diff --git a/Makefile b/Makefile index a931725..f9288ea 100644 --- a/Makefile +++ b/Makefile @@ -126,6 +126,10 @@ endif ifeq ($(DEBUG_PRINT),TRUE) CFLAGS += -DDEBUG_PRINT endif + +ifeq ($(DSA_SHA256),TRUE) +CFLAGS += -DDSA_SHA256 +endif ifeq ($(USE_HSM),TRUE) CFLAGS += -DUSE_HSM diff --git a/cr_device_cert.c b/cr_device_cert.c index cdf9472..f6a39c6 100644 --- a/cr_device_cert.c +++ b/cr_device_cert.c @@ -186,8 +186,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 memset( &deviceCert, 0, sizeof(deviceCert) ); // sigType - // 0x00010005 ECDSA+SHA256 - // 0x00010002 ECDSA+SHA1 + // 0x00010005 ECDSA+SHA256, 0x00010002 ECDSA+SHA1 deviceCert.sigType[0] = 0x00; deviceCert.sigType[1] = 0x01; deviceCert.sigType[2] = 0x00; @@ -240,7 +239,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 #else // !DSA_SHA256 u8 sha1Buf[ 20 ]; SHA1( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha1Buf ); - DEBUG_PRINT_ARRAY( "sha1(HSM)", (const char *)sha1buf, 20 ); + DEBUG_PRINT_ARRAY( "sha1(HSM)", (const char *)sha1Buf, 20 ); ret_code = hsm_ecdsa_sign( deviceCert.eccSignature, sha1Buf, bonding_option ); #endif // DSA_SHA256 diff --git a/cr_hsm_code.c b/cr_hsm_code.c index 2c8587c..0e8bae9 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -898,11 +898,12 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c cmd.cmd = Cmd_Sign; cmd.args.sign.flags = 0; // Cmd_Sign_Args_flags_given_iv_present; cmd.args.sign.key = privKeyid; - cmd.args.sign.mech = HSM_SIGN_MECH; #ifdef DSA_SHA256 + cmd.args.sign.mech = Mech_ECDSAhSHA256; cmd.args.sign.plain.type = PlainTextType_Hash32; cmd.args.sign.plain.data.hash32.data = *(M_Hash32*)data_buf; #else // !DSA_SHA256 + cmd.args.sign.mech = Mech_ECDSA; cmd.args.sign.plain.type = PlainTextType_Hash; cmd.args.sign.plain.data.hash.data = *(M_Hash*)data_buf; #endif // DSA_SHA256 @@ -950,16 +951,17 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c cmd.cmd = Cmd_Verify; cmd.args.verify.flags = 0; cmd.args.verify.key = pubKeyid; - cmd.args.verify.mech = HSM_SIGN_MECH; #ifdef DSA_SHA256 + cmd.args.verify.mech = Mech_ECDSAhSHA256; cmd.args.verify.plain.type = PlainTextType_Hash32; cmd.args.verify.plain.data.hash32.data = *(M_Hash32*)data_buf; + cmd.args.verify.sig.mech = Mech_ECDSAhSHA256; #else // !DSA_SHA256 + cmd.args.verify.mech = Mech_ECDSA; cmd.args.verify.plain.type = PlainTextType_Hash; cmd.args.verify.plain.data.hash.data = *(M_Hash*)data_buf; + cmd.args.verify.sig.mech = Mech_ECDSA; #endif // DSA_SHA256 - - cmd.args.verify.sig.mech = HSM_SIGN_MECH; cmd.args.verify.sig.data.ecdsa.r = rBn; cmd.args.verify.sig.data.ecdsa.s = sBn; ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); diff --git a/cr_hsm_code.h b/cr_hsm_code.h index c00831c..26c3114 100644 --- a/cr_hsm_code.h +++ b/cr_hsm_code.h @@ -119,8 +119,6 @@ extern "C" { #endif #define HSM_MODULE_ID ( 1) -#define HSM_SIGN_MECH Mech_ECDSAhSHA256 -//#define HSM_SIGN_MECH Mech_ECDSA // functions int hsm_initialize( void );