TORIAEZUを除去など、現場用調整

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@171 ff987cc8-cf2f-4642-8568-d52cce064691
2025-11-02 00:11:04 -04:00 · 2010-01-12 06:51:20 +00:00 · 2010-01-12 06:51:20 +00:00 · 6dbcbb1218
commit 6dbcbb1218
parent ca0d97fa46
6 changed files with 47 additions and 52 deletions
--- a/16
+++ b/16
@ -8,15 +8,15 @@
 #　最終的なビルドスイッチの設定は、以下の通り。
 #      DEV_CYGWIN    = FALSE
 #      DEBUG_PRINT   = FALSE
-#      DSA_SHA256    = TRUE
+#      ECDSA_SHA256  = TRUE
 #      USE_HSM       = TRUE
 #      RESET_HSM     = TRUE
-DEV_CYGWIN  = FALSE
+DEV_CYGWIN   = FALSE
-DEBUG_PRINT = FALSE
+DEBUG_PRINT  = FALSE
-DSA_SHA256  = TRUE
+ECDSA_SHA256 = TRUE
-USE_HSM     = TRUE
+USE_HSM      = TRUE
-RESET_HSM   = TRUE
+RESET_HSM    = TRUE
 ifeq ($(USE_HSM),TRUE)
@ -127,8 +127,8 @@ ifeq ($(DEBUG_PRINT),TRUE)
 CFLAGS += -DDEBUG_PRINT
 endif
-ifeq ($(DSA_SHA256),TRUE)
+ifeq ($(ECDSA_SHA256),TRUE)
-CFLAGS += -DDSA_SHA256
+CFLAGS += -DECDSA_SHA256
 endif
 ifeq ($(USE_HSM),TRUE)
--- a/cr_device_cert.c
+++ b/cr_device_cert.c
@ -186,15 +186,15 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 	memset( &deviceCert, 0, sizeof(deviceCert) );
 	// sigType	
-	// 0x00010005	ECDSA+SHA256, 0x00010002	ECDSA+SHA1
+	// ECDSA+SHA256 = 0x00010005, ECDSA+SHA1 = 0x00010002
 	deviceCert.sigType[0] = 0x00;
 	deviceCert.sigType[1] = 0x01;
 	deviceCert.sigType[2] = 0x00;
-#ifdef DSA_SHA256
+#ifdef ECDSA_SHA256
 	deviceCert.sigType[3] = 0x05;
-#else
+#else	// !ECDSA_SHA256
 	deviceCert.sigType[3] = 0x02;
-#endif
+#endif	// ECDSA_SHA256
 	// issuerName
 	for( i = 0; i < sizeof(issuerName); i++ ) {
@ -228,7 +228,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 #ifdef USE_HSM
 	// ECDSA署名付加
-#ifdef DSA_SHA256
+#ifdef ECDSA_SHA256
 	u8 sha256Buf[ SHA256_DIGEST_LENGTH ];
 	// CR_DeviceCertのSHA256計算
@ -236,13 +236,13 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 	DEBUG_PRINT_ARRAY( "sha256(HSM)", (const char *)sha256Buf, 32 );
 	ret_code = hsm_ecdsa_sign( deviceCert.eccSignature, sha256Buf, bonding_option );
-#else	// !DSA_SHA256
+#else	// !ECDSA_SHA256
 	u8 sha1Buf[ 20 ];
 	SHA1( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha1Buf );
 	DEBUG_PRINT_ARRAY( "sha1(HSM)", (const char *)sha1Buf, 20 );
 	ret_code = hsm_ecdsa_sign( deviceCert.eccSignature, sha1Buf, bonding_option );
-#endif	// DSA_SHA256
+#endif	// ECDSA_SHA256
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
@ -270,7 +270,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 #endif
 	}
 	// ECDSA署名付加
-#ifdef DSA_SHA256
+#ifdef ECDSA_SHA256
 	u8 sha256Buf[ SHA256_DIGEST_LENGTH ];
 	u8 ecdsasig[ 0x80 ];
 	const u8 *pECDSAsig = ecdsasig;
@ -284,7 +284,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 	// 上位232bit分で署名
 	memset( ecdsasig, 0, sizeof(ecdsasig) );
 	test_ret = ECDSA_sign( 0, sha256Buf, 233/8, ecdsasig, &signLen, NCT2 );
-#else	// !DSA_SHA256
+#else	// !ECDSA_SHA256
 	u8 sha1Buf[ 20 ];
 	u8 ecdsasig[ 0x80 ];
 	const u8 *pECDSAsig = ecdsasig;
@ -298,7 +298,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 	// 署名
 	memset( ecdsasig, 0, sizeof(ecdsasig) );
 	test_ret = ECDSA_sign( 0, sha1Buf, 20, ecdsasig, &signLen, NCT2 );
-#endif	// DSA_SHA256
+#endif	// ECDSA_SHA256
 	if (test_ret == 0) {
 		ret_code = CR_GENID_ERROR_ECDSA_SIGN;
@ -329,11 +329,11 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 #endif	// USE_HSM
 #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE
-#ifdef DSA_SHA256
+#ifdef ECDSA_SHA256
 	DebugFileOutput( device_id, "dgst", sha256Buf, 233/8 );
-#else	// !DSA_SHA256
+#else	// !ECDSA_SHA256
 	DebugFileOutput( device_id, "dgst", sha1Buf, 20 );
-#endif	// DSA_SHA256
+#endif	// ECDSA_SHA256
 	DebugFileOutput( device_id, "sign", ecdsasig,  signLen );
 #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE
@ -360,8 +360,8 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 			ret_code = CR_GENID_ERROR_ECC_READ_PUBLIC_KEY;
 			goto end;
 		}
-#ifdef DSA_SHA256
+#ifdef ECDSA_SHA256
-		// TODO: ハッシュ処理
+		// ハッシュ処理
 		int i;
 		u8 verifyHash[30];
 		memset( verifyHash, 0, sizeof( verifyHash ) );
@ -372,11 +372,9 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 			verifyHash[i] = (sha256Buf[i-1] << 1) | (sha256Buf[i] >> 7);
 		}
 		DEBUG_PRINT_ARRAY( (char*)"verifyHash(HSM)", (const char *)verifyHash, 30 );
-#else	// !DSA_SHA256
+#endif	// ECDSA_SHA256
 		// do nothing
 #endif	// DSA_SHA256
-		// TODO: ECDSA署名（DER）を再構築
+		// ECDSA署名（DER）を再構築
 		u8 signBuf[70];
 		int signLen = 66;
 		memset( signBuf, 0, sizeof( signBuf ) );
@ -390,7 +388,8 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 		memcpy( &signBuf[0x24], &deviceCert.eccSignature[30], 0x1E );	
 		DEBUG_PRINT_ARRAY( (char*)"sign(HSM)", (const char *)signBuf, signLen );
-#ifdef DSA_SHA256
+#ifdef ECDSA_SHA256
 		// TODO : ECDSA-SHA256 での検証を通す
 #if 0
 		// 署名ベリファイ
 		ret_code = ECDSA_verify( 0, verifyHash, 30, signBuf, signLen, NCT2 );
@ -400,7 +399,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 			goto end;
 		}
 #endif
-#else	// !DSA_SHA256
+#else	// !ECDSA_SHA256
 		// 署名ベリファイ
 		ret_code = ECDSA_verify( 0, sha1Buf, 20, signBuf, signLen, NCT2 );
 	    if( ret_code != 1) {
@ -408,7 +407,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 			SetErrorInfo( __FUNCTION__, __LINE__ );
 			goto end;
 		}
-#endif	// DSA_SHA256
+#endif	// ECDSA_SHA256
 	}
 	ret_code = CR_GENID_SUCCESS;
--- a/cr_generate_id.c
+++ b/cr_generate_id.c
@ -349,7 +349,6 @@ int cr_generate_id( u32 device_id[CR_NUM_OF_DEVICEID], u8 id_buf[CR_ID_BUF_SIZE]
 end:
 	/* id_buf[]にエラーログを書き込む。 */
 	// TODO: 仕様をFIXする必要あり	-> TORIAEZU version
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		CR_ERR_BUFFER *cr_err_buf = (CR_ERR_BUFFER *)id_buf;
--- a/cr_generate_id_private.h
+++ b/cr_generate_id_private.h
@ -185,7 +185,7 @@ typedef struct {
                                         0x10 - 0x17 64bit 予備ID
                                                     (64bitフルに使用。1～0x100000000の乱数カウントアップ)
                                      */
-    u8  version;                      /* 0x18        = CR_GEN_ID_VERSION = 1 */
+    u8  version;                      /* 0x18        = CR_GEN_ID_VERSION */
    u8  bonding_option;               /* 0x19        ボンディングオプション */
    u8  year;                         /* 0x1A        デバイス証明書発行時間 （HSMから取得） */
    u8  month;                        /* 0x1B */
@ -203,7 +203,6 @@ typedef struct {
    u8  hash[ SHA256_DIGEST_LENGTH ]; /* 0xE0 - 0xFF "0x00-0xDF"領域のSHA256ハッシュ */
 } CR_ID_BUFFER;                     /* 合計256bytes = 2048bit */
 // TORIAEZU Version
 #define CALL_STACK_SIZE		(234)
 typedef struct {
 	u64 totalCount;         /* 0x00 - 0x07 */
--- a/cr_hsm_code.c
+++ b/cr_hsm_code.c
@ -898,15 +898,15 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c
 	cmd.cmd = Cmd_Sign;
 	cmd.args.sign.flags = 0;	// Cmd_Sign_Args_flags_given_iv_present;
 	cmd.args.sign.key = privKeyid;
-#ifdef DSA_SHA256
+#ifdef ECDSA_SHA256
 	cmd.args.sign.mech = Mech_ECDSAhSHA256;
 	cmd.args.sign.plain.type = PlainTextType_Hash32;
 	cmd.args.sign.plain.data.hash32.data = *(M_Hash32*)data_buf;
-#else	// !DSA_SHA256
+#else	// !ECDSA_SHA256
 	cmd.args.sign.mech = Mech_ECDSA;
 	cmd.args.sign.plain.type = PlainTextType_Hash;
 	cmd.args.sign.plain.data.hash.data = *(M_Hash*)data_buf;
-#endif	// DSA_SHA256
+#endif	// ECDSA_SHA256
 	// sign command issue
 	ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
@ -922,7 +922,6 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c
 		return ret_code;
 	}
 #if 1
 	// signature bignum -> bin
 	rLen = reply.reply.sign.sig.data.ecdsa.r->nbytes;
 	rPtr = (unsigned char*)cr_mem_malloc( rLen );
@ -930,8 +929,7 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c
 	sLen = reply.reply.sign.sig.data.ecdsa.s->nbytes;
 	sPtr = (unsigned char*)cr_mem_malloc( sLen );
 	my_bignum2bin ( sPtr, sLen, hsmHandle, reply.reply.sign.sig.data.ecdsa.s );
-#endif
+	
 #if 0
 	DEBUG_PRINT_ARRAY( (char*)"sig r(HSM)", (const char *)rPtr, rLen );
 	DEBUG_PRINT_ARRAY( (char*)"sig s(HSM)", (const char *)sPtr, sLen );
@ -951,34 +949,33 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c
 	cmd.cmd = Cmd_Verify;
 	cmd.args.verify.flags = 0;
 	cmd.args.verify.key = pubKeyid;
-#ifdef DSA_SHA256
+#ifdef ECDSA_SHA256
 	cmd.args.verify.mech = Mech_ECDSAhSHA256;
 	cmd.args.verify.plain.type = PlainTextType_Hash32;
 	cmd.args.verify.plain.data.hash32.data = *(M_Hash32*)data_buf;
 	cmd.args.verify.sig.mech = Mech_ECDSAhSHA256;
-#else	// !DSA_SHA256
+#else	// !ECDSA_SHA256
 	cmd.args.verify.mech = Mech_ECDSA;
 	cmd.args.verify.plain.type = PlainTextType_Hash;
 	cmd.args.verify.plain.data.hash.data = *(M_Hash*)data_buf;
 	cmd.args.verify.sig.mech = Mech_ECDSA;
-#endif	// DSA_SHA256
+#endif	// ECDSA_SHA256
 	cmd.args.verify.sig.data.ecdsa.r = rBn;
 	cmd.args.verify.sig.data.ecdsa.s = sBn;
 	ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL );
 	NFastApp_Free( hsmHandle, rBn, NULL, NULL );
 	NFastApp_Free( hsmHandle, sBn, NULL, NULL );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
-		return ret_code;
+		goto end;
 	}
 	ret_code = reply.status;
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
-		return ret_code;
+		goto end;
 	}
 	NFastApp_Free( hsmHandle, rBn, NULL, NULL );
 	NFastApp_Free( hsmHandle, sBn, NULL, NULL );
 #else	// !verify
 	NFastApp_Free_Command( hsmHandle, NULL, NULL, &cmd );
 #endif	// verify
@ -1003,10 +1000,11 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c
 			sign_buf[ 60 - i - 1 ] = sPtr[ sLen - i - 1 ];
 	}
 end:
 	cr_mem_free( rPtr );
 	cr_mem_free( sPtr );
-	return CR_GENID_SUCCESS;
+	return ret_code;
 }	// hsm_ecdsa_sign
 #endif // USE_HSM
--- a/main.c
+++ b/main.c
@ -15,7 +15,7 @@
 #include "cr_generate_id.h"
-#define T_BONDING_OPTION	0	// TORIAEZU : bonding_option = 0
+#define BONDING_OPTION	0	// 製品用IDを生成する
 // extern const int isDummyPrivateKey;
@ -251,7 +251,7 @@ int main(int ac, char *argv[])
      time_start = gettimeofday_sec();
-      ret_code = cr_generate_id( device_id, id, T_BONDING_OPTION );
+      ret_code = cr_generate_id( device_id, id, BONDING_OPTION );
      if( ret_code != 0 ) {
        fprintf(stderr,"generate_id failed\n");
      }
@ -290,7 +290,7 @@ int main(int ac, char *argv[])
      time_start = gettimeofday_sec();
      cr_print_flag = 1;
-      if( 0 != cr_generate_id( device_id, id, T_BONDING_OPTION ) ) 
+      if( 0 != cr_generate_id( device_id, id, BONDING_OPTION ) ) 
      {
    fprintf(stderr,"cr_generate_id failed s1=0x%08x s2_lo=0x%08x s2_hi=0x%08x\n",
        (int)device_id[0], (int)device_id[1], (int)device_id[2]);
@ -319,7 +319,7 @@ int main(int ac, char *argv[])
      }
      else {
    time_start = gettimeofday_sec();
-    if( 0 != cr_generate_id( device_id, id, T_BONDING_OPTION ) )
+    if( 0 != cr_generate_id( device_id, id, BONDING_OPTION ) )
    {
      fprintf(stderr,"cr_generate_id failed s1=0x%08x s2_lo=0x%08x s2_hi=0x%08x\n",
          (int)device_id[0], (int)device_id[1], (int)device_id[2]);