それとなく最終形態に近づける(鍵名など)

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@140 ff987cc8-cf2f-4642-8568-d52cce064691
2025-11-02 00:11:04 -04:00 · 2010-01-06 02:20:37 +00:00 · 2010-01-06 02:20:37 +00:00 · 5c72fef3d8
commit 5c72fef3d8
parent 80376b03d1
4 changed files with 79 additions and 69 deletions
--- a/cr_device_cert.c
+++ b/cr_device_cert.c
@ -343,7 +343,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 			ret_code = CR_GENID_ERROR_ECC_READ_PUBLIC_KEY;
 			goto end;
 		}
-#if 1
+#if 0
 		// TODO: ハッシュ処理
 		int i;
 		u8 verifyHash[30];
@ -371,7 +371,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 		DEBUG_PRINT_ARRAY( (char*)"sign(HSM)", (const char *)signBuf, signLen );
 		
 		// 署名ベリファイ
-		ret_code = ECDSA_verify( 0, &verifyHash[1], 233/8, signBuf, signLen, NCT2 );
+		ret_code = ECDSA_verify( 0, verifyHash, 30, signBuf, signLen, NCT2 );
 		if( ret_code != 1) {
 			ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
 			SetErrorInfo( __FUNCTION__, __LINE__ );
--- a/cr_generate_id.c
+++ b/cr_generate_id.c
@ -375,10 +375,12 @@ end:
 #ifdef MY_CRYPTO_DEBUG
 	ERR_free_strings(); 
 #endif /* MY_CRYPTO_DEBUG */
-
-	printf( "hsm   alloc counter : %d\n", my_hsm_get_alloc_counter() );
-	printf( "hsmbn alloc counter : %d\n", my_bignum_get_alloc_counter() );
-	printf( "miya  alloc counter : %d\n", cr_mem_get_counter() );
+	if ( cr_print_flag )
+	{
+		printf( "hsm   alloc counter : %d\n", my_hsm_get_alloc_counter() );
+		printf( "hsmbn alloc counter : %d\n", my_bignum_get_alloc_counter() );
+		printf( "miya  alloc counter : %d\n", cr_mem_get_counter() );
+	}

 	return ret_code; /* success */
 }
--- a/cr_hsm_bignum.c
+++ b/cr_hsm_bignum.c
@ -170,6 +170,7 @@ int my_char2bignum ( struct NFast_Bignum **ppBN_out,

  pBN = (struct NFast_Bignum *)NFastApp_Malloc(app, sizeof(struct NFast_Bignum), cctx, tctx);
  if ( !pBN ) return NOMEM;
+  alloc_counter++;

  pBN->msb_first = 0;
  pBN->msw_first = 0;
@ -212,7 +213,8 @@ int my_bin2bignum ( struct NFast_Bignum **ppBN_out,

 	pBN = (struct NFast_Bignum *)NFastApp_Malloc( app, sizeof(struct NFast_Bignum), NULL, NULL );
 	if ( !pBN ) return NOMEM;
-
+	alloc_counter++;
+	
 	pBN->msb_first = 0;
 	pBN->msw_first = 0;

@ -317,7 +319,8 @@ int my_bignumCopy( struct NFast_Bignum **dst,
 	struct NFast_Bignum *pBN;
 	pBN = (struct NFast_Bignum *)NFastApp_Malloc( app, sizeof(struct NFast_Bignum), NULL, NULL );
 	if ( !pBN ) return NOMEM;
-
+	alloc_counter++;
+	
 	pBN->msb_first = src->msb_first;
 	pBN->msw_first = src->msw_first;
 	pBN->nbytes = src->nbytes;
--- a/cr_hsm_code.c
+++ b/cr_hsm_code.c
@ -131,24 +131,21 @@
 #include "rqcard-applic.h"
 #include "rqcard-fips.h"

-// TORIAEZU : nFast variables
+// nFast variables
 NFast_AppHandle hsmHandle;
 NFastApp_Connection hsmConnection;
 NFKM_WorldInfo *hsmWorld = NULL;	// allocate

-// TODO: 最終鍵に変更する
 #ifdef ENCRYPT_AES
 M_KeyID hsmAesKeyidDev, hsmAesKeyidProd;
-// TODO : 最終的な鍵の名前を決める "efuse-aes-dev, efuse-aes-prod"
-const NFKM_KeyIdent hsmAesKeyidentDev = { (char*)"simple", (char*)"efuse-aes-key-dummy-dev" };
-const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"efuse-aes-key-dummy-prod" };
+const NFKM_KeyIdent hsmAesKeyidentDev = { (char*)"simple", (char*)"efuse-aes-dev" };
+const NFKM_KeyIdent hsmAesKeyidentProd = { (char*)"simple", (char*)"efuse-aes-prod" };

 static int hsm_aes_load_key( NFKM_KeyIdent keyident, M_KeyID *keyid );
 #else	// !ENCRYPT_AES
 M_KeyID hsmRsaPrivkeyidDev, hsmRsaPubkeyidDev, hsmRsaPrivkeyidProd, hsmRsaPubkeyidProd;
-// TODO : 最終的な鍵の名前を決める "efuse-rsa-priv-dev, efuse-rsa-priv-prod"
-const NFKM_KeyIdent hsmRsaKeyidentDev = { (char*)"simple", (char*)"rsa-dummykeypair-dev" };
-const NFKM_KeyIdent hsmRsaKeyidentProd = { (char*)"simple", (char*)"rsa-dummykeypair-prod" };
+const NFKM_KeyIdent hsmRsaKeyidentDev = { (char*)"simple", (char*)"efuse-rsa-priv-dev" };
+const NFKM_KeyIdent hsmRsaKeyidentProd = { (char*)"simple", (char*)"efuse-rsa-priv-prod" };

 static int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_KeyID *pubKeyid );
 #endif	// ENCRYPT_AES
@ -157,11 +154,8 @@ static int hsm_rsa_load_keypair( NFKM_KeyIdent keyident, M_KeyID *privKeyid, M_K
 M_KeyID hsmEcdsaPrivkeyidDev, hsmEcdsaPubkeyidDev;
 M_KeyID hsmEcdsaPrivkeyidProd, hsmEcdsaPubkeyidProd;

-// TODO : 最終的な鍵の名前を決める "nct2-priv-dev, nct2-priv-prod", 公開鍵は入れない
-const NFKM_KeyIdent hsmEcdsaPrivkeyidentDev = { (char*)"simple", (char*)"nintendo-ctr2-priv-dummy-dev" };
-const NFKM_KeyIdent hsmEcdsaPubkeyidentDev = { (char*)"simple", (char*)"nintendo-ctr2-pub-dummy-dev" };
-const NFKM_KeyIdent hsmEcdsaPrivkeyidentProd = { (char*)"simple", (char*)"nintendo-ctr2-priv-dummy-prod" };
-const NFKM_KeyIdent hsmEcdsaPubkeyidentProd = { (char*)"simple", (char*)"nintendo-ctr2-pub-dummy-prod" };
+const NFKM_KeyIdent hsmEcdsaPrivkeyidentDev = { (char*)"simple", (char*)"nct2-priv-dev" };
+const NFKM_KeyIdent hsmEcdsaPrivkeyidentProd = { (char*)"simple", (char*)"nct2-priv-prod" };
 int hsm_ecdsa_load_keypair( NFKM_KeyIdent privKeyident, M_KeyID *privKeyid,
 								NFKM_KeyIdent pubKeyident, M_KeyID *pubKeyid );

@ -179,12 +173,9 @@ int hsm_initialize( void )
 		return ret_code;
 	}
 #endif
-	
-	printf( "init, hsm alloc counter : %d\n", my_hsm_get_alloc_counter() );
-	
+		
 	// init HSM
 	ret_code = NFastApp_Init( &hsmHandle, my_hsm_malloc, my_hsm_realloc, my_hsm_free, NULL );
-	//ret_code = NFastApp_InitEx( &hsmHandle, NULL, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
@ -258,7 +249,7 @@ int hsm_initialize( void )

 	// load ecdsa dev keypair
 	ret_code = hsm_ecdsa_load_keypair( hsmEcdsaPrivkeyidentDev, &hsmEcdsaPrivkeyidDev,
-											hsmEcdsaPubkeyidentDev, &hsmEcdsaPubkeyidDev );
+											NULL, &hsmEcdsaPubkeyidDev );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
@ -267,27 +258,25 @@ int hsm_initialize( void )
 	
 	// load ecdsa prod keypair
 	ret_code = hsm_ecdsa_load_keypair( hsmEcdsaPrivkeyidentProd, &hsmEcdsaPrivkeyidProd,
-											hsmEcdsaPubkeyidentProd, &hsmEcdsaPubkeyidProd );
+											NULL, &hsmEcdsaPubkeyidProd );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
 		return ret_code;
 	}

-	printf( "init end, hsm alloc counter : %d\n", my_hsm_get_alloc_counter() );
-
 	return ret_code;
 }	// hsm_initialize

 int hsm_finalize( void )
 {
 	int ret_code = CR_GENID_SUCCESS;
-	
+			
 	// void
 	NFKM_freeinfo( hsmHandle, &hsmWorld, NULL );
 	
 	ret_code = NFastApp_Disconnect( hsmConnection, NULL );
-		if ( ret_code != CR_GENID_SUCCESS )
+	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
 	}
@ -773,48 +762,64 @@ int hsm_ecdsa_load_keypair( NFKM_KeyIdent privKeyident, M_KeyID *privKeyid,
 		goto end;
 	}
 	
-	// find priv key
-	ret_code = NFKM_findkey( hsmHandle, privKeyident, &keyinfo, NULL );
-	if ( ret_code != CR_GENID_SUCCESS )
-	{	
-		SetErrorInfo( __FUNCTION__, __LINE__ );
-		goto end;
-	}
-	
-	// load priv key blob
-	blobptr = &(keyinfo->privblob);
-	ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
-								moduleinfo->module, blobptr, 
-								0, privKeyid, 
-								"loading priv key blob", NULL );
-	if ( ret_code != CR_GENID_SUCCESS )
+	// priv
+	if ( privKeyident != NULL )
 	{
-		SetErrorInfo( __FUNCTION__, __LINE__ );
-		goto end;
+		// find key
+		ret_code = NFKM_findkey( hsmHandle, privKeyident, &keyinfo, NULL );
+		if ( ret_code != CR_GENID_SUCCESS )
+		{	
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			goto end;
+		}
+		
+		// load key blob
+		blobptr = &(keyinfo->privblob);
+		ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
+									moduleinfo->module, blobptr, 
+									0, privKeyid, 
+									"loading priv key blob", NULL );
+		if ( ret_code != CR_GENID_SUCCESS )
+		{
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			goto end;
+		}
+		
+		NFKM_freekey( hsmHandle, keyinfo, NULL );
+		keyinfo = NULL;
 	}
-	
-	NFKM_freekey( hsmHandle, keyinfo, NULL );
-	keyinfo = NULL;
+	else
+	{
+		*privKeyid = 0;
+	}	// priv

-	// find pub key
-	ret_code = NFKM_findkey( hsmHandle, pubKeyident, &keyinfo, NULL );
-	if ( ret_code != CR_GENID_SUCCESS )
-	{	
-		SetErrorInfo( __FUNCTION__, __LINE__ );
-		goto end;
-	}
-	
-	// load public key blob
-	blobptr = &(keyinfo->pubblob);
-	ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
-								moduleinfo->module, blobptr, 
-								0, pubKeyid, 
-								"loading pub key blob", NULL );
-	if ( ret_code != CR_GENID_SUCCESS )
+	// pub
+	if ( pubKeyident != NULL )
 	{
-		SetErrorInfo( __FUNCTION__, __LINE__ );
-		goto end;
+		// find key
+		ret_code = NFKM_findkey( hsmHandle, pubKeyident, &keyinfo, NULL );
+		if ( ret_code != CR_GENID_SUCCESS )
+		{	
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			goto end;
+		}
+		
+		// load key blob
+		blobptr = &(keyinfo->pubblob);
+		ret_code = NFKM_cmd_loadblob( hsmHandle, hsmConnection,
+									moduleinfo->module, blobptr, 
+									0, pubKeyid, 
+									"loading pub key blob", NULL );
+		if ( ret_code != CR_GENID_SUCCESS )
+		{
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			goto end;
+		}
 	}
+	else
+	{
+		*pubKeyid = 0;
+	}	// pub

 end:
 	NFKM_freekey( hsmHandle, keyinfo, NULL );
@ -883,7 +888,7 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c
 																												
 	
 	// verify
-#if 1
+#if 0
 	struct NFast_Bignum *rBn, *sBn;
 	my_bignumCopy( &rBn, reply.reply.sign.sig.data.ecdsa.r, hsmHandle );
 	my_bignumCopy( &sBn, reply.reply.sign.sig.data.ecdsa.s, hsmHandle );