[Cryptech-Commits] [sw/stm32] 02/03: Try to restrict wheel user to only setting pins.

git at cryptech.is git at cryptech.is
Mon Jul 11 03:16:16 UTC 2016

Previous message (by thread): [Cryptech-Commits] [sw/stm32] 01/03: Check jumpers JP7 and JP8 before accepting new firmware or bootloader images.
Next message (by thread): [Cryptech-Commits] [sw/stm32] 03/03: Sign/verifiy installable images
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch parade_of_half_baked_ideas
in repository sw/stm32.

commit 708103998b7005c51fd78fc5563e46dd93fee283
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Sun Jul 10 22:45:32 2016 -0400

    Try to restrict wheel user to only setting pins.
    
    This is a bit of social engineering, because at the moment he can easily
    drop out of config mode to get the full command set. It also doesn't
    restrict his use of RPC.
---
 projects/hsm/mgmt-cli.c      | 23 +++++++++++++++--------
 projects/hsm/mgmt-cli.h      |  6 ++++++
 projects/hsm/mgmt-keystore.c | 14 ++++++++++++--
 3 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c
index eeeaef5..514cdd1 100644
--- a/projects/hsm/mgmt-cli.c
+++ b/projects/hsm/mgmt-cli.c
@@ -195,7 +195,7 @@ static int embedded_cli_loop(struct cli_def *cli)
 	}
 
 	if (ctx.l < 0)
-            continue;
+            break;
 
 	/* cli_print(cli, "Process command: '%s'", ctx.cmd); */
 	n = cli_loop_process_cmd(cli, &ctx);
@@ -219,6 +219,8 @@ static void mgmt_cli_init(struct cli_def *cli)
 
 hal_user_t user;
 
+static struct cli_def cli;
+
 static int check_auth(const char *username, const char *password)
 {
     hal_client_handle_t client = { -1 };
@@ -233,25 +235,30 @@ static int check_auth(const char *username, const char *password)
     else
         user = HAL_USER_NONE;
 
-    if (hal_rpc_login(client, user, password, strlen(password)) == LIBHAL_OK)
-        return CLI_OK;
+    if (hal_rpc_login(client, user, password, strlen(password)) != LIBHAL_OK) {
+        user = HAL_USER_NONE;
+        return CLI_ERROR;
+    }
 
-    user = HAL_USER_NONE;
-    return CLI_ERROR;
+    /* set mode to 'config', so wheel can only set pins */
+    if (user == HAL_USER_WHEEL)
+        cli_set_configmode(&cli, MODE_CONFIG, NULL);
+
+    return CLI_OK;
 }
 
 int cli_main(void)
 {
-    static struct cli_def cli;
-
     uart_sem = osSemaphoreCreate(osSemaphore(uart_sem), 0);
 
     mgmt_cli_init(&cli);
     cli_set_auth_callback(&cli, check_auth);
 
+    cli_unregister_command(&cli, "configure");
+
+    configure_cli_misc(&cli);
     configure_cli_show(&cli);
     configure_cli_fpga(&cli);
-    configure_cli_misc(&cli);
     configure_cli_firmware(&cli);
     configure_cli_bootloader(&cli);
     configure_cli_keystore(&cli);
diff --git a/projects/hsm/mgmt-cli.h b/projects/hsm/mgmt-cli.h
index c96dae6..35694aa 100644
--- a/projects/hsm/mgmt-cli.h
+++ b/projects/hsm/mgmt-cli.h
@@ -67,6 +67,12 @@
     _cli_cmd_struct(name, name, cmd_##name, (char *) help);		\
     cli_register_command2(cli, &cmd_##name##_s, NULL)
 
+#define cli_set_cmd_privilege(name, p)				\
+    cmd_##name##_s.privilege = p
+
+#define cli_set_cmd_mode(name, m)				\
+    cmd_##name##_s.mode = m
+
 
 typedef enum {
     DMA_RX_STOP,
diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c
index 128ae4c..ee6d521 100644
--- a/projects/hsm/mgmt-keystore.c
+++ b/projects/hsm/mgmt-keystore.c
@@ -179,7 +179,7 @@ int cmd_keystore_set_key(struct cli_def *cli, const char *command, char *argv[],
 int cmd_keystore_delete_key(struct cli_def *cli, const char *command, char *argv[], int argc)
 {
     hal_error_t status;
-    int hint = 0;
+    int hint = -1;
 
     if (argc != 1) {
 	cli_print(cli, "Wrong number of arguments (%i).", argc);
@@ -191,7 +191,7 @@ int cmd_keystore_delete_key(struct cli_def *cli, const char *command, char *argv
 				(uint8_t *) argv[0], strlen(argv[0]),
 				&hint)) != LIBHAL_OK) {
 
-	cli_print(cli, "Failed deleting key: %s", hal_error_string(status));
+	cli_print(cli, "Failed deleting key \"%s\": %s", argv[0], hal_error_string(status));
 	return CLI_ERROR;
     }
 
@@ -358,4 +358,14 @@ void configure_cli_keystore(struct cli_def *cli)
 
     /* keystore show keys */
     cli_command_node(keystore_show, keys, "Show what PINs and keys are in the keystore");
+
+    cli_set_cmd_mode(keystore, MODE_ANY);
+    cli_set_cmd_mode(keystore_erase, MODE_ANY);
+    cli_set_cmd_mode(keystore_set, MODE_ANY);
+    cli_set_cmd_mode(keystore_set_pin, MODE_ANY);
+    cli_set_cmd_mode(keystore_set_pin_iterations, MODE_ANY);
+    cli_set_cmd_mode(keystore_clear, MODE_ANY);
+    cli_set_cmd_mode(keystore_clear_pin, MODE_ANY);
+    cli_set_cmd_mode(keystore_show, MODE_ANY);
+    cli_set_cmd_mode(keystore_show_keys, MODE_ANY);
 }

Previous message (by thread): [Cryptech-Commits] [sw/stm32] 01/03: Check jumpers JP7 and JP8 before accepting new firmware or bootloader images.
Next message (by thread): [Cryptech-Commits] [sw/stm32] 03/03: Sign/verifiy installable images
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list