From e60817fe6e800c249c6032137c4baf4af72cb578 Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Tue, 12 Jul 2016 12:47:11 -0400 Subject: Re-disable 'keystore set key'; hexdump binary key names; remove unused 'show' commands. --- projects/hsm/Makefile | 3 +- projects/hsm/mgmt-cli.c | 12 +++++--- projects/hsm/mgmt-fpga.c | 13 +++----- projects/hsm/mgmt-keystore.c | 72 +++++++++++++++++++++++++++++++++++--------- 4 files changed, 70 insertions(+), 30 deletions(-) (limited to 'projects/hsm') diff --git a/projects/hsm/Makefile b/projects/hsm/Makefile index acb9962..0ab4bff 100644 --- a/projects/hsm/Makefile +++ b/projects/hsm/Makefile @@ -8,8 +8,7 @@ OBJS = crc32.o \ mgmt-fpga.c \ mgmt-keystore.c \ mgmt-masterkey.c \ - mgmt-misc.c \ - mgmt-show.c + mgmt-misc.c BOARD_OBJS = \ $(TOPLEVEL)/stm-init.o \ diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c index eeeaef5..a610db6 100644 --- a/projects/hsm/mgmt-cli.c +++ b/projects/hsm/mgmt-cli.c @@ -195,7 +195,7 @@ static int embedded_cli_loop(struct cli_def *cli) } if (ctx.l < 0) - continue; + break; /* cli_print(cli, "Process command: '%s'", ctx.cmd); */ n = cli_loop_process_cmd(cli, &ctx); @@ -249,13 +249,15 @@ int cli_main(void) mgmt_cli_init(&cli); cli_set_auth_callback(&cli, check_auth); - configure_cli_show(&cli); + /* we don't have any privileged commands at the moment */ + cli_unregister_command(&cli, "enable"); + configure_cli_fpga(&cli); - configure_cli_misc(&cli); - configure_cli_firmware(&cli); - configure_cli_bootloader(&cli); configure_cli_keystore(&cli); configure_cli_masterkey(&cli); + configure_cli_firmware(&cli); + configure_cli_bootloader(&cli); + configure_cli_misc(&cli); while (1) { embedded_cli_loop(&cli); diff --git a/projects/hsm/mgmt-fpga.c b/projects/hsm/mgmt-fpga.c index 5092599..adb45b3 100644 --- a/projects/hsm/mgmt-fpga.c +++ b/projects/hsm/mgmt-fpga.c @@ -124,17 +124,16 @@ static int cmd_fpga_reset(struct cli_def *cli, const char *command, char *argv[] return CLI_OK; } -static int cmd_fpga_show_status(struct cli_def *cli, const char *command, char *argv[], int argc) -{ - cli_print(cli, "FPGA has %sloaded a bitstream", fpgacfg_check_done() ? "":"NOT "); - return CLI_OK; -} - static int cmd_fpga_show_cores(struct cli_def *cli, const char *command, char *argv[], int argc) { const hal_core_t *core; const hal_core_info_t *info; + if (! fpgacfg_check_done()) { + cli_print(cli, "FPGA has not loaded a bitstream"); + return CLI_OK; + } + for (core = hal_core_iterate(NULL); core != NULL; core = hal_core_iterate(core)) { info = hal_core_info(core); cli_print(cli, "%04x: %8.8s %4.4s", @@ -150,8 +149,6 @@ void configure_cli_fpga(struct cli_def *cli) cli_command_root(fpga); cli_command_branch(fpga, show); - /* show fpga status*/ - cli_command_node(fpga_show, status, "Show status about the FPGA"); /* show fpga cores*/ cli_command_node(fpga_show, cores, "Show FPGA core names and versions"); diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c index d598cf7..0471430 100644 --- a/projects/hsm/mgmt-keystore.c +++ b/projects/hsm/mgmt-keystore.c @@ -32,8 +32,8 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ #define HAL_OK CMSIS_HAL_OK - #include "stm-init.h" #include "stm-keystore.h" #include "stm-fpgacfg.h" @@ -42,7 +42,6 @@ #include "mgmt-cli.h" #include "mgmt-show.h" -/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ #undef HAL_OK #define LIBHAL_OK HAL_OK #include "hal.h" @@ -52,6 +51,7 @@ #include #include +#include int cmd_keystore_set_pin(struct cli_def *cli, const char *command, char *argv[], int argc) @@ -150,6 +150,7 @@ int cmd_keystore_set_pin_iterations(struct cli_def *cli, const char *command, ch return CLI_OK; } +#if 0 int cmd_keystore_set_key(struct cli_def *cli, const char *command, char *argv[], int argc) { hal_error_t status; @@ -176,6 +177,7 @@ int cmd_keystore_set_key(struct cli_def *cli, const char *command, char *argv[], return CLI_OK; } +#endif static int key_by_index(struct cli_def *cli, char *str, const uint8_t **name, size_t *name_len, hal_key_type_t *type) { @@ -233,6 +235,13 @@ int cmd_keystore_delete_key(struct cli_def *cli, const char *command, char *argv } if ((status = hal_ks_delete(type, name, name_len, &hint)) != LIBHAL_OK) { + if (status == HAL_ERROR_KEY_NOT_FOUND) { + /* sigh, try again including the terminal nul */ + if ((status = hal_ks_delete(type, name, name_len+1, &hint)) == LIBHAL_OK) { + cli_print(cli, "Deleted key %i", hint); + return CLI_OK; + } + } cli_print(cli, "Failed deleting key: %s", hal_error_string(status)); return CLI_ERROR; } @@ -269,6 +278,13 @@ int cmd_keystore_rename_key(struct cli_def *cli, const char *command, char *argv } if ((status = hal_ks_rename(type, name, name_len, (uint8_t *)argv[1], strlen(argv[1]), &hint)) != LIBHAL_OK) { + if (status == HAL_ERROR_KEY_NOT_FOUND) { + /* sigh, try again including the terminal nul */ + if ((status = hal_ks_rename(type, name, name_len+1, (uint8_t *)argv[1], strlen(argv[1]), &hint)) == LIBHAL_OK) { + cli_print(cli, "Renamed key %i", hint); + return CLI_OK; + } + } cli_print(cli, "Failed renaming key: %s", hal_error_string(status)); return CLI_ERROR; } @@ -281,7 +297,6 @@ int cmd_keystore_rename_key(struct cli_def *cli, const char *command, char *argv int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc) { const hal_ks_keydb_t *db; - uint8_t name[HAL_RPC_PKEY_NAME_MAX + 1]; char *type; db = hal_ks_get_keydb(); @@ -314,10 +329,35 @@ int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[ type = "unknown"; break; } - /* name is nul-terminated */ - memcpy(name, db->keys[i].name, db->keys[i].name_len); - name[db->keys[i].name_len] = '\0'; - cli_print(cli, "Key %i, type %s, name '%s'", i, type, name); + int printable = 1; + for (int j = 0; j < db->keys[i].name_len; ++j) { + if (!isprint(db->keys[i].name[j])) { + printable = 0; + break; + } + } + if (printable) { + /* name may not be nul-terminated in the db, and %*s + * doesn't seem to be working properly, so copy it + */ + uint8_t name[db->keys[i].name_len + 1]; + memcpy(name, db->keys[i].name, db->keys[i].name_len); + name[db->keys[i].name_len] = '\0'; + cli_print(cli, "Key %i, type %s, name '%s'", i, type, name); + } + else { + /* hexdump name */ + uint8_t name[db->keys[i].name_len * 3]; + for (int j = 0; j < db->keys[i].name_len; ++j) { + uint8_t b = db->keys[i].name[j]; + #define hexify(n) (((n) < 10) ? ((n) + '0') : ((n) - 10 + 'A')) + name[j*3] = hexify((b & 0xf0) >> 4); + name[j*3+1] = hexify(b & 0x0f); + name[j*3+2] = ':'; + } + name[sizeof(name)-1] = '\0'; + cli_print(cli, "Key %i, type %s, name %s", i, type, name); + } } } @@ -366,9 +406,6 @@ void configure_cli_keystore(struct cli_def *cli) /* keystore show */ cli_command_branch(keystore, show); - /* keystore erase */ - cli_command_node(keystore, erase, "Erase the whole keystore"); - /* keystore set pin */ cli_command_node(keystore_set, pin, "Set either 'wheel', 'user' or 'so' PIN"); @@ -378,15 +415,20 @@ void configure_cli_keystore(struct cli_def *cli) /* keystore clear pin */ cli_command_node(keystore_clear, pin, "Clear either 'wheel', 'user' or 'so' PIN"); + /* keystore show keys */ + cli_command_node(keystore_show, keys, "Show what PINs and keys are in the keystore"); + +#if 0 /* keystore set key */ cli_command_node(keystore_set, key, "Set a key"); - - /* keystore delete key */ - cli_command_node(keystore_delete, key, "Delete a key"); +#endif /* keystore rename key */ cli_command_node(keystore_rename, key, "Rename a key"); - /* keystore show keys */ - cli_command_node(keystore_show, keys, "Show what PINs and keys are in the keystore"); + /* keystore delete key */ + cli_command_node(keystore_delete, key, "Delete a key"); + + /* keystore erase */ + cli_command_node(keystore, erase, "Erase the whole keystore"); } -- cgit v1.2.3