mirror
/
solo1
kopia lustrzana https://github.com/solokeys/solo1
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

move sense of "backup" from ctap to device layer

aaguid_cert_update
Conor Patrick 2019-11-20 10:55:45 -05:00
rodzic ee55bf3ba0
commit 1d63154699
7 zmienionych plików z 60 dodań i 153 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

48
fido2/ctap.c
Wyświetl plik

@ -282,13 +282,9 @@ void make_auth_tag(uint8_t * rpIdHash, uint8_t * nonce, uint32_t count, uint8_t
memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE);
}
void ctap_flush_state(int backup)
void ctap_flush_state()
{
authenticator_write_state(&STATE, 0);
if (backup)
{
authenticator_write_state(&STATE, 1);
}
authenticator_write_state(&STATE);
}
static uint32_t auth_data_update_count(CTAP_authDataHeader * authData)
@ -312,7 +308,7 @@ static uint32_t auth_data_update_count(CTAP_authDataHeader * authData)
static void ctap_increment_rk_store()
{
STATE.rk_stored++;
ctap_flush_state(1);
ctap_flush_state();
}
static int is_matching_rk(CTAP_residentKey * rk, CTAP_residentKey * rk2)
@ -1770,8 +1766,7 @@ static void ctap_state_init()
*/
void ctap_load_external_keys(uint8_t * keybytes){
memmove(STATE.key_space, keybytes, KEY_SPACE_BYTES);
authenticator_write_state(&STATE, 0);
authenticator_write_state(&STATE, 1);
authenticator_write_state(&STATE);
crypto_load_master_secret(STATE.key_space);
}
@ -1785,30 +1780,18 @@ void ctap_init()
);
crypto_ecc256_init();
authenticator_read_state(&STATE);
int is_init = authenticator_read_state(&STATE);
device_set_status(CTAPHID_STATUS_IDLE);
if (STATE.is_initialized == INITIALIZED_MARKER)
if (is_init)
{
printf1(TAG_STOR,"Auth state is initialized\n");
}
else
{
printf1(TAG_STOR,"Auth state is NOT initialized. Initializing..\n");
if (authenticator_is_backup_initialized())
{
printf1(TAG_ERR,"Warning: memory corruption detected. restoring from backup..\n");
authenticator_read_backup_state(&STATE);
authenticator_write_state(&STATE, 0);
}
else
{
ctap_state_init();
authenticator_write_state(&STATE, 0);
authenticator_write_state(&STATE, 1);
}
ctap_state_init();
authenticator_write_state(&STATE);
}
do_migration_if_required(&STATE);
@ -1875,8 +1858,7 @@ void ctap_update_pin(uint8_t * pin, int len)
STATE.is_pin_set = 1;
authenticator_write_state(&STATE, 1);
authenticator_write_state(&STATE, 0);
authenticator_write_state(&STATE);
printf1(TAG_CTAP, "New pin set: %s [%d]\n", pin, len);
dump_hex1(TAG_ERR, STATE.PIN_CODE_HASH, sizeof(STATE.PIN_CODE_HASH));
@ -1891,7 +1873,7 @@ uint8_t ctap_decrement_pin_attempts()
if (! ctap_device_locked())
{
STATE.remaining_tries--;
ctap_flush_state(0);
ctap_flush_state();
printf1(TAG_CP, "ATTEMPTS left: %d\n", STATE.remaining_tries);
if (ctap_device_locked())
@ -1926,7 +1908,7 @@ void ctap_reset_pin_attempts()
{
STATE.remaining_tries = PIN_LOCKOUT_ATTEMPTS;
PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
ctap_flush_state(0);
ctap_flush_state();
}
void ctap_reset_state()
@ -2000,7 +1982,7 @@ int8_t ctap_store_key(uint8_t index, uint8_t * key, uint16_t len)
memmove(STATE.key_space + offset, key, len);
ctap_flush_state(1);
ctap_flush_state();
return 0;
}
@ -2042,8 +2024,7 @@ void ctap_reset()
{
ctap_state_init();
authenticator_write_state(&STATE, 0);
authenticator_write_state(&STATE, 1);
authenticator_write_state(&STATE);
if (ctap_generate_rng(PIN_TOKEN, PIN_TOKEN_SIZE) != 1)
{
@ -2063,6 +2044,5 @@ void lock_device_permanently() {
printf1(TAG_CP, "Device locked!\n");
authenticator_write_state(&STATE, 0);
authenticator_write_state(&STATE, 1);
authenticator_write_state(&STATE);
}

2
fido2/ctaphid.h
Wyświetl plik

@ -59,6 +59,8 @@
#define CTAP_CAPABILITIES (CAPABILITY_WINK | CAPABILITY_CBOR)
#define HID_MESSAGE_SIZE 64
typedef struct
{
uint32_t cid;

3
fido2/data_migration.c
Wyświetl plik

@ -56,8 +56,7 @@ bool migrate_from_FF_to_01(AuthenticatorState_0xFF* state_prev_0xff, Authenticat
void save_migrated_state(AuthenticatorState *state_tmp_ptr) {
memmove(&STATE, state_tmp_ptr, sizeof(AuthenticatorState));
authenticator_write_state(state_tmp_ptr, 0);
authenticator_write_state(state_tmp_ptr, 1);
authenticator_write_state(state_tmp_ptr);
}
void do_migration_if_required(AuthenticatorState* state_current){

105
pc/device.c
Wyświetl plik

@ -291,10 +291,9 @@ int ctap_generate_rng(uint8_t * dst, size_t num)
const char * state_file = "authenticator_state.bin";
const char * backup_file = "authenticator_state2.bin";
const char * rk_file = "resident_keys.bin";
void authenticator_read_state(AuthenticatorState * state)
int authenticator_read_state(AuthenticatorState * state)
{
FILE * f;
int ret;
@ -313,95 +312,32 @@ void authenticator_read_state(AuthenticatorState * state)
perror("fwrite");
exit(1);
}
if (state->is_initialized == INITIALIZED_MARKER)
return 1;
else
return 0;
}
void authenticator_read_backup_state(AuthenticatorState * state )
void authenticator_write_state(AuthenticatorState * state)
{
FILE * f;
int ret;
f = fopen(backup_file, "rb");
f = fopen(state_file, "wb+");
if (f== NULL)
{
perror("fopen");
exit(1);
}
ret = fread(state, 1, sizeof(AuthenticatorState), f);
ret = fwrite(state, 1, sizeof(AuthenticatorState), f);
fclose(f);
if(ret != sizeof(AuthenticatorState))
if (ret != sizeof(AuthenticatorState))
{
perror("fwrite");
exit(1);
}
}
void authenticator_write_state(AuthenticatorState * state, int backup)
{
FILE * f;
int ret;
if (! backup)
{
f = fopen(state_file, "wb+");
if (f== NULL)
{
perror("fopen");
exit(1);
}
ret = fwrite(state, 1, sizeof(AuthenticatorState), f);
fclose(f);
if (ret != sizeof(AuthenticatorState))
{
perror("fwrite");
exit(1);
}
}
else
{
f = fopen(backup_file, "wb+");
if (f== NULL)
{
perror("fopen");
exit(1);
}
ret = fwrite(state, 1, sizeof(AuthenticatorState), f);
fclose(f);
if (ret != sizeof(AuthenticatorState))
{
perror("fwrite");
exit(1);
}
}
}
// Return 1 yes backup is init'd, else 0
int authenticator_is_backup_initialized()
{
uint8_t header[16];
AuthenticatorState * state = (AuthenticatorState*) header;
FILE * f;
int ret;
printf("state file exists\n");
f = fopen(backup_file, "rb");
if (f== NULL)
{
printf("Warning, backup file doesn't exist\n");
return 0;
}
ret = fread(header, 1, sizeof(header), f);
fclose(f);
if(ret != sizeof(header))
{
perror("fwrite");
exit(1);
}
return state->is_initialized == INITIALIZED_MARKER;
}
@ -484,29 +420,10 @@ void authenticator_initialize()
exit(1);
}
f = fopen(backup_file, "wb+");
if (f== NULL)
{
perror("fopen");
exit(1);
}
mem = malloc(sizeof(AuthenticatorState));
memset(mem,0xff,sizeof(AuthenticatorState));
ret = fwrite(mem, 1, sizeof(AuthenticatorState), f);
free(mem);
fclose(f);
if (ret != sizeof(AuthenticatorState))
{
perror("fwrite");
exit(1);
}
// resident_keys
memset(&RK_STORE,0xff,sizeof(RK_STORE));
sync_rk();
}
}

3
pc/main.c
Wyświetl plik

@ -22,6 +22,9 @@
void device_init(int argc, char *argv[]);
int usbhid_recv(uint8_t * msg);
int main(int argc, char *argv[])
{

49
targets/stm32l432/src/device.c
Wyświetl plik

@ -468,20 +468,8 @@ void heartbeat(void)
}
void authenticator_read_state(AuthenticatorState * a)
{
uint32_t * ptr = (uint32_t *)flash_addr(STATE1_PAGE);
memmove(a,ptr,sizeof(AuthenticatorState));
}
void authenticator_read_backup_state(AuthenticatorState * a)
{
uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE);
memmove(a,ptr,sizeof(AuthenticatorState));
}
// Return 1 yes backup is init'd, else 0
int authenticator_is_backup_initialized(void)
static int authenticator_is_backup_initialized(void)
{
uint8_t header[16];
uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE);
@ -490,20 +478,35 @@ int authenticator_is_backup_initialized(void)
return state->is_initialized == INITIALIZED_MARKER;
}
void authenticator_write_state(AuthenticatorState * a, int backup)
int authenticator_read_state(AuthenticatorState * a)
{
if (! backup)
{
flash_erase_page(STATE1_PAGE);
uint32_t * ptr = (uint32_t *) flash_addr(STATE1_PAGE);
memmove(a, ptr, sizeof(AuthenticatorState));
flash_write(flash_addr(STATE1_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
}
else
{
flash_erase_page(STATE2_PAGE);
if (a->is_initialized != INITIALIZED_MARKER){
flash_write(flash_addr(STATE2_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
if (authenticator_is_backup_initialized()){
printf1(TAG_ERR,"Warning: memory corruption detected. restoring from backup..\n");
ptr = (uint32_t *) flash_addr(STATE2_PAGE);
memmove(a, ptr, sizeof(AuthenticatorState));
authenticator_write_state(a);
return 1;
}
return 0;
}
return 1;
}
void authenticator_write_state(AuthenticatorState * a)
{
flash_erase_page(STATE1_PAGE);
flash_write(flash_addr(STATE1_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
flash_erase_page(STATE2_PAGE);
flash_write(flash_addr(STATE2_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
}
#if !defined(IS_BOOTLOADER)

3
targets/stm32l432/src/solo.h
Wyświetl plik

@ -4,6 +4,9 @@
void device_init();
void main_loop_delay();
void usbhid_init();
void usbhid_close();
int usbhid_recv(uint8_t * msg);
void heartbeat();