rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

hsm_utils:HSM の初期化、終了処理をまとめた my_hsm_setup 追加。

Browse Source 
create_rsa_pss_cert を削除。 sign_verify_rsa_pkcs1_sha256 を追加。

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@229 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
n2460 2013-10-09 11:34:54 +00:00
parent 0be297f8d4
commit d8a58917c1
5 changed files with 942 additions and 478 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
trunk/hsm_utils/Makefile
View File

@ -84,7 +84,7 @@ XLDLIBS= $(LIBPATH_SWORLD)/librqcard.a \
COMMON_OBJECTS = $(REFPATH)/nfutil.o $(REFPATH)/nfopt.o $(REFPATH)/getdate.o $(REFPATH)/report.o $(REFPATH)/report-usage.o $(REFPATH)/nftypes.o $(REFPATH)/tokenise.o COMMON_OBJECTS = $(REFPATH)/nfutil.o $(REFPATH)/nfopt.o $(REFPATH)/getdate.o $(REFPATH)/report.o $(REFPATH)/report-usage.o $(REFPATH)/nftypes.o $(REFPATH)/tokenise.o
EXTRA_OBJECTS = my_hsm_bignum.o my_hsm_alloc.o EXTRA_OBJECTS = my_hsm_bignum.o my_hsm_alloc.o my_hsm_setup.o
COMMON_HEADERS= $(REFPATH)/nfutil.h $(REFPATH)/nfopt.h $(REFPATH)/nftypes.h $(REFPATH)/tokenise.h COMMON_HEADERS= $(REFPATH)/nfutil.h $(REFPATH)/nfopt.h $(REFPATH)/nftypes.h $(REFPATH)/tokenise.h
@ -97,22 +97,25 @@ $(SRCPATH)/getdate.c: ;
# Simple (non-threaded) programs ------------ # Simple (non-threaded) programs ------------
my_hsm_bignum.o: my_hsm_bignum.c my_hsm_bignum.o: my_hsm_bignum.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o my_hsm_bignum.o -c my_hsm_bignum.c $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o my_hsm_bignum.o -c my_hsm_bignum.c
my_hsm_alloc.o: my_hsm_alloc.c my_hsm_alloc.o: my_hsm_alloc.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o my_hsm_alloc.o -c my_hsm_alloc.c $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o my_hsm_alloc.o -c my_hsm_alloc.c
my_hsm_setup.o: my_hsm_setup.c
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o my_hsm_setup.o -c my_hsm_setup.c
import_aes_key: import_aes_key.c $(EXTRA_OBJECTS) import_aes_key: import_aes_key.c $(EXTRA_OBJECTS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o import_aes_key import_aes_key.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o import_aes_key import_aes_key.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS)
import_rsa_keypair: import_rsa_keypair.c $(EXTRA_OBJECTS) import_rsa_keypair: import_rsa_keypair.c $(EXTRA_OBJECTS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o import_rsa_keypair import_rsa_keypair.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o import_rsa_keypair import_rsa_keypair.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS)
import_ecdsa_keypair: import_ecdsa_keypair.c $(EXTRA_OBJECTS) import_ecdsa_keypair: import_ecdsa_keypair.c $(EXTRA_OBJECTS)
$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o import_ecdsa_keypair import_ecdsa_keypair.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o import_ecdsa_keypair import_ecdsa_keypair.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS)
create_rsa_pss_cert: create_rsa_pss_cert.c $(EXTRA_OBJECTS) sign_verify_rsa_pkcs1_sha256: sign_verify_rsa_pkcs1_sha256.c $(EXTRA_OBJECTS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o create_rsa_pss_cert create_rsa_pss_cert.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o sign_verify_rsa_pkcs1_sha256 sign_verify_rsa_pkcs1_sha256.c $(COMMON_OBJECTS) $(EXTRA_OBJECTS) $(LDLIBS)
# All single-threaded targets # All single-threaded targets
@ -120,7 +123,7 @@ TARGETS_SIMPLE= \
import_aes_key \ import_aes_key \
import_rsa_keypair \ import_rsa_keypair \
import_ecdsa_keypair \ import_ecdsa_keypair \
create_rsa_pss_cert \ sign_verify_rsa_pkcs1_sha256.c \
simple: $(TARGETS_SIMPLE) simple: $(TARGETS_SIMPLE)

470
trunk/hsm_utils/create_rsa_pss_cert.c
View File

@ -1,470 +0,0 @@
// sign rsa pss test for nShield
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
// openssl
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/aes.h>
#include <openssl/pem.h>
#include "nfastapp.h"
#include "nfkm.h"
#include "rqcard-applic.h"
#include "rqcard-fips.h"
//#include "picky-upcalls.h"
#include "my_hsm_bignum.h"
#include "my_hsm_alloc.h"
#define PRIV_KEY_FILE "./test_key/test-rsa-privkey2048.der"
#define PUB_KEY_FILE "./test_key/test-rsa-pubkey2048.der"
#define MODULE_ID 1
#define DATA_LEN 256 // bytes
// RSA private key data
typedef struct
{
struct NFast_Bignum *p;
struct NFast_Bignum *q;
struct NFast_Bignum *dmp1;
struct NFast_Bignum *dmq1;
struct NFast_Bignum *iqmp;
struct NFast_Bignum *e;
}
RSAPrivateKeyDataBn;
// RSA public key data
typedef struct
{
struct NFast_Bignum *e;
struct NFast_Bignum *n;
}
RSAPublicKeyDataBn;
// global variable
NFast_AppHandle handle;
NFastApp_Connection nc;
NFKM_WorldInfo *world = NULL;
RQCard card;
RQCard_FIPS fips;
M_KeyID ltid = 0; // the cardset loaded into the module
NFKM_CardSet *cardset = NULL;
NFKM_ModuleInfo *moduleinfo = NULL;
const NFKM_KeyIdent priv_keyident = { (char*)"simple", (char*)"test-rsa-privkey2048" };
const NFKM_KeyIdent pub_keyident = { (char*)"simple", (char*)"test-rsa-pubkey2048" };
unsigned char save_enc[DATA_LEN];
// function
int verifyRSAKeyPair( NFKM_KeyIdent priv_keyident, NFKM_KeyIdent pub_keyident );
void PrintArray( char *pStr, const unsigned char *pData, int length );
int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
{
int i;
int result = Status_OK;
M_ByteBlock *blobptr = NULL;
M_KeyID priv_keyid, pub_keyid;
NFKM_Key *keyinfo = NULL;
M_Command cmd;
M_Reply reply;
priv_keyid = pub_keyid = 0;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// find priv key
result = NFKM_findkey( handle, priv_ident, &keyinfo, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findkey(priv)\n", result );
return result;
}
// load priv key blob
blobptr = &(keyinfo->privblob);
result = NFKM_cmd_loadblob( handle, nc,
moduleinfo->module, blobptr, ltid, &priv_keyid, "loading priv key blob", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob(priv)\n", result );
return result;
}
NFKM_freekey( handle, keyinfo, NULL );
keyinfo = NULL;
#if 0
// get priv key info
cmd.cmd = Cmd_GetKeyInfo;
cmd.args.getkeyinfo.key = priv_keyid;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result );
return result;
}
printf( "priv key ID : %08X\n", (unsigned int)priv_keyid );
printf( "priv keytype : %d\n", reply.reply.getkeyinfo.type );
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
#endif
// find pub key
result = NFKM_findkey( handle, pub_ident, &keyinfo, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findkey(pub)\n", result );
return result;
}
// load pub key blob
blobptr = &(keyinfo->pubblob); // pub dakedo privblob
result = NFKM_cmd_loadblob( handle, nc,
moduleinfo->module, blobptr, ltid, &pub_keyid, "loading pub key blob", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob(pub)\n", result );
return result;
}
NFKM_freekey( handle, keyinfo, NULL );
keyinfo = NULL;
#if 0
// get priv key info
cmd.cmd = Cmd_GetKeyInfo;
cmd.args.getkeyinfo.key = pub_keyid;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result );
return result;
}
printf( "pub key ID : %08X\n", (unsigned int)pub_keyid );
printf( "pub keytype : %d\n", reply.reply.getkeyinfo.type );
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
keyinfo = NULL;
#endif
// encrypt & dectypt test
{
unsigned char *beforePtr, *middlePtr, *afterPtr;
int beforeLen, middleLen, afterLen;
unsigned char *encPtr, *decPtr;
struct NFast_Bignum *enc_bn, *dec_bn;
M_Mech dec_mech;
beforePtr = middlePtr = afterPtr = NULL;
beforeLen = middleLen = afterLen = 0;
encPtr = decPtr = NULL;
enc_bn = dec_bn = NULL;
// encrypt data setting
beforeLen = DATA_LEN - 11;
beforePtr = (unsigned char*)malloc( beforeLen );
for ( i = 0; i < beforeLen; i++ )
beforePtr[i] = ~i;
my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen );
#if 0
// my_bignum2bin test
unsigned char debug_buf[ DATA_LEN ];
PrintArray( (char*)"beforePtr", beforePtr, DATA_LEN );
printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" );
my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn );
PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN );
#endif
// encrypt transact
cmd.cmd = Cmd_Encrypt;
cmd.args.encrypt.flags = 0; // Cmd_Encrypt_Args_flags_given_iv_present;
cmd.args.encrypt.key = pub_keyid;
cmd.args.encrypt.mech = Mech_RSApPKCS1;
cmd.args.encrypt.plain.type = PlainTextType_Bignum;
cmd.args.encrypt.plain.data.bignum.m = enc_bn;
//cmd.args.encrypt.given_iv = NULL;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result );
return 1;
}
#if 0
if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes )
{
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
return 1;
}
#endif
printf( "RSA data encrypt ok\n" );
// decrypt data setting
middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
middlePtr = (unsigned char*)malloc( middleLen );
my_bignum2bin( middlePtr, middleLen, handle,
reply.reply.encrypt.cipher.data.rsappkcs1.m );
my_bin2bignum( &dec_bn, handle, middlePtr, middleLen );
dec_mech = reply.reply.encrypt.cipher.mech;
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// decrypt transact
cmd.cmd = Cmd_Decrypt;
cmd.args.decrypt.flags = 0;
cmd.args.decrypt.key = priv_keyid;
cmd.args.decrypt.mech = Mech_RSApPKCS1;
cmd.args.decrypt.cipher.mech = dec_mech;
cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
cmd.args.decrypt.reply_type = PlainTextType_Bignum;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
return 1;
}
#if 0
if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes )
{
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
return 1;
}
#endif
printf( "RSA data decrypt ok\n" );
// after
afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
afterPtr = (unsigned char*)malloc( afterLen );
my_bignum2bin( afterPtr, afterLen, handle,
reply.reply.decrypt.plain.data.bignum.m );
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
// data show
PrintArray( (char*)"before", beforePtr, beforeLen );
PrintArray( (char*)"middle", middlePtr, middleLen );
PrintArray( (char*)"after", afterPtr, afterLen );
} // encrypt & decrypt
return result;
} // verify_rsa_keypair
void PrintArray( char *pStr, const unsigned char *pData, int length )
{
int i;
printf( "%s(%d bytes)", pStr, length );
for ( i = 0; i < length; i++ )
{
if ( (i % 16) == 0 ) printf( "\n" );
printf( "%02X ", pData[ i ] );
}
printf( "\n" );
} // PrintArray
int main( int argc, char *argv[] )
{
int result = Status_OK;
M_Command cmd;
M_Reply reply;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// init nFast
result = NFastApp_InitEx( &handle, NULL, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFastApp_InitEx\n", result );
return 1;
}
// connecting to hardserver
result = NFastApp_Connect( handle, &nc, 0, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFastApp_Connect\n", result );
return 1;
}
// set bignum upcalls setting
result = NFastApp_SetBignumUpcalls(
handle,
my_bignumreceiveupcall,
my_bignumsendlenupcall,
my_bignumsendupcall,
my_bignumfreeupcall,
my_bignumformatupcall,
NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result );
return 1;
}
// NFKM getinfo
result = NFKM_getinfo( handle, &world, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_getinfo\n", result );
return 1;
}
// init card-loading lib
result = RQCard_init( &card, handle, nc, world, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_init\n", result );
return 1;
}
// init FIPS state
result = RQCard_fips_init( &card, &fips );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_fips_init\n", result );
return 1;
}
// ui select
result = RQCard_ui_default( &card );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_ui_default\n", result );
return 1;
}
// get strict-FIPS authorization
#if 0
NFKM_FIPS140AuthHandle fipsHandle;
M_SlotID slotId;
result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_fips_get\n", result );
return 0;
}
if ( fipsHandle == NULL )
{
printf( "this sworld isn't strict-FIPS.\n" );
}
#endif
#if 0
// list cardsets
int card_num;
NFKM_CardSetIdent *cardident = NULL;
result = NFKM_listcardsets( handle, &card_num, &cardident, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_listcardsets\n", result );
return 0;
}
// find cardsets
result = NFKM_findcardset( handle, cardident, &cardset, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findcardset\n", result );
return 0;
}
// load cardset
result = RQCard_logic_ocs_specific( &card, &(cardset->hkltu), "Load Cardset" );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_logic_ocs_specific\n", result );
return 0;
}
// use specific module : #1
// important!! : if you set resultplace=NULL, abort. (possibility is 100%)
result = RQCard_whichmodule_specific( &card, world->modules[0]->module, &ltid );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_whichmodule_specific\n", result );
}
// wait event loop
result = card.uf->eventloop( &card );
if ( result != Status_OK )
{
printf( "error(%d) : card module event loop\n", result );
}
#endif
// get usable module
moduleinfo = world->modules[0];
result = NFKM_getusablemodule( world, MODULE_ID, &moduleinfo );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_getusablemodule\n", result );
return 1;
}
// list key
#if 0
int key_num;
NFKM_KeyIdent *keylist = NULL;
result = NFKM_listkeys( handle, &key_num, &keylist, "simple", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_listkeys\n", result );
}
NFKM_KeyIdent **tkp = &keylist;
for ( i = 0; i < key_num; i++ )
{
printf( "appname : %s, ident : %s\n", tkp[i]->appname, tkp[i]->ident );
}
#endif
// verify key pair
result = verifyRSAKeyPair( priv_keyident, pub_keyident );
if ( result != Status_OK )
{
printf( "error : verifyRSAKeyPair\n" );
return 1;
}
printf( "RSA keypair verify success.\n" );
// end processing
RQCard_fips_free( &card, &fips );
RQCard_destroy( &card );
NFKM_freeinfo( handle, &world, NULL );
NFastApp_Disconnect( nc, NULL );
NFastApp_Finish( handle, NULL );
return 0;
} // main

338
trunk/hsm_utils/my_hsm_setup.c Normal file
View File

@ -0,0 +1,338 @@
/*
* my_hsm_setup.c
*/
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <limits.h>
#include "nfastapp.h"
#include "nfkm.h"
#include "nfutil.h"
#include "rqcard-applic.h"
#include "rqcard-fips.h"
#include "my_hsm_setup.h"
#include "my_hsm_bignum.h"
#define MODULE_ID 1
#define PRINT_DETAIL 1
// internal functions
int i_my_hsm_initialize_common_1st(
NFast_AppHandle *pHandle,
NFastApp_Connection *pConnection,
NFKM_WorldInfo **ppWorld,
RQCard *pCard,
RQCard_FIPS *pFips );
int i_my_hsm_initialize_common_2nd(
NFKM_WorldInfo **ppWorld,
NFKM_ModuleInfo **pModuleinfo );
/* --------------------- */
int i_my_hsm_initialize_common_1st(
NFast_AppHandle *pHandle,
NFastApp_Connection *pConnection,
NFKM_WorldInfo **ppWorld,
RQCard *pCard,
RQCard_FIPS *pFips )
{
int status = Status_OK;
// init nFast
status = NFastApp_InitEx( pHandle, NULL, NULL );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : NFastApp_InitEx\n", status );
#endif
return status;
}
// connecting to hardserver
status = NFastApp_Connect( *pHandle, pConnection, 0, NULL );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : NFastApp_Connect\n", status );
#endif
return status;
}
// set bignum upcalls setting
status = NFastApp_SetBignumUpcalls(
*pHandle,
my_bignumreceiveupcall,
my_bignumsendlenupcall,
my_bignumsendupcall,
my_bignumfreeupcall,
my_bignumformatupcall,
NULL );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : NFastApp_SetBignumUpcalls\n", status );
#endif
return status;
}
// NFKM getinfo
status = NFKM_getinfo( *pHandle, ppWorld, NULL );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : NFKM_getinfo\n", status );
#endif
return status;
}
// init card-loading lib
status = RQCard_init( pCard, *pHandle, *pConnection, *ppWorld, NULL );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : RQCard_init\n", status );
#endif
return status;
}
// init FIPS state
status = RQCard_fips_init( pCard, pFips );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : RQCard_fips_init\n", status );
#endif
return status;
}
// ui select
status = RQCard_ui_default( pCard );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : RQCard_ui_default\n", status );
#endif
return status;
}
return status;
}
/* --------------------- */
int i_my_hsm_initialize_common_2nd(
NFKM_WorldInfo **ppWorld,
NFKM_ModuleInfo **ppModuleinfo )
{
int status = Status_OK;
// get usable module
*ppModuleinfo = (*ppWorld)->modules[0];
status = NFKM_getusablemodule( *ppWorld, MODULE_ID, ppModuleinfo );
if ( status != Status_OK )
{
printf( "error(%d) : NFKM_getusablemodule\n", status );
return status;
}
return status;
}
/* --------------------- */
int my_hsm_initialize(
NFast_AppHandle *pHandle,
NFastApp_Connection *pConnection,
NFKM_WorldInfo **ppWorld,
RQCard *pCard,
RQCard_FIPS *pFips,
NFKM_ModuleInfo **ppModuleinfo )
{
int status = Status_OK;
status = i_my_hsm_initialize_common_1st(
pHandle, pConnection, ppWorld, pCard, pFips );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : i_my_hsm_initialize_common_1st\n", status );
#endif
return status;
}
status = i_my_hsm_initialize_common_2nd( ppWorld, ppModuleinfo );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : i_my_hsm_initialize_common_2nd\n", status );
#endif
return status;
}
return status;
}
/* --------------------- */
int my_hsm_initialize_ex(
NFast_AppHandle *pHandle,
NFastApp_Connection *pConnection,
NFKM_WorldInfo **ppWorld,
RQCard *pCard,
RQCard_FIPS *pFips,
NFKM_ModuleInfo **ppModuleinfo,
NFKM_FIPS140AuthHandle fipsHandle,
M_SlotID *pSlotId )
{
int status = Status_OK;
status = i_my_hsm_initialize_common_1st(
pHandle, pConnection, ppWorld, pCard, pFips );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : i_my_hsm_initialize_essential\n", status );
#endif
return status;
}
// get strict-FIPS authorization
status = RQCard_fips_get( pFips, 1, &fipsHandle, pSlotId );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : RQCard_fips_get\n", status );
#endif
return status;
}
if ( fipsHandle == NULL )
{
#ifdef PRINT_DETAIL
printf( "this sworld isn't strict-FIPS.\n" );
#endif
}
// list cardsets
int card_num;
NFKM_CardSetIdent *cardident = NULL;
status = NFKM_listcardsets( *pHandle, &card_num, &cardident, NULL );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : NFKM_listcardsets\n", status );
#endif
return status;
}
// find cardsets
NFKM_CardSet *cardset = NULL;
status = NFKM_findcardset( *pHandle, cardident, &cardset, NULL );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : NFKM_findcardset\n", status );
#endif
return status;
}
// load cardset
status = RQCard_logic_ocs_specific( pCard, &(cardset->hkltu), "Load Cardset" );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : RQCard_logic_ocs_specific\n", status );
#endif
return status;
}
// use specific module : #1
// important!! : if you set resultplace(arg3)=NULL, abort. (possibility is 100%)
M_KeyID ltid = 0; // the cardset loaded into the module
status = RQCard_whichmodule_specific( pCard, (*ppWorld)->modules[0]->module, &ltid );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : RQCard_whichmodule_specific\n", status );
#endif
return status;
}
// wait event loop
status = pCard->uf->eventloop( pCard );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : card module event loop\n", status );
#endif
return status;
}
status = i_my_hsm_initialize_common_2nd( ppWorld, ppModuleinfo );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : i_my_hsm_initialize_common_2nd\n", status );
#endif
return status;
}
// list key
int key_num;
NFKM_KeyIdent *keylist = NULL;
status = NFKM_listkeys( *pHandle, &key_num, &keylist, "simple", NULL );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : NFKM_listkeys\n", status );
#endif
return status;
}
NFKM_KeyIdent **tkp = &keylist;
{
int i;
for ( i = 0; i < key_num; i++ )
{
#ifdef PRINT_DETAIL
printf( "appname : %s, ident : %s\n", tkp[i]->appname, tkp[i]->ident );
#endif
}
}
return status;
}
/* --------------------- */
int my_hsm_finalize(
NFast_AppHandle *pHandle,
NFastApp_Connection *pConnection,
NFKM_WorldInfo **ppWorld,
RQCard *pCard,
RQCard_FIPS *pFips )
{
int status = Status_OK;
RQCard_fips_free( pCard, pFips );
RQCard_destroy( pCard );
NFKM_freeinfo( *pHandle, ppWorld, NULL );
status = NFastApp_Disconnect( *pConnection, NULL );
if ( status != Status_OK )
{
#ifdef PRINT_DETAIL
printf( "error(%d) : NFastApp_Disconnect\n", status );
#endif
return status;
}
NFastApp_Finish( *pHandle, NULL );
return status;
}

45
trunk/hsm_utils/my_hsm_setup.h Normal file
View File

@ -0,0 +1,45 @@
/*
* my_hsm_setup.h
*/
#ifndef MY_HSM_SETUP_H
#define MY_HSM_SETUP_H
#include "nfastapp.h"
#ifdef __cplusplus
extern "C" {
#endif
// HSM の初期化, M_Status を返す
int my_hsm_initialize(
NFast_AppHandle *pHandle,
NFastApp_Connection *pConnection,
NFKM_WorldInfo **ppWorld,
RQCard *pCard,
RQCard_FIPS *pFips,
NFKM_ModuleInfo **ppModuleinfo );
int my_hsm_initialize_ex(
NFast_AppHandle *pHandle,
NFastApp_Connection *pConnection,
NFKM_WorldInfo **ppWorld,
RQCard *pCard,
RQCard_FIPS *pFips,
NFKM_ModuleInfo **ppModuleinfo,
NFKM_FIPS140AuthHandle fipsHandle,
M_SlotID *pSlotId );
// HSM の終了処理, M_Status を返す
int my_hsm_finalize(
NFast_AppHandle *pHandle,
NFastApp_Connection *pConnection,
NFKM_WorldInfo **ppWorld,
RQCard *pCard,
RQCard_FIPS *pFips );
#ifdef __cplusplus
}
#endif
#endif // MY_HSM_SETUP_H

548
trunk/hsm_utils/sign_verify_rsa_pkcs1_sha256.c Normal file
View File

@ -0,0 +1,548 @@
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
// openssl
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/aes.h>
#include <openssl/pem.h>
#include "nfastapp.h"
#include "nfkm.h"
#include "rqcard-applic.h"
#include "rqcard-fips.h"
//#include "picky-upcalls.h"
#include "my_hsm_bignum.h"
#include "my_hsm_alloc.h"
#include "my_hsm_setup.h"
#define PRIV_KEY_FILE "./test_key/test-rsa-privkey2048.der"
#define PUB_KEY_FILE "./test_key/test-rsa-pubkey2048.der"
#define DATA_LEN 256 // bytes
// RSA private key data
typedef struct
{
struct NFast_Bignum *p;
struct NFast_Bignum *q;
struct NFast_Bignum *dmp1;
struct NFast_Bignum *dmq1;
struct NFast_Bignum *iqmp;
struct NFast_Bignum *e;
}
RSAPrivateKeyDataBn;
// RSA public key data
typedef struct
{
struct NFast_Bignum *e;
struct NFast_Bignum *n;
}
RSAPublicKeyDataBn;
// global variable
NFast_AppHandle handle;
NFastApp_Connection nc;
NFKM_WorldInfo *pWorld = NULL;
RQCard card;
RQCard_FIPS fips;
NFKM_ModuleInfo *pModuleinfo = NULL;
M_KeyID ltid = 0; // the cardset loaded into the module
const NFKM_KeyIdent priv_keyident = { (char*)"simple", (char*)"test-rsa-privkey2048" };
const NFKM_KeyIdent pub_keyident = { (char*)"simple", (char*)"test-rsa-pubkey2048" };
unsigned char save_enc[DATA_LEN];
// function
int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident );
void PrintArray( char *pStr, const unsigned char *pData, int length );
int createRSAPSSCert( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
{
int i;
int result = Status_OK;
M_ByteBlock *blobptr = NULL;
M_KeyID priv_keyid, pub_keyid;
NFKM_Key *keyinfo = NULL;
M_Command cmd;
M_Reply reply;
priv_keyid = pub_keyid = 0;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// find priv key
result = NFKM_findkey( handle, priv_ident, &keyinfo, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findkey(priv)\n", result );
return result;
}
if ( keyinfo == NULL )
{
printf( "error : not found key(priv)\n" );
return Status_UnknownKey;
}
// load priv key blob
blobptr = &(keyinfo->privblob);
result = NFKM_cmd_loadblob( handle, nc,
pModuleinfo->module, blobptr, ltid, &priv_keyid, "loading priv key blob", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob(priv)\n", result );
return result;
}
NFKM_freekey( handle, keyinfo, NULL );
keyinfo = NULL;
#if 0
// get priv key info
cmd.cmd = Cmd_GetKeyInfo;
cmd.args.getkeyinfo.key = priv_keyid;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result );
return result;
}
printf( "priv key ID : %08X\n", (unsigned int)priv_keyid );
printf( "priv keytype : %d\n", reply.reply.getkeyinfo.type );
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
#endif
// find pub key
result = NFKM_findkey( handle, pub_ident, &keyinfo, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findkey(pub)\n", result );
return result;
}
if ( keyinfo == NULL )
{
printf( "error : not found key(pub)\n" );
return Status_UnknownKey;
}
// load pub key blob
blobptr = &(keyinfo->pubblob); // pub dakedo privblob
result = NFKM_cmd_loadblob( handle, nc,
pModuleinfo->module, blobptr, ltid, &pub_keyid, "loading pub key blob", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob(pub)\n", result );
return result;
}
NFKM_freekey( handle, keyinfo, NULL );
keyinfo = NULL;
#if 0
// get priv key info
cmd.cmd = Cmd_GetKeyInfo;
cmd.args.getkeyinfo.key = pub_keyid;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result );
return result;
}
printf( "pub key ID : %08X\n", (unsigned int)pub_keyid );
printf( "pub keytype : %d\n", reply.reply.getkeyinfo.type );
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
keyinfo = NULL;
#endif
// create cert
{
unsigned char *beforePtr, *middlePtr, *afterPtr;
int beforeLen, middleLen, afterLen;
unsigned char *signPtr, *decPtr;
struct NFast_Bignum *sign_bn, *dec_bn;
M_Mech verify_mech;
beforePtr = middlePtr = afterPtr = NULL;
beforeLen = middleLen = afterLen = 0;
signPtr = decPtr = NULL;
sign_bn = dec_bn = NULL;
M_Hash32 hash32;
M_Hash32 modHash32;
unsigned int magic = 0xdeadbeef;
SHA256( (const unsigned char*)&magic, 4, hash32.bytes );
// HSM は切り詰めないで署名してしまうので自前で加工する
memset( &modHash32, 0, sizeof( modHash32 ) );
modHash32.bytes[2] = hash32.bytes[0] >> 7;
for( i = 3; i < SHA256_DIGEST_LENGTH; i++ )
{
modHash32.bytes[i] = (hash32.bytes[i-3] << 1) | (hash32.bytes[i-2] >> 7);
}
// sign data setting
beforeLen = DATA_LEN - 11;
beforePtr = (unsigned char*)malloc( beforeLen );
for ( i = 0; i < beforeLen; i++ )
beforePtr[i] = ~i;
my_bin2bignum( &(sign_bn), handle, beforePtr, beforeLen );
// sign transact
cmd.cmd = Cmd_Sign;
cmd.args.sign.flags = 0;
cmd.args.sign.key = priv_keyid;
// cmd.args.sign.mech = Mech_RSAhSHA256pPSS;
cmd.args.sign.mech = Mech_RSAhSHA256pPKCS1;
cmd.args.sign.plain.type = PlainTextType_Hash32;
cmd.args.sign.plain.data.hash32.data = hash32;
// cmd.args.sign.plain.data.hash32.data = modHash32;
// RSA_verify_PKCS1_PSS
// cmd.args.sign.plain.data.bignum.m = sign_bn;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Sign)\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Sign)\n", result );
return 1;
}
printf( "RSA PSS sign ok\n" );
// verify data setting
middleLen = reply.reply.sign.sig.data.rsappkcs1.m->nbytes;
middlePtr = (unsigned char*)malloc( middleLen );
my_bignum2bin( middlePtr, middleLen, handle,
reply.reply.sign.sig.data.rsappkcs1.m );
my_bin2bignum( &dec_bn, handle, middlePtr, middleLen );
verify_mech = reply.reply.sign.sig.mech;
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// verify transact
cmd.cmd = Cmd_Verify;
cmd.args.verify.flags = 0;
cmd.args.verify.key = pub_keyid;
// cmd.args.verify.mech = Mech_RSAhSHA256pPSS;
cmd.args.verify.mech = Mech_RSAhSHA256pPKCS1;
cmd.args.verify.plain.type = PlainTextType_Hash32;
cmd.args.verify.plain.data.hash32.data = hash32;
// cmd.args.verify.plain.data.hash32.data = modHash32;
cmd.args.verify.sig.mech = verify_mech;
cmd.args.verify.sig.data.rsappkcs1.m = dec_bn;
// cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
// cmd.args.decrypt.reply_type = PlainTextType_Bignum;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Verify)\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK && result != Status_VerifyFailed )
{
printf( "error(%d) : reply.status(Cmd_Verify)\n", result );
return 1;
}
// リファンレスは間違い。reply の status に検証結果が入る
if ( result == Status_VerifyFailed )
{
printf( "error : Verify Failed(Cmd_Verify)\n" );
return 1;
}
printf( "RSA PSS verify ok\n" );
PrintArray( (char*)"HSM Sign", middlePtr, middleLen );
#if 1
// OpenSSL でも検証開始
{
int ret = 0;
unsigned char *privKeyBuf = NULL;
unsigned char *pubKeyBuf = NULL;
int privKeySize = 0;
int pubKeySize = 0;
RSA *rsa_privkey = NULL;
RSA *rsa_pubkey = NULL;
FILE *pPrivKeyFile;
FILE *pPubKeyFile;
struct stat fileStat;
// priv
stat( PRIV_KEY_FILE, &fileStat );
privKeySize = fileStat.st_size;
privKeyBuf = (unsigned char*)malloc( privKeySize );
pPrivKeyFile = fopen( PRIV_KEY_FILE, "rb" );
if (pPrivKeyFile == NULL)
{
printf("file open error\n");
return 1;
}
fread( privKeyBuf, privKeySize, 1, pPrivKeyFile );
fclose(pPrivKeyFile);
// pub
stat( PUB_KEY_FILE, &fileStat );
pubKeySize = fileStat.st_size;
pubKeyBuf = (unsigned char*)malloc( pubKeySize );
pPubKeyFile = fopen( PUB_KEY_FILE, "rb" );
if (pPubKeyFile == NULL)
{
printf("file open error\n");
return 1;
}
fread( pubKeyBuf, pubKeySize, 1, pPubKeyFile );
fclose(pPubKeyFile);
// DERフォーマットのRSA鍵を読み込み
{
const unsigned char *der_priv = privKeyBuf;
const unsigned char *der_pub = pubKeyBuf;
// int priv_len = der_priv[ 8 ] | der_priv[ 9 ] << 8; // KEY長を取り出し
// int pub_len = der_pub [ 8 ] | der_pub [ 9 ] << 8; // 同上
// der_priv += 0x10; // ヘッダ部分を除外してKEY実体を指定
// der_pub += 0x10; // 同上
// コマンドラインのopensslが出力する秘密鍵は、PKCS#1 RSAPublicKeyフォーマットなので、この関数を使う。
rsa_privkey = d2i_RSAPrivateKey( NULL, &der_priv, privKeySize );
if( rsa_privkey == NULL )
{
printf( "error : d2i_RSAPrivateKey\n" );
return 1;
}
// コマンドラインのopensslが出力する公開鍵は、SubjectPublicKeyInfo形式なので、この関数を使う。
rsa_pubkey = d2i_RSA_PUBKEY( NULL, &der_pub, pubKeySize );
if( rsa_pubkey == NULL )
{
printf( "error : d2i_RSA_PUBKEY\n" );
return 1;
}
}
PrintArray( (char*)"hash32", hash32.bytes, sizeof(hash32) );
// Sign by OpenSSL
unsigned char sigBuf[256]; // TEKITO
unsigned int sigLen = 0;
ret = RSA_sign( NID_sha256, hash32.bytes, 32, sigBuf, &sigLen, rsa_privkey );
if (ret == 0)
{
printf( "error : RSA_sign(by OpenSSL)!\n" );
return 1;
}
printf("sigLen=%d\n", sigLen);
PrintArray( (char*)"sigBuf", sigBuf, sigLen );
// Verify for HSM
ret = RSA_verify( NID_sha256, hash32.bytes, SHA256_DIGEST_LENGTH, middlePtr, middleLen, rsa_pubkey );
if (ret == 0)
{
printf( "error : RSA_verify(by OpenSSL)!\n" );
return 1;
}
printf( "HSM Sign Verify Success!\n" );
}
#endif
PrintArray( (char*)"hash32", hash32.bytes, sizeof(hash32) );
// PrintArray( (char*)"before", beforePtr, beforeLen );
PrintArray( (char*)"middle", middlePtr, middleLen );
return Status_OK;
}
// encrypt & dectypt test
{
unsigned char *beforePtr, *middlePtr, *afterPtr;
int beforeLen, middleLen, afterLen;
unsigned char *encPtr, *decPtr;
struct NFast_Bignum *enc_bn, *dec_bn;
M_Mech dec_mech;
beforePtr = middlePtr = afterPtr = NULL;
beforeLen = middleLen = afterLen = 0;
encPtr = decPtr = NULL;
enc_bn = dec_bn = NULL;
// encrypt data setting
beforeLen = DATA_LEN - 11;
beforePtr = (unsigned char*)malloc( beforeLen );
for ( i = 0; i < beforeLen; i++ )
beforePtr[i] = ~i;
my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen );
#if 0
// my_bignum2bin test
unsigned char debug_buf[ DATA_LEN ];
PrintArray( (char*)"beforePtr", beforePtr, DATA_LEN );
printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" );
my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn );
PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN );
#endif
// encrypt transact
cmd.cmd = Cmd_Encrypt;
cmd.args.encrypt.flags = 0; // Cmd_Encrypt_Args_flags_given_iv_present;
cmd.args.encrypt.key = pub_keyid;
cmd.args.encrypt.mech = Mech_RSApPKCS1;
cmd.args.encrypt.plain.type = PlainTextType_Bignum;
cmd.args.encrypt.plain.data.bignum.m = enc_bn;
//cmd.args.encrypt.given_iv = NULL;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result );
return 1;
}
#if 0
if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes )
{
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
return 1;
}
#endif
printf( "RSA data encrypt ok\n" );
// decrypt data setting
middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
middlePtr = (unsigned char*)malloc( middleLen );
my_bignum2bin( middlePtr, middleLen, handle,
reply.reply.encrypt.cipher.data.rsappkcs1.m );
my_bin2bignum( &dec_bn, handle, middlePtr, middleLen );
dec_mech = reply.reply.encrypt.cipher.mech;
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// decrypt transact
cmd.cmd = Cmd_Decrypt;
cmd.args.decrypt.flags = 0;
cmd.args.decrypt.key = priv_keyid;
cmd.args.decrypt.mech = Mech_RSApPKCS1;
cmd.args.decrypt.cipher.mech = dec_mech;
cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
cmd.args.decrypt.reply_type = PlainTextType_Bignum;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
return 1;
}
#if 0
if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes )
{
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
return 1;
}
#endif
printf( "RSA data decrypt ok\n" );
// after
afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
afterPtr = (unsigned char*)malloc( afterLen );
my_bignum2bin( afterPtr, afterLen, handle,
reply.reply.decrypt.plain.data.bignum.m );
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
// data show
PrintArray( (char*)"before", beforePtr, beforeLen );
PrintArray( (char*)"middle", middlePtr, middleLen );
PrintArray( (char*)"after", afterPtr, afterLen );
} // encrypt & decrypt
return result;
} // createRSAPSSCert
void PrintArray( char *pStr, const unsigned char *pData, int length )
{
int i;
printf( "%s(%d bytes)", pStr, length );
for ( i = 0; i < length; i++ )
{
if ( (i % 16) == 0 ) printf( "\n" );
printf( "%02X ", pData[ i ] );
}
printf( "\n" );
} // PrintArray
int main( int argc, char *argv[] )
{
int result = Status_OK;
// initialize
result = my_hsm_initialize( &handle, &nc, &pWorld, &card, &fips, &pModuleinfo );
if ( result != Status_OK )
{
printf( "error(%d) : my_hsm_initialize\n", result );
return 1;
}
// create rsa-pss cert
result = createRSAPSSCert( priv_keyident, pub_keyident );
if ( result != Status_OK )
{
printf( "error : createRSAPSSCert\n" );
return 1;
}
printf( "RSA-PSS cert create success.\n" );
// finalize
result = my_hsm_finalize( &handle, &nc, &pWorld, &card, &fips );
if ( result != Status_OK )
{
printf( "error(%d) : my_hsm_finalize\n", result );
return 1;
}
return 0;
} // main