Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
_pkcs11CreateObject(pkcs11, pkcs11Session, key, pkcs11Token) {
const ski = this._ski();
const keyTemplate = [
{type: pkcs11js.CKA_ID, value: ski},
{type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_SECRET_KEY},
{type: pkcs11js.CKA_KEY_TYPE, value: pkcs11js.CKK_AES},
// SoftHSMv2 prohibits specifying CKA_VALUE_LEN
// { type: pkcs11js.CKA_VALUE_LEN, value: key.length },
{type: pkcs11js.CKA_VALUE, value: key},
{type: pkcs11js.CKA_ENCRYPT, value: true},
{type: pkcs11js.CKA_DECRYPT, value: true},
{type: pkcs11js.CKA_PRIVATE, value: this._pkcs11Login},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token}
];
const handle = pkcs11.C_CreateObject(pkcs11Session, keyTemplate);
return {ski, key: handle};
}
/* CKA_TRUSTED is new for v2.11 */
trusted: { v: pkcs11.CKA_TRUSTED, t: TYPE_BOOL },
/* CKA_CERTIFICATE_CATEGORY ...
* CKA_CHECK_VALUE are new for v2.20 */
certCategory: { v: pkcs11.CKA_CERTIFICATE_CATEGORY, t: TYPE_NUMBER },
javaDomain: { v: pkcs11.CKA_JAVA_MIDP_SECURITY_DOMAIN, t: TYPE_NUMBER },
url: { v: pkcs11.CKA_URL, t: TYPE_STRING },
ski: { v: pkcs11.CKA_HASH_OF_SUBJECT_PUBLIC_KEY, t: TYPE_BUFFER },
aki: { v: pkcs11.CKA_HASH_OF_ISSUER_PUBLIC_KEY, t: TYPE_BUFFER },
// digestName: { v: pkcs11.CKA_NAME_HASH_ALGORITHM, t: TYPE_NUMBER },
checkValue: { v: pkcs11.CKA_CHECK_VALUE, t: TYPE_BUFFER },
keyType: { v: pkcs11.CKA_KEY_TYPE, t: TYPE_NUMBER },
subject: { v: pkcs11.CKA_SUBJECT, t: TYPE_BUFFER },
id: { v: pkcs11.CKA_ID, t: TYPE_BUFFER },
sensitive: { v: pkcs11.CKA_SENSITIVE, t: TYPE_BOOL },
encrypt: { v: pkcs11.CKA_ENCRYPT, t: TYPE_BOOL },
decrypt: { v: pkcs11.CKA_DECRYPT, t: TYPE_BOOL },
wrap: { v: pkcs11.CKA_WRAP, t: TYPE_BOOL },
unwrap: { v: pkcs11.CKA_UNWRAP, t: TYPE_BOOL },
sign: { v: pkcs11.CKA_SIGN, t: TYPE_BOOL },
signRecover: { v: pkcs11.CKA_SIGN_RECOVER, t: TYPE_BOOL },
verify: { v: pkcs11.CKA_VERIFY, t: TYPE_BOOL },
verifyRecover: { v: pkcs11.CKA_VERIFY_RECOVER, t: TYPE_BOOL },
derive: { v: pkcs11.CKA_DERIVE, t: TYPE_BOOL },
startDate: { v: pkcs11.CKA_START_DATE, t: TYPE_DATE },
endDate: { v: pkcs11.CKA_END_DATE, t: TYPE_DATE },
modulus: { v: pkcs11.CKA_MODULUS, t: TYPE_BUFFER },
modulusBits: { v: pkcs11.CKA_MODULUS_BITS, t: TYPE_NUMBER },
publicExponent: { v: pkcs11.CKA_PUBLIC_EXPONENT, t: TYPE_BUFFER },
privateExponent: { v: pkcs11.CKA_PRIVATE_EXPONENT, t: TYPE_BUFFER },
it("#1", () => {
const privateTemplate = [
{ type: pkcs11.CKA_ID, value: new Buffer("1234567890") },
{ type: pkcs11.CKA_SIGN, value: true },
{ type: pkcs11.CKA_DECRYPT, value: true },
{ type: pkcs11.CKA_UNWRAP, value: true },
];
const publicTemplate = [
{ type: pkcs11.CKA_ID, value: new Buffer("1234567890") },
{ type: pkcs11.CKA_PUBLIC_EXPONENT, value: new Buffer([1, 0, 1]) },
{ type: pkcs11.CKA_MODULUS_BITS, value: 1024 },
{ type: pkcs11.CKA_VERIFY, value: true },
{ type: pkcs11.CKA_ENCRYPT, value: true },
{ type: pkcs11.CKA_WRAP, value: true },
];
const keys = mod.C_GenerateKeyPair(session, { mechanism: pkcs11.CKM_RSA_PKCS_KEY_PAIR_GEN, parameter: null }, publicTemplate, privateTemplate);
let attrs = mod.C_GetAttributeValue(session, keys.privateKey, [
{ type: pkcs11.CKA_TOKEN }
]);
});
});
it("#1", () => {
const privateTemplate = [
{ type: pkcs11.CKA_ID, value: new Buffer("1234567890") },
{ type: pkcs11.CKA_SIGN, value: true },
{ type: pkcs11.CKA_DECRYPT, value: true },
{ type: pkcs11.CKA_UNWRAP, value: true },
];
const publicTemplate = [
{ type: pkcs11.CKA_ID, value: new Buffer("1234567890") },
{ type: pkcs11.CKA_PUBLIC_EXPONENT, value: new Buffer([1, 0, 1]) },
{ type: pkcs11.CKA_MODULUS_BITS, value: 1024 },
{ type: pkcs11.CKA_VERIFY, value: true },
{ type: pkcs11.CKA_ENCRYPT, value: true },
{ type: pkcs11.CKA_WRAP, value: true },
];
const keys = mod.C_GenerateKeyPair(session, { mechanism: pkcs11.CKM_RSA_PKCS_KEY_PAIR_GEN, parameter: null }, publicTemplate, privateTemplate);
let attrs = mod.C_GetAttributeValue(session, keys.privateKey, [
it("#1", () => {
const privateTemplate = [
{ type: pkcs11.CKA_ID, value: new Buffer("1234567890") },
{ type: pkcs11.CKA_SIGN, value: true },
{ type: pkcs11.CKA_DERIVE, value: true },
];
const publicTemplate = [
{ type: pkcs11.CKA_ID, value: new Buffer("1234567890") },
{ type: pkcs11.CKA_EC_PARAMS, value: new Buffer("06082A8648CE3D030107", "hex") },
{ type: pkcs11.CKA_VERIFY, value: true },
{ type: pkcs11.CKA_DERIVE, value: true },
];
const keys = mod.C_GenerateKeyPair(session, { mechanism: pkcs11.CKM_ECDSA_KEY_PAIR_GEN, parameter: null }, publicTemplate, privateTemplate);
let attrs = mod.C_GetAttributeValue(session, keys.privateKey, [
{ type: pkcs11.CKA_TOKEN }
]);
});
before(() => {
const privateTemplate = [
{ type: pkcs11.CKA_ID, value: new Buffer("1234567890") },
{ type: pkcs11.CKA_SIGN, value: true },
];
const publicTemplate = [
{ type: pkcs11.CKA_ID, value: new Buffer("1234567890") },
{ type: pkcs11.CKA_EC_PARAMS, value: new Buffer("06082A8648CE3D030107", "hex") },
{ type: pkcs11.CKA_VERIFY, value: true },
];
const keys = mod.C_GenerateKeyPair(session, { mechanism: pkcs11.CKM_ECDSA_KEY_PAIR_GEN, parameter: null }, publicTemplate, privateTemplate);
privateKey = keys.privateKey;
publicKey = keys.publicKey;
});
*/
{type: pkcs11js.CKA_PRIVATE, value: this._pkcs11Login},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token}
];
/*
* Call PKCS11 API to generate the key.
*/
const handle = pkcs11.C_GenerateKey(
pkcs11Session, {mechanism: pkcs11js.CKM_AES_KEY_GEN},
secretKeyTemplate);
/*
* Template for querying key attributes (debug only).
*/
const objectTemplate = [
{type: pkcs11js.CKA_ID},
{type: pkcs11js.CKA_CLASS},
{type: pkcs11js.CKA_KEY_TYPE},
{type: pkcs11js.CKA_VALUE_LEN},
{type: pkcs11js.CKA_ENCRYPT},
{type: pkcs11js.CKA_DECRYPT},
{type: pkcs11js.CKA_PRIVATE},
{type: pkcs11js.CKA_TOKEN}
];
logger.debug(__func() + 'secretKey: ' + util.inspect(
this._pkcs11GetAttributeValue(
pkcs11, pkcs11Session, handle, objectTemplate),
{depth: null}));
return {ski, key: handle};
}
certType: { v: pkcs11.CKA_CERTIFICATE_TYPE, t: TYPE_NUMBER },
issuer: { v: pkcs11.CKA_ISSUER, t: TYPE_BUFFER },
serial: { v: pkcs11.CKA_SERIAL_NUMBER, t: TYPE_BUFFER },
issuerAC: { v: pkcs11.CKA_AC_ISSUER, t: TYPE_BUFFER },
owner: { v: pkcs11.CKA_OWNER, t: TYPE_BUFFER },
attrTypes: { v: pkcs11.CKA_ATTR_TYPES, t: TYPE_BUFFER },
trusted: { v: pkcs11.CKA_TRUSTED, t: TYPE_BOOL },
certCategory: { v: pkcs11.CKA_CERTIFICATE_CATEGORY, t: TYPE_NUMBER },
javaDomain: { v: pkcs11.CKA_JAVA_MIDP_SECURITY_DOMAIN, t: TYPE_NUMBER },
url: { v: pkcs11.CKA_URL, t: TYPE_STRING },
ski: { v: pkcs11.CKA_HASH_OF_SUBJECT_PUBLIC_KEY, t: TYPE_BUFFER },
aki: { v: pkcs11.CKA_HASH_OF_ISSUER_PUBLIC_KEY, t: TYPE_BUFFER },
checkValue: { v: pkcs11.CKA_CHECK_VALUE, t: TYPE_BUFFER },
keyType: { v: pkcs11.CKA_KEY_TYPE, t: TYPE_NUMBER },
subject: { v: pkcs11.CKA_SUBJECT, t: TYPE_BUFFER },
id: { v: pkcs11.CKA_ID, t: TYPE_BUFFER },
sensitive: { v: pkcs11.CKA_SENSITIVE, t: TYPE_BOOL },
encrypt: { v: pkcs11.CKA_ENCRYPT, t: TYPE_BOOL },
decrypt: { v: pkcs11.CKA_DECRYPT, t: TYPE_BOOL },
wrap: { v: pkcs11.CKA_WRAP, t: TYPE_BOOL },
unwrap: { v: pkcs11.CKA_UNWRAP, t: TYPE_BOOL },
sign: { v: pkcs11.CKA_SIGN, t: TYPE_BOOL },
signRecover: { v: pkcs11.CKA_SIGN_RECOVER, t: TYPE_BOOL },
verify: { v: pkcs11.CKA_VERIFY, t: TYPE_BOOL },
verifyRecover: { v: pkcs11.CKA_VERIFY_RECOVER, t: TYPE_BOOL },
derive: { v: pkcs11.CKA_DERIVE, t: TYPE_BOOL },
startDate: { v: pkcs11.CKA_START_DATE, t: TYPE_DATE },
endDate: { v: pkcs11.CKA_END_DATE, t: TYPE_DATE },
modulus: { v: pkcs11.CKA_MODULUS, t: TYPE_BUFFER },
modulusBits: { v: pkcs11.CKA_MODULUS_BITS, t: TYPE_NUMBER },
publicExponent: { v: pkcs11.CKA_PUBLIC_EXPONENT, t: TYPE_BUFFER },
privateExponent: { v: pkcs11.CKA_PRIVATE_EXPONENT, t: TYPE_BUFFER },