import from local directory

5 files changed, 538 insertions, 0 deletions

diff --git a/bin/cryptech_runcmd b/bin/cryptech_runcmd
new file mode 100755
index 0000000..6407043
--- /dev/null
+++ b/bin/cryptech_runcmd
@@ -0,0 +1,136 @@
+#!/usr/bin/python
+#
+# Copyright (c) 2016, NORDUnet A/S All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# - Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+#
+# - Neither the name of the NORDUnet nor the names of its contributors may
+#   be used to endorse or promote products derived from this software
+#   without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+"""
+Utility to upload new a firmware image or FPGA bitstream
+"""
+import os
+import sys
+import time
+import struct
+import serial
+import argparse
+import getpass
+
+from binascii import crc32
+
+FIRMWARE_CHUNK_SIZE = 4096
+FPGA_CHUNK_SIZE = 4096
+
+default_pins = {'wheel': 'YouReallyNeedToChangeThisPINRightNowWeAreNotKidding',
+                'ct': 'ct',
+                }
+
+def parse_args():
+    """
+    Parse the command line arguments
+    """
+    parser = argparse.ArgumentParser(description = "File uploader",
+                                     add_help = True,
+                                     formatter_class = argparse.ArgumentDefaultsHelpFormatter,
+                                     )
+
+    parser.add_argument('-d', '--device',
+                        dest='device',
+                        default='/dev/ttyUSB0',
+                        help='Name of management port USB serial device',
+                        )
+
+    parser.add_argument("--username",
+                        choices = ("so", "wheel", "ct"),
+                        default = "so",
+                        help = "Username to use when logging into the HSM",
+                        )
+
+    parser.add_argument('commands', metavar='CMD', type=str, nargs='+',
+                        help='commands to execute')
+    return parser.parse_args()
+
+
+def _write(dst, data, debug=False):
+    dst.write(data)
+    if not debug:
+        return
+    if len(data) == 4:
+        print("Wrote 0x{!s}".format(data.encode('hex')))
+    else:
+        print("Wrote {!r}".format(data))
+
+
+def _read(dst, verbose=True):
+    res = ''
+    x = dst.read(1)
+    while not x:
+        x = dst.read(1)
+    while x:
+        res += x
+        x = dst.read(1)
+    #print ("Read {!r}".format(res))
+    if verbose:
+        sys.stdout.write(res)
+    return res
+
+def _execute(dst, cmd):
+    global default_pins
+    _write(dst, '\r')
+    prompt = _read(dst)
+    if prompt.endswith('Username: '):
+        _write(dst, args.username + "\r")
+        prompt = _read(dst)
+        if prompt.endswith('Password: '):
+            pin = default_pins.get(args.username)
+            if not pin:
+                pin = getpass.getpass("{} PIN: ".format(args.username))
+            _write(dst, pin + '\r')
+            prompt = _read(dst)
+    if not prompt.endswith('> '):
+        #sys.stderr.write('Device does not seem to be ready for a file transfer (got {!r})\n'.format(prompt))
+        return prompt
+    _write(dst, cmd + '\r')
+    response = _read(dst)
+    return response
+
+
+def main(args):
+    global pin
+    dst = serial.Serial(args.device, 921600, timeout=2)
+    for this in args.commands:
+        _execute(dst, this)
+    dst.close()
+    return True
+
+if __name__ == '__main__':
+    try:
+        args = parse_args()
+        if main(args):
+            sys.exit(0)
+        sys.exit(1)
+    except KeyboardInterrupt:
+        pass
+
diff --git a/bin/cryptech_upload b/bin/cryptech_upload
new file mode 100755
index 0000000..680a0ac
--- /dev/null
+++ b/bin/cryptech_upload
@@ -0,0 +1,294 @@
+#!/usr/bin/env python
+#
+# Copyright (c) 2016, NORDUnet A/S All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# - Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+#
+# - Neither the name of the NORDUnet nor the names of its contributors may
+#   be used to endorse or promote products derived from this software
+#   without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""
+Utility to upload a new firmware image or FPGA bitstream.
+"""
+
+import os
+import sys
+import time
+import struct
+import serial
+import getpass
+import os.path
+import tarfile
+import argparse
+import platform
+
+from binascii import crc32
+
+FIRMWARE_CHUNK_SIZE = 4096
+FPGA_CHUNK_SIZE = 4096
+
+
+def parse_args():
+    """
+    Parse the command line arguments
+    """
+
+    share_directory = "/usr/share" if platform.system() == "Linux" else "/usr/local/share"
+
+    default_tarball = os.path.join(share_directory, "cryptech-alpha-firmware.tar.gz")
+
+    if not os.path.exists(default_tarball):
+        default_tarball = None
+
+    parser = argparse.ArgumentParser(description = __doc__,
+                                     formatter_class = argparse.ArgumentDefaultsHelpFormatter,
+                                     )
+
+    parser.add_argument("-d", "--device",
+                        default = os.getenv("CRYPTECH_CTY_CLIENT_SERIAL_DEVICE", "/dev/ttyUSB0"),
+                        help = "Name of management port USB serial device",
+                        )
+
+    parser.add_argument("--firmware-tarball",
+                        type = argparse.FileType("rb"),
+                        default = default_tarball,
+                        help = "Location of firmware tarball",
+                        )
+
+    parser.add_argument("--username",
+                        choices = ("so", "wheel"),
+                        default = "so",
+                        help = "Username to use when logging into the HSM",
+                        )
+
+    actions = parser.add_mutually_exclusive_group(required = True)
+    actions.add_argument("--fpga",
+                         action = "store_true",
+                         help = "Upload FPGA bitstream",
+                         )
+    actions.add_argument("--firmware", "--hsm",
+                         action = "store_true",
+                         help = "Upload HSM firmware image",
+                         )
+    actions.add_argument("--bootloader",
+                         action = "store_true",
+                         help = "Upload bootloader image (dangerous!)",
+                         )
+
+    parser.add_argument("--simon-says-whack-my-bootloader",
+                        action = "store_true",
+                        help = "Confirm that you really want to risk bricking the HSM",
+                        )
+
+    parser.add_argument("-i", "--explicit-image",
+                        type = argparse.FileType("rb"),
+                        help = "Explicit source image file for upload, overrides firmware tarball")
+
+    return parser.parse_args()
+
+
+def _write(dst, data):
+    dst.write(data)
+    #if len(data) == 4:
+    #    print("Wrote 0x{!s}".format(data.encode("hex")))
+    #else:
+    #    print("Wrote {!r}".format(data))
+
+
+def _read(dst):
+    res = ""
+    x = dst.read(1)
+    while not x:
+        x = dst.read(1)
+    while x:
+        res += x
+        x = dst.read(1)
+    #print ("Read {!r}".format(res))
+    return res
+
+wheel_pin = 'YouReallyNeedToChangeThisPINRightNowWeAreNotKidding'
+
+def _execute(dst, cmd):
+    global wheel_pin
+    pin = None
+    if args.username == 'wheel':
+        pin = wheel_pin
+    _write(dst, "\r")
+    prompt = _read(dst)
+    if prompt.endswith("Username: "):
+        _write(dst, args.username + "\r")
+        prompt = _read(dst)
+        if prompt.endswith("Password: "):
+            if not pin:
+                pin = getpass.getpass("{} PIN: ".format(args.username))
+            _write(dst, pin + "\r")
+            prompt = _read(dst)
+    if not prompt.endswith(("> ", "# ")):
+        print("Device does not seem to be ready for a file transfer (got {!r})".format(prompt))
+        return prompt
+    _write(dst, cmd + "\r")
+    response = _read(dst)
+    return response
+
+def send_file(src, size, args, dst):
+    if args.fpga:
+        chunk_size = FPGA_CHUNK_SIZE
+        response = _execute(dst, "fpga bitstream upload")
+    elif args.firmware:
+        chunk_size = FIRMWARE_CHUNK_SIZE
+        response = _execute(dst, "firmware upload")
+        if "Rebooting" in response:
+            response = _execute(dst, "firmware upload")
+    elif args.bootloader:
+        chunk_size = FIRMWARE_CHUNK_SIZE
+        response = _execute(dst, "bootloader upload")
+    if "Access denied" in response:
+        print "Access denied"
+        return False
+    if not "OK" in response:
+        print("Device did not accept the upload command (got {!r})".format(response))
+        return False
+
+    crc = 0
+    counter = 0
+    # 1. Write size of file (4 bytes)
+    _write(dst, struct.pack("<I", size))
+    response = _read(dst)
+    if not response.startswith("Send "):
+        print response
+        return False
+
+    # 2. Write file contents while calculating CRC-32
+    while True:
+        data = src.read(chunk_size)
+        if not data:
+            break
+        dst.write(data)
+        print("Wrote {!s} bytes (chunk {!s}/{!s})".format(len(data), counter, int(size / chunk_size)))
+        # read ACK (a counter of number of 4k chunks received)
+        while True:
+            ack_bytes = dst.read(4)
+            if len(ack_bytes) == 4:
+                break
+            print("ERROR: Did not receive an ACK, got {!r}".format(ack_bytes))
+            dst.write("\r")  # eventually get back to the CLI prompt
+        ack = struct.unpack("<I", ack_bytes)[0]
+        if ack != counter + 1:
+            print("ERROR: Did not receive the expected counter as ACK (got {!r}/{!r}, not {!r})".format(ack, ack_bytes, counter))
+            flush = dst.read(100)
+            print("FLUSH data: {!r}".format(flush))
+            return False
+        counter += 1
+
+        crc = crc32(data, crc) & 0xffffffff
+
+    _read(dst)
+
+    # 3. Write CRC-32 (4 bytes)
+    _write(dst, struct.pack("<I", crc))
+    response = _read(dst)
+    print response
+
+    src.close()
+
+    if args.fpga:
+        # tell the fpga to read its new configuration
+        _execute(dst, "fpga reset")
+
+    if args.fpga or args.bootloader:
+        # log out of the CLI
+        # firmware upgrade reboots, doesn't need an exit
+        _execute(dst, "exit")
+
+    return True
+
+
+dire_bootloader_warning = '''
+                            WARNING
+
+Updating the bootloader risks bricking your HSM!  If something goes
+badly wrong here, or you upload a bad bootloader image, you will not
+be able to recover without an ST-LINK programmer.
+
+In most cases a normal "--firmware" upgrade should be all that is
+necessary to bring your HSM up to date, there is seldom any real need
+to update the bootloader.
+
+Do not proceed with this unless you REALLY know what you are doing.
+
+If you got here by accident, ^C now, without answering the PIN prompt.
+'''
+
+
+def main():
+    global args
+    args = parse_args()
+
+    if args.bootloader and not args.simon_says_whack_my_bootloader:
+        sys.exit("You didn't say \"Simon says\"")
+
+    if args.bootloader:
+        print dire_bootloader_warning
+
+    if args.explicit_image is None and args.firmware_tarball is None:
+        sys.exit("No source file specified for upload and firmware tarball not found")
+
+    if args.explicit_image:
+        src = args.explicit_image       # file-like object, thanks to argparse
+        size = os.fstat(src.fileno()).st_size
+        if size == 0:                   # Flashing from stdin won't work, sorry
+            sys.exit("Can't flash from a pipe or zero-length file")
+        print "Uploading from explicitly-specified file {}".format(args.explicit_image.name)
+
+    else:
+        tar = tarfile.open(fileobj = args.firmware_tarball)
+        print "Firmware tarball {} content:".format(args.firmware_tarball.name)
+        tar.list(True)
+        if args.fpga:
+            name = "alpha_fmc.bit"
+        elif args.firmware:
+            name = "hsm.bin"
+        elif args.bootloader:
+            name = "bootloader.bin"
+        else:
+            # Somebody updated other part of this script without updating this part :(
+            sys.exit("Don't know which component to select from firmware tarball, sorry")
+        try:
+            size = tar.getmember(name).size
+        except KeyError:
+            sys.exit("Expected component {} missing from firmware tarball {}".format(name, args.firmware_tarball.name))
+        src = tar.extractfile(name)
+        print "Uploading {} from {}".format(name, args.firmware_tarball.name)
+
+    print "Initializing serial port and synchronizing with HSM, this may take a few seconds"
+    dst  = serial.Serial(args.device, 921600, timeout = 2)
+    send_file(src, size, args, dst)
+    dst.close()
+
+
+if __name__ == "__main__":
+    try:
+        main()
+    except KeyboardInterrupt:
+        pass
diff --git a/bin/flash-target b/bin/flash-target
new file mode 100755
index 0000000..cef709d
--- /dev/null
+++ b/bin/flash-target
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+PROJ="${1?'project'}"
+OPENOCD=openocd
+
+# location of OpenOCD Board .cfg files (only used with 'make flash-target')
+#
+# This path is from Ubuntu 14.04.
+#
+OPENOCD_BOARD_DIR=/usr/share/openocd/scripts/board
+
+# Configuration (cfg) file containing programming directives for OpenOCD
+#
+# If you are using an STLINK v2.0 from an STM32 F4 DISCOVERY board,
+# set this variable to "stm32f4discovery.cfg".
+#
+# If you are using an STLINK v2.1 from an STM32 F4 NUCLEO board,
+# set this variable to "st_nucleo_f401re.cfg".
+#
+# If you are using something else, look for a matching configuration file in
+# the OPENOCD_BOARD_DIR directory.
+#
+OPENOCD_PROC_FILE=stm32f4discovery.cfg
+if [ "x`lsusb -d 0483:374b`" != "x" ]; then
+    for fn in st_nucleo_f4.cfg st_nucleo_f401re.cfg; do
+        if [ -f "$OPENOCD_BOARD_DIR/$fn" ]; then
+	    OPENOCD_PROC_FILE="$fn"
+	fi
+    done
+fi
+
+# This used to be "... verify reset exit", but that fails on Debian Jessie.
+# The Net of a Million Lies claims that the "exit" is unnecessary, so the
+# simplest solution is just to omit it.  Should this turn out to be a mistake,
+# well, we'll have to do something more clever to deal with these silly version
+# skew problems between the several versions of openocd in current use.
+
+$OPENOCD -f $OPENOCD_BOARD_DIR/$OPENOCD_PROC_FILE -c "program $PROJ.elf verify exit" # reset
diff --git a/bin/reset b/bin/reset
new file mode 100755
index 0000000..8190805
--- /dev/null
+++ b/bin/reset
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+OPENOCD=openocd
+
+# location of OpenOCD Board .cfg files (only used with 'make flash-target')
+#
+# This path is from Ubuntu 14.04.
+#
+OPENOCD_BOARD_DIR=/usr/share/openocd/scripts/board
+
+# Configuration (cfg) file containing programming directives for OpenOCD
+#
+# If you are using an STLINK v2.0 from an STM32 F4 DISCOVERY board,
+# set this variable to "stm32f4discovery.cfg".
+#
+# If you are using an STLINK v2.1 from an STM32 F4 NUCLEO board,
+# set this variable to "st_nucleo_f401re.cfg".
+#
+# If you are using something else, look for a matching configuration file in
+# the OPENOCD_BOARD_DIR directory.
+#
+OPENOCD_PROC_FILE=stm32f4discovery.cfg
+if [ "x`lsusb -d 0483:374b`" != "x" ]; then
+    for fn in st_nucleo_f4.cfg st_nucleo_f401re.cfg; do
+        if [ -f "$OPENOCD_BOARD_DIR/$fn" ]; then
+	    OPENOCD_PROC_FILE="$fn"
+	fi
+    done
+fi
+
+$OPENOCD -f $OPENOCD_BOARD_DIR/$OPENOCD_PROC_FILE -c "init" -c "reset run" -c "exit"
diff --git a/run.sh b/run.sh
new file mode 100755
index 0000000..a126811
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -e
+
+echo "##########################################"
+echo "# Flashing bootloader"
+echo "##########################################"
+./bin/flash-target bootloader
+
+echo "##########################################"
+echo "# Flashing temporary HSM firmware"
+echo "##########################################"
+./bin/flash-target hsm
+./bin/reset
+sleep 5
+
+echo "##########################################"
+echo "# Uploading bitstream"
+echo "##########################################"
+
+./bin/cryptech_upload --fpga --username wheel
+
+echo "##########################################"
+echo "# Programming AVR"
+echo "##########################################"
+avrdude -c usbtiny -p attiny828 -U flash:w:tamper.hex
+
+echo "##########################################"
+echo "# Flashing official STM32 firmware"
+echo "##########################################"
+./bin/cryptech_upload --firmware --username wheel
+./bin/reset
+sleep 15
+
+echo "##########################################"
+echo "# Checking FPGA"
+echo "##########################################"
+./bin/cryptech_runcmd --username wheel "fpga show cores"
+