move sense of "backup" from ctap to device layer

fido2/ctap.c

@@ -282,13 +282,9 @@ void make_auth_tag(uint8_t * rpIdHash, uint8_t * nonce, uint32_t count, uint8_t
     memmove(tag, hashbuf, CREDENTIAL_TAG_SIZE);
 }
 
-void ctap_flush_state(int backup)
+void ctap_flush_state()
 {
-    authenticator_write_state(&STATE, 0);
+    authenticator_write_state(&STATE);
-    if (backup)
-    {
-        authenticator_write_state(&STATE, 1);
-    }
 }
 
 static uint32_t auth_data_update_count(CTAP_authDataHeader * authData)
@@ -312,7 +308,7 @@ static uint32_t auth_data_update_count(CTAP_authDataHeader * authData)
 static void ctap_increment_rk_store()
 {
     STATE.rk_stored++;
-    ctap_flush_state(1);
+    ctap_flush_state();
 }
 
 static int is_matching_rk(CTAP_residentKey * rk, CTAP_residentKey * rk2)
@@ -1770,8 +1766,7 @@ static void ctap_state_init()
 */
 void ctap_load_external_keys(uint8_t * keybytes){
     memmove(STATE.key_space, keybytes, KEY_SPACE_BYTES);
-    authenticator_write_state(&STATE, 0);
+    authenticator_write_state(&STATE);
-    authenticator_write_state(&STATE, 1);
     crypto_load_master_secret(STATE.key_space);
 }
 
@@ -1785,30 +1780,18 @@ void ctap_init()
             );
     crypto_ecc256_init();
 
-    authenticator_read_state(&STATE);
+    int is_init = authenticator_read_state(&STATE);
 
     device_set_status(CTAPHID_STATUS_IDLE);
 
-    if (STATE.is_initialized == INITIALIZED_MARKER)
+    if (is_init)
     {
         printf1(TAG_STOR,"Auth state is initialized\n");
     }
     else
-    {
-        printf1(TAG_STOR,"Auth state is NOT initialized.  Initializing..\n");
-        if (authenticator_is_backup_initialized())
-        {
-            printf1(TAG_ERR,"Warning: memory corruption detected.  restoring from backup..\n");
-            authenticator_read_backup_state(&STATE);
-            authenticator_write_state(&STATE, 0);
-        }
-        else
     {
         ctap_state_init();
-            authenticator_write_state(&STATE, 0);
+        authenticator_write_state(&STATE);
-            authenticator_write_state(&STATE, 1);
-
-        }
     }
 
     do_migration_if_required(&STATE);
@@ -1875,8 +1858,7 @@ void ctap_update_pin(uint8_t * pin, int len)
 
     STATE.is_pin_set = 1;
 
-    authenticator_write_state(&STATE, 1);
+    authenticator_write_state(&STATE);
-    authenticator_write_state(&STATE, 0);
 
     printf1(TAG_CTAP, "New pin set: %s [%d]\n", pin, len);
     dump_hex1(TAG_ERR, STATE.PIN_CODE_HASH, sizeof(STATE.PIN_CODE_HASH));
@@ -1891,7 +1873,7 @@ uint8_t ctap_decrement_pin_attempts()
     if (! ctap_device_locked())
     {
         STATE.remaining_tries--;
-        ctap_flush_state(0);
+        ctap_flush_state();
         printf1(TAG_CP, "ATTEMPTS left: %d\n", STATE.remaining_tries);
 
         if (ctap_device_locked())
@@ -1926,7 +1908,7 @@ void ctap_reset_pin_attempts()
 {
     STATE.remaining_tries = PIN_LOCKOUT_ATTEMPTS;
     PIN_BOOT_ATTEMPTS_LEFT = PIN_BOOT_ATTEMPTS;
-    ctap_flush_state(0);
+    ctap_flush_state();
 }
 
 void ctap_reset_state()
@@ -2000,7 +1982,7 @@ int8_t ctap_store_key(uint8_t index, uint8_t * key, uint16_t len)
 
     memmove(STATE.key_space + offset, key, len);
 
-    ctap_flush_state(1);
+    ctap_flush_state();
 
     return 0;
 }
@@ -2042,8 +2024,7 @@ void ctap_reset()
 {
     ctap_state_init();
 
-    authenticator_write_state(&STATE, 0);
+    authenticator_write_state(&STATE);
-    authenticator_write_state(&STATE, 1);
 
     if (ctap_generate_rng(PIN_TOKEN, PIN_TOKEN_SIZE) != 1)
     {
@@ -2063,6 +2044,5 @@ void lock_device_permanently() {
 
     printf1(TAG_CP, "Device locked!\n");
 
-    authenticator_write_state(&STATE, 0);
+    authenticator_write_state(&STATE);
-    authenticator_write_state(&STATE, 1);
 }

fido2/ctaphid.h

@@ -59,6 +59,8 @@
 
 #define CTAP_CAPABILITIES           (CAPABILITY_WINK | CAPABILITY_CBOR)
 
+#define HID_MESSAGE_SIZE        64
+
 typedef struct
 {
     uint32_t cid;

fido2/data_migration.c

@@ -56,8 +56,7 @@ bool migrate_from_FF_to_01(AuthenticatorState_0xFF* state_prev_0xff, Authenticat
 
 void save_migrated_state(AuthenticatorState *state_tmp_ptr) {
     memmove(&STATE, state_tmp_ptr, sizeof(AuthenticatorState));
-    authenticator_write_state(state_tmp_ptr, 0);
+    authenticator_write_state(state_tmp_ptr);
-    authenticator_write_state(state_tmp_ptr, 1);
 }
 
 void do_migration_if_required(AuthenticatorState* state_current){

pc/device.c

@@ -291,10 +291,9 @@ int ctap_generate_rng(uint8_t * dst, size_t num)
 
 
 const char * state_file = "authenticator_state.bin";
-const char * backup_file = "authenticator_state2.bin";
 const char * rk_file = "resident_keys.bin";
 
-void authenticator_read_state(AuthenticatorState * state)
+int authenticator_read_state(AuthenticatorState * state)
 {
     FILE * f;
     int ret;
@@ -313,37 +312,19 @@ void authenticator_read_state(AuthenticatorState * state)
         perror("fwrite");
         exit(1);
     }
+    if (state->is_initialized == INITIALIZED_MARKER)
+        return 1;
+    else
+        return 0;
     
 }
 
-void authenticator_read_backup_state(AuthenticatorState * state )
+
+void authenticator_write_state(AuthenticatorState * state)
 {
     FILE * f;
     int ret;
 
-    f = fopen(backup_file, "rb");
-    if (f== NULL)
-    {
-        perror("fopen");
-        exit(1);
-    }
-
-    ret = fread(state, 1, sizeof(AuthenticatorState), f);
-    fclose(f);
-    if(ret != sizeof(AuthenticatorState))
-    {
-        perror("fwrite");
-        exit(1);
-    }
-}
-
-void authenticator_write_state(AuthenticatorState * state, int backup)
-{
-    FILE * f;
-    int ret;
-
-    if (! backup)
-    {
     f = fopen(state_file, "wb+");
     if (f== NULL)
     {
@@ -357,51 +338,6 @@ void authenticator_write_state(AuthenticatorState * state, int backup)
         perror("fwrite");
         exit(1);
     }
-    }
-    else
-    {
-
-        f = fopen(backup_file, "wb+");
-        if (f== NULL)
-        {
-            perror("fopen");
-            exit(1);
-        }
-        ret = fwrite(state, 1, sizeof(AuthenticatorState), f);
-        fclose(f);
-        if (ret != sizeof(AuthenticatorState))
-        {
-            perror("fwrite");
-            exit(1);
-        }
-    }
-}
-
-// Return 1 yes backup is init'd, else 0
-int authenticator_is_backup_initialized()
-{
-    uint8_t header[16];
-    AuthenticatorState * state = (AuthenticatorState*) header;
-    FILE * f;
-    int ret;
-
-    printf("state file exists\n");
-    f = fopen(backup_file, "rb");
-    if (f== NULL)
-    {
-        printf("Warning, backup file doesn't exist\n");
-        return 0;
-    }
-
-    ret = fread(header, 1, sizeof(header), f);
-    fclose(f);
-    if(ret != sizeof(header))
-    {
-        perror("fwrite");
-        exit(1);
-    }
-
-    return state->is_initialized == INITIALIZED_MARKER;
 
 }
 
@@ -484,29 +420,10 @@ void authenticator_initialize()
             exit(1);
         }
 
-        f = fopen(backup_file, "wb+");
-        if (f== NULL)
-        {
-            perror("fopen");
-            exit(1);
-        }
-        mem = malloc(sizeof(AuthenticatorState));
-        memset(mem,0xff,sizeof(AuthenticatorState));
-        ret = fwrite(mem, 1, sizeof(AuthenticatorState), f);
-        free(mem);
-        fclose(f);
-        if (ret != sizeof(AuthenticatorState))
-        {
-            perror("fwrite");
-            exit(1);
-        }
-
         // resident_keys
         memset(&RK_STORE,0xff,sizeof(RK_STORE));
         sync_rk();
 
-
-
     }
 }
 

pc/main.c

@@ -22,6 +22,9 @@
 
 
 void device_init(int argc, char *argv[]);
+int usbhid_recv(uint8_t * msg);
+
+
 
 int main(int argc, char *argv[])
 {

targets/stm32l432/src/device.c

@@ -468,20 +468,8 @@ void heartbeat(void)
 
 }
 
-void authenticator_read_state(AuthenticatorState * a)
-{
-    uint32_t * ptr = (uint32_t *)flash_addr(STATE1_PAGE);
-    memmove(a,ptr,sizeof(AuthenticatorState));
-}
 
-void authenticator_read_backup_state(AuthenticatorState * a)
+static int authenticator_is_backup_initialized(void)
-{
-    uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE);
-    memmove(a,ptr,sizeof(AuthenticatorState));
-}
-
-// Return 1 yes backup is init'd, else 0
-int authenticator_is_backup_initialized(void)
 {
     uint8_t header[16];
     uint32_t * ptr = (uint32_t *)flash_addr(STATE2_PAGE);
@@ -490,20 +478,35 @@ int authenticator_is_backup_initialized(void)
     return state->is_initialized == INITIALIZED_MARKER;
 }
 
-void authenticator_write_state(AuthenticatorState * a, int backup)
+int authenticator_read_state(AuthenticatorState * a)
+{
+    uint32_t * ptr = (uint32_t *) flash_addr(STATE1_PAGE);
+    memmove(a, ptr, sizeof(AuthenticatorState));
+
+    if (a->is_initialized != INITIALIZED_MARKER){
+
+        if (authenticator_is_backup_initialized()){
+            printf1(TAG_ERR,"Warning: memory corruption detected.  restoring from backup..\n");
+            ptr = (uint32_t *) flash_addr(STATE2_PAGE);
+            memmove(a, ptr, sizeof(AuthenticatorState));
+            authenticator_write_state(a);
+            return 1;
+        }
+
+        return 0;
+    }
+
+    return 1;
+}
+
+
+void authenticator_write_state(AuthenticatorState * a)
 {
-    if (! backup)
-    {
     flash_erase_page(STATE1_PAGE);
-
     flash_write(flash_addr(STATE1_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
-    }
-    else
-    {
-        flash_erase_page(STATE2_PAGE);
 
+    flash_erase_page(STATE2_PAGE);
     flash_write(flash_addr(STATE2_PAGE), (uint8_t*)a, sizeof(AuthenticatorState));
-    }
 }
 
 #if !defined(IS_BOOTLOADER)

targets/stm32l432/src/solo.h

@@ -4,6 +4,9 @@
 void device_init();
 
 void main_loop_delay();
+void usbhid_init();
+void usbhid_close();
+int usbhid_recv(uint8_t * msg);
 
 void heartbeat();