Как зашифровать данные с помощью c# cng внутри hsm с помощью ключа NeverExtractable? - PullRequest
Новая
       88

Как зашифровать данные с помощью c# cng внутри hsm с помощью ключа NeverExtractable?

1 голос
/ 27 мая 2020

Я использую. net core 3.1 для шифрования паролей с помощью ключа NeverExtractable от hsm (Securosys Primus HSM Key Storage Provider). Ниже приведен код того, что я пытаюсь сделать. 

        public byte[] EncryptPasswordWithProvider
        (
            string plainText,
            string cngProviderName,
            string cngProviderKey
        )
        {
            byte[] result;

            CngProvider cngProvider = new CngProvider(cngProviderName);

            using (AesCng aesCng = new AesCng(cngProviderKey, cngProvider))
            {
                aesCng.GenerateIV();
                ICryptoTransform encryptor = aesCng.CreateEncryptor();

                using MemoryStream msKeyEncrypt = new MemoryStream();
                using CryptoStream csKeyEncrypt =
                    new CryptoStream(msKeyEncrypt, encryptor, CryptoStreamMode.Write);
                byte[] dataToEncrypt = Encoding.UTF8.GetBytes(plainText);
                csKeyEncrypt.Write(dataToEncrypt, 0, dataToEncrypt.Length); //an error occurs here
                csKeyEncrypt.FlushFinalBlock();
                result = msKeyEncrypt.ToArray();
            }

            return result;
        }

Ошибка с сообщением «Параметр неверен». происходит во время исполнения. Трассировка стека приведена ниже 

     at Internal.Cryptography.BasicSymmetricCipherNCrypt.Transform(Byte[] input, Int32 inputOffset, Int32 count, Byte[] output, Int32 outputOffset)
   at Internal.Cryptography.BasicSymmetricCipherNCrypt.TransformFinal(Byte[] input, Int32 inputOffset, Int32 count)
   at Internal.Cryptography.UniversalCryptoEncryptor.UncheckedTransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at Internal.Cryptography.UniversalCryptoTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.<FlushFinalBlockAsync>d__29.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
   at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
   at System.IO.Stream.Close()
   at System.IO.Stream.Dispose()
   at Intellicard.PasswordManager.Services.PasswordService.a(String plainText, String cngProviderName, String cngProviderKey) in D:\Projects\passwordManager\trunk\PasswordToolVersion2\Intellicard.PasswordManager\Services\PasswordService.cs:line 402
   at Intellicard.PasswordManager.Controllers.ConfigurationController.GetEncryptedData(IEnumerable`1 dataToEncrypt, EncryptionConfigurationModel currentEncryptionConfiguration) in D:\Projects\passwordManager\trunk\PasswordToolVersion2\Intellicard.PasswordManager\Controllers\ConfigurationController.cs:line 184
   at Intellicard.PasswordManager.Controllers.ConfigurationController.<UpdateEncryptionConfigurationData>d__14.MoveNext() in D:\Projects\passwordManager\trunk\PasswordToolVersion2\Intellicard.PasswordManager\Controllers\ConfigurationController.cs:line 227
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.<Execute>d__0.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Runtime.CompilerServices.ValueTaskAwaiter`1.GetResult()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<<InvokeActionMethodAsync>g__Logged|12_1>d.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<<InvokeNextActionFilterAsync>g__Awaited|10_0>d.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<<InvokeNextResourceFilter>g__Awaited|24_0>d.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<<InvokeAsync>g__Logged|17_1>d.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Microsoft.AspNetCore.Builder.RouterMiddleware.<Invoke>d__4.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.<Invoke>d__6.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.<Invoke>d__3.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Intellicard.PasswordManager.Middleware.TokenCreationMiddleware.<InvokeAsync>d__3.MoveNext() in D:\Projects\passwordManager\trunk\PasswordToolVersion2\Intellicard.PasswordManager\Middleware\TokenCreationMiddleware.cs:line 40
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()

Есть данные локального журнала из hsm, но нет журналов в реальном hsm (похоже, мой запрос не может достичь самого hsm): 

SPHK_Encrypt: EncryptData failed with 0xee000041(TLSTATUS_INVALID_PARAMETER).

Как решить эту проблему?

Примечание: Этот код отлично работает со стандартным поставщиком хранилища ключей программного обеспечения Microsoft с обоими типами ключей (извлекаемым и никогда не извлекаемым).

...