diff --git a/cr_hsm_code.c b/cr_hsm_code.c index 2007c79..40cd995 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -148,11 +148,11 @@ const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"aes-dummykey static int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid ); #else // !ENCRYPT_AES -M_KeyID hsmRsaPrivkeyid, hsmRsaPubkeyid; -const NFKM_KeyIdent hsmRsakeyident = { (char*)"simple", (char*)"rsa-dummy-keypair" }; -NFKM_Key *hsmRsakeyinfo = NULL; // allocate +M_KeyID hsmRsaPrivkeyidDev, hsmRsaPubkeyidDev, hsmRsaPrivkeyidProd, hsmRsaPubkeyidProd; +const NFKM_KeyIdent hsmRsaKeyidentDev = { (char*)"simple", (char*)"rsa-dummykeypair-dev" }; +const NFKM_KeyIdent hsmRsaKeyidentProd = { (char*)"simple", (char*)"rsa-dummykeypair-prod" }; -static int hsm_rsa_load_keypair( void ); +static int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *pubKeyid ); #endif // ENCRYPT_AES // init HSM @@ -260,9 +260,7 @@ void hsm_finalize( void ) RQCard_destroy( &hsmCard ); // TODO: 開発実機鍵/製品実機鍵の両方を処理するようにする。 -#ifdef ENCRYPT_AES - -#else // !ENCRYPT_AES +#ifndef ENCRYPT_AES NFKM_freekey( hsmHandle, hsmRsakeyinfo, NULL ); #endif // ENCRYPT_AES @@ -479,80 +477,49 @@ int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u #else // !ENCRYPT_AES -int hsm_rsa_load_keypair( void ) +int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *pubKeyid ) { int ret_code = CR_GENID_SUCCESS; + NFKM_Key *keyinfo = NULL; // find key - ret_code = NFKM_findkey( hsmHandle, hsmRsakeyident, &hsmRsakeyinfo, NULL ); + ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : NFKM_findkey\n", ret_code ); return ret_code; } - // if Key_flags_ProtectionCardSet is enable, eventloop is an essential. - if ( hsmRsakeyinfo->flags & Key_flags_ProtectionCardSet ) - { - // load specific OCS - ret_code = RQCard_logic_ocs_specific( &hsmCard, &hsmRsakeyinfo->cardset, NULL ); - if ( ret_code != CR_GENID_SUCCESS ) - { - printf( "error(%d) : RQCard_logic_ocs_specific\n", ret_code ); - return ret_code; - } - - // use specific Module - ret_code = RQCard_whichmodule_specific( &hsmCard, HSM_MODULE_ID, &hsmLtid ); - if ( ret_code != CR_GENID_SUCCESS ) - { - printf( "error(%d) : RQCard_whichmodule_specific\n", ret_code ); - return ret_code; - } - - // eventloop - ret_code = hsmCard.uf->eventloop( &hsmCard ); - if ( ret_code != CR_GENID_SUCCESS ) - { - printf( "error(%d) : Card eventloop\n", ret_code ); - return ret_code; - } - } - // get usable Module hsmModuleinfo = hsmWorld->modules[0]; ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &hsmModuleinfo ); if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : NFKM_getusablemodule\n", ret_code ); return ret_code; } - // load key blob - printf( "pubblob.len : %d, privblob.len : %d\n", - (int)hsmRsakeyinfo->pubblob.len, (int)hsmRsakeyinfo->privblob.len ); - hsmBlobptr = &hsmRsakeyinfo->privblob; + // load private key blob + hsmBlobptr = &keyinfo->privblob; ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, hsmModuleinfo->module, hsmBlobptr, - hsmLtid, &hsmRsaPrivkeyid, - "loading priv-key blob", NULL ); + hsmLtid, &privKeyid, + "loading priv key blob", NULL ); if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : NFKM_cmd_loadblob(priv-key)\n", ret_code ); return ret_code; } - printf( "RSA private key object load : ok\n" ); - hsmBlobptr = &hsmRsakeyinfo->pubblob; + + // load public key blob + hsmBlobptr = &keyinfo->privblob; ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, hsmModuleinfo->module, hsmBlobptr, - hsmLtid, &hsmRsaPubkeyid, - "loading pub-key blob", NULL ); - if ( ret_code != Status_OK ) + hsmLtid, &pubKeyid, + "loading pub key blob", NULL ); + if ( ret_code != CR_GENID_SUCCESS ) { - printf( "error(%d) : NFKM_cmd_loadblob(pub-key)\n", ret_code ); + return ret_code; } - printf( "RSA public key object load : ok\n" ); +#if 0 // get key info { M_Command cmd; @@ -570,7 +537,6 @@ int hsm_rsa_load_keypair( void ) } } -#if 0 // get & set key acl { int i, j;