sys/fido2: update flash handling based on flashpage API extension

Author: Ollrogge

sys/fido2/ctap/Kconfig

@@ -84,12 +84,22 @@ config FIDO2_CTAP_UP_BUTTON_FLANK_RISING
 
 endchoice
 
-config FIDO2_CTAP_FLASH_START_PAGE
-    int "First flash page to store data in"
-    default -1
+config FIDO2_CTAP_NUM_FLASHPAGES
+    int "Amount of flashpages to use"
+    range 2 256
+    default 4
     help
-        Configuring this incorrectly can lead to firmware corruption so make sure
-        the flash page is located after the firmware.
+        Configure how many flashpages are used to store FIDO2 CTAP data.
+
+        To save a credential in flash memory, roughly 156 bytes are needed. This
+        number might change slightly depending on the flash block size.
+        Therefore, if one wants to e.g. save 40 credentials and the flashpage
+        size is 4096 bytes roughly 156 * 40 / 4096 (2) flashpages are needed.
+        To save authenticator state data one additional flashpage is needed.
+        So in total one has to configure 3 to save 40 credentials.
+
+        Configuring the amount too high can lead to loss of FIDO2 data as a
+        result of firmware updates when using riotboot in two slot mode.
 
 rsource "transport/Kconfig"
 

sys/fido2/ctap/ctap.c

@@ -1530,7 +1530,8 @@ static int _find_matching_rks(ctap_resident_key_t *rks, size_t rks_len,
 static int _save_rk(ctap_resident_key_t *rk)
 {
     int ret;
-    int page_num = CTAP_FLASH_RK_START_PAGE, offset_into_page = 0;
+    int page_num = fido2_ctap_mem_get_rk_start_page();
+    int offset_into_page = 0;
     bool equal = false;
     ctap_resident_key_t rk_tmp = { 0 };
 
@@ -1792,12 +1793,12 @@ static int _ctap_decrypt_rk(ctap_resident_key_t *rk, ctap_cred_id_t *id)
 
 static int _write_state_to_flash(const ctap_state_t *state)
 {
-    return fido2_ctap_mem_write(state, CTAP_FLASH_STATE_PAGE, 0, CTAP_FLASH_STATE_SZ);
+    return fido2_ctap_mem_write(state, fido2_ctap_mem_get_state_flashpage_number(), 0, CTAP_FLASH_STATE_SZ);
 }
 
 static int _read_state_from_flash(ctap_state_t *state)
 {
-    return fido2_ctap_mem_read(state, CTAP_FLASH_STATE_PAGE, 0, sizeof(*state));
+    return fido2_ctap_mem_read(state, fido2_ctap_mem_get_state_flashpage_number(), 0, sizeof(*state));
 }
 
 static int _write_rk_to_flash(const ctap_resident_key_t *rk, int page, int offset)

sys/fido2/ctap/ctap_mem.c

@@ -41,30 +41,33 @@ static uint16_t _max_rk_amnt;
 static bool _flash_is_erased(int page, int offset, size_t len);
 
 /**
- * @brief   Get amount of flashpages
+ * @brief   Get available amount of flashpages to store resident keys
  */
-static unsigned _amount_of_flashpages(void);
+static unsigned _amount_flashpages_rk(void);
 
 int fido2_ctap_mem_init(void)
 {
     int ret;
+    unsigned start = fido2_ctap_mem_get_rk_start_page();
+    unsigned amount = _amount_flashpages_rk();
 
     ret = mtd_init(&_mtd_dev);
 
     if (ret < 0) {
         return ret;
     }
 
-    for (unsigned i = CTAP_FLASH_RK_START_PAGE; i < _amount_of_flashpages(); i++) {
+    for (unsigned i = start; i < start + amount; i++) {
         _max_rk_amnt += flashpage_size(i) / CTAP_FLASH_RK_SZ;
     }
 
     return CTAP2_OK;
 }
 
-static unsigned _amount_of_flashpages(void)
+static unsigned _amount_flashpages_rk(void)
 {
-    return _mtd_dev.sector_count * _mtd_dev.pages_per_sector;
+    /* -1 because first page holds authenticator state information */
+    return CONFIG_FIDO2_CTAP_NUM_FLASHPAGES - 1;
 }
 
 int fido2_ctap_mem_read(void *buf, uint32_t page, uint32_t offset, uint32_t len)
@@ -127,8 +130,10 @@ uint16_t fido2_ctap_mem_get_max_rk_amount(void)
 int fido2_ctap_mem_get_flashpage_number_of_rk(uint16_t rk_idx)
 {
     uint16_t idx = 0;
+    unsigned start = fido2_ctap_mem_get_rk_start_page();
+    unsigned amount = _amount_flashpages_rk();
 
-    for (unsigned i = CTAP_FLASH_RK_START_PAGE; i < _amount_of_flashpages(); i++) {
+    for (unsigned i = start; i < start + amount; i++) {
         idx += flashpage_size(i) / CTAP_FLASH_RK_SZ;
 
         if (idx >= rk_idx) {
@@ -142,8 +147,10 @@ int fido2_ctap_mem_get_flashpage_number_of_rk(uint16_t rk_idx)
 int fido2_ctap_mem_get_offset_of_rk_into_flashpage(uint16_t rk_idx)
 {
     uint16_t idx = 0;
+    unsigned start = fido2_ctap_mem_get_rk_start_page();
+    unsigned amount = _amount_flashpages_rk();
 
-    for (unsigned i = CTAP_FLASH_RK_START_PAGE; i < _amount_of_flashpages(); i++) {
+    for (unsigned i = start; i < start + amount; i++) {
         uint16_t old_idx = idx;
         idx += flashpage_size(i) / CTAP_FLASH_RK_SZ;
 
@@ -154,3 +161,13 @@ int fido2_ctap_mem_get_offset_of_rk_into_flashpage(uint16_t rk_idx)
 
     return -1;
 }
+
+unsigned fido2_ctap_mem_get_state_flashpage_number(void)
+{
+    return flashpage_last_free() - CONFIG_FIDO2_CTAP_NUM_FLASHPAGES + 1;
+}
+
+unsigned fido2_ctap_mem_get_rk_start_page(void)
+{
+    return fido2_ctap_mem_get_state_flashpage_number() + 1;
+}

sys/include/fido2/ctap/ctap_mem.h

@@ -41,28 +41,16 @@ extern "C" {
 /** @} */
 
 /**
- * @brief First flash page to store data in
- *
- * @note This can corrupt firmware if CTAP_FLASH_START_PAGE is set to a
- * flash page containing firmware. Therefore make sure that CTAP_FLASH_START_PAGE
- * is located after the firmware.
+ * @brief   Default amount of flashpages to use
  */
-#if defined(CONFIG_FIDO2_CTAP_FLASH_START_PAGE) && \
-    (CONFIG_FIDO2_CTAP_FLASH_START_PAGE >= 0)
-#define CTAP_FLASH_START_PAGE CONFIG_FIDO2_CTAP_FLASH_START_PAGE
-#else
-#define CTAP_FLASH_START_PAGE (FLASHPAGE_NUMOF - 4)
+#ifndef CONFIG_FIDO2_CTAP_NUM_FLASHPAGES
+#define CONFIG_FIDO2_CTAP_NUM_FLASHPAGES 4
 #endif
 
-/**
- * @brief Start page for storing resident keys
- */
-#define CTAP_FLASH_RK_START_PAGE CTAP_FLASH_START_PAGE
-
-/**
- * @brief Page for storing authenticator state information
- */
-#define CTAP_FLASH_STATE_PAGE CTAP_FLASH_RK_START_PAGE - 1
+#if CONFIG_FIDO2_CTAP_NUM_FLASHPAGES <= 2 || \
+    CONFIG_FIDO2_CTAP_NUM_FLASHPAGES >= FLASHPAGE_NUMOF
+#error "ctap_mem.h: Configured number of flashpages is invalid"
+#endif
 
 /**
  * @brief Calculate padding needed to align struct size for saving to flash
@@ -155,6 +143,20 @@ int fido2_ctap_mem_get_flashpage_number_of_rk(uint16_t rk_idx);
  */
 int fido2_ctap_mem_get_offset_of_rk_into_flashpage(uint16_t rk_idx);
 
+/**
+ * @brief Get page number for storing authenticator state information
+ *
+ * @return page number
+ */
+unsigned fido2_ctap_mem_get_state_flashpage_number(void);
+
+/**
+ * @brief Get start page for storing resident keys
+ *
+ * @return page number
+ */
+unsigned fido2_ctap_mem_get_rk_start_page(void);
+
 #ifdef __cplusplus
 }
 #endif