rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

cr_generate_id.cからHSM関連コードを除外する2(linuxでも通る、はず)

Browse Source 
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@12 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi 2009-12-22 02:14:01 +00:00
parent 86a0d8f40d
commit 445e0b013d
3 changed files with 148 additions and 285 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

289
cr_generate_id.c
View File

@ -671,290 +671,14 @@ int cr_generate_id_initialize( void )
FILE *fp;
#ifdef USE_HSM
// init HSM
ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL );
if ( ret_code != Status_OK )
ret_code = hsm_initialize();
if ( ret_code != CR_GENID_SUCCESS )
{
printf( "error(%d) : NFastApp_InitEx\n", ret_code );
return ret_code;
}
#endif
// set BigNum upcalls for HSM
ret_code = NFastApp_SetBignumUpcalls(
hsmHandle,
sbn_bignumreceiveupcall,
sbn_bignumsendlenupcall,
sbn_bignumsendupcall,
sbn_bignumfreeupcall,
sbn_bignumformatupcall,
NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFastApp_SetBignumUpcalls\n", ret_code );
}
// connect HSM
// arg3 is flag
// NFastApp_ConnectionFlags_Privileged flag need to run by nfast user.
ret_code = NFastApp_Connect( hsmHandle, &hsmConnection, 0, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFastApp_Connect\n", ret_code );
}
// get NFKM info
ret_code = NFKM_getinfo( hsmHandle, &hsmWorld, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_getinfo\n", ret_code );
}
// init Card-Loading Lib(RQCard)
ret_code = RQCard_init( &hsmCard, hsmHandle, hsmConnection, hsmWorld, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_init\n", ret_code );
}
// init FIPS state
ret_code = RQCard_fips_init( &hsmCard, &hsmFips );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_fips_init\n", ret_code );
}
// select Card-Auth UI
ret_code = RQCard_ui_scroll( &hsmCard );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_ui_scroll\n", ret_code );
}
// load AES key object
{
// find key
ret_code = NFKM_findkey( hsmHandle, hsmAeskeyident, &hsmAeskeyinfo, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_findkey\n", ret_code );
}
// if Key_flags_ProtectionCardSet is enable, eventloop is an essential.
if ( hsmAeskeyinfo->flags & Key_flags_ProtectionCardSet )
{
// load specific OCS
ret_code = RQCard_logic_ocs_specific( &hsmCard, &hsmAeskeyinfo->cardset, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_logic_ocs_specific\n", ret_code );
}
// use specific Module
ret_code = RQCard_whichmodule_specific( &hsmCard, HSM_MODULE_ID, &hsmLtid );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_whichmodule_specific\n", ret_code );
}
// eventloop
ret_code = hsmCard.uf->eventloop( &hsmCard );
if ( ret_code != Status_OK )
{
printf( "error(%d) : Card eventloop\n", ret_code );
}
}
// get usable Module
hsmModuleinfo = hsmWorld->modules[0];
ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &hsmModuleinfo );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_getusablemodule\n", ret_code );
}
// load key blob
if ( hsmAeskeyinfo->pubblob.len )
hsmBlobptr = &hsmAeskeyinfo->pubblob;
else
hsmBlobptr = &hsmAeskeyinfo->privblob;
ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
hsmModuleinfo->module, hsmBlobptr,
hsmLtid, &hsmAeskeyid,
"loading key blob", NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob\n", ret_code );
}
printf( "AES key object load : ok\n" );
} // load AES key object
// load RSA private key object
{
// find key
ret_code = NFKM_findkey( hsmHandle, hsmRsakeyident, &hsmRsakeyinfo, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_findkey\n", ret_code );
}
// if Key_flags_ProtectionCardSet is enable, eventloop is an essential.
if ( hsmRsakeyinfo->flags & Key_flags_ProtectionCardSet )
{
// load specific OCS
ret_code = RQCard_logic_ocs_specific( &hsmCard, &hsmRsakeyinfo->cardset, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_logic_ocs_specific\n", ret_code );
}
// use specific Module
ret_code = RQCard_whichmodule_specific( &hsmCard, HSM_MODULE_ID, &hsmLtid );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_whichmodule_specific\n", ret_code );
}
// eventloop
ret_code = hsmCard.uf->eventloop( &hsmCard );
if ( ret_code != Status_OK )
{
printf( "error(%d) : Card eventloop\n", ret_code );
}
}
// get usable Module
hsmModuleinfo = hsmWorld->modules[0];
ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &hsmModuleinfo );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_getusablemodule\n", ret_code );
}
// load key blob
printf( "pubblob.len : %d, privblob.len : %d\n",
(int)hsmRsakeyinfo->pubblob.len, (int)hsmRsakeyinfo->privblob.len );
hsmBlobptr = &hsmRsakeyinfo->privblob;
ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
hsmModuleinfo->module, hsmBlobptr,
hsmLtid, &hsmRsaPrivkeyid,
"loading priv-key blob", NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob(priv-key)\n", ret_code );
}
printf( "RSA private key object load : ok\n" );
hsmBlobptr = &hsmRsakeyinfo->pubblob;
ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
hsmModuleinfo->module, hsmBlobptr,
hsmLtid, &hsmRsaPubkeyid,
"loading pub-key blob", NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob(pub-key)\n", ret_code );
}
printf( "RSA public key object load : ok\n" );
// get key info
{
M_Command cmd;
M_Reply reply;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
cmd.cmd = Cmd_GetKeyInfo;
cmd.args.getkeyinfo.key = hsmRsaPrivkeyid;
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", ret_code );
}
}
#if 0
// get & set key acl
{
int i, j;
M_Command cmd;
M_Reply reply;
M_ACL newACL;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
// GetACL
cmd.cmd = Cmd_GetACL;
cmd.args.getacl.key = hsmRsaPrivkeyid;
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : FastApp_Transact(Cmd_GetKeyInfo)\n", ret_code );
}
printf( "n_groups : %d\n", reply.reply.getacl.acl.n_groups );
for ( i = 0; i < reply.reply.getacl.acl.n_groups; i++ )
{
printf( "group[%d] : %d actions ok.\n", i, reply.reply.getacl.acl.groups[i].n_actions );
for ( j = 0; j < reply.reply.getacl.acl.groups[i].n_actions; j++ )
{
if ( reply.reply.getacl.acl.groups[i].actions[j].type == 1 ) // Act_OpPermissions
printf( "OpPermissions : %08X\n",
(int)reply.reply.getacl.acl.groups[i].actions[j].details.oppermissions.perms );
}
}
newACL = reply.reply.getacl.acl;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
// find cardsets
NFKM_CardSet *cardset = NULL;
ret_code = NFKM_findcardset( hsmHandle, &(hsmRsakeyinfo->cardset), &cardset, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_findcardset\n", ret_code );
}
#if 0
// make new ACL
NFKM_MakeACLParams map;
NFKM_MakeBlobsParams mbp;
M_ACL newACL;
memset( &map, 0, sizeof( map ) );
map.f = NFKM_NKF_RecoveryEnabled | NFKM_NKF_ProtectionCardSet;
map.op_base = (NFKM_DEFOPPERMS_SIGN | NFKM_DEFOPPERMS_VERIFY |
NFKM_DEFOPPERMS_ENCRYPT | NFKM_DEFOPPERMS_DECRYPT );
map.cs = cardset;
ret_code = NFKM_newkey_makeaclx( hsmHandle, hsmConnection, hsmWorld, &map,
&newACL, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_newkey_makeaclx\n", ret_code );
}
#endif
// SetACL
cmd.cmd = Cmd_SetACL;
cmd.args.setacl.key = hsmRsaPrivkeyid;
cmd.args.setacl.newacl = newACL;
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : set acl(transaction)\n", ret_code );
}
ret_code = reply.status;
if ( ret_code != Status_OK )
{
printf( "error(%d) : set acl(reply status)\n", ret_code );
}
}
#endif
} // load RSA private key object
#endif // USE_HSM
// CAの証明書を読み込む
fp = fopen( CA_FILE, "r" );
if ( !fp )
@ -1009,12 +733,7 @@ int cr_generate_id_finalize( void )
// HSM
#ifdef USE_HSM
RQCard_fips_free( &hsmCard, &hsmFips );
RQCard_destroy( &hsmCard );
NFKM_freekey( hsmHandle, hsmAeskeyinfo, NULL );
NFKM_freeinfo( hsmHandle, &hsmWorld, NULL );
NFastApp_Disconnect( hsmConnection, NULL );
NFastApp_Finish( hsmHandle, NULL );
hsm_finalize();
#endif // USE_HSM
ok = 1;

143
cr_hsm_code.c
View File

@ -151,6 +151,149 @@ M_ByteBlock *hsmBlobptr = NULL;
#endif // USE_HSM
#ifdef USE_HSM
// init HSM
int hsm_initialize( void )
{
// init HSM
ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFastApp_InitEx\n", ret_code );
return ret_code;
}
// set BigNum upcalls for HSM
ret_code = NFastApp_SetBignumUpcalls(
hsmHandle,
sbn_bignumreceiveupcall,
sbn_bignumsendlenupcall,
sbn_bignumsendupcall,
sbn_bignumfreeupcall,
sbn_bignumformatupcall,
NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFastApp_SetBignumUpcalls\n", ret_code );
return ret_code;
}
// connect HSM
// arg3 is flag
// NFastApp_ConnectionFlags_Privileged flag need to run by nfast user.
ret_code = NFastApp_Connect( hsmHandle, &hsmConnection, 0, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFastApp_Connect\n", ret_code );
return ret_code;
}
// get NFKM info
ret_code = NFKM_getinfo( hsmHandle, &hsmWorld, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_getinfo\n", ret_code );
return ret_code;
}
// init Card-Loading Lib(RQCard)
ret_code = RQCard_init( &hsmCard, hsmHandle, hsmConnection, hsmWorld, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_init\n", ret_code );
return ret_code;
}
// init FIPS state
ret_code = RQCard_fips_init( &hsmCard, &hsmFips );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_fips_init\n", ret_code );
return ret_code;
}
// select Card-Auth UI
ret_code = RQCard_ui_scroll( &hsmCard );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_ui_scroll\n", ret_code );
return ret_code;
}
// load AES key object
{
// find key
ret_code = NFKM_findkey( hsmHandle, hsmAeskeyident, &hsmAeskeyinfo, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_findkey\n", ret_code );
return ret_code;
}
// if Key_flags_ProtectionCardSet is enable, eventloop is an essential.
if ( hsmAeskeyinfo->flags & Key_flags_ProtectionCardSet )
{
// load specific OCS
ret_code = RQCard_logic_ocs_specific( &hsmCard, &hsmAeskeyinfo->cardset, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_logic_ocs_specific\n", ret_code );
return ret_code;
}
// use specific Module
ret_code = RQCard_whichmodule_specific( &hsmCard, HSM_MODULE_ID, &hsmLtid );
if ( ret_code != Status_OK )
{
printf( "error(%d) : RQCard_whichmodule_specific\n", ret_code );
return ret_code;
}
// eventloop
ret_code = hsmCard.uf->eventloop( &hsmCard );
if ( ret_code != Status_OK )
{
printf( "error(%d) : Card eventloop\n", ret_code );
return ret_code;
}
}
// get usable Module
hsmModuleinfo = hsmWorld->modules[0];
ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &hsmModuleinfo );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_getusablemodule\n", ret_code );
return ret_code;
}
// load key blob
if ( hsmAeskeyinfo->pubblob.len )
hsmBlobptr = &hsmAeskeyinfo->pubblob;
else
hsmBlobptr = &hsmAeskeyinfo->privblob;
ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
hsmModuleinfo->module, hsmBlobptr,
hsmLtid, &hsmAeskeyid,
"loading key blob", NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : NFKM_cmd_loadblob\n", ret_code );
return ret_code;
}
printf( "AES key object load : ok\n" );
} // load AES key object
} // hsm_initialize
void hsm_finalize( void )
{
RQCard_fips_free( &hsmCard, &hsmFips );
RQCard_destroy( &hsmCard );
NFKM_freekey( hsmHandle, hsmAeskeyinfo, NULL );
NFKM_freeinfo( hsmHandle, &hsmWorld, NULL );
NFastApp_Disconnect( hsmConnection, NULL );
NFastApp_Finish( hsmHandle, NULL );
} // hsm_finalize
int hsm_generate_random( unsigned char *buf, int bytes )
{

1
cr_hsm_code.h
View File

@ -117,6 +117,7 @@ extern "C" {
#endif
// functions
int hsm_initialize( void );
int hsm_generate_random( unsigned char *buf, int bytes );
int hsm_get_rtc( time_t *time );