pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ /*
* mgmt-masterkey.c
* ----------------
* Masterkey CLI functions.
*
* Copyright (c) 2016, NORDUnet A/S All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of the NORDUnet nor the names of its contributors may
* be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
#define HAL_OK CMSIS_HAL_OK
#include "stm-init.h"
#include "stm-uart.h"
#include "mgmt-cli.h"
#include "mgmt-masterkey.h"
#undef HAL_OK
#define LIBHAL_OK HAL_OK
#include <hal.h>
#warning Refactor so we do not need to include hal_internal.h here
#include <hal_internal.h>
#undef HAL_OK
#include <stdlib.h>
static char * _status2str(const hal_error_t status)
{
switch (status) {
case LIBHAL_OK:
return (char *) "Set";
case HAL_ERROR_MASTERKEY_NOT_SET:
return (char *) "Not set";
default:
return (char *) "Unknown";
}
}
static int _parse_hex_groups(uint8_t *buf, size_t len, char *argv[], int argc)
{
int i;
uint32_t *dst = (uint32_t *) buf;
uint32_t *end = (uint32_t *) buf + len - 1;
char *err_ptr = NULL;
if (! argc) return 0;
for (i = 0; i < argc; i++) {
if (dst >= end) return -1;
*dst++ = strtoul(argv[i], &err_ptr, 16);
if (*err_ptr) return -2;
}
return 1;
}
static int cmd_masterkey_status(struct cli_def *cli, const char *command, char *argv[], int argc)
{
hal_error_t status;
cli_print(cli, "Status of master key:\n");
status = hal_mkm_volatile_read(NULL, 0);
cli_print(cli, " volatile: %s / %s", _status2str(status), hal_error_string(status));
status = hal_mkm_flash_read(NULL, 0);
cli_print(cli, " flash: %s / %s", _status2str(status), hal_error_string(status));
return CLI_OK;
}
static int _masterkey_set(struct cli_def *cli, char *argv[], int argc,
char *label, hal_error_t (*writer)(const uint8_t * const, const size_t))
{
uint8_t buf[KEK_LENGTH] = {0};
hal_error_t err;
int i;
if (argc == 0) {
/* fill master key with yummy randomness */
if ((err = hal_get_random(NULL, buf, sizeof(buf))) != LIBHAL_OK) {
cli_print(cli, "Error getting random key: %s", hal_error_string(err));
return CLI_ERROR;
}
cli_print(cli, "Random key:\n");
uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1);
cli_print(cli, "\n");
}
else {
if ((i = _parse_hex_groups(&buf[0], sizeof(buf), argv, argc)) != 1) {
cli_print(cli, "Failed parsing master key, expected up to 8 groups of 32-bit hex chars (%i)", i);
return CLI_ERROR;
}
cli_print(cli, "Parsed key:\n");
uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1);
cli_print(cli, "\n");
}
if ((err = writer(buf, sizeof(buf))) == LIBHAL_OK) {
cli_print(cli, "Master key set in %s memory", label);
} else {
cli_print(cli, "Failed writing key to %s memory: %s", label, hal_error_string(err));
}
return CLI_OK;
}
static int cmd_masterkey_set(struct cli_def *cli, const char *command, char *argv[], int argc)
{
return _masterkey_set(cli, argv, argc, "volatile", hal_mkm_volatile_write);
}
static int cmd_masterkey_erase(struct cli_def *cli, const char *command, char *argv[], int argc)
{
hal_error_t err;
if ((err = hal_mkm_volatile_erase(KEK_LENGTH)) == LIBHAL_OK) {
cli_print(cli, "Erased master key from volatile memory");
} else {
cli_print(cli, "Failed erasing master key from volatile memory: %s", hal_error_string(err));
}
return CLI_OK;
}
static int cmd_masterkey_unsecure_set(struct cli_def *cli, const char *command, char *argv[], int argc)
{
return _masterkey_set(cli, argv, argc, "flash", hal_mkm_flash_write);
}
static int cmd_masterkey_unsecure_erase(struct cli_def *cli, const char *command, char *argv[], int argc)
{
hal_error_t err;
if ((err = hal_mkm_flash_erase(KEK_LENGTH)) == LIBHAL_OK) {
cli_print(cli, "Erased unsecure master key from flash");
} else {
cli_print(cli, "Failed erasing unsecure master key from flash: %s", hal_error_string(err));
}
return CLI_OK;
}
void configure_cli_masterkey(struct cli_def *cli)
{
struct cli_command *c = cli_register_command(cli, NULL, "masterkey", NULL, 0, 0, NULL);
/* masterkey status */
cli_register_command(cli, c, "status", cmd_masterkey_status, 0, 0, "Show status of master key in RAM/flash");
/* masterkey set */
cli_register_command(cli, c, "set", cmd_masterkey_set, 0, 0, "Set the master key in the volatile Master Key Memory");
/* masterkey erase */
cli_register_command(cli, c, "erase", cmd_masterkey_erase, 0, 0, "Erase the master key from the volatile Master Key Memory");
struct cli_command *c_unsecure = cli_register_command(cli, c, "unsecure", NULL, 0, 0, NULL);
/* masterkey unsecure set */
cli_register_command(cli, c_unsecure, "set", cmd_masterkey_unsecure_set, 0, 0, "Set master key in unprotected flash memory (if unsure, DON'T)");
/* masterkey unsecure erase */
cli_register_command(cli, c_unsecure, "erase", cmd_masterkey_unsecure_erase, 0, 0, "Erase master key from unprotected flash memory");
}
|