From 3e1e11c1fa9519b5a37cc607f5ceb214ea1b075a Mon Sep 17 00:00:00 2001 From: kubodera_yuichi Date: Tue, 22 Dec 2009 05:13:33 +0000 Subject: [PATCH] =?UTF-8?q?HSM=E9=96=A2=E9=80=A3=E3=82=B3=E3=83=BC?= =?UTF-8?q?=E3=83=89=E5=88=86=E9=9B=A2=E5=AE=8C=E4=BA=86=EF=BC=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@17 ff987cc8-cf2f-4642-8568-d52cce064691 --- cr_enc_id.c | 167 ++++-------------------------------- cr_hsm_code.c | 229 +++++++++++++++++++++++++++++++++++++++++++++----- cr_hsm_code.h | 4 + cr_hsm_util.c | 134 ++--------------------------- cr_keyPair.c | 2 +- 5 files changed, 235 insertions(+), 301 deletions(-) diff --git a/cr_enc_id.c b/cr_enc_id.c index bd7581b..d0c26a0 100644 --- a/cr_enc_id.c +++ b/cr_enc_id.c @@ -119,8 +119,9 @@ #include #include -#ifndef USE_HSM -// openssl +#ifdef USE_HSM +#include "cr_hsm_code.h" +#else // !USE_HSM #include #include #include @@ -129,7 +130,7 @@ extern RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); -#endif // !USE_HSM +#endif // USE_HSM static unsigned char local_buf_1[CR_ID_BUF_SIZE]; static unsigned char local_buf_2[CR_ID_BUF_SIZE]; @@ -145,7 +146,6 @@ int EncryptID( unsigned char *dst_buf, unsigned char *org_buf ) #endif // ENCRYPT_AES } - #ifdef ENCRYPT_AES // AES暗号化 -> 復号化 -> ベリファイ @@ -153,75 +153,21 @@ int EncryptID( unsigned char *dst_buf, unsigned char *org_buf ) int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf ) { - int i, ret_code; - - M_Command cmd; - M_Reply reply; - M_IV enc_iv, dec_iv; - - ret_code = 0; - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - // iv - enc_iv.mech = dec_iv.mech = Mech_RijndaelmCBCpNONE; - for ( i = 0; i < 16; i++ ) - enc_iv.iv.generic128.iv.bytes[i] = dec_iv.iv.generic128.iv.bytes[i] = i; - // encrypt - cmd.cmd = Cmd_Encrypt; - cmd.args.encrypt.key = hsmAeskeyid; - cmd.args.encrypt.mech = Mech_RijndaelmCBCpNONE; - cmd.args.encrypt.plain.type = PlainTextType_Bytes; - cmd.args.encrypt.plain.data.bytes.data.len = CR_ID_BUF_SIZE; - cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf; - cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present; - cmd.args.encrypt.given_iv = &enc_iv; - ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( ret_code != Status_OK ) + ret_code = hsm_aes_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE ); + if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : Encryption by HSM\n", ret_code ); + printf( "error(%d) : hsm_aes_encyrpt\n", ret_code ); + return ret_code; } - ret_code = reply.status; - if ( ret_code != Status_OK ) - { - printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code ); - } - memcpy( local_buf_1, - reply.reply.encrypt.cipher.data.generic128.cipher.ptr, - CR_ID_BUF_SIZE ); - - //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); // decyrpt - cmd.cmd = Cmd_Decrypt; - cmd.args.decrypt.flags = 0; - cmd.args.decrypt.key = hsmAeskeyid; - cmd.args.decrypt.mech = Mech_RijndaelmCBCpNONE; - cmd.args.decrypt.cipher.mech = Mech_RijndaelmCBCpNONE; - cmd.args.decrypt.cipher.data.generic128.cipher.len = CR_ID_BUF_SIZE; - cmd.args.decrypt.cipher.data.generic128.cipher.ptr = local_buf_1; - cmd.args.decrypt.cipher.iv = dec_iv.iv; - cmd.args.decrypt.reply_type = PlainTextType_Bytes; - ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( ret_code != Status_OK ) + ret_code = hsm_aes_decrypt( local_buf_2, local_buf_1, CR_ID_BUF_SIZE ); + if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : Decryption by HSM\n", ret_code ); + printf( "error(%d) : hsm_aes_decrypt\n", ret_code ); + return ret_code; } - ret_code = reply.status; - if ( ret_code != Status_OK ) - { - printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code ); - } - memcpy( local_buf_2, - reply.reply.decrypt.plain.data.bytes.data.ptr, - CR_ID_BUF_SIZE ); - - //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); // ベリファイ for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ ) @@ -229,14 +175,14 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf ) if( org_buf[i] != local_buf_2[i] ) { printf( "error : aes verify\n" ); - return 0; + return 0; // AESエラーコードを作らなくては・・・ } } // バッファコピー memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE ); - return 0; + return CR_GENID_SUCCESS; } // hsm_crypto_aes_enc_dec #else // !USE_HSM @@ -298,7 +244,7 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf ) // バッファコピー memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE ); - return 0; + return CR_GENID_SUCCESS; } // crypto_aes_enc_dec #endif // USE_HSM @@ -310,90 +256,9 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf ) int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf ) { - int i, ret_code; - M_Command cmd; - M_Reply reply; - M_IV enc_iv, dec_iv; - ret_code = 0; - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - // iv - enc_iv.mech = dec_iv.mech = Mech_RSApPKCS1; - for ( i = 0; i < sizeof( enc_iv.iv.generic256.iv.bytes ); i++ ) - enc_iv.iv.generic256.iv.bytes[i] = dec_iv.iv.generic256.iv.bytes[i] = i; - - // encrypt - cmd.cmd = Cmd_Encrypt; - cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present; - cmd.args.encrypt.key = hsmRsaPubkeyid; - cmd.args.encrypt.mech = Mech_RSApPKCS1; - cmd.args.encrypt.plain.type = PlainTextType_Bytes; - cmd.args.encrypt.plain.data.bytes.data.len = CR_ID_BUF_SIZE; - cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf; - cmd.args.encrypt.given_iv = &enc_iv; - ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( ret_code != Status_OK ) - { - printf( "error(%d) : Encryption by HSM\n", ret_code ); - } - ret_code = reply.status; - if ( ret_code != Status_OK ) - { - printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code ); - } - memcpy( local_buf_1, - reply.reply.encrypt.cipher.data.generic128.cipher.ptr, - CR_ID_BUF_SIZE ); - - //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - // decyrpt - cmd.cmd = Cmd_Decrypt; - cmd.args.decrypt.flags = 0; - cmd.args.decrypt.key = hsmAeskeyid; - cmd.args.decrypt.mech = Mech_RijndaelmCBCpNONE; - cmd.args.decrypt.cipher.mech = Mech_RijndaelmCBCpNONE; - cmd.args.decrypt.cipher.data.generic128.cipher.len = CR_ID_BUF_SIZE; - cmd.args.decrypt.cipher.data.generic128.cipher.ptr = local_buf_1; - cmd.args.decrypt.cipher.iv = dec_iv.iv; - cmd.args.decrypt.reply_type = PlainTextType_Bytes; - ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( ret_code != Status_OK ) - { - printf( "error(%d) : Decryption by HSM\n", ret_code ); - } - ret_code = reply.status; - if ( ret_code != Status_OK ) - { - printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code ); - } - memcpy( local_buf_2, - reply.reply.decrypt.plain.data.bytes.data.ptr, - CR_ID_BUF_SIZE ); - - //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); - - // ベリファイ - for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ ) - { - if( org_buf[i] != local_buf_2[i] ) - { - printf( "error : aes verify\n" ); - return 0; - } - } - - // バッファコピー - memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE ); - - return 0; + return CR_GENID_SUCCESS; } // hsm_crypto_rsa_enc_dec #else // USE_HSM diff --git a/cr_hsm_code.c b/cr_hsm_code.c index 7cf7685..5d33717 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -137,11 +137,13 @@ NFKM_WorldInfo *hsmWorld = NULL; // allocate RQCard hsmCard; RQCard_FIPS hsmFips; M_KeyID hsmLtid; + // AES M_KeyID hsmAeskeyid; const NFKM_KeyIdent hsmAeskeyident = { (char*)"simple", (char*)"aes-test-key" }; NFKM_Key *hsmAeskeyinfo = NULL; // allocate -// RSA Private + +// RSA Priv, Pub M_KeyID hsmRsaPrivkeyid, hsmRsaPubkeyid; const NFKM_KeyIdent hsmRsakeyident = { (char*)"simple", (char*)"rsa-priv-key-2048" }; NFKM_Key *hsmRsakeyinfo = NULL; // allocate @@ -156,7 +158,7 @@ int hsm_initialize( void ) { // init HSM ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : NFastApp_InitEx\n", ret_code ); return ret_code; @@ -171,7 +173,7 @@ int hsm_initialize( void ) sbn_bignumfreeupcall, sbn_bignumformatupcall, NULL ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : NFastApp_SetBignumUpcalls\n", ret_code ); return ret_code; @@ -181,7 +183,7 @@ int hsm_initialize( void ) // arg3 is flag // NFastApp_ConnectionFlags_Privileged flag need to run by nfast user. ret_code = NFastApp_Connect( hsmHandle, &hsmConnection, 0, NULL ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : NFastApp_Connect\n", ret_code ); return ret_code; @@ -189,7 +191,7 @@ int hsm_initialize( void ) // get NFKM info ret_code = NFKM_getinfo( hsmHandle, &hsmWorld, NULL ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : NFKM_getinfo\n", ret_code ); return ret_code; @@ -197,7 +199,7 @@ int hsm_initialize( void ) // init Card-Loading Lib(RQCard) ret_code = RQCard_init( &hsmCard, hsmHandle, hsmConnection, hsmWorld, NULL ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : RQCard_init\n", ret_code ); return ret_code; @@ -205,7 +207,7 @@ int hsm_initialize( void ) // init FIPS state ret_code = RQCard_fips_init( &hsmCard, &hsmFips ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : RQCard_fips_init\n", ret_code ); return ret_code; @@ -213,7 +215,7 @@ int hsm_initialize( void ) // select Card-Auth UI ret_code = RQCard_ui_scroll( &hsmCard ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : RQCard_ui_scroll\n", ret_code ); return ret_code; @@ -223,7 +225,7 @@ int hsm_initialize( void ) { // find key ret_code = NFKM_findkey( hsmHandle, hsmAeskeyident, &hsmAeskeyinfo, NULL ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : NFKM_findkey\n", ret_code ); return ret_code; @@ -234,7 +236,7 @@ int hsm_initialize( void ) { // load specific OCS ret_code = RQCard_logic_ocs_specific( &hsmCard, &hsmAeskeyinfo->cardset, NULL ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : RQCard_logic_ocs_specific\n", ret_code ); return ret_code; @@ -242,7 +244,7 @@ int hsm_initialize( void ) // use specific Module ret_code = RQCard_whichmodule_specific( &hsmCard, HSM_MODULE_ID, &hsmLtid ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : RQCard_whichmodule_specific\n", ret_code ); return ret_code; @@ -250,7 +252,7 @@ int hsm_initialize( void ) // eventloop ret_code = hsmCard.uf->eventloop( &hsmCard ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : Card eventloop\n", ret_code ); return ret_code; @@ -260,7 +262,7 @@ int hsm_initialize( void ) // get usable Module hsmModuleinfo = hsmWorld->modules[0]; ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &hsmModuleinfo ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : NFKM_getusablemodule\n", ret_code ); return ret_code; @@ -275,7 +277,7 @@ int hsm_initialize( void ) hsmModuleinfo->module, hsmBlobptr, hsmLtid, &hsmAeskeyid, "loading key blob", NULL ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : NFKM_cmd_loadblob\n", ret_code ); return ret_code; @@ -283,6 +285,8 @@ int hsm_initialize( void ) printf( "AES key object load : ok\n" ); } // load AES key object + + return CR_GENID_SUCCESS; } // hsm_initialize void hsm_finalize( void ) @@ -307,13 +311,13 @@ int hsm_generate_random( unsigned char *buf, int bytes ) cmd.cmd = Cmd_GenerateRandom; cmd.args.generaterandom.lenbytes = bytes; ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : generate random\n", ret_code ); return ret_code; } ret_code = reply.status; - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : generate random reply\n", ret_code ); return ret_code; @@ -325,7 +329,7 @@ int hsm_generate_random( unsigned char *buf, int bytes ) NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); - return 0; + rreturn CR_GENID_SUCCESS; } // hsm_generate_rand int hsm_get_rtc( time_t *time ) @@ -342,13 +346,13 @@ int hsm_get_rtc( time_t *time ) cmd.args.getrtc.module = HSM_MODULE_ID; result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) + if ( result != CR_GENID_SUCCESS ) { printf( "error(%d) : get rtc(transaction)\n", result ); return result; } result = reply.status; - if ( result != Status_OK ) + if ( result != CR_GENID_SUCCESS ) { printf( "error(%d) : get rtc(reply status)\n", result ); return result; @@ -356,7 +360,192 @@ int hsm_get_rtc( time_t *time ) *time = (int)reply.reply.getrtc.time.currenttimelow; - return 0; + return CR_GENID_SUCCESS; } // hsm_get_rtc +int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) +{ + int ret_code = 0; + + M_Command cmd; + M_Reply reply; + M_IV enc_iv; + + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // iv set + enc_iv.mech = Mech_RijndaelmCBCpNONE; + memset( enc_iv.iv.generic128.iv.bytes, 0, sizeof( enc_iv.generic128.iv.bytes ) ); + printf( "enc_iv.---.bytes : %d bytes\n", sizeof( enc_iv.generic128.iv.bytes ) ); + + // encrypt command set + cmd.cmd = Cmd_Encrypt; + cmd.args.encrypt.key = hsmAeskeyid; + cmd.args.encrypt.mech = Mech_RijndaelmCBCpNONE; + cmd.args.encrypt.plain.type = PlainTextType_Bytes; + cmd.args.encrypt.plain.data.bytes.data.len = size; + cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf; + cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present; + cmd.args.encrypt.given_iv = &enc_iv; + + // encrypt command issue + ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + printf( "error(%d) : Encryption by HSM\n", ret_code ); + return ret_code; + } + ret_code = reply.status; + if ( ret_code != CR_GENID_SUCCESS ) + { + printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code ); + return ret_code; + } + + // buffer copy + memcpy( dst_buf, reply.reply.encrypt.cipher.data.generic128.cipher.ptr, size ); + + //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // ̂A{[g + NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); + + return CR_GENID_SUCCESS; +} // hsm_aes_encrypt + +int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) +{ + int ret_code = 0; + + M_Command cmd; + M_Reply reply; + M_IV dec_iv; + + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // iv set + dec_iv.mech = Mech_RijndaelmCBCpNONE; + memset( dec_iv.iv.generic128.iv.bytes, 0, sizeof( dec_iv.generic128.iv.bytes ) ); + printf( "dec_iv.---.bytes : %d bytes\n", sizeof( dec_iv.generic128.iv.bytes ) ); + + // decyrpt + cmd.cmd = Cmd_Decrypt; + cmd.args.decrypt.flags = 0; + cmd.args.decrypt.key = hsmAeskeyid; + cmd.args.decrypt.mech = Mech_RijndaelmCBCpNONE; + cmd.args.decrypt.cipher.mech = Mech_RijndaelmCBCpNONE; + cmd.args.decrypt.cipher.data.generic128.cipher.len = size; + cmd.args.decrypt.cipher.data.generic128.cipher.ptr = org_buf; + cmd.args.decrypt.cipher.iv = dec_iv.iv; + cmd.args.decrypt.reply_type = PlainTextType_Bytes; + + // decrypt command issue + ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + printf( "error(%d) : Decryption by HSM\n", ret_code ); + return ret_code; + } + ret_code = reply.status; + if ( ret_code != CR_GENID_SUCCESS ) + { + printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code ); + return ret_code; + } + + // buffer copy + memcpy( dst_buf, reply.reply.decrypt.plain.data.bytes.data.ptr, size ); + + //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // ̂A{[g + NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); + + return CR_GENID_SUCCESS; +} // hsm_aes_decrypt + +int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) +{ + int ret_code = 0; + + M_Command cmd; + M_Reply reply; + + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // encrypt command set + cmd.cmd = Cmd_Encrypt; + cmd.args.encrypt.flags = 0; + cmd.args.encrypt.key = hsmRsaPubkeyid; + cmd.args.encrypt.mech = Mech_RSApPKCS1; + cmd.args.encrypt.plain.type = PlainTextType_Bytes; + cmd.args.encrypt.plain.data.bytes.data.len = size; + cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf; + cmd.args.encrypt.given_iv = &enc_iv; + + // encrypt command issue + ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + printf( "error(%d) : Encryption by HSM\n", ret_code ); + return ret_code; + } + ret_code = reply.status; + if ( ret_code != CR_GENID_SUCCESS ) + { + printf( "error(%d) : Encrypt Reply Status by HSM\n", ret_code ); + return ret_code; + } + + // buffer copy + memcpy( dst_buf, reply.reply.decrypt.plain.data.bytes.data.ptr, size ); + + //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // ̂A{[g + NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); + + return CR_GENID_SUCCESS; +} // hsm_rsa_encrypt + +int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) +{ + int ret_code = 0; + + M_Command cmd; + M_Reply reply; + + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // decyrpt command set + cmd.cmd = Cmd_Decrypt; + cmd.args.decrypt.flags = 0; + cmd.args.decrypt.key = hsmRsaPrivkeyid; + cmd.args.decrypt.mech = Mech_RSApPKCS1; + cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1; + cmd.args.decrypt.cipher.data.generic128.cipher.len = size; + cmd.args.decrypt.cipher.data.generic128.cipher.ptr = org_buf; + cmd.args.decrypt.reply_type = PlainTextType_Bytes; + + // decrypt command issue + ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + printf( "error(%d) : Decryption by HSM\n", ret_code ); + return ret_code; + } + ret_code = reply.status; + if ( ret_code != CR_GENID_SUCCESS ) + { + printf( "error(%d) : Decrypt Reply Status by HSM\n", ret_code ); + return ret_code; + } + + // buffer copy + memcpy( dst_buf, reply.reply.decrypt.plain.data.bytes.data.ptr, size ); + + //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // ̂A{[g + NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); + + return CR_GENID_SUCCESS; +} // hsm_rsa_decrypt + #endif // USE_HSM diff --git a/cr_hsm_code.h b/cr_hsm_code.h index 65cb76f..7103bf9 100644 --- a/cr_hsm_code.h +++ b/cr_hsm_code.h @@ -121,6 +121,10 @@ int hsm_initialize( void ); void hsm_finalize( void ); int hsm_generate_random( unsigned char *buf, int bytes ); int hsm_get_rtc( time_t *time ); +int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ); +int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ); +int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ); +int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ); #ifdef __cplusplus } diff --git a/cr_hsm_util.c b/cr_hsm_util.c index dc10c7c..007f199 100644 --- a/cr_hsm_util.c +++ b/cr_hsm_util.c @@ -118,40 +118,26 @@ #include #ifdef USE_HSM -// nShield -#include "nfastapp.h" -#include "nfkm.h" -#include "rqcard-applic.h" -#include "rqcard-fips.h" -// nShield optional -#include "simplebignum.h" +#include "cr_hsm_code.h" #endif // USE_HSM #include "cr_generate_id.h" #include "cr_generate_id_private.h" -#ifdef USE_HSM -// functions -static int hsm_get_rtc( time_t *time ); -static int hsm_set_rtc( struct timeval time ); -static int hsm_generate_random( unsigned char *buf, int bytes ); -#endif // USE_HSM - - // タイムスタンプの取得 int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSec, time_t *pTime) { int ret_code = 0; struct tm *tm_time; struct timeval tv; - struct timezone tz; #ifdef USE_HSM ret_code = hsm_get_rtc( &tv.tv_sec ); - if( ret_code != Status_OK ) { + if( ret_code != CR_GENID_SUCCESS ) { return ret_code; } #else // !USE_HSM + struct timezone tz; gettimeofday(&tv,&tz); #endif // USE_HSM @@ -180,87 +166,15 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe return ret_code; } - -#ifdef USE_HSM -// HSMのRTC値取得 -static int hsm_get_rtc( time_t *time ) -{ - int result; - - M_Command cmd; - M_Reply reply; - - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - cmd.cmd = Cmd_GetRTC; - cmd.args.getrtc.module = HSM_MODULE_ID; - - result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : get rtc(transaction)\n", result ); - return result; - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : get rtc(reply status)\n", result ); - return result; - } - - *time = (int)reply.reply.getrtc.time.currenttimelow; - - return 0; -} // hsm_get_rtc - - -#if 0 -// HSMのRTC値セット -static int hsm_set_rtc( struct timeval time ) -{ - int result; - - M_Command cmd; - M_Reply reply; - - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - cmd.cmd = Cmd_SetRTC; - cmd.args.setrtc.module = HSM_MODULE_ID; - cmd.args.setrtc.time.currenttimelow = time.tv_sec; - - result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : set rtc(transaction)\n", result ); - return result; - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : set rtc(reply status)\n", result ); - return result; - } - - return 0; -} -#endif - -#endif // USE_HSM - - // ランダム値の生成 int GenerateRandom( u8 *pDst, int length ) { int ret_code = 0; - + #ifdef USE_HSM ret_code = hsm_generate_random( pDst, CR_RANDOM_LENGTH ); - if ( ret_code != Status_OK ) + if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : hsm_generate_random\n", ret_code ); return ret_code; } #else // !USE_HSM @@ -272,41 +186,3 @@ int GenerateRandom( u8 *pDst, int length ) return ret_code; } - - -#ifdef USE_HSM -// HSMから乱数を取得 -static int hsm_generate_random( unsigned char *buf, int bytes ) -{ - int ret_code; - M_Command cmd; - M_Reply reply; - - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - cmd.cmd = Cmd_GenerateRandom; - cmd.args.generaterandom.lenbytes = bytes; - ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( ret_code != Status_OK ) - { - printf( "error(%d) : generate random\n", ret_code ); - return ret_code; - } - ret_code = reply.status; - if ( ret_code != Status_OK ) - { - printf( "error(%d) : generate random reply\n", ret_code ); - return ret_code; - } - - // buffer copy - memcpy( buf, reply.reply.generaterandom.data.ptr, bytes ); - - NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); - - return 0; -} // hsm_generate_rand -#endif // USE_HSM - diff --git a/cr_keyPair.c b/cr_keyPair.c index bdf7355..aa409e2 100644 --- a/cr_keyPair.c +++ b/cr_keyPair.c @@ -174,7 +174,7 @@ static int generate_EC_private_key( EC_KEY *eckey, u8 *privKey ) // ECC233 で30バイトだけ利用するので、後ろ2バイトは0で埋める // (DER(BER) が big endian なので、ここでは先頭2byte) - // + 7bit clear + // 最後に3バイト目の7ビットをクリアする privKey[ 0 ] = 0; privKey[ 1 ] = 0; privKey[ 2 ] &= 0x01;