diff --git a/cr_deviceCert.c b/cr_deviceCert.c index b15dc05..9fb4d35 100644 --- a/cr_deviceCert.c +++ b/cr_deviceCert.c @@ -121,19 +121,16 @@ #include "cr_hsm_code.h" #else // openssl -#include #include #include +#include #include "cr_NintendoCTR2_priv_dummy_dev.c" #include "cr_NintendoCTR2_priv_dummy_prod.c" #endif // USE_HSM -#include // これにより下はいらない -//#include "ec_lcl.h" // ec_key_st構造体の参照に必要 - #include "cr_generate_id.h" #include "cr_generate_id_private.h" -#include "cr_alloc.h" + #define CR_CERT_EXPIRE_SECS ( 60*60*24*365* 20 ) // デバイス証明書期限 20年 ※うるう年は無視 @@ -160,7 +157,7 @@ static void BN2BinWithPadding( BIGNUM *pBn, u8 *pDst, int dstLen ); // create CTR Device cert int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *pDevCertSign, u32 *pExpiryDate ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; CR_DeviceCert deviceCert; EC_KEY *NintendoCTR2 = NULL; @@ -205,9 +202,12 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p DEBUG_PRINT_ARRAY( "eccPubKey.Y:", (const char *)pECkey->pub_key->Y.d, pECkey->pub_key->Y.dmax * 4 ); #endif - // signature + // eccSignature #ifdef USE_HSM + // TODO: HSM使用時の処理を実装 + + #else // !USE_HSM // DERフォーマットのECC鍵を読み込み { @@ -259,7 +259,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p // DERデコードして、r と s を eccSignature にセット sig = d2i_ECDSA_SIG( NULL, &pECDSAsig, signLen ); if( sig == NULL ) { - // TODO: ret_code = xxx; + // TODO: エラーコードを決める ret_code = 255; goto end; } @@ -272,20 +272,8 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p memcpy( pDevCertSign, &deviceCert.eccSignature, 60 ); if( sig ) ECDSA_SIG_free( sig ); #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE - if ( cr_print_flag ) - { - // 証明書の書き込みテスト - FILE *fp; - char fn[256]; - sprintf( fn, "output/0x%08x.dgst", (unsigned int)deviceId ); - fp = fopen( fn, "wb" ); - fwrite( sha256buf, 233/8, 1, fp ); - fclose( fp ); - sprintf( fn, "output/0x%08x.sgn", (unsigned int)deviceId ); - fp = fopen( fn, "wb" ); - fwrite( ecdsasig, signLen, 1, fp ); - fclose( fp ); - } + DebugFileOutput( deviceId, "dgst", sha256buf, 233/8 ); + DebugFileOutput( deviceId, "sign", ecdsasig, signLen ); #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE } #endif // USE_HSM @@ -315,18 +303,11 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p DEBUG_PRINT_ARRAY( "padding1:", (const char *)deviceCert.padding1, sizeof(deviceCert.padding1) ); #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE - // 証明書の書き込みテスト - FILE *fp; - char fn[256]; - sprintf( fn, "output/0x%08x.crt", (unsigned int)deviceId ); - fp = fopen( fn, "wb" ); - fwrite( &deviceCert, sizeof( CR_DeviceCert ), 1, fp ); - fclose( fp ); + DebugFileOutput( deviceId, "crt", (const u8 *)&deviceCert, sizeof(CR_DeviceCert) ); #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE } end: - // TODO: NintendoCTR2のリソース解放がこれだけでOKか要確認。 if( NintendoCTR2 ) EC_KEY_free( NintendoCTR2 ); return ret_code; diff --git a/cr_enc_id.c b/cr_enc_id.c index 8a3fc51..230894f 100644 --- a/cr_enc_id.c +++ b/cr_enc_id.c @@ -123,7 +123,6 @@ #ifdef USE_HSM #include "cr_hsm_code.h" #else // !USE_HSM -#include #include #include @@ -171,8 +170,10 @@ int EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption ) { int i; - int ret_code = 0; - + int ret_code = CR_GENID_SUCCESS; + + // TODO: {fBOIvVŌ؂ւ悤ɂB + // encrypt ret_code = hsm_aes_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE ); if ( ret_code != CR_GENID_SUCCESS ) @@ -259,8 +260,10 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption ) { int i; - int ret_code = 0; - + int ret_code = CR_GENID_SUCCESS; + + // TODO: {fBOIvVŌ؂ւ悤ɂB + // encrypt ret_code = hsm_rsa_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE ); if ( ret_code != CR_GENID_SUCCESS ) @@ -295,7 +298,7 @@ int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondin int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; int rsa_outlen = 0; RSA *rsa_privkey = NULL; RSA *rsa_pubkey = NULL; diff --git a/cr_generate_id.c b/cr_generate_id.c index 8d6e70a..b8527d3 100644 --- a/cr_generate_id.c +++ b/cr_generate_id.c @@ -123,15 +123,13 @@ // openssl #include #include -#include -#include -#include #include #include "cr_generate_id.h" #include "cr_generate_id_private.h" #include "cr_alloc.h" +// TODO: 仕様FIXする必要あり typedef struct { u32 magic_number; /* 0x00 - 0x03 0x01234567 確定!*/ u32 serial0; /* 0x04 - 0x07 */ @@ -152,9 +150,10 @@ typedef struct { int cr_print_flag = 0; +// generate_id関数のイニシャライズ int cr_generate_id_initialize( void ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; #ifdef USE_HSM ret_code = hsm_initialize(); @@ -164,17 +163,19 @@ int cr_generate_id_initialize( void ) } #endif + // TODO: エラーコードを決める ret_code = 1; return ( ret_code ); } // cr_generate_id_initialize + // generate_id関数のファイナライズ int cr_generate_id_finalize( void ) { - int ok = 0; + int ok = CR_GENID_SUCCESS; - // openssl + // openssl TOOD: ここでファイナライズ不要なら、削除 ERR_remove_state(0); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); @@ -183,7 +184,8 @@ int cr_generate_id_finalize( void ) #ifdef USE_HSM hsm_finalize(); #endif // USE_HSM - + + // TODO: エラーコードを決める ok = 1; return ( ok ); @@ -199,7 +201,7 @@ int cr_generate_id_finalize( void ) int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8 bondingOption ) { int i; - int ret_code; + int ret_code = CR_GENID_SUCCESS; CR_ID_BUFFER *cr_id_buf; EC_KEY *deviceKeyPair = NULL; @@ -213,17 +215,7 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8 goto end; } - ret_code = CR_GENID_ERROR_NON; /* CR_GENID_ERROR_NON = 0 */ - -#if 0 - printf("sizeof(CR_ID_BUFFER) = %d bytes\n",sizeof(CR_ID_BUFFER) ); - printf("offset(factory, CR_ID_BUFFER) = 0x%02x bytes\n", offsetof(CR_ID_BUFFER,factory ) ); - printf("sizeof(CR_ERR_BUFFER) = 0x%02x bytes\n",sizeof(CR_ERR_BUFFER) ); - printf("offset(err_buffer, CR_ERR_BUFFER) = 0x%02x bytes\n", offsetof(CR_ERR_BUFFER,err_buffer ) ); - printf("offset(err_line, CR_ERR_BUFFER) = 0x%02x bytes\n", offsetof(CR_ERR_BUFFER,err_line ) ); -#endif - -// ダイジェストアルゴリズムを追加する +// ダイジェストアルゴリズムを追加する TODO: 最終的にはどちらが正しい? #if 0 OpenSSL_add_all_digests(); #else @@ -248,7 +240,7 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8 memset(id_buf, 0, CR_ID_BUF_SIZE); cr_id_buf = (CR_ID_BUFFER *)id_buf; - cr_id_buf->magic_number = CR_GEN_ID_MAGICCODE; + cr_id_buf->magic_number = CR_GEN_ID_MAGICCODE; // HSM使用/未使用でマジックコードが変わる。 cr_id_buf->version = CR_GEN_ID_VERSION; //-------------------------------------------------------------- @@ -272,6 +264,7 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8 printf("\n"); } #endif /* DEBUG_PRINT */ + //-------------------------------------------------------------- // タイムスタンプセット //-------------------------------------------------------------- @@ -281,8 +274,8 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8 &cr_id_buf->hour, &cr_id_buf->min, &cr_id_buf->sec, - &cr_id_buf->expiryDate ); - if ( ret_code != 0 ) { + &cr_id_buf->expiryDate ); // デバイス証明書期限の元データもついでにセットしておく + if ( ret_code != CR_GENID_SUCCESS ) { goto end; } @@ -333,21 +326,33 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8 SHA256(id_buf, CR_ID_BUF_SIZE - SHA256_DIGEST_LENGTH, cr_id_buf->hash); DEBUG_PRINT_ARRAY( "SHA256 Digest:", (const char *)cr_id_buf->hash, SHA256_DIGEST_LENGTH ); + //-------------------------------------------------------------- + // FuseID RAWデータ完成 + //-------------------------------------------------------------- + DEBUG_PRINT_ARRAY( "RAW eFuseID:", (const char *)id_buf, CR_ID_BUF_SIZE ); +#ifdef DEBUG_EFUSE_ID_OUTPUT_FILE + DebugFileOutput( serial[ 0 ], "raw", id_buf, CR_ID_BUF_SIZE ); +#endif // DEBUG_EFUSE_ID_OUTPUT_FILE + //-------------------------------------------------------------- // FuseIDバッファ全体をAES or RSAで暗号化 //-------------------------------------------------------------- - DEBUG_PRINT_ARRAY( "ORG buf:", (const char *)id_buf, CR_ID_BUF_SIZE ); ret_code = EncryptID( id_buf, id_buf, bondingOption ); if( ret_code != CR_GENID_SUCCESS ) { goto end; } - DEBUG_PRINT_ARRAY( "encrypted:", (const char *)id_buf, CR_ID_BUF_SIZE ); + + DEBUG_PRINT_ARRAY( "ENC eFuseID:", (const char *)id_buf, CR_ID_BUF_SIZE ); +#ifdef DEBUG_EFUSE_ID_OUTPUT_FILE + DebugFileOutput( serial[ 0 ], "enc", id_buf, CR_ID_BUF_SIZE ); +#endif // DEBUG_EFUSE_ID_OUTPUT_FILE //-------------------------------------------------------------- // 終了処理 //-------------------------------------------------------------- end: /* id_buf[]にエラーログを書き込む。 */ + // TODO: 仕様をFIXする必要あり if( ret_code != CR_GENID_SUCCESS ) { ERR_STATE *es = NULL; CR_ERR_BUFFER *cr_err_buf = (CR_ERR_BUFFER *)id_buf; @@ -393,3 +398,18 @@ void DebugPrintArray( char *pStr, const u8 *pData, int length ) } } #endif + +void DebugFileOutput( u32 deviceId, char *pSuffix, const u8 *pSrc, int length ) +{ + if ( cr_print_flag ) + { + // 証明書の書き込みテスト + FILE *fp; + char fn[256]; + sprintf( fn, "output/0x%08x.%s", (unsigned int)deviceId, pSuffix ); + fp = fopen( fn, "wb" ); + fwrite( pSrc, length, 1, fp ); + fclose( fp ); + } +} + diff --git a/cr_generate_id.h b/cr_generate_id.h index eac35e3..d53a93f 100644 --- a/cr_generate_id.h +++ b/cr_generate_id.h @@ -114,7 +114,6 @@ // #define CR_GENID_SUCCESS 0 -#define CR_GENID_ERROR_NON 0 //--------------------------------------------------- // OpenSSL̏ʂɂG[R[h diff --git a/cr_generate_id_private.h b/cr_generate_id_private.h index 4a96a3f..2c64931 100644 --- a/cr_generate_id_private.h +++ b/cr_generate_id_private.h @@ -132,6 +132,7 @@ extern "C" { #define DEBUG_PRINT 1 //#define DEBUG_DEVICE_CERT_OUTPUT_FILE +//#define DEBUG_EFUSE_ID_OUTPUT_FILE #ifdef DEBUG_PRINT #define DEBUG_PRINT_ARRAY DebugPrintArray @@ -189,6 +190,7 @@ extern int TestECDSA( EC_KEY *pECkey ); extern int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *pDevCertSign, u32 *pExpiryDate ); extern int EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption ); extern void DebugPrintArray( char *pStr, const u8 *pData, int length ); +extern void DebugFileOutput( u32 deviceId, char *pSuffix, const u8 *pSrc, int length ); #ifdef __cplusplus } diff --git a/cr_hsm_code.c b/cr_hsm_code.c index eef0580..b26117d 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -140,6 +140,7 @@ M_KeyID hsmLtid; NFKM_ModuleInfo *hsmModuleinfo = NULL; M_ByteBlock *hsmBlobptr = NULL; +// TODO: ŏIɕύX #ifdef ENCRYPT_AES M_KeyID hsmAeskeyid; const NFKM_KeyIdent hsmAeskeyident = { (char*)"simple", (char*)"aes-test-key2" }; @@ -157,7 +158,7 @@ static int hsm_rsa_load_keypair( void ); // init HSM int hsm_initialize( void ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; // init HSM ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL ); @@ -200,6 +201,8 @@ int hsm_initialize( void ) return ret_code; } + // TODO:̕ӂOCSJ[hH͕KvH + // init Card-Loading Lib(RQCard) ret_code = RQCard_init( &hsmCard, hsmHandle, hsmConnection, hsmWorld, NULL ); if ( ret_code != CR_GENID_SUCCESS ) @@ -224,6 +227,7 @@ int hsm_initialize( void ) return ret_code; } + // TODO: J@^i@̗[h悤ɂB #ifdef ENCRYPT_AES ret_code = hsm_aes_load_key(); if ( ret_code != CR_GENID_SUCCESS ) @@ -248,6 +252,7 @@ void hsm_finalize( void ) RQCard_fips_free( &hsmCard, &hsmFips ); RQCard_destroy( &hsmCard ); + // TODO: J@^i@̗悤ɂB #ifdef ENCRYPT_AES NFKM_freekey( hsmHandle, hsmAeskeyinfo, NULL ); #else // !ENCRYPT_AES @@ -327,7 +332,7 @@ int hsm_get_rtc( time_t *time ) int hsm_aes_load_key( void ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; // find key ret_code = NFKM_findkey( hsmHandle, hsmAeskeyident, &hsmAeskeyinfo, NULL ); @@ -394,7 +399,7 @@ int hsm_aes_load_key( void ) int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; M_Command cmd; M_Reply reply; @@ -442,7 +447,7 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; M_Command cmd; M_Reply reply; @@ -493,7 +498,7 @@ int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) int hsm_rsa_load_keypair( void ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; // find key ret_code = NFKM_findkey( hsmHandle, hsmRsakeyident, &hsmRsakeyinfo, NULL ); @@ -663,7 +668,7 @@ int hsm_rsa_load_keypair( void ) int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; M_Command cmd; M_Reply reply; @@ -705,7 +710,7 @@ int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; M_Command cmd; M_Reply reply; diff --git a/cr_hsm_util.c b/cr_hsm_util.c index 717507b..3a3bdc7 100644 --- a/cr_hsm_util.c +++ b/cr_hsm_util.c @@ -124,10 +124,10 @@ #include "cr_generate_id.h" #include "cr_generate_id_private.h" -// タイムスタンプぅ取 +// ^CX^v擾ăZbg int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSec, time_t *pTime) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; struct tm *tm_time; struct timeval tv; @@ -143,7 +143,7 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe tm_time = gmtime( &tv.tv_sec ); *pYear = (u8)tm_time->tm_year; - *pMonth = (u8)tm_time->tm_mon+1; + *pMonth = (u8)tm_time->tm_mon + 1; *pMday = (u8)tm_time->tm_mday; *pHour = (u8)tm_time->tm_hour; *pMin = (u8)tm_time->tm_min; @@ -161,7 +161,7 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe tm2.tm_hour = *pHour; tm2.tm_min = *pMin; tm2.tm_sec = *pSec; - tm2.tm_isdst = 0; // 夏時 + tm2.tm_isdst = 0; // Ďԁ@ł0ijɂB t2 = gmt_mktime( &tm2 ); printf( "time_t = %08x\n", (int)t ); printf( "mktime = %08x\n", (int)t2 ); @@ -171,12 +171,12 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe #ifdef DEBUG_PRINT if( cr_print_flag ) { printf("GMT:%d-%02d-%02d %02d:%02d:%02d\n", - *pYear+1900, /* 年 */ - *pMonth, /* 朁E*/ - *pMday, /* 日 */ - *pHour, /* 晁E*/ - *pMin, /* 刁E*/ - *pSec /* 私E*/ + *pYear+1900, + *pMonth, + *pMday, + *pHour, + *pMin, + *pSec ); } #endif /* DEBUG_PRINT */ @@ -191,9 +191,9 @@ static time_t gmt_mktime( struct tm *tm_time ) char *tz; tz = getenv("TZ"); - setenv("TZ", "", 1); // setenv, unsetenvがcygwinでは使えなぁE + setenv("TZ", "", 1); // setenv, unsetenv cygwinł͌‚Ȃ tzset(); - ret = mktime(tm_time); // mktimeはローカル時間での変換になるぅで、timezoneをケアしなぁEダメ + ret = mktime(tm_time); // mktime ́Alocaltimeł̕ϊɂȂ邽߁AtimezonȅKv if (tz) setenv("TZ", tz, 1); else @@ -204,10 +204,10 @@ static time_t gmt_mktime( struct tm *tm_time ) #endif -// ランダム値の生恅 +// 𐶐ăZbg int GenerateRandom( u8 *pDst, int length ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; #ifdef USE_HSM ret_code = hsm_generate_random( pDst, CR_RANDOM_LENGTH ); diff --git a/cr_keyPair.c b/cr_keyPair.c index ebe99a4..cedb10d 100644 --- a/cr_keyPair.c +++ b/cr_keyPair.c @@ -116,9 +116,11 @@ #include #include #include + #include #include #include + #include "cr_generate_id.h" #include "cr_generate_id_private.h" @@ -129,7 +131,7 @@ static int generate_EC_public_key( EC_KEY *eckey ); // ECCキーペアの生成 int GenarateECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey ) { - int ret_code = 0; + int openssl_result = 0; // 楕円を選択 ( NID_X9_62_prime256v1 -> 32bytesまで、 NID_sect571r1 -> 71bytesまで 署名にデータを含められる ) *ppECkey = EC_KEY_new_by_curve_name( NID_sect233r1 ); @@ -139,15 +141,15 @@ int GenarateECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey ) } // 秘密鍵生成 - ret_code = generate_EC_private_key( *ppECkey, pECPrivkey ); - if( ret_code != 0 ) + openssl_result = generate_EC_private_key( *ppECkey, pECPrivkey ); + if( openssl_result != 0 ) { return CR_GENID_ERROR_EC_GENERATE_PRIVATE_KEY; } // 公開鍵生成 - ret_code = generate_EC_public_key( *ppECkey ); - if ( ret_code == 0 ) + openssl_result = generate_EC_public_key( *ppECkey ); + if ( openssl_result == 0 ) { return CR_GENID_ERROR_EC_GENERATE_PUBLIC_KEY; } @@ -156,19 +158,19 @@ int GenarateECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey ) // (これをセットしないと色々変なフィールドが入ってしまうため) EC_KEY_set_asn1_flag( *ppECkey, 1 ); - return 0; + return CR_GENID_SUCCESS; } // EC秘密鍵を生成 static int generate_EC_private_key( EC_KEY *eckey, u8 *privKey ) { - int ret_code = 0; + int ret_code = CR_GENID_SUCCESS; BIGNUM *bn_privkey = NULL; // 乱数を取得して、秘密鍵にする。 ret_code = GenerateRandom( privKey, EC_PRIVATE_KEY_LENGTH ); - if ( ret_code != 0 ) { + if ( ret_code != CR_GENID_SUCCESS ) { return ret_code; } @@ -196,7 +198,7 @@ static int generate_EC_private_key( EC_KEY *eckey, u8 *privKey ) } // generate_EC_private_key -// EC公開鍵を生成 +// EC公開鍵を生成 ※opensslコードから抜粋し、一部改変 static int generate_EC_public_key( EC_KEY *eckey ) { int ok = 0; @@ -277,29 +279,25 @@ int TestECDSA( EC_KEY *pECkey ) unsigned char ecdsa_test_buf[CR_ECDSA_BUF_SIZE]; unsigned char ecdsasig[CR_ECDSA_SIGN_BUF_SIZE]; unsigned int ecdsasiglen = 0; - int test_ret = 0; - int ret_code = 0; + int openssl_result = 0; int i; - // 署名作成 + // ダミー署名データ作成 for( i = 0 ; i < CR_ECDSA_BUF_SIZE ; i++ ) { ecdsa_test_buf[i] = (u8)(0xff & i ); } memset( ecdsasig, 0, CR_ECDSA_SIGN_BUF_SIZE ); - test_ret = ECDSA_sign( 0, ecdsa_test_buf, CR_ECDSA_BUF_SIZE, ecdsasig, + openssl_result = ECDSA_sign( 0, ecdsa_test_buf, CR_ECDSA_BUF_SIZE, ecdsasig, &ecdsasiglen, pECkey ); - if (test_ret == 0) { - ret_code = CR_GENID_ERROR_ECDSA_SIGN; - goto end; + if (openssl_result == 0) { + return CR_GENID_ERROR_ECDSA_SIGN; } - test_ret = ECDSA_verify( 0, ecdsa_test_buf, CR_ECDSA_BUF_SIZE, ecdsasig, ecdsasiglen, pECkey ); - if( test_ret != 1) { - ret_code = CR_GENID_ERROR_ECDSA_VERIFY; - goto end; + openssl_result = ECDSA_verify( 0, ecdsa_test_buf, CR_ECDSA_BUF_SIZE, ecdsasig, ecdsasiglen, pECkey ); + if( openssl_result != 1) { + return CR_GENID_ERROR_ECDSA_VERIFY; } -end: - return ret_code; + return CR_GENID_SUCCESS; }