diff --git a/Makefile b/Makefile index b0e123e..b5d8732 100644 --- a/Makefile +++ b/Makefile @@ -81,8 +81,8 @@ KEYS_C = cr_eFuse_privKey_prod.c cr_eFuse_pubKey_prod.c \ cr_eFuse_privKey_dev.c cr_eFuse_pubKey_dev.c \ cr_eFuse_aesKey_prod.c cr_eFuse_iv_prod.c \ cr_eFuse_aesKey_dev.c cr_eFuse_iv_dev.c \ - cr_NintendoCTR2_priv_dummy_prod.c cr_NintendoCTR2_pub_dummy_prod.c \ - cr_NintendoCTR2_priv_dummy_dev.c cr_NintendoCTR2_pub_dummy_dev.c + cr_NintendoCTR2_priv_dummy_prod.c \ + cr_NintendoCTR2_priv_dummy_dev.c SRCS = main.c cr_generate_id.c cr_hsm_util.c cr_keyPair.c \ cr_deviceCert.c cr_enc_id.c cr_alloc.c cr_hsm_code.c @@ -158,9 +158,6 @@ cr_eFuse_iv_prod.c : $(PROD_DER_KEY_DIR)/eFuse_iv.bin cr_NintendoCTR2_priv_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der perl tools/bin2c.plx $< prod -cr_NintendoCTR2_pub_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der - perl tools/bin2c.plx $< prod - cr_eFuse_privKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_privKey.der perl tools/bin2c.plx $< dev @@ -177,9 +174,6 @@ cr_eFuse_iv_dev.c : $(DEV_DER_KEY_DIR)/eFuse_iv.bin cr_NintendoCTR2_priv_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der perl tools/bin2c.plx $< dev -cr_NintendoCTR2_pub_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der - perl tools/bin2c.plx $< dev - .PHONY: clean clobber clean: diff --git a/cr_deviceCert.c b/cr_deviceCert.c index 1d1804d..ac8179c 100644 --- a/cr_deviceCert.c +++ b/cr_deviceCert.c @@ -125,9 +125,7 @@ #include #include #include "cr_NintendoCTR2_priv_dummy_dev.c" -#include "cr_NintendoCTR2_pub_dummy_dev.c" #include "cr_NintendoCTR2_priv_dummy_prod.c" -#include "cr_NintendoCTR2_pub_dummy_prod.c" #endif // USE_HSM #include // これにより下はいらない @@ -199,14 +197,6 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p // expiryDate +20years *pExpiryDate += CR_CERT_EXPIRE_SECS; // ID_BUFにも証明書期限をセットする。 deviceCert.expiryDate = *pExpiryDate; -#if 0 - { - struct tm *tmt; - tmt = gmtime( &deviceCert.expiryDate ); - printf("GMT:%d-%02d-%02d %02d:%02d:%02d\n", - tmt->tm_year+1900, tmt->tm_mon+1, tmt->tm_mday, tmt->tm_hour, tmt->tm_min, tmt->tm_sec ); - } -#endif // eccPubKey BN2BinWithPadding( &pECkey->pub_key->X, &deviceCert.eccPubKey[ 0 ], 30 ); @@ -225,10 +215,8 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p { // bondingOptionによって、鍵を差し替え const unsigned char *der_priv = bondingOption ? cr_NintendoCTR2_priv_dummy_dev : cr_NintendoCTR2_priv_dummy_prod; - const unsigned char *der_pub = bondingOption ? cr_NintendoCTR2_pub_dummy_dev : cr_NintendoCTR2_pub_dummy_prod; int priv_len = der_priv[ 8 ] | der_priv[ 9 ] << 8; // KEY長を取り出し der_priv += 0x10; // ヘッダ部分を除外してKEY実体を指定 - der_pub += 0x10; // 同上 // ECCは、秘密鍵のみで公開鍵成分もセットされるようなので、公開鍵は読み込まない。 NintendoCTR2 = d2i_ECPrivateKey( NULL, &der_priv, priv_len ); @@ -243,6 +231,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p DEBUG_PRINT_ARRAY( "EC pub.Y:", (const char *)NintendoCTR2->pub_key->Y.d, NintendoCTR2->pub_key->Y.dmax * 4 ); #endif } + // ECDSA署名付加 { u8 sha256buf[ SHA256_DIGEST_LENGTH ]; u8 ecdsasig[ 0x80 ]; @@ -285,37 +274,59 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 deviceId, u8 bondingOption, u8 *p BN2BinWithPadding( sig->s, &deviceCert.eccSignature[ 30 ], 30 ); memcpy( pDevCertSign, &deviceCert.eccSignature, 60 ); if( sig ) ECDSA_SIG_free( sig ); +#ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE + if ( cr_print_flag ) + { + // 証明書の書き込みテスト + FILE *fp; + char fn[256]; + sprintf( fn, "output/0x%08x.dgst", (unsigned int)deviceId ); + fp = fopen( fn, "wb" ); + fwrite( sha256buf, 233/8, 1, fp ); + fclose( fp ); + sprintf( fn, "output/0x%08x.sgn", (unsigned int)deviceId ); + fp = fopen( fn, "wb" ); + fwrite( ecdsasig, signLen, 1, fp ); + fclose( fp ); + } +#endif // DEBUG_DEVICE_CERT_OUTPUT_FILE } #endif // USE_HSM -#if 0 if ( cr_print_flag ) { int i; - printf( "CTR custom deviceCert\n" ); - printf( "sigType : 0x%08X\n", *(unsigned int*)deviceCert->sigType ); - DEBUG_PRINT_ARRAY( "eccSignature:", (const char *)deviceCert->eccSignature, sizeof(deviceCert->eccSignature) ); - DEBUG_PRINT_ARRAY( "padding0:", (const char *)deviceCert->padding0, sizeof(deviceCert->padding0) ); + printf( "deviceCert:\n" ); + printf( "sigType : 0x%08X\n", *(unsigned int*)deviceCert.sigType ); + DEBUG_PRINT_ARRAY( "eccSignature:", (const char *)deviceCert.eccSignature, sizeof(deviceCert.eccSignature) ); + DEBUG_PRINT_ARRAY( "padding0:", (const char *)deviceCert.padding0, sizeof(deviceCert.padding0) ); printf( "issuerName : " ); - for ( i = 0; i < sizeof(deviceCert->issuerName); i++ ) printf( "%c", deviceCert->issuerName[i] ); + for ( i = 0; i < sizeof(deviceCert.issuerName); i++ ) printf( "%c", deviceCert.issuerName[i] ); printf( "\n" ); - printf( "keyType : 0x%08X\n", *(unsigned int*)deviceCert->keyType ); + printf( "keyType : 0x%08X\n", *(unsigned int*)deviceCert.keyType ); printf( "subject : " ); - for ( i = 0; i < sizeof(deviceCert->subject); i++ ) printf( "%c", deviceCert->subject[i] ); + for ( i = 0; i < sizeof(deviceCert.subject); i++ ) printf( "%c", deviceCert.subject[i] ); printf( "\n" ); - printf( "expiryDate : 0x%08X\n", (unsigned int)deviceCert->expiryDate ); - DEBUG_PRINT_ARRAY( "eccPubKey :", (const char *)deviceCert->eccPubKey, sizeof(deviceCert->eccPubKey) ); - DEBUG_PRINT_ARRAY( "padding1:", (const char *)deviceCert->padding1, sizeof(deviceCert->padding1) ); - + printf( "expiryDate : 0x%08X\n", (unsigned int)deviceCert.expiryDate ); + { + struct tm *tmt; + tmt = gmtime( &deviceCert.expiryDate ); + printf( " GMT:%d-%02d-%02d %02d:%02d:%02d\n", + tmt->tm_year+1900, tmt->tm_mon+1, tmt->tm_mday, tmt->tm_hour, tmt->tm_min, tmt->tm_sec ); + } + DEBUG_PRINT_ARRAY( "eccPubKey :", (const char *)deviceCert.eccPubKey, sizeof(deviceCert.eccPubKey) ); + DEBUG_PRINT_ARRAY( "padding1:", (const char *)deviceCert.padding1, sizeof(deviceCert.padding1) ); + +#ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE // 証明書の書き込みテスト FILE *fp; char fn[256]; sprintf( fn, "output/0x%08x.crt", (unsigned int)deviceId ); - fp = fopen( fn, "w" ); - fwrite( deviceCert, sizeof( CR_DeviceCert ), 1, fp ); + fp = fopen( fn, "wb" ); + fwrite( &deviceCert, sizeof( CR_DeviceCert ), 1, fp ); fclose( fp ); +#endif // DEBUG_DEVICE_CERT_OUTPUT_FILE } -#endif end: // TODO: NintendoCTR2のリソース解放がこれだけでOKか要確認。 @@ -325,7 +336,7 @@ end: } // generate_CTRCustom_deviceCert -// 指定BIGNUMを指定長 +// 指定BIGNUMをバイナリ変換して指定バッファに右詰めでセット static void BN2BinWithPadding( BIGNUM *pBN, u8 *pDst, int dstLen ) { int i; diff --git a/cr_generate_id_private.h b/cr_generate_id_private.h index 56b382a..4a96a3f 100644 --- a/cr_generate_id_private.h +++ b/cr_generate_id_private.h @@ -131,6 +131,7 @@ extern "C" { #include "ec_lcl.h" // EC_KEY (=ec_key_st) \̂̎QƂɕKv #define DEBUG_PRINT 1 +//#define DEBUG_DEVICE_CERT_OUTPUT_FILE #ifdef DEBUG_PRINT #define DEBUG_PRINT_ARRAY DebugPrintArray diff --git a/dummyKey/dev/NintendoCTR2_pub_dummy.pem b/dummyKey/dev/NintendoCTR2_pub_dummy.pem new file mode 100644 index 0000000..589f57f --- /dev/null +++ b/dummyKey/dev/NintendoCTR2_pub_dummy.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEANkB/eVVYNkyMyWTUwq6Y6MUUJYtTHLy +muag+2u/Ab7Ww4xkEaJs06yqMZr1Z6SFZ9aTZwSL8KCeLSU1 +-----END PUBLIC KEY----- diff --git a/dummyKey/prod/NintendoCTR2_pub_dummy.pem b/dummyKey/prod/NintendoCTR2_pub_dummy.pem new file mode 100644 index 0000000..8280178 --- /dev/null +++ b/dummyKey/prod/NintendoCTR2_pub_dummy.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAa/spvRyfvGRPmgWTeg5BV86c2s5ldQH +j7yTnjWuACM3rdgosntfVqBtMpxELDGbkjnlw+lBH988t5X7 +-----END PUBLIC KEY-----