kfdtool / kfdtool Goto Github PK

Hello,

I was wondering if there would be any interest in adding support for Key Encryption Keys to the MSP430 firmware. It's something I could probably put together easy enough once the hardware goes on sale, and it would make it possible to protect the keys from the host system.

There's a couple ways it could be handled on the host side, like supporting an encrypted blob (easiest) that's decrypted on device, or even using PKCS11 to wrap and/or derive keys (which would let a smart card or HSM be used).

It's not going to be perfect security - the MSP430 isn't really hardened against differential power analysis, for example, but it would be a step towards not needing to trust the host.

Add functionality in the KFDtool software to send the KMMs to Wireshark over a named pipe. Will need a custom link-layer header type/intermediate protocol and the addition of the C dissector to the Wireshark upstream.

I am looking to build my own cable to talk to the KFD. However, I am not able to find a proper pinout for the APX Radio?

Where would I find the pinout? I am not seeing it in any of the documentation.

Currently when running the self test, the dialog says to disconnect the radio, however the cable and radio adapter should also be disconnected. The self test feature is only designed to test the unit, not the cable or any radio adapters. When running the self test with some radio adapters, the self test will report a failure when the unit is actually functioning properly.

When an error is encountered in a 3WI session, the session terminates immediately and does not complete the transfer done/disconnect/disconnect ack sequence.

Radios should timeout after 5 seconds, however some do not and the next session results in an error.

Currently the key is removed silently from the group(s) the key is in. Add a warning to the user before deleting the key.

Add functionality to the key container for macros to allow a sequence of key management operations to be saved.

Move to .NET Core and drop .NET Framework dependency.

Blocked by rewrite of firmware update module in issue #16.

Currently the firmware release process is manual - use PowerShell to script the build of the firmware and packaging.

To support other software platforms, change the padding from the default ISO10126 padding to the more common PKCS7 padding in the key containers. Add another tag in the envelope to determine what padding the container uses.

Allow settings of device vs action for TWI/LLA, saved in the user's profile

Allow the direct use of serial PPP devices without the dependency of the native PPP modem driver and dialer for DLI keyloading.

To allow support for radios and keyloaders in FIPS compliance required modes.

Attempting to keyload an APX radio with FIPS mode enabled results in an invalid status message. Disabling FIPS mode is currently the recommended workaround.

I've tried 3 installs on 3 different devices, none of them are working. DLI was working on an older build (for me at least) and after updating to latest, it stopped working.

Device: APX 900 (SW AES Enabled on flash)
KFDTool Ver: Latest (as of submission of this issue)
Issue: See image

Windows detects the radio, pops up the network thing that it does when you connect an APX and CPS works fine so I know its not my cable or my system?

Add a scripting interface, most likely at two levels. One level would be a higher level API with key load/ key erase/etc functionality. The other level would be a lower level API with byte level access to the TWI hardware.

• Higher level API can be PowerShell, lower level API can be a .NET API for custom .NET programs.
• Demo application of keyloading both TEKs through TWI and LLAKs through PPP?

When attempting to keyload a KEK, the operation fails with a nonzero status.

The TEK/KEK flag is not being set in the modify key command KMM.

Add the ability to load/delete multiple keys at a time.

• Add logic to split list of keys by keyset ID/algorithm ID for multiple KMMs
• Add interface (multiple pane?) to GUI for this function

Devise a method to batch load all 32 keys into Keyset 1 and 2

KFD- Shield
FW 1.4.0
SW 1.5.4

When connected to a mobile (APX 6500) reads keys and writes keys with no issue.

Same cable connected an APX portable (APX 6000 x3 radios and APX 8000 x2 radios) gives error message and does not perform the job.

Error message: Error-- timeout waiting for data

Same hirose radio adapter used with KVL5000 has no issues. Same cable for both mobile and portable, just swapping the end adapter.

Once the KFD to KMF interface has been published in the TIA-102 standards, add this functionality.

Would it be possible to add radio adapter pinout info for Johnson radios?

When a radio is keyloaded for the first time, there are no keysets. Therefore, when the active keyset option is selected (default behavior), no keysets are found and therefore the error "no active keyset" is returned.

While technically correct behavior, this isn't a great user experience. The Motorola KVLs in this situation silently use keyset ID 1.

A dialog should be shown saying that no active keyset is found, and ask the user if keyset ID 1 should be used.

Add a key container file to support the ability to store keys in a file.

• XML as data format? Could use standard XML encryption abilities.
• Support individual keys as well as groups of keys. Also support macros to be able to load and delete keys with one operation.

Now it's not available on it's site and now can i encrypt icom with the program directly with out device

Currently the list of keys and groups can be reordered, but not the list of keys in a group. Add support for reordering of keys in a group.

Currently the firmware expects all data to come in one USB transfer, add proper framing in firmware receive routine to remove this limitation and make communications more reliable

With no device selected, the UI will permit you to press the 'Start' button with no error message. The interface will act normally, and will permit you to press 'Stop' with no error message.

Add a check to show an error when no device is selected and 'Start' is pressed.

Add an option in the MR emulation screen to save keys to the open key container.

Write unit tests - especially for the KMMs

When attempting to keyload in MR emulation mode, the KVL4000 reports the radio is not responding.

From logs, the KVL4000 is attempting to read the radio RSI first (Message ID: Inventory-Cmd 0x0D, Inventory Type: List RSI Items 0x0B). This is not the procedure specified in the P25 standard (TIA 102.AACD-A 3.8.1).

List RSI items is not implemented in the current functionality, so it will need to be added.

The KVL4000 may request more information after completing the list RSI items request, so additional features may need to be implemented other than list RSI items for the entire keyload operation to complete.

Firmware upgrades or unit initializations will occasionally fail with an error message, or the GUI will just hang indefinitely.

CPU usage is high during the upgrade process, which might be a factor.

Add automatic recovery attempts, as well as display a message pointing to documentation on how to recover the unit manually.

Document in the manual how to recover the unit manually.

Bring over the link layer authentication functionality from SoftwareAuthKeyLoader.

https://github.com/duggerd/SoftwareAuthKeyLoader

• Automate the creation and connection of the PPP link

When user requests program exit through the window close button, it will ask to save the container if it is unsaved/prevent exit if the MR emulator is running. The exit menu item will display the dialogs, but will not prevent exit. This is due to the Application.Current.Shutdown() function used in the Exit_MenuItem_Click() function, rather than the Close() function.

Also return after preventing exit due to the MR emulator.

Add the remaining optional rekeying features:

• 2.3.5 View Individual RSI
• 2.3.6 Load Individual RSI
• 2.3.7 View KMF RSI
• 2.3.8 Load KMF RSI
• 2.3.9 View MNP
• 2.3.10 Load MNP
• 2.3.11 View Keyset Info
• 2.3.12 Activate Keyset

Use a continuous integration service to produce nightly builds of software.

I am looking to build my own cable to talk to the KFD. However, I am not able to find a proper pinout for the XTS/XTL Radios?

Where would I find the pinout? I am not seeing it in any of the documentation.

Currently the software release process is manual - use PowerShell to script the build of the control software, installers, digital signing, packaging, and hashing.

Parsing for list RSI items was accidentally removed in commit f33512d

Write user's manual to replace placeholder PDF.

• Use Word or Sphinx/Read the Docs?
• Should screenshots be included or just text?

Add a mode to emulate a radio being keyloaded to be able to view loaded key variables.

Allow multi-select for add/remove in container edit and multiple keyload