0

我试图对此链接发表评论https://stackoverflow.com/a/39798597/448266,但由于声誉#而无法评论。

我已经尝试了示例并且运行良好,但是当我更改为任意值时,它返回异常消息:Net.Pkcs11Interop.Common.Pkcs11Exception:方法 C_CreateObject 返回 2147483968

我正在使用安全网 HSM SW。

plainKeyValue = Common.HelperFunctions.StringToByteArray("112233445566778899001122334455665566998844335511");

下面是代码快照,我对键值稍作改动(如上)。

 public static string generateAndCreateKeyObj()
    {
        using (IPkcs11 pkcs11 = Settings.Factories.Pkcs11Factory.CreatePkcs11(Settings.Factories, Configurations.Pkcs11LibraryPath, Settings.AppType))
        {
            // Find first slot with token present
            ISlot slot = Helpers.GetUsableSlot(pkcs11, Configurations.default_slot);

            // Open RW session
            using (Net.Pkcs11Interop.HighLevelAPI.ISession session = slot.OpenSession(SessionType.ReadWrite))
            {
                // Login as normal user
                session.Login(Configurations.user_type, "1234");

                // Prepare attribute template of new key
                List<IObjectAttribute> objectAttributes = new List<IObjectAttribute>();
                objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_TOKEN, false)); //not stored in token
                objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
                objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
                objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_ENCRYPT, true));
                objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_DECRYPT, true));
                objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_WRAP, true));
                objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_UNWRAP, true));
                objectAttributes.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_EXTRACTABLE, true));

                // Specify key generation mechanism
                IMechanism mechanism = Settings.Factories.MechanismFactory.CreateMechanism(CKM.CKM_DES3_KEY_GEN);

                // Generate key
                IObjectHandle secret_key = session.GenerateKey(mechanism, objectAttributes);


                ////////////////////////////////////////////////////////////////////////////////////////

                // Export the key
                byte[] plainKeyValue = null;
                List<IObjectAttribute> readAttrs = session.GetAttributeValue(secret_key, new List<CKA>() { CKA.CKA_VALUE });
                if (readAttrs[0].CannotBeRead)
                    throw new Exception("Key cannot be exported");
                else
                    plainKeyValue = readAttrs[0].GetValueAsByteArray();

                plainKeyValue = Common.HelperFunctions.StringToByteArray("112233445566778899001122334455665566998844335511");

                // Prepare attribute template of new key
                List<IObjectAttribute> oa = new List<IObjectAttribute>();
                oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_LABEL, "Imported key"));
                oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
                oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3));
                oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_TOKEN, true));
                oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_ENCRYPT, true));
                oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_DECRYPT, true));
                oa.Add(Settings.Factories.ObjectAttributeFactory.CreateObjectAttribute(CKA.CKA_VALUE, plainKeyValue));


                IObjectHandle importedKey = session.CreateObject(oa);


                // Test encryption with generated key and decryption with imported key
                using (IMechanism mechanismx = Settings.Factories.MechanismFactory.CreateMechanism(CKM.CKM_DES3_CBC, session.GenerateRandom(8)))
                {
                    byte[] sourceData = ConvertUtils.Utf8StringToBytes("Our new password");
                    byte[] encryptedData = session.Encrypt(mechanismx, secret_key, sourceData);
                    byte[] decryptedData = session.Decrypt(mechanismx, importedKey, encryptedData);
                    if (Convert.ToBase64String(sourceData) != Convert.ToBase64String(decryptedData))
                        throw new Exception("Encryption test failed");
                }
                // Destroy object
                session.DestroyObject(importedKey);
                session.DestroyObject(secret_key);
                session.Logout();

                return HelperFunctions.ByteArrayToString(plainKeyValue);
            }
        }
    }

 // convert from string to array
    public static byte[] StringToByteArray(string hex)
    {
        byte[] result;
        try
        {
            result = Enumerable.Range(0, hex.Length)
                         .Where(x => x % 2 == 0)
                         .Select(x => Convert.ToByte(hex.Substring(x, 2), 16))
                         .ToArray();

            return result;
        }
        catch (Exception e)
        {
            throw new Exception(e.Message); ;
        }
    }
4

2 回答 2

0

感谢@jariq 的回复。

我发现在safenet hsm中创建密钥对象时,密钥纯值必须是奇校验位,否则会出现上述错误。

希望这将帮助任何偶然发现相同错误的人。

于 2018-09-24T15:02:35.840 回答
0

你得到的异常说低级 PKCS#11 函数C_CreateObject返回了供应商特定的错误0x80000140。您需要讨论设备供应商提供的文档或联系供应商支持以更好地了解如何处理或避免此特定错误。

于 2018-09-09T19:33:15.620 回答