From bc0a31eed395e6f17f7000d69e8001875f6b71d1 Mon Sep 17 00:00:00 2001
From: "(no author)" <(no author)@ff987cc8-cf2f-4642-8568-d52cce064691>
Date: Thu, 4 Mar 2010 06:16:15 +0000
Subject: [PATCH] =?UTF-8?q?=E3=82=B7=E3=83=A3=E3=83=BC=E3=83=97=E5=81=B4?=
 =?UTF-8?q?=E3=81=A7=E7=94=9F=E6=88=90=E3=81=95=E3=82=8C=E3=81=9FID?=
 =?UTF-8?q?=E3=82=92=E6=A4=9C=E8=A8=BC=E3=81=99=E3=82=8B=E3=81=9F=E3=82=81?=
 =?UTF-8?q?=E3=81=AE=E3=83=84=E3=83=BC=E3=83=AB=E3=80=81testSharpID.exe=20?=
 =?UTF-8?q?=E3=82=92=E3=83=93=E3=83=AB=E3=83=89=E3=81=A7=E3=81=8D=E3=82=8B?=
 =?UTF-8?q?=E3=82=88=E3=81=86=E5=A4=89=E6=9B=B4=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@202 ff987cc8-cf2f-4642-8568-d52cce064691
---
 trunk/Makefile.testSharpID     | 224 ++++++++++++++++++++++++++++++
 trunk/cr_device_cert.c         | 114 ++++++++++++++++
 trunk/cr_enc_id.c              |  40 ++++++
 trunk/cr_generate_id_private.h |   2 +
 trunk/cr_keyPair.c             |  42 ++++++
 trunk/main2.c                  | 239 +++++++++++++++++++++++++++++++++
 6 files changed, 661 insertions(+)
 create mode 100644 trunk/Makefile.testSharpID
 create mode 100644 trunk/main2.c

diff --git a/trunk/Makefile.testSharpID b/trunk/Makefile.testSharpID
new file mode 100644
index 0000000..ae9f62f
--- /dev/null
+++ b/trunk/Makefile.testSharpID
@@ -0,0 +1,224 @@
+# nm ntd_mem_allocator.o | grep " [T|B|D] "
+# nm ntd_crypto_ecdsa.o | grep " [T|B|D] "
+# nm ntd_crypto_rsa.o | grep " [T|B|D] "
+# nm generate_id.o | grep " [T|B|D] "
+# nm ../rsa_keysrcgen/rsa1_key.o | grep " [T|B|D] "
+
+
+#　最終的なビルドスイッチの設定は、以下の通り。
+#      DEV_CYGWIN    = FALSE
+#      DEBUG_PRINT   = FALSE
+#      DEBUG_OUTPUT  = FALSE
+#      ECDSA_SHA256  = TRUE
+#      USE_HSM       = TRUE
+#      RESET_HSM     = TRUE
+
+DEV_CYGWIN   = TRUE
+DEBUG_PRINT  = TRUE
+DEBUG_OUTPUT = FALSE
+ECDSA_SHA256 = TRUE
+USE_HSM      = FALSE
+RESET_HSM    = TRUE
+
+ifeq ($(USE_HSM),TRUE)
+
+# HSM使用時は強制的にDUMMY_KEYは未使用にする。
+USE_DUMMY_KEY = FALSE
+
+# nFast Path
+NFAST_PATH = /opt/nfast
+
+# nFast Developer tools installation
+NFAST_DEV_PATH = $(NFAST_PATH)/c/ctd/gcc
+NFAST_EXAMPLES = $(NFAST_PATH)/c/ctd/examples
+
+# nFast Developer tools library
+NFAST_LIBPATH = $(NFAST_DEV_PATH)/lib
+
+# nFast Developer tools include
+NFAST_INC = $(NFAST_DEV_PATH)/include
+
+# nFast CPPFLAGS
+NFAST_CPPFLAGS = \
+					-I$(NFAST_INC)/sworld \
+					-I$(NFAST_INC)/hilibs \
+					-I$(NFAST_INC)/nflog \
+					-I$(NFAST_INC)/cutils \
+					-I$(NFAST_EXAMPLES)/sworld \
+					-I$(NFAST_EXAMPLES)/hilibs \
+					-I$(NFAST_EXAMPLES)/nflog \
+					-I$(NFAST_EXAMPLES)/cutils \
+					
+# nFast LDLIBS
+NFAST_LDLIBS = \
+					$(NFAST_LIBPATH)/libnfkm.a \
+					$(NFAST_LIBPATH)/libnfstub.a \
+					$(NFAST_LIBPATH)/libnflog.a \
+					$(NFAST_LIBPATH)/libcutils.a \
+
+else # !USE_HSM
+
+# HSMが使用できない場合は、DUMMY_KEYを使ってテストする。
+USE_DUMMY_KEY = TRUE
+
+endif # USE_HSM
+
+ifeq ($(USE_DUMMY_KEY),TRUE)
+DEV_DER_KEY_DIR  = ./dummyKey/dev
+PROD_DER_KEY_DIR = ./dummyKey/prod
+else # !USE_DUMMY_KEY
+DEV_DER_KEY_DIR  = ./realKey/dev
+PROD_DER_KEY_DIR = ./realKey/prod
+endif # USE_DUMMY_KEY
+
+PACKAGE_DIR = ./package
+OPENSSL_DIR = ./openssl-1.0.0-beta5
+# OPENSSL_DIR = ./openssl-0.9.8k
+
+TARGET_LIB  = libgenid.a
+
+TARGET	    = testSharpID
+
+KEYS_C  = cr_eFuse_iv_prod.c \
+          cr_eFuse_iv_dev.c  \
+          cr_NCT2_pub_prod.c \
+          cr_NCT2_pub_dev.c
+  
+ifeq ($(USE_DUMMY_KEY),TRUE)
+KEYS_C  += cr_eFuse_privKey_prod.c cr_eFuse_pubKey_prod.c \
+           cr_eFuse_privKey_dev.c  cr_eFuse_pubKey_dev.c \
+           cr_eFuse_aesKey_prod.c \
+           cr_eFuse_aesKey_dev.c \
+           cr_NCT2_priv_prod.c \
+           cr_NCT2_priv_dev.c
+endif # USE_DUMMY_KEY
+
+SRCS	=	main2.c
+OBJS	=	$(notdir $(SRCS:.c=.o))
+
+LIB_SRCS	= cr_generate_id.c cr_id_util.c cr_keyPair.c \
+          cr_device_cert.c cr_enc_id.c cr_alloc.c \
+          cr_hsm_code.c cr_hsm_alloc.c cr_hsm_bignum.c
+LIB_OBJS	= $(notdir $(LIB_SRCS:.c=.o))
+
+CFLAGS	= -Wall -DMEXP=216091 -msse2 -DHAVE_SSE2
+CPPFLAGS= -I. -I$(OPENSSL_DIR)/include -I$(OPENSSL_DIR)/crypto/ec
+LDFLAGS	= -mwindows -L$(OPENSSL_DIR)
+LDLIBS	= -lcrypto -lssl
+MERGE_PROG = merge_lib_objs.plx
+
+ifeq ($(DEV_CYGWIN),TRUE)
+CC := C:/Cygwin/bin/gcc
+LD	= C:/Cygwin/bin/gcc
+CFLAGS	+= -mno-cygwin -DDEV_CYGWIN
+LDFLAGS	+= -Wl,--subsystem,console -mno-cygwin
+TARGET_DEL	= $(TARGET).exe
+else # DEV_CYGWIN
+CC := /usr/bin/gcc
+LD	= /usr/bin/gcc
+LDFLAGS	+= -Wl
+LDLIBS	+= -ldl -lnsl
+TARGET_DEL	= $(TARGET)
+endif # DEV_CYGWIN
+
+ifeq ($(USE_DUMMY_KEY),TRUE)
+CFLAGS += -DUSE_DUMMY_KEY
+endif
+
+ifeq ($(DEBUG_PRINT),TRUE)
+CFLAGS += -DDEBUG_PRINT
+endif
+
+ifeq ($(DEBUG_OUTPUT),TRUE)
+CFLAGS += -DDEBUG_OUTPUT_FILE
+endif
+
+ifeq ($(ECDSA_SHA256),TRUE)
+CFLAGS += -DECDSA_SHA256
+endif
+
+ifeq ($(USE_HSM),TRUE)
+CFLAGS  += -DUSE_HSM
+CPPFLAGS+= $(NFAST_CPPFLAGS)
+LDLIBS  += $(NFAST_LDLIBS)
+MERGE_PROG = merge_lib_objs_hsm.plx
+endif
+
+ifeq ($(RESET_HSM),TRUE)
+CFLAGS += -DRESET_HSM
+endif
+
+.SUFFIXES:
+
+all: package_build $(KEYS_C) $(TARGET_LIB) $(TARGET) 
+
+# install: $(TARGET)
+#	install -c -m 777 $(TARGET) ../bin
+
+ifeq ($(DEV_CYGWIN),TRUE)
+package_build :
+	cd $(PACKAGE_DIR);make DEV_CYGWIN=TRUE
+else
+package_build :
+	cd $(PACKAGE_DIR);make
+endif
+
+$(TARGET): $(OBJS) $(TARGET_LIB)
+	$(LD) $(LDFLAGS) $(OBJS) -o $@ $(TARGET_LIB)
+
+$(TARGET_LIB): $(LIB_OBJS)
+	ar rcs $@ $(LIB_OBJS)
+	perl tools/$(MERGE_PROG)
+
+%.o:%.c
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
+
+#%.c:$(DER_KEY_DIR)/%.der
+#	perl tools/bin2c.plx $<
+
+cr_eFuse_privKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_privKey.der
+	perl tools/bin2c.plx $< prod
+
+cr_eFuse_pubKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_pubKey.der
+	perl tools/bin2c.plx $< prod
+
+cr_eFuse_aesKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_aesKey.bin
+	perl tools/bin2c.plx $< prod
+
+cr_eFuse_iv_prod.c : $(PROD_DER_KEY_DIR)/eFuse_iv.bin
+	perl tools/bin2c.plx $< prod
+
+cr_NCT2_priv_prod.c : $(PROD_DER_KEY_DIR)/NCT2_priv.der
+	perl tools/bin2c.plx $< prod
+
+cr_NCT2_pub_prod.c : $(PROD_DER_KEY_DIR)/NCT2_pub.der
+	perl tools/bin2c.plx $< prod
+
+
+cr_eFuse_privKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_privKey.der
+	perl tools/bin2c.plx $< dev
+
+cr_eFuse_pubKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_pubKey.der
+	perl tools/bin2c.plx $< dev
+
+cr_eFuse_aesKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_aesKey.bin
+	perl tools/bin2c.plx $< dev
+
+cr_eFuse_iv_dev.c : $(DEV_DER_KEY_DIR)/eFuse_iv.bin
+	perl tools/bin2c.plx $< dev
+
+cr_NCT2_priv_dev.c : $(DEV_DER_KEY_DIR)/NCT2_priv.der
+	perl tools/bin2c.plx $< dev
+
+cr_NCT2_pub_dev.c : $(DEV_DER_KEY_DIR)/NCT2_pub.der
+	perl tools/bin2c.plx $< dev
+
+
+.PHONY: clean clobber
+clean:
+	$(RM) $(LIB_OBJS) $(OBJS) $(TARGET_DEL) $(TARGET_LIB) $(KEYS_C) $(KEYS_H)
+
+clobber:
+	$(RM) $(LIB_OBJS) $(OBJS) $(TARGET_DEL) $(TARGET_LIB) $(KEYS_C) $(KEYS_H)
+	cd $(PACKAGE_DIR);make clobber
+
diff --git a/trunk/cr_device_cert.c b/trunk/cr_device_cert.c
index 181ba25..8548ca4 100644
--- a/trunk/cr_device_cert.c
+++ b/trunk/cr_device_cert.c
@@ -167,6 +167,7 @@ const u8 issuerName[] = {
 };
 
 static void BN2BinWithPadding( BIGNUM *pBn, u8 *pDst, int dstLen );
+static void ConstructCTRDeviceCert( CR_DeviceCert *pDeviceCert, EC_KEY *pECkey, u8 bonding_option, u32 device_id, u32 expiryDate );
 
 
 // create CTR Device cert
@@ -451,3 +452,116 @@ static void BN2BinWithPadding( BIGNUM *pBN, u8 *pDst, int dstLen )
 		pDst[ dstLen - 1 - i ] = buffer[ bnByteLen - 1 - i ];
 	}
 }
+
+
+// eFuseID繧偵ｂ縺ｨ縺ｫ繝�繝舌う繧ｹ鄂ｲ蜷阪�ｮ繝√ぉ繝�繧ｯ
+int CheckCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 *pDevCertSign, u32 expiryDate )
+{
+	int ret_code = CR_GENID_SUCCESS;
+	CR_DeviceCert deviceCert;
+	EC_KEY *NCT2 = NULL;
+	u8 sha256Buf[ SHA256_DIGEST_LENGTH ];
+
+	ConstructCTRDeviceCert( &deviceCert, pECkey, bonding_option, device_id, expiryDate );
+
+	// CR_DeviceCert縺ｮSHA256險育ｮ�
+	SHA256( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha256Buf );
+
+	// ECDSA鄂ｲ蜷肴､懆ｨｼ
+	{
+		// bonding_option 縺ｫ繧医▲縺ｦ縲�骰ｵ繧貞ｷｮ縺玲崛縺�
+		const unsigned char *der_pub = bonding_option ? cr_NCT2_pub_dev : cr_NCT2_pub_prod;
+		int pub_len = der_pub[ 8 ] | der_pub[ 9 ] << 8;	// KEY髟ｷ繧貞叙繧雁�ｺ縺�
+		der_pub += 0x10; // 繝倥ャ繝�驛ｨ蛻�繧帝勁螟悶＠縺ｦKEY螳滉ｽ薙ｒ謖�螳�
+
+		// BIT STRING 縺ｮ螳溘ョ繝ｼ繧ｿ驛ｨ蛻�縺ｮ縺ｿ繧呈欠螳壹☆繧九ｈ縺�隱ｿ謨ｴ
+		pub_len = der_pub[0x15] - 1;
+		der_pub += 0x17;
+		
+		// ECC蜈ｬ髢矩嵯縺ｮ隱ｭ縺ｿ霎ｼ縺ｿ
+		NCT2 = EC_KEY_new_by_curve_name( NID_sect233r1 );
+		if( NCT2 == NULL ) {
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			ret_code = CR_GENID_ERROR_ECC_KEY_NEW;
+			goto end;
+		}
+		if( o2i_ECPublicKey( &NCT2, &der_pub, pub_len ) == NULL ) {
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			ret_code = CR_GENID_ERROR_ECC_READ_PUBLIC_KEY;
+			goto end;
+		}
+		
+		// ECDSA鄂ｲ蜷搾ｼ�DER�ｼ峨ｒ蜀肴ｧ狗ｯ�
+		u8 signBuf[70];
+		int signLen = 66;
+		memset( signBuf, 0, sizeof( signBuf ) );
+		signBuf[0] = 0x30;
+		signBuf[1] = 0x40;
+		signBuf[2] = 0x02;
+		signBuf[3] = 0x1E;
+		memcpy( &signBuf[4], &pDevCertSign[0], 0x1E );
+		signBuf[0x22] = 0x02;
+		signBuf[0x23] = 0x1E;
+		memcpy( &signBuf[0x24], &pDevCertSign[30], 0x1E );	
+
+		// 鄂ｲ蜷阪�吶Μ繝輔ぃ繧､
+		ret_code = ECDSA_verify( 0, sha256Buf, 32, signBuf, signLen, NCT2 );
+		if( ret_code != 1) {
+			ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			goto end;
+		}
+	}
+
+	ret_code = CR_GENID_SUCCESS;
+
+end:
+	if( NCT2 ) EC_KEY_free( NCT2 );
+
+	return ret_code;
+}
+
+
+// 謖�螳壹ヱ繝ｩ繝｡繝ｼ繧ｿ繧偵ｂ縺ｨ縺ｫ繝�繝舌う繧ｹ險ｼ譏取嶌繧呈ｧ狗ｯ会ｼ育ｽｲ蜷阪↑縺暦ｼ�
+static void ConstructCTRDeviceCert( CR_DeviceCert *pDeviceCert, EC_KEY *pECkey, u8 bonding_option, u32 device_id, u32 expiryDate )
+{
+	int i;
+
+	memset( pDeviceCert, 0, sizeof(CR_DeviceCert) );
+
+	// sigType
+	// ECDSA+SHA256 = 0x00010005, ECDSA+SHA1 = 0x00010002
+	pDeviceCert->sigType[0] = 0x00;
+	pDeviceCert->sigType[1] = 0x01;
+	pDeviceCert->sigType[2] = 0x00;
+#ifdef ECDSA_SHA256
+	pDeviceCert->sigType[3] = 0x05;
+#else	// !ECDSA_SHA256
+	pDeviceCert->sigType[3] = 0x02;
+#endif	// ECDSA_SHA256
+
+	// issuerName
+	for( i = 0; i < sizeof(issuerName); i++ ) {
+		pDeviceCert->issuerName[ i ] = issuerName[ i ] ^ 0x5a;
+	}
+	sprintf( &pDeviceCert->issuerName[ sizeof(issuerName) ], "%s", bonding_option ? "dev" : "prod" );
+
+	// keyType  0x00000002 ECC233
+	pDeviceCert->keyType[0] = 0x00;
+	pDeviceCert->keyType[1] = 0x00;
+	pDeviceCert->keyType[2] = 0x00;
+	pDeviceCert->keyType[3] = 0x02;
+
+	// subject	: CT + device_id + bonding_option
+	sprintf( pDeviceCert->subject, "CT%08X-%02X", (unsigned int)device_id, bonding_option );
+
+	// expiryDate
+	pDeviceCert->expiryDate = expiryDate;
+
+	// eccPubKey
+	BN2BinWithPadding( &pECkey->pub_key->X, &pDeviceCert->eccPubKey[  0 ], 30 );
+	BN2BinWithPadding( &pECkey->pub_key->Y, &pDeviceCert->eccPubKey[ 30 ], 30 );
+
+	DEBUG_PRINT_ARRAY( (char*)"deviceCert", (const char *)pDeviceCert, sizeof(CR_DeviceCert) );
+}
+
diff --git a/trunk/cr_enc_id.c b/trunk/cr_enc_id.c
index bf8c91f..1f9a2b8 100644
--- a/trunk/cr_enc_id.c
+++ b/trunk/cr_enc_id.c
@@ -210,6 +210,25 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi
 	return CR_GENID_SUCCESS;
 }	// hsm_crypto_aes_enc_dec
 
+
+int crypto_aes_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option )
+{
+	int i;
+	int ret_code = CR_GENID_SUCCESS;
+	char *pIV = (char *)( bonding_option ? cr_eFuse_iv_dev : cr_eFuse_iv_prod ) + 0x10;
+	
+	// decyrpt
+	ret_code = hsm_aes_decrypt( dst_buf, org_buf, CR_ID_BUF_SIZE, bonding_option, pIV );
+	if ( ret_code != CR_GENID_SUCCESS )
+	{
+		SetErrorInfo( __FUNCTION__, __LINE__ );
+		return ret_code;
+	}
+	
+	return CR_GENID_SUCCESS;
+}	// hsm_crypto_aes_enc_dec
+
+
 #else // !USE_HSM
 
 int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option )
@@ -258,6 +277,27 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi
 	return CR_GENID_SUCCESS;
 }	// crypto_aes_enc_dec
 
+int crypto_aes_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option )
+{
+	AES_KEY	aesDecKey;
+	u8 temp_iv[16];
+	// 鍵データ取り出し。（ヘッダ部分0x10を除去。）
+	char *pAesKey = (char *)( bonding_option ? cr_eFuse_aesKey_dev : cr_eFuse_aesKey_prod ) + 0x10;
+	char *pIV     = (char *)( bonding_option ? cr_eFuse_iv_dev : cr_eFuse_iv_prod ) + 0x10;
+
+	if ( AES_set_decrypt_key( pAesKey, 128, &aesDecKey ) != 0 )
+	{
+		SetErrorInfo( __FUNCTION__, __LINE__ );
+		return CR_GENID_ERROR_AES_DEC;
+	}
+	
+	memcpy( temp_iv, pIV, 16 );
+	AES_cbc_encrypt ( org_buf, dst_buf, CR_ID_BUF_SIZE, &aesDecKey, temp_iv, AES_DECRYPT );
+	
+	return CR_GENID_SUCCESS;
+}	// crypto_aes_enc_dec
+
+
 #endif	// USE_HSM
 
 #else   // !ENCRYPT_AES
diff --git a/trunk/cr_generate_id_private.h b/trunk/cr_generate_id_private.h
index f506cb6..543b63f 100644
--- a/trunk/cr_generate_id_private.h
+++ b/trunk/cr_generate_id_private.h
@@ -214,6 +214,7 @@ typedef struct {
 extern int  GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSec, time_t *pTime);
 extern int  GenerateRandom( u8 *pDst, int length );
 extern int  GenarateECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey );
+extern int  SetECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey );
 
 extern void InitErrorInfo( void );
 extern void SetErrorInfo( const char *funcName, u32 line );
@@ -221,6 +222,7 @@ extern void GetErrorInfo( char *stack, u8 *size );
 
 extern int  TestECDSA( EC_KEY *pECkey );
 extern int  GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 *pDevCertSign, u32 *pExpiryDate );
+extern int  CheckCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 *pDevCertSign, u32 expiryDate );
 extern int  EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option );
 extern void DebugPrintArray( char *pStr, const u8 *pData, int length );
 extern void DebugFileOutput( u32 device_id, char *pSuffix, const u8 *pSrc, int length );
diff --git a/trunk/cr_keyPair.c b/trunk/cr_keyPair.c
index e64f110..1a0d062 100644
--- a/trunk/cr_keyPair.c
+++ b/trunk/cr_keyPair.c
@@ -308,3 +308,45 @@ int TestECDSA( EC_KEY *pECkey )
 	
 	return CR_GENID_SUCCESS;
 }
+
+
+// 謖�螳壹＆繧後◆遘伜ｯ�骰ｵ繧偵◎縺ｮ縺ｾ縺ｾ繧ｻ繝�繝医＠縺ｦ縲√◎縺薙°繧牙�ｬ髢矩嵯繧堤函謌舌☆繧九��
+int SetECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey )
+{
+	int openssl_result = 0;
+	BIGNUM *bn_privkey = NULL;
+
+	// 讌募��繧帝∈謚�   ( NID_X9_62_prime256v1 -> 32bytes縺ｾ縺ｧ縲� NID_sect571r1 -> 71bytes縺ｾ縺ｧ 鄂ｲ蜷阪↓繝�繝ｼ繧ｿ繧貞性繧√ｉ繧後ｋ )
+	*ppECkey = EC_KEY_new_by_curve_name( NID_sect233r1 );
+	if( *ppECkey == NULL )
+	{
+		SetErrorInfo( __FUNCTION__, __LINE__ );
+		return CR_GENID_ERROR_ECC_KEY_NEW;
+	}
+
+	// 謖�螳壹＆繧後◆遘伜ｯ�骰ｵ繧偵◎縺ｮ縺ｾ縺ｾ繧ｻ繝�繝�
+	bn_privkey = BN_new();
+	if( bn_privkey == NULL ) 
+	{
+		SetErrorInfo( __FUNCTION__, __LINE__ );
+	    return CR_GENID_ERROR_BN_NEW;
+	}
+	BN_init( bn_privkey ); /* memset(a,0,sizeof(BIGNUM)); */
+	(void)BN_bin2bn( pECPrivkey, EC_PRIVATE_KEY_LENGTH, bn_privkey );
+	(*ppECkey)->priv_key = bn_privkey;
+	
+	// 蜈ｬ髢矩嵯逕滓��
+	openssl_result = generate_EC_public_key( *ppECkey );
+	if ( openssl_result == 0 )
+	{
+		SetErrorInfo( __FUNCTION__, __LINE__ );
+		return CR_GENID_ERROR_ECC_GENERATE_PUBLIC_KEY;
+	}
+
+	// ASN.1 蠖｢蠑乗欠螳壹ヵ繝ｩ繧ｰ繧偵そ繝�繝医☆繧�
+	// (縺薙ｌ繧偵そ繝�繝医＠縺ｪ縺�縺ｨ濶ｲ縲�螟峨↑繝輔ぅ繝ｼ繝ｫ繝峨′蜈･縺｣縺ｦ縺励∪縺�縺溘ａ)
+	EC_KEY_set_asn1_flag( *ppECkey, 1 );
+
+	return CR_GENID_SUCCESS;
+}
+
diff --git a/trunk/main2.c b/trunk/main2.c
new file mode 100644
index 0000000..31da7dd
--- /dev/null
+++ b/trunk/main2.c
@@ -0,0 +1,239 @@
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+
+#ifdef DEV_CYGWIN
+#include <conio.h>
+#else	// Cygwin
+#include <termios.h>
+#include <unistd.h>
+#endif	// Linux
+
+#include <openssl/sha.h>
+#include <openssl/x509.h>
+
+#include "cr_generate_id.h"
+#include "cr_generate_id_private.h"
+#include "cr_alloc.h"
+
+
+extern int crypto_aes_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option );
+
+int main(int argc, char *argv[])
+{
+	int ret_code = 0;
+	int fileLen;
+	int bondingOption = 0;
+	u8  *pFileBuf = NULL;
+	u8  err_buf[ 256 ];
+
+	if( argc < 3 ) {
+		printf( "parameter error.\n" );
+		printf( "Usage: testSharpID.exe [bondingOption] [FILE]\n" );
+		return 1;
+	}
+	// 繝懊Φ繝�繧｣繝ｳ繧ｰ繧ｪ繝励す繝ｧ繝ｳ隱ｭ縺ｿ霎ｼ縺ｿ
+	bondingOption = atoi( argv[ 1 ] );
+	printf( "bondingOption = %d\n", bondingOption );
+
+	// eFuseID繧ｵ繝ｳ繝励Ν繝輔ぃ繧､繝ｫ隱ｭ縺ｿ霎ｼ縺ｿ
+	{
+		FILE *fp;
+		int readLen;
+		struct stat fileStat;
+		
+		if( stat( argv[2], &fileStat ) || !S_ISREG( fileStat.st_mode ) ) {
+			ret_code = 1;
+		    goto end;
+		}
+		fileLen = fileStat.st_size;
+		if ( fileLen < 0 ) {
+			ret_code = 1;
+		    goto end;
+		}
+		pFileBuf = malloc( fileLen );
+		if( pFileBuf == NULL ) {
+			ret_code = 1;
+			goto end;
+		}
+		memset( pFileBuf, 0, fileLen );
+		fp = fopen( argv[2], "rb" );
+		
+		if( fp == NULL ) {
+			fprintf( stderr, "failed to fopen %s\n", argv[2] );
+		}
+		// 蜈磯�ｭ�ｼ定｡後ｒ隱ｭ縺ｿ謐ｨ縺ｦ
+		if( fgets( pFileBuf, 1024, fp ) != NULL ) {
+			fileLen  -= strlen( pFileBuf );
+		}
+		if( fgets( pFileBuf, 1024, fp ) != NULL ) {
+			fileLen  -= strlen( pFileBuf );
+		}
+		// 螳溘ョ繝ｼ繧ｿ驛ｨ蛻�縺ｮ隱ｭ縺ｿ霎ｼ縺ｿ
+		readLen = fread( pFileBuf, 1, fileLen, fp );
+		fclose( fp );
+		if( readLen < fileLen ) {
+			ret_code = 1;
+			printf( "read error %x\n", readLen );
+			goto end;
+		}
+	}
+	
+	// cr_generate_id 繧剃ｽｿ逕ｨ縺吶ｋ蜑阪↓蜻ｼ縺ｳ蜃ｺ縺�
+	ret_code = cr_generate_id_initialize( err_buf );
+	if ( ret_code != CR_GENID_SUCCESS )
+	{
+		printf( "error : cr_generate_id_initialize\n" );
+		return 0;	// error
+	}
+	
+	// 繝輔ぃ繧､繝ｫ縺ｮ蜀�螳ｹ繧貞推eFuseID縺ｫ蛻�隗｣縺励※縲∵､懆ｨｼ
+	{
+		int completeLen = 0;
+		int index = 0;
+		int i;
+		int serial[ 5 ];
+		u8 enc_buf[ sizeof(CR_ID_BUFFER) ];
+		u8 dec_buf[ sizeof(CR_ID_BUFFER) ];
+		char *pFile = pFileBuf;
+		char *pEnc  = (char *)enc_buf;
+
+		while( 1 ) {
+			int num;
+			int temp;
+		    EC_KEY *deviceKeyPair = NULL;
+			
+			memset( serial,     0, sizeof(serial) );
+			memset( enc_buf, 0, sizeof(enc_buf) );
+			if( ( num = sscanf( pFile, "%08x, %08x %08x, %08x %08x, ", &serial[0], &serial[2], &serial[1], &serial[4], &serial[3] ) ) < 5 ) {
+				
+				printf( "sscanf NG.\n" );
+				ret_code = 2;
+				break;
+			}
+		    pFile += 48;
+			for( i = 0; i < sizeof(CR_ID_BUFFER); i++ ) {
+				if( sscanf( pFile, "%02x", &temp ) == 0 ) {
+					ret_code = 2;
+					printf( "sscanf 2 NG.\n" );
+					goto end;
+				}
+				pEnc[ i ] = (char)temp;
+				pFile+=2;
+			}
+			pFile++; // \n
+			completeLen += 48 + 512 + 1;
+			
+			DebugFileOutput( serial[ 0 ], "enc", pEnc, 256 );
+			
+			{
+				int i;
+				int isFailed = 0;
+				CR_ID_BUFFER *peFuse = (CR_ID_BUFFER *)dec_buf;
+				u8 sha256buf[ SHA256_DIGEST_LENGTH ];
+				
+				printf( "ID[ %04d ]:\n", index );
+				if( crypto_aes_dec( dec_buf, enc_buf, bondingOption ) != CR_GENID_SUCCESS ) {
+					printf( "  eFuse decrypto NG.\n" );
+					ret_code = 3;
+					goto end;
+				}
+
+				DEBUG_PRINT_ARRAY( (char*)"dec_buf", (const char *)dec_buf, sizeof(CR_ID_BUFFER) );
+//				DebugFileOutput( serial[ 0 ], "raw", dec_buf, 256 );
+
+				// bondingOption 繝√ぉ繝�繧ｯ
+				if( bondingOption == peFuse->bonding_option ) {
+					printf( "  bondingOption OK.\n" );
+				}else {
+					printf( "  bondingOption NG.\n" );
+				}
+
+				// 繝�繝舌う繧ｹ險ｼ譏取嶌譛滄剞縺ｮ遒ｺ隱�
+				{
+					struct tm *gt = gmtime( &peFuse->expiryDate );
+					struct timeval tv;
+					gettimeofday( &tv, NULL );
+					printf( "  expiryDate : %d/%d/%d %d:%d:%d",
+							gt->tm_year+1900,
+							gt->tm_mon+1,
+							gt->tm_mday,
+							gt->tm_hour,
+							gt->tm_min,
+							gt->tm_sec );
+					if( peFuse->expiryDate >= tv.tv_sec + ( 60*60*24*365* 19 ) ) {
+						printf( "  OK.\n" );
+					}else {
+						printf( "  NG.\n" );
+					}
+				}
+				
+				// serialNo. 繝√ぉ繝�繧ｯ
+				for( i = 0; i < 5; i++ ) {
+					if( serial[ i ] != peFuse->device_id[ i ] ) {
+						isFailed = 1;
+						printf( "  serial[ %d ] NG : %08x %08x\n", i, (unsigned int)serial[ i ], (unsigned int)peFuse->device_id[ i ] );
+					}
+				}
+				if( !isFailed ) {
+					printf( "  serial OK.\n" );
+				}
+				
+				//---------------------------------------------
+				// openssl 菴ｿ逕ｨ蛹ｺ髢�
+				cr_mem_bufmgr_initialize();
+				OpenSSL_add_all_digests();
+				
+				// SHA256繝上ャ繧ｷ繝･ 繝√ぉ繝�繧ｯ
+				SHA256( dec_buf, CR_ID_BUF_SIZE - SHA256_DIGEST_LENGTH, sha256buf );
+				if( memcmp( peFuse->hash, sha256buf, SHA256_DIGEST_LENGTH ) == 0 ) {
+					printf( "  SHA256 hash OK.\n" );
+				}else {
+					printf( "  SHA256 hash NG.\n" );
+				}
+				
+				// 繝�繝舌う繧ｹ鄂ｲ蜷阪�ｮ繝√ぉ繝�繧ｯ
+				ret_code = SetECCKeyPair( &deviceKeyPair, peFuse->devicePrivKey );
+				if ( ret_code != CR_GENID_SUCCESS ) {
+					printf( "  deviceKeyPair NG.\n" );
+				}else {
+					if( CheckCTRDeviceCert( deviceKeyPair, peFuse->device_id[0], bondingOption,
+											peFuse->deviceCertSign, peFuse->expiryDate ) != CR_GENID_SUCCESS ) {
+						printf( "  deviceCert verify NG.\n" );
+					}else {
+						printf( "  deviceCert verify OK.\n" );
+					}
+					if( deviceKeyPair ) {
+						EC_KEY_free( deviceKeyPair );
+					}
+				}
+				ERR_remove_state(0);
+				EVP_cleanup();
+				CRYPTO_cleanup_all_ex_data();
+				// openssl 菴ｿ逕ｨ蛹ｺ髢鍋ｵゅｏ繧�
+				//------------------------------------------------
+			}
+			if( completeLen >= fileLen ) break;
+			index++;
+		}
+	}
+
+end:
+	if( pFileBuf ) free( pFileBuf );
+
+	// cr_generate_id 繧剃ｽｿ逕ｨ縺励◆蠕後↓蜻ｼ縺ｳ蜃ｺ縺�
+	ret_code = cr_generate_id_finalize( err_buf );
+	if ( ret_code != CR_GENID_SUCCESS )
+	{
+		printf( "error : cr_generate_id_finalize\n" );
+		return 0;	// error
+	}
+
+	printf("end of main\n");
+	return 0;
+}
+
+