From 1685d4ae68306711ab0fc8ca47922bb268527c88 Mon Sep 17 00:00:00 2001
From: "(no author)" <(no author)@ff987cc8-cf2f-4642-8568-d52cce064691>
Date: Tue, 22 Dec 2009 08:35:27 +0000
Subject: [PATCH] =?UTF-8?q?=E3=83=BB=E3=83=93=E3=83=AB=E3=83=89=E3=82=B9?=
 =?UTF-8?q?=E3=82=A4=E3=83=83=E3=83=81=E3=81=AE=E6=95=B4=E7=90=86=E3=80=82?=
 =?UTF-8?q?=20=E3=80=80HSM=E4=BD=BF=E7=94=A8=E6=99=82=E3=81=AF=E3=80=81?=
 =?UTF-8?q?=E3=83=80=E3=83=9F=E3=83=BC=E9=8D=B5=E3=82=92=E3=83=AA=E3=83=B3?=
 =?UTF-8?q?=E3=82=AF=E3=81=97=E3=81=AA=E3=81=84=E3=82=88=E3=81=86=E5=A4=89?=
 =?UTF-8?q?=E6=9B=B4=E3=80=82=20=E3=80=80HSM=E6=9C=AA=E4=BD=BF=E7=94=A8?=
 =?UTF-8?q?=E6=99=82=E3=81=AF=E3=80=81=E3=83=80=E3=83=9F=E3=83=BC=E9=8D=B5?=
 =?UTF-8?q?=E3=82=92=E4=BD=BF=E7=94=A8=E3=81=99=E3=82=8B=E3=82=88=E3=81=86?=
 =?UTF-8?q?=E5=A4=89=E6=9B=B4=E3=80=82=20=E3=80=80ENCRYPT=5FAES=E3=81=AF?=
 =?UTF-8?q?=E3=80=81Makefile=E3=81=A7=E3=81=AF=E3=81=AA=E3=81=8F=E3=80=81?=
 =?UTF-8?q?=E3=83=98=E3=83=83=E3=83=80=E3=81=A7=E5=AE=9A=E7=BE=A9=E3=81=99?=
 =?UTF-8?q?=E3=82=8B=E3=82=88=E3=81=86=E5=A4=89=E6=9B=B4=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

・ダミー鍵処理を整備。
　AES鍵も外部データをリンクするよう変更。
　RSA鍵、AES鍵を共に開発鍵と製品鍵の両方を用意し、ボンディングオプションで切り替えるよう変更。
　ダミー鍵使用時は、gen_id.exeを停止せず、最初に警告メッセージを表示するよう変更。


git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@32 ff987cc8-cf2f-4642-8568-d52cce064691
---
 Makefile                                      |  70 +++++---
 cr_deviceCert.c                               |   2 -
 cr_enc_id.c                                   | 169 +++++++++---------
 cr_generate_id.c                              |   2 +-
 cr_generate_id_private.h                      |   4 +-
 cr_keyPair.c                                  |   1 -
 dummyKey/dev/eFuse_aesKey.bin                 |   1 +
 dummyKey/dev/eFuse_iv.bin                     |   1 +
 .../dev/eFuse_privKey.der                     | Bin
 .../dev/eFuse_pubKey.der                      | Bin
 dummyKey/prod/eFuse_aesKey.bin                |   1 +
 dummyKey/prod/eFuse_iv.bin                    |   1 +
 dummyKey/prod/eFuse_privKey.der               | Bin 0 -> 1192 bytes
 dummyKey/prod/eFuse_pubKey.der                | Bin 0 -> 294 bytes
 main.c                                        |   3 +-
 tools/bin2c.plx                               |  22 +--
 16 files changed, 152 insertions(+), 125 deletions(-)
 create mode 100644 dummyKey/dev/eFuse_aesKey.bin
 create mode 100644 dummyKey/dev/eFuse_iv.bin
 rename rsakey_dummy/gen_id_rsa_key_priv.der => dummyKey/dev/eFuse_privKey.der (100%)
 rename rsakey_dummy/gen_id_rsa_key_pub.der => dummyKey/dev/eFuse_pubKey.der (100%)
 create mode 100644 dummyKey/prod/eFuse_aesKey.bin
 create mode 100644 dummyKey/prod/eFuse_iv.bin
 create mode 100644 dummyKey/prod/eFuse_privKey.der
 create mode 100644 dummyKey/prod/eFuse_pubKey.der

diff --git a/Makefile b/Makefile
index dc5cdb9..de8b99a 100644
--- a/Makefile
+++ b/Makefile
@@ -4,16 +4,21 @@
 # nm generate_id.o | grep " [T|B|D] "
 # nm ../rsa_keysrcgen/rsa1_key.o | grep " [T|B|D] "
 
-# �_�~�[��RSA���y�A���g�p����ꍇ�́AUSE_DUMMY_KEY��TRUE�ɂ��Ă��������B
-# �����ȁ@RSA���y�A���g�p����ꍇ�́AUSE_DUMMY_KEY���R�����g�A�E�g���āADER_KEY_DIR��RSA���y�A���������t�H���_���w�肵�Ă��������B
+#�@�ŏI�I�ȃr���h�X�C�b�`�̐ݒ�́A�ȉ��̒ʂ�B
+#      DEV_CYGWIN    = FALSE
+#      USE_HSM       = TRUE
+#      USE_SFMT      = XX
 
 DEV_CYGWIN = TRUE
-#ENCRYPT_AES = TRUE
-USE_DUMMY_KEY = TRUE
-USE_SFMT = TRUE
 #USE_HSM = TRUE
+USE_SFMT = TRUE
+
 
 ifeq ($(USE_HSM),TRUE)
+
+# HSM�g�p���͋����I��DUMMY_KEY�͖��g�p�ɂ���B
+USE_DUMMY_KEY = FALSE
+
 # nFast Path
 NFAST_PATH = /opt/nfast
 
@@ -52,14 +57,20 @@ NFAST_OBJS_LIST = \
 				$(NFAST_OBJS_PATH)/simplebignum.o \
 				$(NFAST_OBJS_PATH)/nfutil.o \
 
+else # !USE_HSM
+
+# HSM���g�p�ł��Ȃ��ꍇ�́ADUMMY_KEY���g���ăe�X�g����B
+USE_DUMMY_KEY = TRUE
+
 endif # USE_HSM
 
 ifeq ($(USE_DUMMY_KEY),TRUE)
-DER_KEY_DIR = ./rsakey_dummy
-else
-#DER_KEY_DIR = ./rsakey
-DER_KEY_DIR = ./rsakey_dummy
-endif
+DEV_DER_KEY_DIR  = ./dummyKey/dev
+PROD_DER_KEY_DIR = ./dummyKey/prod
+else # !USE_DUMMY_KEY
+DEV_DER_KEY_DIR  = /cygdrive/w/CTR/dev
+PROD_DER_KEY_DIR = /cygdrive/w/CTR/prod
+endif # USE_DUMMY_KEY
 
 PACKAGE_DIR = ./package
 # OPENSSL_DIR = ./openssl-1.0.0-beta2
@@ -69,10 +80,12 @@ SFMT_DIR	= ./SFMT-src-1.3.3
 
 TARGET	    = gen_id
 
-KEYS_C  = cr_gen_id_rsa_key_priv.c cr_gen_id_rsa_key_pub.c
-KEYS_H  = $(KEYS_C:.c=.h)
+KEYS_C  = cr_eFuse_privKey_prod.c cr_eFuse_pubKey_prod.c \
+          cr_eFuse_privKey_dev.c  cr_eFuse_pubKey_dev.c  \
+          cr_eFuse_aesKey_prod.c  cr_eFuse_iv_prod.c     \
+          cr_eFuse_aesKey_dev.c  cr_eFuse_iv_dev.c
 SRCS	= main.c cr_generate_id.c cr_hsm_util.c cr_keyPair.c \
-          cr_deviceCert.c cr_enc_id.c cr_alloc.c cr_hsm_code.c $(KEYS_C)
+          cr_deviceCert.c cr_enc_id.c cr_alloc.c cr_hsm_code.c
 
 ifeq ($(USE_SFMT),TRUE)
 SRCS   += $(SFMT_DIR)/SFMT.c
@@ -97,10 +110,6 @@ LDFLAGS	+= -Wl
 LDLIBS	+= -ldl -lnsl
 endif # DEV_CYGWIN
 
-ifeq ($(ENCRYPT_AES),TRUE)
-CFLAGS += -DENCRYPT_AES
-endif
-
 ifeq ($(USE_DUMMY_KEY),TRUE)
 CFLAGS += -DUSE_DUMMY_KEY
 endif
@@ -146,11 +155,30 @@ $(OBJS): $(HEADS) Makefile
 #%.c:$(DER_KEY_DIR)/%.der
 #	perl tools/bin2c.plx $<
 
-cr_gen_id_rsa_key_priv.c : $(DER_KEY_DIR)/gen_id_rsa_key_priv.der
-	perl tools/bin2c.plx $<
+cr_eFuse_privKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_privKey.der
+	perl tools/bin2c.plx $< prod
 
-cr_gen_id_rsa_key_pub.c : $(DER_KEY_DIR)/gen_id_rsa_key_pub.der
-	perl tools/bin2c.plx $<
+cr_eFuse_pubKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_pubKey.der
+	perl tools/bin2c.plx $< prod
+
+cr_eFuse_privKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_privKey.der
+	perl tools/bin2c.plx $< dev
+
+cr_eFuse_pubKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_pubKey.der
+	perl tools/bin2c.plx $< dev
+
+
+cr_eFuse_aesKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_aesKey.bin
+	perl tools/bin2c.plx $< prod
+
+cr_eFuse_iv_prod.c : $(PROD_DER_KEY_DIR)/eFuse_iv.bin
+	perl tools/bin2c.plx $< prod
+
+cr_eFuse_aesKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_aesKey.bin
+	perl tools/bin2c.plx $< dev
+
+cr_eFuse_iv_dev.c : $(DEV_DER_KEY_DIR)/eFuse_iv.bin
+	perl tools/bin2c.plx $< dev
 
 
 .PHONY: clean clobber
diff --git a/cr_deviceCert.c b/cr_deviceCert.c
index 14ac290..5c53edf 100644
--- a/cr_deviceCert.c
+++ b/cr_deviceCert.c
@@ -129,8 +129,6 @@
 #include <openssl/rsa.h>
 #include <openssl/aes.h>
 
-#include "ec_lcl.h"	// ec_key_st構造体の参照に必要
-
 #include "cr_generate_id.h"
 #include "cr_generate_id_private.h"
 #include "cr_alloc.h"
diff --git a/cr_enc_id.c b/cr_enc_id.c
index 6a3891b..bb59ca8 100644
--- a/cr_enc_id.c
+++ b/cr_enc_id.c
@@ -110,6 +110,7 @@
  */
 
 #include "cr_generate_id.h"
+#include "cr_generate_id_private.h"
 
 #include <assert.h>
 #include <stdio.h>
@@ -125,39 +126,49 @@
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 #include <openssl/aes.h>
-#include "cr_gen_id_rsa_key_priv.h"
-#include "cr_gen_id_rsa_key_pub.h"
+
+#include "cr_eFuse_privKey_dev.c"
+#include "cr_eFuse_pubKey_dev.c"
+#include "cr_eFuse_privKey_prod.c"
+#include "cr_eFuse_pubKey_prod.c"
+
+#include "cr_eFuse_aesKey_dev.c"
+#include "cr_eFuse_iv_dev.c"
+#include "cr_eFuse_aesKey_prod.c"
+#include "cr_eFuse_iv_prod.c"
 
 extern RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
 
 #endif // USE_HSM
 
 #ifdef ENCRYPT_AES
-static int crypto_aes_enc_dec( unsigned char *dst_buf,unsigned char *org_buf );
+static int crypto_aes_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption );
 #else	// !ENCRYPT_AES
-static int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf );
+static int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption );
 #endif	// ENCRYPT_AES
 
 
 static unsigned char local_buf_1[CR_ID_BUF_SIZE];
 static unsigned char local_buf_2[CR_ID_BUF_SIZE];
 
-// ビルドスイチE��に応じて、IDバッファをAES/RSAで暗号�
-int EncryptID( unsigned char *dst_buf, unsigned char *org_buf )
+// �r���h�X�C�b�`�ɏ]����AES or RSA �Ŏw��o�b�t�@���Í���
+int EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption )
 {
 #ifdef ENCRYPT_AES
-	return crypto_aes_enc_dec( dst_buf, org_buf );	// AES
+	if( cr_print_flag ) printf( "[AES]\n");
+	return crypto_aes_enc_dec( dst_buf, org_buf, bondingOption );	// AES
 #else	// !ENCRYPT_AES
-	return crypto_rsa_enc_dec( dst_buf, org_buf );	// RSA pubKey enc
+	if( cr_print_flag ) printf( "[RSA]\n");
+	return crypto_rsa_enc_dec( dst_buf, org_buf, bondingOption );	// RSA pubKey enc
 #endif	// ENCRYPT_AES
 }
 
 #ifdef ENCRYPT_AES
-// AES暗号匁E-> 復号匁E-> ベリファイ
 
+// AES
 #ifdef USE_HSM
 
-int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
+int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption )
 {
 	int i;
 	int ret_code = 0;
@@ -178,69 +189,6 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
 		return ret_code;
 	}
 	
-	// ベリファイ
-	for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ )
-	{
-		if( org_buf[i] != local_buf_2[i] )
-		{
-			printf( "error : aes verify\n" );
-			return 0;	// AESエラーコードを作らなくては・・・
-		}
-	}
-	
-	// バッファコピ�E
-	memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
-	
-	return CR_GENID_SUCCESS;
-}	// hsm_crypto_aes_enc_dec
-
-#else // !USE_HSM
-
-int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
-{
-	int i;
-	
-	AES_KEY	aesEncKey;
-	AES_KEY	aesDecKey;
-	
-	u8 temp_iv[16];
-
-	memset( local_buf_1, 0, CR_ID_BUF_SIZE );
-	memset( local_buf_2, 0, CR_ID_BUF_SIZE );
-	
-	// AES 暗号化用鍵 作�E
-	if ( AES_set_encrypt_key( AES_PASS_PHRASE, 128, &aesEncKey ) != 0 )
-	{
-		printf( "error : AES_set_encrypt_key\n" );
-		return 0;
-	}
-	
-	// AES 復号化用鍵 作�E
-	if ( AES_set_decrypt_key( AES_PASS_PHRASE, 128, &aesDecKey ) != 0 )
-	{
-		printf( "error : AES_set_decrypt_key\n" );
-		return 0;
-	}
-	
-	// iv 初期�
-	for ( i = 0; i < 16; i++ )
-	{
-		temp_iv[i] = i;
-	}
-	
-	// AES 暗号�
-	AES_cbc_encrypt ( org_buf, local_buf_1, CR_ID_BUF_SIZE, &aesEncKey, temp_iv, AES_ENCRYPT );
-	
-	// iv 初期�
-	for ( i = 0; i < 16; i++ )
-	{
-		temp_iv[i] = i;
-	}
-	
-	// AES 復号�
-	AES_cbc_encrypt ( local_buf_1, local_buf_2, CR_ID_BUF_SIZE, &aesDecKey, temp_iv, AES_DECRYPT );
-	
-	// ベリファイ
 	for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ )
 	{
 		if( org_buf[i] != local_buf_2[i] )
@@ -250,7 +198,54 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
 		}
 	}
 	
-	// バッファコピ�E
+	memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
+	
+	return CR_GENID_SUCCESS;
+}	// hsm_crypto_aes_enc_dec
+
+#else // !USE_HSM
+
+int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption )
+{
+	int i;
+	AES_KEY	aesEncKey;
+	AES_KEY	aesDecKey;
+	u8 temp_iv[16];
+	// ���f�[�^���o���B�i�w�b�_����0x10�������B�j
+	char *pAesKey = (char *)( bondingOption ? cr_eFuse_aesKey_dev : cr_eFuse_aesKey_prod ) + 0x10;
+	char *pIV     = (char *)( bondingOption ? cr_eFuse_iv_dev : cr_eFuse_iv_prod ) + 0x10;
+
+	memset( local_buf_1, 0, CR_ID_BUF_SIZE );
+	memset( local_buf_2, 0, CR_ID_BUF_SIZE );
+	
+	if ( AES_set_encrypt_key( pAesKey, 128, &aesEncKey ) != 0 )
+	{
+		printf( "error : AES_set_encrypt_key\n" );
+		return 0;
+	}
+	
+	if ( AES_set_decrypt_key( pAesKey, 128, &aesDecKey ) != 0 )
+	{
+		printf( "error : AES_set_decrypt_key\n" );
+		return 0;
+	}
+	
+	memcpy( temp_iv, pIV, 16 );
+	AES_cbc_encrypt ( org_buf, local_buf_1, CR_ID_BUF_SIZE, &aesEncKey, temp_iv, AES_ENCRYPT );
+	
+	memcpy( temp_iv, pIV, 16 );
+	AES_cbc_encrypt ( local_buf_1, local_buf_2, CR_ID_BUF_SIZE, &aesDecKey, temp_iv, AES_DECRYPT );
+	
+	// �x���t�@�C
+	for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ )
+	{
+		if( org_buf[i] != local_buf_2[i] )
+		{
+			printf( "error : aes verify\n" );
+			return 0;
+		}
+	}
+	
 	memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
 	
 	return CR_GENID_SUCCESS;
@@ -260,10 +255,10 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
 
 #else   // !ENCRYPT_AES
 
-// RSA暗号匁E>復号匁E>ベリファイ
+// RSA
 #ifdef USE_HSM
 
-int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf )
+int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption )
 {
 	int i;
 	int ret_code = 0;
@@ -284,7 +279,7 @@ int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf )
 		return ret_code;
 	}
 	
-	// ベリファイ
+	// �x���t�@�C
 	for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ )
 	{
 		if( org_buf[i] != local_buf_2[i] )
@@ -293,7 +288,6 @@ int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf )
 		}
 	}
 	
-	// バッファコピ�E
 	memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
 	
 	return CR_GENID_SUCCESS;
@@ -301,7 +295,7 @@ int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf )
 
 #else // USE_HSM
 
-int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf)
+int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption )
 {
   int ret_code = 0;
   int rsa_outlen = 0;
@@ -312,19 +306,22 @@ int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf)
   memset(local_buf_2, 0,CR_ID_BUF_SIZE);
 
 
-  // DERフォーマット�ERSA鍵を読み込み
+  // DER�t�H�[�}�b�g��RSA����ǂݍ���
   {
-	const unsigned char *der_priv = cr_gen_id_rsa_key_priv_DER + 0x10; // ヘッダ部刁E��除外してKEY実体を持E�
-	const unsigned char *der_pub  = cr_gen_id_rsa_key_pub_DER  + 0x10; // 同�
-	int priv_len = cr_gen_id_rsa_key_priv_DER[ 8 ] | cr_gen_id_rsa_key_priv_DER[ 9 ] << 8;	// KEY長を取り�E�
-	int pub_len  = cr_gen_id_rsa_key_pub_DER [ 8 ] | cr_gen_id_rsa_key_pub_DER [ 9 ] << 8;   // 同�
-	// コマンドラインのopensslが�E力する秘寁E��は、PKCS#1 RSAPublicKeyフォーマットなので、この関数を使ぁE�
+    // bondingOption�ɂ���āA���������ւ�
+    const unsigned char *der_priv = bondingOption ? cr_eFuse_privKey_dev : cr_eFuse_privKey_prod;
+	const unsigned char *der_pub  = bondingOption ? cr_eFuse_pubKey_dev  : cr_eFuse_pubKey_prod;
+	int priv_len = der_priv[ 8 ] | der_priv[ 9 ] << 8;	// KEY�������o��
+	int pub_len  = der_pub [ 8 ] | der_pub [ 9 ] << 8;  // ����
+	der_priv += 0x10; // �w�b�_���������O����KEY���̂��w��
+	der_pub  += 0x10; // ����
+	// �R�}���h���C����openssl���o�͂���閧���́APKCS#1 RSAPublicKey�t�H�[�}�b�g�Ȃ̂ŁA���̊֐����g���B
 	rsa_privkey = d2i_RSAPrivateKey( NULL, &der_priv, priv_len );
 	if( rsa_privkey == NULL ) {
 		ret_code = CR_GENID_ERROR_RSA_READ_PRIVATE_KEY;
 		goto end;
 	}
-	// コマンドラインのopensslが�E力する�E開鍵は、SubjectPublicKeyInfo形式なので、この関数を使ぁE�
+	// �R�}���h���C����openssl���o�͂�����J���́ASubjectPublicKeyInfo�`���Ȃ̂ŁA���̊֐����g���B
 	rsa_pubkey = d2i_RSA_PUBKEY( NULL, &der_pub, pub_len );
 	if( rsa_pubkey == NULL ) {
 		ret_code = CR_GENID_ERROR_RSA_READ_PUBLIC_KEY;
diff --git a/cr_generate_id.c b/cr_generate_id.c
index fa53b2c..7e59d9f 100644
--- a/cr_generate_id.c
+++ b/cr_generate_id.c
@@ -336,7 +336,7 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
 	// FuseIDバッファ全体をAES or RSAで暗号化
 	//--------------------------------------------------------------
 	DEBUG_PRINT_ARRAY( "ORG buf:", (const char *)id_buf, CR_ID_BUF_SIZE );
-	ret_code = EncryptID( id_buf, id_buf );
+	ret_code = EncryptID( id_buf, id_buf, bondingOption );
 	if( ret_code != CR_GENID_SUCCESS )	{
 		goto end;
 	}
diff --git a/cr_generate_id_private.h b/cr_generate_id_private.h
index 4d556e3..d6c95ff 100644
--- a/cr_generate_id_private.h
+++ b/cr_generate_id_private.h
@@ -128,6 +128,7 @@ extern "C" {
 
 #include <openssl/sha.h>
 #include <openssl/ec.h>
+#include "ec_lcl.h"	// EC_KEY (=ec_key_st) �\���̂̎Q�ƂɕK�v
 
 #define DEBUG_PRINT 1
 
@@ -137,6 +138,7 @@ extern "C" {
 #define DEBUG_PRINT_ARRAY( ... )     ((void)0)
 #endif // DEBUG_PRINT
 
+#define ENCRYPT_AES             1           // ��`��L����FIX.�i���ꂪ����`�̏ꍇ�AID�̈Í�����RSA�ɂȂ�B�j
 
 #define CR_GEN_ID_VERSION		1
 #ifdef USE_HSM
@@ -183,7 +185,7 @@ extern int  GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin,
 extern int  GenerateRandom( u8 *pDst, int length );
 extern int  GenarateECCKeyPair( EC_KEY *pECkey, u8 *pECPrivkey );
 extern int  GenerateCTRDeviceCert( EC_POINT *pubKey, u32 deviceId, u8 bondingOption );
-extern int  EncryptID( unsigned char *dst_buf, unsigned char *org_buf );
+extern int  EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption );
 extern void DebugPrintArray( char *pStr, const u8 *pData, int length );
 
 #ifdef __cplusplus
diff --git a/cr_keyPair.c b/cr_keyPair.c
index aa409e2..281154a 100644
--- a/cr_keyPair.c
+++ b/cr_keyPair.c
@@ -118,7 +118,6 @@
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/ec.h>
-#include "ec_lcl.h"	// ec_key_st構造体の参照に必要
 #include "cr_generate_id.h"
 #include "cr_generate_id_private.h"
 
diff --git a/dummyKey/dev/eFuse_aesKey.bin b/dummyKey/dev/eFuse_aesKey.bin
new file mode 100644
index 0000000..6fec377
--- /dev/null
+++ b/dummyKey/dev/eFuse_aesKey.bin
@@ -0,0 +1 @@
+���p)v$���Fݸ�
\ No newline at end of file
diff --git a/dummyKey/dev/eFuse_iv.bin b/dummyKey/dev/eFuse_iv.bin
new file mode 100644
index 0000000..4428674
--- /dev/null
+++ b/dummyKey/dev/eFuse_iv.bin
@@ -0,0 +1 @@
+eMH�{��܁:���D
\ No newline at end of file
diff --git a/rsakey_dummy/gen_id_rsa_key_priv.der b/dummyKey/dev/eFuse_privKey.der
similarity index 100%
rename from rsakey_dummy/gen_id_rsa_key_priv.der
rename to dummyKey/dev/eFuse_privKey.der
diff --git a/rsakey_dummy/gen_id_rsa_key_pub.der b/dummyKey/dev/eFuse_pubKey.der
similarity index 100%
rename from rsakey_dummy/gen_id_rsa_key_pub.der
rename to dummyKey/dev/eFuse_pubKey.der
diff --git a/dummyKey/prod/eFuse_aesKey.bin b/dummyKey/prod/eFuse_aesKey.bin
new file mode 100644
index 0000000..713649e
--- /dev/null
+++ b/dummyKey/prod/eFuse_aesKey.bin
@@ -0,0 +1 @@
+��}���}Wp~n��<
\ No newline at end of file
diff --git a/dummyKey/prod/eFuse_iv.bin b/dummyKey/prod/eFuse_iv.bin
new file mode 100644
index 0000000..c5a400d
--- /dev/null
+++ b/dummyKey/prod/eFuse_iv.bin
@@ -0,0 +1 @@
+�����L�C�k4m��
\ No newline at end of file
diff --git a/dummyKey/prod/eFuse_privKey.der b/dummyKey/prod/eFuse_privKey.der
new file mode 100644
index 0000000000000000000000000000000000000000..5f978ad6044f5238e730ada88d4de1ad7d93e869
GIT binary patch
literal 1192
zcmV;Z1Xueof&`=j0RRGm0RaHx6O7$+-Q-O0jac4De*$8kGs{c_Z(Axbjk-={Yag8R
zKFrGf3!RL4Ki8B`&HEOb!&9w}U88@<yz!^77tKP+py<(`;^SR}Za+)q)?pHD3Nz%9
zCfW3!d0zP@YOa1XjBeJlI+L#$l_*(Jwi+Xl4$Q$J$bUF^Iii(#>#%#~Xw;gC`^bnj
z&|Scfk;FNOG;KI^A6C?G^ifTP4=@>dv&r|l?uE$^q*bFj!LTTHOL8beV|A6n&`YY<
zY~*wIu3o^tEs4lLscD=04Jhrf=x1r|qO@?sMKv|U9>9X(mUa2PnlWSE{sfT%j=LU{
zglk2w#-^MeQ+$8)_Jmae0|5X50)hbn0Eh1EB&B!nb03X;<&yw)Efk=v(v;N{eeDwJ
zw1a`&D%Wy=rUO+lyC&LD^EcAgym4s!ZmA086<O86)8JNLN!#hSb;W?q8t!Zm_#R$&
zJ<y1Y2ngJH9X7!6S+wP-4`k)6bXmPOD_TqN8;B0O7Y^mkEYM7K+!!2acakfGIfbSE
zkL`$#u^p%dym@oyiZ3WeLj17bIeo;}vxgaHkz|uqsX0Fv8z%B12eAb0{j$2MU9-5b
z>>9sa$~fA9?FDke!Cb}iFb=}fsUrvFKSyNZ`|H7eHo(FkZLAD1a%d{uanJ6`7zA|H
zyQmKiX~-blYW`~dVKbsC_XhlL0Rn-60Qka+)biQ?L{Pof<j77f2cJrXDz<^tSLLW6
zw9GT%xz@uKB*D>!!~ni9`4X<hYPQBE6j*COhw(M?z*b0Xof#>T3HE}3y7HI#m3<c*
zB~Vre6+>RGJKy+YKnnCt^kX9lEyzB!&0Pq#d-`PFB>z<f%io5zV!MJRkJoixrvib2
z0O_xC!=coTD`GL80m*bcm6DDbcgy6xg9&ZmcCoBFcU+2XZx5%5>R9DJ*`x+9p^e|W
z0avIq`iMMkk<wP5cE*9yqg^1h!XTm|55F}JXb7Us^Fxekd`_&Xj(#XCXX%!A;-Q}S
zlYK|hk$)X!l{64R5YX`oGou^i!-bN-qXL0}0MmJYP~A(K2-l-4roQS%xvn2c>Mzk-
zRfY9ZD4|%9(#+C#jS>Ja(>&I52divMgcb3Lxy~66c>)An<Vp3j@G;HzO62#ryfri-
zhlUzBhn6lZLsd+UPIPY4;Y9AgzP#|V0_(E#J&KdJp4t@}4Asle>#LCWZh`%HH9B*f
z4FZ9HQV@zJ2czUWlMP3v>i<RaWcNTEVBa8WZyH7vh{~z)mhTD$QKJof-Qf%_J38#?
zI53p7p!)IN4v*q!l}uDk+Tvz?c1!UNr*$Z=4FB#tBcwpxC?K4eu<TRQHJq3endN+r
zdm*2@^XL#8hF@iPBSU@$5XwbC;|l$#Xf-4+0)c=xr7ng3VtN{PZr1HQ0kdotH}<UJ
z;8=&4ce9cg7e~GH_?0nVFE5jwL*sB}WxIq<hM=1Nm#s5h^~LY>zW=nYstVG0Wc<RX
z#1ApCoZU@y8TsNh&uFi}(ledfHN7jA3g*x!VjTs&1oChQ-tp>aK4i<Tpopj69bf%p
G+OhsPSXe9o

literal 0
HcmV?d00001

diff --git a/dummyKey/prod/eFuse_pubKey.der b/dummyKey/prod/eFuse_pubKey.der
new file mode 100644
index 0000000000000000000000000000000000000000..6d8bc1aa66c9789eb7f8863b5904f592ae298120
GIT binary patch
literal 294
zcmV+>0ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>l;}eYCbKT@j@QqmB
zNPhxipEJu$1aDg^FpauSWosXt^FGYV{R^Fpc|X^bPtE%ln!{7Aj$NaF$h`5Vuoulj
z$)M=bpW@?Pgl<1e<<?;mZ3;8wktW&no_SvRCTgyJG>mT6vO1Hm7?mhlQMMW*kPghj
zA;^C?csZh#c<Zox=4jNKiTlWiHPBtakCDVVh%{|DbRSmKaP(14g%2<pd9%s)x$cF@
z5TsS3I>E3gc1v<7LSuE6!q7{q*KFi-_pV;RzAcH!K&fe)`wb}Vu;^!L?V_}B!$mbU
s!ydqb;g)szy_zv&-u?uU0*<>LlZ0zUug0dF9#edO^!9{R0s{d60qa$aG5`Po

literal 0
HcmV?d00001

diff --git a/main.c b/main.c
index 8f72332..467a035 100644
--- a/main.c
+++ b/main.c
@@ -192,8 +192,7 @@ int main(int ac, char *argv[])
 #endif
 
 #ifdef USE_DUMMY_KEY
-//  fprintf(stderr,"RSA private key is dummy!\n");
-//  return -1; /* error */
+  printf( "[TEST MODE] Use dummy key.\n");
 #endif
 
   time(&tloc);
diff --git a/tools/bin2c.plx b/tools/bin2c.plx
index cde1a5b..3f49af9 100644
--- a/tools/bin2c.plx
+++ b/tools/bin2c.plx
@@ -13,16 +13,16 @@ my $dstfname_h;
 my $arrayname;
 my $size;
 
-if( !$ARGV[0] ) {
+if( !$ARGV[0] || !$ARGV[1] ) {
 	die "parameter error.\n";
 }
 
 $_ = "cr_" . basename($srcfname, "");
-s/(\..*)/\.c/;
+s/(\..*)/_$ARGV[1]\.c/;
 $dstfname_c = $_;
-s/(\..*)/\.h/;
-$dstfname_h = $_;
-s/(\..*)/_DER/;
+#s/(\..*)/\.h/;
+#$dstfname_h = $_;
+s/(\..*)//;
 $arrayname = $_;
 
 $size = -s $srcfname;
@@ -33,18 +33,18 @@ open SRC, "< $srcfname"
 open DST, "> $dstfname_c"
 	or die "Cannot open file temp : $!";
 
-open DST2, "> $dstfname_h"
-	or die "Cannot open file temp : $!";
+#open DST2, "> $dstfname_h"
+#	or die "Cannot open file temp : $!";
 
 binmode( SRC );
 
-# �z��T�C�Y�� + magic_code(8) + keyLen(2) + padding(6) ���A16bytes��ROUNDUP
+# $size��16byte��(AES���łȂ��j�Ȃ�A�z��T�C�Y�� + magic_code(8) + keyLen(2) + padding(6) ���A16bytes��ROUNDUP
 my $array_size = ( $size + 16 + 15) & 0xfffffff0;
 
 # .c �t�@�C���ɕϊ����ďo��
 
 printf DST "#include <stdio.h>\n\n";
-printf DST "\/\/���L�z��́ADER�t�H�[�}�b�g��KEY�f�[�^�̑O�� magic_code[8] + keyLen[2] + keyVer[1] + padding[5] �̃f�[�^���}������Ă��܂��B\n\n";
+printf DST "\/\/���L�z��́AKEY�f�[�^�̑O�� magic_code[8] + keyLen[2] + keyVer[1] + padding[5] �̃f�[�^���}������Ă��܂��B\n\n";
 printf DST "const unsigned char %s[ 0x%x ] = {\n\t", $arrayname, $array_size;
 
 # magic code
@@ -89,6 +89,6 @@ close SRC;
 close DST;
 
 # .h �t�@�C�����o��
-printf DST2 "extern const unsigned char %s[ 0x%x ];\n", $arrayname, $array_size;
-close  DST2;
+#printf DST2 "extern const unsigned char %s[ 0x%x ];\n", $arrayname, $array_size;
+#close  DST2;