hsm_utils

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@108 ff987cc8-cf2f-4642-8568-d52cce064691

hsm_utils/import_ecc_keypair.c

@@ -11,6 +11,8 @@
 #include <openssl/bn.h>
 #include <openssl/sha.h>
 #include <openssl/rsa.h>
+#include <openssl/ec.h>
+#include "ec_lcl.h"
 #include <openssl/x509.h>
 #include <openssl/aes.h>
 #include <openssl/pem.h>
@@ -26,8 +28,8 @@
 #include "mybignum.h"
 
 
-#define PRIV_KEY_FILE		"/opt/nfast/work/rsa-priv-key2048.der"
-#define PUB_KEY_FILE		"/opt/nfast/work/rsa-pub-key2048.der"
+#define PRIV_KEY_FILE		"./test_key/test-ecc-privkey.der"
+#define PUB_KEY_FILE		"./test_key/test-ecc-pubkey.der"
 
 #define MODULE_ID		1
 #define DATA_LEN		256	// bytes
@@ -67,6 +69,8 @@ static void my_free( void *ptr,
 	struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx );
 	
 void PrintArray( char *pStr, const unsigned char *pData, int length );
+int BN_bn2binWrapper( BIGNUM *bn, unsigned char **ptr, int *len );
+int my_bin2bignumWrapper( NFast_AppHandle app, unsigned char *ptr, struct NFast_Bignum **nbn, int size );
 
 const NFast_MallocUpcalls my_malloc_upcalls =
 {
@@ -103,6 +107,29 @@ void PrintArray( char *pStr, const unsigned char *pData, int length )
 	printf( "\n" );
 }
 
+int BN_bn2binWrapper( BIGNUM *bn, unsigned char **ptr, int *len )
+{
+	*len = BN_num_bytes( bn );
+	*ptr = (unsigned char*)malloc( *len );
+	if ( *len != BN_bn2bin( bn, *ptr ) )
+	{
+		printf( "BN_bn2binWrapper failed!\n" );
+		return 1;
+	}
+	return 0;
+}	// BN_bn2binWrapper
+
+int my_bin2bignumWrapper( NFast_AppHandle app, unsigned char *ptr, struct NFast_Bignum **nbn, int size )
+{
+	int result = my_bin2bignum( nbn, app, ptr, size );
+	if ( result != Status_OK )
+	{
+		printf( "error(%d) : my_bin2bignumWrapper\n", result );
+		return result;
+	}
+	return 0;
+}	// my_bin2bignumWrapper
+
 int main( int argc, char *argv[] )
 {
 	int i;
@@ -122,13 +149,14 @@ int main( int argc, char *argv[] )
 	RQCard_FIPS fips;
 	M_KeyID ltid;	// the cardset loaded into the module
 	M_KeyID keyid;
-	NFKM_Key *keyinfo;
+	NFKM_Key *keyinfo = NULL;
+	NFKM_CardSet *cardset = NULL;
 	
 	if ( argc == 2 )
 		rand_size = atoi( argv[1] );
 	
-	// load rsa data (private)
-	RSA *privkey = NULL;
+	// load ecc data (private)
+	EC_KEY *privkey = NULL;
 	FILE *fp;
 	fp = fopen( PRIV_KEY_FILE, "rb" );
 	if ( !fp )
@@ -136,85 +164,88 @@ int main( int argc, char *argv[] )
 		printf( "error : open %s file\n", PRIV_KEY_FILE );
 		return 0;
 	}
-	privkey = d2i_RSAPrivateKey_fp( fp, NULL );
+	privkey = d2i_ECPrivateKey_fp( fp, NULL );
 	if ( !privkey )
 	{
-		printf( "error : d2i_RSAPrivateKey_fp\n" );
+		printf( "error : d2i_ECPrivateKey_fp\n" );
 		return 0;
 	}
+	fclose( fp );
+	
+	// load ecc data (public)
+	EC_KEY *pubkey = NULL;
+	fp = fopen( PUB_KEY_FILE, "rb" );
+	if ( !fp )
+	{
+		printf( "error : open %s file\n", PUB_KEY_FILE );
+		return 0;
+	}
+	pubkey = d2i_EC_PUBKEY_fp( fp, NULL );
+	if ( !pubkey )
+	{
+		printf( "error : d2i_EC_PUBKEY_fp\n" );
+		return 0;
+	}
+	fclose( fp );
 
-#if 0
-	printf( "RSA(p)    : %d bytes\n", BN_num_bytes( privkey->p ) );
-	printf( "RSA(q)    : %d bytes\n", BN_num_bytes( privkey->q ) );
-	printf( "RSA(dmp1) : %d bytes\n", BN_num_bytes( privkey->dmp1 ) );
-	printf( "RSA(dmq1) : %d bytes\n", BN_num_bytes( privkey->dmq1 ) );
-	printf( "RSA(iqmp) : %d bytes\n", BN_num_bytes( privkey->iqmp ) );
-	printf( "RSA(e)    : %d bytes\n", BN_num_bytes( privkey->e ) );
+#if 1
+	printf( "EC pravate element\n" );
+	printf( "EC curve name         : %d\n",       privkey->group->curve_name );
+	printf( "EC(F->data->prime->p) : %d bytes\n", BN_num_bytes( &(privkey->group->field) ) );
+	printf( "poly                  : " );
+	for ( i = 0; i < 5; i++ ) 
+		printf( "%d ", privkey->group->poly[i] );
+	printf( "\n" );
+	printf( "EC(a)                 : %d bytes\n", BN_num_bytes( &(privkey->group->a) ) );
+	printf( "EC(b)                 : %d bytes\n", BN_num_bytes( &(privkey->group->b) ) );
+	printf( "EC(g->x)              : %d bytes\n", BN_num_bytes( &(privkey->group->generator->X) ) );
+	printf( "EC(g->y)              : %d bytes\n", BN_num_bytes( &(privkey->group->generator->Y) ) );
+	printf( "EC(r)                 : %d bytes\n", BN_num_bytes( &(privkey->group->order) ) );
+	printf( "EC(h)                 : %d bytes\n", BN_num_bytes( &(privkey->group->cofactor) ) );
+	printf( "EC(d)                 : %d bytes\n", BN_num_bytes( privkey->priv_key ) );
 #endif
 
-	// p
-	unsigned char *pPtr;
-	int pLen = BN_num_bytes( privkey->p );
-	pPtr = (char *)malloc( pLen );
-	if ( pLen != BN_bn2bin( privkey->p, pPtr ) )
-	{
-		printf( "BN_bn2bin failed!(p)\n" );
-	} 
-	
-	// q
-	unsigned char *qPtr;
-	int qLen = BN_num_bytes( privkey->q );
-	qPtr = (char *)malloc( qLen );
-	if ( qLen != BN_bn2bin( privkey->q, qPtr ) )
-	{
-		printf( "BN_bn2bin failed!(q)\n" );
-	} 
-	
-	// dmp1
-	unsigned char *dmp1Ptr;
-	int dmp1Len = BN_num_bytes( privkey->dmp1 );
-	dmp1Ptr = (char *)malloc( dmp1Len );
-	if ( dmp1Len != BN_bn2bin( privkey->dmp1, dmp1Ptr ) )
-	{
-		printf( "BN_bn2bin failed!(dmp1)\n" );
-	} 
-	
-	// dmq1
-	unsigned char *dmq1Ptr;
-	int dmq1Len = BN_num_bytes( privkey->dmq1 );
-	dmq1Ptr = (char *)malloc( dmq1Len );
-	if ( dmq1Len != BN_bn2bin( privkey->dmq1, dmq1Ptr ) )
-	{
-		printf( "BN_bn2bin failed!(dmq1)\n" );
-	} 
-	
-	// iqmp
-	unsigned char *iqmpPtr;
-	int iqmpLen = BN_num_bytes( privkey->iqmp );
-	iqmpPtr = (char *)malloc( iqmpLen );
-	if ( iqmpLen != BN_bn2bin( privkey->iqmp, iqmpPtr ) )
-	{
-		printf( "BN_bn2bin failed!(dmq1)\n" );
-	} 
-	
-	// e
-	unsigned char *ePtr;
-	int eLen = BN_num_bytes( privkey->e );
-	ePtr = (char *)malloc( eLen );
-	if ( eLen != BN_bn2bin( privkey->e, ePtr ) )
-	{
-		printf( "BN_bn2bin failed!(e)\n" );
-	} 
-	
+#if 0
+	printf( "EC public element\n" );
+	printf( "EC curve name         : %d\n",       pubkey->group->curve_name );
+	printf( "EC(F->data->prime->p) : %d bytes\n", BN_num_bytes( &(pubkey->group->field) ) );
+	printf( "poly                  : " );
+	for ( i = 0; i < 5; i++ ) 
+		printf( "%d ", pubkey->group->poly[i] );
 	printf( "\n" );
+	printf( "EC(a)                 : %d bytes\n", BN_num_bytes( &(pubkey->group->a) ) );
+	printf( "EC(b)                 : %d bytes\n", BN_num_bytes( &(pubkey->group->b) ) );
+	printf( "EC(g->x)              : %d bytes\n", BN_num_bytes( &(pubkey->group->generator->X) ) );
+	printf( "EC(g->y)              : %d bytes\n", BN_num_bytes( &(pubkey->group->generator->Y) ) );
+	printf( "EC(r)                 : %d bytes\n", BN_num_bytes( &(pubkey->group->order) ) );
+	printf( "EC(h)                 : %d bytes\n", BN_num_bytes( &(pubkey->group->cofactor) ) );
+	printf( "EC(Q->x)              : %d bytes\n", BN_num_bytes( &(pubkey->pub_key->X) ) );
+	printf( "EC(Q->y)              : %d bytes\n", BN_num_bytes( &(pubkey->pub_key->Y) ) );	
+#endif
+
+	// OpenSSL Bignum to Binary
+	// private
+	int fdppLen, aLen, bLen, gxLen, gyLen, rLen, hLen, dLen;
+	unsigned char *fdppPtr, *aPtr, *bPtr, *gxPtr, *gyPtr, *rPtr, *hPtr, *dPtr;
+	fdppPtr = aPtr = bPtr = gxPtr = gyPtr = rPtr = hPtr = NULL;
+	BN_bn2binWrapper( &(privkey->group->field), &fdppPtr, &fdppLen );
+	BN_bn2binWrapper( &(privkey->group->a), &aPtr, &aLen );
+	BN_bn2binWrapper( &(privkey->group->b), &bPtr, &bLen );
+	BN_bn2binWrapper( &(privkey->group->generator->X), &gxPtr, &gxLen );
+	BN_bn2binWrapper( &(privkey->group->generator->Y), &gyPtr, &gyLen );
+	BN_bn2binWrapper( &(privkey->group->order), &rPtr, &rLen );
+	BN_bn2binWrapper( &(privkey->group->cofactor), &hPtr, &hLen );
+	BN_bn2binWrapper( privkey->priv_key, &dPtr, &dLen );
 
 #if 0
-	printf( "RSA(p)    : 0x%08X\n", (unsigned int)pPtr );
-	printf( "RSA(q)    : 0x%08X\n", (unsigned int)qPtr );
-	printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)dmp1Ptr );
-	printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)dmq1Ptr );
-	printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)iqmpPtr );
-	printf( "RSA(e)    : 0x%08X\n", (unsigned int)ePtr );
+	printf( "fdpp : 0x%08X\n", (unsigned int)fdppPtr );
+	printf( "a    : 0x%08X\n", (unsigned int)aPtr );
+	printf( "b    : 0x%08X\n", (unsigned int)bPtr );
+	printf( "gx   : 0x%08X\n", (unsigned int)gxPtr );
+	printf( "gy   : 0x%08X\n", (unsigned int)gyPtr );
+	printf( "r    : 0x%08X\n", (unsigned int)rPtr );
+	printf( "h    : 0x%08X\n", (unsigned int)hPtr );
+	printf( "d    : 0x%08X\n", (unsigned int)dPtr );
 #endif
 
 	// init nFast
@@ -226,7 +257,8 @@ int main( int argc, char *argv[] )
 	}
 
 	// connecting to hardserver
-	result = NFastApp_Connect( handle, &nc, 0, NULL );
+	//result = NFastApp_Connect( handle, &nc, 0, NULL );
+	result = NFastApp_Connect( handle, &nc, NFastApp_ConnectionFlags_Privileged, NULL );
 	if ( result != Status_OK )
 	{
 		printf( "error(%d) : NFastApp_Connect\n", result );
@@ -296,7 +328,7 @@ int main( int argc, char *argv[] )
 	}
 #endif
 
-#if 1	
+#if 0 // no card
 	// list cardsets
 	int card_num;
 	NFKM_CardSetIdent *cardident = NULL;
@@ -308,7 +340,6 @@ int main( int argc, char *argv[] )
 	}
 	
 	// find cardsets
-	NFKM_CardSet *cardset = NULL;
 	result = NFKM_findcardset( handle, cardident, &cardset, NULL );
 	if ( result != Status_OK )
 	{	
@@ -346,109 +377,118 @@ int main( int argc, char *argv[] )
 	if ( result != Status_OK )
 	{	
 		printf( "error(%d) : NFKM_getusablemodule\n", result );
+		return 0;
 	}
 	
+#if 1
+	// ECC enable
+	cmd.cmd = Cmd_StaticFeatureEnable;
+	cmd.args.staticfeatureenable.module = MODULE_ID;
+	cmd.args.staticfeatureenable.info.ver = 0; // ???
+	//cmd.args.staticfeatureenable.info.ctrl = FeatureInfo_ctrl_Add | FeatureInfo_ctrl_LongTerm;
+	cmd.args.staticfeatureenable.info.ctrl = FeatureInfo_ctrl_LongTerm;
+	//cmd.args.staticfeatureenable.info.features = FeatureInfo_features_EllipticCurve | FeatureInfo_features_ECCMQV | FeatureInfo_features_AcceleratedECC;
+	cmd.args.staticfeatureenable.info.features = FeatureInfo_features_EllipticCurve;
+	result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
+	if ( result != Status_OK )
+	{	
+		printf( "error(%d) : Cmd_StaticFeatureEnable\n", result );
+	}
+	result = reply.status;
+	if ( result != Status_OK )
+	{	
+		printf( "error(%d) : Cmd_StaticFeatureEnable(reply)\n", result );
+	}
+	memset( &cmd, 0, sizeof( cmd ) );
+	NFastApp_Free_Reply( handle, NULL, NULL, &reply );
+#endif
+	
 	// make ACL
 	NFKM_MakeACLParams map;
 	memset( &map, 0, sizeof( map ) );
-	map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
+	if ( cardset != NULL )
+		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
+	else
+		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule;
 	// 暗号化と復号化、署名とベリファイなど、相反する操作を持たせることはできない(エラーになる)
 	// e.g. NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY -> エラー
 	// e.g. NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT -> エラー
-	map.op_base = NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_DECRYPT;
+	map.op_base = NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_ENCRYPT;
 	map.cs = cardset;
 	result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL );
 	if ( result != Status_OK )
 	{	
 		printf( "error(%d) : NFKM_newkey_makeaclx\n", result );
+		return 0;
 	}
+
+	// convert OpenSSL binary -> NFast_Bignum(M_Bignum)
+	struct NFast_Bignum *fdppBn, *aBn, *bBn, *gxBn, *gyBn, *rBn, *hBn, *dBn;
+	fdppBn = aBn = bBn = gxBn = gyBn = rBn = hBn = dBn = NULL;
+	my_bin2bignumWrapper( handle, fdppPtr, &fdppBn, fdppLen );
+	my_bin2bignumWrapper( handle, aPtr, &aBn, aLen );
+	my_bin2bignumWrapper( handle, bPtr, &bBn, bLen );
+	my_bin2bignumWrapper( handle, gxPtr, &gxBn, gxLen );
+	my_bin2bignumWrapper( handle, gyPtr, &gyBn, gyLen );
+	my_bin2bignumWrapper( handle, rPtr, &rBn, rLen );
+	my_bin2bignumWrapper( handle, hPtr, &hBn, hLen );
+	my_bin2bignumWrapper( handle, dPtr, &dBn, dLen );
+
+#if 1
+	printf( "fdpp : 0x%08X\n", (unsigned int)fdppBn );
+	printf( "a    : 0x%08X\n", (unsigned int)aBn );
+	printf( "b    : 0x%08X\n", (unsigned int)bBn );
+	printf( "gx   : 0x%08X\n", (unsigned int)gxBn );
+	printf( "gy   : 0x%08X\n", (unsigned int)gyBn );
+	printf( "r    : 0x%08X\n", (unsigned int)rBn );
+	printf( "h    : 0x%08X\n", (unsigned int)hBn );
+	printf( "d    : 0x%08X\n", (unsigned int)dBn );
+#endif	
 	
+	printf( "setting ...\n" );
+	
+	// import key
+	NFKM_KeyIdent keyident = { (char*)"simple", (char*)"ecc-import-privkey" };
+	cmd.cmd = Cmd_Import;
+	cmd.args.import.module = MODULE_ID;
+	cmd.args.import.data.type = KeyType_ECPrivate;
+	cmd.args.import.data.data.ecprivate.curve.name = ECName_NISTK233;
+	//cmd.args.import.data.data.ecprivate.curve.name = ECName_NISTB233;
+
 #if 0
-	// set bignum upcalls setting
-	result = NFastApp_SetBignumUpcalls( 
-				handle, 
-				my_bignumreceiveupcall,
-				my_bignumsendlenupcall,
-				my_bignumsendupcall,
-				my_bignumfreeupcall,
-				my_bignumformatupcall,			
-				NULL );
-	if ( result != Status_OK )
+	cmd.args.import.data.data.ecprivate.curve.data.custom.F.type = FieldType_Prime;
+	cmd.args.import.data.data.ecprivate.curve.data.custom.F.data.prime.flags = 0; // ???
+	cmd.args.import.data.data.ecprivate.curve.data.custom.F.data.prime.p = fdppBn;
+	cmd.args.import.data.data.ecprivate.curve.data.custom.a = aBn;
+	cmd.args.import.data.data.ecprivate.curve.data.custom.b = bBn;
+	cmd.args.import.data.data.ecprivate.curve.data.custom.g.flags = ECPoint_flags_Infinity; // ??? (valid flags is ECPoint_flags_Infinity only.)
+	cmd.args.import.data.data.ecprivate.curve.data.custom.g.x = gxBn;
+	cmd.args.import.data.data.ecprivate.curve.data.custom.g.x = gyBn;
+	cmd.args.import.data.data.ecprivate.curve.data.custom.r = rBn;
+	cmd.args.import.data.data.ecprivate.curve.data.custom.h = hPtr[0];
+#else
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.type = FieldType_Binary;
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.flags = FieldType_Binary_Data_flags_beta_present;
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.n_exponents = 5;
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.exponents = (M_Word*)privkey->group->poly;
+	for ( i = 0; i < 5; i++ )
 	{
-		printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result );
+		printf ( "%d ", (int)cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.exponents[i] );
 	}
+	printf( "\n" );
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.beta = &fdppBn;
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.a = aBn;
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.b = bBn;
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.g.flags = 0; // ??? (valid flags is ECPoint_flags_Infinity only.)
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.g.x = gxBn;
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.g.x = gyBn;
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.r = rBn;
+	cmd.args.import.data.data.ecprivate.curve.data.customlcf.h = hBn;
 #endif
-	
-	// convert bin -> M_Bignum
-	struct NFast_Bignum *pBn = NULL;
-	struct NFast_Bignum *qBn = NULL;
-	struct NFast_Bignum *dmp1Bn = NULL;
-	struct NFast_Bignum *dmq1Bn = NULL;
-	struct NFast_Bignum *iqmpBn = NULL;
-	struct NFast_Bignum *eBn = NULL;
-	{
-		// p
-		result = my_bin2bignum( &pBn, handle, pPtr, pLen );
-		if ( result != Status_OK )
-		{
-			printf( "error(%d) : my_bin2bignum( p )\n", result );
-			return 0;
-		}
-		
-		// q
-		result = my_bin2bignum( &qBn, handle, qPtr, qLen );
-		if ( result != Status_OK )
-		{
-			printf( "error(%d) : my_bin2bignum( q )\n", result );
-			return 0;
-		}
-		
-		// dmp1
-		result = my_bin2bignum( &dmp1Bn, handle, dmp1Ptr, dmp1Len );
-		if ( result != Status_OK )
-		{
-			printf( "error(%d) : my_bin2bignum( dmp1 )\n", result );
-			return 0;
-		}
-		
-		// dmq1
-		result = my_bin2bignum( &dmq1Bn, handle, dmq1Ptr, dmq1Len );
-		if ( result != Status_OK )
-		{
-			printf( "error(%d) : my_bin2bignum( dmq1 )\n", result );
-			return 0;
-		}
-		
-		// iqmp
-		result = my_bin2bignum( &iqmpBn, handle, iqmpPtr, iqmpLen );
-		if ( result != Status_OK )
-		{
-			printf( "error(%d) : my_bin2bignum( iqmp )\n", result );
-			return 0;
-		}
-		
-		// e
-		result = my_bin2bignum( &eBn, handle, ePtr, eLen );
-		if ( result != Status_OK )
-		{
-			printf( "error(%d) : my_bin2bignum( e )\n", result );
-			return 0;
-		}
-	}
+	cmd.args.import.data.data.ecprivate.d = dBn;
 	
 	printf( "import ...\n" );
 	
-	// import key
-	NFKM_KeyIdent keyident = { (char*)"simple", (char*)"rsa-import-privkey" };
-	cmd.cmd = Cmd_Import;
-	cmd.args.import.module = MODULE_ID;
-	cmd.args.import.data.type = KeyType_RSAPrivate;
-	cmd.args.import.data.data.rsaprivate.p = pBn;
-	cmd.args.import.data.data.rsaprivate.q = qBn;
-	cmd.args.import.data.data.rsaprivate.dmp1 = dmp1Bn;
-	cmd.args.import.data.data.rsaprivate.dmq1 = dmq1Bn;
-	cmd.args.import.data.data.rsaprivate.iqmp = iqmpBn;
-	cmd.args.import.data.data.rsaprivate.e = eBn;
 	result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
 	if ( result != Status_OK )
 	{	
@@ -462,7 +502,9 @@ int main( int argc, char *argv[] )
 	printf( "keyid : 0x%08X\n", (unsigned int)reply.reply.import.key );
 	
 	printf( "done. next : make blob ...\n" );
-	
+
+#if 0
+		
 	// make blobs
 	NFKM_MakeBlobsParams mbp;
 	NFKM_Key reg_key;
@@ -690,7 +732,7 @@ int main( int argc, char *argv[] )
 	NFKM_freeinfo( handle, &world, NULL );
 	NFastApp_Disconnect( nc, NULL );
 	NFastApp_Finish( handle, NULL );
-
+#endif
 	return 0;
 
 }	// main

hsm_utils/import_rsa_keypair.c

@@ -65,6 +65,10 @@ static void *my_realloc( void *ptr, size_t nbytes,
 	struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx );
 static void my_free( void *ptr,
 	struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx );
+	
+int sbn_bin2bignum ( struct NFast_Bignum **ppBN_out,
+			struct NFast_Application *app,
+			const unsigned char *bin, const int size );
 
 void PrintArray( char *pStr, const unsigned char *pData, int length );
 
@@ -91,6 +95,41 @@ static void my_free( void *ptr,
 	free( ptr );
 }
 
+// bin データを NFastApp の BigNum データに変換する
+int sbn_bin2bignum ( struct NFast_Bignum **ppBN_out,
+			struct NFast_Application *app,
+			const unsigned char *bin, const int size )
+{
+	struct NFast_Bignum *pBN;
+	int len, i;
+
+	len = size;
+
+	if ( len > MAXBIGNUMBITS/4 ) return Status_OutOfRange;
+
+	pBN = (struct NFast_Bignum *)NFastApp_Malloc( app, sizeof(struct NFast_Bignum), NULL, NULL );
+	if ( !pBN ) return NOMEM;
+
+	pBN->msb_first = 0;
+	pBN->msw_first = 0;
+
+	for ( i = 0; i < len; i++ )
+		pBN->bytes[i] = bin[len-1-i];
+
+	while ( (i & 3) != 0 )
+		pBN->bytes[i++] = 0;
+
+	pBN->nbytes = i;
+
+	*ppBN_out = pBN;
+
+#if 0
+	PrintArray( (char*)"bin2bn array", (const char*)pBN->bytes, pBN->nbytes );
+#endif
+
+	return Status_OK;
+}	// sbn_bin2bignum
+
 void PrintArray( char *pStr, const unsigned char *pData, int length )
 {
 	int i;
@@ -123,6 +162,7 @@ int main( int argc, char *argv[] )
 	M_KeyID ltid;	// the cardset loaded into the module
 	M_KeyID keyid;
 	NFKM_Key *keyinfo;
+	NFKM_CardSet *cardset = NULL;
 	
 	if ( argc == 2 )
 		rand_size = atoi( argv[1] );
@@ -296,7 +336,7 @@ int main( int argc, char *argv[] )
 	}
 #endif
 
-#if 1	
+#if 0
 	// list cardsets
 	int card_num;
 	NFKM_CardSetIdent *cardident = NULL;
@@ -308,7 +348,6 @@ int main( int argc, char *argv[] )
 	}
 	
 	// find cardsets
-	NFKM_CardSet *cardset = NULL;
 	result = NFKM_findcardset( handle, cardident, &cardset, NULL );
 	if ( result != Status_OK )
 	{	
@@ -351,7 +390,10 @@ int main( int argc, char *argv[] )
 	// make ACL
 	NFKM_MakeACLParams map;
 	memset( &map, 0, sizeof( map ) );
-	map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
+	if ( cardset != NULL )
+		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
+	else
+		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule;
 	// 暗号化と復号化、署名とベリファイなど、相反する操作を持たせることはできない(エラーになる)
 	// e.g. NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY -> エラー
 	// e.g. NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT -> エラー
@@ -388,50 +430,50 @@ int main( int argc, char *argv[] )
 	struct NFast_Bignum *eBn = NULL;
 	{
 		// p
-		result = my_bin2bignum( &pBn, handle, pPtr, pLen );
+		result = sbn_bin2bignum( &pBn, handle, pPtr, pLen );
 		if ( result != Status_OK )
 		{
-			printf( "error(%d) : my_bin2bignum( p )\n", result );
+			printf( "error(%d) : sbn_bin2bignum( p )\n", result );
 			return 0;
 		}
 		
 		// q
-		result = my_bin2bignum( &qBn, handle, qPtr, qLen );
+		result = sbn_bin2bignum( &qBn, handle, qPtr, qLen );
 		if ( result != Status_OK )
 		{
-			printf( "error(%d) : my_bin2bignum( q )\n", result );
+			printf( "error(%d) : sbn_bin2bignum( q )\n", result );
 			return 0;
 		}
 		
 		// dmp1
-		result = my_bin2bignum( &dmp1Bn, handle, dmp1Ptr, dmp1Len );
+		result = sbn_bin2bignum( &dmp1Bn, handle, dmp1Ptr, dmp1Len );
 		if ( result != Status_OK )
 		{
-			printf( "error(%d) : my_bin2bignum( dmp1 )\n", result );
+			printf( "error(%d) : sbn_bin2bignum( dmp1 )\n", result );
 			return 0;
 		}
 		
 		// dmq1
-		result = my_bin2bignum( &dmq1Bn, handle, dmq1Ptr, dmq1Len );
+		result = sbn_bin2bignum( &dmq1Bn, handle, dmq1Ptr, dmq1Len );
 		if ( result != Status_OK )
 		{
-			printf( "error(%d) : my_bin2bignum( dmq1 )\n", result );
+			printf( "error(%d) : sbn_bin2bignum( dmq1 )\n", result );
 			return 0;
 		}
 		
 		// iqmp
-		result = my_bin2bignum( &iqmpBn, handle, iqmpPtr, iqmpLen );
+		result = sbn_bin2bignum( &iqmpBn, handle, iqmpPtr, iqmpLen );
 		if ( result != Status_OK )
 		{
-			printf( "error(%d) : my_bin2bignum( iqmp )\n", result );
+			printf( "error(%d) : sbn_bin2bignum( iqmp )\n", result );
 			return 0;
 		}
 		
 		// e
-		result = my_bin2bignum( &eBn, handle, ePtr, eLen );
+		result = sbn_bin2bignum( &eBn, handle, ePtr, eLen );
 		if ( result != Status_OK )
 		{
-			printf( "error(%d) : my_bin2bignum( e )\n", result );
+			printf( "error(%d) : sbn_bin2bignum( e )\n", result );
 			return 0;
 		}
 	}