diff --git a/hsm_utils/Makefile b/hsm_utils/Makefile index b088520..0e307a1 100644 --- a/hsm_utils/Makefile +++ b/hsm_utils/Makefile @@ -108,8 +108,8 @@ import_common_key: import_common_key.c $(EXTRA_OBJECTS) import_rsa_keypair: import_rsa_keypair.c $(EXTRA_OBJECTS) $(CC) $(CFLAGS) $(CPPFLAGS) -o import_rsa_keypair import_rsa_keypair.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS) -import_ecc_keypair: import_ecc_keypair.c $(EXTRA_OBJECTS) - $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o import_ecc_keypair import_ecc_keypair.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS) +import_ecdsa_keypair: import_ecdsa_keypair.c $(EXTRA_OBJECTS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o import_ecdsa_keypair import_ecdsa_keypair.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS) # All single-threaded targets diff --git a/hsm_utils/import_ecdsa_keypair.c b/hsm_utils/import_ecdsa_keypair.c new file mode 100644 index 0000000..ff45aff --- /dev/null +++ b/hsm_utils/import_ecdsa_keypair.c @@ -0,0 +1,798 @@ + +// import key (+ encrypt, decrypt) test for nShield + +#include +#include +#include +#include + +// openssl +#include +#include +#include +#include +#include +#include +#include + +#include "nfastapp.h" +#include "nfkm.h" +#include "rqcard-applic.h" +#include "rqcard-fips.h" + +//#include "picky-upcalls.h" + +#include "my_hsm_bignum.h" +#include "my_hsm_alloc.h" + +#define PRIV_KEY_FILE "./test-ecdsa-privkey.der" +#define PUB_KEY_FILE "./test-ecdsa-pubkey.der" + +#define MODULE_ID 1 +#define DATA_LEN 256 // bytes + +// ECDSA private key data +typedef struct +{ + struct NFast_Bignum *d; +} +ECDSAPrivateKeyDataBn; + +// ECDSA public key data +typedef struct +{ + struct NFast_Bignum *qx; + struct NFast_Bignum *qy; +} +ECDSAPublicKeyDataBn; + +// global variable +NFast_AppHandle handle; +NFastApp_Connection nc; +NFKM_WorldInfo *world = NULL; +RQCard card; +RQCard_FIPS fips; +M_KeyID ltid = 0; // the cardset loaded into the module +NFKM_CardSet *cardset = NULL; +NFKM_ModuleInfo *moduleinfo = NULL; +const NFKM_KeyIdent priv_keyident = { (char*)"simple", (char*)"ecdsa-import-privkey" }; +const NFKM_KeyIdent pub_keyident = { (char*)"simple", (char*)"ecdsa-import-pubkey" }; + +unsigned char save_enc[DATA_LEN]; + +// function +int importECDSAPrivate( NFKM_KeyIdent keyident ); +int importECDSAPublic( NFKM_KeyIdent keyident ); +int verifyECDSAKeyPair( NFKM_KeyIdent priv_keyident, NFKM_KeyIdent pub_keyident ); +void PrintArray( char *pStr, const unsigned char *pData, int length ); + +int importECDSAPrivate( NFKM_KeyIdent keyident ) +{ + int result = Status_OK; + + EC_KEY *privkey = NULL; + FILE *fp; + + unsigned char *dPtr = NULL; + int dLen = 0; + + M_Command cmd; + M_Reply reply; + NFKM_MakeACLParams map; + NFKM_MakeBlobsParams mbp; + NFKM_Key reg_key; + ECDSAPrivateKeyDataBn privBn; + + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + memset( &map, 0, sizeof( map ) ); + memset( &mbp, 0, sizeof( mbp ) ); + memset( ®_key, 0, sizeof( reg_key ) ); + memset( &privBn, 0, sizeof( privBn ) ); + + // key data open + fp = fopen( PRIV_KEY_FILE, "rb" ); + if ( !fp ) + { + printf( "error : open %s file\n", PRIV_KEY_FILE ); + return 1; + } + privkey = d2i_ECPrivateKey_fp( fp, NULL ); + if ( !privkey ) + { + printf( "error : d2i_ECPrivateKey_fp\n" ); + return 1; + } + fclose( fp ); + +#if 1 + printf( "\nEC(d) = " ); + BN_print_fp( stdout, privkey->priv_key ); + printf( "\n" ); +#endif + +#if 1 + printf( "EC bignum(Openssl) size\n" ); + printf( "EC(d) : %d bytes\n", BN_num_bytes( privkey->priv_key ) ); +#endif + + // ECDSA priv key の構成要素をバイナリに変換 + { + // d + dLen = BN_num_bytes( privkey->priv_key ); + dPtr = (unsigned char *)malloc( dLen ); + if ( pLen != BN_bn2bin( privkey->priv_key, dPtr ) ) + { + printf( "BN_bn2bin failed!(d)\n" ); + return 1; + } + } // ec bignum(openssl) -> bin + +#if 1 + printf( "EC bin addr\n" ); + printf( "EC(d) : 0x%08X\n", (unsigned int)dPtr ); +#endif + + // バイナリをHSMのBignumに変換 + { + my_bin2bignum( &(privBn.d), handle, dPtr, dLen ); + free( dPtr ); + } + +#if 1 + my_printbignum ( stdout, "EC(d)", privBn.d ); +#endif + +#if 1 + printf( "EC bn addr\n" ); + printf( "EC(d) : 0x%08X\n", (unsigned int)privBn.d ); +#endif + + // make ACL + if ( cardset != NULL ) + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; + else + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule; + // 秘密鍵には DECRYPT と SIGN + // 公開鍵には ENCRYPT と VERIFY しかセットできない?? + map.op_base = NFKM_DEFOPPERMS_DECRYPT | NFKM_DEFOPPERMS_SIGN; + map.cs = cardset; + result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); + return result; + } + + // import key + cmd.cmd = Cmd_Import; + cmd.args.import.module = MODULE_ID; + cmd.args.import.data.type = KeyType_ECDSAPrivate; + cmd.args.import.data.data.ecdsaprivate.curve.name = ECName_NISTB233; // 名前を指定することで + cmd.args.import.data.data.ecdsaprivate.d = privBn.d; // d だけ設定すれば良い + result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : Cmd_Import\n", result ); + return 1; + } + result = reply.status; + if ( result != Status_OK ) + { + printf( "error(%d) : Cmd_Import(reply)\n", result ); + return 1; + } + + // make blobs + //reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8 + reg_key.name = keyident.ident; + reg_key.appname = keyident.appname; + reg_key.ident = keyident.ident; + time( &(reg_key.gentime) ); + mbp.f = map.f; + mbp.kpriv = reply.reply.import.key; + mbp.lt = ltid; + mbp.cs = cardset; + result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, ®_key, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_newkey_makeblobsx\n", result ); + return 1; + } + + // record key to disk + result = NFKM_recordkey( handle, ®_key, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_recordkey\n", result ); + return 1; + } + + // destroy key + result = NFKM_cmd_destroy( handle, nc, 0, reply.reply.import.key, "destroy import key", NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_cmd_destroy\n", result ); + return 1; + } + + return result; +} // importECDSAPrivate + +int importECDSAPublic( NFKM_KeyIdent keyident ) +{ + int result = Status_OK; + + EC_KEY *pubkey = NULL; + FILE *fp; + + unsigned char *qxPtr, *qyPtr; + int qxLen, qyLen; + + M_Command cmd; + M_Reply reply; + NFKM_MakeACLParams map; + NFKM_MakeBlobsParams mbp; + NFKM_Key reg_key; + ECDSAPublicKeyDataBn pubBn; + + qxPtr = qyPtr = NULL; + qxLen = qyLen = 0; + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + memset( &map, 0, sizeof( map ) ); + memset( &mbp, 0, sizeof( mbp ) ); + memset( ®_key, 0, sizeof( reg_key ) ); + memset( &pubBn, 0, sizeof( pubBn ) ); + + // key data open + fp = fopen( PUB_KEY_FILE, "rb" ); + if ( !fp ) + { + printf( "error : open %s file\n", PUB_KEY_FILE ); + return 1; + } + pubkey = d2i_EC_PUBKEY_fp( fp, NULL ); + if ( !pubkey ) + { + printf( "error : d2i_EC_PUBKEY_fp\n" ); + return 1; + } + fclose( fp ); + +#if 1 + printf( "EC bignum(Openssl) size\n" ); + printf( "EC(qx) : %d bytes\n", BN_num_bytes( &pubkey->pub_key->X ) ); + + printf( "EC(qy) : %d bytes\n", BN_num_bytes( &pubkey->pub_key->Y ) ); +#endif + + // ECDSA public key の構成要素をそれぞれバイナリに変換 + { + // qx + qxLen = BN_num_bytes( &pubkey->pub_key->X ); + qxPtr = (unsigned char *)malloc( qxLen ); + if ( qxLen != BN_bn2bin( &pubkey->pub_key->X, qxPtr ) ) + { + printf( "BN_bn2bin failed!(qx)\n" ); + return 1; + } + // qy + qyLen = BN_num_bytes( &pubkey->pub_key->Y ); + qyPtr = (unsigned char *)malloc( qyLen ); + if ( qyLen != BN_bn2bin( &pubkey->pub_key->Y, qyPtr ) ) + { + printf( "BN_bn2bin failed!(qy)\n" ); + return 1; + } + } // ECDSA bignum(openssl) -> bin + +#if 1 + printf( "EC bin addr\n" ); + printf( "EC(qx) : 0x%08X\n", (unsigned int)qxPtr ); + printf( "EC(qy) : 0x%08X\n", (unsigned int)qyPtr ); +#endif + + // バイナリをHSMのBignumに変換 + { + my_bin2bignum( &(pubBn.qx), handle, qxPtr, qxLen ); + my_bin2bignum( &(pubBn.qy), handle, qyPtr, qyLen ); + free( qxPtr ); + free( qyPtr ); + } + +#if 1 + printf( "EC bn addr\n" ); + printf( "EC(qx) : 0x%08X\n", (unsigned int)pubBn.qx ); + printf( "EC(qy) : 0x%08X\n", (unsigned int)pubBn.qy ); +#endif + + // make ACL + if ( cardset != NULL ) + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet | NFKM_NKF_PublicKey; + else + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule | NFKM_NKF_PublicKey; + // 秘密鍵には DECRYPT と SIGN + // 公開鍵には ENCRYPT と VERIFY しかセットできない?? + map.op_base = NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_VERIFY; + map.cs = cardset; + result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); + return result; + } + + // import key + cmd.cmd = Cmd_Import; + cmd.args.import.module = MODULE_ID; + cmd.args.import.data.type = KeyType_ECDSAPublic; + cmd.args.import.data.data.ecdsapublic.curve.name = ECName_NISTB233; // 名前を指定することで + cmd.args.import.data.data.ecdsapublic.Q.x = privBn.qx; // qx + cmd.args.import.data.data.ecdsapublic.Q.y = privBn.qy; // qy だけを指定すればよい? + result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : Cmd_Import\n", result ); + return 1; + } + result = reply.status; + if ( result != Status_OK ) + { + printf( "error(%d) : Cmd_Import(reply)\n", result ); + return 1; + } + + // make blobs + //reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8 + reg_key.name = keyident.ident; + reg_key.appname = keyident.appname; + reg_key.ident = keyident.ident; + time( &(reg_key.gentime) ); + mbp.f = map.f; + mbp.kpub = reply.reply.import.key; + mbp.lt = ltid; + mbp.cs = cardset; + result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, ®_key, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_newkey_makeblobsx\n", result ); + return 1; + } + + // record key to disk + result = NFKM_recordkey( handle, ®_key, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_recordkey\n", result ); + return 1; + } + + // destroy key + result = NFKM_cmd_destroy( handle, nc, 0, reply.reply.import.key, "destroy import key", NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_cmd_destroy\n", result ); + return 1; + } + + return result; +} // importECDSAPublic + +int verifyECDSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) +{ + int i; + int result = Status_OK; + M_ByteBlock *blobptr = NULL; + M_KeyID priv_keyid, pub_keyid; + NFKM_Key *keyinfo = NULL; + M_Command cmd; + M_Reply reply; + + priv_keyid = pub_keyid = 0; + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // find priv key + result = NFKM_findkey( handle, priv_ident, &keyinfo, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_findkey(priv)\n", result ); + return result; + } + + // load priv key blob + blobptr = &(keyinfo->privblob); + result = NFKM_cmd_loadblob( handle, nc, + moduleinfo->module, blobptr, ltid, &priv_keyid, "loading priv key blob", NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_cmd_loadblob(priv)\n", result ); + return result; + } + NFKM_freekey( handle, keyinfo, NULL ); + keyinfo = NULL; + +#if 0 + // get priv key info + cmd.cmd = Cmd_GetKeyInfo; + cmd.args.getkeyinfo.key = priv_keyid; + result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result ); + return result; + } + printf( "priv key ID : %08X\n", (unsigned int)priv_keyid ); + printf( "priv keytype : %d\n", reply.reply.getkeyinfo.type ); + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); +#endif + + // find pub key + result = NFKM_findkey( handle, pub_ident, &keyinfo, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_findkey(pub)\n", result ); + return result; + } + + // load pub key blob + blobptr = &(keyinfo->pubblob); // pub dakedo privblob + result = NFKM_cmd_loadblob( handle, nc, + moduleinfo->module, blobptr, ltid, &pub_keyid, "loading pub key blob", NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_cmd_loadblob(pub)\n", result ); + return result; + } + NFKM_freekey( handle, keyinfo, NULL ); + keyinfo = NULL; + +#if 0 + // get priv key info + cmd.cmd = Cmd_GetKeyInfo; + cmd.args.getkeyinfo.key = pub_keyid; + result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result ); + return result; + } + printf( "pub key ID : %08X\n", (unsigned int)pub_keyid ); + printf( "pub keytype : %d\n", reply.reply.getkeyinfo.type ); + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + keyinfo = NULL; +#endif + + // encrypt & dectypt test + { + unsigned char *beforePtr, *middlePtr, *afterPtr; + int beforeLen, middleLen, afterLen; + unsigned char *encPtr, *decPtr; + struct NFast_Bignum *enc_bn, *dec_bn; + M_Mech dec_mech; + + beforePtr = middlePtr = afterPtr = NULL; + beforeLen = middleLen = afterLen = 0; + encPtr = decPtr = NULL; + enc_bn = dec_bn = NULL; + + // encrypt data setting + beforeLen = DATA_LEN - 11; + beforePtr = (unsigned char*)malloc( beforeLen ); + for ( i = 0; i < beforeLen; i++ ) + beforePtr[i] = ~i; + my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen ); + +#if 0 + // my_bignum2bin test + unsigned char debug_buf[ DATA_LEN ]; + PrintArray( (char*)"beforePtr", beforePtr, DATA_LEN ); + printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" ); + my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn ); + PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN ); +#endif + + // encrypt transact + cmd.cmd = Cmd_Encrypt; + cmd.args.encrypt.flags = 0; // Cmd_Encrypt_Args_flags_given_iv_present; + cmd.args.encrypt.key = pub_keyid; + cmd.args.encrypt.mech = Mech_RSApPKCS1; + cmd.args.encrypt.plain.type = PlainTextType_Bignum; + cmd.args.encrypt.plain.data.bignum.m = enc_bn; + //cmd.args.encrypt.given_iv = NULL; + result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result ); + return 1; + } + result = reply.status; + if ( result != Status_OK ) + { + printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result ); + return 1; + } +#if 0 + if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes ) + { + printf( "error : output size isn't %d bytes!\n", DATA_LEN ); + return 1; + } +#endif + + printf( "RSA data encrypt ok\n" ); + + // decrypt data setting + middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes; + middlePtr = (unsigned char*)malloc( middleLen ); + my_bignum2bin( middlePtr, middleLen, handle, + reply.reply.encrypt.cipher.data.rsappkcs1.m ); + my_bin2bignum( &dec_bn, handle, middlePtr, middleLen ); + dec_mech = reply.reply.encrypt.cipher.mech; + + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // decrypt transact + cmd.cmd = Cmd_Decrypt; + cmd.args.decrypt.flags = 0; + cmd.args.decrypt.key = priv_keyid; + cmd.args.decrypt.mech = Mech_RSApPKCS1; + cmd.args.decrypt.cipher.mech = dec_mech; + cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn; + cmd.args.decrypt.reply_type = PlainTextType_Bignum; + result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result ); + return 1; + } + result = reply.status; + if ( result != Status_OK ) + { + printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result ); + return 1; + } +#if 0 + if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes ) + { + printf( "error : output size isn't %d bytes!\n", DATA_LEN ); + return 1; + } +#endif + + printf( "RSA data decrypt ok\n" ); + + // after + afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes; + afterPtr = (unsigned char*)malloc( afterLen ); + my_bignum2bin( afterPtr, afterLen, handle, + reply.reply.decrypt.plain.data.bignum.m ); + + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + + // data show + PrintArray( (char*)"before", beforePtr, beforeLen ); + PrintArray( (char*)"middle", middlePtr, middleLen ); + PrintArray( (char*)"after", afterPtr, afterLen ); + } // encrypt & decrypt + + return result; +} // verifyECDSAkeypair + +void PrintArray( char *pStr, const unsigned char *pData, int length ) +{ + int i; + printf( "%s(%d bytes)", pStr, length ); + for ( i = 0; i < length; i++ ) + { + if ( (i % 16) == 0 ) printf( "\n" ); + printf( "%02X ", pData[ i ] ); + } + printf( "\n" ); +} // PrintArray + +int main( int argc, char *argv[] ) +{ + int result = Status_OK; + + M_Command cmd; + M_Reply reply; + + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // init nFast + result = NFastApp_InitEx( &handle, NULL, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFastApp_InitEx\n", result ); + return 1; + } + + // connecting to hardserver + result = NFastApp_Connect( handle, &nc, 0, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFastApp_Connect\n", result ); + return 1; + } + + // set bignum upcalls setting + result = NFastApp_SetBignumUpcalls( + handle, + my_bignumreceiveupcall, + my_bignumsendlenupcall, + my_bignumsendupcall, + my_bignumfreeupcall, + my_bignumformatupcall, + NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result ); + return 1; + } + + // NFKM getinfo + result = NFKM_getinfo( handle, &world, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_getinfo\n", result ); + return 1; + } + + // init card-loading lib + result = RQCard_init( &card, handle, nc, world, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_init\n", result ); + return 1; + } + + // init FIPS state + result = RQCard_fips_init( &card, &fips ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_fips_init\n", result ); + return 1; + } + + // ui select + result = RQCard_ui_default( &card ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_ui_default\n", result ); + return 1; + } + + // get strict-FIPS authorization +#if 0 + NFKM_FIPS140AuthHandle fipsHandle; + M_SlotID slotId; + result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_fips_get\n", result ); + return 0; + } + if ( fipsHandle == NULL ) + { + printf( "this sworld isn't strict-FIPS.\n" ); + } +#endif + +#if 0 + // list cardsets + int card_num; + NFKM_CardSetIdent *cardident = NULL; + result = NFKM_listcardsets( handle, &card_num, &cardident, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_listcardsets\n", result ); + return 0; + } + + // find cardsets + result = NFKM_findcardset( handle, cardident, &cardset, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_findcardset\n", result ); + return 0; + } + + // load cardset + result = RQCard_logic_ocs_specific( &card, &(cardset->hkltu), "Load Cardset" ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_logic_ocs_specific\n", result ); + return 0; + } + + // use specific module : #1 + // important!! : if you set resultplace=NULL, abort. (possibility is 100%) + result = RQCard_whichmodule_specific( &card, world->modules[0]->module, <id ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_whichmodule_specific\n", result ); + } + + // wait event loop + result = card.uf->eventloop( &card ); + if ( result != Status_OK ) + { + printf( "error(%d) : card module event loop\n", result ); + } +#endif + + // get usable module + moduleinfo = world->modules[0]; + result = NFKM_getusablemodule( world, MODULE_ID, &moduleinfo ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_getusablemodule\n", result ); + return 1; + } + + // ECDSA privkey のインポート + result = importECDSAPrivate( priv_keyident ); + if ( result != Status_OK ) + { + printf( "error : importECDSAPrivate\n" ); + return 1; + } + printf( "ECDSA privkey import success.\n" ); + + // ECDSA pubkey + result = importECDSAPublic( pub_keyident ); + if ( result != Status_OK ) + { + printf( "error : importECDSAPublic\n" ); + return 1; + } + printf( "ECDSA pubkey import success.\n" ); + + // list key +#if 0 + int key_num; + NFKM_KeyIdent *keylist = NULL; + result = NFKM_listkeys( handle, &key_num, &keylist, "simple", NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_listkeys\n", result ); + } + NFKM_KeyIdent **tkp = &keylist; + for ( i = 0; i < key_num; i++ ) + { + printf( "appname : %s, ident : %s\n", tkp[i]->appname, tkp[i]->ident ); + } +#endif + + // verify key pair + result = verifyECDSAKeyPair( priv_keyident, pub_keyident ); + if ( result != Status_OK ) + { + printf( "error : verifyECDSAKeyPair\n" ); + return 1; + } + printf( "ECDSA keypair verify success.\n" ); + + // end processing + RQCard_fips_free( &card, &fips ); + RQCard_destroy( &card ); + NFKM_freeinfo( handle, &world, NULL ); + NFastApp_Disconnect( nc, NULL ); + NFastApp_Finish( handle, NULL ); + + return 0; + +} // main diff --git a/hsm_utils/test_key/test-ecc-privkey.der b/hsm_utils/test_key/test-ecdsa-privkey.der similarity index 100% rename from hsm_utils/test_key/test-ecc-privkey.der rename to hsm_utils/test_key/test-ecdsa-privkey.der diff --git a/hsm_utils/test_key/test-ecc-pubkey.der b/hsm_utils/test_key/test-ecdsa-pubkey.der similarity index 100% rename from hsm_utils/test_key/test-ecc-pubkey.der rename to hsm_utils/test_key/test-ecdsa-pubkey.der