  Flash storage description OTP

  OTP parameter block

    The OTP parameter block save the configuration data of each slot. The size of each slot is 64 byte

         Slot         Start    End
      GLOBAL_CONFIG      0       2
      free               3      63
      HOTP_SLOT1        64     127
      HOTP_SLOT2       128     191
      HOTP_SLOT3       192     255

      TOTP_SLOT1       256     319
      TOTP_SLOT2       320     383
      TOTP_SLOT3       384     447
      TOTP_SLOT4       448     511
      TOTP_SLOT5       512     575
      TOTP_SLOT6       576     639
      TOTP_SLOT7       640     703
      TOTP_SLOT8       704     767
      TOTP_SLOT9       768     831
      TOTP_SLOT10      832     896
      TOTP_SLOT11      896     939
      TOTP_SLOT12     1088    1151	//Start of second OTP slot page
      TOTP_SLOT13     1152    1215	//The first slot has been left empty 
      TOTP_SLOT14     1216    1280	//in case of future need
      TOTP_SLOT15     1280    1343


  OTP configuration slot

    Slot size 64 byte

    Contain the parameter data - 50 data byte
                       Start   Description
    SLOT_TYPE_OFFSET     0       1 byte slot type TOTP, HOTP
    SLOT_NAME_OFFSET     1      15 byte slot name
    SECRET_OFFSET       16      20 byte secret key
    CONFIG_OFFSET       36       1 byte config byte
    TOKEN_ID_OFFSET     37      12 byte token ID


  OTP counter storage slot

    This field is used for storing the actual counter value. Because of the limitation of flash
    erase accesses (10,000 for a Stick 1.4 flash page (1024 byte), 100,000 for a Stick 2.0 flash page (512 byte)).
    it is necessary to reduce the erase access of the flash. This is done by using a greater area of the flash.
    The limitation of flash accesses is only in the change of the bits to 1 in a flash page.
    Only all bit in a hole flash page can set to 1 in a single process (this is the erase access).
    The setting to 0 of a bit in the flash page is independent to other bits.

    The implementation:
    The first 8 byte of the slot contains the base counter of stored value as an unsigned 64 bit value. The
    remaining page stored a token per flash byte for a used number. When all tokens in a slot are used, the
    base counter is raised and the tokens are reseted to 0xff

    Flash page layout

    Entry                Position
    Counter base         0 -    7     8 byte, unsigned 64 bit
    Use flags            8 - 1023     1016 byte marked a used value (for Stick 1.4)
    Use flags            8 -  511     504 byte marked a used value (for Stick 2.0)

    Flash page byte order
    0         1         2         3         4              End of flash page
    01234567890123456789012345678901234567890123456789.... X
    VVVVVVVVFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.... .

    V = 64 bit counter base value
    F = token for a used value, 0xFF = unused, 0x00 = used

    The actual counter is the sum of the counter base value and the number of tokens with a 0 in the slot.

    Example:

          Flash page byte order
          0         1         2         3         4              End of flash page
          01234567890123456789012345678901234567890123456789.... X
      xHi 0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.... .
      xLo 0000001000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.... .

          V = 0x0100 = 256
          Token 0-7 are marked as used = 8 tokens are marked

          Counter value = 256 + 8 = 264


    Slot size 1024 byte   Stick 1.4
    Slot size  512 byte   Stick 2.0


  OTP time storage slot
     
    The time storage has the same limitation as the OTP counter storage. For reference read above.

    Store time command data:
    The data that is send from the Utility for the storing of the time has the following format: The first byte
    of the *report is the command type ( similar to all other command data). The second byte is used for the
    overriding of the time. If that byte is set to 1 it means that the user has requested an overriding of the
    time in firmware and provided correct Admin PIN to authorize that. If this has any other value the time 
    shouldn't be overwritten. The next 64 bits represent the seconds since epoch (1 January 1970). That 
    value is stored in a RAM variable which is used to calculate the TOTP token and is also used to calculate 
    the value to be stored in the flash ( (Epoch value -  1388534400)/60 , the value 1388534400 is the number 
    of seconds from 1 January 1970 to 1 January 2014 ). The time is only written in three cases: the second 
    byte of the command data is 1, the old time (return by the function get_time_value) has a value smaller 
    than the new time (in minutes) and if the old time is 0xFFFFFFFF (bellow is an explanation when this happens).

    Implementation:
    The time is stored as a 24 bit value representing the minutes that have passed since 1 January 2014 plus
    a 8 bit CRC code of the value (The polynomial used for the  crc calculation is 100110001). On request for 
    the reset of time (when the device and utility connect to each other and every time a new TOTP token is 
    requested) the time is stored on a new position in the time slot that is 32 bit offset from the begging.
    If the slot is empty ( the first position has value 0xFFFFFFFF ) that is returned by the get_time_value() 
    function. When there are no empty positions in the slot it is reset and the time is stored on the position with 
    offset 0. To find the last position on which the time has been set we iterate trough all the possible 
    positions and check if position has value of 0xFFFFFFFF if it has the previous position holds the last 
    time. If the value is different then we continue the iteration. To find the next free position in which
    the time can be written we do the same as when looking for the last written time and when we find a position
    with the value 0xFFFFFFFF that is the next free position.    

  OTP backup slot
    Backup of the OTP parameter block


