HAL: add initial SecureChip HAL

Author: benma

src/rust/bitbox02-rust/src/hal.rs

@@ -38,11 +38,16 @@ pub trait Random {
     fn random_32_bytes(&mut self) -> Box<zeroize::Zeroizing<[u8; 32]>>;
 }
 
+pub trait SecureChip {
+    fn init_new_password(&mut self, password: &str) -> Result<(), bitbox02::securechip::Error>;
+}
+
 /// Hardware abstraction layer for BitBox devices.
 pub trait Hal {
     fn ui(&mut self) -> &mut impl Ui;
     fn sd(&mut self) -> &mut impl Sd;
     fn random(&mut self) -> &mut impl Random;
+    fn securechip(&mut self) -> &mut impl SecureChip;
 }
 
 pub struct BitBox02Sd;
@@ -97,10 +102,19 @@ impl Random for BitBox02Random {
     }
 }
 
+pub struct BitBox02SecureChip;
+
+impl SecureChip for BitBox02SecureChip {
+    fn init_new_password(&mut self, password: &str) -> Result<(), bitbox02::securechip::Error> {
+        bitbox02::securechip::init_new_password(password)
+    }
+}
+
 pub struct BitBox02Hal {
     ui: RealWorkflows,
     sd: BitBox02Sd,
     random: BitBox02Random,
+    securechip: BitBox02SecureChip,
 }
 
 impl BitBox02Hal {
@@ -109,6 +123,7 @@ impl BitBox02Hal {
             ui: crate::workflow::RealWorkflows,
             sd: BitBox02Sd,
             random: BitBox02Random,
+            securechip: BitBox02SecureChip,
         }
     }
 }
@@ -123,6 +138,9 @@ impl Hal for BitBox02Hal {
     fn random(&mut self) -> &mut impl Random {
         &mut self.random
     }
+    fn securechip(&mut self) -> &mut impl SecureChip {
+        &mut self.securechip
+    }
 }
 
 #[cfg(feature = "testing")]
@@ -223,10 +241,47 @@ pub mod testing {
         }
     }
 
+    pub struct TestingSecureChip {
+        // Count how man seceurity events happen. The numbers were obtained by reading the security
+        // event counter slot (0xE0C5) on a real device. We can use this to assert how many events
+        // were used in unit tests. The number is relevant due to Optiga's throttling mechanism.
+        event_counter: u32,
+    }
+
+    impl TestingSecureChip {
+        pub fn new() -> Self {
+            TestingSecureChip { event_counter: 0 }
+        }
+
+        /// Resets the event counter.
+        pub fn event_counter_reset(&mut self) {
+            self.event_counter = 0;
+            // TODO: remove once all unit tests use the SecureChip HAL.
+            bitbox02::securechip::fake_event_counter_reset()
+        }
+
+        /// Retrieves the event counter.
+        pub fn get_event_counter(&self) -> u32 {
+            // TODO: remove fake_event_counter() once all unit tests use the SecureChip HAL.
+            bitbox02::securechip::fake_event_counter() + self.event_counter
+        }
+    }
+
+    impl super::SecureChip for TestingSecureChip {
+        fn init_new_password(
+            &mut self,
+            _password: &str,
+        ) -> Result<(), bitbox02::securechip::Error> {
+            self.event_counter += 1;
+            Ok(())
+        }
+    }
+
     pub struct TestingHal<'a> {
         pub ui: crate::workflow::testing::TestingWorkflows<'a>,
         pub sd: TestingSd,
         pub random: TestingRandom,
+        pub securechip: TestingSecureChip,
     }
 
     impl TestingHal<'_> {
@@ -235,6 +290,7 @@ pub mod testing {
                 ui: crate::workflow::testing::TestingWorkflows::new(),
                 sd: TestingSd::new(),
                 random: TestingRandom::new(),
+                securechip: TestingSecureChip::new(),
             }
         }
     }
@@ -249,6 +305,9 @@ pub mod testing {
         fn random(&mut self) -> &mut impl super::Random {
             &mut self.random
         }
+        fn securechip(&mut self) -> &mut impl super::SecureChip {
+            &mut self.securechip
+        }
     }
 
     #[cfg(test)]

src/rust/bitbox02-rust/src/hww/api/restore.rs

@@ -189,7 +189,7 @@ mod tests {
             Ok("password".into())
         }));
 
-        bitbox02::securechip::fake_event_counter_reset();
+        mock_hal.securechip.event_counter_reset();
         assert_eq!(
             block_on(from_mnemonic(
                 &mut mock_hal,
@@ -200,7 +200,7 @@ mod tests {
             )),
             Ok(Response::Success(pb::Success {}))
         );
-        assert_eq!(bitbox02::securechip::fake_event_counter(), 8);
+        assert_eq!(mock_hal.securechip.get_event_counter(), 8);
         drop(mock_hal); // to remove mutable borrow of counter
         assert_eq!(counter, 2);
         assert!(!crate::keystore::is_locked());

src/rust/bitbox02-rust/src/hww/api/set_password.rs

@@ -70,7 +70,7 @@ mod tests {
             Ok("password".into())
         }));
 
-        bitbox02::securechip::fake_event_counter_reset();
+        mock_hal.securechip.event_counter_reset();
         assert_eq!(
             block_on(process(
                 &mut mock_hal,
@@ -80,7 +80,7 @@ mod tests {
             )),
             Ok(Response::Success(pb::Success {}))
         );
-        assert_eq!(bitbox02::securechip::fake_event_counter(), 9);
+        assert_eq!(mock_hal.securechip.get_event_counter(), 9);
         drop(mock_hal); // to remove mutable borrow of counter
         assert_eq!(counter, 2);
         assert!(!keystore::is_locked());

src/rust/bitbox02-rust/src/keystore.rs

@@ -19,7 +19,7 @@ use alloc::string::String;
 use alloc::vec::Vec;
 
 use crate::bip32;
-use crate::hal::Random;
+use crate::hal::{Random, SecureChip};
 pub use bitbox02::keystore::SignResult;
 use bitbox02::{keystore, securechip};
 
@@ -211,7 +211,7 @@ pub fn encrypt_and_store_seed(
 
     bitbox02::usb_processing::timeout_reset(LONG_TIMEOUT);
 
-    securechip::init_new_password(password)?;
+    hal.securechip().init_new_password(password)?;
 
     let secret = securechip::stretch_password(password)?;
     let iv_rand = hal.random().random_32_bytes();
@@ -1510,33 +1510,35 @@ mod tests {
             lock();
             let seed = &seed[..test.seed_len];
 
+            let mut mock_hal = crate::hal::testing::TestingHal::new();
+
             assert!(
                 block_on(unlock_bip39(
-                    &mut crate::hal::testing::TestingRandom::new(),
+                    &mut mock_hal.random,
                     seed,
                     test.mnemonic_passphrase,
                     async || {}
                 ))
                 .is_err()
             );
 
-            bitbox02::securechip::fake_event_counter_reset();
-            assert!(encrypt_and_store_seed(&mut TestingHal::new(), seed, "foo").is_ok());
-            assert_eq!(bitbox02::securechip::fake_event_counter(), 7);
+            mock_hal.securechip.event_counter_reset();
+            assert!(encrypt_and_store_seed(&mut mock_hal, seed, "foo").is_ok());
+            assert_eq!(mock_hal.securechip.get_event_counter(), 7);
 
             assert!(is_locked());
 
-            bitbox02::securechip::fake_event_counter_reset();
+            mock_hal.securechip.event_counter_reset();
             assert!(
                 block_on(unlock_bip39(
-                    &mut crate::hal::testing::TestingRandom::new(),
+                    &mut mock_hal.random,
                     seed,
                     test.mnemonic_passphrase,
                     async || {}
                 ))
                 .is_ok()
             );
-            assert_eq!(bitbox02::securechip::fake_event_counter(), 1);
+            assert_eq!(mock_hal.securechip.get_event_counter(), 1);
 
             assert!(!is_locked());
             assert_eq!(
@@ -1545,9 +1547,9 @@ mod tests {
             );
             let keypath = &[44 + HARDENED, 0 + HARDENED, 0 + HARDENED];
 
-            bitbox02::securechip::fake_event_counter_reset();
+            mock_hal.securechip.event_counter_reset();
             let xpub = get_xpub_once(keypath).unwrap();
-            assert_eq!(bitbox02::securechip::fake_event_counter(), 1);
+            assert_eq!(mock_hal.securechip.get_event_counter(), 1);
 
             assert_eq!(
                 xpub.serialize_str(crate::bip32::XPubType::Xpub).unwrap(),