diff --git a/hsm_utils/import_ecc_keypair.c b/hsm_utils/import_ecc_keypair.c index 61cee99..37dc659 100644 --- a/hsm_utils/import_ecc_keypair.c +++ b/hsm_utils/import_ecc_keypair.c @@ -11,6 +11,8 @@ #include #include #include +#include +#include "ec_lcl.h" #include #include #include @@ -26,8 +28,8 @@ #include "mybignum.h" -#define PRIV_KEY_FILE "/opt/nfast/work/rsa-priv-key2048.der" -#define PUB_KEY_FILE "/opt/nfast/work/rsa-pub-key2048.der" +#define PRIV_KEY_FILE "./test_key/test-ecc-privkey.der" +#define PUB_KEY_FILE "./test_key/test-ecc-pubkey.der" #define MODULE_ID 1 #define DATA_LEN 256 // bytes @@ -67,6 +69,8 @@ static void my_free( void *ptr, struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); void PrintArray( char *pStr, const unsigned char *pData, int length ); +int BN_bn2binWrapper( BIGNUM *bn, unsigned char **ptr, int *len ); +int my_bin2bignumWrapper( NFast_AppHandle app, unsigned char *ptr, struct NFast_Bignum **nbn, int size ); const NFast_MallocUpcalls my_malloc_upcalls = { @@ -103,6 +107,29 @@ void PrintArray( char *pStr, const unsigned char *pData, int length ) printf( "\n" ); } +int BN_bn2binWrapper( BIGNUM *bn, unsigned char **ptr, int *len ) +{ + *len = BN_num_bytes( bn ); + *ptr = (unsigned char*)malloc( *len ); + if ( *len != BN_bn2bin( bn, *ptr ) ) + { + printf( "BN_bn2binWrapper failed!\n" ); + return 1; + } + return 0; +} // BN_bn2binWrapper + +int my_bin2bignumWrapper( NFast_AppHandle app, unsigned char *ptr, struct NFast_Bignum **nbn, int size ) +{ + int result = my_bin2bignum( nbn, app, ptr, size ); + if ( result != Status_OK ) + { + printf( "error(%d) : my_bin2bignumWrapper\n", result ); + return result; + } + return 0; +} // my_bin2bignumWrapper + int main( int argc, char *argv[] ) { int i; @@ -122,13 +149,14 @@ int main( int argc, char *argv[] ) RQCard_FIPS fips; M_KeyID ltid; // the cardset loaded into the module M_KeyID keyid; - NFKM_Key *keyinfo; + NFKM_Key *keyinfo = NULL; + NFKM_CardSet *cardset = NULL; if ( argc == 2 ) rand_size = atoi( argv[1] ); - // load rsa data (private) - RSA *privkey = NULL; + // load ecc data (private) + EC_KEY *privkey = NULL; FILE *fp; fp = fopen( PRIV_KEY_FILE, "rb" ); if ( !fp ) @@ -136,85 +164,88 @@ int main( int argc, char *argv[] ) printf( "error : open %s file\n", PRIV_KEY_FILE ); return 0; } - privkey = d2i_RSAPrivateKey_fp( fp, NULL ); + privkey = d2i_ECPrivateKey_fp( fp, NULL ); if ( !privkey ) { - printf( "error : d2i_RSAPrivateKey_fp\n" ); + printf( "error : d2i_ECPrivateKey_fp\n" ); return 0; } + fclose( fp ); + + // load ecc data (public) + EC_KEY *pubkey = NULL; + fp = fopen( PUB_KEY_FILE, "rb" ); + if ( !fp ) + { + printf( "error : open %s file\n", PUB_KEY_FILE ); + return 0; + } + pubkey = d2i_EC_PUBKEY_fp( fp, NULL ); + if ( !pubkey ) + { + printf( "error : d2i_EC_PUBKEY_fp\n" ); + return 0; + } + fclose( fp ); -#if 0 - printf( "RSA(p) : %d bytes\n", BN_num_bytes( privkey->p ) ); - printf( "RSA(q) : %d bytes\n", BN_num_bytes( privkey->q ) ); - printf( "RSA(dmp1) : %d bytes\n", BN_num_bytes( privkey->dmp1 ) ); - printf( "RSA(dmq1) : %d bytes\n", BN_num_bytes( privkey->dmq1 ) ); - printf( "RSA(iqmp) : %d bytes\n", BN_num_bytes( privkey->iqmp ) ); - printf( "RSA(e) : %d bytes\n", BN_num_bytes( privkey->e ) ); +#if 1 + printf( "EC pravate element\n" ); + printf( "EC curve name : %d\n", privkey->group->curve_name ); + printf( "EC(F->data->prime->p) : %d bytes\n", BN_num_bytes( &(privkey->group->field) ) ); + printf( "poly : " ); + for ( i = 0; i < 5; i++ ) + printf( "%d ", privkey->group->poly[i] ); + printf( "\n" ); + printf( "EC(a) : %d bytes\n", BN_num_bytes( &(privkey->group->a) ) ); + printf( "EC(b) : %d bytes\n", BN_num_bytes( &(privkey->group->b) ) ); + printf( "EC(g->x) : %d bytes\n", BN_num_bytes( &(privkey->group->generator->X) ) ); + printf( "EC(g->y) : %d bytes\n", BN_num_bytes( &(privkey->group->generator->Y) ) ); + printf( "EC(r) : %d bytes\n", BN_num_bytes( &(privkey->group->order) ) ); + printf( "EC(h) : %d bytes\n", BN_num_bytes( &(privkey->group->cofactor) ) ); + printf( "EC(d) : %d bytes\n", BN_num_bytes( privkey->priv_key ) ); #endif - // p - unsigned char *pPtr; - int pLen = BN_num_bytes( privkey->p ); - pPtr = (char *)malloc( pLen ); - if ( pLen != BN_bn2bin( privkey->p, pPtr ) ) - { - printf( "BN_bn2bin failed!(p)\n" ); - } - - // q - unsigned char *qPtr; - int qLen = BN_num_bytes( privkey->q ); - qPtr = (char *)malloc( qLen ); - if ( qLen != BN_bn2bin( privkey->q, qPtr ) ) - { - printf( "BN_bn2bin failed!(q)\n" ); - } - - // dmp1 - unsigned char *dmp1Ptr; - int dmp1Len = BN_num_bytes( privkey->dmp1 ); - dmp1Ptr = (char *)malloc( dmp1Len ); - if ( dmp1Len != BN_bn2bin( privkey->dmp1, dmp1Ptr ) ) - { - printf( "BN_bn2bin failed!(dmp1)\n" ); - } - - // dmq1 - unsigned char *dmq1Ptr; - int dmq1Len = BN_num_bytes( privkey->dmq1 ); - dmq1Ptr = (char *)malloc( dmq1Len ); - if ( dmq1Len != BN_bn2bin( privkey->dmq1, dmq1Ptr ) ) - { - printf( "BN_bn2bin failed!(dmq1)\n" ); - } - - // iqmp - unsigned char *iqmpPtr; - int iqmpLen = BN_num_bytes( privkey->iqmp ); - iqmpPtr = (char *)malloc( iqmpLen ); - if ( iqmpLen != BN_bn2bin( privkey->iqmp, iqmpPtr ) ) - { - printf( "BN_bn2bin failed!(dmq1)\n" ); - } - - // e - unsigned char *ePtr; - int eLen = BN_num_bytes( privkey->e ); - ePtr = (char *)malloc( eLen ); - if ( eLen != BN_bn2bin( privkey->e, ePtr ) ) - { - printf( "BN_bn2bin failed!(e)\n" ); - } - +#if 0 + printf( "EC public element\n" ); + printf( "EC curve name : %d\n", pubkey->group->curve_name ); + printf( "EC(F->data->prime->p) : %d bytes\n", BN_num_bytes( &(pubkey->group->field) ) ); + printf( "poly : " ); + for ( i = 0; i < 5; i++ ) + printf( "%d ", pubkey->group->poly[i] ); printf( "\n" ); + printf( "EC(a) : %d bytes\n", BN_num_bytes( &(pubkey->group->a) ) ); + printf( "EC(b) : %d bytes\n", BN_num_bytes( &(pubkey->group->b) ) ); + printf( "EC(g->x) : %d bytes\n", BN_num_bytes( &(pubkey->group->generator->X) ) ); + printf( "EC(g->y) : %d bytes\n", BN_num_bytes( &(pubkey->group->generator->Y) ) ); + printf( "EC(r) : %d bytes\n", BN_num_bytes( &(pubkey->group->order) ) ); + printf( "EC(h) : %d bytes\n", BN_num_bytes( &(pubkey->group->cofactor) ) ); + printf( "EC(Q->x) : %d bytes\n", BN_num_bytes( &(pubkey->pub_key->X) ) ); + printf( "EC(Q->y) : %d bytes\n", BN_num_bytes( &(pubkey->pub_key->Y) ) ); +#endif + + // OpenSSL Bignum to Binary + // private + int fdppLen, aLen, bLen, gxLen, gyLen, rLen, hLen, dLen; + unsigned char *fdppPtr, *aPtr, *bPtr, *gxPtr, *gyPtr, *rPtr, *hPtr, *dPtr; + fdppPtr = aPtr = bPtr = gxPtr = gyPtr = rPtr = hPtr = NULL; + BN_bn2binWrapper( &(privkey->group->field), &fdppPtr, &fdppLen ); + BN_bn2binWrapper( &(privkey->group->a), &aPtr, &aLen ); + BN_bn2binWrapper( &(privkey->group->b), &bPtr, &bLen ); + BN_bn2binWrapper( &(privkey->group->generator->X), &gxPtr, &gxLen ); + BN_bn2binWrapper( &(privkey->group->generator->Y), &gyPtr, &gyLen ); + BN_bn2binWrapper( &(privkey->group->order), &rPtr, &rLen ); + BN_bn2binWrapper( &(privkey->group->cofactor), &hPtr, &hLen ); + BN_bn2binWrapper( privkey->priv_key, &dPtr, &dLen ); #if 0 - printf( "RSA(p) : 0x%08X\n", (unsigned int)pPtr ); - printf( "RSA(q) : 0x%08X\n", (unsigned int)qPtr ); - printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)dmp1Ptr ); - printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)dmq1Ptr ); - printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)iqmpPtr ); - printf( "RSA(e) : 0x%08X\n", (unsigned int)ePtr ); + printf( "fdpp : 0x%08X\n", (unsigned int)fdppPtr ); + printf( "a : 0x%08X\n", (unsigned int)aPtr ); + printf( "b : 0x%08X\n", (unsigned int)bPtr ); + printf( "gx : 0x%08X\n", (unsigned int)gxPtr ); + printf( "gy : 0x%08X\n", (unsigned int)gyPtr ); + printf( "r : 0x%08X\n", (unsigned int)rPtr ); + printf( "h : 0x%08X\n", (unsigned int)hPtr ); + printf( "d : 0x%08X\n", (unsigned int)dPtr ); #endif // init nFast @@ -226,7 +257,8 @@ int main( int argc, char *argv[] ) } // connecting to hardserver - result = NFastApp_Connect( handle, &nc, 0, NULL ); + //result = NFastApp_Connect( handle, &nc, 0, NULL ); + result = NFastApp_Connect( handle, &nc, NFastApp_ConnectionFlags_Privileged, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFastApp_Connect\n", result ); @@ -296,7 +328,7 @@ int main( int argc, char *argv[] ) } #endif -#if 1 +#if 0 // no card // list cardsets int card_num; NFKM_CardSetIdent *cardident = NULL; @@ -308,7 +340,6 @@ int main( int argc, char *argv[] ) } // find cardsets - NFKM_CardSet *cardset = NULL; result = NFKM_findcardset( handle, cardident, &cardset, NULL ); if ( result != Status_OK ) { @@ -346,109 +377,118 @@ int main( int argc, char *argv[] ) if ( result != Status_OK ) { printf( "error(%d) : NFKM_getusablemodule\n", result ); + return 0; } +#if 1 + // ECC enable + cmd.cmd = Cmd_StaticFeatureEnable; + cmd.args.staticfeatureenable.module = MODULE_ID; + cmd.args.staticfeatureenable.info.ver = 0; // ??? + //cmd.args.staticfeatureenable.info.ctrl = FeatureInfo_ctrl_Add | FeatureInfo_ctrl_LongTerm; + cmd.args.staticfeatureenable.info.ctrl = FeatureInfo_ctrl_LongTerm; + //cmd.args.staticfeatureenable.info.features = FeatureInfo_features_EllipticCurve | FeatureInfo_features_ECCMQV | FeatureInfo_features_AcceleratedECC; + cmd.args.staticfeatureenable.info.features = FeatureInfo_features_EllipticCurve; + result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : Cmd_StaticFeatureEnable\n", result ); + } + result = reply.status; + if ( result != Status_OK ) + { + printf( "error(%d) : Cmd_StaticFeatureEnable(reply)\n", result ); + } + memset( &cmd, 0, sizeof( cmd ) ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); +#endif + // make ACL NFKM_MakeACLParams map; memset( &map, 0, sizeof( map ) ); - map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; + if ( cardset != NULL ) + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; + else + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule; // 暗号化と復号化、署名とベリファイなど、相反する操作を持たせることはできない(エラーになる) // e.g. NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY -> エラー // e.g. NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT -> エラー - map.op_base = NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_DECRYPT; + map.op_base = NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_ENCRYPT; map.cs = cardset; result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); + return 0; } + + // convert OpenSSL binary -> NFast_Bignum(M_Bignum) + struct NFast_Bignum *fdppBn, *aBn, *bBn, *gxBn, *gyBn, *rBn, *hBn, *dBn; + fdppBn = aBn = bBn = gxBn = gyBn = rBn = hBn = dBn = NULL; + my_bin2bignumWrapper( handle, fdppPtr, &fdppBn, fdppLen ); + my_bin2bignumWrapper( handle, aPtr, &aBn, aLen ); + my_bin2bignumWrapper( handle, bPtr, &bBn, bLen ); + my_bin2bignumWrapper( handle, gxPtr, &gxBn, gxLen ); + my_bin2bignumWrapper( handle, gyPtr, &gyBn, gyLen ); + my_bin2bignumWrapper( handle, rPtr, &rBn, rLen ); + my_bin2bignumWrapper( handle, hPtr, &hBn, hLen ); + my_bin2bignumWrapper( handle, dPtr, &dBn, dLen ); + +#if 1 + printf( "fdpp : 0x%08X\n", (unsigned int)fdppBn ); + printf( "a : 0x%08X\n", (unsigned int)aBn ); + printf( "b : 0x%08X\n", (unsigned int)bBn ); + printf( "gx : 0x%08X\n", (unsigned int)gxBn ); + printf( "gy : 0x%08X\n", (unsigned int)gyBn ); + printf( "r : 0x%08X\n", (unsigned int)rBn ); + printf( "h : 0x%08X\n", (unsigned int)hBn ); + printf( "d : 0x%08X\n", (unsigned int)dBn ); +#endif + printf( "setting ...\n" ); + + // import key + NFKM_KeyIdent keyident = { (char*)"simple", (char*)"ecc-import-privkey" }; + cmd.cmd = Cmd_Import; + cmd.args.import.module = MODULE_ID; + cmd.args.import.data.type = KeyType_ECPrivate; + cmd.args.import.data.data.ecprivate.curve.name = ECName_NISTK233; + //cmd.args.import.data.data.ecprivate.curve.name = ECName_NISTB233; + #if 0 - // set bignum upcalls setting - result = NFastApp_SetBignumUpcalls( - handle, - my_bignumreceiveupcall, - my_bignumsendlenupcall, - my_bignumsendupcall, - my_bignumfreeupcall, - my_bignumformatupcall, - NULL ); - if ( result != Status_OK ) + cmd.args.import.data.data.ecprivate.curve.data.custom.F.type = FieldType_Prime; + cmd.args.import.data.data.ecprivate.curve.data.custom.F.data.prime.flags = 0; // ??? + cmd.args.import.data.data.ecprivate.curve.data.custom.F.data.prime.p = fdppBn; + cmd.args.import.data.data.ecprivate.curve.data.custom.a = aBn; + cmd.args.import.data.data.ecprivate.curve.data.custom.b = bBn; + cmd.args.import.data.data.ecprivate.curve.data.custom.g.flags = ECPoint_flags_Infinity; // ??? (valid flags is ECPoint_flags_Infinity only.) + cmd.args.import.data.data.ecprivate.curve.data.custom.g.x = gxBn; + cmd.args.import.data.data.ecprivate.curve.data.custom.g.x = gyBn; + cmd.args.import.data.data.ecprivate.curve.data.custom.r = rBn; + cmd.args.import.data.data.ecprivate.curve.data.custom.h = hPtr[0]; +#else + cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.type = FieldType_Binary; + cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.flags = FieldType_Binary_Data_flags_beta_present; + cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.n_exponents = 5; + cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.exponents = (M_Word*)privkey->group->poly; + for ( i = 0; i < 5; i++ ) { - printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result ); + printf ( "%d ", (int)cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.exponents[i] ); } + printf( "\n" ); + cmd.args.import.data.data.ecprivate.curve.data.customlcf.F.data.binary.beta = &fdppBn; + cmd.args.import.data.data.ecprivate.curve.data.customlcf.a = aBn; + cmd.args.import.data.data.ecprivate.curve.data.customlcf.b = bBn; + cmd.args.import.data.data.ecprivate.curve.data.customlcf.g.flags = 0; // ??? (valid flags is ECPoint_flags_Infinity only.) + cmd.args.import.data.data.ecprivate.curve.data.customlcf.g.x = gxBn; + cmd.args.import.data.data.ecprivate.curve.data.customlcf.g.x = gyBn; + cmd.args.import.data.data.ecprivate.curve.data.customlcf.r = rBn; + cmd.args.import.data.data.ecprivate.curve.data.customlcf.h = hBn; #endif - - // convert bin -> M_Bignum - struct NFast_Bignum *pBn = NULL; - struct NFast_Bignum *qBn = NULL; - struct NFast_Bignum *dmp1Bn = NULL; - struct NFast_Bignum *dmq1Bn = NULL; - struct NFast_Bignum *iqmpBn = NULL; - struct NFast_Bignum *eBn = NULL; - { - // p - result = my_bin2bignum( &pBn, handle, pPtr, pLen ); - if ( result != Status_OK ) - { - printf( "error(%d) : my_bin2bignum( p )\n", result ); - return 0; - } - - // q - result = my_bin2bignum( &qBn, handle, qPtr, qLen ); - if ( result != Status_OK ) - { - printf( "error(%d) : my_bin2bignum( q )\n", result ); - return 0; - } - - // dmp1 - result = my_bin2bignum( &dmp1Bn, handle, dmp1Ptr, dmp1Len ); - if ( result != Status_OK ) - { - printf( "error(%d) : my_bin2bignum( dmp1 )\n", result ); - return 0; - } - - // dmq1 - result = my_bin2bignum( &dmq1Bn, handle, dmq1Ptr, dmq1Len ); - if ( result != Status_OK ) - { - printf( "error(%d) : my_bin2bignum( dmq1 )\n", result ); - return 0; - } - - // iqmp - result = my_bin2bignum( &iqmpBn, handle, iqmpPtr, iqmpLen ); - if ( result != Status_OK ) - { - printf( "error(%d) : my_bin2bignum( iqmp )\n", result ); - return 0; - } - - // e - result = my_bin2bignum( &eBn, handle, ePtr, eLen ); - if ( result != Status_OK ) - { - printf( "error(%d) : my_bin2bignum( e )\n", result ); - return 0; - } - } + cmd.args.import.data.data.ecprivate.d = dBn; printf( "import ...\n" ); - // import key - NFKM_KeyIdent keyident = { (char*)"simple", (char*)"rsa-import-privkey" }; - cmd.cmd = Cmd_Import; - cmd.args.import.module = MODULE_ID; - cmd.args.import.data.type = KeyType_RSAPrivate; - cmd.args.import.data.data.rsaprivate.p = pBn; - cmd.args.import.data.data.rsaprivate.q = qBn; - cmd.args.import.data.data.rsaprivate.dmp1 = dmp1Bn; - cmd.args.import.data.data.rsaprivate.dmq1 = dmq1Bn; - cmd.args.import.data.data.rsaprivate.iqmp = iqmpBn; - cmd.args.import.data.data.rsaprivate.e = eBn; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { @@ -462,7 +502,9 @@ int main( int argc, char *argv[] ) printf( "keyid : 0x%08X\n", (unsigned int)reply.reply.import.key ); printf( "done. next : make blob ...\n" ); - + +#if 0 + // make blobs NFKM_MakeBlobsParams mbp; NFKM_Key reg_key; @@ -690,7 +732,7 @@ int main( int argc, char *argv[] ) NFKM_freeinfo( handle, &world, NULL ); NFastApp_Disconnect( nc, NULL ); NFastApp_Finish( handle, NULL ); - +#endif return 0; } // main diff --git a/hsm_utils/import_rsa_keypair.c b/hsm_utils/import_rsa_keypair.c index 9bb520e..3725460 100644 --- a/hsm_utils/import_rsa_keypair.c +++ b/hsm_utils/import_rsa_keypair.c @@ -65,6 +65,10 @@ static void *my_realloc( void *ptr, size_t nbytes, struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); static void my_free( void *ptr, struct NFast_Call_Context *cctx, struct NFast_Transaction_Context *tctx ); + +int sbn_bin2bignum ( struct NFast_Bignum **ppBN_out, + struct NFast_Application *app, + const unsigned char *bin, const int size ); void PrintArray( char *pStr, const unsigned char *pData, int length ); @@ -91,6 +95,41 @@ static void my_free( void *ptr, free( ptr ); } +// bin データを NFastApp の BigNum データに変換する +int sbn_bin2bignum ( struct NFast_Bignum **ppBN_out, + struct NFast_Application *app, + const unsigned char *bin, const int size ) +{ + struct NFast_Bignum *pBN; + int len, i; + + len = size; + + if ( len > MAXBIGNUMBITS/4 ) return Status_OutOfRange; + + pBN = (struct NFast_Bignum *)NFastApp_Malloc( app, sizeof(struct NFast_Bignum), NULL, NULL ); + if ( !pBN ) return NOMEM; + + pBN->msb_first = 0; + pBN->msw_first = 0; + + for ( i = 0; i < len; i++ ) + pBN->bytes[i] = bin[len-1-i]; + + while ( (i & 3) != 0 ) + pBN->bytes[i++] = 0; + + pBN->nbytes = i; + + *ppBN_out = pBN; + +#if 0 + PrintArray( (char*)"bin2bn array", (const char*)pBN->bytes, pBN->nbytes ); +#endif + + return Status_OK; +} // sbn_bin2bignum + void PrintArray( char *pStr, const unsigned char *pData, int length ) { int i; @@ -123,6 +162,7 @@ int main( int argc, char *argv[] ) M_KeyID ltid; // the cardset loaded into the module M_KeyID keyid; NFKM_Key *keyinfo; + NFKM_CardSet *cardset = NULL; if ( argc == 2 ) rand_size = atoi( argv[1] ); @@ -296,7 +336,7 @@ int main( int argc, char *argv[] ) } #endif -#if 1 +#if 0 // list cardsets int card_num; NFKM_CardSetIdent *cardident = NULL; @@ -308,7 +348,6 @@ int main( int argc, char *argv[] ) } // find cardsets - NFKM_CardSet *cardset = NULL; result = NFKM_findcardset( handle, cardident, &cardset, NULL ); if ( result != Status_OK ) { @@ -351,7 +390,10 @@ int main( int argc, char *argv[] ) // make ACL NFKM_MakeACLParams map; memset( &map, 0, sizeof( map ) ); - map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; + if ( cardset != NULL ) + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; + else + map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule; // 暗号化と復号化、署名とベリファイなど、相反する操作を持たせることはできない(エラーになる) // e.g. NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY -> エラー // e.g. NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT -> エラー @@ -388,50 +430,50 @@ int main( int argc, char *argv[] ) struct NFast_Bignum *eBn = NULL; { // p - result = my_bin2bignum( &pBn, handle, pPtr, pLen ); + result = sbn_bin2bignum( &pBn, handle, pPtr, pLen ); if ( result != Status_OK ) { - printf( "error(%d) : my_bin2bignum( p )\n", result ); + printf( "error(%d) : sbn_bin2bignum( p )\n", result ); return 0; } // q - result = my_bin2bignum( &qBn, handle, qPtr, qLen ); + result = sbn_bin2bignum( &qBn, handle, qPtr, qLen ); if ( result != Status_OK ) { - printf( "error(%d) : my_bin2bignum( q )\n", result ); + printf( "error(%d) : sbn_bin2bignum( q )\n", result ); return 0; } // dmp1 - result = my_bin2bignum( &dmp1Bn, handle, dmp1Ptr, dmp1Len ); + result = sbn_bin2bignum( &dmp1Bn, handle, dmp1Ptr, dmp1Len ); if ( result != Status_OK ) { - printf( "error(%d) : my_bin2bignum( dmp1 )\n", result ); + printf( "error(%d) : sbn_bin2bignum( dmp1 )\n", result ); return 0; } // dmq1 - result = my_bin2bignum( &dmq1Bn, handle, dmq1Ptr, dmq1Len ); + result = sbn_bin2bignum( &dmq1Bn, handle, dmq1Ptr, dmq1Len ); if ( result != Status_OK ) { - printf( "error(%d) : my_bin2bignum( dmq1 )\n", result ); + printf( "error(%d) : sbn_bin2bignum( dmq1 )\n", result ); return 0; } // iqmp - result = my_bin2bignum( &iqmpBn, handle, iqmpPtr, iqmpLen ); + result = sbn_bin2bignum( &iqmpBn, handle, iqmpPtr, iqmpLen ); if ( result != Status_OK ) { - printf( "error(%d) : my_bin2bignum( iqmp )\n", result ); + printf( "error(%d) : sbn_bin2bignum( iqmp )\n", result ); return 0; } // e - result = my_bin2bignum( &eBn, handle, ePtr, eLen ); + result = sbn_bin2bignum( &eBn, handle, ePtr, eLen ); if ( result != Status_OK ) { - printf( "error(%d) : my_bin2bignum( e )\n", result ); + printf( "error(%d) : sbn_bin2bignum( e )\n", result ); return 0; } }