Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
prime1: { v: pkcs11.CKA_PRIME_1, t: TYPE_BUFFER },
prime2: { v: pkcs11.CKA_PRIME_2, t: TYPE_BUFFER },
exp1: { v: pkcs11.CKA_EXPONENT_1, t: TYPE_BUFFER },
exp2: { v: pkcs11.CKA_EXPONENT_2, t: TYPE_BUFFER },
coefficient: { v: pkcs11.CKA_COEFFICIENT, t: TYPE_BUFFER },
prime: { v: pkcs11.CKA_PRIME, t: TYPE_BUFFER },
subprime: { v: pkcs11.CKA_SUBPRIME, t: TYPE_BUFFER },
base: { v: pkcs11.CKA_BASE, t: TYPE_BUFFER },
/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
primeBits: { v: pkcs11.CKA_PRIME_BITS, t: TYPE_NUMBER },
subprimeBits: { v: pkcs11.CKA_SUBPRIME_BITS, t: TYPE_NUMBER },
/* (To retain backwards-compatibility) */
valueBits: { v: pkcs11.CKA_VALUE_BITS, t: TYPE_NUMBER },
valueLen: { v: pkcs11.CKA_VALUE_LEN, t: TYPE_NUMBER },
/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
* CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
* and CKA_EC_POINT are new for v2.0 */
extractable: { v: pkcs11.CKA_EXTRACTABLE, t: TYPE_BOOL },
local: { v: pkcs11.CKA_LOCAL, t: TYPE_BOOL },
neverExtractable: { v: pkcs11.CKA_NEVER_EXTRACTABLE, t: TYPE_BOOL },
alwaysSensitive: { v: pkcs11.CKA_ALWAYS_SENSITIVE, t: TYPE_BOOL },
/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
keyGenMechanism: { v: pkcs11.CKA_KEY_GEN_MECHANISM, t: TYPE_NUMBER },
modifiable: { v: pkcs11.CKA_MODIFIABLE, t: TYPE_BOOL },
/* CKA_ECDSA_PARAMS is deprecated in v2.11,
* CKA_EC_PARAMS is preferred. */
_pkcs11GenerateKey(pkcs11, pkcs11Session, pkcs11Token) {
const ski = this._ski();
const secretKeyTemplate = [
{type: pkcs11js.CKA_ID, value: ski},
{type: pkcs11js.CKA_CLASS, value: pkcs11js.CKO_SECRET_KEY},
{type: pkcs11js.CKA_KEY_TYPE, value: pkcs11js.CKK_AES},
{type: pkcs11js.CKA_VALUE_LEN, value: this._keySize / 8},
{type: pkcs11js.CKA_ENCRYPT, value: true},
{type: pkcs11js.CKA_DECRYPT, value: true},
/*
* If user is logged in:
* - key will be private
* - key will be non-ephemeral by user request
* If user is not logged in:
* - key will be public
* - key will be ephermal regardless of user request
*
* Note that public and private here means publically and privately
* accessible, respectively, and has nothing to do with public and
* private key pair.
*/
{type: pkcs11js.CKA_PRIVATE, value: this._pkcs11Login},
{type: pkcs11js.CKA_TOKEN, value: this._pkcs11Login && pkcs11Token}
modulus: { v: pkcs11.CKA_MODULUS, t: TYPE_BUFFER },
modulusBits: { v: pkcs11.CKA_MODULUS_BITS, t: TYPE_NUMBER },
publicExponent: { v: pkcs11.CKA_PUBLIC_EXPONENT, t: TYPE_BUFFER },
privateExponent: { v: pkcs11.CKA_PRIVATE_EXPONENT, t: TYPE_BUFFER },
prime1: { v: pkcs11.CKA_PRIME_1, t: TYPE_BUFFER },
prime2: { v: pkcs11.CKA_PRIME_2, t: TYPE_BUFFER },
exp1: { v: pkcs11.CKA_EXPONENT_1, t: TYPE_BUFFER },
exp2: { v: pkcs11.CKA_EXPONENT_2, t: TYPE_BUFFER },
coefficient: { v: pkcs11.CKA_COEFFICIENT, t: TYPE_BUFFER },
prime: { v: pkcs11.CKA_PRIME, t: TYPE_BUFFER },
subprime: { v: pkcs11.CKA_SUBPRIME, t: TYPE_BUFFER },
base: { v: pkcs11.CKA_BASE, t: TYPE_BUFFER },
primeBits: { v: pkcs11.CKA_PRIME_BITS, t: TYPE_NUMBER },
subprimeBits: { v: pkcs11.CKA_SUBPRIME_BITS, t: TYPE_NUMBER },
valueBits: { v: pkcs11.CKA_VALUE_BITS, t: TYPE_NUMBER },
valueLen: { v: pkcs11.CKA_VALUE_LEN, t: TYPE_NUMBER },
extractable: { v: pkcs11.CKA_EXTRACTABLE, t: TYPE_BOOL },
local: { v: pkcs11.CKA_LOCAL, t: TYPE_BOOL },
neverExtractable: { v: pkcs11.CKA_NEVER_EXTRACTABLE, t: TYPE_BOOL },
alwaysSensitive: { v: pkcs11.CKA_ALWAYS_SENSITIVE, t: TYPE_BOOL },
keyGenMechanism: { v: pkcs11.CKA_KEY_GEN_MECHANISM, t: TYPE_NUMBER },
modifiable: { v: pkcs11.CKA_MODIFIABLE, t: TYPE_BOOL },
paramsECDSA: { v: pkcs11.CKA_ECDSA_PARAMS, t: TYPE_BUFFER },
paramsEC: { v: pkcs11.CKA_EC_PARAMS, t: TYPE_BUFFER },
pointEC: { v: pkcs11.CKA_EC_POINT, t: TYPE_BUFFER },
secondaryAuth: { v: pkcs11.CKA_SECONDARY_AUTH, t: TYPE_BOOL },
authPinFlags: { v: pkcs11.CKA_AUTH_PIN_FLAGS, t: TYPE_BUFFER },
alwaysAuth: pkcs11.CKA_ALWAYS_AUTHENTICATE,
wrapWithTrusted: pkcs11.CKA_WRAP_WITH_TRUSTED,
wrapTemplate: pkcs11.CKA_WRAP_TEMPLATE,
unwrapTemplate: pkcs11.CKA_UNWRAP_TEMPLATE,
otpFormat: pkcs11.CKA_OTP_FORMAT,
];
/*
* Call PKCS11 API to generate the key.
*/
const handle = pkcs11.C_GenerateKey(
pkcs11Session, {mechanism: pkcs11js.CKM_AES_KEY_GEN},
secretKeyTemplate);
/*
* Template for querying key attributes (debug only).
*/
const objectTemplate = [
{type: pkcs11js.CKA_ID},
{type: pkcs11js.CKA_CLASS},
{type: pkcs11js.CKA_KEY_TYPE},
{type: pkcs11js.CKA_VALUE_LEN},
{type: pkcs11js.CKA_ENCRYPT},
{type: pkcs11js.CKA_DECRYPT},
{type: pkcs11js.CKA_PRIVATE},
{type: pkcs11js.CKA_TOKEN}
];
logger.debug(__func() + 'secretKey: ' + util.inspect(
this._pkcs11GetAttributeValue(
pkcs11, pkcs11Session, handle, objectTemplate),
{depth: null}));
return {ski, key: handle};
}