diff --git a/hsm_utils/import_asymmetric_key.c b/hsm_utils/import_asymmetric_key.c index 3ca0820..0d3b72a 100644 --- a/hsm_utils/import_asymmetric_key.c +++ b/hsm_utils/import_asymmetric_key.c @@ -26,7 +26,8 @@ #include "simplecmd.h" -#define PUB_KEY_FILE "/opt/nfast/work/rsa-priv-key2048.der" +#define PRIV_KEY_FILE "/opt/nfast/work/rsa-priv-key2048.der" +#define PUB_KEY_FILE "/opt/nfast/work/rsa-pub-key2048.der" #define MODULE_ID 1 #define DATA_LEN 256 // bytes @@ -38,6 +39,25 @@ typedef struct _NFast_Call_Context NFast_Call_Context; NFast_Call_Context context; +// RSA private key data +typedef struct +{ + struct NFast_Bignum *p; + struct NFast_Bignum *q; + struct NFast_Bignum *dmp1; + struct NFast_Bignum *dmq1; + struct NFast_Bignum *iqmp; + struct NFast_Bignum *e; +} +RSAPrivateKeyData; + +// RSA public key data +{ + struct NFast_Bignum *e; + struct NFast_Bignum *n; +} +RSAPublicKeyData; + static void *my_malloc( size_t nbytes, struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); static void *my_realloc( void *ptr, size_t nbytes, @@ -133,8 +153,7 @@ int my_bignumsendlenupcall( struct NFast_Application *app, assert( ((*bignum)->nbytes & 3)==0 ); *nbytes_r= (*bignum)->nbytes; - - //printf( "done\n" ); + return Status_OK; } @@ -190,7 +209,6 @@ int my_bignumformatupcall(struct NFast_Application *app, return Status_OK; } - // bin データを NFastApp の BigNum データに変換する int sbn_bin2bignum ( struct NFast_Bignum **ppBN_out, struct NFast_Application *app, @@ -262,13 +280,13 @@ int main( int argc, char *argv[] ) if ( argc == 2 ) rand_size = atoi( argv[1] ); - // load rsa data(public) + // load rsa data (private) RSA *privkey = NULL; FILE *fp; - fp = fopen( PUB_KEY_FILE, "rb" ); + fp = fopen( PRIV_KEY_FILE, "rb" ); if ( !fp ) { - printf( "error : open %s file\n", PUB_KEY_FILE ); + printf( "error : open %s file\n", PRIV_KEY_FILE ); return 0; } privkey = d2i_RSAPrivateKey_fp( fp, NULL ); @@ -277,13 +295,16 @@ int main( int argc, char *argv[] ) printf( "error : d2i_RSAPrivateKey_fp\n" ); return 0; } + +#if 0 printf( "RSA(p) : %d bytes\n", BN_num_bytes( privkey->p ) ); printf( "RSA(q) : %d bytes\n", BN_num_bytes( privkey->q ) ); printf( "RSA(dmp1) : %d bytes\n", BN_num_bytes( privkey->dmp1 ) ); printf( "RSA(dmq1) : %d bytes\n", BN_num_bytes( privkey->dmq1 ) ); printf( "RSA(iqmp) : %d bytes\n", BN_num_bytes( privkey->iqmp ) ); printf( "RSA(e) : %d bytes\n", BN_num_bytes( privkey->e ) ); - +#endif + // p unsigned char *pPtr; int pLen = BN_num_bytes( privkey->p ); @@ -340,41 +361,29 @@ int main( int argc, char *argv[] ) printf( "\n" ); +#if 0 printf( "RSA(p) : 0x%08X\n", (unsigned int)pPtr ); printf( "RSA(q) : 0x%08X\n", (unsigned int)qPtr ); printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)dmp1Ptr ); printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)dmq1Ptr ); printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)iqmpPtr ); printf( "RSA(e) : 0x%08X\n", (unsigned int)ePtr ); - -#if 0 - for ( i = 0; i < pLen; i++ ) - { - if ( i % 16 == 0 ) - printf( "\n" ); - printf( "%02X ", (unsigned char)pPtr[i] ); - } #endif // init nFast - //NFastAppInitArgs app_init_args; - //memset( &app_init_args, 0, sizeof( app_init_args ) ); - //app_init_args.flags = NFAPP_IF_MALLOC | NFAPP_IF_BIGNUM; - //app_init_args.mallocupcalls = &my_malloc_upcalls; - //app_init_args.bignumupcalls = &sbn_upcalls; - //app_init_args.newthreadupcalls = &newthread_upcalls; result = NFastApp_InitEx( &handle, NULL, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFastApp_InitEx\n", result ); + return 0; } // connecting to hardserver result = NFastApp_Connect( handle, &nc, 0, NULL ); - //result = NFastApp_Connect( handle, &nc, NFastApp_ConnectionFlags_Privileged, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFastApp_Connect\n", result ); + return 0; } // set bignum upcalls setting @@ -384,11 +393,12 @@ int main( int argc, char *argv[] ) sbn_bignumsendlenupcall, sbn_bignumsendupcall, sbn_bignumfreeupcall, - sbn_bignumformatupcall, + sbn_bignumformatupcall, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result ); + return 0; } // NFKM getinfo @@ -396,6 +406,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_getinfo\n", result ); + return 0; } // init card-loading lib @@ -403,6 +414,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : RQCard_init\n", result ); + return 0; } // init FIPS state @@ -410,24 +422,26 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : RQCard_fips_init\n", result ); + return 0; } // ui select - //result = RQCard_ui_default( &card ); - result = RQCard_ui_scroll( &card ); + result = RQCard_ui_default( &card ); if ( result != Status_OK ) { - printf( "error(%d) : RQCard_ui_xxx\n", result ); + printf( "error(%d) : RQCard_ui_default\n", result ); + return 0; } // get strict-FIPS authorization -#if 1 +#if 0 NFKM_FIPS140AuthHandle fipsHandle; M_SlotID slotId; result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId ); if ( result != Status_OK ) { printf( "error(%d) : RQCard_fips_get\n", result ); + return 0; } if ( fipsHandle == NULL ) { @@ -443,6 +457,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_listcardsets\n", result ); + return 0; } // find cardsets @@ -451,6 +466,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_findcardset\n", result ); + return 0; } // load cardset @@ -458,6 +474,7 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : RQCard_logic_ocs_specific\n", result ); + return 0; } // use specific module : #1 @@ -488,12 +505,12 @@ int main( int argc, char *argv[] ) NFKM_MakeACLParams map; memset( &map, 0, sizeof( map ) ); map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; -// map.op_base = (NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY | -// NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT ); + // 暗号化と復号化、署名とベリファイなど、相反する操作を持たせることはできない(エラーになる) + // e.g. NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY -> エラー + // e.g. NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT -> エラー map.op_base = NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_DECRYPT; map.cs = cardset; - result = NFKM_newkey_makeaclx( handle, nc, world, &map, - &(cmd.args.import.acl), NULL ); + result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_newkey_makeaclx\n", result );