// import key (+ encrypt, decrypt) test for nShield #include #include #include #include // openssl #include #include #include #include #include #include #include #include "nfastapp.h" #include "nfkm.h" #include "rqcard-applic.h" #include "rqcard-fips.h" //#include "picky-upcalls.h" #include "my_hsm_bignum.h" #include "my_hsm_alloc.h" #define PRIV_KEY_FILE "/opt/nfast/work/rsa-priv-key2048.der" #define PUB_KEY_FILE "/opt/nfast/work/rsa-pub-key2048.der" #define MODULE_ID 1 #define DATA_LEN 256 // bytes // RSA private key data typedef struct { struct NFast_Bignum *p; struct NFast_Bignum *q; struct NFast_Bignum *dmp1; struct NFast_Bignum *dmq1; struct NFast_Bignum *iqmp; struct NFast_Bignum *e; } RSAPrivateKeyDataBn; // RSA public key data typedef struct { struct NFast_Bignum *e; struct NFast_Bignum *n; } RSAPublicKeyDataBn; // global variable NFast_AppHandle handle; NFastApp_Connection nc; NFKM_WorldInfo *world = NULL; RQCard card; RQCard_FIPS fips; M_KeyID ltid = 0; // the cardset loaded into the module NFKM_CardSet *cardset = NULL; NFKM_ModuleInfo *moduleinfo = NULL; const NFKM_KeyIdent priv_keyident = { (char*)"simple", (char*)"rsa-import-privkey" }; const NFKM_KeyIdent pub_keyident = { (char*)"simple", (char*)"rsa-import-pubkey" }; unsigned char save_enc[DATA_LEN]; // function int importRSAPrivate( NFKM_KeyIdent keyident ); int importRSAPublic( NFKM_KeyIdent keyident ); int verifyRSAKeyPair( NFKM_KeyIdent priv_keyident, NFKM_KeyIdent pub_keyident ); void PrintArray( char *pStr, const unsigned char *pData, int length ); int importRSAPrivate( NFKM_KeyIdent keyident ) { int result = Status_OK; RSA *privkey = NULL; FILE *fp; unsigned char *pPtr, *qPtr, *dmp1Ptr, *dmq1Ptr, *iqmpPtr, *ePtr; int pLen, qLen, dmp1Len, dmq1Len, iqmpLen, eLen; M_Command cmd; M_Reply reply; NFKM_MakeACLParams map; NFKM_MakeBlobsParams mbp; NFKM_Key reg_key; RSAPrivateKeyDataBn privBn; pPtr = qPtr = dmp1Ptr = dmq1Ptr = iqmpPtr = ePtr = NULL; pLen = qLen = dmp1Len = dmq1Len = iqmpLen = eLen = 0; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); memset( &map, 0, sizeof( map ) ); memset( &mbp, 0, sizeof( mbp ) ); memset( ®_key, 0, sizeof( reg_key ) ); memset( &privBn, 0, sizeof( privBn ) ); // key data open fp = fopen( PRIV_KEY_FILE, "rb" ); if ( !fp ) { printf( "error : open %s file\n", PRIV_KEY_FILE ); return 1; } privkey = d2i_RSAPrivateKey_fp( fp, NULL ); if ( !privkey ) { printf( "error : d2i_RSAPrivateKey_fp\n" ); return 1; } fclose( fp ); #if 0 printf( "\nRSA(p) = " ); BN_print_fp( stdout, privkey->p ); printf( "\nRSA(q) = " ); BN_print_fp( stdout, privkey->q ); printf( "\nRSA(dmp1) = " ); BN_print_fp( stdout, privkey->dmp1 ); printf( "\nRSA(dmq1) = " ); BN_print_fp( stdout, privkey->dmq1 ); printf( "\nRSA(iqmp) = " ); BN_print_fp( stdout, privkey->iqmp ); printf( "\nRSA(e) = " ); BN_print_fp( stdout, privkey->e ); printf( "\n" ); #endif #if 0 printf( "RSA bignum(Openssl) size\n" ); printf( "RSA(p) : %d bytes\n", BN_num_bytes( privkey->p ) ); printf( "RSA(q) : %d bytes\n", BN_num_bytes( privkey->q ) ); printf( "RSA(dmp1) : %d bytes\n", BN_num_bytes( privkey->dmp1 ) ); printf( "RSA(dmq1) : %d bytes\n", BN_num_bytes( privkey->dmq1 ) ); printf( "RSA(iqmp) : %d bytes\n", BN_num_bytes( privkey->iqmp ) ); printf( "RSA(e) : %d bytes\n", BN_num_bytes( privkey->e ) ); #endif // RSA priv key の構成要素をそれぞれバイナリに変換 { // p pLen = BN_num_bytes( privkey->p ); pPtr = (unsigned char *)malloc( pLen ); if ( pLen != BN_bn2bin( privkey->p, pPtr ) ) { printf( "BN_bn2bin failed!(p)\n" ); return 1; } // q qLen = BN_num_bytes( privkey->q ); qPtr = (unsigned char *)malloc( qLen ); if ( qLen != BN_bn2bin( privkey->q, qPtr ) ) { printf( "BN_bn2bin failed!(q)\n" ); return 1; } // dmp1 dmp1Len = BN_num_bytes( privkey->dmp1 ); dmp1Ptr = (unsigned char *)malloc( dmp1Len ); if ( dmp1Len != BN_bn2bin( privkey->dmp1, dmp1Ptr ) ) { printf( "BN_bn2bin failed!(dmp1)\n" ); return 1; } // dmq1 dmq1Len = BN_num_bytes( privkey->dmq1 ); dmq1Ptr = (unsigned char *)malloc( dmq1Len ); if ( dmq1Len != BN_bn2bin( privkey->dmq1, dmq1Ptr ) ) { printf( "BN_bn2bin failed!(dmq1)\n" ); return 1; } // iqmp iqmpLen = BN_num_bytes( privkey->iqmp ); iqmpPtr = (unsigned char *)malloc( iqmpLen ); if ( iqmpLen != BN_bn2bin( privkey->iqmp, iqmpPtr ) ) { printf( "BN_bn2bin failed!(dmq1)\n" ); return 1; } // e eLen = BN_num_bytes( privkey->e ); ePtr = (unsigned char *)malloc( eLen ); if ( eLen != BN_bn2bin( privkey->e, ePtr ) ) { printf( "BN_bn2bin failed!(e)\n" ); return 1; } } // rsa bignum(openssl) -> bin #if 0 printf( "RSA bin addr\n" ); printf( "RSA(p) : 0x%08X\n", (unsigned int)pPtr ); printf( "RSA(q) : 0x%08X\n", (unsigned int)qPtr ); printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)dmp1Ptr ); printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)dmq1Ptr ); printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)iqmpPtr ); printf( "RSA(e) : 0x%08X\n", (unsigned int)ePtr ); #endif // バイナリをHSMのBignumに変換 { my_bin2bignum( &(privBn.p), handle, pPtr, pLen ); my_bin2bignum( &(privBn.q), handle, qPtr, qLen ); my_bin2bignum( &(privBn.dmp1), handle, dmp1Ptr, dmp1Len ); my_bin2bignum( &(privBn.dmq1), handle, dmq1Ptr, dmq1Len ); my_bin2bignum( &(privBn.iqmp), handle, iqmpPtr, iqmpLen ); my_bin2bignum( &(privBn.e), handle, ePtr, eLen ); free( pPtr ); free( qPtr ); free( dmp1Ptr ); free( dmq1Ptr ); free( iqmpPtr ); free( ePtr ); } #if 0 my_printbignum ( stdout, "RSA(p)", privBn.p ); my_printbignum ( stdout, "RSA(q)", privBn.q ); my_printbignum ( stdout, "RSA(dmp1)", privBn.dmp1 ); my_printbignum ( stdout, "RSA(dmq1)", privBn.dmq1 ); my_printbignum ( stdout, "RSA(iqmp)", privBn.iqmp ); my_printbignum ( stdout, "RSA(e)", privBn.e ); #endif #if 0 printf( "RSA bn addr\n" ); printf( "RSA(p) : 0x%08X\n", (unsigned int)privBn.p ); printf( "RSA(q) : 0x%08X\n", (unsigned int)privBn.q ); printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)privBn.dmp1 ); printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)privBn.dmq1 ); printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)privBn.iqmp ); printf( "RSA(e) : 0x%08X\n", (unsigned int)privBn.e ); #endif #if 0 // imm dec { struct NFast_Bignum *dec_bn = NULL; unsigned char *out = (unsigned char*)malloc( DATA_LEN ); my_bin2bignum( &(dec_bn), handle, save_enc, DATA_LEN ); M_Command cmd; M_Reply reply; cmd.cmd = Cmd_RSAImmedSignDecrypt; cmd.args.rsaimmedsigndecrypt.m = dec_bn; cmd.args.rsaimmedsigndecrypt.k_p = privBn.p; cmd.args.rsaimmedsigndecrypt.k_q = privBn.q; cmd.args.rsaimmedsigndecrypt.k_dmp1 = privBn.dmp1; cmd.args.rsaimmedsigndecrypt.k_dmq1 = privBn.dmq1; cmd.args.rsaimmedsigndecrypt.k_iqmp = privBn.iqmp; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { printf( "error(%d) : imm dec\n", result ); return 1; } result = reply.status; if ( result != Status_OK ) { printf( "error(%d) : imm dec(reply)\n", result ); return 1; } my_bignum2bin( out, DATA_LEN, handle, reply.reply.rsaimmedsigndecrypt.r ); PrintArray( (char*)"imm dec before", save_enc, DATA_LEN ); PrintArray( (char*)"imm dec after", out, reply.reply.rsaimmedsigndecrypt.r->nbytes ); } // imm dec #endif // make ACL if ( cardset != NULL ) map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet; else map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule; // 秘密鍵には DECRYPT と SIGN // 公開鍵には ENCRYPT と VERIFY しかセットできない?? map.op_base = NFKM_DEFOPPERMS_DECRYPT | NFKM_DEFOPPERMS_SIGN; map.cs = cardset; result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); return result; } // import key cmd.cmd = Cmd_Import; cmd.args.import.module = MODULE_ID; cmd.args.import.data.type = KeyType_RSAPrivate; cmd.args.import.data.data.rsaprivate.p = privBn.p; cmd.args.import.data.data.rsaprivate.q = privBn.q; cmd.args.import.data.data.rsaprivate.dmp1 = privBn.dmp1; cmd.args.import.data.data.rsaprivate.dmq1 = privBn.dmq1; cmd.args.import.data.data.rsaprivate.iqmp = privBn.iqmp; cmd.args.import.data.data.rsaprivate.e = privBn.e; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { printf( "error(%d) : Cmd_Import\n", result ); return 1; } result = reply.status; if ( result != Status_OK ) { printf( "error(%d) : Cmd_Import(reply)\n", result ); return 1; } #if 0 // decrypt test kokode { struct NFast_Bignum *dec_bn = NULL; unsigned char *out = (unsigned char*)malloc( DATA_LEN ); my_bin2bignum( &(dec_bn), handle, save_enc, DATA_LEN ); M_KeyID tempKey = reply.reply.import.key; NFastApp_Free_Reply( handle, NULL, NULL, &reply ); memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); cmd.cmd = Cmd_Decrypt; cmd.args.decrypt.flags = 0; cmd.args.decrypt.key = tempKey; cmd.args.decrypt.mech = Mech_RSApPKCS1; cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1; cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn; cmd.args.decrypt.reply_type = PlainTextType_Bignum; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result ); return 1; } result = reply.status; if ( result != Status_OK ) { printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result ); return 1; } my_bignum2bin( out, reply.reply.decrypt.plain.data.bignum.m->nbytes, handle, reply.reply.decrypt.plain.data.bignum.m ); PrintArray( (char*)"foo dec before", save_enc, DATA_LEN ); PrintArray( (char*)"foo dec after", out, reply.reply.decrypt.plain.data.bignum.m->nbytes ); } // decrypt test #endif // make blobs //reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8 //reg_key.name = keyident.ident; reg_key.appname = keyident.appname; reg_key.ident = keyident.ident; //time( &(reg_key.gentime) ); mbp.f = map.f; mbp.kpriv = reply.reply.import.key; mbp.lt = ltid; mbp.cs = cardset; result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, ®_key, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_newkey_makeblobsx\n", result ); return 1; } // record key to disk result = NFKM_recordkey( handle, ®_key, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_recordkey\n", result ); return 1; } // destroy key result = NFKM_cmd_destroy( handle, nc, 0, reply.reply.import.key, "destroy import key", NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_cmd_destroy\n", result ); return 1; } return result; } // import_rsa_private int importRSAPublic( NFKM_KeyIdent keyident ) { int result = Status_OK; RSA *pubkey = NULL; FILE *fp; unsigned char *ePtr, *nPtr; int eLen, nLen; M_Command cmd; M_Reply reply; NFKM_MakeACLParams map; NFKM_MakeBlobsParams mbp; NFKM_Key reg_key; RSAPublicKeyDataBn pubBn; ePtr = nPtr = NULL; eLen = nLen = 0; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); memset( &map, 0, sizeof( map ) ); memset( &mbp, 0, sizeof( mbp ) ); memset( ®_key, 0, sizeof( reg_key ) ); memset( &pubBn, 0, sizeof( pubBn ) ); // key data open fp = fopen( PUB_KEY_FILE, "rb" ); if ( !fp ) { printf( "error : open %s file\n", PUB_KEY_FILE ); return 1; } pubkey = d2i_RSA_PUBKEY_fp( fp, NULL ); if ( !pubkey ) { printf( "error : d2i_RSA_PUBKEY_fp\n" ); return 1; } fclose( fp ); #if 0 printf( "RSA bignum(Openssl) size\n" ); printf( "RSA(e) : %d bytes\n", BN_num_bytes( pubkey->e ) ); printf( "RSA(n) : %d bytes\n", BN_num_bytes( pubkey->n ) ); #endif // RSA public key の構成要素をそれぞれバイナリに変換 { // e eLen = BN_num_bytes( pubkey->e ); ePtr = (unsigned char *)malloc( eLen ); if ( eLen != BN_bn2bin( pubkey->e, ePtr ) ) { printf( "BN_bn2bin failed!(e)\n" ); return 1; } // n nLen = BN_num_bytes( pubkey->n ); nPtr = (unsigned char *)malloc( nLen ); if ( nLen != BN_bn2bin( pubkey->n, nPtr ) ) { printf( "BN_bn2bin failed!(n)\n" ); return 1; } } // rsa bignum(openssl) -> bin #if 0 printf( "RSA bin addr\n" ); printf( "RSA(e) : 0x%08X\n", (unsigned int)ePtr ); printf( "RSA(n) : 0x%08X\n", (unsigned int)nPtr ); #endif // バイナリをHSMのBignumに変換 { my_bin2bignum( &(pubBn.e), handle, ePtr, eLen ); my_bin2bignum( &(pubBn.n), handle, nPtr, nLen ); free( ePtr ); free( nPtr ); } #if 0 printf( "RSA bn addr\n" ); printf( "RSA(e) : 0x%08X\n", (unsigned int)pubBn.e ); printf( "RSA(n) : 0x%08X\n", (unsigned int)pubBn.n ); #endif #if 0 // imm enc { int i; struct NFast_Bignum *enc_bn = NULL; unsigned char *ptr = (unsigned char*)malloc( DATA_LEN - 11 ); unsigned char *out = (unsigned char*)malloc( DATA_LEN ); for ( i = 0; i < DATA_LEN - 11; i++ ) ptr[i] = ~i; my_bin2bignum( &(enc_bn), handle, ptr, DATA_LEN - 11 ); M_Command cmd; M_Reply reply; cmd.cmd = Cmd_RSAImmedVerifyEncrypt; cmd.args.rsaimmedverifyencrypt.m = enc_bn; cmd.args.rsaimmedverifyencrypt.k_e = pubBn.e; cmd.args.rsaimmedverifyencrypt.k_n = pubBn.n; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { printf( "error(%d) : imm enc\n", result ); return 1; } result = reply.status; if ( result != Status_OK ) { printf( "error(%d) : imm enc(reply)\n", result ); return 1; } my_bignum2bin( out, DATA_LEN, handle, reply.reply.rsaimmedsigndecrypt.r ); PrintArray( (char*)"imm enc before", ptr, DATA_LEN - 11 ); PrintArray( (char*)"imm enc after", out, reply.reply.rsaimmedsigndecrypt.r->nbytes ); memcpy( save_enc, out, DATA_LEN ); } // imm enc #endif // make ACL if ( cardset != NULL ) map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet | NFKM_NKF_PublicKey; else map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule | NFKM_NKF_PublicKey; // 秘密鍵には DECRYPT と SIGN // 公開鍵には ENCRYPT と VERIFY しかセットできない?? map.op_base = NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_VERIFY; map.cs = cardset; result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_newkey_makeaclx\n", result ); return result; } // import key cmd.cmd = Cmd_Import; cmd.args.import.module = MODULE_ID; cmd.args.import.data.type = KeyType_RSAPublic; cmd.args.import.data.data.rsapublic.e = pubBn.e; cmd.args.import.data.data.rsapublic.n = pubBn.n; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { printf( "error(%d) : Cmd_Import\n", result ); return 1; } result = reply.status; if ( result != Status_OK ) { printf( "error(%d) : Cmd_Import(reply)\n", result ); return 1; } // make blobs reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8 reg_key.name = keyident.ident; reg_key.appname = keyident.appname; reg_key.ident = keyident.ident; time( &(reg_key.gentime) ); mbp.f = map.f; mbp.kpub = reply.reply.import.key; mbp.lt = ltid; mbp.cs = cardset; result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, ®_key, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_newkey_makeblobsx\n", result ); return 1; } // record key to disk result = NFKM_recordkey( handle, ®_key, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_recordkey\n", result ); return 1; } // destroy key result = NFKM_cmd_destroy( handle, nc, 0, reply.reply.import.key, "destroy import key", NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_cmd_destroy\n", result ); return 1; } return result; } // import_rsa_public int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident ) { int i; int result = Status_OK; M_ByteBlock *blobptr = NULL; M_KeyID priv_keyid, pub_keyid; NFKM_Key *keyinfo = NULL; M_Command cmd; M_Reply reply; priv_keyid = pub_keyid = 0; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // find priv key result = NFKM_findkey( handle, priv_ident, &keyinfo, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_findkey(priv)\n", result ); return result; } // load priv key blob blobptr = &(keyinfo->privblob); result = NFKM_cmd_loadblob( handle, nc, moduleinfo->module, blobptr, ltid, &priv_keyid, "loading priv key blob", NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_cmd_loadblob(priv)\n", result ); return result; } NFKM_freekey( handle, keyinfo, NULL ); keyinfo = NULL; #if 0 // get priv key info cmd.cmd = Cmd_GetKeyInfo; cmd.args.getkeyinfo.key = priv_keyid; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result ); return result; } printf( "priv key ID : %08X\n", (unsigned int)priv_keyid ); printf( "priv keytype : %d\n", reply.reply.getkeyinfo.type ); NFastApp_Free_Command( handle, NULL, NULL, &cmd ); NFastApp_Free_Reply( handle, NULL, NULL, &reply ); memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); #endif // find pub key result = NFKM_findkey( handle, pub_ident, &keyinfo, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_findkey(pub)\n", result ); return result; } // load pub key blob blobptr = &(keyinfo->pubblob); // pub dakedo privblob result = NFKM_cmd_loadblob( handle, nc, moduleinfo->module, blobptr, ltid, &pub_keyid, "loading pub key blob", NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_cmd_loadblob(pub)\n", result ); return result; } NFKM_freekey( handle, keyinfo, NULL ); keyinfo = NULL; #if 0 // get priv key info cmd.cmd = Cmd_GetKeyInfo; cmd.args.getkeyinfo.key = pub_keyid; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result ); return result; } printf( "pub key ID : %08X\n", (unsigned int)pub_keyid ); printf( "pub keytype : %d\n", reply.reply.getkeyinfo.type ); NFastApp_Free_Command( handle, NULL, NULL, &cmd ); NFastApp_Free_Reply( handle, NULL, NULL, &reply ); memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); keyinfo = NULL; #endif // encrypt & dectypt test { unsigned char *beforePtr, *middlePtr, *afterPtr; int beforeLen, middleLen, afterLen; unsigned char *encPtr, *decPtr; struct NFast_Bignum *enc_bn, *dec_bn; M_Mech dec_mech; beforePtr = middlePtr = afterPtr = NULL; beforeLen = middleLen = afterLen = 0; encPtr = decPtr = NULL; enc_bn = dec_bn = NULL; // encrypt data setting beforeLen = DATA_LEN - 11; beforePtr = (unsigned char*)malloc( beforeLen ); for ( i = 0; i < beforeLen; i++ ) beforePtr[i] = ~i; my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen ); #if 0 // my_bignum2bin test unsigned char debug_buf[ DATA_LEN ]; PrintArray( (char*)"beforePtr", beforePtr, DATA_LEN ); printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" ); my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn ); PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN ); #endif // encrypt transact cmd.cmd = Cmd_Encrypt; cmd.args.encrypt.flags = 0; // Cmd_Encrypt_Args_flags_given_iv_present; cmd.args.encrypt.key = pub_keyid; cmd.args.encrypt.mech = Mech_RSApPKCS1; cmd.args.encrypt.plain.type = PlainTextType_Bignum; cmd.args.encrypt.plain.data.bignum.m = enc_bn; //cmd.args.encrypt.given_iv = NULL; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result ); return 1; } result = reply.status; if ( result != Status_OK ) { printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result ); return 1; } #if 0 if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes ) { printf( "error : output size isn't %d bytes!\n", DATA_LEN ); return 1; } #endif printf( "RSA data encrypt ok\n" ); // decrypt data setting middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes; middlePtr = (unsigned char*)malloc( middleLen ); my_bignum2bin( middlePtr, middleLen, handle, reply.reply.encrypt.cipher.data.rsappkcs1.m ); my_bin2bignum( &dec_bn, handle, middlePtr, middleLen ); dec_mech = reply.reply.encrypt.cipher.mech; NFastApp_Free_Command( handle, NULL, NULL, &cmd ); NFastApp_Free_Reply( handle, NULL, NULL, &reply ); memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // decrypt transact cmd.cmd = Cmd_Decrypt; cmd.args.decrypt.flags = 0; cmd.args.decrypt.key = priv_keyid; cmd.args.decrypt.mech = Mech_RSApPKCS1; cmd.args.decrypt.cipher.mech = dec_mech; cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn; cmd.args.decrypt.reply_type = PlainTextType_Bignum; result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL ); if ( result != Status_OK ) { printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result ); return 1; } result = reply.status; if ( result != Status_OK ) { printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result ); return 1; } #if 0 if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes ) { printf( "error : output size isn't %d bytes!\n", DATA_LEN ); return 1; } #endif printf( "RSA data decrypt ok\n" ); // after afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes; afterPtr = (unsigned char*)malloc( afterLen ); my_bignum2bin( afterPtr, afterLen, handle, reply.reply.decrypt.plain.data.bignum.m ); NFastApp_Free_Command( handle, NULL, NULL, &cmd ); NFastApp_Free_Reply( handle, NULL, NULL, &reply ); // data show PrintArray( (char*)"before", beforePtr, beforeLen ); PrintArray( (char*)"middle", middlePtr, middleLen ); PrintArray( (char*)"after", afterPtr, afterLen ); } // encrypt & decrypt return result; } // verify_rsa_keypair void PrintArray( char *pStr, const unsigned char *pData, int length ) { int i; printf( "%s(%d bytes)", pStr, length ); for ( i = 0; i < length; i++ ) { if ( (i % 16) == 0 ) printf( "\n" ); printf( "%02X ", pData[ i ] ); } printf( "\n" ); } // PrintArray int main( int argc, char *argv[] ) { int result = Status_OK; M_Command cmd; M_Reply reply; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // init nFast result = NFastApp_InitEx( &handle, NULL, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFastApp_InitEx\n", result ); return 1; } // connecting to hardserver result = NFastApp_Connect( handle, &nc, 0, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFastApp_Connect\n", result ); return 1; } // set bignum upcalls setting result = NFastApp_SetBignumUpcalls( handle, my_bignumreceiveupcall, my_bignumsendlenupcall, my_bignumsendupcall, my_bignumfreeupcall, my_bignumformatupcall, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result ); return 1; } // NFKM getinfo result = NFKM_getinfo( handle, &world, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_getinfo\n", result ); return 1; } // init card-loading lib result = RQCard_init( &card, handle, nc, world, NULL ); if ( result != Status_OK ) { printf( "error(%d) : RQCard_init\n", result ); return 1; } // init FIPS state result = RQCard_fips_init( &card, &fips ); if ( result != Status_OK ) { printf( "error(%d) : RQCard_fips_init\n", result ); return 1; } // ui select result = RQCard_ui_default( &card ); if ( result != Status_OK ) { printf( "error(%d) : RQCard_ui_default\n", result ); return 1; } // get strict-FIPS authorization #if 0 NFKM_FIPS140AuthHandle fipsHandle; M_SlotID slotId; result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId ); if ( result != Status_OK ) { printf( "error(%d) : RQCard_fips_get\n", result ); return 0; } if ( fipsHandle == NULL ) { printf( "this sworld isn't strict-FIPS.\n" ); } #endif #if 0 // list cardsets int card_num; NFKM_CardSetIdent *cardident = NULL; result = NFKM_listcardsets( handle, &card_num, &cardident, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_listcardsets\n", result ); return 0; } // find cardsets result = NFKM_findcardset( handle, cardident, &cardset, NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_findcardset\n", result ); return 0; } // load cardset result = RQCard_logic_ocs_specific( &card, &(cardset->hkltu), "Load Cardset" ); if ( result != Status_OK ) { printf( "error(%d) : RQCard_logic_ocs_specific\n", result ); return 0; } // use specific module : #1 // important!! : if you set resultplace=NULL, abort. (possibility is 100%) result = RQCard_whichmodule_specific( &card, world->modules[0]->module, <id ); if ( result != Status_OK ) { printf( "error(%d) : RQCard_whichmodule_specific\n", result ); } // wait event loop result = card.uf->eventloop( &card ); if ( result != Status_OK ) { printf( "error(%d) : card module event loop\n", result ); } #endif // get usable module moduleinfo = world->modules[0]; result = NFKM_getusablemodule( world, MODULE_ID, &moduleinfo ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_getusablemodule\n", result ); return 1; } #if 0 // RSA privkey のインポート result = importRSAPrivate( priv_keyident ); if ( result != Status_OK ) { printf( "error : importRSAPrivate\n" ); return 1; } printf( "RSA privkey import success.\n" ); #endif // RSA pubkey result = importRSAPublic( pub_keyident ); if ( result != Status_OK ) { printf( "error : importRSAPublic\n" ); return 1; } printf( "RSA pubkey import success.\n" ); // RSA privkey のインポート result = importRSAPrivate( priv_keyident ); if ( result != Status_OK ) { printf( "error : importRSAPrivate\n" ); return 1; } printf( "RSA privkey import success.\n" ); // list key #if 0 int key_num; NFKM_KeyIdent *keylist = NULL; result = NFKM_listkeys( handle, &key_num, &keylist, "simple", NULL ); if ( result != Status_OK ) { printf( "error(%d) : NFKM_listkeys\n", result ); } NFKM_KeyIdent **tkp = &keylist; for ( i = 0; i < key_num; i++ ) { printf( "appname : %s, ident : %s\n", tkp[i]->appname, tkp[i]->ident ); } #endif // verify key pair result = verifyRSAKeyPair( priv_keyident, pub_keyident ); if ( result != Status_OK ) { printf( "error : verifyRSAKeyPair\n" ); return 1; } printf( "RSA keypair verify success.\n" ); // end processing RQCard_fips_free( &card, &fips ); RQCard_destroy( &card ); NFKM_freeinfo( handle, &world, NULL ); NFastApp_Disconnect( nc, NULL ); NFastApp_Finish( handle, NULL ); return 0; } // main