レビュー結果のTODOリストを追加。

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@45 ff987cc8-cf2f-4642-8568-d52cce064691
2025-11-02 00:11:04 -04:00 · 2009-12-23 03:11:23 +00:00 · 2009-12-23 03:11:23 +00:00 · 3a8205d8e4
commit 3a8205d8e4
parent d5005c0ba7
8 changed files with 112 additions and 104 deletions
--- a/cr_deviceCert.c
+++ b/cr_deviceCert.c
@ -121,19 +121,16 @@
 #include "cr_hsm_code.h"
 #else
 // openssl
-#include <openssl/err.h>
 #include <openssl/sha.h>
 #include <openssl/ec.h>
+#include <openssl/ecdsa.h>
 #include "cr_NintendoCTR2_priv_dummy_dev.c"
 #include "cr_NintendoCTR2_priv_dummy_prod.c"
 #endif // USE_HSM

-#include <openssl/ecdsa.h>	// これにより下はいらない
-//#include "ec_lcl.h"	// ec_key_st構造体の参照に必要
-
 #include "cr_generate_id.h"
 #include "cr_generate_id_private.h"
-#include "cr_alloc.h"
+

 #define CR_CERT_EXPIRE_SECS	    ( 60*60*24*365* 20 )  // デバイス証明書期限 20年 ※うるう年は無視

@ -160,7 +157,7 @@ static void BN2BinWithPadding( BIGNUM *pBn, u8 *pDst, int dstLen );
 // create CTR Device cert
 int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *pDevCertSign, u32 *pExpiryDate )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	CR_DeviceCert deviceCert;
 	EC_KEY *NintendoCTR2 = NULL;

@ -205,9 +202,12 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p
 	DEBUG_PRINT_ARRAY( "eccPubKey.Y:", (const char *)pECkey->pub_key->Y.d, pECkey->pub_key->Y.dmax * 4 );
 #endif

-	// signature
+	// eccSignature
 #ifdef USE_HSM

+	// TODO: HSM使用時の処理を実装
+
+
 #else	// !USE_HSM
 	// DERフォーマットのECC鍵を読み込み
 	{
@ -259,7 +259,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p
 		// DERデコードして、r と s を eccSignature にセット
 		sig = d2i_ECDSA_SIG( NULL, &pECDSAsig, signLen );
 		if( sig == NULL ) {
-			// TODO: ret_code = xxx;
+			// TODO: エラーコードを決める
 			ret_code = 255;
 			goto end;
 		}
@ -272,20 +272,8 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p
 		memcpy( pDevCertSign, &deviceCert.eccSignature, 60 );
 		if( sig ) ECDSA_SIG_free( sig );
 #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE
-		if ( cr_print_flag )
-		{
-			// 証明書の書き込みテスト
-			FILE	*fp;
-			char	fn[256];
-			sprintf( fn, "output/0x%08x.dgst", (unsigned int)deviceId );
-			fp = fopen( fn, "wb" );
-			fwrite( sha256buf, 233/8, 1, fp );
-			fclose( fp );
-			sprintf( fn, "output/0x%08x.sgn", (unsigned int)deviceId );
-			fp = fopen( fn, "wb" );
-			fwrite( ecdsasig, signLen, 1, fp );
-			fclose( fp );
-		}
+		DebugFileOutput( deviceId, "dgst", sha256buf, 233/8 );
+		DebugFileOutput( deviceId, "sign", ecdsasig,  signLen );
 #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE
 	}
 #endif	// USE_HSM
@ -315,18 +303,11 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p
 		DEBUG_PRINT_ARRAY( "padding1:", (const char *)deviceCert.padding1, sizeof(deviceCert.padding1) );

 #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE
-		// 証明書の書き込みテスト
-		FILE	*fp;
-		char	fn[256];
-		sprintf( fn, "output/0x%08x.crt", (unsigned int)deviceId );
-		fp = fopen( fn, "wb" );
-		fwrite( &deviceCert, sizeof( CR_DeviceCert ), 1, fp );
-		fclose( fp );
+		DebugFileOutput( deviceId, "crt", (const u8 *)&deviceCert, sizeof(CR_DeviceCert) );
 #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE
 	}

 end:
-	// TODO: NintendoCTR2のリソース解放がこれだけでOKか要確認。
 	if( NintendoCTR2 ) EC_KEY_free( NintendoCTR2 );
 	
 	return ret_code;
--- a/cr_enc_id.c
+++ b/cr_enc_id.c
@ -123,7 +123,6 @@
 #ifdef USE_HSM
 #include "cr_hsm_code.h"
 #else	// !USE_HSM
-#include <openssl/err.h>
 #include <openssl/rsa.h>
 #include <openssl/aes.h>

@ -171,8 +170,10 @@ int EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption
 int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption )
 {
 	int i;
-	int ret_code = 0;
-	
+	int ret_code = CR_GENID_SUCCESS;
+
+	// TODO: ボンディングオプションで鍵を切り替えるようにする。
+
 	// encrypt
 	ret_code = hsm_aes_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE );
 	if ( ret_code != CR_GENID_SUCCESS )
@ -259,8 +260,10 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi
 int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption )
 {
 	int i;
-	int ret_code = 0;
-	
+	int ret_code = CR_GENID_SUCCESS;
+
+	// TODO: ボンディングオプションで鍵を切り替えるようにする。
+
 	// encrypt
 	ret_code = hsm_rsa_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE );
 	if ( ret_code != CR_GENID_SUCCESS )
@ -295,7 +298,7 @@ int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondin

 int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption )
 {
-  int ret_code = 0;
+  int ret_code = CR_GENID_SUCCESS;
  int rsa_outlen = 0;
  RSA *rsa_privkey = NULL;
  RSA *rsa_pubkey  = NULL;
--- a/cr_generate_id.c
+++ b/cr_generate_id.c
@ -123,15 +123,13 @@
 // openssl
 #include <openssl/err.h>
 #include <openssl/sha.h>
-#include <openssl/ec.h>
-#include <openssl/rsa.h>
-#include <openssl/aes.h>
 #include <openssl/x509.h>

 #include "cr_generate_id.h"
 #include "cr_generate_id_private.h"
 #include "cr_alloc.h"

+// TODO: 仕様FIXする必要あり
 typedef struct {
    u32 magic_number;       /* 0x00 - 0x03  0x01234567 確定！*/
    u32 serial0;            /* 0x04 - 0x07 */
@ -152,9 +150,10 @@ typedef struct {
 int cr_print_flag = 0;


+// generate_id関数のイニシャライズ
 int cr_generate_id_initialize( void )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;

 #ifdef USE_HSM
 	ret_code = hsm_initialize();
@ -164,17 +163,19 @@ int cr_generate_id_initialize( void )
 	}
 #endif

+	// TODO: エラーコードを決める
 	ret_code = 1;

 	return ( ret_code );
 }	// cr_generate_id_initialize

+
 // generate_id関数のファイナライズ
 int cr_generate_id_finalize( void )
 {
-	int	ok = 0;
+	int	ok = CR_GENID_SUCCESS;
 		
-	// openssl
+	// openssl	TOOD: ここでファイナライズ不要なら、削除
 	ERR_remove_state(0);
 	EVP_cleanup();
 	CRYPTO_cleanup_all_ex_data();
@ -183,7 +184,8 @@ int cr_generate_id_finalize( void )
 #ifdef USE_HSM
 	hsm_finalize();
 #endif // USE_HSM
-	
+
+	// TODO: エラーコードを決める
 	ok = 1;
 	
 	return ( ok );
@ -199,7 +201,7 @@ int cr_generate_id_finalize( void )
 int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8 bondingOption )
 {
    int i;
-    int ret_code;
+    int ret_code = CR_GENID_SUCCESS;
    CR_ID_BUFFER *cr_id_buf;
    EC_KEY *deviceKeyPair = NULL;

@ -213,17 +215,7 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
      goto end;
    }

-    ret_code = CR_GENID_ERROR_NON; /* CR_GENID_ERROR_NON = 0 */
-
-#if 0
-    printf("sizeof(CR_ID_BUFFER) = %d bytes\n",sizeof(CR_ID_BUFFER) );
-    printf("offset(factory, CR_ID_BUFFER) = 0x%02x bytes\n", offsetof(CR_ID_BUFFER,factory ) );
-    printf("sizeof(CR_ERR_BUFFER) = 0x%02x bytes\n",sizeof(CR_ERR_BUFFER) );
-    printf("offset(err_buffer, CR_ERR_BUFFER) = 0x%02x bytes\n", offsetof(CR_ERR_BUFFER,err_buffer ) );
-    printf("offset(err_line, CR_ERR_BUFFER) = 0x%02x bytes\n", offsetof(CR_ERR_BUFFER,err_line ) );
-#endif
-
-// ダイジェストアルゴリズムを追加する
+// ダイジェストアルゴリズムを追加する	TODO: 最終的にはどちらが正しい？
 #if 0
 	OpenSSL_add_all_digests();
 #else
@ -248,7 +240,7 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
    memset(id_buf, 0, CR_ID_BUF_SIZE);

    cr_id_buf = (CR_ID_BUFFER *)id_buf;
-    cr_id_buf->magic_number	= CR_GEN_ID_MAGICCODE;
+    cr_id_buf->magic_number	= CR_GEN_ID_MAGICCODE;	// HSM使用／未使用でマジックコードが変わる。
    cr_id_buf->version		= CR_GEN_ID_VERSION;

 	//--------------------------------------------------------------
@ -272,6 +264,7 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
    printf("\n");
  }
 #endif /* DEBUG_PRINT */
+
    //--------------------------------------------------------------
    // タイムスタンプセット
    //--------------------------------------------------------------
@ -281,8 +274,8 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
 							 &cr_id_buf->hour,
 							 &cr_id_buf->min,
 							 &cr_id_buf->sec,
-							 &cr_id_buf->expiryDate );
-	if ( ret_code != 0 ) {
+							 &cr_id_buf->expiryDate );	// デバイス証明書期限の元データもついでにセットしておく
+	if ( ret_code != CR_GENID_SUCCESS ) {
 		goto end;
 	}

@ -333,21 +326,33 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
 	SHA256(id_buf, CR_ID_BUF_SIZE - SHA256_DIGEST_LENGTH, cr_id_buf->hash);
 	DEBUG_PRINT_ARRAY( "SHA256 Digest:", (const char *)cr_id_buf->hash, SHA256_DIGEST_LENGTH );

+	//--------------------------------------------------------------
+	// FuseID RAWデータ完成
+	//--------------------------------------------------------------
+	DEBUG_PRINT_ARRAY( "RAW eFuseID:", (const char *)id_buf, CR_ID_BUF_SIZE );
+#ifdef DEBUG_EFUSE_ID_OUTPUT_FILE
+	DebugFileOutput( serial[ 0 ], "raw", id_buf, CR_ID_BUF_SIZE );
+#endif // DEBUG_EFUSE_ID_OUTPUT_FILE
+
 	//--------------------------------------------------------------
 	// FuseIDバッファ全体をAES or RSAで暗号化
 	//--------------------------------------------------------------
-	DEBUG_PRINT_ARRAY( "ORG buf:", (const char *)id_buf, CR_ID_BUF_SIZE );
 	ret_code = EncryptID( id_buf, id_buf, bondingOption );
 	if( ret_code != CR_GENID_SUCCESS )	{
 		goto end;
 	}
-	DEBUG_PRINT_ARRAY( "encrypted:", (const char *)id_buf, CR_ID_BUF_SIZE );
+
+	DEBUG_PRINT_ARRAY( "ENC eFuseID:", (const char *)id_buf, CR_ID_BUF_SIZE );
+#ifdef DEBUG_EFUSE_ID_OUTPUT_FILE
+	DebugFileOutput( serial[ 0 ], "enc", id_buf, CR_ID_BUF_SIZE );
+#endif // DEBUG_EFUSE_ID_OUTPUT_FILE

  //--------------------------------------------------------------
  // 終了処理
  //--------------------------------------------------------------
 end:
 	/* id_buf[]にエラーログを書き込む。 */
+	// TODO: 仕様をFIXする必要あり
 	if( ret_code != CR_GENID_SUCCESS ) {
 		ERR_STATE *es = NULL;
 		CR_ERR_BUFFER *cr_err_buf = (CR_ERR_BUFFER *)id_buf;
@ -393,3 +398,18 @@ void DebugPrintArray( char *pStr, const u8 *pData, int length )
 	}
 }
 #endif
+
+void DebugFileOutput( u32 deviceId, char *pSuffix, const u8 *pSrc, int length )
+{
+	if ( cr_print_flag )
+	{
+		// 証明書の書き込みテスト
+		FILE	*fp;
+		char	fn[256];
+		sprintf( fn, "output/0x%08x.%s", (unsigned int)deviceId, pSuffix );
+		fp = fopen( fn, "wb" );
+		fwrite( pSrc, length, 1, fp );
+		fclose( fp );
+	}
+}
+
--- a/cr_generate_id.h
+++ b/cr_generate_id.h
@ -114,7 +114,6 @@

 // 成功
 #define CR_GENID_SUCCESS                          0
-#define CR_GENID_ERROR_NON                        0

 //---------------------------------------------------
 // OpenSSLの処理結果によるエラーコード
--- a/cr_generate_id_private.h
+++ b/cr_generate_id_private.h
@ -132,6 +132,7 @@ extern "C" {

 #define DEBUG_PRINT 1
 //#define DEBUG_DEVICE_CERT_OUTPUT_FILE
+//#define DEBUG_EFUSE_ID_OUTPUT_FILE

 #ifdef DEBUG_PRINT
 #define DEBUG_PRINT_ARRAY            DebugPrintArray
@ -189,6 +190,7 @@ extern int  TestECDSA( EC_KEY *pECkey );
 extern int  GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *pDevCertSign, u32 *pExpiryDate );
 extern int  EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption );
 extern void DebugPrintArray( char *pStr, const u8 *pData, int length );
+extern void DebugFileOutput( u32 deviceId, char *pSuffix, const u8 *pSrc, int length );

 #ifdef __cplusplus
 }
--- a/cr_hsm_code.c
+++ b/cr_hsm_code.c
@ -140,6 +140,7 @@ M_KeyID hsmLtid;
 NFKM_ModuleInfo *hsmModuleinfo = NULL;
 M_ByteBlock *hsmBlobptr = NULL;

+// TODO: 最終鍵に変更する
 #ifdef ENCRYPT_AES
 M_KeyID hsmAeskeyid;
 const NFKM_KeyIdent hsmAeskeyident = { (char*)"simple", (char*)"aes-test-key2" };
@ -157,7 +158,7 @@ static int hsm_rsa_load_keypair( void );
 // init HSM
 int hsm_initialize( void )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	
 	// init HSM
 	ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL );
@ -200,6 +201,8 @@ int hsm_initialize( void )
 		return ret_code;
 	}
 	
+	// TODO:この辺りのOCSカード処理？は必要？
+	
 	// init Card-Loading Lib(RQCard)
 	ret_code = RQCard_init( &hsmCard, hsmHandle, hsmConnection, hsmWorld, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
@ -224,6 +227,7 @@ int hsm_initialize( void )
 		return ret_code;
 	}

+	// TODO: 開発実機鍵／製品実機鍵の両方をロードするようにする。
 #ifdef ENCRYPT_AES
 	ret_code = hsm_aes_load_key();
 	if ( ret_code != CR_GENID_SUCCESS )
@ -248,6 +252,7 @@ void hsm_finalize( void )
 	RQCard_fips_free( &hsmCard, &hsmFips );
 	RQCard_destroy( &hsmCard );
 	
+	// TODO: 開発実機鍵／製品実機鍵の両方を処理するようにする。
 #ifdef ENCRYPT_AES
 	NFKM_freekey( hsmHandle, hsmAeskeyinfo, NULL );
 #else	// !ENCRYPT_AES
@ -327,7 +332,7 @@ int hsm_get_rtc( time_t *time )

 int hsm_aes_load_key( void )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	
 	// find key
 	ret_code = NFKM_findkey( hsmHandle, hsmAeskeyident, &hsmAeskeyinfo, NULL );
@ -394,7 +399,7 @@ int hsm_aes_load_key( void )

 int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	
 	M_Command cmd;
 	M_Reply reply;
@ -442,7 +447,7 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )

 int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	
 	M_Command cmd;
 	M_Reply reply;
@ -493,7 +498,7 @@ int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )

 int hsm_rsa_load_keypair( void )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	
 	// find key
 	ret_code = NFKM_findkey( hsmHandle, hsmRsakeyident, &hsmRsakeyinfo, NULL );
@ -663,7 +668,7 @@ int hsm_rsa_load_keypair( void )

 int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	
 	M_Command cmd;
 	M_Reply reply;
@ -705,7 +710,7 @@ int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )

 int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	
 	M_Command cmd;
 	M_Reply reply;
--- a/cr_hsm_util.c
+++ b/cr_hsm_util.c
@ -124,10 +124,10 @@
 #include "cr_generate_id.h"
 #include "cr_generate_id_private.h"

-// 繧ｿ繧､繝<EFBFBD>繧ｹ繧ｿ繝ｳ繝励≦蜿門ｾ
+// タイムスタンプを取得してセット
 int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSec, time_t *pTime)
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	struct tm *tm_time;
 	struct timeval tv;

@ -143,7 +143,7 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe
 	tm_time = gmtime( &tv.tv_sec );

 	*pYear  = (u8)tm_time->tm_year;
-	*pMonth = (u8)tm_time->tm_mon+1;
+	*pMonth = (u8)tm_time->tm_mon + 1;
 	*pMday  = (u8)tm_time->tm_mday;
 	*pHour  = (u8)tm_time->tm_hour;
 	*pMin   = (u8)tm_time->tm_min;
@ -161,7 +161,7 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe
 		tm2.tm_hour  = *pHour;
 		tm2.tm_min   = *pMin;
 		tm2.tm_sec   = *pSec;
-		tm2.tm_isdst = 0;		// 螟乗凾髢
+		tm2.tm_isdst = 0;		// 夏時間　ここでは0（無効）にする。
 		t2 = gmt_mktime( &tm2 );
 		printf( "time_t = %08x\n", (int)t  );
 		printf( "mktime = %08x\n", (int)t2 );
@ -171,12 +171,12 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe
 #ifdef DEBUG_PRINT
 	if( cr_print_flag ) {
 		printf("GMT:%d-%02d-%02d %02d:%02d:%02d\n",
-				*pYear+1900, /* 蟷ｴ */
-				*pMonth,     /* 譛・*/
-				*pMday,      /* 譌･ */
-				*pHour,      /* 譎・*/
-				*pMin,       /* 蛻・*/
-				*pSec        /* 遘・*/
+				*pYear+1900,
+				*pMonth,
+				*pMday,
+				*pHour,
+				*pMin,
+				*pSec
 				);
 	}
 #endif /* DEBUG_PRINT */
@ -191,9 +191,9 @@ static time_t gmt_mktime( struct tm *tm_time )
    char *tz;

    tz = getenv("TZ");
-    setenv("TZ", "", 1);	// setenv, unsetenv縺慶ygwin縺ｧ縺ｯ菴ｿ縺医↑縺・
+    setenv("TZ", "", 1);	// setenv, unsetenv はcygwinでは見つからない
    tzset();
-    ret = mktime(tm_time);	// mktime縺ｯ繝ｭ繝ｼ繧ｫ繝ｫ譎る俣縺ｧ縺ｮ螟画鋤縺ｫ縺ｪ繧九≦縺ｧ縲》imezone繧偵こ繧｢縺励↑縺・繝繝｡
+    ret = mktime(tm_time);	// mktime は、localtimeでの変換になるため、timezoneの処理が必要
    if (tz)
        setenv("TZ", tz, 1);
    else
@ -204,10 +204,10 @@ static time_t gmt_mktime( struct tm *tm_time )
 #endif


-// 繝ｩ繝ｳ繝繝<EFBFBD>蛟､縺ｮ逕滓≦
+// 乱数を生成してセット
 int GenerateRandom( u8 *pDst, int length )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	
 #ifdef USE_HSM
 	ret_code = hsm_generate_random( pDst, CR_RANDOM_LENGTH );
--- a/cr_keyPair.c
+++ b/cr_keyPair.c
@ -116,9 +116,11 @@
 #include <time.h>
 #include <sys/time.h>
 #include <string.h>
+
 #include <openssl/err.h>
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
+
 #include "cr_generate_id.h"
 #include "cr_generate_id_private.h"

@ -129,7 +131,7 @@ static int generate_EC_public_key( EC_KEY *eckey );
 // ECCキーペアの生成
 int GenarateECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey )
 {
-	int ret_code = 0;
+	int openssl_result = 0;

 	// 楕円を選択   ( NID_X9_62_prime256v1 -> 32bytesまで、 NID_sect571r1 -> 71bytesまで 署名にデータを含められる )
 	*ppECkey = EC_KEY_new_by_curve_name( NID_sect233r1 );
@ -139,15 +141,15 @@ int GenarateECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey )
 	}

 	// 秘密鍵生成
-	ret_code = generate_EC_private_key( *ppECkey, pECPrivkey );
-	if( ret_code != 0 )
+	openssl_result = generate_EC_private_key( *ppECkey, pECPrivkey );
+	if( openssl_result != 0 )
 	{
 		return CR_GENID_ERROR_EC_GENERATE_PRIVATE_KEY;
 	}

 	// 公開鍵生成
-	ret_code = generate_EC_public_key( *ppECkey );
-	if ( ret_code == 0 )
+	openssl_result = generate_EC_public_key( *ppECkey );
+	if ( openssl_result == 0 )
 	{
 		return CR_GENID_ERROR_EC_GENERATE_PUBLIC_KEY;
 	}
@ -156,19 +158,19 @@ int GenarateECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey )
 	// (これをセットしないと色々変なフィールドが入ってしまうため)
 	EC_KEY_set_asn1_flag( *ppECkey, 1 );

-	return 0;
+	return CR_GENID_SUCCESS;
 }


 // EC秘密鍵を生成
 static int generate_EC_private_key( EC_KEY *eckey, u8 *privKey )
 {
-	int ret_code = 0;
+	int ret_code = CR_GENID_SUCCESS;
 	BIGNUM *bn_privkey = NULL;

 	// 乱数を取得して、秘密鍵にする。
 	ret_code = GenerateRandom( privKey, EC_PRIVATE_KEY_LENGTH );
-	if ( ret_code != 0 ) {
+	if ( ret_code != CR_GENID_SUCCESS ) {
 		return ret_code;
 	}

@ -196,7 +198,7 @@ static int generate_EC_private_key( EC_KEY *eckey, u8 *privKey )
 }	// generate_EC_private_key


-// EC公開鍵を生成
+// EC公開鍵を生成	※opensslコードから抜粋し、一部改変
 static int generate_EC_public_key( EC_KEY *eckey )
 {
  int	ok = 0;
@ -277,29 +279,25 @@ int TestECDSA( EC_KEY *pECkey )
 	unsigned char ecdsa_test_buf[CR_ECDSA_BUF_SIZE];
 	unsigned char ecdsasig[CR_ECDSA_SIGN_BUF_SIZE];
 	unsigned int  ecdsasiglen = 0;
-	int test_ret = 0;
-	int ret_code = 0;
+	int openssl_result = 0;
 	int i;
 	
-	// 署名作成
+	// ダミー署名データ作成
 	for( i = 0 ; i < CR_ECDSA_BUF_SIZE ; i++ ) {
 		ecdsa_test_buf[i] = (u8)(0xff & i );
 	}
 	memset( ecdsasig, 0, CR_ECDSA_SIGN_BUF_SIZE );
 	
-	test_ret = ECDSA_sign( 0, ecdsa_test_buf, CR_ECDSA_BUF_SIZE, ecdsasig, 
+	openssl_result = ECDSA_sign( 0, ecdsa_test_buf, CR_ECDSA_BUF_SIZE, ecdsasig, 
                          &ecdsasiglen, pECkey );
-	if (test_ret == 0) {
-		ret_code = CR_GENID_ERROR_ECDSA_SIGN;
-		goto end;
+	if (openssl_result == 0) {
+		return CR_GENID_ERROR_ECDSA_SIGN;
 	}
 	
-	test_ret = ECDSA_verify( 0, ecdsa_test_buf, CR_ECDSA_BUF_SIZE, ecdsasig, ecdsasiglen, pECkey );
-    if( test_ret != 1) {
-		ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
-		goto end;
+	openssl_result = ECDSA_verify( 0, ecdsa_test_buf, CR_ECDSA_BUF_SIZE, ecdsasig, ecdsasiglen, pECkey );
+    if( openssl_result != 1) {
+		return CR_GENID_ERROR_ECDSA_VERIFY;
 	}
 	
-end:
-	return ret_code;
+	return CR_GENID_SUCCESS;
 }