rvtr/ctr_eFuse
1
Fork 0
mirror of https://github.com/rvtr/ctr_eFuse.git synced 2025-11-02 00:11:04 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

HSM使用時/未使用時で、id の magic code を変えるよう修正。

Browse Source 
CR_ID_BUFFER構造体のdeviceCertExpiryDateをexpiryDateに変更して、位置を調整。また、deviceCertSignのサイズを0x3Cに戻す。
serialNo.プリントデバッグ部分の修正。

git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-09-30%20-%20paladin.7z/paladin/ctr_eFuse@30 ff987cc8-cf2f-4642-8568-d52cce064691
This commit is contained in:
(no author) 2009-12-22 07:13:58 +00:00
parent 8bd6f50acc
commit fd2d2fa8dc
4 changed files with 88 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
cr_enc_id.c
View File

@ -132,13 +132,17 @@ extern RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
#endif // USE_HSM
#ifdef ENCRYPT_AES
static int crypto_aes_enc_dec( unsigned char *dst_buf,unsigned char *org_buf );
#else // !ENCRYPT_AES
static int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf );
#endif // ENCRYPT_AES
static unsigned char local_buf_1[CR_ID_BUF_SIZE];
static unsigned char local_buf_2[CR_ID_BUF_SIZE];
static int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf );
static int crypto_rsa_enc_dec( unsigned char *dst_buf, unsigned char *org_buf );
// ビルドスイッチに応じて、IDバッファをAES/RSAで暗号化
// 繝薙Ν繝峨せ繧、繝・メ縺ォ蠢懊§縺ヲ縲D繝舌ャ繝輔ぃ繧但ES/RSA縺ァ證怜捷蛹
int EncryptID( unsigned char *dst_buf, unsigned char *org_buf )
{
#ifdef ENCRYPT_AES
@ -149,7 +153,7 @@ int EncryptID( unsigned char *dst_buf, unsigned char *org_buf )
}
#ifdef ENCRYPT_AES
// AES暗号化 -> 復号化 -> ベリファイ
// AES證怜捷蛹・-> 蠕ゥ蜿キ蛹・-> 繝吶Μ繝輔ぃ繧、
#ifdef USE_HSM
@ -184,7 +188,7 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
}
}
// バッファコピー
// 繝舌ャ繝輔ぃ繧ウ繝斐・
memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
return CR_GENID_SUCCESS;
@ -204,36 +208,36 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
memset( local_buf_1, 0, CR_ID_BUF_SIZE );
memset( local_buf_2, 0, CR_ID_BUF_SIZE );
// AES 暗号化用鍵 作成
// AES 證怜捷蛹也畑骰オ 菴懈・
if ( AES_set_encrypt_key( AES_PASS_PHRASE, 128, &aesEncKey ) != 0 )
{
printf( "error : AES_set_encrypt_key\n" );
return 0;
}
// AES 復号化用鍵 作成
// AES 蠕ゥ蜿キ蛹也畑骰オ 菴懈・
if ( AES_set_decrypt_key( AES_PASS_PHRASE, 128, &aesDecKey ) != 0 )
{
printf( "error : AES_set_decrypt_key\n" );
return 0;
}
// iv 初期化
// iv 蛻晄悄蛹
for ( i = 0; i < 16; i++ )
{
temp_iv[i] = i;
}
// AES 暗号化
// AES 證怜捷蛹
AES_cbc_encrypt ( org_buf, local_buf_1, CR_ID_BUF_SIZE, &aesEncKey, temp_iv, AES_ENCRYPT );
// iv 初期化
// iv 蛻晄悄蛹
for ( i = 0; i < 16; i++ )
{
temp_iv[i] = i;
}
// AES 復号化
// AES 蠕ゥ蜿キ蛹
AES_cbc_encrypt ( local_buf_1, local_buf_2, CR_ID_BUF_SIZE, &aesDecKey, temp_iv, AES_DECRYPT );
// ベリファイ
@ -246,7 +250,7 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
}
}
// バッファコピー
// 繝舌ャ繝輔ぃ繧ウ繝斐・
memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
return CR_GENID_SUCCESS;
@ -256,7 +260,7 @@ int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf )
#else // !ENCRYPT_AES
// RSA暗号化->復号化->ベリファイ
// RSA證怜捷蛹・>蠕ゥ蜿キ蛹・>繝吶Μ繝輔ぃ繧、
#ifdef USE_HSM
int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf )
@ -289,7 +293,7 @@ int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf )
}
}
// バッファコピー
// 繝舌ャ繝輔ぃ繧ウ繝斐・
memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE );
return CR_GENID_SUCCESS;
@ -308,19 +312,19 @@ int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf)
memset(local_buf_2, 0,CR_ID_BUF_SIZE);
// DERフォーマットのRSA鍵を読み込み
// DER繝輔か繝シ繝槭ャ繝医・RSA骰オ繧定ェュ縺ソ霎シ縺ソ
{
const unsigned char *der_priv = cr_gen_id_rsa_key_priv_DER + 0x10; // ヘッダ部分を除外してKEY実体を指定
const unsigned char *der_pub = cr_gen_id_rsa_key_pub_DER + 0x10; // 同上
int priv_len = cr_gen_id_rsa_key_priv_DER[ 8 ] | cr_gen_id_rsa_key_priv_DER[ 9 ] << 8; // KEY長を取り出し
int pub_len = cr_gen_id_rsa_key_pub_DER [ 8 ] | cr_gen_id_rsa_key_pub_DER [ 9 ] << 8; // 同上
// コマンドラインのopensslが出力する秘密鍵は、PKCS#1 RSAPublicKeyフォーマットなので、この関数を使う。
const unsigned char *der_priv = cr_gen_id_rsa_key_priv_DER + 0x10; // 繝倥ャ繝€驛ィ蛻・髯、螟悶縺ヲKEY螳滉ス薙謖・ョ
const unsigned char *der_pub = cr_gen_id_rsa_key_pub_DER + 0x10; // 蜷御ク
int priv_len = cr_gen_id_rsa_key_priv_DER[ 8 ] | cr_gen_id_rsa_key_priv_DER[ 9 ] << 8; // KEY髟キ繧貞叙繧雁・縺
int pub_len = cr_gen_id_rsa_key_pub_DER [ 8 ] | cr_gen_id_rsa_key_pub_DER [ 9 ] << 8; // 蜷御ク
// 繧ウ繝槭Φ繝峨Λ繧、繝ウ縺ョopenssl縺悟・蜉帙☆繧狗ァ伜ッ・嵯縺ッ縲 ̄KCS#1 RSAPublicKey繝輔か繝シ繝槭ャ繝医↑縺ョ縺ァ縲√縺ョ髢「謨ー繧剃スソ縺・€
rsa_privkey = d2i_RSAPrivateKey( NULL, &der_priv, priv_len );
if( rsa_privkey == NULL ) {
ret_code = CR_GENID_ERROR_RSA_READ_PRIVATE_KEY;
goto end;
}
// コマンドラインのopensslが出力する公開鍵は、SubjectPublicKeyInfo形式なので、この関数を使う。
// 繧ウ繝槭Φ繝峨Λ繧、繝ウ縺ョopenssl縺悟・蜉帙☆繧句・髢矩嵯縺ッ縲ヾubjectPublicKeyInfo蠖「蠑上↑縺ョ縺ァ縲√縺ョ髢「謨ー繧剃スソ縺・€
rsa_pubkey = d2i_RSA_PUBKEY( NULL, &der_pub, pub_len );
if( rsa_pubkey == NULL ) {
ret_code = CR_GENID_ERROR_RSA_READ_PUBLIC_KEY;

12
cr_generate_id.c
View File

@ -249,7 +249,7 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
memset(id_buf, 0, CR_ID_BUF_SIZE);
cr_id_buf = (CR_ID_BUFFER *)id_buf;
cr_id_buf->magic_number = 0xdeadb00f; /* 0xdeadbeefにするとでコケる。 */
cr_id_buf->magic_number = CR_GEN_ID_MAGICCODE;
cr_id_buf->version = CR_GEN_ID_VERSION;
//--------------------------------------------------------------
@ -268,11 +268,9 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
#if 1
if( cr_print_flag ) {
printf("serialNo:\n");
for( i = 0 ; i < CR_NUM_OF_SERIAL ; i++ ) {
if( i == 0 ) printf(" 0x%08x\n", (unsigned int)serial[i] );
else if( i & 0x01 ) printf(" 0x%08x", (unsigned int)serial[i] );
else printf("%08x\n", (unsigned int)serial[i] );
}
printf(" 0x%08x\n", (unsigned int)serial[0] );
printf(" 0x%08x%08x\n", (unsigned int)serial[2], (unsigned int)serial[1] );
printf(" 0x%08x%08x\n", (unsigned int)serial[4], (unsigned int)serial[3] );
printf("\n");
}
#endif /* DEBUG_PRINT */
@ -286,7 +284,7 @@ int cr_generate_id( u32 serial[CR_NUM_OF_SERIAL], u8 id_buf[CR_ID_BUF_SIZE], u8
&cr_id_buf->hour,
&cr_id_buf->min,
&cr_id_buf->sec,
&cr_id_buf->deviceCertExpiryDate );
&cr_id_buf->expiryDate );
if ( ret_code != 0 ) {
goto end;
}

17
cr_generate_id_private.h
View File

@ -140,10 +140,15 @@ extern "C" {
#define CR_GEN_ID_VERSION 1
#ifdef USE_HSM
#define CR_GEN_ID_MAGICCODE 0xdeadb00f; /* 最終的にはこちらで動作。0xdeadbeefにするとRSAでコケる。 */
#else // !USE_HSM
#define CR_GEN_ID_MAGICCODE 0xabadf00d;
#endif // USE_HSM
#define CR_RANDOM_LENGTH 0x50
#define EC_PRIVATE_KEY_LENGTH 0x20
#define ECDSA_SIGN_LENGTH 0x44
#define CR_RSV_LENGTH 0x08
#define ECDSA_SIGN_LENGTH 0x3C
#define CR_RSV_LENGTH 0x10
#define EC_CURVE_NAME NID_sect233r1
typedef struct {
@ -164,12 +169,12 @@ typedef struct {
u8 hour; /* 0x1D */
u8 min; /* 0x1E */
u8 sec; /* 0x1F */
u32 expiryDate; /* 0x20 - 0x23 デバイス証明書期限 seconds from the Epoch (Jan 1, 1970 00:00) as a 32 bit */
u8 devicePrivKey[ EC_PRIVATE_KEY_LENGTH ];
/* 0x20 - 0x3F ECC233 private key (big endian) ユニーク性保証なし */
/* 0x24 - 0x43 ECC233 private key (big endian) ユニーク性保証なし */
u8 deviceCertSign[ ECDSA_SIGN_LENGTH ];
/* 0x40 - 0x83 ECC233 ECDSA signature (big endian) */
u32 deviceCertExpiryDate; /* 0x84 - 0x87 予約 */
u8 reserved[ CR_RSV_LENGTH ]; /* 0x88 - 0x8F 予約 */
/* 0x44 - 0x7F ECC233 ECDSA signature (big endian) */
u8 reserved[ CR_RSV_LENGTH ]; /* 0x80 - 0x8F 予約 */
u8 random[ CR_RANDOM_LENGTH ]; /* 0x90 - 0xDF 乱数 */
u8 hash[ SHA256_DIGEST_LENGTH ]; /* 0xE0 - 0xFF "0x00-0xDF"領域のSHA256ハッシュ */
} CR_ID_BUFFER; /* 合計256bytes = 2048bit */

54
cr_hsm_util.c
View File

@ -124,7 +124,7 @@
#include "cr_generate_id.h"
#include "cr_generate_id_private.h"
// タイムスタンプの取得
// 繧ソ繧、繝<EFBFBD>繧ケ繧ソ繝ウ繝励≦蜿門セ
int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSec, time_t *pTime)
{
int ret_code = 0;
@ -137,8 +137,7 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe
return ret_code;
}
#else // !USE_HSM
struct timezone tz;
gettimeofday(&tv,&tz);
gettimeofday( &tv, NULL );
#endif // USE_HSM
tm_time = gmtime( &tv.tv_sec );
@ -149,16 +148,35 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe
*pHour = (u8)tm_time->tm_hour;
*pMin = (u8)tm_time->tm_min;
*pSec = (u8)tm_time->tm_sec;
*pTime = tv.tv_sec;
#if 0
{
struct tm tm2;
time_t t2;
memset( &tm2, 0, sizeof(tm2) );
tm2.tm_year = *pYear;
tm2.tm_mon = *pMonth - 1;
tm2.tm_mday = *pMday;
tm2.tm_hour = *pHour;
tm2.tm_min = *pMin;
tm2.tm_sec = *pSec;
tm2.tm_isdst = 0; // 螟乗凾髢
t2 = gmt_mktime( &tm2 );
printf( "time_t = %08x\n", (int)t );
printf( "mktime = %08x\n", (int)t2 );
}
#endif
#ifdef DEBUG_PRINT
if( cr_print_flag ) {
printf("GMT:%d-%02d-%02d %02d:%02d:%02d\n",
*pYear+1900, /* 年 */
*pMonth, /* 月 */
*pMonth, /* 譛・*/
*pMday, /* 日 */
*pHour, /* 時 */
*pMin, /* 分 */
*pSec /* 秒 */
*pHour, /* 譎・*/
*pMin, /* 蛻・*/
*pSec /* 遘・*/
);
}
#endif /* DEBUG_PRINT */
@ -166,7 +184,27 @@ int GetTimestamp( u8 *pYear, u8 *pMonth, u8 *pMday, u8 *pHour, u8 *pMin, u8 *pSe
return ret_code;
}
// ランダム値の生成
#if 0
static time_t gmt_mktime( struct tm *tm_time )
{
time_t ret;
char *tz;
tz = getenv("TZ");
setenv("TZ", "", 1); // setenv, unsetenv縺慶ygwin縺ァ縺ッ菴ソ縺医↑縺・
tzset();
ret = mktime(tm_time); // mktime縺ッ繝ュ繝シ繧ォ繝ォ譎る俣縺ァ縺ョ螟画鋤縺ォ縺ェ繧九≦縺ァ縲》imezone繧偵こ繧「縺励↑縺・繝€繝。
if (tz)
setenv("TZ", tz, 1);
else
unsetenv("TZ");
tzset();
return ret;
}
#endif
// 繝ゥ繝ウ繝€<C280>蛟、縺ョ逕滓≦
int GenerateRandom( u8 *pDst, int length )
{
int ret_code = 0;