keystore: make password stretching a function of the securechip

So the two different securechip implementations (ATECC608 and Optiga
Trust M V3) can implement stretching differently. This is needed
because in the Optiga, we will add an additional stretching step.

Author: benma

src/atecc/atecc.c

@@ -16,7 +16,9 @@
 #include "hardfault.h"
 #include "securechip/securechip.h"
 #include <i2c_ecc.h>
+#include <salt.h>
 #include <util.h>
+#include <wally_crypto.h>
 
 // disabling some warnings, as it's an external library.
 #pragma GCC diagnostic push
@@ -75,6 +77,10 @@ static uint8_t _configuration[ATCA_ECC_CONFIG_SIZE] = {
 // Number of times the first kdf slot can be used.
 #define MONOTONIC_COUNTER_MAX_USE (730500)
 
+// This number of KDF iterations on the 2nd kdf slot when stretching the device
+// password.
+#define KDF_NUM_ITERATIONS (2)
+
 // The total individual size of the public key data slots (slots 9-15) is 72 bytes. Using encrypted
 // read/write it is only possible to transmit 32 bytes. The last block is therefore 8 (72 =
 // 32+32+8).
@@ -586,9 +592,53 @@ int atecc_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out)
     return _atecc_kdf(ATECC_SLOT_KDF, msg, len, kdf_out);
 }
 
-int atecc_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out)
+int atecc_stretch_password(const char* password, uint8_t* stretched_out)
 {
-    return _atecc_kdf(ATECC_SLOT_ROLLKEY, msg, len, kdf_out);
+    uint8_t password_salted_hashed[32] = {0};
+    UTIL_CLEANUP_32(password_salted_hashed);
+    if (!salt_hash_data(
+            (const uint8_t*)password,
+            strlen(password),
+            "keystore_seed_access_in",
+            password_salted_hashed)) {
+        return SC_ERR_SALT;
+    }
+
+    uint8_t kdf_in[32] = {0};
+    UTIL_CLEANUP_32(kdf_in);
+    memcpy(kdf_in, password_salted_hashed, 32);
+
+    // First KDF on rollkey increments the monotonic counter. Call only once!
+    int securechip_result = _atecc_kdf(ATECC_SLOT_ROLLKEY, kdf_in, 32, stretched_out);
+    if (securechip_result) {
+        return securechip_result;
+    }
+    // Second KDF does not use the counter and we call it multiple times.
+    for (int i = 0; i < KDF_NUM_ITERATIONS; i++) {
+        memcpy(kdf_in, stretched_out, 32);
+        securechip_result = securechip_kdf(kdf_in, 32, stretched_out);
+        if (securechip_result) {
+            return securechip_result;
+        }
+    }
+
+    if (!salt_hash_data(
+            (const uint8_t*)password,
+            strlen(password),
+            "keystore_seed_access_out",
+            password_salted_hashed)) {
+        return SC_ERR_SALT;
+    }
+    if (wally_hmac_sha256(
+            password_salted_hashed,
+            sizeof(password_salted_hashed),
+            stretched_out,
+            32,
+            stretched_out,
+            32) != WALLY_OK) {
+        return SC_ERR_HASH;
+    }
+    return 0;
 }
 
 bool atecc_gen_attestation_key(uint8_t* pubkey_out)

src/atecc/atecc.h

@@ -28,7 +28,7 @@
 USE_RESULT int atecc_setup(const securechip_interface_functions_t* ifs);
 USE_RESULT bool atecc_update_keys(void);
 USE_RESULT int atecc_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out);
-USE_RESULT int atecc_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out);
+USE_RESULT int atecc_stretch_password(const char* password, uint8_t* stretched_out);
 USE_RESULT bool atecc_gen_attestation_key(uint8_t* pubkey_out);
 USE_RESULT bool atecc_attestation_sign(const uint8_t* challenge, uint8_t* signature_out);
 USE_RESULT bool atecc_monotonic_increments_remaining(uint32_t* remaining_out);

src/keystore.c

@@ -160,69 +160,6 @@ static bool _copy_bip39_seed(uint8_t* bip39_seed_out)
     return true;
 }
 
-/**
- * Stretch the user password using the securechip, putting the result in `kdf_out`, which must be 32
- * bytes. `securechip_result_out`, if not NULL, will contain the error code from `securechip_kdf()`
- * if there was a secure chip error, and 0 otherwise.
- */
-static keystore_error_t _stretch_password(
-    const char* password,
-    uint8_t* kdf_out,
-    int* securechip_result_out)
-{
-    if (securechip_result_out != NULL) {
-        *securechip_result_out = 0;
-    }
-    uint8_t password_salted_hashed[32] = {0};
-    UTIL_CLEANUP_32(password_salted_hashed);
-    if (!salt_hash_data(
-            (const uint8_t*)password,
-            strlen(password),
-            "keystore_seed_access_in",
-            password_salted_hashed)) {
-        return KEYSTORE_ERR_SALT;
-    }
-
-    uint8_t kdf_in[32] = {0};
-    UTIL_CLEANUP_32(kdf_in);
-    memcpy(kdf_in, password_salted_hashed, 32);
-
-    // First KDF on rollkey increments the monotonic counter. Call only once!
-    int securechip_result = securechip_kdf_rollkey(kdf_in, 32, kdf_out);
-    if (securechip_result) {
-        if (securechip_result_out != NULL) {
-            *securechip_result_out = securechip_result;
-        }
-        return KEYSTORE_ERR_SECURECHIP;
-    }
-    // Second KDF does not use the counter and we call it multiple times.
-    for (int i = 0; i < KDF_NUM_ITERATIONS; i++) {
-        memcpy(kdf_in, kdf_out, 32);
-        securechip_result = securechip_kdf(kdf_in, 32, kdf_out);
-        if (securechip_result) {
-            if (securechip_result_out != NULL) {
-                *securechip_result_out = securechip_result;
-            }
-            return KEYSTORE_ERR_SECURECHIP;
-        }
-    }
-
-    if (!salt_hash_data(
-            (const uint8_t*)password,
-            strlen(password),
-            "keystore_seed_access_out",
-            password_salted_hashed)) {
-        return KEYSTORE_ERR_SALT;
-    }
-    if (wally_hmac_sha256(
-            password_salted_hashed, sizeof(password_salted_hashed), kdf_out, 32, kdf_out, 32) !=
-        WALLY_OK) {
-        return KEYSTORE_ERR_HASH;
-    }
-
-    return KEYSTORE_OK;
-}
-
 /**
  * Retrieves the encrypted seed and attempts to decrypt it using the password.
  *
@@ -243,9 +180,12 @@ static keystore_error_t _get_and_decrypt_seed(
     }
     uint8_t secret[32];
     UTIL_CLEANUP_32(secret);
-    keystore_error_t result = _stretch_password(password, secret, securechip_result_out);
-    if (result != KEYSTORE_OK) {
-        return result;
+    int stretch_result = securechip_stretch_password(password, secret);
+    if (securechip_result_out != NULL) {
+        *securechip_result_out = stretch_result;
+    }
+    if (stretch_result) {
+        return KEYSTORE_ERR_SECURECHIP;
     }
     if (encrypted_len < 49) {
         Abort("_get_and_decrypt_seed: underflow / zero size");
@@ -307,9 +247,8 @@ keystore_error_t keystore_encrypt_and_store_seed(
     }
     uint8_t secret[32] = {0};
     UTIL_CLEANUP_32(secret);
-    keystore_error_t res = _stretch_password(password, secret, NULL);
-    if (res != KEYSTORE_OK) {
-        return res;
+    if (securechip_stretch_password(password, secret)) {
+        return KEYSTORE_ERR_SECURECHIP;
     }
 
     size_t encrypted_seed_len = seed_length + 64;

src/optiga/optiga.c

@@ -23,8 +23,10 @@
 #include <optiga_crypt.h>
 #include <optiga_util.h>
 #include <rust/rust.h>
+#include <salt.h>
 #include <securechip/securechip.h>
 #include <util.h>
+#include <wally_crypto.h>
 
 // Set this to 1 for a more convenience during development.
 // Factory setup will be performed in the normal firmware, which makes it easier to tinker with the
@@ -67,6 +69,10 @@
 // See Solution Reference Manual Table 79 "Data structure arbitrary data object".
 #define ARBITRARY_DATA_OBJECT_TYPE_3_MAX_SIZE 140
 
+// This number of KDF iterations on the external kdf slot when stretching the device
+// password.
+#define KDF_NUM_ITERATIONS (2)
+
 // Struct stored in the arbitrary data object.
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wpacked"
@@ -1140,7 +1146,7 @@ int optiga_kdf_external(const uint8_t* msg, size_t len, uint8_t* mac_out)
     return 0;
 }
 
-int optiga_kdf_internal(const uint8_t* msg, size_t len, uint8_t* kdf_out)
+static int _kdf_internal(const uint8_t* msg, size_t len, uint8_t* kdf_out)
 {
     if (len != 32) {
         return SC_ERR_INVALID_ARGS;
@@ -1172,6 +1178,55 @@ int optiga_kdf_internal(const uint8_t* msg, size_t len, uint8_t* kdf_out)
     return 0;
 }
 
+int optiga_stretch_password(const char* password, uint8_t* stretched_out)
+{
+    uint8_t password_salted_hashed[32] = {0};
+    UTIL_CLEANUP_32(password_salted_hashed);
+    if (!salt_hash_data(
+            (const uint8_t*)password,
+            strlen(password),
+            "optiga_password_stretch_in",
+            password_salted_hashed)) {
+        return SC_ERR_SALT;
+    }
+
+    uint8_t kdf_in[32] = {0};
+    UTIL_CLEANUP_32(kdf_in);
+    memcpy(kdf_in, password_salted_hashed, 32);
+
+    // First KDF on internal key increments the monotonic counter. Call only once!
+    int securechip_result = _kdf_internal(kdf_in, 32, stretched_out);
+    if (securechip_result) {
+        return securechip_result;
+    }
+    // Second KDF does not use the counter and we call it multiple times.
+    for (int i = 0; i < KDF_NUM_ITERATIONS; i++) {
+        memcpy(kdf_in, stretched_out, 32);
+        securechip_result = optiga_kdf_external(kdf_in, 32, stretched_out);
+        if (securechip_result) {
+            return securechip_result;
+        }
+    }
+
+    if (!salt_hash_data(
+            (const uint8_t*)password,
+            strlen(password),
+            "optiga_password_stretch_out",
+            password_salted_hashed)) {
+        return SC_ERR_SALT;
+    }
+    if (wally_hmac_sha256(
+            password_salted_hashed,
+            sizeof(password_salted_hashed),
+            stretched_out,
+            32,
+            stretched_out,
+            32) != WALLY_OK) {
+        return SC_ERR_HASH;
+    }
+    return 0;
+}
+
 bool optiga_gen_attestation_key(uint8_t* pubkey_out)
 {
     optiga_key_id_t slot = OPTIGA_KEY_ID_E0F1;

src/optiga/optiga.h

@@ -28,7 +28,7 @@
 USE_RESULT int optiga_setup(const securechip_interface_functions_t* ifs);
 USE_RESULT bool optiga_update_keys(void);
 USE_RESULT int optiga_kdf_external(const uint8_t* msg, size_t len, uint8_t* mac_out);
-USE_RESULT int optiga_kdf_internal(const uint8_t* msg, size_t len, uint8_t* mac_out);
+USE_RESULT int optiga_stretch_password(const char* password, uint8_t* stretched_out);
 USE_RESULT bool optiga_gen_attestation_key(uint8_t* pubkey_out);
 USE_RESULT bool optiga_attestation_sign(const uint8_t* challenge, uint8_t* signature_out);
 USE_RESULT bool optiga_monotonic_increments_remaining(uint32_t* remaining_out);

src/securechip/securechip.c

@@ -23,7 +23,7 @@ typedef struct {
     int (*setup)(const securechip_interface_functions_t* fns);
     bool (*update_keys)(void);
     int (*kdf)(const uint8_t* msg, size_t msg_len, uint8_t* kdf_out);
-    int (*kdf_rollkey)(const uint8_t* msg, size_t msg_len, uint8_t* kdf_out);
+    int (*stretch_password)(const char* password, uint8_t* stretched_out);
     bool (*gen_attestation_key)(uint8_t* pubkey_out);
     bool (*attestation_sign)(const uint8_t* challenge, uint8_t* signature_out);
     bool (*monotonic_increments_remaining)(uint32_t* remaining_out);
@@ -47,7 +47,7 @@ bool securechip_init(void)
         _fns.setup = optiga_setup;
         _fns.update_keys = optiga_update_keys;
         _fns.kdf = optiga_kdf_external;
-        _fns.kdf_rollkey = optiga_kdf_internal;
+        _fns.stretch_password = optiga_stretch_password;
         _fns.gen_attestation_key = optiga_gen_attestation_key;
         _fns.attestation_sign = optiga_attestation_sign;
         _fns.monotonic_increments_remaining = optiga_monotonic_increments_remaining;
@@ -65,7 +65,7 @@ bool securechip_init(void)
         _fns.setup = atecc_setup;
         _fns.update_keys = atecc_update_keys;
         _fns.kdf = atecc_kdf;
-        _fns.kdf_rollkey = atecc_kdf_rollkey;
+        _fns.stretch_password = atecc_stretch_password;
         _fns.gen_attestation_key = atecc_gen_attestation_key;
         _fns.attestation_sign = atecc_attestation_sign;
         _fns.monotonic_increments_remaining = atecc_monotonic_increments_remaining;
@@ -107,10 +107,10 @@ int securechip_kdf(const uint8_t* msg, size_t msg_len, uint8_t* mac_out)
     return _fns.kdf(msg, msg_len, mac_out);
 }
 
-int securechip_kdf_rollkey(const uint8_t* msg, size_t msg_len, uint8_t* mac_out)
+int securechip_stretch_password(const char* password, uint8_t* stretched_out)
 {
-    ABORT_IF_NULL(kdf_rollkey);
-    return _fns.kdf_rollkey(msg, msg_len, mac_out);
+    ABORT_IF_NULL(stretch_password);
+    return _fns.stretch_password(password, stretched_out);
 }
 
 bool securechip_gen_attestation_key(uint8_t* pubkey_out)

src/securechip/securechip.h

@@ -27,6 +27,8 @@ typedef enum {
     SC_ERR_IFS = -1,
     SC_ERR_INVALID_ARGS = -2,
     SC_ERR_CONFIG_MISMATCH = -3,
+    SC_ERR_SALT = -4,
+    SC_ERR_HASH = -5,
 
     // Errors specific to the ATECC
     SC_ATECC_ERR_ZONE_UNLOCKED_CONFIG = -100,
@@ -85,6 +87,7 @@ USE_RESULT bool securechip_update_keys(void);
 
 /**
  * Perform KDF using the key in kdf slot with the input msg.
+ * This must not increment a monotonic counter.
  * @param[in] msg Use this msg as input
  * @param[in] len Must be <= 127.
  * @param[out] kdf_out Must have size 32. Result of the kdf will be stored here.
@@ -95,7 +98,7 @@ USE_RESULT bool securechip_update_keys(void);
 USE_RESULT int securechip_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out);
 
 /**
- * Perform KDF using the key in rollkey slot with the input msg.
+ * Stretch password using secrets in the secure chip.
  * Calling this function increments the monotonic counter.
  * @param[in] msg Use this msg as input
  * @param[in] len Must be <= 127.
@@ -104,7 +107,7 @@ USE_RESULT int securechip_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out);
  * @return 0 on success. Values of `securechip_error_t` if negative. If positive, values of
  * `ATCA_STATUS` for ATECC, values of optiga_lib_return_codes.h for Optiga.
  */
-USE_RESULT int securechip_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out);
+USE_RESULT int securechip_stretch_password(const char* password, uint8_t* stretched_out);
 
 /**
  * Generates a new attestation device key and outputs the public key.

test/simulator/framework/mock_securechip.c

@@ -29,11 +29,6 @@ bool securechip_update_keys(void)
     return true;
 }
 
-// Mocked contents of the secure chip rollkey slot.
-static const uint8_t _rollkey[32] =
-    "\x9d\xd1\x34\x1f\x6b\x4b\x26\xb1\x72\x89\xa1\xa3\x92\x71\x5c\xf0\xd0\x57\x8c\x84\xdb\x9a\x51"
-    "\xeb\xde\x14\x24\x06\x69\xd1\xd0\x5e";
-
 // Mocked contents of the securechip kdf slot.
 static const uint8_t _kdfkey[32] =
     "\xd2\xe1\xe6\xb1\x8b\x6c\x6b\x08\x43\x3e\xdb\xc1\xd1\x68\xc1\xa0\x04\x37\x74\xa4\x22\x18\x77"
@@ -44,9 +39,9 @@ int securechip_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out)
     wally_hmac_sha256(_kdfkey, 32, msg, len, kdf_out, 32);
     return 0;
 }
-int securechip_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out)
+int securechip_stretch_password(const char* password, uint8_t* stretched_out)
 {
-    wally_hmac_sha256(_rollkey, 32, msg, len, kdf_out, 32);
+    memset(stretched_out, 0, 32);
     return 0;
 }