This patch adds the credential_id_version field to Config, making it
possible to select the credential ID version for new credentials. To
avoid invalidating existing credentials, this value is only used on the
first boot or after a factory reset.
Currently, the credential encoding and decoding is located in different
parts of the codebase. This patch introduces the CredentialIdVersion to
unify all relevant code in one place. It also introduces the
KeyEncryptionKey and KeyWrappingKey helper types to ensure that these
keys are only used for the designated steps and cannot be confused with
any other key.
As defined in Requirement 2.3.2 of the Security Requirements v1.5, we
have to use a random (positive) increment for a global signature
counter. This patch uses a random u8 + 1. As the signature counter is a
u32, this still gives us more than 16 million operations until the
counter can potentially overflow.
As described in Requirement 2.3.2 of the Security Requirements v1.5, a
signature counter value of zero indicates an error. If the authenticator
returns zero once, it may not return a non-zero value in subsequent
calls, so we have to stay in the error state if an overflow occurs.