From 86a0d8f40d3230b01ffed71e0483dcd5369d1280 Mon Sep 17 00:00:00 2001 From: kubodera_yuichi Date: Tue, 22 Dec 2009 02:01:20 +0000 Subject: [PATCH] =?UTF-8?q?cr=5Fgenerate=5Fid.c=E3=81=8B=E3=82=89HSM?= =?UTF-8?q?=E9=96=A2=E9=80=A3=E3=82=B3=E3=83=BC=E3=83=89=E3=82=92=E9=99=A4?= =?UTF-8?q?=E5=A4=96=E3=81=99=E3=82=8B(=E4=BB=8A=E3=81=AFcygwin=E3=81=A7?= =?UTF-8?q?=E3=81=AE=E3=81=BF=E3=83=93=E3=83=AB=E3=83=89=E9=80=9A=E3=82=8B?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@11 ff987cc8-cf2f-4642-8568-d52cce064691 --- Makefile | 6 +- cr_generate_id.c | 111 +----------------------- cr_generate_id.h | 124 ++++++++------------------- cr_hsm_code.c | 219 +++++++++++++++++++++++++++++++++++++++++++++++ cr_hsm_code.h | 129 ++++++++++++++++++++++++++++ 5 files changed, 388 insertions(+), 201 deletions(-) create mode 100644 cr_hsm_code.c create mode 100644 cr_hsm_code.h diff --git a/Makefile b/Makefile index 855e6db..0bbfc8f 100644 --- a/Makefile +++ b/Makefile @@ -4,8 +4,8 @@ # nm generate_id.o | grep " [T|B|D] " # nm ../rsa_keysrcgen/rsa1_key.o | grep " [T|B|D] " -# ダミーのRSA鍵ペアを使用する場合は、USE_DUMMY_KEYをTRUEにしてください。 -# 正式な RSA鍵ペアを使用する場合は、USE_DUMMY_KEYをコメントアウトして、DER_KEY_DIRにRSA鍵ペアが入ったフォルダを指定してください。 +# _~[RSAyAgpꍇ́AUSE_DUMMY_KEYTRUEɂĂB +# ȁ@RSAyAgpꍇ́AUSE_DUMMY_KEYRgAEgāADER_KEY_DIRRSAyAtH_w肵ĂB DEV_CYGWIN = TRUE #ENCRYPT_AES = TRUE @@ -71,7 +71,7 @@ TARGET = gen_id KEYS_C = cr_gen_id_rsa_key_priv.c cr_gen_id_rsa_key_pub.c KEYS_H = $(KEYS_C:.c=.h) -SRCS = main.c cr_generate_id.c cr_enc_id.c cr_alloc.c $(KEYS_C) +SRCS = main.c cr_generate_id.c cr_enc_id.c cr_alloc.c cr_hsm_code.c $(KEYS_C) ifeq ($(USE_SFMT),TRUE) SRCS += $(SFMT_DIR)/SFMT.c diff --git a/cr_generate_id.c b/cr_generate_id.c index e9a36d5..0f00955 100644 --- a/cr_generate_id.c +++ b/cr_generate_id.c @@ -118,14 +118,8 @@ #include #ifdef USE_HSM -// nShield -#include "nfastapp.h" -#include "nfkm.h" -#include "rqcard-applic.h" -#include "rqcard-fips.h" -// nShield optional -#include "simplebignum.h" -#endif // USE_HSM +#include "cr_hsm_code.h" +#endif // USE_HSM // openssl #include @@ -671,107 +665,6 @@ static int generate_CTRCustom_cert( CTR_Device_Cert *cert, u32 deviceId, u8 bond return result; } // generate_CTRCustom_cert - -#ifdef USE_HSM - -static int hsm_generate_random( unsigned char *buf, int bytes ) -{ - int ret_code; - M_Command cmd; - M_Reply reply; - - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - cmd.cmd = Cmd_GenerateRandom; - cmd.args.generaterandom.lenbytes = bytes; - ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( ret_code != Status_OK ) - { - printf( "error(%d) : generate random\n", ret_code ); - return ret_code; - } - ret_code = reply.status; - if ( ret_code != Status_OK ) - { - printf( "error(%d) : generate random reply\n", ret_code ); - return ret_code; - } - - // buffer copy - memcpy( buf, reply.reply.generaterandom.data.ptr, bytes ); - - NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); - NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); - - return 0; -} // hsm_generate_rand - -#if 0 -static int hsm_set_rtc( struct timeval time ) -{ - int result; - - M_Command cmd; - M_Reply reply; - - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - cmd.cmd = Cmd_SetRTC; - cmd.args.setrtc.module = HSM_MODULE_ID; - cmd.args.setrtc.time.currenttimelow = time.tv_sec; - - result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : set rtc(transaction)\n", result ); - return result; - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : set rtc(reply status)\n", result ); - return result; - } - - return 0; -} -#endif - -static int hsm_get_rtc( time_t *time ) -{ - int result; - - M_Command cmd; - M_Reply reply; - - memset( &cmd, 0, sizeof( cmd ) ); - memset( &reply, 0, sizeof( reply ) ); - - cmd.cmd = Cmd_GetRTC; - cmd.args.getrtc.module = HSM_MODULE_ID; - - result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); - if ( result != Status_OK ) - { - printf( "error(%d) : get rtc(transaction)\n", result ); - return result; - } - result = reply.status; - if ( result != Status_OK ) - { - printf( "error(%d) : get rtc(reply status)\n", result ); - return result; - } - - *time = (int)reply.reply.getrtc.time.currenttimelow; - - return 0; -} // hsm_get_rtc - -#endif // USE_HSM - int cr_generate_id_initialize( void ) { int ret_code = 0; diff --git a/cr_generate_id.h b/cr_generate_id.h index 574de57..f58a815 100644 --- a/cr_generate_id.h +++ b/cr_generate_id.h @@ -112,9 +112,13 @@ #ifndef _CR_GENERATE_ID_H_ #define _CR_GENERATE_ID_H_ - +// #define CR_GENID_SUCCESS 0 #define CR_GENID_ERROR_NON 0 + +//--------------------------------------------------- +// OpenSSL̏ʂɂG[R[h +//--------------------------------------------------- #define CR_GENID_ERROR_RSA_ENC ( -1) #define CR_GENID_ERROR_RSA_DEC ( -2) #define CR_GENID_ERROR_RSA_VERIFY ( -3) @@ -138,95 +142,37 @@ #define CR_GENID_ERROR_PRIVKEY_SCRAMBLE (-21) //--------------------------------------------------- -// HSMɔljR[h +// HSM̏ʂɂG[R[h //--------------------------------------------------- -// NFastAppCuH : 20 -#define CR_GENID_ERROR_HSM_BAD_CERTKEYHASH // Status_BadCertKeyHash = 9, : ؖ̃nbVȂ -#define CR_GENID_ERROR_HSM_BAD_CERTSIGN // Status_BadCertSignature = 10, : ؖ̏Ȃ -#define CR_GENID_ERROR_HSM_CERTVERIFY_FAILED // Status_VerifyFailed = 11, : ̌؂Ɏsꍇ -> OpenSSLōssvH -#define CR_GENID_ERROR_HSM_LOAD_BLOB_FAILED // Status_BlobTypeUnknown = 19, : kmdataFoȂ -> HDD̕sŔH -#define CR_GENID_ERROR_HSM_BUFFER_FULL // Status_BufferFull = 20, : Œ蒷obt@gʂ -> ̃obt@̘bH -#define CR_GENID_ERROR_HSM_RESET_NOW // Status_UnitReset = 21, : R}hHSMZbg -> ُn - -#define CR_GENID_ERROR_HSM_KEY_NOT_FOUND // Status_UnknownKM = 28, : HSML[tȂ -#define CR_GENID_ERROR_HSM_DECRYPT_FAILED // Status_DecryptFailed = 31, : Ɏs -#define CR_GENID_ERROR_HSM_CONFILICT_KEYHASH // Status_UnknownKeyHash = 37, : ̃nbVƃW[̃nbVvȂ -> or HDD֘Aُ -#define CR_GENID_ERROR_HSM_ENCRYCT_FAILED // Status_EncryptFailed = 44, : ÍɎs - -#define CR_GENID_ERROR_HSM_HARD_FAILED // Status_HardwareFailed = 55, : HSMn[hG[ -#define CR_GENID_ERROR_HSM_SERVER_STOPPED // Status_ServerNotRunning = 56, : T[o삵ĂȂ -#define CR_GENID_ERROR_HSM_OS_ERROR // Status_OSErrorErrno = 57, : OSHSMƃvO̒ʐM𐋍słȂ -#define CR_GENID_ERROR_HSM_CONNECTION_LOST // Status_ServerConnectionLost = 60, : HSMƒʐM邽߂̃T[oƂ̐ڑ؂ꂽBG[ƔƂ̂ -#define CR_GENID_ERROR_HSM_COMMAND_CANCELLED // Status_Cancelled = 64, : HSM̏QEZbgNȂߤR}hsLZꂽ -> HSM̌̏H -#define CR_GENID_ERROR_HSM_BIGNUMOP_STACK_OVERFLOW // Status_OpStackOverflow = 67, : BignumR}hX^bÑGg𒴂PushsƂ -#define CR_GENID_ERROR_HSM_BIGNUMOP_STACK_UNDERFLOW // Status_OpStackUnderflow = 68, : BignumR}hX^bNPopsƂ -#define CR_GENID_ERROR_HSM_BIGNUMOP_NEGATIVE // Status_NegativeResult = 69,: BignumR}ȟʂɕ̒l(AAllowNegtivetOZbgĂȂ) -#define CR_GENID_ERROR_HSM_TIMEOUT_OPERATION // Status_OperationTimeout = 106, : W[ɐݒ肳ĂtimelimitȓɃR}hȂ -> key time limit Ƃ͂܂ʁH -#define CR_GENID_ERROR_HSM_UNKNOWN_KEY // Status_UnknownKey = 130, : W[ŌtȂ - -// NFKMCuH : 6 -#define CR_GENID_ERROR_NFKM_NOTFOUND_KEY // Status_KeyNotLoaded = 132, : NGXgꂽtȂ(NFKMCu) -#define CR_GENID_ERROR_NFKM_NOUSABLE_MODULE // Status_NoUsableModules = 135, : p”\ȃW[݂Ȃ(NFKMCu) -#define CR_GENID_ERROR_NFKM_NOUSABLE_WORLD // Status_WorldUnusable = 137, : ݂̃ZLeB[hgps‚łB(NFKMCu) -#define CR_GENID_ERROR_NFKM_UNAVAILABLE_USELIMIT // Status_UseLimitsUnavailable = 141, : K؂USE LIMITĂȂ -#define CR_GENID_ERROR_NFKM_UNUSABLE_MODULE // Status_ModuleNotUsable = 144, : W[ps‚łB(NFKMCu) - -// ̑H : 1 -#define CR_GENID_ERROR_HSM_REPLY_MISMATCH // Status_CommandReplyMismatch = 238, : reply command ƈvȂB -//--------------------------------------------------- - - -// ݑD]ł邪AIɂ͏oȂ(悤ɂ)Ǝv -#if 0 -#define CR_GENID_ERROR_ACCESS_DENIED // Status_AccessDenied = 5, : ƌACL̕svɔG[ -#define CR_GENID_ERROR_USE_LIMIT // Status_UseLimitExceeded = 7, : ACLɒ߂ꂽgp񐔂𒴂ꍇ -#define CR_GENID_ERROR_TIME_LIMIT // Status_TimeLimitExceeded = 8, : s܂ł̃^C~bg(ACL) -#define CR_GENID_ERROR_BAD_TOKEN // Status_BadTokenData = 14, : J[hANVRAMA܂RTC̒ls -> RTC ͈xlZbgΓdr؂܂ővAȂ͂ -#define CR_GENID_ERROR_NO_MEMORY // Status_NoMemory = 15, : (HSM)gʂH -> SEEg킯ł͂Ȃ̂ŕsv -#define CR_GENID_ERROR_NOT_SUPPORT // Status_UnknownParameter = 17, Status_UnknownFlag = 18, Status_UnknownMechanism = 39, : R}h܂̓tOAJjY(ÍASYȂ)T|[gĂȂAECCnŏoH -#define CR_GENID_ERROR_PARAM_INVALID // Status_InvalidParameter = 24, : p[^ݒ -#define CR_GENID_ERROR_STATUS_INVALID // Status_InvalidState = 25, : W[A邢APĨx(e.g. Fips)NGXgꂽR}hsłԂɂȂ -#define CR_GENID_ERROR_TOKEN_ASSEMBLE // Status_TokenAssemblyFailed = 27, : g[N̍č\zɎs -> ZbgAbv̎̂݁H -#define CR_GENID_ERROR_PRAM_OUTOFRANGE // Status_OutOfRange = 34, : p[^͈͊O -#define CR_GENID_ERROR_PRIVILEGED_COMMAND // Status_PrivilegedCommand = 35, : ڑɂēR}h𔭍s -> {vOł͔悤ȃR}h͂Ȃi͂j -#define CR_GENID_ERROR_ACL_INVALID // Status_InvalidACL = 45, : ACLɖNĂ -> ZbgAbv̂ -#define CR_GENID_ERROR_TRANSACT_NOT_FOUND // Status_TransactionNotFound = 58, : NFastApp_Query or NFastApp_Wait ő҂‚ׂgUNV -> ͎gĂȂ̂ŕsvƎv -#define CR_GENID_ERROR_CONNECTION_FAILED // Status_ServerFailed = 61, : HSMƒʐM邽߂̃T[o internal software G[BNCAg̕ssׂ -#define CR_GENID_ERROR_FIPS_MODE // Status_StrictFIPS140 = 62, : strict FIPS[hŋ‚ĂȂs -> nShield500ł strict FIPS[h͂Ȃ̂ŁAsvH -#define CR_GENID_ERROR_UNKNOWN_CODE // Status_UnknownStatus = 63, : T[oHSMԂ̃o[WႢŃXe[^XR[hꗂ -> Ԃ񔭐Ȃ -#define CR_GENID_ERROR_CHANNEL_TYPE // Status_UnsupportedChannelType = 65, : I[v悤Ƃ`l̃^CvT|[gĂȂ -> ̓`lgĂȂAg”\H -#define CR_GENID_ERROR_BIGNUMOP_ARITHMETIC // Status_ArithmeticError = 66, : BignumR}h 0 Ŋ悤ȕsȌvZsƂ -#define CR_GENID_ERROR_BIGNUMOP_NOUPCALL // Status_NoUpcall = 72, : Bignum삪KvȃR}hĂ΂ꂽƂABignum֐o^ĂȂ -> NFastApp_SetBignumUpcalls() Kv - -// netHSM ֘AH : 4 -#define CR_GENID_ERROR_SOFTWARE_FAILED // Status_SoftwareFailed = 80, : zXg\tgEFAŋNG[ -> netHSM֘AH -#define CR_GENID_ERROR_NO_HOST_MEMORY // Status_NoHostMemory = 81, : zXggʂ -> netHSM֘AH -#define CR_GENID_ERROR_NO_MODULE_MEMORY // Status_NoModuleMemory = 82, : HSMgʂ -> netHSM֘AH -#define CR_GENID_ERROR_OPERATION_FAILED // Status_OperationFailed = 84, : nCipherT[oŕsȑ삪sꂽ -> netHSM֘AH -#define CR_GENID_ERROR_NC_ERR // Status_nCErrno = 93, : OSG[ -> netHSMOS̃G[H - -#define CR_GENID_ERROR_NFKM_NO_PERMID // Status_UnknownPermID = 104, : 蓖ĂĂȂPermID -> PermIDƂ́H(NFKMCuH) -#define CR_GENID_ERROR_MANY_LINKS // Status_TooManyLinks = 140, : BlobǂݍƂƂAW[̋‚ȏ(5)̑̃GCAX݂(NFKMCu) -#define CR_GENID_ERROR_HSM_BUSY // Status_Busy = 142, : W[łB -> ͔ȂHi͂j#define CR_GENID_ERROR_STRICT_FIPS // Status_StrictFIPSSecurityLevel = 275, : strict FIPS[hŋ‚ĂȂs -#define CR_GENID_ERROR_CONFLICT_PARAM // Status_ConflictingParameters = 239, : p[^Փ˂ĂB(f[^x[XH) -#define CR_GENID_ERROR_DATA_MISMATCH // Status_DataMismatch = 240, : f[^x[XH̃f[^\Ăf[^ƃ}b`ȂB -#define CR_GENID_ERROR_KEY_NOACTIVE // Status_NoActiveKey = 242, : 烍[h悤ƂǍ͌݃nhOĂȂ̂łB -#define CR_GENID_ERROR_NOGROUP_PERM // Status_NoGroupPermission = 244, : Gh|CgHtFb`悤ƂAK؂ȃO[vp[~bVtȂ -#define CR_GENID_ERROR_OTHER_TIME_OUTOFRANGE // Status_TimeOutOfRange = 283, : Time time_t̒l͈̔͂𒴂 -> TimeHRTC̒lH -#define CR_GENID_ERROR_STATUS_MAX // Status__Max = 288 : HSM ̃G[R[h̍ől -#endif - -// ڍוsAN肤”\肻Ȃ -// Status_HostDataInvalid = 70, -// Status_HostDataAccessFailed = 71, -// Status_HostDataAccessDenied = 86, -// Status_InvalidMergedKey = 87, -// Status_AlreadyExists = 88, -// Status_UserCancelled = 131, -// Status_HostUnknownKeyType = 133, -// Status_IncorrectRepositoryName = 134, -// Status_SecurityWorldFeatureDisabled = 143, -// Status_UnknownESN = 213, +#define CR_GENID_ERROR_HSM_BAD_CERTKEYHASH ( 9) // ؖ̃nbVȂ +#define CR_GENID_ERROR_HSM_BAD_CERTSIGN ( 10) // ؖ̏Ȃ +#define CR_GENID_ERROR_HSM_CERTVERIFY_FAILED ( 11) // ̌؂Ɏs +#define CR_GENID_ERROR_HSM_BAD_TOKEN ( 14) // g[N̒ls +#define CR_GENID_ERROR_HSM_LOAD_BLOB_FAILED ( 19) // Blob(kmdata)FoȂ +#define CR_GENID_ERROR_HSM_BUFFER_FULL ( 20) // Œ蒷obt@gʂ +#define CR_GENID_ERROR_HSM_RESET_NOW ( 21) // R}hHSMZbg +#define CR_GENID_ERROR_HSM_KEY_NOTFOUND ( 28) // HSML[tȂ +#define CR_GENID_ERROR_HSM_DECRYPT_FAILED ( 31) // Ɏs +#define CR_GENID_ERROR_HSM_CONFILICT_KEYHASH ( 37) // ̃nbVƃW[̃nbVvȂ +#define CR_GENID_ERROR_HSM_ENCRYCT_FAILED ( 44) // ÍɎs +#define CR_GENID_ERROR_HSM_HARD_FAILED ( 55) // HSMn[hEFAG[ +#define CR_GENID_ERROR_HSM_SERVER_STOPPED ( 56) // T[o삵ĂȂ +#define CR_GENID_ERROR_HSM_OS_ERROR ( 57) // OSHSMƃvOԂ̒ʐM𐋍słȂ +#define CR_GENID_ERROR_HSM_CONNECTION_LOST ( 60) // HSMƒʐM邽߂̃T[oƂ̐ڑ؂ꂽB +#define CR_GENID_ERROR_HSM_COMMAND_CANCELLED ( 64) // R}h̔sLZꂽ +#define CR_GENID_ERROR_HSM_STACK_OVERFLOW ( 67) // X^bÑGg𒴂PushsƂ(BIGNUM) +#define CR_GENID_ERROR_HSM_STACK_UNDERFLOW ( 68) // ̃X^bNPopsƂ(BIGNUM) +#define CR_GENID_ERROR_HSM_RESULT_NEGATIVE ( 69) // ʂɕ̒l(BIGNUM) +#define CR_GENID_ERROR_HSM_BIGNUM_NOUPCALL ( 72) // BIGNUM֐o^ĂȂ +#define CR_GENID_ERROR_HSM_TIMEOUT_OPERATION (106) // W[ɐݒ肳Ă鎞ԓɃR}hȂ +#define CR_GENID_ERROR_HSM_UNKNOWN_KEY (130) // W[ŌtȂ +#define CR_GENID_ERROR_NFKM_KEY_NOTFOUND (132) // NGXgꂽtȂ(NFKMCu) +#define CR_GENID_ERROR_NFKM_NOUSABLE_MODULE (135) // p”\ȃW[݂Ȃ(NFKMCu) +#define CR_GENID_ERROR_NFKM_NOUSABLE_WORLD (137) // ݂̃ZLeB[hgps‚ł(NFKMCu) +#define CR_GENID_ERROR_HSM_NA_USELIMIT (141) // K؂USE LIMITĂȂ +#define CR_GENID_ERROR_HSM_BUSY_NOW (142) // HSMrW[ŗṽR}hsłȂ +#define CR_GENID_ERROR_NFKM_UNUSABLE_MODULE (144) // W[ps‚ł(NFKMCu) +#define CR_GENID_ERROR_HSM_REPLY_MISMATCH (238) // R}hƉ̃^CvvȂ #ifdef __cplusplus extern "C" { diff --git a/cr_hsm_code.c b/cr_hsm_code.c new file mode 100644 index 0000000..16cde8a --- /dev/null +++ b/cr_hsm_code.c @@ -0,0 +1,219 @@ +/* ==================================================================== + * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include +#include +#include + +#ifdef USE_HSM +#include "cr_hsm_code.h" + +// nShield +#include "nfastapp.h" +#include "nfkm.h" +#include "rqcard-applic.h" +#include "rqcard-fips.h" +// nShield optional +#include "simplebignum.h" +#endif // USE_HSM + +#ifdef USE_HSM +// TORIAEZU : nFast variables +NFast_AppHandle hsmHandle; +NFastApp_Connection hsmConnection; +NFKM_WorldInfo *hsmWorld = NULL; // allocate +RQCard hsmCard; +RQCard_FIPS hsmFips; +M_KeyID hsmLtid; +// AES +M_KeyID hsmAeskeyid; +const NFKM_KeyIdent hsmAeskeyident = { (char*)"simple", (char*)"aes-test-key" }; +NFKM_Key *hsmAeskeyinfo = NULL; // allocate +// RSA Private +M_KeyID hsmRsaPrivkeyid, hsmRsaPubkeyid; +const NFKM_KeyIdent hsmRsakeyident = { (char*)"simple", (char*)"rsa-priv-key-2048" }; +NFKM_Key *hsmRsakeyinfo = NULL; // allocate +NFKM_ModuleInfo *hsmModuleinfo = NULL; +M_ByteBlock *hsmBlobptr = NULL; + +#endif // USE_HSM + +#ifdef USE_HSM + +int hsm_generate_random( unsigned char *buf, int bytes ) +{ + int ret_code; + M_Command cmd; + M_Reply reply; + + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + cmd.cmd = Cmd_GenerateRandom; + cmd.args.generaterandom.lenbytes = bytes; + ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); + if ( ret_code != Status_OK ) + { + printf( "error(%d) : generate random\n", ret_code ); + return ret_code; + } + ret_code = reply.status; + if ( ret_code != Status_OK ) + { + printf( "error(%d) : generate random reply\n", ret_code ); + return ret_code; + } + + // buffer copy + memcpy( buf, reply.reply.generaterandom.data.ptr, bytes ); + + NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); + NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); + + return 0; +} // hsm_generate_rand + +int hsm_get_rtc( time_t *time ) +{ + int result; + + M_Command cmd; + M_Reply reply; + + memset( &cmd, 0, sizeof( cmd ) ); + memset( &reply, 0, sizeof( reply ) ); + + cmd.cmd = Cmd_GetRTC; + cmd.args.getrtc.module = HSM_MODULE_ID; + + result = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); + if ( result != Status_OK ) + { + printf( "error(%d) : get rtc(transaction)\n", result ); + return result; + } + result = reply.status; + if ( result != Status_OK ) + { + printf( "error(%d) : get rtc(reply status)\n", result ); + return result; + } + + *time = (int)reply.reply.getrtc.time.currenttimelow; + + return 0; +} // hsm_get_rtc + +#endif // USE_HSM diff --git a/cr_hsm_code.h b/cr_hsm_code.h new file mode 100644 index 0000000..106564d --- /dev/null +++ b/cr_hsm_code.h @@ -0,0 +1,129 @@ +/* ==================================================================== + * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef _CR_GENERATE_ID_HSM_CODE_H_ +#define _CR_GENERATE_ID_HSM_CODE_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +// functions +int hsm_generate_random( unsigned char *buf, int bytes ); +int hsm_get_rtc( time_t *time ); + +#ifdef __cplusplus +} +#endif + + +#endif /* _CR_GENERATE_ID_HSM_CODE_H_ */ +