From ad3eb772ed242a0a1d71733d66ab664f3b641f33 Mon Sep 17 00:00:00 2001 From: n2460 Date: Fri, 11 Oct 2013 04:15:05 +0000 Subject: [PATCH] =?UTF-8?q?hsm=5Futils/sign=5Fverify=5Frsa=5Fpkcs1=5Fsha25?= =?UTF-8?q?6:=E3=82=B3=E3=83=9E=E3=83=B3=E3=83=89=E3=83=A9=E3=82=A4?= =?UTF-8?q?=E3=83=B3=E5=BC=95=E6=95=B0=E3=81=AB=E5=AF=BE=E5=BF=9C=E3=80=82?= =?UTF-8?q?OpenSSL=20=E6=A4=9C=E8=A8=BC=E5=87=A6=E7=90=86=E3=81=AE?= =?UTF-8?q?=E8=BF=BD=E5=8A=A0=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@233 ff987cc8-cf2f-4642-8568-d52cce064691 --- .../hsm_utils/sign_verify_rsa_pkcs1_sha256.c | 402 +++++++++--------- 1 file changed, 208 insertions(+), 194 deletions(-) diff --git a/trunk/hsm_utils/sign_verify_rsa_pkcs1_sha256.c b/trunk/hsm_utils/sign_verify_rsa_pkcs1_sha256.c index 58d707b..f4f0e95 100644 --- a/trunk/hsm_utils/sign_verify_rsa_pkcs1_sha256.c +++ b/trunk/hsm_utils/sign_verify_rsa_pkcs1_sha256.c @@ -2,6 +2,7 @@ #include #include #include +#include // openssl #include @@ -23,10 +24,10 @@ #include "my_hsm_alloc.h" #include "my_hsm_setup.h" -#define PRIV_KEY_FILE "./test_key/test-rsa-privkey2048.der" -#define PUB_KEY_FILE "./test_key/test-rsa-pubkey2048.der" +#define DEFAULT_PRIV_KEY_FILE_PATH "./test_key/test-rsa-privkey2048.der" +#define DEFAULT_PUB_KEY_FILE_PATH "./test_key/test-rsa-pubkey2048.der" -#define DATA_LEN 256 // bytes +#define SIGN_LEN 256 // bytes // RSA private key data typedef struct @@ -60,15 +61,21 @@ M_KeyID ltid = 0; // the cardset loaded into the module const NFKM_KeyIdent priv_keyident = { (char*)"simple", (char*)"test-rsa-privkey2048" }; const NFKM_KeyIdent pub_keyident = { (char*)"simple", (char*)"test-rsa-pubkey2048" }; -unsigned char save_enc[DATA_LEN]; +char *privKeyFilePath = (char*)DEFAULT_PRIV_KEY_FILE_PATH; +char *pubKeyFilePath = (char*)DEFAULT_PUB_KEY_FILE_PATH; +int isEnableOpenSSL = 0; +char *loadFilePath = NULL; +int loadFileSize = 0; +int validFileSize = 0; +int offsetFileSize = 0; +unsigned char *loadFileBuf = NULL; // function -int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ); +int signVerifyRSAPKCS1Sha256( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ); void PrintArray( char *pStr, const unsigned char *pData, int length ); -int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) +int signVerifyRSAPKCS1Sha256( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) { - int i; int result = Status_OK; M_ByteBlock *blobptr = NULL; M_KeyID priv_keyid, pub_keyid; @@ -167,51 +174,40 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) keyinfo = NULL; #endif - // create cert + // sign & verify { - unsigned char *beforePtr, *middlePtr, *afterPtr; - int beforeLen, middleLen, afterLen; - unsigned char *signPtr, *decPtr; - struct NFast_Bignum *sign_bn, *dec_bn; + unsigned char *middlePtr = NULL; + int middleLen = 0; + struct NFast_Bignum *sign_bn = NULL; M_Mech verify_mech; - beforePtr = middlePtr = afterPtr = NULL; - beforeLen = middleLen = afterLen = 0; - signPtr = decPtr = NULL; - sign_bn = dec_bn = NULL; - + // calc sha256 M_Hash32 hash32; - M_Hash32 modHash32; - - unsigned int magic = 0xdeadbeef; - SHA256( (const unsigned char*)&magic, 4, hash32.bytes ); - - // HSM は切り詰めないで署名してしまうので自前で加工する - memset( &modHash32, 0, sizeof( modHash32 ) ); - modHash32.bytes[2] = hash32.bytes[0] >> 7; - for( i = 3; i < SHA256_DIGEST_LENGTH; i++ ) + if (loadFileBuf) { - modHash32.bytes[i] = (hash32.bytes[i-3] << 1) | (hash32.bytes[i-2] >> 7); + SHA256( loadFileBuf + offsetFileSize, validFileSize, hash32.bytes ); + } + else + { + int i; + unsigned char buf[32]; + for (i = 0; i < sizeof(buf); i++) + { + buf[i] = ~i; + } + SHA256( buf, sizeof(buf), hash32.bytes ); } - // sign data setting - beforeLen = DATA_LEN - 11; - beforePtr = (unsigned char*)malloc( beforeLen ); - for ( i = 0; i < beforeLen; i++ ) - beforePtr[i] = ~i; - my_bin2bignum( &(sign_bn), handle, beforePtr, beforeLen ); + // show data + PrintArray( (char*)"Hash", hash32.bytes, sizeof(hash32.bytes) ); // sign transact cmd.cmd = Cmd_Sign; cmd.args.sign.flags = 0; cmd.args.sign.key = priv_keyid; -// cmd.args.sign.mech = Mech_RSAhSHA256pPSS; cmd.args.sign.mech = Mech_RSAhSHA256pPKCS1; cmd.args.sign.plain.type = PlainTextType_Hash32; cmd.args.sign.plain.data.hash32.data = hash32; -// cmd.args.sign.plain.data.hash32.data = modHash32; -// RSA_verify_PKCS1_PSS -// cmd.args.sign.plain.data.bignum.m = sign_bn; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) @@ -225,17 +221,19 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) printf( "error(%d) : reply.status(Cmd_Sign)\n", result ); return 1; } - - printf( "RSA PSS sign ok\n" ); + printf( "----- HSM Sign OK -----\n" ); // verify data setting middleLen = reply.reply.sign.sig.data.rsappkcs1.m->nbytes; middlePtr = (unsigned char*)malloc( middleLen ); my_bignum2bin( middlePtr, middleLen, handle, reply.reply.sign.sig.data.rsappkcs1.m ); - my_bin2bignum( &dec_bn, handle, middlePtr, middleLen ); + my_bin2bignum( &sign_bn, handle, middlePtr, middleLen ); verify_mech = reply.reply.sign.sig.mech; - + + // show data + PrintArray( (char*)"HSM Sign", middlePtr, middleLen ); + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); NFastApp_Free_Reply( handle, NULL, NULL, &reply ); @@ -246,16 +244,12 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) cmd.cmd = Cmd_Verify; cmd.args.verify.flags = 0; cmd.args.verify.key = pub_keyid; -// cmd.args.verify.mech = Mech_RSAhSHA256pPSS; cmd.args.verify.mech = Mech_RSAhSHA256pPKCS1; cmd.args.verify.plain.type = PlainTextType_Hash32; cmd.args.verify.plain.data.hash32.data = hash32; -// cmd.args.verify.plain.data.hash32.data = modHash32; cmd.args.verify.sig.mech = verify_mech; - cmd.args.verify.sig.data.rsappkcs1.m = dec_bn; + cmd.args.verify.sig.data.rsappkcs1.m = sign_bn; -// cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn; -// cmd.args.decrypt.reply_type = PlainTextType_Bignum; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { @@ -274,13 +268,10 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) printf( "error : Verify Failed(Cmd_Verify)\n" ); return 1; } + printf( "----- HSM Verify OK -----\n" ); - printf( "RSA PSS verify ok\n" ); - - PrintArray( (char*)"HSM Sign", middlePtr, middleLen ); - -#if 1 // OpenSSL でも検証開始 + if (isEnableOpenSSL) { int ret = 0; @@ -297,10 +288,10 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) struct stat fileStat; // priv - stat( PRIV_KEY_FILE, &fileStat ); + stat( privKeyFilePath, &fileStat ); privKeySize = fileStat.st_size; privKeyBuf = (unsigned char*)malloc( privKeySize ); - pPrivKeyFile = fopen( PRIV_KEY_FILE, "rb" ); + pPrivKeyFile = fopen( privKeyFilePath, "rb" ); if (pPrivKeyFile == NULL) { printf("file open error\n"); @@ -310,10 +301,10 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) fclose(pPrivKeyFile); // pub - stat( PUB_KEY_FILE, &fileStat ); + stat( pubKeyFilePath, &fileStat ); pubKeySize = fileStat.st_size; pubKeyBuf = (unsigned char*)malloc( pubKeySize ); - pPubKeyFile = fopen( PUB_KEY_FILE, "rb" ); + pPubKeyFile = fopen( pubKeyFilePath, "rb" ); if (pPubKeyFile == NULL) { printf("file open error\n"); @@ -327,11 +318,6 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) const unsigned char *der_priv = privKeyBuf; const unsigned char *der_pub = pubKeyBuf; -// int priv_len = der_priv[ 8 ] | der_priv[ 9 ] << 8; // KEY長を取り出し -// int pub_len = der_pub [ 8 ] | der_pub [ 9 ] << 8; // 同上 -// der_priv += 0x10; // ヘッダ部分を除外してKEY実体を指定 -// der_pub += 0x10; // 同上 - // コマンドラインのopensslが出力する秘密鍵は、PKCS#1 RSAPublicKeyフォーマットなので、この関数を使う。 rsa_privkey = d2i_RSAPrivateKey( NULL, &der_priv, privKeySize ); if( rsa_privkey == NULL ) @@ -348,21 +334,61 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) } } - PrintArray( (char*)"hash32", hash32.bytes, sizeof(hash32) ); - // Sign by OpenSSL - unsigned char sigBuf[256]; // TEKITO - unsigned int sigLen = 0; + unsigned char signByOpenSSL[SIGN_LEN]; + unsigned int signLen = 0; - ret = RSA_sign( NID_sha256, hash32.bytes, 32, sigBuf, &sigLen, rsa_privkey ); + ret = RSA_sign( NID_sha256, hash32.bytes, 32, signByOpenSSL, &signLen, rsa_privkey ); if (ret == 0) { printf( "error : RSA_sign(by OpenSSL)!\n" ); return 1; } - printf("sigLen=%d\n", sigLen); - PrintArray( (char*)"sigBuf", sigBuf, sigLen ); + if (SIGN_LEN != signLen) + { + printf( "error : Sign Size(%d) by OpenSSL donen't match %d!\n", signLen, SIGN_LEN ); + return 1; + } + PrintArray( (char*)"OpenSSL Sign ", signByOpenSSL, signLen ); + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // convert + my_bin2bignum( &sign_bn, handle, signByOpenSSL, signLen ); + + // verify transact + cmd.cmd = Cmd_Verify; + cmd.args.verify.flags = 0; + cmd.args.verify.key = pub_keyid; + cmd.args.verify.mech = Mech_RSAhSHA256pPKCS1; + cmd.args.verify.plain.type = PlainTextType_Hash32; + cmd.args.verify.plain.data.hash32.data = hash32; + cmd.args.verify.sig.mech = verify_mech; + cmd.args.verify.sig.data.rsappkcs1.m = sign_bn; + + result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : FastApp_Transact(Cmd_Verify)\n", result ); + return 1; + } + result = reply.status; + if ( result != Status_OK && result != Status_VerifyFailed ) + { + printf( "error(%d) : reply.status(Cmd_Verify)\n", result ); + return 1; + } + // リファンレスは間違い。reply の status に検証結果が入る + if ( result == Status_VerifyFailed ) + { + printf( "error : Verify Failed(Cmd_Verify)\n" ); + return 1; + } + printf( "----- HSM Verify OK for OpenSSL Sign -----\n" ); // Verify for HSM ret = RSA_verify( NID_sha256, hash32.bytes, SHA256_DIGEST_LENGTH, middlePtr, middleLen, rsa_pubkey ); @@ -371,136 +397,17 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) printf( "error : RSA_verify(by OpenSSL)!\n" ); return 1; } - printf( "HSM Sign Verify Success!\n" ); - } -#endif + printf( "----- OpenSSL Verify OK for HSM Sign -----\n" ); - PrintArray( (char*)"hash32", hash32.bytes, sizeof(hash32) ); -// PrintArray( (char*)"before", beforePtr, beforeLen ); - PrintArray( (char*)"middle", middlePtr, middleLen ); + free( privKeyBuf ); + free( pubKeyBuf ); + } return Status_OK; } - - // encrypt & dectypt test - { - unsigned char *beforePtr, *middlePtr, *afterPtr; - int beforeLen, middleLen, afterLen; - unsigned char *encPtr, *decPtr; - struct NFast_Bignum *enc_bn, *dec_bn; - M_Mech dec_mech; - - beforePtr = middlePtr = afterPtr = NULL; - beforeLen = middleLen = afterLen = 0; - encPtr = decPtr = NULL; - enc_bn = dec_bn = NULL; - - // encrypt data setting - beforeLen = DATA_LEN - 11; - beforePtr = (unsigned char*)malloc( beforeLen ); - for ( i = 0; i < beforeLen; i++ ) - beforePtr[i] = ~i; - my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen ); - -#if 0 - // my_bignum2bin test - unsigned char debug_buf[ DATA_LEN ]; - PrintArray( (char*)"beforePtr", beforePtr, DATA_LEN ); - printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" ); - my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn ); - PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN ); -#endif - - // encrypt transact - cmd.cmd = Cmd_Encrypt; - cmd.args.encrypt.flags = 0; // Cmd_Encrypt_Args_flags_given_iv_present; - cmd.args.encrypt.key = pub_keyid; - cmd.args.encrypt.mech = Mech_RSApPKCS1; - cmd.args.encrypt.plain.type = PlainTextType_Bignum; - cmd.args.encrypt.plain.data.bignum.m = enc_bn; - //cmd.args.encrypt.given_iv = NULL; - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result ); - return 1; - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result ); - return 1; - } -#if 0 - if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes ) - { - printf( "error : output size isn't %d bytes!\n", DATA_LEN ); - return 1; - } -#endif - - printf( "RSA data encrypt ok\n" ); - - // decrypt data setting - middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes; - middlePtr = (unsigned char*)malloc( middleLen ); - my_bignum2bin( middlePtr, middleLen, handle, - reply.reply.encrypt.cipher.data.rsappkcs1.m ); - my_bin2bignum( &dec_bn, handle, middlePtr, middleLen ); - dec_mech = reply.reply.encrypt.cipher.mech; - - NFastApp_Free_Command( handle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( handle, NULL, NULL, &reply ); - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - // decrypt transact - cmd.cmd = Cmd_Decrypt; - cmd.args.decrypt.flags = 0; - cmd.args.decrypt.key = priv_keyid; - cmd.args.decrypt.mech = Mech_RSApPKCS1; - cmd.args.decrypt.cipher.mech = dec_mech; - cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn; - cmd.args.decrypt.reply_type = PlainTextType_Bignum; - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result ); - return 1; - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result ); - return 1; - } -#if 0 - if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes ) - { - printf( "error : output size isn't %d bytes!\n", DATA_LEN ); - return 1; - } -#endif - - printf( "RSA data decrypt ok\n" ); - - // after - afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes; - afterPtr = (unsigned char*)malloc( afterLen ); - my_bignum2bin( afterPtr, afterLen, handle, - reply.reply.decrypt.plain.data.bignum.m ); - - NFastApp_Free_Command( handle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( handle, NULL, NULL, &reply ); - - // data show - PrintArray( (char*)"before", beforePtr, beforeLen ); - PrintArray( (char*)"middle", middlePtr, middleLen ); - PrintArray( (char*)"after", afterPtr, afterLen ); - } // encrypt & decrypt return result; -} // createRSAPSSCert +} // signRSAPKCS1Sha256 void PrintArray( char *pStr, const unsigned char *pData, int length ) { @@ -518,6 +425,108 @@ int main( int argc, char *argv[] ) { int result = Status_OK; + int opt = 0; + while (1) + { + int optionIndex = 0; + static struct option longOptions[] = + { + { "openssl", no_argument, 0, 0 }, + { "priv", required_argument, 0, 0 }, + { "pub", required_argument, 0, 0 }, + { "in", required_argument, 0, 0 }, + { "size", required_argument, 0, 0 }, + { "offset", required_argument, 0, 0 }, + { 0, 0, 0, 0 } + }; + // - によるオプション禁止、 -- のみ認める + opt = getopt_long(argc, argv, "", longOptions, &optionIndex); + if (opt == -1) + { + break; + } + + switch (opt) + { + case 0 : // long arg + { + switch (optionIndex) + { + case 0 : // openssl + { + isEnableOpenSSL = 1; + } break; + case 1 : // priv + { + privKeyFilePath = optarg; + } break; + case 2 : // pub + { + pubKeyFilePath = optarg; + } break; + case 3 : // in + { + loadFilePath = optarg; + } break; + case 4 : // size + { + validFileSize = atoi(optarg); + } break; + case 5 : // offset + { + offsetFileSize = atoi(optarg); + } break; + } + } break; + } + } + printf( "HSM sign & verify RSA PKCS1 SHA256 Sample.\n" ); + printf( " --openssl : enable openssl sign & verify\n" ); + printf( " --priv filename : specify private RSA key (use openssl)\n" ); + printf( " Default=%s\n", DEFAULT_PRIV_KEY_FILE_PATH ); + printf( " --pub filename : specify public RSA key (use openssl)\n" ); + printf( " Default=%s\n", DEFAULT_PUB_KEY_FILE_PATH ); + printf( " --in filename : input file for SHA256\n" ); + printf( " Default=reasonable array\n" ); + printf( " --size size : valid file size for SHA256\n" ); + printf( " --offset fize : offset file size for SHA256\n" ); + printf( "\n" ); + printf( "----- start -----\n" ); + if (isEnableOpenSSL) + { + printf( "Enable OpenSSL Sign & Verify\n" ); + printf( "OpenSSL use privkey=%s\n", privKeyFilePath ); + printf( "OpenSSL use pubkey=%s\n", pubKeyFilePath ); + } + if (loadFilePath) + { + FILE *pLoadFile; + struct stat fileStat; + + stat( loadFilePath, &fileStat ); + loadFileSize = fileStat.st_size; + loadFileBuf = (unsigned char*)malloc( loadFileSize ); + pLoadFile = fopen( loadFilePath, "rb" ); + if (pLoadFile == NULL) + { + printf("file open error : %s\n", loadFilePath); + return 1; + } + fread( loadFileBuf, loadFileSize, 1, pLoadFile ); + fclose( pLoadFile ); + + printf( "load filename=%s, size=%d bytes\n", loadFilePath, loadFileSize ); + if (validFileSize == 0 || validFileSize > loadFileSize) + { + validFileSize = loadFileSize; + } + if (offsetFileSize + validFileSize > loadFileSize) + { + offsetFileSize = loadFileSize - validFileSize; + } + printf( "valid size=%d bytes, offset=%d bytes\n", validFileSize, offsetFileSize ); + } + // initialize result = my_hsm_initialize( &handle, &nc, &pWorld, &card, &fips, &pModuleinfo ); if ( result != Status_OK ) @@ -527,13 +536,19 @@ int main( int argc, char *argv[] ) } // create rsa-pss cert - result = createRSAPSSCert( priv_keyident, pub_keyident ); + result = signVerifyRSAPKCS1Sha256( priv_keyident, pub_keyident ); if ( result != Status_OK ) { printf( "error : createRSAPSSCert\n" ); return 1; } - printf( "RSA-PSS cert create success.\n" ); + printf( "RSA PKCS1 SHA256 Sign & Verify success.\n" ); + + // free + if (loadFileBuf) + { + free( loadFileBuf ); + } // finalize result = my_hsm_finalize( &handle, &nc, &pWorld, &card, &fips ); @@ -544,5 +559,4 @@ int main( int argc, char *argv[] ) } return 0; - } // main