From 47f22d47f12398b111f7986bcefce06a468822dd Mon Sep 17 00:00:00 2001 From: kubodera_yuichi Date: Wed, 23 Dec 2009 07:02:12 +0000 Subject: [PATCH] =?UTF-8?q?r58=E3=81=AE=E3=83=93=E3=83=AB=E3=83=89?= =?UTF-8?q?=E3=82=92=E9=80=9A=E3=81=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@59 ff987cc8-cf2f-4642-8568-d52cce064691 --- cr_hsm_code.c | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/cr_hsm_code.c b/cr_hsm_code.c index 40cd995..5f313d3 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -243,10 +243,17 @@ int hsm_initialize( void ) return ret_code; } #else // !ENCRYPT_AES - ret_code = hsm_rsa_load_keypair(); + // load rsa dev keypair + ret_code = hsm_rsa_load_keypair( hsmRsaKeyidentDev, &hsmRsaPrivkeyidDev, &hsmRsaPubkeyidDev ); + if ( ret_code != CR_GENID_SUCCESS ) + { + return ret_code; + } + + // load rsa prod keypair + ret_code = hsm_rsa_load_keypair( hsmRsaKeyidentProd, &hsmRsaPrivkeyidProd, &hsmRsaPubkeyidProd ); if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : hsm_rsa_load_keypair\n", ret_code ); return ret_code; } #endif // ENCRYPT_AES @@ -259,11 +266,6 @@ void hsm_finalize( void ) RQCard_fips_free( &hsmCard, &hsmFips ); RQCard_destroy( &hsmCard ); - // TODO: 開発実機鍵/製品実機鍵の両方を処理するようにする。 -#ifndef ENCRYPT_AES - NFKM_freekey( hsmHandle, hsmRsakeyinfo, NULL ); -#endif // ENCRYPT_AES - NFKM_freeinfo( hsmHandle, &hsmWorld, NULL ); NFastApp_Disconnect( hsmConnection, NULL ); NFastApp_Finish( hsmHandle, NULL ); @@ -501,7 +503,7 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p hsmBlobptr = &keyinfo->privblob; ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, hsmModuleinfo->module, hsmBlobptr, - hsmLtid, &privKeyid, + hsmLtid, privKeyid, "loading priv key blob", NULL ); if ( ret_code != CR_GENID_SUCCESS ) { @@ -512,7 +514,7 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p hsmBlobptr = &keyinfo->privblob; ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, hsmModuleinfo->module, hsmBlobptr, - hsmLtid, &pubKeyid, + hsmLtid, pubKeyid, "loading pub key blob", NULL ); if ( ret_code != CR_GENID_SUCCESS ) { @@ -612,6 +614,8 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p } } #endif + NFKM_freekey( hsmHandle, keyinfo, NULL ); + return CR_GENID_SUCCESS; } // hsm_rsa_load_keypair @@ -619,16 +623,20 @@ int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) { int ret_code = CR_GENID_SUCCESS; + M_KeyID keyid; M_Command cmd; M_Reply reply; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); - + + // key set + keyid = bondingOption ? hsmRsaPubkeyidDev : hsmRsaPubkeyidProd; + // encrypt command set cmd.cmd = Cmd_Encrypt; cmd.args.encrypt.flags = 0; - cmd.args.encrypt.key = hsmRsaPubkeyid; + cmd.args.encrypt.key = keyid; cmd.args.encrypt.mech = Mech_RSApPKCS1; cmd.args.encrypt.plain.type = PlainTextType_Bytes; cmd.args.encrypt.plain.data.bytes.data.len = size; @@ -667,10 +675,13 @@ int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); + // key set + keyid = bondingOption ? hsmRsaPrivkeyidDev : hsmRsaPrivkeyidProd; + // decyrpt command set cmd.cmd = Cmd_Decrypt; cmd.args.decrypt.flags = 0; - cmd.args.decrypt.key = hsmRsaPrivkeyid; + cmd.args.decrypt.key = keyid; cmd.args.decrypt.mech = Mech_Any; cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1; cmd.args.decrypt.cipher.data.generic128.cipher.len = size;