rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

hsm_utils:追加

Browse Source 
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@76 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi 2009-12-24 04:23:10 +00:00
parent 5df46f3bfe
commit d9bbb215fe
2 changed files with 639 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
hsm_utils/Makefile Normal file
View File

@ -0,0 +1,173 @@
# Simple makefile for example programs under gcc
#
# Build these with 'make -f Makefile-examples'
#
# Copyright 1997-2008 nCipher Corporation Limited.
#
# This file is example source code. It is provided for your
# information and assistance. See the file LICENCE.TXT for details and the
# terms and conditions of the licence which governs the use of the
# source code. By using such source code you will be accepting these
# terms and conditions. If you do not wish to accept these terms and
# conditions, DO NOT OPEN THE FILE OR USE THE SOURCE CODE.
#
# Note that there is NO WARRANTY.
#
# -------------------------------
#
# Set NFAST_PATH to installation directory of the headers and libraries
NFAST_PATH= /opt/nfast
# Developer tools installation
NFAST_DEV_PATH= $(NFAST_PATH)/c/ctd/gcc
NFAST_EXAMPLES_PATH= $(NFAST_PATH)/c/ctd/examples
# We now have a single library directory, not one per component, in an
# installation, but may be using different paths per component in
# testing.
LIBPATH_SWORLD= $(NFAST_DEV_PATH)/lib
LIBPATH_HILIBS= $(NFAST_DEV_PATH)/lib
LIBPATH_NFLOG= $(NFAST_DEV_PATH)/lib
LIBPATH_CUTILS= $(NFAST_DEV_PATH)/lib
INC_SWORLD= $(NFAST_DEV_PATH)/include/sworld
INC_HILIBS= $(NFAST_DEV_PATH)/include/hilibs
INC_NFLOG= $(NFAST_DEV_PATH)/include/nflog
INC_CUTILS= $(NFAST_DEV_PATH)/include/cutils
EXAMPLES_SWORLD= $(NFAST_EXAMPLES_PATH)/sworld
EXAMPLES_HILIBS= $(NFAST_EXAMPLES_PATH)/hilibs
EXAMPLES_NFLOG= $(NFAST_EXAMPLES_PATH)/nflog
EXAMPLES_CUTILS= $(NFAST_EXAMPLES_PATH)/cutils
# openssl
OPENSSL_DIR = ./GenerateFuseID/openssl-0.9.8k
# Where the source lives
SRCPATH = .
REFPATH = nfuser
CC = gcc
CPPFLAGS= -I$(SRCPATH) \
-I$(INC_SWORLD) \
-I$(INC_HILIBS) \
-I$(INC_NFLOG) \
-I$(INC_CUTILS) \
-I$(EXAMPLES_SWORLD) \
-I$(EXAMPLES_HILIBS) \
-I$(EXAMPLES_NFLOG) \
-I$(EXAMPLES_CUTILS) \
$(XCPPFLAGS) \
-I$(OPENSSL_DIR)/include \
-I$(OPENSSL_DIR)/crypto/ec \
CFLAGS= -g -O2 -Wall -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -D_GNU_SOURCE -Wno-nonnull -O2 -fPIC -Wno-nonnull $(XCFLAGS)
# -Werror -> N/A
LINK= gcc
LDFLAGS= $(XLDFLAGS) -L$(OPENSSL_DIR)
LDFLAGS_THREADED= $(LDFLAGS) $(XLDFLAGS_THREADED)
LDLIBS= $(XLDLIBS) -lcrypto -lssl -ldl -lnsl
LDLIBS_THREADED= $(XLDLIBS_THREADED) -lpthread $(LDLIBS)
# Targets ------------------------
all: simple
XLDLIBS= $(LIBPATH_SWORLD)/librqcard.a \
$(LIBPATH_SWORLD)/libnfkm.a \
$(LIBPATH_HILIBS)/libnfstub.a \
$(LIBPATH_NFLOG)/libnflog.a \
$(LIBPATH_CUTILS)/libcutils.a -lm
#COMMON_OBJECTS= simplecmd.o simplebignum.o nfutil.o nfopt.o getdate.o report.o report-usage.o nftypes.o tokenise.o
COMMON_OBJECTS = $(REFPATH)/simplecmd.o $(REFPATH)/simplebignum.o $(REFPATH)/nfutil.o $(REFPATH)/nfopt.o $(REFPATH)/getdate.o $(REFPATH)/report.o $(REFPATH)/report-usage.o $(REFPATH)/nftypes.o $(REFPATH)/tokenise.o
#COMMON_HEADERS= simplecmd.h simplebignum.h nfutil.h nfopt.h nftypes.h tokenise.h
COMMON_HEADERS= $(REFPATH)/simplecmd.h $(REFPATH)/simplebignum.h $(REFPATH)/nfutil.h $(REFPATH)/nfopt.h $(REFPATH)/nftypes.h $(REFPATH)/tokenise.h
# We supply an up-to-date getdate.c in the cutils component. Prevent it
# from being automatically rebuilt in the case where getdate.y's mtime
# is (usually accidentally) newer; if you want to modify it, do so in
# cutils.
$(SRCPATH)/getdate.c: ;
# Simple (non-threaded) programs ------------
gen_rand: gen_rand.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o gen_rand gen_rand.c $(COMMON_OBJECTS) $(LDLIBS)
bench_rand: bench_rand.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o bench_rand bench_rand.c $(COMMON_OBJECTS) $(LDLIBS)
encdec_aes.o: encdec_aes.c $(COMMON_HEADERS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o encdec_aes.o -c encdec_aes.c
encdec_aes: encdec_aes.o
$(LINK) $(LDFLAGS) -o encdec_aes encdec_aes.o $(COMMON_OBJECTS) $(LDLIBS)
refcmd_aes.o: refcmd_aes.c $(COMMON_HEADERS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o refcmd_aes.o -c refcmd_aes.c
refcmd_aes: refcmd_aes.o
$(LINK) $(LDFLAGS) -o refcmd_aes refcmd_aes.o $(COMMON_OBJECTS) $(LDLIBS)
bench_refcmd_aes.o: bench_refcmd_aes.c $(COMMON_HEADERS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o bench_refcmd_aes.o -c bench_refcmd_aes.c
bench_refcmd_aes: bench_refcmd_aes.o
$(LINK) $(LDFLAGS) -o bench_refcmd_aes bench_refcmd_aes.o $(COMMON_OBJECTS) $(LDLIBS)
refgen_rsa: refgen_rsa.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o refgen_rsa refgen_rsa.c $(COMMON_OBJECTS) $(REFPATH)/generictest.o $(LDLIBS)
bench_refgen_rsa: bench_refgen_rsa.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o bench_refgen_rsa bench_refgen_rsa.c $(COMMON_OBJECTS) $(REFPATH)/generictest.o $(LDLIBS)
del_key.o: del_key.c $(COMMON_HEADERS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o del_key.o -c del_key.c
EXTRA_OBJECTS = $(REFPATH)/ncthread-upcalls.o $(REFPATH)/ncthread-unix.o $(REFPATH)/normalmalloc.o $(COMMON_OBJECTS)
del_key: del_key.o $(EXTRA_OBJECTS)
$(LINK) $(LDFLAGS_THREADED) -o del_key del_key.o $(EXTRA_OBJECTS) $(LDLIBS_THREADED)
load_common_key: load_common_key.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o load_common_key load_common_key.c $(COMMON_OBJECTS) $(LDLIBS)
load_asymmetric_key: load_asymmetric_key.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o load_asymmetric_key load_asymmetric_key.c $(COMMON_OBJECTS) $(LDLIBS)
import_common_key: import_common_key.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o import_common_key import_common_key.c $(COMMON_OBJECTS) $(LDLIBS)
import_pub_key: import_pub_key.c
$(CC) $(CFLAGS) $(CPPFLAGS) -o import_pub_key import_pub_key.c $(COMMON_OBJECTS) $(LDLIBS)
# All single-threaded targets
TARGETS_SIMPLE= \
gen_rand \
bench_rand \
encdec_aes \
refcmd_aes \
bench_refcmd_aes \
refgen_rsa \
bench_refgen_rsa \
load_common_key \
load_asymmetric_key \
import_common_key \
import_pub_key \
del_key
simple: $(TARGETS_SIMPLE)
# Secondary targets ------------------------
clean:
rm -f *.o
rm -f $(TARGETS_SIMPLE)

466
hsm_utils/import_common_key.c Normal file
View File

@ -0,0 +1,466 @@
// import key (+ encrypt, decrypt) test for nShield
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "nfastapp.h"
#include "nfkm.h"
#include "rqcard-applic.h"
#include "rqcard-fips.h"
#include "simplebignum.h"
#include "ncthread-upcalls.h"
//#include "picky-upcalls.h"
#include "simplecmd.h"
#define MODULE_ID 1
#define DATA_LEN 256 // bytes
unsigned char aes_key_data[32];
typedef struct _NFast_Call_Context
{
int notused;
}
NFast_Call_Context;
NFast_Call_Context context;
typedef struct NFast_Transaction_Context
{
M_Command cmd;
M_Reply reply;
}
NFast_Transaction_Context;
NFast_Transaction_Context tc;
static void *my_malloc( size_t nbytes,
struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx );
static void *my_realloc( void *ptr, size_t nbytes,
struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx );
static void my_free( void *ptr,
struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx );
const NFast_MallocUpcalls my_malloc_upcalls =
{
my_malloc, my_realloc, my_free
};
static void *my_malloc( size_t nbytes,
struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx )
{
return malloc( nbytes );
}
static void *my_realloc( void *ptr, size_t nbytes,
struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx )
{
return realloc( ptr, nbytes );
}
static void my_free( void *ptr,
struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx )
{
free( ptr );
}
int main( int argc, char *argv[] )
{
int i;
int result = 0;
int rand_size = 80;
NFast_AppHandle handle;
NFastApp_Connection nc;
NFKM_WorldInfo *world = NULL;
RQCard card;
RQCard_FIPS fips;
M_KeyID ltid; // the cardset loaded into the module
M_KeyID keyid;
NFKM_Key *keyinfo;
if ( argc == 2 )
rand_size = atoi( argv[1] );
// input aes key data
for ( i = 0; i < 32; i++ )
aes_key_data[i] = i;
// init nFast
NFastAppInitArgs app_init_args;
memset( &app_init_args, 0, sizeof( app_init_args ) );
app_init_args.flags = NFAPP_IF_MALLOC | NFAPP_IF_BIGNUM;
app_init_args.mallocupcalls = &my_malloc_upcalls;
app_init_args.bignumupcalls = &sbn_upcalls;
//app_init_args.newthreadupcalls = &newthread_upcalls;
result = NFastApp_InitEx( &handle, &app_init_args, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFastApp_InitEx\n", result );
}
// connecting to hardserver
result = NFastApp_Connect( handle, &nc, 0, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFastApp_Connect\n", result );
}
// set bignum upcalls setting
result = NFastApp_SetBignumUpcalls(
handle,
sbn_bignumreceiveupcall,
sbn_bignumsendlenupcall,
sbn_bignumsendupcall,
sbn_bignumfreeupcall,
sbn_bignumformatupcall,
NULL );
// NFKM getinfo
result = NFKM_getinfo( handle, &world, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_getinfo\n", result );
}
// init card-loading lib
result = RQCard_init( &card, handle, nc, world, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_init\n", result );
}
// init FIPS state
result = RQCard_fips_init( &card, &fips );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_fips_init\n", result );
}
// ui select
//result = RQCard_ui_default( &card );
result = RQCard_ui_scroll( &card );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_ui_xxx\n", result );
}
// get strict-FIPS authorization
#if 0
NFKM_FIPS140AuthHandle fipsHandle;
M_SlotID slotId;
result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_fips_get\n", result );
}
if ( fipsHandle == NULL )
{
printf( "this sworld isn't strict-FIPS.\n" );
}
#endif
// list cardsets
int card_num;
NFKM_CardSetIdent *cardident = NULL;
result = NFKM_listcardsets( handle, &card_num, &cardident, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_listcardsets\n", result );
}
// find cardsets
NFKM_CardSet *cardset = NULL;
result = NFKM_findcardset( handle, cardident, &cardset, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findcardset\n", result );
}
// load cardset
result = RQCard_logic_ocs_specific( &card, &(cardset->hkltu), "Load Cardset" );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_logic_ocs_specific\n", result );
}
// use specific module : #1
// important!! : if you set resultplace=NULL, abort. (possibility is 100%)
result = RQCard_whichmodule_specific( &card, world->modules[0]->module, &ltid );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_whichmodule_specific\n", result );
}
// wait event loop
result = card.uf->eventloop( &card );
if ( result != Status_OK )
{
printf( "error(%d) : card module event loop\n", result );
}
// get usable module
NFKM_ModuleInfo *moduleinfo = world->modules[0];
result = NFKM_getusablemodule( world, MODULE_ID, &moduleinfo );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_getusablemodule\n", result );
}
// make ACL
NFKM_MakeACLParams map;
NFKM_MakeBlobsParams mbp;
memset( &map, 0, sizeof( map ) );
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
map.op_base = (NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY |
NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT );
map.cs = cardset;
result = NFKM_newkey_makeaclx( handle, nc, world, &map,
&(tc.cmd.args.import.acl), NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_newkey_makeaclx\n", result );
}
// import key
NFKM_KeyIdent keyident = { (char*)"custom", (char*)"aes-import-key" };
tc.cmd.cmd = Cmd_Import;
tc.cmd.args.import.module = MODULE_ID;
tc.cmd.args.import.data.type = KeyType_Rijndael;
tc.cmd.args.import.data.data.random.k.len = 32;
tc.cmd.args.import.data.data.random.k.ptr = aes_key_data;
result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_newkey_makeaclx\n", result );
}
// make blobs
NFKM_Key reg_key;
memset( &mbp, 0, sizeof( mbp ) );
memset( &reg_key, 0, sizeof( reg_key ) );
mbp.f = map.f;
mbp.kpriv = tc.reply.reply.import.key;
mbp.lt = ltid;
mbp.cs = cardset;
reg_key.v = Key__maxversion; // TORIAEZU Version Max (8)
reg_key.name = keyident.ident;
reg_key.appname = keyident.appname;
reg_key.ident = keyident.ident;
time( &(reg_key.gentime) );
result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, &reg_key, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_newkey_makeblobsx\n", result );
}
// record key to disk
result = NFKM_recordkey( handle, &reg_key, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_recordkey\n", result );
}
printf( "record key success?\n" );
// destroy key
result = NFKM_cmd_destroy( handle, nc, 0, tc.reply.reply.import.key,
"import.key", NULL );
// list key
#if 0
int key_num;
NFKM_KeyIdent *keylist = NULL;
result = NFKM_listkeys( handle, &key_num, &keylist, "simple", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_listkeys\n", result );
}
NFKM_KeyIdent **tkp = &keylist;
for ( i = 0; i < key_num; i++ )
{
printf( "appname : %s, ident : %s\n", tkp[i]->appname, tkp[i]->ident );
}
#endif
// find key
NFKM_KeyIdent ki_v = { (char*)"custom", (char*)"aes-import-key" };
printf( "appname : %s, ident : %s\n", ki_v.appname, ki_v.ident );
result = NFKM_findkey( handle, ki_v, &keyinfo, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findkey\n", result );
}
// load blob
M_ByteBlock *blobptr;
if ( keyinfo->pubblob.len)
blobptr = &keyinfo->pubblob;
else
{
printf( "aes is symmetric key!\n" );
blobptr = &keyinfo->privblob;
}
result = NFKM_cmd_loadblob( handle, nc,
moduleinfo->module, blobptr, ltid, &keyid, "loading key blob", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob\n", result );
}
printf( "key ID : %u\n", (unsigned int)keyid );
// get key info
tc.cmd.cmd = Cmd_GetKeyInfo;
tc.cmd.args.getkeyinfo.key = keyid;
result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result );
}
// if type == 30 then Rijndael(AES)
printf( "keytype : %d\n", tc.reply.reply.getkeyinfo.type );
// encrypt & dectypt test
{
M_ByteBlock enc_input, dec_input;
M_ByteBlock enc_output, dec_output;
M_IV base_iv, enc_iv, dec_iv;
// data setting
enc_input.len = DATA_LEN;
enc_input.ptr = (unsigned char*)malloc( DATA_LEN );
for ( i = 0; i < enc_input.len; i++ )
enc_input.ptr[i] = i;
base_iv.mech = Mech_RijndaelmCBCpNONE;
for ( i = 0; i < 16; i++ )
base_iv.iv.generic128.iv.bytes[i] = i;
enc_iv = base_iv;
dec_iv = base_iv;
// encrypt : my ver
tc.cmd.cmd = Cmd_Encrypt;
tc.cmd.args.encrypt.key = keyid;
tc.cmd.args.encrypt.mech = Mech_RijndaelmCBCpNONE;
tc.cmd.args.encrypt.plain.type = PlainTextType_Bytes;
tc.cmd.args.encrypt.plain.data.bytes.data = enc_input;
tc.cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present;
tc.cmd.args.encrypt.given_iv = &enc_iv;
result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result );
}
result = tc.reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result );
}
enc_output.len = tc.reply.reply.encrypt.cipher.data.generic128.cipher.len;
if ( enc_output.len != DATA_LEN )
{
printf( "error : output data size isn't %d bytes(Cmd_Encrypt)\n", (int)enc_output.len );
}
enc_output.ptr = (unsigned char*)malloc( enc_output.len );
memcpy( enc_output.ptr,
tc.reply.reply.encrypt.cipher.data.generic128.cipher.ptr,
enc_output.len );
printf( "encrypt ok\n" );
dec_input.len = enc_output.len;
dec_input.ptr = (unsigned char*)malloc( dec_input.len );
memcpy( dec_input.ptr, enc_output.ptr, DATA_LEN );
NFastApp_Free_Reply( handle, NULL, NULL, &(tc.reply) );
// decrypt : my ver
tc.cmd.cmd = Cmd_Decrypt;
tc.cmd.args.decrypt.flags = 0;
tc.cmd.args.decrypt.key = keyid;
tc.cmd.args.decrypt.mech = Mech_RijndaelmCBCpNONE;
tc.cmd.args.decrypt.cipher.mech = Mech_RijndaelmCBCpNONE;
tc.cmd.args.decrypt.cipher.data.generic128.cipher = dec_input;
tc.cmd.args.decrypt.cipher.iv = dec_iv.iv;
tc.cmd.args.decrypt.reply_type = PlainTextType_Bytes;
result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result );
}
result = tc.reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
}
dec_output.len = tc.reply.reply.decrypt.plain.data.bytes.data.len;
if ( dec_output.len != DATA_LEN )
{
printf( "error : output size isn't %d bytes(Cmd_Decrypt)\n", (int)enc_output.len );
}
dec_output.ptr = (unsigned char*)malloc( dec_output.len );
memcpy( dec_output.ptr,
tc.reply.reply.decrypt.plain.data.bytes.data.ptr,
dec_output.len );
printf( "decrypt ok\n" );
NFastApp_Free_Reply( handle, NULL, NULL, &(tc.reply) );
// key destroy
memset( &(tc.cmd), 0, sizeof( tc.cmd ) ); // fail if NFastApp_Free_Command
tc.cmd.cmd = Cmd_Destroy;
tc.cmd.args.destroy.key = keyid;
result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFastApp_Transact(Cmd_Destroy)\n", result );
}
NFastApp_Free_Reply( handle, NULL, NULL, &(tc.reply) );
// data show
printf( "enc_input : (%d bytes)", (int)enc_input.len );
for ( i = 0; i < enc_input.len; i++ )
{
if ( i % 16 == 0 )
printf( "\n" );
printf( "%02X ", enc_input.ptr[i] );
}
printf( "\n" );
printf( "\nenc_output : (%d bytes)", (int)enc_output.len );
for ( i = 0; i < enc_output.len; i++ )
{
if ( i % 16 == 0 )
printf( "\n" );
printf( "%02X ", enc_output.ptr[i] );
}
printf( "\n" );
printf( "\ndec_output : (%d bytes)", (int)dec_output.len );
for ( i = 0; i < dec_output.len; i++ )
{
if ( i % 16 == 0 )
printf( "\n" );
printf( "%02X ", dec_output.ptr[i] );
}
printf( "\n" );
} // encrypt & decrypt
// end processing
RQCard_fips_free( &card, &fips );
RQCard_destroy( &card );
NFKM_freekey( handle, keyinfo, NULL );
NFKM_freeinfo( handle, &world, NULL );
NFastApp_Disconnect( nc, NULL );
NFastApp_Finish( handle, NULL );
return 0;
} // main