デモを0x100毎に鍵交換する仕様に変更

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@185 ff987cc8-cf2f-4642-8568-d52cce064691

trunk/cr_device_cert.c

@@ -284,7 +284,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 
 	// 上位232bit分で署名
 	memset( ecdsasig, 0, sizeof(ecdsasig) );
-	test_ret = ECDSA_sign( 0, sha256Buf, 233/8, ecdsasig, &signLen, NCT2 );
+	test_ret = ECDSA_sign( 0, sha256Buf, 32, ecdsasig, &signLen, NCT2 );
 #else	// !ECDSA_SHA256
 	u8 sha1Buf[ 20 ];
 	u8 ecdsasig[ 0x80 ];
@@ -331,7 +331,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 
 #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE
 #ifdef ECDSA_SHA256
-	DebugFileOutput( device_id, "dgst", sha256Buf, 233/8 );
+	DebugFileOutput( device_id, "dgst", sha256Buf, 32 );
 #else	// !ECDSA_SHA256
 	DebugFileOutput( device_id, "dgst", sha1Buf, 20 );
 #endif	// ECDSA_SHA256
@@ -361,19 +361,6 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 			ret_code = CR_GENID_ERROR_ECC_READ_PUBLIC_KEY;
 			goto end;
 		}
-#ifdef ECDSA_SHA256
-		// ハッシュ処理
-		int i;
-		u8 verifyHash[30];
-		memset( verifyHash, 0, sizeof( verifyHash ) );
-		
-		verifyHash[0] = sha256Buf[0] >> 7;
-		for ( i = 1; i < 30; i++ )
-		{
-			verifyHash[i] = (sha256Buf[i-1] << 1) | (sha256Buf[i] >> 7);
-		}
-		DEBUG_PRINT_ARRAY( (char*)"verifyHash(HSM)", (const char *)verifyHash, 30 );
-#endif	// ECDSA_SHA256
 		
 		// ECDSA署名（DER）を再構築
 		u8 signBuf[70];
@@ -430,6 +417,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 		DEBUG_PRINT_ARRAY( "padding1:", (const char *)deviceCert.padding1, sizeof(deviceCert.padding1) );
 	}
 #endif	// DEBUG_PRINT
+#define DEBUG_DEVICE_CERT_OUTPUT_FILE
 #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE
 		DebugFileOutput( device_id, "crt", (const u8 *)&deviceCert, sizeof(CR_DeviceCert) );
 #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE

trunk/main.c

@@ -15,7 +15,8 @@
 
 #include "cr_generate_id.h"
 
-#define BONDING_OPTION	0	// 製品用IDを生成する
+#define BONDING_OPTION_PROD	0	// 製品用ID
+#define BONDING_OPTION_DEV	1	// 開発用ID
 
 // extern const int isDummyPrivateKey;
 
@@ -167,6 +168,7 @@ static double gettimeofday_sec(void)
 
 int main(int ac, char *argv[])
 {
+  u8 bonding_option = BONDING_OPTION_PROD;
   u32 device_id[CR_NUM_OF_DEVICEID];
   u8 id[CR_ID_BUF_SIZE]; /* 256byte(2048bit) */
   int ret_code;
@@ -248,10 +250,13 @@ int main(int ac, char *argv[])
       device_id[2] = (u32)((counter1 >> 32) & 0xffffffff);
       device_id[3] = (u32)(counter2 & 0xffffffff);
       device_id[4] = (u32)((counter2 >> 32) & 0xffffffff);
-
+      
+      // id[0] が 0x100 毎に鍵を換える
+      if ( device_id[0] % 0x100 )
+      	bonding_option = BONDING_OPTION_PROD ? BONDING_OPTION_DEV : BONDING_OPTION_PROD;
 
       time_start = gettimeofday_sec();
-      ret_code = cr_generate_id( device_id, id, BONDING_OPTION );
+      ret_code = cr_generate_id( device_id, id, bonding_option );
       if( ret_code != 0 ) {
         fprintf(stderr,"generate_id failed\n");
       }
@@ -290,7 +295,7 @@ int main(int ac, char *argv[])
 
       time_start = gettimeofday_sec();
       cr_print_flag = 1;
-      if( 0 != cr_generate_id( device_id, id, BONDING_OPTION ) ) 
+      if( 0 != cr_generate_id( device_id, id, bonding_option ) ) 
       {
     fprintf(stderr,"cr_generate_id failed s1=0x%08x s2_lo=0x%08x s2_hi=0x%08x\n",
         (int)device_id[0], (int)device_id[1], (int)device_id[2]);
@@ -319,7 +324,7 @@ int main(int ac, char *argv[])
       }
       else {
     time_start = gettimeofday_sec();
-    if( 0 != cr_generate_id( device_id, id, BONDING_OPTION ) )
+    if( 0 != cr_generate_id( device_id, id, bonding_option ) )
     {
       fprintf(stderr,"cr_generate_id failed s1=0x%08x s2_lo=0x%08x s2_hi=0x%08x\n",
           (int)device_id[0], (int)device_id[1], (int)device_id[2]);