PDF使用Pkcs11Interop

Question

我尝试将Pkcs11Interop库用于我们的机构项目。但问题是，当我试图从令牌卡中获取价值时，＆＃34;试图读取或写入受保护的内存。这通常表明其他内存已损坏＆＃34;错误来自Pkcs11Interop。我无法找到任何解决方案。请帮帮我，谢谢你。

Project是使用.Net Framework 4.5编写的Windows窗体应用程序

错误： system.accessviolationexception {"Attempted to read or write protected memory. This is often an indication that other memory is corrupt."}

错误堆栈跟踪：

 at Net.Pkcs11Interop.HighLevelAPI40.Session.GetAttributeValue(ObjectHandle objectHandle, List`1 attributes)
   at Net.Pkcs11Interop.HighLevelAPI40.Session.GetAttributeValue(ObjectHandle objectHandle, List`1 attributes)
   at EFinImza.Program.Main() in c:\HttpRoot\EFinImza\EFinImza\Program.cs:line 56
   at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
   at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()

代码是这样的：

static void Main()
    {
        try
        {
            string pkcs11Library = @"C:\Windows\System32\akisp11.dll";
            using (var pkcs11 = new Net.Pkcs11Interop.HighLevelAPI40.Pkcs11(pkcs11Library, false, false))
            {
                LibraryInfo info = pkcs11.GetInfo();
                foreach (Slot slot in pkcs11.GetSlotList(false))
                {
                    SlotInfo slotInfo = slot.GetSlotInfo();
                    if (slotInfo.SlotFlags.TokenPresent)
                    {
                        TokenInfo tokenInfo = slot.GetTokenInfo();

                        Session session = slot.OpenSession(false);
                        String pin = "*****";
                        session.Login(CKU.CKU_USER, pin);

                        // get all objects using empty ObjectAttributes list
                        List<ObjectHandle> handles = session.FindAllObjects(new List<ObjectAttribute>());
                        List<CKA> attrs = new List<CKA>();
                        attrs.Add(CKA.CKA_LABEL);

                        foreach (ObjectHandle handle in handles)
                        {
                            List<ObjectAttribute> oAttrs = session.GetAttributeValue(handle, attrs);   **//Error is getting here**
                        }

                        session.CloseSession();
                    }
                }

                pkcs11.Dispose();
            }

            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault(false);
        }
        catch (Exception ex)
        {
            throw ex;
        }

    }

Answer 1

在开始使用Pkcs11Interop之前，根据official documentation的建议，您应该至少熟悉＆＃34;第2章 - 范围＆＃34; ，＆＃34; 6 - PKCS#11 v2.20 specification的概述＆＃34; 和＆＃34;第10章 - 对象＆＃34; 。

您的代码首先查找所有对象，无论其类型（密钥，证书等）如何，然后尝试读取每个对象的CKA_VALUE属性。 CKA_VALUE不是所有对象类型的有效属性，我想这可能会导致您的问题。当然，表现良好的非托管PKCS＃11库会返回CKR_ATTRIBUTE_TYPE_INVALID错误而不是segfaulting但是有许多质量差的PKCS＃11库不能很好地处理这些极端情况。

我建议您先阅读提到的规范章节，然后更改传递给FindAllObjects()方法的搜索模板，以仅搜索您真正感兴趣的特定对象类型。