rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

・ECDSA署名検証をOPENSSLで行うために、ECC公開鍵を単独でファイルからリードするよう変更。

Browse Source 
・上記変更に伴い エラーコードCR_GENID_ERROR_ECC_READ_PUBLIC_KEY を復活。

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@132 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
(no author) 2010-01-05 08:55:54 +00:00
parent 43956bef9a
commit 1ea4e7ce6f
3 changed files with 66 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Makefile
View File

@ -80,8 +80,8 @@ KEYS_C = cr_eFuse_privKey_prod.c cr_eFuse_pubKey_prod.c \
cr_eFuse_privKey_dev.c cr_eFuse_pubKey_dev.c \
cr_eFuse_aesKey_prod.c cr_eFuse_iv_prod.c \
cr_eFuse_aesKey_dev.c cr_eFuse_iv_dev.c \
cr_NintendoCTR2_priv_dummy_prod.c \
cr_NintendoCTR2_priv_dummy_dev.c
cr_NintendoCTR2_priv_dummy_prod.c cr_NintendoCTR2_pub_dummy_prod.c \
cr_NintendoCTR2_priv_dummy_dev.c cr_NintendoCTR2_pub_dummy_dev.c
SRCS = main.c cr_generate_id.c cr_id_util.c cr_keyPair.c \
cr_device_cert.c cr_enc_id.c cr_alloc.c \
@ -158,6 +158,9 @@ cr_eFuse_iv_prod.c : $(PROD_DER_KEY_DIR)/eFuse_iv.bin
cr_NintendoCTR2_priv_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der
perl tools/bin2c.plx $< prod
cr_NintendoCTR2_pub_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der
perl tools/bin2c.plx $< prod
cr_eFuse_privKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_privKey.der
perl tools/bin2c.plx $< dev
@ -174,6 +177,9 @@ cr_eFuse_iv_dev.c : $(DEV_DER_KEY_DIR)/eFuse_iv.bin
cr_NintendoCTR2_priv_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der
perl tools/bin2c.plx $< dev
cr_NintendoCTR2_pub_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der
perl tools/bin2c.plx $< dev
.PHONY: clean clobber
clean:

58
cr_device_cert.c
View File

@ -125,8 +125,6 @@
#include <openssl/sha.h>
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include "cr_NintendoCTR2_priv_dummy_dev.c"
#include "cr_NintendoCTR2_priv_dummy_prod.c"
#else
// openssl
#include <openssl/sha.h>
@ -136,6 +134,9 @@
#include "cr_NintendoCTR2_priv_dummy_prod.c"
#endif // USE_HSM
#include "cr_NintendoCTR2_pub_dummy_dev.c"
#include "cr_NintendoCTR2_pub_dummy_prod.c"
#include "cr_generate_id.h"
#include "cr_generate_id_private.h"
@ -214,7 +215,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
#endif
// eccSignature
//#ifdef USE_HSM
#ifdef USE_HSM
// TODO: HSM使用時の処理を実装
@ -239,7 +240,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
return ret_code;
}
//#else // !USE_HSM
#else // !USE_HSM
// DERフォーマットのECC鍵を読み込み
{
// bonding_option によって、鍵を差し替え
@ -302,24 +303,57 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
DEBUG_PRINT_ARRAY( "ECDSA.r:", (const char *)sig->r->d, sig->r->dmax * 4);
DEBUG_PRINT_ARRAY( "ECDSA.s:", (const char *)sig->s->d, sig->s->dmax * 4 );
#endif
BN2BinWithPadding( sig->r, &deviceCert.eccSignature[ 0 ], 30 );
BN2BinWithPadding( sig->s, &deviceCert.eccSignature[ 30 ], 30 );
memcpy( pDevCertSign, &deviceCert.eccSignature, 60 );
if( sig ) ECDSA_SIG_free( sig );
if( NintendoCTR2 ) EC_KEY_free( NintendoCTR2 );
NintendoCTR2 = NULL;
#ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE
DebugFileOutput( device_id, "dgst", sha256buf, 233/8 );
DebugFileOutput( device_id, "sign", ecdsasig, signLen );
#endif // DEBUG_DEVICE_CERT_OUTPUT_FILE
}
//#endif // USE_HSM
// 署名ベリファイ
ret_code = ECDSA_verify( 0, sha1Buf, 20, signBuf, signLen, NintendoCTR2 );
if( ret_code != 1) {
ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
SetErrorInfo( __FUNCTION__, __LINE__ );
goto end;
#endif // USE_HSM
// ECDSA署名検証
{
// bonding_option によって、鍵を差し替え
const unsigned char *der_pub = bonding_option ? cr_NintendoCTR2_pub_dummy_dev : cr_NintendoCTR2_pub_dummy_prod;
int pub_len = der_pub[ 8 ] | der_pub[ 9 ] << 8; // KEY長を取り出し
der_pub += 0x10; // ヘッダ部分を除外してKEY実体を指定
// BIT STRING の実データ部分のみを指定するよう調整
pub_len = der_pub[0x15] - 1;
der_pub += 0x17;
// ECC公開鍵の読み込み
NintendoCTR2 = EC_KEY_new_by_curve_name( NID_sect233r1 );
if( NintendoCTR2 == NULL ) {
SetErrorInfo( __FUNCTION__, __LINE__ );
ret_code = CR_GENID_ERROR_ECC_KEY_NEW;
goto end;
}
if( o2i_ECPublicKey( &NintendoCTR2, &der_pub, pub_len ) == NULL ) {
SetErrorInfo( __FUNCTION__, __LINE__ );
ret_code = CR_GENID_ERROR_ECC_READ_PUBLIC_KEY;
goto end;
}
#if 0
// TODO: ハッシュ処理
// TODO: ECDSA署名DERを再構築
// 署名ベリファイ
ret_code = ECDSA_verify( 0, sha1Buf, 20, signBuf, signLen, NintendoCTR2 );
if( ret_code != 1) {
ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
SetErrorInfo( __FUNCTION__, __LINE__ );
goto end;
}
#endif
}
ret_code = CR_GENID_SUCCESS;
#if 0

23
cr_generate_id_private.h
View File

@ -161,17 +161,18 @@ extern "C" {
#define CR_GENID_ERROR_ECC_GENERATE_PRIVATE_KEY ( -3)
#define CR_GENID_ERROR_ECC_GENERATE_PUBLIC_KEY ( -4)
#define CR_GENID_ERROR_ECC_READ_PRIVATE_KEY ( -5)
#define CR_GENID_ERROR_ECDSA_SIGN ( -6)
#define CR_GENID_ERROR_ECDSA_DEC ( -7)
#define CR_GENID_ERROR_ECDSA_VERIFY ( -8)
#define CR_GENID_ERROR_AES_ENC ( -9)
#define CR_GENID_ERROR_AES_DEC (-10)
#define CR_GENID_ERROR_AES_VERIFY (-11)
#define CR_GENID_ERROR_RSA_READ_PRIVATE_KEY (-12)
#define CR_GENID_ERROR_RSA_READ_PUBLIC_KEY (-13)
#define CR_GENID_ERROR_RSA_ENC (-14)
#define CR_GENID_ERROR_RSA_DEC (-15)
#define CR_GENID_ERROR_RSA_VERIFY (-16)
#define CR_GENID_ERROR_ECC_READ_PUBLIC_KEY ( -6)
#define CR_GENID_ERROR_ECDSA_SIGN ( -7)
#define CR_GENID_ERROR_ECDSA_DEC ( -8)
#define CR_GENID_ERROR_ECDSA_VERIFY ( -9)
#define CR_GENID_ERROR_AES_ENC (-10)
#define CR_GENID_ERROR_AES_DEC (-11)
#define CR_GENID_ERROR_AES_VERIFY (-12)
#define CR_GENID_ERROR_RSA_READ_PRIVATE_KEY (-13)
#define CR_GENID_ERROR_RSA_READ_PUBLIC_KEY (-14)
#define CR_GENID_ERROR_RSA_ENC (-15)
#define CR_GENID_ERROR_RSA_DEC (-16)
#define CR_GENID_ERROR_RSA_VERIFY (-17)
typedef struct {
u32 magic_number; /* 0x00 - 0x03 = 0xdeadb00f Šmè<E28099>I*/