rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

TODO:OCSカード関連処理除去完了

Browse Source 
(カード関連コード、変数除去)
一部HSM関連グローバル変数をローカルに移動

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@65 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi 2009-12-23 07:32:08 +00:00
parent d330817727
commit 2aa9afb0c1
1 changed files with 18 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
cr_hsm_code.c
View File

@ -134,9 +134,7 @@
NFast_AppHandle hsmHandle; NFast_AppHandle hsmHandle;
NFastApp_Connection hsmConnection; NFastApp_Connection hsmConnection;
NFKM_WorldInfo *hsmWorld = NULL; // allocate NFKM_WorldInfo *hsmWorld = NULL; // allocate
M_KeyID hsmLtid;
NFKM_ModuleInfo *hsmModuleinfo = NULL; NFKM_ModuleInfo *hsmModuleinfo = NULL;
M_ByteBlock *hsmBlobptr = NULL;
// TODO: <20>Å<EFBFBD>IŒ®É•Ï<E280A2>X·é // TODO: <20>Å<EFBFBD>IŒ®É•Ï<E280A2>X·é
#ifdef ENCRYPT_AES #ifdef ENCRYPT_AES
@ -162,7 +160,6 @@ int hsm_initialize( void )
ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL ); ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : NFastApp_InitEx\n", ret_code );
return ret_code; return ret_code;
} }
@ -177,17 +174,13 @@ int hsm_initialize( void )
NULL ); NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : NFastApp_SetBignumUpcalls\n", ret_code );
return ret_code; return ret_code;
} }
// connect HSM // connect HSM
// arg3 is flag ret_code = NFastApp_Connect( hsmHandle, &hsmConnection, 0 /* flag */, NULL );
// NFastApp_ConnectionFlags_Privileged flag need to run by nfast user.
ret_code = NFastApp_Connect( hsmHandle, &hsmConnection, 0, NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : NFastApp_Connect\n", ret_code );
return ret_code; return ret_code;
} }
@ -195,7 +188,6 @@ int hsm_initialize( void )
ret_code = NFKM_getinfo( hsmHandle, &hsmWorld, NULL ); ret_code = NFKM_getinfo( hsmHandle, &hsmWorld, NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : NFKM_getinfo\n", ret_code );
return ret_code; return ret_code;
} }
@ -253,13 +245,11 @@ int hsm_generate_random( unsigned char *buf, int bytes )
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : generate random\n", ret_code );
return ret_code; return ret_code;
} }
ret_code = reply.status; ret_code = reply.status;
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : generate random reply\n", ret_code );
return ret_code; return ret_code;
} }
@ -288,13 +278,11 @@ int hsm_get_rtc( time_t *time )
result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( result != CR_GENID_SUCCESS ) if ( result != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : get rtc(transaction)\n", result );
return result; return result;
} }
result = reply.status; result = reply.status;
if ( result != CR_GENID_SUCCESS ) if ( result != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : get rtc(reply status)\n", result );
return result; return result;
} }
@ -309,6 +297,8 @@ int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid )
{ {
int ret_code = CR_GENID_SUCCESS; int ret_code = CR_GENID_SUCCESS;
NFKM_Key *keyinfo = NULL; NFKM_Key *keyinfo = NULL;
M_KeyID ltid;
M_ByteBlock *blobPtr = NULL;
// find key // find key
ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL ); ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL );
@ -326,10 +316,10 @@ int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid )
} }
// load key blob // load key blob
hsmBlobptr = &keyinfo->privblob; blobPtr = &keyinfo->privblob;
ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
hsmModuleinfo->module, hsmBlobptr, hsmModuleinfo->module, blobPtr,
hsmLtid, keyid, "loading aes key blob", NULL ); ltid, keyid, "loading aes key blob", NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
return ret_code; return ret_code;
@ -373,13 +363,11 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : Encryption by HSM\n", ret_code );
return ret_code; return ret_code;
} }
ret_code = reply.status; ret_code = reply.status;
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code );
return ret_code; return ret_code;
} }
@ -426,13 +414,11 @@ int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : Decryption by HSM\n", ret_code );
return ret_code; return ret_code;
} }
ret_code = reply.status; ret_code = reply.status;
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code );
return ret_code; return ret_code;
} }
@ -451,6 +437,8 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p
{ {
int ret_code = CR_GENID_SUCCESS; int ret_code = CR_GENID_SUCCESS;
NFKM_Key *keyinfo = NULL; NFKM_Key *keyinfo = NULL;
M_KeyID ltid;
M_ByteBlock *blobPtr = NULL;
// find key // find key
ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL ); ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL );
@ -468,120 +456,31 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p
} }
// load private key blob // load private key blob
hsmBlobptr = &keyinfo->privblob; blobPtr = &keyinfo->privblob;
ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
hsmModuleinfo->module, hsmBlobptr, hsmModuleinfo->module, blobPtr,
hsmLtid, privKeyid, ltid, privKeyid,
"loading priv key blob", NULL ); "loading priv key blob", NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
NFKM_freekey( hsmHandle, keyinfo, NULL );
return ret_code; return ret_code;
} }
NFKM_freekey( hsmHandle, keyinfo, NULL );
// load public key blob // load public key blob
hsmBlobptr = &keyinfo->privblob; blobPtr = &keyinfo->pubblob;
ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
hsmModuleinfo->module, hsmBlobptr, hsmModuleinfo->module, blobPtr,
hsmLtid, pubKeyid, ltid, pubKeyid,
"loading pub key blob", NULL ); "loading pub key blob", NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
NFKM_freekey( hsmHandle, keyinfo, NULL );
return ret_code; return ret_code;
} }
#if 0
// get key info
{
M_Command cmd;
M_Reply reply;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
cmd.cmd = Cmd_GetKeyInfo;
cmd.args.getkeyinfo.key = hsmRsaPrivkeyid;
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", ret_code );
}
}
// get & set key acl
{
int i, j;
M_Command cmd;
M_Reply reply;
M_ACL newACL;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// GetACL
cmd.cmd = Cmd_GetACL;
cmd.args.getacl.key = hsmRsaPrivkeyid;
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", ret_code );
}
printf( "n_groups : %d\n", reply.reply.getacl.acl.n_groups );
for ( i = 0; i < reply.reply.getacl.acl.n_groups; i++ )
{
printf( "group[%d] : %d actions ok.\n", i, reply.reply.getacl.acl.groups[i].n_actions );
for ( j = 0; j < reply.reply.getacl.acl.groups[i].n_actions; j++ )
{
if ( reply.reply.getacl.acl.groups[i].actions[j].type == 1 ) // Act_OpPermissions
printf( "OpPermissions : %08X\n",
(int)reply.reply.getacl.acl.groups[i].actions[j].details.oppermissions.perms );
}
}
newACL = reply.reply.getacl.acl;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
// find cardsets
NFKM_CardSet *cardset = NULL;
ret_code = NFKM_findcardset( hsmHandle, &(hsmRsakeyinfo->cardset), &cardset, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_findcardset\n", ret_code );
}
// make new ACL
NFKM_MakeACLParams map;
NFKM_MakeBlobsParams mbp;
M_ACL newACL;
memset( &map, 0, sizeof( map ) );
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
map.op_base = (NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY |
NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT );
map.cs = cardset;
ret_code = NFKM_newkey_makeaclx( hsmHandle, hsmConnection, hsmWorld, &map,
&newACL, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_newkey_makeaclx\n", ret_code );
}
// SetACL
cmd.cmd = Cmd_SetACL;
cmd.args.setacl.key = hsmRsaPrivkeyid;
cmd.args.setacl.newacl = newACL;
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : set acl(transaction)\n", ret_code );
}
ret_code = reply.status;
if ( ret_code != Status_OK )
{
printf( "error(%d) : set acl(reply status)\n", ret_code );
}
}
#endif
NFKM_freekey( hsmHandle, keyinfo, NULL ); NFKM_freekey( hsmHandle, keyinfo, NULL );
return CR_GENID_SUCCESS; return CR_GENID_SUCCESS;
@ -614,13 +513,11 @@ int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : Encryption by HSM\n", ret_code );
return ret_code; return ret_code;
} }
ret_code = reply.status; ret_code = reply.status;
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code );
return ret_code; return ret_code;
} }
@ -661,13 +558,11 @@ int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : Decryption by HSM\n", ret_code );
return ret_code; return ret_code;
} }
ret_code = reply.status; ret_code = reply.status;
if ( ret_code != CR_GENID_SUCCESS ) if ( ret_code != CR_GENID_SUCCESS )
{ {
printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code );
return ret_code; return ret_code;
} }