From 3d427d2df7669e566970182d594988617c507686 Mon Sep 17 00:00:00 2001
From: kubodera_yuichi <kubodera_yuichi@ff987cc8-cf2f-4642-8568-d52cce064691>
Date: Tue, 29 Dec 2009 01:55:43 +0000
Subject: [PATCH] =?UTF-8?q?hsm=5Futils:ECDSA=E3=82=AD=E3=83=BC=E3=83=9A?=
 =?UTF-8?q?=E3=82=A2=E3=81=AE=E7=BD=B2=E5=90=8D=E3=81=A8=E6=A4=9C=E8=A8=BC?=
 =?UTF-8?q?=E3=81=8C=E6=AD=A3=E3=81=97=E3=81=8F=E8=A1=8C=E3=81=88=E3=82=8B?=
 =?UTF-8?q?=E3=81=93=E3=81=A8=E3=82=92=E7=A2=BA=E8=AA=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@122 ff987cc8-cf2f-4642-8568-d52cce064691
---
 hsm_utils/import_ecdsa_keypair.c | 135 +++++++++++++------------------
 1 file changed, 57 insertions(+), 78 deletions(-)

diff --git a/hsm_utils/import_ecdsa_keypair.c b/hsm_utils/import_ecdsa_keypair.c
index ec13c64..b480199 100644
--- a/hsm_utils/import_ecdsa_keypair.c
+++ b/hsm_utils/import_ecdsa_keypair.c
@@ -30,6 +30,8 @@
 #define MODULE_ID		1
 #define DATA_LEN		256	// bytes
 
+#define SIGN_MECH		Mech_ECDSAhSHA256
+
 // ECDSA private key data
 typedef struct
 {
@@ -469,86 +471,81 @@ int verifyECDSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
 	keyinfo = NULL;
 #endif
 
-	// encrypt & dectypt test
+	// sign & verify test
 	{
-		unsigned char *beforePtr, *middlePtr, *afterPtr;
-		int beforeLen, middleLen, afterLen;
-		unsigned char *encPtr, *decPtr;
-		struct NFast_Bignum *enc_bn, *dec_bn;
-		M_Mech dec_mech;
-				
-		beforePtr = middlePtr = afterPtr = NULL;
-		beforeLen = middleLen = afterLen = 0;
-		encPtr = decPtr = NULL;
-		enc_bn = dec_bn = NULL;
+		M_Hash32 hash;
 		
-		// encrypt data setting
-		beforeLen = DATA_LEN - 11;
-		beforePtr = (unsigned char*)malloc( beforeLen );
-		for ( i = 0; i < beforeLen; i++ )
-			beforePtr[i] = ~i;
-		my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen );
+		struct NFast_Bignum *rBn, *sBn;
+		unsigned char *rPtr, *sPtr;
+		int rLen, sLen;
+		
+		rBn = sBn = NULL;
+		rPtr = sPtr = NULL;
+		rLen = sLen = 0;
+	
+		// hash data
+		for ( i = 0; i < 32; i++ )
+			hash.bytes[i] = i*2;
+#if 1
+		PrintArray( (char*)"hash", hash.bytes, 32 );
+#endif
 
-#if 0
-		// my_bignum2bin test
-		unsigned char debug_buf[ DATA_LEN ];
-		PrintArray( (char*)"beforePtr", beforePtr, DATA_LEN );
-		printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" );
-		my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn );
-		PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN );
-#endif 
-		
-		// encrypt transact
-		cmd.cmd = Cmd_Encrypt;
-		cmd.args.encrypt.flags = 0;	// Cmd_Encrypt_Args_flags_given_iv_present;
-		cmd.args.encrypt.key = pub_keyid;
-		cmd.args.encrypt.mech = Mech_RSApPKCS1;
-		cmd.args.encrypt.plain.type = PlainTextType_Bignum;
-		cmd.args.encrypt.plain.data.bignum.m = enc_bn;
-		//cmd.args.encrypt.given_iv = NULL;
+		// sign transact
+		cmd.cmd = Cmd_Sign;
+		cmd.args.sign.flags = 0;	// Cmd_Sign_Args_flags_given_iv_present;
+		cmd.args.sign.key = priv_keyid;
+		cmd.args.sign.mech = SIGN_MECH;
+		cmd.args.sign.plain.type = PlainTextType_Hash32;
+		cmd.args.sign.plain.data.hash32.data = hash;	
 		result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
 		if ( result != Status_OK )
 		{	
-			printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result );
+			printf( "error(%d) : FastApp_Transact(Cmd_Sign)\n", result );
 			return 1;
 		}
 		result = reply.status;
 		if ( result != Status_OK )
 		{	
-			printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result );
+			printf( "error(%d) : reply.status(Cmd_Sign)\n", result );
 			return 1;
 		}
-#if 0
-		if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes )
+		if ( SIGN_MECH != reply.reply.sign.sig.mech )
 		{
-			printf( "error : output size isn't %d bytes!\n", DATA_LEN );
+			printf( "error : reply mech isn't match %d!\n", SIGN_MECH );
 			return 1;
 		}
+		printf( "ECDSAhSHA256 sign ok\n" );
+		
+		// signature bignum -> bin
+		printf ( "sig mech : %d\n", reply.reply.sign.sig.mech );
+		rLen = reply.reply.sign.sig.data.ecdsa.r->nbytes;
+		rPtr = (unsigned char*)malloc( rLen );
+		my_bignum2bin ( rPtr, rLen, handle, reply.reply.sign.sig.data.ecdsa.r );
+		sLen = reply.reply.sign.sig.data.ecdsa.s->nbytes;
+		sPtr = (unsigned char*)malloc( sLen );
+		my_bignum2bin ( sPtr, sLen, handle, reply.reply.sign.sig.data.ecdsa.s );
+		my_bignumCopy( &rBn, reply.reply.sign.sig.data.ecdsa.r, handle );
+		my_bignumCopy( &sBn, reply.reply.sign.sig.data.ecdsa.s, handle );
+#if 1
+		PrintArray( (char*)"sig r", rPtr, rLen );
+		PrintArray( (char*)"sig s", sPtr, sLen );
 #endif
-		
-		printf( "RSA data encrypt ok\n" );
-		
-		// decrypt data setting
-		middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
-		middlePtr = (unsigned char*)malloc( middleLen );
-		my_bignum2bin( middlePtr, middleLen, handle,
-					reply.reply.encrypt.cipher.data.rsappkcs1.m );
-		my_bin2bignum( &dec_bn, handle, middlePtr, middleLen );		
-		dec_mech = reply.reply.encrypt.cipher.mech;
-				
-		NFastApp_Free_Command( handle, NULL, NULL, &cmd );
+								
+		//NFastApp_Free_Command( handle, NULL, NULL, &cmd );
 		NFastApp_Free_Reply( handle, NULL, NULL, &reply );
 		memset( &cmd, 0, sizeof( cmd ) );
 		memset( &reply, 0, sizeof( reply ) );
 
-		// decrypt transact
-		cmd.cmd = Cmd_Decrypt;
-		cmd.args.decrypt.flags = 0;
-		cmd.args.decrypt.key = priv_keyid;
-		cmd.args.decrypt.mech = Mech_RSApPKCS1;
-		cmd.args.decrypt.cipher.mech = dec_mech;
-		cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
-		cmd.args.decrypt.reply_type = PlainTextType_Bignum;
+		// verify transact
+		cmd.cmd = Cmd_Verify;
+		cmd.args.verify.flags = 0;
+		cmd.args.verify.key = pub_keyid;
+		cmd.args.verify.mech = SIGN_MECH;
+		cmd.args.verify.plain.type = PlainTextType_Hash32;
+		cmd.args.verify.plain.data.hash32.data = hash;
+		cmd.args.verify.sig.mech = SIGN_MECH;
+		cmd.args.verify.sig.data.ecdsa.r = rBn;
+		cmd.args.verify.sig.data.ecdsa.s = sBn;
 		result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
 		if ( result != Status_OK )
 		{	
@@ -561,29 +558,11 @@ int verifyECDSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
 			printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
 			return 1;
 		}
-#if 0
-		if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes )
-		{
-			printf( "error : output size isn't %d bytes!\n", DATA_LEN );
-			return 1;
-		}
-#endif
 		
-		printf( "RSA data decrypt ok\n" );
-		
-		// after
-		afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
-		afterPtr = (unsigned char*)malloc( afterLen );
-		my_bignum2bin( afterPtr, afterLen, handle,
-					reply.reply.decrypt.plain.data.bignum.m );
+		printf( "ECDSAhSHA256 verify ok\n" );
 		
 		NFastApp_Free_Command( handle, NULL, NULL, &cmd );
 		NFastApp_Free_Reply( handle, NULL, NULL, &reply );
-								
-		// data show
-		PrintArray( (char*)"before", beforePtr, beforeLen );
-		PrintArray( (char*)"middle", middlePtr, middleLen );
-		PrintArray( (char*)"after", afterPtr, afterLen );
 	}	// encrypt & decrypt
 		
 	return result;