From cf1c526c3e75288d39c82a144364f6651733b463 Mon Sep 17 00:00:00 2001 From: kubodera_yuichi Date: Tue, 19 Jan 2010 13:10:33 +0000 Subject: [PATCH] =?UTF-8?q?=E3=83=87=E3=83=A2=E3=82=920x100=E6=AF=8E?= =?UTF-8?q?=E3=81=AB=E9=8D=B5=E4=BA=A4=E6=8F=9B=E3=81=99=E3=82=8B=E4=BB=95?= =?UTF-8?q?=E6=A7=98=E3=81=AB=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@185 ff987cc8-cf2f-4642-8568-d52cce064691 --- trunk/cr_device_cert.c | 18 +++--------------- trunk/main.c | 15 ++++++++++----- 2 files changed, 13 insertions(+), 20 deletions(-) diff --git a/trunk/cr_device_cert.c b/trunk/cr_device_cert.c index 3c1e4ba..c949666 100644 --- a/trunk/cr_device_cert.c +++ b/trunk/cr_device_cert.c @@ -284,7 +284,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 // 上位232bit分で署名 memset( ecdsasig, 0, sizeof(ecdsasig) ); - test_ret = ECDSA_sign( 0, sha256Buf, 233/8, ecdsasig, &signLen, NCT2 ); + test_ret = ECDSA_sign( 0, sha256Buf, 32, ecdsasig, &signLen, NCT2 ); #else // !ECDSA_SHA256 u8 sha1Buf[ 20 ]; u8 ecdsasig[ 0x80 ]; @@ -331,7 +331,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE #ifdef ECDSA_SHA256 - DebugFileOutput( device_id, "dgst", sha256Buf, 233/8 ); + DebugFileOutput( device_id, "dgst", sha256Buf, 32 ); #else // !ECDSA_SHA256 DebugFileOutput( device_id, "dgst", sha1Buf, 20 ); #endif // ECDSA_SHA256 @@ -361,19 +361,6 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 ret_code = CR_GENID_ERROR_ECC_READ_PUBLIC_KEY; goto end; } -#ifdef ECDSA_SHA256 - // ハッシュ処理 - int i; - u8 verifyHash[30]; - memset( verifyHash, 0, sizeof( verifyHash ) ); - - verifyHash[0] = sha256Buf[0] >> 7; - for ( i = 1; i < 30; i++ ) - { - verifyHash[i] = (sha256Buf[i-1] << 1) | (sha256Buf[i] >> 7); - } - DEBUG_PRINT_ARRAY( (char*)"verifyHash(HSM)", (const char *)verifyHash, 30 ); -#endif // ECDSA_SHA256 // ECDSA署名(DER)を再構築 u8 signBuf[70]; @@ -430,6 +417,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8 DEBUG_PRINT_ARRAY( "padding1:", (const char *)deviceCert.padding1, sizeof(deviceCert.padding1) ); } #endif // DEBUG_PRINT +#define DEBUG_DEVICE_CERT_OUTPUT_FILE #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE DebugFileOutput( device_id, "crt", (const u8 *)&deviceCert, sizeof(CR_DeviceCert) ); #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE diff --git a/trunk/main.c b/trunk/main.c index 4f85997..fd8b0c1 100644 --- a/trunk/main.c +++ b/trunk/main.c @@ -15,7 +15,8 @@ #include "cr_generate_id.h" -#define BONDING_OPTION 0 // 製品用IDを生成する +#define BONDING_OPTION_PROD 0 // 製品用ID +#define BONDING_OPTION_DEV 1 // 開発用ID // extern const int isDummyPrivateKey; @@ -167,6 +168,7 @@ static double gettimeofday_sec(void) int main(int ac, char *argv[]) { + u8 bonding_option = BONDING_OPTION_PROD; u32 device_id[CR_NUM_OF_DEVICEID]; u8 id[CR_ID_BUF_SIZE]; /* 256byte(2048bit) */ int ret_code; @@ -248,10 +250,13 @@ int main(int ac, char *argv[]) device_id[2] = (u32)((counter1 >> 32) & 0xffffffff); device_id[3] = (u32)(counter2 & 0xffffffff); device_id[4] = (u32)((counter2 >> 32) & 0xffffffff); - + + // id[0] が 0x100 毎に鍵を換える + if ( device_id[0] % 0x100 ) + bonding_option = BONDING_OPTION_PROD ? BONDING_OPTION_DEV : BONDING_OPTION_PROD; time_start = gettimeofday_sec(); - ret_code = cr_generate_id( device_id, id, BONDING_OPTION ); + ret_code = cr_generate_id( device_id, id, bonding_option ); if( ret_code != 0 ) { fprintf(stderr,"generate_id failed\n"); } @@ -290,7 +295,7 @@ int main(int ac, char *argv[]) time_start = gettimeofday_sec(); cr_print_flag = 1; - if( 0 != cr_generate_id( device_id, id, BONDING_OPTION ) ) + if( 0 != cr_generate_id( device_id, id, bonding_option ) ) { fprintf(stderr,"cr_generate_id failed s1=0x%08x s2_lo=0x%08x s2_hi=0x%08x\n", (int)device_id[0], (int)device_id[1], (int)device_id[2]); @@ -319,7 +324,7 @@ int main(int ac, char *argv[]) } else { time_start = gettimeofday_sec(); - if( 0 != cr_generate_id( device_id, id, BONDING_OPTION ) ) + if( 0 != cr_generate_id( device_id, id, bonding_option ) ) { fprintf(stderr,"cr_generate_id failed s1=0x%08x s2_lo=0x%08x s2_hi=0x%08x\n", (int)device_id[0], (int)device_id[1], (int)device_id[2]);