put manufacturer key to other page
This commit is contained in:
parent
ddb100570d
commit
43b26806af
|
@ -50,12 +50,13 @@
|
||||||
|
|
||||||
#define BUTTON_DEBOUNCE (50U) // debounce time in ms
|
#define BUTTON_DEBOUNCE (50U) // debounce time in ms
|
||||||
|
|
||||||
#define TIMEOUT_GLOBAL (24U * 60) // maximum time to hold the credentials, in minutes
|
#define TIMEOUT_GLOBAL (12U * 60) // maximum time to hold the credentials, in minutes
|
||||||
#define TIMEOUT_REPEAT (6U * 60) // maximum time after last repeat to hold the credentials, in minutes
|
#define TIMEOUT_REPEAT (3U * 60) // maximum time after last repeat to hold the credentials, in minutes
|
||||||
|
|
||||||
|
char manuf_key[32 + 1]; // the key set by the manufacturer to authenticate the device
|
||||||
|
|
||||||
static struct config_t {
|
static struct config_t {
|
||||||
uint8_t layout; // keyboard layout
|
uint8_t layout; // keyboard layout
|
||||||
char manuf_key[32 + 1]; // the key set by the manufacturer to authenticate the device
|
|
||||||
char user_key[32 + 1]; // the key set by the user to authenticate the device
|
char user_key[32 + 1]; // the key set by the user to authenticate the device
|
||||||
bool button_swap; // the order of the buttons (which is for username or password)
|
bool button_swap; // the order of the buttons (which is for username or password)
|
||||||
uint16_t timeout_global; // time to hold the credentials, in minutes
|
uint16_t timeout_global; // time to hold the credentials, in minutes
|
||||||
|
@ -63,8 +64,8 @@ static struct config_t {
|
||||||
uint8_t crc; // simple XOR CRC to check config validity
|
uint8_t crc; // simple XOR CRC to check config validity
|
||||||
} config;
|
} config;
|
||||||
|
|
||||||
// TODO move manuf key to seperate page, in write protected space
|
// page to store manufacturer key (can't be corrupter by save config)
|
||||||
|
#define FLASH_MANUF_ADDR ((uint32_t)0x08000000 + 0x400 * 26)
|
||||||
// last available page of last sector to store config
|
// last available page of last sector to store config
|
||||||
#define FLASH_CONFIG_ADDR ((uint32_t)0x08000000 + 0x400 * 27)
|
#define FLASH_CONFIG_ADDR ((uint32_t)0x08000000 + 0x400 * 27)
|
||||||
|
|
||||||
|
@ -138,6 +139,18 @@ uint32_t board_button2_read(void)
|
||||||
|
|
||||||
static void load_config(void)
|
static void load_config(void)
|
||||||
{
|
{
|
||||||
|
memcpy(manuf_key, (uint8_t*)FLASH_MANUF_ADDR, sizeof(manuf_key));
|
||||||
|
bool manuf_ok = false;
|
||||||
|
for (uint8_t i = 0; i < sizeof(manuf_key); i++) {
|
||||||
|
if (0 == manuf_key[i]) {
|
||||||
|
manuf_ok = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!manuf_ok) {
|
||||||
|
memset(manuf_key, 0, sizeof(manuf_key));
|
||||||
|
}
|
||||||
|
|
||||||
memcpy(&config, (uint8_t*)FLASH_CONFIG_ADDR, sizeof(config));
|
memcpy(&config, (uint8_t*)FLASH_CONFIG_ADDR, sizeof(config));
|
||||||
uint8_t crc = 0x42; // start with non-zero value to have a checksum work with empty config
|
uint8_t crc = 0x42; // start with non-zero value to have a checksum work with empty config
|
||||||
for (uint16_t i = 0; i < sizeof(config); i++) {
|
for (uint16_t i = 0; i < sizeof(config); i++) {
|
||||||
|
@ -195,6 +208,33 @@ end:
|
||||||
HAL_FLASH_Lock();
|
HAL_FLASH_Lock();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void save_manuf(void)
|
||||||
|
{
|
||||||
|
// save to flash
|
||||||
|
HAL_FLASH_Unlock();
|
||||||
|
FLASH_EraseInitTypeDef EraseInitStruct;
|
||||||
|
EraseInitStruct.TypeErase = FLASH_TYPEERASE_PAGES;
|
||||||
|
EraseInitStruct.PageAddress = FLASH_MANUF_ADDR;
|
||||||
|
EraseInitStruct.NbPages = 1;
|
||||||
|
uint32_t error;
|
||||||
|
if (HAL_FLASHEx_Erase(&EraseInitStruct, &error) != HAL_OK) {
|
||||||
|
printf("earsing page failed\r\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
for (uint16_t i = 0; i < sizeof(manuf_key); i += 4) {
|
||||||
|
const uint32_t address = FLASH_CONFIG_ADDR + i;
|
||||||
|
uint32_t data;
|
||||||
|
memcpy(&data, (uint8_t*)&manuf_key[i], sizeof(data)); // works even if the data it not aligned
|
||||||
|
if (HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, address, data) != HAL_OK) {
|
||||||
|
printf("flash page failed\r\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
printf("manufacturer key saved\r\n");
|
||||||
|
end:
|
||||||
|
HAL_FLASH_Lock();
|
||||||
|
}
|
||||||
|
|
||||||
// convert bytes to ASCII hex (does not add end zero)
|
// convert bytes to ASCII hex (does not add end zero)
|
||||||
static void b2h(const uint8_t* b, char* h, uint8_t len)
|
static void b2h(const uint8_t* b, char* h, uint8_t len)
|
||||||
{
|
{
|
||||||
|
@ -238,13 +278,20 @@ int main(void)
|
||||||
tud_init(BOARD_TUD_RHPORT);
|
tud_init(BOARD_TUD_RHPORT);
|
||||||
|
|
||||||
printf("\r\npasskey v2\r\n");
|
printf("\r\npasskey v2\r\n");
|
||||||
|
load_config();
|
||||||
|
|
||||||
|
FLASH_OBProgramInitTypeDef ob;
|
||||||
|
HAL_FLASHEx_OBGetConfig(&ob);
|
||||||
|
if (OB_RDP_LEVEL_2 != ob.RDPLevel) {
|
||||||
|
printf("device not locked\r\n");
|
||||||
|
}
|
||||||
|
if (0 == strlen(manuf_key)) {
|
||||||
|
printf("manufacturer key not set\r\n");
|
||||||
|
}
|
||||||
|
|
||||||
if (board_init_after_tusb) {
|
if (board_init_after_tusb) {
|
||||||
board_init_after_tusb();
|
board_init_after_tusb();
|
||||||
}
|
}
|
||||||
|
|
||||||
load_config();
|
|
||||||
|
|
||||||
while (true)
|
while (true)
|
||||||
{
|
{
|
||||||
tud_task(); // tinyusb device task
|
tud_task(); // tinyusb device task
|
||||||
|
@ -367,7 +414,7 @@ void cdc_task(void)
|
||||||
str = "\r\nenter authentication key (up to 32 char): ";
|
str = "\r\nenter authentication key (up to 32 char): ";
|
||||||
break;
|
break;
|
||||||
case 'a': // run authentication
|
case 'a': // run authentication
|
||||||
if (0 == strlen(config.user_key) && 0 == strlen(config.manuf_key)) {
|
if (0 == strlen(config.user_key) && 0 == strlen(manuf_key)) {
|
||||||
str = "\r\nno key set\r\n";
|
str = "\r\nno key set\r\n";
|
||||||
} else {
|
} else {
|
||||||
i = 0; // reset index
|
i = 0; // reset index
|
||||||
|
@ -390,9 +437,17 @@ void cdc_task(void)
|
||||||
break;
|
break;
|
||||||
// hidden menu
|
// hidden menu
|
||||||
case 'K': // set manufacturer key
|
case 'K': // set manufacturer key
|
||||||
i = 0; // reset index
|
{
|
||||||
menu = MENU_MANUF;
|
FLASH_OBProgramInitTypeDef ob;
|
||||||
str = "\r\nenter manufacturer key (up to 32 char): ";
|
HAL_FLASHEx_OBGetConfig(&ob);
|
||||||
|
if (OB_RDP_LEVEL_2 == ob.RDPLevel) {
|
||||||
|
str = "\r\ndevice locked\r\n";
|
||||||
|
} else {
|
||||||
|
i = 0; // reset index
|
||||||
|
menu = MENU_MANUF;
|
||||||
|
str = "\r\nenter manufacturer key (up to 32 char): ";
|
||||||
|
}
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'L': // lock device
|
case 'L': // lock device
|
||||||
{
|
{
|
||||||
|
@ -400,8 +455,6 @@ void cdc_task(void)
|
||||||
HAL_FLASHEx_OBGetConfig(&ob);
|
HAL_FLASHEx_OBGetConfig(&ob);
|
||||||
if (OB_RDP_LEVEL_2 == ob.RDPLevel) {
|
if (OB_RDP_LEVEL_2 == ob.RDPLevel) {
|
||||||
str = "\r\ndevice locked\r\n";
|
str = "\r\ndevice locked\r\n";
|
||||||
} else if (0 == strlen(config.manuf_key)) {
|
|
||||||
str = "\r\nset manufacturer key first\r\n";
|
|
||||||
} else {
|
} else {
|
||||||
str = "\r\nlocking device\r\n";
|
str = "\r\nlocking device\r\n";
|
||||||
ob.RDPLevel = OB_RDP_LEVEL_2; // level 2, disabling debug, and write protecting option byte
|
ob.RDPLevel = OB_RDP_LEVEL_2; // level 2, disabling debug, and write protecting option byte
|
||||||
|
@ -475,9 +528,9 @@ void cdc_task(void)
|
||||||
if ('\r' == buf[j] || '\n' == buf[j]) { // end received
|
if ('\r' == buf[j] || '\n' == buf[j]) { // end received
|
||||||
tmp[i] = 0; // end key
|
tmp[i] = 0; // end key
|
||||||
if (strlen(tmp)) {
|
if (strlen(tmp)) {
|
||||||
memset(config.manuf_key, 0, sizeof(config.manuf_key));
|
memset(manuf_key, 0, sizeof(manuf_key));
|
||||||
memcpy(config.manuf_key, tmp, i);
|
memcpy(manuf_key, tmp, i);
|
||||||
save_config();
|
save_manuf();
|
||||||
str = "\r\nmanufacturer key saved\r\n";
|
str = "\r\nmanufacturer key saved\r\n";
|
||||||
} else {
|
} else {
|
||||||
str = "\r\ninvalid input\r\n";
|
str = "\r\ninvalid input\r\n";
|
||||||
|
@ -522,7 +575,7 @@ void cdc_task(void)
|
||||||
tmp[i] = 0; // end string
|
tmp[i] = 0; // end string
|
||||||
if (strlen(tmp)) {
|
if (strlen(tmp)) {
|
||||||
echo = false; // we need to write now
|
echo = false; // we need to write now
|
||||||
if (strlen(config.manuf_key)) {
|
if (strlen(manuf_key)) {
|
||||||
char uid[4 * 3 * 2 + 1];
|
char uid[4 * 3 * 2 + 1];
|
||||||
b2h((uint8_t*)UID_BASE, uid, 4 * 3);
|
b2h((uint8_t*)UID_BASE, uid, 4 * 3);
|
||||||
uid[sizeof(uid) - 1] = 0; // end string
|
uid[sizeof(uid) - 1] = 0; // end string
|
||||||
|
@ -530,11 +583,11 @@ void cdc_task(void)
|
||||||
tud_cdc_write_str_flush(uid);
|
tud_cdc_write_str_flush(uid);
|
||||||
tud_cdc_write_str_flush(tmp);
|
tud_cdc_write_str_flush(tmp);
|
||||||
tud_cdc_write_str_flush("\r\n");
|
tud_cdc_write_str_flush("\r\n");
|
||||||
uint8_t hash_in[sizeof(config.manuf_key) + sizeof(tmp)];
|
uint8_t hash_in[sizeof(manuf_key) + sizeof(tmp)];
|
||||||
memcpy(&hash_in[0], config.manuf_key, strlen(config.manuf_key));
|
memcpy(&hash_in[0], manuf_key, strlen(manuf_key));
|
||||||
memcpy(&hash_in[strlen(config.user_key)], tmp, strlen(tmp));
|
memcpy(&hash_in[strlen(manuf_key)], tmp, strlen(tmp));
|
||||||
SHA256_HASH hash_out;
|
SHA256_HASH hash_out;
|
||||||
Sha256Calculate(hash_in, strlen(config.manuf_key) + strlen(tmp), &hash_out);
|
Sha256Calculate(hash_in, strlen(manuf_key) + strlen(tmp), &hash_out);
|
||||||
char hash_str[SHA256_HASH_SIZE * 2 + 1];
|
char hash_str[SHA256_HASH_SIZE * 2 + 1];
|
||||||
b2h(hash_out.bytes, hash_str, SHA256_HASH_SIZE);
|
b2h(hash_out.bytes, hash_str, SHA256_HASH_SIZE);
|
||||||
hash_str[SHA256_HASH_SIZE * 2] = 0; // end string
|
hash_str[SHA256_HASH_SIZE * 2] = 0; // end string
|
||||||
|
|
Loading…
Reference in New Issue