小贝子编程

创建对象 PKCS#11 失败



我试图 https://stackoverflow.com/a/39798597/448266 对此链接发表评论,但由于声誉#而无法评论。

我已经尝试了该示例并且运行良好,但是当我更改为任意值时,它返回异常消息:Net.Pkcs11Interop.Common.Pkcs11异常:方法C_CreateObject返回2147483968

我正在使用安全网 HSM 软件。

plainKeyValue = Common.HelperFunctions.StringToByteArray("112233445566778899001122334455665566998844335511");

下面是代码的快照,我对键值略有改动(如上(。

public static string generateAndCreateKeyObj()
{
using (IPkcs11 pkcs11 = Settings.Factories.Pkcs11Factory.CreatePkcs11(Settings.Factories, Configurations.Pkcs11LibraryPath, Settings.AppType))
{
// Find first slot with token present
ISlot slot = Helpers.GetUsableSlot(pkcs11, Configurations.default_slot);
// Open RW session
using (Net.Pkcs11Interop.HighLevelAPI.ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Login as normal user
session.Login(Configurations.user_type, "1234");
// Prepare attribute template of new key
List<IObjectAttribute> objectAttributes = new List<IObjectAttribute>();
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_TOKEN, false)); //not stored in token
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_DECRYPT, true));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_WRAP, true));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_UNWRAP, true));
objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_EXTRACTABLE, true));
// Specify key generation mechanism
IMechanism mechanism = Settings.Factories.MechanismFactory.CreateMechanism(CKM.CKM_DES3_KEY_GEN);
// Generate key
IObjectHandle secret_key = session.GenerateKey(mechanism, objectAttributes);

////////////////////////////////////////////////////////////////////////////////////////
// Export the key
byte[] plainKeyValue = null;
List<IObjectAttribute> readAttrs = session.GetAttributeValue(secret_key, new List<CKA>() { CKA.CKA_VALUE });
if (readAttrs[0].CannotBeRead)
throw new Exception("Key cannot be exported");
else
plainKeyValue = readAttrs[0].GetValueAsByteArray();
plainKeyValue = Common.HelperFunctions.StringToByteArray("112233445566778899001122334455665566998844335511");
// Prepare attribute template of new key
List<IObjectAttribute> oa = new List<IObjectAttribute>();
oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_LABEL, "Imported key"));
oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_TOKEN, true));
oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_ENCRYPT, true));
oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_DECRYPT, true));
oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_VALUE, plainKeyValue));

IObjectHandle importedKey = session.CreateObject(oa);

// Test encryption with generated key and decryption with imported key
using (IMechanism mechanismx = Settings.Factories.MechanismFactory.CreateMechanism(CKM.CKM_DES3_CBC, session.GenerateRandom(8)))
{
byte[] sourceData = ConvertUtils.Utf8StringToBytes("Our new password");
byte[] encryptedData = session.Encrypt(mechanismx, secret_key, sourceData);
byte[] decryptedData = session.Decrypt(mechanismx, importedKey, encryptedData);
if (Convert.ToBase64String(sourceData) != Convert.ToBase64String(decryptedData))
throw new Exception("Encryption test failed");
}
// Destroy object
session.DestroyObject(importedKey);
session.DestroyObject(secret_key);
session.Logout();
return HelperFunctions.ByteArrayToString(plainKeyValue);
}
}
}
// convert from string to array
public static byte[] StringToByteArray(string hex)
{
byte[] result;
try
{
result = Enumerable.Range(0, hex.Length)
.Where(x => x % 2 == 0)
.Select(x => Convert.ToByte(hex.Substring(x, 2), 16))
.ToArray();
return result;
}
catch (Exception e)
{
throw new Exception(e.Message); ;
}
}

您得到的异常说低级PKCS#11函数C_CreateObject返回供应商特定的错误0x80000140。您需要讨论设备供应商提供的文档或联系供应商支持,以更好地了解如何处理或避免此特定错误。

感谢您@jariq回复。

我发现在safenet hsm中创建密钥对象时,密钥纯值必须具有奇偶校验位,否则将发生上述错误。

希望这能帮助任何遇到相同错误的人。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium