From 9ac2aa90c36738de77827b537def91d92f2a3e5a Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sun, 27 Oct 2019 09:27:56 -0400 Subject: [PATCH] store all info in same page, dont use authenticator state --- fido2/storage.h | 1 - targets/stm32l432/src/device.c | 25 ++++++++++++++----------- targets/stm32l432/src/memory_layout.h | 5 +++-- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/fido2/storage.h b/fido2/storage.h index 077afef..271e234 100644 --- a/fido2/storage.h +++ b/fido2/storage.h @@ -53,7 +53,6 @@ typedef struct uint16_t key_lens[MAX_KEYS]; uint8_t key_space[KEY_SPACE_BYTES]; uint8_t data_version; - uint8_t flags; } AuthenticatorState_0x01; typedef AuthenticatorState_0x01 AuthenticatorState; diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c index 9b22cc0..dee0fc7 100644 --- a/targets/stm32l432/src/device.c +++ b/targets/stm32l432/src/device.c @@ -192,8 +192,8 @@ void device_init_button(void) } int solo_is_locked(){ - uint8_t flags = ((AuthenticatorState *) STATE1_PAGE_ADDR)->flags; - return (flags & SOLO_FLAG_LOCKED) != 0; + uint64_t device_settings = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings; + return (device_settings & SOLO_FLAG_LOCKED) != 0; } /** device_migrate @@ -211,18 +211,20 @@ static void device_migrate(){ extern uint8_t attestation_solo_cert_der[]; extern uint8_t attestation_hacker_cert_der[]; - AuthenticatorState state; - authenticator_read_state(&state); - if (state.flags == 0xFF) + uint64_t device_settings = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings; + uint32_t configure_tag = (uint32_t)(device_settings >> 32); + + if (configure_tag != ATTESTATION_CONFIGURED_TAG) { printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n"); - // do migrate. - state.flags = 0; + + device_settings = ATTESTATION_CONFIGURED_TAG; + device_settings <<= 32; // Read current device lock level. uint32_t optr = FLASH->OPTR; if ((optr & 0xff) != 0xAA){ - state.flags |= SOLO_FLAG_LOCKED; + device_settings |= SOLO_FLAG_LOCKED; } uint8_t tmp_attestation_key[32]; @@ -273,9 +275,10 @@ static void device_migrate(){ ); } - // Save. - authenticator_write_state(&state,0); - authenticator_write_state(&state,1); + // Save / done. + flash_write_dword( + (uint32_t) & ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings, + (uint64_t)device_settings); } } diff --git a/targets/stm32l432/src/memory_layout.h b/targets/stm32l432/src/memory_layout.h index 19a3356..32d4b85 100644 --- a/targets/stm32l432/src/memory_layout.h +++ b/targets/stm32l432/src/memory_layout.h @@ -67,13 +67,14 @@ typedef struct flash_memory_st flash_memory_st; #include static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size"); -#define ATTESTATION_FORMAT 0x5A01 +#define ATTESTATION_CONFIGURED_TAG 0xaa551e78 struct flash_attestation_page{ uint8_t attestation_key[32]; // DWORD padded. + uint64_t device_settings; uint64_t attestation_cert_size; - uint8_t attestation_cert[2048 - 32 - 8]; + uint8_t attestation_cert[2048 - 32 - 8 - 8]; } __attribute__((packed)); typedef struct flash_attestation_page flash_attestation_page;