mirror of
https://github.com/rvtr/ctr_eFuse.git
synced 2025-11-02 00:11:04 -04:00
hsm_utils:ECDSAキーペアの署名と検証が正しく行えることを確認
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@122 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi
parent
a6f8877d65
commit
3d427d2df7
@ -30,6 +30,8 @@
|
||||
#define MODULE_ID 1
|
||||
#define DATA_LEN 256 // bytes
|
||||
|
||||
#define SIGN_MECH Mech_ECDSAhSHA256
|
||||
|
||||
// ECDSA private key data
|
||||
typedef struct
|
||||
{
|
||||
@ -469,86 +471,81 @@ int verifyECDSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
||||
keyinfo = NULL;
|
||||
#endif
|
||||
|
||||
// encrypt & dectypt test
|
||||
// sign & verify test
|
||||
{
|
||||
unsigned char *beforePtr, *middlePtr, *afterPtr;
|
||||
int beforeLen, middleLen, afterLen;
|
||||
unsigned char *encPtr, *decPtr;
|
||||
struct NFast_Bignum *enc_bn, *dec_bn;
|
||||
M_Mech dec_mech;
|
||||
|
||||
beforePtr = middlePtr = afterPtr = NULL;
|
||||
beforeLen = middleLen = afterLen = 0;
|
||||
encPtr = decPtr = NULL;
|
||||
enc_bn = dec_bn = NULL;
|
||||
M_Hash32 hash;
|
||||
|
||||
// encrypt data setting
|
||||
beforeLen = DATA_LEN - 11;
|
||||
beforePtr = (unsigned char*)malloc( beforeLen );
|
||||
for ( i = 0; i < beforeLen; i++ )
|
||||
beforePtr[i] = ~i;
|
||||
my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen );
|
||||
struct NFast_Bignum *rBn, *sBn;
|
||||
unsigned char *rPtr, *sPtr;
|
||||
int rLen, sLen;
|
||||
|
||||
rBn = sBn = NULL;
|
||||
rPtr = sPtr = NULL;
|
||||
rLen = sLen = 0;
|
||||
|
||||
// hash data
|
||||
for ( i = 0; i < 32; i++ )
|
||||
hash.bytes[i] = i*2;
|
||||
#if 1
|
||||
PrintArray( (char*)"hash", hash.bytes, 32 );
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
// my_bignum2bin test
|
||||
unsigned char debug_buf[ DATA_LEN ];
|
||||
PrintArray( (char*)"beforePtr", beforePtr, DATA_LEN );
|
||||
printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" );
|
||||
my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn );
|
||||
PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN );
|
||||
#endif
|
||||
|
||||
// encrypt transact
|
||||
cmd.cmd = Cmd_Encrypt;
|
||||
cmd.args.encrypt.flags = 0; // Cmd_Encrypt_Args_flags_given_iv_present;
|
||||
cmd.args.encrypt.key = pub_keyid;
|
||||
cmd.args.encrypt.mech = Mech_RSApPKCS1;
|
||||
cmd.args.encrypt.plain.type = PlainTextType_Bignum;
|
||||
cmd.args.encrypt.plain.data.bignum.m = enc_bn;
|
||||
//cmd.args.encrypt.given_iv = NULL;
|
||||
// sign transact
|
||||
cmd.cmd = Cmd_Sign;
|
||||
cmd.args.sign.flags = 0; // Cmd_Sign_Args_flags_given_iv_present;
|
||||
cmd.args.sign.key = priv_keyid;
|
||||
cmd.args.sign.mech = SIGN_MECH;
|
||||
cmd.args.sign.plain.type = PlainTextType_Hash32;
|
||||
cmd.args.sign.plain.data.hash32.data = hash;
|
||||
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result );
|
||||
printf( "error(%d) : FastApp_Transact(Cmd_Sign)\n", result );
|
||||
return 1;
|
||||
}
|
||||
result = reply.status;
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result );
|
||||
printf( "error(%d) : reply.status(Cmd_Sign)\n", result );
|
||||
return 1;
|
||||
}
|
||||
#if 0
|
||||
if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes )
|
||||
if ( SIGN_MECH != reply.reply.sign.sig.mech )
|
||||
{
|
||||
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
|
||||
printf( "error : reply mech isn't match %d!\n", SIGN_MECH );
|
||||
return 1;
|
||||
}
|
||||
printf( "ECDSAhSHA256 sign ok\n" );
|
||||
|
||||
// signature bignum -> bin
|
||||
printf ( "sig mech : %d\n", reply.reply.sign.sig.mech );
|
||||
rLen = reply.reply.sign.sig.data.ecdsa.r->nbytes;
|
||||
rPtr = (unsigned char*)malloc( rLen );
|
||||
my_bignum2bin ( rPtr, rLen, handle, reply.reply.sign.sig.data.ecdsa.r );
|
||||
sLen = reply.reply.sign.sig.data.ecdsa.s->nbytes;
|
||||
sPtr = (unsigned char*)malloc( sLen );
|
||||
my_bignum2bin ( sPtr, sLen, handle, reply.reply.sign.sig.data.ecdsa.s );
|
||||
my_bignumCopy( &rBn, reply.reply.sign.sig.data.ecdsa.r, handle );
|
||||
my_bignumCopy( &sBn, reply.reply.sign.sig.data.ecdsa.s, handle );
|
||||
#if 1
|
||||
PrintArray( (char*)"sig r", rPtr, rLen );
|
||||
PrintArray( (char*)"sig s", sPtr, sLen );
|
||||
#endif
|
||||
|
||||
printf( "RSA data encrypt ok\n" );
|
||||
|
||||
// decrypt data setting
|
||||
middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
|
||||
middlePtr = (unsigned char*)malloc( middleLen );
|
||||
my_bignum2bin( middlePtr, middleLen, handle,
|
||||
reply.reply.encrypt.cipher.data.rsappkcs1.m );
|
||||
my_bin2bignum( &dec_bn, handle, middlePtr, middleLen );
|
||||
dec_mech = reply.reply.encrypt.cipher.mech;
|
||||
|
||||
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
|
||||
|
||||
//NFastApp_Free_Command( handle, NULL, NULL, &cmd );
|
||||
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
// decrypt transact
|
||||
cmd.cmd = Cmd_Decrypt;
|
||||
cmd.args.decrypt.flags = 0;
|
||||
cmd.args.decrypt.key = priv_keyid;
|
||||
cmd.args.decrypt.mech = Mech_RSApPKCS1;
|
||||
cmd.args.decrypt.cipher.mech = dec_mech;
|
||||
cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
|
||||
cmd.args.decrypt.reply_type = PlainTextType_Bignum;
|
||||
// verify transact
|
||||
cmd.cmd = Cmd_Verify;
|
||||
cmd.args.verify.flags = 0;
|
||||
cmd.args.verify.key = pub_keyid;
|
||||
cmd.args.verify.mech = SIGN_MECH;
|
||||
cmd.args.verify.plain.type = PlainTextType_Hash32;
|
||||
cmd.args.verify.plain.data.hash32.data = hash;
|
||||
cmd.args.verify.sig.mech = SIGN_MECH;
|
||||
cmd.args.verify.sig.data.ecdsa.r = rBn;
|
||||
cmd.args.verify.sig.data.ecdsa.s = sBn;
|
||||
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
@ -561,29 +558,11 @@ int verifyECDSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
||||
printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
|
||||
return 1;
|
||||
}
|
||||
#if 0
|
||||
if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes )
|
||||
{
|
||||
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
printf( "RSA data decrypt ok\n" );
|
||||
|
||||
// after
|
||||
afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
|
||||
afterPtr = (unsigned char*)malloc( afterLen );
|
||||
my_bignum2bin( afterPtr, afterLen, handle,
|
||||
reply.reply.decrypt.plain.data.bignum.m );
|
||||
printf( "ECDSAhSHA256 verify ok\n" );
|
||||
|
||||
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
|
||||
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
|
||||
|
||||
// data show
|
||||
PrintArray( (char*)"before", beforePtr, beforeLen );
|
||||
PrintArray( (char*)"middle", middlePtr, middleLen );
|
||||
PrintArray( (char*)"after", afterPtr, afterLen );
|
||||
} // encrypt & decrypt
|
||||
|
||||
return result;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user