mirror
/
solo1
kopia lustrzana https://github.com/solokeys/solo1
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

store all info in same page, dont use authenticator state

simplify_build
Conor Patrick 2019-10-27 09:27:56 -04:00
rodzic d33749fc16
commit 9ac2aa90c3
3 zmienionych plików z 17 dodań i 14 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

1
fido2/storage.h
Wyświetl plik

@ -53,7 +53,6 @@ typedef struct
uint16_t key_lens[MAX_KEYS]; uint16_t key_lens[MAX_KEYS];
uint8_t key_space[KEY_SPACE_BYTES]; uint8_t key_space[KEY_SPACE_BYTES];
uint8_t data_version; uint8_t data_version;
uint8_t flags;
} AuthenticatorState_0x01; } AuthenticatorState_0x01;
typedef AuthenticatorState_0x01 AuthenticatorState; typedef AuthenticatorState_0x01 AuthenticatorState;

25
targets/stm32l432/src/device.c
Wyświetl plik

@ -192,8 +192,8 @@ void device_init_button(void)
} }
int solo_is_locked(){ int solo_is_locked(){
uint8_t flags = ((AuthenticatorState *) STATE1_PAGE_ADDR)->flags; uint64_t device_settings = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings;
return (flags & SOLO_FLAG_LOCKED) != 0; return (device_settings & SOLO_FLAG_LOCKED) != 0;
} }
/** device_migrate /** device_migrate
@ -211,18 +211,20 @@ static void device_migrate(){
extern uint8_t attestation_solo_cert_der[]; extern uint8_t attestation_solo_cert_der[];
extern uint8_t attestation_hacker_cert_der[]; extern uint8_t attestation_hacker_cert_der[];
AuthenticatorState state; uint64_t device_settings = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings;
authenticator_read_state(&state); uint32_t configure_tag = (uint32_t)(device_settings >> 32);
if (state.flags == 0xFF)
if (configure_tag != ATTESTATION_CONFIGURED_TAG)
{ {
printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n"); printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n");
// do migrate.
state.flags = 0; device_settings = ATTESTATION_CONFIGURED_TAG;
device_settings <<= 32;
// Read current device lock level. // Read current device lock level.
uint32_t optr = FLASH->OPTR; uint32_t optr = FLASH->OPTR;
if ((optr & 0xff) != 0xAA){ if ((optr & 0xff) != 0xAA){
state.flags |= SOLO_FLAG_LOCKED; device_settings |= SOLO_FLAG_LOCKED;
} }
uint8_t tmp_attestation_key[32]; uint8_t tmp_attestation_key[32];
@ -273,9 +275,10 @@ static void device_migrate(){
); );
} }
// Save. // Save / done.
authenticator_write_state(&state,0); flash_write_dword(
authenticator_write_state(&state,1); (uint32_t) & ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings,
(uint64_t)device_settings);
} }
} }

5
targets/stm32l432/src/memory_layout.h
Wyświetl plik

@ -67,13 +67,14 @@ typedef struct flash_memory_st flash_memory_st;
#include <assert.h> #include <assert.h>
static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size"); static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size");
#define ATTESTATION_FORMAT 0x5A01 #define ATTESTATION_CONFIGURED_TAG 0xaa551e78
struct flash_attestation_page{ struct flash_attestation_page{
uint8_t attestation_key[32]; uint8_t attestation_key[32];
// DWORD padded. // DWORD padded.
uint64_t device_settings;
uint64_t attestation_cert_size; uint64_t attestation_cert_size;
uint8_t attestation_cert[2048 - 32 - 8]; uint8_t attestation_cert[2048 - 32 - 8 - 8];
} __attribute__((packed)); } __attribute__((packed));
typedef struct flash_attestation_page flash_attestation_page; typedef struct flash_attestation_page flash_attestation_page;