hsm_utils:RSAキーペアのインポートと暗号化・復号化成功

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@117 ff987cc8-cf2f-4642-8568-d52cce064691
2025-11-02 00:11:04 -04:00 · 2009-12-28 13:34:15 +00:00 · 2009-12-28 13:34:15 +00:00 · cc75cc4129
commit cc75cc4129
parent e3b58c07cc
1 changed files with 87 additions and 104 deletions
--- a/hsm_utils/import_rsa_keypair.c
+++ b/hsm_utils/import_rsa_keypair.c
@ -112,6 +112,7 @@ int importRSAPrivate( NFKM_KeyIdent keyident )
 	}
 	fclose( fp );

+#if 0
 	printf( "\nRSA(p) = " );
 	BN_print_fp( stdout, privkey->p );
 	printf( "\nRSA(q) = " );
@ -125,6 +126,7 @@ int importRSAPrivate( NFKM_KeyIdent keyident )
 	printf( "\nRSA(e) = " );
 	BN_print_fp( stdout, privkey->e );
 	printf( "\n" );
+#endif

 #if 0
 	printf( "RSA bignum(Openssl) size\n" );
@ -214,14 +216,16 @@ int importRSAPrivate( NFKM_KeyIdent keyident )
 		free( iqmpPtr );
 		free( ePtr );
 	}
-	
+
+#if 0	
 	my_printbignum ( stdout, "RSA(p)", privBn.p );
 	my_printbignum ( stdout, "RSA(q)", privBn.q );
 	my_printbignum ( stdout, "RSA(dmp1)", privBn.dmp1 );
 	my_printbignum ( stdout, "RSA(dmq1)", privBn.dmq1 );
 	my_printbignum ( stdout, "RSA(iqmp)", privBn.iqmp );
 	my_printbignum ( stdout, "RSA(e)", privBn.e );
-	
+#endif
+
 			
 #if 0
 	printf( "RSA bn addr\n" );
@ -232,7 +236,8 @@ int importRSAPrivate( NFKM_KeyIdent keyident )
 	printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)privBn.iqmp );
 	printf( "RSA(e)    : 0x%08X\n", (unsigned int)privBn.e );
 #endif
-	
+
+#if 0
 	// imm dec
 	{
 	struct NFast_Bignum *dec_bn = NULL;
@ -260,13 +265,12 @@ int importRSAPrivate( NFKM_KeyIdent keyident )
 		printf( "error(%d) : imm dec(reply)\n", result );
 		return 1;
 	}
-	printf ( "imm %d bytes\n", reply.reply.rsaimmedsigndecrypt.r->nbytes );
 	my_bignum2bin( out, DATA_LEN, handle, reply.reply.rsaimmedsigndecrypt.r );
 	PrintArray( (char*)"imm dec before", save_enc, DATA_LEN );
-	PrintArray( (char*)"imm dec after", out, DATA_LEN - 11 );
-	memcpy( save_enc, out, DATA_LEN );
+	PrintArray( (char*)"imm dec after", out, reply.reply.rsaimmedsigndecrypt.r->nbytes );
 	}	// imm dec
-	
+#endif
+
 	// make ACL
 	if ( cardset != NULL )
 		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
@ -305,13 +309,49 @@ int importRSAPrivate( NFKM_KeyIdent keyident )
 		printf( "error(%d) : Cmd_Import(reply)\n", result );
 		return 1;
 	}
+
+#if 0
+	// decrypt test kokode
+	{
+	struct NFast_Bignum *dec_bn = NULL;
+	unsigned char *out = (unsigned char*)malloc( DATA_LEN );
+	my_bin2bignum( &(dec_bn), handle, save_enc, DATA_LEN );
+	M_KeyID tempKey = reply.reply.import.key;
+	NFastApp_Free_Reply( handle, NULL, NULL, &reply );
+	memset( &cmd, 0, sizeof( cmd ) );
+	memset( &reply, 0, sizeof( reply ) );
+	cmd.cmd = Cmd_Decrypt;
+	cmd.args.decrypt.flags = 0;
+	cmd.args.decrypt.key = tempKey;
+	cmd.args.decrypt.mech = Mech_RSApPKCS1;
+	cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1;
+	cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
+	cmd.args.decrypt.reply_type = PlainTextType_Bignum;
+	result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
+	if ( result != Status_OK )
+	{	
+		printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result );
+		return 1;
+	}
+	result = reply.status;
+	if ( result != Status_OK )
+	{	
+		printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
+		return 1;
+	}
+	
+	my_bignum2bin( out, reply.reply.decrypt.plain.data.bignum.m->nbytes, handle, reply.reply.decrypt.plain.data.bignum.m );
+	PrintArray( (char*)"foo dec before", save_enc, DATA_LEN );
+	PrintArray( (char*)"foo dec after", out, reply.reply.decrypt.plain.data.bignum.m->nbytes );
+	}	// decrypt test
+#endif
 	
 	// make blobs
-	reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8
-	reg_key.name = keyident.ident;
+	//reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8
+	//reg_key.name = keyident.ident;
 	reg_key.appname = keyident.appname;
 	reg_key.ident = keyident.ident;
-	time( &(reg_key.gentime) );
+	//time( &(reg_key.gentime) );
 	mbp.f = map.f;
 	mbp.kpriv = reply.reply.import.key;
 	mbp.lt = ltid;
@ -386,6 +426,7 @@ int importRSAPublic( NFKM_KeyIdent keyident )
 #if 0
 	printf( "RSA bignum(Openssl) size\n" );
 	printf( "RSA(e)    : %d bytes\n", BN_num_bytes( pubkey->e ) );
+
 	printf( "RSA(n)    : %d bytes\n", BN_num_bytes( pubkey->n ) );
 #endif
 	
@ -428,7 +469,8 @@ int importRSAPublic( NFKM_KeyIdent keyident )
 	printf( "RSA(e)    : 0x%08X\n", (unsigned int)pubBn.e );
 	printf( "RSA(n)    : 0x%08X\n", (unsigned int)pubBn.n );
 #endif
-	
+
+#if 0
 	// imm enc
 	{
 	int i;
@ -436,7 +478,7 @@ int importRSAPublic( NFKM_KeyIdent keyident )
 	unsigned char *ptr = (unsigned char*)malloc( DATA_LEN - 11 );
 	unsigned char *out = (unsigned char*)malloc( DATA_LEN );
 	for ( i = 0; i < DATA_LEN - 11; i++ )
-		ptr[i] = i;
+		ptr[i] = ~i;
 	my_bin2bignum( &(enc_bn), handle, ptr, DATA_LEN - 11 );
 	
 	M_Command cmd;
@ -457,18 +499,18 @@ int importRSAPublic( NFKM_KeyIdent keyident )
 		printf( "error(%d) : imm enc(reply)\n", result );
 		return 1;
 	}
-	printf ( "imm %d bytes\n", reply.reply.rsaimmedsigndecrypt.r->nbytes );
 	my_bignum2bin( out, DATA_LEN, handle, reply.reply.rsaimmedsigndecrypt.r );
-	PrintArray( (char*)"imm before", ptr, DATA_LEN - 11 );
-	PrintArray( (char*)"imm after", out, DATA_LEN );
+	PrintArray( (char*)"imm enc before", ptr, DATA_LEN - 11 );
+	PrintArray( (char*)"imm enc after", out, reply.reply.rsaimmedsigndecrypt.r->nbytes );
 	memcpy( save_enc, out, DATA_LEN );
-	}	// imm enc & dec
-	
+	}	// imm enc
+#endif
+
 	// make ACL
 	if ( cardset != NULL )
-		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
+		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet | NFKM_NKF_PublicKey;
 	else
-		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule;
+		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule | NFKM_NKF_PublicKey;
 	// 秘密鍵には DECRYPT と SIGN
 	// 公開鍵には ENCRYPT と VERIFY しかセットできない？？
 	map.op_base = NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_VERIFY;
@ -506,7 +548,7 @@ int importRSAPublic( NFKM_KeyIdent keyident )
 	reg_key.ident = keyident.ident;
 	time( &(reg_key.gentime) );
 	mbp.f = map.f;
-	mbp.kpriv = reply.reply.import.key;
+	mbp.kpub = reply.reply.import.key;
 	mbp.lt = ltid;
 	mbp.cs = cardset;
 	result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, &reg_key, NULL );
@ -596,7 +638,7 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
 	}
 	
 	// load pub key blob
-	blobptr = &(keyinfo->privblob); // pub dakedo privblob
+	blobptr = &(keyinfo->pubblob); // pub dakedo privblob
 	result = NFKM_cmd_loadblob( handle, nc, 
 		moduleinfo->module, blobptr, ltid, &pub_keyid, "loading pub key blob", NULL );
 	if ( result != Status_OK )
@ -626,23 +668,25 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
 	keyinfo = NULL;
 #endif

-#if 1
 	// encrypt & dectypt test
 	{
 		unsigned char *beforePtr, *middlePtr, *afterPtr;
+		int beforeLen, middleLen, afterLen;
 		unsigned char *encPtr, *decPtr;
 		struct NFast_Bignum *enc_bn, *dec_bn;
 		M_Mech dec_mech;
 				
-		beforePtr = afterPtr = NULL;
+		beforePtr = middlePtr = afterPtr = NULL;
+		beforeLen = middleLen = afterLen = 0;
 		encPtr = decPtr = NULL;
 		enc_bn = dec_bn = NULL;
 		
 		// encrypt data setting
-		beforePtr = (unsigned char*)malloc( DATA_LEN - 11 );
-		for ( i = 0; i < DATA_LEN - 11; i++ )
-			beforePtr[i] = i;
-		my_bin2bignum( &(enc_bn), handle, beforePtr, DATA_LEN - 11 );
+		beforeLen = DATA_LEN - 11;
+		beforePtr = (unsigned char*)malloc( beforeLen );
+		for ( i = 0; i < beforeLen; i++ )
+			beforePtr[i] = ~i;
+		my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen );

 #if 0
 		// my_bignum2bin test
@ -651,8 +695,7 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
 		printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" );
 		my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn );
 		PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN );
-#endif
-		printf( "%d bytes\n", enc_bn->nbytes ); 
+#endif 
 		
 		// encrypt transact
 		cmd.cmd = Cmd_Encrypt;
@ -674,22 +717,22 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
 			printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result );
 			return 1;
 		}
-		#if 1
+#if 0
 		if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes )
 		{
 			printf( "error : output size isn't %d bytes!\n", DATA_LEN );
 			return 1;
 		}
-		#endif
+#endif
 		
 		printf( "RSA data encrypt ok\n" );
 		
 		// decrypt data setting
-		middlePtr = (unsigned char*)malloc( DATA_LEN );
-		my_bignum2bin( middlePtr, DATA_LEN, handle,
+		middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
+		middlePtr = (unsigned char*)malloc( middleLen );
+		my_bignum2bin( middlePtr, middleLen, handle,
 					reply.reply.encrypt.cipher.data.rsappkcs1.m );
-		//my_bin2bignum( &dec_bn, handle, middlePtr, DATA_LEN );		
-		my_bignumCopy( &dec_bn, reply.reply.encrypt.cipher.data.rsappkcs1.m, handle );
+		my_bin2bignum( &dec_bn, handle, middlePtr, middleLen );		
 		dec_mech = reply.reply.encrypt.cipher.mech;
 				
 		NFastApp_Free_Command( handle, NULL, NULL, &cmd );
@ -717,90 +760,30 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
 			printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
 			return 1;
 		}
-		#if 0
+#if 0
 		if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes )
 		{
 			printf( "error : output size isn't %d bytes!\n", DATA_LEN );
 			return 1;
 		}
-		#endif
+#endif
 		
 		printf( "RSA data decrypt ok\n" );
 		
 		// after
-		afterPtr = (unsigned char*)malloc( DATA_LEN );
-		my_bignum2bin( middlePtr, DATA_LEN, handle,
+		afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
+		afterPtr = (unsigned char*)malloc( afterLen );
+		my_bignum2bin( afterPtr, afterLen, handle,
 					reply.reply.decrypt.plain.data.bignum.m );
 		
 		NFastApp_Free_Command( handle, NULL, NULL, &cmd );
 		NFastApp_Free_Reply( handle, NULL, NULL, &reply );
-					
+								
 		// data show
-		PrintArray( (char*)"before", beforePtr, DATA_LEN - 11);
-		PrintArray( (char*)"middle", middlePtr, DATA_LEN );
-		PrintArray( (char*)"after", afterPtr, DATA_LEN - 11);				
-		
-#if 0
-		
-		dec_output.ptr = (unsigned char*)malloc( dec_output.len );
-		memcpy( dec_output.ptr, 
-			reply.reply.decrypt.plain.data.bytes.data.ptr,
-			dec_output.len );
-
-		printf( "decrypt ok\n" );
-		
-		NFastApp_Free_Reply( handle, NULL, NULL, &reply );
-
-		// key destroy
-		memset( &cmd, 0, sizeof( cmd ) ); // fail if NFastApp_Free_Command
-		cmd.cmd = Cmd_Destroy;
-		cmd.args.destroy.key = pub_keyid;
-		result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
-		if ( result != Status_OK )
-		{	
-			printf( "error(%d) : NFastApp_Transact(Cmd_Destroy)\n", result );
-		}
-		NFastApp_Free_Reply( handle, NULL, NULL, &reply );
-		memset( &cmd, 0, sizeof( cmd ) ); // fail if NFastApp_Free_Command
-		cmd.cmd = Cmd_Destroy;
-		cmd.args.destroy.key = priv_keyid;
-		result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
-		if ( result != Status_OK )
-		{	
-			printf( "error(%d) : NFastApp_Transact(Cmd_Destroy)\n", result );
-		}
-		NFastApp_Free_Reply( handle, NULL, NULL, &reply );
-		
-		// data show
-		printf( "enc_input : (%d bytes)", (int)enc_input.len );
-		for ( i = 0; i < enc_input.len; i++ )
-		{
-			if ( i % 16 == 0 )
-				printf( "\n" );
-			printf( "%02X ", enc_input.ptr[i] );
-		}
-		printf( "\n" );
-		
-		printf( "\nenc_output : (%d bytes)", (int)enc_output.len );
-		for ( i = 0; i < enc_output.len; i++ )
-		{
-			if ( i % 16 == 0 )
-				printf( "\n" );
-			printf( "%02X ", enc_output.ptr[i] );
-		}
-		printf( "\n" );
-		
-		printf( "\ndec_output : (%d bytes)", (int)dec_output.len );
-		for ( i = 0; i < dec_output.len; i++ )
-		{
-			if ( i % 16 == 0 )
-				printf( "\n" );
-			printf( "%02X ", dec_output.ptr[i] );
-		}
-		printf( "\n" );
-#endif
+		PrintArray( (char*)"before", beforePtr, beforeLen );
+		PrintArray( (char*)"middle", middlePtr, middleLen );
+		PrintArray( (char*)"after", afterPtr, afterLen );
 	}	// encrypt & decrypt
-#endif
 		
 	return result;
 }	// verify_rsa_keypair