importAES.js

Summary

Example for importing and export an AES key. Requires V3.3, will fail for V3.0 to V3.2


Method Summary
static Object sp80056c(crypto, keyval, derivparam)
          

/**
 *  ---------
 * |.##> <##.|  SmartCard-HSM Support Scripts
 * |#       #|
 * |#       #|  Copyright (c) 2011-2015 CardContact Software & System Consulting
 * |'##> <##'|  Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de)
 *  ---------
 *
 * Consult your license package for usage terms and conditions.
 *
 * @fileoverview Example for importing and export an AES key. Requires V3.3, will fail for V3.0 to V3.2
 */

var SmartCardHSM = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSM;
var SmartCardHSMInitializer = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMInitializer;
var DKEK = require('scsh/sc-hsm/DKEK').DKEK;
var SmartCardHSMKeySpecGenerator = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMKeySpecGenerator;
var HSMKeyStore = require("scsh/sc-hsm/HSMKeyStore").HSMKeyStore;



function sp80056c(crypto, keyval, derivparam) {
	var salt = ByteString.valueOf(0, 32);
	var key = new Key();
	key.setComponent(Key.GENERIC, salt);
	var kdk = crypto.sign(key, Crypto.HMAC_SHA256, keyval);
	key.setComponent(Key.GENERIC, kdk);
	var res = crypto.sign(key, Crypto.HMAC_SHA256, derivparam);
	return res;
}



var aes = new Key();
aes.setComponent(Key.AES, new ByteString("00112233445566778899AABBCCDDEEFF", HEX));

// Use default crypto provider
var crypto = new Crypto();

// Create card access object
var card = new Card(_scsh3.reader);

card.reset(Card.RESET_COLD);

// Create SmartCard-HSM card service
var sc = new SmartCardHSM(card);

// Attach key store
var ks = new HSMKeyStore(sc);

// Initialize with key domain
var sci = new SmartCardHSMInitializer(card);
sci.setKeyDomains(1);
sci.initialize();

// Create DKEK domain with 00.00 DKEK
sc.createDKEKKeyDomain(0, 1);
var share = new ByteString("0000000000000000000000000000000000000000000000000000000000000000", HEX);
sc.importKeyShare(0, share);

// Create DKEK encoder and import share
var dkek = new DKEK(crypto);
dkek.importDKEKShare(share);

// Encode AES key into blob
var blob = dkek.encodeAESKey(aes);
dkek.dumpKeyBLOB(blob);

var key = ks.importAESKey("ImportedAESKey", blob, 128);


var iv = new ByteString("00000000000000000000000000000000", HEX);
var plain = new ByteString("00000000000000000000000000000000", HEX);

var ref = crypto.encrypt(aes, Crypto.AES_ECB, plain, iv);
var enc = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x10, plain, [0x9000]);

assert(enc.equals(ref), "Reference encryption does not match");

var clr = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x11, enc, [0x9000]);

assert(clr.equals(plain), "Reference decryption does not match");

var ref = crypto.sign(aes, Crypto.AES_CMAC, plain);
var cmac = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x18, enc, [0x9000]);


var plain = new ByteString("This is some very long text which is a multiple of 16 bytes for AES block size. ", ASCII);

var ref = crypto.encrypt(aes, Crypto.AES_CBC, plain, iv);
var enc = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x10, plain, [0x9000]);

assert(enc.equals(ref), "Reference encryption does not match");

var clr = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x11, enc, [0x9000]);

assert(clr.equals(plain), "Reference decryption does not match");


var ref = crypto.sign(aes, Crypto.AES_CMAC, plain);
var cmac = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x18, plain, [0x9000]);

assert(cmac.equals(ref));


var label = new ByteString("Label", ASCII);

var ref = sp80056c(crypto, aes.getComponent(Key.AES), label);
var sp800 = sc.card.sendApdu(0x80, 0x78, key.getId(), 0x99, label, [0x9000]);

assert(sp800.equals(ref));


// Export AES key
var spec = new SmartCardHSMKeySpecGenerator(Crypto.AES, 128);
spec.setAlgorithms(ByteString.valueOf(SmartCardHSM.ALG_DERIVE_SP800_56C).concat(ByteString.valueOf(SmartCardHSM.ALG_WRAP)));
spec.setKeyDomain(0);

var dskkeylabel = "AESKey";

ks.generateKey(dskkeylabel, spec);
var key = ks.getKey(dskkeylabel);

var blob = sc.wrapKey(key.getId());

dkek.dumpKeyBLOB(blob);


Documentation generated by JSDoc on Sat Feb 24 15:17:19 2024