[Cryptech-Commits] [sw/stm32] branch master updated: Re-disable 'keystore set key'; hexdump binary key names; remove unused 'show' commands.

git at cryptech.is git at cryptech.is
Tue Jul 12 16:47:44 UTC 2016


This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository sw/stm32.

The following commit(s) were added to refs/heads/master by this push:
       new  e60817f   Re-disable 'keystore set key'; hexdump binary key names; remove unused 'show' commands.
e60817f is described below

commit e60817fe6e800c249c6032137c4baf4af72cb578
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Tue Jul 12 12:47:11 2016 -0400

    Re-disable 'keystore set key'; hexdump binary key names; remove unused 'show' commands.
---
 projects/hsm/Makefile        |  3 +-
 projects/hsm/mgmt-cli.c      | 12 +++++---
 projects/hsm/mgmt-fpga.c     | 13 +++-----
 projects/hsm/mgmt-keystore.c | 72 +++++++++++++++++++++++++++++++++++---------
 4 files changed, 70 insertions(+), 30 deletions(-)

diff --git a/projects/hsm/Makefile b/projects/hsm/Makefile
index acb9962..0ab4bff 100644
--- a/projects/hsm/Makefile
+++ b/projects/hsm/Makefile
@@ -8,8 +8,7 @@ OBJS = crc32.o \
 	mgmt-fpga.c \
 	mgmt-keystore.c \
 	mgmt-masterkey.c \
-	mgmt-misc.c \
-	mgmt-show.c
+	mgmt-misc.c
 
 BOARD_OBJS = \
 	$(TOPLEVEL)/stm-init.o \
diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c
index eeeaef5..a610db6 100644
--- a/projects/hsm/mgmt-cli.c
+++ b/projects/hsm/mgmt-cli.c
@@ -195,7 +195,7 @@ static int embedded_cli_loop(struct cli_def *cli)
 	}
 
 	if (ctx.l < 0)
-            continue;
+            break;
 
 	/* cli_print(cli, "Process command: '%s'", ctx.cmd); */
 	n = cli_loop_process_cmd(cli, &ctx);
@@ -249,13 +249,15 @@ int cli_main(void)
     mgmt_cli_init(&cli);
     cli_set_auth_callback(&cli, check_auth);
 
-    configure_cli_show(&cli);
+    /* we don't have any privileged commands at the moment */
+    cli_unregister_command(&cli, "enable");
+
     configure_cli_fpga(&cli);
-    configure_cli_misc(&cli);
-    configure_cli_firmware(&cli);
-    configure_cli_bootloader(&cli);
     configure_cli_keystore(&cli);
     configure_cli_masterkey(&cli);
+    configure_cli_firmware(&cli);
+    configure_cli_bootloader(&cli);
+    configure_cli_misc(&cli);
 
     while (1) {
         embedded_cli_loop(&cli);
diff --git a/projects/hsm/mgmt-fpga.c b/projects/hsm/mgmt-fpga.c
index 5092599..adb45b3 100644
--- a/projects/hsm/mgmt-fpga.c
+++ b/projects/hsm/mgmt-fpga.c
@@ -124,17 +124,16 @@ static int cmd_fpga_reset(struct cli_def *cli, const char *command, char *argv[]
     return CLI_OK;
 }
 
-static int cmd_fpga_show_status(struct cli_def *cli, const char *command, char *argv[], int argc)
-{
-    cli_print(cli, "FPGA has %sloaded a bitstream", fpgacfg_check_done() ? "":"NOT ");
-    return CLI_OK;
-}
-
 static int cmd_fpga_show_cores(struct cli_def *cli, const char *command, char *argv[], int argc)
 {
     const hal_core_t *core;
     const hal_core_info_t *info;
 
+    if (! fpgacfg_check_done()) {
+        cli_print(cli, "FPGA has not loaded a bitstream");
+        return CLI_OK;
+    }
+
     for (core = hal_core_iterate(NULL); core != NULL; core = hal_core_iterate(core)) {
 	info = hal_core_info(core);
 	cli_print(cli, "%04x: %8.8s %4.4s",
@@ -150,8 +149,6 @@ void configure_cli_fpga(struct cli_def *cli)
     cli_command_root(fpga);
 
     cli_command_branch(fpga, show);
-    /* show fpga status*/
-    cli_command_node(fpga_show, status, "Show status about the FPGA");
     /* show fpga cores*/
     cli_command_node(fpga_show, cores, "Show FPGA core names and versions");
 
diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c
index d598cf7..0471430 100644
--- a/projects/hsm/mgmt-keystore.c
+++ b/projects/hsm/mgmt-keystore.c
@@ -32,8 +32,8 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
 #define HAL_OK CMSIS_HAL_OK
-
 #include "stm-init.h"
 #include "stm-keystore.h"
 #include "stm-fpgacfg.h"
@@ -42,7 +42,6 @@
 #include "mgmt-cli.h"
 #include "mgmt-show.h"
 
-/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
 #undef HAL_OK
 #define LIBHAL_OK HAL_OK
 #include "hal.h"
@@ -52,6 +51,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 
 
 int cmd_keystore_set_pin(struct cli_def *cli, const char *command, char *argv[], int argc)
@@ -150,6 +150,7 @@ int cmd_keystore_set_pin_iterations(struct cli_def *cli, const char *command, ch
     return CLI_OK;
 }
 
+#if 0
 int cmd_keystore_set_key(struct cli_def *cli, const char *command, char *argv[], int argc)
 {
     hal_error_t status;
@@ -176,6 +177,7 @@ int cmd_keystore_set_key(struct cli_def *cli, const char *command, char *argv[],
 
     return CLI_OK;
 }
+#endif
 
 static int key_by_index(struct cli_def *cli, char *str, const uint8_t **name, size_t *name_len, hal_key_type_t *type)
 {
@@ -233,6 +235,13 @@ int cmd_keystore_delete_key(struct cli_def *cli, const char *command, char *argv
     }    
 
     if ((status = hal_ks_delete(type, name, name_len, &hint)) != LIBHAL_OK) {
+        if (status == HAL_ERROR_KEY_NOT_FOUND) {
+            /* sigh, try again including the terminal nul */
+            if ((status = hal_ks_delete(type, name, name_len+1, &hint)) == LIBHAL_OK) {
+                cli_print(cli, "Deleted key %i", hint);
+                return CLI_OK;
+            }
+        }
 	cli_print(cli, "Failed deleting key: %s", hal_error_string(status));
 	return CLI_ERROR;
     }
@@ -269,6 +278,13 @@ int cmd_keystore_rename_key(struct cli_def *cli, const char *command, char *argv
     }    
 
     if ((status = hal_ks_rename(type, name, name_len, (uint8_t *)argv[1], strlen(argv[1]), &hint)) != LIBHAL_OK) {
+        if (status == HAL_ERROR_KEY_NOT_FOUND) {
+            /* sigh, try again including the terminal nul */
+            if ((status = hal_ks_rename(type, name, name_len+1, (uint8_t *)argv[1], strlen(argv[1]), &hint)) == LIBHAL_OK) {
+                cli_print(cli, "Renamed key %i", hint);
+                return CLI_OK;
+            }
+        }
 	cli_print(cli, "Failed renaming key: %s", hal_error_string(status));
 	return CLI_ERROR;
     }
@@ -281,7 +297,6 @@ int cmd_keystore_rename_key(struct cli_def *cli, const char *command, char *argv
 int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc)
 {
     const hal_ks_keydb_t *db;
-    uint8_t name[HAL_RPC_PKEY_NAME_MAX + 1];
     char *type;
 
     db = hal_ks_get_keydb();
@@ -314,10 +329,35 @@ int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[
                 type = "unknown";
                 break;
             }
-            /* name is nul-terminated */
-            memcpy(name, db->keys[i].name, db->keys[i].name_len);
-            name[db->keys[i].name_len] = '\0';
-	    cli_print(cli, "Key %i, type %s, name '%s'", i, type, name);
+            int printable = 1;
+            for (int j = 0; j < db->keys[i].name_len; ++j) {
+                if (!isprint(db->keys[i].name[j])) {
+                    printable = 0;
+                    break;
+                }
+            }
+            if (printable) {
+                /* name may not be nul-terminated in the db, and %*s
+                 * doesn't seem to be working properly, so copy it
+                 */
+                uint8_t name[db->keys[i].name_len + 1];
+                memcpy(name, db->keys[i].name, db->keys[i].name_len);
+                name[db->keys[i].name_len] = '\0';
+                cli_print(cli, "Key %i, type %s, name '%s'", i, type, name);
+            }
+            else {
+                /* hexdump name */
+                uint8_t name[db->keys[i].name_len * 3];
+                for (int j = 0; j < db->keys[i].name_len; ++j) {
+                    uint8_t b = db->keys[i].name[j];
+                    #define hexify(n) (((n) < 10) ? ((n) + '0') : ((n) - 10 + 'A'))
+                    name[j*3] = hexify((b & 0xf0) >> 4);
+                    name[j*3+1] = hexify(b & 0x0f);
+                    name[j*3+2] = ':';
+                }
+                name[sizeof(name)-1] = '\0';
+                cli_print(cli, "Key %i, type %s, name %s", i, type, name);
+            }
 	}
     }
 
@@ -366,9 +406,6 @@ void configure_cli_keystore(struct cli_def *cli)
     /* keystore show */
     cli_command_branch(keystore, show);
 
-    /* keystore erase */
-    cli_command_node(keystore, erase, "Erase the whole keystore");
-
     /* keystore set pin */
     cli_command_node(keystore_set, pin, "Set either 'wheel', 'user' or 'so' PIN");
 
@@ -378,15 +415,20 @@ void configure_cli_keystore(struct cli_def *cli)
     /* keystore clear pin */
     cli_command_node(keystore_clear, pin, "Clear either 'wheel', 'user' or 'so' PIN");
 
+    /* keystore show keys */
+    cli_command_node(keystore_show, keys, "Show what PINs and keys are in the keystore");
+
+#if 0
     /* keystore set key */
     cli_command_node(keystore_set, key, "Set a key");
-
-    /* keystore delete key */
-    cli_command_node(keystore_delete, key, "Delete a key");
+#endif
 
     /* keystore rename key */
     cli_command_node(keystore_rename, key, "Rename a key");
 
-    /* keystore show keys */
-    cli_command_node(keystore_show, keys, "Show what PINs and keys are in the keystore");
+    /* keystore delete key */
+    cli_command_node(keystore_delete, key, "Delete a key");
+
+    /* keystore erase */
+    cli_command_node(keystore, erase, "Erase the whole keystore");
 }

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the Commits mailing list