diff --git a/fido2/ctap.c b/fido2/ctap.c index e71d1b9..497dbb8 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -282,13 +282,9 @@ void make_auth_tag(uint8_t * rpIdHash, uint8_t * nonce, uint32_t count, uint8_t memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE); } -void ctap_flush_state(int backup) +void ctap_flush_state() { - authenticator_write_state(&STATE, 0); - if (backup) - { - authenticator_write_state(&STATE, 1); - } + authenticator_write_state(&STATE); } static uint32_t auth_data_update_count(CTAP_authDataHeader * authData) @@ -312,7 +308,7 @@ static uint32_t auth_data_update_count(CTAP_authDataHeader * authData) static void ctap_increment_rk_store() { STATE.rk_stored++; - ctap_flush_state(1); + ctap_flush_state(); } static int is_matching_rk(CTAP_residentKey * rk, CTAP_residentKey * rk2) @@ -1770,8 +1766,7 @@ static void ctap_state_init() */ void ctap_load_external_keys(uint8_t * keybytes){ memmove(STATE.key_space, keybytes, KEY_SPACE_BYTES); - authenticator_write_state(&STATE, 0); - authenticator_write_state(&STATE, 1); + authenticator_write_state(&STATE); crypto_load_master_secret(STATE.key_space); } @@ -1785,30 +1780,18 @@ void ctap_init() ); crypto_ecc256_init(); - authenticator_read_state(&STATE); + int is_init = authenticator_read_state(&STATE); device_set_status(CTAPHID_STATUS_IDLE); - if (STATE.is_initialized == INITIALIZED_MARKER) + if (is_init) { printf1(TAG_STOR,"Auth state is initialized\n"); } else { - printf1(TAG_STOR,"Auth state is NOT initialized. Initializing..\n"); - if (authenticator_is_backup_initialized()) - { - printf1(TAG_ERR,"Warning: memory corruption detected. restoring from backup..\n"); - authenticator_read_backup_state(&STATE); - authenticator_write_state(&STATE, 0); - } - else - { - ctap_state_init(); - authenticator_write_state(&STATE, 0); - authenticator_write_state(&STATE, 1); - - } + ctap_state_init(); + authenticator_write_state(&STATE); } do_migration_if_required(&STATE); @@ -1875,8 +1858,7 @@ void ctap_update_pin(uint8_t * pin, int len) STATE.is_pin_set = 1; - authenticator_write_state(&STATE, 1); - authenticator_write_state(&STATE, 0); + authenticator_write_state(&STATE); printf1(TAG_CTAP, "New pin set: %s [%d]\n", pin, len); dump_hex1(TAG_ERR, STATE.PIN_CODE_HASH, sizeof(STATE.PIN_CODE_HASH)); @@ -1891,7 +1873,7 @@ uint8_t ctap_decrement_pin_attempts() if (! ctap_device_locked()) { STATE.remaining_tries--; - ctap_flush_state(0); + ctap_flush_state(); printf1(TAG_CP, "ATTEMPTS left: %d\n", STATE.remaining_tries); if (ctap_device_locked()) @@ -1926,7 +1908,7 @@ void ctap_reset_pin_attempts() { STATE.remaining_tries = PIN_LOCKOUT_ATTEMPTS; PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS; - ctap_flush_state(0); + ctap_flush_state(); } void ctap_reset_state() @@ -2000,7 +1982,7 @@ int8_t ctap_store_key(uint8_t index, uint8_t * key, uint16_t len) memmove(STATE.key_space + offset, key, len); - ctap_flush_state(1); + ctap_flush_state(); return 0; } @@ -2042,8 +2024,7 @@ void ctap_reset() { ctap_state_init(); - authenticator_write_state(&STATE, 0); - authenticator_write_state(&STATE, 1); + authenticator_write_state(&STATE); if (ctap_generate_rng(PIN_TOKEN, PIN_TOKEN_SIZE) != 1) { @@ -2063,6 +2044,5 @@ void lock_device_permanently() { printf1(TAG_CP, "Device locked!\n"); - authenticator_write_state(&STATE, 0); - authenticator_write_state(&STATE, 1); + authenticator_write_state(&STATE); } diff --git a/fido2/ctaphid.h b/fido2/ctaphid.h index 0b5715d..5294f66 100644 --- a/fido2/ctaphid.h +++ b/fido2/ctaphid.h @@ -59,6 +59,8 @@ #define CTAP_CAPABILITIES (CAPABILITY_WINK | CAPABILITY_CBOR) +#define HID_MESSAGE_SIZE 64 + typedef struct { uint32_t cid; diff --git a/fido2/data_migration.c b/fido2/data_migration.c index cb21e14..2b0951f 100644 --- a/fido2/data_migration.c +++ b/fido2/data_migration.c @@ -56,8 +56,7 @@ bool migrate_from_FF_to_01(AuthenticatorState_0xFF* state_prev_0xff, Authenticat void save_migrated_state(AuthenticatorState *state_tmp_ptr) { memmove(&STATE, state_tmp_ptr, sizeof(AuthenticatorState)); - authenticator_write_state(state_tmp_ptr, 0); - authenticator_write_state(state_tmp_ptr, 1); + authenticator_write_state(state_tmp_ptr); } void do_migration_if_required(AuthenticatorState* state_current){ diff --git a/pc/device.c b/pc/device.c index 19c4d78..181cdfb 100644 --- a/pc/device.c +++ b/pc/device.c @@ -291,10 +291,9 @@ int ctap_generate_rng(uint8_t * dst, size_t num) const char * state_file = "authenticator_state.bin"; -const char * backup_file = "authenticator_state2.bin"; const char * rk_file = "resident_keys.bin"; -void authenticator_read_state(AuthenticatorState * state) +int authenticator_read_state(AuthenticatorState * state) { FILE * f; int ret; @@ -313,95 +312,32 @@ void authenticator_read_state(AuthenticatorState * state) perror("fwrite"); exit(1); } - + if (state->is_initialized == INITIALIZED_MARKER) + return 1; + else + return 0; + } -void authenticator_read_backup_state(AuthenticatorState * state ) + +void authenticator_write_state(AuthenticatorState * state) { FILE * f; int ret; - f = fopen(backup_file, "rb"); + f = fopen(state_file, "wb+"); if (f== NULL) { perror("fopen"); exit(1); } - - ret = fread(state, 1, sizeof(AuthenticatorState), f); + ret = fwrite(state, 1, sizeof(AuthenticatorState), f); fclose(f); - if(ret != sizeof(AuthenticatorState)) + if (ret != sizeof(AuthenticatorState)) { perror("fwrite"); exit(1); } -} - -void authenticator_write_state(AuthenticatorState * state, int backup) -{ - FILE * f; - int ret; - - if (! backup) - { - f = fopen(state_file, "wb+"); - if (f== NULL) - { - perror("fopen"); - exit(1); - } - ret = fwrite(state, 1, sizeof(AuthenticatorState), f); - fclose(f); - if (ret != sizeof(AuthenticatorState)) - { - perror("fwrite"); - exit(1); - } - } - else - { - - f = fopen(backup_file, "wb+"); - if (f== NULL) - { - perror("fopen"); - exit(1); - } - ret = fwrite(state, 1, sizeof(AuthenticatorState), f); - fclose(f); - if (ret != sizeof(AuthenticatorState)) - { - perror("fwrite"); - exit(1); - } - } -} - -// Return 1 yes backup is init'd, else 0 -int authenticator_is_backup_initialized() -{ - uint8_t header[16]; - AuthenticatorState * state = (AuthenticatorState*) header; - FILE * f; - int ret; - - printf("state file exists\n"); - f = fopen(backup_file, "rb"); - if (f== NULL) - { - printf("Warning, backup file doesn't exist\n"); - return 0; - } - - ret = fread(header, 1, sizeof(header), f); - fclose(f); - if(ret != sizeof(header)) - { - perror("fwrite"); - exit(1); - } - - return state->is_initialized == INITIALIZED_MARKER; } @@ -484,29 +420,10 @@ void authenticator_initialize() exit(1); } - f = fopen(backup_file, "wb+"); - if (f== NULL) - { - perror("fopen"); - exit(1); - } - mem = malloc(sizeof(AuthenticatorState)); - memset(mem,0xff,sizeof(AuthenticatorState)); - ret = fwrite(mem, 1, sizeof(AuthenticatorState), f); - free(mem); - fclose(f); - if (ret != sizeof(AuthenticatorState)) - { - perror("fwrite"); - exit(1); - } - // resident_keys memset(&RK_STORE,0xff,sizeof(RK_STORE)); sync_rk(); - - } } diff --git a/pc/main.c b/pc/main.c index 07a0bce..e5c034c 100644 --- a/pc/main.c +++ b/pc/main.c @@ -22,6 +22,9 @@ void device_init(int argc, char *argv[]); +int usbhid_recv(uint8_t * msg); + + int main(int argc, char *argv[]) { diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index 5d83bac..4ac587b 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -468,20 +468,8 @@ void heartbeat(void) } -void authenticator_read_state(AuthenticatorState * a) -{ - uint32_t * ptr = (uint32_t *)flash_addr(STATE1_PAGE); - memmove(a,ptr,sizeof(AuthenticatorState)); -} -void authenticator_read_backup_state(AuthenticatorState * a) -{ - uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE); - memmove(a,ptr,sizeof(AuthenticatorState)); -} - -// Return 1 yes backup is init'd, else 0 -int authenticator_is_backup_initialized(void) +static int authenticator_is_backup_initialized(void) { uint8_t header[16]; uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE); @@ -490,20 +478,35 @@ int authenticator_is_backup_initialized(void) return state->is_initialized == INITIALIZED_MARKER; } -void authenticator_write_state(AuthenticatorState * a, int backup) +int authenticator_read_state(AuthenticatorState * a) { - if (! backup) - { - flash_erase_page(STATE1_PAGE); + uint32_t * ptr = (uint32_t *) flash_addr(STATE1_PAGE); + memmove(a, ptr, sizeof(AuthenticatorState)); - flash_write(flash_addr(STATE1_PAGE), (uint8_t*)a, sizeof(AuthenticatorState)); - } - else - { - flash_erase_page(STATE2_PAGE); + if (a->is_initialized != INITIALIZED_MARKER){ - flash_write(flash_addr(STATE2_PAGE), (uint8_t*)a, sizeof(AuthenticatorState)); + if (authenticator_is_backup_initialized()){ + printf1(TAG_ERR,"Warning: memory corruption detected. restoring from backup..\n"); + ptr = (uint32_t *) flash_addr(STATE2_PAGE); + memmove(a, ptr, sizeof(AuthenticatorState)); + authenticator_write_state(a); + return 1; + } + + return 0; } + + return 1; +} + + +void authenticator_write_state(AuthenticatorState * a) +{ + flash_erase_page(STATE1_PAGE); + flash_write(flash_addr(STATE1_PAGE), (uint8_t*)a, sizeof(AuthenticatorState)); + + flash_erase_page(STATE2_PAGE); + flash_write(flash_addr(STATE2_PAGE), (uint8_t*)a, sizeof(AuthenticatorState)); } #if !defined(IS_BOOTLOADER) diff --git a/targets/stm32l432/src/solo.h b/targets/stm32l432/src/solo.h index 6ce8e22..be5419d 100644 --- a/targets/stm32l432/src/solo.h +++ b/targets/stm32l432/src/solo.h @@ -4,6 +4,9 @@ void device_init(); void main_loop_delay(); +void usbhid_init(); +void usbhid_close(); +int usbhid_recv(uint8_t * msg); void heartbeat();