2

Good day! I'm trying to create public key ObjectHandle based on hex string that comes from client via post request.

I'm doing it according to the documentation, but it returns me CKR_ATTRIBUTE_TYPE_INVALID exeption.

Full exeption message: Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_CreateObject returned CKR_ATTRIBUTE_VALUE_INVALID'

Inner exeption is null

Can you please help me to figure out what i'm doing wrong?

Here is my code:

using (Pkcs11 pkcs11 = new Pkcs11(Settings.RutokenEcpDllDefaultPath, AppType.MultiThreaded))
{
    Slot slot = GetSlot(pkcs11);

    // This public key comes from client
    // But i put it here to show value. Maybe value is a reason. I'm not sure, 
    // but i hope you will help me

    var hexString = "1c:ec:2d:4a:b3:51:51:07:f7:c4:f6:d9:09:a3:06:73:c2:06:42:7f:b2:11:fd:be:ad:12:5c:22:b9:df:cb:e5:08:7c:7c:48:a6:af:92:67:d3:56:63:29:0c:9e:1a:4a:0e:d1:08:d8:7a:28:61:bd:da:ed:be:aa:49:84:f2:64";
    hexString = hexString.Replace(":", string.Empty);
    var publicKeyValue = ConvertUtils.HexStringToBytes(hexString);

    using (Session session = slot.OpenSession(SessionType.ReadWrite))
    {
        session.Login(CKU.CKU_USER, Settings.TokenPin);
        List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_GOSTR3410));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, "Verification Key"));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, publicKeyValue));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_GOSTR3410_PARAMS, new byte[] { 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x00 }));

        // Create object
        ObjectHandle objectHandle = session.CreateObject(objectAttributes);

    }
}
Alexander
  • 1,232
  • 1
  • 15
  • 24
Ziiaev Emil
  • 35
  • 4

2 Answers2

0

By returning CKR_ATTRIBUTE_VALUE_INVALID your PKCS#11 library tells you that your template specifies an invalid value for a valid attribute(s).

Unfortunately PKCS#11 API does not provide details which attribute caused the error but many PKCS#11 libraries support some kind of internal logging mechanism which may reveal the real cause of error. Exact steps needed to enable logging should be present in the documentation provided by the PKCS#11 library vendor.

jariq
  • 11,681
  • 3
  • 33
  • 52
0

GOST Public Key can't be imported onto ruToken - see docs note in the box.

Just change

objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, **true**));

to

objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, **false**));

Public key as a token object can only be 'created' as a result of C_GenerateKeyPair call.

Alexander
  • 1,232
  • 1
  • 15
  • 24
  • Thank you very much! Your solution helped partialy. I went through the documentation you gave me and found out which object attributes i've been setting incorrectly. **CKA.CKA_TOKEN** you told me about and also **CKA.CKA_GOSTR3410_PARAMS**. – Ziiaev Emil Jul 05 '19 at 11:52