diff --git a/cr_enc_id.c b/cr_enc_id.c index 230894f..9752392 100644 --- a/cr_enc_id.c +++ b/cr_enc_id.c @@ -175,7 +175,7 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi // TODO: ボンディングオプションで鍵を切り替えるようにする。 // encrypt - ret_code = hsm_aes_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE ); + ret_code = hsm_aes_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE, bondingOption ); if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : hsm_aes_encyrpt\n", ret_code ); @@ -183,7 +183,7 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi } // decyrpt - ret_code = hsm_aes_decrypt( local_buf_2, local_buf_1, CR_ID_BUF_SIZE ); + ret_code = hsm_aes_decrypt( local_buf_2, local_buf_1, CR_ID_BUF_SIZE, bondingOption ); if ( ret_code != CR_GENID_SUCCESS ) { printf( "error(%d) : hsm_aes_decrypt\n", ret_code ); diff --git a/cr_hsm_code.c b/cr_hsm_code.c index b26117d..46df3be 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -142,11 +142,11 @@ M_ByteBlock *hsmBlobptr = NULL; // TODO: 最終鍵に変更する #ifdef ENCRYPT_AES -M_KeyID hsmAeskeyid; -const NFKM_KeyIdent hsmAeskeyident = { (char*)"simple", (char*)"aes-test-key2" }; -NFKM_Key *hsmAeskeyinfo = NULL; // allocate +M_KeyID hsmAesKeyidDev, hsmAesKeyidProd; +const NFKM_KeyIdent hsmAesKeyidentDev = { (char*)"simple", (char*)"aes-dummykey-dev" }; +const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"aes-dummykey-prod" }; -static int hsm_aes_load_key( void ); +static int hsm_aes_load_key( NFKM_KeyIdent keyident, NFKM_Key *keyinfo, M_KeyID *keyid ); #else // !ENCRYPT_AES M_KeyID hsmRsaPrivkeyid, hsmRsaPubkeyid; const NFKM_KeyIdent hsmRsakeyident = { (char*)"simple", (char*)"rsa-dummy-keypair" }; @@ -229,10 +229,17 @@ int hsm_initialize( void ) // TODO: 開発実機鍵/製品実機鍵の両方をロードするようにする。 #ifdef ENCRYPT_AES - ret_code = hsm_aes_load_key(); + // load aes dev key + ret_code = hsm_aes_load_key( hsmAesKeyidentDev, hsmAesKeyinfoDev, &hsmAesKeyidDev ); + if ( ret_code != CR_GENID_SUCCESS ) + { + return ret_code; + } + + // load aes prod key + ret_code = hsm_aes_load_key( hsmAesKeyidentProd, hsmAesKeyinfoProd, &hsmAesKeyidProd ); if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : hsm_aes_load_key\n", ret_code ); return ret_code; } #else // !ENCRYPT_AES @@ -254,7 +261,8 @@ void hsm_finalize( void ) // TODO: 開発実機鍵/製品実機鍵の両方を処理するようにする。 #ifdef ENCRYPT_AES - NFKM_freekey( hsmHandle, hsmAeskeyinfo, NULL ); + NFKM_freekey( hsmHandle, hsmAesKeyinfoDev, NULL ); + NFKM_freekey( hsmHandle, hsmAesKeyinfoProd, NULL ); #else // !ENCRYPT_AES NFKM_freekey( hsmHandle, hsmRsakeyinfo, NULL ); #endif // ENCRYPT_AES @@ -330,74 +338,39 @@ int hsm_get_rtc( time_t *time ) #ifdef ENCRYPT_AES -int hsm_aes_load_key( void ) +int hsm_aes_load_key( NFKM_KeyIdent keyident, NFKM_KEY *keyinfo, M_KeyID *keyid ) { int ret_code = CR_GENID_SUCCESS; // find key - ret_code = NFKM_findkey( hsmHandle, hsmAeskeyident, &hsmAeskeyinfo, NULL ); + ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : NFKM_findkey\n", ret_code ); return ret_code; } - // if Key_flags_ProtectionCardSet is enable, eventloop is an essential. - if ( hsmAeskeyinfo->flags & Key_flags_ProtectionCardSet ) - { - // load specific OCS - ret_code = RQCard_logic_ocs_specific( &hsmCard, &hsmAeskeyinfo->cardset, NULL ); - if ( ret_code != CR_GENID_SUCCESS ) - { - printf( "error(%d) : RQCard_logic_ocs_specific\n", ret_code ); - return ret_code; - } - - // use specific Module - ret_code = RQCard_whichmodule_specific( &hsmCard, HSM_MODULE_ID, &hsmLtid ); - if ( ret_code != CR_GENID_SUCCESS ) - { - printf( "error(%d) : RQCard_whichmodule_specific\n", ret_code ); - return ret_code; - } - - // eventloop - ret_code = hsmCard.uf->eventloop( &hsmCard ); - if ( ret_code != CR_GENID_SUCCESS ) - { - printf( "error(%d) : Card eventloop\n", ret_code ); - return ret_code; - } - } - // get usable Module hsmModuleinfo = hsmWorld->modules[0]; ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &hsmModuleinfo ); if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : NFKM_getusablemodule\n", ret_code ); return ret_code; } // load key blob - if ( hsmAeskeyinfo->pubblob.len ) - hsmBlobptr = &hsmAeskeyinfo->pubblob; - else - hsmBlobptr = &hsmAeskeyinfo->privblob; + hsmBlobptr = &hsmAeskeyinfo->privblob; ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, hsmModuleinfo->module, hsmBlobptr, - hsmLtid, &hsmAeskeyid, - "loading key blob", NULL ); + hsmLtid, keyid, "loading aes key blob", NULL ); if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : NFKM_cmd_loadblob\n", ret_code ); return ret_code; } return CR_GENID_SUCCESS; } // hsm_aes_load_key -int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) +int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bondingOption ) { int ret_code = CR_GENID_SUCCESS; @@ -445,7 +418,7 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) return CR_GENID_SUCCESS; } // hsm_aes_encrypt -int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) +int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bondingOption ) { int ret_code = CR_GENID_SUCCESS; diff --git a/cr_hsm_code.h b/cr_hsm_code.h index 28d25b6..2f40140 100644 --- a/cr_hsm_code.h +++ b/cr_hsm_code.h @@ -123,8 +123,8 @@ int hsm_initialize( void ); void hsm_finalize( void ); int hsm_generate_random( unsigned char *buf, int bytes ); int hsm_get_rtc( time_t *time ); -int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ); -int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ); +int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bondingOption ); +int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bondingOption ); int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ); int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size );