Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
token: false,
derive: true
});
// derive algorithm
let alg = {
name: "ECDH1_DERIVE",
params: new graphene.EcdhParams(
graphene.EcKdf.SHA1,
null,
keys.publicKey.getAttribute({ pointEC: null }).pointEC)
};
// Template for derived key
let template = {
"class": graphene.ObjectClass.SECRET_KEY,
"token": false,
"keyType": graphene.KeyType.AES,
"valueLen": 256 / 8,
"encrypt": true,
"decrypt": true
};
// Key derivation
let dKey = session.deriveKey(alg, keys.privateKey, template);
console.log("Derived key handle:", dKey.handle);
session.logout();
session.close();
}
else {
console.error("Slot is not initialized");
case "P-256":
case "K-256":
valueLen = 256;
break;
case "P-384":
valueLen = 384;
break;
case "P-521":
valueLen = 534;
break;
}
// const curve = EcCrypto.getNamedCurve(baseKey.algorithm.namedCurve);
const template: graphene.ITemplate = {
token: false,
sensitive: false,
class: graphene.ObjectClass.SECRET_KEY,
keyType: graphene.KeyType.GENERIC_SECRET,
extractable: true,
encrypt: true,
decrypt: true,
valueLen: valueLen >> 3,
};
// derive key
const ecPoint = (algorithm.public as EcCryptoKey).key.getAttribute({ pointEC: null }).pointEC!;
this.crypto.session.deriveKey(
{
name: "ECDH1_DERIVE",
params: new graphene.EcdhParams(
graphene.EcKdf.NULL,
null as any,
ecPoint, // CKA_EC_POINT
),
token: !!process.env.WEBCRYPTO_PKCS11_TOKEN,
sensitive: !!process.env.WEBCRYPTO_PKCS11_SENSITIVE,
class: graphene.ObjectClass.PRIVATE_KEY,
keyType,
private: true,
label,
id: idKey,
extractable,
derive: keyUsages.indexOf("deriveKey") !== -1 || keyUsages.indexOf("deriveBits") !== -1,
sign: keyUsages.indexOf("sign") !== -1,
decrypt: keyUsages.indexOf("decrypt") !== -1,
unwrap: keyUsages.indexOf("unwrapKey") !== -1,
},
publicKey: {
token: !!process.env.WEBCRYPTO_PKCS11_TOKEN,
class: graphene.ObjectClass.PUBLIC_KEY,
keyType,
private: false,
label,
id: idKey,
derive: keyUsages.indexOf("deriveKey") !== -1 || keyUsages.indexOf("deriveBits") !== -1,
verify: keyUsages.indexOf("verify") !== -1,
encrypt: keyUsages.indexOf("encrypt") !== -1,
wrap: keyUsages.indexOf("wrapKey") !== -1,
},
};
}
token: !!process.env["WEBCRYPTO_PKCS11_TOKEN"],
sensitive: !!process.env["WEBCRYPTO_PKCS11_SENSITIVE"],
class: graphene_pk11_1.ObjectClass.PRIVATE_KEY,
keyType: graphene_pk11_1.KeyType.RSA,
private: true,
label: label,
id: id_pk,
extractable: extractable,
derive: false,
sign: keyUsages.indexOf(key_1.KU_SIGN) !== -1,
decrypt: keyUsages.indexOf(key_1.KU_DECRYPT) !== -1,
unwrap: keyUsages.indexOf(key_1.KU_UNWRAP) !== -1
},
publicKey: {
token: !!process.env["WEBCRYPTO_PKCS11_TOKEN"],
class: graphene_pk11_1.ObjectClass.PUBLIC_KEY,
keyType: graphene_pk11_1.KeyType.RSA,
label: label,
id: id_pubk,
verify: keyUsages.indexOf(key_1.KU_VERIFY) !== -1,
encrypt: keyUsages.indexOf(key_1.KU_ENCRYPT) !== -1,
wrap: keyUsages.indexOf(key_1.KU_WRAP) !== -1,
}
};
}
var Rsa = (function (_super) {
function P11CryptoKey(key, alg) {
this.usages = [];
switch (key.class) {
case graphene_pk11_1.ObjectClass.PUBLIC_KEY:
this.initPublicKey(key.toType());
break;
case graphene_pk11_1.ObjectClass.PRIVATE_KEY:
this.initPrivateKey(key.toType());
break;
case graphene_pk11_1.ObjectClass.SECRET_KEY:
this.initSecretKey(key.toType());
break;
default:
throw new error.WebCryptoError("Wrong incoming session object '" + graphene_pk11_1.ObjectClass[key.class] + "'");
}
this.algorithm = alg;
this.id = this._key.getAttribute({ id: null }).id.toString();
}
Object.defineProperty(P11CryptoKey.prototype, "key", {
protected static createTemplate(session: graphene.Session, alg: EcKeyGenParams, extractable: boolean, keyUsages: string[]): ITemplatePair {
const label = `EC-${alg.namedCurve}`;
const idKey = utils.GUID(session);
const keyType = graphene.KeyType.ECDSA;
return {
privateKey: {
token: !!process.env.WEBCRYPTO_PKCS11_TOKEN,
sensitive: !!process.env.WEBCRYPTO_PKCS11_SENSITIVE,
class: graphene.ObjectClass.PRIVATE_KEY,
keyType,
private: true,
label,
id: idKey,
extractable,
derive: keyUsages.indexOf("deriveKey") !== -1 || keyUsages.indexOf("deriveBits") !== -1,
sign: keyUsages.indexOf("sign") !== -1,
decrypt: keyUsages.indexOf("decrypt") !== -1,
unwrap: keyUsages.indexOf("unwrapKey") !== -1,
},
publicKey: {
token: !!process.env.WEBCRYPTO_PKCS11_TOKEN,
class: graphene.ObjectClass.PUBLIC_KEY,
keyType,
private: false,
label,
function create_template(session, alg, extractable, keyUsages) {
var id = utils.GUID(session);
return {
token: !!process.env["WEBCRYPTO_PKCS11_TOKEN"],
sensitive: !!process.env["WEBCRYPTO_PKCS11_SENSITIVE"],
class: graphene_pk11_1.ObjectClass.SECRET_KEY,
keyType: graphene_pk11_1.KeyType.AES,
label: "AES-" + alg.length,
id: new Buffer(id),
extractable: extractable,
derive: false,
sign: keyUsages.indexOf(key_1.KU_SIGN) !== -1,
verify: keyUsages.indexOf(key_1.KU_VERIFY) !== -1,
encrypt: keyUsages.indexOf(key_1.KU_ENCRYPT) !== -1,
decrypt: keyUsages.indexOf(key_1.KU_DECRYPT) !== -1,
wrap: keyUsages.indexOf(key_1.KU_WRAP) !== -1,
unwrap: keyUsages.indexOf(key_1.KU_UNWRAP) !== -1,
};
}
exports.create_template = create_template;
function create_template(session, alg, extractable, keyUsages) {
var label = "RSA-" + alg.modulusLength;
var id_pk = new Buffer(utils.GUID(session));
var id_pubk = new Buffer(utils.GUID(session));
return {
privateKey: {
token: !!process.env["WEBCRYPTO_PKCS11_TOKEN"],
sensitive: !!process.env["WEBCRYPTO_PKCS11_SENSITIVE"],
class: graphene_pk11_1.ObjectClass.PRIVATE_KEY,
keyType: graphene_pk11_1.KeyType.RSA,
private: true,
label: label,
id: id_pk,
extractable: extractable,
derive: false,
sign: keyUsages.indexOf(key_1.KU_SIGN) !== -1,
decrypt: keyUsages.indexOf(key_1.KU_DECRYPT) !== -1,
unwrap: keyUsages.indexOf(key_1.KU_UNWRAP) !== -1
},
publicKey: {
token: !!process.env["WEBCRYPTO_PKCS11_TOKEN"],
class: graphene_pk11_1.ObjectClass.PUBLIC_KEY,
keyType: graphene_pk11_1.KeyType.RSA,
label: label,
id: id_pubk,
function create_template(session, alg, extractable, keyUsages) {
var label = "EC-" + alg.namedCurve;
var id_pk = new Buffer(utils.GUID(session));
var id_pubk = new Buffer(utils.GUID(session));
var keyType = graphene_pk11_1.KeyType.ECDSA;
return {
privateKey: {
token: !!process.env["WEBCRYPTO_PKCS11_TOKEN"],
sensitive: !!process.env["WEBCRYPTO_PKCS11_SENSITIVE"],
class: graphene_pk11_1.ObjectClass.PRIVATE_KEY,
keyType: keyType,
private: true,
label: label,
id: id_pk,
extractable: extractable,
derive: keyUsages.indexOf(key_1.KU_DERIVE) !== -1,
sign: keyUsages.indexOf(key_1.KU_SIGN) !== -1,
decrypt: keyUsages.indexOf(key_1.KU_DECRYPT) !== -1,
unwrap: keyUsages.indexOf(key_1.KU_UNWRAP) !== -1
},
publicKey: {
token: !!process.env["WEBCRYPTO_PKCS11_TOKEN"],
class: graphene_pk11_1.ObjectClass.PUBLIC_KEY,
keyType: keyType,
label: label,
id: id_pubk,