public bool IsVulnerableToROCA(Pkcs11CertificateInfo certificateInfo) { X509CertificateParser x509CertificateParser = new X509CertificateParser(); X509Certificate x509Certificate = x509CertificateParser.ReadCertificate(certificateInfo.CkaValue); RsaKeyParameters rsaKeyParameters = x509Certificate.GetPublicKey() as RsaKeyParameters; return(RocaVulnerabilityTester.IsVulnerable(rsaKeyParameters)); }
private List <Pkcs11CertificateInfo> ReadCertificates() { List <Pkcs11CertificateInfo> infos = new List <Pkcs11CertificateInfo>(); using (Session session = _slot.OpenSession(SessionType.ReadWrite)) { List <ObjectAttribute> searchTemplate = new List <ObjectAttribute>(); searchTemplate.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE)); List <ObjectHandle> foundObjects = session.FindAllObjects(searchTemplate); foreach (ObjectHandle foundObject in foundObjects) { // Read attributes required for sane object presentation List <ulong> attributes = new List <ulong>(); attributes.Add((ulong)CKA.CKA_PRIVATE); attributes.Add((ulong)CKA.CKA_CERTIFICATE_TYPE); attributes.Add((ulong)CKA.CKA_LABEL); attributes.Add((ulong)CKA.CKA_ID); attributes.Add((ulong)CKA.CKA_VALUE); List <ObjectAttribute> requiredAttributes = session.GetAttributeValue(foundObject, attributes); // Read attributes configured for specific object class and type attributes = new List <ulong>(); foreach (ClassAttribute classAttribute in Pkcs11Admin.Instance.Config.CertificateAttributes.CommonAttributes) { attributes.Add(classAttribute.Value); } ulong certType = requiredAttributes[1].GetValueAsUlong(); if (Pkcs11Admin.Instance.Config.CertificateAttributes.TypeSpecificAttributes.ContainsKey(certType)) { foreach (ClassAttribute classAttribute in Pkcs11Admin.Instance.Config.CertificateAttributes.TypeSpecificAttributes[certType]) { attributes.Add(classAttribute.Value); } } List <ObjectAttribute> configuredAttributes = session.GetAttributeValue(foundObject, attributes); // Read object storage size ulong?storageSize = ReadObjectSize(session, foundObject); // Construct info object Pkcs11CertificateInfo info = new Pkcs11CertificateInfo(foundObject, configuredAttributes, storageSize) { CkaPrivate = requiredAttributes[0].GetValueAsBool(), CkaCertificateType = requiredAttributes[1].GetValueAsUlong(), CkaLabel = requiredAttributes[2].GetValueAsString(), CkaId = requiredAttributes[3].GetValueAsByteArray(), CkaValue = requiredAttributes[4].GetValueAsByteArray() }; infos.Add(info); } } return(infos); }
public void ExportCertificate(Pkcs11CertificateInfo objectInfo, out string fileName, out byte[] fileContent) { if (this._disposed) { throw new ObjectDisposedException(this.GetType().FullName); } if (objectInfo == null) { throw new ArgumentNullException("objectInfo"); } fileName = (!string.IsNullOrEmpty(objectInfo.CkaLabel)) ? Utils.NormalizeFileName(objectInfo.CkaLabel + ".cer") : "certificate.cer"; fileContent = objectInfo.CkaValue; }