diff options
Diffstat (limited to 'projects/hsm')
-rw-r--r-- | projects/hsm/Makefile | 6 | ||||
-rw-r--r-- | projects/hsm/crc32.c | 62 | ||||
-rwxr-xr-x | projects/hsm/cryptech_miniterm | 2 | ||||
-rwxr-xr-x | projects/hsm/cryptech_upload | 2 | ||||
-rw-r--r-- | projects/hsm/log.c | 68 | ||||
-rw-r--r-- | projects/hsm/mgmt-keystore.c | 39 | ||||
-rw-r--r-- | projects/hsm/mgmt-misc.c | 23 | ||||
-rw-r--r-- | projects/hsm/mgmt-thread.c | 2 |
8 files changed, 108 insertions, 96 deletions
diff --git a/projects/hsm/Makefile b/projects/hsm/Makefile index b92390a..6f941cf 100644 --- a/projects/hsm/Makefile +++ b/projects/hsm/Makefile @@ -1,15 +1,15 @@ PROJ = hsm # objs in addition to $(PROJ).o -OBJS = crc32.o \ - mgmt-cli.o \ +OBJS = mgmt-cli.o \ mgmt-firmware.c \ mgmt-bootloader.c \ mgmt-fpga.c \ mgmt-keystore.c \ mgmt-masterkey.c \ mgmt-misc.c \ - mgmt-thread.c + mgmt-thread.c \ + log.o BOARD_OBJS = \ $(TOPLEVEL)/stm-init.o \ diff --git a/projects/hsm/crc32.c b/projects/hsm/crc32.c deleted file mode 100644 index 4d1a0bc..0000000 --- a/projects/hsm/crc32.c +++ /dev/null @@ -1,62 +0,0 @@ -/* Reference code from RFC1952. Not meant to be used outside test code. */ - -#include "stm32f4xx_hal.h" - - -/* Table of CRCs of all 8-bit messages. */ -unsigned long crc_table[256]; - -/* Flag: has the table been computed? Initially false. */ -int crc_table_computed = 0; - -/* Make the table for a fast CRC. */ -void make_crc_table(void) -{ - unsigned long c; - - int n, k; - for (n = 0; n < 256; n++) { - c = (unsigned long) n; - for (k = 0; k < 8; k++) { - if (c & 1) { - c = 0xedb88320L ^ (c >> 1); - } else { - c = c >> 1; - } - } - crc_table[n] = c; - } - crc_table_computed = 1; -} - -/* - Update a running crc with the bytes buf[0..len-1] and return - the updated crc. The crc should be initialized to zero. Pre- and - post-conditioning (one's complement) is performed within this - function so it shouldn't be done by the caller. Usage example: - - unsigned long crc = 0L; - - while (read_buffer(buffer, length) != EOF) { - crc = update_crc(crc, buffer, length); - } - if (crc != original_crc) error(); -*/ -uint32_t update_crc(uint32_t crc, uint8_t *buf, int len) -{ - unsigned long c = crc ^ 0xffffffffL; - int n; - - if (!crc_table_computed) - make_crc_table(); - for (n = 0; n < len; n++) { - c = crc_table[(c ^ buf[n]) & 0xff] ^ (c >> 8); - } - return c ^ 0xffffffffL; -} - -/* Return the CRC of the bytes buf[0..len-1]. */ -unsigned long crc(unsigned char *buf, int len) -{ - return update_crc(0L, buf, len); -} diff --git a/projects/hsm/cryptech_miniterm b/projects/hsm/cryptech_miniterm index b8ea3b1..af52b0e 100755 --- a/projects/hsm/cryptech_miniterm +++ b/projects/hsm/cryptech_miniterm @@ -40,6 +40,6 @@ import os default_port = os.getenv("CRYPTECH_CTY_CLIENT_SERIAL_DEVICE") default_baud = os.getenv("CRYPTECH_CTY_CLIENT_SERIAL_SPEED", 921600) -sys.exit(serial.tools.miniterm.main(default_port = default_port, +sys.exit(serial.tools.miniterm.main(default_port = default_port, default_baudrate = int(default_baud))) diff --git a/projects/hsm/cryptech_upload b/projects/hsm/cryptech_upload index 26afa67..559195d 100755 --- a/projects/hsm/cryptech_upload +++ b/projects/hsm/cryptech_upload @@ -258,7 +258,7 @@ If you got here by accident, ^C now, without answering the PIN prompt. def main(): global args args = parse_args() - + if args.bootloader: if not args.simon_says_whack_my_bootloader: diff --git a/projects/hsm/log.c b/projects/hsm/log.c new file mode 100644 index 0000000..c0d9df4 --- /dev/null +++ b/projects/hsm/log.c @@ -0,0 +1,68 @@ +/* + * log.c + * ----- + * Implement libhal logging API on Alpha. + * + * Copyright (c) 2017, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <stdarg.h> + +#define HAL_OK CMSIS_HAL_OK +#include "stm-uart.h" +#undef HAL_OK + +#define HAL_OK LIBHAL_OK +#include "hal.h" +#include "hal_internal.h" +#undef HAL_OK + +static hal_log_level_t current_log_level; + +void hal_log_set_level(const hal_log_level_t level) +{ + current_log_level = level; +} + +void hal_log(const hal_log_level_t level, const char *format, ...) +{ + if (level < current_log_level) + return; + + char buffer[2048]; + va_list ap; + + va_start(ap, format); + vsnprintf(buffer, sizeof(buffer), format, ap); + va_end(ap); + + uart_send_string2(STM_UART_MGMT, buffer); + uart_send_string2(STM_UART_MGMT, "\r\n"); +} diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c index 4855998..f24f49b 100644 --- a/projects/hsm/mgmt-keystore.c +++ b/projects/hsm/mgmt-keystore.c @@ -156,13 +156,14 @@ static int cmd_keystore_delete_key(struct cli_def *cli, const char *command, cha return CLI_ERROR; } - status = hal_rpc_pkey_open(client, session, &pkey, &name, HAL_KEY_FLAG_TOKEN); - - if (status == HAL_ERROR_KEY_NOT_FOUND) - status = hal_rpc_pkey_open(client, session, &pkey, &name, 0); + if ((status = hal_rpc_pkey_open(client, session, &pkey, &name)) != LIBHAL_OK) { + cli_print(cli, "Couldn't find key: %s", hal_error_string(status)); + return CLI_ERROR; + } - if (status != LIBHAL_OK || (status = hal_rpc_pkey_delete(pkey)) != LIBHAL_OK) { + if ((status = hal_rpc_pkey_delete(pkey)) != LIBHAL_OK) { cli_print(cli, "Failed deleting key: %s", hal_error_string(status)); + (void) hal_rpc_pkey_close(pkey); return CLI_ERROR; } @@ -171,7 +172,7 @@ static int cmd_keystore_delete_key(struct cli_def *cli, const char *command, cha return CLI_OK; } -static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags_t qflags) +static int show_keys(struct cli_def *cli, const char *title) { const hal_client_handle_t client = { -1 }; const hal_session_handle_t session = { HAL_HANDLE_NONE }; @@ -180,19 +181,20 @@ static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags hal_pkey_handle_t pkey; hal_curve_name_t curve; hal_key_flags_t flags; + unsigned n, state = 0; + hal_uuid_t uuids[50]; hal_key_type_t type; hal_error_t status; - hal_uuid_t uuids[50]; int count = 0; int done = 0; - unsigned n; cli_print(cli, title); while (!done) { if ((status = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, - qflags, NULL, 0, uuids, &n, sizeof(uuids)/sizeof(*uuids), + 0, 0, NULL, 0, &state, uuids, &n, + sizeof(uuids)/sizeof(*uuids), &previous_uuid)) != LIBHAL_OK) { cli_print(cli, "Could not fetch UUID list: %s", hal_error_string(status)); return CLI_ERROR; @@ -206,21 +208,21 @@ static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags for (int i = 0; i < n; i++) { if ((status = hal_uuid_format(&uuids[i], key_name, sizeof(key_name))) != LIBHAL_OK) { - cli_print(cli, "Could not convert key name: %s", + cli_print(cli, "Could not convert key name, skipping: %s", hal_error_string(status)); - return CLI_ERROR; + continue; } - if ((status = hal_rpc_pkey_open(client, session, &pkey, &uuids[i], qflags)) != LIBHAL_OK) { - cli_print(cli, "Could not open key %s: %s", + if ((status = hal_rpc_pkey_open(client, session, &pkey, &uuids[i])) != LIBHAL_OK) { + cli_print(cli, "Could not open key %s, skipping: %s", key_name, hal_error_string(status)); - return CLI_ERROR; + continue; } if ((status = hal_rpc_pkey_get_key_type(pkey, &type)) != LIBHAL_OK || (status = hal_rpc_pkey_get_key_curve(pkey, &curve)) != LIBHAL_OK || (status = hal_rpc_pkey_get_key_flags(pkey, &flags)) != LIBHAL_OK) - cli_print(cli, "Could not fetch metadata for key %s: %s", + cli_print(cli, "Could not fetch metadata for key %s, skipping: %s", key_name, hal_error_string(status)); if (status == LIBHAL_OK) @@ -229,7 +231,7 @@ static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags (void) hal_rpc_pkey_close(pkey); if (status != LIBHAL_OK) - return CLI_ERROR; + continue; const char *type_name = "unknown"; switch (type) { @@ -267,7 +269,7 @@ static int show_pin(struct cli_def *cli, char *label, hal_user_t user) * I'm not sure iterations is the most interesting thing to show, but * it's what we had before. */ - + cli_print(cli, "%s iterations: 0x%lx", label, p->iterations); return CLI_OK; } @@ -276,8 +278,7 @@ static int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char { int err = 0; - err |= show_keys(cli, "Memory keystore:", 0); - err |= show_keys(cli, "Token keystore:", HAL_KEY_FLAG_TOKEN); + err |= show_keys(cli, "Keystore:"); cli_print(cli, "\nPins:"); err |= show_pin(cli, "Wheel", HAL_USER_WHEEL); diff --git a/projects/hsm/mgmt-misc.c b/projects/hsm/mgmt-misc.c index 250dc7a..1861304 100644 --- a/projects/hsm/mgmt-misc.c +++ b/projects/hsm/mgmt-misc.c @@ -32,21 +32,25 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#define HAL_OK CMSIS_HAL_OK #include "stm-init.h" #include "stm-uart.h" - #include "mgmt-cli.h" #include "mgmt-misc.h" +#undef HAL_OK -#include <string.h> - +#define HAL_OK LIBHAL_OK +#include "hal.h" +#include "hal_internal.h" +#undef HAL_OK -extern uint32_t update_crc(uint32_t crc, uint8_t *buf, int len); +#include <string.h> int cli_receive_data(struct cli_def *cli, uint8_t *buf, size_t len, cli_data_callback data_callback) { - uint32_t filesize = 0, crc = 0, my_crc = 0, counter = 0; + hal_crc32_t crc = 0, my_crc = hal_crc32_init(); + uint32_t filesize = 0, counter = 0; size_t n = len; if (! control_mgmt_uart_dma_rx(DMA_RX_STOP)) { @@ -56,7 +60,7 @@ int cli_receive_data(struct cli_def *cli, uint8_t *buf, size_t len, cli_data_cal cli_print(cli, "OK, write size (4 bytes), data in %li byte chunks, CRC-32 (4 bytes)", (uint32_t) n); - if (uart_receive_bytes(STM_UART_MGMT, (void *) &filesize, 4, 1000) != HAL_OK) { + if (uart_receive_bytes(STM_UART_MGMT, (void *) &filesize, sizeof(filesize), 1000) != CMSIS_HAL_OK) { cli_print(cli, "Receive timed out"); goto fail; } @@ -71,12 +75,12 @@ int cli_receive_data(struct cli_def *cli, uint8_t *buf, size_t len, cli_data_cal if (filesize < n) n = filesize; - if (uart_receive_bytes(STM_UART_MGMT, (void *) buf, n, 1000) != HAL_OK) { + if (uart_receive_bytes(STM_UART_MGMT, (void *) buf, n, 1000) != CMSIS_HAL_OK) { cli_print(cli, "Receive timed out"); goto fail; } filesize -= n; - my_crc = update_crc(my_crc, buf, n); + my_crc = hal_crc32_update(my_crc, buf, n); /* After reception of a chunk but before ACKing we have "all" the time in the world to * calculate CRC and invoke the data_callback. @@ -90,8 +94,9 @@ int cli_receive_data(struct cli_def *cli, uint8_t *buf, size_t len, cli_data_cal uart_send_bytes(STM_UART_MGMT, (void *) &counter, 4); } + my_crc = hal_crc32_finalize(my_crc); cli_print(cli, "Send CRC-32"); - uart_receive_bytes(STM_UART_MGMT, (void *) &crc, 4, 1000); + uart_receive_bytes(STM_UART_MGMT, (void *) &crc, sizeof(crc), 1000); cli_print(cli, "CRC-32 0x%x, calculated CRC 0x%x", (unsigned int) crc, (unsigned int) my_crc); if (crc == my_crc) { cli_print(cli, "CRC checksum MATCHED"); diff --git a/projects/hsm/mgmt-thread.c b/projects/hsm/mgmt-thread.c index 72841b7..96776aa 100644 --- a/projects/hsm/mgmt-thread.c +++ b/projects/hsm/mgmt-thread.c @@ -81,7 +81,7 @@ static int cmd_thread_show(struct cli_def *cli, const char *command, char *argv[ name = "uart_rx_thread"; else name = "unknown"; - + cli_print(cli, "%d:\tptask\t%p\t%s", task_id, task->ptask, name); cli_print(cli, "\tstate\t%d\t\t%s", (int)task->state, task_state[task->state]); cli_print(cli, "\tprio\t%d", (int)task->prio); |