/* ==================================================================== * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "cr_generate_id.h" #include "cr_generate_id_private.h" #include #include #include #include #include #include #include #ifdef USE_HSM #include "cr_hsm_code.h" #else // !USE_HSM #include #include #include "cr_eFuse_privKey_dev.c" #include "cr_eFuse_pubKey_dev.c" #include "cr_eFuse_privKey_prod.c" #include "cr_eFuse_pubKey_prod.c" #include "cr_eFuse_aesKey_dev.c" #include "cr_eFuse_iv_dev.c" #include "cr_eFuse_aesKey_prod.c" #include "cr_eFuse_iv_prod.c" extern RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); #endif // USE_HSM #ifdef ENCRYPT_AES static int crypto_aes_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption ); #else // !ENCRYPT_AES static int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption ); #endif // ENCRYPT_AES static unsigned char local_buf_1[CR_ID_BUF_SIZE]; static unsigned char local_buf_2[CR_ID_BUF_SIZE]; // ビルドスイッチに従ってAES or RSA で指定バッファを暗号化 int EncryptID( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption ) { #ifdef ENCRYPT_AES if( cr_print_flag ) printf( "[AES]\n"); return crypto_aes_enc_dec( dst_buf, org_buf, bondingOption ); // AES #else // !ENCRYPT_AES if( cr_print_flag ) printf( "[RSA]\n"); return crypto_rsa_enc_dec( dst_buf, org_buf, bondingOption ); // RSA pubKey enc #endif // ENCRYPT_AES } #ifdef ENCRYPT_AES // AES #ifdef USE_HSM int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption ) { int i; int ret_code = CR_GENID_SUCCESS; // encrypt ret_code = hsm_aes_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE, bondingOption ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // decyrpt ret_code = hsm_aes_decrypt( local_buf_2, local_buf_1, CR_ID_BUF_SIZE, bondingOption ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // ベリファイ for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ ) { if( org_buf[i] != local_buf_2[i] ) { ret_code = CR_GENID_ERROR_AES_VERIFY; SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } } memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE ); return CR_GENID_SUCCESS; } // hsm_crypto_aes_enc_dec #else // !USE_HSM int crypto_aes_enc_dec( unsigned char *dst_buf, unsigned char *org_buf, u8 bondingOption ) { int i; AES_KEY aesEncKey; AES_KEY aesDecKey; u8 temp_iv[16]; // 鍵データ取り出し。(ヘッダ部分0x10を除去。) char *pAesKey = (char *)( bondingOption ? cr_eFuse_aesKey_dev : cr_eFuse_aesKey_prod ) + 0x10; char *pIV = (char *)( bondingOption ? cr_eFuse_iv_dev : cr_eFuse_iv_prod ) + 0x10; memset( local_buf_1, 0, CR_ID_BUF_SIZE ); memset( local_buf_2, 0, CR_ID_BUF_SIZE ); if ( AES_set_encrypt_key( pAesKey, 128, &aesEncKey ) != 0 ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return CR_GENID_ERROR_AES_ENC; } if ( AES_set_decrypt_key( pAesKey, 128, &aesDecKey ) != 0 ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return CR_GENID_ERROR_AES_DEC; } memcpy( temp_iv, pIV, 16 ); AES_cbc_encrypt ( org_buf, local_buf_1, CR_ID_BUF_SIZE, &aesEncKey, temp_iv, AES_ENCRYPT ); memcpy( temp_iv, pIV, 16 ); AES_cbc_encrypt ( local_buf_1, local_buf_2, CR_ID_BUF_SIZE, &aesDecKey, temp_iv, AES_DECRYPT ); // ベリファイ for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ ) { if( org_buf[i] != local_buf_2[i] ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return CR_GENID_ERROR_AES_VERIFY; } } memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE ); return CR_GENID_SUCCESS; } // crypto_aes_enc_dec #endif // USE_HSM #else // !ENCRYPT_AES // RSA #ifdef USE_HSM int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption ) { int i; int ret_code = CR_GENID_SUCCESS; // encrypt ret_code = hsm_rsa_encrypt( local_buf_1, org_buf, CR_ID_BUF_SIZE, bondingOption ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // decyrpt ret_code = hsm_rsa_decrypt( local_buf_2, local_buf_1, CR_ID_BUF_SIZE, bondingOption ); if ( ret_code != CR_GENID_SUCCESS ) { SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } // ベリファイ for ( i = 0 ; i < CR_ID_BUF_SIZE ; i++ ) { if( org_buf[i] != local_buf_2[i] ) { ret_code = CR_GENID_ERROR_RSA_VERIFY; SetErrorInfo( __FUNCTION__, __LINE__ ); return ret_code; } } memcpy( dst_buf, local_buf_1, CR_ID_BUF_SIZE ); return CR_GENID_SUCCESS; } // hsm_crypto_rsa_enc_dec #else // USE_HSM int crypto_rsa_enc_dec( unsigned char *dst_buf,unsigned char *org_buf, u8 bondingOption ) { int ret_code = CR_GENID_SUCCESS; int rsa_outlen = 0; RSA *rsa_privkey = NULL; RSA *rsa_pubkey = NULL; memset(local_buf_1, 0,CR_ID_BUF_SIZE); memset(local_buf_2, 0,CR_ID_BUF_SIZE); // DERフォーマットのRSA鍵を読み込み { // bondingOptionによって、鍵を差し替え const unsigned char *der_priv = bondingOption ? cr_eFuse_privKey_dev : cr_eFuse_privKey_prod; const unsigned char *der_pub = bondingOption ? cr_eFuse_pubKey_dev : cr_eFuse_pubKey_prod; int priv_len = der_priv[ 8 ] | der_priv[ 9 ] << 8; // KEY長を取り出し int pub_len = der_pub [ 8 ] | der_pub [ 9 ] << 8; // 同上 der_priv += 0x10; // ヘッダ部分を除外してKEY実体を指定 der_pub += 0x10; // 同上 // コマンドラインのopensslが出力する秘密鍵は、PKCS#1 RSAPublicKeyフォーマットなので、この関数を使う。 rsa_privkey = d2i_RSAPrivateKey( NULL, &der_priv, priv_len ); if( rsa_privkey == NULL ) { ret_code = CR_GENID_ERROR_RSA_READ_PRIVATE_KEY; SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } // コマンドラインのopensslが出力する公開鍵は、SubjectPublicKeyInfo形式なので、この関数を使う。 rsa_pubkey = d2i_RSA_PUBKEY( NULL, &der_pub, pub_len ); if( rsa_pubkey == NULL ) { ret_code = CR_GENID_ERROR_RSA_READ_PUBLIC_KEY; SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } } if( (rsa_outlen = RSA_private_encrypt(CR_ID_BUF_SIZE, org_buf, local_buf_1, rsa_privkey, RSA_NO_PADDING)) == -1) { ret_code = CR_GENID_ERROR_RSA_ENC; SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } else { if((rsa_outlen = RSA_public_decrypt(rsa_outlen, local_buf_1, local_buf_2, rsa_pubkey, RSA_NO_PADDING)) == -1) { ret_code = CR_GENID_ERROR_RSA_DEC; SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } else { int i; int error_flag = 0; for( i = 0 ; i < CR_ID_BUF_SIZE ; i++ ) { if( org_buf[i] != local_buf_2[i] ) { error_flag++; } } if( error_flag ) { ret_code = CR_GENID_ERROR_RSA_VERIFY; SetErrorInfo( __FUNCTION__, __LINE__ ); goto end; } } } memcpy(dst_buf,local_buf_1,CR_ID_BUF_SIZE); end: if ( rsa_privkey ) RSA_free( rsa_privkey ); if ( rsa_pubkey ) RSA_free( rsa_pubkey ); return ret_code; } #endif // !USE_HSM #endif // ENCRYPT_AES