个人中心
gpt4 book ai didi

pkcs#11 - PCKS11interop 和 Safenet Network HSM 的 ECDH1_DERIVE 问题

转载 作者:行者123 更新时间:2023-12-02 02:56:04 26 4
gpt4 key购买 nike

与 Gemalto 网络 HSM 斗争了一段时间,是时候寻求一些专家帮助了。我试图从一个已知的公钥和一个存储在 HSM 上的私钥派生出一个 ECDH1 key ,并不断将 HSM 发送到某种 panic 模式,这需要我在每次调用派生 key 时它再次开始说话之前重置它功能如下。有人有任何指示吗?

static string PKCSLibraryPath = @"C:\Program Files (x86)\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\hsm\cryptoki.dll";
    static Pkcs11 pkc = new Pkcs11(PKCSLibraryPath, AppType.SingleThreaded);

    public string HSM_Interaction(int SlotNumber, string KeyLabel, string Pubkey, string GUID)
    {

        List<Slot> slots = pkc.GetSlotList(SlotsType.WithTokenPresent);
        string pass = "1111";

        //convert putblic key to byte array
        byte[] data = Get_pub_Key(Pubkey);

        //convert password to byte array
        byte[] password = Encoding.ASCII.GetBytes(pass);

        //select correct HSM slot
        Slot S = slots[SlotNumber];

        using (Session Sesh = S.OpenSession(SessionType.ReadWrite))
        {

            Sesh.Login(CKU.CKU_USER, password);
            List<CKM> Mechs = S.GetMechanismList();
            ObjectHandle oPrivKeyObjectHandle;

            //setup search criteria for token
            List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_EC));
            objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, KeyLabel));
            Sesh.FindObjectsInit(objectAttributes);
            List<ObjectHandle> oObjCollection = Sesh.FindObjects(1);
            Sesh.FindObjectsFinal();

            if (oObjCollection.Count > 0)
            {  
                oPrivKeyObjectHandle = oObjCollection[0];

                //set template for generated key
                var shared_secret_template = new List<ObjectAttribute>
                {
                    new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY),
                    new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_GENERIC_SECRET),
                    new ObjectAttribute(CKA.CKA_SENSITIVE, false),
                    new ObjectAttribute(CKA.CKA_EXTRACTABLE, true),
                    new ObjectAttribute(CKA.CKA_VALUE_LEN, (ulong)32)
                };


                var deriveAttributes = new List<ObjectAttribute>
                 {
                     new ObjectAttribute(CKA.CKA_TOKEN, false),
                     new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY),
                     new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_GENERIC_SECRET),
                     new ObjectAttribute(CKA.CKA_SENSITIVE, false),
                     new ObjectAttribute(CKA.CKA_EXTRACTABLE, true),
                     new ObjectAttribute(CKA.CKA_ENCRYPT, true),
                     new ObjectAttribute(CKA.CKA_DECRYPT, true),
                     new ObjectAttribute(CKA.CKA_WRAP, true),
                     new ObjectAttribute(CKA.CKA_UNWRAP, true),
                     new ObjectAttribute(CKA.CKA_VALUE_LEN, (ulong)32)
                };


                try
                {
                    //generate derived key

                    byte[] sd = null;
                    CkEcdh1DeriveParams par = new CkEcdh1DeriveParams((ulong)CKD.CKD_NULL, sd, data);
                    par.ToMarshalableStructure();
                    Mechanism m = new Mechanism(CKM.CKM_ECDH1_DERIVE, par);
                    Sesh.DeriveKey(m, oPrivKeyObjectHandle, deriveAttributes);
                    ObjectHandle SSOH = new ObjectHandle();

                    Sesh.GetAttributeValue(SSOH,deriveAttributes);

                }
                catch (Exception ex)
                {
                    string error = ex.Message;
                }
                finally
                {
                    Sesh.Logout();
                }

            }
        }
        return "";
    }
    private byte[] Get_SHA256(string text)
    {
        byte[] bytes = Encoding.UTF8.GetBytes(text);
        SHA256Managed hashstring = new SHA256Managed();
        byte[] hash = hashstring.ComputeHash(bytes);
        string hashString = string.Empty;
        foreach (byte x in hash)
        {
            hashString += String.Format("{0:x2}", x);
        }

        return hash;

    }

    private byte[] Get_pub_Key(string text)
    {
        byte[] Bytes = new byte[65];
        int startpos = 0;
        for (int i = 0; i < (text.Length / 2); i++)
        {
            byte b = Convert.ToByte(text.Substring(startpos, 2), 16);
            Bytes[i] = b;
            startpos += 2;
        }
        return Bytes;
    }
}

接收错误: 
Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_DeriveKey returned 2147484548'

来自 HSM 的消息日志尾部: 
Mar 21 07:59:10 hsm1 kernel: ERR:  viper0: _do_smachine: hsm kernel crashed
Mar 21 07:59:10 hsm1 kernel: ERR:  viper0: _do_smachine: device error
Mar 21 07:59:10 hsm1 kernel: NOTE: viper0: HSM is being shut down, discarding pending requests...
Mar 21 07:59:10 hsm1 kernel: NOTE: viper0:    DMA buffers:          0000
Mar 21 07:59:10 hsm1 kernel: NOTE: viper0:    HSM commands:         0001
Mar 21 07:59:10 hsm1 kernel: NOTE: viper0:    Callback requests:    0000
Mar 21 07:59:10 hsm1 etnetserver[990]: MDV2_SendReceiveCmd(): MD_SendReceive() 
error: Internal error - unknown error

最佳答案

您得到的异常表示低级 PKCS#11 函数 C_DeriveKey返回供应商特定错误 0x80000384 ( 2147484548 dec) 称为 CKR_SMS_ERROR .您需要讨论设备供应商提供的文档或联系供应商支持,以更好地了解如何处理或避免此特定错误。

这个确切的错误 was also discussed in an older question它是由在多线程环境中错误使用 PKCS#11 API 引起的。

关于pkcs#11 - PCKS11interop 和 Safenet Network HSM 的 ECDH1_DERIVE 问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49383728/

26 4 0
文章推荐: woocommerce - 如何将WooComerceAPI集成到React中?
文章推荐: java - 执行规则时如何更改 drools 对象状态
文章推荐: java - 如何使用 getRestultSetType() 方法?
文章推荐: WPF 调度程序 - 突然出现 "stuck"并且在按下某个键之前不处理操作
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com