diff options
31 files changed, 1107 insertions, 123 deletions
@@ -1,9 +1,10 @@ *.a -*.o -*.mo *.bin *.elf *.hex *.lst *.map +*.mo +*.o *~ +libraries/libtfm/tfm.h diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index d3946e7..0000000 --- a/.gitmodules +++ /dev/null @@ -1,9 +0,0 @@ -[submodule "libhal"] - path = libraries/libhal - url = git@git.cryptech.is:sw/libhal.git -[submodule "thirdparty/libtfm"] - path = libraries/thirdparty/libtfm - url = git@git.cryptech.is:sw/thirdparty/libtfm.git -[submodule "libraries/libcli"] - path = libraries/libcli - url = git@git.cryptech.is:user/ft/libcli @@ -28,21 +28,26 @@ # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # absolute path, because we're going to be passing things to sub-makes -export TOPLEVEL = $(shell pwd) +export TOPLEVEL = $(abspath .) +export CRYPTECH_ROOT = $(abspath ../..) # define board: dev-bridge or alpha BOARD = TARGET_CRYPTECH_ALPHA -#BOARD = TARGET_CRYPTECH_DEV_BRIDGE -# Location of the Libraries folder from the STM32F4 Standard Peripheral Library export LIBS_DIR = $(TOPLEVEL)/libraries export MBED_DIR = $(LIBS_DIR)/mbed export CMSIS_DIR = $(MBED_DIR)/targets/cmsis/TARGET_STM/TARGET_STM32F4 export BOARD_DIR = $(CMSIS_DIR)/$(BOARD) export RTOS_DIR = $(MBED_DIR)/rtos -export LIBTFM_DIR = $(LIBS_DIR)/thirdparty/libtfm -export LIBHAL_DIR = $(LIBS_DIR)/libhal -export LIBCLI_DIR = $(LIBS_DIR)/libcli + +export LIBHAL_SRC = $(CRYPTECH_ROOT)/sw/libhal +export LIBHAL_BLD = $(LIBS_DIR)/libhal + +export LIBCLI_SRC = $(CRYPTECH_ROOT)/user/ft/libcli +export LIBCLI_BLD = $(LIBS_DIR)/libcli + +export LIBTFM_SRC = $(CRYPTECH_ROOT)/sw/thirdparty/libtfm +export LIBTFM_BLD = $(LIBS_DIR)/libtfm export LIBS = $(MBED_DIR)/libstmf4.a @@ -95,7 +100,6 @@ CFLAGS += -I$(MBED_DIR)/targets/cmsis/TARGET_STM/TARGET_STM32F4 CFLAGS += -I$(MBED_DIR)/targets/cmsis/TARGET_STM/TARGET_STM32F4/$(BOARD) CFLAGS += -I$(MBED_DIR)/targets/hal/TARGET_STM/TARGET_STM32F4 CFLAGS += -I$(MBED_DIR)/targets/hal/TARGET_STM/TARGET_STM32F4/$(BOARD) -CFLAGS += -DHAL_RSA_USE_MODEXP=0 export CFLAGS %.o : %.c @@ -104,10 +108,7 @@ export CFLAGS %.o : %.S $(CC) $(CFLAGS) -c -o $@ $< -all: board-test cli-test libhal-test hsm - -init: - git submodule update --init --recursive --remote +all: board-test cli-test libhal-test hsm bootloader $(MBED_DIR)/libstmf4.a: $(MAKE) -C $(MBED_DIR) @@ -115,7 +116,7 @@ $(MBED_DIR)/libstmf4.a: board-test: $(BOARD_OBJS) $(LIBS) $(MAKE) -C projects/board-test -cli-test: $(BOARD_OBJS) $(LIBS) $(LIBCLI_DIR)/libcli.a +cli-test: $(BOARD_OBJS) $(LIBS) $(LIBCLI_BLD)/libcli.a $(LIBHAL_BLD)/libhal.a $(RTOS_DIR)/librtos.a $(MAKE) -C projects/cli-test $(RTOS_DIR)/librtos.a: @@ -124,19 +125,19 @@ $(RTOS_DIR)/librtos.a: rtos-test: $(RTOS_OBJS) $(LIBS) $(RTOS_DIR)/librtos.a $(MAKE) -C projects/rtos-test -$(LIBTFM_DIR)/libtfm.a: - $(MAKE) -C $(LIBTFM_DIR) PREFIX=$(PREFIX) +$(LIBTFM_BLD)/libtfm.a: + $(MAKE) -C $(LIBTFM_BLD) PREFIX=$(PREFIX) -$(LIBHAL_DIR)/libhal.a: $(LIBTFM_DIR)/libtfm.a - $(MAKE) -C $(LIBHAL_DIR) IO_BUS=fmc RPC_SERVER=yes RPC_TRANSPORT=serial KS=volatile libhal.a +$(LIBHAL_BLD)/libhal.a: $(LIBTFM_BLD)/libtfm.a + $(MAKE) -C $(LIBHAL_BLD) IO_BUS=fmc RPC_MODE=server RPC_TRANSPORT=serial KS=flash libhal.a -$(LIBCLI_DIR)/libcli.a: - $(MAKE) -C $(LIBCLI_DIR) +$(LIBCLI_BLD)/libcli.a: + $(MAKE) -C $(LIBCLI_BLD) -libhal-test: $(BOARD_OBJS) $(LIBS) $(LIBHAL_DIR)/libhal.a +libhal-test: $(BOARD_OBJS) $(LIBS) $(LIBHAL_BLD)/libhal.a $(MAKE) -C projects/libhal-test -hsm: $(BOARD_OBJS) $(LIBS) $(LIBHAL_DIR)/libhal.a $(RTOS_DIR)/librtos.a +hsm: $(BOARD_OBJS) $(LIBS) $(LIBHAL_BLD)/libhal.a $(RTOS_DIR)/librtos.a $(LIBCLI_BLD)/libcli.a $(MAKE) -C projects/hsm bootloader: $(BOARD_OBJS) $(LIBS) @@ -145,7 +146,7 @@ bootloader: $(BOARD_OBJS) $(LIBS) # don't automatically delete objects, to avoid a lot of unnecessary rebuilding .SECONDARY: $(BOARD_OBJS) -.PHONY: board-test rtos-test libhal-test cli-test +.PHONY: board-test rtos-test libhal-test cli-test hsm bootloader clean: rm -f $(BOARD_OBJS) @@ -158,5 +159,6 @@ clean: distclean: clean $(MAKE) -C $(MBED_DIR) clean $(MAKE) -C $(RTOS_DIR) clean - $(MAKE) -C $(LIBHAL_DIR) clean - $(MAKE) -C $(LIBTFM_DIR) clean + $(MAKE) -C $(LIBHAL_BLD) clean + $(MAKE) -C $(LIBTFM_BLD) clean + $(MAKE) -C $(LIBCLI_BLD) clean @@ -6,7 +6,11 @@ OPENOCD=openocd OPENOCD_BOARD_DIR=/usr/share/openocd/scripts/board OPENOCD_PROC_FILE=stm32f4discovery.cfg if [ "x`lsusb -d 0483:374b`" != "x" ]; then - OPENOCD_PROC_FILE=st_nucleo_f4.cfg + for fn in st_nucleo_f4.cfg st_nucleo_f401re.cfg; do + if [ -f "$OPENOCD_BOARD_DIR/$fn" ]; then + OPENOCD_PROC_FILE="$fn" + fi + done fi $OPENOCD -f $OPENOCD_BOARD_DIR/$OPENOCD_PROC_FILE & diff --git a/bin/flash-target b/bin/flash-target index 0d60c85..7149c9f 100755 --- a/bin/flash-target +++ b/bin/flash-target @@ -22,7 +22,17 @@ OPENOCD_BOARD_DIR=/usr/share/openocd/scripts/board # OPENOCD_PROC_FILE=stm32f4discovery.cfg if [ "x`lsusb -d 0483:374b`" != "x" ]; then - OPENOCD_PROC_FILE=st_nucleo_f4.cfg + for fn in st_nucleo_f4.cfg st_nucleo_f401re.cfg; do + if [ -f "$OPENOCD_BOARD_DIR/$fn" ]; then + OPENOCD_PROC_FILE="$fn" + fi + done fi -$OPENOCD -f $OPENOCD_BOARD_DIR/$OPENOCD_PROC_FILE -c "program $PROJ.elf verify reset exit" +# This used to be "... verify reset exit", but that fails on Debian Jessie. +# The Net of a Million Lies claims that the "exit" is unnecessary, so the +# simplest solution is just to omit it. Should this turn out to be a mistake, +# well, we'll have to do something more clever to deal with these silly version +# skew problems between the several versions of openocd in current use. + +$OPENOCD -f $OPENOCD_BOARD_DIR/$OPENOCD_PROC_FILE -c "program $PROJ.elf verify reset" # exit @@ -21,7 +21,11 @@ OPENOCD_BOARD_DIR=/usr/share/openocd/scripts/board # OPENOCD_PROC_FILE=stm32f4discovery.cfg if [ "x`lsusb -d 0483:374b`" != "x" ]; then - OPENOCD_PROC_FILE=st_nucleo_f4.cfg + for fn in st_nucleo_f4.cfg st_nucleo_f401re.cfg; do + if [ -f "$OPENOCD_BOARD_DIR/$fn" ]; then + OPENOCD_PROC_FILE="$fn" + fi + done fi $OPENOCD -f $OPENOCD_BOARD_DIR/$OPENOCD_PROC_FILE -c "init" -c "reset run" -c "exit" diff --git a/libraries/libcli b/libraries/libcli deleted file mode 160000 -Subproject 1a5727c568e36b927ef2088b2b02bae4c84933f diff --git a/libraries/libcli/Makefile b/libraries/libcli/Makefile new file mode 100644 index 0000000..bbd686d --- /dev/null +++ b/libraries/libcli/Makefile @@ -0,0 +1,10 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../..) +endif + +REPO := ${CRYPTECH_ROOT}/user/ft/libcli + +vpath %.c ${REPO} +vpath %.h ${REPO} + +include ${REPO}/Makefile diff --git a/libraries/libhal b/libraries/libhal deleted file mode 160000 -Subproject 60cce0124f2fc3eddca03ed3950da9238247a61 diff --git a/libraries/libhal/Makefile b/libraries/libhal/Makefile new file mode 100644 index 0000000..fbc3473 --- /dev/null +++ b/libraries/libhal/Makefile @@ -0,0 +1,10 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../..) +endif + +REPO := ${CRYPTECH_ROOT}/sw/libhal + +vpath %.c ${REPO} +vpath %.h ${REPO} + +include ${REPO}/Makefile diff --git a/libraries/libhal/tests/Makefile b/libraries/libhal/tests/Makefile new file mode 100644 index 0000000..7553427 --- /dev/null +++ b/libraries/libhal/tests/Makefile @@ -0,0 +1,10 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../../..) +endif + +REPO := ${CRYPTECH_ROOT}/sw/libhal + +vpath %.c ${REPO}/tests +vpath %.h ${REPO}/tests + +include ${REPO}/tests/Makefile diff --git a/libraries/libhal/utils/Makefile b/libraries/libhal/utils/Makefile new file mode 100644 index 0000000..43fbe0d --- /dev/null +++ b/libraries/libhal/utils/Makefile @@ -0,0 +1,10 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../../..) +endif + +REPO := ${CRYPTECH_ROOT}/sw/libhal + +vpath %.c ${REPO}/utils +vpath %.h ${REPO}/utils + +include ${REPO}/utils/Makefile diff --git a/libraries/libtfm/Makefile b/libraries/libtfm/Makefile new file mode 100644 index 0000000..4dfcb45 --- /dev/null +++ b/libraries/libtfm/Makefile @@ -0,0 +1,46 @@ + +# This duplicates more of sw/thirdparty/libtfm/Makefile than I +# would like, but it does the job. Prettier makefiles can wait for another day. + +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../..) +endif + +REPO := ${CRYPTECH_ROOT}/sw/thirdparty/libtfm + +# vpath %.c ${REPO} +# vpath %.h ${REPO} + +BITS := 8192 + +HDR := ${REPO}/tomsfastmath/src/headers/tfm.h +LIB := tomsfastmath/libtfm.a + +#CFLAGS += -DTFM_X86 +#CFLAGS += -DTFM_NO_ASM + +CFLAGS += -fPIC -Wall -W -Wshadow -I${REPO}/tomsfastmath/src/headers -g3 -DFP_MAX_SIZE="(${BITS}*2+(8*DIGIT_BIT))" + +TARGETS := $(notdir ${HDR} ${LIB}) + +all: ${TARGETS} + +clean: + rm -rf ${TARGETS} $(notdir ${HDR}.tmp) ${LIB} tomsfastmath/src + +distclean: clean + rm -f TAGS + +$(notdir ${HDR}): ${HDR} + echo >$@.tmp '/* Configure size of largest bignum we want to handle -- see notes in tfm.pdf */' + echo >>$@.tmp '#define FP_MAX_SIZE (${BITS}*2+(8*DIGIT_BIT))' + echo >>$@.tmp '' + cat >>$@.tmp $^ + mv -f $@.tmp $@ + +$(notdir ${LIB}): ${LIB} + ln -f $^ $@ + +${LIB}: ${HDR} + (cd ${REPO} && find tomsfastmath/src -type d) | xargs mkdir -p + cd tomsfastmath; ${MAKE} CFLAGS='${CFLAGS}' diff --git a/libraries/libtfm/tomsfastmath/Makefile b/libraries/libtfm/tomsfastmath/Makefile new file mode 100644 index 0000000..7141763 --- /dev/null +++ b/libraries/libtfm/tomsfastmath/Makefile @@ -0,0 +1,8 @@ +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../../..) +endif + +vpath %.c ${CRYPTECH_ROOT}/sw/thirdparty/libtfm/tomsfastmath +vpath %.h ${CRYPTECH_ROOT}/sw/thirdparty/libtfm/tomsfastmath + +include ${CRYPTECH_ROOT}/sw/thirdparty/libtfm/tomsfastmath/makefile diff --git a/libraries/thirdparty/libtfm b/libraries/thirdparty/libtfm deleted file mode 160000 -Subproject e2eab1093a134e5a655d1ccad23a31b2b8252c6 diff --git a/projects/cli-test/Makefile b/projects/cli-test/Makefile index e043566..ba80c88 100644 --- a/projects/cli-test/Makefile +++ b/projects/cli-test/Makefile @@ -1,6 +1,6 @@ TEST = cli-test -OBJS = crc32.o test_sdram.o mgmt-cli.o mgmt-dfu.c mgmt-fpga.c mgmt-misc.c mgmt-show.c mgmt-test.c +OBJS = crc32.o test_sdram.o mgmt-cli.o mgmt-dfu.c mgmt-fpga.c mgmt-misc.c mgmt-show.c mgmt-test.c mgmt-keystore.o BOARD_OBJS = \ $(TOPLEVEL)/stm-init.o \ @@ -18,10 +18,10 @@ BOARD_OBJS = \ $(BOARD_DIR)/stm32f4xx_hal_msp.o \ $(BOARD_DIR)/stm32f4xx_it_rtos.o -CFLAGS += -I$(LIBCLI_DIR) +CFLAGS += -I$(LIBCLI_SRC) -I$(LIBHAL_SRC) CFLAGS += -I$(RTOS_DIR)/rtos -I$(RTOS_DIR)/rtx/TARGET_CORTEX_M -LIBS += $(LIBCLI_DIR)/libcli.a $(RTOS_DIR)/librtos.a +LIBS += $(LIBCLI_BLD)/libcli.a $(LIBHAL_BLD)/libhal.a $(RTOS_DIR)/librtos.a all: $(TEST:=.elf) diff --git a/projects/cli-test/cli-test.c b/projects/cli-test/cli-test.c index 7bac84e..10b31a4 100644 --- a/projects/cli-test/cli-test.c +++ b/projects/cli-test/cli-test.c @@ -40,6 +40,7 @@ #include "mgmt-misc.h" #include "mgmt-show.h" #include "mgmt-test.h" +#include "mgmt-keystore.h" #include <string.h> #include <strings.h> @@ -95,6 +96,7 @@ main() configure_cli_test(&cli); configure_cli_misc(&cli); configure_cli_dfu(&cli); + configure_cli_keystore(&cli); led_off(LED_RED); led_on(LED_GREEN); diff --git a/projects/cli-test/mgmt-keystore.c b/projects/cli-test/mgmt-keystore.c new file mode 100644 index 0000000..14d8e1b --- /dev/null +++ b/projects/cli-test/mgmt-keystore.c @@ -0,0 +1,286 @@ +/* + * mgmt-keystore.c + * --------------- + * CLI 'keystore' commands. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#define HAL_OK CMSIS_HAL_OK + +#include "stm-init.h" +#include "stm-keystore.h" +#include "stm-fpgacfg.h" +#include "stm-uart.h" + +#include "mgmt-cli.h" +#include "mgmt-show.h" + +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ +#undef HAL_OK +#define LIBHAL_OK HAL_OK +#include "hal.h" +#define HAL_STATIC_PKEY_STATE_BLOCKS 6 +#include "hal_internal.h" +#undef HAL_OK + +#include <string.h> + + +int cmd_keystore_set_pin(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + const hal_ks_keydb_t *db; + hal_user_t user; + hal_ks_pin_t pin; + hal_error_t status; + + db = hal_ks_get_keydb(); + + if (db == NULL) { + cli_print(cli, "Could not get a keydb from libhal"); + return CLI_OK; + } + + if (argc != 3) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore set pin <user|so|wheel> <iterations> <pin>"); + return CLI_ERROR; + } + + user = HAL_USER_NONE; + if (strcmp(argv[0], "user") == 0) user = HAL_USER_NORMAL; + if (strcmp(argv[0], "so") == 0) user = HAL_USER_SO; + if (strcmp(argv[0], "wheel") == 0) user = HAL_USER_WHEEL; + if (user == HAL_USER_NONE) { + cli_print(cli, "First argument must be 'user', 'so' or 'wheel' - not '%s'", argv[0]); + return CLI_ERROR; + } + + pin.iterations = strtol(argv[1], NULL, 0); + + /* We don't actually PBKDF2 the given PIN yet, just testing */ + strncpy((char *) pin.pin, argv[2], sizeof(pin.pin)); + + if ((status = hal_ks_set_pin(user, &pin)) != LIBHAL_OK) { + cli_print(cli, "Failed setting PIN: %s", hal_error_string(status)); + return CLI_ERROR; + } + + return CLI_OK; +} + +int cmd_keystore_set_key(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + int hint = 0; + + if (argc != 2) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore set key <name> <der>"); + return CLI_ERROR; + } + + if ((status = hal_ks_store(HAL_KEY_TYPE_EC_PUBLIC, + HAL_CURVE_NONE, + 0, + (uint8_t *) argv[0], strlen(argv[0]), + (uint8_t *) argv[1], strlen(argv[1]), + &hint)) != LIBHAL_OK) { + + cli_print(cli, "Failed storing key: %s", hal_error_string(status)); + return CLI_ERROR; + } + + cli_print(cli, "Stored key %i", hint); + + return CLI_OK; +} + +int cmd_keystore_delete_key(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + int hint = 0; + + if (argc != 1) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore delete key <name>"); + return CLI_ERROR; + } + + if ((status = hal_ks_delete(HAL_KEY_TYPE_EC_PUBLIC, + (uint8_t *) argv[0], strlen(argv[0]), + &hint)) != LIBHAL_OK) { + + cli_print(cli, "Failed deleting key: %s", hal_error_string(status)); + return CLI_ERROR; + } + + cli_print(cli, "Deleted key %i", hint); + + return CLI_OK; +} + +int cmd_keystore_rename_key(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + int hint = 0; + + if (argc != 2) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore rename key <name> <new name>"); + return CLI_ERROR; + } + + if ((status = hal_ks_rename(HAL_KEY_TYPE_EC_PUBLIC, + (uint8_t *) argv[0], strlen(argv[0]), + (uint8_t *) argv[1], strlen(argv[1]), + &hint)) != LIBHAL_OK) { + + cli_print(cli, "Failed renaming key: %s", hal_error_string(status)); + return CLI_ERROR; + } + + cli_print(cli, "Renamed key %i", hint); + + return CLI_OK; +} + +int cmd_keystore_show_data(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint8_t buf[KEYSTORE_PAGE_SIZE]; + uint32_t i; + + if (keystore_check_id() != 1) { + cli_print(cli, "ERROR: The keystore memory is not accessible."); + } + + memset(buf, 0, sizeof(buf)); + if ((i = keystore_read_data(0, buf, sizeof(buf))) != 1) { + cli_print(cli, "Failed reading first page from keystore memory: %li", i); + return CLI_ERROR; + } + + cli_print(cli, "First page from keystore memory:\r\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\n"); + + for (i = 0; i < 8; i++) { + if (buf[i] == 0xff) break; /* never written */ + if (buf[i] != 0x55) break; /* something other than a tombstone */ + } + /* As a demo, tombstone byte after byte of the first 8 bytes in the keystore memory + * (as long as they do not appear to contain real data). + * If all of them are tombstones, erase the first sector to start over. + */ + + /* + if (i < 8) { + if (buf[i] == 0xff) { + cli_print(cli, "Tombstoning byte %li", i); + buf[i] = 0x55; + if ((i = keystore_write_data(0, buf, sizeof(buf))) != 1) { + cli_print(cli, "Failed writing data at offset 0: %li", i); + return CLI_ERROR; + } + } + } else { + cli_print(cli, "Erasing first sector since all the first 8 bytes are tombstones"); + if ((i = keystore_erase_sectors(1, 1)) != 1) { + cli_print(cli, "Failed erasing the first sector: %li", i); + return CLI_ERROR; + } + cli_print(cli, "Erase result: %li", i); + } + */ + + return CLI_OK; +} + +int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + const hal_ks_keydb_t *db; + + db = hal_ks_get_keydb(); + + if (db == NULL) { + cli_print(cli, "Could not get a keydb from libhal"); + return CLI_OK; + } + + cli_print(cli, "Sizeof db->keys is %i, sizeof one key is %i\n", sizeof(db->keys), sizeof(*db->keys)); + + for (int i = 0; i < sizeof(db->keys)/sizeof(*db->keys); i++) { + if (! db->keys[i].in_use) { + cli_print(cli, "Key %i, not in use", i); + } else { + cli_print(cli, "Key %i, in use 0x%x, name '%s' der '%s'", + i, db->keys[i].in_use, db->keys[i].name, db->keys[i].der); + } + } + + cli_print(cli, "\nPins:"); + cli_print(cli, "Wheel iterations: 0x%lx", db->wheel_pin.iterations); + cli_print(cli, "SO iterations: 0x%lx", db->so_pin.iterations); + cli_print(cli, "User iterations: 0x%lx", db->user_pin.iterations); + cli_print(cli, "\n"); + + return CLI_OK; +} + +void configure_cli_keystore(struct cli_def *cli) +{ + /* keystore */ + cli_command_root(keystore); + /* keystore set */ + cli_command_branch(keystore, set); + /* keystore delete */ + cli_command_branch(keystore, delete); + /* keystore rename */ + cli_command_branch(keystore, rename); + /* keystore show */ + cli_command_branch(keystore, show); + + /* keystore set pin */ + cli_command_node(keystore_set, pin, "Set either 'wheel', 'user' or 'so' PIN"); + + /* keystore set key */ + cli_command_node(keystore_set, key, "Set a key"); + + /* keystore delete key */ + cli_command_node(keystore_delete, key, "Delete a key"); + + /* keystore rename key */ + cli_command_node(keystore_rename, key, "Rename a key"); + + /* keystore show data */ + cli_command_node(keystore_show, data, "Dump the first page from the keystore memory"); + + /* keystore show keys */ + cli_command_node(keystore_show, keys, "Show what PINs and keys are in the keystore"); +} diff --git a/projects/cli-test/mgmt-keystore.h b/projects/cli-test/mgmt-keystore.h new file mode 100644 index 0000000..62efa51 --- /dev/null +++ b/projects/cli-test/mgmt-keystore.h @@ -0,0 +1,43 @@ +/* + * mgmt-keystore.h + * ---------- + * Management CLI 'keystore' functions. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_CLI_MGMT_KEYSTORE_H +#define __STM32_CLI_MGMT_KEYSTORE_H + +#include "stm-init.h" +#include <libcli.h> + +extern void configure_cli_keystore(struct cli_def *cli); + +#endif /* __STM32_CLI_MGMT_KEYSTORE_H */ diff --git a/projects/cli-test/mgmt-show.c b/projects/cli-test/mgmt-show.c index 3ae196e..80a74cb 100644 --- a/projects/cli-test/mgmt-show.c +++ b/projects/cli-test/mgmt-show.c @@ -32,6 +32,8 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#define HAL_OK CMSIS_HAL_OK + #include "stm-init.h" #include "stm-keystore.h" #include "stm-fpgacfg.h" @@ -40,6 +42,15 @@ #include "mgmt-cli.h" #include "mgmt-show.h" +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ +#undef HAL_OK +#define LIBHAL_OK HAL_OK +#include "hal.h" + +#define HAL_STATIC_PKEY_STATE_BLOCKS 6 +#include "hal_internal.h" +#undef HAL_OK + #include <string.h> @@ -66,54 +77,6 @@ int cmd_show_keystore_status(struct cli_def *cli, const char *command, char *arg return CLI_OK; } -int cmd_show_keystore_data(struct cli_def *cli, const char *command, char *argv[], int argc) -{ - uint8_t buf[KEYSTORE_PAGE_SIZE]; - uint32_t i; - - if (keystore_check_id() != 1) { - cli_print(cli, "ERROR: The keystore memory is not accessible."); - } - - memset(buf, 0, sizeof(buf)); - if ((i = keystore_read_data(0, buf, sizeof(buf))) != 1) { - cli_print(cli, "Failed reading first page from keystore memory: %li", i); - return CLI_ERROR; - } - - cli_print(cli, "First page from keystore memory:\r\n"); - uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); - uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\n"); - - for (i = 0; i < 8; i++) { - if (buf[i] == 0xff) break; /* never written */ - if (buf[i] != 0x55) break; /* something other than a tombstone */ - } - /* As a demo, tombstone byte after byte of the first 8 bytes in the keystore memory - * (as long as they do not appear to contain real data). - * If all of them are tombstones, erase the first sector to start over. - */ - if (i < 8) { - if (buf[i] == 0xff) { - cli_print(cli, "Tombstoning byte %li", i); - buf[i] = 0x55; - if ((i = keystore_write_data(0, buf, sizeof(buf))) != 1) { - cli_print(cli, "Failed writing data at offset 0: %li", i); - return CLI_ERROR; - } - } - } else { - cli_print(cli, "Erasing first sector since all the first 8 bytes are tombstones"); - if ((i = keystore_erase_sectors(1)) != 1) { - cli_print(cli, "Failed erasing the first sector: %li", i); - return CLI_ERROR; - } - cli_print(cli, "Erase result: %li", i); - } - - return CLI_OK; -} - void configure_cli_show(struct cli_def *cli) { /* show */ @@ -129,5 +92,4 @@ void configure_cli_show(struct cli_def *cli) cli_command_branch(show, keystore); /* show keystore status*/ cli_command_node(show_keystore, status, "Show status of the keystore memory"); - cli_command_node(show_keystore, data, "Show the first page of the keystore memory"); } diff --git a/projects/cli-test/mgmt-show.h b/projects/cli-test/mgmt-show.h index 0d7ba3a..e459acb 100644 --- a/projects/cli-test/mgmt-show.h +++ b/projects/cli-test/mgmt-show.h @@ -1,5 +1,5 @@ /* - * mgmt-misc.h + * mgmt-show.h * ----------- * Management CLI 'show' functions. * diff --git a/projects/hsm/Makefile b/projects/hsm/Makefile index 55e021f..06cfcc2 100644 --- a/projects/hsm/Makefile +++ b/projects/hsm/Makefile @@ -1,7 +1,14 @@ PROJ = hsm # objs in addition to $(PROJ).o -OBJS = crc32.o mgmt-cli.o mgmt-dfu.c mgmt-fpga.c mgmt-misc.c mgmt-show.c +OBJS = crc32.o \ + mgmt-cli.o \ + mgmt-dfu.c \ + mgmt-fpga.c \ + mgmt-keystore.c \ + mgmt-masterkey.c \ + mgmt-misc.c \ + mgmt-show.c BOARD_OBJS = \ $(TOPLEVEL)/stm-init.o \ @@ -19,13 +26,17 @@ BOARD_OBJS = \ $(BOARD_DIR)/stm32f4xx_hal_msp.o \ $(BOARD_DIR)/stm32f4xx_it_rtos.o -CFLAGS += -I$(LIBHAL_DIR) -CFLAGS += -I$(LIBCLI_DIR) +ifndef CRYPTECH_ROOT + CRYPTECH_ROOT := $(abspath ../../../..) +endif + +CFLAGS += -I$(LIBHAL_SRC) +CFLAGS += -I$(LIBCLI_SRC) CFLAGS += -I$(RTOS_DIR)/rtos -I$(RTOS_DIR)/rtx/TARGET_CORTEX_M -LIBS += $(LIBHAL_DIR)/libhal.a $(LIBTFM_DIR)/libtfm.a +LIBS += $(LIBHAL_BLD)/libhal.a $(LIBTFM_BLD)/libtfm.a +LIBS += $(LIBCLI_BLD)/libcli.a LIBS += $(RTOS_DIR)/librtos.a -LIBS += $(LIBCLI_DIR)/libcli.a all: $(PROJ:=.elf) diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c index d9c0bd9..61c8c35 100644 --- a/projects/hsm/mgmt-cli.c +++ b/projects/hsm/mgmt-cli.c @@ -45,15 +45,16 @@ #include "mgmt-fpga.h" #include "mgmt-misc.h" #include "mgmt-show.h" +#include "mgmt-keystore.h" +#include "mgmt-masterkey.h" #ifndef CLI_UART_RECVBUF_SIZE -#define CLI_UART_RECVBUF_SIZE 256 /* This must be a power of 2 */ +#define CLI_UART_RECVBUF_SIZE 256 #endif -#define CLI_UART_RECVBUF_MASK (CLI_UART_RECVBUF_SIZE - 1) typedef struct { int ridx; - int widx; + volatile int widx; mgmt_cli_dma_state_t rx_state; uint8_t buf[CLI_UART_RECVBUF_SIZE]; } ringbuf_t; @@ -82,20 +83,6 @@ inline void ringbuf_write_char(ringbuf_t *rb, uint8_t c) rb->widx = 0; } -/* some possibly-useful functions */ -inline int ringbuf_empty(ringbuf_t *rb) -{ - return (rb->ridx == rb->widx); -} - -inline int ringbuf_count(ringbuf_t *rb) -{ - int len = rb->widx - rb->ridx; - if (len < 0) - len += sizeof(rb->buf); - return len; -} - static ringbuf_t uart_ringbuf; /* current character received from UART */ @@ -244,6 +231,8 @@ int cli_main(void) configure_cli_fpga(&cli); configure_cli_misc(&cli); configure_cli_dfu(&cli); + configure_cli_keystore(&cli); + configure_cli_masterkey(&cli); while (1) { embedded_cli_loop(&cli); diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c new file mode 100644 index 0000000..14d8e1b --- /dev/null +++ b/projects/hsm/mgmt-keystore.c @@ -0,0 +1,286 @@ +/* + * mgmt-keystore.c + * --------------- + * CLI 'keystore' commands. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#define HAL_OK CMSIS_HAL_OK + +#include "stm-init.h" +#include "stm-keystore.h" +#include "stm-fpgacfg.h" +#include "stm-uart.h" + +#include "mgmt-cli.h" +#include "mgmt-show.h" + +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ +#undef HAL_OK +#define LIBHAL_OK HAL_OK +#include "hal.h" +#define HAL_STATIC_PKEY_STATE_BLOCKS 6 +#include "hal_internal.h" +#undef HAL_OK + +#include <string.h> + + +int cmd_keystore_set_pin(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + const hal_ks_keydb_t *db; + hal_user_t user; + hal_ks_pin_t pin; + hal_error_t status; + + db = hal_ks_get_keydb(); + + if (db == NULL) { + cli_print(cli, "Could not get a keydb from libhal"); + return CLI_OK; + } + + if (argc != 3) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore set pin <user|so|wheel> <iterations> <pin>"); + return CLI_ERROR; + } + + user = HAL_USER_NONE; + if (strcmp(argv[0], "user") == 0) user = HAL_USER_NORMAL; + if (strcmp(argv[0], "so") == 0) user = HAL_USER_SO; + if (strcmp(argv[0], "wheel") == 0) user = HAL_USER_WHEEL; + if (user == HAL_USER_NONE) { + cli_print(cli, "First argument must be 'user', 'so' or 'wheel' - not '%s'", argv[0]); + return CLI_ERROR; + } + + pin.iterations = strtol(argv[1], NULL, 0); + + /* We don't actually PBKDF2 the given PIN yet, just testing */ + strncpy((char *) pin.pin, argv[2], sizeof(pin.pin)); + + if ((status = hal_ks_set_pin(user, &pin)) != LIBHAL_OK) { + cli_print(cli, "Failed setting PIN: %s", hal_error_string(status)); + return CLI_ERROR; + } + + return CLI_OK; +} + +int cmd_keystore_set_key(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + int hint = 0; + + if (argc != 2) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore set key <name> <der>"); + return CLI_ERROR; + } + + if ((status = hal_ks_store(HAL_KEY_TYPE_EC_PUBLIC, + HAL_CURVE_NONE, + 0, + (uint8_t *) argv[0], strlen(argv[0]), + (uint8_t *) argv[1], strlen(argv[1]), + &hint)) != LIBHAL_OK) { + + cli_print(cli, "Failed storing key: %s", hal_error_string(status)); + return CLI_ERROR; + } + + cli_print(cli, "Stored key %i", hint); + + return CLI_OK; +} + +int cmd_keystore_delete_key(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + int hint = 0; + + if (argc != 1) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore delete key <name>"); + return CLI_ERROR; + } + + if ((status = hal_ks_delete(HAL_KEY_TYPE_EC_PUBLIC, + (uint8_t *) argv[0], strlen(argv[0]), + &hint)) != LIBHAL_OK) { + + cli_print(cli, "Failed deleting key: %s", hal_error_string(status)); + return CLI_ERROR; + } + + cli_print(cli, "Deleted key %i", hint); + + return CLI_OK; +} + +int cmd_keystore_rename_key(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + int hint = 0; + + if (argc != 2) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore rename key <name> <new name>"); + return CLI_ERROR; + } + + if ((status = hal_ks_rename(HAL_KEY_TYPE_EC_PUBLIC, + (uint8_t *) argv[0], strlen(argv[0]), + (uint8_t *) argv[1], strlen(argv[1]), + &hint)) != LIBHAL_OK) { + + cli_print(cli, "Failed renaming key: %s", hal_error_string(status)); + return CLI_ERROR; + } + + cli_print(cli, "Renamed key %i", hint); + + return CLI_OK; +} + +int cmd_keystore_show_data(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint8_t buf[KEYSTORE_PAGE_SIZE]; + uint32_t i; + + if (keystore_check_id() != 1) { + cli_print(cli, "ERROR: The keystore memory is not accessible."); + } + + memset(buf, 0, sizeof(buf)); + if ((i = keystore_read_data(0, buf, sizeof(buf))) != 1) { + cli_print(cli, "Failed reading first page from keystore memory: %li", i); + return CLI_ERROR; + } + + cli_print(cli, "First page from keystore memory:\r\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\n"); + + for (i = 0; i < 8; i++) { + if (buf[i] == 0xff) break; /* never written */ + if (buf[i] != 0x55) break; /* something other than a tombstone */ + } + /* As a demo, tombstone byte after byte of the first 8 bytes in the keystore memory + * (as long as they do not appear to contain real data). + * If all of them are tombstones, erase the first sector to start over. + */ + + /* + if (i < 8) { + if (buf[i] == 0xff) { + cli_print(cli, "Tombstoning byte %li", i); + buf[i] = 0x55; + if ((i = keystore_write_data(0, buf, sizeof(buf))) != 1) { + cli_print(cli, "Failed writing data at offset 0: %li", i); + return CLI_ERROR; + } + } + } else { + cli_print(cli, "Erasing first sector since all the first 8 bytes are tombstones"); + if ((i = keystore_erase_sectors(1, 1)) != 1) { + cli_print(cli, "Failed erasing the first sector: %li", i); + return CLI_ERROR; + } + cli_print(cli, "Erase result: %li", i); + } + */ + + return CLI_OK; +} + +int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + const hal_ks_keydb_t *db; + + db = hal_ks_get_keydb(); + + if (db == NULL) { + cli_print(cli, "Could not get a keydb from libhal"); + return CLI_OK; + } + + cli_print(cli, "Sizeof db->keys is %i, sizeof one key is %i\n", sizeof(db->keys), sizeof(*db->keys)); + + for (int i = 0; i < sizeof(db->keys)/sizeof(*db->keys); i++) { + if (! db->keys[i].in_use) { + cli_print(cli, "Key %i, not in use", i); + } else { + cli_print(cli, "Key %i, in use 0x%x, name '%s' der '%s'", + i, db->keys[i].in_use, db->keys[i].name, db->keys[i].der); + } + } + + cli_print(cli, "\nPins:"); + cli_print(cli, "Wheel iterations: 0x%lx", db->wheel_pin.iterations); + cli_print(cli, "SO iterations: 0x%lx", db->so_pin.iterations); + cli_print(cli, "User iterations: 0x%lx", db->user_pin.iterations); + cli_print(cli, "\n"); + + return CLI_OK; +} + +void configure_cli_keystore(struct cli_def *cli) +{ + /* keystore */ + cli_command_root(keystore); + /* keystore set */ + cli_command_branch(keystore, set); + /* keystore delete */ + cli_command_branch(keystore, delete); + /* keystore rename */ + cli_command_branch(keystore, rename); + /* keystore show */ + cli_command_branch(keystore, show); + + /* keystore set pin */ + cli_command_node(keystore_set, pin, "Set either 'wheel', 'user' or 'so' PIN"); + + /* keystore set key */ + cli_command_node(keystore_set, key, "Set a key"); + + /* keystore delete key */ + cli_command_node(keystore_delete, key, "Delete a key"); + + /* keystore rename key */ + cli_command_node(keystore_rename, key, "Rename a key"); + + /* keystore show data */ + cli_command_node(keystore_show, data, "Dump the first page from the keystore memory"); + + /* keystore show keys */ + cli_command_node(keystore_show, keys, "Show what PINs and keys are in the keystore"); +} diff --git a/projects/hsm/mgmt-keystore.h b/projects/hsm/mgmt-keystore.h new file mode 100644 index 0000000..62efa51 --- /dev/null +++ b/projects/hsm/mgmt-keystore.h @@ -0,0 +1,43 @@ +/* + * mgmt-keystore.h + * ---------- + * Management CLI 'keystore' functions. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_CLI_MGMT_KEYSTORE_H +#define __STM32_CLI_MGMT_KEYSTORE_H + +#include "stm-init.h" +#include <libcli.h> + +extern void configure_cli_keystore(struct cli_def *cli); + +#endif /* __STM32_CLI_MGMT_KEYSTORE_H */ diff --git a/projects/hsm/mgmt-masterkey.c b/projects/hsm/mgmt-masterkey.c new file mode 100644 index 0000000..7938e33 --- /dev/null +++ b/projects/hsm/mgmt-masterkey.c @@ -0,0 +1,209 @@ +/* + * mgmt-masterkey.c + * ---------------- + * Masterkey CLI functions. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#define HAL_OK CMSIS_HAL_OK + +#include "stm-init.h" +#include "stm-uart.h" +#include "mgmt-cli.h" +#include "mgmt-masterkey.h" + +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ +#undef HAL_OK +#define LIBHAL_OK HAL_OK +#include <hal.h> +#include <masterkey.h> +#undef HAL_OK + +#include <stdlib.h> + +#define KEK_LENGTH (256 / 8) + + +static char * _status2str(const hal_error_t status) +{ + switch (status) { + case LIBHAL_OK: + return (char *) "Set"; + case HAL_ERROR_MASTERKEY_NOT_SET: + return (char *) "Not set"; + default: + return (char *) "Unknown"; + } +} + +static int _parse_hex_groups(uint8_t *buf, size_t len, char *argv[], int argc) +{ + int i; + uint32_t *dst = (uint32_t *) buf; + uint32_t *end = (uint32_t *) buf + len - 1; + char *err_ptr = NULL; + + if (! argc) return 0; + + for (i = 0; i < argc; i++) { + if (dst >= end) return -1; + *dst++ = strtol(argv[i], &err_ptr, 16); + if (*err_ptr) return -2; + } + + return 1; +} + +static int cmd_masterkey_status(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + uint8_t buf[KEK_LENGTH] = {0}; + + cli_print(cli, "Status of master key:\n"); + + status = masterkey_volatile_read(NULL, 0); + cli_print(cli, " volatile: %s / %s", _status2str(status), hal_error_string(status)); + + status = masterkey_flash_read(NULL, 0); + cli_print(cli, " flash: %s / %s", _status2str(status), hal_error_string(status)); + + /* XXX Temporary gaping security hole while developing the master key functionality. + * REMOVE READ-OUT OF MASTER KEY. + */ + + status = masterkey_volatile_read(&buf[0], sizeof(buf)); + if (status == LIBHAL_OK || status == HAL_ERROR_MASTERKEY_NOT_SET) { + cli_print(cli, "\nVolatile read-out:\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + cli_print(cli, "\n"); + } else { + cli_print(cli, "Failed reading from volatile memory: %s", hal_error_string(status)); + } + + status = masterkey_flash_read(&buf[0], sizeof(buf)); + if (status == LIBHAL_OK || status == HAL_ERROR_MASTERKEY_NOT_SET) { + cli_print(cli, "\nFlash read-out:\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + cli_print(cli, "\n"); + } else { + cli_print(cli, "Failed reading from flash: %s", hal_error_string(status)); + } + + return CLI_OK; +} + +static int cmd_masterkey_set(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint8_t buf[KEK_LENGTH] = {0}; + hal_error_t err; + int i; + + if ((i = _parse_hex_groups(&buf[0], sizeof(buf), argv, argc)) != 1) { + cli_print(cli, "Failed parsing master key (%i)", i); + return CLI_OK; + } + + cli_print(cli, "Parsed key:\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + cli_print(cli, "\n"); + + if ((err = masterkey_volatile_write(buf, sizeof(buf))) == LIBHAL_OK) { + cli_print(cli, "Master key set in volatile memory"); + } else { + cli_print(cli, "Failed writing key to volatile memory: %s", hal_error_string(err)); + } + return CLI_OK; +} + +static int cmd_masterkey_erase(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t err; + + if ((err = masterkey_volatile_erase(KEK_LENGTH)) == LIBHAL_OK) { + cli_print(cli, "Erased master key from volatile memory"); + } else { + cli_print(cli, "Failed erasing master key from volatile memory: %s", hal_error_string(err)); + } + return CLI_OK; +} + +static int cmd_masterkey_unsecure_set(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint8_t buf[KEK_LENGTH] = {0}; + hal_error_t err; + int i; + + if ((i = _parse_hex_groups(&buf[0], sizeof(buf), argv, argc)) != 1) { + cli_print(cli, "Failed parsing master key (%i)", i); + return CLI_OK; + } + + cli_print(cli, "Parsed key:\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + cli_print(cli, "\n"); + + if ((err = masterkey_flash_write(buf, sizeof(buf))) == LIBHAL_OK) { + cli_print(cli, "Master key set in unsecure flash memory"); + } else { + cli_print(cli, "Failed writing key to unsecure flash memory: %s", hal_error_string(err)); + } + return CLI_OK; +} + +static int cmd_masterkey_unsecure_erase(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t err; + + if ((err = masterkey_flash_erase(KEK_LENGTH)) == LIBHAL_OK) { + cli_print(cli, "Erased unsecure master key from flash"); + } else { + cli_print(cli, "Failed erasing unsecure master key from flash: %s", hal_error_string(err)); + } + return CLI_OK; +} + +void configure_cli_masterkey(struct cli_def *cli) +{ + /* masterkey */ + cli_command_root(masterkey); + /* masterkey status */ + cli_command_node(masterkey, status, "Show status of master key in RAM/flash"); + + /* masterkey set */ + cli_command_node(masterkey, set, "Set the master key in the volatile Master Key Memory"); + /* masterkey erase */ + cli_command_node(masterkey, erase, "Erase the master key from the volatile Master Key Memory"); + + cli_command_branch(masterkey, unsecure); + /* masterkey unsecure set */ + cli_command_node(masterkey_unsecure, set, "Set master key in unprotected flash memory (if unsure, DON'T)"); + /* masterkey unsecure erase */ + cli_command_node(masterkey_unsecure, erase, "Erase master key from unprotected flash memory"); +} diff --git a/projects/hsm/mgmt-masterkey.h b/projects/hsm/mgmt-masterkey.h new file mode 100644 index 0000000..5d2624a --- /dev/null +++ b/projects/hsm/mgmt-masterkey.h @@ -0,0 +1,43 @@ +/* + * mgmt-masterkey.h + * ----------- + * Management CLI masterkeyellaneous functions. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_CLI_MGMT_MASTERKEY_H +#define __STM32_CLI_MGMT_MASTERKEY_H + +#include "stm-init.h" +#include <libcli.h> + +extern void configure_cli_masterkey(struct cli_def *cli); + +#endif /* __STM32_CLI_MGMT_MASTERKEY_H */ diff --git a/projects/hsm/mgmt-show.c b/projects/hsm/mgmt-show.c index c9eb22c..2019efb 100644 --- a/projects/hsm/mgmt-show.c +++ b/projects/hsm/mgmt-show.c @@ -104,7 +104,7 @@ static int cmd_show_keystore_data(struct cli_def *cli, const char *command, char } } else { cli_print(cli, "Erasing first sector since all the first 8 bytes are tombstones"); - if ((i = keystore_erase_sectors(1)) != 1) { + if ((i = keystore_erase_sectors(1, 1)) != 1) { cli_print(cli, "Failed erasing the first sector: %li", i); return CLI_ERROR; } diff --git a/projects/libhal-test/Makefile b/projects/libhal-test/Makefile index f58f480..7aa8d3e 100644 --- a/projects/libhal-test/Makefile +++ b/projects/libhal-test/Makefile @@ -1,12 +1,12 @@ TEST = cores test-bus test-trng test-hash test-aes-key-wrap test-pbkdf2 test-ecdsa test-rsa test-mkmif -CFLAGS += -I $(LIBHAL_DIR) +CFLAGS += -I $(LIBHAL_SRC) LIBC_OBJS = printf.o gettimeofday.o -LIBS += $(LIBHAL_DIR)/libhal.a $(LIBTFM_DIR)/libtfm.a +LIBS += $(LIBHAL_BLD)/libhal.a $(LIBTFM_BLD)/libtfm.a all: $(TEST:=.elf) -vpath %.c $(LIBHAL_DIR)/tests $(LIBHAL_DIR)/utils +vpath %.c $(LIBHAL_SRC)/tests $(LIBHAL_SRC)/utils # .mo extension for files with main() that need to be wrapped as __main() %.mo: %.c diff --git a/stm-keystore.c b/stm-keystore.c index 74826d0..63bf4be 100644 --- a/stm-keystore.c +++ b/stm-keystore.c @@ -55,10 +55,14 @@ int keystore_write_data(uint32_t offset, const uint8_t *buf, const uint32_t len) return n25q128_write_data(&keystore_ctx, offset, buf, len); } -int keystore_erase_sectors(int num) +int keystore_erase_sectors(uint32_t start, uint32_t stop) { - if (num > N25Q128_NUM_SECTORS || num < 0) num = N25Q128_NUM_SECTORS; - while (num) { + uint32_t sector; + + if (start > N25Q128_NUM_SECTORS || start < 0) return -2; + if (stop > N25Q128_NUM_SECTORS || stop < 0 || stop > start) return -3; + + for (sector = start; sector <= stop; sector++) { int timeout = 200; /* times 10ms = 2 seconds timeout */ while (timeout--) { int i = n25q128_get_wip_flag(&keystore_ctx); @@ -68,10 +72,9 @@ int keystore_erase_sectors(int num) } if (! timeout) return 0; - if (! n25q128_erase_sector(&keystore_ctx, num - 1)) { + if (! n25q128_erase_sector(&keystore_ctx, sector)) { return -1; } - num--; } return 1; } diff --git a/stm-keystore.h b/stm-keystore.h index 2c493d2..0c04481 100644 --- a/stm-keystore.h +++ b/stm-keystore.h @@ -40,6 +40,7 @@ #define KEYSTORE_PAGE_SIZE N25Q128_PAGE_SIZE #define KEYSTORE_SECTOR_SIZE N25Q128_SECTOR_SIZE +#define KEYSTORE_NUM_SECTORS N25Q128_NUM_SECTORS /* Pins connected to the FPGA config memory (SPI flash) */ #define KSM_PROM_CS_N_Pin GPIO_PIN_0 @@ -56,6 +57,6 @@ extern SPI_HandleTypeDef hspi_keystore; extern int keystore_check_id(void); extern int keystore_read_data(uint32_t offset, uint8_t *buf, const uint32_t len); extern int keystore_write_data(uint32_t offset, const uint8_t *buf, const uint32_t len); -extern int keystore_erase_sectors(int num); +extern int keystore_erase_sectors(uint32_t start, uint32_t stop); #endif /* __STM32_KEYSTORE_H */ |