1 files changed, 114 insertions, 24 deletions

diff --git a/projects/hsm/mgmt-misc.c b/projects/hsm/mgmt-misc.c
index 72ee1f2..116197d 100644
--- a/projects/hsm/mgmt-misc.c
+++ b/projects/hsm/mgmt-misc.c
@@ -3,7 +3,9 @@
  * -----------
  * Miscellaneous CLI functions.
  *
- * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ * Copyright (c) 2016-2018, NORDUnet A/S All rights reserved.
+ * Copyright: 2020, The Commons Conservancy Cryptech Project
+ * SPDX-License-Identifier: BSD-3-Clause
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
@@ -15,9 +17,9 @@
  *   notice, this list of conditions and the following disclaimer in the
  *   documentation and/or other materials provided with the distribution.
  *
- * - Neither the name of the NORDUnet nor the names of its contributors may
- *   be used to endorse or promote products derived from this software
- *   without specific prior written permission.
+ * - Neither the name of the copyright holder nor the names of its
+ *   contributors may be used to endorse or promote products derived from
+ *   this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
@@ -155,32 +157,108 @@ static int cmd_reboot(struct cli_def *cli, const char *command, char *argv[], in
     return CLI_OK;
 }
 
-static int cmd_keywrap_core(struct cli_def *cli, const char *command, char *argv[], int argc)
+static int cmd_rsa_blinding(struct cli_def *cli, const char *command, char *argv[], int argc)
 {
-    command = command;
+    if (argc != 1) {
+	cli_print(cli, "Wrong number of arguments (%i).", argc);
+	cli_print(cli, "Syntax: %s <on|off|clear>", command);
+	return CLI_ERROR;
+    }
+
+    if (strcmp(argv[0], "on") == 0)
+	hal_rsa_set_blinding(1);
+    else if (strcmp(argv[0], "off") == 0)
+	hal_rsa_set_blinding(0);
+    else if (strcmp(argv[0], "clear") == 0)
+	hal_rsa_clear_blinding_cache();
+    else {
+	cli_print(cli, "Argument must be 'on', 'off', or 'clear' - not '%s'", argv[0]);
+	return CLI_ERROR;
+    }
+
+    return CLI_OK;
+}
+
+static int cmd_rsa_crt(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+    int onoff;
+
+    if (argc != 1) {
+	cli_print(cli, "Wrong number of arguments (%i).", argc);
+	cli_print(cli, "Syntax: %s <on|off>", command);
+	return CLI_ERROR;
+    }
+
+    if (strcmp(argv[0], "on") == 0)
+	onoff = 1;
+    else if (strcmp(argv[0], "off") == 0)
+	onoff = 0;
+    else {
+	cli_print(cli, "Argument must be 'on' or 'off' - not '%s'", argv[0]);
+	return CLI_ERROR;
+    }
+
+    hal_rsa_set_crt(onoff);
+
+    return CLI_OK;
+}
+
+static int cmd_rsa_modexpng(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+    int onoff;
 
-    if (argc == 1) {
-        int onoff = -1;
-        if (strcmp(argv[0], "on") == 0)
-            onoff = 1;
-        else if (strcmp(argv[0], "off") == 0)
-            onoff = 0;
-        if (onoff >= 0) {
-            int ret = hal_aes_use_keywrap_core(onoff);
-            if (ret)
-                cli_print(cli, "keywrap core enabled");
-            else if (onoff)
-                cli_print(cli, "keywrap core not found");
-            else
-                cli_print(cli, "keywrap core disabled");
-            return CLI_OK;
-        }
+    if (argc != 1) {
+	cli_print(cli, "Wrong number of arguments (%i).", argc);
+	cli_print(cli, "Syntax: %s <on|off>", command);
+	return CLI_ERROR;
     }
 
-    cli_print(cli, "Syntax: keywrap core <on|off>");
+    if (strcmp(argv[0], "on") == 0)
+	onoff = 1;
+    else if (strcmp(argv[0], "off") == 0)
+	onoff = 0;
+    else {
+	cli_print(cli, "Argument must be 'on' or 'off' - not '%s'", argv[0]);
+	return CLI_ERROR;
+    }
+
+    hal_error_t err;
+    if ((err = hal_modexp_use_modexpng(onoff)) == LIBHAL_OK)
+        return CLI_OK;
+
+    cli_print(cli, hal_error_string(err));
     return CLI_ERROR;
 }
 
+static int cmd_keywrap_core(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+    int onoff;
+
+    if (argc != 1) {
+	cli_print(cli, "Wrong number of arguments (%i).", argc);
+	cli_print(cli, "Syntax: %s <on|off>", command);
+	return CLI_ERROR;
+    }
+
+    if (strcmp(argv[0], "on") == 0)
+        onoff = 1;
+    else if (strcmp(argv[0], "off") == 0)
+        onoff = 0;
+    else {
+	cli_print(cli, "Argument must be 'on' or 'off' - not '%s'", argv[0]);
+	return CLI_ERROR;
+    }
+
+    int ret = hal_aes_use_keywrap_core(onoff);
+    if (ret)
+        cli_print(cli, "keywrap core enabled");
+    else if (onoff)
+        cli_print(cli, "keywrap core not found");
+    else
+        cli_print(cli, "keywrap core disabled");
+    return CLI_OK;
+}
+
 void configure_cli_misc(struct cli_def *cli)
 {
     struct cli_command *c_keywrap = cli_register_command(cli, NULL, "keywrap", NULL, 0, 0, NULL);
@@ -196,7 +274,19 @@ void configure_cli_misc(struct cli_def *cli)
 
     /* profile stop */
     cli_register_command(cli, c_profile, "stop", cmd_profile_stop, 0, 0, "Stop collecting profiling data");
-#endif    
+#endif
+
+    struct cli_command *c_rsa = cli_register_command(cli, NULL, "rsa", NULL, 0, 0, NULL);
+
+    /* rsa blinding */
+    cli_register_command(cli, c_rsa, "blinding", cmd_rsa_blinding, 0, 0, "Set use of RSA blinding");
+
+    /* rsa crt */
+    cli_register_command(cli, c_rsa, "crt", cmd_rsa_crt, 0, 0, "Set use of RSA CRT");
+
+    /* rsa modexpng */
+    cli_register_command(cli, c_rsa, "modexpng", cmd_rsa_modexpng, 0, 0, "Set use of ModExpNG");
+
     /* reboot */
     cli_register_command(cli, NULL, "reboot", cmd_reboot, 0, 0, "Reboot the STM32");
 }