diff --git a/cr_hsm_code.c b/cr_hsm_code.c index 0b280fb..a6907ab 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -154,7 +154,7 @@ static int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_K int hsm_initialize( void ) { int ret_code = CR_GENID_SUCCESS; - + // TODO: HSMリセットを入れる。 ret_code = hsm_reset_module(); if ( ret_code != CR_GENID_SUCCESS ) @@ -163,7 +163,6 @@ int hsm_initialize( void ) return ret_code; } - // init HSM ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL ); if ( ret_code != CR_GENID_SUCCESS ) @@ -171,7 +170,7 @@ int hsm_initialize( void ) SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } - + // set BigNum upcalls for HSM ret_code = NFastApp_SetBignumUpcalls( hsmHandle, @@ -251,16 +250,34 @@ void hsm_finalize( void ) int hsm_reset_module( void ) { int ret_code = CR_GENID_SUCCESS; + NFast_AppHandle handle; + NFastApp_Connection connection; M_Command cmd; M_Reply reply; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); - cmd.cmd = Cmd_ClearUnit; - cmd.args.clearunit.module = HSM_MODULE_ID; + // init HSM + ret_code = NFastApp_InitEx( &handle, NULL, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } - ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); + // 特権モードで接続しないと、ClerUnit, RetryFailedModuleコマンドが発行できない + ret_code = NFastApp_Connect( handle, &connection, NFastApp_ConnectionFlags_Privileged, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } + + // failed state からの復旧要求 + cmd.cmd = Cmd_RetryFailedModule; + cmd.args.retryfailedmodule.module = HSM_MODULE_ID; + ret_code = NFastApp_Transact( connection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); @@ -273,9 +290,42 @@ int hsm_reset_module( void ) return ret_code; } - NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // モジュールのリセット + cmd.cmd = Cmd_ClearUnit; + cmd.args.clearunit.module = HSM_MODULE_ID; + ret_code = NFastApp_Transact( connection, NULL, &cmd, &reply, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } + ret_code = reply.status; + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } + + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + + // 切断 + ret_code = NFastApp_Disconnect( hsmConnection, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } + + // ハンドル破棄 + NFastApp_Finish( handle, NULL ); + return ret_code; } // hsm_reset_module @@ -502,6 +552,7 @@ int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u #else // !ENCRYPT_AES + int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *pubKeyid ) { int ret_code = CR_GENID_SUCCESS;