openssl開発時に、ダミーNintendoCTR2署名鍵（ECC233)をリンクするよう変更。

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@35 ff987cc8-cf2f-4642-8568-d52cce064691

Makefile

@@ -80,7 +80,10 @@ TARGET	    = gen_id
 KEYS_C  = cr_eFuse_privKey_prod.c cr_eFuse_pubKey_prod.c \
           cr_eFuse_privKey_dev.c  cr_eFuse_pubKey_dev.c  \
           cr_eFuse_aesKey_prod.c  cr_eFuse_iv_prod.c     \
-          cr_eFuse_aesKey_dev.c  cr_eFuse_iv_dev.c
+          cr_eFuse_aesKey_dev.c   cr_eFuse_iv_dev.c      \
+          cr_NintendoCTR2_priv_dummy_prod.c cr_NintendoCTR2_pub_dummy_prod.c \
+          cr_NintendoCTR2_priv_dummy_dev.c  cr_NintendoCTR2_pub_dummy_dev.c
+
 SRCS	= main.c cr_generate_id.c cr_hsm_util.c cr_keyPair.c \
           cr_deviceCert.c cr_enc_id.c cr_alloc.c cr_hsm_code.c
 
@@ -146,25 +149,37 @@ cr_eFuse_privKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_privKey.der
 cr_eFuse_pubKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_pubKey.der
 	perl tools/bin2c.plx $< prod
 
-cr_eFuse_privKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_privKey.der
-	perl tools/bin2c.plx $< dev
-
-cr_eFuse_pubKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_pubKey.der
-	perl tools/bin2c.plx $< dev
-
-
 cr_eFuse_aesKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_aesKey.bin
 	perl tools/bin2c.plx $< prod
 
 cr_eFuse_iv_prod.c : $(PROD_DER_KEY_DIR)/eFuse_iv.bin
 	perl tools/bin2c.plx $< prod
 
+cr_NintendoCTR2_priv_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der
+	perl tools/bin2c.plx $< prod
+
+cr_NintendoCTR2_pub_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der
+	perl tools/bin2c.plx $< prod
+
+
+cr_eFuse_privKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_privKey.der
+	perl tools/bin2c.plx $< dev
+
+cr_eFuse_pubKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_pubKey.der
+	perl tools/bin2c.plx $< dev
+
 cr_eFuse_aesKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_aesKey.bin
 	perl tools/bin2c.plx $< dev
 
 cr_eFuse_iv_dev.c : $(DEV_DER_KEY_DIR)/eFuse_iv.bin
 	perl tools/bin2c.plx $< dev
 
+cr_NintendoCTR2_priv_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der
+	perl tools/bin2c.plx $< dev
+
+cr_NintendoCTR2_pub_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der
+	perl tools/bin2c.plx $< dev
+
 
 .PHONY: clean clobber
 clean:

cr_deviceCert.c

@@ -119,15 +119,16 @@
 
 #ifdef USE_HSM
 #include "cr_hsm_code.h"
-#endif // USE_HSM
-
+#else
 // openssl
 #include <openssl/err.h>
-#include <openssl/bn.h>
 #include <openssl/sha.h>
 #include <openssl/ec.h>
-#include <openssl/rsa.h>
-#include <openssl/aes.h>
+#include "cr_NintendoCTR2_priv_dummy_dev.c"
+#include "cr_NintendoCTR2_pub_dummy_dev.c"
+#include "cr_NintendoCTR2_priv_dummy_prod.c"
+#include "cr_NintendoCTR2_pub_dummy_prod.c"
+#endif // USE_HSM
 
 #include <openssl/ecdsa.h>	// これにより下はいらない
 //#include "ec_lcl.h"	// ec_key_st構造体の参照に必要
@@ -186,7 +187,8 @@ static int TestECDSA2( EC_KEY *eckey, int ec_curve_name, u8 ec_pub_key_neg, u8 e
 	test_ret = ECDSA_sign(0, ecdsa_test_buf, CR_ECDSA_BUF_SIZE, ecdsasig, 
 			&ecdsasiglen, eckey);
 	if (test_ret == 0) {
-		return CR_GENID_ERROR_ECDSA_SIGN;
+		ret_code = CR_GENID_ERROR_ECDSA_SIGN;
+		goto end;
 	}
 	
 	// 署名検証
@@ -236,16 +238,42 @@ end:
 // create CTR Device cert
 int GenerateCTRDeviceCert( EC_KEY *eckey, u32 deviceId, u8 bondingOption )
 {
-	int result = 0;
+	int ret_code = 0;
 	char str[80];
 	CTR_Device_Cert cert;
-
+	EC_KEY *NintendoCTR2 = NULL;
+	
 	if ( sizeof( CTR_Device_Cert ) > 384 )
 	{
+		printf( "err.\n" );
 		//ret_code = CR_GENID_ERROR_CERT_BUF_SIZE;	// ATODE
-		return 255;
+		ret_code = 255;
+		goto end;
 	}
+	
+	// DERフォーマットのECC鍵を読み込み
+	{
+		// bondingOptionによって、鍵を差し替え
+		const unsigned char *der_priv = bondingOption ? cr_NintendoCTR2_priv_dummy_dev : cr_NintendoCTR2_priv_dummy_prod;
+		const unsigned char *der_pub  = bondingOption ? cr_NintendoCTR2_pub_dummy_dev  : cr_NintendoCTR2_pub_dummy_prod;
+		int priv_len = der_priv[ 8 ] | der_priv[ 9 ] << 8;	// KEY長を取り出し
+//		int pub_len  = der_pub [ 8 ] | der_pub [ 9 ] << 8;  // 同上
+		der_priv += 0x10; // ヘッダ部分を除外してKEY実体を指定
+		der_pub  += 0x10; // 同上
 
+		// ECCは、秘密鍵のみで公開鍵成分もセットされるようなので、公開鍵は読み込まない。
+		NintendoCTR2 = d2i_ECPrivateKey( NULL, &der_priv, priv_len );
+		if( NintendoCTR2 == NULL ) {
+//			ret_code = CR_GENID_ERROR_ECC_READ_PRIVATE_KEY; // TODO:
+			ret_code = 255;
+			goto end;
+		}
+#if 0
+		DEBUG_PRINT_ARRAY( "EC priv:",  (const char *)NintendoCTR2->priv_key->d, NintendoCTR2->priv_key->dmax * 4);
+		DEBUG_PRINT_ARRAY( "EC pub.X:", (const char *)NintendoCTR2->pub_key->X.d, NintendoCTR2->pub_key->X.dmax * 4 );
+		DEBUG_PRINT_ARRAY( "EC pub.Y:", (const char *)NintendoCTR2->pub_key->Y.d, NintendoCTR2->pub_key->Y.dmax * 4 );
+#endif
+	}
 	// sigType
 	cert.sigType[0] = 0x00;
 	cert.sigType[1] = 0x01;
@@ -267,11 +295,11 @@ int GenerateCTRDeviceCert( EC_KEY *eckey, u32 deviceId, u8 bondingOption )
 	
 	// expiryDate
 #ifdef USE_HSM
-	result = hsm_get_rtc( &(cert.expiryDate) );
-	if ( result != 0 )
+	ret_code = hsm_get_rtc( &(cert.expiryDate) );
+	if ( ret_code != 0 )
 	{
-		printf( "error(%d) : hsm_get_rtc\n", result );
-		return result;
+		printf( "error(%d) : hsm_get_rtc\n", ret_code );
+		goto end;
 	}
 #else  // !USE_HSM
 	{
@@ -293,14 +321,15 @@ int GenerateCTRDeviceCert( EC_KEY *eckey, u32 deviceId, u8 bondingOption )
 
 	bn_pubkey = BN_new();
 	if( bn_pubkey == NULL ) {
-		return CR_GENID_ERROR_BN_NEW_1;
+		ret_code = CR_GENID_ERROR_BN_NEW_1;
+		goto end;
 	}
 	
-	result = EC_POINT_point2bn( eckey->group, eckey->pub_key, eckey->conv_form , bn_pubkey, NULL);
-	if ( result == 0 )
+	ret_code = EC_POINT_point2bn( eckey->group, eckey->pub_key, eckey->conv_form , bn_pubkey, NULL);
+	if ( ret_code == 0 )
 	{
-		printf( "error(%d) : EC_POINT_point2bn\n", result );
-		return result;
+		printf( "error(%d) : EC_POINT_point2bn\n", ret_code );
+		goto end;
 	}
 	
 	ec_pub_key_neg = (unsigned char)( (bn_pubkey->neg == 0) ? 0 : 1 );
@@ -310,12 +339,12 @@ int GenerateCTRDeviceCert( EC_KEY *eckey, u32 deviceId, u8 bondingOption )
 	
 	BN_free( bn_pubkey );
 	
-	result = TestECDSA2( eckey, NID_sect233r1, ec_pub_key_neg,
+	ret_code = TestECDSA2( eckey, NID_sect233r1, ec_pub_key_neg,
 							ec_pub_key_num_bytes, ec_pub_key );
-	if ( result != 0 )
+	if ( ret_code != 0 )
 	{
-		printf( "error(%d) : TestECDSA2\n", result );
-		return result;
+		printf( "error(%d) : TestECDSA2\n", ret_code );
+		goto end;
 	}
     
 #endif	// USE_HSM
@@ -349,6 +378,10 @@ int GenerateCTRDeviceCert( EC_KEY *eckey, u32 deviceId, u8 bondingOption )
 	}
 #endif
 
-	return result;
+end:
+	// TODO: NintendoCTR2のリソース解放がこれだけでOKか要確認。
+	if( NintendoCTR2 ) EC_KEY_free( NintendoCTR2 );
+	
+	return ret_code;
 }	// generate_CTRCustom_cert