rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

hsm_utils:ECDSAキーペアインポート成功(署名と検証はこれから)

Browse Source 
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@121 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi 2009-12-29 00:43:26 +00:00
parent 6c5c5c99db
commit a6f8877d65
1 changed files with 20 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
hsm_utils/import_ecdsa_keypair.c
View File

@ -10,7 +10,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/sha.h> #include <openssl/sha.h>
#include <openssl/rsa.h> #include <openssl/ec.h>
#include "ec_lcl.h"
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/aes.h> #include <openssl/aes.h>
#include <openssl/pem.h> #include <openssl/pem.h>
@ -20,13 +21,11 @@
#include "rqcard-applic.h" #include "rqcard-applic.h"
#include "rqcard-fips.h" #include "rqcard-fips.h"
//#include "picky-upcalls.h"
#include "my_hsm_bignum.h" #include "my_hsm_bignum.h"
#include "my_hsm_alloc.h" #include "my_hsm_alloc.h"
#define PRIV_KEY_FILE "./test-ecdsa-privkey.der" #define PRIV_KEY_FILE "./test_key/test-ecdsa-privkey.der"
#define PUB_KEY_FILE "./test-ecdsa-pubkey.der" #define PUB_KEY_FILE "./test_key/test-ecdsa-pubkey.der"
#define MODULE_ID 1 #define MODULE_ID 1
#define DATA_LEN 256 // bytes #define DATA_LEN 256 // bytes
@ -105,13 +104,13 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
} }
fclose( fp ); fclose( fp );
#if 1 #if 0
printf( "\nEC(d) = " ); printf( "\nEC(d) = " );
BN_print_fp( stdout, privkey->priv_key ); BN_print_fp( stdout, privkey->priv_key );
printf( "\n" ); printf( "\n" );
#endif #endif
#if 1 #if 0
printf( "EC bignum(Openssl) size\n" ); printf( "EC bignum(Openssl) size\n" );
printf( "EC(d) : %d bytes\n", BN_num_bytes( privkey->priv_key ) ); printf( "EC(d) : %d bytes\n", BN_num_bytes( privkey->priv_key ) );
#endif #endif
@ -121,14 +120,14 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
// d // d
dLen = BN_num_bytes( privkey->priv_key ); dLen = BN_num_bytes( privkey->priv_key );
dPtr = (unsigned char *)malloc( dLen ); dPtr = (unsigned char *)malloc( dLen );
if ( pLen != BN_bn2bin( privkey->priv_key, dPtr ) ) if ( dLen != BN_bn2bin( privkey->priv_key, dPtr ) )
{ {
printf( "BN_bn2bin failed!(d)\n" ); printf( "BN_bn2bin failed!(d)\n" );
return 1; return 1;
} }
} // ec bignum(openssl) -> bin } // ec bignum(openssl) -> bin
#if 1 #if 0
printf( "EC bin addr\n" ); printf( "EC bin addr\n" );
printf( "EC(d) : 0x%08X\n", (unsigned int)dPtr ); printf( "EC(d) : 0x%08X\n", (unsigned int)dPtr );
#endif #endif
@ -139,11 +138,11 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
free( dPtr ); free( dPtr );
} }
#if 1 #if 0
my_printbignum ( stdout, "EC(d)", privBn.d ); my_printbignum ( stdout, "EC(d)", privBn.d );
#endif #endif
#if 1 #if 0
printf( "EC bn addr\n" ); printf( "EC bn addr\n" );
printf( "EC(d) : 0x%08X\n", (unsigned int)privBn.d ); printf( "EC(d) : 0x%08X\n", (unsigned int)privBn.d );
#endif #endif
@ -155,7 +154,7 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule; map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule;
// 秘密鍵には DECRYPT と SIGN // 秘密鍵には DECRYPT と SIGN
// 公開鍵には ENCRYPT と VERIFY しかセットできない?? // 公開鍵には ENCRYPT と VERIFY しかセットできない??
map.op_base = NFKM_DEFOPPERMS_DECRYPT | NFKM_DEFOPPERMS_SIGN; map.op_base = NFKM_DEFOPPERMS_SIGN; // ECDSA priv key : sign only
map.cs = cardset; map.cs = cardset;
result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL ); result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL );
if ( result != Status_OK ) if ( result != Status_OK )
@ -168,8 +167,8 @@ int importECDSAPrivate( NFKM_KeyIdent keyident )
cmd.cmd = Cmd_Import; cmd.cmd = Cmd_Import;
cmd.args.import.module = MODULE_ID; cmd.args.import.module = MODULE_ID;
cmd.args.import.data.type = KeyType_ECDSAPrivate; cmd.args.import.data.type = KeyType_ECDSAPrivate;
cmd.args.import.data.data.ecdsaprivate.curve.name = ECName_NISTB233; // 名前を指定することで cmd.args.import.data.data.ecprivate.curve.name = ECName_NISTB233; // 名前を指定することで
cmd.args.import.data.data.ecdsaprivate.d = privBn.d; // d だけ設定すれば良い cmd.args.import.data.data.ecprivate.d = privBn.d; // d だけ設定すれば良い
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK ) if ( result != Status_OK )
{ {
@ -260,7 +259,7 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
} }
fclose( fp ); fclose( fp );
#if 1 #if 0
printf( "EC bignum(Openssl) size\n" ); printf( "EC bignum(Openssl) size\n" );
printf( "EC(qx) : %d bytes\n", BN_num_bytes( &pubkey->pub_key->X ) ); printf( "EC(qx) : %d bytes\n", BN_num_bytes( &pubkey->pub_key->X ) );
@ -287,7 +286,7 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
} }
} // ECDSA bignum(openssl) -> bin } // ECDSA bignum(openssl) -> bin
#if 1 #if 0
printf( "EC bin addr\n" ); printf( "EC bin addr\n" );
printf( "EC(qx) : 0x%08X\n", (unsigned int)qxPtr ); printf( "EC(qx) : 0x%08X\n", (unsigned int)qxPtr );
printf( "EC(qy) : 0x%08X\n", (unsigned int)qyPtr ); printf( "EC(qy) : 0x%08X\n", (unsigned int)qyPtr );
@ -301,7 +300,7 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
free( qyPtr ); free( qyPtr );
} }
#if 1 #if 0
printf( "EC bn addr\n" ); printf( "EC bn addr\n" );
printf( "EC(qx) : 0x%08X\n", (unsigned int)pubBn.qx ); printf( "EC(qx) : 0x%08X\n", (unsigned int)pubBn.qx );
printf( "EC(qy) : 0x%08X\n", (unsigned int)pubBn.qy ); printf( "EC(qy) : 0x%08X\n", (unsigned int)pubBn.qy );
@ -314,7 +313,7 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule | NFKM_NKF_PublicKey; map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule | NFKM_NKF_PublicKey;
// 秘密鍵には DECRYPT と SIGN // 秘密鍵には DECRYPT と SIGN
// 公開鍵には ENCRYPT と VERIFY しかセットできない?? // 公開鍵には ENCRYPT と VERIFY しかセットできない??
map.op_base = NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_VERIFY; map.op_base = NFKM_DEFOPPERMS_VERIFY; // ECDSA public key : verify only
map.cs = cardset; map.cs = cardset;
result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL ); result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL );
if ( result != Status_OK ) if ( result != Status_OK )
@ -327,9 +326,9 @@ int importECDSAPublic( NFKM_KeyIdent keyident )
cmd.cmd = Cmd_Import; cmd.cmd = Cmd_Import;
cmd.args.import.module = MODULE_ID; cmd.args.import.module = MODULE_ID;
cmd.args.import.data.type = KeyType_ECDSAPublic; cmd.args.import.data.type = KeyType_ECDSAPublic;
cmd.args.import.data.data.ecdsapublic.curve.name = ECName_NISTB233; // 名前を指定することで cmd.args.import.data.data.ecpublic.curve.name = ECName_NISTB233; // 名前を指定することで
cmd.args.import.data.data.ecdsapublic.Q.x = privBn.qx; // qx cmd.args.import.data.data.ecpublic.Q.x = pubBn.qx; // qx
cmd.args.import.data.data.ecdsapublic.Q.y = privBn.qy; // qy だけを指定すればよい? cmd.args.import.data.data.ecpublic.Q.y = pubBn.qy; // qy だけを指定すればよい?
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK ) if ( result != Status_OK )
{ {