kopia lustrzana https://github.com/solokeys/solo1
move sense of "backup" from ctap to device layer
rodzic
ee55bf3ba0
commit
1d63154699
48
fido2/ctap.c
48
fido2/ctap.c
|
@ -282,13 +282,9 @@ void make_auth_tag(uint8_t * rpIdHash, uint8_t * nonce, uint32_t count, uint8_t
|
|||
memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE);
|
||||
}
|
||||
|
||||
void ctap_flush_state(int backup)
|
||||
void ctap_flush_state()
|
||||
{
|
||||
authenticator_write_state(&STATE, 0);
|
||||
if (backup)
|
||||
{
|
||||
authenticator_write_state(&STATE, 1);
|
||||
}
|
||||
authenticator_write_state(&STATE);
|
||||
}
|
||||
|
||||
static uint32_t auth_data_update_count(CTAP_authDataHeader * authData)
|
||||
|
@ -312,7 +308,7 @@ static uint32_t auth_data_update_count(CTAP_authDataHeader * authData)
|
|||
static void ctap_increment_rk_store()
|
||||
{
|
||||
STATE.rk_stored++;
|
||||
ctap_flush_state(1);
|
||||
ctap_flush_state();
|
||||
}
|
||||
|
||||
static int is_matching_rk(CTAP_residentKey * rk, CTAP_residentKey * rk2)
|
||||
|
@ -1770,8 +1766,7 @@ static void ctap_state_init()
|
|||
*/
|
||||
void ctap_load_external_keys(uint8_t * keybytes){
|
||||
memmove(STATE.key_space, keybytes, KEY_SPACE_BYTES);
|
||||
authenticator_write_state(&STATE, 0);
|
||||
authenticator_write_state(&STATE, 1);
|
||||
authenticator_write_state(&STATE);
|
||||
crypto_load_master_secret(STATE.key_space);
|
||||
}
|
||||
|
||||
|
@ -1785,30 +1780,18 @@ void ctap_init()
|
|||
);
|
||||
crypto_ecc256_init();
|
||||
|
||||
authenticator_read_state(&STATE);
|
||||
int is_init = authenticator_read_state(&STATE);
|
||||
|
||||
device_set_status(CTAPHID_STATUS_IDLE);
|
||||
|
||||
if (STATE.is_initialized == INITIALIZED_MARKER)
|
||||
if (is_init)
|
||||
{
|
||||
printf1(TAG_STOR,"Auth state is initialized\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
printf1(TAG_STOR,"Auth state is NOT initialized. Initializing..\n");
|
||||
if (authenticator_is_backup_initialized())
|
||||
{
|
||||
printf1(TAG_ERR,"Warning: memory corruption detected. restoring from backup..\n");
|
||||
authenticator_read_backup_state(&STATE);
|
||||
authenticator_write_state(&STATE, 0);
|
||||
}
|
||||
else
|
||||
{
|
||||
ctap_state_init();
|
||||
authenticator_write_state(&STATE, 0);
|
||||
authenticator_write_state(&STATE, 1);
|
||||
|
||||
}
|
||||
ctap_state_init();
|
||||
authenticator_write_state(&STATE);
|
||||
}
|
||||
|
||||
do_migration_if_required(&STATE);
|
||||
|
@ -1875,8 +1858,7 @@ void ctap_update_pin(uint8_t * pin, int len)
|
|||
|
||||
STATE.is_pin_set = 1;
|
||||
|
||||
authenticator_write_state(&STATE, 1);
|
||||
authenticator_write_state(&STATE, 0);
|
||||
authenticator_write_state(&STATE);
|
||||
|
||||
printf1(TAG_CTAP, "New pin set: %s [%d]\n", pin, len);
|
||||
dump_hex1(TAG_ERR, STATE.PIN_CODE_HASH, sizeof(STATE.PIN_CODE_HASH));
|
||||
|
@ -1891,7 +1873,7 @@ uint8_t ctap_decrement_pin_attempts()
|
|||
if (! ctap_device_locked())
|
||||
{
|
||||
STATE.remaining_tries--;
|
||||
ctap_flush_state(0);
|
||||
ctap_flush_state();
|
||||
printf1(TAG_CP, "ATTEMPTS left: %d\n", STATE.remaining_tries);
|
||||
|
||||
if (ctap_device_locked())
|
||||
|
@ -1926,7 +1908,7 @@ void ctap_reset_pin_attempts()
|
|||
{
|
||||
STATE.remaining_tries = PIN_LOCKOUT_ATTEMPTS;
|
||||
PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
|
||||
ctap_flush_state(0);
|
||||
ctap_flush_state();
|
||||
}
|
||||
|
||||
void ctap_reset_state()
|
||||
|
@ -2000,7 +1982,7 @@ int8_t ctap_store_key(uint8_t index, uint8_t * key, uint16_t len)
|
|||
|
||||
memmove(STATE.key_space + offset, key, len);
|
||||
|
||||
ctap_flush_state(1);
|
||||
ctap_flush_state();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -2042,8 +2024,7 @@ void ctap_reset()
|
|||
{
|
||||
ctap_state_init();
|
||||
|
||||
authenticator_write_state(&STATE, 0);
|
||||
authenticator_write_state(&STATE, 1);
|
||||
authenticator_write_state(&STATE);
|
||||
|
||||
if (ctap_generate_rng(PIN_TOKEN, PIN_TOKEN_SIZE) != 1)
|
||||
{
|
||||
|
@ -2063,6 +2044,5 @@ void lock_device_permanently() {
|
|||
|
||||
printf1(TAG_CP, "Device locked!\n");
|
||||
|
||||
authenticator_write_state(&STATE, 0);
|
||||
authenticator_write_state(&STATE, 1);
|
||||
authenticator_write_state(&STATE);
|
||||
}
|
||||
|
|
|
@ -59,6 +59,8 @@
|
|||
|
||||
#define CTAP_CAPABILITIES (CAPABILITY_WINK | CAPABILITY_CBOR)
|
||||
|
||||
#define HID_MESSAGE_SIZE 64
|
||||
|
||||
typedef struct
|
||||
{
|
||||
uint32_t cid;
|
||||
|
|
|
@ -56,8 +56,7 @@ bool migrate_from_FF_to_01(AuthenticatorState_0xFF* state_prev_0xff, Authenticat
|
|||
|
||||
void save_migrated_state(AuthenticatorState *state_tmp_ptr) {
|
||||
memmove(&STATE, state_tmp_ptr, sizeof(AuthenticatorState));
|
||||
authenticator_write_state(state_tmp_ptr, 0);
|
||||
authenticator_write_state(state_tmp_ptr, 1);
|
||||
authenticator_write_state(state_tmp_ptr);
|
||||
}
|
||||
|
||||
void do_migration_if_required(AuthenticatorState* state_current){
|
||||
|
|
105
pc/device.c
105
pc/device.c
|
@ -291,10 +291,9 @@ int ctap_generate_rng(uint8_t * dst, size_t num)
|
|||
|
||||
|
||||
const char * state_file = "authenticator_state.bin";
|
||||
const char * backup_file = "authenticator_state2.bin";
|
||||
const char * rk_file = "resident_keys.bin";
|
||||
|
||||
void authenticator_read_state(AuthenticatorState * state)
|
||||
int authenticator_read_state(AuthenticatorState * state)
|
||||
{
|
||||
FILE * f;
|
||||
int ret;
|
||||
|
@ -313,95 +312,32 @@ void authenticator_read_state(AuthenticatorState * state)
|
|||
perror("fwrite");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (state->is_initialized == INITIALIZED_MARKER)
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
void authenticator_read_backup_state(AuthenticatorState * state )
|
||||
|
||||
void authenticator_write_state(AuthenticatorState * state)
|
||||
{
|
||||
FILE * f;
|
||||
int ret;
|
||||
|
||||
f = fopen(backup_file, "rb");
|
||||
f = fopen(state_file, "wb+");
|
||||
if (f== NULL)
|
||||
{
|
||||
perror("fopen");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
ret = fread(state, 1, sizeof(AuthenticatorState), f);
|
||||
ret = fwrite(state, 1, sizeof(AuthenticatorState), f);
|
||||
fclose(f);
|
||||
if(ret != sizeof(AuthenticatorState))
|
||||
if (ret != sizeof(AuthenticatorState))
|
||||
{
|
||||
perror("fwrite");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
void authenticator_write_state(AuthenticatorState * state, int backup)
|
||||
{
|
||||
FILE * f;
|
||||
int ret;
|
||||
|
||||
if (! backup)
|
||||
{
|
||||
f = fopen(state_file, "wb+");
|
||||
if (f== NULL)
|
||||
{
|
||||
perror("fopen");
|
||||
exit(1);
|
||||
}
|
||||
ret = fwrite(state, 1, sizeof(AuthenticatorState), f);
|
||||
fclose(f);
|
||||
if (ret != sizeof(AuthenticatorState))
|
||||
{
|
||||
perror("fwrite");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
f = fopen(backup_file, "wb+");
|
||||
if (f== NULL)
|
||||
{
|
||||
perror("fopen");
|
||||
exit(1);
|
||||
}
|
||||
ret = fwrite(state, 1, sizeof(AuthenticatorState), f);
|
||||
fclose(f);
|
||||
if (ret != sizeof(AuthenticatorState))
|
||||
{
|
||||
perror("fwrite");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Return 1 yes backup is init'd, else 0
|
||||
int authenticator_is_backup_initialized()
|
||||
{
|
||||
uint8_t header[16];
|
||||
AuthenticatorState * state = (AuthenticatorState*) header;
|
||||
FILE * f;
|
||||
int ret;
|
||||
|
||||
printf("state file exists\n");
|
||||
f = fopen(backup_file, "rb");
|
||||
if (f== NULL)
|
||||
{
|
||||
printf("Warning, backup file doesn't exist\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret = fread(header, 1, sizeof(header), f);
|
||||
fclose(f);
|
||||
if(ret != sizeof(header))
|
||||
{
|
||||
perror("fwrite");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
return state->is_initialized == INITIALIZED_MARKER;
|
||||
|
||||
}
|
||||
|
||||
|
@ -484,29 +420,10 @@ void authenticator_initialize()
|
|||
exit(1);
|
||||
}
|
||||
|
||||
f = fopen(backup_file, "wb+");
|
||||
if (f== NULL)
|
||||
{
|
||||
perror("fopen");
|
||||
exit(1);
|
||||
}
|
||||
mem = malloc(sizeof(AuthenticatorState));
|
||||
memset(mem,0xff,sizeof(AuthenticatorState));
|
||||
ret = fwrite(mem, 1, sizeof(AuthenticatorState), f);
|
||||
free(mem);
|
||||
fclose(f);
|
||||
if (ret != sizeof(AuthenticatorState))
|
||||
{
|
||||
perror("fwrite");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
// resident_keys
|
||||
memset(&RK_STORE,0xff,sizeof(RK_STORE));
|
||||
sync_rk();
|
||||
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -22,6 +22,9 @@
|
|||
|
||||
|
||||
void device_init(int argc, char *argv[]);
|
||||
int usbhid_recv(uint8_t * msg);
|
||||
|
||||
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
|
|
|
@ -468,20 +468,8 @@ void heartbeat(void)
|
|||
|
||||
}
|
||||
|
||||
void authenticator_read_state(AuthenticatorState * a)
|
||||
{
|
||||
uint32_t * ptr = (uint32_t *)flash_addr(STATE1_PAGE);
|
||||
memmove(a,ptr,sizeof(AuthenticatorState));
|
||||
}
|
||||
|
||||
void authenticator_read_backup_state(AuthenticatorState * a)
|
||||
{
|
||||
uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE);
|
||||
memmove(a,ptr,sizeof(AuthenticatorState));
|
||||
}
|
||||
|
||||
// Return 1 yes backup is init'd, else 0
|
||||
int authenticator_is_backup_initialized(void)
|
||||
static int authenticator_is_backup_initialized(void)
|
||||
{
|
||||
uint8_t header[16];
|
||||
uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE);
|
||||
|
@ -490,20 +478,35 @@ int authenticator_is_backup_initialized(void)
|
|||
return state->is_initialized == INITIALIZED_MARKER;
|
||||
}
|
||||
|
||||
void authenticator_write_state(AuthenticatorState * a, int backup)
|
||||
int authenticator_read_state(AuthenticatorState * a)
|
||||
{
|
||||
if (! backup)
|
||||
{
|
||||
flash_erase_page(STATE1_PAGE);
|
||||
uint32_t * ptr = (uint32_t *) flash_addr(STATE1_PAGE);
|
||||
memmove(a, ptr, sizeof(AuthenticatorState));
|
||||
|
||||
flash_write(flash_addr(STATE1_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
|
||||
}
|
||||
else
|
||||
{
|
||||
flash_erase_page(STATE2_PAGE);
|
||||
if (a->is_initialized != INITIALIZED_MARKER){
|
||||
|
||||
flash_write(flash_addr(STATE2_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
|
||||
if (authenticator_is_backup_initialized()){
|
||||
printf1(TAG_ERR,"Warning: memory corruption detected. restoring from backup..\n");
|
||||
ptr = (uint32_t *) flash_addr(STATE2_PAGE);
|
||||
memmove(a, ptr, sizeof(AuthenticatorState));
|
||||
authenticator_write_state(a);
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
void authenticator_write_state(AuthenticatorState * a)
|
||||
{
|
||||
flash_erase_page(STATE1_PAGE);
|
||||
flash_write(flash_addr(STATE1_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
|
||||
|
||||
flash_erase_page(STATE2_PAGE);
|
||||
flash_write(flash_addr(STATE2_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
|
||||
}
|
||||
|
||||
#if !defined(IS_BOOTLOADER)
|
||||
|
|
|
@ -4,6 +4,9 @@
|
|||
void device_init();
|
||||
|
||||
void main_loop_delay();
|
||||
void usbhid_init();
|
||||
void usbhid_close();
|
||||
int usbhid_recv(uint8_t * msg);
|
||||
|
||||
void heartbeat();
|
||||
|
||||
|
|
Ładowanie…
Reference in New Issue