hsm_utils:ECDSAキーペアインポート成功(署名と検証はこれから)

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@121 ff987cc8-cf2f-4642-8568-d52cce064691
2025-11-02 00:11:04 -04:00 · 2009-12-29 00:43:26 +00:00 · 2009-12-29 00:43:26 +00:00 · a6f8877d65
commit a6f8877d65
parent 6c5c5c99db
1 changed files with 20 additions and 21 deletions
--- a/hsm_utils/import_ecdsa_keypair.c
+++ b/hsm_utils/import_ecdsa_keypair.c
@ -10,7 +10,8 @@
 #include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/sha.h>
-#include <openssl/rsa.h>
+#include <openssl/ec.h>
+#include "ec_lcl.h"
 #include <openssl/x509.h>
 #include <openssl/aes.h>
 #include <openssl/pem.h>
@ -20,13 +21,11 @@
 #include "rqcard-applic.h"
 #include "rqcard-fips.h"

-//#include "picky-upcalls.h"
-
 #include "my_hsm_bignum.h"
 #include "my_hsm_alloc.h"

-#define PRIV_KEY_FILE		"./test-ecdsa-privkey.der"
-#define PUB_KEY_FILE		"./test-ecdsa-pubkey.der"
+#define PRIV_KEY_FILE		"./test_key/test-ecdsa-privkey.der"
+#define PUB_KEY_FILE		"./test_key/test-ecdsa-pubkey.der"

 #define MODULE_ID		1
 #define DATA_LEN		256	// bytes
@ -105,13 +104,13 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
 	}
 	fclose( fp );

-#if 1
+#if 0
 	printf( "\nEC(d) = " );
 	BN_print_fp( stdout, privkey->priv_key );
 	printf( "\n" );
 #endif

-#if 1
+#if 0
 	printf( "EC bignum(Openssl) size\n" );
 	printf( "EC(d)    : %d bytes\n", BN_num_bytes( privkey->priv_key ) );
 #endif
@ -121,14 +120,14 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
 		// d
 		dLen = BN_num_bytes( privkey->priv_key );
 		dPtr = (unsigned char *)malloc( dLen );
-		if ( pLen != BN_bn2bin( privkey->priv_key, dPtr ) )
+		if ( dLen != BN_bn2bin( privkey->priv_key, dPtr ) )
 		{
 			printf( "BN_bn2bin failed!(d)\n" );
 			return 1;
 		}
 	}	// ec bignum(openssl) -> bin

-#if 1
+#if 0
 	printf( "EC bin addr\n" );
 	printf( "EC(d)    : 0x%08X\n", (unsigned int)dPtr );
 #endif
@ -139,11 +138,11 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
 		free( dPtr );
 	}

-#if 1
+#if 0
 	my_printbignum ( stdout, "EC(d)", privBn.d );
 #endif

-#if 1
+#if 0
 	printf( "EC bn addr\n" );
 	printf( "EC(d)    : 0x%08X\n", (unsigned int)privBn.d );
 #endif
@ -155,7 +154,7 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
 		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule;
 	// 秘密鍵には DECRYPT と SIGN
 	// 公開鍵には ENCRYPT と VERIFY しかセットできない？？
-	map.op_base = NFKM_DEFOPPERMS_DECRYPT | NFKM_DEFOPPERMS_SIGN;
+	map.op_base = NFKM_DEFOPPERMS_SIGN;	// ECDSA priv key : sign only
 	map.cs = cardset;
 	result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL );
 	if ( result != Status_OK )
@ -168,8 +167,8 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
 	cmd.cmd = Cmd_Import;
 	cmd.args.import.module = MODULE_ID;
 	cmd.args.import.data.type = KeyType_ECDSAPrivate;
-	cmd.args.import.data.data.ecdsaprivate.curve.name = ECName_NISTB233;	// 名前を指定することで
-	cmd.args.import.data.data.ecdsaprivate.d = privBn.d;	// d だけ設定すれば良い
+	cmd.args.import.data.data.ecprivate.curve.name = ECName_NISTB233;	// 名前を指定することで
+	cmd.args.import.data.data.ecprivate.d = privBn.d;	// d だけ設定すれば良い
 	result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
 	if ( result != Status_OK )
 	{	
@ -260,7 +259,7 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
 	}
 	fclose( fp );

-#if 1
+#if 0
 	printf( "EC bignum(Openssl) size\n" );
 	printf( "EC(qx)    : %d bytes\n", BN_num_bytes( &pubkey->pub_key->X ) );

@ -287,7 +286,7 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
 		}
 	}	// ECDSA bignum(openssl) -> bin

-#if 1
+#if 0
 	printf( "EC bin addr\n" );
 	printf( "EC(qx)    : 0x%08X\n", (unsigned int)qxPtr );
 	printf( "EC(qy)    : 0x%08X\n", (unsigned int)qyPtr );
@ -301,7 +300,7 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
 		free( qyPtr );
 	}
 		
-#if 1
+#if 0
 	printf( "EC bn addr\n" );
 	printf( "EC(qx)    : 0x%08X\n", (unsigned int)pubBn.qx );
 	printf( "EC(qy)    : 0x%08X\n", (unsigned int)pubBn.qy );
@ -314,7 +313,7 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
 		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule | NFKM_NKF_PublicKey;
 	// 秘密鍵には DECRYPT と SIGN
 	// 公開鍵には ENCRYPT と VERIFY しかセットできない？？
-	map.op_base = NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_VERIFY;
+	map.op_base = NFKM_DEFOPPERMS_VERIFY;	// ECDSA public key : verify only
 	map.cs = cardset;
 	result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL );
 	if ( result != Status_OK )
@ -327,9 +326,9 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
 	cmd.cmd = Cmd_Import;
 	cmd.args.import.module = MODULE_ID;
 	cmd.args.import.data.type = KeyType_ECDSAPublic;
-	cmd.args.import.data.data.ecdsapublic.curve.name = ECName_NISTB233;	// 名前を指定することで
-	cmd.args.import.data.data.ecdsapublic.Q.x = privBn.qx;	// qx
-	cmd.args.import.data.data.ecdsapublic.Q.y = privBn.qy;	// qy だけを指定すればよい？	
+	cmd.args.import.data.data.ecpublic.curve.name = ECName_NISTB233;	// 名前を指定することで
+	cmd.args.import.data.data.ecpublic.Q.x = pubBn.qx;	// qx
+	cmd.args.import.data.data.ecpublic.Q.y = pubBn.qy;	// qy だけを指定すればよい？	
 	result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
 	if ( result != Status_OK )
 	{