[certs] add attestation key ID salts

The attestation key IDs are generated via a KMAC KDF operation. The key
is a static salt. This adds the salts.

Signed-off-by: Tim Trippel <[email protected]>

sw/device/silicon_creator/lib/cert/util.c

@@ -11,38 +11,59 @@
 #include "sw/device/lib/crypto/include/datatypes.h"
 #include "sw/device/lib/crypto/include/mac.h"
 
+/**
+ * Salts for generating attestation key IDs (for generating certificates).
+ *
+ * Generated on calling the following, three separate times:
+ *   `hexdump -vn132 -e'33/4 "0x%08x,\n" 1 "\n"' /dev/urandom`
+ */
+const uint32_t kUdsKeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords] = {
+    0x24c80b8a, 0xdeae1ac1, 0x6abf2278, 0xb878d9b4,
+    0x8b0bdc90, 0x90084245, 0xbb5b6e3c, 0x41eb9d0f,
+};
+const uint32_t kCdi0KeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords] = {
+    0x55aeb248, 0xaee2b11d, 0xc28623a3, 0xeb1c34a0,
+    0xacccf2b2, 0x89f3fa7d, 0xb557465a, 0x31a1dd9a,
+};
+const uint32_t kCdi1KeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords] = {
+    0x5df3082a, 0x645a5f95, 0x527812eb, 0x24607172,
+    0x45717a6a, 0xa34add96, 0x107eeab3, 0x8e40c9f5,
+};
+
 status_t ot_cert_gen_key_id(const attestation_public_key_t *pubkey,
-                            const ot_cert_pubkey_id_salt_t *salt,
-                            ot_cert_pubkey_id_t *id) {
+                            const uint32_t *salt, uint32_t *id) {
+  uint32_t blinded_key_buf[kOtCertPubkeyIdSaltSizeIn32BitWords * 2] = {0};
+  memcpy(blinded_key_buf, salt, kOtCertPubkeyIdSaltSizeInBytes);
+  const otcrypto_key_config_t kKmacKeyConfig = {
+      .version = kOtcryptoLibVersion1,
+      .key_mode = kOtcryptoKeyModeKmac256,
+      .key_length = kOtCertPubkeyIdSaltSizeInBytes,
+      .hw_backed = kHardenedBoolFalse,
+      .exportable = kHardenedBoolTrue,
+      .security_level = kOtcryptoKeySecurityLevelLow,
+  };
   const otcrypto_blinded_key_t kSalt = {
-      .config =
-          {
-              .version = kOtcryptoLibVersion1,
-              .key_mode = kOtcryptoKeyModeKdfKmac256,
-              .key_length = kOtCertPubkeyIdSaltSizeInBytes,
-              .hw_backed = kHardenedBoolFalse,
-              .exportable = kHardenedBoolTrue,
-              .security_level = kOtcryptoKeySecurityLevelLow,
-          },
-      .keyblob_length = kOtCertPubkeyIdSaltSizeInBytes,
-      .keyblob = salt->data,
+      .config = kKmacKeyConfig,
+      .keyblob_length = kOtCertPubkeyIdSaltSizeInBytes * 2,
+      .keyblob = blinded_key_buf,
       .checksum = 0,
   };
+  uint8_t str_buffer[2] = "ID";
   otcrypto_const_byte_buf_t str = {
-      .data = "ID",
+      .data = str_buffer,
       .len = 2,
   };
   uint8_t attestation_pubkey_byte_buf[kAttestationPublicKeyCoordBytes * 2];
-  memcpy(attestation_pubkey_byte_buf, pubkey.x,
-         kAttestationPublicKeyCoordBytes);
-  memcpy(attestation_pubkey_byte_buf[kAttestationPublicKeyCoordBytes], pubkey.y,
+  memcpy(attestation_pubkey_byte_buf, pubkey->x,
          kAttestationPublicKeyCoordBytes);
+  memcpy(&attestation_pubkey_byte_buf[kAttestationPublicKeyCoordBytes],
+         pubkey->y, kAttestationPublicKeyCoordBytes);
   otcrypto_const_byte_buf_t attestation_pubkey = {
-      .data = attestation_pubkey,
+      .data = attestation_pubkey_byte_buf,
       .len = kAttestationPublicKeyCoordBytes * 2,
   };
-  otcrypto_word32_buf_t id = {
-      .data = id->data,
+  otcrypto_word32_buf_t tag = {
+      .data = id,
       .len = kOtCertPubkeyIdSaltSizeIn32BitWords,
   };
 
@@ -51,7 +72,7 @@ status_t ot_cert_gen_key_id(const attestation_public_key_t *pubkey,
                     /*kmac_mode=*/kOtcryptoKmacModeKmac256,
                     /*customization_string=*/str,
                     /*required_output_len=*/kOtCertPubkeyIdSizeInBytes,
-                    /*tag=*/id));
+                    /*tag=*/tag));
 
   return OK_STATUS();
 }

sw/device/silicon_creator/lib/cert/util.h

@@ -18,40 +18,26 @@ enum {
    * See [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280).
    */
   kOtCertPubkeyIdSizeInBytes = 20,
-  kOtCertPubkeyIdSaltSizeIn32BitWords =
-      kOtCertPubkeyIdSaltSizeInBytes / sizeof(uint32_t),
+  kOtCertPubkeyIdSizeIn32BitWords =
+      kOtCertPubkeyIdSizeInBytes / sizeof(uint32_t),
 
   /**
    * Size of the salt used to produce OpenTitan attestation certificate pubkey
    * IDs via a KMAC.
    *
    * See NIST SP800-56C, Rev. 2, Section 4.2, Table 3.
    */
-  kOtCertPubkeyIdSaltSizeInBytes = 132,
+  kOtCertPubkeyIdSaltSizeInBytes = 32,
   kOtCertPubkeyIdSaltSizeIn32BitWords =
       kOtCertPubkeyIdSaltSizeInBytes / sizeof(uint32_t),
 };
 
 /**
- * Certificate pubkey ID.
- *
- * Used as the serial number and subject key identifier fields in the X.509
- * attestation certificates. See
- * [RFC5280](https://datatracker.ietf.org/doc/html/rfc5280).
- */
-typedef struct ot_cert_pubkey_id {
-  uint32_t data[kOtCertPubkeyIdSaltSizeIn32BitWords];
-} ot_cert_pubkey_id_t;
-
-/**
- * Certificate pubkey ID salt.
- *
- * Used as the key to a KMAC operation to produce OpenTitan attestation
- * certificate pubkey IDs.
+ * Salts for generating attestation key IDs (for generating certificates).
  */
-typedef struct ot_cert_pubkey_id_salt {
-  uint32_t data[kOtCertPubkeyIdSaltLengthIn32BitWords];
-} ot_cert_pubkey_id_salt_t;
+extern const uint32_t kUdsKeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords];
+extern const uint32_t kCdi0KeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords];
+extern const uint32_t kCdi1KeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords];
 
 /**
  * Generates an OpenTitan attestation certificate pubkey ID via KMAC operation.
@@ -63,7 +49,6 @@ typedef struct ot_cert_pubkey_id_salt {
  */
 OT_WARN_UNUSED_RESULT
 status_t ot_cert_gen_key_id(const attestation_public_key_t *pubkey,
-                            const ot_cert_pubkey_id_salt_t *salt,
-                            ot_cert_pubkey_id_t *id);
+                            const uint32_t *salt, uint32_t *id);
 
 #endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_CERT_UTIL_H_