mirror of
https://github.com/flipperdevices/flipperzero-firmware.git
synced 2025-12-12 04:41:26 +04:00
13333edd30
* feat: FuriThread stdin * ci: fix f18 * feat: stdio callback context * feat: FuriPipe * POTENTIALLY EXPLOSIVE pipe welding * fix: non-explosive welding * Revert welding * docs: furi_pipe * feat: pipe event loop integration * update f18 sdk * f18 * docs: make doxygen happy * fix: event loop not triggering when pipe attached to stdio * fix: partial stdout in pipe * allow simultaneous in and out subscription in event loop * feat: vcp i/o * feat: cli ansi stuffs and history * feat: more line editing * working but slow cli rewrite * restore previous speed after 4 days of debugging 🥲 * fix: cli_app_should_stop * fix: cli and event_loop memory leaks * style: remove commented out code * ci: fix pvs warnings * fix: unit tests, event_loop crash * ci: fix build * ci: silence pvs warning * feat: cli gpio * ci: fix formatting * Fix memory leak during event loop unsubscription * Event better memory leak fix * feat: cli completions * Merge remote-tracking branch 'origin/dev' into portasynthinca3/3928-cli-threads * merge fixups * temporarily exclude speaker_debug app * pvs and unit tests fixups * feat: commands in fals * move commands out of flash, code cleanup * ci: fix errors * fix: run commands in buffer when stopping session * speedup cli file transfer * fix f18 * separate cli_shell into modules * fix pvs warning * fix qflipper refusing to connect * remove temp debug logs * remove erroneous conclusion * Fix memory leak during event loop unsubscription * Event better memory leak fix * unit test for the fix * improve thread stdio callback signatures * pipe stdout timeout * update api symbols * fix f18, formatting * fix pvs warnings * increase stack size, hope to fix unit tests * cli: revert flag changes * cli: fix formatting * cli, fbt: loopback perf benchmark * thread, event_loop: subscribing to thread flags * cli: signal internal events using thread flags, improve performance * fix f18, formatting * event_loop: fix crash * storage_cli: increase write_chunk buffer size again * cli: explanation for order=0 * thread, event_loop: thread flags callback refactor * cli: increase stack size * cli: rename cli_app_should_stop -> cli_is_pipe_broken_or_is_etx_next_char * cli: use plain array instead of mlib for history * cli: prepend file name to static fns * cli: fix formatting * cli_shell: increase stack size * cli: fix rpc lockup * cli: better lockup fix * cli: fix f18 * fix merge --------- Co-authored-by: Georgii Surkov <georgii.surkov@outlook.com> Co-authored-by: あく <alleteam@gmail.com>
329 lines
10 KiB
C
329 lines
10 KiB
C
#include <furi_hal.h>
|
|
#include <furi.h>
|
|
|
|
#include <lib/toolbox/args.h>
|
|
#include <toolbox/pipe.h>
|
|
#include <cli/cli.h>
|
|
|
|
void crypto_cli_print_usage(void) {
|
|
printf("Usage:\r\n");
|
|
printf("crypto <cmd> <args>\r\n");
|
|
printf("Cmd list:\r\n");
|
|
printf(
|
|
"\tencrypt <key_slot:int> <iv:hex>\t - Using key from secure enclave and IV encrypt plain text with AES256CBC and encode to hex\r\n");
|
|
printf(
|
|
"\tdecrypt <key_slot:int> <iv:hex>\t - Using key from secure enclave and IV decrypt hex encoded encrypted with AES256CBC data to plain text\r\n");
|
|
printf("\thas_key <key_slot:int>\t - Check if secure enclave has key in slot\r\n");
|
|
printf(
|
|
"\tstore_key <key_slot:int> <key_type:str> <key_size:int> <key_data:hex>\t - Store key in secure enclave. !!! NON-REVERSABLE OPERATION - READ MANUAL FIRST !!!\r\n");
|
|
}
|
|
|
|
void crypto_cli_encrypt(PipeSide* pipe, FuriString* args) {
|
|
int key_slot = 0;
|
|
bool key_loaded = false;
|
|
uint8_t iv[16];
|
|
|
|
do {
|
|
if(!args_read_int_and_trim(args, &key_slot) || !(key_slot > 0 && key_slot <= 100)) {
|
|
printf("Incorrect or missing slot, expected int 1-100");
|
|
break;
|
|
}
|
|
|
|
if(!args_read_hex_bytes(args, iv, 16)) {
|
|
printf("Incorrect or missing IV, expected 16 bytes in hex");
|
|
break;
|
|
}
|
|
|
|
if(!furi_hal_crypto_enclave_load_key(key_slot, iv)) {
|
|
printf("Unable to load key from slot %d", key_slot);
|
|
break;
|
|
}
|
|
key_loaded = true;
|
|
|
|
printf("Enter plain text and press Ctrl+C to complete encryption:\r\n");
|
|
|
|
FuriString* input;
|
|
input = furi_string_alloc();
|
|
char c;
|
|
while(pipe_receive(pipe, (uint8_t*)&c, 1) == 1) {
|
|
if(c == CliKeyETX) {
|
|
printf("\r\n");
|
|
break;
|
|
} else if(c >= 0x20 && c < 0x7F) {
|
|
putc(c, stdout);
|
|
fflush(stdout);
|
|
furi_string_push_back(input, c);
|
|
} else if(c == CliKeyCR) {
|
|
printf("\r\n");
|
|
furi_string_cat(input, "\r\n");
|
|
}
|
|
}
|
|
|
|
size_t size = furi_string_size(input);
|
|
if(size > 0) {
|
|
// C-string null termination and block alignments
|
|
size++;
|
|
size_t remain = size % 16;
|
|
if(remain) {
|
|
size = size - remain + 16;
|
|
}
|
|
furi_string_reserve(input, size);
|
|
uint8_t* output = malloc(size);
|
|
if(!furi_hal_crypto_encrypt(
|
|
(const uint8_t*)furi_string_get_cstr(input), output, size)) {
|
|
printf("Failed to encrypt input");
|
|
} else {
|
|
printf("Hex-encoded encrypted data:\r\n");
|
|
for(size_t i = 0; i < size; i++) {
|
|
if(i % 80 == 0) printf("\r\n");
|
|
printf("%02x", output[i]);
|
|
}
|
|
printf("\r\n");
|
|
}
|
|
free(output);
|
|
} else {
|
|
printf("No input");
|
|
}
|
|
|
|
furi_string_free(input);
|
|
} while(0);
|
|
|
|
if(key_loaded) {
|
|
furi_hal_crypto_enclave_unload_key(key_slot);
|
|
}
|
|
}
|
|
|
|
void crypto_cli_decrypt(PipeSide* pipe, FuriString* args) {
|
|
int key_slot = 0;
|
|
bool key_loaded = false;
|
|
uint8_t iv[16];
|
|
|
|
do {
|
|
if(!args_read_int_and_trim(args, &key_slot) || !(key_slot > 0 && key_slot <= 100)) {
|
|
printf("Incorrect or missing slot, expected int 1-100");
|
|
break;
|
|
}
|
|
|
|
if(!args_read_hex_bytes(args, iv, 16)) {
|
|
printf("Incorrect or missing IV, expected 16 bytes in hex");
|
|
break;
|
|
}
|
|
|
|
if(!furi_hal_crypto_enclave_load_key(key_slot, iv)) {
|
|
printf("Unable to load key from slot %d", key_slot);
|
|
break;
|
|
}
|
|
key_loaded = true;
|
|
|
|
printf("Enter Hex-encoded data and press Ctrl+C to complete decryption:\r\n");
|
|
|
|
FuriString* hex_input;
|
|
hex_input = furi_string_alloc();
|
|
char c;
|
|
while(pipe_receive(pipe, (uint8_t*)&c, 1) == 1) {
|
|
if(c == CliKeyETX) {
|
|
printf("\r\n");
|
|
break;
|
|
} else if(c >= 0x20 && c < 0x7F) {
|
|
putc(c, stdout);
|
|
fflush(stdout);
|
|
furi_string_push_back(hex_input, c);
|
|
} else if(c == CliKeyCR) {
|
|
printf("\r\n");
|
|
}
|
|
}
|
|
|
|
furi_string_trim(hex_input);
|
|
size_t hex_size = furi_string_size(hex_input);
|
|
if(hex_size > 0 && hex_size % 2 == 0) {
|
|
size_t size = hex_size / 2;
|
|
uint8_t* input = malloc(size);
|
|
uint8_t* output = malloc(size);
|
|
|
|
if(args_read_hex_bytes(hex_input, input, size)) {
|
|
if(furi_hal_crypto_decrypt(input, output, size)) {
|
|
printf("Decrypted data:\r\n");
|
|
printf("%s\r\n", output); //-V576
|
|
} else {
|
|
printf("Failed to decrypt\r\n");
|
|
}
|
|
} else {
|
|
printf("Failed to parse input");
|
|
}
|
|
|
|
free(input);
|
|
free(output);
|
|
} else {
|
|
printf("Invalid or empty input");
|
|
}
|
|
|
|
furi_string_free(hex_input);
|
|
} while(0);
|
|
|
|
if(key_loaded) {
|
|
furi_hal_crypto_enclave_unload_key(key_slot);
|
|
}
|
|
}
|
|
|
|
void crypto_cli_has_key(PipeSide* pipe, FuriString* args) {
|
|
UNUSED(pipe);
|
|
int key_slot = 0;
|
|
uint8_t iv[16] = {0};
|
|
|
|
do {
|
|
if(!args_read_int_and_trim(args, &key_slot) || !(key_slot > 0 && key_slot <= 100)) {
|
|
printf("Incorrect or missing slot, expected int 1-100");
|
|
break;
|
|
}
|
|
|
|
if(!furi_hal_crypto_enclave_load_key(key_slot, iv)) {
|
|
printf("Unable to load key from slot %d", key_slot);
|
|
break;
|
|
}
|
|
|
|
printf("Successfully loaded key from slot %d", key_slot);
|
|
|
|
furi_hal_crypto_enclave_unload_key(key_slot);
|
|
} while(0);
|
|
}
|
|
|
|
void crypto_cli_store_key(PipeSide* pipe, FuriString* args) {
|
|
UNUSED(pipe);
|
|
int key_slot = 0;
|
|
int key_size = 0;
|
|
FuriString* key_type;
|
|
key_type = furi_string_alloc();
|
|
|
|
uint8_t data[32 + 12] = {};
|
|
FuriHalCryptoKey key;
|
|
key.data = data;
|
|
size_t data_size = 0;
|
|
|
|
do {
|
|
if(!args_read_int_and_trim(args, &key_slot)) {
|
|
printf("Incorrect or missing key type, expected master, simple or encrypted");
|
|
break;
|
|
}
|
|
if(!args_read_string_and_trim(args, key_type)) {
|
|
printf("Incorrect or missing key type, expected master, simple or encrypted");
|
|
break;
|
|
}
|
|
|
|
if(furi_string_cmp_str(key_type, "master") == 0) {
|
|
if(key_slot != 0) {
|
|
printf("Master keyslot must be is 0");
|
|
break;
|
|
}
|
|
key.type = FuriHalCryptoKeyTypeMaster;
|
|
} else if(furi_string_cmp_str(key_type, "simple") == 0) {
|
|
if(key_slot < 1 || key_slot > 99) {
|
|
printf("Simple keyslot must be in range");
|
|
break;
|
|
}
|
|
key.type = FuriHalCryptoKeyTypeSimple;
|
|
} else if(furi_string_cmp_str(key_type, "encrypted") == 0) {
|
|
key.type = FuriHalCryptoKeyTypeEncrypted;
|
|
data_size += 12;
|
|
} else {
|
|
printf("Incorrect or missing key type, expected master, simple or encrypted");
|
|
break;
|
|
}
|
|
|
|
if(!args_read_int_and_trim(args, &key_size)) {
|
|
printf("Incorrect or missing key size, expected 128 or 256");
|
|
break;
|
|
}
|
|
|
|
if(key_size == 128) {
|
|
key.size = FuriHalCryptoKeySize128;
|
|
data_size += 16;
|
|
} else if(key_size == 256) {
|
|
key.size = FuriHalCryptoKeySize256;
|
|
data_size += 32;
|
|
} else {
|
|
printf("Incorrect or missing key size, expected 128 or 256");
|
|
}
|
|
|
|
if(!args_read_hex_bytes(args, data, data_size)) {
|
|
printf("Incorrect or missing key data, expected hex encoded key with or without IV.");
|
|
break;
|
|
}
|
|
|
|
if(key_slot > 0) {
|
|
uint8_t iv[16] = {0};
|
|
if(key_slot > 1) {
|
|
if(!furi_hal_crypto_enclave_load_key(key_slot - 1, iv)) {
|
|
printf(
|
|
"Slot %d before %d is empty, which is not allowed",
|
|
key_slot - 1,
|
|
key_slot);
|
|
break;
|
|
}
|
|
furi_hal_crypto_enclave_unload_key(key_slot - 1);
|
|
}
|
|
|
|
if(furi_hal_crypto_enclave_load_key(key_slot, iv)) {
|
|
furi_hal_crypto_enclave_unload_key(key_slot);
|
|
printf("Key slot %d is already used", key_slot);
|
|
break;
|
|
}
|
|
}
|
|
|
|
uint8_t slot;
|
|
if(furi_hal_crypto_enclave_store_key(&key, &slot)) {
|
|
printf("Success. Stored to slot: %d", slot);
|
|
} else {
|
|
printf("Failure");
|
|
}
|
|
} while(0);
|
|
|
|
furi_string_free(key_type);
|
|
}
|
|
|
|
static void crypto_cli(PipeSide* pipe, FuriString* args, void* context) {
|
|
UNUSED(context);
|
|
FuriString* cmd;
|
|
cmd = furi_string_alloc();
|
|
|
|
do {
|
|
if(!args_read_string_and_trim(args, cmd)) {
|
|
crypto_cli_print_usage();
|
|
break;
|
|
}
|
|
|
|
if(furi_string_cmp_str(cmd, "encrypt") == 0) {
|
|
crypto_cli_encrypt(pipe, args);
|
|
break;
|
|
}
|
|
|
|
if(furi_string_cmp_str(cmd, "decrypt") == 0) {
|
|
crypto_cli_decrypt(pipe, args);
|
|
break;
|
|
}
|
|
|
|
if(furi_string_cmp_str(cmd, "has_key") == 0) {
|
|
crypto_cli_has_key(pipe, args);
|
|
break;
|
|
}
|
|
|
|
if(furi_string_cmp_str(cmd, "store_key") == 0) {
|
|
crypto_cli_store_key(pipe, args);
|
|
break;
|
|
}
|
|
|
|
crypto_cli_print_usage();
|
|
} while(false);
|
|
|
|
furi_string_free(cmd);
|
|
}
|
|
|
|
void crypto_on_system_start(void) {
|
|
#ifdef SRV_CLI
|
|
Cli* cli = furi_record_open(RECORD_CLI);
|
|
cli_add_command(cli, "crypto", CliCommandFlagDefault, crypto_cli, NULL);
|
|
furi_record_close(RECORD_CLI);
|
|
#else
|
|
UNUSED(crypto_cli);
|
|
#endif
|
|
}
|