diff --git a/hsm_utils/import_rsa_keypair.c b/hsm_utils/import_rsa_keypair.c index cad7e46..b3f0a26 100644 --- a/hsm_utils/import_rsa_keypair.c +++ b/hsm_utils/import_rsa_keypair.c @@ -112,6 +112,7 @@ int importRSAPrivate( NFKM_KeyIdent keyident ) } fclose( fp ); +#if 0 printf( "\nRSA(p) = " ); BN_print_fp( stdout, privkey->p ); printf( "\nRSA(q) = " ); @@ -125,6 +126,7 @@ int importRSAPrivate( NFKM_KeyIdent keyident ) printf( "\nRSA(e) = " ); BN_print_fp( stdout, privkey->e ); printf( "\n" ); +#endif #if 0 printf( "RSA bignum(Openssl) size\n" ); @@ -214,14 +216,16 @@ int importRSAPrivate( NFKM_KeyIdent keyident ) free( iqmpPtr ); free( ePtr ); } - + +#if 0 my_printbignum ( stdout, "RSA(p)", privBn.p ); my_printbignum ( stdout, "RSA(q)", privBn.q ); my_printbignum ( stdout, "RSA(dmp1)", privBn.dmp1 ); my_printbignum ( stdout, "RSA(dmq1)", privBn.dmq1 ); my_printbignum ( stdout, "RSA(iqmp)", privBn.iqmp ); my_printbignum ( stdout, "RSA(e)", privBn.e ); - +#endif + #if 0 printf( "RSA bn addr\n" ); @@ -232,7 +236,8 @@ int importRSAPrivate( NFKM_KeyIdent keyident ) printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)privBn.iqmp ); printf( "RSA(e) : 0x%08X\n", (unsigned int)privBn.e ); #endif - + +#if 0 // imm dec { struct NFast_Bignum *dec_bn = NULL; @@ -260,13 +265,12 @@ int importRSAPrivate( NFKM_KeyIdent keyident ) printf( "error(%d) : imm dec(reply)\n", result ); return 1; } - printf ( "imm %d bytes\n", reply.reply.rsaimmedsigndecrypt.r->nbytes ); my_bignum2bin( out, DATA_LEN, handle, reply.reply.rsaimmedsigndecrypt.r ); PrintArray( (char*)"imm dec before", save_enc, DATA_LEN ); - PrintArray( (char*)"imm dec after", out, DATA_LEN - 11 ); - memcpy( save_enc, out, DATA_LEN ); + PrintArray( (char*)"imm dec after", out, reply.reply.rsaimmedsigndecrypt.r->nbytes ); } // imm dec - +#endif + // make ACL if ( cardset != NULL ) map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; @@ -305,13 +309,49 @@ int importRSAPrivate( NFKM_KeyIdent keyident ) printf( "error(%d) : Cmd_Import(reply)\n", result ); return 1; } + +#if 0 + // decrypt test kokode + { + struct NFast_Bignum *dec_bn = NULL; + unsigned char *out = (unsigned char*)malloc( DATA_LEN ); + my_bin2bignum( &(dec_bn), handle, save_enc, DATA_LEN ); + M_KeyID tempKey = reply.reply.import.key; + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + cmd.cmd = Cmd_Decrypt; + cmd.args.decrypt.flags = 0; + cmd.args.decrypt.key = tempKey; + cmd.args.decrypt.mech = Mech_RSApPKCS1; + cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1; + cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn; + cmd.args.decrypt.reply_type = PlainTextType_Bignum; + result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result ); + return 1; + } + result = reply.status; + if ( result != Status_OK ) + { + printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result ); + return 1; + } + + my_bignum2bin( out, reply.reply.decrypt.plain.data.bignum.m->nbytes, handle, reply.reply.decrypt.plain.data.bignum.m ); + PrintArray( (char*)"foo dec before", save_enc, DATA_LEN ); + PrintArray( (char*)"foo dec after", out, reply.reply.decrypt.plain.data.bignum.m->nbytes ); + } // decrypt test +#endif // make blobs - reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8 - reg_key.name = keyident.ident; + //reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8 + //reg_key.name = keyident.ident; reg_key.appname = keyident.appname; reg_key.ident = keyident.ident; - time( &(reg_key.gentime) ); + //time( &(reg_key.gentime) ); mbp.f = map.f; mbp.kpriv = reply.reply.import.key; mbp.lt = ltid; @@ -386,6 +426,7 @@ int importRSAPublic( NFKM_KeyIdent keyident ) #if 0 printf( "RSA bignum(Openssl) size\n" ); printf( "RSA(e) : %d bytes\n", BN_num_bytes( pubkey->e ) ); + printf( "RSA(n) : %d bytes\n", BN_num_bytes( pubkey->n ) ); #endif @@ -428,7 +469,8 @@ int importRSAPublic( NFKM_KeyIdent keyident ) printf( "RSA(e) : 0x%08X\n", (unsigned int)pubBn.e ); printf( "RSA(n) : 0x%08X\n", (unsigned int)pubBn.n ); #endif - + +#if 0 // imm enc { int i; @@ -436,7 +478,7 @@ int importRSAPublic( NFKM_KeyIdent keyident ) unsigned char *ptr = (unsigned char*)malloc( DATA_LEN - 11 ); unsigned char *out = (unsigned char*)malloc( DATA_LEN ); for ( i = 0; i < DATA_LEN - 11; i++ ) - ptr[i] = i; + ptr[i] = ~i; my_bin2bignum( &(enc_bn), handle, ptr, DATA_LEN - 11 ); M_Command cmd; @@ -457,18 +499,18 @@ int importRSAPublic( NFKM_KeyIdent keyident ) printf( "error(%d) : imm enc(reply)\n", result ); return 1; } - printf ( "imm %d bytes\n", reply.reply.rsaimmedsigndecrypt.r->nbytes ); my_bignum2bin( out, DATA_LEN, handle, reply.reply.rsaimmedsigndecrypt.r ); - PrintArray( (char*)"imm before", ptr, DATA_LEN - 11 ); - PrintArray( (char*)"imm after", out, DATA_LEN ); + PrintArray( (char*)"imm enc before", ptr, DATA_LEN - 11 ); + PrintArray( (char*)"imm enc after", out, reply.reply.rsaimmedsigndecrypt.r->nbytes ); memcpy( save_enc, out, DATA_LEN ); - } // imm enc & dec - + } // imm enc +#endif + // make ACL if ( cardset != NULL ) - map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet | NFKM_NKF_PublicKey; else - map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule; + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule | NFKM_NKF_PublicKey; // 秘密鍵には DECRYPT と SIGN // 公開鍵には ENCRYPT と VERIFY しかセットできない?? map.op_base = NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_VERIFY; @@ -506,7 +548,7 @@ int importRSAPublic( NFKM_KeyIdent keyident ) reg_key.ident = keyident.ident; time( &(reg_key.gentime) ); mbp.f = map.f; - mbp.kpriv = reply.reply.import.key; + mbp.kpub = reply.reply.import.key; mbp.lt = ltid; mbp.cs = cardset; result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, ®_key, NULL ); @@ -596,7 +638,7 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) } // load pub key blob - blobptr = &(keyinfo->privblob); // pub dakedo privblob + blobptr = &(keyinfo->pubblob); // pub dakedo privblob result = NFKM_cmd_loadblob( handle, nc, moduleinfo->module, blobptr, ltid, &pub_keyid, "loading pub key blob", NULL ); if ( result != Status_OK ) @@ -626,23 +668,25 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) keyinfo = NULL; #endif -#if 1 // encrypt & dectypt test { unsigned char *beforePtr, *middlePtr, *afterPtr; + int beforeLen, middleLen, afterLen; unsigned char *encPtr, *decPtr; struct NFast_Bignum *enc_bn, *dec_bn; M_Mech dec_mech; - beforePtr = afterPtr = NULL; + beforePtr = middlePtr = afterPtr = NULL; + beforeLen = middleLen = afterLen = 0; encPtr = decPtr = NULL; enc_bn = dec_bn = NULL; // encrypt data setting - beforePtr = (unsigned char*)malloc( DATA_LEN - 11 ); - for ( i = 0; i < DATA_LEN - 11; i++ ) - beforePtr[i] = i; - my_bin2bignum( &(enc_bn), handle, beforePtr, DATA_LEN - 11 ); + beforeLen = DATA_LEN - 11; + beforePtr = (unsigned char*)malloc( beforeLen ); + for ( i = 0; i < beforeLen; i++ ) + beforePtr[i] = ~i; + my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen ); #if 0 // my_bignum2bin test @@ -651,8 +695,7 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" ); my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn ); PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN ); -#endif - printf( "%d bytes\n", enc_bn->nbytes ); +#endif // encrypt transact cmd.cmd = Cmd_Encrypt; @@ -674,22 +717,22 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result ); return 1; } - #if 1 +#if 0 if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes ) { printf( "error : output size isn't %d bytes!\n", DATA_LEN ); return 1; } - #endif +#endif printf( "RSA data encrypt ok\n" ); // decrypt data setting - middlePtr = (unsigned char*)malloc( DATA_LEN ); - my_bignum2bin( middlePtr, DATA_LEN, handle, + middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes; + middlePtr = (unsigned char*)malloc( middleLen ); + my_bignum2bin( middlePtr, middleLen, handle, reply.reply.encrypt.cipher.data.rsappkcs1.m ); - //my_bin2bignum( &dec_bn, handle, middlePtr, DATA_LEN ); - my_bignumCopy( &dec_bn, reply.reply.encrypt.cipher.data.rsappkcs1.m, handle ); + my_bin2bignum( &dec_bn, handle, middlePtr, middleLen ); dec_mech = reply.reply.encrypt.cipher.mech; NFastApp_Free_Command( handle, NULL, NULL, &cmd ); @@ -717,90 +760,30 @@ int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result ); return 1; } - #if 0 +#if 0 if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes ) { printf( "error : output size isn't %d bytes!\n", DATA_LEN ); return 1; } - #endif +#endif printf( "RSA data decrypt ok\n" ); // after - afterPtr = (unsigned char*)malloc( DATA_LEN ); - my_bignum2bin( middlePtr, DATA_LEN, handle, + afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes; + afterPtr = (unsigned char*)malloc( afterLen ); + my_bignum2bin( afterPtr, afterLen, handle, reply.reply.decrypt.plain.data.bignum.m ); NFastApp_Free_Command( handle, NULL, NULL, &cmd ); NFastApp_Free_Reply( handle, NULL, NULL, &reply ); - + // data show - PrintArray( (char*)"before", beforePtr, DATA_LEN - 11); - PrintArray( (char*)"middle", middlePtr, DATA_LEN ); - PrintArray( (char*)"after", afterPtr, DATA_LEN - 11); - -#if 0 - - dec_output.ptr = (unsigned char*)malloc( dec_output.len ); - memcpy( dec_output.ptr, - reply.reply.decrypt.plain.data.bytes.data.ptr, - dec_output.len ); - - printf( "decrypt ok\n" ); - - NFastApp_Free_Reply( handle, NULL, NULL, &reply ); - - // key destroy - memset( &cmd, 0, sizeof( cmd ) ); // fail if NFastApp_Free_Command - cmd.cmd = Cmd_Destroy; - cmd.args.destroy.key = pub_keyid; - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFastApp_Transact(Cmd_Destroy)\n", result ); - } - NFastApp_Free_Reply( handle, NULL, NULL, &reply ); - memset( &cmd, 0, sizeof( cmd ) ); // fail if NFastApp_Free_Command - cmd.cmd = Cmd_Destroy; - cmd.args.destroy.key = priv_keyid; - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFastApp_Transact(Cmd_Destroy)\n", result ); - } - NFastApp_Free_Reply( handle, NULL, NULL, &reply ); - - // data show - printf( "enc_input : (%d bytes)", (int)enc_input.len ); - for ( i = 0; i < enc_input.len; i++ ) - { - if ( i % 16 == 0 ) - printf( "\n" ); - printf( "%02X ", enc_input.ptr[i] ); - } - printf( "\n" ); - - printf( "\nenc_output : (%d bytes)", (int)enc_output.len ); - for ( i = 0; i < enc_output.len; i++ ) - { - if ( i % 16 == 0 ) - printf( "\n" ); - printf( "%02X ", enc_output.ptr[i] ); - } - printf( "\n" ); - - printf( "\ndec_output : (%d bytes)", (int)dec_output.len ); - for ( i = 0; i < dec_output.len; i++ ) - { - if ( i % 16 == 0 ) - printf( "\n" ); - printf( "%02X ", dec_output.ptr[i] ); - } - printf( "\n" ); -#endif + PrintArray( (char*)"before", beforePtr, beforeLen ); + PrintArray( (char*)"middle", middlePtr, middleLen ); + PrintArray( (char*)"after", afterPtr, afterLen ); } // encrypt & decrypt -#endif return result; } // verify_rsa_keypair