UNPKG

pkcs11test

Version:

Simple CLI application for PKCS#11 testing based on WebCrypto library

274 lines (273 loc) 13.2 kB
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __generator = (this && this.__generator) || function (thisArg, body) { var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); while (_) try { if (f = 1, y && (t = y[op[0] & 2 ? "return" : op[0] ? "throw" : "next"]) && !(t = t.call(y, op[1])).done) return t; if (y = 0, t) op = [0, t.value]; switch (op[0]) { case 0: case 1: t = op; break; case 4: _.label++; return { value: op[1], done: false }; case 5: _.label++; y = op[1]; op = [0]; continue; case 7: op = _.ops.pop(); _.trys.pop(); continue; default: if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } if (t[2]) _.ops.pop(); _.trys.pop(); continue; } op = body.call(thisArg, _); } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; } }; Object.defineProperty(exports, "__esModule", { value: true }); var const_1 = require("./const"); var crypto_1 = require("./crypto"); var util_1 = require("./util"); var publicExponents = [new Uint8Array([3]), new Uint8Array([1, 0, 1])]; var modulusLengths = [1024]; function GenerateKeys(algorithm) { return __awaiter(this, void 0, void 0, function () { var keys, _i, publicExponents_1, publicExponent, _a, modulusLengths_1, modulusLength, usages, message, keyPair, privateKeyIndex, publicKeyIndex, _b, HASH_ALGS_1, hash, alg, privateKey, publicKey, e_1; return __generator(this, function (_c) { switch (_c.label) { case 0: keys = []; _i = 0, publicExponents_1 = publicExponents; _c.label = 1; case 1: if (!(_i < publicExponents_1.length)) return [3 /*break*/, 15]; publicExponent = publicExponents_1[_i]; _a = 0, modulusLengths_1 = modulusLengths; _c.label = 2; case 2: if (!(_a < modulusLengths_1.length)) return [3 /*break*/, 14]; modulusLength = modulusLengths_1[_a]; usages = []; if (algorithm === "RSASSA-PKCS1-v1_5" || algorithm === "RSA-PSS") { usages.push("sign"); usages.push("verify"); } else if (algorithm === "RSA-OAEP") { usages.push("encrypt"); usages.push("decrypt"); } else { throw new Error("Unknown algorithm " + algorithm); } message = "" + const_1.SPACE + const_1.SPACE + "Generate " + algorithm + " " + modulusLength + " " + (publicExponent.length === 1 ? "3" : "65537"); _c.label = 3; case 3: _c.trys.push([3, 12, , 13]); return [4 /*yield*/, crypto_1.crypto.pkcs11.subtle.generateKey({ name: algorithm, hash: "SHA-256", publicExponent: publicExponent, modulusLength: modulusLength }, false, usages)]; case 4: keyPair = _c.sent(); return [4 /*yield*/, crypto_1.crypto.pkcs11.keyStorage.setItem(keyPair.privateKey)]; case 5: privateKeyIndex = _c.sent(); return [4 /*yield*/, crypto_1.crypto.pkcs11.keyStorage.setItem(keyPair.publicKey)]; case 6: publicKeyIndex = _c.sent(); _b = 0, HASH_ALGS_1 = const_1.HASH_ALGS; _c.label = 7; case 7: if (!(_b < HASH_ALGS_1.length)) return [3 /*break*/, 11]; hash = HASH_ALGS_1[_b]; alg = { name: algorithm, hash: hash }; return [4 /*yield*/, crypto_1.crypto.pkcs11.keyStorage.getItem(privateKeyIndex, alg, keyPair.privateKey.usages)]; case 8: privateKey = _c.sent(); return [4 /*yield*/, crypto_1.crypto.pkcs11.keyStorage.getItem(publicKeyIndex, alg, keyPair.publicKey.usages)]; case 9: publicKey = _c.sent(); keys.push({ privateKey: privateKey, publicKey: publicKey, }); console.log(message + " " + hash + ": Done"); _c.label = 10; case 10: _b++; return [3 /*break*/, 7]; case 11: return [3 /*break*/, 13]; case 12: e_1 = _c.sent(); // Cannot generate key console.log(message + ": " + e_1.message); return [3 /*break*/, 13]; case 13: _a++; return [3 /*break*/, 2]; case 14: _i++; return [3 /*break*/, 1]; case 15: return [2 /*return*/, keys]; } }); }); } function Sign(keys) { return __awaiter(this, void 0, void 0, function () { var _i, keys_1, keyPair, algorithm, message, signature, p11Verify, osslKey, osslVerify, err_1; return __generator(this, function (_a) { switch (_a.label) { case 0: _i = 0, keys_1 = keys; _a.label = 1; case 1: if (!(_i < keys_1.length)) return [3 /*break*/, 9]; keyPair = keys_1[_i]; if (!(keyPair.privateKey.algorithm.name === "RSASSA-PKCS1-v1_5" || keyPair.privateKey.algorithm.name === "RSA-PSS")) { return [3 /*break*/, 8]; } algorithm = keyPair.publicKey.algorithm; message = "" + const_1.SPACE + const_1.SPACE + "Sign/verify " + algorithm.name + " " + algorithm.modulusLength + " " + (algorithm.publicExponent.length === 1 ? "3" : "65537") + " " + algorithm.hash.name; _a.label = 2; case 2: _a.trys.push([2, 7, , 8]); return [4 /*yield*/, crypto_1.crypto.pkcs11.subtle.sign(algorithm, keyPair.privateKey, const_1.TEST_DATA)]; case 3: signature = _a.sent(); return [4 /*yield*/, crypto_1.crypto.pkcs11.subtle.verify(algorithm, keyPair.publicKey, signature, const_1.TEST_DATA)]; case 4: p11Verify = _a.sent(); if (!p11Verify) { console.log(message + ": Signature is invalid"); return [3 /*break*/, 8]; } return [4 /*yield*/, util_1.ConvertPublicKey(keyPair.publicKey, ["verify"])]; case 5: osslKey = _a.sent(); return [4 /*yield*/, crypto_1.crypto.ossl.subtle.verify(algorithm, osslKey, signature, const_1.TEST_DATA)]; case 6: osslVerify = _a.sent(); if (p11Verify === osslVerify) { console.log(message + ": Done"); } else { console.log(message + ": Signature has different value from OpenSSL"); } return [3 /*break*/, 8]; case 7: err_1 = _a.sent(); console.log(message + ": " + err_1.message); return [3 /*break*/, 8]; case 8: _i++; return [3 /*break*/, 1]; case 9: return [2 /*return*/]; } }); }); } function Derive() { } function TestRSA() { return __awaiter(this, void 0, void 0, function () { function GetIndex(key) { return __awaiter(this, void 0, void 0, function () { var index; return __generator(this, function (_a) { switch (_a.label) { case 0: return [4 /*yield*/, crypto_1.crypto.pkcs11.keyStorage.indexOf(key)]; case 1: index = _a.sent(); if (index && indexes.indexOf(index) === -1) { indexes.push(index); } return [2 /*return*/]; } }); }); } var algorithms, keys, _i, algorithms_1, algorithm, keys2, indexes, _a, keys_2, keyPair, _b, _c, indexes_1, index, err_2; return __generator(this, function (_d) { switch (_d.label) { case 0: algorithms = crypto_1.crypto.pkcs11.info.algorithms.filter(function (algorithm) { if (algorithm === "RSASSA-PKCS1-v1_5") { return true; } }); if (!algorithms.length) { return [2 /*return*/]; } console.log(const_1.SPACE + "RSA"); keys = []; _i = 0, algorithms_1 = algorithms; _d.label = 1; case 1: if (!(_i < algorithms_1.length)) return [3 /*break*/, 4]; algorithm = algorithms_1[_i]; return [4 /*yield*/, GenerateKeys(algorithm)]; case 2: keys2 = _d.sent(); keys = keys.concat(keys2); _d.label = 3; case 3: _i++; return [3 /*break*/, 1]; case 4: return [4 /*yield*/, Sign(keys)]; case 5: _d.sent(); indexes = []; _a = 0, keys_2 = keys; _d.label = 6; case 6: if (!(_a < keys_2.length)) return [3 /*break*/, 12]; keyPair = keys_2[_a]; _d.label = 7; case 7: _d.trys.push([7, 10, , 11]); return [4 /*yield*/, GetIndex(keyPair.privateKey)]; case 8: _d.sent(); return [4 /*yield*/, GetIndex(keyPair.publicKey)]; case 9: _d.sent(); return [3 /*break*/, 11]; case 10: _b = _d.sent(); return [3 /*break*/, 11]; case 11: _a++; return [3 /*break*/, 6]; case 12: _c = 0, indexes_1 = indexes; _d.label = 13; case 13: if (!(_c < indexes_1.length)) return [3 /*break*/, 18]; index = indexes_1[_c]; _d.label = 14; case 14: _d.trys.push([14, 16, , 17]); return [4 /*yield*/, crypto_1.crypto.pkcs11.keyStorage.removeItem(index)]; case 15: _d.sent(); return [3 /*break*/, 17]; case 16: err_2 = _d.sent(); return [3 /*break*/, 17]; case 17: _c++; return [3 /*break*/, 13]; case 18: return [2 /*return*/]; } }); }); } exports.TestRSA = TestRSA;