シャープ側で生成されたIDを検証するためのツール、testSharpID.exe をビルドできるよう変更。

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@202 ff987cc8-cf2f-4642-8568-d52cce064691
2025-11-02 00:11:04 -04:00 · 2010-03-04 06:16:15 +00:00 · 2010-03-04 06:16:15 +00:00 · bc0a31eed3
commit bc0a31eed3
parent 56c397e6f7
6 changed files with 661 additions and 0 deletions
--- a/trunk/Makefile.testSharpID
+++ b/trunk/Makefile.testSharpID
@ -0,0 +1,224 @@
 # nm ntd_mem_allocator.o | grep " [T|B|D] "
 # nm ntd_crypto_ecdsa.o | grep " [T|B|D] "
 # nm ntd_crypto_rsa.o | grep " [T|B|D] "
 # nm generate_id.o | grep " [T|B|D] "
 # nm ../rsa_keysrcgen/rsa1_key.o | grep " [T|B|D] "
 #　最終的なビルドスイッチの設定は、以下の通り。
 #      DEV_CYGWIN    = FALSE
 #      DEBUG_PRINT   = FALSE
 #      DEBUG_OUTPUT  = FALSE
 #      ECDSA_SHA256  = TRUE
 #      USE_HSM       = TRUE
 #      RESET_HSM     = TRUE
 DEV_CYGWIN   = TRUE
 DEBUG_PRINT  = TRUE
 DEBUG_OUTPUT = FALSE
 ECDSA_SHA256 = TRUE
 USE_HSM      = FALSE
 RESET_HSM    = TRUE
 ifeq ($(USE_HSM),TRUE)
 # HSM使用時は強制的にDUMMY_KEYは未使用にする。
 USE_DUMMY_KEY = FALSE
 # nFast Path
 NFAST_PATH = /opt/nfast
 # nFast Developer tools installation
 NFAST_DEV_PATH = $(NFAST_PATH)/c/ctd/gcc
 NFAST_EXAMPLES = $(NFAST_PATH)/c/ctd/examples
 # nFast Developer tools library
 NFAST_LIBPATH = $(NFAST_DEV_PATH)/lib
 # nFast Developer tools include
 NFAST_INC = $(NFAST_DEV_PATH)/include
 # nFast CPPFLAGS
 NFAST_CPPFLAGS = \
 					-I$(NFAST_INC)/sworld \
 					-I$(NFAST_INC)/hilibs \
 					-I$(NFAST_INC)/nflog \
 					-I$(NFAST_INC)/cutils \
 					-I$(NFAST_EXAMPLES)/sworld \
 					-I$(NFAST_EXAMPLES)/hilibs \
 					-I$(NFAST_EXAMPLES)/nflog \
 					-I$(NFAST_EXAMPLES)/cutils \
 # nFast LDLIBS
 NFAST_LDLIBS = \
 					$(NFAST_LIBPATH)/libnfkm.a \
 					$(NFAST_LIBPATH)/libnfstub.a \
 					$(NFAST_LIBPATH)/libnflog.a \
 					$(NFAST_LIBPATH)/libcutils.a \
 else # !USE_HSM
 # HSMが使用できない場合は、DUMMY_KEYを使ってテストする。
 USE_DUMMY_KEY = TRUE
 endif # USE_HSM
 ifeq ($(USE_DUMMY_KEY),TRUE)
 DEV_DER_KEY_DIR  = ./dummyKey/dev
 PROD_DER_KEY_DIR = ./dummyKey/prod
 else # !USE_DUMMY_KEY
 DEV_DER_KEY_DIR  = ./realKey/dev
 PROD_DER_KEY_DIR = ./realKey/prod
 endif # USE_DUMMY_KEY
 PACKAGE_DIR = ./package
 OPENSSL_DIR = ./openssl-1.0.0-beta5
 # OPENSSL_DIR = ./openssl-0.9.8k
 TARGET_LIB  = libgenid.a
 TARGET	    = testSharpID
 KEYS_C  = cr_eFuse_iv_prod.c \
          cr_eFuse_iv_dev.c  \
          cr_NCT2_pub_prod.c \
          cr_NCT2_pub_dev.c
 ifeq ($(USE_DUMMY_KEY),TRUE)
 KEYS_C  += cr_eFuse_privKey_prod.c cr_eFuse_pubKey_prod.c \
           cr_eFuse_privKey_dev.c  cr_eFuse_pubKey_dev.c \
           cr_eFuse_aesKey_prod.c \
           cr_eFuse_aesKey_dev.c \
           cr_NCT2_priv_prod.c \
           cr_NCT2_priv_dev.c
 endif # USE_DUMMY_KEY
 SRCS	=	main2.c
 OBJS	=	$(notdir $(SRCS:.c=.o))
 LIB_SRCS	= cr_generate_id.c cr_id_util.c cr_keyPair.c \
          cr_device_cert.c cr_enc_id.c cr_alloc.c \
          cr_hsm_code.c cr_hsm_alloc.c cr_hsm_bignum.c
 LIB_OBJS	= $(notdir $(LIB_SRCS:.c=.o))
 CFLAGS	= -Wall -DMEXP=216091 -msse2 -DHAVE_SSE2
 CPPFLAGS= -I. -I$(OPENSSL_DIR)/include -I$(OPENSSL_DIR)/crypto/ec
 LDFLAGS	= -mwindows -L$(OPENSSL_DIR)
 LDLIBS	= -lcrypto -lssl
 MERGE_PROG = merge_lib_objs.plx
 ifeq ($(DEV_CYGWIN),TRUE)
 CC := C:/Cygwin/bin/gcc
 LD	= C:/Cygwin/bin/gcc
 CFLAGS	+= -mno-cygwin -DDEV_CYGWIN
 LDFLAGS	+= -Wl,--subsystem,console -mno-cygwin
 TARGET_DEL	= $(TARGET).exe
 else # DEV_CYGWIN
 CC := /usr/bin/gcc
 LD	= /usr/bin/gcc
 LDFLAGS	+= -Wl
 LDLIBS	+= -ldl -lnsl
 TARGET_DEL	= $(TARGET)
 endif # DEV_CYGWIN
 ifeq ($(USE_DUMMY_KEY),TRUE)
 CFLAGS += -DUSE_DUMMY_KEY
 endif
 ifeq ($(DEBUG_PRINT),TRUE)
 CFLAGS += -DDEBUG_PRINT
 endif
 ifeq ($(DEBUG_OUTPUT),TRUE)
 CFLAGS += -DDEBUG_OUTPUT_FILE
 endif
 ifeq ($(ECDSA_SHA256),TRUE)
 CFLAGS += -DECDSA_SHA256
 endif
 ifeq ($(USE_HSM),TRUE)
 CFLAGS  += -DUSE_HSM
 CPPFLAGS+= $(NFAST_CPPFLAGS)
 LDLIBS  += $(NFAST_LDLIBS)
 MERGE_PROG = merge_lib_objs_hsm.plx
 endif
 ifeq ($(RESET_HSM),TRUE)
 CFLAGS += -DRESET_HSM
 endif
 .SUFFIXES:
 all: package_build $(KEYS_C) $(TARGET_LIB) $(TARGET) 
 # install: $(TARGET)
 #	install -c -m 777 $(TARGET) ../bin
 ifeq ($(DEV_CYGWIN),TRUE)
 package_build :
 	cd $(PACKAGE_DIR);make DEV_CYGWIN=TRUE
 else
 package_build :
 	cd $(PACKAGE_DIR);make
 endif
 $(TARGET): $(OBJS) $(TARGET_LIB)
 	$(LD) $(LDFLAGS) $(OBJS) -o $@ $(TARGET_LIB)
 $(TARGET_LIB): $(LIB_OBJS)
 	ar rcs $@ $(LIB_OBJS)
 	perl tools/$(MERGE_PROG)
 %.o:%.c
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
 #%.c:$(DER_KEY_DIR)/%.der
 #	perl tools/bin2c.plx $<
 cr_eFuse_privKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_privKey.der
 	perl tools/bin2c.plx $< prod
 cr_eFuse_pubKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_pubKey.der
 	perl tools/bin2c.plx $< prod
 cr_eFuse_aesKey_prod.c : $(PROD_DER_KEY_DIR)/eFuse_aesKey.bin
 	perl tools/bin2c.plx $< prod
 cr_eFuse_iv_prod.c : $(PROD_DER_KEY_DIR)/eFuse_iv.bin
 	perl tools/bin2c.plx $< prod
 cr_NCT2_priv_prod.c : $(PROD_DER_KEY_DIR)/NCT2_priv.der
 	perl tools/bin2c.plx $< prod
 cr_NCT2_pub_prod.c : $(PROD_DER_KEY_DIR)/NCT2_pub.der
 	perl tools/bin2c.plx $< prod
 cr_eFuse_privKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_privKey.der
 	perl tools/bin2c.plx $< dev
 cr_eFuse_pubKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_pubKey.der
 	perl tools/bin2c.plx $< dev
 cr_eFuse_aesKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_aesKey.bin
 	perl tools/bin2c.plx $< dev
 cr_eFuse_iv_dev.c : $(DEV_DER_KEY_DIR)/eFuse_iv.bin
 	perl tools/bin2c.plx $< dev
 cr_NCT2_priv_dev.c : $(DEV_DER_KEY_DIR)/NCT2_priv.der
 	perl tools/bin2c.plx $< dev
 cr_NCT2_pub_dev.c : $(DEV_DER_KEY_DIR)/NCT2_pub.der
 	perl tools/bin2c.plx $< dev
 .PHONY: clean clobber
 clean:
 	$(RM) $(LIB_OBJS) $(OBJS) $(TARGET_DEL) $(TARGET_LIB) $(KEYS_C) $(KEYS_H)
 clobber:
 	$(RM) $(LIB_OBJS) $(OBJS) $(TARGET_DEL) $(TARGET_LIB) $(KEYS_C) $(KEYS_H)
 	cd $(PACKAGE_DIR);make clobber
--- a/trunk/cr_device_cert.c
+++ b/trunk/cr_device_cert.c
@ -167,6 +167,7 @@ const u8 issuerName[] = {
 };
 static void BN2BinWithPadding( BIGNUM *pBn, u8 *pDst, int dstLen );
 static void ConstructCTRDeviceCert( CR_DeviceCert *pDeviceCert, EC_KEY *pECkey, u8 bonding_option, u32 device_id, u32 expiryDate );
 // create CTR Device cert
@ -451,3 +452,116 @@ static void BN2BinWithPadding( BIGNUM *pBN, u8 *pDst, int dstLen )
 		pDst[ dstLen - 1 - i ] = buffer[ bnByteLen - 1 - i ];
 	}
 }
 // eFuseIDをもとにデバイス署名のチェック
 int CheckCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 *pDevCertSign, u32 expiryDate )
 {
 	int ret_code = CR_GENID_SUCCESS;
 	CR_DeviceCert deviceCert;
 	EC_KEY *NCT2 = NULL;
 	u8 sha256Buf[ SHA256_DIGEST_LENGTH ];
 	ConstructCTRDeviceCert( &deviceCert, pECkey, bonding_option, device_id, expiryDate );
 	// CR_DeviceCertのSHA256計算
 	SHA256( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha256Buf );
 	// ECDSA署名検証
 	{
 		// bonding_option によって、鍵を差し替え
 		const unsigned char *der_pub = bonding_option ? cr_NCT2_pub_dev : cr_NCT2_pub_prod;
 		int pub_len = der_pub[ 8 ] | der_pub[ 9 ] << 8;	// KEY長を取り出し
 		der_pub += 0x10; // ヘッダ部分を除外してKEY実体を指定
 		// BIT STRING の実データ部分のみを指定するよう調整
 		pub_len = der_pub[0x15] - 1;
 		der_pub += 0x17;
 		// ECC公開鍵の読み込み
 		NCT2 = EC_KEY_new_by_curve_name( NID_sect233r1 );
 		if( NCT2 == NULL ) {
 			SetErrorInfo( __FUNCTION__, __LINE__ );
 			ret_code = CR_GENID_ERROR_ECC_KEY_NEW;
 			goto end;
 		}
 		if( o2i_ECPublicKey( &NCT2, &der_pub, pub_len ) == NULL ) {
 			SetErrorInfo( __FUNCTION__, __LINE__ );
 			ret_code = CR_GENID_ERROR_ECC_READ_PUBLIC_KEY;
 			goto end;
 		}
 		// ECDSA署名（DER）を再構築
 		u8 signBuf[70];
 		int signLen = 66;
 		memset( signBuf, 0, sizeof( signBuf ) );
 		signBuf[0] = 0x30;
 		signBuf[1] = 0x40;
 		signBuf[2] = 0x02;
 		signBuf[3] = 0x1E;
 		memcpy( &signBuf[4], &pDevCertSign[0], 0x1E );
 		signBuf[0x22] = 0x02;
 		signBuf[0x23] = 0x1E;
 		memcpy( &signBuf[0x24], &pDevCertSign[30], 0x1E );	
 		// 署名ベリファイ
 		ret_code = ECDSA_verify( 0, sha256Buf, 32, signBuf, signLen, NCT2 );
 		if( ret_code != 1) {
 			ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
 			SetErrorInfo( __FUNCTION__, __LINE__ );
 			goto end;
 		}
 	}
 	ret_code = CR_GENID_SUCCESS;
 end:
 	if( NCT2 ) EC_KEY_free( NCT2 );
 	return ret_code;
 }
 // 指定パラメータをもとにデバイス証明書を構築（署名なし）
 static void ConstructCTRDeviceCert( CR_DeviceCert *pDeviceCert, EC_KEY *pECkey, u8 bonding_option, u32 device_id, u32 expiryDate )
 {
 	int i;
 	memset( pDeviceCert, 0, sizeof(CR_DeviceCert) );
 	// sigType
 	// ECDSA+SHA256 = 0x00010005, ECDSA+SHA1 = 0x00010002
 	pDeviceCert->sigType[0] = 0x00;
 	pDeviceCert->sigType[1] = 0x01;
 	pDeviceCert->sigType[2] = 0x00;
 #ifdef ECDSA_SHA256
 	pDeviceCert->sigType[3] = 0x05;
 #else	// !ECDSA_SHA256
 	pDeviceCert->sigType[3] = 0x02;
 #endif	// ECDSA_SHA256
 	// issuerName
 	for( i = 0; i < sizeof(issuerName); i++ ) {
 		pDeviceCert->issuerName[ i ] = issuerName[ i ] ^ 0x5a;
 	}
 	sprintf( &pDeviceCert->issuerName[ sizeof(issuerName) ], "%s", bonding_option ? "dev" : "prod" );
 	// keyType  0x00000002 ECC233
 	pDeviceCert->keyType[0] = 0x00;
 	pDeviceCert->keyType[1] = 0x00;
 	pDeviceCert->keyType[2] = 0x00;
 	pDeviceCert->keyType[3] = 0x02;
 	// subject	: CT + device_id + bonding_option
 	sprintf( pDeviceCert->subject, "CT%08X-%02X", (unsigned int)device_id, bonding_option );
 	// expiryDate
 	pDeviceCert->expiryDate = expiryDate;
 	// eccPubKey
 	BN2BinWithPadding( &pECkey->pub_key->X, &pDeviceCert->eccPubKey[  0 ], 30 );
 	BN2BinWithPadding( &pECkey->pub_key->Y, &pDeviceCert->eccPubKey[ 30 ], 30 );
 	DEBUG_PRINT_ARRAY( (char*)"deviceCert", (const char *)pDeviceCert, sizeof(CR_DeviceCert) );
 }
--- a/trunk/cr_enc_id.c
+++ b/trunk/cr_enc_id.c
@ -210,6 +210,25 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi
 	return CR_GENID_SUCCESS;
 }	// hsm_crypto_aes_enc_dec
 int crypto_aes_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option )
 {
 	int i;
 	int ret_code = CR_GENID_SUCCESS;
 	char *pIV = (char *)( bonding_option ? cr_eFuse_iv_dev : cr_eFuse_iv_prod ) + 0x10;
 	// decyrpt
 	ret_code = hsm_aes_decrypt( dst_buf, org_buf, CR_ID_BUF_SIZE, bonding_option, pIV );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
 		return ret_code;
 	}
 	return CR_GENID_SUCCESS;
 }	// hsm_crypto_aes_enc_dec
 #else // !USE_HSM
 int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option )
@ -258,6 +277,27 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondi
 	return CR_GENID_SUCCESS;
 }	// crypto_aes_enc_dec
 int crypto_aes_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option )
 {
 	AES_KEY	aesDecKey;
 	u8 temp_iv[16];
 	// 鍵データ取り出し。（ヘッダ部分0x10を除去。）
 	char *pAesKey = (char *)( bonding_option ? cr_eFuse_aesKey_dev : cr_eFuse_aesKey_prod ) + 0x10;
 	char *pIV     = (char *)( bonding_option ? cr_eFuse_iv_dev : cr_eFuse_iv_prod ) + 0x10;
 	if ( AES_set_decrypt_key( pAesKey, 128, &aesDecKey ) != 0 )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
 		return CR_GENID_ERROR_AES_DEC;
 	}
 	memcpy( temp_iv, pIV, 16 );
 	AES_cbc_encrypt ( org_buf, dst_buf, CR_ID_BUF_SIZE, &aesDecKey, temp_iv, AES_DECRYPT );
 	return CR_GENID_SUCCESS;
 }	// crypto_aes_enc_dec
 #endif	// USE_HSM
 #else   // !ENCRYPT_AES
--- a/trunk/cr_generate_id_private.h
+++ b/trunk/cr_generate_id_private.h
@ -214,6 +214,7 @@ typedef struct {
 extern int  GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSec, time_t *pTime);
 extern int  GenerateRandom( u8 *pDst, int length );
 extern int  GenarateECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey );
 extern int  SetECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey );
 extern void InitErrorInfo( void );
 extern void SetErrorInfo( const char *funcName, u32 line );
@ -221,6 +222,7 @@ extern void GetErrorInfo( char *stack, u8 *size );
 extern int  TestECDSA( EC_KEY *pECkey );
 extern int  GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 *pDevCertSign, u32 *pExpiryDate );
 extern int  CheckCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 *pDevCertSign, u32 expiryDate );
 extern int  EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option );
 extern void DebugPrintArray( char *pStr, const u8 *pData, int length );
 extern void DebugFileOutput( u32 device_id, char *pSuffix, const u8 *pSrc, int length );
--- a/trunk/cr_keyPair.c
+++ b/trunk/cr_keyPair.c
@ -308,3 +308,45 @@ int TestECDSA( EC_KEY *pECkey )
 	return CR_GENID_SUCCESS;
 }
 // 指定された秘密鍵をそのままセットして、そこから公開鍵を生成する。
 int SetECCKeyPair( EC_KEY **ppECkey, u8 *pECPrivkey )
 {
 	int openssl_result = 0;
 	BIGNUM *bn_privkey = NULL;
 	// 楕円を選択   ( NID_X9_62_prime256v1 -> 32bytesまで、 NID_sect571r1 -> 71bytesまで 署名にデータを含められる )
 	*ppECkey = EC_KEY_new_by_curve_name( NID_sect233r1 );
 	if( *ppECkey == NULL )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
 		return CR_GENID_ERROR_ECC_KEY_NEW;
 	}
 	// 指定された秘密鍵をそのままセット
 	bn_privkey = BN_new();
 	if( bn_privkey == NULL ) 
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
 	    return CR_GENID_ERROR_BN_NEW;
 	}
 	BN_init( bn_privkey ); /* memset(a,0,sizeof(BIGNUM)); */
 	(void)BN_bin2bn( pECPrivkey, EC_PRIVATE_KEY_LENGTH, bn_privkey );
 	(*ppECkey)->priv_key = bn_privkey;
 	// 公開鍵生成
 	openssl_result = generate_EC_public_key( *ppECkey );
 	if ( openssl_result == 0 )
 	{
 		SetErrorInfo( __FUNCTION__, __LINE__ );
 		return CR_GENID_ERROR_ECC_GENERATE_PUBLIC_KEY;
 	}
 	// ASN.1 形式指定フラグをセットする
 	// (これをセットしないと色々変なフィールドが入ってしまうため)
 	EC_KEY_set_asn1_flag( *ppECkey, 1 );
 	return CR_GENID_SUCCESS;
 }
--- a/trunk/main2.c
+++ b/trunk/main2.c
@ -0,0 +1,239 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #ifdef DEV_CYGWIN
 #include <conio.h>
 #else	// Cygwin
 #include <termios.h>
 #include <unistd.h>
 #endif	// Linux
 #include <openssl/sha.h>
 #include <openssl/x509.h>
 #include "cr_generate_id.h"
 #include "cr_generate_id_private.h"
 #include "cr_alloc.h"
 extern int crypto_aes_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bonding_option );
 int main(int argc, char *argv[])
 {
 	int ret_code = 0;
 	int fileLen;
 	int bondingOption = 0;
 	u8  *pFileBuf = NULL;
 	u8  err_buf[ 256 ];
 	if( argc < 3 ) {
 		printf( "parameter error.\n" );
 		printf( "Usage: testSharpID.exe [bondingOption] [FILE]\n" );
 		return 1;
 	}
 	// ボンディングオプション読み込み
 	bondingOption = atoi( argv[ 1 ] );
 	printf( "bondingOption = %d\n", bondingOption );
 	// eFuseIDサンプルファイル読み込み
 	{
 		FILE *fp;
 		int readLen;
 		struct stat fileStat;
 		if( stat( argv[2], &fileStat ) || !S_ISREG( fileStat.st_mode ) ) {
 			ret_code = 1;
 		    goto end;
 		}
 		fileLen = fileStat.st_size;
 		if ( fileLen < 0 ) {
 			ret_code = 1;
 		    goto end;
 		}
 		pFileBuf = malloc( fileLen );
 		if( pFileBuf == NULL ) {
 			ret_code = 1;
 			goto end;
 		}
 		memset( pFileBuf, 0, fileLen );
 		fp = fopen( argv[2], "rb" );
 		if( fp == NULL ) {
 			fprintf( stderr, "failed to fopen %s\n", argv[2] );
 		}
 		// 先頭２行を読み捨て
 		if( fgets( pFileBuf, 1024, fp ) != NULL ) {
 			fileLen  -= strlen( pFileBuf );
 		}
 		if( fgets( pFileBuf, 1024, fp ) != NULL ) {
 			fileLen  -= strlen( pFileBuf );
 		}
 		// 実データ部分の読み込み
 		readLen = fread( pFileBuf, 1, fileLen, fp );
 		fclose( fp );
 		if( readLen < fileLen ) {
 			ret_code = 1;
 			printf( "read error %x\n", readLen );
 			goto end;
 		}
 	}
 	// cr_generate_id を使用する前に呼び出す
 	ret_code = cr_generate_id_initialize( err_buf );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		printf( "error : cr_generate_id_initialize\n" );
 		return 0;	// error
 	}
 	// ファイルの内容を各eFuseIDに分解して、検証
 	{
 		int completeLen = 0;
 		int index = 0;
 		int i;
 		int serial[ 5 ];
 		u8 enc_buf[ sizeof(CR_ID_BUFFER) ];
 		u8 dec_buf[ sizeof(CR_ID_BUFFER) ];
 		char *pFile = pFileBuf;
 		char *pEnc  = (char *)enc_buf;
 		while( 1 ) {
 			int num;
 			int temp;
 		    EC_KEY *deviceKeyPair = NULL;
 			memset( serial,     0, sizeof(serial) );
 			memset( enc_buf, 0, sizeof(enc_buf) );
 			if( ( num = sscanf( pFile, "%08x, %08x %08x, %08x %08x, ", &serial[0], &serial[2], &serial[1], &serial[4], &serial[3] ) ) < 5 ) {
 				printf( "sscanf NG.\n" );
 				ret_code = 2;
 				break;
 			}
 		    pFile += 48;
 			for( i = 0; i < sizeof(CR_ID_BUFFER); i++ ) {
 				if( sscanf( pFile, "%02x", &temp ) == 0 ) {
 					ret_code = 2;
 					printf( "sscanf 2 NG.\n" );
 					goto end;
 				}
 				pEnc[ i ] = (char)temp;
 				pFile+=2;
 			}
 			pFile++; // \n
 			completeLen += 48 + 512 + 1;
 			DebugFileOutput( serial[ 0 ], "enc", pEnc, 256 );
 			{
 				int i;
 				int isFailed = 0;
 				CR_ID_BUFFER *peFuse = (CR_ID_BUFFER *)dec_buf;
 				u8 sha256buf[ SHA256_DIGEST_LENGTH ];
 				printf( "ID[ %04d ]:\n", index );
 				if( crypto_aes_dec( dec_buf, enc_buf, bondingOption ) != CR_GENID_SUCCESS ) {
 					printf( "  eFuse decrypto NG.\n" );
 					ret_code = 3;
 					goto end;
 				}
 				DEBUG_PRINT_ARRAY( (char*)"dec_buf", (const char *)dec_buf, sizeof(CR_ID_BUFFER) );
 //				DebugFileOutput( serial[ 0 ], "raw", dec_buf, 256 );
 				// bondingOption チェック
 				if( bondingOption == peFuse->bonding_option ) {
 					printf( "  bondingOption OK.\n" );
 				}else {
 					printf( "  bondingOption NG.\n" );
 				}
 				// デバイス証明書期限の確認
 				{
 					struct tm *gt = gmtime( &peFuse->expiryDate );
 					struct timeval tv;
 					gettimeofday( &tv, NULL );
 					printf( "  expiryDate : %d/%d/%d %d:%d:%d",
 							gt->tm_year+1900,
 							gt->tm_mon+1,
 							gt->tm_mday,
 							gt->tm_hour,
 							gt->tm_min,
 							gt->tm_sec );
 					if( peFuse->expiryDate >= tv.tv_sec + ( 60*60*24*365* 19 ) ) {
 						printf( "  OK.\n" );
 					}else {
 						printf( "  NG.\n" );
 					}
 				}
 				// serialNo. チェック
 				for( i = 0; i < 5; i++ ) {
 					if( serial[ i ] != peFuse->device_id[ i ] ) {
 						isFailed = 1;
 						printf( "  serial[ %d ] NG : %08x %08x\n", i, (unsigned int)serial[ i ], (unsigned int)peFuse->device_id[ i ] );
 					}
 				}
 				if( !isFailed ) {
 					printf( "  serial OK.\n" );
 				}
 				//---------------------------------------------
 				// openssl 使用区間
 				cr_mem_bufmgr_initialize();
 				OpenSSL_add_all_digests();
 				// SHA256ハッシュ チェック
 				SHA256( dec_buf, CR_ID_BUF_SIZE - SHA256_DIGEST_LENGTH, sha256buf );
 				if( memcmp( peFuse->hash, sha256buf, SHA256_DIGEST_LENGTH ) == 0 ) {
 					printf( "  SHA256 hash OK.\n" );
 				}else {
 					printf( "  SHA256 hash NG.\n" );
 				}
 				// デバイス署名のチェック
 				ret_code = SetECCKeyPair( &deviceKeyPair, peFuse->devicePrivKey );
 				if ( ret_code != CR_GENID_SUCCESS ) {
 					printf( "  deviceKeyPair NG.\n" );
 				}else {
 					if( CheckCTRDeviceCert( deviceKeyPair, peFuse->device_id[0], bondingOption,
 											peFuse->deviceCertSign, peFuse->expiryDate ) != CR_GENID_SUCCESS ) {
 						printf( "  deviceCert verify NG.\n" );
 					}else {
 						printf( "  deviceCert verify OK.\n" );
 					}
 					if( deviceKeyPair ) {
 						EC_KEY_free( deviceKeyPair );
 					}
 				}
 				ERR_remove_state(0);
 				EVP_cleanup();
 				CRYPTO_cleanup_all_ex_data();
 				// openssl 使用区間終わり
 				//------------------------------------------------
 			}
 			if( completeLen >= fileLen ) break;
 			index++;
 		}
 	}
 end:
 	if( pFileBuf ) free( pFileBuf );
 	// cr_generate_id を使用した後に呼び出す
 	ret_code = cr_generate_id_finalize( err_buf );
 	if ( ret_code != CR_GENID_SUCCESS )
 	{
 		printf( "error : cr_generate_id_finalize\n" );
 		return 0;	// error
 	}
 	printf("end of main\n");
 	return 0;
 }