void IBN_HV_Tests (unsigned char nParamsGet_u8, unsigned char CMD_u8, unsigned int Param_u32, unsigned char* String_pu8) { HiddenVolumeKeySlot_tst SlotData_st; u8 HiddenVolumeSlotKey_u8[32]; u8 DummyKey_au8[32]; u8 i; if (0 == nParamsGet_u8) { CI_LocalPrintf ("Hidden volume test functions\r\n"); CI_LocalPrintf ("\r\n"); // CI_LocalPrintf ("0 nr Init slot [nr]\r\n"); CI_LocalPrintf ("1 nr Read slot [nr]\r\n"); // CI_LocalPrintf ("2 Test key generation\r\n"); #ifdef TEST_PBKDF2 CI_LocalPrintf ("3 PBKDF2 test\r\n"); #endif CI_LocalPrintf ("4 Get hidden volume slot key\r\n"); CI_LocalPrintf ("5 [pw] Get AES key. pw = password\r\n"); CI_LocalPrintf ("6 Init hidden slots\r\n"); CI_LocalPrintf ("7 Hidden slots status\r\n"); CI_LocalPrintf ("8 nr pw Write slot [nr] [password]\r\n"); CI_LocalPrintf ("\r\n"); return; } switch (CMD_u8) { case 0: break; case 1: CI_LocalPrintf ("Read slot : %d\r\n", Param_u32); if (FALSE == DecryptedHiddenVolumeSlotsActive_u8) { CI_LocalPrintf ("\r\nHidden slots key not decrypted\r\n"); break; } if (NULL == String_pu8) { String_pu8 = "aaaa"; CI_LocalPrintf ("No password set. Set it to -%s-\r\n", String_pu8); } CI_LocalPrintf ("Check for password : %s\r\n", String_pu8); CI_LocalPrintf ("Decrypted slots key : "); HexPrint (AES_KEYSIZE_256_BIT, DecryptedHiddenVolumeSlotsKey_au8); CI_LocalPrintf ("\r\n"); GetHiddenVolumeSlotKey (HiddenVolumeSlotKey_u8, String_pu8, strlen ((char *) String_pu8), DecryptedHiddenVolumeSlotsData_au8, HV_SALT_SIZE); CI_LocalPrintf ("Hidden volume slot key : "); HexPrint (AES_KEYSIZE_256_BIT, HiddenVolumeSlotKey_u8); CI_LocalPrintf ("\r\n"); HV_ReadSlot_u8 (Param_u32, &SlotData_st, (u8 *) HiddenVolumeSlotKey_u8); HV_PrintSlotData_u8 (Param_u32, &SlotData_st); break; case 2: break; #ifdef TEST_PBKDF2 case 3: pbkdf2_test (); break; #endif case 4: DecryptedHiddenVolumeSlotsData (); break; case 5: CI_LocalPrintf ("Get key for password : %s\r\n", String_pu8); GetHiddenVolumeDataKeyFromUserpassword (String_pu8, DummyKey_au8); break; case 6: CI_LocalPrintf ("Init hidden slots\r\n"); InitHiddenSlots (); break; case 7: CI_LocalPrintf ("Hidden slots status\r\n"); if (NULL == String_pu8) { String_pu8 = "aaaa"; CI_LocalPrintf ("No password set. Set it to -%s-\r\n", String_pu8); } CI_LocalPrintf ("Check for password : %s\r\n", String_pu8); if (FALSE == DecryptedHiddenVolumeSlotsActive_u8) { CI_LocalPrintf ("\r\nHidden slots key not decrypted\r\n"); break; } CI_LocalPrintf ("Decrypted slots key : "); HexPrint (AES_KEYSIZE_256_BIT, DecryptedHiddenVolumeSlotsKey_au8); CI_LocalPrintf ("\r\n"); GetHiddenVolumeSlotKey (HiddenVolumeSlotKey_u8, String_pu8, strlen ((char *) String_pu8), DecryptedHiddenVolumeSlotsData_au8, HV_SALT_SIZE); CI_LocalPrintf ("Hidden volume slot key : "); HexPrint (AES_KEYSIZE_256_BIT, HiddenVolumeSlotKey_u8); CI_LocalPrintf ("\r\n"); for (i = 0; i < HV_SLOT_COUNT; i++) { CI_LocalPrintf ("Slot %d\r\n", i); if (TRUE == HV_ReadSlot_u8 (i, &SlotData_st, HiddenVolumeSlotKey_u8)) { HV_PrintSlotData_u8 (i, &SlotData_st); } else { CI_LocalPrintf ("*** Invalid data ***\r\n"); } } break; case 8: CI_LocalPrintf ("Write slots status\r\n"); if (FALSE == DecryptedHiddenVolumeSlotsActive_u8) { CI_LocalPrintf ("\r\nHidden slots key not decrypted\r\n"); break; } if (NULL == String_pu8) { String_pu8 = "aaaa"; CI_LocalPrintf ("No password set. Set it to -%s-\r\n", String_pu8); } CI_LocalPrintf ("Check for password : %s\r\n", String_pu8); CI_LocalPrintf ("Decrypted slots key : "); HexPrint (AES_KEYSIZE_256_BIT, DecryptedHiddenVolumeSlotsKey_au8); CI_LocalPrintf ("\r\n"); GetHiddenVolumeSlotKey (HiddenVolumeSlotKey_u8, String_pu8, strlen ((char *) String_pu8), DecryptedHiddenVolumeSlotsData_au8, HV_SALT_SIZE); CI_LocalPrintf ("Hidden volume slot key : "); HexPrint (AES_KEYSIZE_256_BIT, HiddenVolumeSlotKey_u8); CI_LocalPrintf ("\r\n"); SlotData_st.StartBlock_u32 = 1000000; SlotData_st.EndBlock_u32 = 2000000; // Get a random number for the data key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, SlotData_st.AesKey_au8)) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return; } // Get a random number for the data key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, &SlotData_st.AesKey_au8[AES_KEYSIZE_256_BIT / 2])) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return; } HV_WriteSlot_u8 (Param_u32, &SlotData_st, HiddenVolumeSlotKey_u8); break; } }
void HID_ExcuteCmd (void) { u8 StorageKey_pu8[32]; u8 Cmd_u8; u8* PasswordMatrix_pu8; u8 ret_u8; u64 timestamp; u32 Len; Cmd_u8 = HID_CmdGet_u8; // Send a smart card status before the lock check if (HTML_CMD_CHECK_SMARTCARD_USAGE == Cmd_u8) { CI_TickLocalPrintf ("Check smartcard usage\r\n"); if (0 == USB_CCID_GetLockCounter ()) { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("smartcard not busy\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_SMARTCARD_ERROR, 0); CI_TickLocalPrintf ("smartcard busy\r\n"); } return; } // Check for active CCID command // If CCID command is active, wait with HID smart card access until CCID access has ended if (0 != USB_CCID_GetLockCounter ()) { // UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_BUSY, 0); // memset (HID_String_au8, 0, 50); // Clear input data, with possible sent passwords return; } // Check for matrix password > if yes convert the matrix to password switch (Cmd_u8) { case HTML_CMD_ENABLE_AES_LUN: case HTML_CMD_ENABLE_HIDDEN_AES_LUN: case HTML_CMD_DISABLE_HIDDEN_AES_LUN: case HTML_CMD_EXPORT_BINARY: case HTML_CMD_GENERATE_NEW_KEYS: case HTML_CMD_ENABLE_READWRITE_UNCRYPTED_LUN: case HTML_CMD_CLEAR_NEW_SD_CARD_FOUND: switch (HID_String_au8[0]) { case 'P': // normal password // Do nothing break; case 'M': // matrix password // Convert matrix input to password if (FALSE == ConvertMatrixDataToPassword (&HID_String_au8[1])) { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); return; } break; } break; case HTML_CMD_FILL_SD_WITH_RANDOM_CHARS: switch (HID_String_au8[1]) { case 'P': // normal password // Do nothing break; case 'M': // matrix password // Convert matrix input to password if (FALSE == ConvertMatrixDataToPassword (&HID_String_au8[2])) { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); return; } break; } break; } // Check for hidden password if (TRUE == HID_NextPasswordIsHiddenPassword_u32) { switch (Cmd_u8) { case HTML_CMD_ENABLE_AES_LUN: Cmd_u8 = HTML_CMD_ENABLE_HIDDEN_AES_LUN; CI_TickLocalPrintf ("Redirect password -%s- to hidden volume\r\n", &HID_String_au8[1]); SetSdEncryptedCardEnableState (FALSE); SetSdEncryptedHiddenState (FALSE); CI_TickLocalPrintf ("Unmount crypted volume\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_BUSY_PROGRESSBAR, 50); vTaskDelay (1000); // Wait that pc unmount old volume break; } } // switch (Cmd_u8) { case HTML_CMD_NOTHING: break; case HTML_CMD_ENABLE_AES_LUN: if (TRUE == IW_SendToSC_PW1 (&HID_String_au8[1])) { SetSdEncryptedHiddenState (FALSE); SetSdEncryptedCardEnableState (FALSE); // Disable crypted or hidden volume vTaskDelay (3000); CI_TickLocalPrintf ("Get key for crypted volume\r\n"); u8 isKeyZero = TRUE; u8 isKeyValid = GetStorageKey_u32 (&HID_String_au8[1], StorageKey_pu8); // check if retrieved key is all-zeroes if (TRUE == isKeyValid) { u8 keyByte; for (keyByte = 0; keyByte < sizeof(StorageKey_pu8); keyByte++) { if (StorageKey_pu8[keyByte] != 0) { isKeyZero = FALSE; break; } } } // Terminate mounting procedure if key could not be retrieved or is all-zero if (FALSE == isKeyValid || TRUE == isKeyZero) { UpdateStick20Command (CMD_STATUS_AES_DEC_FAILED, 0); HID_NextPasswordIsHiddenPassword_u32 = FALSE; break; } AES_SetNewStorageKey (StorageKey_pu8); SetSdEncryptedCardEnableState (TRUE); DecryptedHiddenVolumeSlotsData (); PWS_DecryptedPasswordSafeKey (); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); /* HID_NextPasswordIsHiddenPassword_u32 = TRUE; // switch on redirection of aes volume password CI_TickLocalPrintf ("Next AES volume password is used for hidden volume\r\n"); */ CI_TickLocalPrintf ("SD card AES LUN enabled\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); HID_NextPasswordIsHiddenPassword_u32 = FALSE; CI_TickLocalPrintf ("*** wrong password ***\r\n"); } break; case HTML_CMD_DISABLE_AES_LUN: SetSdEncryptedCardEnableState (FALSE); SetSdEncryptedHiddenState (FALSE); AES_SetNewStorageKey ((u8 *) AES_DummyKey_au8); // Set dummy key HID_NextPasswordIsHiddenPassword_u32 = FALSE; UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("SD card AES LUN disabled\r\n"); break; case HTML_CMD_ENABLE_FIRMWARE_UPDATE: CI_TickLocalPrintf ("Firmware update - "); /* if (TRUE == flashc_is_security_bit_active ()) { CI_TickLocalPrintf ("Security bit is active. No Update\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_SECURITY_BIT_ACTIVE, 0); break; } */ if (TRUE == CheckUpdatePin (&HID_String_au8[1], strlen ((char*)&HID_String_au8[1]))) { CI_TickLocalPrintf ("good bye\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); DelayMs (500); // Wait to send answer to host DFU_EnableFirmwareUpdate (); DFU_ResetCPU (); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("wrong password\r\n"); } break; case HTML_CMD_FILL_SD_WITH_RANDOM_CHARS: if (TRUE == IW_SendToSC_PW3 (&HID_String_au8[2])) { CI_TickLocalPrintf ("Fill SD card with random numbers - it runs very long, 1 GB ca. 4 minutes\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_BUSY_PROGRESSBAR, 0); // Disable all SD card access via USB // SetSdUncryptedCardEnableState (FALSE); // look for >> sd_mmc_mci_test_unit_only_local_access = hard disabel // SetSdEncryptedCardEnableState (FALSE); // SetSdEncryptedHiddenState (FALSE); // vTaskDelay (3000); AES_SetNewStorageKey ((u8 *) AES_DummyKey_au8); // Set dummy key // if (STICK20_FILL_SD_CARD_WITH_RANDOM_CHARS_ALL_VOL == HID_String_au8[0]) { SD_SecureEraseHoleCard (); } else { // SD_SecureEraseCryptedVolume (); } SD_SecureEraseCryptedVolume (); SetSdCardFilledWithRandomsToFlash (); // Enable uncrypted SD card access via USB // SetSdUncryptedCardEnableState (TRUE); // SetSdUncryptedCardReadWriteEnableState (READ_WRITE_ACTIVE); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_BUSY_PROGRESSBAR, 100); vTaskDelay (500); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); vTaskDelay (500); // usb_restart (); // Restart USB // DFU_ResetCPU (); // Reboot to get correct volume data } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("wrong password\r\n"); } break; case HTML_CMD_ENABLE_HIDDEN_AES_LUN: // SetSdUncryptedCardEnableState (FALSE); // look for >> sd_mmc_mci_test_unit_only_local_access = hard disabel // Get w AES key for hidden volume - we use always the password that was send memset (StorageKey_pu8, 0, 32); ret_u8 = GetHiddenVolumeKeyFromUserpassword ((u8 *) & HID_String_au8[1], StorageKey_pu8); switch (ret_u8) { case HIDDEN_VOLUME_OUTPUT_STATUS_OK: SetSdEncryptedCardEnableState (FALSE); SetSdEncryptedHiddenState (FALSE); AES_SetNewStorageKey ((u8 *) AES_DummyKey_au8); // Set dummy key vTaskDelay (3000); // Wait 3 sec to send LUN not active AES_SetNewStorageKey (StorageKey_pu8); SetSdEncryptedHiddenState (TRUE); SetSdEncryptedCardEnableState (TRUE); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("Hidden volume - SD card hidden AES LUN enabled\r\n"); break; case HIDDEN_VOLUME_OUTPUT_STATUS_WRONG_PASSWORD: CI_TickLocalPrintf ("Hidden volume - wrong password\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); break; case HIDDEN_VOLUME_OUTPUT_STATUS_NO_USER_PASSWORD_UNLOCK: CI_TickLocalPrintf ("Hidden volume - no user password\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_NO_USER_PASSWORD_UNLOCK, 0); break; case HIDDEN_VOLUME_OUTPUT_STATUS_SMARTCARD_ERROR: CI_TickLocalPrintf ("Hidden volume - smartcard error\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_SMARTCARD_ERROR, 0); break; default: break; } HID_NextPasswordIsHiddenPassword_u32 = FALSE; // switch off redirection of aes volume password break; case HTML_CMD_DISABLE_HIDDEN_AES_LUN: SetSdEncryptedCardEnableState (FALSE); SetSdEncryptedHiddenState (FALSE); memset (StorageKey_pu8, 0, 32); // Set dummy key AES_SetNewStorageKey ((u8 *) AES_DummyKey_au8); // Set dummy key HID_NextPasswordIsHiddenPassword_u32 = FALSE; vTaskDelay (3000); // Wait 3 sec to send LUN not active CI_TickLocalPrintf ("SD card hidden AES LUN disabled\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HTML_CMD_EXPORT_BINARY: if (TRUE == IW_SendToSC_PW3 (&HID_String_au8[1])) { CI_TickLocalPrintf ("Export binary\r\n"); // SetSdUncryptedCardEnableState (FALSE); // todo: Check disable access, don't work here FileIO_SaveAppImage_u8 (); SetSdUncryptedCardEnableState (FALSE); // Disable access vTaskDelay (3000); SetSdUncryptedCardEnableState (TRUE); // Enable access UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** wrong password ***\r\n"); } break; case HTML_CMD_GENERATE_NEW_KEYS: { u8 CmdOk_u8 = TRUE; u8 SdCardFilledWithRandoms_u8; u8 StickKeysNotInitiated_u8; // Save old state SdCardFilledWithRandoms_u8 = StickConfiguration_st.SDFillWithRandomChars_u8; StickKeysNotInitiated_u8 = StickConfiguration_st.StickKeysNotInitiated_u8; CI_TickLocalPrintf ("Generate new keys Old State KNI %d, SDF %d\r\n",StickKeysNotInitiated_u8,SdCardFilledWithRandoms_u8); if (TRUE == BuildStorageKeys_u32 ((u8 *) & HID_String_au8[1])) { SetSdEncryptedCardEnableState (FALSE); SetSdEncryptedHiddenState (FALSE); memset (StorageKey_pu8, 0, 32); AES_SetNewStorageKey ((u8 *) AES_DummyKey_au8); // Set dummy key } else { CmdOk_u8 = FALSE; } if (TRUE == SdCardFilledWithRandoms_u8) // Restore old state { SetSdCardFilledWithRandomsToFlash (); } if (FALSE == StickKeysNotInitiated_u8) // Restore old state { ClearStickKeysNotInitatedToFlash (); } if (TRUE == CmdOk_u8) { CI_TickLocalPrintf ("Generate new keys for hidden volume slots\r\n"); if (FALSE == InitHiddenSlots ()) { CmdOk_u8 = FALSE; } } if (TRUE == CmdOk_u8) { CI_TickLocalPrintf ("Generate new keys for password safe store\r\n"); if (FALSE == BuildPasswordSafeKey_u32 ()) { CmdOk_u8 = FALSE; } } if (TRUE == CmdOk_u8) { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); } } break; case HTML_CMD_ENABLE_READONLY_UNCRYPTED_LUN: CI_TickLocalPrintf ("Set readonly to unencrypted volume\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** wrong password - NOT USED ***\r\n"); break; case HTML_CMD_ENABLE_READWRITE_UNCRYPTED_LUN: CI_TickLocalPrintf ("Set readwrite to unencrypted volume\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** wrong password - NOT USED ***\r\n"); break; case HTML_CMD_SEND_PASSWORD_MATRIX: CI_TickLocalPrintf ("Get SEND_PASSWORD_MATRIX\r\n"); PasswordMatrix_pu8 = GetCorrectMatrix (); Stick20HIDInitSendMatrixData (PasswordMatrix_pu8); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_PASSWORD_MATRIX_READY, 0); break; case HTML_CMD_SEND_PASSWORD_MATRIX_PINDATA: CI_TickLocalPrintf ("Get SEND_PASSWORD_MATRIX_PINDATA\r\n"); CI_TickLocalPrintf ("Data 1 : %s\r\n", HID_String_au8); // PasswordMatrix_pu8 = GetCorrectMatrix (); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HTML_CMD_SEND_PASSWORD_MATRIX_SETUP: CI_TickLocalPrintf ("Get SEND_PASSWORD_MATRIX_SETUP\r\n"); CI_TickLocalPrintf ("Data : %s\r\n", HID_String_au8); WriteMatrixColumsUserPWToUserPage (&HID_String_au8[1]); // Data is in ASCII UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HTML_CMD_GET_DEVICE_STATUS: CI_TickLocalPrintf ("Get HTML_CMD_GET_DEVICE_STATUS\r\n"); StickConfiguration_st.FirmwareLocked_u8 = FALSE; if (TRUE == flashc_is_security_bit_active ()) { StickConfiguration_st.FirmwareLocked_u8 = TRUE; } GetSmartCardStatus (&StickConfiguration_st); Stick20HIDInitSendConfiguration (STICK20_SEND_STATUS_PIN); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HTML_CMD_WRITE_STATUS_DATA: CI_TickLocalPrintf ("Get HTML_CMD_WRITE_STATUS_DATA\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HTML_SEND_HIDDEN_VOLUME_SETUP: CI_TickLocalPrintf ("Get HTML_SEND_HIDDEN_VOLUME_SETUP\r\n"); InitRamdomBaseForHiddenKey (); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HTML_CMD_SEND_PASSWORD: CI_TickLocalPrintf ("Get HTML_CMD_SEND_PASSWORD\r\n"); HID_AdminPasswordEnabled_u32 = FALSE; HID_UserPasswordEnabled_u32 = FALSE; switch (HID_String_au8[0]) { case 'P': ret_u8 = IW_SendToSC_PW1 (&HID_String_au8[1]); HID_UserPasswordEnabled_u32 = ret_u8; strncpy ((char *) HID_UserPassword_au8, (char *) &HID_String_au8[1], HID_PASSWORD_LEN); break; case 'A': ret_u8 = IW_SendToSC_PW3 (&HID_String_au8[1]); HID_AdminPasswordEnabled_u32 = ret_u8; strncpy ((char *) HID_AdminPassword_au8, (char *) &HID_String_au8[1], HID_PASSWORD_LEN); break; } if (TRUE == ret_u8) { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("password ok\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** wrong password ***\r\n"); } break; case HTML_CMD_SEND_NEW_PASSWORD: CI_TickLocalPrintf ("Get HTML_CMD_SEND_NEW_PASSWORD\r\n"); ret_u8 = FALSE; switch (HID_String_au8[0]) { case 'P': if (TRUE == HID_UserPasswordEnabled_u32) { ret_u8 = LA_OpenPGP_V20_Test_ChangeUserPin (HID_UserPassword_au8, &HID_String_au8[1]); } else { CI_TickLocalPrintf ("** User password not present ***\r\n"); } break; case 'A': if (TRUE == HID_AdminPasswordEnabled_u32) { ret_u8 = LA_OpenPGP_V20_Test_ChangeAdminPin (HID_AdminPassword_au8, &HID_String_au8[1]); } else { CI_TickLocalPrintf ("** Admin password not present ***\r\n"); } break; } if (TRUE == ret_u8) { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("password change ok\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** password NOT changed ***\r\n"); } // Clear password HID_AdminPasswordEnabled_u32 = FALSE; HID_UserPasswordEnabled_u32 = FALSE; memset (HID_UserPassword_au8, 0, HID_PASSWORD_LEN); memset (HID_AdminPassword_au8, 0, HID_PASSWORD_LEN); break; case HTML_CMD_CLEAR_NEW_SD_CARD_FOUND: CI_TickLocalPrintf ("Get HTML_CMD_CLEAR_NEW_SD_CARD_FOUND\r\n"); if (TRUE == IW_SendToSC_PW3 (&HID_String_au8[1])) { ClearNewSdCardFoundToFlash (); SetSdCardFilledWithRandomCharsToFlash (); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("password ok\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** wrong password ***\r\n"); } break; case HTML_CMD_SEND_STARTUP: CI_TickLocalPrintf ("Get HTML_CMD_SEND_STARTUP\r\n"); timestamp = getu64 (&HID_String_au8[0]); if (FALSE == CheckSystemtime ((u32) timestamp)) { // todo } GetSmartCardStatus (&StickConfiguration_st); Stick20HIDInitSendConfiguration (STICK20_SEND_STARTUP); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; /* case STICK20_CMD_SEND_PASSWORD_RETRY_COUNT : CI_TickLocalPrintf ("Get STICK20_CMD_SEND_PASSWORD_RETRY_COUNT\r\n"); // Stick20HIDInitSendConfiguration (STICK20_SEND_STARTUP); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK,0); break; */ case HTML_CMD_HIDDEN_VOLUME_SETUP: CI_TickLocalPrintf ("Get HTML_CMD_HIDDEN_VOLUME_SETUP\r\n"); ret_u8 = SetupUpHiddenVolumeSlot ((HiddenVolumeSetup_tst *) & HID_String_au8[0]); switch (ret_u8) { case HIDDEN_VOLUME_OUTPUT_STATUS_OK: UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HIDDEN_VOLUME_OUTPUT_STATUS_WRONG_PASSWORD: UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); break; case HIDDEN_VOLUME_OUTPUT_STATUS_NO_USER_PASSWORD_UNLOCK: UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_NO_USER_PASSWORD_UNLOCK, 0); break; case HIDDEN_VOLUME_OUTPUT_STATUS_SMARTCARD_ERROR: UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_SMARTCARD_ERROR, 0); break; default: break; } break; case HTML_CMD_CLEAR_STICK_KEYS_NOT_INITIATED: CI_TickLocalPrintf ("Get HTML_CMD_CLEAR_STICK_KEYS_NOT_INITIATED\r\n"); ClearStickKeysNotInitatedToFlash (); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HTML_CMD_CLEAR_LOCK_STICK_HARDWARE: CI_TickLocalPrintf ("Get HTML_CMD_CLEAR_LOCK_STICK_HARDWARE\r\n"); if (TRUE == IW_SendToSC_PW3 (&HID_String_au8[1])) { CI_TickLocalPrintf ("Lock firmware\r\n"); // flashc_set_bootloader_protected_size (0x10000); // Set bootloader protection to the max protection value, to lock the first 56k of the application flashc_activate_security_bit (); // Debugging disabled, only chip erase works (bootloader is save) , AES storage keys and setup // are erased UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** worng password ***\r\n"); } break; case HTML_CMD_PRODUCTION_TEST: CI_TickLocalPrintf ("Get HTML_CMD_PRODUCTION_TEST\r\n"); GetProductionInfos (&Stick20ProductionInfos_st,FALSE); Stick20HIDInitSendConfiguration (STICK20_SEND_PRODUCTION_TEST); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HTML_CMD_PRODUCTION_TEST_WITH_WRITE_TEST: CI_TickLocalPrintf ("Get HTML_CMD_PRODUCTION_TEST_WITH_WRITE_TEST\r\n"); GetProductionInfos (&Stick20ProductionInfos_st,TRUE); Stick20HIDInitSendConfiguration (STICK20_SEND_PRODUCTION_TEST); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; case HTML_CMD_CHANGE_UPDATE_PIN: CI_TickLocalPrintf ("Get HTML_CMD_CHANGE_UPDATE_PIN\r\n"); Len = strlen ((char*)&HID_String_au8[1]); if (TRUE == CheckUpdatePin (&HID_String_au8[1], Len)) { Len = strlen ((char*)&HID_String_au8[22]); if (TRUE == StoreNewUpdatePinHashInFlash (&HID_String_au8[22], Len)) // Start of new PW { CI_TickLocalPrintf ("Update PIN changed\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); } else { CI_TickLocalPrintf ("*** worng password len ***\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); } } else { CI_TickLocalPrintf ("*** worng password ***\r\n"); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); } break; case HTML_CMD_ENABLE_ADMIN_READONLY_UNCRYPTED_LUN: CI_TickLocalPrintf ("Set readonly to unencrypted volume ADMIN\r\n"); if (TRUE == IW_SendToSC_PW3 (&HID_String_au8[1])) { SetSdUncryptedCardEnableState (FALSE); // Disable access SetSdEncryptedCardEnableState (FALSE); SetSdUncryptedCardReadWriteEnableState (READ_ONLY_ACTIVE); vTaskDelay (6000); SetSdUncryptedCardEnableState (TRUE); // Enable access UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("ok\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** wrong password ***\r\n"); } break; case HTML_CMD_ENABLE_ADMIN_READWRITE_UNCRYPTED_LUN: CI_TickLocalPrintf ("Set readwrite to unencrypted volume ADMIN\r\n"); if (TRUE == IW_SendToSC_PW3 (&HID_String_au8[1])) { SetSdUncryptedCardEnableState (FALSE); // Disable access SetSdEncryptedCardEnableState (FALSE); SetSdUncryptedCardReadWriteEnableState (READ_WRITE_ACTIVE); vTaskDelay (6000); SetSdUncryptedCardEnableState (TRUE); // Enable access UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("ok\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** wrong password ***\r\n"); } break; case HTML_CMD_ENABLE_ADMIN_READONLY_ENCRYPTED_LUN: CI_TickLocalPrintf ("Set readonly to encrypted volume\r\n"); if (TRUE == IW_SendToSC_PW3 (&HID_String_au8[1])) { SetSdUncryptedCardEnableState (FALSE); // Disable access SetSdEncryptedCardEnableState (FALSE); SetSdEncryptedCardReadWriteEnableState (READ_ONLY_ACTIVE); vTaskDelay (6000); // SetSdEncryptedCardEnableState (TRUE); // Enable access UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("ok\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** wrong password ***\r\n"); } break; case HTML_CMD_ENABLE_ADMIN_READWRITE_ENCRYPTED_LUN: CI_TickLocalPrintf ("Set readwrite to encrypted volume ADMIN\r\n"); if (TRUE == IW_SendToSC_PW3 (&HID_String_au8[1])) { SetSdUncryptedCardEnableState (FALSE); // Disable access SetSdEncryptedCardEnableState (FALSE); SetSdEncryptedCardReadWriteEnableState (READ_WRITE_ACTIVE); vTaskDelay (6000); // SetSdEncryptedCardEnableState (TRUE); // Enable access UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("ok\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_WRONG_PASSWORD, 0); CI_TickLocalPrintf ("*** wrong password ***\r\n"); } break; case HTML_CMD_CHECK_SMARTCARD_USAGE: CI_TickLocalPrintf ("Check smartcard usage\r\n"); if (0 == USB_CCID_GetLockCounter ()) { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); CI_TickLocalPrintf ("smartcard not busy\r\n"); } else { UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_SMARTCARD_ERROR, 0); CI_TickLocalPrintf ("smartcard busy\r\n"); } break; case HTML_CMD_WINK: CI_TickLocalPrintf ("Get HTML_CMD_WINK\r\n"); LED_WinkOn (); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_OK, 0); break; default: CI_TickLocalPrintf ("HID_ExcuteCmd: Get unknown command: %d \r\n", Cmd_u8); UpdateStick20Command (OUTPUT_CMD_STICK20_STATUS_IDLE, 0); break; } HID_CmdGet_u8 = HTML_CMD_NOTHING; memset (HID_String_au8, 0, 50); // Clear input data, with possible sent passwords /* HID_SmartcardAccess_u8 = FALSE; */ }
u8 SetupUpHiddenVolumeSlot (HiddenVolumeSetup_tst * HV_Setup_st) { u8 HiddenVolumeSlotKey_u8[AES_KEYSIZE_256_BIT]; HiddenVolumeKeySlot_tst SlotData_st; HV_Setup_st->HiddenVolumePassword_au8[MAX_HIDDEN_VOLUME_PASSOWORD_SIZE] = 0; CI_LocalPrintf ("SetupUpHiddenVolumeSlot %d\r\n", HV_Setup_st->SlotNr_u8); CI_LocalPrintf ("Start block at %d %% of sd size\r\n", HV_Setup_st->StartBlockPercent_u8); CI_LocalPrintf ("End block at %d %% of sd size\r\n", HV_Setup_st->EndBlockPercent_u8); CI_LocalPrintf ("Password : -%s-\r\n", HV_Setup_st->HiddenVolumePassword_au8); // Is the hidden volume system initialised ? if (FALSE == HV_CheckFlashPageIsInitiated ()) { CI_LocalPrintf ("Hidden volume flash page isn't initiated\r\n"); InitHiddenSlots (); } // Are the hidden volume slots decrypted ? if (TRUE != DecryptedHiddenVolumeSlotsActive_u8) { if (FALSE == DecryptedHiddenVolumeSlotsData ()) // Decrypt new keys { CI_LocalPrintf ("Slot data not encrypted - used smartcard user password\r\n"); return (HIDDEN_VOLUME_OUTPUT_STATUS_NO_USER_PASSWORD_UNLOCK); } } if (HV_SLOT_COUNT <= HV_Setup_st->SlotNr_u8) { CI_LocalPrintf ("Wrong slot nr\r\n"); return (HIDDEN_VOLUME_OUTPUT_STATUS_WRONG_PASSWORD); } CI_LocalPrintf ("Decrypted slots key : "); HexPrint (AES_KEYSIZE_256_BIT, DecryptedHiddenVolumeSlotsKey_au8); CI_LocalPrintf ("\r\n"); // Get AES key for slot GetHiddenVolumeSlotKey (HiddenVolumeSlotKey_u8, HV_Setup_st->HiddenVolumePassword_au8, strlen ((char *) HV_Setup_st->HiddenVolumePassword_au8), DecryptedHiddenVolumeSlotsData_au8, HV_SALT_SIZE); CI_LocalPrintf ("Hidden volume slot key : "); HexPrint (AES_KEYSIZE_256_BIT, HiddenVolumeSlotKey_u8); CI_LocalPrintf ("\r\n"); SlotData_st.StartBlock_u32 = (u32) ((u64) gSdEndOfCard_u32 * (u64) HV_Setup_st->StartBlockPercent_u8 / (u64) 100) + 1; SlotData_st.EndBlock_u32 = (u32) ((u64) gSdEndOfCard_u32 * (u64) HV_Setup_st->EndBlockPercent_u8 / (u64) 100) - 1; // Get a random number for the data key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, SlotData_st.AesKey_au8)) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return (HIDDEN_VOLUME_OUTPUT_STATUS_SMARTCARD_ERROR); } // Get a random number for the data key if (FALSE == GetRandomNumber_u32 (AES_KEYSIZE_256_BIT / 2, &SlotData_st.AesKey_au8[AES_KEYSIZE_256_BIT / 2])) { CI_LocalPrintf ("GetRandomNumber fails\n\r"); return (HIDDEN_VOLUME_OUTPUT_STATUS_SMARTCARD_ERROR); } HV_PrintSlotData_u8 (HV_Setup_st->SlotNr_u8, &SlotData_st); HV_WriteSlot_u8 (HV_Setup_st->SlotNr_u8, &SlotData_st, HiddenVolumeSlotKey_u8); return (HIDDEN_VOLUME_OUTPUT_STATUS_OK); }