From ca0d97fa4654b32acaa102f00c8b39e08006d193 Mon Sep 17 00:00:00 2001 From: kubodera_yuichi Date: Tue, 12 Jan 2010 02:25:38 +0000 Subject: [PATCH] =?UTF-8?q?=E3=82=B3=E3=83=BC=E3=83=89=E4=BF=AE=E6=AD=A3?= =?UTF-8?q?=E3=80=81HSM=E7=92=B0=E5=A2=83=E3=81=A7=E3=82=82=E3=83=93?= =?UTF-8?q?=E3=83=AB=E3=83=89=E3=82=B9=E3=82=A4=E3=83=83=E3=83=81=E3=81=AE?= =?UTF-8?q?=E5=88=87=E6=9B=BF=E3=82=92=E7=A2=BA=E8=AA=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@170 ff987cc8-cf2f-4642-8568-d52cce064691 --- Makefile | 4 ++++ cr_device_cert.c | 5 ++--- cr_hsm_code.c | 10 ++++++---- cr_hsm_code.h | 2 -- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index a931725..f9288ea 100644 --- a/Makefile +++ b/Makefile @@ -126,6 +126,10 @@ endif ifeq ($(DEBUG_PRINT),TRUE) CFLAGS += -DDEBUG_PRINT endif + +ifeq ($(DSA_SHA256),TRUE) +CFLAGS += -DDSA_SHA256 +endif ifeq ($(USE_HSM),TRUE) CFLAGS += -DUSE_HSM diff --git a/cr_device_cert.c b/cr_device_cert.c index cdf9472..f6a39c6 100644 --- a/cr_device_cert.c +++ b/cr_device_cert.c @@ -186,8 +186,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 memset( &deviceCert, 0, sizeof(deviceCert) ); // sigType - // 0x00010005 ECDSA+SHA256 - // 0x00010002 ECDSA+SHA1 + // 0x00010005 ECDSA+SHA256, 0x00010002 ECDSA+SHA1 deviceCert.sigType[0] = 0x00; deviceCert.sigType[1] = 0x01; deviceCert.sigType[2] = 0x00; @@ -240,7 +239,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 #else // !DSA_SHA256 u8 sha1Buf[ 20 ]; SHA1( deviceCert.issuerName, (int)&deviceCert + sizeof(CR_DeviceCert) - (int)deviceCert.issuerName, sha1Buf ); - DEBUG_PRINT_ARRAY( "sha1(HSM)", (const char *)sha1buf, 20 ); + DEBUG_PRINT_ARRAY( "sha1(HSM)", (const char *)sha1Buf, 20 ); ret_code = hsm_ecdsa_sign( deviceCert.eccSignature, sha1Buf, bonding_option ); #endif // DSA_SHA256 diff --git a/cr_hsm_code.c b/cr_hsm_code.c index 2c8587c..0e8bae9 100644 --- a/cr_hsm_code.c +++ b/cr_hsm_code.c @@ -898,11 +898,12 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c cmd.cmd = Cmd_Sign; cmd.args.sign.flags = 0; // Cmd_Sign_Args_flags_given_iv_present; cmd.args.sign.key = privKeyid; - cmd.args.sign.mech = HSM_SIGN_MECH; #ifdef DSA_SHA256 + cmd.args.sign.mech = Mech_ECDSAhSHA256; cmd.args.sign.plain.type = PlainTextType_Hash32; cmd.args.sign.plain.data.hash32.data = *(M_Hash32*)data_buf; #else // !DSA_SHA256 + cmd.args.sign.mech = Mech_ECDSA; cmd.args.sign.plain.type = PlainTextType_Hash; cmd.args.sign.plain.data.hash.data = *(M_Hash*)data_buf; #endif // DSA_SHA256 @@ -950,16 +951,17 @@ int hsm_ecdsa_sign( unsigned char *sign_buf, unsigned char *data_buf, unsigned c cmd.cmd = Cmd_Verify; cmd.args.verify.flags = 0; cmd.args.verify.key = pubKeyid; - cmd.args.verify.mech = HSM_SIGN_MECH; #ifdef DSA_SHA256 + cmd.args.verify.mech = Mech_ECDSAhSHA256; cmd.args.verify.plain.type = PlainTextType_Hash32; cmd.args.verify.plain.data.hash32.data = *(M_Hash32*)data_buf; + cmd.args.verify.sig.mech = Mech_ECDSAhSHA256; #else // !DSA_SHA256 + cmd.args.verify.mech = Mech_ECDSA; cmd.args.verify.plain.type = PlainTextType_Hash; cmd.args.verify.plain.data.hash.data = *(M_Hash*)data_buf; + cmd.args.verify.sig.mech = Mech_ECDSA; #endif // DSA_SHA256 - - cmd.args.verify.sig.mech = HSM_SIGN_MECH; cmd.args.verify.sig.data.ecdsa.r = rBn; cmd.args.verify.sig.data.ecdsa.s = sBn; ret_code = NFastApp_Transact( hsmConnection, NULL, &cmd, &reply, NULL ); diff --git a/cr_hsm_code.h b/cr_hsm_code.h index c00831c..26c3114 100644 --- a/cr_hsm_code.h +++ b/cr_hsm_code.h @@ -119,8 +119,6 @@ extern "C" { #endif #define HSM_MODULE_ID ( 1) -#define HSM_SIGN_MECH Mech_ECDSAhSHA256 -//#define HSM_SIGN_MECH Mech_ECDSA // functions int hsm_initialize( void );