From f336a1eaea7ced71234f1953ec34416197505b16 Mon Sep 17 00:00:00 2001 From: Tim Trippel Date: Fri, 9 Feb 2024 19:03:21 -0800 Subject: [PATCH] [certs] add attestation key ID salts The attestation key IDs are generated via a KMAC KDF operation. The key is a static salt. This adds the salts. Signed-off-by: Tim Trippel --- sw/device/silicon_creator/lib/cert/util.c | 63 +++++++++++++++-------- sw/device/silicon_creator/lib/cert/util.h | 31 +++-------- 2 files changed, 50 insertions(+), 44 deletions(-) diff --git a/sw/device/silicon_creator/lib/cert/util.c b/sw/device/silicon_creator/lib/cert/util.c index 4b81e5a972c405..ce8171025221c8 100644 --- a/sw/device/silicon_creator/lib/cert/util.c +++ b/sw/device/silicon_creator/lib/cert/util.c @@ -11,38 +11,59 @@ #include "sw/device/lib/crypto/include/datatypes.h" #include "sw/device/lib/crypto/include/mac.h" +/** + * Salts for generating attestation key IDs (for generating certificates). + * + * Generated on calling the following, three separate times: + * `hexdump -vn132 -e'33/4 "0x%08x,\n" 1 "\n"' /dev/urandom` + */ +const uint32_t kUdsKeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords] = { + 0x24c80b8a, 0xdeae1ac1, 0x6abf2278, 0xb878d9b4, + 0x8b0bdc90, 0x90084245, 0xbb5b6e3c, 0x41eb9d0f, +}; +const uint32_t kCdi0KeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords] = { + 0x55aeb248, 0xaee2b11d, 0xc28623a3, 0xeb1c34a0, + 0xacccf2b2, 0x89f3fa7d, 0xb557465a, 0x31a1dd9a, +}; +const uint32_t kCdi1KeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords] = { + 0x5df3082a, 0x645a5f95, 0x527812eb, 0x24607172, + 0x45717a6a, 0xa34add96, 0x107eeab3, 0x8e40c9f5, +}; + status_t ot_cert_gen_key_id(const attestation_public_key_t *pubkey, - const ot_cert_pubkey_id_salt_t *salt, - ot_cert_pubkey_id_t *id) { + const uint32_t *salt, uint32_t *id) { + uint32_t blinded_key_buf[kOtCertPubkeyIdSaltSizeIn32BitWords * 2] = {0}; + memcpy(blinded_key_buf, salt, kOtCertPubkeyIdSaltSizeInBytes); + const otcrypto_key_config_t kKmacKeyConfig = { + .version = kOtcryptoLibVersion1, + .key_mode = kOtcryptoKeyModeKmac256, + .key_length = kOtCertPubkeyIdSaltSizeInBytes, + .hw_backed = kHardenedBoolFalse, + .exportable = kHardenedBoolTrue, + .security_level = kOtcryptoKeySecurityLevelLow, + }; const otcrypto_blinded_key_t kSalt = { - .config = - { - .version = kOtcryptoLibVersion1, - .key_mode = kOtcryptoKeyModeKdfKmac256, - .key_length = kOtCertPubkeyIdSaltSizeInBytes, - .hw_backed = kHardenedBoolFalse, - .exportable = kHardenedBoolTrue, - .security_level = kOtcryptoKeySecurityLevelLow, - }, - .keyblob_length = kOtCertPubkeyIdSaltSizeInBytes, - .keyblob = salt->data, + .config = kKmacKeyConfig, + .keyblob_length = kOtCertPubkeyIdSaltSizeInBytes * 2, + .keyblob = blinded_key_buf, .checksum = 0, }; + uint8_t str_buffer[2] = "ID"; otcrypto_const_byte_buf_t str = { - .data = "ID", + .data = str_buffer, .len = 2, }; uint8_t attestation_pubkey_byte_buf[kAttestationPublicKeyCoordBytes * 2]; - memcpy(attestation_pubkey_byte_buf, pubkey.x, - kAttestationPublicKeyCoordBytes); - memcpy(attestation_pubkey_byte_buf[kAttestationPublicKeyCoordBytes], pubkey.y, + memcpy(attestation_pubkey_byte_buf, pubkey->x, kAttestationPublicKeyCoordBytes); + memcpy(&attestation_pubkey_byte_buf[kAttestationPublicKeyCoordBytes], + pubkey->y, kAttestationPublicKeyCoordBytes); otcrypto_const_byte_buf_t attestation_pubkey = { - .data = attestation_pubkey, + .data = attestation_pubkey_byte_buf, .len = kAttestationPublicKeyCoordBytes * 2, }; - otcrypto_word32_buf_t id = { - .data = id->data, + otcrypto_word32_buf_t tag = { + .data = id, .len = kOtCertPubkeyIdSaltSizeIn32BitWords, }; @@ -51,7 +72,7 @@ status_t ot_cert_gen_key_id(const attestation_public_key_t *pubkey, /*kmac_mode=*/kOtcryptoKmacModeKmac256, /*customization_string=*/str, /*required_output_len=*/kOtCertPubkeyIdSizeInBytes, - /*tag=*/id)); + /*tag=*/tag)); return OK_STATUS(); } diff --git a/sw/device/silicon_creator/lib/cert/util.h b/sw/device/silicon_creator/lib/cert/util.h index 321def7bf34bd5..78b4b45fcdc770 100644 --- a/sw/device/silicon_creator/lib/cert/util.h +++ b/sw/device/silicon_creator/lib/cert/util.h @@ -18,8 +18,8 @@ enum { * See [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280). */ kOtCertPubkeyIdSizeInBytes = 20, - kOtCertPubkeyIdSaltSizeIn32BitWords = - kOtCertPubkeyIdSaltSizeInBytes / sizeof(uint32_t), + kOtCertPubkeyIdSizeIn32BitWords = + kOtCertPubkeyIdSizeInBytes / sizeof(uint32_t), /** * Size of the salt used to produce OpenTitan attestation certificate pubkey @@ -27,31 +27,17 @@ enum { * * See NIST SP800-56C, Rev. 2, Section 4.2, Table 3. */ - kOtCertPubkeyIdSaltSizeInBytes = 132, + kOtCertPubkeyIdSaltSizeInBytes = 32, kOtCertPubkeyIdSaltSizeIn32BitWords = kOtCertPubkeyIdSaltSizeInBytes / sizeof(uint32_t), }; /** - * Certificate pubkey ID. - * - * Used as the serial number and subject key identifier fields in the X.509 - * attestation certificates. See - * [RFC5280](https://datatracker.ietf.org/doc/html/rfc5280). - */ -typedef struct ot_cert_pubkey_id { - uint32_t data[kOtCertPubkeyIdSaltSizeIn32BitWords]; -} ot_cert_pubkey_id_t; - -/** - * Certificate pubkey ID salt. - * - * Used as the key to a KMAC operation to produce OpenTitan attestation - * certificate pubkey IDs. + * Salts for generating attestation key IDs (for generating certificates). */ -typedef struct ot_cert_pubkey_id_salt { - uint32_t data[kOtCertPubkeyIdSaltLengthIn32BitWords]; -} ot_cert_pubkey_id_salt_t; +extern const uint32_t kUdsKeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords]; +extern const uint32_t kCdi0KeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords]; +extern const uint32_t kCdi1KeyIdSalt[kOtCertPubkeyIdSaltSizeIn32BitWords]; /** * Generates an OpenTitan attestation certificate pubkey ID via KMAC operation. @@ -63,7 +49,6 @@ typedef struct ot_cert_pubkey_id_salt { */ OT_WARN_UNUSED_RESULT status_t ot_cert_gen_key_id(const attestation_public_key_t *pubkey, - const ot_cert_pubkey_id_salt_t *salt, - ot_cert_pubkey_id_t *id); + const uint32_t *salt, uint32_t *id); #endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_CERT_UTIL_H_