mirror of
https://github.com/rvtr/ctr_eFuse.git
synced 2025-11-02 00:11:04 -04:00
HSM関連コード分離完了?
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@17 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi
parent
d323c591cd
commit
3e1e11c1fa
167
cr_enc_id.c
167
cr_enc_id.c
@ -119,8 +119,9 @@
|
||||
#include <sys/time.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifndef USE_HSM
|
||||
// openssl
|
||||
#ifdef USE_HSM
|
||||
#include "cr_hsm_code.h"
|
||||
#else // !USE_HSM
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/aes.h>
|
||||
@ -129,7 +130,7 @@
|
||||
|
||||
extern RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
|
||||
|
||||
#endif // !USE_HSM
|
||||
#endif // USE_HSM
|
||||
|
||||
static unsigned char local_buf_1[CR_ID_BUF_SIZE];
|
||||
static unsigned char local_buf_2[CR_ID_BUF_SIZE];
|
||||
@ -145,7 +146,6 @@ int EncryptID( unsigned char *dst_buf, unsigned char *org_buf )
|
||||
#endif // ENCRYPT_AES
|
||||
}
|
||||
|
||||
|
||||
#ifdef ENCRYPT_AES
|
||||
// AES暗号化 -> 復号化 -> ベリファイ
|
||||
|
||||
@ -153,75 +153,21 @@ int EncryptID( unsigned char *dst_buf, unsigned char *org_buf )
|
||||
|
||||
int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
|
||||
{
|
||||
int i, ret_code;
|
||||
|
||||
M_Command cmd;
|
||||
M_Reply reply;
|
||||
M_IV enc_iv, dec_iv;
|
||||
|
||||
ret_code = 0;
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
// iv
|
||||
enc_iv.mech = dec_iv.mech = Mech_RijndaelmCBCpNONE;
|
||||
for ( i = 0; i < 16; i++ )
|
||||
enc_iv.iv.generic128.iv.bytes[i] = dec_iv.iv.generic128.iv.bytes[i] = i;
|
||||
|
||||
// encrypt
|
||||
cmd.cmd = Cmd_Encrypt;
|
||||
cmd.args.encrypt.key = hsmAeskeyid;
|
||||
cmd.args.encrypt.mech = Mech_RijndaelmCBCpNONE;
|
||||
cmd.args.encrypt.plain.type = PlainTextType_Bytes;
|
||||
cmd.args.encrypt.plain.data.bytes.data.len = CR_ID_BUF_SIZE;
|
||||
cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf;
|
||||
cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present;
|
||||
cmd.args.encrypt.given_iv = &enc_iv;
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
ret_code = hsm_aes_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE );
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Encryption by HSM\n", ret_code );
|
||||
printf( "error(%d) : hsm_aes_encyrpt\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code );
|
||||
}
|
||||
memcpy( local_buf_1,
|
||||
reply.reply.encrypt.cipher.data.generic128.cipher.ptr,
|
||||
CR_ID_BUF_SIZE );
|
||||
|
||||
//NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd );
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
// decyrpt
|
||||
cmd.cmd = Cmd_Decrypt;
|
||||
cmd.args.decrypt.flags = 0;
|
||||
cmd.args.decrypt.key = hsmAeskeyid;
|
||||
cmd.args.decrypt.mech = Mech_RijndaelmCBCpNONE;
|
||||
cmd.args.decrypt.cipher.mech = Mech_RijndaelmCBCpNONE;
|
||||
cmd.args.decrypt.cipher.data.generic128.cipher.len = CR_ID_BUF_SIZE;
|
||||
cmd.args.decrypt.cipher.data.generic128.cipher.ptr = local_buf_1;
|
||||
cmd.args.decrypt.cipher.iv = dec_iv.iv;
|
||||
cmd.args.decrypt.reply_type = PlainTextType_Bytes;
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
ret_code = hsm_aes_decrypt( local_buf_2, local_buf_1, CR_ID_BUF_SIZE );
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Decryption by HSM\n", ret_code );
|
||||
printf( "error(%d) : hsm_aes_decrypt\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code );
|
||||
}
|
||||
memcpy( local_buf_2,
|
||||
reply.reply.decrypt.plain.data.bytes.data.ptr,
|
||||
CR_ID_BUF_SIZE );
|
||||
|
||||
//NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd );
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
|
||||
// ベリファイ
|
||||
for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ )
|
||||
@ -229,14 +175,14 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
|
||||
if( org_buf[i] != local_buf_2[i] )
|
||||
{
|
||||
printf( "error : aes verify\n" );
|
||||
return 0;
|
||||
return 0; // AESエラーコードを作らなくては・・・
|
||||
}
|
||||
}
|
||||
|
||||
// バッファコピー
|
||||
memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
|
||||
|
||||
return 0;
|
||||
return CR_GENID_SUCCESS;
|
||||
} // hsm_crypto_aes_enc_dec
|
||||
|
||||
#else // !USE_HSM
|
||||
@ -298,7 +244,7 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
|
||||
// バッファコピー
|
||||
memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
|
||||
|
||||
return 0;
|
||||
return CR_GENID_SUCCESS;
|
||||
} // crypto_aes_enc_dec
|
||||
|
||||
#endif // USE_HSM
|
||||
@ -310,90 +256,9 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
|
||||
|
||||
int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf )
|
||||
{
|
||||
int i, ret_code;
|
||||
|
||||
M_Command cmd;
|
||||
M_Reply reply;
|
||||
M_IV enc_iv, dec_iv;
|
||||
|
||||
ret_code = 0;
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
// iv
|
||||
enc_iv.mech = dec_iv.mech = Mech_RSApPKCS1;
|
||||
for ( i = 0; i < sizeof( enc_iv.iv.generic256.iv.bytes ); i++ )
|
||||
enc_iv.iv.generic256.iv.bytes[i] = dec_iv.iv.generic256.iv.bytes[i] = i;
|
||||
|
||||
// encrypt
|
||||
cmd.cmd = Cmd_Encrypt;
|
||||
cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present;
|
||||
cmd.args.encrypt.key = hsmRsaPubkeyid;
|
||||
cmd.args.encrypt.mech = Mech_RSApPKCS1;
|
||||
cmd.args.encrypt.plain.type = PlainTextType_Bytes;
|
||||
cmd.args.encrypt.plain.data.bytes.data.len = CR_ID_BUF_SIZE;
|
||||
cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf;
|
||||
cmd.args.encrypt.given_iv = &enc_iv;
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : Encryption by HSM\n", ret_code );
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code );
|
||||
}
|
||||
memcpy( local_buf_1,
|
||||
reply.reply.encrypt.cipher.data.generic128.cipher.ptr,
|
||||
CR_ID_BUF_SIZE );
|
||||
|
||||
//NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd );
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
// decyrpt
|
||||
cmd.cmd = Cmd_Decrypt;
|
||||
cmd.args.decrypt.flags = 0;
|
||||
cmd.args.decrypt.key = hsmAeskeyid;
|
||||
cmd.args.decrypt.mech = Mech_RijndaelmCBCpNONE;
|
||||
cmd.args.decrypt.cipher.mech = Mech_RijndaelmCBCpNONE;
|
||||
cmd.args.decrypt.cipher.data.generic128.cipher.len = CR_ID_BUF_SIZE;
|
||||
cmd.args.decrypt.cipher.data.generic128.cipher.ptr = local_buf_1;
|
||||
cmd.args.decrypt.cipher.iv = dec_iv.iv;
|
||||
cmd.args.decrypt.reply_type = PlainTextType_Bytes;
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : Decryption by HSM\n", ret_code );
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code );
|
||||
}
|
||||
memcpy( local_buf_2,
|
||||
reply.reply.decrypt.plain.data.bytes.data.ptr,
|
||||
CR_ID_BUF_SIZE );
|
||||
|
||||
//NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd );
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
|
||||
// ベリファイ
|
||||
for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ )
|
||||
{
|
||||
if( org_buf[i] != local_buf_2[i] )
|
||||
{
|
||||
printf( "error : aes verify\n" );
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
// バッファコピー
|
||||
memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
|
||||
|
||||
return 0;
|
||||
return CR_GENID_SUCCESS;
|
||||
} // hsm_crypto_rsa_enc_dec
|
||||
|
||||
#else // USE_HSM
|
||||
|
||||
229
cr_hsm_code.c
229
cr_hsm_code.c
@ -137,11 +137,13 @@ NFKM_WorldInfo *hsmWorld = NULL; // allocate
|
||||
RQCard hsmCard;
|
||||
RQCard_FIPS hsmFips;
|
||||
M_KeyID hsmLtid;
|
||||
|
||||
// AES
|
||||
M_KeyID hsmAeskeyid;
|
||||
const NFKM_KeyIdent hsmAeskeyident = { (char*)"simple", (char*)"aes-test-key" };
|
||||
NFKM_Key *hsmAeskeyinfo = NULL; // allocate
|
||||
// RSA Private
|
||||
|
||||
// RSA Priv, Pub
|
||||
M_KeyID hsmRsaPrivkeyid, hsmRsaPubkeyid;
|
||||
const NFKM_KeyIdent hsmRsakeyident = { (char*)"simple", (char*)"rsa-priv-key-2048" };
|
||||
NFKM_Key *hsmRsakeyinfo = NULL; // allocate
|
||||
@ -156,7 +158,7 @@ int hsm_initialize( void )
|
||||
{
|
||||
// init HSM
|
||||
ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : NFastApp_InitEx\n", ret_code );
|
||||
return ret_code;
|
||||
@ -171,7 +173,7 @@ int hsm_initialize( void )
|
||||
sbn_bignumfreeupcall,
|
||||
sbn_bignumformatupcall,
|
||||
NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : NFastApp_SetBignumUpcalls\n", ret_code );
|
||||
return ret_code;
|
||||
@ -181,7 +183,7 @@ int hsm_initialize( void )
|
||||
// arg3 is flag
|
||||
// NFastApp_ConnectionFlags_Privileged flag need to run by nfast user.
|
||||
ret_code = NFastApp_Connect( hsmHandle, &hsmConnection, 0, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : NFastApp_Connect\n", ret_code );
|
||||
return ret_code;
|
||||
@ -189,7 +191,7 @@ int hsm_initialize( void )
|
||||
|
||||
// get NFKM info
|
||||
ret_code = NFKM_getinfo( hsmHandle, &hsmWorld, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : NFKM_getinfo\n", ret_code );
|
||||
return ret_code;
|
||||
@ -197,7 +199,7 @@ int hsm_initialize( void )
|
||||
|
||||
// init Card-Loading Lib(RQCard)
|
||||
ret_code = RQCard_init( &hsmCard, hsmHandle, hsmConnection, hsmWorld, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : RQCard_init\n", ret_code );
|
||||
return ret_code;
|
||||
@ -205,7 +207,7 @@ int hsm_initialize( void )
|
||||
|
||||
// init FIPS state
|
||||
ret_code = RQCard_fips_init( &hsmCard, &hsmFips );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : RQCard_fips_init\n", ret_code );
|
||||
return ret_code;
|
||||
@ -213,7 +215,7 @@ int hsm_initialize( void )
|
||||
|
||||
// select Card-Auth UI
|
||||
ret_code = RQCard_ui_scroll( &hsmCard );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : RQCard_ui_scroll\n", ret_code );
|
||||
return ret_code;
|
||||
@ -223,7 +225,7 @@ int hsm_initialize( void )
|
||||
{
|
||||
// find key
|
||||
ret_code = NFKM_findkey( hsmHandle, hsmAeskeyident, &hsmAeskeyinfo, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : NFKM_findkey\n", ret_code );
|
||||
return ret_code;
|
||||
@ -234,7 +236,7 @@ int hsm_initialize( void )
|
||||
{
|
||||
// load specific OCS
|
||||
ret_code = RQCard_logic_ocs_specific( &hsmCard, &hsmAeskeyinfo->cardset, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : RQCard_logic_ocs_specific\n", ret_code );
|
||||
return ret_code;
|
||||
@ -242,7 +244,7 @@ int hsm_initialize( void )
|
||||
|
||||
// use specific Module
|
||||
ret_code = RQCard_whichmodule_specific( &hsmCard, HSM_MODULE_ID, &hsmLtid );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : RQCard_whichmodule_specific\n", ret_code );
|
||||
return ret_code;
|
||||
@ -250,7 +252,7 @@ int hsm_initialize( void )
|
||||
|
||||
// eventloop
|
||||
ret_code = hsmCard.uf->eventloop( &hsmCard );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Card eventloop\n", ret_code );
|
||||
return ret_code;
|
||||
@ -260,7 +262,7 @@ int hsm_initialize( void )
|
||||
// get usable Module
|
||||
hsmModuleinfo = hsmWorld->modules[0];
|
||||
ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &hsmModuleinfo );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : NFKM_getusablemodule\n", ret_code );
|
||||
return ret_code;
|
||||
@ -275,7 +277,7 @@ int hsm_initialize( void )
|
||||
hsmModuleinfo->module, hsmBlobptr,
|
||||
hsmLtid, &hsmAeskeyid,
|
||||
"loading key blob", NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : NFKM_cmd_loadblob\n", ret_code );
|
||||
return ret_code;
|
||||
@ -283,6 +285,8 @@ int hsm_initialize( void )
|
||||
|
||||
printf( "AES key object load : ok\n" );
|
||||
} // load AES key object
|
||||
|
||||
return CR_GENID_SUCCESS;
|
||||
} // hsm_initialize
|
||||
|
||||
void hsm_finalize( void )
|
||||
@ -307,13 +311,13 @@ int hsm_generate_random( unsigned char *buf, int bytes )
|
||||
cmd.cmd = Cmd_GenerateRandom;
|
||||
cmd.args.generaterandom.lenbytes = bytes;
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : generate random\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : generate random reply\n", ret_code );
|
||||
return ret_code;
|
||||
@ -325,7 +329,7 @@ int hsm_generate_random( unsigned char *buf, int bytes )
|
||||
NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd );
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
|
||||
return 0;
|
||||
rreturn CR_GENID_SUCCESS;
|
||||
} // hsm_generate_rand
|
||||
|
||||
int hsm_get_rtc( time_t *time )
|
||||
@ -342,13 +346,13 @@ int hsm_get_rtc( time_t *time )
|
||||
cmd.args.getrtc.module = HSM_MODULE_ID;
|
||||
|
||||
result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( result != Status_OK )
|
||||
if ( result != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : get rtc(transaction)\n", result );
|
||||
return result;
|
||||
}
|
||||
result = reply.status;
|
||||
if ( result != Status_OK )
|
||||
if ( result != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : get rtc(reply status)\n", result );
|
||||
return result;
|
||||
@ -356,7 +360,192 @@ int hsm_get_rtc( time_t *time )
|
||||
|
||||
*time = (int)reply.reply.getrtc.time.currenttimelow;
|
||||
|
||||
return 0;
|
||||
return CR_GENID_SUCCESS;
|
||||
} // hsm_get_rtc
|
||||
|
||||
int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
|
||||
{
|
||||
int ret_code = 0;
|
||||
|
||||
M_Command cmd;
|
||||
M_Reply reply;
|
||||
M_IV enc_iv;
|
||||
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
// iv set
|
||||
enc_iv.mech = Mech_RijndaelmCBCpNONE;
|
||||
memset( enc_iv.iv.generic128.iv.bytes, 0, sizeof( enc_iv.generic128.iv.bytes ) );
|
||||
printf( "enc_iv.---.bytes : %d bytes\n", sizeof( enc_iv.generic128.iv.bytes ) );
|
||||
|
||||
// encrypt command set
|
||||
cmd.cmd = Cmd_Encrypt;
|
||||
cmd.args.encrypt.key = hsmAeskeyid;
|
||||
cmd.args.encrypt.mech = Mech_RijndaelmCBCpNONE;
|
||||
cmd.args.encrypt.plain.type = PlainTextType_Bytes;
|
||||
cmd.args.encrypt.plain.data.bytes.data.len = size;
|
||||
cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf;
|
||||
cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present;
|
||||
cmd.args.encrypt.given_iv = &enc_iv;
|
||||
|
||||
// encrypt command issue
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Encryption by HSM\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
|
||||
// buffer copy
|
||||
memcpy( dst_buf, reply.reply.encrypt.cipher.data.generic128.cipher.ptr, size );
|
||||
|
||||
//NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // 何故かアボートする
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
|
||||
return CR_GENID_SUCCESS;
|
||||
} // hsm_aes_encrypt
|
||||
|
||||
int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
|
||||
{
|
||||
int ret_code = 0;
|
||||
|
||||
M_Command cmd;
|
||||
M_Reply reply;
|
||||
M_IV dec_iv;
|
||||
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
// iv set
|
||||
dec_iv.mech = Mech_RijndaelmCBCpNONE;
|
||||
memset( dec_iv.iv.generic128.iv.bytes, 0, sizeof( dec_iv.generic128.iv.bytes ) );
|
||||
printf( "dec_iv.---.bytes : %d bytes\n", sizeof( dec_iv.generic128.iv.bytes ) );
|
||||
|
||||
// decyrpt
|
||||
cmd.cmd = Cmd_Decrypt;
|
||||
cmd.args.decrypt.flags = 0;
|
||||
cmd.args.decrypt.key = hsmAeskeyid;
|
||||
cmd.args.decrypt.mech = Mech_RijndaelmCBCpNONE;
|
||||
cmd.args.decrypt.cipher.mech = Mech_RijndaelmCBCpNONE;
|
||||
cmd.args.decrypt.cipher.data.generic128.cipher.len = size;
|
||||
cmd.args.decrypt.cipher.data.generic128.cipher.ptr = org_buf;
|
||||
cmd.args.decrypt.cipher.iv = dec_iv.iv;
|
||||
cmd.args.decrypt.reply_type = PlainTextType_Bytes;
|
||||
|
||||
// decrypt command issue
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Decryption by HSM\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
|
||||
// buffer copy
|
||||
memcpy( dst_buf, reply.reply.decrypt.plain.data.bytes.data.ptr, size );
|
||||
|
||||
//NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // 何故かアボートする
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
|
||||
return CR_GENID_SUCCESS;
|
||||
} // hsm_aes_decrypt
|
||||
|
||||
int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
|
||||
{
|
||||
int ret_code = 0;
|
||||
|
||||
M_Command cmd;
|
||||
M_Reply reply;
|
||||
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
// encrypt command set
|
||||
cmd.cmd = Cmd_Encrypt;
|
||||
cmd.args.encrypt.flags = 0;
|
||||
cmd.args.encrypt.key = hsmRsaPubkeyid;
|
||||
cmd.args.encrypt.mech = Mech_RSApPKCS1;
|
||||
cmd.args.encrypt.plain.type = PlainTextType_Bytes;
|
||||
cmd.args.encrypt.plain.data.bytes.data.len = size;
|
||||
cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf;
|
||||
cmd.args.encrypt.given_iv = &enc_iv;
|
||||
|
||||
// encrypt command issue
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Encryption by HSM\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
|
||||
// buffer copy
|
||||
memcpy( dst_buf, reply.reply.decrypt.plain.data.bytes.data.ptr, size );
|
||||
|
||||
//NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // 何故かアボートする
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
|
||||
return CR_GENID_SUCCESS;
|
||||
} // hsm_rsa_encrypt
|
||||
|
||||
int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
|
||||
{
|
||||
int ret_code = 0;
|
||||
|
||||
M_Command cmd;
|
||||
M_Reply reply;
|
||||
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
// decyrpt command set
|
||||
cmd.cmd = Cmd_Decrypt;
|
||||
cmd.args.decrypt.flags = 0;
|
||||
cmd.args.decrypt.key = hsmRsaPrivkeyid;
|
||||
cmd.args.decrypt.mech = Mech_RSApPKCS1;
|
||||
cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1;
|
||||
cmd.args.decrypt.cipher.data.generic128.cipher.len = size;
|
||||
cmd.args.decrypt.cipher.data.generic128.cipher.ptr = org_buf;
|
||||
cmd.args.decrypt.reply_type = PlainTextType_Bytes;
|
||||
|
||||
// decrypt command issue
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Decryption by HSM\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
|
||||
// buffer copy
|
||||
memcpy( dst_buf, reply.reply.decrypt.plain.data.bytes.data.ptr, size );
|
||||
|
||||
//NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // 何故かアボートする
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
|
||||
return CR_GENID_SUCCESS;
|
||||
} // hsm_rsa_decrypt
|
||||
|
||||
#endif // USE_HSM
|
||||
|
||||
@ -121,6 +121,10 @@ int hsm_initialize( void );
|
||||
void hsm_finalize( void );
|
||||
int hsm_generate_random( unsigned char *buf, int bytes );
|
||||
int hsm_get_rtc( time_t *time );
|
||||
int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size );
|
||||
int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size );
|
||||
int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size );
|
||||
int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
134
cr_hsm_util.c
134
cr_hsm_util.c
@ -118,40 +118,26 @@
|
||||
#include <string.h>
|
||||
|
||||
#ifdef USE_HSM
|
||||
// nShield
|
||||
#include "nfastapp.h"
|
||||
#include "nfkm.h"
|
||||
#include "rqcard-applic.h"
|
||||
#include "rqcard-fips.h"
|
||||
// nShield optional
|
||||
#include "simplebignum.h"
|
||||
#include "cr_hsm_code.h"
|
||||
#endif // USE_HSM
|
||||
|
||||
#include "cr_generate_id.h"
|
||||
#include "cr_generate_id_private.h"
|
||||
|
||||
#ifdef USE_HSM
|
||||
// functions
|
||||
static int hsm_get_rtc( time_t *time );
|
||||
static int hsm_set_rtc( struct timeval time );
|
||||
static int hsm_generate_random( unsigned char *buf, int bytes );
|
||||
#endif // USE_HSM
|
||||
|
||||
|
||||
// タイムスタンプの取得
|
||||
int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSec, time_t *pTime)
|
||||
{
|
||||
int ret_code = 0;
|
||||
struct tm *tm_time;
|
||||
struct timeval tv;
|
||||
struct timezone tz;
|
||||
|
||||
#ifdef USE_HSM
|
||||
ret_code = hsm_get_rtc( &tv.tv_sec );
|
||||
if( ret_code != Status_OK ) {
|
||||
if( ret_code != CR_GENID_SUCCESS ) {
|
||||
return ret_code;
|
||||
}
|
||||
#else // !USE_HSM
|
||||
struct timezone tz;
|
||||
gettimeofday(&tv,&tz);
|
||||
#endif // USE_HSM
|
||||
|
||||
@ -180,87 +166,15 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe
|
||||
return ret_code;
|
||||
}
|
||||
|
||||
|
||||
#ifdef USE_HSM
|
||||
// HSMのRTC値取得
|
||||
static int hsm_get_rtc( time_t *time )
|
||||
{
|
||||
int result;
|
||||
|
||||
M_Command cmd;
|
||||
M_Reply reply;
|
||||
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
cmd.cmd = Cmd_GetRTC;
|
||||
cmd.args.getrtc.module = HSM_MODULE_ID;
|
||||
|
||||
result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : get rtc(transaction)\n", result );
|
||||
return result;
|
||||
}
|
||||
result = reply.status;
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : get rtc(reply status)\n", result );
|
||||
return result;
|
||||
}
|
||||
|
||||
*time = (int)reply.reply.getrtc.time.currenttimelow;
|
||||
|
||||
return 0;
|
||||
} // hsm_get_rtc
|
||||
|
||||
|
||||
#if 0
|
||||
// HSMのRTC値セット
|
||||
static int hsm_set_rtc( struct timeval time )
|
||||
{
|
||||
int result;
|
||||
|
||||
M_Command cmd;
|
||||
M_Reply reply;
|
||||
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
cmd.cmd = Cmd_SetRTC;
|
||||
cmd.args.setrtc.module = HSM_MODULE_ID;
|
||||
cmd.args.setrtc.time.currenttimelow = time.tv_sec;
|
||||
|
||||
result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : set rtc(transaction)\n", result );
|
||||
return result;
|
||||
}
|
||||
result = reply.status;
|
||||
if ( result != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : set rtc(reply status)\n", result );
|
||||
return result;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // USE_HSM
|
||||
|
||||
|
||||
// ランダム値の生成
|
||||
int GenerateRandom( u8 *pDst, int length )
|
||||
{
|
||||
int ret_code = 0;
|
||||
|
||||
|
||||
#ifdef USE_HSM
|
||||
ret_code = hsm_generate_random( pDst, CR_RANDOM_LENGTH );
|
||||
if ( ret_code != Status_OK )
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
printf( "error(%d) : hsm_generate_random\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
#else // !USE_HSM
|
||||
@ -272,41 +186,3 @@ int GenerateRandom( u8 *pDst, int length )
|
||||
|
||||
return ret_code;
|
||||
}
|
||||
|
||||
|
||||
#ifdef USE_HSM
|
||||
// HSMから乱数を取得
|
||||
static int hsm_generate_random( unsigned char *buf, int bytes )
|
||||
{
|
||||
int ret_code;
|
||||
M_Command cmd;
|
||||
M_Reply reply;
|
||||
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
cmd.cmd = Cmd_GenerateRandom;
|
||||
cmd.args.generaterandom.lenbytes = bytes;
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : generate random\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
ret_code = reply.status;
|
||||
if ( ret_code != Status_OK )
|
||||
{
|
||||
printf( "error(%d) : generate random reply\n", ret_code );
|
||||
return ret_code;
|
||||
}
|
||||
|
||||
// buffer copy
|
||||
memcpy( buf, reply.reply.generaterandom.data.ptr, bytes );
|
||||
|
||||
NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd );
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
|
||||
return 0;
|
||||
} // hsm_generate_rand
|
||||
#endif // USE_HSM
|
||||
|
||||
|
||||
@ -174,7 +174,7 @@ static int generate_EC_private_key( EC_KEY *eckey, u8 *privKey )
|
||||
|
||||
// ECC233 で30バイトだけ利用するので、後ろ2バイトは0で埋める
|
||||
// (DER(BER) が big endian なので、ここでは先頭2byte)
|
||||
// + 7bit clear
|
||||
// 最後に3バイト目の7ビットをクリアする
|
||||
privKey[ 0 ] = 0;
|
||||
privKey[ 1 ] = 0;
|
||||
privKey[ 2 ] &= 0x01;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user