/* ==================================================================== * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include #include #include #include #include #include #include #ifdef USE_HSM #include "cr_hsm_code.h" #include "cr_generate_id.h" #include "cr_generate_id_private.h" // nShield #include "nfastapp.h" #include "nfkm.h" #include "rqcard-applic.h" #include "rqcard-fips.h" // nShield optional #include "simplebignum.h" // TORIAEZU : nFast variables NFast_AppHandle hsmHandle; NFastApp_Connection hsmConnection; NFKM_WorldInfo *hsmWorld = NULL; // allocate // TODO: 最終鍵に変更する #ifdef ENCRYPT_AES M_KeyID hsmAesKeyidDev, hsmAesKeyidProd; const NFKM_KeyIdent hsmAesKeyidentDev = { (char*)"simple", (char*)"aes-dummykey-dev" }; const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"aes-dummykey-prod" }; static int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid ); #else // !ENCRYPT_AES M_KeyID hsmRsaPrivkeyidDev, hsmRsaPubkeyidDev, hsmRsaPrivkeyidProd, hsmRsaPubkeyidProd; const NFKM_KeyIdent hsmRsaKeyidentDev = { (char*)"simple", (char*)"rsa-dummykeypair-dev" }; const NFKM_KeyIdent hsmRsaKeyidentProd = { (char*)"simple", (char*)"rsa-dummykeypair-prod" }; static int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *pubKeyid ); #endif // ENCRYPT_AES // init HSM int hsm_initialize( void ) { int ret_code = CR_GENID_SUCCESS; // HSM のリセット処理 #ifdef EXE_AUTH_OK ret_code = hsm_reset_module(); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } #endif // init HSM ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // set BigNum upcalls for HSM ret_code = NFastApp_SetBignumUpcalls( hsmHandle, sbn_bignumreceiveupcall, sbn_bignumsendlenupcall, sbn_bignumsendupcall, sbn_bignumfreeupcall, sbn_bignumformatupcall, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // connect HSM ret_code = NFastApp_Connect( hsmHandle, &hsmConnection, 0 /* flag */, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // get NFKM info ret_code = NFKM_getinfo( hsmHandle, &hsmWorld, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } #ifdef ENCRYPT_AES // load aes dev key ret_code = hsm_aes_load_key( hsmAesKeyidentDev, &hsmAesKeyidDev ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // load aes prod key ret_code = hsm_aes_load_key( hsmAesKeyidentProd, &hsmAesKeyidProd ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } #else // !ENCRYPT_AES // load rsa dev keypair ret_code = hsm_rsa_load_keypair( hsmRsaKeyidentDev, &hsmRsaPrivkeyidDev, &hsmRsaPubkeyidDev ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // load rsa prod keypair ret_code = hsm_rsa_load_keypair( hsmRsaKeyidentProd, &hsmRsaPrivkeyidProd, &hsmRsaPubkeyidProd ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } #endif // ENCRYPT_AES return ret_code; } // hsm_initialize int hsm_finalize( void ) { int ret_code = CR_GENID_SUCCESS; // void NFKM_freeinfo( hsmHandle, &hsmWorld, NULL ); ret_code = NFastApp_Disconnect( hsmConnection, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); } // void NFastApp_Finish( hsmHandle, NULL ); return ret_code; } // hsm_finalize int hsm_reset_module( void ) { int ret_code = CR_GENID_SUCCESS; NFast_AppHandle handle; NFastApp_Connection connection; M_Command cmd; M_Reply reply; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // init HSM ret_code = NFastApp_InitEx( &handle, NULL, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // 特権モードで接続しないと、ClerUnit, RetryFailedModuleコマンドが発行できない ret_code = NFastApp_Connect( handle, &connection, NFastApp_ConnectionFlags_Privileged, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // failed state からの復旧要求 cmd.cmd = Cmd_RetryFailedModule; cmd.args.retryfailedmodule.module = HSM_MODULE_ID; ret_code = NFastApp_Transact( connection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } ret_code = reply.status; if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } NFastApp_Free_Command( handle, NULL, NULL, &cmd ); NFastApp_Free_Reply( handle, NULL, NULL, &reply ); memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // モジュールのリセット cmd.cmd = Cmd_ClearUnit; cmd.args.clearunit.module = HSM_MODULE_ID; ret_code = NFastApp_Transact( connection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } ret_code = reply.status; if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } NFastApp_Free_Command( handle, NULL, NULL, &cmd ); NFastApp_Free_Reply( handle, NULL, NULL, &reply ); // 切断 ret_code = NFastApp_Disconnect( hsmConnection, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // ハンドル破棄 NFastApp_Finish( handle, NULL ); return ret_code; } // hsm_reset_module int hsm_generate_random( unsigned char *buf, int bytes ) { int ret_code = CR_GENID_SUCCESS; M_Command cmd; M_Reply reply; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // コマンドに値をセットする cmd.cmd = Cmd_GenerateRandom; cmd.args.generaterandom.lenbytes = bytes; // 命令発行 ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } ret_code = reply.status; if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // buffer copy memcpy( buf, reply.reply.generaterandom.data.ptr, bytes ); NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); return CR_GENID_SUCCESS; } // hsm_generate_rand int hsm_get_rtc( time_t *time ) { int ret_code = CR_GENID_SUCCESS; M_Command cmd; M_Reply reply; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // コマンドに値をセットする cmd.cmd = Cmd_GetRTC; cmd.args.getrtc.module = HSM_MODULE_ID; // 命令発行 ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } ret_code = reply.status; if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } *time = (int)reply.reply.getrtc.time.currenttimelow; NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); return CR_GENID_SUCCESS; } // hsm_get_rtc #ifdef ENCRYPT_AES int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid ) { int ret_code = CR_GENID_SUCCESS; NFKM_Key *keyinfo = NULL; NFKM_ModuleInfo *moduleinfo = NULL; M_ByteBlock *blobPtr = NULL; // find key ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } // get usable Module moduleinfo = hsmWorld->modules[0]; ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &moduleinfo ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } // load key blob blobPtr = &keyinfo->privblob; ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, moduleinfo->module, blobPtr, 0, keyid, "loading aes key blob", NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } end: if ( keyinfo != NULL ) NFKM_freekey( hsmHandle, keyinfo, NULL ); return ret_code; } // hsm_aes_load_key int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bonding_option ) { int ret_code = CR_GENID_SUCCESS; M_KeyID keyid; M_Command cmd; M_Reply reply; M_IV enc_iv; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // key set keyid = bonding_option ? hsmAesKeyidDev : hsmAesKeyidProd; // iv set enc_iv.mech = Mech_RijndaelmCBCpNONE; memset( enc_iv.iv.generic128.iv.bytes, 0, sizeof( enc_iv.iv.generic128.iv.bytes ) ); // encrypt command set cmd.cmd = Cmd_Encrypt; cmd.args.encrypt.key = keyid; cmd.args.encrypt.mech = Mech_RijndaelmCBCpNONE; cmd.args.encrypt.plain.type = PlainTextType_Bytes; cmd.args.encrypt.plain.data.bytes.data.len = size; cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf; cmd.args.encrypt.flags = Cmd_Encrypt_Args_flags_given_iv_present; cmd.args.encrypt.given_iv = &enc_iv; // encrypt command issue ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } ret_code = reply.status; if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // buffer copy memcpy( dst_buf, reply.reply.encrypt.cipher.data.generic128.cipher.ptr, size ); //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // 何故かアボートする NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); return CR_GENID_SUCCESS; } // hsm_aes_encrypt int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bonding_option ) { int ret_code = CR_GENID_SUCCESS; M_KeyID keyid; M_Command cmd; M_Reply reply; M_IV dec_iv; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // key set keyid = bonding_option ? hsmAesKeyidDev : hsmAesKeyidProd; // iv set dec_iv.mech = Mech_RijndaelmCBCpNONE; memset( dec_iv.iv.generic128.iv.bytes, 0, sizeof( dec_iv.iv.generic128.iv.bytes ) ); // decyrpt cmd.cmd = Cmd_Decrypt; cmd.args.decrypt.flags = 0; cmd.args.decrypt.key = keyid; cmd.args.decrypt.mech = Mech_RijndaelmCBCpNONE; cmd.args.decrypt.cipher.mech = Mech_RijndaelmCBCpNONE; cmd.args.decrypt.cipher.data.generic128.cipher.len = size; cmd.args.decrypt.cipher.data.generic128.cipher.ptr = org_buf; cmd.args.decrypt.cipher.iv = dec_iv.iv; cmd.args.decrypt.reply_type = PlainTextType_Bytes; // decrypt command issue ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } ret_code = reply.status; if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // buffer copy memcpy( dst_buf, reply.reply.decrypt.plain.data.bytes.data.ptr, size ); //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // 何故かアボートする NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); return CR_GENID_SUCCESS; } // hsm_aes_decrypt #else // !ENCRYPT_AES int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *pubKeyid ) { int ret_code = CR_GENID_SUCCESS; NFKM_Key *keyinfo = NULL; NFKM_ModuleInfo *moduleinfo = NULL; M_ByteBlock *blobPtr = NULL; // find key ret_code = NFKM_findkey( hsmHandle, keyident, &keyinfo, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } // get usable Module moduleinfo = hsmWorld->modules[0]; ret_code = NFKM_getusablemodule( hsmWorld, HSM_MODULE_ID, &moduleinfo ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } // load private key blob blobPtr = &keyinfo->privblob; ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, moduleinfo->module, blobPtr, 0, privKeyid, "loading priv key blob", NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } // load public key blob blobPtr = &keyinfo->pubblob; ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection, moduleinfo->module, blobPtr, 0, pubKeyid, "loading pub key blob", NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } end: NFKM_freekey( hsmHandle, keyinfo, NULL ); return ret_code; } // hsm_rsa_load_keypair int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bonding_option ) { int ret_code = CR_GENID_SUCCESS; M_KeyID keyid; M_Command cmd; M_Reply reply; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // key set keyid = bonding_option ? hsmRsaPubkeyidDev : hsmRsaPubkeyidProd; // encrypt command set cmd.cmd = Cmd_Encrypt; cmd.args.encrypt.flags = 0; cmd.args.encrypt.key = keyid; cmd.args.encrypt.mech = Mech_RSApPKCS1; cmd.args.encrypt.plain.type = PlainTextType_Bytes; cmd.args.encrypt.plain.data.bytes.data.len = size; cmd.args.encrypt.plain.data.bytes.data.ptr = org_buf; // encrypt command issue ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } ret_code = reply.status; if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // buffer copy memcpy( dst_buf, reply.reply.decrypt.plain.data.bytes.data.ptr, size ); //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // 何故かアボートする NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); return CR_GENID_SUCCESS; } // hsm_rsa_encrypt int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u8 bonding_option ) { int ret_code = CR_GENID_SUCCESS; M_KeyID keyid; M_Command cmd; M_Reply reply; memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); // key set keyid = bonding_option ? hsmRsaPrivkeyidDev : hsmRsaPrivkeyidProd; // decyrpt command set cmd.cmd = Cmd_Decrypt; cmd.args.decrypt.flags = 0; cmd.args.decrypt.key = keyid; cmd.args.decrypt.mech = Mech_Any; cmd.args.decrypt.cipher.mech = Mech_RSApPKCS1; cmd.args.decrypt.cipher.data.generic128.cipher.len = size; cmd.args.decrypt.cipher.data.generic128.cipher.ptr = org_buf; cmd.args.decrypt.reply_type = PlainTextType_Bytes; // decrypt command issue ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } ret_code = reply.status; if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // buffer copy memcpy( dst_buf, reply.reply.decrypt.plain.data.bytes.data.ptr, size ); //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // 何故かアボートする NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); return CR_GENID_SUCCESS; } // hsm_rsa_decrypt #endif // !ENCRYPT_AES #endif // USE_HSM