From 4589b6b3308d592da3edc0b47e72f23f9ccb8787 Mon Sep 17 00:00:00 2001 From: kubodera_yuichi Date: Fri, 25 Dec 2009 01:19:15 +0000 Subject: [PATCH] =?UTF-8?q?=E3=83=AA=E3=82=BB=E3=83=83=E3=83=88=E3=81=99?= =?UTF-8?q?=E3=82=8B=E3=81=AB=E3=81=AF=E7=89=B9=E6=A8=A9=E3=83=A2=E3=83=BC?= =?UTF-8?q?=E3=83=89=E3=81=A7=E3=81=AE=E6=8E=A5=E7=B6=9A=E3=81=8C=E5=BF=85?= =?UTF-8?q?=E8=A6=81=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@90 ff987cc8-cf2f-4642-8568-d52cce064691 --- cr_hsm_code.c | 67 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 59 insertions(+), 8 deletions(-) diff --git a/cr_hsm_code.c b/cr_hsm_code.c index 0b280fb..a6907ab 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -154,7 +154,7 @@ static int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_K int hsm_initialize( void ) { int ret_code = CR_GENID_SUCCESS; - + // TODO: HSMリセットを入れる。 ret_code = hsm_reset_module(); if ( ret_code != CR_GENID_SUCCESS ) @@ -163,7 +163,6 @@ int hsm_initialize( void ) return ret_code; } - // init HSM ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL ); if ( ret_code != CR_GENID_SUCCESS ) @@ -171,7 +170,7 @@ int hsm_initialize( void ) SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } - + // set BigNum upcalls for HSM ret_code = NFastApp_SetBignumUpcalls( hsmHandle, @@ -251,16 +250,34 @@ void hsm_finalize( void ) int hsm_reset_module( void ) { int ret_code = CR_GENID_SUCCESS; + NFast_AppHandle handle; + NFastApp_Connection connection; M_Command cmd; M_Reply reply; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); - cmd.cmd = Cmd_ClearUnit; - cmd.args.clearunit.module = HSM_MODULE_ID; + // init HSM + ret_code = NFastApp_InitEx( &handle, NULL, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } - ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); + // 特権モードで接続しないと、ClerUnit, RetryFailedModuleコマンドが発行できない + ret_code = NFastApp_Connect( handle, &connection, NFastApp_ConnectionFlags_Privileged, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } + + // failed state からの復旧要求 + cmd.cmd = Cmd_RetryFailedModule; + cmd.args.retryfailedmodule.module = HSM_MODULE_ID; + ret_code = NFastApp_Transact( connection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); @@ -273,9 +290,42 @@ int hsm_reset_module( void ) return ret_code; } - NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + // モジュールのリセット + cmd.cmd = Cmd_ClearUnit; + cmd.args.clearunit.module = HSM_MODULE_ID; + ret_code = NFastApp_Transact( connection, NULL, &cmd, &reply, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } + ret_code = reply.status; + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } + + NFastApp_Free_Command( handle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( handle, NULL, NULL, &reply ); + + // 切断 + ret_code = NFastApp_Disconnect( hsmConnection, NULL ); + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } + + // ハンドル破棄 + NFastApp_Finish( handle, NULL ); + return ret_code; } // hsm_reset_module @@ -502,6 +552,7 @@ int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u #else // !ENCRYPT_AES + int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *pubKeyid ) { int ret_code = CR_GENID_SUCCESS;