From d9bbb215feacc22997cff567de80da0681730055 Mon Sep 17 00:00:00 2001 From: kubodera_yuichi Date: Thu, 24 Dec 2009 04:23:10 +0000 Subject: [PATCH] =?UTF-8?q?hsm=5Futils:=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@76 ff987cc8-cf2f-4642-8568-d52cce064691 --- hsm_utils/Makefile | 173 +++++++++++++ hsm_utils/import_common_key.c | 466 ++++++++++++++++++++++++++++++++++ 2 files changed, 639 insertions(+) create mode 100644 hsm_utils/Makefile create mode 100644 hsm_utils/import_common_key.c diff --git a/hsm_utils/Makefile b/hsm_utils/Makefile new file mode 100644 index 0000000..93144ca --- /dev/null +++ b/hsm_utils/Makefile @@ -0,0 +1,173 @@ +# Simple makefile for example programs under gcc +# +# Build these with 'make -f Makefile-examples' +# +# Copyright 1997-2008 nCipher Corporation Limited. +# +# This file is example source code. It is provided for your +# information and assistance. See the file LICENCE.TXT for details and the +# terms and conditions of the licence which governs the use of the +# source code. By using such source code you will be accepting these +# terms and conditions. If you do not wish to accept these terms and +# conditions, DO NOT OPEN THE FILE OR USE THE SOURCE CODE. +# +# Note that there is NO WARRANTY. +# + +# ------------------------------- +# +# Set NFAST_PATH to installation directory of the headers and libraries +NFAST_PATH= /opt/nfast + +# Developer tools installation +NFAST_DEV_PATH= $(NFAST_PATH)/c/ctd/gcc +NFAST_EXAMPLES_PATH= $(NFAST_PATH)/c/ctd/examples + +# We now have a single library directory, not one per component, in an +# installation, but may be using different paths per component in +# testing. +LIBPATH_SWORLD= $(NFAST_DEV_PATH)/lib +LIBPATH_HILIBS= $(NFAST_DEV_PATH)/lib +LIBPATH_NFLOG= $(NFAST_DEV_PATH)/lib +LIBPATH_CUTILS= $(NFAST_DEV_PATH)/lib + +INC_SWORLD= $(NFAST_DEV_PATH)/include/sworld +INC_HILIBS= $(NFAST_DEV_PATH)/include/hilibs +INC_NFLOG= $(NFAST_DEV_PATH)/include/nflog +INC_CUTILS= $(NFAST_DEV_PATH)/include/cutils + +EXAMPLES_SWORLD= $(NFAST_EXAMPLES_PATH)/sworld +EXAMPLES_HILIBS= $(NFAST_EXAMPLES_PATH)/hilibs +EXAMPLES_NFLOG= $(NFAST_EXAMPLES_PATH)/nflog +EXAMPLES_CUTILS= $(NFAST_EXAMPLES_PATH)/cutils + +# openssl +OPENSSL_DIR = ./GenerateFuseID/openssl-0.9.8k + + +# Where the source lives +SRCPATH = . +REFPATH = nfuser + +CC = gcc +CPPFLAGS= -I$(SRCPATH) \ + -I$(INC_SWORLD) \ + -I$(INC_HILIBS) \ + -I$(INC_NFLOG) \ + -I$(INC_CUTILS) \ + -I$(EXAMPLES_SWORLD) \ + -I$(EXAMPLES_HILIBS) \ + -I$(EXAMPLES_NFLOG) \ + -I$(EXAMPLES_CUTILS) \ + $(XCPPFLAGS) \ + -I$(OPENSSL_DIR)/include \ + -I$(OPENSSL_DIR)/crypto/ec \ + +CFLAGS= -g -O2 -Wall -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -D_GNU_SOURCE -Wno-nonnull -O2 -fPIC -Wno-nonnull $(XCFLAGS) +# -Werror -> N/A + +LINK= gcc +LDFLAGS= $(XLDFLAGS) -L$(OPENSSL_DIR) +LDFLAGS_THREADED= $(LDFLAGS) $(XLDFLAGS_THREADED) +LDLIBS= $(XLDLIBS) -lcrypto -lssl -ldl -lnsl +LDLIBS_THREADED= $(XLDLIBS_THREADED) -lpthread $(LDLIBS) + +# Targets ------------------------ + +all: simple + + +XLDLIBS= $(LIBPATH_SWORLD)/librqcard.a \ + $(LIBPATH_SWORLD)/libnfkm.a \ + $(LIBPATH_HILIBS)/libnfstub.a \ + $(LIBPATH_NFLOG)/libnflog.a \ + $(LIBPATH_CUTILS)/libcutils.a -lm + +#COMMON_OBJECTS= simplecmd.o simplebignum.o nfutil.o nfopt.o getdate.o report.o report-usage.o nftypes.o tokenise.o +COMMON_OBJECTS = $(REFPATH)/simplecmd.o $(REFPATH)/simplebignum.o $(REFPATH)/nfutil.o $(REFPATH)/nfopt.o $(REFPATH)/getdate.o $(REFPATH)/report.o $(REFPATH)/report-usage.o $(REFPATH)/nftypes.o $(REFPATH)/tokenise.o + +#COMMON_HEADERS= simplecmd.h simplebignum.h nfutil.h nfopt.h nftypes.h tokenise.h +COMMON_HEADERS= $(REFPATH)/simplecmd.h $(REFPATH)/simplebignum.h $(REFPATH)/nfutil.h $(REFPATH)/nfopt.h $(REFPATH)/nftypes.h $(REFPATH)/tokenise.h + +# We supply an up-to-date getdate.c in the cutils component. Prevent it +# from being automatically rebuilt in the case where getdate.y's mtime +# is (usually accidentally) newer; if you want to modify it, do so in +# cutils. +$(SRCPATH)/getdate.c: ; + +# Simple (non-threaded) programs ------------ + +gen_rand: gen_rand.c + $(CC) $(CFLAGS) $(CPPFLAGS) -o gen_rand gen_rand.c $(COMMON_OBJECTS) $(LDLIBS) + +bench_rand: bench_rand.c + $(CC) $(CFLAGS) $(CPPFLAGS) -o bench_rand bench_rand.c $(COMMON_OBJECTS) $(LDLIBS) + +encdec_aes.o: encdec_aes.c $(COMMON_HEADERS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o encdec_aes.o -c encdec_aes.c + +encdec_aes: encdec_aes.o + $(LINK) $(LDFLAGS) -o encdec_aes encdec_aes.o $(COMMON_OBJECTS) $(LDLIBS) + +refcmd_aes.o: refcmd_aes.c $(COMMON_HEADERS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o refcmd_aes.o -c refcmd_aes.c + +refcmd_aes: refcmd_aes.o + $(LINK) $(LDFLAGS) -o refcmd_aes refcmd_aes.o $(COMMON_OBJECTS) $(LDLIBS) + +bench_refcmd_aes.o: bench_refcmd_aes.c $(COMMON_HEADERS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o bench_refcmd_aes.o -c bench_refcmd_aes.c + +bench_refcmd_aes: bench_refcmd_aes.o + $(LINK) $(LDFLAGS) -o bench_refcmd_aes bench_refcmd_aes.o $(COMMON_OBJECTS) $(LDLIBS) + +refgen_rsa: refgen_rsa.c + $(CC) $(CFLAGS) $(CPPFLAGS) -o refgen_rsa refgen_rsa.c $(COMMON_OBJECTS) $(REFPATH)/generictest.o $(LDLIBS) + +bench_refgen_rsa: bench_refgen_rsa.c + $(CC) $(CFLAGS) $(CPPFLAGS) -o bench_refgen_rsa bench_refgen_rsa.c $(COMMON_OBJECTS) $(REFPATH)/generictest.o $(LDLIBS) + +del_key.o: del_key.c $(COMMON_HEADERS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o del_key.o -c del_key.c + +EXTRA_OBJECTS = $(REFPATH)/ncthread-upcalls.o $(REFPATH)/ncthread-unix.o $(REFPATH)/normalmalloc.o $(COMMON_OBJECTS) + +del_key: del_key.o $(EXTRA_OBJECTS) + $(LINK) $(LDFLAGS_THREADED) -o del_key del_key.o $(EXTRA_OBJECTS) $(LDLIBS_THREADED) + +load_common_key: load_common_key.c + $(CC) $(CFLAGS) $(CPPFLAGS) -o load_common_key load_common_key.c $(COMMON_OBJECTS) $(LDLIBS) + +load_asymmetric_key: load_asymmetric_key.c + $(CC) $(CFLAGS) $(CPPFLAGS) -o load_asymmetric_key load_asymmetric_key.c $(COMMON_OBJECTS) $(LDLIBS) + +import_common_key: import_common_key.c + $(CC) $(CFLAGS) $(CPPFLAGS) -o import_common_key import_common_key.c $(COMMON_OBJECTS) $(LDLIBS) + +import_pub_key: import_pub_key.c + $(CC) $(CFLAGS) $(CPPFLAGS) -o import_pub_key import_pub_key.c $(COMMON_OBJECTS) $(LDLIBS) + +# All single-threaded targets + +TARGETS_SIMPLE= \ + gen_rand \ + bench_rand \ + encdec_aes \ + refcmd_aes \ + bench_refcmd_aes \ + refgen_rsa \ + bench_refgen_rsa \ + load_common_key \ + load_asymmetric_key \ + import_common_key \ + import_pub_key \ + del_key + +simple: $(TARGETS_SIMPLE) + +# Secondary targets ------------------------ + +clean: + rm -f *.o + rm -f $(TARGETS_SIMPLE) + diff --git a/hsm_utils/import_common_key.c b/hsm_utils/import_common_key.c new file mode 100644 index 0000000..ceca68f --- /dev/null +++ b/hsm_utils/import_common_key.c @@ -0,0 +1,466 @@ + +// import key (+ encrypt, decrypt) test for nShield + +#include +#include +#include +#include + +#include "nfastapp.h" +#include "nfkm.h" +#include "rqcard-applic.h" +#include "rqcard-fips.h" + +#include "simplebignum.h" +#include "ncthread-upcalls.h" +//#include "picky-upcalls.h" + +#include "simplecmd.h" + +#define MODULE_ID 1 +#define DATA_LEN 256 // bytes + +unsigned char aes_key_data[32]; + +typedef struct _NFast_Call_Context +{ + int notused; +} +NFast_Call_Context; +NFast_Call_Context context; + +typedef struct NFast_Transaction_Context +{ + M_Command cmd; + M_Reply reply; +} +NFast_Transaction_Context; +NFast_Transaction_Context tc; + +static void *my_malloc( size_t nbytes, + struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); +static void *my_realloc( void *ptr, size_t nbytes, + struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); +static void my_free( void *ptr, + struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); + +const NFast_MallocUpcalls my_malloc_upcalls = +{ + my_malloc, my_realloc, my_free +}; + +static void *my_malloc( size_t nbytes, + struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ) +{ + return malloc( nbytes ); +} + +static void *my_realloc( void *ptr, size_t nbytes, + struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ) +{ + return realloc( ptr, nbytes ); +} + +static void my_free( void *ptr, + struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ) +{ + free( ptr ); +} + +int main( int argc, char *argv[] ) +{ + int i; + int result = 0; + int rand_size = 80; + + NFast_AppHandle handle; + NFastApp_Connection nc; + NFKM_WorldInfo *world = NULL; + RQCard card; + RQCard_FIPS fips; + M_KeyID ltid; // the cardset loaded into the module + M_KeyID keyid; + NFKM_Key *keyinfo; + + if ( argc == 2 ) + rand_size = atoi( argv[1] ); + + // input aes key data + for ( i = 0; i < 32; i++ ) + aes_key_data[i] = i; + + // init nFast + NFastAppInitArgs app_init_args; + memset( &app_init_args, 0, sizeof( app_init_args ) ); + app_init_args.flags = NFAPP_IF_MALLOC | NFAPP_IF_BIGNUM; + app_init_args.mallocupcalls = &my_malloc_upcalls; + app_init_args.bignumupcalls = &sbn_upcalls; + //app_init_args.newthreadupcalls = &newthread_upcalls; + result = NFastApp_InitEx( &handle, &app_init_args, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFastApp_InitEx\n", result ); + } + + // connecting to hardserver + result = NFastApp_Connect( handle, &nc, 0, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFastApp_Connect\n", result ); + } + + // set bignum upcalls setting + result = NFastApp_SetBignumUpcalls( + handle, + sbn_bignumreceiveupcall, + sbn_bignumsendlenupcall, + sbn_bignumsendupcall, + sbn_bignumfreeupcall, + sbn_bignumformatupcall, + NULL ); + + // NFKM getinfo + result = NFKM_getinfo( handle, &world, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_getinfo\n", result ); + } + + // init card-loading lib + result = RQCard_init( &card, handle, nc, world, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_init\n", result ); + } + + // init FIPS state + result = RQCard_fips_init( &card, &fips ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_fips_init\n", result ); + } + + // ui select + //result = RQCard_ui_default( &card ); + result = RQCard_ui_scroll( &card ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_ui_xxx\n", result ); + } + + // get strict-FIPS authorization +#if 0 + NFKM_FIPS140AuthHandle fipsHandle; + M_SlotID slotId; + result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_fips_get\n", result ); + } + if ( fipsHandle == NULL ) + { + printf( "this sworld isn't strict-FIPS.\n" ); + } +#endif + + // list cardsets + int card_num; + NFKM_CardSetIdent *cardident = NULL; + result = NFKM_listcardsets( handle, &card_num, &cardident, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_listcardsets\n", result ); + } + + // find cardsets + NFKM_CardSet *cardset = NULL; + result = NFKM_findcardset( handle, cardident, &cardset, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_findcardset\n", result ); + } + + // load cardset + result = RQCard_logic_ocs_specific( &card, &(cardset->hkltu), "Load Cardset" ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_logic_ocs_specific\n", result ); + } + + // use specific module : #1 + // important!! : if you set resultplace=NULL, abort. (possibility is 100%) + result = RQCard_whichmodule_specific( &card, world->modules[0]->module, <id ); + if ( result != Status_OK ) + { + printf( "error(%d) : RQCard_whichmodule_specific\n", result ); + } + + // wait event loop + result = card.uf->eventloop( &card ); + if ( result != Status_OK ) + { + printf( "error(%d) : card module event loop\n", result ); + } + + // get usable module + NFKM_ModuleInfo *moduleinfo = world->modules[0]; + result = NFKM_getusablemodule( world, MODULE_ID, &moduleinfo ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_getusablemodule\n", result ); + } + + // make ACL + NFKM_MakeACLParams map; + NFKM_MakeBlobsParams mbp; + memset( &map, 0, sizeof( map ) ); + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; + map.op_base = (NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY | + NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT ); + map.cs = cardset; + result = NFKM_newkey_makeaclx( handle, nc, world, &map, + &(tc.cmd.args.import.acl), NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); + } + + // import key + NFKM_KeyIdent keyident = { (char*)"custom", (char*)"aes-import-key" }; + tc.cmd.cmd = Cmd_Import; + tc.cmd.args.import.module = MODULE_ID; + tc.cmd.args.import.data.type = KeyType_Rijndael; + tc.cmd.args.import.data.data.random.k.len = 32; + tc.cmd.args.import.data.data.random.k.ptr = aes_key_data; + result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); + } + + // make blobs + NFKM_Key reg_key; + memset( &mbp, 0, sizeof( mbp ) ); + memset( ®_key, 0, sizeof( reg_key ) ); + mbp.f = map.f; + mbp.kpriv = tc.reply.reply.import.key; + mbp.lt = ltid; + mbp.cs = cardset; + reg_key.v = Key__maxversion; // TORIAEZU Version Max (8) + reg_key.name = keyident.ident; + reg_key.appname = keyident.appname; + reg_key.ident = keyident.ident; + time( &(reg_key.gentime) ); + result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, ®_key, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_newkey_makeblobsx\n", result ); + } + + // record key to disk + result = NFKM_recordkey( handle, ®_key, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_recordkey\n", result ); + } + + printf( "record key success?\n" ); + + // destroy key + result = NFKM_cmd_destroy( handle, nc, 0, tc.reply.reply.import.key, + "import.key", NULL ); + + // list key +#if 0 + int key_num; + NFKM_KeyIdent *keylist = NULL; + result = NFKM_listkeys( handle, &key_num, &keylist, "simple", NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_listkeys\n", result ); + } + NFKM_KeyIdent **tkp = &keylist; + for ( i = 0; i < key_num; i++ ) + { + printf( "appname : %s, ident : %s\n", tkp[i]->appname, tkp[i]->ident ); + } +#endif + + // find key + NFKM_KeyIdent ki_v = { (char*)"custom", (char*)"aes-import-key" }; + + printf( "appname : %s, ident : %s\n", ki_v.appname, ki_v.ident ); + + result = NFKM_findkey( handle, ki_v, &keyinfo, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_findkey\n", result ); + } + + // load blob + M_ByteBlock *blobptr; + if ( keyinfo->pubblob.len) + blobptr = &keyinfo->pubblob; + else + { + printf( "aes is symmetric key!\n" ); + blobptr = &keyinfo->privblob; + } + + result = NFKM_cmd_loadblob( handle, nc, + moduleinfo->module, blobptr, ltid, &keyid, "loading key blob", NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFKM_cmd_loadblob\n", result ); + } + printf( "key ID : %u\n", (unsigned int)keyid ); + + // get key info + tc.cmd.cmd = Cmd_GetKeyInfo; + tc.cmd.args.getkeyinfo.key = keyid; + result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result ); + } + // if type == 30 then Rijndael(AES) + printf( "keytype : %d\n", tc.reply.reply.getkeyinfo.type ); + + // encrypt & dectypt test + { + M_ByteBlock enc_input, dec_input; + M_ByteBlock enc_output, dec_output; + M_IV base_iv, enc_iv, dec_iv; + + // data setting + enc_input.len = DATA_LEN; + enc_input.ptr = (unsigned char*)malloc( DATA_LEN ); + for ( i = 0; i < enc_input.len; i++ ) + enc_input.ptr[i] = i; + + base_iv.mech = Mech_RijndaelmCBCpNONE; + for ( i = 0; i < 16; i++ ) + base_iv.iv.generic128.iv.bytes[i] = i; + enc_iv = base_iv; + dec_iv = base_iv; + + // encrypt : my ver + tc.cmd.cmd = Cmd_Encrypt; + tc.cmd.args.encrypt.key = keyid; + tc.cmd.args.encrypt.mech = Mech_RijndaelmCBCpNONE; + tc.cmd.args.encrypt.plain.type = PlainTextType_Bytes; + tc.cmd.args.encrypt.plain.data.bytes.data = enc_input; + tc.cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present; + tc.cmd.args.encrypt.given_iv = &enc_iv; + result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result ); + } + result = tc.reply.status; + if ( result != Status_OK ) + { + printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result ); + } + enc_output.len = tc.reply.reply.encrypt.cipher.data.generic128.cipher.len; + if ( enc_output.len != DATA_LEN ) + { + printf( "error : output data size isn't %d bytes(Cmd_Encrypt)\n", (int)enc_output.len ); + } + enc_output.ptr = (unsigned char*)malloc( enc_output.len ); + memcpy( enc_output.ptr, + tc.reply.reply.encrypt.cipher.data.generic128.cipher.ptr, + enc_output.len ); + + printf( "encrypt ok\n" ); + + dec_input.len = enc_output.len; + dec_input.ptr = (unsigned char*)malloc( dec_input.len ); + memcpy( dec_input.ptr, enc_output.ptr, DATA_LEN ); + + NFastApp_Free_Reply( handle, NULL, NULL, &(tc.reply) ); + + // decrypt : my ver + tc.cmd.cmd = Cmd_Decrypt; + tc.cmd.args.decrypt.flags = 0; + tc.cmd.args.decrypt.key = keyid; + tc.cmd.args.decrypt.mech = Mech_RijndaelmCBCpNONE; + tc.cmd.args.decrypt.cipher.mech = Mech_RijndaelmCBCpNONE; + tc.cmd.args.decrypt.cipher.data.generic128.cipher = dec_input; + tc.cmd.args.decrypt.cipher.iv = dec_iv.iv; + tc.cmd.args.decrypt.reply_type = PlainTextType_Bytes; + result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result ); + } + result = tc.reply.status; + if ( result != Status_OK ) + { + printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result ); + } + dec_output.len = tc.reply.reply.decrypt.plain.data.bytes.data.len; + if ( dec_output.len != DATA_LEN ) + { + printf( "error : output size isn't %d bytes(Cmd_Decrypt)\n", (int)enc_output.len ); + } + dec_output.ptr = (unsigned char*)malloc( dec_output.len ); + memcpy( dec_output.ptr, + tc.reply.reply.decrypt.plain.data.bytes.data.ptr, + dec_output.len ); + + printf( "decrypt ok\n" ); + + NFastApp_Free_Reply( handle, NULL, NULL, &(tc.reply) ); + + // key destroy + memset( &(tc.cmd), 0, sizeof( tc.cmd ) ); // fail if NFastApp_Free_Command + tc.cmd.cmd = Cmd_Destroy; + tc.cmd.args.destroy.key = keyid; + result = NFastApp_Transact( nc, NULL, &(tc.cmd), &(tc.reply), NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : NFastApp_Transact(Cmd_Destroy)\n", result ); + } + NFastApp_Free_Reply( handle, NULL, NULL, &(tc.reply) ); + + // data show + printf( "enc_input : (%d bytes)", (int)enc_input.len ); + for ( i = 0; i < enc_input.len; i++ ) + { + if ( i % 16 == 0 ) + printf( "\n" ); + printf( "%02X ", enc_input.ptr[i] ); + } + printf( "\n" ); + + printf( "\nenc_output : (%d bytes)", (int)enc_output.len ); + for ( i = 0; i < enc_output.len; i++ ) + { + if ( i % 16 == 0 ) + printf( "\n" ); + printf( "%02X ", enc_output.ptr[i] ); + } + printf( "\n" ); + + printf( "\ndec_output : (%d bytes)", (int)dec_output.len ); + for ( i = 0; i < dec_output.len; i++ ) + { + if ( i % 16 == 0 ) + printf( "\n" ); + printf( "%02X ", dec_output.ptr[i] ); + } + printf( "\n" ); + } // encrypt & decrypt + + // end processing + RQCard_fips_free( &card, &fips ); + RQCard_destroy( &card ); + NFKM_freekey( handle, keyinfo, NULL ); + NFKM_freeinfo( handle, &world, NULL ); + NFastApp_Disconnect( nc, NULL ); + NFastApp_Finish( handle, NULL ); + + return 0; + +} // main