r58のビルドを通す

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@59 ff987cc8-cf2f-4642-8568-d52cce064691
2025-11-02 00:11:04 -04:00 · 2009-12-23 07:02:12 +00:00 · 2009-12-23 07:02:12 +00:00 · 47f22d47f1
commit 47f22d47f1
parent d54e4f7a2f
1 changed files with 23 additions and 12 deletions
--- a/cr_hsm_code.c
+++ b/cr_hsm_code.c
@ -243,10 +243,17 @@ int hsm_initialize( void )
 		return ret_code;
 	}
 #else	// !ENCRYPT_AES
-	ret_code = hsm_rsa_load_keypair();
+	// load rsa dev keypair
+	ret_code = hsm_rsa_load_keypair( hsmRsaKeyidentDev, &hsmRsaPrivkeyidDev, &hsmRsaPubkeyidDev );
+	if ( ret_code != CR_GENID_SUCCESS )
+	{
+		return ret_code;
+	}
+	
+	// load rsa prod keypair
+	ret_code = hsm_rsa_load_keypair( hsmRsaKeyidentProd, &hsmRsaPrivkeyidProd, &hsmRsaPubkeyidProd );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : hsm_rsa_load_keypair\n", ret_code );
 		return ret_code;
 	}
 #endif	// ENCRYPT_AES
@ -259,11 +266,6 @@ void hsm_finalize( void )
 	RQCard_fips_free( &hsmCard, &hsmFips );
 	RQCard_destroy( &hsmCard );
 	
-	// TODO: 開発実機鍵／製品実機鍵の両方を処理するようにする。
-#ifndef ENCRYPT_AES
-	NFKM_freekey( hsmHandle, hsmRsakeyinfo, NULL );
-#endif	// ENCRYPT_AES
-
 	NFKM_freeinfo( hsmHandle, &hsmWorld, NULL );
 	NFastApp_Disconnect( hsmConnection, NULL );
 	NFastApp_Finish( hsmHandle, NULL );
@ -501,7 +503,7 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p
 	hsmBlobptr = &keyinfo->privblob;
 	ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
 								hsmModuleinfo->module, hsmBlobptr, 
-								hsmLtid, &privKeyid, 
+								hsmLtid, privKeyid, 
 								"loading priv key blob", NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
@ -512,7 +514,7 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p
 	hsmBlobptr = &keyinfo->privblob;
 	ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
 								hsmModuleinfo->module, hsmBlobptr, 
-								hsmLtid, &pubKeyid, 
+								hsmLtid, pubKeyid, 
 								"loading pub key blob", NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
@ -612,6 +614,8 @@ int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *p
 		}
 	}
 #endif
+	NFKM_freekey( hsmHandle, keyinfo, NULL );
+	
 	return CR_GENID_SUCCESS;
 }	// hsm_rsa_load_keypair

@ -619,16 +623,20 @@ int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
 {
 	int ret_code = CR_GENID_SUCCESS;
 	
+	M_KeyID keyid;
 	M_Command cmd;
 	M_Reply reply;
 	
 	memset( &cmd, 0, sizeof( cmd ) );
 	memset( &reply, 0, sizeof( reply ) );
 	
+	// key set
+	keyid = bondingOption ? hsmRsaPubkeyidDev : hsmRsaPubkeyidProd;
+	
 	// encrypt command set
 	cmd.cmd = Cmd_Encrypt;
 	cmd.args.encrypt.flags = 0;
-	cmd.args.encrypt.key = hsmRsaPubkeyid;
+	cmd.args.encrypt.key = keyid;
 	cmd.args.encrypt.mech = Mech_RSApPKCS1;
 	cmd.args.encrypt.plain.type = PlainTextType_Bytes;
 	cmd.args.encrypt.plain.data.bytes.data.len = size;
@ -667,10 +675,13 @@ int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
 	memset( &cmd, 0, sizeof( cmd ) );
 	memset( &reply, 0, sizeof( reply ) );
 	
+	// key set
+	keyid = bondingOption ? hsmRsaPrivkeyidDev : hsmRsaPrivkeyidProd;
+	
 	// decyrpt command set
 	cmd.cmd = Cmd_Decrypt;
 	cmd.args.decrypt.flags = 0;
-	cmd.args.decrypt.key = hsmRsaPrivkeyid;
+	cmd.args.decrypt.key = keyid;
 	cmd.args.decrypt.mech = Mech_Any;
 	cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1;
 	cmd.args.decrypt.cipher.data.generic128.cipher.len = size;