumentNullException("data"); } if (string.IsNullOrEmpty(uri)) { throw new ArgumentNullException("uri"); } // Parse PKCS#11 URI Pkcs11Uri pkcs11Uri = new Pkcs11Uri(uri); // Verify that URI contains all information required to perform this operation if (pkcs11Uri.ModulePath == null) { throw new Exception("PKCS#11 URI does not specify PKCS#11 library"); } if (pkcs11Uri.PinValue == null) { throw new Exception("PKCS#11 URI does not specify PIN"); } if (!pkcs11Uri.DefinesObject || pkcs11Uri.Type != CKO.CKO_PRIVATE_KEY) { throw new Exception("PKCS#11 URI does not specify private key"); } // Load and initialize PKCS#11 library specified by URI using (Pkcs11 pkcs11 = new Pkcs11(pkcs11Uri.ModulePath, AppType.MultiThreaded)) { // Obtain a list of all slots with tokens that match URI List <Slot> slots = Pkcs11UriUtils.GetMatchingSlotList(pkcs11Uri, pkcs11, true); if ((slots == null) || (slots.Count == 0)) { throw new Exception("None of the slots matches PKCS#11 URI"); } // Open read only session with first token that matches URI using (Session session = slots[0].OpenSession(SessionType.ReadOnly)) { // Login as normal user with PIN acquired from URI session.Login(CKU.CKU_USER, pkcs11Uri.PinValue); // Get list of object attributes for the private key specified by URI List <ObjectAttribute> searchTemplate = null; Pkcs11UriUtils.GetObjectAttributes(pkcs11Uri, out searchTemplate); // Find private key specified by URI List <ObjectHandle> foundObjects = session.FindAllObjects(searchTemplate); if ((foundObjects == null) || (foundObjects.Count == 0)) { throw new Exception("None of the private keys match PKCS#11 URI"); } // Create signature with the private key specified by URI return(session.Sign(new Mechanism(CKM.CKM_SHA1_RSA_PKCS), foundObjects[0], data)); } } }
public void _01_DigestSinglePartTest() { if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 1) { Assert.Inconclusive("Test cannot be executed on this platform"); } CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs41); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Find first slot with token present uint slotId = Helpers.GetUsableSlot(pkcs11); uint session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Specify digesting mechanism (needs no parameter => no unamanaged memory is needed) CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_SHA_1); // Initialize digesting operation rv = pkcs11.C_DigestInit(session, ref mechanism); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); // Get length of digest value in first call uint digestLen = 0; rv = pkcs11.C_Digest(session, sourceData, Convert.ToUInt32(sourceData.Length), null, ref digestLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(digestLen > 0); // Allocate array for digest value byte[] digest = new byte[digestLen]; // Get digest value in second call rv = pkcs11.C_Digest(session, sourceData, Convert.ToUInt32(sourceData.Length), digest, ref digestLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Do something interesting with digest value rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } } }
public void _01_BasicObjectFindingTest() { Helpers.CheckPlatform(); CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath)) { rv = pkcs11.C_Initialize(Settings.InitArgs40); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) Assert.Fail(rv.ToString()); // Find first slot with token present NativeULong slotId = Helpers.GetUsableSlot(pkcs11); NativeULong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); // Login as normal user rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, ConvertUtils.UInt32FromInt32(Settings.NormalUserPinArray.Length)); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); // Let's create two objects so we can find something NativeULong objectId1 = CK.CK_INVALID_HANDLE; rv = Helpers.CreateDataObject(pkcs11, session, ref objectId1); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); NativeULong objectId2 = CK.CK_INVALID_HANDLE; rv = Helpers.CreateDataObject(pkcs11, session, ref objectId2); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); // Prepare attribute template that defines search criteria CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[2]; template[0] = CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_DATA); template[1] = CkaUtils.CreateAttribute(CKA.CKA_TOKEN, true); // Initialize searching rv = pkcs11.C_FindObjectsInit(session, template, ConvertUtils.UInt32FromInt32(template.Length)); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); // Get search results NativeULong foundObjectCount = 0; NativeULong[] foundObjectIds = new NativeULong[2]; foundObjectIds[0] = CK.CK_INVALID_HANDLE; foundObjectIds[1] = CK.CK_INVALID_HANDLE; rv = pkcs11.C_FindObjects(session, foundObjectIds, ConvertUtils.UInt32FromInt32(foundObjectIds.Length), ref foundObjectCount); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); // Terminate searching rv = pkcs11.C_FindObjectsFinal(session); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); // Do something interesting with found objects Assert.IsTrue((foundObjectIds[0] != CK.CK_INVALID_HANDLE) && (foundObjectIds[1] != CK.CK_INVALID_HANDLE)); // In LowLevelAPI we have to free unmanaged memory taken by attributes for (int i = 0; i < template.Length; i++) { UnmanagedMemory.Free(ref template[i].value); template[i].valueLen = 0; } rv = pkcs11.C_DestroyObject(session, objectId2); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); rv = pkcs11.C_DestroyObject(session, objectId1); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) Assert.Fail(rv.ToString()); } }
public void _04_TokenInfoMatches() { if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 1) { Assert.Inconclusive("Test cannot be executed on this platform"); } using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { List <Slot> slots = pkcs11.GetSlotList(true); Assert.IsTrue(slots != null && slots.Count > 0); TokenInfo tokenInfo = slots[0].GetTokenInfo(); // Empty URI Pkcs11Uri pkcs11uri = new Pkcs11Uri(@"pkcs11:"); Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo)); // Unknown path attribute in URI pkcs11uri = new Pkcs11Uri(@"pkcs11:vendor=foobar"); Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo)); // All attributes matching Pkcs11UriBuilder pkcs11UriBuilder = new Pkcs11UriBuilder(); pkcs11UriBuilder.Token = tokenInfo.Label; pkcs11UriBuilder.Manufacturer = tokenInfo.ManufacturerId; pkcs11UriBuilder.Serial = tokenInfo.SerialNumber; pkcs11UriBuilder.Model = tokenInfo.Model; pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri(); Assert.IsTrue(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo)); // Token nonmatching pkcs11UriBuilder = new Pkcs11UriBuilder(); pkcs11UriBuilder.Token = "foobar"; pkcs11UriBuilder.Manufacturer = tokenInfo.ManufacturerId; pkcs11UriBuilder.Serial = tokenInfo.SerialNumber; pkcs11UriBuilder.Model = tokenInfo.Model; pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri(); Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo)); // Manufacturer nonmatching pkcs11UriBuilder = new Pkcs11UriBuilder(); pkcs11UriBuilder.Token = tokenInfo.Label; pkcs11UriBuilder.Manufacturer = "foobar"; pkcs11UriBuilder.Serial = tokenInfo.SerialNumber; pkcs11UriBuilder.Model = tokenInfo.Model; pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri(); Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo)); // Serial nonmatching pkcs11UriBuilder = new Pkcs11UriBuilder(); pkcs11UriBuilder.Token = tokenInfo.Label; pkcs11UriBuilder.Manufacturer = tokenInfo.ManufacturerId; pkcs11UriBuilder.Serial = "foobar"; pkcs11UriBuilder.Model = tokenInfo.Model; pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri(); Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo)); // Model nonmatching pkcs11UriBuilder = new Pkcs11UriBuilder(); pkcs11UriBuilder.Token = tokenInfo.Label; pkcs11UriBuilder.Manufacturer = tokenInfo.ManufacturerId; pkcs11UriBuilder.Serial = tokenInfo.SerialNumber; pkcs11UriBuilder.Model = "foobar"; pkcs11uri = pkcs11UriBuilder.ToPkcs11Uri(); Assert.IsFalse(Pkcs11UriUtils.Matches(pkcs11uri, tokenInfo)); } }
public void _01_StructSizeListTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { LibraryInfo libraryInfo = pkcs11.GetInfo(); if (libraryInfo.LibraryDescription != "Mock module" && libraryInfo.ManufacturerId != "Pkcs11Interop Project") Assert.Inconclusive("Test cannot be executed with this PKCS#11 library"); // Obtain a list of unmanaged struct sizes via vendor specific function C_GetUnmanagedStructSizeList List<ulong> unmanagedSizes = pkcs11.GetUnmanagedStructSizeList(); // Obtain a list of managed struct sizes List<ulong> managedSizes = GetManagedStructSizeList(); // Compare sizes of unmanaged and managed structs Assert.IsTrue(unmanagedSizes.Count == managedSizes.Count); for (int i = 0; i < unmanagedSizes.Count; i++) Assert.IsTrue(unmanagedSizes[i] == managedSizes[i]); } }
/// <summary> /// Creates the PKCS#1 v1.5 RSA signature with SHA-1 mechanism /// </summary> /// <param name="data">Data that should be signed</param> /// <param name="uri">PKCS#11 URI identifying PKCS#11 library, token and private key</param> /// <returns>PKCS#1 v1.5 RSA signature</returns> private byte[] SignData(byte[] data, string uri) { // Verify input parameters if (data == null) { throw new ArgumentNullException("data"); } if (string.IsNullOrEmpty(uri)) { throw new ArgumentNullException("uri"); } // Parse PKCS#11 URI Pkcs11Uri pkcs11Uri = new Pkcs11Uri(uri); // Verify that URI contains all information required to perform this operation if (pkcs11Uri.ModulePath == null) { throw new Exception("PKCS#11 URI does not specify PKCS#11 library"); } if (pkcs11Uri.PinValue == null) { throw new Exception("PKCS#11 URI does not specify PIN"); } if (!pkcs11Uri.DefinesObject || pkcs11Uri.Type != CKO.CKO_PRIVATE_KEY) { throw new Exception("PKCS#11 URI does not specify private key"); } // Load and initialize PKCS#11 library specified by URI CKR rv = CKR.CKR_OK; using (Pkcs11 pkcs11 = new Pkcs11(pkcs11Uri.ModulePath, true)) { rv = pkcs11.C_Initialize(Settings.InitArgs81); if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED)) { Assert.Fail(rv.ToString()); } // Obtain a list of all slots with tokens that match URI ulong[] slots = null; rv = Pkcs11UriUtils.GetMatchingSlotList(pkcs11Uri, pkcs11, true, out slots); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } if ((slots == null) || (slots.Length == 0)) { throw new Exception("None of the slots matches PKCS#11 URI"); } // Open read only session with first token that matches URI ulong session = CK.CK_INVALID_HANDLE; rv = pkcs11.C_OpenSession(slots[0], (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Login as normal user with PIN acquired from URI byte[] pinValue = ConvertUtils.Utf8StringToBytes(pkcs11Uri.PinValue); rv = pkcs11.C_Login(session, CKU.CKU_USER, pinValue, Convert.ToUInt64(pinValue.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } // Get list of object attributes for the private key specified by URI CK_ATTRIBUTE[] attributes = null; Pkcs11UriUtils.GetObjectAttributes(pkcs11Uri, out attributes); // Find private key specified by URI ulong foundObjectCount = 0; ulong[] foundObjectIds = new ulong[] { CK.CK_INVALID_HANDLE }; rv = pkcs11.C_FindObjectsInit(session, attributes, Convert.ToUInt64(attributes.Length)); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_FindObjects(session, foundObjectIds, Convert.ToUInt64(foundObjectIds.Length), ref foundObjectCount); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_FindObjectsFinal(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } if ((foundObjectCount == 0) || (foundObjectIds[0] == CK.CK_INVALID_HANDLE)) { throw new Exception("None of the private keys match PKCS#11 URI"); } // Create signature with the private key specified by URI CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_SHA1_RSA_PKCS); rv = pkcs11.C_SignInit(session, ref mechanism, foundObjectIds[0]); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } ulong signatureLen = 0; rv = pkcs11.C_Sign(session, data, Convert.ToUInt64(data.Length), null, ref signatureLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } Assert.IsTrue(signatureLen > 0); byte[] signature = new byte[signatureLen]; rv = pkcs11.C_Sign(session, data, Convert.ToUInt64(data.Length), signature, ref signatureLen); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } if (signature.Length != Convert.ToInt32(signatureLen)) { Array.Resize(ref signature, Convert.ToInt32(signatureLen)); } // Release PKCS#11 resources rv = pkcs11.C_Logout(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_CloseSession(session); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } rv = pkcs11.C_Finalize(IntPtr.Zero); if (rv != CKR.CKR_OK) { Assert.Fail(rv.ToString()); } return(signature); } }