diff options
| author | あく <alleteam@gmail.com> | 2021-09-15 12:59:49 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-15 12:59:49 +0300 |
| commit | 66f9d946ae0f14d4ad11810a55c7cc638ee315e5 (patch) | |
| tree | 5e91f1fd7ae6dcceac08fe23211c0b49814fdee3 /applications/cli | |
| parent | 95d9140d2458b1fd471627c49ef0ecc1faf9c68e (diff) | |
[FL-1490] FuriHal: crypto api. Crypto cli tool. (#702)
* FuriHal: crypto layer
* Furi: add crash routine.
* FuriHal: crypto api. Crypto: cli command to manipulate secure enclave and encrypt/decrypt plain text.
* DeviceInfo: secure enclave verification.
* Rename original to enclave_valid
* Update expected enclave signature to match production keys
* F7: remove unused files
Diffstat (limited to 'applications/cli')
| -rw-r--r-- | applications/cli/cli_commands.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/applications/cli/cli_commands.c b/applications/cli/cli_commands.c index 5d1afc12..17539e0e 100644 --- a/applications/cli/cli_commands.c +++ b/applications/cli/cli_commands.c @@ -7,6 +7,15 @@ #include <notification/notification-messages.h> #include <shci.h> +#define ENCLAVE_SIGNATURE_KEY_SLOT 1 +#define ENCLAVE_SIGNATURE_SIZE 16 +static const uint8_t enclave_signature_iv[16] = + {0x32, 0xe6, 0xa7, 0x85, 0x20, 0xae, 0x0b, 0xf0, 0x00, 0xb6, 0x30, 0x9b, 0xd5, 0x42, 0x9e, 0xa6}; +static const uint8_t enclave_signature_input[ENCLAVE_SIGNATURE_SIZE] = + {0xdc, 0x76, 0x15, 0x1e, 0x69, 0xe8, 0xdc, 0xd3, 0x4a, 0x71, 0x0b, 0x42, 0x71, 0xe0, 0xa9, 0x78}; +static const uint8_t enclave_signature_expected[ENCLAVE_SIGNATURE_SIZE] = + {0x6b, 0x31, 0xc, 0xac, 0x3f, 0x68, 0x79, 0x76, 0x43, 0xc4, 0xfe, 0xe0, 0x25, 0x53, 0x64, 0xc7}; + /* * Device Info Command * This command is intended to be used by humans and machines @@ -85,6 +94,18 @@ void cli_command_device_info(Cli* cli, string_t args, void* context) { printf("%02X", ble_mac[i]); } printf("\r\n"); + + // Signature verification + uint8_t buffer[ENCLAVE_SIGNATURE_SIZE]; + bool enclave_valid = false; + if(furi_hal_crypto_store_load_key(ENCLAVE_SIGNATURE_KEY_SLOT, enclave_signature_iv)) { + if(furi_hal_crypto_encrypt(enclave_signature_input, buffer, ENCLAVE_SIGNATURE_SIZE)) { + enclave_valid = + memcmp(buffer, enclave_signature_expected, ENCLAVE_SIGNATURE_SIZE) == 0; + } + furi_hal_crypto_store_unload_key(ENCLAVE_SIGNATURE_KEY_SLOT); + } + printf("enclave_valid : %s\r\n", enclave_valid ? "true" : "false"); } else { printf("radio_alive : false\r\n"); } |