Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Silabs CPMS support added. #25824

Merged
merged 2 commits into from
Mar 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 70 additions & 18 deletions examples/platform/silabs/SilabsDeviceAttestationCreds.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,15 @@
#include <lib/core/CHIPError.h>
#include <lib/support/CodeUtils.h>
#include <lib/support/Span.h>
#include <platform/silabs/SilabsConfig.h>
#include <psa/crypto.h>

#include "psa/crypto.h"
#include "silabs_creds.h"

extern uint8_t __attestation_credentials_base[];
using namespace chip::DeviceLayer::Internal;

extern uint8_t linker_nvm_end[];
static uint8_t * _credentials_address = (uint8_t *) linker_nvm_end;

namespace chip {
namespace Credentials {
Expand All @@ -33,12 +37,28 @@ namespace {

class DeviceAttestationCredsSilabs : public DeviceAttestationCredentialsProvider
{
// Miss-aligned certificates is a common error, and printing the first few bytes is
// useful to verify proper alignment. Eight bytes is enough for this purpose.
static constexpr size_t kDebugLength = 8;

public:
CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & out_buffer) override
CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & out_span) override
{
ByteSpan cd_span(((uint8_t *) __attestation_credentials_base) + SILABS_CREDENTIALS_CD_OFFSET, SILABS_CREDENTIALS_CD_SIZE);
return CopySpanToMutableSpan(cd_span, out_buffer);
uint32_t offset = SILABS_CREDENTIALS_CD_OFFSET;
uint32_t size = SILABS_CREDENTIALS_CD_SIZE;

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_CD_Offset) &&
SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_CD_Size))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_CD_Offset, offset));
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_CD_Size, size));
}

uint8_t * address = _credentials_address + offset;
ByteSpan cd_span(address, size);
ChipLogProgress(DeviceLayer, "GetCertificationDeclaration, addr:%p, size:%lu", address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(cd_span.data(), kDebugLength > cd_span.size() ? cd_span.size() : kDebugLength));
return CopySpanToMutableSpan(cd_span, out_span);
}

CHIP_ERROR GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) override
Expand All @@ -48,31 +68,63 @@ class DeviceAttestationCredsSilabs : public DeviceAttestationCredentialsProvider
return CHIP_NO_ERROR;
}

CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & out_buffer) override
CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & out_span) override
{
ByteSpan cert_span(((uint8_t *) __attestation_credentials_base) + SILABS_CREDENTIALS_DAC_OFFSET,
SILABS_CREDENTIALS_DAC_SIZE);
return CopySpanToMutableSpan(cert_span, out_buffer);
uint32_t offset = SILABS_CREDENTIALS_DAC_OFFSET;
uint32_t size = SILABS_CREDENTIALS_DAC_SIZE;

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_DAC_Offset) &&
SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_DAC_Size))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_DAC_Offset, offset));
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_DAC_Size, size));
}

uint8_t * address = _credentials_address + offset;
ByteSpan cert_span(address, size);
ChipLogProgress(DeviceLayer, "GetDeviceAttestationCert, addr:%p, size:%lu", address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(cert_span.data(), kDebugLength > cert_span.size() ? cert_span.size() : kDebugLength));
return CopySpanToMutableSpan(cert_span, out_span);
}

CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & out_pai_buffer) override
CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & out_span) override
{
ByteSpan cert_span(((uint8_t *) __attestation_credentials_base) + SILABS_CREDENTIALS_PAI_OFFSET,
SILABS_CREDENTIALS_PAI_SIZE);
return CopySpanToMutableSpan(cert_span, out_pai_buffer);
uint32_t offset = SILABS_CREDENTIALS_PAI_OFFSET;
uint32_t size = SILABS_CREDENTIALS_PAI_SIZE;

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_PAI_Offset) &&
SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_PAI_Size))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_PAI_Offset, offset));
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_PAI_Size, size));
}

uint8_t * address = _credentials_address + offset;
ByteSpan cert_span(address, size);
ChipLogProgress(DeviceLayer, "GetProductAttestationIntermediateCert, addr:%p, size:%lu", address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(cert_span.data(), kDebugLength > cert_span.size() ? cert_span.size() : kDebugLength));
return CopySpanToMutableSpan(cert_span, out_span);
}

CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_buffer) override
CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_span) override
{
psa_key_id_t key_id = SILABS_CREDENTIALS_DAC_KEY_ID;
uint32_t key_id = SILABS_CREDENTIALS_DAC_KEY_ID;
uint8_t signature[64] = { 0 };
size_t signature_size = sizeof(signature);

psa_status_t err = psa_sign_message(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), message_to_sign.data(), message_to_sign.size(),
signature, signature_size, &signature_size);
if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_KeyId))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_KeyId, key_id));
}

ChipLogProgress(DeviceLayer, "SignWithDeviceAttestationKey, key:%lu", key_id);

psa_status_t err =
psa_sign_message(static_cast<psa_key_id_t>(key_id), PSA_ALG_ECDSA(PSA_ALG_SHA_256), message_to_sign.data(),
message_to_sign.size(), signature, signature_size, &signature_size);
VerifyOrReturnError(!err, CHIP_ERROR_INTERNAL);

return CopySpanToMutableSpan(ByteSpan(signature, signature_size), out_buffer);
return CopySpanToMutableSpan(ByteSpan(signature, signature_size), out_span);
}
};

Expand Down
28 changes: 14 additions & 14 deletions examples/platform/silabs/silabs_creds.h
Original file line number Diff line number Diff line change
Expand Up @@ -10,32 +10,32 @@
#ifndef SILABS_DEVICE_CREDENTIALS
#define SILABS_DEVICE_CREDENTIALS

#ifndef SILABS_CREDENTIALS_CD_OFFSET
#define SILABS_CREDENTIALS_CD_OFFSET 0x0000
#ifndef SILABS_CREDENTIALS_DAC_KEY_ID
#define SILABS_CREDENTIALS_DAC_KEY_ID 0x0002
#endif

#ifndef SILABS_CREDENTIALS_CD_SIZE
#define SILABS_CREDENTIALS_CD_SIZE 541
#ifndef SILABS_CREDENTIALS_DAC_OFFSET
#define SILABS_CREDENTIALS_DAC_OFFSET 0x0000
#endif

#ifndef SILABS_CREDENTIALS_PAI_OFFSET
#define SILABS_CREDENTIALS_PAI_OFFSET 0x400
#ifndef SILABS_CREDENTIALS_DAC_SIZE
#define SILABS_CREDENTIALS_DAC_SIZE 0
#endif

#ifndef SILABS_CREDENTIALS_PAI_SIZE
#define SILABS_CREDENTIALS_PAI_SIZE 463
#ifndef SILABS_CREDENTIALS_PAI_OFFSET
#define SILABS_CREDENTIALS_PAI_OFFSET 0x0200
#endif

#ifndef SILABS_CREDENTIALS_DAC_OFFSET
#define SILABS_CREDENTIALS_DAC_OFFSET 0x600
#ifndef SILABS_CREDENTIALS_PAI_SIZE
#define SILABS_CREDENTIALS_PAI_SIZE 0
#endif

#ifndef SILABS_CREDENTIALS_DAC_SIZE
#define SILABS_CREDENTIALS_DAC_SIZE 492
#ifndef SILABS_CREDENTIALS_CD_OFFSET
#define SILABS_CREDENTIALS_CD_OFFSET 0x0400
#endif

#ifndef SILABS_CREDENTIALS_DAC_KEY_ID
#define SILABS_CREDENTIALS_DAC_KEY_ID PSA_KEY_ID_USER_MIN + 1
#ifndef SILABS_CREDENTIALS_CD_SIZE
#define SILABS_CREDENTIALS_CD_SIZE 0
#endif

#endif // SILABS_DEVICE_CREDENTIALS
10 changes: 8 additions & 2 deletions src/platform/silabs/SilabsConfig.h
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,6 @@

#include <functional>

#include <platform/internal/CHIPDeviceLayerInternal.h>

#include "nvm3.h"
#include "nvm3_hal_flash.h"

Expand Down Expand Up @@ -137,6 +135,14 @@ class SilabsConfig
static constexpr Key kConfigKey_YearDaySchedules = SilabsConfigKey(kMatterConfig_KeyBase, 0x16);
static constexpr Key kConfigKey_HolidaySchedules = SilabsConfigKey(kMatterConfig_KeyBase, 0x17);
static constexpr Key kConfigKey_OpKeyMap = SilabsConfigKey(kMatterConfig_KeyBase, 0x20);
static constexpr Key kConfigKey_Creds_KeyId = SilabsConfigKey(kMatterConfig_KeyBase, 0x21);
static constexpr Key kConfigKey_Creds_Base_Addr = SilabsConfigKey(kMatterConfig_KeyBase, 0x22);
static constexpr Key kConfigKey_Creds_DAC_Offset = SilabsConfigKey(kMatterConfig_KeyBase, 0x23);
static constexpr Key kConfigKey_Creds_DAC_Size = SilabsConfigKey(kMatterConfig_KeyBase, 0x24);
static constexpr Key kConfigKey_Creds_PAI_Offset = SilabsConfigKey(kMatterConfig_KeyBase, 0x25);
static constexpr Key kConfigKey_Creds_PAI_Size = SilabsConfigKey(kMatterConfig_KeyBase, 0x26);
static constexpr Key kConfigKey_Creds_CD_Offset = SilabsConfigKey(kMatterConfig_KeyBase, 0x27);
static constexpr Key kConfigKey_Creds_CD_Size = SilabsConfigKey(kMatterConfig_KeyBase, 0x28);

static constexpr Key kConfigKey_GroupKeyMax =
SilabsConfigKey(kMatterConfig_KeyBase, 0x1E); // Allows 16 Group Keys to be created.
Expand Down