diff --git a/hsm_utils/import_ecc_keypair.c b/hsm_utils/import_ecc_keypair.c deleted file mode 100644 index 3c43035..0000000 --- a/hsm_utils/import_ecc_keypair.c +++ /dev/null @@ -1,710 +0,0 @@ - -// import key (+ encrypt, decrypt) test for nShield - -#include -#include -#include -#include - -// openssl -#include -#include -#include -#include -#include -#include "ec_lcl.h" -#include -#include -#include - -#include "nfastapp.h" -#include "nfkm.h" -#include "rqcard-applic.h" -#include "rqcard-fips.h" - -//#include "ncthread-upcalls.h" -//#include "picky-upcalls.h" - -#include "my_hsm_bignum.h" -#include "my_hsm_alloc.h" - -#define PRIV_KEY_FILE "./test_key/test-ecc-privkey.der" -#define PUB_KEY_FILE "./test_key/test-ecc-pubkey.der" - -#define MODULE_ID 1 -#define DATA_LEN 256 // bytes - -typedef struct _NFast_Call_Context -{ - int notused; -} -NFast_Call_Context; -NFast_Call_Context context; - -// RSA private key data -typedef struct -{ - struct NFast_Bignum *p; - struct NFast_Bignum *q; - struct NFast_Bignum *dmp1; - struct NFast_Bignum *dmq1; - struct NFast_Bignum *iqmp; - struct NFast_Bignum *e; -} -RSAPrivateKeyData; - -// RSA public key data -typedef struct -{ - struct NFast_Bignum *e; - struct NFast_Bignum *n; -} -RSAPublicKeyData; - -void PrintArray( char *pStr, const unsigned char *pData, int length ); -int BN_bn2binWrapper( BIGNUM *bn, unsigned char **ptr, int *len ); -int my_bin2bignumWrapper( NFast_AppHandle app, unsigned char *ptr, struct NFast_Bignum **nbn, int size ); - -void PrintArray( char *pStr, const unsigned char *pData, int length ) -{ - int i; - printf( "%s(%d bytes)", pStr, length ); - for ( i = 0; i < length; i++ ) - { - if ( (i % 16) == 0 ) printf( "\n" ); - printf( "%02X ", pData[ i ] ); - } - printf( "\n" ); -} - -int BN_bn2binWrapper( BIGNUM *bn, unsigned char **ptr, int *len ) -{ - *len = BN_num_bytes( bn ); - *ptr = (unsigned char*)malloc( *len ); - if ( *len != BN_bn2bin( bn, *ptr ) ) - { - printf( "BN_bn2binWrapper failed!\n" ); - return 1; - } - return 0; -} // BN_bn2binWrapper - -int my_bin2bignumWrapper( NFast_AppHandle app, unsigned char *ptr, struct NFast_Bignum **nbn, int size ) -{ - int result = my_bin2bignum( nbn, app, ptr, size ); - if ( result != Status_OK ) - { - printf( "error(%d) : my_bin2bignumWrapper\n", result ); - return result; - } - return 0; -} // my_bin2bignumWrapper - -int main( int argc, char *argv[] ) -{ - int i; - int result = 0; - int rand_size = 80; - - M_Command cmd; - M_Reply reply; - - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - NFast_AppHandle handle; - NFastApp_Connection nc; - NFKM_WorldInfo *world = NULL; - RQCard card; - RQCard_FIPS fips; - M_KeyID ltid; // the cardset loaded into the module - M_KeyID keyid; - NFKM_Key *keyinfo = NULL; - NFKM_CardSet *cardset = NULL; - - if ( argc == 2 ) - rand_size = atoi( argv[1] ); - - // load ecc data (private) - EC_KEY *privkey = NULL; - FILE *fp; - fp = fopen( PRIV_KEY_FILE, "rb" ); - if ( !fp ) - { - printf( "error : open %s file\n", PRIV_KEY_FILE ); - return 0; - } - privkey = d2i_ECPrivateKey_fp( fp, NULL ); - if ( !privkey ) - { - printf( "error : d2i_ECPrivateKey_fp\n" ); - return 0; - } - fclose( fp ); - - // load ecc data (public) - EC_KEY *pubkey = NULL; - fp = fopen( PUB_KEY_FILE, "rb" ); - if ( !fp ) - { - printf( "error : open %s file\n", PUB_KEY_FILE ); - return 0; - } - pubkey = d2i_EC_PUBKEY_fp( fp, NULL ); - if ( !pubkey ) - { - printf( "error : d2i_EC_PUBKEY_fp\n" ); - return 0; - } - fclose( fp ); - -#if 1 - printf( "EC pravate element\n" ); - printf( "EC curve name : %d\n", privkey->group->curve_name ); - printf( "EC(F->data->prime->p) : %d bytes\n", BN_num_bytes( &(privkey->group->field) ) ); - printf( "poly : " ); - for ( i = 0; i < 5; i++ ) - printf( "%d ", privkey->group->poly[i] ); - printf( "\n" ); - printf( "EC(a) : %d bytes\n", BN_num_bytes( &(privkey->group->a) ) ); - printf( "EC(b) : %d bytes\n", BN_num_bytes( &(privkey->group->b) ) ); - printf( "EC(g->x) : %d bytes\n", BN_num_bytes( &(privkey->group->generator->X) ) ); - printf( "EC(g->y) : %d bytes\n", BN_num_bytes( &(privkey->group->generator->Y) ) ); - printf( "EC(r) : %d bytes\n", BN_num_bytes( &(privkey->group->order) ) ); - printf( "EC(h) : %d bytes\n", BN_num_bytes( &(privkey->group->cofactor) ) ); - printf( "EC(d) : %d bytes\n", BN_num_bytes( privkey->priv_key ) ); -#endif - -#if 0 - printf( "EC public element\n" ); - printf( "EC curve name : %d\n", pubkey->group->curve_name ); - printf( "EC(F->data->prime->p) : %d bytes\n", BN_num_bytes( &(pubkey->group->field) ) ); - printf( "poly : " ); - for ( i = 0; i < 5; i++ ) - printf( "%d ", pubkey->group->poly[i] ); - printf( "\n" ); - printf( "EC(a) : %d bytes\n", BN_num_bytes( &(pubkey->group->a) ) ); - printf( "EC(b) : %d bytes\n", BN_num_bytes( &(pubkey->group->b) ) ); - printf( "EC(g->x) : %d bytes\n", BN_num_bytes( &(pubkey->group->generator->X) ) ); - printf( "EC(g->y) : %d bytes\n", BN_num_bytes( &(pubkey->group->generator->Y) ) ); - printf( "EC(r) : %d bytes\n", BN_num_bytes( &(pubkey->group->order) ) ); - printf( "EC(h) : %d bytes\n", BN_num_bytes( &(pubkey->group->cofactor) ) ); - printf( "EC(Q->x) : %d bytes\n", BN_num_bytes( &(pubkey->pub_key->X) ) ); - printf( "EC(Q->y) : %d bytes\n", BN_num_bytes( &(pubkey->pub_key->Y) ) ); -#endif - - // OpenSSL Bignum to Binary - // private - int fdppLen, aLen, bLen, gxLen, gyLen, rLen, hLen, dLen; - unsigned char *fdppPtr, *aPtr, *bPtr, *gxPtr, *gyPtr, *rPtr, *hPtr, *dPtr; - fdppPtr = aPtr = bPtr = gxPtr = gyPtr = rPtr = hPtr = NULL; - BN_bn2binWrapper( &(privkey->group->field), &fdppPtr, &fdppLen ); - BN_bn2binWrapper( &(privkey->group->a), &aPtr, &aLen ); - BN_bn2binWrapper( &(privkey->group->b), &bPtr, &bLen ); - BN_bn2binWrapper( &(privkey->group->generator->X), &gxPtr, &gxLen ); - BN_bn2binWrapper( &(privkey->group->generator->Y), &gyPtr, &gyLen ); - BN_bn2binWrapper( &(privkey->group->order), &rPtr, &rLen ); - BN_bn2binWrapper( &(privkey->group->cofactor), &hPtr, &hLen ); - BN_bn2binWrapper( privkey->priv_key, &dPtr, &dLen ); - -#if 0 - printf( "fdpp : 0x%08X\n", (unsigned int)fdppPtr ); - printf( "a : 0x%08X\n", (unsigned int)aPtr ); - printf( "b : 0x%08X\n", (unsigned int)bPtr ); - printf( "gx : 0x%08X\n", (unsigned int)gxPtr ); - printf( "gy : 0x%08X\n", (unsigned int)gyPtr ); - printf( "r : 0x%08X\n", (unsigned int)rPtr ); - printf( "h : 0x%08X\n", (unsigned int)hPtr ); - printf( "d : 0x%08X\n", (unsigned int)dPtr ); -#endif - - // init nFast - result = NFastApp_InitEx( &handle, NULL, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFastApp_InitEx\n", result ); - return 0; - } - - // connecting to hardserver - //result = NFastApp_Connect( handle, &nc, 0, NULL ); - result = NFastApp_Connect( handle, &nc, NFastApp_ConnectionFlags_Privileged, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFastApp_Connect\n", result ); - return 0; - } - - // set bignum upcalls setting - result = NFastApp_SetBignumUpcalls( - handle, - my_bignumreceiveupcall, - my_bignumsendlenupcall, - my_bignumsendupcall, - my_bignumfreeupcall, - my_bignumformatupcall, - NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result ); - return 0; - } - - // NFKM getinfo - result = NFKM_getinfo( handle, &world, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_getinfo\n", result ); - return 0; - } - - // init card-loading lib - result = RQCard_init( &card, handle, nc, world, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : RQCard_init\n", result ); - return 0; - } - - // init FIPS state - result = RQCard_fips_init( &card, &fips ); - if ( result != Status_OK ) - { - printf( "error(%d) : RQCard_fips_init\n", result ); - return 0; - } - - // ui select - result = RQCard_ui_default( &card ); - if ( result != Status_OK ) - { - printf( "error(%d) : RQCard_ui_default\n", result ); - return 0; - } - - // get strict-FIPS authorization -#if 0 - NFKM_FIPS140AuthHandle fipsHandle; - M_SlotID slotId; - result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId ); - if ( result != Status_OK ) - { - printf( "error(%d) : RQCard_fips_get\n", result ); - return 0; - } - if ( fipsHandle == NULL ) - { - printf( "this sworld isn't strict-FIPS.\n" ); - } -#endif - -#if 0 // no card - // list cardsets - int card_num; - NFKM_CardSetIdent *cardident = NULL; - result = NFKM_listcardsets( handle, &card_num, &cardident, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_listcardsets\n", result ); - return 0; - } - - // find cardsets - result = NFKM_findcardset( handle, cardident, &cardset, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_findcardset\n", result ); - return 0; - } - - // load cardset - result = RQCard_logic_ocs_specific( &card, &(cardset->hkltu), "Load Cardset" ); - if ( result != Status_OK ) - { - printf( "error(%d) : RQCard_logic_ocs_specific\n", result ); - return 0; - } - - // use specific module : #1 - // important!! : if you set resultplace=NULL, abort. (possibility is 100%) - result = RQCard_whichmodule_specific( &card, world->modules[0]->module, <id ); - if ( result != Status_OK ) - { - printf( "error(%d) : RQCard_whichmodule_specific\n", result ); - } - - // wait event loop - result = card.uf->eventloop( &card ); - if ( result != Status_OK ) - { - printf( "error(%d) : card module event loop\n", result ); - } -#endif - - // get usable module - NFKM_ModuleInfo *moduleinfo = world->modules[0]; - result = NFKM_getusablemodule( world, MODULE_ID, &moduleinfo ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_getusablemodule\n", result ); - return 0; - } - -#if 1 - // ECC enable - cmd.cmd = Cmd_StaticFeatureEnable; - cmd.args.staticfeatureenable.module = MODULE_ID; - cmd.args.staticfeatureenable.info.ver = 0; // ??? - //cmd.args.staticfeatureenable.info.ctrl = FeatureInfo_ctrl_Add | FeatureInfo_ctrl_LongTerm; - cmd.args.staticfeatureenable.info.ctrl = FeatureInfo_ctrl_LongTerm; - //cmd.args.staticfeatureenable.info.features = FeatureInfo_features_EllipticCurve | FeatureInfo_features_ECCMQV | FeatureInfo_features_AcceleratedECC; - cmd.args.staticfeatureenable.info.features = FeatureInfo_features_EllipticCurve; - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : Cmd_StaticFeatureEnable\n", result ); - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : Cmd_StaticFeatureEnable(reply)\n", result ); - } - memset( &cmd, 0, sizeof( cmd ) ); - NFastApp_Free_Reply( handle, NULL, NULL, &reply ); -#endif - - // make ACL - NFKM_MakeACLParams map; - memset( &map, 0, sizeof( map ) ); - if ( cardset != NULL ) - map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; - else - map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule; - // 暗号化と復号化、署名とベリファイなど、相反する操作を持たせることはできない(エラーになる) - // e.g. NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY -> エラー - // e.g. NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT -> エラー - map.op_base = NFKM_DEFOPPERMS_SIGN; - map.cs = cardset; - result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); - return 0; - } - - // convert OpenSSL binary -> NFast_Bignum(M_Bignum) - struct NFast_Bignum *fdppBn, *aBn, *bBn, *gxBn, *gyBn, *rBn, *hBn, *dBn; - fdppBn = aBn = bBn = gxBn = gyBn = rBn = hBn = dBn = NULL; - my_bin2bignumWrapper( handle, fdppPtr, &fdppBn, fdppLen ); - my_bin2bignumWrapper( handle, aPtr, &aBn, aLen ); - my_bin2bignumWrapper( handle, bPtr, &bBn, bLen ); - my_bin2bignumWrapper( handle, gxPtr, &gxBn, gxLen ); - my_bin2bignumWrapper( handle, gyPtr, &gyBn, gyLen ); - my_bin2bignumWrapper( handle, rPtr, &rBn, rLen ); - my_bin2bignumWrapper( handle, hPtr, &hBn, hLen ); - my_bin2bignumWrapper( handle, dPtr, &dBn, dLen ); - -#if 1 - printf( "fdpp : 0x%08X\n", (unsigned int)fdppBn ); - printf( "a : 0x%08X\n", (unsigned int)aBn ); - printf( "b : 0x%08X\n", (unsigned int)bBn ); - printf( "gx : 0x%08X\n", (unsigned int)gxBn ); - printf( "gy : 0x%08X\n", (unsigned int)gyBn ); - printf( "r : 0x%08X\n", (unsigned int)rBn ); - printf( "h : 0x%08X\n", (unsigned int)hBn ); - printf( "d : 0x%08X\n", (unsigned int)dBn ); -#endif - - printf( "setting ...\n" ); - - // import key - NFKM_KeyIdent keyident = { (char*)"simple", (char*)"ecc-import-privkey" }; - cmd.cmd = Cmd_Import; - cmd.args.import.module = MODULE_ID; - cmd.args.import.data.type = KeyType_ECDSAPrivate; - //cmd.args.import.data.data.ecprivate.curve.name = ECName_NISTK233; - cmd.args.import.data.data.ecprivate.curve.name = ECName_NISTB233; - -#if 0 -#if 0 - cmd.args.import.data.data.ecprivate.curve.data.custom.F.type = FieldType_Prime; - cmd.args.import.data.data.ecprivate.curve.data.custom.F.data.prime.flags = 0; // ??? - cmd.args.import.data.data.ecprivate.curve.data.custom.F.data.prime.p = fdppBn; - cmd.args.import.data.data.ecprivate.curve.data.custom.a = aBn; - cmd.args.import.data.data.ecprivate.curve.data.custom.b = bBn; - cmd.args.import.data.data.ecprivate.curve.data.custom.g.flags = ECPoint_flags_Infinity; // ??? (valid flags is ECPoint_flags_Infinity only.) - cmd.args.import.data.data.ecprivate.curve.data.custom.g.x = gxBn; - cmd.args.import.data.data.ecprivate.curve.data.custom.g.x = gyBn; - cmd.args.import.data.data.ecprivate.curve.data.custom.r = rBn; - cmd.args.import.data.data.ecprivate.curve.data.custom.h = hPtr[0]; -#else - cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.type = FieldType_Binary; - cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.flags = FieldType_Binary_Data_flags_beta_present; - cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.n_exponents = 5; - cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.exponents = (M_Word*)privkey->group->poly; - for ( i = 0; i < 5; i++ ) - { - printf ( "%d ", (int)cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.exponents[i] ); - } - printf( "\n" ); - cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.beta = &fdppBn; - cmd.args.import.data.data.ecprivate.curve.data.customlcf.a = aBn; - cmd.args.import.data.data.ecprivate.curve.data.customlcf.b = bBn; - cmd.args.import.data.data.ecprivate.curve.data.customlcf.g.flags = 0; // ??? (valid flags is ECPoint_flags_Infinity only.) - cmd.args.import.data.data.ecprivate.curve.data.customlcf.g.x = gxBn; - cmd.args.import.data.data.ecprivate.curve.data.customlcf.g.x = gyBn; - cmd.args.import.data.data.ecprivate.curve.data.customlcf.r = rBn; - cmd.args.import.data.data.ecprivate.curve.data.customlcf.h = hBn; -#endif -#endif - cmd.args.import.data.data.ecprivate.d = dBn; - - printf( "import ...\n" ); - - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : Cmd_Import\n", result ); - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : Cmd_Import(reply)\n", result ); - } - printf( "keyid : 0x%08X\n", (unsigned int)reply.reply.import.key ); - - printf( "done. next : make blob ...\n" ); - -#if 1 - - // make blobs - NFKM_MakeBlobsParams mbp; - NFKM_Key reg_key; - memset( &mbp, 0, sizeof( mbp ) ); - memset( ®_key, 0, sizeof( reg_key ) ); - - reg_key.v = Key__maxversion; // TORIAEZU Version Max (8) - reg_key.name = keyident.ident; - reg_key.appname = keyident.appname; - reg_key.ident = keyident.ident; - time( &(reg_key.gentime) ); - - mbp.f = map.f; - mbp.kpriv = reply.reply.import.key; - mbp.lt = ltid; - mbp.cs = cardset; - result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, ®_key, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_newkey_makeblobsx\n", result ); - return 0; - } - - printf( "done. next : record blob ...\n" ); - - // record key to disk - result = NFKM_recordkey( handle, ®_key, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_recordkey\n", result ); - } - - printf( "record key success?\n" ); - - // destroy key - result = NFKM_cmd_destroy( handle, nc, 0, reply.reply.import.key, - "import.key", NULL ); - - // list key -#if 0 - int key_num; - NFKM_KeyIdent *keylist = NULL; - result = NFKM_listkeys( handle, &key_num, &keylist, "simple", NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_listkeys\n", result ); - } - NFKM_KeyIdent **tkp = &keylist; - for ( i = 0; i < key_num; i++ ) - { - printf( "appname : %s, ident : %s\n", tkp[i]->appname, tkp[i]->ident ); - } -#endif - - // find key - NFKM_KeyIdent ki_v = { (char*)"simple", (char*)"rsa-import-privkey" }; - - printf( "appname : %s, ident : %s\n", ki_v.appname, ki_v.ident ); - - result = NFKM_findkey( handle, ki_v, &keyinfo, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_findkey\n", result ); - } - - // load blob - M_ByteBlock *blobptr; - if ( keyinfo->pubblob.len) - blobptr = &keyinfo->pubblob; - else - { - blobptr = &keyinfo->privblob; - } - - result = NFKM_cmd_loadblob( handle, nc, - moduleinfo->module, blobptr, ltid, &keyid, "loading key blob", NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFKM_cmd_loadblob\n", result ); - } - printf( "key ID : %u\n", (unsigned int)keyid ); - - // get key info - cmd.cmd = Cmd_GetKeyInfo; - cmd.args.getkeyinfo.key = keyid; - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result ); - } - // if type == 30 then Rijndael(AES) - printf( "keytype : %d\n", reply.reply.getkeyinfo.type ); - - // encrypt & dectypt test - { - M_ByteBlock enc_input, dec_input; - M_ByteBlock enc_output, dec_output; - M_IV base_iv, enc_iv, dec_iv; - - // data setting - enc_input.len = DATA_LEN; - enc_input.ptr = (unsigned char*)malloc( DATA_LEN ); - for ( i = 0; i < enc_input.len; i++ ) - enc_input.ptr[i] = i; - - base_iv.mech = Mech_RijndaelmCBCpNONE; - for ( i = 0; i < 16; i++ ) - base_iv.iv.generic128.iv.bytes[i] = i; - enc_iv = base_iv; - dec_iv = base_iv; - - // encrypt : my ver - cmd.cmd = Cmd_Encrypt; - cmd.args.encrypt.key = keyid; - cmd.args.encrypt.mech = Mech_RijndaelmCBCpNONE; - cmd.args.encrypt.plain.type = PlainTextType_Bytes; - cmd.args.encrypt.plain.data.bytes.data = enc_input; - cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present; - cmd.args.encrypt.given_iv = &enc_iv; - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result ); - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result ); - } - enc_output.len = reply.reply.encrypt.cipher.data.generic128.cipher.len; - if ( enc_output.len != DATA_LEN ) - { - printf( "error : output data size isn't %d bytes(Cmd_Encrypt)\n", (int)enc_output.len ); - } - enc_output.ptr = (unsigned char*)malloc( enc_output.len ); - memcpy( enc_output.ptr, - reply.reply.encrypt.cipher.data.generic128.cipher.ptr, - enc_output.len ); - - printf( "encrypt ok\n" ); - - dec_input.len = enc_output.len; - dec_input.ptr = (unsigned char*)malloc( dec_input.len ); - memcpy( dec_input.ptr, enc_output.ptr, DATA_LEN ); - - NFastApp_Free_Reply( handle, NULL, NULL, &reply ); - - // decrypt : my ver - cmd.cmd = Cmd_Decrypt; - cmd.args.decrypt.flags = 0; - cmd.args.decrypt.key = keyid; - cmd.args.decrypt.mech = Mech_RSApPKCS1; - cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1; - cmd.args.decrypt.cipher.data.generic128.cipher = dec_input; - cmd.args.decrypt.cipher.iv = dec_iv.iv; - cmd.args.decrypt.reply_type = PlainTextType_Bytes; - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result ); - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result ); - } - dec_output.len = reply.reply.decrypt.plain.data.bytes.data.len; - if ( dec_output.len != DATA_LEN ) - { - printf( "error : output size isn't %d bytes(Cmd_Decrypt)\n", (int)enc_output.len ); - } - dec_output.ptr = (unsigned char*)malloc( dec_output.len ); - memcpy( dec_output.ptr, - reply.reply.decrypt.plain.data.bytes.data.ptr, - dec_output.len ); - - printf( "decrypt ok\n" ); - - NFastApp_Free_Reply( handle, NULL, NULL, &reply ); - - // key destroy - memset( &cmd, 0, sizeof( cmd ) ); // fail if NFastApp_Free_Command - cmd.cmd = Cmd_Destroy; - cmd.args.destroy.key = keyid; - result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : NFastApp_Transact(Cmd_Destroy)\n", result ); - } - NFastApp_Free_Reply( handle, NULL, NULL, &reply ); - - // data show - printf( "enc_input : (%d bytes)", (int)enc_input.len ); - for ( i = 0; i < enc_input.len; i++ ) - { - if ( i % 16 == 0 ) - printf( "\n" ); - printf( "%02X ", enc_input.ptr[i] ); - } - printf( "\n" ); - - printf( "\nenc_output : (%d bytes)", (int)enc_output.len ); - for ( i = 0; i < enc_output.len; i++ ) - { - if ( i % 16 == 0 ) - printf( "\n" ); - printf( "%02X ", enc_output.ptr[i] ); - } - printf( "\n" ); - - printf( "\ndec_output : (%d bytes)", (int)dec_output.len ); - for ( i = 0; i < dec_output.len; i++ ) - { - if ( i % 16 == 0 ) - printf( "\n" ); - printf( "%02X ", dec_output.ptr[i] ); - } - printf( "\n" ); - } // encrypt & decrypt - - // end processing - RQCard_fips_free( &card, &fips ); - RQCard_destroy( &card ); - NFKM_freekey( handle, keyinfo, NULL ); - NFKM_freeinfo( handle, &world, NULL ); - NFastApp_Disconnect( nc, NULL ); - NFastApp_Finish( handle, NULL ); -#endif - return 0; - -} // main