From 8e3753e71116b331084af142010bc5f45dbcab17 Mon Sep 17 00:00:00 2001
From: Szczepan Zalega <szczepan@nitrokey.com>
Date: Tue, 20 Aug 2019 11:31:09 +0200
Subject: [PATCH] Add initial STATE migration code (2)

---
 fido2/ctap.c           |  4 ++++
 fido2/data_migration.c |  3 +++
 fido2/storage.h        | 19 ++++++++++++++++++-
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/fido2/ctap.c b/fido2/ctap.c
index 9081149..29d1006 100644
--- a/fido2/ctap.c
+++ b/fido2/ctap.c
@@ -25,6 +25,7 @@
 #include "extensions.h"
 
 #include "device.h"
+#include "data_migration.h"
 
 uint8_t PIN_TOKEN[PIN_TOKEN_SIZE];
 uint8_t KEY_AGREEMENT_PUB[64];
@@ -1725,6 +1726,7 @@ static void ctap_state_init()
     STATE.remaining_tries = PIN_LOCKOUT_ATTEMPTS;
     STATE.is_pin_set = 0;
     STATE.rk_stored = 0;
+    STATE.data_version = STATE_VERSION;
 
     ctap_reset_rk();
 
@@ -1768,6 +1770,8 @@ void ctap_init()
         }
     }
 
+    do_migration_if_required(&STATE);
+
     crypto_load_master_secret(STATE.key_space);
 
     if (ctap_is_pin_set())
diff --git a/fido2/data_migration.c b/fido2/data_migration.c
index e4cbcf1..1228bb1 100644
--- a/fido2/data_migration.c
+++ b/fido2/data_migration.c
@@ -81,6 +81,9 @@ void do_migration_if_required(AuthenticatorState* state_current){
         dump_hex1(TAG_ERR, (void*)&state_previous, sizeof(state_previous));
         save_migrated_state(&state_tmp);
     }
+
+    assert(state_current->data_version == STATE_VERSION);
+
     return_cleanup:
     memset(&state_tmp, 0, sizeof(AuthenticatorState));
     memset(&state_previous, 0, sizeof(AuthenticatorState));
diff --git a/fido2/storage.h b/fido2/storage.h
index 6432229..a014e0e 100644
--- a/fido2/storage.h
+++ b/fido2/storage.h
@@ -12,6 +12,7 @@
 #define KEY_SPACE_BYTES     128
 #define MAX_KEYS            (1)
 #define PIN_SALT_LEN        (32)
+#define STATE_VERSION        (1)
 
 
 #define BACKUP_MARKER       0x5A
@@ -21,6 +22,22 @@
 #define ERR_KEY_SPACE_TAKEN (-2)
 #define ERR_KEY_SPACE_EMPTY (-2)
 
+typedef struct
+{
+  // Pin information
+  uint8_t is_initialized;
+  uint8_t is_pin_set;
+  uint8_t pin_code[NEW_PIN_ENC_MIN_SIZE];
+  int pin_code_length;
+  int8_t remaining_tries;
+
+  uint16_t rk_stored;
+
+  uint16_t key_lens[MAX_KEYS];
+  uint8_t key_space[KEY_SPACE_BYTES];
+} AuthenticatorState_0xFF;
+
+
 typedef struct
 {
     // Pin information
@@ -28,7 +45,7 @@ typedef struct
     uint8_t is_pin_set;
     uint8_t PIN_CODE_HASH[32];
     uint8_t PIN_SALT[PIN_SALT_LEN];
-    int _reserved_pin_code_length;
+    int _reserved;
     int8_t remaining_tries;
 
     uint16_t rk_stored;