rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

hsm_utils

Browse Source 
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@86 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi 2009-12-24 12:26:38 +00:00
parent 0f8515fc8b
commit be83c69308
1 changed files with 49 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
hsm_utils/import_asymmetric_key.c
View File

@ -26,7 +26,8 @@
#include "simplecmd.h" #include "simplecmd.h"
#define PUB_KEY_FILE "/opt/nfast/work/rsa-priv-key2048.der" #define PRIV_KEY_FILE "/opt/nfast/work/rsa-priv-key2048.der"
#define PUB_KEY_FILE "/opt/nfast/work/rsa-pub-key2048.der"
#define MODULE_ID 1 #define MODULE_ID 1
#define DATA_LEN 256 // bytes #define DATA_LEN 256 // bytes
@ -38,6 +39,25 @@ typedef struct _NFast_Call_Context
NFast_Call_Context; NFast_Call_Context;
NFast_Call_Context context; NFast_Call_Context context;
// RSA private key data
typedef struct
{
struct NFast_Bignum *p;
struct NFast_Bignum *q;
struct NFast_Bignum *dmp1;
struct NFast_Bignum *dmq1;
struct NFast_Bignum *iqmp;
struct NFast_Bignum *e;
}
RSAPrivateKeyData;
// RSA public key data
{
struct NFast_Bignum *e;
struct NFast_Bignum *n;
}
RSAPublicKeyData;
static void *my_malloc( size_t nbytes, static void *my_malloc( size_t nbytes,
struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx );
static void *my_realloc( void *ptr, size_t nbytes, static void *my_realloc( void *ptr, size_t nbytes,
@ -133,8 +153,7 @@ int my_bignumsendlenupcall( struct NFast_Application *app,
assert( ((*bignum)->nbytes & 3)==0 ); assert( ((*bignum)->nbytes & 3)==0 );
*nbytes_r= (*bignum)->nbytes; *nbytes_r= (*bignum)->nbytes;
//printf( "done\n" );
return Status_OK; return Status_OK;
} }
@ -190,7 +209,6 @@ int my_bignumformatupcall(struct NFast_Application *app,
return Status_OK; return Status_OK;
} }
// bin データを NFastApp の BigNum データに変換する // bin データを NFastApp の BigNum データに変換する
int sbn_bin2bignum ( struct NFast_Bignum **ppBN_out, int sbn_bin2bignum ( struct NFast_Bignum **ppBN_out,
struct NFast_Application *app, struct NFast_Application *app,
@ -262,13 +280,13 @@ int main( int argc, char *argv[] )
if ( argc == 2 ) if ( argc == 2 )
rand_size = atoi( argv[1] ); rand_size = atoi( argv[1] );
// load rsa data(public) // load rsa data (private)
RSA *privkey = NULL; RSA *privkey = NULL;
FILE *fp; FILE *fp;
fp = fopen( PUB_KEY_FILE, "rb" ); fp = fopen( PRIV_KEY_FILE, "rb" );
if ( !fp ) if ( !fp )
{ {
printf( "error : open %s file\n", PUB_KEY_FILE ); printf( "error : open %s file\n", PRIV_KEY_FILE );
return 0; return 0;
} }
privkey = d2i_RSAPrivateKey_fp( fp, NULL ); privkey = d2i_RSAPrivateKey_fp( fp, NULL );
@ -277,13 +295,16 @@ int main( int argc, char *argv[] )
printf( "error : d2i_RSAPrivateKey_fp\n" ); printf( "error : d2i_RSAPrivateKey_fp\n" );
return 0; return 0;
} }
#if 0
printf( "RSA(p) : %d bytes\n", BN_num_bytes( privkey->p ) ); printf( "RSA(p) : %d bytes\n", BN_num_bytes( privkey->p ) );
printf( "RSA(q) : %d bytes\n", BN_num_bytes( privkey->q ) ); printf( "RSA(q) : %d bytes\n", BN_num_bytes( privkey->q ) );
printf( "RSA(dmp1) : %d bytes\n", BN_num_bytes( privkey->dmp1 ) ); printf( "RSA(dmp1) : %d bytes\n", BN_num_bytes( privkey->dmp1 ) );
printf( "RSA(dmq1) : %d bytes\n", BN_num_bytes( privkey->dmq1 ) ); printf( "RSA(dmq1) : %d bytes\n", BN_num_bytes( privkey->dmq1 ) );
printf( "RSA(iqmp) : %d bytes\n", BN_num_bytes( privkey->iqmp ) ); printf( "RSA(iqmp) : %d bytes\n", BN_num_bytes( privkey->iqmp ) );
printf( "RSA(e) : %d bytes\n", BN_num_bytes( privkey->e ) ); printf( "RSA(e) : %d bytes\n", BN_num_bytes( privkey->e ) );
#endif
// p // p
unsigned char *pPtr; unsigned char *pPtr;
int pLen = BN_num_bytes( privkey->p ); int pLen = BN_num_bytes( privkey->p );
@ -340,41 +361,29 @@ int main( int argc, char *argv[] )
printf( "\n" ); printf( "\n" );
#if 0
printf( "RSA(p) : 0x%08X\n", (unsigned int)pPtr ); printf( "RSA(p) : 0x%08X\n", (unsigned int)pPtr );
printf( "RSA(q) : 0x%08X\n", (unsigned int)qPtr ); printf( "RSA(q) : 0x%08X\n", (unsigned int)qPtr );
printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)dmp1Ptr ); printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)dmp1Ptr );
printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)dmq1Ptr ); printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)dmq1Ptr );
printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)iqmpPtr ); printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)iqmpPtr );
printf( "RSA(e) : 0x%08X\n", (unsigned int)ePtr ); printf( "RSA(e) : 0x%08X\n", (unsigned int)ePtr );
#if 0
for ( i = 0; i < pLen; i++ )
{
if ( i % 16 == 0 )
printf( "\n" );
printf( "%02X ", (unsigned char)pPtr[i] );
}
#endif #endif
// init nFast // init nFast
//NFastAppInitArgs app_init_args;
//memset( &app_init_args, 0, sizeof( app_init_args ) );
//app_init_args.flags = NFAPP_IF_MALLOC | NFAPP_IF_BIGNUM;
//app_init_args.mallocupcalls = &my_malloc_upcalls;
//app_init_args.bignumupcalls = &sbn_upcalls;
//app_init_args.newthreadupcalls = &newthread_upcalls;
result = NFastApp_InitEx( &handle, NULL, NULL ); result = NFastApp_InitEx( &handle, NULL, NULL );
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : NFastApp_InitEx\n", result ); printf( "error(%d) : NFastApp_InitEx\n", result );
return 0;
} }
// connecting to hardserver // connecting to hardserver
result = NFastApp_Connect( handle, &nc, 0, NULL ); result = NFastApp_Connect( handle, &nc, 0, NULL );
//result = NFastApp_Connect( handle, &nc, NFastApp_ConnectionFlags_Privileged, NULL );
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : NFastApp_Connect\n", result ); printf( "error(%d) : NFastApp_Connect\n", result );
return 0;
} }
// set bignum upcalls setting // set bignum upcalls setting
@ -384,11 +393,12 @@ int main( int argc, char *argv[] )
sbn_bignumsendlenupcall, sbn_bignumsendlenupcall,
sbn_bignumsendupcall, sbn_bignumsendupcall,
sbn_bignumfreeupcall, sbn_bignumfreeupcall,
sbn_bignumformatupcall, sbn_bignumformatupcall,
NULL ); NULL );
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result ); printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result );
return 0;
} }
// NFKM getinfo // NFKM getinfo
@ -396,6 +406,7 @@ int main( int argc, char *argv[] )
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : NFKM_getinfo\n", result ); printf( "error(%d) : NFKM_getinfo\n", result );
return 0;
} }
// init card-loading lib // init card-loading lib
@ -403,6 +414,7 @@ int main( int argc, char *argv[] )
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : RQCard_init\n", result ); printf( "error(%d) : RQCard_init\n", result );
return 0;
} }
// init FIPS state // init FIPS state
@ -410,24 +422,26 @@ int main( int argc, char *argv[] )
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : RQCard_fips_init\n", result ); printf( "error(%d) : RQCard_fips_init\n", result );
return 0;
} }
// ui select // ui select
//result = RQCard_ui_default( &card ); result = RQCard_ui_default( &card );
result = RQCard_ui_scroll( &card );
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : RQCard_ui_xxx\n", result ); printf( "error(%d) : RQCard_ui_default\n", result );
return 0;
} }
// get strict-FIPS authorization // get strict-FIPS authorization
#if 1 #if 0
NFKM_FIPS140AuthHandle fipsHandle; NFKM_FIPS140AuthHandle fipsHandle;
M_SlotID slotId; M_SlotID slotId;
result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId ); result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId );
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : RQCard_fips_get\n", result ); printf( "error(%d) : RQCard_fips_get\n", result );
return 0;
} }
if ( fipsHandle == NULL ) if ( fipsHandle == NULL )
{ {
@ -443,6 +457,7 @@ int main( int argc, char *argv[] )
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : NFKM_listcardsets\n", result ); printf( "error(%d) : NFKM_listcardsets\n", result );
return 0;
} }
// find cardsets // find cardsets
@ -451,6 +466,7 @@ int main( int argc, char *argv[] )
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : NFKM_findcardset\n", result ); printf( "error(%d) : NFKM_findcardset\n", result );
return 0;
} }
// load cardset // load cardset
@ -458,6 +474,7 @@ int main( int argc, char *argv[] )
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : RQCard_logic_ocs_specific\n", result ); printf( "error(%d) : RQCard_logic_ocs_specific\n", result );
return 0;
} }
// use specific module : #1 // use specific module : #1
@ -488,12 +505,12 @@ int main( int argc, char *argv[] )
NFKM_MakeACLParams map; NFKM_MakeACLParams map;
memset( &map, 0, sizeof( map ) ); memset( &map, 0, sizeof( map ) );
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
// map.op_base = (NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY | // 暗号化と復号化、署名とベリファイなど、相反する操作を持たせることはできない(エラーになる)
// NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT ); // e.g. NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY -> エラー
// e.g. NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT -> エラー
map.op_base = NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_DECRYPT; map.op_base = NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_DECRYPT;
map.cs = cardset; map.cs = cardset;
result = NFKM_newkey_makeaclx( handle, nc, world, &map, result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL );
&(cmd.args.import.acl), NULL );
if ( result != Status_OK ) if ( result != Status_OK )
{ {
printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); printf( "error(%d) : NFKM_newkey_makeaclx\n", result );