/// <summary>
/// Reads value of attribute and returns it as attribute array
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out CK_ATTRIBUTE[] value)
{
int ckAttributeSize = UnmanagedMemory.SizeOf(typeof(CK_ATTRIBUTE));
int attrCount = Convert.ToInt32(attribute.valueLen) / ckAttributeSize;
int attrCountMod = Convert.ToInt32(attribute.valueLen) % ckAttributeSize;
if (attrCountMod != 0)
throw new Exception("Unable to convert attribute value to attribute array");
if (attrCount == 0)
{
value = null;
}
else
{
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[attrCount];
for (int i = 0; i < attrCount; i++)
{
IntPtr tempPointer = new IntPtr(attribute.value.ToInt32() + (i * ckAttributeSize));
#if SILVERLIGHT
CK_ATTRIBUTE_CLASS attrClass = (CK_ATTRIBUTE_CLASS)UnmanagedMemory.Read(tempPointer, typeof(CK_ATTRIBUTE_CLASS));
attrClass.ToCkAttributeStruct(ref attrs[i]);
#else
attrs[i] = (CK_ATTRIBUTE)UnmanagedMemory.Read(tempPointer, typeof(CK_ATTRIBUTE));
#endif
}
value = attrs;
}
}
/// <summary>
/// Reads value of attribute and returns it as string
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out string value)
{
byte[] bytes = ConvertValue(ref attribute);
value = ConvertUtils.BytesToUtf8String(bytes);
}
/// <summary>
/// Reads value of attribute and returns it as DateTime (CK_DATE)
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out DateTime? value)
{
byte[] bytes = ConvertValue(ref attribute);
if (bytes.Length == 0)
{
// PKCS#11 v2.20:
// When a Cryptoki object carries an attribute of this type, and the default value of the
// attribute is specified to be "empty," then Cryptoki libraries shall set the attribute's ulValueLen to 0.
value = null;
return;
}
if ((bytes == null) || (bytes.Length != 8))
throw new Exception("Unable to convert attribute value to DateTime");
string year = ConvertUtils.BytesToUtf8String(bytes, 0, 4);
string month = ConvertUtils.BytesToUtf8String(bytes, 4, 2);
string day = ConvertUtils.BytesToUtf8String(bytes, 6, 2);
if ((year == "0000") && (month == "00") && (day == "00"))
{
// PKCS#11 v2.20:
// Note that implementations of previous versions of Cryptoki may have used other
// methods to identify an "empty" attribute of type CK_DATE, and that applications that needs to
// interoperate with these libraries therefore have to be flexible in what they accept as an empty value.
value = null;
return;
}
value = new DateTime(Int32.Parse(year), Int32.Parse(month), Int32.Parse(day), 0, 0, 0, DateTimeKind.Utc);
}
public void _02_SetAttributeValueTest()
{
if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 0)
Assert.Inconclusive("Test cannot be executed on this platform");
CKR rv = CKR.CKR_OK;
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath))
{
rv = pkcs11.C_Initialize(Settings.InitArgs40);
if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED))
Assert.Fail(rv.ToString());
// Find first slot with token present
uint slotId = Helpers.GetUsableSlot(pkcs11);
uint session = CK.CK_INVALID_HANDLE;
rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Login as normal user
rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, Convert.ToUInt32(Settings.NormalUserPinArray.Length));
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Create object
uint objectId = CK.CK_INVALID_HANDLE;
rv = Helpers.CreateDataObject(pkcs11, session, ref objectId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Prepare list of attributes we want to set
CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[2];
template[0] = CkaUtils.CreateAttribute(CKA.CKA_LABEL, "Hello world");
template[1] = CkaUtils.CreateAttribute(CKA.CKA_VALUE, "New data object content");
// Set attributes
rv = pkcs11.C_SetAttributeValue(session, objectId, template, Convert.ToUInt32(template.Length));
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// In LowLevelAPI we have to free unmanaged memory taken by attributes
for (int i = 0; i < template.Length; i++)
{
UnmanagedMemory.Free(ref template[i].value);
template[i].valueLen = 0;
}
rv = pkcs11.C_DestroyObject(session, objectId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_Logout(session);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_CloseSession(session);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_Finalize(IntPtr.Zero);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
}
}
public void _01_BasicWrapAndUnwrapKeyTest()
{
if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 0)
Assert.Inconclusive("Test cannot be executed on this platform");
CKR rv = CKR.CKR_OK;
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath))
{
rv = pkcs11.C_Initialize(Settings.InitArgs40);
if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED))
Assert.Fail(rv.ToString());
// Find first slot with token present
uint slotId = Helpers.GetUsableSlot(pkcs11);
uint session = CK.CK_INVALID_HANDLE;
rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Login as normal user
rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, Convert.ToUInt32(Settings.NormalUserPinArray.Length));
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Generate asymetric key pair
uint pubKeyId = CK.CK_INVALID_HANDLE;
uint privKeyId = CK.CK_INVALID_HANDLE;
rv = Helpers.GenerateKeyPair(pkcs11, session, ref pubKeyId, ref privKeyId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Generate symetric key
uint keyId = CK.CK_INVALID_HANDLE;
rv = Helpers.GenerateKey(pkcs11, session, ref keyId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Specify wrapping mechanism (needs no parameter => no unamanaged memory is needed)
CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_RSA_PKCS);
// Get length of wrapped key in first call
uint wrappedKeyLen = 0;
rv = pkcs11.C_WrapKey(session, ref mechanism, pubKeyId, keyId, null, ref wrappedKeyLen);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
Assert.IsTrue(wrappedKeyLen > 0);
// Allocate array for wrapped key
byte[] wrappedKey = new byte[wrappedKeyLen];
// Get wrapped key in second call
rv = pkcs11.C_WrapKey(session, ref mechanism, pubKeyId, keyId, wrappedKey, ref wrappedKeyLen);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Do something interesting with wrapped key
// Define attributes for unwrapped key
CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[6];
template[0] = CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY);
template[1] = CkaUtils.CreateAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3);
template[2] = CkaUtils.CreateAttribute(CKA.CKA_ENCRYPT, true);
template[3] = CkaUtils.CreateAttribute(CKA.CKA_DECRYPT, true);
template[4] = CkaUtils.CreateAttribute(CKA.CKA_DERIVE, true);
template[5] = CkaUtils.CreateAttribute(CKA.CKA_EXTRACTABLE, true);
// Unwrap key
uint unwrappedKeyId = 0;
rv = pkcs11.C_UnwrapKey(session, ref mechanism, privKeyId, wrappedKey, wrappedKeyLen, template, Convert.ToUInt32(template.Length), ref unwrappedKeyId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Do something interesting with unwrapped key
rv = pkcs11.C_DestroyObject(session, privKeyId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_DestroyObject(session, pubKeyId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_DestroyObject(session, keyId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_Logout(session);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_CloseSession(session);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_Finalize(IntPtr.Zero);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
}
}
/// <summary>
/// Reads value of attribute and returns it as bool
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out bool value)
{
byte[] bytes = ConvertValue(ref attribute);
value = ConvertUtils.BytesToBool(bytes);
}
/// <summary>
/// Initializes a search for token and session objects that match a template
/// </summary>
/// <param name="session">The session's handle</param>
/// <param name="template">Search template that specifies the attribute values to match</param>
/// <param name="count">The number of attributes in the search template</param>
/// <returns>CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID</returns>
public CKR C_FindObjectsInit(uint session, CK_ATTRIBUTE[] template, uint count)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
uint rv = _delegates.C_FindObjectsInit(session, template, count);
return (CKR)rv;
}
internal static extern CKR C_SetAttributeValue(uint session, uint objectId, CK_ATTRIBUTE[] template, uint count);
/// <summary>
/// Copies instance members to CK_ATTRIBUTE struct
/// </summary>
/// <param name="ckAttribute">Destination CK_ATTRIBUTE struct</param>
public void ToCkAttributeStruct(ref CK_ATTRIBUTE ckAttribute)
{
ckAttribute.type = type;
ckAttribute.value = value;
ckAttribute.valueLen = valueLen;
}
internal static extern CKR C_DeriveKey(uint session, ref CK_MECHANISM mechanism, uint baseKey, CK_ATTRIBUTE[] template, uint attributeCount, ref uint key);
internal static extern CKR C_CopyObject(uint session, uint objectId, CK_ATTRIBUTE[] template, uint count, ref uint newObjectId);
public void _08_AttributeArrayAttributeTest()
{
if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 0)
{
Assert.Inconclusive("Test cannot be executed on this platform");
}
ObjectAttribute nestedAttribute1 = new ObjectAttribute(CKA.CKA_TOKEN, true);
ObjectAttribute nestedAttribute2 = new ObjectAttribute(CKA.CKA_PRIVATE, true);
List <ObjectAttribute> originalValue = new List <ObjectAttribute>();
originalValue.Add(nestedAttribute1);
originalValue.Add(nestedAttribute2);
// Create attribute with attribute array value
using (ObjectAttribute attr = new ObjectAttribute(CKA.CKA_WRAP_TEMPLATE, originalValue))
{
Assert.IsTrue(attr.Type == (uint)CKA.CKA_WRAP_TEMPLATE);
List <ObjectAttribute> recoveredValue = attr.GetValueAsObjectAttributeList();
Assert.IsTrue(recoveredValue.Count == 2);
Assert.IsTrue(recoveredValue[0].Type == (uint)CKA.CKA_TOKEN);
Assert.IsTrue(recoveredValue[0].GetValueAsBool() == true);
Assert.IsTrue(recoveredValue[1].Type == (uint)CKA.CKA_PRIVATE);
Assert.IsTrue(recoveredValue[1].GetValueAsBool() == true);
}
// There is the same pointer to unmanaged memory in both nestedAttribute1 and recoveredValue[0] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
LLA40.CK_ATTRIBUTE ckAttribute1 = (LLA40.CK_ATTRIBUTE) typeof(ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(nestedAttribute1);
ckAttribute1.value = IntPtr.Zero;
ckAttribute1.valueLen = 0;
typeof(ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(nestedAttribute1, ckAttribute1);
// There is the same pointer to unmanaged memory in both nestedAttribute2 and recoveredValue[1] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
LLA40.CK_ATTRIBUTE ckAttribute2 = (LLA40.CK_ATTRIBUTE) typeof(ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(nestedAttribute2);
ckAttribute2.value = IntPtr.Zero;
ckAttribute2.valueLen = 0;
typeof(ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(nestedAttribute2, ckAttribute2);
originalValue = null;
// Create attribute with null attribute array value
using (ObjectAttribute attr = new ObjectAttribute(CKA.CKA_WRAP_TEMPLATE, originalValue))
{
Assert.IsTrue(attr.Type == (uint)CKA.CKA_WRAP_TEMPLATE);
Assert.IsTrue(attr.GetValueAsObjectAttributeList() == originalValue);
}
originalValue = new List <ObjectAttribute>();
// Create attribute with empty attribute array value
using (ObjectAttribute attr = new ObjectAttribute(CKA.CKA_WRAP_TEMPLATE, originalValue))
{
Assert.IsTrue(attr.Type == (uint)CKA.CKA_WRAP_TEMPLATE);
Assert.IsTrue(attr.GetValueAsObjectAttributeList() == null);
}
}
/// <summary>
/// Reads value of attribute and returns it as byte array
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out byte[] value)
{
value = ConvertValue(ref attribute);
}
/// <summary>
/// Reads value of attribute and returns it as string
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out string value)
{
byte[] bytes = ConvertValue(ref attribute);
value = ConvertUtils.BytesToUtf8String(bytes);
}
/// <summary>
/// Reads value of attribute and returns it as uint array
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out uint[] value)
{
int ckmSize = UnmanagedMemory.SizeOf(typeof(uint));
int attrCount = Convert.ToInt32(attribute.valueLen) / ckmSize;
int attrCountMod = Convert.ToInt32(attribute.valueLen) % ckmSize;
if (attrCountMod != 0)
throw new Exception("Unable to convert attribute value to uint array");
if (attrCount == 0)
{
value = null;
}
else
{
uint[] attrs = new uint[attrCount];
for (int i = 0; i < attrCount; i++)
{
IntPtr tempPointer = new IntPtr(attribute.value.ToInt32() + (i * ckmSize));
attrs[i] = ConvertUtils.BytesToUInt(UnmanagedMemory.Read(tempPointer, ckmSize));
}
value = attrs;
}
}
/// <summary>
/// Creates the data object.
/// </summary>
/// <param name='pkcs11'>Initialized PKCS11 wrapper</param>
/// <param name='session'>Read-write session with user logged in</param>
/// <param name='objectId'>Output parameter for data object handle</param>
/// <returns>Return value of C_CreateObject</returns>
public static CKR CreateDataObject(Pkcs11 pkcs11, uint session, ref uint objectId)
{
CKR rv = CKR.CKR_OK;
// Prepare attribute template of new data object
CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[5];
template[0] = CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_DATA);
template[1] = CkaUtils.CreateAttribute(CKA.CKA_TOKEN, true);
template[2] = CkaUtils.CreateAttribute(CKA.CKA_APPLICATION, Settings.ApplicationName);
template[3] = CkaUtils.CreateAttribute(CKA.CKA_LABEL, Settings.ApplicationName);
template[4] = CkaUtils.CreateAttribute(CKA.CKA_VALUE, "Data object content");
// Create object
rv = pkcs11.C_CreateObject(session, template, Convert.ToUInt32(template.Length), ref objectId);
// In LowLevelAPI caller has to free unmanaged memory taken by attributes
for (int i = 0; i < template.Length; i++)
{
UnmanagedMemory.Free(ref template[i].value);
template[i].valueLen = 0;
}
return rv;
}
/// <summary>
/// Creates attribute of given type with value copied from managed byte array to the newly allocated unmanaged memory
/// </summary>
/// <param name="type">Attribute type</param>
/// <param name="value">Attribute value</param>
/// <returns>Attribute of given type with specified value</returns>
private static CK_ATTRIBUTE _CreateAttribute(uint type, byte[] value)
{
CK_ATTRIBUTE attribute = new CK_ATTRIBUTE();
attribute.type = type;
if (value != null)
{
attribute.value = UnmanagedMemory.Allocate(value.Length);
UnmanagedMemory.Write(attribute.value, value);
attribute.valueLen = Convert.ToUInt32(value.Length);
}
else
{
attribute.value = IntPtr.Zero;
attribute.valueLen = 0;
}
return attribute;
}
/// <summary>
/// Generates symetric key.
/// </summary>
/// <param name='pkcs11'>Initialized PKCS11 wrapper</param>
/// <param name='session'>Read-write session with user logged in</param>
/// <param name='keyId'>Output parameter for key object handle</param>
/// <returns>Return value of C_GenerateKey</returns>
public static CKR GenerateKey(Pkcs11 pkcs11, uint session, ref uint keyId)
{
CKR rv = CKR.CKR_OK;
// Prepare attribute template of new key
CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[6];
template[0] = CkaUtils.CreateAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY);
template[1] = CkaUtils.CreateAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3);
template[2] = CkaUtils.CreateAttribute(CKA.CKA_ENCRYPT, true);
template[3] = CkaUtils.CreateAttribute(CKA.CKA_DECRYPT, true);
template[4] = CkaUtils.CreateAttribute(CKA.CKA_DERIVE, true);
template[5] = CkaUtils.CreateAttribute(CKA.CKA_EXTRACTABLE, true);
// Specify key generation mechanism (needs no parameter => no unamanaged memory is needed)
CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_DES3_KEY_GEN);
// Generate key
rv = pkcs11.C_GenerateKey(session, ref mechanism, template, Convert.ToUInt32(template.Length), ref keyId);
// In LowLevelAPI we have to free unmanaged memory taken by attributes
for (int i = 0; i < template.Length; i++)
{
UnmanagedMemory.Free(ref template[i].value);
template[i].valueLen = 0;
}
return rv;
}
/// <summary>
/// Modifies the value of one or more attributes of an object
/// </summary>
/// <param name="session">The session's handle</param>
/// <param name="objectId">The object's handle</param>
/// <param name="template">Template that specifies which attribute values are to be modified and their new values</param>
/// <param name="count">The number of attributes in the template</param>
/// <returns>CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OBJECT_HANDLE_INVALID, CKR_OK, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN</returns>
public CKR C_SetAttributeValue(uint session, uint objectId, CK_ATTRIBUTE[] template, uint count)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
uint rv = _delegates.C_SetAttributeValue(session, objectId, template, count);
return (CKR)rv;
}
/// <summary>
/// Generates asymetric key pair.
/// </summary>
/// <param name='pkcs11'>Initialized PKCS11 wrapper</param>
/// <param name='session'>Read-write session with user logged in</param>
/// <param name='pubKeyId'>Output parameter for public key object handle</param>
/// <param name='privKeyId'>Output parameter for private key object handle</param>
/// <returns>Return value of C_GenerateKeyPair</returns>
public static CKR GenerateKeyPair(Pkcs11 pkcs11, uint session, ref uint pubKeyId, ref uint privKeyId)
{
CKR rv = CKR.CKR_OK;
// The CKA_ID attribute is intended as a means of distinguishing multiple key pairs held by the same subject
byte[] ckaId = new byte[20];
rv = pkcs11.C_GenerateRandom(session, ckaId, Convert.ToUInt32(ckaId.Length));
if (rv != CKR.CKR_OK)
return rv;
// Prepare attribute template of new public key
CK_ATTRIBUTE[] pubKeyTemplate = new CK_ATTRIBUTE[10];
pubKeyTemplate[0] = CkaUtils.CreateAttribute(CKA.CKA_TOKEN, true);
pubKeyTemplate[1] = CkaUtils.CreateAttribute(CKA.CKA_PRIVATE, false);
pubKeyTemplate[2] = CkaUtils.CreateAttribute(CKA.CKA_LABEL, Settings.ApplicationName);
pubKeyTemplate[3] = CkaUtils.CreateAttribute(CKA.CKA_ID, ckaId);
pubKeyTemplate[4] = CkaUtils.CreateAttribute(CKA.CKA_ENCRYPT, true);
pubKeyTemplate[5] = CkaUtils.CreateAttribute(CKA.CKA_VERIFY, true);
pubKeyTemplate[6] = CkaUtils.CreateAttribute(CKA.CKA_VERIFY_RECOVER, true);
pubKeyTemplate[7] = CkaUtils.CreateAttribute(CKA.CKA_WRAP, true);
pubKeyTemplate[8] = CkaUtils.CreateAttribute(CKA.CKA_MODULUS_BITS, 1024);
pubKeyTemplate[9] = CkaUtils.CreateAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 });
// Prepare attribute template of new private key
CK_ATTRIBUTE[] privKeyTemplate = new CK_ATTRIBUTE[9];
privKeyTemplate[0] = CkaUtils.CreateAttribute(CKA.CKA_TOKEN, true);
privKeyTemplate[1] = CkaUtils.CreateAttribute(CKA.CKA_PRIVATE, true);
privKeyTemplate[2] = CkaUtils.CreateAttribute(CKA.CKA_LABEL, Settings.ApplicationName);
privKeyTemplate[3] = CkaUtils.CreateAttribute(CKA.CKA_ID, ckaId);
privKeyTemplate[4] = CkaUtils.CreateAttribute(CKA.CKA_SENSITIVE, true);
privKeyTemplate[5] = CkaUtils.CreateAttribute(CKA.CKA_DECRYPT, true);
privKeyTemplate[6] = CkaUtils.CreateAttribute(CKA.CKA_SIGN, true);
privKeyTemplate[7] = CkaUtils.CreateAttribute(CKA.CKA_SIGN_RECOVER, true);
privKeyTemplate[8] = CkaUtils.CreateAttribute(CKA.CKA_UNWRAP, true);
// Specify key generation mechanism (needs no parameter => no unamanaged memory is needed)
CK_MECHANISM mechanism = CkmUtils.CreateMechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN);
// Generate key pair
rv = pkcs11.C_GenerateKeyPair(session, ref mechanism, pubKeyTemplate, Convert.ToUInt32(pubKeyTemplate.Length), privKeyTemplate, Convert.ToUInt32(privKeyTemplate.Length), ref pubKeyId, ref privKeyId);
// In LowLevelAPI we have to free unmanaged memory taken by attributes
for (int i = 0; i < privKeyTemplate.Length; i++)
{
UnmanagedMemory.Free(ref privKeyTemplate[i].value);
privKeyTemplate[i].valueLen = 0;
}
for (int i = 0; i < pubKeyTemplate.Length; i++)
{
UnmanagedMemory.Free(ref pubKeyTemplate[i].value);
pubKeyTemplate[i].valueLen = 0;
}
return rv;
}
/// <summary>
/// Returns list of object attributes defined by PKCS#11 URI
/// </summary>
/// <param name="pkcs11Uri">PKCS#11 URI</param>
/// <param name="objectAttributes">List of object attributes defined by PKCS#11 URI</param>
public static void GetObjectAttributes(Pkcs11Uri pkcs11Uri, out CK_ATTRIBUTE[] objectAttributes)
{
if (pkcs11Uri == null)
throw new ArgumentNullException("pkcs11Uri");
List<CK_ATTRIBUTE> attributes = null;
if (pkcs11Uri.DefinesObject)
{
attributes = new List<CK_ATTRIBUTE>();
if (pkcs11Uri.Type != null)
attributes.Add(CkaUtils.CreateAttribute(CKA.CKA_CLASS, pkcs11Uri.Type.Value));
if (pkcs11Uri.Object != null)
attributes.Add(CkaUtils.CreateAttribute(CKA.CKA_LABEL, pkcs11Uri.Object));
if (pkcs11Uri.Id != null)
attributes.Add(CkaUtils.CreateAttribute(CKA.CKA_ID, pkcs11Uri.Id));
}
objectAttributes = attributes.ToArray();
}
public void _07_AttributeArrayAttributeTest()
{
if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 0)
Assert.Inconclusive("Test cannot be executed on this platform");
CK_ATTRIBUTE[] originalValue = new CK_ATTRIBUTE[2];
originalValue[0] = CkaUtils.CreateAttribute(CKA.CKA_TOKEN, true);
originalValue[1] = CkaUtils.CreateAttribute(CKA.CKA_PRIVATE, true);
// Create attribute with attribute array value
CK_ATTRIBUTE attr = CkaUtils.CreateAttribute(CKA.CKA_WRAP_TEMPLATE, originalValue);
Assert.IsTrue(attr.type == (uint)CKA.CKA_WRAP_TEMPLATE);
Assert.IsTrue(attr.value != IntPtr.Zero);
Assert.IsTrue(attr.valueLen == (UnmanagedMemory.SizeOf(typeof(CK_ATTRIBUTE)) * originalValue.Length));
CK_ATTRIBUTE[] recoveredValue = null;
// Read the value of attribute
CkaUtils.ConvertValue(ref attr, out recoveredValue);
Assert.IsTrue(originalValue.Length == recoveredValue.Length);
for (int i = 0; i < recoveredValue.Length; i++)
{
Assert.IsTrue(originalValue[i].type == recoveredValue[i].type);
Assert.IsTrue(originalValue[i].valueLen == recoveredValue[i].valueLen);
bool originalBool = false;
// Read the value of nested attribute
CkaUtils.ConvertValue(ref originalValue[i], out originalBool);
bool recoveredBool = true;
// Read the value of nested attribute
CkaUtils.ConvertValue(ref recoveredValue[i], out recoveredBool);
Assert.IsTrue(originalBool == recoveredBool);
// In this example there is the same pointer to unmanaged memory
// in both originalValue and recoveredValue array therefore it
// needs to be freed only once.
Assert.IsTrue(originalValue[i].value == recoveredValue[i].value);
// Free value of nested attributes
UnmanagedMemory.Free(ref originalValue[i].value);
originalValue[i].valueLen = 0;
recoveredValue[i].value = IntPtr.Zero;
recoveredValue[i].valueLen = 0;
}
// Free attribute value
UnmanagedMemory.Free(ref attr.value);
attr.valueLen = 0;
Assert.IsTrue(attr.type == (uint)CKA.CKA_WRAP_TEMPLATE);
Assert.IsTrue(attr.value == IntPtr.Zero);
Assert.IsTrue(attr.valueLen == 0);
// Create attribute with null attribute array value
attr = CkaUtils.CreateAttribute(CKA.CKA_WRAP_TEMPLATE, (CK_ATTRIBUTE[])null);
Assert.IsTrue(attr.type == (uint)CKA.CKA_WRAP_TEMPLATE);
Assert.IsTrue(attr.value == IntPtr.Zero);
Assert.IsTrue(attr.valueLen == 0);
// Create attribute with empty attribute array value
attr = CkaUtils.CreateAttribute(CKA.CKA_WRAP_TEMPLATE, new CK_ATTRIBUTE[0]);
Assert.IsTrue(attr.type == (uint)CKA.CKA_WRAP_TEMPLATE);
Assert.IsTrue(attr.value == IntPtr.Zero);
Assert.IsTrue(attr.valueLen == 0);
}
public void _01_GetAttributeValueTest()
{
if (Platform.UnmanagedLongSize != 4 || Platform.StructPackingSize != 0)
Assert.Inconclusive("Test cannot be executed on this platform");
CKR rv = CKR.CKR_OK;
using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath))
{
rv = pkcs11.C_Initialize(Settings.InitArgs40);
if ((rv != CKR.CKR_OK) && (rv != CKR.CKR_CRYPTOKI_ALREADY_INITIALIZED))
Assert.Fail(rv.ToString());
// Find first slot with token present
uint slotId = Helpers.GetUsableSlot(pkcs11);
uint session = CK.CK_INVALID_HANDLE;
rv = pkcs11.C_OpenSession(slotId, (CKF.CKF_SERIAL_SESSION | CKF.CKF_RW_SESSION), IntPtr.Zero, IntPtr.Zero, ref session);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Login as normal user
rv = pkcs11.C_Login(session, CKU.CKU_USER, Settings.NormalUserPinArray, Convert.ToUInt32(Settings.NormalUserPinArray.Length));
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Create object
uint objectId = CK.CK_INVALID_HANDLE;
rv = Helpers.CreateDataObject(pkcs11, session, ref objectId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Prepare list of empty attributes we want to read
CK_ATTRIBUTE[] template = new CK_ATTRIBUTE[2];
template[0] = CkaUtils.CreateAttribute(CKA.CKA_LABEL);
template[1] = CkaUtils.CreateAttribute(CKA.CKA_VALUE);
// Get size of each individual attribute value in first call
rv = pkcs11.C_GetAttributeValue(session, objectId, template, Convert.ToUInt32(template.Length));
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// In LowLevelAPI we have to allocate unmanaged memory for attribute value
for (int i = 0; i < template.Length; i++)
template[i].value = UnmanagedMemory.Allocate(Convert.ToInt32(template[i].valueLen));
// Get attribute value in second call
rv = pkcs11.C_GetAttributeValue(session, objectId, template, Convert.ToUInt32(template.Length));
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
// Do something interesting with attribute value
byte[] ckaLabel = UnmanagedMemory.Read(template[0].value, Convert.ToInt32(template[0].valueLen));
Assert.IsTrue(Convert.ToBase64String(ckaLabel) == Convert.ToBase64String(Settings.ApplicationNameArray));
// In LowLevelAPI we have to free unmanaged memory taken by attributes
for (int i = 0; i < template.Length; i++)
{
UnmanagedMemory.Free(ref template[i].value);
template[i].valueLen = 0;
}
rv = pkcs11.C_DestroyObject(session, objectId);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_Logout(session);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_CloseSession(session);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
rv = pkcs11.C_Finalize(IntPtr.Zero);
if (rv != CKR.CKR_OK)
Assert.Fail(rv.ToString());
}
}
public void _08_AttributeArrayAttributeTest()
{
IObjectAttribute nestedAttribute1 = Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_TOKEN, true);
IObjectAttribute nestedAttribute2 = Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_PRIVATE, true);
List <IObjectAttribute> originalValue = new List <IObjectAttribute>();
originalValue.Add(nestedAttribute1);
originalValue.Add(nestedAttribute2);
// Create attribute with attribute array value
using (IObjectAttribute attr = Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_WRAP_TEMPLATE, originalValue))
{
Assert.IsTrue(attr.Type == ConvertUtils.UInt64FromCKA(CKA.CKA_WRAP_TEMPLATE));
List <IObjectAttribute> recoveredValue = attr.GetValueAsObjectAttributeList();
Assert.IsTrue(recoveredValue.Count == 2);
Assert.IsTrue(recoveredValue[0].Type == ConvertUtils.UInt64FromCKA(CKA.CKA_TOKEN));
Assert.IsTrue(recoveredValue[0].GetValueAsBool() == true);
Assert.IsTrue(recoveredValue[1].Type == ConvertUtils.UInt64FromCKA(CKA.CKA_PRIVATE));
Assert.IsTrue(recoveredValue[1].GetValueAsBool() == true);
}
if (Platform.NativeULongSize == 4)
{
if (Platform.StructPackingSize == 0)
{
// There is the same pointer to unmanaged memory in both nestedAttribute1 and recoveredValue[0] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
HLA40.ObjectAttribute objectAttribute40a = (HLA40.ObjectAttribute)nestedAttribute1;
LLA40.CK_ATTRIBUTE ckAttribute40a = (LLA40.CK_ATTRIBUTE) typeof(HLA40.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(objectAttribute40a);
ckAttribute40a.value = IntPtr.Zero;
ckAttribute40a.valueLen = 0;
typeof(HLA40.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(objectAttribute40a, ckAttribute40a);
// There is the same pointer to unmanaged memory in both nestedAttribute2 and recoveredValue[1] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
HLA40.ObjectAttribute objectAttribute40b = (HLA40.ObjectAttribute)nestedAttribute2;
LLA40.CK_ATTRIBUTE ckAttribute40b = (LLA40.CK_ATTRIBUTE) typeof(HLA40.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(objectAttribute40b);
ckAttribute40b.value = IntPtr.Zero;
ckAttribute40b.valueLen = 0;
typeof(HLA40.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(objectAttribute40b, ckAttribute40b);
}
else
{
// There is the same pointer to unmanaged memory in both nestedAttribute1 and recoveredValue[0] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
HLA41.ObjectAttribute objectAttribute41a = (HLA41.ObjectAttribute)nestedAttribute1;
LLA41.CK_ATTRIBUTE ckAttribute41a = (LLA41.CK_ATTRIBUTE) typeof(HLA41.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(objectAttribute41a);
ckAttribute41a.value = IntPtr.Zero;
ckAttribute41a.valueLen = 0;
typeof(HLA41.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(objectAttribute41a, ckAttribute41a);
// There is the same pointer to unmanaged memory in both nestedAttribute2 and recoveredValue[1] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
HLA41.ObjectAttribute objectAttribute41b = (HLA41.ObjectAttribute)nestedAttribute2;
LLA41.CK_ATTRIBUTE ckAttribute41b = (LLA41.CK_ATTRIBUTE) typeof(HLA41.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(objectAttribute41b);
ckAttribute41b.value = IntPtr.Zero;
ckAttribute41b.valueLen = 0;
typeof(HLA41.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(objectAttribute41b, ckAttribute41b);
}
}
else
{
if (Platform.StructPackingSize == 0)
{
// There is the same pointer to unmanaged memory in both nestedAttribute1 and recoveredValue[0] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
HLA80.ObjectAttribute objectAttribute80a = (HLA80.ObjectAttribute)nestedAttribute1;
LLA80.CK_ATTRIBUTE ckAttribute80a = (LLA80.CK_ATTRIBUTE) typeof(HLA80.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(objectAttribute80a);
ckAttribute80a.value = IntPtr.Zero;
ckAttribute80a.valueLen = 0;
typeof(HLA80.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(objectAttribute80a, ckAttribute80a);
// There is the same pointer to unmanaged memory in both nestedAttribute2 and recoveredValue[1] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
HLA80.ObjectAttribute objectAttribute80b = (HLA80.ObjectAttribute)nestedAttribute2;
LLA80.CK_ATTRIBUTE ckAttribute80b = (LLA80.CK_ATTRIBUTE) typeof(HLA80.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(objectAttribute80b);
ckAttribute80b.value = IntPtr.Zero;
ckAttribute80b.valueLen = 0;
typeof(HLA80.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(objectAttribute80b, ckAttribute80b);
}
else
{
// There is the same pointer to unmanaged memory in both nestedAttribute1 and recoveredValue[0] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
HLA81.ObjectAttribute objectAttribute81a = (HLA81.ObjectAttribute)nestedAttribute1;
LLA81.CK_ATTRIBUTE ckAttribute81a = (LLA81.CK_ATTRIBUTE) typeof(HLA81.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(objectAttribute81a);
ckAttribute81a.value = IntPtr.Zero;
ckAttribute81a.valueLen = 0;
typeof(HLA81.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(objectAttribute81a, ckAttribute81a);
// There is the same pointer to unmanaged memory in both nestedAttribute2 and recoveredValue[1] instances
// therefore private low level attribute structure needs to be modified to prevent double free.
// This special handling is needed only in this synthetic test and should be avoided in real world application.
HLA81.ObjectAttribute objectAttribute81b = (HLA81.ObjectAttribute)nestedAttribute2;
LLA81.CK_ATTRIBUTE ckAttribute81b = (LLA81.CK_ATTRIBUTE) typeof(HLA81.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(objectAttribute81b);
ckAttribute81b.value = IntPtr.Zero;
ckAttribute81b.valueLen = 0;
typeof(HLA81.ObjectAttribute).GetField("_ckAttribute", BindingFlags.NonPublic | BindingFlags.Instance).SetValue(objectAttribute81b, ckAttribute81b);
}
}
originalValue = null;
// Create attribute with null attribute array value
using (IObjectAttribute attr = Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_WRAP_TEMPLATE, originalValue))
{
Assert.IsTrue(attr.Type == ConvertUtils.UInt64FromCKA(CKA.CKA_WRAP_TEMPLATE));
Assert.IsTrue(attr.GetValueAsObjectAttributeList() == originalValue);
}
originalValue = new List <IObjectAttribute>();
// Create attribute with empty attribute array value
using (IObjectAttribute attr = Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_WRAP_TEMPLATE, originalValue))
{
Assert.IsTrue(attr.Type == ConvertUtils.UInt64FromCKA(CKA.CKA_WRAP_TEMPLATE));
Assert.IsTrue(attr.GetValueAsObjectAttributeList() == null);
}
}
/// <summary>
/// Reads value of attribute and returns it as bool
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out bool value)
{
byte[] bytes = ConvertValue(ref attribute);
value = ConvertUtils.BytesToBool(bytes);
}
/// <summary>
/// Generates a secret key or set of domain parameters, creating a new object
/// </summary>
/// <param name="session">The session's handle</param>
/// <param name="mechanism">Key generation mechanism</param>
/// <param name="template">The template for the new key or set of domain parameters</param>
/// <param name="count">The number of attributes in the template</param>
/// <param name="key">Location that receives the handle of the new key or set of domain parameters</param>
/// <returns>CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN</returns>
public CKR C_GenerateKey(uint session, ref CK_MECHANISM mechanism, CK_ATTRIBUTE[] template, uint count, ref uint key)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
uint rv = _delegates.C_GenerateKey(session, ref mechanism, template, count, ref key);
return (CKR)rv;
}
/// <summary>
/// Reads value of attribute and returns it as byte array
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out byte[] value)
{
value = ConvertValue(ref attribute);
}
/// <summary>
/// Generates a public/private key pair, creating new key objects
/// </summary>
/// <param name="session">The session's handle</param>
/// <param name="mechanism">Key generation mechanism</param>
/// <param name="publicKeyTemplate">The template for the public key</param>
/// <param name="publicKeyAttributeCount">The number of attributes in the public-key template</param>
/// <param name="privateKeyTemplate">The template for the private key</param>
/// <param name="privateKeyAttributeCount">The number of attributes in the private-key template</param>
/// <param name="publicKey">Location that receives the handle of the new public key</param>
/// <param name="privateKey">Location that receives the handle of the new private key</param>
/// <returns>CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_DOMAIN_PARAMS_INVALID, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN</returns>
public CKR C_GenerateKeyPair(uint session, ref CK_MECHANISM mechanism, CK_ATTRIBUTE[] publicKeyTemplate, uint publicKeyAttributeCount, CK_ATTRIBUTE[] privateKeyTemplate, uint privateKeyAttributeCount, ref uint publicKey, ref uint privateKey)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
uint rv = _delegates.C_GenerateKeyPair(session, ref mechanism, publicKeyTemplate, publicKeyAttributeCount, privateKeyTemplate, privateKeyAttributeCount, ref publicKey, ref privateKey);
return (CKR)rv;
}
/// <summary>
/// Creates attribute of given type with attribute array value
/// </summary>
/// <param name="type">Attribute type</param>
/// <param name="value">Attribute value</param>
/// <returns>Attribute of given type with attribute array value</returns>
public static CK_ATTRIBUTE CreateAttribute(CKA type, CK_ATTRIBUTE[] value)
{
return CreateAttribute((uint)type, value);
}
/// <summary>
/// Unwraps (i.e. decrypts) a wrapped key, creating a new private key or secret key object
/// </summary>
/// <param name="session">The session's handle</param>
/// <param name="mechanism">Unwrapping mechanism</param>
/// <param name="unwrappingKey">The handle of the unwrapping key</param>
/// <param name="wrappedKey">Wrapped key</param>
/// <param name="wrappedKeyLen">The length of the wrapped key</param>
/// <param name="template">The template for the new key</param>
/// <param name="attributeCount">The number of attributes in the template</param>
/// <param name="key">Location that receives the handle of the unwrapped key</param>
/// <returns>CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_DOMAIN_PARAMS_INVALID, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED, CKR_UNWRAPPING_KEY_HANDLE_INVALID, CKR_UNWRAPPING_KEY_SIZE_RANGE, CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, CKR_USER_NOT_LOGGED_IN, CKR_WRAPPED_KEY_INVALID, CKR_WRAPPED_KEY_LEN_RANGE</returns>
public CKR C_UnwrapKey(uint session, ref CK_MECHANISM mechanism, uint unwrappingKey, byte[] wrappedKey, uint wrappedKeyLen, CK_ATTRIBUTE[] template, uint attributeCount, ref uint key)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
uint rv = _delegates.C_UnwrapKey(session, ref mechanism, unwrappingKey, wrappedKey, wrappedKeyLen, template, attributeCount, ref key);
return (CKR)rv;
}
/// <summary>
/// Creates attribute of given type with uint array value
/// </summary>
/// <param name="type">Attribute type</param>
/// <param name="value">Attribute value</param>
/// <returns>Attribute of given type with uint array value</returns>
public static CK_ATTRIBUTE CreateAttribute(uint type, uint[] value)
{
CK_ATTRIBUTE attribute = new CK_ATTRIBUTE();
attribute.type = type;
if ((value != null) && (value.Length > 0))
{
int ckmSize = UnmanagedMemory.SizeOf(typeof(uint));
attribute.value = UnmanagedMemory.Allocate(ckmSize * value.Length);
for (int i = 0; i < value.Length; i++)
{
IntPtr tempPointer = new IntPtr(attribute.value.ToInt32() + (i * ckmSize));
UnmanagedMemory.Write(tempPointer, ConvertUtils.UIntToBytes(value[i]));
}
attribute.valueLen = Convert.ToUInt32(ckmSize * value.Length);
}
else
{
attribute.value = IntPtr.Zero;
attribute.valueLen = 0;
}
return attribute;
}
/// <summary>
/// Derives a key from a base key, creating a new key object
/// </summary>
/// <param name="session">The session's handle</param>
/// <param name="mechanism">Key derivation mechanism</param>
/// <param name="baseKey">The handle of the base key</param>
/// <param name="template">The template for the new key</param>
/// <param name="attributeCount">The number of attributes in the template</param>
/// <param name="key">Location that receives the handle of the derived key</param>
/// <returns>CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_DOMAIN_PARAMS_INVALID, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE, CKR_KEY_TYPE_INCONSISTENT, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN</returns>
public CKR C_DeriveKey(uint session, ref CK_MECHANISM mechanism, uint baseKey, CK_ATTRIBUTE[] template, uint attributeCount, ref uint key)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
uint rv = _delegates.C_DeriveKey(session, ref mechanism, baseKey, template, attributeCount, ref key);
return (CKR)rv;
}
/// <summary>
/// Reads value of attribute and returns it as mechanism array
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <param name="value">Location that receives attribute value</param>
public static void ConvertValue(ref CK_ATTRIBUTE attribute, out CKM[] value)
{
uint[] uintArray = null;
ConvertValue(ref attribute, out uintArray);
CKM[] ckmArray = null;
if (uintArray != null)
{
ckmArray = new CKM[uintArray.Length];
for (int i = 0; i < uintArray.Length; i++)
ckmArray[i] = (CKM)uintArray[i];
}
value = ckmArray;
}
/// <summary>
/// Copies an object, creating a new object for the copy
/// </summary>
/// <param name="session">The session's handle</param>
/// <param name="objectId">The object's handle</param>
/// <param name="template">Template for the new object</param>
/// <param name="count">The number of attributes in the template</param>
/// <param name="newObjectId">Location that receives the handle for the copy of the object</param>
/// <returns>CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OBJECT_HANDLE_INVALID, CKR_OK, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN</returns>
public CKR C_CopyObject(uint session, uint objectId, CK_ATTRIBUTE[] template, uint count, ref uint newObjectId)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
uint rv = _delegates.C_CopyObject(session, objectId, template, count, ref newObjectId);
return (CKR)rv;
}
/// <summary>
/// Copies attribute value from unmanaged memory to managed byte array
/// </summary>
/// <param name="attribute">Attribute whose value should be read</param>
/// <returns>Managed copy of attribute value</returns>
private static byte[] ConvertValue(ref CK_ATTRIBUTE attribute)
{
byte[] value = null;
if (attribute.value != IntPtr.Zero)
value = UnmanagedMemory.Read(attribute.value, Convert.ToInt32(attribute.valueLen));
return value;
}
/// <summary>
/// Checks whether object attributes match PKCS#11 URI
/// </summary>
/// <param name="pkcs11Uri">PKCS#11 URI</param>
/// <param name="objectAttributes">Object attributes</param>
/// <returns>True if object attributes match PKCS#11 URI</returns>
public static bool Matches(Pkcs11Uri pkcs11Uri, List <CK_ATTRIBUTE> objectAttributes)
{
if (pkcs11Uri == null)
{
throw new ArgumentNullException("pkcs11Uri");
}
if (objectAttributes == null)
{
throw new ArgumentNullException("objectAttributes");
}
NativeULong ckaClassType = ConvertUtils.UInt32FromCKA(CKA.CKA_CLASS);
CKO? ckaClassValue = null;
bool ckaClassFound = false;
NativeULong ckaLabelType = ConvertUtils.UInt32FromCKA(CKA.CKA_LABEL);
string ckaLabelValue = null;
bool ckaLabelFound = false;
NativeULong ckaIdType = ConvertUtils.UInt32FromCKA(CKA.CKA_ID);
byte[] ckaIdValue = null;
bool ckaIdFound = false;
foreach (CK_ATTRIBUTE objectAttribute in objectAttributes)
{
CK_ATTRIBUTE attribute = objectAttribute;
if (attribute.type == ckaClassType)
{
NativeULong nativeUlongValue = 0;
CkaUtils.ConvertValue(ref attribute, out nativeUlongValue);
ckaClassValue = ConvertUtils.UInt32ToCKO(nativeUlongValue);
ckaClassFound = true;
}
else if (attribute.type == ckaLabelType)
{
CkaUtils.ConvertValue(ref attribute, out ckaLabelValue);
ckaLabelFound = true;
}
else if (objectAttribute.type == ckaIdType)
{
CkaUtils.ConvertValue(ref attribute, out ckaIdValue);
ckaIdFound = true;
}
if (ckaClassFound && ckaLabelFound && ckaIdFound)
{
break;
}
}
if ((!ckaClassFound) && (pkcs11Uri.Type != null))
{
throw new Pkcs11UriException("CKA_CLASS attribute is not present in the list of object attributes");
}
if ((!ckaLabelFound) && (pkcs11Uri.Object != null))
{
throw new Pkcs11UriException("CKA_LABEL attribute is not present in the list of object attributes");
}
if ((!ckaIdFound) && (pkcs11Uri.Id != null))
{
throw new Pkcs11UriException("CKA_ID attribute is not present in the list of object attributes");
}
return(Pkcs11UriSharedUtils.Matches(pkcs11Uri, ckaClassValue, ckaLabelValue, ckaIdValue));
}
