importAES.js
Summary
Example for importing and export an AES key. Requires V3.3, will fail for V3.0 to V3.2
Method Summary
|
static Object
|
sp80056c(crypto, keyval, derivparam)
|
var SmartCardHSM = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSM;
var SmartCardHSMInitializer = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMInitializer;
var DKEK = require('scsh/sc-hsm/DKEK').DKEK;
var SmartCardHSMKeySpecGenerator = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMKeySpecGenerator;
var HSMKeyStore = require("scsh/sc-hsm/HSMKeyStore").HSMKeyStore;
function sp80056c(crypto, keyval, derivparam) {
var salt = ByteString.valueOf(0, 32);
var key = new Key();
key.setComponent(Key.GENERIC, salt);
var kdk = crypto.sign(key, Crypto.HMAC_SHA256, keyval);
key.setComponent(Key.GENERIC, kdk);
var res = crypto.sign(key, Crypto.HMAC_SHA256, derivparam);
return res;
}
var aes = new Key();
aes.setComponent(Key.AES, new ByteString("00112233445566778899AABBCCDDEEFF", HEX));
var crypto = new Crypto();
var card = new Card(_scsh3.reader);
card.reset(Card.RESET_COLD);
var sc = new SmartCardHSM(card);
var ks = new HSMKeyStore(sc);
var sci = new SmartCardHSMInitializer(card);
sci.setKeyDomains(1);
sci.initialize();
sc.createDKEKKeyDomain(0, 1);
var share = new ByteString("0000000000000000000000000000000000000000000000000000000000000000", HEX);
sc.importKeyShare(0, share);
var dkek = new DKEK(crypto);
dkek.importDKEKShare(share);
var blob = dkek.encodeAESKey(aes);
dkek.dumpKeyBLOB(blob);
var key = ks.importAESKey("ImportedAESKey", blob, 128);
var iv = new ByteString("00000000000000000000000000000000", HEX);
var plain = new ByteString("00000000000000000000000000000000", HEX);
var ref = crypto.encrypt(aes, Crypto.AES_ECB, plain, iv);
var enc = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x10, plain, [0x9000]);
assert(enc.equals(ref), "Reference encryption does not match");
var clr = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x11, enc, [0x9000]);
assert(clr.equals(plain), "Reference decryption does not match");
var ref = crypto.sign(aes, Crypto.AES_CMAC, plain);
var cmac = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x18, enc, [0x9000]);
var plain = new ByteString("This is some very long text which is a multiple of 16 bytes for AES block size. ", ASCII);
var ref = crypto.encrypt(aes, Crypto.AES_CBC, plain, iv);
var enc = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x10, plain, [0x9000]);
assert(enc.equals(ref), "Reference encryption does not match");
var clr = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x11, enc, [0x9000]);
assert(clr.equals(plain), "Reference decryption does not match");
var ref = crypto.sign(aes, Crypto.AES_CMAC, plain);
var cmac = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x18, plain, [0x9000]);
assert(cmac.equals(ref));
var label = new ByteString("Label", ASCII);
var ref = sp80056c(crypto, aes.getComponent(Key.AES), label);
var sp800 = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x99, label, [0x9000]);
assert(sp800.equals(ref));
var spec = new SmartCardHSMKeySpecGenerator(Crypto.AES, 128);
spec.setAlgorithms(ByteString.valueOf(SmartCardHSM.ALG_DERIVE_SP800_56C).concat(ByteString.valueOf(SmartCardHSM.ALG_WRAP)));
spec.setKeyDomain(0);
var dskkeylabel = "AESKey";
ks.generateKey(dskkeylabel, spec);
var key = ks.getKey(dskkeylabel);
var blob = sc.wrapKey(key.getId());
dkek.dumpKeyBLOB(blob);
Documentation generated by
JSDoc on Sat Feb 24 15:17:19 2024