API tools faq
paste
Guest User

Untitled

a guest
Jun 21st, 2018
164
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.53 KB | None | 0 0
raw download clone embed print report
  1. const pkcs11 = require("pkcs11js");
  2. const ffi = require("ffi");
  3. const ref = require("ref");
  4. const ArrayType = require('ref-array')
  5. const StructType = require("ref-struct");
  6.  
  7. const KEYPAIR_ID = Buffer.from("GOST keypair");
  8.  
  9. // PKCS11 types
  10. const CK_BYTE = ref.types.byte;
  11. const CK_BYTE_PTR = ArrayType(CK_BYTE);
  12. const CK_ULONG = ref.types.long;
  13. const CK_EC_KDF_TYPE = CK_ULONG;
  14.  
  15. // typedef struct CK_GOSTR3410_DERIVE_PARAMS {
  16. // CK_EC_KDF_TYPE kdf;
  17. // CK_BYTE_PTR pPublicData;
  18. // CK_ULONG ulPublicDataLen;
  19. // CK_BYTE_PTR pUKM;
  20. // CK_ULONG ulUKMLen;
  21. // } CK_GOSTR3410_DERIVE_PARAMS;
  22.  
  23. const CK_GOSTR3410_DERIVE_PARAMS = StructType({
  24. kdf: CK_EC_KDF_TYPE,
  25. pPublicData: CK_BYTE_PTR,
  26. ulPublicDataLen: CK_ULONG,
  27. pUKM: CK_BYTE_PTR,
  28. ulUKMLen: CK_ULONG,
  29. })
  30.  
  31. function GenerateGOSTKeyPair(token, session) {
  32. console.log("Generating GOST key pair");
  33.  
  34. const GOST34_10_2001PublicKey = [
  35. { type: pkcs11.CKA_CLASS, value: pkcs11.CKO_PUBLIC_KEY },
  36. { type: pkcs11.CKA_LABEL, value: "GOST Public Key" },
  37. { type: pkcs11.CKA_ID, value: KEYPAIR_ID },
  38. { type: pkcs11.CKA_KEY_TYPE, value: pkcs11.CKK_GOSTR3410 },
  39. { type: pkcs11.CKA_TOKEN, value: true },
  40. { type: pkcs11.CKA_PRIVATE, value: false },
  41. { type: pkcs11.CKA_DERIVE, value: true },
  42. { type: pkcs11.CKA_GOSTR3410_PARAMS, value: Buffer.from([0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x01]) },
  43. { type: pkcs11.CKA_GOSTR3411_PARAMS, value: Buffer.from([0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x01]) },
  44. ];
  45.  
  46. const GOST34_10_2001PrivateKey = [
  47. { type: pkcs11.CKA_CLASS, value: pkcs11.CKO_PRIVATE_KEY },
  48. { type: pkcs11.CKA_ID, value: KEYPAIR_ID },
  49. { type: pkcs11.CKA_KEY_TYPE, value: pkcs11.CKK_GOSTR3410 },
  50. { type: pkcs11.CKA_TOKEN, value: true },
  51. { type: pkcs11.CKA_PRIVATE, value: true },
  52. { type: pkcs11.CKA_DERIVE, value: true },
  53. { type: pkcs11.CKA_GOSTR3410_PARAMS, value: Buffer.from([0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x01]) },
  54. ];
  55.  
  56. const keys = token.C_GenerateKeyPair(session,
  57. { mechanism: pkcs11.CKM_GOSTR3410_KEY_PAIR_GEN, parameter: null },
  58. GOST34_10_2001PublicKey,
  59. GOST34_10_2001PrivateKey);
  60.  
  61. return keys;
  62. }
  63.  
  64. function FindKey(token, session, keyClass, id) {
  65. token.C_FindObjectsInit(session, [
  66. { type: pkcs11.CKA_CLASS, value: keyClass },
  67. { type: pkcs11.CKA_ID, value: id },
  68. ]);
  69.  
  70. const obj = token.C_FindObjects(session);
  71. token.C_FindObjectsFinal(session);
  72.  
  73. return obj || null;
  74. }
  75.  
  76. async function main() {
  77. const token = new pkcs11.PKCS11();
  78. token.load("/usr/local/lib/librtpkcs11ecp.dylib");
  79.  
  80. token.C_Initialize();
  81.  
  82. try {
  83. console.log(token.C_GetInfo());
  84.  
  85. const slots = token.C_GetSlotList(true);
  86. const slot = slots[0];
  87. const session = token.C_OpenSession(slot, pkcs11.CKF_SERIAL_SESSION | pkcs11.CKF_RW_SESSION);
  88. token.C_Login(session, pkcs11.CKU_USER, "12345678");
  89.  
  90. // GenerateGOSTKeyPair(token, session);
  91. const publicKey = FindKey(token, session, pkcs11.CKO_PUBLIC_KEY, KEYPAIR_ID);
  92. if (!publicKey) throw new Error("Cannot get public key");
  93. const privateKey = FindKey(token, session, pkcs11.CKO_PRIVATE_KEY, KEYPAIR_ID);
  94. if (!privateKey) throw new Error("Cannot get private key");
  95.  
  96. const attrGOST28147DerivedKey = [
  97. { type: pkcs11.CKA_CLASS, value: pkcs11.CKO_SECRET_KEY },
  98. { type: pkcs11.CKA_LABEL, value: "Derived GOST key" },
  99. { type: pkcs11.CKA_KEY_TYPE, value: pkcs11.CKK_GOST28147 },
  100. { type: pkcs11.CKA_TOKEN, value: false },
  101. { type: pkcs11.CKA_PRIVATE, value: false },
  102. { type: pkcs11.CKA_EXTRACTABLE, value: false },
  103. { type: pkcs11.CKA_SENSITIVE, value: false },
  104. ];
  105. const clientPublicKey = Buffer.from("FF8DAB7F1C0B74A5AD7F0B5F8D5B3C44583798C92586407EEC6EAF00CB4465A5229A53563297358099CA1E17213A960E21FBC60F255B5D994EC45C42087D0604", "hex");
  106. const UKM = Buffer.from("A93C164618F031F3", "hex");
  107. const parameters = new CK_GOSTR3410_DERIVE_PARAMS({
  108. kdf: pkcs11.CKD_CPDIVERSIFY_KDF,
  109. pPublicData: clientPublicKey,
  110. ulPublicDataLen: clientPublicKey.length,
  111. pUKM: UKM,
  112. ulUKMLen: UKM.length,
  113. });
  114.  
  115. const secKey = token.C_DeriveKey(session,
  116. { mechanism: pkcs11.CKM_GOSTR3410_DERIVE, parameter: parameters.ref() },
  117. privateKey,
  118. attrGOST28147DerivedKey);
  119.  
  120. const secKeyValues = token.C_GetAttributeValue(session, secKey, [
  121. { type: pkcs11.CKA_CLASS, value: null },
  122. { type: pkcs11.CKA_VALUE, value: null },
  123. ]);
  124. console.log("Sec key:", secKeyValues);
  125.  
  126. }
  127. catch (e) {
  128. console.error(e)
  129. }
  130. finally {
  131. token.C_Finalize();
  132. }
  133.  
  134. }
  135.  
  136. main().catch(err => console.error(err));
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!