diff --git a/Makefile b/Makefile index f9288ea..3f0a2f0 100644 --- a/Makefile +++ b/Makefile @@ -8,15 +8,15 @@ #@ÅI“I‚ȃrƒ‹ƒhƒXƒCƒbƒ`‚ÌÝ’è‚ÍAˆÈ‰º‚Ì’Ê‚èB # DEV_CYGWIN = FALSE # DEBUG_PRINT = FALSE -# DSA_SHA256 = TRUE +# ECDSA_SHA256 = TRUE # USE_HSM = TRUE # RESET_HSM = TRUE -DEV_CYGWIN = FALSE -DEBUG_PRINT = FALSE -DSA_SHA256 = TRUE -USE_HSM = TRUE -RESET_HSM = TRUE +DEV_CYGWIN = FALSE +DEBUG_PRINT = FALSE +ECDSA_SHA256 = TRUE +USE_HSM = TRUE +RESET_HSM = TRUE ifeq ($(USE_HSM),TRUE) @@ -127,8 +127,8 @@ ifeq ($(DEBUG_PRINT),TRUE) CFLAGS += -DDEBUG_PRINT endif -ifeq ($(DSA_SHA256),TRUE) -CFLAGS += -DDSA_SHA256 +ifeq ($(ECDSA_SHA256),TRUE) +CFLAGS += -DECDSA_SHA256 endif ifeq ($(USE_HSM),TRUE) diff --git a/cr_device_cert.c b/cr_device_cert.c index f6a39c6..e1262ef 100644 --- a/cr_device_cert.c +++ b/cr_device_cert.c @@ -186,15 +186,15 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 memset( &deviceCert, 0, sizeof(deviceCert) ); // sigType - // 0x00010005 ECDSA+SHA256, 0x00010002 ECDSA+SHA1 + // ECDSA+SHA256 = 0x00010005, ECDSA+SHA1 = 0x00010002 deviceCert.sigType[0] = 0x00; deviceCert.sigType[1] = 0x01; deviceCert.sigType[2] = 0x00; -#ifdef DSA_SHA256 +#ifdef ECDSA_SHA256 deviceCert.sigType[3] = 0x05; -#else +#else // !ECDSA_SHA256 deviceCert.sigType[3] = 0x02; -#endif +#endif // ECDSA_SHA256 // issuerName for( i = 0; i < sizeof(issuerName); i++ ) { @@ -228,7 +228,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 #ifdef USE_HSM // ECDSAç½²å付加 -#ifdef DSA_SHA256 +#ifdef ECDSA_SHA256 u8 sha256Buf[ SHA256_DIGEST_LENGTH ]; // CR_DeviceCertã®SHA256計算 @@ -236,13 +236,13 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 DEBUG_PRINT_ARRAY( "sha256(HSM)", (const char *)sha256Buf, 32 ); ret_code = hsm_ecdsa_sign( deviceCert.eccSignature, sha256Buf, bonding_option ); -#else // !DSA_SHA256 +#else // !ECDSA_SHA256 u8 sha1Buf[ 20 ]; SHA1( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha1Buf ); DEBUG_PRINT_ARRAY( "sha1(HSM)", (const char *)sha1Buf, 20 ); ret_code = hsm_ecdsa_sign( deviceCert.eccSignature, sha1Buf, bonding_option ); -#endif // DSA_SHA256 +#endif // ECDSA_SHA256 if ( ret_code != CR_GENID_SUCCESS ) { @@ -270,7 +270,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 #endif } // ECDSAç½²å付加 -#ifdef DSA_SHA256 +#ifdef ECDSA_SHA256 u8 sha256Buf[ SHA256_DIGEST_LENGTH ]; u8 ecdsasig[ 0x80 ]; const u8 *pECDSAsig = ecdsasig; @@ -284,7 +284,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 // 上ä½232bit分ã§ç½²å memset( ecdsasig, 0, sizeof(ecdsasig) ); test_ret = ECDSA_sign( 0, sha256Buf, 233/8, ecdsasig, &signLen, NCT2 ); -#else // !DSA_SHA256 +#else // !ECDSA_SHA256 u8 sha1Buf[ 20 ]; u8 ecdsasig[ 0x80 ]; const u8 *pECDSAsig = ecdsasig; @@ -298,7 +298,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 // ç½²å memset( ecdsasig, 0, sizeof(ecdsasig) ); test_ret = ECDSA_sign( 0, sha1Buf, 20, ecdsasig, &signLen, NCT2 ); -#endif // DSA_SHA256 +#endif // ECDSA_SHA256 if (test_ret == 0) { ret_code = CR_GENID_ERROR_ECDSA_SIGN; @@ -329,11 +329,11 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 #endif // USE_HSM #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE -#ifdef DSA_SHA256 +#ifdef ECDSA_SHA256 DebugFileOutput( device_id, "dgst", sha256Buf, 233/8 ); -#else // !DSA_SHA256 +#else // !ECDSA_SHA256 DebugFileOutput( device_id, "dgst", sha1Buf, 20 ); -#endif // DSA_SHA256 +#endif // ECDSA_SHA256 DebugFileOutput( device_id, "sign", ecdsasig, signLen ); #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE @@ -360,8 +360,8 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 ret_code = CR_GENID_ERROR_ECC_READ_PUBLIC_KEY; goto end; } -#ifdef DSA_SHA256 - // TODO: ãƒãƒƒã‚·ãƒ¥å‡¦ç† +#ifdef ECDSA_SHA256 + // ãƒãƒƒã‚·ãƒ¥å‡¦ç† int i; u8 verifyHash[30]; memset( verifyHash, 0, sizeof( verifyHash ) ); @@ -372,11 +372,9 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 verifyHash[i] = (sha256Buf[i-1] << 1) | (sha256Buf[i] >> 7); } DEBUG_PRINT_ARRAY( (char*)"verifyHash(HSM)", (const char *)verifyHash, 30 ); -#else // !DSA_SHA256 - // do nothing -#endif // DSA_SHA256 +#endif // ECDSA_SHA256 - // TODO: ECDSAç½²å(DER)をå†æ§‹ç¯‰ + // ECDSAç½²å(DER)をå†æ§‹ç¯‰ u8 signBuf[70]; int signLen = 66; memset( signBuf, 0, sizeof( signBuf ) ); @@ -390,7 +388,8 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 memcpy( &signBuf[0x24], &deviceCert.eccSignature[30], 0x1E ); DEBUG_PRINT_ARRAY( (char*)"sign(HSM)", (const char *)signBuf, signLen ); -#ifdef DSA_SHA256 +#ifdef ECDSA_SHA256 + // TODO : ECDSA-SHA256 ã§ã®æ¤œè¨¼ã‚’通㙠#if 0 // ç½²åベリファイ ret_code = ECDSA_verify( 0, verifyHash, 30, signBuf, signLen, NCT2 ); @@ -400,7 +399,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 goto end; } #endif -#else // !DSA_SHA256 +#else // !ECDSA_SHA256 // ç½²åベリファイ ret_code = ECDSA_verify( 0, sha1Buf, 20, signBuf, signLen, NCT2 ); if( ret_code != 1) { @@ -408,7 +407,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } -#endif // DSA_SHA256 +#endif // ECDSA_SHA256 } ret_code = CR_GENID_SUCCESS; diff --git a/cr_generate_id.c b/cr_generate_id.c index 4a070be..4e75dd8 100644 --- a/cr_generate_id.c +++ b/cr_generate_id.c @@ -349,7 +349,6 @@ int cr_generate_id( u32 device_id[CR_NUM_OF_DEVICEID], u8 id_buf[CR_ID_BUF_SIZE] end: /* id_buf[]ã«ã‚¨ãƒ©ãƒ¼ãƒ­ã‚°ã‚’書ã込む。 */ - // TODO: 仕様をFIXã™ã‚‹å¿…è¦ã‚ã‚Š -> TORIAEZU version if ( ret_code != CR_GENID_SUCCESS ) { CR_ERR_BUFFER *cr_err_buf = (CR_ERR_BUFFER *)id_buf; diff --git a/cr_generate_id_private.h b/cr_generate_id_private.h index bb8d468..391088a 100644 --- a/cr_generate_id_private.h +++ b/cr_generate_id_private.h @@ -185,7 +185,7 @@ typedef struct { 0x10 - 0x17 64bit —\”õID (64bitƒtƒ‹‚ÉŽg—pB1`0x100000000‚Ì—”ƒJƒEƒ“ƒgƒAƒbƒv) */ - u8 version; /* 0x18 = CR_GEN_ID_VERSION = 1 */ + u8 version; /* 0x18 = CR_GEN_ID_VERSION */ u8 bonding_option; /* 0x19 ƒ{ƒ“ƒfƒBƒ“ƒOƒIƒvƒVƒ‡ƒ“ */ u8 year; /* 0x1A ƒfƒoƒCƒXØ–¾‘”­sŽžŠÔ iHSM‚©‚çŽæ“¾j */ u8 month; /* 0x1B */ @@ -203,7 +203,6 @@ typedef struct { u8 hash[ SHA256_DIGEST_LENGTH ]; /* 0xE0 - 0xFF "0x00-0xDF"—̈æ‚ÌSHA256ƒnƒbƒVƒ… */ } CR_ID_BUFFER; /* ‡Œv256bytes = 2048bit */ -// TORIAEZU Version #define CALL_STACK_SIZE (234) typedef struct { u64 totalCount; /* 0x00 - 0x07 */ diff --git a/cr_hsm_code.c b/cr_hsm_code.c index 0e8bae9..8bd9581 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -898,15 +898,15 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c cmd.cmd = Cmd_Sign; cmd.args.sign.flags = 0; // Cmd_Sign_Args_flags_given_iv_present; cmd.args.sign.key = privKeyid; -#ifdef DSA_SHA256 +#ifdef ECDSA_SHA256 cmd.args.sign.mech = Mech_ECDSAhSHA256; cmd.args.sign.plain.type = PlainTextType_Hash32; cmd.args.sign.plain.data.hash32.data = *(M_Hash32*)data_buf; -#else // !DSA_SHA256 +#else // !ECDSA_SHA256 cmd.args.sign.mech = Mech_ECDSA; cmd.args.sign.plain.type = PlainTextType_Hash; cmd.args.sign.plain.data.hash.data = *(M_Hash*)data_buf; -#endif // DSA_SHA256 +#endif // ECDSA_SHA256 // sign command issue ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); @@ -922,7 +922,6 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c return ret_code; } -#if 1 // signature bignum -> bin rLen = reply.reply.sign.sig.data.ecdsa.r->nbytes; rPtr = (unsigned char*)cr_mem_malloc( rLen ); @@ -930,8 +929,7 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c sLen = reply.reply.sign.sig.data.ecdsa.s->nbytes; sPtr = (unsigned char*)cr_mem_malloc( sLen ); my_bignum2bin ( sPtr, sLen, hsmHandle, reply.reply.sign.sig.data.ecdsa.s ); -#endif - + #if 0 DEBUG_PRINT_ARRAY( (char*)"sig r(HSM)", (const char *)rPtr, rLen ); DEBUG_PRINT_ARRAY( (char*)"sig s(HSM)", (const char *)sPtr, sLen ); @@ -951,34 +949,33 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c cmd.cmd = Cmd_Verify; cmd.args.verify.flags = 0; cmd.args.verify.key = pubKeyid; -#ifdef DSA_SHA256 +#ifdef ECDSA_SHA256 cmd.args.verify.mech = Mech_ECDSAhSHA256; cmd.args.verify.plain.type = PlainTextType_Hash32; cmd.args.verify.plain.data.hash32.data = *(M_Hash32*)data_buf; cmd.args.verify.sig.mech = Mech_ECDSAhSHA256; -#else // !DSA_SHA256 +#else // !ECDSA_SHA256 cmd.args.verify.mech = Mech_ECDSA; cmd.args.verify.plain.type = PlainTextType_Hash; cmd.args.verify.plain.data.hash.data = *(M_Hash*)data_buf; cmd.args.verify.sig.mech = Mech_ECDSA; -#endif // DSA_SHA256 +#endif // ECDSA_SHA256 cmd.args.verify.sig.data.ecdsa.r = rBn; cmd.args.verify.sig.data.ecdsa.s = sBn; ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); + NFastApp_Free( hsmHandle, rBn, NULL, NULL ); + NFastApp_Free( hsmHandle, sBn, NULL, NULL ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); - return ret_code; + goto end; } ret_code = reply.status; if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); - return ret_code; + goto end; } - - NFastApp_Free( hsmHandle, rBn, NULL, NULL ); - NFastApp_Free( hsmHandle, sBn, NULL, NULL ); #else // !verify NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd ); #endif // verify @@ -1003,10 +1000,11 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c sign_buf[ 60 - i - 1 ] = sPtr[ sLen - i - 1 ]; } +end: cr_mem_free( rPtr ); cr_mem_free( sPtr ); - return CR_GENID_SUCCESS; + return ret_code; } // hsm_ecdsa_sign #endif // USE_HSM diff --git a/main.c b/main.c index fec6f57..4f85997 100644 --- a/main.c +++ b/main.c @@ -15,7 +15,7 @@ #include "cr_generate_id.h" -#define T_BONDING_OPTION 0 // TORIAEZU : bonding_option = 0 +#define BONDING_OPTION 0 // 製å“用IDを生æˆã™ã‚‹ // extern const int isDummyPrivateKey; @@ -251,7 +251,7 @@ int main(int ac, char *argv[]) time_start = gettimeofday_sec(); - ret_code = cr_generate_id( device_id, id, T_BONDING_OPTION ); + ret_code = cr_generate_id( device_id, id, BONDING_OPTION ); if( ret_code != 0 ) { fprintf(stderr,"generate_id failed\n"); } @@ -290,7 +290,7 @@ int main(int ac, char *argv[]) time_start = gettimeofday_sec(); cr_print_flag = 1; - if( 0 != cr_generate_id( device_id, id, T_BONDING_OPTION ) ) + if( 0 != cr_generate_id( device_id, id, BONDING_OPTION ) ) { fprintf(stderr,"cr_generate_id failed s1=0x%08x s2_lo=0x%08x s2_hi=0x%08x\n", (int)device_id[0], (int)device_id[1], (int)device_id[2]); @@ -319,7 +319,7 @@ int main(int ac, char *argv[]) } else { time_start = gettimeofday_sec(); - if( 0 != cr_generate_id( device_id, id, T_BONDING_OPTION ) ) + if( 0 != cr_generate_id( device_id, id, BONDING_OPTION ) ) { fprintf(stderr,"cr_generate_id failed s1=0x%08x s2_lo=0x%08x s2_hi=0x%08x\n", (int)device_id[0], (int)device_id[1], (int)device_id[2]);