mirror of
https://github.com/rvtr/ctr_eFuse.git
synced 2025-11-02 00:11:04 -04:00
hsm_utils
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@86 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi
parent
0f8515fc8b
commit
be83c69308
@ -26,7 +26,8 @@
|
||||
|
||||
#include "simplecmd.h"
|
||||
|
||||
#define PUB_KEY_FILE "/opt/nfast/work/rsa-priv-key2048.der"
|
||||
#define PRIV_KEY_FILE "/opt/nfast/work/rsa-priv-key2048.der"
|
||||
#define PUB_KEY_FILE "/opt/nfast/work/rsa-pub-key2048.der"
|
||||
|
||||
#define MODULE_ID 1
|
||||
#define DATA_LEN 256 // bytes
|
||||
@ -38,6 +39,25 @@ typedef struct _NFast_Call_Context
|
||||
NFast_Call_Context;
|
||||
NFast_Call_Context context;
|
||||
|
||||
// RSA private key data
|
||||
typedef struct
|
||||
{
|
||||
struct NFast_Bignum *p;
|
||||
struct NFast_Bignum *q;
|
||||
struct NFast_Bignum *dmp1;
|
||||
struct NFast_Bignum *dmq1;
|
||||
struct NFast_Bignum *iqmp;
|
||||
struct NFast_Bignum *e;
|
||||
}
|
||||
RSAPrivateKeyData;
|
||||
|
||||
// RSA public key data
|
||||
{
|
||||
struct NFast_Bignum *e;
|
||||
struct NFast_Bignum *n;
|
||||
}
|
||||
RSAPublicKeyData;
|
||||
|
||||
static void *my_malloc( size_t nbytes,
|
||||
struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx );
|
||||
static void *my_realloc( void *ptr, size_t nbytes,
|
||||
@ -133,8 +153,7 @@ int my_bignumsendlenupcall( struct NFast_Application *app,
|
||||
|
||||
assert( ((*bignum)->nbytes & 3)==0 );
|
||||
*nbytes_r= (*bignum)->nbytes;
|
||||
|
||||
//printf( "done\n" );
|
||||
|
||||
return Status_OK;
|
||||
}
|
||||
|
||||
@ -190,7 +209,6 @@ int my_bignumformatupcall(struct NFast_Application *app,
|
||||
return Status_OK;
|
||||
}
|
||||
|
||||
|
||||
// bin データを NFastApp の BigNum データに変換する
|
||||
int sbn_bin2bignum ( struct NFast_Bignum **ppBN_out,
|
||||
struct NFast_Application *app,
|
||||
@ -262,13 +280,13 @@ int main( int argc, char *argv[] )
|
||||
if ( argc == 2 )
|
||||
rand_size = atoi( argv[1] );
|
||||
|
||||
// load rsa data(public)
|
||||
// load rsa data (private)
|
||||
RSA *privkey = NULL;
|
||||
FILE *fp;
|
||||
fp = fopen( PUB_KEY_FILE, "rb" );
|
||||
fp = fopen( PRIV_KEY_FILE, "rb" );
|
||||
if ( !fp )
|
||||
{
|
||||
printf( "error : open %s file\n", PUB_KEY_FILE );
|
||||
printf( "error : open %s file\n", PRIV_KEY_FILE );
|
||||
return 0;
|
||||
}
|
||||
privkey = d2i_RSAPrivateKey_fp( fp, NULL );
|
||||
@ -277,13 +295,16 @@ int main( int argc, char *argv[] )
|
||||
printf( "error : d2i_RSAPrivateKey_fp\n" );
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if 0
|
||||
printf( "RSA(p) : %d bytes\n", BN_num_bytes( privkey->p ) );
|
||||
printf( "RSA(q) : %d bytes\n", BN_num_bytes( privkey->q ) );
|
||||
printf( "RSA(dmp1) : %d bytes\n", BN_num_bytes( privkey->dmp1 ) );
|
||||
printf( "RSA(dmq1) : %d bytes\n", BN_num_bytes( privkey->dmq1 ) );
|
||||
printf( "RSA(iqmp) : %d bytes\n", BN_num_bytes( privkey->iqmp ) );
|
||||
printf( "RSA(e) : %d bytes\n", BN_num_bytes( privkey->e ) );
|
||||
|
||||
#endif
|
||||
|
||||
// p
|
||||
unsigned char *pPtr;
|
||||
int pLen = BN_num_bytes( privkey->p );
|
||||
@ -340,41 +361,29 @@ int main( int argc, char *argv[] )
|
||||
|
||||
printf( "\n" );
|
||||
|
||||
#if 0
|
||||
printf( "RSA(p) : 0x%08X\n", (unsigned int)pPtr );
|
||||
printf( "RSA(q) : 0x%08X\n", (unsigned int)qPtr );
|
||||
printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)dmp1Ptr );
|
||||
printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)dmq1Ptr );
|
||||
printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)iqmpPtr );
|
||||
printf( "RSA(e) : 0x%08X\n", (unsigned int)ePtr );
|
||||
|
||||
#if 0
|
||||
for ( i = 0; i < pLen; i++ )
|
||||
{
|
||||
if ( i % 16 == 0 )
|
||||
printf( "\n" );
|
||||
printf( "%02X ", (unsigned char)pPtr[i] );
|
||||
}
|
||||
#endif
|
||||
|
||||
// init nFast
|
||||
//NFastAppInitArgs app_init_args;
|
||||
//memset( &app_init_args, 0, sizeof( app_init_args ) );
|
||||
//app_init_args.flags = NFAPP_IF_MALLOC | NFAPP_IF_BIGNUM;
|
||||
//app_init_args.mallocupcalls = &my_malloc_upcalls;
|
||||
//app_init_args.bignumupcalls = &sbn_upcalls;
|
||||
//app_init_args.newthreadupcalls = &newthread_upcalls;
|
||||
result = NFastApp_InitEx( &handle, NULL, NULL );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : NFastApp_InitEx\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// connecting to hardserver
|
||||
result = NFastApp_Connect( handle, &nc, 0, NULL );
|
||||
//result = NFastApp_Connect( handle, &nc, NFastApp_ConnectionFlags_Privileged, NULL );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : NFastApp_Connect\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// set bignum upcalls setting
|
||||
@ -384,11 +393,12 @@ int main( int argc, char *argv[] )
|
||||
sbn_bignumsendlenupcall,
|
||||
sbn_bignumsendupcall,
|
||||
sbn_bignumfreeupcall,
|
||||
sbn_bignumformatupcall,
|
||||
sbn_bignumformatupcall,
|
||||
NULL );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// NFKM getinfo
|
||||
@ -396,6 +406,7 @@ int main( int argc, char *argv[] )
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : NFKM_getinfo\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// init card-loading lib
|
||||
@ -403,6 +414,7 @@ int main( int argc, char *argv[] )
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : RQCard_init\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// init FIPS state
|
||||
@ -410,24 +422,26 @@ int main( int argc, char *argv[] )
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : RQCard_fips_init\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// ui select
|
||||
//result = RQCard_ui_default( &card );
|
||||
result = RQCard_ui_scroll( &card );
|
||||
result = RQCard_ui_default( &card );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : RQCard_ui_xxx\n", result );
|
||||
printf( "error(%d) : RQCard_ui_default\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// get strict-FIPS authorization
|
||||
#if 1
|
||||
#if 0
|
||||
NFKM_FIPS140AuthHandle fipsHandle;
|
||||
M_SlotID slotId;
|
||||
result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : RQCard_fips_get\n", result );
|
||||
return 0;
|
||||
}
|
||||
if ( fipsHandle == NULL )
|
||||
{
|
||||
@ -443,6 +457,7 @@ int main( int argc, char *argv[] )
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : NFKM_listcardsets\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// find cardsets
|
||||
@ -451,6 +466,7 @@ int main( int argc, char *argv[] )
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : NFKM_findcardset\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// load cardset
|
||||
@ -458,6 +474,7 @@ int main( int argc, char *argv[] )
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : RQCard_logic_ocs_specific\n", result );
|
||||
return 0;
|
||||
}
|
||||
|
||||
// use specific module : #1
|
||||
@ -488,12 +505,12 @@ int main( int argc, char *argv[] )
|
||||
NFKM_MakeACLParams map;
|
||||
memset( &map, 0, sizeof( map ) );
|
||||
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
|
||||
// map.op_base = (NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY |
|
||||
// NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT );
|
||||
// 暗号化と復号化、署名とベリファイなど、相反する操作を持たせることはできない(エラーになる)
|
||||
// e.g. NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY -> エラー
|
||||
// e.g. NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT -> エラー
|
||||
map.op_base = NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_DECRYPT;
|
||||
map.cs = cardset;
|
||||
result = NFKM_newkey_makeaclx( handle, nc, world, &map,
|
||||
&(cmd.args.import.acl), NULL );
|
||||
result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : NFKM_newkey_makeaclx\n", result );
|
||||
|
||||
Loading…
Reference in New Issue
Block a user