diff --git a/cr_deviceCert.c b/cr_deviceCert.c index 8c203f1..1d1804d 100644 --- a/cr_deviceCert.c +++ b/cr_deviceCert.c @@ -160,7 +160,7 @@ static void BN2BinWithPadding( BIGNUM *pBn, u8 *pDst, int dstLen ); // create CTR Device cert -int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *pDevCerSign, u32 *pExpiryDate ) +int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *pDevCertSign, u32 *pExpiryDate ) { int ret_code = 0; CR_DeviceCert deviceCert; @@ -221,12 +221,6 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p #ifdef USE_HSM #else // !USE_HSM -#if 0 - BIGNUM *bn_pubkey = NULL; - u8 ec_pub_key_neg; - u8 ec_pub_key_num_bytes; - u8 ec_pub_key[78]; - // DERフォーマットのECC鍵を読み込み { // bondingOptionによって、鍵を差し替え @@ -249,35 +243,49 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p DEBUG_PRINT_ARRAY( "EC pub.Y:", (const char *)NintendoCTR2->pub_key->Y.d, NintendoCTR2->pub_key->Y.dmax * 4 ); #endif } - - bn_pubkey = BN_new(); - if( bn_pubkey == NULL ) { - ret_code = CR_GENID_ERROR_BN_NEW_1; - goto end; - } - - ret_code = EC_POINT_point2bn( eckey->group, eckey->pub_key, eckey->conv_form , bn_pubkey, NULL); - if ( ret_code == 0 ) { - printf( "error(%d) : EC_POINT_point2bn\n", ret_code ); - goto end; - } - - ec_pub_key_neg = (unsigned char)( (bn_pubkey->neg == 0) ? 0 : 1 ); - ec_pub_key_num_bytes = (unsigned char)(BN_num_bytes(bn_pubkey)); - - BN_bn2bin( bn_pubkey, ec_pub_key ); - - BN_free( bn_pubkey ); - -// ret_code = TestECDSA2( eckey, NID_sect233r1, ec_pub_key_neg, -// ec_pub_key_num_bytes, ec_pub_key ); - if ( ret_code != 0 ) - { - printf( "error(%d) : TestECDSA2\n", ret_code ); - goto end; - } + u8 sha256buf[ SHA256_DIGEST_LENGTH ]; + u8 ecdsasig[ 0x80 ]; + const u8 *pECDSAsig = ecdsasig; + ECDSA_SIG *sig = NULL; + int signLen = 0; + int test_ret = 0; + + // CR_DeviceCertのSHA256計算 + SHA256( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha256buf ); + + // 上位232bit分で署名 + memset( ecdsasig, 0, sizeof(ecdsasig) ); + test_ret = ECDSA_sign( 0, sha256buf, 233/8, ecdsasig, &signLen, NintendoCTR2 ); + if (test_ret == 0) { + ret_code = CR_GENID_ERROR_ECDSA_SIGN; + goto end; + } + DEBUG_PRINT_ARRAY( "ECDSA:", (const char *)ecdsasig, signLen ); + + // 署名ベリファイ + test_ret = ECDSA_verify( 0, sha256buf, 233/8, ecdsasig, signLen, NintendoCTR2 ); + if( test_ret != 1) { + ret_code = CR_GENID_ERROR_ECDSA_VERIFY; + goto end; + } + + // DERデコードして、r と s を eccSignature にセット + sig = d2i_ECDSA_SIG( NULL, &pECDSAsig, signLen ); + if( sig == NULL ) { + // TODO: ret_code = xxx; + ret_code = 255; + goto end; + } +#if 0 + DEBUG_PRINT_ARRAY( "ECDSA.r:", (const char *)sig->r->d, sig->r->dmax * 4); + DEBUG_PRINT_ARRAY( "ECDSA.s:", (const char *)sig->s->d, sig->s->dmax * 4 ); #endif + BN2BinWithPadding( sig->r, &deviceCert.eccSignature[ 0 ], 30 ); + BN2BinWithPadding( sig->s, &deviceCert.eccSignature[ 30 ], 30 ); + memcpy( pDevCertSign, &deviceCert.eccSignature, 60 ); + if( sig ) ECDSA_SIG_free( sig ); + } #endif // USE_HSM #if 0 diff --git a/cr_generate_id_private.h b/cr_generate_id_private.h index 91e2797..56b382a 100644 --- a/cr_generate_id_private.h +++ b/cr_generate_id_private.h @@ -185,7 +185,7 @@ extern int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, extern int GenerateRandom( u8 *pDst, int length ); extern int GenarateECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey ); extern int TestECDSA( EC_KEY *pECkey ); -extern int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *pDevCerSign, u32 *pExpiryDate ); +extern int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *pDevCertSign, u32 *pExpiryDate ); extern int EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption ); extern void DebugPrintArray( char *pStr, const u8 *pData, int length );