TODO:AESの鍵切替処理(たぶんまだ不完全)

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@52 ff987cc8-cf2f-4642-8568-d52cce064691

cr_enc_id.c

@@ -175,7 +175,7 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi
 	// TODO: ボンディングオプションで鍵を切り替えるようにする。
 
 	// encrypt
-	ret_code = hsm_aes_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE );
+	ret_code = hsm_aes_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE, bondingOption );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		printf( "error(%d) : hsm_aes_encyrpt\n", ret_code );
@@ -183,7 +183,7 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi
 	}
 	
 	// decyrpt
-	ret_code = hsm_aes_decrypt( local_buf_2, local_buf_1, CR_ID_BUF_SIZE );
+	ret_code = hsm_aes_decrypt( local_buf_2, local_buf_1, CR_ID_BUF_SIZE, bondingOption );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		printf( "error(%d) : hsm_aes_decrypt\n", ret_code );

cr_hsm_code.c

@@ -142,11 +142,11 @@ M_ByteBlock *hsmBlobptr = NULL;
 
 // TODO: 最終鍵に変更する
 #ifdef ENCRYPT_AES
-M_KeyID hsmAeskeyid;
-const NFKM_KeyIdent hsmAeskeyident = { (char*)"simple", (char*)"aes-test-key2" };
-NFKM_Key *hsmAeskeyinfo = NULL;	// allocate
+M_KeyID hsmAesKeyidDev, hsmAesKeyidProd;
+const NFKM_KeyIdent hsmAesKeyidentDev = { (char*)"simple", (char*)"aes-dummykey-dev" };
+const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"aes-dummykey-prod" };
 
-static int hsm_aes_load_key( void );
+static int hsm_aes_load_key( NFKM_KeyIdent keyident, NFKM_Key *keyinfo, M_KeyID *keyid );
 #else	// !ENCRYPT_AES
 M_KeyID hsmRsaPrivkeyid, hsmRsaPubkeyid;
 const NFKM_KeyIdent hsmRsakeyident = { (char*)"simple", (char*)"rsa-dummy-keypair" };
@@ -229,10 +229,17 @@ int hsm_initialize( void )
 
 	// TODO: 開発実機鍵／製品実機鍵の両方をロードするようにする。
 #ifdef ENCRYPT_AES
-	ret_code = hsm_aes_load_key();
+	// load aes dev key
+	ret_code = hsm_aes_load_key( hsmAesKeyidentDev, hsmAesKeyinfoDev, &hsmAesKeyidDev );
+	if ( ret_code != CR_GENID_SUCCESS )
+	{
+		return ret_code;
+	}
+	
+	// load aes prod key
+	ret_code = hsm_aes_load_key( hsmAesKeyidentProd, hsmAesKeyinfoProd, &hsmAesKeyidProd );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : hsm_aes_load_key\n", ret_code );
 		return ret_code;
 	}
 #else	// !ENCRYPT_AES
@@ -254,7 +261,8 @@ void hsm_finalize( void )
 	
 	// TODO: 開発実機鍵／製品実機鍵の両方を処理するようにする。
 #ifdef ENCRYPT_AES
-	NFKM_freekey( hsmHandle, hsmAeskeyinfo, NULL );
+	NFKM_freekey( hsmHandle, hsmAesKeyinfoDev, NULL );
+	NFKM_freekey( hsmHandle, hsmAesKeyinfoProd, NULL );
 #else	// !ENCRYPT_AES
 	NFKM_freekey( hsmHandle, hsmRsakeyinfo, NULL );
 #endif	// ENCRYPT_AES
@@ -330,74 +338,39 @@ int hsm_get_rtc( time_t *time )
 
 #ifdef ENCRYPT_AES
 
-int hsm_aes_load_key( void )
+int hsm_aes_load_key( NFKM_KeyIdent keyident, NFKM_KEY *keyinfo, M_KeyID *keyid )
 {
 	int ret_code = CR_GENID_SUCCESS;
 	
 	// find key
-	ret_code = NFKM_findkey( hsmHandle, hsmAeskeyident, &hsmAeskeyinfo, NULL );
+	ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : NFKM_findkey\n", ret_code );
 		return ret_code;
 	}
 
-	// if Key_flags_ProtectionCardSet is enable, eventloop is an essential.
-	if ( hsmAeskeyinfo->flags & Key_flags_ProtectionCardSet )
-	{
-		// load specific OCS
-		ret_code = RQCard_logic_ocs_specific( &hsmCard, &hsmAeskeyinfo->cardset, NULL );
-		if ( ret_code != CR_GENID_SUCCESS )
-		{
-			printf( "error(%d) : RQCard_logic_ocs_specific\n", ret_code );
-			return ret_code;
-		}
-	
-		// use specific Module
-		ret_code = RQCard_whichmodule_specific( &hsmCard, HSM_MODULE_ID, &hsmLtid );
-		if ( ret_code != CR_GENID_SUCCESS )
-		{
-			printf( "error(%d) : RQCard_whichmodule_specific\n", ret_code );
-			return ret_code;
-		}
-	
-		// eventloop
-		ret_code = hsmCard.uf->eventloop( &hsmCard );
-		if ( ret_code != CR_GENID_SUCCESS )
-		{
-			printf( "error(%d) : Card eventloop\n", ret_code );
-			return ret_code;
-		}
-	}
-
 	// get usable Module
 	hsmModuleinfo = hsmWorld->modules[0];
 	ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &hsmModuleinfo );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : NFKM_getusablemodule\n", ret_code );
 		return ret_code;
 	}
 
 	// load key blob
-	if ( hsmAeskeyinfo->pubblob.len )
-		hsmBlobptr = &hsmAeskeyinfo->pubblob;
-	else
-		hsmBlobptr = &hsmAeskeyinfo->privblob;
+	hsmBlobptr = &hsmAeskeyinfo->privblob;
 	ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
 								hsmModuleinfo->module, hsmBlobptr, 
-								hsmLtid, &hsmAeskeyid, 
-								"loading key blob", NULL );
+								hsmLtid, keyid, "loading aes key blob", NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
-		printf( "error(%d) : NFKM_cmd_loadblob\n", ret_code );
 		return ret_code;
 	}
 	
 	return CR_GENID_SUCCESS;
 }	// hsm_aes_load_key
 
-int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
+int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bondingOption )
 {
 	int ret_code = CR_GENID_SUCCESS;
 	
@@ -445,7 +418,7 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
 	return CR_GENID_SUCCESS;
 }	// hsm_aes_encrypt
 
-int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
+int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bondingOption )
 {
 	int ret_code = CR_GENID_SUCCESS;
 	

cr_hsm_code.h

@@ -123,8 +123,8 @@ int hsm_initialize( void );
 void hsm_finalize( void );
 int hsm_generate_random( unsigned char *buf, int bytes );
 int hsm_get_rtc( time_t *time );
-int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size );
-int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size );
+int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bondingOption );
+int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bondingOption );
 int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size );
 int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size );