mirror of
https://github.com/rvtr/ctr_eFuse.git
synced 2025-11-02 00:11:04 -04:00
ID生成プログラム:ECDSA-SHA1にて署名と検証成功
git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@131 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
kubodera_yuichi
parent
c1c8920dd9
commit
43956bef9a
@ -142,6 +142,8 @@
|
||||
|
||||
#define CR_CERT_EXPIRE_SECS ( 60*60*24*365* 20 ) // デバイス証明書期限 20年 ※うるう年は無視
|
||||
|
||||
u8 tempSign[ 70 ];
|
||||
|
||||
// TWL device cert base
|
||||
typedef struct CR_DeviceCert
|
||||
{
|
||||
@ -217,21 +219,26 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
|
||||
// TODO: HSM使用時の処理を実装
|
||||
|
||||
// ECDSA署名付加
|
||||
u8 sha256buf[ SHA256_DIGEST_LENGTH ];
|
||||
|
||||
// CR_DeviceCertのSHA256計算
|
||||
SHA256( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha256buf );
|
||||
|
||||
u8 signBuf[ 70 ];
|
||||
int signLen = 0;
|
||||
u8 sha1Buf[ 20 ];
|
||||
memset( signBuf, 0, sizeof( signBuf ) );
|
||||
|
||||
SHA1( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha1Buf );
|
||||
//DEBUG_PRINT_ARRAY( "sha1(HSM)", (const char *)sha1buf, 20 );
|
||||
|
||||
ret_code = hsm_ecdsa_sign( signBuf, &signLen, sha1Buf, 20, bonding_option );
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
u8 sha256buf[ SHA256_DIGEST_LENGTH ];
|
||||
|
||||
// CR_DeviceCertのSHA256計算
|
||||
SHA256( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha256buf );
|
||||
|
||||
ret_code = hsm_ecdsa_sign( sha256buf, 233/8, bonding_option );
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
{
|
||||
SetErrorInfo( __FUNCTION__, __LINE__ );
|
||||
return ret_code;
|
||||
}
|
||||
SetErrorInfo( __FUNCTION__, __LINE__ );
|
||||
return ret_code;
|
||||
}
|
||||
|
||||
|
||||
//#else // !USE_HSM
|
||||
// DERフォーマットのECC鍵を読み込み
|
||||
{
|
||||
@ -272,15 +279,17 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
|
||||
SetErrorInfo( __FUNCTION__, __LINE__ );
|
||||
goto end;
|
||||
}
|
||||
//DEBUG_PRINT_ARRAY( "ECDSA:", (const char *)ecdsasig, signLen );
|
||||
DEBUG_PRINT_ARRAY( "ECDSA:", (const char *)ecdsasig, signLen );
|
||||
|
||||
#if 0
|
||||
// 署名ベリファイ
|
||||
test_ret = ECDSA_verify( 0, sha256buf, 233/8, ecdsasig, signLen, NintendoCTR2 );
|
||||
if( test_ret != 1) {
|
||||
ret_code = ECDSA_verify( 0, sha1buf, 20, tempSign, 66, NintendoCTR2 );
|
||||
if( ret_code != 1) {
|
||||
ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
|
||||
SetErrorInfo( __FUNCTION__, __LINE__ );
|
||||
goto end;
|
||||
}
|
||||
#endif
|
||||
|
||||
// DERデコードして、r と s を eccSignature にセット
|
||||
sig = d2i_ECDSA_SIG( NULL, &pECDSAsig, signLen );
|
||||
@ -289,7 +298,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
|
||||
SetErrorInfo( __FUNCTION__, __LINE__ );
|
||||
goto end;
|
||||
}
|
||||
#if 1
|
||||
#if 0
|
||||
DEBUG_PRINT_ARRAY( "ECDSA.r:", (const char *)sig->r->d, sig->r->dmax * 4);
|
||||
DEBUG_PRINT_ARRAY( "ECDSA.s:", (const char *)sig->s->d, sig->s->dmax * 4 );
|
||||
#endif
|
||||
@ -304,6 +313,15 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
|
||||
}
|
||||
//#endif // USE_HSM
|
||||
|
||||
// 署名ベリファイ
|
||||
ret_code = ECDSA_verify( 0, sha1Buf, 20, signBuf, signLen, NintendoCTR2 );
|
||||
if( ret_code != 1) {
|
||||
ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
|
||||
SetErrorInfo( __FUNCTION__, __LINE__ );
|
||||
goto end;
|
||||
}
|
||||
ret_code = CR_GENID_SUCCESS;
|
||||
|
||||
#if 0
|
||||
if ( cr_print_flag )
|
||||
{
|
||||
|
||||
@ -137,8 +137,8 @@ NFKM_WorldInfo *hsmWorld = NULL; // allocate
|
||||
// TODO: 最終鍵に変更する
|
||||
#ifdef ENCRYPT_AES
|
||||
M_KeyID hsmAesKeyidDev, hsmAesKeyidProd;
|
||||
const NFKM_KeyIdent hsmAesKeyidentDev = { (char*)"simple", (char*)"aes-dummykey-dev" };
|
||||
const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"aes-dummykey-prod" };
|
||||
const NFKM_KeyIdent hsmAesKeyidentDev = { (char*)"simple", (char*)"efuse-aes-key-dummy-dev" };
|
||||
const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"efuse-aes-key-dummy-prod" };
|
||||
|
||||
static int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid );
|
||||
#else // !ENCRYPT_AES
|
||||
@ -750,7 +750,6 @@ int hsm_ecdsa_load_keypair( NFKM_KeyIdent privKeyident, M_KeyID *privKeyid,
|
||||
NFKM_Key *keyinfo = NULL;
|
||||
NFKM_ModuleInfo *moduleinfo = NULL;
|
||||
M_ByteBlock *blobptr = NULL;
|
||||
M_KeyID tempId;
|
||||
|
||||
// get usable Module
|
||||
moduleinfo = hsmWorld->modules[0];
|
||||
@ -810,7 +809,7 @@ end:
|
||||
return ret_code;
|
||||
} // hsm_ecdsa_load_keypair
|
||||
|
||||
int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bonding_option )
|
||||
int hsm_ecdsa_sign( unsigned char *sign_buf, int *sign_size, unsigned char *data_buf, int data_size, unsigned char bonding_option )
|
||||
{
|
||||
int ret_code = CR_GENID_SUCCESS;
|
||||
|
||||
@ -833,18 +832,6 @@ int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bondin
|
||||
cmd.args.sign.flags = 0; // Cmd_Sign_Args_flags_given_iv_present;
|
||||
cmd.args.sign.key = privKeyid;
|
||||
cmd.args.sign.mech = HSM_SIGN_MECH;
|
||||
#if 1
|
||||
cmd.args.sign.plain.type = PlainTextType_Bytes;
|
||||
cmd.args.sign.plain.data.bytes.data.len = data_size;
|
||||
cmd.args.sign.plain.data.bytes.data.ptr = data_buf;
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
struct NFast_Bignum *bn;
|
||||
my_bin2bignum( &bn, hsmHandle, data_buf, data_size );
|
||||
cmd.args.sign.plain.type = PlainTextType_Bignum;
|
||||
cmd.args.sign.plain.data.bignum.m = bn;
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
M_Hash32 *hash = (M_Hash32*)data_buf;
|
||||
@ -852,6 +839,11 @@ int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bondin
|
||||
cmd.args.sign.plain.data.hash32.data = *hash;
|
||||
#endif
|
||||
|
||||
#if 1
|
||||
cmd.args.sign.plain.type = PlainTextType_Hash;
|
||||
cmd.args.sign.plain.data.hash.data = *(M_Hash*)data_buf;
|
||||
#endif
|
||||
|
||||
// sign command issue
|
||||
ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
|
||||
if ( ret_code != CR_GENID_SUCCESS )
|
||||
@ -866,16 +858,18 @@ int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bondin
|
||||
return ret_code;
|
||||
}
|
||||
|
||||
#if 1
|
||||
// signature bignum -> bin
|
||||
printf ( "sig mech : %d\n", reply.reply.sign.sig.mech );
|
||||
rLen = reply.reply.sign.sig.data.ecdsa.r->nbytes;
|
||||
rPtr = (unsigned char*)malloc( rLen );
|
||||
my_bignum2bin ( rPtr, rLen, hsmHandle, reply.reply.sign.sig.data.ecdsa.r );
|
||||
sLen = reply.reply.sign.sig.data.ecdsa.s->nbytes;
|
||||
sPtr = (unsigned char*)malloc( sLen );
|
||||
my_bignum2bin ( sPtr, sLen, hsmHandle, reply.reply.sign.sig.data.ecdsa.s );
|
||||
#endif
|
||||
my_bignumCopy( &rBn, reply.reply.sign.sig.data.ecdsa.r, hsmHandle );
|
||||
my_bignumCopy( &sBn, reply.reply.sign.sig.data.ecdsa.s, hsmHandle );
|
||||
|
||||
#if 1
|
||||
DEBUG_PRINT_ARRAY( (char*)"sig r(HSM)", (const char *)rPtr, rLen );
|
||||
DEBUG_PRINT_ARRAY( (char*)"sig s(HSM)", (const char *)sPtr, sLen );
|
||||
@ -886,14 +880,14 @@ int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bondin
|
||||
memset( &cmd, 0, sizeof( cmd ) );
|
||||
memset( &reply, 0, sizeof( reply ) );
|
||||
|
||||
#if 0
|
||||
// verify transact
|
||||
cmd.cmd = Cmd_Verify;
|
||||
cmd.args.verify.flags = 0;
|
||||
cmd.args.verify.key = pubKeyid;
|
||||
cmd.args.verify.mech = HSM_SIGN_MECH;
|
||||
cmd.args.verify.plain.type = PlainTextType_Bytes;
|
||||
cmd.args.verify.plain.data.bytes.data.len = data_size;
|
||||
cmd.args.verify.plain.data.bytes.data.ptr = data_buf;
|
||||
cmd.args.verify.plain.type = PlainTextType_Hash;
|
||||
cmd.args.verify.plain.data.hash.data = *(M_Hash*)data_buf;
|
||||
cmd.args.verify.sig.mech = HSM_SIGN_MECH;
|
||||
cmd.args.verify.sig.data.ecdsa.r = rBn;
|
||||
cmd.args.verify.sig.data.ecdsa.s = sBn;
|
||||
@ -909,11 +903,24 @@ int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bondin
|
||||
SetErrorInfo( __FUNCTION__, __LINE__ );
|
||||
return ret_code;
|
||||
}
|
||||
#endif
|
||||
|
||||
printf( "ECDSAhSHA256 verify ok\n" );
|
||||
// copy sign
|
||||
sign_buf[0] = 0x30;
|
||||
sign_buf[1] = 0x40;
|
||||
sign_buf[2] = 0x02;
|
||||
sign_buf[3] = 0x1E;
|
||||
memcpy( &sign_buf[4], &rPtr[2], 0x1E );
|
||||
sign_buf[0x22] = 0x02;
|
||||
sign_buf[0x23] = 0x1E;
|
||||
memcpy( &sign_buf[0x24], &sPtr[2], 0x40 + 2 );
|
||||
*sign_size = 0x40 + 2;
|
||||
DEBUG_PRINT_ARRAY( (char*)"sign(HSM)", (const char *)sign_buf, *sign_size );
|
||||
|
||||
//NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); // 何故かアボートする
|
||||
NFastApp_Free_Reply( hsmHandle, NULL, NULL, &reply );
|
||||
NFastApp_Free( hsmHandle, rBn, NULL, NULL );
|
||||
NFastApp_Free( hsmHandle, sBn, NULL, NULL );
|
||||
|
||||
return CR_GENID_SUCCESS;
|
||||
} // hsm_ecdsa_sign
|
||||
|
||||
@ -119,7 +119,8 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
#define HSM_MODULE_ID ( 1)
|
||||
#define HSM_SIGN_MECH Mech_ECDSAhSHA256
|
||||
//#define HSM_SIGN_MECH Mech_ECDSAhSHA256
|
||||
#define HSM_SIGN_MECH Mech_ECDSA
|
||||
|
||||
// functions
|
||||
int hsm_initialize( void );
|
||||
@ -131,7 +132,7 @@ int hsm_aes_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, u
|
||||
int hsm_aes_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, unsigned char bonding_option );
|
||||
int hsm_rsa_encrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, unsigned char bonding_option );
|
||||
int hsm_rsa_decrypt( unsigned char *dst_buf, unsigned char *org_buf, int size, unsigned char bonding_option );
|
||||
int hsm_ecdsa_sign( unsigned char *data_buf, int data_size, unsigned char bonding_option );
|
||||
int hsm_ecdsa_sign( unsigned char *sign_buf, int *sign_size, unsigned char *data_buf, int data_size, unsigned char bonding_option );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user