Only SO and wheel are allowed to upload.

Also add bootloader upload.

8 files changed, 284 insertions, 12 deletions

diff --git a/projects/hsm/Makefile b/projects/hsm/Makefile
index 06cfcc2..acb9962 100644
--- a/projects/hsm/Makefile
+++ b/projects/hsm/Makefile
@@ -3,7 +3,8 @@ PROJ = hsm
 # objs in addition to $(PROJ).o
 OBJS = crc32.o \
 	mgmt-cli.o \
-	mgmt-dfu.c \
+	mgmt-firmware.c \
+	mgmt-bootloader.c \
 	mgmt-fpga.c \
 	mgmt-keystore.c \
 	mgmt-masterkey.c \
diff --git a/projects/hsm/cryptech_upload b/projects/hsm/cryptech_upload
index 3dddcdc..722e37b 100755
--- a/projects/hsm/cryptech_upload
+++ b/projects/hsm/cryptech_upload
@@ -40,8 +40,7 @@ import getpass
 
 from binascii import crc32
 
-CHUNK_SIZE = 256
-FIRMWARE_CHUNK_SIZE = 256
+FIRMWARE_CHUNK_SIZE = 4096
 FPGA_CHUNK_SIZE = 4096
 
 
@@ -101,16 +100,20 @@ def _read(dst):
     #print ("Read {!r}".format(res))
     return res
 
+pin = None
 
 def _execute(dst, cmd):
+    global pin
     _write(dst, '\r')
     prompt = _read(dst)
     if prompt.endswith('Username: '):
         _write(dst, 'so\r')
         prompt = _read(dst)
-    if prompt.endswith('Password: '):
-        _write(dst, getpass.getpass('SO PIN: ') + '\r')
-        prompt = _read(dst)
+        if prompt.endswith('Password: '):
+            if not pin:
+                pin = getpass.getpass('SO PIN: ')
+            _write(dst, pin + '\r')
+            prompt = _read(dst)
     if not prompt.endswith('> '):
         #sys.stderr.write('Device does not seem to be ready for a file transfer (got {!r})\n'.format(prompt))
         return prompt
@@ -123,14 +126,16 @@ def send_file(filename, args, dst):
     size = s.st_size
     src = open(filename, 'rb')
     if args.fpga:
-        # Skip header in FPGA bitstream file
-        #size -= 0x64
-        #src.read(0x64)
         chunk_size = FPGA_CHUNK_SIZE
         response = _execute(dst, 'fpga bitstream upload')
     elif args.firmware:
         chunk_size = FIRMWARE_CHUNK_SIZE
         response = _execute(dst, 'firmware upload')
+        if 'Rebooting' in response:
+            response = _execute(dst, 'firmware upload')
+    elif args.bootloader:
+        chunk_size = FIRMWARE_CHUNK_SIZE
+        response = _execute(dst, 'bootloader upload')
     if 'Access denied' in response:
         print 'Access denied'
         return False
@@ -176,9 +181,14 @@ def send_file(filename, args, dst):
     src.close()
 
     if args.fpga:
+        # tell the fpga to read its new configuration
         _execute(dst, 'fpga reset')
 
-    _execute(dst, 'exit')
+    if args.fpga or args.bootloader:
+        # log out of the CLI
+        # firmware upgrade reboots, doesn't need an exit
+        _execute(dst, 'exit')
+
     return True
 
 
diff --git a/projects/hsm/mgmt-bootloader.c b/projects/hsm/mgmt-bootloader.c
new file mode 100644
index 0000000..a062fd9
--- /dev/null
+++ b/projects/hsm/mgmt-bootloader.c
@@ -0,0 +1,81 @@
+/*
+ * mgmt-bootloader.c
+ * -----------------
+ * CLI code for updating the bootloader.
+ *
+ * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
+#define HAL_OK CMSIS_HAL_OK
+#include "stm-init.h"
+#include "stm-uart.h"
+#include "stm-flash.h"
+#include "mgmt-cli.h"
+#include "mgmt-misc.h"
+#include "mgmt-bootloader.h"
+
+#undef HAL_OK
+#define HAL_OK LIBHAL_OK
+#include "hal.h"
+#undef HAL_OK
+
+extern hal_user_t user;
+
+static uint32_t dfu_offset;
+
+static int _flash_write_callback(uint8_t *buf, size_t len)
+{
+    stm_flash_write32(dfu_offset, (uint32_t *)buf, sizeof(buf)/4);
+    dfu_offset += DFU_UPLOAD_CHUNK_SIZE;
+    return 1;
+}
+
+static int cmd_bootloader_upload(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+    if (user < HAL_USER_SO) {
+        cli_print(cli, "Permission denied.");
+        return CLI_ERROR;
+    }
+
+    uint8_t buf[DFU_UPLOAD_CHUNK_SIZE];
+    dfu_offset = DFU_BOOTLOADER_ADDR;
+
+    cli_receive_data(cli, buf, sizeof(buf), _flash_write_callback);
+
+    cli_print(cli, "DFU offset now: %li (%li chunks)", dfu_offset, dfu_offset / DFU_UPLOAD_CHUNK_SIZE);
+    return CLI_OK;
+}
+
+void configure_cli_bootloader(struct cli_def *cli)
+{
+    cli_command_root(bootloader);
+
+    cli_command_node(bootloader, upload, "Upload new bootloader image");
+}
diff --git a/projects/hsm/mgmt-bootloader.h b/projects/hsm/mgmt-bootloader.h
new file mode 100644
index 0000000..31dbefc
--- /dev/null
+++ b/projects/hsm/mgmt-bootloader.h
@@ -0,0 +1,51 @@
+/*
+ * mgmt-bootloader.h
+ * ---------------
+ * Management CLI bootloader upgrade code.
+ *
+ * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __STM32_CLI_MGMT_BOOTLOADER_H
+#define __STM32_CLI_MGMT_BOOTLOADER_H
+
+#include <libcli.h>
+
+/* symbols defined in the linker script (STM32F429BI_bootloader.ld) */
+extern uint32_t CRYPTECH_BOOTLOADER_START;
+extern uint32_t CRYPTECH_BOOTLOADER_END;
+extern uint32_t CRYPTECH_DFU_CONTROL;
+
+#define DFU_BOOTLOADER_ADDR       ((uint32_t) &CRYPTECH_BOOTLOADER_START)
+#define DFU_BOOTLOADER_END_ADDR   ((uint32_t) &CRYPTECH_BOOTLOADER_END)
+#define DFU_UPLOAD_CHUNK_SIZE     4096
+
+extern void configure_cli_bootloader(struct cli_def *cli);
+
+#endif /* __STM32_CLI_MGMT_BOOTLOADER_H */
diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c
index 7789dd1..eeeaef5 100644
--- a/projects/hsm/mgmt-cli.c
+++ b/projects/hsm/mgmt-cli.c
@@ -43,7 +43,8 @@
 #include "stm-led.h"
 
 #include "mgmt-cli.h"
-#include "mgmt-dfu.h"
+#include "mgmt-firmware.h"
+#include "mgmt-bootloader.h"
 #include "mgmt-fpga.h"
 #include "mgmt-misc.h"
 #include "mgmt-show.h"
@@ -235,6 +236,7 @@ static int check_auth(const char *username, const char *password)
     if (hal_rpc_login(client, user, password, strlen(password)) == LIBHAL_OK)
         return CLI_OK;
 
+    user = HAL_USER_NONE;
     return CLI_ERROR;
 }
 
@@ -250,7 +252,8 @@ int cli_main(void)
     configure_cli_show(&cli);
     configure_cli_fpga(&cli);
     configure_cli_misc(&cli);
-    configure_cli_dfu(&cli);
+    configure_cli_firmware(&cli);
+    configure_cli_bootloader(&cli);
     configure_cli_keystore(&cli);
     configure_cli_masterkey(&cli);
 
@@ -258,6 +261,7 @@ int cli_main(void)
         embedded_cli_loop(&cli);
         /* embedded_cli_loop returns when the user enters 'quit' or 'exit' */
         cli_print(&cli, "\nLogging out...\n");
+        user = HAL_USER_NONE;
     }
 
     /*NOTREACHED*/
diff --git a/projects/hsm/mgmt-firmware.c b/projects/hsm/mgmt-firmware.c
new file mode 100644
index 0000000..1a0e184
--- /dev/null
+++ b/projects/hsm/mgmt-firmware.c
@@ -0,0 +1,69 @@
+/*
+ * mgmt-firmware.c
+ * ---------------
+ * CLI code for managing the loaded firmware.
+ *
+ * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
+#define HAL_OK CMSIS_HAL_OK
+#include "stm-init.h"
+#include "mgmt-cli.h"
+#include "stm-uart.h"
+#include "stm-flash.h"
+
+#undef HAL_OK
+#define HAL_OK LIBHAL_OK
+#include "hal.h"
+#undef HAL_OK
+
+extern hal_user_t user;
+
+static int cmd_firmware_upload(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+    if (user < HAL_USER_SO) {
+        cli_print(cli, "Permission denied.");
+        return CLI_ERROR;
+    }
+
+    /* reboot and let the bootloader handle the upload */
+    cli_print(cli, "\n\n\nRebooting\n\n\n");
+    HAL_NVIC_SystemReset();
+
+    /*NOTREACHED*/
+    return CLI_OK;
+}
+
+void configure_cli_firmware(struct cli_def *cli)
+{
+    cli_command_root(firmware);
+
+    cli_command_node(firmware, upload, "Upload new firmware image");
+}
diff --git a/projects/hsm/mgmt-firmware.h b/projects/hsm/mgmt-firmware.h
new file mode 100644
index 0000000..af7c67c
--- /dev/null
+++ b/projects/hsm/mgmt-firmware.h
@@ -0,0 +1,42 @@
+/*
+ * mgmt-firmware.h
+ * ---------------
+ * Management CLI Device Firmware Upgrade code.
+ *
+ * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __STM32_CLI_MGMT_FIRMWARE_H
+#define __STM32_CLI_MGMT_FIRMWARE_H
+
+#include <libcli.h>
+
+extern void configure_cli_firmware(struct cli_def *cli);
+
+#endif /* __STM32_CLI_MGMT_FIRMWARE_H */
diff --git a/projects/hsm/mgmt-fpga.c b/projects/hsm/mgmt-fpga.c
index b6eea3d..b74392e 100644
--- a/projects/hsm/mgmt-fpga.c
+++ b/projects/hsm/mgmt-fpga.c
@@ -32,6 +32,8 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
+#define HAL_OK CMSIS_HAL_OK
 #include "stm-init.h"
 #include "stm-uart.h"
 #include "stm-fpgacfg.h"
@@ -40,9 +42,16 @@
 #include "mgmt-fpga.h"
 #include "mgmt-misc.h"
 
+#undef HAL_OK
+#define HAL_OK LIBHAL_OK
+#include "hal.h"
+#undef HAL_OK
+
 #include <string.h>
 
 
+extern hal_user_t user;
+
 static volatile uint32_t dfu_offset = 0;
 
 
@@ -54,6 +63,11 @@ static int _flash_write_callback(uint8_t *buf, size_t len) {
 
 static int cmd_fpga_bitstream_upload(struct cli_def *cli, const char *command, char *argv[], int argc)
 {
+    if (user < HAL_USER_SO) {
+        cli_print(cli, "Permission denied.");
+        return CLI_ERROR;
+    }
+
     uint8_t buf[BITSTREAM_UPLOAD_CHUNK_SIZE];
 
     dfu_offset = 0;