initial on-device key generation

fido2/crypto.h

@@ -49,7 +49,6 @@ void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, ui
 void crypto_ecc256_make_key_pair(uint8_t * pubkey, uint8_t * privkey);
 void crypto_ecc256_shared_secret(const uint8_t * pubkey, const uint8_t * privkey, uint8_t * shared_secret);
 
-// Key must be 32 bytes
 #define CRYPTO_TRANSPORT_KEY            NULL
 #define CRYPTO_MASTER_KEY               NULL
 
@@ -61,6 +60,7 @@ void crypto_aes256_decrypt(uint8_t * buf, int lenth);
 void crypto_aes256_encrypt(uint8_t * buf, int lenth);
 
 void crypto_reset_master_secret();
+void crypto_load_master_secret(uint8_t * key);
 
 
 extern const uint8_t attestation_cert_der[];

fido2/ctap.c

@@ -1253,6 +1253,9 @@ static void ctap_state_init()
 {
     // Set to 0xff instead of 0x00 to be easier on flash
     memset(&STATE, 0xff, sizeof(AuthenticatorState));
+    // Fresh RNG for key
+    ctap_generate_rng(STATE.key_space, KEY_SPACE_BYTES);
+
     STATE.is_initialized = INITIALIZED_MARKER;
     STATE.remaining_tries = PIN_LOCKOUT_ATTEMPTS;
     STATE.is_pin_set = 0;
@@ -1286,6 +1289,8 @@ void ctap_init()
         }
     }
 
+    crypto_load_master_secret(STATE.key_space);
+
     if (ctap_is_pin_set())
     {
         printf1(TAG_STOR,"pin code: \"%s\"\n", STATE.pin_code);
@@ -1303,7 +1308,6 @@ void ctap_init()
         printf1(TAG_ERR, "DEVICE LOCKED!\n");
     }
 
-
     if (ctap_generate_rng(PIN_TOKEN, PIN_TOKEN_SIZE) != 1)
     {
         printf2(TAG_ERR,"Error, rng failed\n");
@@ -1513,4 +1517,3 @@ void ctap_reset()
 
     crypto_reset_master_secret();   // Not sure what the significance of this is??
 }
-