Search code examples
c#pkcs#11pkcs11interopgost3410

I'm trying to create GOSTR3410 public key. CKR_ATTRIBUTE_TYPE_INVALID exeption

Good day! I'm trying to create public key ObjectHandle based on hex string that comes from client via post request.

I'm doing it according to the documentation, but it returns me CKR_ATTRIBUTE_TYPE_INVALID exeption.

Full exeption message: Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_CreateObject returned CKR_ATTRIBUTE_VALUE_INVALID'

Inner exeption is null

Can you please help me to figure out what i'm doing wrong?

Here is my code:

using (Pkcs11 pkcs11 = new Pkcs11(Settings.RutokenEcpDllDefaultPath, AppType.MultiThreaded))
{
    Slot slot = GetSlot(pkcs11);

    // This public key comes from client
    // But i put it here to show value. Maybe value is a reason. I'm not sure, 
    // but i hope you will help me

    var hexString = "1c:ec:2d:4a:b3:51:51:07:f7:c4:f6:d9:09:a3:06:73:c2:06:42:7f:b2:11:fd:be:ad:12:5c:22:b9:df:cb:e5:08:7c:7c:48:a6:af:92:67:d3:56:63:29:0c:9e:1a:4a:0e:d1:08:d8:7a:28:61:bd:da:ed:be:aa:49:84:f2:64";
    hexString = hexString.Replace(":", string.Empty);
    var publicKeyValue = ConvertUtils.HexStringToBytes(hexString);

    using (Session session = slot.OpenSession(SessionType.ReadWrite))
    {
        session.Login(CKU.CKU_USER, Settings.TokenPin);
        List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_GOSTR3410));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, "Verification Key"));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, publicKeyValue));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
        objectAttributes.Add(new ObjectAttribute(CKA.CKA_GOSTR3410_PARAMS, new byte[] { 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x00 }));

        // Create object
        ObjectHandle objectHandle = session.CreateObject(objectAttributes);

    }
}
Solution

  • GOST Public Key can't be imported onto ruToken - see docs note in the box.

    Just change

    objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, **true**));

    to

    objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, **false**));

    Public key as a token object can only be 'created' as a result of C_GenerateKeyPair call.