mirror of
https://github.com/rvtr/ctr_eFuse.git
synced 2025-11-02 00:11:04 -04:00
hsm_utils/sign_verify_rsa_pkcs1_sha256:コマンドライン引数に対応。OpenSSL 検証処理の追加。
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@233 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
n2460
parent
cd06a8b297
commit
ad3eb772ed
@ -2,6 +2,7 @@
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include <getopt.h>
|
||||||
|
|
||||||
// openssl
|
// openssl
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
@ -23,10 +24,10 @@
|
|||||||
#include "my_hsm_alloc.h"
|
#include "my_hsm_alloc.h"
|
||||||
#include "my_hsm_setup.h"
|
#include "my_hsm_setup.h"
|
||||||
|
|
||||||
#define PRIV_KEY_FILE "./test_key/test-rsa-privkey2048.der"
|
#define DEFAULT_PRIV_KEY_FILE_PATH "./test_key/test-rsa-privkey2048.der"
|
||||||
#define PUB_KEY_FILE "./test_key/test-rsa-pubkey2048.der"
|
#define DEFAULT_PUB_KEY_FILE_PATH "./test_key/test-rsa-pubkey2048.der"
|
||||||
|
|
||||||
#define DATA_LEN 256 // bytes
|
#define SIGN_LEN 256 // bytes
|
||||||
|
|
||||||
// RSA private key data
|
// RSA private key data
|
||||||
typedef struct
|
typedef struct
|
||||||
@ -60,15 +61,21 @@ M_KeyID ltid = 0; // the cardset loaded into the module
|
|||||||
const NFKM_KeyIdent priv_keyident = { (char*)"simple", (char*)"test-rsa-privkey2048" };
|
const NFKM_KeyIdent priv_keyident = { (char*)"simple", (char*)"test-rsa-privkey2048" };
|
||||||
const NFKM_KeyIdent pub_keyident = { (char*)"simple", (char*)"test-rsa-pubkey2048" };
|
const NFKM_KeyIdent pub_keyident = { (char*)"simple", (char*)"test-rsa-pubkey2048" };
|
||||||
|
|
||||||
unsigned char save_enc[DATA_LEN];
|
char *privKeyFilePath = (char*)DEFAULT_PRIV_KEY_FILE_PATH;
|
||||||
|
char *pubKeyFilePath = (char*)DEFAULT_PUB_KEY_FILE_PATH;
|
||||||
|
int isEnableOpenSSL = 0;
|
||||||
|
char *loadFilePath = NULL;
|
||||||
|
int loadFileSize = 0;
|
||||||
|
int validFileSize = 0;
|
||||||
|
int offsetFileSize = 0;
|
||||||
|
unsigned char *loadFileBuf = NULL;
|
||||||
|
|
||||||
// function
|
// function
|
||||||
int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident );
|
int signVerifyRSAPKCS1Sha256( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident );
|
||||||
void PrintArray( char *pStr, const unsigned char *pData, int length );
|
void PrintArray( char *pStr, const unsigned char *pData, int length );
|
||||||
|
|
||||||
int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
int signVerifyRSAPKCS1Sha256( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
||||||
{
|
{
|
||||||
int i;
|
|
||||||
int result = Status_OK;
|
int result = Status_OK;
|
||||||
M_ByteBlock *blobptr = NULL;
|
M_ByteBlock *blobptr = NULL;
|
||||||
M_KeyID priv_keyid, pub_keyid;
|
M_KeyID priv_keyid, pub_keyid;
|
||||||
@ -167,51 +174,40 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
|||||||
keyinfo = NULL;
|
keyinfo = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
// create cert
|
// sign & verify
|
||||||
{
|
{
|
||||||
unsigned char *beforePtr, *middlePtr, *afterPtr;
|
unsigned char *middlePtr = NULL;
|
||||||
int beforeLen, middleLen, afterLen;
|
int middleLen = 0;
|
||||||
unsigned char *signPtr, *decPtr;
|
struct NFast_Bignum *sign_bn = NULL;
|
||||||
struct NFast_Bignum *sign_bn, *dec_bn;
|
|
||||||
M_Mech verify_mech;
|
M_Mech verify_mech;
|
||||||
|
|
||||||
beforePtr = middlePtr = afterPtr = NULL;
|
// calc sha256
|
||||||
beforeLen = middleLen = afterLen = 0;
|
|
||||||
signPtr = decPtr = NULL;
|
|
||||||
sign_bn = dec_bn = NULL;
|
|
||||||
|
|
||||||
M_Hash32 hash32;
|
M_Hash32 hash32;
|
||||||
M_Hash32 modHash32;
|
if (loadFileBuf)
|
||||||
|
|
||||||
unsigned int magic = 0xdeadbeef;
|
|
||||||
SHA256( (const unsigned char*)&magic, 4, hash32.bytes );
|
|
||||||
|
|
||||||
// HSM は切り詰めないで署名してしまうので自前で加工する
|
|
||||||
memset( &modHash32, 0, sizeof( modHash32 ) );
|
|
||||||
modHash32.bytes[2] = hash32.bytes[0] >> 7;
|
|
||||||
for( i = 3; i < SHA256_DIGEST_LENGTH; i++ )
|
|
||||||
{
|
{
|
||||||
modHash32.bytes[i] = (hash32.bytes[i-3] << 1) | (hash32.bytes[i-2] >> 7);
|
SHA256( loadFileBuf + offsetFileSize, validFileSize, hash32.bytes );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
unsigned char buf[32];
|
||||||
|
for (i = 0; i < sizeof(buf); i++)
|
||||||
|
{
|
||||||
|
buf[i] = ~i;
|
||||||
|
}
|
||||||
|
SHA256( buf, sizeof(buf), hash32.bytes );
|
||||||
}
|
}
|
||||||
|
|
||||||
// sign data setting
|
// show data
|
||||||
beforeLen = DATA_LEN - 11;
|
PrintArray( (char*)"Hash", hash32.bytes, sizeof(hash32.bytes) );
|
||||||
beforePtr = (unsigned char*)malloc( beforeLen );
|
|
||||||
for ( i = 0; i < beforeLen; i++ )
|
|
||||||
beforePtr[i] = ~i;
|
|
||||||
my_bin2bignum( &(sign_bn), handle, beforePtr, beforeLen );
|
|
||||||
|
|
||||||
// sign transact
|
// sign transact
|
||||||
cmd.cmd = Cmd_Sign;
|
cmd.cmd = Cmd_Sign;
|
||||||
cmd.args.sign.flags = 0;
|
cmd.args.sign.flags = 0;
|
||||||
cmd.args.sign.key = priv_keyid;
|
cmd.args.sign.key = priv_keyid;
|
||||||
// cmd.args.sign.mech = Mech_RSAhSHA256pPSS;
|
|
||||||
cmd.args.sign.mech = Mech_RSAhSHA256pPKCS1;
|
cmd.args.sign.mech = Mech_RSAhSHA256pPKCS1;
|
||||||
cmd.args.sign.plain.type = PlainTextType_Hash32;
|
cmd.args.sign.plain.type = PlainTextType_Hash32;
|
||||||
cmd.args.sign.plain.data.hash32.data = hash32;
|
cmd.args.sign.plain.data.hash32.data = hash32;
|
||||||
// cmd.args.sign.plain.data.hash32.data = modHash32;
|
|
||||||
// RSA_verify_PKCS1_PSS
|
|
||||||
// cmd.args.sign.plain.data.bignum.m = sign_bn;
|
|
||||||
|
|
||||||
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
|
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
|
||||||
if ( result != Status_OK )
|
if ( result != Status_OK )
|
||||||
@ -225,17 +221,19 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
|||||||
printf( "error(%d) : reply.status(Cmd_Sign)\n", result );
|
printf( "error(%d) : reply.status(Cmd_Sign)\n", result );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
printf( "----- HSM Sign OK -----\n" );
|
||||||
printf( "RSA PSS sign ok\n" );
|
|
||||||
|
|
||||||
// verify data setting
|
// verify data setting
|
||||||
middleLen = reply.reply.sign.sig.data.rsappkcs1.m->nbytes;
|
middleLen = reply.reply.sign.sig.data.rsappkcs1.m->nbytes;
|
||||||
middlePtr = (unsigned char*)malloc( middleLen );
|
middlePtr = (unsigned char*)malloc( middleLen );
|
||||||
my_bignum2bin( middlePtr, middleLen, handle,
|
my_bignum2bin( middlePtr, middleLen, handle,
|
||||||
reply.reply.sign.sig.data.rsappkcs1.m );
|
reply.reply.sign.sig.data.rsappkcs1.m );
|
||||||
my_bin2bignum( &dec_bn, handle, middlePtr, middleLen );
|
my_bin2bignum( &sign_bn, handle, middlePtr, middleLen );
|
||||||
verify_mech = reply.reply.sign.sig.mech;
|
verify_mech = reply.reply.sign.sig.mech;
|
||||||
|
|
||||||
|
// show data
|
||||||
|
PrintArray( (char*)"HSM Sign", middlePtr, middleLen );
|
||||||
|
|
||||||
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
|
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
|
||||||
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
|
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
|
||||||
|
|
||||||
@ -246,16 +244,12 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
|||||||
cmd.cmd = Cmd_Verify;
|
cmd.cmd = Cmd_Verify;
|
||||||
cmd.args.verify.flags = 0;
|
cmd.args.verify.flags = 0;
|
||||||
cmd.args.verify.key = pub_keyid;
|
cmd.args.verify.key = pub_keyid;
|
||||||
// cmd.args.verify.mech = Mech_RSAhSHA256pPSS;
|
|
||||||
cmd.args.verify.mech = Mech_RSAhSHA256pPKCS1;
|
cmd.args.verify.mech = Mech_RSAhSHA256pPKCS1;
|
||||||
cmd.args.verify.plain.type = PlainTextType_Hash32;
|
cmd.args.verify.plain.type = PlainTextType_Hash32;
|
||||||
cmd.args.verify.plain.data.hash32.data = hash32;
|
cmd.args.verify.plain.data.hash32.data = hash32;
|
||||||
// cmd.args.verify.plain.data.hash32.data = modHash32;
|
|
||||||
cmd.args.verify.sig.mech = verify_mech;
|
cmd.args.verify.sig.mech = verify_mech;
|
||||||
cmd.args.verify.sig.data.rsappkcs1.m = dec_bn;
|
cmd.args.verify.sig.data.rsappkcs1.m = sign_bn;
|
||||||
|
|
||||||
// cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
|
|
||||||
// cmd.args.decrypt.reply_type = PlainTextType_Bignum;
|
|
||||||
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
|
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
|
||||||
if ( result != Status_OK )
|
if ( result != Status_OK )
|
||||||
{
|
{
|
||||||
@ -274,13 +268,10 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
|||||||
printf( "error : Verify Failed(Cmd_Verify)\n" );
|
printf( "error : Verify Failed(Cmd_Verify)\n" );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
printf( "----- HSM Verify OK -----\n" );
|
||||||
|
|
||||||
printf( "RSA PSS verify ok\n" );
|
|
||||||
|
|
||||||
PrintArray( (char*)"HSM Sign", middlePtr, middleLen );
|
|
||||||
|
|
||||||
#if 1
|
|
||||||
// OpenSSL でも検証開始
|
// OpenSSL でも検証開始
|
||||||
|
if (isEnableOpenSSL)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
@ -297,10 +288,10 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
|||||||
struct stat fileStat;
|
struct stat fileStat;
|
||||||
|
|
||||||
// priv
|
// priv
|
||||||
stat( PRIV_KEY_FILE, &fileStat );
|
stat( privKeyFilePath, &fileStat );
|
||||||
privKeySize = fileStat.st_size;
|
privKeySize = fileStat.st_size;
|
||||||
privKeyBuf = (unsigned char*)malloc( privKeySize );
|
privKeyBuf = (unsigned char*)malloc( privKeySize );
|
||||||
pPrivKeyFile = fopen( PRIV_KEY_FILE, "rb" );
|
pPrivKeyFile = fopen( privKeyFilePath, "rb" );
|
||||||
if (pPrivKeyFile == NULL)
|
if (pPrivKeyFile == NULL)
|
||||||
{
|
{
|
||||||
printf("file open error\n");
|
printf("file open error\n");
|
||||||
@ -310,10 +301,10 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
|||||||
fclose(pPrivKeyFile);
|
fclose(pPrivKeyFile);
|
||||||
|
|
||||||
// pub
|
// pub
|
||||||
stat( PUB_KEY_FILE, &fileStat );
|
stat( pubKeyFilePath, &fileStat );
|
||||||
pubKeySize = fileStat.st_size;
|
pubKeySize = fileStat.st_size;
|
||||||
pubKeyBuf = (unsigned char*)malloc( pubKeySize );
|
pubKeyBuf = (unsigned char*)malloc( pubKeySize );
|
||||||
pPubKeyFile = fopen( PUB_KEY_FILE, "rb" );
|
pPubKeyFile = fopen( pubKeyFilePath, "rb" );
|
||||||
if (pPubKeyFile == NULL)
|
if (pPubKeyFile == NULL)
|
||||||
{
|
{
|
||||||
printf("file open error\n");
|
printf("file open error\n");
|
||||||
@ -327,11 +318,6 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
|||||||
const unsigned char *der_priv = privKeyBuf;
|
const unsigned char *der_priv = privKeyBuf;
|
||||||
const unsigned char *der_pub = pubKeyBuf;
|
const unsigned char *der_pub = pubKeyBuf;
|
||||||
|
|
||||||
// int priv_len = der_priv[ 8 ] | der_priv[ 9 ] << 8; // KEY長を取り出し
|
|
||||||
// int pub_len = der_pub [ 8 ] | der_pub [ 9 ] << 8; // 同上
|
|
||||||
// der_priv += 0x10; // ヘッダ部分を除外してKEY実体を指定
|
|
||||||
// der_pub += 0x10; // 同上
|
|
||||||
|
|
||||||
// コマンドラインのopensslが出力する秘密鍵は、PKCS#1 RSAPublicKeyフォーマットなので、この関数を使う。
|
// コマンドラインのopensslが出力する秘密鍵は、PKCS#1 RSAPublicKeyフォーマットなので、この関数を使う。
|
||||||
rsa_privkey = d2i_RSAPrivateKey( NULL, &der_priv, privKeySize );
|
rsa_privkey = d2i_RSAPrivateKey( NULL, &der_priv, privKeySize );
|
||||||
if( rsa_privkey == NULL )
|
if( rsa_privkey == NULL )
|
||||||
@ -348,21 +334,61 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
PrintArray( (char*)"hash32", hash32.bytes, sizeof(hash32) );
|
|
||||||
|
|
||||||
// Sign by OpenSSL
|
// Sign by OpenSSL
|
||||||
unsigned char sigBuf[256]; // TEKITO
|
unsigned char signByOpenSSL[SIGN_LEN];
|
||||||
unsigned int sigLen = 0;
|
unsigned int signLen = 0;
|
||||||
|
|
||||||
ret = RSA_sign( NID_sha256, hash32.bytes, 32, sigBuf, &sigLen, rsa_privkey );
|
ret = RSA_sign( NID_sha256, hash32.bytes, 32, signByOpenSSL, &signLen, rsa_privkey );
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
{
|
{
|
||||||
printf( "error : RSA_sign(by OpenSSL)!\n" );
|
printf( "error : RSA_sign(by OpenSSL)!\n" );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
printf("sigLen=%d\n", sigLen);
|
if (SIGN_LEN != signLen)
|
||||||
PrintArray( (char*)"sigBuf", sigBuf, sigLen );
|
{
|
||||||
|
printf( "error : Sign Size(%d) by OpenSSL donen't match %d!\n", signLen, SIGN_LEN );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
PrintArray( (char*)"OpenSSL Sign ", signByOpenSSL, signLen );
|
||||||
|
|
||||||
|
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
|
||||||
|
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
|
||||||
|
|
||||||
|
memset( &cmd, 0, sizeof( cmd ) );
|
||||||
|
memset( &reply, 0, sizeof( reply ) );
|
||||||
|
|
||||||
|
// convert
|
||||||
|
my_bin2bignum( &sign_bn, handle, signByOpenSSL, signLen );
|
||||||
|
|
||||||
|
// verify transact
|
||||||
|
cmd.cmd = Cmd_Verify;
|
||||||
|
cmd.args.verify.flags = 0;
|
||||||
|
cmd.args.verify.key = pub_keyid;
|
||||||
|
cmd.args.verify.mech = Mech_RSAhSHA256pPKCS1;
|
||||||
|
cmd.args.verify.plain.type = PlainTextType_Hash32;
|
||||||
|
cmd.args.verify.plain.data.hash32.data = hash32;
|
||||||
|
cmd.args.verify.sig.mech = verify_mech;
|
||||||
|
cmd.args.verify.sig.data.rsappkcs1.m = sign_bn;
|
||||||
|
|
||||||
|
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
|
||||||
|
if ( result != Status_OK )
|
||||||
|
{
|
||||||
|
printf( "error(%d) : FastApp_Transact(Cmd_Verify)\n", result );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
result = reply.status;
|
||||||
|
if ( result != Status_OK && result != Status_VerifyFailed )
|
||||||
|
{
|
||||||
|
printf( "error(%d) : reply.status(Cmd_Verify)\n", result );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
// リファンレスは間違い。reply の status に検証結果が入る
|
||||||
|
if ( result == Status_VerifyFailed )
|
||||||
|
{
|
||||||
|
printf( "error : Verify Failed(Cmd_Verify)\n" );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
printf( "----- HSM Verify OK for OpenSSL Sign -----\n" );
|
||||||
|
|
||||||
// Verify for HSM
|
// Verify for HSM
|
||||||
ret = RSA_verify( NID_sha256, hash32.bytes, SHA256_DIGEST_LENGTH, middlePtr, middleLen, rsa_pubkey );
|
ret = RSA_verify( NID_sha256, hash32.bytes, SHA256_DIGEST_LENGTH, middlePtr, middleLen, rsa_pubkey );
|
||||||
@ -371,136 +397,17 @@ int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
|
|||||||
printf( "error : RSA_verify(by OpenSSL)!\n" );
|
printf( "error : RSA_verify(by OpenSSL)!\n" );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
printf( "HSM Sign Verify Success!\n" );
|
printf( "----- OpenSSL Verify OK for HSM Sign -----\n" );
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
PrintArray( (char*)"hash32", hash32.bytes, sizeof(hash32) );
|
free( privKeyBuf );
|
||||||
// PrintArray( (char*)"before", beforePtr, beforeLen );
|
free( pubKeyBuf );
|
||||||
PrintArray( (char*)"middle", middlePtr, middleLen );
|
}
|
||||||
|
|
||||||
return Status_OK;
|
return Status_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
// encrypt & dectypt test
|
|
||||||
{
|
|
||||||
unsigned char *beforePtr, *middlePtr, *afterPtr;
|
|
||||||
int beforeLen, middleLen, afterLen;
|
|
||||||
unsigned char *encPtr, *decPtr;
|
|
||||||
struct NFast_Bignum *enc_bn, *dec_bn;
|
|
||||||
M_Mech dec_mech;
|
|
||||||
|
|
||||||
beforePtr = middlePtr = afterPtr = NULL;
|
|
||||||
beforeLen = middleLen = afterLen = 0;
|
|
||||||
encPtr = decPtr = NULL;
|
|
||||||
enc_bn = dec_bn = NULL;
|
|
||||||
|
|
||||||
// encrypt data setting
|
|
||||||
beforeLen = DATA_LEN - 11;
|
|
||||||
beforePtr = (unsigned char*)malloc( beforeLen );
|
|
||||||
for ( i = 0; i < beforeLen; i++ )
|
|
||||||
beforePtr[i] = ~i;
|
|
||||||
my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen );
|
|
||||||
|
|
||||||
#if 0
|
|
||||||
// my_bignum2bin test
|
|
||||||
unsigned char debug_buf[ DATA_LEN ];
|
|
||||||
PrintArray( (char*)"beforePtr", beforePtr, DATA_LEN );
|
|
||||||
printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" );
|
|
||||||
my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn );
|
|
||||||
PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// encrypt transact
|
|
||||||
cmd.cmd = Cmd_Encrypt;
|
|
||||||
cmd.args.encrypt.flags = 0; // Cmd_Encrypt_Args_flags_given_iv_present;
|
|
||||||
cmd.args.encrypt.key = pub_keyid;
|
|
||||||
cmd.args.encrypt.mech = Mech_RSApPKCS1;
|
|
||||||
cmd.args.encrypt.plain.type = PlainTextType_Bignum;
|
|
||||||
cmd.args.encrypt.plain.data.bignum.m = enc_bn;
|
|
||||||
//cmd.args.encrypt.given_iv = NULL;
|
|
||||||
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
|
|
||||||
if ( result != Status_OK )
|
|
||||||
{
|
|
||||||
printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result );
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
result = reply.status;
|
|
||||||
if ( result != Status_OK )
|
|
||||||
{
|
|
||||||
printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result );
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
#if 0
|
|
||||||
if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes )
|
|
||||||
{
|
|
||||||
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
printf( "RSA data encrypt ok\n" );
|
|
||||||
|
|
||||||
// decrypt data setting
|
|
||||||
middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
|
|
||||||
middlePtr = (unsigned char*)malloc( middleLen );
|
|
||||||
my_bignum2bin( middlePtr, middleLen, handle,
|
|
||||||
reply.reply.encrypt.cipher.data.rsappkcs1.m );
|
|
||||||
my_bin2bignum( &dec_bn, handle, middlePtr, middleLen );
|
|
||||||
dec_mech = reply.reply.encrypt.cipher.mech;
|
|
||||||
|
|
||||||
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
|
|
||||||
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
|
|
||||||
memset( &cmd, 0, sizeof( cmd ) );
|
|
||||||
memset( &reply, 0, sizeof( reply ) );
|
|
||||||
|
|
||||||
// decrypt transact
|
|
||||||
cmd.cmd = Cmd_Decrypt;
|
|
||||||
cmd.args.decrypt.flags = 0;
|
|
||||||
cmd.args.decrypt.key = priv_keyid;
|
|
||||||
cmd.args.decrypt.mech = Mech_RSApPKCS1;
|
|
||||||
cmd.args.decrypt.cipher.mech = dec_mech;
|
|
||||||
cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
|
|
||||||
cmd.args.decrypt.reply_type = PlainTextType_Bignum;
|
|
||||||
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
|
|
||||||
if ( result != Status_OK )
|
|
||||||
{
|
|
||||||
printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result );
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
result = reply.status;
|
|
||||||
if ( result != Status_OK )
|
|
||||||
{
|
|
||||||
printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
#if 0
|
|
||||||
if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes )
|
|
||||||
{
|
|
||||||
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
printf( "RSA data decrypt ok\n" );
|
|
||||||
|
|
||||||
// after
|
|
||||||
afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
|
|
||||||
afterPtr = (unsigned char*)malloc( afterLen );
|
|
||||||
my_bignum2bin( afterPtr, afterLen, handle,
|
|
||||||
reply.reply.decrypt.plain.data.bignum.m );
|
|
||||||
|
|
||||||
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
|
|
||||||
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
|
|
||||||
|
|
||||||
// data show
|
|
||||||
PrintArray( (char*)"before", beforePtr, beforeLen );
|
|
||||||
PrintArray( (char*)"middle", middlePtr, middleLen );
|
|
||||||
PrintArray( (char*)"after", afterPtr, afterLen );
|
|
||||||
} // encrypt & decrypt
|
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
} // createRSAPSSCert
|
} // signRSAPKCS1Sha256
|
||||||
|
|
||||||
void PrintArray( char *pStr, const unsigned char *pData, int length )
|
void PrintArray( char *pStr, const unsigned char *pData, int length )
|
||||||
{
|
{
|
||||||
@ -518,6 +425,108 @@ int main( int argc, char *argv[] )
|
|||||||
{
|
{
|
||||||
int result = Status_OK;
|
int result = Status_OK;
|
||||||
|
|
||||||
|
int opt = 0;
|
||||||
|
while (1)
|
||||||
|
{
|
||||||
|
int optionIndex = 0;
|
||||||
|
static struct option longOptions[] =
|
||||||
|
{
|
||||||
|
{ "openssl", no_argument, 0, 0 },
|
||||||
|
{ "priv", required_argument, 0, 0 },
|
||||||
|
{ "pub", required_argument, 0, 0 },
|
||||||
|
{ "in", required_argument, 0, 0 },
|
||||||
|
{ "size", required_argument, 0, 0 },
|
||||||
|
{ "offset", required_argument, 0, 0 },
|
||||||
|
{ 0, 0, 0, 0 }
|
||||||
|
};
|
||||||
|
// - によるオプション禁止、 -- のみ認める
|
||||||
|
opt = getopt_long(argc, argv, "", longOptions, &optionIndex);
|
||||||
|
if (opt == -1)
|
||||||
|
{
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (opt)
|
||||||
|
{
|
||||||
|
case 0 : // long arg
|
||||||
|
{
|
||||||
|
switch (optionIndex)
|
||||||
|
{
|
||||||
|
case 0 : // openssl
|
||||||
|
{
|
||||||
|
isEnableOpenSSL = 1;
|
||||||
|
} break;
|
||||||
|
case 1 : // priv
|
||||||
|
{
|
||||||
|
privKeyFilePath = optarg;
|
||||||
|
} break;
|
||||||
|
case 2 : // pub
|
||||||
|
{
|
||||||
|
pubKeyFilePath = optarg;
|
||||||
|
} break;
|
||||||
|
case 3 : // in
|
||||||
|
{
|
||||||
|
loadFilePath = optarg;
|
||||||
|
} break;
|
||||||
|
case 4 : // size
|
||||||
|
{
|
||||||
|
validFileSize = atoi(optarg);
|
||||||
|
} break;
|
||||||
|
case 5 : // offset
|
||||||
|
{
|
||||||
|
offsetFileSize = atoi(optarg);
|
||||||
|
} break;
|
||||||
|
}
|
||||||
|
} break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
printf( "HSM sign & verify RSA PKCS1 SHA256 Sample.\n" );
|
||||||
|
printf( " --openssl : enable openssl sign & verify\n" );
|
||||||
|
printf( " --priv filename : specify private RSA key (use openssl)\n" );
|
||||||
|
printf( " Default=%s\n", DEFAULT_PRIV_KEY_FILE_PATH );
|
||||||
|
printf( " --pub filename : specify public RSA key (use openssl)\n" );
|
||||||
|
printf( " Default=%s\n", DEFAULT_PUB_KEY_FILE_PATH );
|
||||||
|
printf( " --in filename : input file for SHA256\n" );
|
||||||
|
printf( " Default=reasonable array\n" );
|
||||||
|
printf( " --size size : valid file size for SHA256\n" );
|
||||||
|
printf( " --offset fize : offset file size for SHA256\n" );
|
||||||
|
printf( "\n" );
|
||||||
|
printf( "----- start -----\n" );
|
||||||
|
if (isEnableOpenSSL)
|
||||||
|
{
|
||||||
|
printf( "Enable OpenSSL Sign & Verify\n" );
|
||||||
|
printf( "OpenSSL use privkey=%s\n", privKeyFilePath );
|
||||||
|
printf( "OpenSSL use pubkey=%s\n", pubKeyFilePath );
|
||||||
|
}
|
||||||
|
if (loadFilePath)
|
||||||
|
{
|
||||||
|
FILE *pLoadFile;
|
||||||
|
struct stat fileStat;
|
||||||
|
|
||||||
|
stat( loadFilePath, &fileStat );
|
||||||
|
loadFileSize = fileStat.st_size;
|
||||||
|
loadFileBuf = (unsigned char*)malloc( loadFileSize );
|
||||||
|
pLoadFile = fopen( loadFilePath, "rb" );
|
||||||
|
if (pLoadFile == NULL)
|
||||||
|
{
|
||||||
|
printf("file open error : %s\n", loadFilePath);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
fread( loadFileBuf, loadFileSize, 1, pLoadFile );
|
||||||
|
fclose( pLoadFile );
|
||||||
|
|
||||||
|
printf( "load filename=%s, size=%d bytes\n", loadFilePath, loadFileSize );
|
||||||
|
if (validFileSize == 0 || validFileSize > loadFileSize)
|
||||||
|
{
|
||||||
|
validFileSize = loadFileSize;
|
||||||
|
}
|
||||||
|
if (offsetFileSize + validFileSize > loadFileSize)
|
||||||
|
{
|
||||||
|
offsetFileSize = loadFileSize - validFileSize;
|
||||||
|
}
|
||||||
|
printf( "valid size=%d bytes, offset=%d bytes\n", validFileSize, offsetFileSize );
|
||||||
|
}
|
||||||
|
|
||||||
// initialize
|
// initialize
|
||||||
result = my_hsm_initialize( &handle, &nc, &pWorld, &card, &fips, &pModuleinfo );
|
result = my_hsm_initialize( &handle, &nc, &pWorld, &card, &fips, &pModuleinfo );
|
||||||
if ( result != Status_OK )
|
if ( result != Status_OK )
|
||||||
@ -527,13 +536,19 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
// create rsa-pss cert
|
// create rsa-pss cert
|
||||||
result = createRSAPSSCert( priv_keyident, pub_keyident );
|
result = signVerifyRSAPKCS1Sha256( priv_keyident, pub_keyident );
|
||||||
if ( result != Status_OK )
|
if ( result != Status_OK )
|
||||||
{
|
{
|
||||||
printf( "error : createRSAPSSCert\n" );
|
printf( "error : createRSAPSSCert\n" );
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
printf( "RSA-PSS cert create success.\n" );
|
printf( "RSA PKCS1 SHA256 Sign & Verify success.\n" );
|
||||||
|
|
||||||
|
// free
|
||||||
|
if (loadFileBuf)
|
||||||
|
{
|
||||||
|
free( loadFileBuf );
|
||||||
|
}
|
||||||
|
|
||||||
// finalize
|
// finalize
|
||||||
result = my_hsm_finalize( &handle, &nc, &pWorld, &card, &fips );
|
result = my_hsm_finalize( &handle, &nc, &pWorld, &card, &fips );
|
||||||
@ -544,5 +559,4 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
} // main
|
} // main
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user