feat(fw): implement DDI HkdfDerive + KbkdfCounterHmacDerive handlers

[jaygmsft]

Wire up the previously-unimplemented HkdfDerive (1075) and KbkdfCounterHmacDerive (1076) DDI ops in the firmware application layer, deriving key material from an existing ECDH shared secret and storing the result in the partition vault.

Behavior mirrors the reference firmware (mcr-hsm) with one deliberate divergence: every HMAC output is stored as the variable-length HMAC vault kind (VarLenHmacSha256/384/512) rather than the deprecated fixed-length _HmacSha* kinds.

• Input key must be an ECDH shared secret (Secret256/384/521) with the derive permission; any other kind is rejected with InvalidKeyType.
• Output key_type dispatch:
  • Aes128/192/256 -> AES vault kinds (encrypt/decrypt usage)
  • HmacSha256/384/512 -> VarLenHmacSha256/384/512 (sign/verify)
  • VarHmac256/384/512 -> VarLenHmacSha256/384/512 (sign/verify),
    key_length required (else InvalidKeyType) and range-checked
    (256:32-64, 384:48-128, 512:64-128; else InvalidKeyLength)
  • bulk AES / other -> InvalidKeyType (out of scope)
• HKDF runs RFC 5869 Extract-then-Expand; KBKDF runs the SP 800-108
  counter-mode HMAC PRF. Absent salt/info/label/context use a
  zero-length DmaBuf.
• masked_key is an empty placeholder pending the UnmaskKey handler,
  consistent with the other key-creating handlers.

New: kdf.rs (shared input/output resolution), hkdf_derive.rs, kbkdf_derive.rs, key_attrs::for_var_hmac; mod.rs dispatch wiring. Tests: hkdf_smoke.rs / kbkdf_smoke.rs (AES round-trip + fixed-HMAC derive on both backends; var-HMAC derive + length validation gated to emu, since the sim has no variable-length HMAC kind).

Validation:

• emu hkdf_smoke 5/5, kbkdf_smoke 5/5; mock hkdf_smoke 2/2, kbkdf_smoke 2/2.
• emu secret_hkdf_derive / secret_kbkdf_derive: all in-scope tests pass (remaining failures depend on the unimplemented Hmac/OpenKey ops and bulk AES, which were already failing as UnsupportedCmd).
• emu smoke suite 37/37; mock secret_hkdf_derive 29/29 (no regression).
• cargo xtask clippy clean; clippy --tests clean under emu and mock; fmt and copyright clean.

[Copilot]

Pull request overview

This PR implements the previously-unhandled DDI KDF operations in the firmware MBOR application layer: HkdfDerive and KbkdfCounterHmacDerive. It validates that the input key is an ECDH shared secret with derive permission, derives key material via HKDF (RFC 5869) or KBKDF counter-mode HMAC (SP 800-108), and stores the derived key in the partition vault (with HMAC outputs stored as VarLen HMAC vault kinds).

Changes:

• Added MBOR dispatch wiring for DdiOp::HkdfDerive and DdiOp::KbkdfCounterHmacDerive, plus new handler modules.
• Introduced shared KDF target-resolution / input-kind validation in kdf.rs, and added key_attrs::for_var_hmac for derived HMAC outputs.
• Added integration smoke tests for HKDF/KBKDF derivation and wired them into the MBOR types test suite.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
fw/core/lib/src/ddi/mbor/mod.rs	Wires new DDI ops into MBOR dispatch and exports handler modules.
fw/core/lib/src/ddi/mbor/key_attrs.rs	Adds derived VarLen-HMAC attribute builder (for_var_hmac).
fw/core/lib/src/ddi/mbor/kdf.rs	Shared validation + output key-type/length → vault kind mapping logic for both KDF ops.
fw/core/lib/src/ddi/mbor/hkdf_derive.rs	Implements HKDF derive handler (extract + expand) and vault persistence.
fw/core/lib/src/ddi/mbor/kbkdf_derive.rs	Implements SP 800-108 counter-mode HMAC derive handler and vault persistence.
ddi/mbor/types/tests/integration/hkdf_smoke.rs	Adds HKDF smoke tests for AES and HMAC outputs.
ddi/mbor/types/tests/integration/kbkdf_smoke.rs	Adds KBKDF smoke tests for AES and HMAC outputs.
ddi/mbor/types/tests/azihsm_ddi_tests.rs	Registers the new smoke-test modules.