graphene-pk11 - npm Package Compare versions

Comparing version 2.0.20 to 2.0.21

package.json

 {
   "name": "graphene-pk11",
-  "version": "2.0.20",
+  "version": "2.0.21",
   "description": "A simple layer for interacting with PKCS #11 / PKCS11 / CryptoKI for Node in TypeScript",
@@ -5,0 +5,0 @@ "main": "./build/graphene.js",

README.md

@@ -25,3 +25,3 @@ # Graphene
 
-```
+```javascript
 var graphene = require("graphene-pk11");
@@ -63,3 +63,3 @@ var Module = graphene.Module;
 Load module
-```
+```javascript
 // file.js
@@ -524,2 +524,44 @@ var graphene = require("graphene-pk11");
 
+### Adding x509 certificate
+
+```javascript
+const graphene = require("graphene-pk11");
+
+const mod = graphene.Module.load("/usr/local/lib/softhsm/libsofthsm2.so", "SoftHSM");
+
+mod.initialize();
+
+try {
+    const slot = mod.getSlots(0);
+    const session = slot.open(2 | 4)
+    session.login("password");
+
+    const template = {
+        class: graphene.ObjectClass.CERTIFICATE,
+        certType: graphene.CertificateType.X_509,
+        private: false,
+        token: false,
+        id: new Buffer([1, 2, 3, 4, 5]), // Should be the same as Private/Public key has
+        label: "My certificate",
+        subject: new Buffer("3034310B300906035504...", "hex"),
+        value: new Buffer("308203A830820290A003...", "hex"),
+    };
+
+    const objCert = session.create(template).toType();
+
+    console.log("Certificate: created\n");
+    console.log("Certificate info:\n===========================");
+    console.log("Handle:", objCert.handle.toString("hex"));
+    console.log("ID:", objCert.id.toString("hex"));
+    console.log("Label:", objCert.label);
+    console.log("category:", graphene.CertificateCategory[objCert.category]);
+    console.log("Subject:", objCert.subject.toString("hex"));
+    console.log("Value:", objCert.value.toString("hex"));
+} catch (err) {
+    console.error(err);
+}
+
+mod.finalize();
+```
+
 ## Developing
@@ -539,3 +581,3 @@ Use npm command to publish graphene-pk11 module
 * Add tests to the library
-* Add additional capabilities to CLI (device initialization, file signing, file encrption, etc)
+* Add additional capabilities to CLI (device initialization, file signing, file encryption, etc)
 
@@ -542,0 +584,0 @@ ## Related

src/core.ts

@@ -7,2 +7,15 @@ export * from "./core/object";
 
-export declare type CryptoData = string | Buffer;
+export declare type CryptoData = string | Buffer;
+
+export function removePadding(text: string) {
+    return text.replace(/\0.*/g, "").trim();
+}
+
+export function getPKCS11ErrorCode(error: Error) {
+    const regex = /^\w+:(\d+)/i;
+    const res = regex.exec(error.message);
+    if (res) {
+        return parseInt(res[1], 10);
+    }
+    return -1;
+}

src/crypto/verify.ts

 import * as pkcs11 from "pkcs11js";
 import * as core from "../core";
-import {Session} from "../session";
-import {Key} from "../object";
-import {Mechanism, MechanismType} from "../mech";
+import { Session } from "../session";
+import { Key } from "../object";
+import { Mechanism, MechanismType } from "../mech";
 
+const INVALID = 192;
+
 export class Verify extends core.BaseObject {
@@ -39,3 +41,10 @@
     final(signature: Buffer): boolean {
-        let res = this.lib.C_VerifyFinal(this.session.handle, signature);
+        let res = false;
+        try {
+            res = this.lib.C_VerifyFinal(this.session.handle, signature);
+        } catch (err) {
+            if (core.getPKCS11ErrorCode(err) !== INVALID) {
+                throw err;
+            }
+        }
         return res;
@@ -45,12 +54,27 @@ }
     once(data: core.CryptoData, signature: Buffer): boolean;
-    once(data: core.CryptoData, signature: Buffer, cb: (error: Error, valid: boolean) => void): void;
-    once(data: core.CryptoData, signature: Buffer, cb?: (error: Error, valid: boolean) => void): any {
+    once(data: core.CryptoData, signature: Buffer, cb: (error: Error | null, valid: boolean) => void): void;
+    once(data: core.CryptoData, signature: Buffer, cb?: (error: Error | null, valid: boolean) => void): any {
         let _data = new Buffer(data as string);
         if (cb) {
-            this.lib.C_Verify(this.session.handle, _data, signature, cb);
+            this.lib.C_Verify(this.session.handle, _data, signature, (err, data) => {
+                if (err && core.getPKCS11ErrorCode(err) === INVALID) {
+                    cb(null, false);
+                } else {
+                    cb(err, data);
+                }
+            });
         }
-        else
-            return this.lib.C_Verify(this.session.handle, _data, signature);
+        else {
+            let res = false;
+            try {
+                res = this.lib.C_Verify(this.session.handle, _data, signature);
+            } catch (err) {
+                if (core.getPKCS11ErrorCode(err) !== INVALID) {
+                    throw err;
+                }
+            }
+            return res;
+        }
     }
 
 }

src/module.ts

@@ -43,4 +43,4 @@ import * as pkcs11 from "pkcs11js";
         this.cryptokiVersion = info.cryptokiVersion;
-        this.manufacturerID = info.manufacturerID.trim();
-        this.libraryDescription = info.libraryDescription.trim();
+        this.manufacturerID = core.removePadding(info.manufacturerID);
+        this.libraryDescription = core.removePadding(info.libraryDescription);
         this.flags = info.flags;
@@ -47,0 +47,0 @@ this.libraryVersion = info.libraryVersion;

src/slot.ts

@@ -48,4 +48,4 @@ import * as pkcs11 from "pkcs11js";
 
-        this.slotDescription = info.slotDescription.trim();
-        this.manufacturerID = info.manufacturerID.trim();
+        this.slotDescription = core.removePadding(info.slotDescription);
+        this.manufacturerID = core.removePadding(info.manufacturerID);
         this.flags = info.flags;
@@ -52,0 +52,0 @@ this.hardwareVersion = info.hardwareVersion;

src/token.ts

@@ -121,6 +121,6 @@ import * as pkcs11 from "pkcs11js";
         let info = this.lib.C_GetTokenInfo(this.handle);
-        this.label = info.label.trim();
-        this.manufacturerID = info.manufacturerID.toString().trim();
-        this.model = info.model.trim();
-        this.serialNumber = new Buffer(info.serialNumber).toString().trim();
+        this.label = core.removePadding(info.label);
+        this.manufacturerID = core.removePadding(info.manufacturerID);
+        this.model = core.removePadding(info.model);
+        this.serialNumber = core.removePadding(new Buffer(info.serialNumber).toString());
         this.flags = info.flags;
@@ -127,0 +127,0 @@ this.maxSessionCount = info.maxSessionCount;

test/rsa.js

@@ -24,3 +24,3 @@ var assert = require('assert');
     }
-    
+
     function isThalesNShield() {
@@ -78,5 +78,3 @@ return test_manufacturer("nCipher Corp. Ltd");
         verify = session.createVerify(alg, _key.publicKey);
-        assert.throws(function () {
-            verify.once(MSG_WRONG, sig)
-        });
+        assert.equal(verify.once(MSG_WRONG, sig), false);
     }
@@ -147,5 +145,5 @@
     it("OAEP encrypt/decrypt default SHA-1", function () {
-        if (isSoftHSM()) return;
-        test_encrypt_decrypt(keys, { name: "RSA_PKCS_OAEP", params: new graphene.RsaOaepParams() })
-    });
+            if (isSoftHSM()) return;
+            test_encrypt_decrypt(keys, { name: "RSA_PKCS_OAEP", params: new graphene.RsaOaepParams() })
+        });
 
@@ -202,31 +200,43 @@ it("OAEP encrypt/decrypt SHA-1", function () {
     it("RSA PSS sign/verify default", function () {
-        test_sign_verify(keys, { name: "SHA1_RSA_PKCS_PSS", 
-          params: new graphene.RsaPssParams() });
+        test_sign_verify(keys, {
+            name: "SHA1_RSA_PKCS_PSS",
+            params: new graphene.RsaPssParams()
+        });
     });
 
     it("RSA PSS sign/verify SHA1", function () {
-        test_sign_verify(keys, { name: "SHA1_RSA_PKCS_PSS",
-          params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA1, graphene.RsaMgf.MGF1_SHA1, 20) });
+        test_sign_verify(keys, {
+            name: "SHA1_RSA_PKCS_PSS",
+            params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA1, graphene.RsaMgf.MGF1_SHA1, 20)
+        });
     });
 
     it("RSA PSS sign/verify SHA224", function () {
-        test_sign_verify(keys, { name: "SHA224_RSA_PKCS_PSS",
-          params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA224, graphene.RsaMgf.MGF1_SHA224, saltLen = 28) });
+        test_sign_verify(keys, {
+            name: "SHA224_RSA_PKCS_PSS",
+            params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA224, graphene.RsaMgf.MGF1_SHA224, saltLen = 28)
+        });
     });
 
     it("RSA PSS sign/verify SHA256", function () {
-        test_sign_verify(keys, { name: "SHA256_RSA_PKCS_PSS",
-          params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA256, graphene.RsaMgf.MGF1_SHA256, 32) });
+        test_sign_verify(keys, {
+            name: "SHA256_RSA_PKCS_PSS",
+            params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA256, graphene.RsaMgf.MGF1_SHA256, 32)
+        });
     });
 
     it("RSA PSS sign/verify SHA384", function () {
-        test_sign_verify(keys, { name: "SHA384_RSA_PKCS_PSS",
-          params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA384, graphene.RsaMgf.MGF1_SHA384, 48) });
+        test_sign_verify(keys, {
+            name: "SHA384_RSA_PKCS_PSS",
+            params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA384, graphene.RsaMgf.MGF1_SHA384, 48)
+        });
     });
 
     it("RSA PSS sign/verify SHA512", function () {
-        test_sign_verify(keys, { name: "SHA512_RSA_PKCS_PSS",
-          params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA512, graphene.RsaMgf.MGF1_SHA512, 64) });
+        test_sign_verify(keys, {
+            name: "SHA512_RSA_PKCS_PSS",
+            params: new graphene.RsaPssParams(graphene.MechanismEnum.SHA512, graphene.RsaMgf.MGF1_SHA512, 64)
+        });
     });
 
 })

No alert changes

Improved metrics

Total package byte prevSize

325269

increased by0.77%

Lines of code

7264

increased by0.61%

Number of lines in readme file

602

increased by7.5%

No dependency changes