From 1bcaa4489118307294fff2f2e5299cb3faa213fe Mon Sep 17 00:00:00 2001 From: kubodera_yuichi Date: Wed, 6 Jan 2010 05:35:46 +0000 Subject: [PATCH] =?UTF-8?q?AES=E9=8D=B5=E3=82=A4=E3=83=B3=E3=83=9D?= =?UTF-8?q?=E3=83=BC=E3=83=88=E3=83=97=E3=83=AD=E3=82=B0=E3=83=A9=E3=83=A0?= =?UTF-8?q?=E3=81=8C=E5=8F=A4=E3=81=84=E3=81=BE=E3=81=BE=E3=81=A0=E3=81=A3?= =?UTF-8?q?=E3=81=9F=E3=81=AE=E3=81=A7=E3=80=81=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@143 ff987cc8-cf2f-4642-8568-d52cce064691 --- .../{import_common_key.c => import_aes_key.c} | 120 ++++++++---------- hsm_utils/import_ecdsa_keypair.c | 2 +- 2 files changed, 55 insertions(+), 67 deletions(-) rename hsm_utils/{import_common_key.c => import_aes_key.c} (81%) diff --git a/hsm_utils/import_common_key.c b/hsm_utils/import_aes_key.c similarity index 81% rename from hsm_utils/import_common_key.c rename to hsm_utils/import_aes_key.c index 7a85235..d092be2 100644 --- a/hsm_utils/import_common_key.c +++ b/hsm_utils/import_aes_key.c @@ -11,15 +11,19 @@ #include "rqcard-applic.h" #include "rqcard-fips.h" -//#include "ncthread-upcalls.h" -//#include "picky-upcalls.h" - #include "my_hsm_bignum.h" #include "my_hsm_alloc.h" #define MODULE_ID 1 #define DATA_LEN 256 // bytes +#define KEY_FILE "/opt/nfast/work/ctr_eFuse/hsm_utils/aes-key.der" +const NFKM_KeyIdent keyident = { (char*)"simple", (char*)"import-aes-key" }; + +//#define CARD_PROTECT +//#define EXPORT_KEY +//#define STRICT_FIPS + unsigned char aes_key_data[32]; typedef struct _NFast_Call_Context @@ -37,41 +41,10 @@ typedef struct NFast_Transaction_Context NFast_Transaction_Context; NFast_Transaction_Context tc; -static void *my_malloc( size_t nbytes, - struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); -static void *my_realloc( void *ptr, size_t nbytes, - struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); -static void my_free( void *ptr, - struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); - -const NFast_MallocUpcalls my_malloc_upcalls = -{ - my_malloc, my_realloc, my_free -}; - -static void *my_malloc( size_t nbytes, - struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ) -{ - return malloc( nbytes ); -} - -static void *my_realloc( void *ptr, size_t nbytes, - struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ) -{ - return realloc( ptr, nbytes ); -} - -static void my_free( void *ptr, - struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ) -{ - free( ptr ); -} - int main( int argc, char *argv[] ) { int i; int result = 0; - int rand_size = 80; NFast_AppHandle handle; NFastApp_Connection nc; @@ -81,25 +54,14 @@ int main( int argc, char *argv[] ) M_KeyID ltid; // the cardset loaded into the module M_KeyID keyid; NFKM_Key *keyinfo; - - if ( argc == 2 ) - rand_size = atoi( argv[1] ); - - // input aes key data - for ( i = 0; i < 32; i++ ) - aes_key_data[i] = i; + NFKM_CardSet *cardset = NULL; // init nFast - NFastAppInitArgs app_init_args; - memset( &app_init_args, 0, sizeof( app_init_args ) ); - app_init_args.flags = NFAPP_IF_MALLOC | NFAPP_IF_BIGNUM; - app_init_args.mallocupcalls = &my_malloc_upcalls; - app_init_args.bignumupcalls = &my_upcalls; - //app_init_args.newthreadupcalls = &newthread_upcalls; - result = NFastApp_InitEx( &handle, &app_init_args, NULL ); + result = NFastApp_InitEx( &handle, NULL, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFastApp_InitEx\n", result ); + return 0; } // connecting to hardserver @@ -107,6 +69,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFastApp_Connect\n", result ); + return 0; } // set bignum upcalls setting @@ -124,6 +87,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_getinfo\n", result ); + return 0; } // init card-loading lib @@ -131,6 +95,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : RQCard_init\n", result ); + return 0; } // init FIPS state @@ -138,6 +103,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : RQCard_fips_init\n", result ); + return 0; } // ui select @@ -146,16 +112,18 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : RQCard_ui_xxx\n", result ); + return 0; } // get strict-FIPS authorization -#if 0 +#ifdef STRICT_FIPS NFKM_FIPS140AuthHandle fipsHandle; M_SlotID slotId; result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId ); if ( result != Status_OK ) { printf( "error(%d) : RQCard_fips_get\n", result ); + return 0; } if ( fipsHandle == NULL ) { @@ -163,6 +131,7 @@ int main( int argc, char *argv[] ) } #endif +#ifdef CARD_PROTECT // list cardsets int card_num; NFKM_CardSetIdent *cardident = NULL; @@ -170,14 +139,15 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_listcardsets\n", result ); + return 0; } - + // find cardsets - NFKM_CardSet *cardset = NULL; result = NFKM_findcardset( handle, cardident, &cardset, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_findcardset\n", result ); + return 0; } // load cardset @@ -185,6 +155,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : RQCard_logic_ocs_specific\n", result ); + return 0; } // use specific module : #1 @@ -193,6 +164,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : RQCard_whichmodule_specific\n", result ); + return 0; } // wait event loop @@ -200,29 +172,35 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : card module event loop\n", result ); + return 0; } - +#endif + // get usable module NFKM_ModuleInfo *moduleinfo = world->modules[0]; result = NFKM_getusablemodule( world, MODULE_ID, &moduleinfo ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_getusablemodule\n", result ); + return 0; } // make ACL NFKM_MakeACLParams map; NFKM_MakeBlobsParams mbp; memset( &map, 0, sizeof( map ) ); - map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; - map.op_base = (NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY | - NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT ); + if ( cardset != NULL ) + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; + else + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule; + map.op_base = ( NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT ); map.cs = cardset; result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(tc.cmd.args.import.acl), NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); + return 0; } // import key @@ -236,6 +214,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); + return 0; } // make blobs @@ -255,16 +234,19 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_newkey_makeblobsx\n", result ); + return 0; } // record key to disk result = NFKM_recordkey( handle, ®_key, NULL ); - if ( result != Status_OK ) + if ( result != Status_OK ) { printf( "error(%d) : NFKM_recordkey\n", result ); + return 0; } - printf( "record key success?\n" ); + printf( "record key success : appname=%s, ident=%s\n", + keyident.appname, keyident.ident ); // destroy key result = NFKM_cmd_destroy( handle, nc, 0, tc.reply.reply.import.key, @@ -278,6 +260,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_listkeys\n", result ); + return 0; } NFKM_KeyIdent **tkp = &keylist; for ( i = 0; i < key_num; i++ ) @@ -287,11 +270,7 @@ int main( int argc, char *argv[] ) #endif // find key - NFKM_KeyIdent ki_v = { (char*)"custom", (char*)"aes-import-key" }; - - printf( "appname : %s, ident : %s\n", ki_v.appname, ki_v.ident ); - - result = NFKM_findkey( handle, ki_v, &keyinfo, NULL ); + result = NFKM_findkey( handle, keyident, &keyinfo, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_findkey\n", result ); @@ -312,9 +291,10 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_cmd_loadblob\n", result ); + return 0; } - printf( "key ID : %u\n", (unsigned int)keyid ); - + +#if 0 // get key info tc.cmd.cmd = Cmd_GetKeyInfo; tc.cmd.args.getkeyinfo.key = keyid; @@ -325,6 +305,7 @@ int main( int argc, char *argv[] ) } // if type == 30 then Rijndael(AES) printf( "keytype : %d\n", tc.reply.reply.getkeyinfo.type ); +#endif // encrypt & dectypt test { @@ -356,23 +337,26 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result ); + return 0; } result = tc.reply.status; if ( result != Status_OK ) { printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result ); + return 0; } enc_output.len = tc.reply.reply.encrypt.cipher.data.generic128.cipher.len; if ( enc_output.len != DATA_LEN ) { printf( "error : output data size isn't %d bytes(Cmd_Encrypt)\n", (int)enc_output.len ); + return 0; } enc_output.ptr = (unsigned char*)malloc( enc_output.len ); memcpy( enc_output.ptr, tc.reply.reply.encrypt.cipher.data.generic128.cipher.ptr, enc_output.len ); - printf( "encrypt ok\n" ); + printf( "encrypt ok.\n" ); dec_input.len = enc_output.len; dec_input.ptr = (unsigned char*)malloc( dec_input.len ); @@ -393,23 +377,26 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result ); + return 0; } result = tc.reply.status; if ( result != Status_OK ) { printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result ); + return 0; } dec_output.len = tc.reply.reply.decrypt.plain.data.bytes.data.len; if ( dec_output.len != DATA_LEN ) { printf( "error : output size isn't %d bytes(Cmd_Decrypt)\n", (int)enc_output.len ); + return 0; } dec_output.ptr = (unsigned char*)malloc( dec_output.len ); memcpy( dec_output.ptr, tc.reply.reply.decrypt.plain.data.bytes.data.ptr, dec_output.len ); - printf( "decrypt ok\n" ); + printf( "decrypt ok.\n" ); NFastApp_Free_Reply( handle, NULL, NULL, &(tc.reply) ); @@ -421,6 +408,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFastApp_Transact(Cmd_Destroy)\n", result ); + return 0; } NFastApp_Free_Reply( handle, NULL, NULL, &(tc.reply) ); diff --git a/hsm_utils/import_ecdsa_keypair.c b/hsm_utils/import_ecdsa_keypair.c index 85898f8..cdde51b 100644 --- a/hsm_utils/import_ecdsa_keypair.c +++ b/hsm_utils/import_ecdsa_keypair.c @@ -25,7 +25,7 @@ #include "my_hsm_alloc.h" #define PRIV_KEY_FILE "/opt/nfast/work/hoge/ctr_eFuse/dummyKey/dev/NintendoCTR2_priv_dummy.der" -#define PUB_KEY_FILE "/opt/nfast/work/hoge/ctr_eFuse/dummyKey/dev/NintendoCTR2_pub_dummy.der" +#define PUB_KEY_FILE "/opt/nfast/work/hoge/ctr_eFuse/dummyKey/dev/NintendoCTR2_pub_dummy.der" #define MODULE_ID 1 #define DATA_LEN 256 // bytes