rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

cr_generate_id.cからHSM関連コードを除外する(今はcygwinでのみビルド通る)

Browse Source 
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@11 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi 2009-12-22 02:01:20 +00:00
parent 19d5af715d
commit 86a0d8f40d
5 changed files with 388 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -4,8 +4,8 @@
# nm generate_id.o | grep " [T|B|D] "
# nm ../rsa_keysrcgen/rsa1_key.o | grep " [T|B|D] "
# ダミーのRSA鍵ペアを使用する場合は、USE_DUMMY_KEYをTRUEにしてください。
# 正式な RSA鍵ペアを使用する場合は、USE_DUMMY_KEYをコメントアウトして、DER_KEY_DIRにRSA鍵ペアが入ったフォルダを指定してください。
# ダミーのRSA鍵ペアを使用する場合は、USE_DUMMY_KEYをTRUEにしてください。
# 正式な RSA鍵ペアを使用する場合は、USE_DUMMY_KEYをコメントアウトして、DER_KEY_DIRにRSA鍵ペアが入ったフォルダを指定してください。
DEV_CYGWIN = TRUE
#ENCRYPT_AES = TRUE
@ -71,7 +71,7 @@ TARGET = gen_id
KEYS_C = cr_gen_id_rsa_key_priv.c cr_gen_id_rsa_key_pub.c
KEYS_H = $(KEYS_C:.c=.h)
SRCS = main.c cr_generate_id.c cr_enc_id.c cr_alloc.c $(KEYS_C)
SRCS = main.c cr_generate_id.c cr_enc_id.c cr_alloc.c cr_hsm_code.c $(KEYS_C)
ifeq ($(USE_SFMT),TRUE)
SRCS += $(SFMT_DIR)/SFMT.c

111
cr_generate_id.c
View File

@ -118,14 +118,8 @@
#include <string.h>
#ifdef USE_HSM
// nShield
#include "nfastapp.h"
#include "nfkm.h"
#include "rqcard-applic.h"
#include "rqcard-fips.h"
// nShield optional
#include "simplebignum.h"
#endif // USE_HSM
#include "cr_hsm_code.h"
#endif // USE_HSM
// openssl
#include <openssl/err.h>
@ -671,107 +665,6 @@ static int generate_CTRCustom_cert( CTR_Device_Cert *cert, u32 deviceId, u8 bond
return result;
} // generate_CTRCustom_cert
#ifdef USE_HSM
static int hsm_generate_random( unsigned char *buf, int bytes )
{
int ret_code;
M_Command cmd;
M_Reply reply;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
cmd.cmd = Cmd_GenerateRandom;
cmd.args.generaterandom.lenbytes = bytes;
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : generate random\n", ret_code );
return ret_code;
}
ret_code = reply.status;
if ( ret_code != Status_OK )
{
printf( "error(%d) : generate random reply\n", ret_code );
return ret_code;
}
// buffer copy
memcpy( buf, reply.reply.generaterandom.data.ptr, bytes );
NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd );
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
return 0;
} // hsm_generate_rand
#if 0
static int hsm_set_rtc( struct timeval time )
{
int result;
M_Command cmd;
M_Reply reply;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
cmd.cmd = Cmd_SetRTC;
cmd.args.setrtc.module = HSM_MODULE_ID;
cmd.args.setrtc.time.currenttimelow = time.tv_sec;
result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : set rtc(transaction)\n", result );
return result;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : set rtc(reply status)\n", result );
return result;
}
return 0;
}
#endif
static int hsm_get_rtc( time_t *time )
{
int result;
M_Command cmd;
M_Reply reply;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
cmd.cmd = Cmd_GetRTC;
cmd.args.getrtc.module = HSM_MODULE_ID;
result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : get rtc(transaction)\n", result );
return result;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : get rtc(reply status)\n", result );
return result;
}
*time = (int)reply.reply.getrtc.time.currenttimelow;
return 0;
} // hsm_get_rtc
#endif // USE_HSM
int cr_generate_id_initialize( void )
{
int ret_code = 0;

124
cr_generate_id.h
View File

@ -112,9 +112,13 @@
#ifndef _CR_GENERATE_ID_H_
#define _CR_GENERATE_ID_H_
// 成功
#define CR_GENID_SUCCESS 0
#define CR_GENID_ERROR_NON 0
//---------------------------------------------------
// OpenSSLの処理結果によるエラーコード
//---------------------------------------------------
#define CR_GENID_ERROR_RSA_ENC ( -1)
#define CR_GENID_ERROR_RSA_DEC ( -2)
#define CR_GENID_ERROR_RSA_VERIFY ( -3)
@ -138,95 +142,37 @@
#define CR_GENID_ERROR_PRIVKEY_SCRAMBLE (-21)
//---------------------------------------------------
// HSM処理に伴う追加コード
// HSMの処理結果によるエラーコード
//---------------------------------------------------
// NFastAppライブラリ : 20
#define CR_GENID_ERROR_HSM_BAD_CERTKEYHASH // Status_BadCertKeyHash = 9, : 証明書のハッシュが正しくない
#define CR_GENID_ERROR_HSM_BAD_CERTSIGN // Status_BadCertSignature = 10, : 証明書の署名が正しくない
#define CR_GENID_ERROR_HSM_CERTVERIFY_FAILED // Status_VerifyFailed = 11, : 署名の検証に失敗した場合 -> OpenSSLで行うから不要
#define CR_GENID_ERROR_HSM_LOAD_BLOB_FAILED // Status_BlobTypeUnknown = 19, : kmdataを認識出来ない -> HDDの不具合で発生しうる
#define CR_GENID_ERROR_HSM_BUFFER_FULL // Status_BufferFull = 20, : 固定長バッファを使い果たした -> 引数のバッファの話か?
#define CR_GENID_ERROR_HSM_RESET_NOW // Status_UnitReset = 21, : コマンド処理中にHSMリセット発生 -> 異常系
#define CR_GENID_ERROR_HSM_KEY_NOT_FOUND // Status_UnknownKM = 28, : HSMキーが見付からない
#define CR_GENID_ERROR_HSM_DECRYPT_FAILED // Status_DecryptFailed = 31, : 復号化に失敗した
#define CR_GENID_ERROR_HSM_CONFILICT_KEYHASH // Status_UnknownKeyHash = 37, : 鍵のハッシュとモジュール内のハッシュが一致しない -> 改竄 or HDD関連異常
#define CR_GENID_ERROR_HSM_ENCRYCT_FAILED // Status_EncryptFailed = 44, : 暗号化に失敗した
#define CR_GENID_ERROR_HSM_HARD_FAILED // Status_HardwareFailed = 55, : HSMハードエラー
#define CR_GENID_ERROR_HSM_SERVER_STOPPED // Status_ServerNotRunning = 56, : サーバが動作していない
#define CR_GENID_ERROR_HSM_OS_ERROR // Status_OSErrorErrno = 57, : OSがHSMとプログラムの通信を遂行できない
#define CR_GENID_ERROR_HSM_CONNECTION_LOST // Status_ServerConnectionLost = 60, : HSMと通信するためのサーバとの接続が切れた。エラーが多発すると発生するとのこと
#define CR_GENID_ERROR_HSM_COMMAND_CANCELLED // Status_Cancelled = 64, : HSMの障害・リセットが起きそうなため、コマンド発行がキャンセルされた -> HSMの故障
#define CR_GENID_ERROR_HSM_BIGNUMOP_STACK_OVERFLOW // Status_OpStackOverflow = 67, : Bignum操作コマンドよりスタックのエントリ数を超えるPushを行おうとした
#define CR_GENID_ERROR_HSM_BIGNUMOP_STACK_UNDERFLOW // Status_OpStackUnderflow = 68, : Bignum操作コマンドより空スタックからPopを行おうとした
#define CR_GENID_ERROR_HSM_BIGNUMOP_NEGATIVE // Status_NegativeResult = 69,: Bignum操作コマンドの結果に負の値があった(かつ、AllowNegtiveフラグがセットされていなかった)
#define CR_GENID_ERROR_HSM_TIMEOUT_OPERATION // Status_OperationTimeout = 106, : モジュールに設定されているtimelimit以内にコマンドが完了しなかった -> key の time limit とはまた別?
#define CR_GENID_ERROR_HSM_UNKNOWN_KEY // Status_UnknownKey = 130, : 鍵がモジュール内で見付からなかった
// NFKMライブラリ : 6
#define CR_GENID_ERROR_NFKM_NOTFOUND_KEY // Status_KeyNotLoaded = 132, : リクエストされた鍵が見付からなかった(NFKMライブラリ)
#define CR_GENID_ERROR_NFKM_NOUSABLE_MODULE // Status_NoUsableModules = 135, : 利用可能なモジュールが存在しない(NFKMライブラリ)
#define CR_GENID_ERROR_NFKM_NOUSABLE_WORLD // Status_WorldUnusable = 137, : 現在のセキュリティワールドが使用不可である。(NFKMライブラリ)
#define CR_GENID_ERROR_NFKM_UNAVAILABLE_USELIMIT // Status_UseLimitsUnavailable = 141, : 鍵が適切なUSE LIMITを持っていない
#define CR_GENID_ERROR_NFKM_UNUSABLE_MODULE // Status_ModuleNotUsable = 144, : モジュールが利用不可である。(NFKMライブラリ)
// その他? : 1
#define CR_GENID_ERROR_HSM_REPLY_MISMATCH // Status_CommandReplyMismatch = 238, : reply が command と一致しない。
//---------------------------------------------------
// 現在大好評発生中であるが、将来的には出ない(ようにする)と思われるもの
#if 0
#define CR_GENID_ERROR_ACCESS_DENIED // Status_AccessDenied = 5, : 処理と鍵のACLの不一致に伴うエラー
#define CR_GENID_ERROR_USE_LIMIT // Status_UseLimitExceeded = 7, : ACLに定められた使用回数を超えた場合
#define CR_GENID_ERROR_TIME_LIMIT // Status_TimeLimitExceeded = 8, : 処理を行うまでのタイムリミット(これもACL)
#define CR_GENID_ERROR_BAD_TOKEN // Status_BadTokenData = 14, : カード、NVRAM、またはRTCの値が不正 -> RTC は一度値をセットすれば電池切れまで大丈夫、なはず
#define CR_GENID_ERROR_NO_MEMORY // Status_NoMemory = 15, : (HSMの)メモリを使い果たした? -> SEE使うわけではないので不要かも
#define CR_GENID_ERROR_NOT_SUPPORT // Status_UnknownParameter = 17, Status_UnknownFlag = 18, Status_UnknownMechanism = 39, : コマンドまたはフラグ、メカニズム(暗号アルゴリズムなど)をサポートしていない、ECC系で出る
#define CR_GENID_ERROR_PARAM_INVALID // Status_InvalidParameter = 24, : 矛盾したパラメータ設定
#define CR_GENID_ERROR_STATUS_INVALID // Status_InvalidState = 25, : モジュール、あるいはAPIのレベル(e.g. Fips)がリクエストされたコマンドを実行できる状態にない
#define CR_GENID_ERROR_TOKEN_ASSEMBLE // Status_TokenAssemblyFailed = 27, : トークンの再構築に失敗した -> セットアップの時のみ?
#define CR_GENID_ERROR_PRAM_OUTOFRANGE // Status_OutOfRange = 34, : パラメータが範囲外
#define CR_GENID_ERROR_PRIVILEGED_COMMAND // Status_PrivilegedCommand = 35, : 非特権接続において特権コマンドを発行 -> 本プログラムでは発生するようなコマンドはない(はず)
#define CR_GENID_ERROR_ACL_INVALID // Status_InvalidACL = 45, : ACLに矛盾が起きている -> セットアップ時のみ
#define CR_GENID_ERROR_TRANSACT_NOT_FOUND // Status_TransactionNotFound = 58, : NFastApp_Query or NFastApp_Wait で待つべきトランザクションが無かった -> 今は使っていないので不要と思われる
#define CR_GENID_ERROR_CONNECTION_FAILED // Status_ServerFailed = 61, : HSMと通信するためのサーバで internal software エラーが発生。クライアント側の不正行為が原因
#define CR_GENID_ERROR_FIPS_MODE // Status_StrictFIPS140 = 62, : strict FIPSモードで許可されていない操作を行った -> nShield500では strict FIPSモードが無いはずなので、不要
#define CR_GENID_ERROR_UNKNOWN_CODE // Status_UnknownStatus = 63, : サーバとHSM間のバージョン違いでステータスコードに齟齬が発生 -> たぶん発生しない
#define CR_GENID_ERROR_CHANNEL_TYPE // Status_UnsupportedChannelType = 65, : オープンしようとしたチャンネルのタイプをサポートしてない -> 今はチャンネルを使っていないが、今後使う可能性あり?
#define CR_GENID_ERROR_BIGNUMOP_ARITHMETIC // Status_ArithmeticError = 66, : Bignum操作コマンドで 0 で割るような不正な計算を行おうとした
#define CR_GENID_ERROR_BIGNUMOP_NOUPCALL // Status_NoUpcall = 72, : Bignum操作が必要なコマンドが呼ばれたとき、Bignum操作関数が登録されていなかった -> NFastApp_SetBignumUpcalls() が必要
// netHSM 関連か? : 4
#define CR_GENID_ERROR_SOFTWARE_FAILED // Status_SoftwareFailed = 80, : ホストソフトウェアで起きたエラー -> netHSM関連
#define CR_GENID_ERROR_NO_HOST_MEMORY // Status_NoHostMemory = 81, : ホストメモリを使い果たした -> netHSM関連
#define CR_GENID_ERROR_NO_MODULE_MEMORY // Status_NoModuleMemory = 82, : HSMメモリを使い果たした -> netHSM関連
#define CR_GENID_ERROR_OPERATION_FAILED // Status_OperationFailed = 84, : nCipherサーバで不正な操作が発行された -> netHSM関連
#define CR_GENID_ERROR_NC_ERR // Status_nCErrno = 93, : OSエラー -> netHSMのOSのエラーか
#define CR_GENID_ERROR_NFKM_NO_PERMID // Status_UnknownPermID = 104, : 割り当てられていないPermID -> PermIDとは(NFKMライブラリ)
#define CR_GENID_ERROR_MANY_LINKS // Status_TooManyLinks = 140, : Blobを読み込もうとしたとき、モジュールの許可する以上(5)の多くのエイリアスが存在した(NFKMライブラリ)
#define CR_GENID_ERROR_HSM_BUSY // Status_Busy = 142, : モジュールが処理中である。 -> これは発生しない?(はず)#define CR_GENID_ERROR_STRICT_FIPS // Status_StrictFIPSSecurityLevel = 275, : strict FIPSモードで許可されていない処理を行った
#define CR_GENID_ERROR_CONFLICT_PARAM // Status_ConflictingParameters = 239, : パラメータが衝突している。(データベース?)
#define CR_GENID_ERROR_DATA_MISMATCH // Status_DataMismatch = 240, : データベース?のデータが予期していたデータとマッチしない。
#define CR_GENID_ERROR_KEY_NOACTIVE // Status_NoActiveKey = 242, : 鍵を鍵束からロードしようとしたが、その鍵束は現在ハンドリングされていないものである。
#define CR_GENID_ERROR_NOGROUP_PERM // Status_NoGroupPermission = 244, : エンドポイント?が鍵をフェッチしようとしたが、適切なグループパーミッションが見付からなかった
#define CR_GENID_ERROR_OTHER_TIME_OUTOFRANGE // Status_TimeOutOfRange = 283, : Time が time_tの値の範囲を超えた -> 何の TimeRTCの値か
#define CR_GENID_ERROR_STATUS_MAX // Status__Max = 288 : HSM のエラーコードの最大値
#endif
// 詳細不明だが、響きから起こりうる可能性がありそうなもの
// Status_HostDataInvalid = 70,
// Status_HostDataAccessFailed = 71,
// Status_HostDataAccessDenied = 86,
// Status_InvalidMergedKey = 87,
// Status_AlreadyExists = 88,
// Status_UserCancelled = 131,
// Status_HostUnknownKeyType = 133,
// Status_IncorrectRepositoryName = 134,
// Status_SecurityWorldFeatureDisabled = 143,
// Status_UnknownESN = 213,
#define CR_GENID_ERROR_HSM_BAD_CERTKEYHASH ( 9) // 証明書のハッシュが正しくない
#define CR_GENID_ERROR_HSM_BAD_CERTSIGN ( 10) // 証明書の署名が正しくない
#define CR_GENID_ERROR_HSM_CERTVERIFY_FAILED ( 11) // 署名の検証に失敗した
#define CR_GENID_ERROR_HSM_BAD_TOKEN ( 14) // トークンの値が不正
#define CR_GENID_ERROR_HSM_LOAD_BLOB_FAILED ( 19) // Blob(kmdata)を認識出来ない
#define CR_GENID_ERROR_HSM_BUFFER_FULL ( 20) // 固定長バッファを使い果たした
#define CR_GENID_ERROR_HSM_RESET_NOW ( 21) // コマンド処理中にHSMリセットが発生した
#define CR_GENID_ERROR_HSM_KEY_NOTFOUND ( 28) // HSMキーが見付からない
#define CR_GENID_ERROR_HSM_DECRYPT_FAILED ( 31) // 復号化に失敗した
#define CR_GENID_ERROR_HSM_CONFILICT_KEYHASH ( 37) // 鍵のハッシュとモジュール内のハッシュが一致しない
#define CR_GENID_ERROR_HSM_ENCRYCT_FAILED ( 44) // 暗号化に失敗した
#define CR_GENID_ERROR_HSM_HARD_FAILED ( 55) // HSMハードウェアエラー
#define CR_GENID_ERROR_HSM_SERVER_STOPPED ( 56) // サーバが動作していない
#define CR_GENID_ERROR_HSM_OS_ERROR ( 57) // OSがHSMとプログラム間の通信を遂行できない
#define CR_GENID_ERROR_HSM_CONNECTION_LOST ( 60) // HSMと通信するためのサーバとの接続が切れた。
#define CR_GENID_ERROR_HSM_COMMAND_CANCELLED ( 64) // コマンドの発行がキャンセルされた
#define CR_GENID_ERROR_HSM_STACK_OVERFLOW ( 67) // スタックのエントリ数を超えるPushを行おうとした(BIGNUM操作)
#define CR_GENID_ERROR_HSM_STACK_UNDERFLOW ( 68) // 空のスタックからPopを行おうとした(BIGNUM操作)
#define CR_GENID_ERROR_HSM_RESULT_NEGATIVE ( 69) // 結果に負の値があった(BIGNUM操作)
#define CR_GENID_ERROR_HSM_BIGNUM_NOUPCALL ( 72) // BIGNUM操作関数が登録されていない
#define CR_GENID_ERROR_HSM_TIMEOUT_OPERATION (106) // モジュールに設定されている時間内にコマンドが完了しなかった
#define CR_GENID_ERROR_HSM_UNKNOWN_KEY (130) // 鍵がモジュール内で見付からなかった
#define CR_GENID_ERROR_NFKM_KEY_NOTFOUND (132) // リクエストされた鍵が見付からなかった(NFKMライブラリ)
#define CR_GENID_ERROR_NFKM_NOUSABLE_MODULE (135) // 利用可能なモジュールが存在しない(NFKMライブラリ)
#define CR_GENID_ERROR_NFKM_NOUSABLE_WORLD (137) // 現在のセキュリティワールドが使用不可である(NFKMライブラリ)
#define CR_GENID_ERROR_HSM_NA_USELIMIT (141) // 鍵が適切なUSE LIMITを持っていない
#define CR_GENID_ERROR_HSM_BUSY_NOW (142) // 現在HSMがビジーで要求のコマンドを実行できない
#define CR_GENID_ERROR_NFKM_UNUSABLE_MODULE (144) // モジュールが利用不可である(NFKMライブラリ)
#define CR_GENID_ERROR_HSM_REPLY_MISMATCH (238) // コマンドと応答のタイプが一致しない
#ifdef __cplusplus
extern "C" {

219
cr_hsm_code.c Normal file
View File

@ -0,0 +1,219 @@
/* ====================================================================
* Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#include <time.h>
#include <sys/time.h>
#include <string.h>
#ifdef USE_HSM
#include "cr_hsm_code.h"
// nShield
#include "nfastapp.h"
#include "nfkm.h"
#include "rqcard-applic.h"
#include "rqcard-fips.h"
// nShield optional
#include "simplebignum.h"
#endif // USE_HSM
#ifdef USE_HSM
// TORIAEZU : nFast variables
NFast_AppHandle hsmHandle;
NFastApp_Connection hsmConnection;
NFKM_WorldInfo *hsmWorld = NULL; // allocate
RQCard hsmCard;
RQCard_FIPS hsmFips;
M_KeyID hsmLtid;
// AES
M_KeyID hsmAeskeyid;
const NFKM_KeyIdent hsmAeskeyident = { (char*)"simple", (char*)"aes-test-key" };
NFKM_Key *hsmAeskeyinfo = NULL; // allocate
// RSA Private
M_KeyID hsmRsaPrivkeyid, hsmRsaPubkeyid;
const NFKM_KeyIdent hsmRsakeyident = { (char*)"simple", (char*)"rsa-priv-key-2048" };
NFKM_Key *hsmRsakeyinfo = NULL; // allocate
NFKM_ModuleInfo *hsmModuleinfo = NULL;
M_ByteBlock *hsmBlobptr = NULL;
#endif // USE_HSM
#ifdef USE_HSM
int hsm_generate_random( unsigned char *buf, int bytes )
{
int ret_code;
M_Command cmd;
M_Reply reply;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
cmd.cmd = Cmd_GenerateRandom;
cmd.args.generaterandom.lenbytes = bytes;
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( ret_code != Status_OK )
{
printf( "error(%d) : generate random\n", ret_code );
return ret_code;
}
ret_code = reply.status;
if ( ret_code != Status_OK )
{
printf( "error(%d) : generate random reply\n", ret_code );
return ret_code;
}
// buffer copy
memcpy( buf, reply.reply.generaterandom.data.ptr, bytes );
NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd );
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
return 0;
} // hsm_generate_rand
int hsm_get_rtc( time_t *time )
{
int result;
M_Command cmd;
M_Reply reply;
memset( &cmd, 0, sizeof( cmd ) );
memset( &reply, 0, sizeof( reply ) );
cmd.cmd = Cmd_GetRTC;
cmd.args.getrtc.module = HSM_MODULE_ID;
result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
if ( result != Status_OK )
{
printf( "error(%d) : get rtc(transaction)\n", result );
return result;
}
result = reply.status;
if ( result != Status_OK )
{
printf( "error(%d) : get rtc(reply status)\n", result );
return result;
}
*time = (int)reply.reply.getrtc.time.currenttimelow;
return 0;
} // hsm_get_rtc
#endif // USE_HSM

129
cr_hsm_code.h Normal file
View File

@ -0,0 +1,129 @@
/* ====================================================================
* Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef _CR_GENERATE_ID_HSM_CODE_H_
#define _CR_GENERATE_ID_HSM_CODE_H_
#ifdef __cplusplus
extern "C" {
#endif
// functions
int hsm_generate_random( unsigned char *buf, int bytes );
int hsm_get_rtc( time_t *time );
#ifdef __cplusplus
}
#endif
#endif /* _CR_GENERATE_ID_HSM_CODE_H_ */