Add a feature to block read access on appkey

The AppKey is a secret you should not give an easy access to. I've added a command to avoid this access. Once locked it's not possible to regain access to the appkey. It can still write but not read. The additional command is AT$APKACCESS without any parameter.
hardwario · Nov 1, 2022 · 1bd604a · 1bd604a
1 parent fb8b5b8
commit 1bd604a
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 4 deletions.
diff --git a/src/cmd.c b/src/cmd.c
@@ -489,11 +489,21 @@ static void set_appskey(atci_param_t *param)
 
 static void get_appkey(void)
 {
-    atci_print("+OK=");
-    atci_print_buffer_as_hex(find_key(APP_KEY), SE_KEY_SIZE);
-    EOL();
+    if ( sysconf.appkey_readable ) {
+        atci_print("+OK=");
+        atci_print_buffer_as_hex(find_key(APP_KEY), SE_KEY_SIZE);
+        EOL();        
+    } else {
+        abort(ERR_UNSUPPORTED);
+    }
 }
 
+static void protect_appkey(atci_param_t *param) 
+{
+    sysconf.appkey_readable = 0;
+    sysconf_modified = true;
+    OK_();
+}
 
 static void set_appkey_10(atci_param_t *param)
 {
@@ -2147,6 +2157,7 @@ static const atci_command_t cmds[] = {
     {"$CW",          cw,      NULL,             NULL,             NULL, "Start continuous carrier wave transmission"},
     {"$CM",          cm,      NULL,             NULL,             NULL, "Start continuous modulated FSK transmission"},
     {"$NVM",         NULL,    set_nvm,          NULL,             NULL, "Store / Read data from Non Volatile Memory"},
+    {"$APKACCESS",   protect_appkey, NULL,      NULL,             NULL, "Protect AppKey against read access"},
     ATCI_COMMAND_CLAC,
     ATCI_COMMAND_HELP};
 

diff --git a/src/nvm.c b/src/nvm.c
@@ -85,7 +85,8 @@ sysconf_t sysconf = {
     .sleep = 1,
     .device_class = CLASS_A,
     .unconfirmed_retransmissions = 1,
-    .confirmed_retransmissions = 8
+    .confirmed_retransmissions = 8,
+    .appkey_readable = 1
 };
 
 bool sysconf_modified;

diff --git a/src/nvm.h b/src/nvm.h
@@ -53,6 +53,11 @@ typedef struct sysconf
      */
     uint8_t confirmed_retransmissions;
 
+    /* This is allowing to read the appKey from the serial line of not
+     * once set to false (0) it will not be possible to retrieve the appKey
+     */
+    uint8_t appkey_readable:1;
+
     uint32_t crc32;
 } sysconf_t;