/// <summary> /// /// </summary> /// <param name="settings"></param> private void InitializePkcs11(TokenSettings settings) { m_pkcs11 = new Pkcs11(settings.Pkcs11LibraryPath, settings.UseOsLocking); m_slot = Pkcs11Util.FindSlot(m_pkcs11, settings); if (m_slot == null) { throw new HsmInitException( string.Format( "Did not find an available slot with TokenLable:{0}", settings.TokenLabel)); } }
/// <summary> /// Finds slot containing the token that matches criteria specified in <see cref="TokenSettings"/> class /// </summary> /// <param name='pkcs11'>Initialized PKCS11 wrapper</param> /// <param name="settings"></param> /// <returns>Slot containing the token that matches criteria in <see cref="TokenSettings"/></returns> public static Slot FindSlot(Pkcs11 pkcs11, TokenSettings settings) { // Get list of available slots with token present var slots = pkcs11.GetSlotList(true); // No criteria, not go. if (settings.TokenLabel == null) { return(null); } foreach (var slot in slots) { TokenInfo tokenInfo = null; try { tokenInfo = slot.GetTokenInfo(); } catch (Pkcs11Exception ex) { if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT) { throw; } } if (tokenInfo == null) { continue; } if (!String.IsNullOrEmpty(settings.TokenLabel)) { if (0 != String.Compare( settings.TokenLabel, tokenInfo.Label, StringComparison.Ordinal)) { continue; } } return(slot); } return(null); }
/// <summary> /// From PKCS#11 V2.20: CRYPTOGRAPHIC TOKEN INTERFACE STANDARD, section 6.7.4 Session events. /// /// In Cryptoki, all sessions that an application has with a token must have the same /// login/logout status(i.e., for a given application and token, one of the following holds: all /// sessions are public sessions; all sessions are SO sessions; or all sessions are user /// sessions). When an application’s session logs into a token, all of that application’s /// sessions with that token become logged in, and when an application’s session logs out of /// a token, all of that application’s sessions with that token become logged out. Similarly, /// for example, if an application already has a R/O user session open with a token, and then /// opens a R/W session with that token, the R/W session is automatically logged in. /// </summary> /// <param name="settings"></param> private void EnsureLoggedInSession(TokenSettings settings) { m_sessionApplication = m_slot.OpenSession(true); var sessionInfo = m_sessionApplication.GetSessionInfo(); // // If another session has logged in then we should also be logged in. // if (sessionInfo.State != CKS.CKS_RO_USER_FUNCTIONS) { m_sessionApplication.Login(CKU.CKU_USER, settings.NormalUserPin); } m_loggedIn = true; }
/// <summary> /// Initializes an instance, specifying the encryption and digest algorithm to use. /// </summary> /// <param name="settings"><see cref="TokenSettings"/></param> public void Init(TokenSettings settings) { lock (settings) { try { m_tokenSettings = settings; EncryptionAlgorithm = settings.DefaultEncryption; DigestAlgorithm = settings.DefaultDigest; IncludeMultipartEpilogueInSignature = true; IncludeCertChainInSignature = X509IncludeOption.EndCertOnly; InitializePkcs11(settings); EnsureLoggedInSession(settings); } catch (Exception ex) { Error.NotifyEvent(this, ex); } } }