Merge remote-tracking branch 'benma/optiga-lowctr'

Author: benma

src/atecc/atecc.c

@@ -16,7 +16,9 @@
 #include "hardfault.h"
 #include "securechip/securechip.h"
 #include <i2c_ecc.h>
+#include <salt.h>
 #include <util.h>
+#include <wally_crypto.h>
 
 // disabling some warnings, as it's an external library.
 #pragma GCC diagnostic push
@@ -75,6 +77,10 @@ static uint8_t _configuration[ATCA_ECC_CONFIG_SIZE] = {
 // Number of times the first kdf slot can be used.
 #define MONOTONIC_COUNTER_MAX_USE (730500)
 
+// This number of KDF iterations on the 2nd kdf slot when stretching the device
+// password.
+#define KDF_NUM_ITERATIONS (2)
+
 // The total individual size of the public key data slots (slots 9-15) is 72 bytes. Using encrypted
 // read/write it is only possible to transmit 32 bytes. The last block is therefore 8 (72 =
 // 32+32+8).
@@ -516,14 +522,6 @@ static ATCA_STATUS _update_kdf_key(void)
         ATECC_SLOT_KDF, 0, new_key, encryption_key, ATECC_SLOT_ENCRYPTION_KEY, nonce_contribution);
 }
 
-bool atecc_update_keys(void)
-{
-    if (_rollkey() != ATCA_SUCCESS) {
-        return false;
-    }
-    return _update_kdf_key() == ATCA_SUCCESS;
-}
-
 static int _atecc_kdf(atecc_slot_t slot, const uint8_t* msg, size_t len, uint8_t* kdf_out)
 {
     if (len > 127 || (slot != ATECC_SLOT_ROLLKEY && slot != ATECC_SLOT_KDF)) {
@@ -586,9 +584,70 @@ int atecc_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out)
     return _atecc_kdf(ATECC_SLOT_KDF, msg, len, kdf_out);
 }
 
-int atecc_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out)
+int atecc_init_new_password(const char* password)
+{
+    (void)password;
+    if (!atecc_reset_keys()) {
+        return SC_ATECC_ERR_RESET_KEYS;
+    }
+    return 0;
+}
+
+int atecc_stretch_password(const char* password, uint8_t* stretched_out)
 {
-    return _atecc_kdf(ATECC_SLOT_ROLLKEY, msg, len, kdf_out);
+    uint8_t password_salted_hashed[32] = {0};
+    UTIL_CLEANUP_32(password_salted_hashed);
+    if (!salt_hash_data(
+            (const uint8_t*)password,
+            strlen(password),
+            "keystore_seed_access_in",
+            password_salted_hashed)) {
+        return SC_ERR_SALT;
+    }
+
+    uint8_t kdf_in[32] = {0};
+    UTIL_CLEANUP_32(kdf_in);
+    memcpy(kdf_in, password_salted_hashed, 32);
+
+    // First KDF on rollkey increments the monotonic counter. Call only once!
+    int securechip_result = _atecc_kdf(ATECC_SLOT_ROLLKEY, kdf_in, 32, stretched_out);
+    if (securechip_result) {
+        return securechip_result;
+    }
+    // Second KDF does not use the counter and we call it multiple times.
+    for (int i = 0; i < KDF_NUM_ITERATIONS; i++) {
+        memcpy(kdf_in, stretched_out, 32);
+        securechip_result = securechip_kdf(kdf_in, 32, stretched_out);
+        if (securechip_result) {
+            return securechip_result;
+        }
+    }
+
+    if (!salt_hash_data(
+            (const uint8_t*)password,
+            strlen(password),
+            "keystore_seed_access_out",
+            password_salted_hashed)) {
+        return SC_ERR_SALT;
+    }
+    if (wally_hmac_sha256(
+            password_salted_hashed,
+            sizeof(password_salted_hashed),
+            stretched_out,
+            32,
+            stretched_out,
+            32) != WALLY_OK) {
+        return SC_ERR_HASH;
+    }
+    return 0;
+}
+
+bool atecc_reset_keys(void)
+{
+    if (_rollkey() != ATCA_SUCCESS) {
+        return false;
+    }
+    return _update_kdf_key() == ATCA_SUCCESS;
 }
 
 bool atecc_gen_attestation_key(uint8_t* pubkey_out)

src/atecc/atecc.h

@@ -26,9 +26,10 @@
 #include <stdint.h>
 
 USE_RESULT int atecc_setup(const securechip_interface_functions_t* ifs);
-USE_RESULT bool atecc_update_keys(void);
 USE_RESULT int atecc_kdf(const uint8_t* msg, size_t len, uint8_t* kdf_out);
-USE_RESULT int atecc_kdf_rollkey(const uint8_t* msg, size_t len, uint8_t* kdf_out);
+USE_RESULT int atecc_init_new_password(const char* password);
+USE_RESULT int atecc_stretch_password(const char* password, uint8_t* stretched_out);
+USE_RESULT bool atecc_reset_keys(void);
 USE_RESULT bool atecc_gen_attestation_key(uint8_t* pubkey_out);
 USE_RESULT bool atecc_attestation_sign(const uint8_t* challenge, uint8_t* signature_out);
 USE_RESULT bool atecc_monotonic_increments_remaining(uint32_t* remaining_out);

src/factorysetup.c

@@ -277,12 +277,12 @@ static void _api_msg(const uint8_t* input, size_t in_len, uint8_t* output, size_
         screen_print_debug("DONE", 0);
         break;
     case OP_SC_ROLLKEYS:
-        if (!securechip_update_keys()) {
-            screen_print_debug("rollkeys: failed", 0);
+        if (!securechip_reset_keys()) {
+            screen_print_debug("resetting securechip keys: failed", 0);
             result = ERR_FAILED;
             break;
         }
-        screen_print_debug("rollkeys: success", 100);
+        screen_print_debug("resetting securechip keys: success", 100);
         if (!securechip_u2f_counter_set(0)) {
             screen_print_debug("reset u2f counter", 0);
             result = ERR_FAILED;

src/keystore.c

@@ -160,69 +160,6 @@ static bool _copy_bip39_seed(uint8_t* bip39_seed_out)
     return true;
 }
 
-/**
- * Stretch the user password using the securechip, putting the result in `kdf_out`, which must be 32
- * bytes. `securechip_result_out`, if not NULL, will contain the error code from `securechip_kdf()`
- * if there was a secure chip error, and 0 otherwise.
- */
-static keystore_error_t _stretch_password(
-    const char* password,
-    uint8_t* kdf_out,
-    int* securechip_result_out)
-{
-    if (securechip_result_out != NULL) {
-        *securechip_result_out = 0;
-    }
-    uint8_t password_salted_hashed[32] = {0};
-    UTIL_CLEANUP_32(password_salted_hashed);
-    if (!salt_hash_data(
-            (const uint8_t*)password,
-            strlen(password),
-            "keystore_seed_access_in",
-            password_salted_hashed)) {
-        return KEYSTORE_ERR_SALT;
-    }
-
-    uint8_t kdf_in[32] = {0};
-    UTIL_CLEANUP_32(kdf_in);
-    memcpy(kdf_in, password_salted_hashed, 32);
-
-    // First KDF on rollkey increments the monotonic counter. Call only once!
-    int securechip_result = securechip_kdf_rollkey(kdf_in, 32, kdf_out);
-    if (securechip_result) {
-        if (securechip_result_out != NULL) {
-            *securechip_result_out = securechip_result;
-        }
-        return KEYSTORE_ERR_SECURECHIP;
-    }
-    // Second KDF does not use the counter and we call it multiple times.
-    for (int i = 0; i < KDF_NUM_ITERATIONS; i++) {
-        memcpy(kdf_in, kdf_out, 32);
-        securechip_result = securechip_kdf(kdf_in, 32, kdf_out);
-        if (securechip_result) {
-            if (securechip_result_out != NULL) {
-                *securechip_result_out = securechip_result;
-            }
-            return KEYSTORE_ERR_SECURECHIP;
-        }
-    }
-
-    if (!salt_hash_data(
-            (const uint8_t*)password,
-            strlen(password),
-            "keystore_seed_access_out",
-            password_salted_hashed)) {
-        return KEYSTORE_ERR_SALT;
-    }
-    if (wally_hmac_sha256(
-            password_salted_hashed, sizeof(password_salted_hashed), kdf_out, 32, kdf_out, 32) !=
-        WALLY_OK) {
-        return KEYSTORE_ERR_HASH;
-    }
-
-    return KEYSTORE_OK;
-}
-
 /**
  * Retrieves the encrypted seed and attempts to decrypt it using the password.
  *
@@ -243,9 +180,19 @@ static keystore_error_t _get_and_decrypt_seed(
     }
     uint8_t secret[32];
     UTIL_CLEANUP_32(secret);
-    keystore_error_t result = _stretch_password(password, secret, securechip_result_out);
-    if (result != KEYSTORE_OK) {
-        return result;
+    int stretch_result = securechip_stretch_password(password, secret);
+    if (stretch_result) {
+        if (stretch_result == SC_ERR_INCORRECT_PASSWORD) {
+            // Our Optiga securechip implementation fails password stretching if the password is
+            // wrong, so we can early-abort here. The ATECC stretches the password without checking
+            // if the password is correct, and we determine if it is correct in the seed decryption
+            // step below.
+            return KEYSTORE_ERR_INCORRECT_PASSWORD;
+        }
+        if (securechip_result_out != NULL) {
+            *securechip_result_out = stretch_result;
+        }
+        return KEYSTORE_ERR_SECURECHIP;
     }
     if (encrypted_len < 49) {
         Abort("_get_and_decrypt_seed: underflow / zero size");
@@ -299,17 +246,13 @@ keystore_error_t keystore_encrypt_and_store_seed(
     if (!_validate_seed_length(seed_length)) {
         return KEYSTORE_ERR_SEED_SIZE;
     }
-    // Update the two kdf keys before setting a new password. This already
-    // happens on a device reset, but we do it here again anyway so the keys are
-    // initialized also on first use, reducing trust in the factory setup.
-    if (!securechip_update_keys()) {
+    if (securechip_init_new_password(password)) {
         return KEYSTORE_ERR_SECURECHIP;
     }
     uint8_t secret[32] = {0};
     UTIL_CLEANUP_32(secret);
-    keystore_error_t res = _stretch_password(password, secret, NULL);
-    if (res != KEYSTORE_OK) {
-        return res;
+    if (securechip_stretch_password(password, secret)) {
+        return KEYSTORE_ERR_SECURECHIP;
     }
 
     size_t encrypted_seed_len = seed_length + 64;