デバイス証明書デバッグ用のコード追加。

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@39 ff987cc8-cf2f-4642-8568-d52cce064691
2025-11-02 00:11:04 -04:00 · 2009-12-23 01:48:51 +00:00 · 2009-12-23 01:48:51 +00:00 · 547e8fb49c
commit 547e8fb49c
parent d6bcab7b88
5 changed files with 50 additions and 36 deletions
--- a/10
+++ b/10
@ -81,8 +81,8 @@ KEYS_C  = cr_eFuse_privKey_prod.c cr_eFuse_pubKey_prod.c \
          cr_eFuse_privKey_dev.c  cr_eFuse_pubKey_dev.c  \
          cr_eFuse_aesKey_prod.c  cr_eFuse_iv_prod.c     \
          cr_eFuse_aesKey_dev.c   cr_eFuse_iv_dev.c      \
-          cr_NintendoCTR2_priv_dummy_prod.c cr_NintendoCTR2_pub_dummy_prod.c \
-          cr_NintendoCTR2_priv_dummy_dev.c  cr_NintendoCTR2_pub_dummy_dev.c
+          cr_NintendoCTR2_priv_dummy_prod.c \
+          cr_NintendoCTR2_priv_dummy_dev.c

 SRCS	= main.c cr_generate_id.c cr_hsm_util.c cr_keyPair.c \
          cr_deviceCert.c cr_enc_id.c cr_alloc.c cr_hsm_code.c
@ -158,9 +158,6 @@ cr_eFuse_iv_prod.c : $(PROD_DER_KEY_DIR)/eFuse_iv.bin
 cr_NintendoCTR2_priv_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der
 	perl tools/bin2c.plx $< prod

-cr_NintendoCTR2_pub_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der
-	perl tools/bin2c.plx $< prod
-

 cr_eFuse_privKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_privKey.der
 	perl tools/bin2c.plx $< dev
@ -177,9 +174,6 @@ cr_eFuse_iv_dev.c : $(DEV_DER_KEY_DIR)/eFuse_iv.bin
 cr_NintendoCTR2_priv_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der
 	perl tools/bin2c.plx $< dev

-cr_NintendoCTR2_pub_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der
-	perl tools/bin2c.plx $< dev
-

 .PHONY: clean clobber
 clean:
--- a/cr_deviceCert.c
+++ b/cr_deviceCert.c
@ -125,9 +125,7 @@
 #include <openssl/sha.h>
 #include <openssl/ec.h>
 #include "cr_NintendoCTR2_priv_dummy_dev.c"
-#include "cr_NintendoCTR2_pub_dummy_dev.c"
 #include "cr_NintendoCTR2_priv_dummy_prod.c"
-#include "cr_NintendoCTR2_pub_dummy_prod.c"
 #endif // USE_HSM

 #include <openssl/ecdsa.h>	// これにより下はいらない
@ -199,14 +197,6 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p
 	// expiryDate  +20years
 	*pExpiryDate   += CR_CERT_EXPIRE_SECS;	// ID_BUFにも証明書期限をセットする。
 	deviceCert.expiryDate = *pExpiryDate;
-#if 0
-	{
-		struct tm *tmt;
-		tmt = gmtime( &deviceCert.expiryDate );
-		printf("GMT:%d-%02d-%02d %02d:%02d:%02d\n",
-				tmt->tm_year+1900, tmt->tm_mon+1, tmt->tm_mday, tmt->tm_hour, tmt->tm_min, tmt->tm_sec );
-	}
-#endif

 	// eccPubKey
 	BN2BinWithPadding( &pECkey->pub_key->X, &deviceCert.eccPubKey[  0 ], 30 );
@ -225,10 +215,8 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p
 	{
 		// bondingOptionによって、鍵を差し替え
 		const unsigned char *der_priv = bondingOption ? cr_NintendoCTR2_priv_dummy_dev : cr_NintendoCTR2_priv_dummy_prod;
-		const unsigned char *der_pub  = bondingOption ? cr_NintendoCTR2_pub_dummy_dev  : cr_NintendoCTR2_pub_dummy_prod;
 		int priv_len = der_priv[ 8 ] | der_priv[ 9 ] << 8;	// KEY長を取り出し
 		der_priv += 0x10; // ヘッダ部分を除外してKEY実体を指定
-		der_pub  += 0x10; // 同上

 		// ECCは、秘密鍵のみで公開鍵成分もセットされるようなので、公開鍵は読み込まない。
 		NintendoCTR2 = d2i_ECPrivateKey( NULL, &der_priv, priv_len );
@ -243,6 +231,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p
 		DEBUG_PRINT_ARRAY( "EC pub.Y:", (const char *)NintendoCTR2->pub_key->Y.d, NintendoCTR2->pub_key->Y.dmax * 4 );
 #endif
 	}
+	// ECDSA署名付加
 	{
 		u8 sha256buf[ SHA256_DIGEST_LENGTH ];
 		u8 ecdsasig[ 0x80 ];
@ -285,37 +274,59 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p
 		BN2BinWithPadding( sig->s, &deviceCert.eccSignature[ 30 ], 30 );
 		memcpy( pDevCertSign, &deviceCert.eccSignature, 60 );
 		if( sig ) ECDSA_SIG_free( sig );
+#ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE
+		if ( cr_print_flag )
+		{
+			// 証明書の書き込みテスト
+			FILE	*fp;
+			char	fn[256];
+			sprintf( fn, "output/0x%08x.dgst", (unsigned int)deviceId );
+			fp = fopen( fn, "wb" );
+			fwrite( sha256buf, 233/8, 1, fp );
+			fclose( fp );
+			sprintf( fn, "output/0x%08x.sgn", (unsigned int)deviceId );
+			fp = fopen( fn, "wb" );
+			fwrite( ecdsasig, signLen, 1, fp );
+			fclose( fp );
+		}
+#endif // DEBUG_DEVICE_CERT_OUTPUT_FILE
 	}
 #endif	// USE_HSM

-#if 0
 	if ( cr_print_flag )
 	{
 		int i;
-		printf( "CTR custom deviceCert\n" );
-		printf( "sigType : 0x%08X\n", *(unsigned int*)deviceCert->sigType );
-		DEBUG_PRINT_ARRAY( "eccSignature:", (const char *)deviceCert->eccSignature, sizeof(deviceCert->eccSignature) );
-		DEBUG_PRINT_ARRAY( "padding0:", (const char *)deviceCert->padding0, sizeof(deviceCert->padding0) );
+		printf( "deviceCert:\n" );
+		printf( "sigType : 0x%08X\n", *(unsigned int*)deviceCert.sigType );
+		DEBUG_PRINT_ARRAY( "eccSignature:", (const char *)deviceCert.eccSignature, sizeof(deviceCert.eccSignature) );
+		DEBUG_PRINT_ARRAY( "padding0:", (const char *)deviceCert.padding0, sizeof(deviceCert.padding0) );
 		printf( "issuerName : " );
-		for ( i = 0; i < sizeof(deviceCert->issuerName); i++ ) printf( "%c", deviceCert->issuerName[i] );
+		for ( i = 0; i < sizeof(deviceCert.issuerName); i++ ) printf( "%c", deviceCert.issuerName[i] );
 		printf( "\n" );
-		printf( "keyType : 0x%08X\n", *(unsigned int*)deviceCert->keyType );
+		printf( "keyType : 0x%08X\n", *(unsigned int*)deviceCert.keyType );
 		printf( "subject : " );
-		for ( i = 0; i < sizeof(deviceCert->subject); i++ ) printf( "%c", deviceCert->subject[i] );
+		for ( i = 0; i < sizeof(deviceCert.subject); i++ ) printf( "%c", deviceCert.subject[i] );
 		printf( "\n" );
-		printf( "expiryDate : 0x%08X\n", (unsigned int)deviceCert->expiryDate );
-		DEBUG_PRINT_ARRAY( "eccPubKey :", (const char *)deviceCert->eccPubKey, sizeof(deviceCert->eccPubKey) );
-		DEBUG_PRINT_ARRAY( "padding1:", (const char *)deviceCert->padding1, sizeof(deviceCert->padding1) );
-		
+		printf( "expiryDate : 0x%08X\n", (unsigned int)deviceCert.expiryDate );
+		{
+			struct tm *tmt;
+			tmt = gmtime( &deviceCert.expiryDate );
+			printf( "             GMT:%d-%02d-%02d %02d:%02d:%02d\n",
+					tmt->tm_year+1900, tmt->tm_mon+1, tmt->tm_mday, tmt->tm_hour, tmt->tm_min, tmt->tm_sec );
+		}
+		DEBUG_PRINT_ARRAY( "eccPubKey :", (const char *)deviceCert.eccPubKey, sizeof(deviceCert.eccPubKey) );
+		DEBUG_PRINT_ARRAY( "padding1:", (const char *)deviceCert.padding1, sizeof(deviceCert.padding1) );
+
+#ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE
 		// 証明書の書き込みテスト
 		FILE	*fp;
 		char	fn[256];
 		sprintf( fn, "output/0x%08x.crt", (unsigned int)deviceId );
-		fp = fopen( fn, "w" );
-		fwrite( deviceCert, sizeof( CR_DeviceCert ), 1, fp );
+		fp = fopen( fn, "wb" );
+		fwrite( &deviceCert, sizeof( CR_DeviceCert ), 1, fp );
 		fclose( fp );
+#endif // DEBUG_DEVICE_CERT_OUTPUT_FILE
 	}
-#endif

 end:
 	// TODO: NintendoCTR2のリソース解放がこれだけでOKか要確認。
@ -325,7 +336,7 @@ end:
 }	// generate_CTRCustom_deviceCert


-// 指定BIGNUMを指定長
+// 指定BIGNUMをバイナリ変換して指定バッファに右詰めでセット
 static void BN2BinWithPadding( BIGNUM *pBN, u8 *pDst, int dstLen )
 {
 	int i;
--- a/cr_generate_id_private.h
+++ b/cr_generate_id_private.h
@ -131,6 +131,7 @@ extern "C" {
 #include "ec_lcl.h"	// EC_KEY (=ec_key_st) 構造体の参照に必要

 #define DEBUG_PRINT 1
+//#define DEBUG_DEVICE_CERT_OUTPUT_FILE

 #ifdef DEBUG_PRINT
 #define DEBUG_PRINT_ARRAY            DebugPrintArray
--- a/dummyKey/dev/NintendoCTR2_pub_dummy.pem
+++ b/dummyKey/dev/NintendoCTR2_pub_dummy.pem
@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEANkB/eVVYNkyMyWTUwq6Y6MUUJYtTHLy
+muag+2u/Ab7Ww4xkEaJs06yqMZr1Z6SFZ9aTZwSL8KCeLSU1
+-----END PUBLIC KEY-----
--- a/dummyKey/prod/NintendoCTR2_pub_dummy.pem
+++ b/dummyKey/prod/NintendoCTR2_pub_dummy.pem
@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAa/spvRyfvGRPmgWTeg5BV86c2s5ldQH
+j7yTnjWuACM3rdgosntfVqBtMpxELDGbkjnlw+lBH988t5X7
+-----END PUBLIC KEY-----