メモリ保護関数を共通ヘッダーに統一

重複コードの解消:
- src/se050_scp03.c と src/se050_keystore.c に同じコードが 2 重に定義されていた
- 共通ヘッダー include/se050_mem_protect.h を作成
- 両方のソースファイルから重複コードを削除し、ヘッダーをインクルード

変更内容:
- new: include/se050_mem_protect.h - 共通メモリ保護ユーティリティ
- modified: src/se050_scp03.c - 重複コード削除、ヘッダーインクルード
- modified: src/se050_keystore.c - 重複コード削除、ヘッダーインクルード

メリット:
- コードの重複解消（DRY 原則）
- 保守性向上（1 か所の修正で全適用）
- ヘッダーファイルとして再利用可能

include/se050_mem_protect.h

@@ -0,0 +1,92 @@
+/**
+ * @file se050_mem_protect.h
+ * @brief Memory Protection Utilities
+ * 
+ * Linux-specific memory protection functions to prevent:
+ * - Swapping sensitive data to disk (mlock)
+ * - Core dump leakage (MADV_DONTDUMP)
+ * - Child process leakage after fork() (MADV_WIPEONFORK)
+ * 
+ * License: MIT
+ */
+
+#ifndef SE050_MEM_PROTECT_H
+#define SE050_MEM_PROTECT_H
+
+#include <stddef.h>
+#include "se050_wireguard.h"
+
+#ifdef __linux__
+#include <sys/mman.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#endif
+
+/**
+ * @brief Protect sensitive memory from being swapped or dumped
+ * 
+ * Applies multiple security measures:
+ * - mlock(): Prevent swapping to disk
+ * - MADV_DONTDUMP: Exclude from core dumps
+ * - MADV_WIPEONFORK: Clear in child processes after fork()
+ * 
+ * @param ptr Pointer to memory region to protect
+ * @param size Size of memory region in bytes
+ * @return SE050_OK on success, SE050_ERR_FAIL on failure
+ * 
+ * @note On Linux, mlock may fail due to permissions. If it fails,
+ *       a warning is printed but the function continues (non-fatal).
+ * @note On non-Linux platforms, this function is a no-op.
+ */
+static inline se050_status_t protect_sensitive_memory(void *ptr, size_t size)
+{
+#ifdef __linux__
+    /* 1. Prevent swapping to disk (optional - may fail due to permissions) */
+    if (mlock(ptr, size) != 0) {
+        /* mlock may fail due to ulimit restrictions. Log warning but continue. */
+        fprintf(stderr, "Warning: mlock failed (%s). Memory may be swapped.\n", strerror(errno));
+        /* Continue without mlock - better than failing entirely */
+    }
+    
+    /* 2. Exclude from core dumps */
+    if (madvise(ptr, size, MADV_DONTDUMP) != 0) {
+        perror("madvise MADV_DONTDUMP failed");
+        /* Non-fatal, continue */
+    }
+    
+    /* 3. Clear in child processes after fork() */
+    if (madvise(ptr, size, MADV_WIPEONFORK) != 0) {
+        perror("madvise MADV_WIPEONFORK failed");
+        /* Non-fatal, continue */
+    }
+    
+    return SE050_OK;
+#else
+    /* Non-Linux platforms: no special protection */
+    (void)ptr;
+    (void)size;
+    return SE050_OK;
+#endif
+}
+
+/**
+ * @brief Release memory protection before freeing
+ * 
+ * Must be called before freeing protected memory.
+ * 
+ * @param ptr Pointer to memory region to release
+ * @param size Size of memory region in bytes
+ */
+static inline void release_memory_protection(void *ptr, size_t size)
+{
+#ifdef __linux__
+    /* Must unlock before freeing */
+    munlock(ptr, size);
+#else
+    (void)ptr;
+    (void)size;
+#endif
+}
+
+#endif /* SE050_MEM_PROTECT_H */

src/se050_keystore.c

@@ -18,61 +18,7 @@
 #include <string.h>
 #include <errno.h>
 
-/* Linux memory protection */
+#include "se050_mem_protect.h"
-#ifdef __linux__
-#include <sys/mman.h>
-#endif
-
-/* ============================================================================
- * Memory Protection (Linux-specific)
- * ============================================================================ */
-
-/**
- * @brief Protect sensitive memory from being swapped or dumped
- */
-#ifdef __linux__
-static se050_status_t protect_sensitive_memory(void *ptr, size_t size)
-{
-    /* 1. Prevent swapping to disk (optional - may fail due to permissions) */
-    if (mlock(ptr, size) != 0) {
-        /* mlock may fail due to ulimit restrictions. Log warning but continue. */
-        fprintf(stderr, "Warning: mlock failed (%s). Memory may be swapped.\n", strerror(errno));
-        /* Continue without mlock - better than failing entirely */
-    }
-    
-    /* 2. Exclude from core dumps */
-    if (madvise(ptr, size, MADV_DONTDUMP) != 0) {
-        perror("madvise MADV_DONTDUMP failed");
-        /* Non-fatal, continue */
-    }
-    
-    /* 3. Clear in child processes after fork() */
-    if (madvise(ptr, size, MADV_WIPEONFORK) != 0) {
-        perror("madvise MADV_WIPEONFORK failed");
-        /* Non-fatal, continue */
-    }
-    
-    return SE050_OK;
-}
-
-static void release_memory_protection(void *ptr, size_t size)
-{
-    munlock(ptr, size);
-}
-#else
-static se050_status_t protect_sensitive_memory(void *ptr, size_t size)
-{
-    (void)ptr;
-    (void)size;
-    return SE050_OK;
-}
-
-static void release_memory_protection(void *ptr, size_t size)
-{
-    (void)ptr;
-    (void)size;
-}
-#endif
 
 /* ============================================================================
  * Key Store Management

src/se050_scp03.c

@@ -12,15 +12,10 @@
 
 #include "se050_wireguard.h"
 #include "se050_crypto_utils.h"
+#include "se050_mem_protect.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <errno.h>
-
-/* Linux memory protection */
-#ifdef __linux__
-#include <sys/mman.h>
-#endif
 
 /* SCP03 constants */
 #define SCP03_KEY_SIZE          16
@@ -33,67 +28,6 @@
 #define SCP03_SW_SUCCESS        0x9000
 #define SCP03_SW_FAIL           0x6F00
 
-/* ============================================================================
- * Memory Protection (Linux-specific)
- * ============================================================================ */
-
-/**
- * @brief Protect sensitive memory from being swapped or dumped
- * 
- * Applies multiple security measures:
- * - mlock(): Prevent swapping to disk
- * - MADV_DONTDUMP: Exclude from core dumps
- * - MADV_WIPEONFORK: Clear in child processes after fork()
- */
-#ifdef __linux__
-static se050_status_t protect_sensitive_memory(void *ptr, size_t size)
-{
-    /* 1. Prevent swapping to disk (optional - may fail due to permissions) */
-    if (mlock(ptr, size) != 0) {
-        /* mlock may fail due to ulimit restrictions. Log warning but continue. */
-        fprintf(stderr, "Warning: mlock failed (%s). Memory may be swapped.\n", strerror(errno));
-        /* Continue without mlock - better than failing entirely */
-    }
-    
-    /* 2. Exclude from core dumps */
-    if (madvise(ptr, size, MADV_DONTDUMP) != 0) {
-        perror("madvise MADV_DONTDUMP failed");
-        /* Non-fatal, continue */
-    }
-    
-    /* 3. Clear in child processes after fork() */
-    if (madvise(ptr, size, MADV_WIPEONFORK) != 0) {
-        perror("madvise MADV_WIPEONFORK failed");
-        /* Non-fatal, continue */
-    }
-    
-    return SE050_OK;
-}
-
-/**
- * @brief Release memory protection before freeing
- */
-static void release_memory_protection(void *ptr, size_t size)
-{
-    /* Must unlock before freeing */
-    munlock(ptr, size);
-}
-#else
-/* Non-Linux platforms: no special protection */
-static se050_status_t protect_sensitive_memory(void *ptr, size_t size)
-{
-    (void)ptr;
-    (void)size;
-    return SE050_OK;
-}
-
-static void release_memory_protection(void *ptr, size_t size)
-{
-    (void)ptr;
-    (void)size;
-}
-#endif
-
 /**
  * @brief SCP03 session context structure
  */