TODO:OCSカード関連処理除去完了

(カード関連コード、変数除去) 一部HSM関連グローバル変数をローカルに移動 git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@65 ff987cc8-cf2f-4642-8568-d52cce064691
2025-11-02 00:11:04 -04:00 · 2009-12-23 07:32:08 +00:00 · 2009-12-23 07:32:08 +00:00 · 2aa9afb0c1
commit 2aa9afb0c1
parent d330817727
1 changed files with 18 additions and 123 deletions
--- a/cr_hsm_code.c
+++ b/cr_hsm_code.c
@ -134,9 +134,7 @@
 NFast_AppHandle hsmHandle;
 NFastApp_Connection hsmConnection;
 NFKM_WorldInfo *hsmWorld = NULL;	// allocate
-M_KeyID hsmLtid;
 NFKM_ModuleInfo *hsmModuleinfo = NULL;
-M_ByteBlock *hsmBlobptr = NULL;

 // TODO: <20>Å<EFBFBD>IŒ®‚É•Ï<E280A2>X‚·‚é
 #ifdef ENCRYPT_AES
@ -162,7 +160,6 @@ int hsm_initialize( void )
 	ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : NFastApp_InitEx\n", ret_code );
 		return ret_code;
 	}

@ -177,17 +174,13 @@ int hsm_initialize( void )
 					NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : NFastApp_SetBignumUpcalls\n", ret_code );
 		return ret_code;
 	}
 	
 	// connect HSM
-	// arg3 is flag
-	// NFastApp_ConnectionFlags_Privileged flag need to run by nfast user.
-	ret_code = NFastApp_Connect( hsmHandle, &hsmConnection, 0, NULL );
+	ret_code = NFastApp_Connect( hsmHandle, &hsmConnection, 0 /* flag */, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : NFastApp_Connect\n", ret_code );
 		return ret_code;
 	}
 	
@ -195,7 +188,6 @@ int hsm_initialize( void )
 	ret_code = NFKM_getinfo( hsmHandle, &hsmWorld, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : NFKM_getinfo\n", ret_code );
 		return ret_code;
 	}
 	
@ -253,13 +245,11 @@ int hsm_generate_random( unsigned char *buf, int bytes )
 	ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : generate random\n", ret_code );
 		return ret_code;
 	}
 	ret_code = reply.status;
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : generate random reply\n", ret_code );
 		return ret_code;
 	}
 	
@ -288,13 +278,11 @@ int hsm_get_rtc( time_t *time )
 	result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
 	if ( result != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : get rtc(transaction)\n", result );
 		return result;
 	}
 	result = reply.status;
 	if ( result != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : get rtc(reply status)\n", result );
 		return result;
 	}
 	
@ -309,6 +297,8 @@ int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid )
 {
 	int ret_code = CR_GENID_SUCCESS;
 	NFKM_Key *keyinfo = NULL;
+	M_KeyID ltid;
+	M_ByteBlock *blobPtr = NULL;
 	
 	// find key
 	ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL );
@ -326,10 +316,10 @@ int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid )
 	}

 	// load key blob
-	hsmBlobptr = &keyinfo->privblob;
+	blobPtr = &keyinfo->privblob;
 	ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
-								hsmModuleinfo->module, hsmBlobptr, 
-								hsmLtid, keyid, "loading aes key blob", NULL );
+								hsmModuleinfo->module, blobPtr, 
+								ltid, keyid, "loading aes key blob", NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		return ret_code;
@ -373,13 +363,11 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
 	ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : Encryption by HSM\n", ret_code );
 		return ret_code;
 	}
 	ret_code = reply.status;
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code );
 		return ret_code;
 	}
 	
@ -426,13 +414,11 @@ int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
 	ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : Decryption by HSM\n", ret_code );
 		return ret_code;
 	}
 	ret_code = reply.status;
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code );
 		return ret_code;
 	}
 	
@ -451,6 +437,8 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p
 {
 	int ret_code = CR_GENID_SUCCESS;
 	NFKM_Key *keyinfo = NULL;
+	M_KeyID ltid;
+	M_ByteBlock *blobPtr = NULL;
 	
 	// find key
 	ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL );
@ -468,120 +456,31 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p
 	}

 	// load private key blob
-	hsmBlobptr = &keyinfo->privblob;
+	blobPtr = &keyinfo->privblob;
 	ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
-								hsmModuleinfo->module, hsmBlobptr, 
-								hsmLtid, privKeyid, 
+								hsmModuleinfo->module, blobPtr, 
+								ltid, privKeyid, 
 								"loading priv key blob", NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
+		NFKM_freekey( hsmHandle, keyinfo, NULL );
 		return ret_code;
 	}
 	
+	NFKM_freekey( hsmHandle, keyinfo, NULL );
+	
 	// load public key blob
-	hsmBlobptr = &keyinfo->privblob;
+	blobPtr = &keyinfo->pubblob;
 	ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
-								hsmModuleinfo->module, hsmBlobptr, 
-								hsmLtid, pubKeyid, 
+								hsmModuleinfo->module, blobPtr, 
+								ltid, pubKeyid, 
 								"loading pub key blob", NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
+		NFKM_freekey( hsmHandle, keyinfo, NULL );
 		return ret_code;
 	}
 	
-#if 0
-	// get key info
-	{
-		M_Command cmd;
-		M_Reply reply;
-		
-		memset( &cmd, 0, sizeof( cmd ) );
-		memset( &reply, 0, sizeof( reply ) );
-		
-		cmd.cmd = Cmd_GetKeyInfo;
-		cmd.args.getkeyinfo.key = hsmRsaPrivkeyid;
-		ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
-		if ( ret_code != Status_OK )
-		{	
-			printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", ret_code );
-		}
-	}
-
-	// get & set key acl
-	{
-		int i, j;
-		M_Command cmd;
-		M_Reply reply;
-		M_ACL newACL;
-		
-		memset( &cmd, 0, sizeof( cmd ) );
-		memset( &reply, 0, sizeof( reply ) );
-		
-		// GetACL
-		cmd.cmd = Cmd_GetACL;
-		cmd.args.getacl.key = hsmRsaPrivkeyid;
-		ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
-		if ( ret_code != Status_OK )
-		{	
-			printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", ret_code );
-		}
-		printf( "n_groups : %d\n", reply.reply.getacl.acl.n_groups );
-		for ( i = 0; i < reply.reply.getacl.acl.n_groups; i++ )
-		{
-			printf( "group[%d] : %d actions ok.\n", i, reply.reply.getacl.acl.groups[i].n_actions );
-			for ( j = 0; j < reply.reply.getacl.acl.groups[i].n_actions; j++ )
-			{
-				if ( reply.reply.getacl.acl.groups[i].actions[j].type == 1 )	// Act_OpPermissions
-					printf( "OpPermissions : %08X\n", 
-						(int)reply.reply.getacl.acl.groups[i].actions[j].details.oppermissions.perms );
-			}		
-		}
-		newACL = reply.reply.getacl.acl;
-		
-		memset( &cmd, 0, sizeof( cmd ) );
-		memset( &reply, 0, sizeof( reply ) );
-		NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
-		
-		// find cardsets
-		NFKM_CardSet *cardset = NULL;
-		ret_code = NFKM_findcardset( hsmHandle, &(hsmRsakeyinfo->cardset), &cardset, NULL );
-		if ( ret_code != Status_OK )
-		{	
-			printf( "error(%d) : NFKM_findcardset\n", ret_code );
-		}
-
-		// make new ACL
-		NFKM_MakeACLParams map;
-		NFKM_MakeBlobsParams mbp;
-		M_ACL newACL;
-		memset( &map, 0, sizeof( map ) );
-		map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
-		map.op_base = (NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY |
-					NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT );
-		map.cs = cardset;
-		ret_code = NFKM_newkey_makeaclx( hsmHandle, hsmConnection, hsmWorld, &map,
-									&newACL, NULL );
-		if ( ret_code != Status_OK )
-		{	
-			printf( "error(%d) : NFKM_newkey_makeaclx\n", ret_code );
-		}
-		
-		// SetACL
-		cmd.cmd = Cmd_SetACL;
-		cmd.args.setacl.key = hsmRsaPrivkeyid;
-		cmd.args.setacl.newacl = newACL;
-		ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
-		if ( ret_code != Status_OK )
-		{	
-			printf( "error(%d) : set acl(transaction)\n", ret_code );
-		}
-		ret_code = reply.status;
-		if ( ret_code != Status_OK )
-		{	
-			printf( "error(%d) : set acl(reply status)\n", ret_code );
-		}
-	}
-#endif
 	NFKM_freekey( hsmHandle, keyinfo, NULL );
 	
 	return CR_GENID_SUCCESS;
@ -614,13 +513,11 @@ int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
 	ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : Encryption by HSM\n", ret_code );
 		return ret_code;
 	}
 	ret_code = reply.status;
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code );
 		return ret_code;
 	}
 	
@ -661,13 +558,11 @@ int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
 	ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : Decryption by HSM\n", ret_code );
 		return ret_code;
 	}
 	ret_code = reply.status;
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code );
 		return ret_code;
 	}