デバイス証明書関連をcr_generate_idから分離(まだ正しく動かない)

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@31 ff987cc8-cf2f-4642-8568-d52cce064691

cr_deviceCert.c

@@ -131,7 +131,6 @@
 
 #include "ec_lcl.h"	// ec_key_st構造体の参照に必要
 
-
 #include "cr_generate_id.h"
 #include "cr_generate_id_private.h"
 #include "cr_alloc.h"
@@ -158,13 +157,12 @@ typedef struct CTR_Device_Cert
     u8        padding1[ 60 ];       // 0x144 - 0x17F : zero-filled
 } CTR_Device_Cert;
 
-
+// create CTR Device cert
-
+int GenerateCTRDeviceCert( EC_POINT *pubKey, u32 deviceId, u8 bondingOption )
-// create CTR Custom cert
-static int generate_CTRCustom_cert( CTR_Device_Cert *cert, u32 deviceId, u8 bondingOption, u32 timestamp )
 {
 	int result = 0;
 	char str[80];
+	CTR_Device_Cert cert;
 
 	if ( sizeof( CTR_Device_Cert ) > 384 )
 	{
@@ -173,27 +171,27 @@ static int generate_CTRCustom_cert( CTR_Device_Cert *cert, u32 deviceId, u8 bond
 	}
 
 	// sigType
-	cert->sigType[0] = 0x00;
+	cert.sigType[0] = 0x00;
-	cert->sigType[1] = 0x01;
+	cert.sigType[1] = 0x01;
-	cert->sigType[2] = 0x00;
+	cert.sigType[2] = 0x00;
-	cert->sigType[3] = 0x02;
+	cert.sigType[3] = 0x02;
 	
 	// issuerName
-	memcpy( cert->issuerName, issuerNameDev, strlen( issuerNameDev ) );
+	memcpy( cert.issuerName, issuerNameDev, strlen( issuerNameDev ) );
 	
 	// keyType
-	cert->keyType[0] = 0x00;
+	cert.keyType[0] = 0x00;
-	cert->keyType[1] = 0x00;
+	cert.keyType[1] = 0x00;
-	cert->keyType[2] = 0x00;
+	cert.keyType[2] = 0x00;
-	cert->keyType[3] = 0x01;
+	cert.keyType[3] = 0x01;
 	
 	// subject	: CT + deviceID + BondingOption
 	sprintf( str, "CT%08X%02X", (unsigned int)deviceId, bondingOption );
-	memcpy( cert->subject, str, strlen( str ) );
+	memcpy( cert.subject, str, strlen( str ) );
 	
 	// expiryDate
 #ifdef USE_HSM
-	result = hsm_get_rtc( &cert->expiryDate );
+	result = hsm_get_rtc( &cert.expiryDate );
 	if ( result != 0 )
 	{
 		printf( "error(%d) : hsm_get_rtc\n", result );
@@ -204,7 +202,7 @@ static int generate_CTRCustom_cert( CTR_Device_Cert *cert, u32 deviceId, u8 bond
 		struct timeval tv;
 		struct timezone tz;
 		gettimeofday(&tv,&tz);
-		cert->expiryDate = tv.tv_sec;
+		cert.expiryDate = tv.tv_sec;
 	}
 #endif // USE_HSM
 

cr_generate_id.c

@@ -315,77 +315,15 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
 #endif
 
 	//--------------------------------------------------------------
-	// デバイス証明書生成＆署名＋証明書期限セット
+	// デバイス証明書生成 + 署名の付与 + 証明書期限セット
 	//--------------------------------------------------------------
-#if 0
+	ret_code = GenerateCTRDeviceCert( my_eckey->pub_key, cr_id_buf->serial[0], cr_id_buf->bondingOption );
-	int padding = ECDSA_SIGN_LENGTH % cert->signature->length;
+	if ( ret_code != CR_GENID_SUCCESS ) {
-	printf( "padding = %d\n", padding );
+		goto end;
-	for ( i = 0; i < padding; i++ )
-		cr_id_buf->deviceCertSign[i] = 0;
-	for ( i = 0; i < cert->signature->length; i++ )
-		cr_id_buf->deviceCertSign[ i + padding ] = cert->signature->data[i];
-	// mistake!!
-
-	// TORIAEZU : create Custom cert
-	memset( &ctr_dev_cert, 0, sizeof( ctr_dev_cert ) );
-	// copy ecpubkey to Custom cert
-	int len = BN_num_bytes( &my_eckey->pub_key->X );
-	u8 *buf = (u8*)malloc( len );
-	len = BN_bn2bin( &my_eckey->pub_key->X, buf );
-	memcpy( ctr_dev_cert.eccPubKey, buf, len );
-	free( buf );
-	len = BN_num_bytes( &my_eckey->pub_key->Y );
-	buf = (u8*)malloc( len );
-	len = BN_bn2bin( &my_eckey->pub_key->Y, buf );
-	memcpy( &ctr_dev_cert.eccPubKey[30], buf, len );
-	free( buf );
-
-	// copy sign to Custom cert
-//#define SHOW_SIG
-	u8 *ptr = cert->signature->data;
-#ifdef SHOW_SIG
-	printf( "signature\n" );
-	printf( "SEQUENCE : 0x%02X\n", *(ptr++) );
-	printf( "ALL_LEN  : 0x%02X\n", *(ptr++) );
-	printf( "INTEGER  : 0x%02X\n", *(ptr++) );
-	len = *(ptr++);
-	printf( "r LEN    : 0x%02X\n", len );
-	printf( "r        :" );
-	for ( i = 0; i < len; i++ )
-	{
-		if ( i % 8 == 0 ) printf( "\n" );
-		printf( "0x%02X ", *(ptr++) );
 	}
-	printf( "\n" );
-	printf( "INTEGER  : 0x%02X\n", *(ptr++) );
-	len = *(ptr++);
-	printf( "s LEN    : 0x%02X\n", len );
-	printf( "s        :" );
-	for ( i = 0; i < len; i++ )
-	{
-		if ( i % 8 == 0 ) printf( "\n" );
-		printf( "0x%02X ", *(ptr++) );
-	}
-	printf( "\n" );
-#else
-	ptr += 3;
-	int r_len = *(ptr++);
-	for ( i = 0; i < r_len; i++ )
-		ctr_dev_cert.eccSignature[i] = *(ptr++);
-	ptr++;
-	int s_len = *(ptr++);
-	for ( i = 0; i < s_len; i++ )
-		ctr_dev_cert.eccSignature[i+30] = *(ptr++);
-	
-	// create CTR Custom cert
-	ret_code = generate_CTRCustom_cert( &ctr_dev_cert, 
-		cr_id_buf->serial[0], cr_id_buf->bondingOption );
-#endif
 
 #if 0
 	DEBUG_PRINT_ARRAY( "deviceCertSign:", (const char *)cr_id_buf->deviceCertSign, ECDSA_SIGN_LENGTH );
-#endif
-
 #endif
 
 	//--------------------------------------------------------------

cr_generate_id_private.h

@@ -129,7 +129,6 @@ extern "C" {
 #include <openssl/sha.h>
 #include <openssl/ec.h>
 
-
 #define DEBUG_PRINT 1
 
 #ifdef DEBUG_PRINT
@@ -183,6 +182,7 @@ typedef struct {
 extern int  GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSec, time_t *pTime);
 extern int  GenerateRandom( u8 *pDst, int length );
 extern int  GenarateECCKeyPair( EC_KEY *pECkey, u8 *pECPrivkey );
+extern int  GenerateCTRDeviceCert( EC_POINT *pubKey, u32 deviceId, u8 bondingOption );
 extern int  EncryptID( unsigned char *dst_buf, unsigned char *org_buf );
 extern void DebugPrintArray( char *pStr, const u8 *pData, int length );