From 43956bef9a2f62f48d8e105400d96cb422857b5e Mon Sep 17 00:00:00 2001 From: kubodera_yuichi Date: Tue, 5 Jan 2010 06:21:48 +0000 Subject: [PATCH] =?UTF-8?q?ID=E7=94=9F=E6=88=90=E3=83=97=E3=83=AD=E3=82=B0?= =?UTF-8?q?=E3=83=A9=E3=83=A0:ECDSA-SHA1=E3=81=AB=E3=81=A6=E7=BD=B2?= =?UTF-8?q?=E5=90=8D=E3=81=A8=E6=A4=9C=E8=A8=BC=E6=88=90=E5=8A=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@131 ff987cc8-cf2f-4642-8568-d52cce064691 --- cr_device_cert.c | 50 ++++++++++++++++++++++++++++-------------- cr_hsm_code.c | 57 +++++++++++++++++++++++++++--------------------- cr_hsm_code.h | 5 +++-- 3 files changed, 69 insertions(+), 43 deletions(-) diff --git a/cr_device_cert.c b/cr_device_cert.c index f9f3756..f1d7839 100644 --- a/cr_device_cert.c +++ b/cr_device_cert.c @@ -142,6 +142,8 @@ #define CR_CERT_EXPIRE_SECS ( 60*60*24*365* 20 ) // デバイス証明書期限 20年 ※うるう年は無視 +u8 tempSign[ 70 ]; + // TWL device cert base typedef struct CR_DeviceCert { @@ -217,20 +219,25 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 // TODO: HSM使用時の処理を実装 // ECDSA署名付加 - { - u8 sha256buf[ SHA256_DIGEST_LENGTH ]; + u8 sha256buf[ SHA256_DIGEST_LENGTH ]; - // CR_DeviceCertのSHA256計算 - SHA256( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha256buf ); - - ret_code = hsm_ecdsa_sign( sha256buf, 233/8, bonding_option ); - if ( ret_code != CR_GENID_SUCCESS ) - { - SetErrorInfo( __FUNCTION__, __LINE__ ); - return ret_code; - } - } + // CR_DeviceCertのSHA256計算 + SHA256( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha256buf ); + u8 signBuf[ 70 ]; + int signLen = 0; + u8 sha1Buf[ 20 ]; + memset( signBuf, 0, sizeof( signBuf ) ); + + SHA1( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha1Buf ); + //DEBUG_PRINT_ARRAY( "sha1(HSM)", (const char *)sha1buf, 20 ); + + ret_code = hsm_ecdsa_sign( signBuf, &signLen, sha1Buf, 20, bonding_option ); + if ( ret_code != CR_GENID_SUCCESS ) + { + SetErrorInfo( __FUNCTION__, __LINE__ ); + return ret_code; + } //#else // !USE_HSM // DERフォーマットのECC鍵を読み込み @@ -272,15 +279,17 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } - //DEBUG_PRINT_ARRAY( "ECDSA:", (const char *)ecdsasig, signLen ); + DEBUG_PRINT_ARRAY( "ECDSA:", (const char *)ecdsasig, signLen ); +#if 0 // 署名ベリファイ - test_ret = ECDSA_verify( 0, sha256buf, 233/8, ecdsasig, signLen, NintendoCTR2 ); - if( test_ret != 1) { + ret_code = ECDSA_verify( 0, sha1buf, 20, tempSign, 66, NintendoCTR2 ); + if( ret_code != 1) { ret_code = CR_GENID_ERROR_ECDSA_VERIFY; SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } +#endif // DERデコードして、r と s を eccSignature にセット sig = d2i_ECDSA_SIG( NULL, &pECDSAsig, signLen ); @@ -289,7 +298,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } -#if 1 +#if 0 DEBUG_PRINT_ARRAY( "ECDSA.r:", (const char *)sig->r->d, sig->r->dmax * 4); DEBUG_PRINT_ARRAY( "ECDSA.s:", (const char *)sig->s->d, sig->s->dmax * 4 ); #endif @@ -303,6 +312,15 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE } //#endif // USE_HSM + + // 署名ベリファイ + ret_code = ECDSA_verify( 0, sha1Buf, 20, signBuf, signLen, NintendoCTR2 ); + if( ret_code != 1) { + ret_code = CR_GENID_ERROR_ECDSA_VERIFY; + SetErrorInfo( __FUNCTION__, __LINE__ ); + goto end; + } + ret_code = CR_GENID_SUCCESS; #if 0 if ( cr_print_flag ) diff --git a/cr_hsm_code.c b/cr_hsm_code.c index c414cd7..13abc75 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -137,8 +137,8 @@ NFKM_WorldInfo *hsmWorld = NULL; // allocate // TODO: ŏIɕύX #ifdef ENCRYPT_AES M_KeyID hsmAesKeyidDev, hsmAesKeyidProd; -const NFKM_KeyIdent hsmAesKeyidentDev = { (char*)"simple", (char*)"aes-dummykey-dev" }; -const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"aes-dummykey-prod" }; +const NFKM_KeyIdent hsmAesKeyidentDev = { (char*)"simple", (char*)"efuse-aes-key-dummy-dev" }; +const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"efuse-aes-key-dummy-prod" }; static int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid ); #else // !ENCRYPT_AES @@ -750,7 +750,6 @@ int hsm_ecdsa_load_keypair( NFKM_KeyIdent privKeyident, M_KeyID *privKeyid, NFKM_Key *keyinfo = NULL; NFKM_ModuleInfo *moduleinfo = NULL; M_ByteBlock *blobptr = NULL; - M_KeyID tempId; // get usable Module moduleinfo = hsmWorld->modules[0]; @@ -810,7 +809,7 @@ end: return ret_code; } // hsm_ecdsa_load_keypair -int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bonding_option ) +int hsm_ecdsa_sign( unsigned char *sign_buf, int *sign_size, unsigned char *data_buf, int data_size, unsigned char bonding_option ) { int ret_code = CR_GENID_SUCCESS; @@ -833,25 +832,18 @@ int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bondin cmd.args.sign.flags = 0; // Cmd_Sign_Args_flags_given_iv_present; cmd.args.sign.key = privKeyid; cmd.args.sign.mech = HSM_SIGN_MECH; -#if 1 - cmd.args.sign.plain.type = PlainTextType_Bytes; - cmd.args.sign.plain.data.bytes.data.len = data_size; - cmd.args.sign.plain.data.bytes.data.ptr = data_buf; -#endif #if 0 - struct NFast_Bignum *bn; - my_bin2bignum( &bn, hsmHandle, data_buf, data_size ); - cmd.args.sign.plain.type = PlainTextType_Bignum; - cmd.args.sign.plain.data.bignum.m = bn; -#endif - -#if 0 M_Hash32 *hash = (M_Hash32*)data_buf; cmd.args.sign.plain.type = PlainTextType_Hash32; cmd.args.sign.plain.data.hash32.data = *hash; #endif +#if 1 + cmd.args.sign.plain.type = PlainTextType_Hash; + cmd.args.sign.plain.data.hash.data = *(M_Hash*)data_buf; +#endif + // sign command issue ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); if ( ret_code != CR_GENID_SUCCESS ) @@ -865,35 +857,37 @@ int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bondin SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } - + +#if 1 // signature bignum -> bin - printf ( "sig mech : %d\n", reply.reply.sign.sig.mech ); rLen = reply.reply.sign.sig.data.ecdsa.r->nbytes; rPtr = (unsigned char*)malloc( rLen ); my_bignum2bin ( rPtr, rLen, hsmHandle, reply.reply.sign.sig.data.ecdsa.r ); sLen = reply.reply.sign.sig.data.ecdsa.s->nbytes; sPtr = (unsigned char*)malloc( sLen ); my_bignum2bin ( sPtr, sLen, hsmHandle, reply.reply.sign.sig.data.ecdsa.s ); +#endif my_bignumCopy( &rBn, reply.reply.sign.sig.data.ecdsa.r, hsmHandle ); my_bignumCopy( &sBn, reply.reply.sign.sig.data.ecdsa.s, hsmHandle ); + #if 1 DEBUG_PRINT_ARRAY( (char*)"sig r(HSM)", (const char *)rPtr, rLen ); DEBUG_PRINT_ARRAY( (char*)"sig s(HSM)", (const char *)sPtr, sLen ); #endif - + //NFastApp_Free_Command( handle, NULL, NULL, &cmd ); NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); memset( &cmd, 0, sizeof( cmd ) ); memset( &reply, 0, sizeof( reply ) ); +#if 0 // verify transact cmd.cmd = Cmd_Verify; cmd.args.verify.flags = 0; cmd.args.verify.key = pubKeyid; cmd.args.verify.mech = HSM_SIGN_MECH; - cmd.args.verify.plain.type = PlainTextType_Bytes; - cmd.args.verify.plain.data.bytes.data.len = data_size; - cmd.args.verify.plain.data.bytes.data.ptr = data_buf; + cmd.args.verify.plain.type = PlainTextType_Hash; + cmd.args.verify.plain.data.hash.data = *(M_Hash*)data_buf; cmd.args.verify.sig.mech = HSM_SIGN_MECH; cmd.args.verify.sig.data.ecdsa.r = rBn; cmd.args.verify.sig.data.ecdsa.s = sBn; @@ -909,12 +903,25 @@ int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bondin SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } +#endif - printf( "ECDSAhSHA256 verify ok\n" ); + // copy sign + sign_buf[0] = 0x30; + sign_buf[1] = 0x40; + sign_buf[2] = 0x02; + sign_buf[3] = 0x1E; + memcpy( &sign_buf[4], &rPtr[2], 0x1E ); + sign_buf[0x22] = 0x02; + sign_buf[0x23] = 0x1E; + memcpy( &sign_buf[0x24], &sPtr[2], 0x40 + 2 ); + *sign_size = 0x40 + 2; + DEBUG_PRINT_ARRAY( (char*)"sign(HSM)", (const char *)sign_buf, *sign_size ); //NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // ̂A{[g - NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); - + NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply ); + NFastApp_Free( hsmHandle, rBn, NULL, NULL ); + NFastApp_Free( hsmHandle, sBn, NULL, NULL ); + return CR_GENID_SUCCESS; } // hsm_ecdsa_sign diff --git a/cr_hsm_code.h b/cr_hsm_code.h index 8858069..2b0c3ea 100644 --- a/cr_hsm_code.h +++ b/cr_hsm_code.h @@ -119,7 +119,8 @@ extern "C" { #endif #define HSM_MODULE_ID ( 1) -#define HSM_SIGN_MECH Mech_ECDSAhSHA256 +//#define HSM_SIGN_MECH Mech_ECDSAhSHA256 +#define HSM_SIGN_MECH Mech_ECDSA // functions int hsm_initialize( void ); @@ -131,7 +132,7 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, unsigned char bonding_option ); int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, unsigned char bonding_option ); int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, unsigned char bonding_option ); -int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bonding_option ); +int hsm_ecdsa_sign( unsigned char *sign_buf, int *sign_size, unsigned char *data_buf, int data_size, unsigned char bonding_option ); #ifdef __cplusplus }