rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
1f2beb8b01
ctr_eFuse/trunk/hsm_utils/import_rsa_keypair.c
n2460 1f2beb8b01 hsm_utils/import_ras_keypair:鍵ペアのパスを変更。 
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@221 ff987cc8-cf2f-4642-8568-d52cce064691
2013-10-08 11:48:45 +00:00

1008 lines
28 KiB
C
Raw Blame History

// import key (+ encrypt, decrypt) test for nShield
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
// openssl
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/aes.h>
#include <openssl/pem.h>
#include "nfastapp.h"
#include "nfkm.h"
#include "rqcard-applic.h"
#include "rqcard-fips.h"
//#include "picky-upcalls.h"
#include "my_hsm_bignum.h"
#include "my_hsm_alloc.h"
#define PRIV_KEY_FILE "./test_key/test-rsa-privkey2048.der"
#define PUB_KEY_FILE "./test_key/test-rsa-pubkey2048.der"
#define MODULE_ID 1
#define DATA_LEN 256 // bytes
// RSA private key data
typedef struct
{
struct NFast_Bignum *p;
struct NFast_Bignum *q;
struct NFast_Bignum *dmp1;
struct NFast_Bignum *dmq1;
struct NFast_Bignum *iqmp;
struct NFast_Bignum *e;
}
RSAPrivateKeyDataBn;
// RSA public key data
typedef struct
{
struct NFast_Bignum *e;
struct NFast_Bignum *n;
}
RSAPublicKeyDataBn;
// global variable
NFast_AppHandle handle;
NFastApp_Connection nc;
NFKM_WorldInfo *world = NULL;
RQCard card;
RQCard_FIPS fips;
M_KeyID ltid = 0; // the cardset loaded into the module
NFKM_CardSet *cardset = NULL;
NFKM_ModuleInfo *moduleinfo = NULL;
const NFKM_KeyIdent priv_keyident = { (char*)"simple", (char*)"rsa-import-privkey" };
const NFKM_KeyIdent pub_keyident = { (char*)"simple", (char*)"rsa-import-pubkey" };
unsigned char save_enc[DATA_LEN];
// function
int importRSAPrivate( NFKM_KeyIdent keyident );
int importRSAPublic( NFKM_KeyIdent keyident );
int verifyRSAKeyPair( NFKM_KeyIdent priv_keyident, NFKM_KeyIdent pub_keyident );
void PrintArray( char *pStr, const unsigned char *pData, int length );
int importRSAPrivate( NFKM_KeyIdent keyident )
{
int result = Status_OK;
RSA *privkey = NULL;
FILE *fp;
unsigned char *pPtr, *qPtr, *dmp1Ptr, *dmq1Ptr, *iqmpPtr, *ePtr;
int pLen, qLen, dmp1Len, dmq1Len, iqmpLen, eLen;
M_Command cmd;
M_Reply reply;
NFKM_MakeACLParams map;
NFKM_MakeBlobsParams mbp;
NFKM_Key reg_key;
RSAPrivateKeyDataBn privBn;
pPtr = qPtr = dmp1Ptr = dmq1Ptr = iqmpPtr = ePtr = NULL;
pLen = qLen = dmp1Len = dmq1Len = iqmpLen = eLen = 0;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
memset( &map, 0, sizeof( map ) );
memset( &mbp, 0, sizeof( mbp ) );
memset( &reg_key, 0, sizeof( reg_key ) );
memset( &privBn, 0, sizeof( privBn ) );
// key data open
fp = fopen( PRIV_KEY_FILE, "rb" );
if ( !fp )
{
printf( "error : open %s file\n", PRIV_KEY_FILE );
return 1;
}
privkey = d2i_RSAPrivateKey_fp( fp, NULL );
if ( !privkey )
{
printf( "error : d2i_RSAPrivateKey_fp\n" );
return 1;
}
fclose( fp );
#if 0
printf( "\nRSA(p) = " );
BN_print_fp( stdout, privkey->p );
printf( "\nRSA(q) = " );
BN_print_fp( stdout, privkey->q );
printf( "\nRSA(dmp1) = " );
BN_print_fp( stdout, privkey->dmp1 );
printf( "\nRSA(dmq1) = " );
BN_print_fp( stdout, privkey->dmq1 );
printf( "\nRSA(iqmp) = " );
BN_print_fp( stdout, privkey->iqmp );
printf( "\nRSA(e) = " );
BN_print_fp( stdout, privkey->e );
printf( "\n" );
#endif
#if 0
printf( "RSA bignum(Openssl) size\n" );
printf( "RSA(p) : %d bytes\n", BN_num_bytes( privkey->p ) );
printf( "RSA(q) : %d bytes\n", BN_num_bytes( privkey->q ) );
printf( "RSA(dmp1) : %d bytes\n", BN_num_bytes( privkey->dmp1 ) );
printf( "RSA(dmq1) : %d bytes\n", BN_num_bytes( privkey->dmq1 ) );
printf( "RSA(iqmp) : %d bytes\n", BN_num_bytes( privkey->iqmp ) );
printf( "RSA(e) : %d bytes\n", BN_num_bytes( privkey->e ) );
#endif
// RSA priv key <20>̍\<5C><><EFBFBD>v<EFBFBD>f<EFBFBD><66><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EA82BC><EFBFBD>o<EFBFBD>C<EFBFBD>i<EFBFBD><69><EFBFBD>ɕϊ<C995>
{
// p
pLen = BN_num_bytes( privkey->p );
pPtr = (unsigned char *)malloc( pLen );
if ( pLen != BN_bn2bin( privkey->p, pPtr ) )
{
printf( "BN_bn2bin failed!(p)\n" );
return 1;
}
// q
qLen = BN_num_bytes( privkey->q );
qPtr = (unsigned char *)malloc( qLen );
if ( qLen != BN_bn2bin( privkey->q, qPtr ) )
{
printf( "BN_bn2bin failed!(q)\n" );
return 1;
}
// dmp1
dmp1Len = BN_num_bytes( privkey->dmp1 );
dmp1Ptr = (unsigned char *)malloc( dmp1Len );
if ( dmp1Len != BN_bn2bin( privkey->dmp1, dmp1Ptr ) )
{
printf( "BN_bn2bin failed!(dmp1)\n" );
return 1;
}
// dmq1
dmq1Len = BN_num_bytes( privkey->dmq1 );
dmq1Ptr = (unsigned char *)malloc( dmq1Len );
if ( dmq1Len != BN_bn2bin( privkey->dmq1, dmq1Ptr ) )
{
printf( "BN_bn2bin failed!(dmq1)\n" );
return 1;
}
// iqmp
iqmpLen = BN_num_bytes( privkey->iqmp );
iqmpPtr = (unsigned char *)malloc( iqmpLen );
if ( iqmpLen != BN_bn2bin( privkey->iqmp, iqmpPtr ) )
{
printf( "BN_bn2bin failed!(dmq1)\n" );
return 1;
}
// e
eLen = BN_num_bytes( privkey->e );
ePtr = (unsigned char *)malloc( eLen );
if ( eLen != BN_bn2bin( privkey->e, ePtr ) )
{
printf( "BN_bn2bin failed!(e)\n" );
return 1;
}
} // rsa bignum(openssl) -> bin
#if 0
printf( "RSA bin addr\n" );
printf( "RSA(p) : 0x%08X\n", (unsigned int)pPtr );
printf( "RSA(q) : 0x%08X\n", (unsigned int)qPtr );
printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)dmp1Ptr );
printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)dmq1Ptr );
printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)iqmpPtr );
printf( "RSA(e) : 0x%08X\n", (unsigned int)ePtr );
#endif
// <20>o<EFBFBD>C<EFBFBD>i<EFBFBD><69><EFBFBD><EFBFBD>HSM<53><4D>Bignum<75>ɕϊ<C995>
{
my_bin2bignum( &(privBn.p), handle, pPtr, pLen );
my_bin2bignum( &(privBn.q), handle, qPtr, qLen );
my_bin2bignum( &(privBn.dmp1), handle, dmp1Ptr, dmp1Len );
my_bin2bignum( &(privBn.dmq1), handle, dmq1Ptr, dmq1Len );
my_bin2bignum( &(privBn.iqmp), handle, iqmpPtr, iqmpLen );
my_bin2bignum( &(privBn.e), handle, ePtr, eLen );
free( pPtr );
free( qPtr );
free( dmp1Ptr );
free( dmq1Ptr );
free( iqmpPtr );
free( ePtr );
}
#if 0
my_printbignum ( stdout, "RSA(p)", privBn.p );
my_printbignum ( stdout, "RSA(q)", privBn.q );
my_printbignum ( stdout, "RSA(dmp1)", privBn.dmp1 );
my_printbignum ( stdout, "RSA(dmq1)", privBn.dmq1 );
my_printbignum ( stdout, "RSA(iqmp)", privBn.iqmp );
my_printbignum ( stdout, "RSA(e)", privBn.e );
#endif
#if 0
printf( "RSA bn addr\n" );
printf( "RSA(p) : 0x%08X\n", (unsigned int)privBn.p );
printf( "RSA(q) : 0x%08X\n", (unsigned int)privBn.q );
printf( "RSA(dmp1) : 0x%08X\n", (unsigned int)privBn.dmp1 );
printf( "RSA(dmq1) : 0x%08X\n", (unsigned int)privBn.dmq1 );
printf( "RSA(iqmp) : 0x%08X\n", (unsigned int)privBn.iqmp );
printf( "RSA(e) : 0x%08X\n", (unsigned int)privBn.e );
#endif
#if 0
// imm dec
{
struct NFast_Bignum *dec_bn = NULL;
unsigned char *out = (unsigned char*)malloc( DATA_LEN );
my_bin2bignum( &(dec_bn), handle, save_enc, DATA_LEN );
M_Command cmd;
M_Reply reply;
cmd.cmd = Cmd_RSAImmedSignDecrypt;
cmd.args.rsaimmedsigndecrypt.m = dec_bn;
cmd.args.rsaimmedsigndecrypt.k_p = privBn.p;
cmd.args.rsaimmedsigndecrypt.k_q = privBn.q;
cmd.args.rsaimmedsigndecrypt.k_dmp1 = privBn.dmp1;
cmd.args.rsaimmedsigndecrypt.k_dmq1 = privBn.dmq1;
cmd.args.rsaimmedsigndecrypt.k_iqmp = privBn.iqmp;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : imm dec\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : imm dec(reply)\n", result );
return 1;
}
my_bignum2bin( out, DATA_LEN, handle, reply.reply.rsaimmedsigndecrypt.r );
PrintArray( (char*)"imm dec before", save_enc, DATA_LEN );
PrintArray( (char*)"imm dec after", out, reply.reply.rsaimmedsigndecrypt.r->nbytes );
} // imm dec
#endif
// make ACL
if ( cardset != NULL )
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
else
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule;
// <20><EFBFBD><E996A7><EFBFBD>ɂ<EFBFBD> DECRYPT <20><> SIGN
// <20><><EFBFBD>J<EFBFBD><4A><EFBFBD>ɂ<EFBFBD> ENCRYPT <20><> VERIFY <20><><EFBFBD><EFBFBD><EFBFBD>Z<EFBFBD>b<EFBFBD>g<EFBFBD>ł<EFBFBD><C582>Ȃ<EFBFBD><C882>H<EFBFBD>H
map.op_base = NFKM_DEFOPPERMS_DECRYPT | NFKM_DEFOPPERMS_SIGN;
map.cs = cardset;
result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_newkey_makeaclx\n", result );
return result;
}
// import key
cmd.cmd = Cmd_Import;
cmd.args.import.module = MODULE_ID;
cmd.args.import.data.type = KeyType_RSAPrivate;
cmd.args.import.data.data.rsaprivate.p = privBn.p;
cmd.args.import.data.data.rsaprivate.q = privBn.q;
cmd.args.import.data.data.rsaprivate.dmp1 = privBn.dmp1;
cmd.args.import.data.data.rsaprivate.dmq1 = privBn.dmq1;
cmd.args.import.data.data.rsaprivate.iqmp = privBn.iqmp;
cmd.args.import.data.data.rsaprivate.e = privBn.e;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : Cmd_Import\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : Cmd_Import(reply)\n", result );
return 1;
}
#if 0
// decrypt test kokode
{
struct NFast_Bignum *dec_bn = NULL;
unsigned char *out = (unsigned char*)malloc( DATA_LEN );
my_bin2bignum( &(dec_bn), handle, save_enc, DATA_LEN );
M_KeyID tempKey = reply.reply.import.key;
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
cmd.cmd = Cmd_Decrypt;
cmd.args.decrypt.flags = 0;
cmd.args.decrypt.key = tempKey;
cmd.args.decrypt.mech = Mech_RSApPKCS1;
cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1;
cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
cmd.args.decrypt.reply_type = PlainTextType_Bignum;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
return 1;
}
my_bignum2bin( out, reply.reply.decrypt.plain.data.bignum.m->nbytes, handle, reply.reply.decrypt.plain.data.bignum.m );
PrintArray( (char*)"foo dec before", save_enc, DATA_LEN );
PrintArray( (char*)"foo dec after", out, reply.reply.decrypt.plain.data.bignum.m->nbytes );
} // decrypt test
#endif
// make blobs
//reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8
//reg_key.name = keyident.ident;
reg_key.appname = keyident.appname;
reg_key.ident = keyident.ident;
//time( &(reg_key.gentime) );
mbp.f = map.f;
mbp.kpriv = reply.reply.import.key;
mbp.lt = ltid;
mbp.cs = cardset;
result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, &reg_key, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_newkey_makeblobsx\n", result );
return 1;
}
// record key to disk
result = NFKM_recordkey( handle, &reg_key, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_recordkey\n", result );
return 1;
}
// destroy key
result = NFKM_cmd_destroy( handle, nc, 0, reply.reply.import.key, "destroy import key", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_cmd_destroy\n", result );
return 1;
}
return result;
} // import_rsa_private
int importRSAPublic( NFKM_KeyIdent keyident )
{
int result = Status_OK;
RSA *pubkey = NULL;
FILE *fp;
unsigned char *ePtr, *nPtr;
int eLen, nLen;
M_Command cmd;
M_Reply reply;
NFKM_MakeACLParams map;
NFKM_MakeBlobsParams mbp;
NFKM_Key reg_key;
RSAPublicKeyDataBn pubBn;
ePtr = nPtr = NULL;
eLen = nLen = 0;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
memset( &map, 0, sizeof( map ) );
memset( &mbp, 0, sizeof( mbp ) );
memset( &reg_key, 0, sizeof( reg_key ) );
memset( &pubBn, 0, sizeof( pubBn ) );
// key data open
fp = fopen( PUB_KEY_FILE, "rb" );
if ( !fp )
{
printf( "error : open %s file\n", PUB_KEY_FILE );
return 1;
}
pubkey = d2i_RSA_PUBKEY_fp( fp, NULL );
if ( !pubkey )
{
printf( "error : d2i_RSA_PUBKEY_fp\n" );
return 1;
}
fclose( fp );
#if 0
printf( "RSA bignum(Openssl) size\n" );
printf( "RSA(e) : %d bytes\n", BN_num_bytes( pubkey->e ) );
printf( "RSA(n) : %d bytes\n", BN_num_bytes( pubkey->n ) );
#endif
// RSA public key <20>̍\<5C><><EFBFBD>v<EFBFBD>f<EFBFBD><66><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EA82BC><EFBFBD>o<EFBFBD>C<EFBFBD>i<EFBFBD><69><EFBFBD>ɕϊ<C995>
{
// e
eLen = BN_num_bytes( pubkey->e );
ePtr = (unsigned char *)malloc( eLen );
if ( eLen != BN_bn2bin( pubkey->e, ePtr ) )
{
printf( "BN_bn2bin failed!(e)\n" );
return 1;
}
// n
nLen = BN_num_bytes( pubkey->n );
nPtr = (unsigned char *)malloc( nLen );
if ( nLen != BN_bn2bin( pubkey->n, nPtr ) )
{
printf( "BN_bn2bin failed!(n)\n" );
return 1;
}
} // rsa bignum(openssl) -> bin
#if 0
printf( "RSA bin addr\n" );
printf( "RSA(e) : 0x%08X\n", (unsigned int)ePtr );
printf( "RSA(n) : 0x%08X\n", (unsigned int)nPtr );
#endif
// <20>o<EFBFBD>C<EFBFBD>i<EFBFBD><69><EFBFBD><EFBFBD>HSM<53><4D>Bignum<75>ɕϊ<C995>
{
my_bin2bignum( &(pubBn.e), handle, ePtr, eLen );
my_bin2bignum( &(pubBn.n), handle, nPtr, nLen );
free( ePtr );
free( nPtr );
}
#if 0
printf( "RSA bn addr\n" );
printf( "RSA(e) : 0x%08X\n", (unsigned int)pubBn.e );
printf( "RSA(n) : 0x%08X\n", (unsigned int)pubBn.n );
#endif
#if 0
// imm enc
{
int i;
struct NFast_Bignum *enc_bn = NULL;
unsigned char *ptr = (unsigned char*)malloc( DATA_LEN - 11 );
unsigned char *out = (unsigned char*)malloc( DATA_LEN );
for ( i = 0; i < DATA_LEN - 11; i++ )
ptr[i] = ~i;
my_bin2bignum( &(enc_bn), handle, ptr, DATA_LEN - 11 );
M_Command cmd;
M_Reply reply;
cmd.cmd = Cmd_RSAImmedVerifyEncrypt;
cmd.args.rsaimmedverifyencrypt.m = enc_bn;
cmd.args.rsaimmedverifyencrypt.k_e = pubBn.e;
cmd.args.rsaimmedverifyencrypt.k_n = pubBn.n;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : imm enc\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : imm enc(reply)\n", result );
return 1;
}
my_bignum2bin( out, DATA_LEN, handle, reply.reply.rsaimmedsigndecrypt.r );
PrintArray( (char*)"imm enc before", ptr, DATA_LEN - 11 );
PrintArray( (char*)"imm enc after", out, reply.reply.rsaimmedsigndecrypt.r->nbytes );
memcpy( save_enc, out, DATA_LEN );
} // imm enc
#endif
// make ACL
if ( cardset != NULL )
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet | NFKM_NKF_PublicKey;
else
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionModule | NFKM_NKF_PublicKey;
// <20><EFBFBD><E996A7><EFBFBD>ɂ<EFBFBD> DECRYPT <20><> SIGN
// <20><><EFBFBD>J<EFBFBD><4A><EFBFBD>ɂ<EFBFBD> ENCRYPT <20><> VERIFY <20><><EFBFBD><EFBFBD><EFBFBD>Z<EFBFBD>b<EFBFBD>g<EFBFBD>ł<EFBFBD><C582>Ȃ<EFBFBD><C882>H<EFBFBD>H
map.op_base = NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_VERIFY;
map.cs = cardset;
result = NFKM_newkey_makeaclx( handle, nc, world, &map, &(cmd.args.import.acl), NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_newkey_makeaclx\n", result );
return result;
}
// import key
cmd.cmd = Cmd_Import;
cmd.args.import.module = MODULE_ID;
cmd.args.import.data.type = KeyType_RSAPublic;
cmd.args.import.data.data.rsapublic.e = pubBn.e;
cmd.args.import.data.data.rsapublic.n = pubBn.n;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : Cmd_Import\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : Cmd_Import(reply)\n", result );
return 1;
}
// make blobs
reg_key.v = Key__maxversion; // TORIAEZU : Key__maxversion = 8
reg_key.name = keyident.ident;
reg_key.appname = keyident.appname;
reg_key.ident = keyident.ident;
time( &(reg_key.gentime) );
mbp.f = map.f;
mbp.kpub = reply.reply.import.key;
mbp.lt = ltid;
mbp.cs = cardset;
result = NFKM_newkey_makeblobsx( handle, nc, world, &mbp, &reg_key, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_newkey_makeblobsx\n", result );
return 1;
}
// record key to disk
result = NFKM_recordkey( handle, &reg_key, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_recordkey\n", result );
return 1;
}
// destroy key
result = NFKM_cmd_destroy( handle, nc, 0, reply.reply.import.key, "destroy import key", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_cmd_destroy\n", result );
return 1;
}
return result;
} // import_rsa_public
int verifyRSAKeyPair( NFKM_KeyIdent priv_ident, NFKM_KeyIdent pub_ident )
{
int i;
int result = Status_OK;
M_ByteBlock *blobptr = NULL;
M_KeyID priv_keyid, pub_keyid;
NFKM_Key *keyinfo = NULL;
M_Command cmd;
M_Reply reply;
priv_keyid = pub_keyid = 0;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// find priv key
result = NFKM_findkey( handle, priv_ident, &keyinfo, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findkey(priv)\n", result );
return result;
}
// load priv key blob
blobptr = &(keyinfo->privblob);
result = NFKM_cmd_loadblob( handle, nc,
moduleinfo->module, blobptr, ltid, &priv_keyid, "loading priv key blob", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob(priv)\n", result );
return result;
}
NFKM_freekey( handle, keyinfo, NULL );
keyinfo = NULL;
#if 0
// get priv key info
cmd.cmd = Cmd_GetKeyInfo;
cmd.args.getkeyinfo.key = priv_keyid;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result );
return result;
}
printf( "priv key ID : %08X\n", (unsigned int)priv_keyid );
printf( "priv keytype : %d\n", reply.reply.getkeyinfo.type );
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
#endif
// find pub key
result = NFKM_findkey( handle, pub_ident, &keyinfo, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findkey(pub)\n", result );
return result;
}
// load pub key blob
blobptr = &(keyinfo->pubblob); // pub dakedo privblob
result = NFKM_cmd_loadblob( handle, nc,
moduleinfo->module, blobptr, ltid, &pub_keyid, "loading pub key blob", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob(pub)\n", result );
return result;
}
NFKM_freekey( handle, keyinfo, NULL );
keyinfo = NULL;
#if 0
// get priv key info
cmd.cmd = Cmd_GetKeyInfo;
cmd.args.getkeyinfo.key = pub_keyid;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", result );
return result;
}
printf( "pub key ID : %08X\n", (unsigned int)pub_keyid );
printf( "pub keytype : %d\n", reply.reply.getkeyinfo.type );
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
keyinfo = NULL;
#endif
// encrypt & dectypt test
{
unsigned char *beforePtr, *middlePtr, *afterPtr;
int beforeLen, middleLen, afterLen;
unsigned char *encPtr, *decPtr;
struct NFast_Bignum *enc_bn, *dec_bn;
M_Mech dec_mech;
beforePtr = middlePtr = afterPtr = NULL;
beforeLen = middleLen = afterLen = 0;
encPtr = decPtr = NULL;
enc_bn = dec_bn = NULL;
// encrypt data setting
beforeLen = DATA_LEN - 11;
beforePtr = (unsigned char*)malloc( beforeLen );
for ( i = 0; i < beforeLen; i++ )
beforePtr[i] = ~i;
my_bin2bignum( &(enc_bn), handle, beforePtr, beforeLen );
#if 0
// my_bignum2bin test
unsigned char debug_buf[ DATA_LEN ];
PrintArray( (char*)"beforePtr", beforePtr, DATA_LEN );
printf( "beforePtr -> bin2bignum -> bignum2bin -> debug_buf\n" );
my_bignum2bin( debug_buf, DATA_LEN, handle, enc_bn );
PrintArray( (char*)"debug_buf", debug_buf, DATA_LEN );
#endif
// encrypt transact
cmd.cmd = Cmd_Encrypt;
cmd.args.encrypt.flags = 0; // Cmd_Encrypt_Args_flags_given_iv_present;
cmd.args.encrypt.key = pub_keyid;
cmd.args.encrypt.mech = Mech_RSApPKCS1;
cmd.args.encrypt.plain.type = PlainTextType_Bignum;
cmd.args.encrypt.plain.data.bignum.m = enc_bn;
//cmd.args.encrypt.given_iv = NULL;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Encrypt)\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Encrypt)\n", result );
return 1;
}
#if 0
if ( DATA_LEN != reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes )
{
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
return 1;
}
#endif
printf( "RSA data encrypt ok\n" );
// decrypt data setting
middleLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
middlePtr = (unsigned char*)malloc( middleLen );
my_bignum2bin( middlePtr, middleLen, handle,
reply.reply.encrypt.cipher.data.rsappkcs1.m );
my_bin2bignum( &dec_bn, handle, middlePtr, middleLen );
dec_mech = reply.reply.encrypt.cipher.mech;
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// decrypt transact
cmd.cmd = Cmd_Decrypt;
cmd.args.decrypt.flags = 0;
cmd.args.decrypt.key = priv_keyid;
cmd.args.decrypt.mech = Mech_RSApPKCS1;
cmd.args.decrypt.cipher.mech = dec_mech;
cmd.args.decrypt.cipher.data.rsappkcs1.m = dec_bn;
cmd.args.decrypt.reply_type = PlainTextType_Bignum;
result = NFastApp_Transact( nc, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_Decrypt)\n", result );
return 1;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : reply.status(Cmd_Decrypt)\n", result );
return 1;
}
#if 0
if ( DATA_LEN != reply.reply.decrypt.plain.data.bignum.m->nbytes )
{
printf( "error : output size isn't %d bytes!\n", DATA_LEN );
return 1;
}
#endif
printf( "RSA data decrypt ok\n" );
// after
afterLen = reply.reply.encrypt.cipher.data.rsappkcs1.m->nbytes;
afterPtr = (unsigned char*)malloc( afterLen );
my_bignum2bin( afterPtr, afterLen, handle,
reply.reply.decrypt.plain.data.bignum.m );
NFastApp_Free_Command( handle, NULL, NULL, &cmd );
NFastApp_Free_Reply( handle, NULL, NULL, &reply );
// data show
PrintArray( (char*)"before", beforePtr, beforeLen );
PrintArray( (char*)"middle", middlePtr, middleLen );
PrintArray( (char*)"after", afterPtr, afterLen );
} // encrypt & decrypt
return result;
} // verify_rsa_keypair
void PrintArray( char *pStr, const unsigned char *pData, int length )
{
int i;
printf( "%s(%d bytes)", pStr, length );
for ( i = 0; i < length; i++ )
{
if ( (i % 16) == 0 ) printf( "\n" );
printf( "%02X ", pData[ i ] );
}
printf( "\n" );
} // PrintArray
int main( int argc, char *argv[] )
{
int result = Status_OK;
M_Command cmd;
M_Reply reply;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// init nFast
result = NFastApp_InitEx( &handle, NULL, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFastApp_InitEx\n", result );
return 1;
}
// connecting to hardserver
result = NFastApp_Connect( handle, &nc, 0, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFastApp_Connect\n", result );
return 1;
}
// set bignum upcalls setting
result = NFastApp_SetBignumUpcalls(
handle,
my_bignumreceiveupcall,
my_bignumsendlenupcall,
my_bignumsendupcall,
my_bignumfreeupcall,
my_bignumformatupcall,
NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFastApp_SetBignumUpcalls\n", result );
return 1;
}
// NFKM getinfo
result = NFKM_getinfo( handle, &world, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_getinfo\n", result );
return 1;
}
// init card-loading lib
result = RQCard_init( &card, handle, nc, world, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_init\n", result );
return 1;
}
// init FIPS state
result = RQCard_fips_init( &card, &fips );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_fips_init\n", result );
return 1;
}
// ui select
result = RQCard_ui_default( &card );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_ui_default\n", result );
return 1;
}
// get strict-FIPS authorization
#if 0
NFKM_FIPS140AuthHandle fipsHandle;
M_SlotID slotId;
result = RQCard_fips_get( &fips, 1, &fipsHandle, &slotId );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_fips_get\n", result );
return 0;
}
if ( fipsHandle == NULL )
{
printf( "this sworld isn't strict-FIPS.\n" );
}
#endif
#if 0
// list cardsets
int card_num;
NFKM_CardSetIdent *cardident = NULL;
result = NFKM_listcardsets( handle, &card_num, &cardident, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_listcardsets\n", result );
return 0;
}
// find cardsets
result = NFKM_findcardset( handle, cardident, &cardset, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_findcardset\n", result );
return 0;
}
// load cardset
result = RQCard_logic_ocs_specific( &card, &(cardset->hkltu), "Load Cardset" );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_logic_ocs_specific\n", result );
return 0;
}
// use specific module : #1
// important!! : if you set resultplace=NULL, abort. (possibility is 100%)
result = RQCard_whichmodule_specific( &card, world->modules[0]->module, &ltid );
if ( result != Status_OK )
{
printf( "error(%d) : RQCard_whichmodule_specific\n", result );
}
// wait event loop
result = card.uf->eventloop( &card );
if ( result != Status_OK )
{
printf( "error(%d) : card module event loop\n", result );
}
#endif
// get usable module
moduleinfo = world->modules[0];
result = NFKM_getusablemodule( world, MODULE_ID, &moduleinfo );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_getusablemodule\n", result );
return 1;
}
#if 0
// RSA privkey <20>̃C<CC83><43><EFBFBD>|<7C>[<5B>g
result = importRSAPrivate( priv_keyident );
if ( result != Status_OK )
{
printf( "error : importRSAPrivate\n" );
return 1;
}
printf( "RSA privkey import success.\n" );
#endif
// RSA pubkey
result = importRSAPublic( pub_keyident );
if ( result != Status_OK )
{
printf( "error : importRSAPublic\n" );
return 1;
}
printf( "RSA pubkey import success.\n" );
// RSA privkey <20>̃C<CC83><43><EFBFBD>|<7C>[<5B>g
result = importRSAPrivate( priv_keyident );
if ( result != Status_OK )
{
printf( "error : importRSAPrivate\n" );
return 1;
}
printf( "RSA privkey import success.\n" );
// list key
#if 0
int key_num;
NFKM_KeyIdent *keylist = NULL;
result = NFKM_listkeys( handle, &key_num, &keylist, "simple", NULL );
if ( result != Status_OK )
{
printf( "error(%d) : NFKM_listkeys\n", result );
}
NFKM_KeyIdent **tkp = &keylist;
for ( i = 0; i < key_num; i++ )
{
printf( "appname : %s, ident : %s\n", tkp[i]->appname, tkp[i]->ident );
}
#endif
// verify key pair
result = verifyRSAKeyPair( priv_keyident, pub_keyident );
if ( result != Status_OK )
{
printf( "error : verifyRSAKeyPair\n" );
return 1;
}
printf( "RSA keypair verify success.\n" );
// end processing
RQCard_fips_free( &card, &fips );
RQCard_destroy( &card );
NFKM_freeinfo( handle, &world, NULL );
NFastApp_Disconnect( nc, NULL );
NFastApp_Finish( handle, NULL );
return 0;
} // main
Reference in New Issue View Git Blame Copy Permalink