gpt4 book ai didi

c - Thales Connect HSM - DeriveKey 操作

转载 作者:太空宇宙 更新时间:2023-11-04 04:34:59 25 4
gpt4 key购买 nike

我正在尝试使用 Thales Connect HSM 执行 ECDH。其中一部分需要 DeriveKey 操作,而该操作又需要导入模板 key (其中包含一个 ACL,该 ACL 将附加到 DeriveKey 操作的结果)。

尽管尝试了我可以在 API 文档中找到的所有方法,但模板 key 的导入失败了 - 我得到了 Status_InvalidParameter 作为响应。希望有人已将 API 用于类似的事情(尝试与 Thales 并行打开支持 channel )。

// Generate nested ACL
M_ACL nestedAcl;
memset(&nestedAcl, 0, sizeof(M_ACL));
nestedAcl.n_groups = 1;

M_PermissionGroup nestedAclPermGroup;
memset(&nestedAclPermGroup, 0, sizeof(M_PermissionGroup));
nestedAclPermGroup.n_actions = 1;
nestedAclPermGroup.flags = 0x0;
nestedAclPermGroup.n_limits = 0;
nestedAclPermGroup.certifier = NULL;

M_Action nestedAclAction0;
memset(&nestedAclAction0, 0, sizeof(M_Action));
nestedAclAction0.type = Act_OpPermissions;
nestedAclAction0.details.oppermissions.perms =
Act_OpPermissions_Details_perms_Encrypt;

nestedAclPermGroup.actions = &nestedAclAction0;
nestedAcl.groups = &nestedAclPermGroup;

M_ByteBlock nestedAclBytes;

ret = NFastApp_MarshalACL(app, *connection, worldInfo, &nestedAcl, &nestedAclBytes);
if (ret != Status_OK)
{
printf("Failed to create nested ACL: ret = %d \n", ret);
}

// Import template key
M_Command importTemplateKeyCmd;
M_Reply importTemplateKeyReply;
importTemplateKeyCmd.cmd = Cmd_Import;
importTemplateKeyCmd.args.import.data.type = KeyType_DKTemplate;
importTemplateKeyCmd.args.import.data.data.dktemplate.nested_acl = nestedAclBytes;

char appdataTemplateKey[] = "02020202";
memset(&appdataTemplateKey, 0, sizeof(M_AppData));
memcpy(importTemplateKeyCmd.args.import.appdata.bytes, appdataTemplateKey, strlen(appdataTemplateKey) < 64 ? strlen(appdataTemplateKey) : 63);

// Generate the import command ACL
NFKM_MakeACLParams templateKeyAclParams;
memset(&templateKeyAclParams, 0, sizeof(templateKeyAclParams));
templateKeyAclParams.f = 0x0;
templateKeyAclParams.op_base = Act_DeriveKey;
templateKeyAclParams.timelimit = 0;

M_ACL* templateKeyAcl;
templateKeyAcl = malloc(sizeof(M_ACL));
templateKeyAcl->n_groups = 1;
/*
M_PermissionGroup* templateKeyAclPermissionGroup;
templateKeyAclPermissionGroup = malloc(sizeof(M_PermissionGroup));
templateKeyAclPermissionGroup->flags = 0x0;
templateKeyAclPermissionGroup->n_limits = 0;
templateKeyAclPermissionGroup->n_actions = 1;
templateKeyAclPermissionGroup->certifier = NULL;

M_Action* templateKeyAction;
templateKeyAction = malloc(sizeof(M_Action));
templateKeyAction->type = Act_DeriveKey;
templateKeyAction->details.derivekey.flags = 0x0;
templateKeyAction->details.derivekey.role = DeriveRole_TemplateKey;
templateKeyAction->details.derivekey.mech = Mech_Any;
templateKeyAction->details.derivekey.n_otherkeys = 0;

templateKeyAclPermissionGroup->actions = templateKeyAction;

templateKeyAcl->groups = templateKeyAclPermissionGroup;
*/
// NF_MarshalFast_ACL(*connection, templateKeyAcl);

NFKM_MkACLHandle mkAclHandle;
mkAclHandle = malloc(sizeof(mkAclHandle));
NFKM_mkacl_create(app, *connection, &mkAclHandle, 0);
NFKM_mkacl_pgroup(mkAclHandle, 0x0, NULL);
NFKM_mkacl_derivekey(mkAclHandle, 0x0, DeriveRole_TemplateKey, DeriveMech_Any);
NFKM_mkacl_setacl(mkAclHandle, templateKeyAcl);
importTemplateKeyCmd.args.import.acl = *templateKeyAcl;

ret = (M_Status)NFastApp_Transact(*connection, 0, &importTemplateKeyCmd, &importTemplateKeyReply, 0);
if (ret != Status_OK)
{
printf("Failed to import template key: %d (%d)\n", ret, importTemplateKeyReply.status);
}

最佳答案

最终可行的方法(由 Thales 建议)是将操作分为两部分 - 使用 Mech_ECDHKeyExchange 执行 CMD_Decrypt 以导出共享 secret ,然后生成的 x 坐标上的 CMD_Hash 以派生 key 。

关于c - Thales Connect HSM - DeriveKey 操作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31755440/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com