From 7231c113e361126a5f31fd7d886306c715490319 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Tue, 11 Oct 2022 16:00:40 +0530 Subject: [PATCH 01/18] added readme for se05x example --- examples/thermostat/nxp/linux-se05x/README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 examples/thermostat/nxp/linux-se05x/README.md diff --git a/examples/thermostat/nxp/linux-se05x/README.md b/examples/thermostat/nxp/linux-se05x/README.md new file mode 100644 index 00000000000000..8b922016a1d5b8 --- /dev/null +++ b/examples/thermostat/nxp/linux-se05x/README.md @@ -0,0 +1 @@ +TBU From b74254a31efa6a3e91e6ec2d5c3de9d34f40aea3 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Tue, 11 Oct 2022 22:33:35 +0530 Subject: [PATCH 02/18] changed device attestation - Logic to track attestation calls removed --- .../DeviceAttestationSe05xCredsExample_v2.cpp | 183 ++++++++---------- examples/platform/nxp/se05x/linux/AppMain.cpp | 6 + .../hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp | 18 +- .../hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h | 2 +- 4 files changed, 99 insertions(+), 110 deletions(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index ba214759dde8aa..bb796714e3e09a 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -35,25 +35,28 @@ #include /* Device attestation key ids */ -#define DEV_ATTESTATION_KEY_SE05X_ID 0x7D300000 -#define DEV_ATTESTATION_CERT_SE05X_ID 0x7D300001 +#define DEV_ATTESTATION_KEY_SE05X_ID 0x7D300000 +#define DEV_ATTESTATION_CERT_SE05X_ID 0x7D300001 +#define CERT_DECLARATION_DATA_SE05X_ID 0x7D300002 /* Device attestation key ids (Used with internal sign) */ -#define CD_DEV_ATTESTATION_KEY_SE05X_ID 0x7D300002 -#define NOCSR_DEV_ATTESTATION_KEY_SE05X_ID 0x7D300004 - -/* Device attestation data ids (for Cert decl) */ -#define CD_CERT_DECLARATION_DATA_SE05X_ID 0x7D300009 -#define CD_ATTEST_NONCE_DATA_SE05X_ID 0x7D30000C -#define CD_TIME_STAMP_LEN_SE05X_ID 0x7D30000E -#define CD_TIME_STAMP_DATA_SE05X_ID 0x7D30000F -#define CD_ATTEST_CHALLENGE_SE05X_ID 0x7D300011 - -/* Device attestation data ids (for CSR) */ -#define NOCSR_CSR_LEN_SE05X_ID 0x7D300014 -#define NOCSR_CSR_DATA_SE05X_ID 0x7D300015 -#define NOCSR_CSR_NONCE_DATA_SE05X_ID 0x7D300018 -#define NOCSR_ATTEST_CHALLENGE_SE05X_ID 0x7D30001A +#define DEV_ATTESTATION_KEY_SE05X_ID_IS 0x7D300003 +#define DEV_ATTESTATION_KEY_SE05X_ID_IS_TBS 0x7D300004 + +#define TAG1_ID 0x7D300005 +#define TAG1_LEN_ID 0x7D300006 +#define TAG1_VALUE_ID 0x7D300007 +#define TAG2_ID 0x7D300008 +#define TAG2_LEN_ID 0x7D300009 +#define TAG2_VALUE_ID 0x7D30000A +#define TAG3_ID 0x7D30000B +#define TAG3_LEN_ID 0x7D30000C +#define TAG3_VALUE_ID 0x7D30000D +#define ATTEST_CHALLENGE_ID 0x7D30000E + +#define START_CONTAINER_SE05X_ID 0x7D30000F +#define END_CONTAINER_SE05X_ID 0x7D300010 + extern CHIP_ERROR se05xGetCertificate(uint32_t keyId, uint8_t * buf, size_t * buflen); extern CHIP_ERROR se05xSetCertificate(uint32_t keyId, const uint8_t * buf, size_t buflen); @@ -150,7 +153,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::GetCertificationDeclaration(MutableByteSpa #else size_t buflen = out_cd_buffer.size(); ChipLogDetail(Crypto, "Get certificate declaration from se05x"); - ReturnErrorOnFailure(se05xGetCertificate(CD_CERT_DECLARATION_DATA_SE05X_ID, out_cd_buffer.data(), &buflen)); + ReturnErrorOnFailure(se05xGetCertificate(CERT_DECLARATION_DATA_SE05X_ID, out_cd_buffer.data(), &buflen)); out_cd_buffer.reduce_size(buflen); return CHIP_NO_ERROR; #endif @@ -178,108 +181,80 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa msg_reader.Init(message_to_sign); - /* To be removed. Use common key id to sign message */ - static bool sign_cert_decl_attest = 1; + uint16_t taglen = 0; + ByteSpan tagvalue; + uint8_t tempBuf[2] = {0,}; - if (sign_cert_decl_attest) - { - /* Check if certificate declaration tag is present and Skip certificate declaration tag */ - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(1), tagReader)); - - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(2), tagReader)); - uint8_t attlen = tagReader.GetLength(); - VerifyOrReturnError(attlen > 0, CHIP_ERROR_INVALID_TLV_TAG); - /* Get attestation nonce */ - ByteSpan attest_nonce; - ReturnErrorOnFailure(tagReader.Get(attest_nonce)); - /* Set attestation nonce */ - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(CD_ATTEST_NONCE_DATA_SE05X_ID, attest_nonce.data(), attest_nonce.size()), - CHIP_ERROR_INTERNAL); + tempBuf[0] = 0x15; + VerifyOrReturnError(CHIP_NO_ERROR == + se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1), + CHIP_ERROR_INTERNAL); - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(3), tagReader)); - uint8_t tslen = tagReader.GetLength(); - if (tslen > 0) - { - ByteSpan time_stamp; - ReturnErrorOnFailure(tagReader.Get(time_stamp)); - /* Set time stamp data */ - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(CD_TIME_STAMP_DATA_SE05X_ID, time_stamp.data(), time_stamp.size()), - CHIP_ERROR_INTERNAL); - } - /* Set time stamp length */ - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(CD_TIME_STAMP_LEN_SE05X_ID, &tslen, 1), CHIP_ERROR_INTERNAL); - - if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16) - { - /* Set attestation challenge */ + for (int i = 1; i <= 3; i++) + { + if (TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader) == CHIP_NO_ERROR){ + taglen = tagReader.GetLength(); + tempBuf[0] = tagReader.GetControlByte();; + tempBuf[1] = i; VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(CD_ATTEST_CHALLENGE_SE05X_ID, (message_to_sign.end() - 16), 16), + se05xSetCertificate(TAG1_ID + (3*(i - 1)), tempBuf, 2), CHIP_ERROR_INTERNAL); + if (taglen > 256){ + tempBuf[0] = taglen & 0xFF; + tempBuf[1] = (taglen >> 8) & 0xFF; + VerifyOrReturnError(CHIP_NO_ERROR == + se05xSetCertificate(TAG1_LEN_ID + (3*(i - 1)), tempBuf, 2), + CHIP_ERROR_INTERNAL); + } + else { + tempBuf[0] = taglen; + VerifyOrReturnError(CHIP_NO_ERROR == + se05xSetCertificate(TAG1_LEN_ID + (3*(i - 1)), tempBuf, 1), + CHIP_ERROR_INTERNAL); + } + if (taglen > 0){ + ReturnErrorOnFailure(tagReader.Get(tagvalue)); + VerifyOrReturnError(CHIP_NO_ERROR == + se05xSetCertificate(TAG1_VALUE_ID + (3*(i - 1)), tagvalue.data(), taglen), + CHIP_ERROR_INTERNAL); + } } } - else - { - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(1), tagReader)); - uint8_t csrlen = tagReader.GetLength(); - VerifyOrReturnError(csrlen > 0, CHIP_ERROR_INVALID_TLV_TAG); - ByteSpan csr_data; - /* Get nocsr */ - ReturnErrorOnFailure(tagReader.Get(csr_data)); - /* Set nocsr length */ - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_LEN_SE05X_ID, &csrlen, 1), CHIP_ERROR_INTERNAL); - /* Set nocsr data */ - se05x_delete_key(NOCSR_CSR_DATA_SE05X_ID); - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_DATA_SE05X_ID, csr_data.data(), csr_data.size()), - CHIP_ERROR_INTERNAL); - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(2), tagReader)); - uint8_t noncelen = tagReader.GetLength(); - VerifyOrReturnError(noncelen > 0, CHIP_ERROR_INVALID_TLV_TAG); - /* Get nocsr nonce */ - ByteSpan nocsr_nonce; - ReturnErrorOnFailure(tagReader.Get(nocsr_nonce)); - /* Set nocsr nonce data */ + tempBuf[0] = 0x18; + VerifyOrReturnError(CHIP_NO_ERROR == + se05xSetCertificate(END_CONTAINER_SE05X_ID, tempBuf, 1), + CHIP_ERROR_INTERNAL); + + if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16) + { + /* Set attestation challenge */ VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(NOCSR_CSR_NONCE_DATA_SE05X_ID, nocsr_nonce.data(), nocsr_nonce.size()), + se05xSetCertificate(ATTEST_CHALLENGE_ID, (message_to_sign.end() - 16), 16), CHIP_ERROR_INTERNAL); - - if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16) - { - /* Set attestation challenge */ - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(NOCSR_ATTEST_CHALLENGE_SE05X_ID, (message_to_sign.end() - 16), 16), - CHIP_ERROR_INTERNAL); - } } uint8_t signature_se05x[Crypto::kMax_ECDSA_Signature_Length_Der] = { 0 }; size_t signature_se05x_len = sizeof(signature_se05x); - if (sign_cert_decl_attest) - { - err = se05xPerformInternalSign(CD_DEV_ATTESTATION_KEY_SE05X_ID, signature_se05x, &signature_se05x_len); - se05x_delete_key(CD_ATTEST_NONCE_DATA_SE05X_ID); - se05x_delete_key(CD_TIME_STAMP_LEN_SE05X_ID); - se05x_delete_key(CD_TIME_STAMP_DATA_SE05X_ID); - se05x_delete_key(CD_ATTEST_CHALLENGE_SE05X_ID); - sign_cert_decl_attest = 0; - } - else - { - err = se05xPerformInternalSign(NOCSR_DEV_ATTESTATION_KEY_SE05X_ID, signature_se05x, &signature_se05x_len); - se05x_delete_key(NOCSR_CSR_LEN_SE05X_ID); - se05x_delete_key(NOCSR_CSR_DATA_SE05X_ID); - se05x_delete_key(NOCSR_CSR_NONCE_DATA_SE05X_ID); - se05x_delete_key(NOCSR_ATTEST_CHALLENGE_SE05X_ID); - sign_cert_decl_attest = 1; - } - + err = se05xPerformInternalSign(DEV_ATTESTATION_KEY_SE05X_ID_IS, signature_se05x, &signature_se05x_len); ReturnErrorOnFailure(err); - return chip::Crypto::EcdsaAsn1SignatureToRaw(chip::Crypto::kP256_FE_Length, ByteSpan{ signature_se05x, signature_se05x_len }, + err = chip::Crypto::EcdsaAsn1SignatureToRaw(chip::Crypto::kP256_FE_Length, ByteSpan{ signature_se05x, signature_se05x_len }, out_signature_buffer); + + se05x_delete_key(TAG1_ID); + se05x_delete_key(TAG1_LEN_ID); + se05x_delete_key(TAG1_VALUE_ID); + se05x_delete_key(TAG2_ID); + se05x_delete_key(TAG2_LEN_ID); + se05x_delete_key(TAG2_VALUE_ID); + se05x_delete_key(TAG3_ID); + se05x_delete_key(TAG3_LEN_ID); + se05x_delete_key(TAG3_VALUE_ID); + se05x_delete_key(ATTEST_CHALLENGE_ID); + + return err; } } // namespace @@ -295,4 +270,4 @@ DeviceAttestationCredentialsProvider * GetExampleSe05xDACProviderv2() } // namespace Credentials } // namespace chip -#endif //#ifdef ENABLE_HSM_DEVICE_ATTESTATION +#endif //#ifdef ENABLE_HSM_DEVICE_ATTESTATION \ No newline at end of file diff --git a/examples/platform/nxp/se05x/linux/AppMain.cpp b/examples/platform/nxp/se05x/linux/AppMain.cpp index f0a49794dd32e2..5d8d4199e550cd 100644 --- a/examples/platform/nxp/se05x/linux/AppMain.cpp +++ b/examples/platform/nxp/se05x/linux/AppMain.cpp @@ -77,11 +77,13 @@ #include "CommissionableInit.h" #if CHIP_CRYPTO_HSM +#include "se05x_t4t_utils.h" #include "DeviceAttestationSe05xCredsExample.h" #include #include #endif + using namespace chip; using namespace chip::ArgParser; using namespace chip::Credentials; @@ -367,6 +369,10 @@ void ChipLinuxAppMainLoop() #else static chip::CommonCaseDeviceServerInitParams initParams; #endif + +#if CHIP_CRYPTO_HSM + VerifyOrDie(se05x_enable_contactless_interface() == 0); +#endif VerifyOrDie(initParams.InitializeStaticResourcesBeforeServerInit() == CHIP_NO_ERROR); #if defined(ENABLE_CHIP_SHELL) diff --git a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp index 2545ecf5a657c1..de4c4439fff211 100644 --- a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp +++ b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp @@ -24,6 +24,7 @@ #include "CHIPCryptoPALHsm_SE05X_utils.h" #include "fsl_sss_policy.h" +#include "se05x_t4t_utils.h" ex_sss_boot_ctx_t gex_sss_chip_ctx; @@ -76,12 +77,18 @@ static Mutex sSEObjMutex; #endif //#if ENABLE_REENTRANCY /* Open session to se05x */ -void se05x_sessionOpen(void) +CHIP_ERROR se05x_sessionOpen(void) { static int is_session_open = 0; if (is_session_open) { - return; + return CHIP_NO_ERROR; + } + + if(se05x_enable_contact_interface()) + { + ChipLogError(Crypto, "se05x error: %s\n", "se05x_enable_contact_interface failed"); + return CHIP_ERROR_INTERNAL; } memset(&gex_sss_chip_ctx, 0, sizeof(gex_sss_chip_ctx)); @@ -91,24 +98,25 @@ void se05x_sessionOpen(void) if (kStatus_SSS_Success != status) { ChipLogError(Crypto, "se05x error: %s\n", "ex_sss_boot_connectstring failed"); - return; + return CHIP_ERROR_INTERNAL; } status = ex_sss_boot_open(&gex_sss_chip_ctx, portName); if (kStatus_SSS_Success != status) { ChipLogError(Crypto, "se05x error: %s\n", "ex_sss_boot_open failed"); - return; + return CHIP_ERROR_INTERNAL; } status = ex_sss_key_store_and_object_init(&gex_sss_chip_ctx); if (kStatus_SSS_Success != status) { ChipLogError(Crypto, "se05x error: %s\n", "ex_sss_key_store_and_object_init failed"); - return; + return CHIP_ERROR_INTERNAL; } is_session_open = 1; + return CHIP_NO_ERROR; } /* Delete key in se05x */ diff --git a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h index 75e59a64109649..a1a59887f2603f 100644 --- a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h +++ b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h @@ -71,7 +71,7 @@ extern "C" { #endif /* Open session to se05x */ -void se05x_sessionOpen(void); +CHIP_ERROR se05x_sessionOpen(void); /* Delete key in se05x */ void se05x_delete_key(uint32_t keyid); From 002d15ea602401e15834ed68f6893a0a296babce Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Tue, 11 Oct 2022 22:51:19 +0530 Subject: [PATCH 03/18] updated simw build files --- third_party/simw-top-mini/BUILD.gn | 5 +++++ third_party/simw-top-mini/simw_config.gni | 1 + 2 files changed, 6 insertions(+) diff --git a/third_party/simw-top-mini/BUILD.gn b/third_party/simw-top-mini/BUILD.gn index 300adb83957fb6..ac023cf4a98dff 100644 --- a/third_party/simw-top-mini/BUILD.gn +++ b/third_party/simw-top-mini/BUILD.gn @@ -34,6 +34,10 @@ config("se05x_config") { ] } + if (chip_rpi_se05x_t4t_demo == 1) { + defines += ["CHIP_RPI_SE05X_T4T_DEMO"] + } + include_dirs = [ "${chip_root}/third_party/simw-top-mini/repo", "${chip_root}/third_party/simw-top-mini/repo/sss/inc", @@ -84,6 +88,7 @@ source_set("se05x") { "${chip_root}/third_party/simw-top-mini/repo/sss/src/se05x/fsl_sss_se05x_apis.c", "${chip_root}/third_party/simw-top-mini/repo/sss/src/se05x/fsl_sss_se05x_mw.c", "${chip_root}/third_party/simw-top-mini/repo/sss/src/se05x/fsl_sss_se05x_policy.c", + "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/generic/se05x_t4t_utils.cpp", ] sources += [ diff --git a/third_party/simw-top-mini/simw_config.gni b/third_party/simw-top-mini/simw_config.gni index 4f46c788353204..92a3e0d7244efa 100644 --- a/third_party/simw-top-mini/simw_config.gni +++ b/third_party/simw-top-mini/simw_config.gni @@ -17,4 +17,5 @@ declare_args() { # possible values host_k32w, host_linux host = "host_k32w" + chip_rpi_se05x_t4t_demo = 0 } From 1ba6a9020dfd9e1dbf877b74709c5bb81d3e5896 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Tue, 11 Oct 2022 23:48:41 +0530 Subject: [PATCH 04/18] reverting changes --- .../hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp | 16 +++++----------- .../hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h | 2 +- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp index de4c4439fff211..87c2429992063d 100644 --- a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp +++ b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp @@ -77,18 +77,12 @@ static Mutex sSEObjMutex; #endif //#if ENABLE_REENTRANCY /* Open session to se05x */ -CHIP_ERROR se05x_sessionOpen(void) +void se05x_sessionOpen(void) { static int is_session_open = 0; if (is_session_open) { - return CHIP_NO_ERROR; - } - - if(se05x_enable_contact_interface()) - { - ChipLogError(Crypto, "se05x error: %s\n", "se05x_enable_contact_interface failed"); - return CHIP_ERROR_INTERNAL; + return; } memset(&gex_sss_chip_ctx, 0, sizeof(gex_sss_chip_ctx)); @@ -98,14 +92,14 @@ CHIP_ERROR se05x_sessionOpen(void) if (kStatus_SSS_Success != status) { ChipLogError(Crypto, "se05x error: %s\n", "ex_sss_boot_connectstring failed"); - return CHIP_ERROR_INTERNAL; + return; } status = ex_sss_boot_open(&gex_sss_chip_ctx, portName); if (kStatus_SSS_Success != status) { ChipLogError(Crypto, "se05x error: %s\n", "ex_sss_boot_open failed"); - return CHIP_ERROR_INTERNAL; + return; } status = ex_sss_key_store_and_object_init(&gex_sss_chip_ctx); @@ -116,7 +110,7 @@ CHIP_ERROR se05x_sessionOpen(void) } is_session_open = 1; - return CHIP_NO_ERROR; + return; } /* Delete key in se05x */ diff --git a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h index a1a59887f2603f..75e59a64109649 100644 --- a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h +++ b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.h @@ -71,7 +71,7 @@ extern "C" { #endif /* Open session to se05x */ -CHIP_ERROR se05x_sessionOpen(void); +void se05x_sessionOpen(void); /* Delete key in se05x */ void se05x_delete_key(uint32_t keyid); From f37cac572cf605a68db15903d9ef130782e2726e Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Tue, 11 Oct 2022 23:50:44 +0530 Subject: [PATCH 05/18] reverting changes --- src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp index 87c2429992063d..2545ecf5a657c1 100644 --- a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp +++ b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp @@ -24,7 +24,6 @@ #include "CHIPCryptoPALHsm_SE05X_utils.h" #include "fsl_sss_policy.h" -#include "se05x_t4t_utils.h" ex_sss_boot_ctx_t gex_sss_chip_ctx; @@ -106,11 +105,10 @@ void se05x_sessionOpen(void) if (kStatus_SSS_Success != status) { ChipLogError(Crypto, "se05x error: %s\n", "ex_sss_key_store_and_object_init failed"); - return CHIP_ERROR_INTERNAL; + return; } is_session_open = 1; - return; } /* Delete key in se05x */ From 8e71d946c0ef08436d2b8a7bf01465b894ed9690 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Wed, 12 Oct 2022 00:16:12 +0530 Subject: [PATCH 06/18] using chip_device_platform --- examples/thermostat/nxp/linux-se05x/args.gni | 1 - third_party/simw-top-mini/BUILD.gn | 9 +++++---- third_party/simw-top-mini/simw_config.gni | 2 -- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/examples/thermostat/nxp/linux-se05x/args.gni b/examples/thermostat/nxp/linux-se05x/args.gni index 7f8ae31b2a2a4b..c9ccb79255d82b 100644 --- a/examples/thermostat/nxp/linux-se05x/args.gni +++ b/examples/thermostat/nxp/linux-se05x/args.gni @@ -15,4 +15,3 @@ import("//build_overrides/chip.gni") import("${chip_root}/config/standalone/args.gni") chip_with_se05x = 1 -host = "host_linux" diff --git a/third_party/simw-top-mini/BUILD.gn b/third_party/simw-top-mini/BUILD.gn index ac023cf4a98dff..011192070e5ab9 100644 --- a/third_party/simw-top-mini/BUILD.gn +++ b/third_party/simw-top-mini/BUILD.gn @@ -14,6 +14,7 @@ import("//build_overrides/chip.gni") import("${chip_root}/third_party/simw-top-mini/simw_config.gni") +import("${chip_root}/src/platform/device.gni") config("se05x_config") { defines = [ "SSS_USE_FTR_FILE" ] @@ -26,7 +27,7 @@ config("se05x_config") { #defines += ["FLOW_VERBOSE"] - if (host == "host_k32w") { + if (chip_device_platform == "k32w0") { defines += [ "AX_EMBEDDED", "LPC_K32W", @@ -53,7 +54,7 @@ config("se05x_config") { "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/inc", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/smCom", ] - if (host == "host_k32w") { + if (chip_device_platform == "k32w0") { include_dirs += [ "${chip_root}/third_party/simw-top-mini/repo/demos/ksdk/common/boards/DK6/wireless_examples/chip", "${chip_root}/third_party/simw-top-mini/repo/demos/ksdk/common/freertos/boards/DK6", @@ -98,12 +99,12 @@ source_set("se05x") { "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/smCom/smComT1oI2C.c", ] - if (host == "host_k32w") { + if (chip_device_platform == "k32w0") { sources += [ "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/ksdk/i2c_dk6.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/ksdk/timer_kinetis_freertos.c", ] - } else if (host == "host_linux") { + } else if (chip_device_platform == "linux") { sources += [ "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/generic/sm_timer.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/linux/i2c_a7.c", diff --git a/third_party/simw-top-mini/simw_config.gni b/third_party/simw-top-mini/simw_config.gni index 92a3e0d7244efa..2bffa51eaa6c42 100644 --- a/third_party/simw-top-mini/simw_config.gni +++ b/third_party/simw-top-mini/simw_config.gni @@ -15,7 +15,5 @@ # Configuration file declare_args() { - # possible values host_k32w, host_linux - host = "host_k32w" chip_rpi_se05x_t4t_demo = 0 } From 10044e2f41460a0eb8c05319d4e3f536977a7d7b Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Sun, 16 Oct 2022 19:27:32 +0530 Subject: [PATCH 07/18] updated simw package repo --- .../nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp | 4 ++-- third_party/simw-top-mini/repo | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index bb796714e3e09a..c50ebdd10c47ca 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -185,7 +185,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa ByteSpan tagvalue; uint8_t tempBuf[2] = {0,}; - tempBuf[0] = 0x15; + tempBuf[0] = (uint8_t)TLV::TLVElementType::Structure; VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1), CHIP_ERROR_INTERNAL); @@ -221,7 +221,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa } } - tempBuf[0] = 0x18; + tempBuf[0] = (uint8_t)TLV::TLVElementType::EndOfContainer; VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(END_CONTAINER_SE05X_ID, tempBuf, 1), CHIP_ERROR_INTERNAL); diff --git a/third_party/simw-top-mini/repo b/third_party/simw-top-mini/repo index bb2b2e95335394..a0535eba5aa298 160000 --- a/third_party/simw-top-mini/repo +++ b/third_party/simw-top-mini/repo @@ -1 +1 @@ -Subproject commit bb2b2e95335394c999812de97a8bec73d7c6dc1a +Subproject commit a0535eba5aa29851a354f1bcaaaa757d18fc9a05 From 7ac71a687afc3fca80de845641a1cc55dfa94ac4 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Sun, 16 Oct 2022 19:55:48 +0530 Subject: [PATCH 08/18] restyler-diff --- .../DeviceAttestationSe05xCredsExample_v2.cpp | 76 +++++++++---------- examples/platform/nxp/se05x/linux/AppMain.cpp | 3 +- 2 files changed, 37 insertions(+), 42 deletions(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index c50ebdd10c47ca..dd6aa9b8d5ab81 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -35,29 +35,28 @@ #include /* Device attestation key ids */ -#define DEV_ATTESTATION_KEY_SE05X_ID 0x7D300000 -#define DEV_ATTESTATION_CERT_SE05X_ID 0x7D300001 -#define CERT_DECLARATION_DATA_SE05X_ID 0x7D300002 +#define DEV_ATTESTATION_KEY_SE05X_ID 0x7D300000 +#define DEV_ATTESTATION_CERT_SE05X_ID 0x7D300001 +#define CERT_DECLARATION_DATA_SE05X_ID 0x7D300002 /* Device attestation key ids (Used with internal sign) */ -#define DEV_ATTESTATION_KEY_SE05X_ID_IS 0x7D300003 -#define DEV_ATTESTATION_KEY_SE05X_ID_IS_TBS 0x7D300004 +#define DEV_ATTESTATION_KEY_SE05X_ID_IS 0x7D300003 +#define DEV_ATTESTATION_KEY_SE05X_ID_IS_TBS 0x7D300004 -#define TAG1_ID 0x7D300005 -#define TAG1_LEN_ID 0x7D300006 +#define TAG1_ID 0x7D300005 +#define TAG1_LEN_ID 0x7D300006 #define TAG1_VALUE_ID 0x7D300007 -#define TAG2_ID 0x7D300008 -#define TAG2_LEN_ID 0x7D300009 +#define TAG2_ID 0x7D300008 +#define TAG2_LEN_ID 0x7D300009 #define TAG2_VALUE_ID 0x7D30000A -#define TAG3_ID 0x7D30000B -#define TAG3_LEN_ID 0x7D30000C +#define TAG3_ID 0x7D30000B +#define TAG3_LEN_ID 0x7D30000C #define TAG3_VALUE_ID 0x7D30000D #define ATTEST_CHALLENGE_ID 0x7D30000E #define START_CONTAINER_SE05X_ID 0x7D30000F #define END_CONTAINER_SE05X_ID 0x7D300010 - extern CHIP_ERROR se05xGetCertificate(uint32_t keyId, uint8_t * buf, size_t * buflen); extern CHIP_ERROR se05xSetCertificate(uint32_t keyId, const uint8_t * buf, size_t buflen); extern CHIP_ERROR se05xPerformInternalSign(uint32_t keyId, uint8_t * sigBuf, size_t * sigBufLen); @@ -183,54 +182,51 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa uint16_t taglen = 0; ByteSpan tagvalue; - uint8_t tempBuf[2] = {0,}; + uint8_t tempBuf[2] = { + 0, + }; - tempBuf[0] = (uint8_t)TLV::TLVElementType::Structure; - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1), - CHIP_ERROR_INTERNAL); + tempBuf[0] = (uint8_t) TLV::TLVElementType::Structure; + VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1), CHIP_ERROR_INTERNAL); for (int i = 1; i <= 3; i++) { - if (TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader) == CHIP_NO_ERROR){ - taglen = tagReader.GetLength(); - tempBuf[0] = tagReader.GetControlByte();; + if (TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader) == CHIP_NO_ERROR) + { + taglen = tagReader.GetLength(); + tempBuf[0] = tagReader.GetControlByte(); + ; tempBuf[1] = i; - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(TAG1_ID + (3*(i - 1)), tempBuf, 2), - CHIP_ERROR_INTERNAL); - if (taglen > 256){ + VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(TAG1_ID + (3 * (i - 1)), tempBuf, 2), CHIP_ERROR_INTERNAL); + if (taglen > 256) + { tempBuf[0] = taglen & 0xFF; tempBuf[1] = (taglen >> 8) & 0xFF; - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(TAG1_LEN_ID + (3*(i - 1)), tempBuf, 2), + VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 2), CHIP_ERROR_INTERNAL); } - else { + else + { tempBuf[0] = taglen; - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(TAG1_LEN_ID + (3*(i - 1)), tempBuf, 1), + VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 1), CHIP_ERROR_INTERNAL); } - if (taglen > 0){ + if (taglen > 0) + { ReturnErrorOnFailure(tagReader.Get(tagvalue)); - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(TAG1_VALUE_ID + (3*(i - 1)), tagvalue.data(), taglen), + VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(TAG1_VALUE_ID + (3 * (i - 1)), tagvalue.data(), taglen), CHIP_ERROR_INTERNAL); } } } - tempBuf[0] = (uint8_t)TLV::TLVElementType::EndOfContainer; - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(END_CONTAINER_SE05X_ID, tempBuf, 1), - CHIP_ERROR_INTERNAL); + tempBuf[0] = (uint8_t) TLV::TLVElementType::EndOfContainer; + VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(END_CONTAINER_SE05X_ID, tempBuf, 1), CHIP_ERROR_INTERNAL); if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16) { /* Set attestation challenge */ - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(ATTEST_CHALLENGE_ID, (message_to_sign.end() - 16), 16), + VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(ATTEST_CHALLENGE_ID, (message_to_sign.end() - 16), 16), CHIP_ERROR_INTERNAL); } @@ -241,7 +237,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa ReturnErrorOnFailure(err); err = chip::Crypto::EcdsaAsn1SignatureToRaw(chip::Crypto::kP256_FE_Length, ByteSpan{ signature_se05x, signature_se05x_len }, - out_signature_buffer); + out_signature_buffer); se05x_delete_key(TAG1_ID); se05x_delete_key(TAG1_LEN_ID); @@ -270,4 +266,4 @@ DeviceAttestationCredentialsProvider * GetExampleSe05xDACProviderv2() } // namespace Credentials } // namespace chip -#endif //#ifdef ENABLE_HSM_DEVICE_ATTESTATION \ No newline at end of file +#endif //#ifdef ENABLE_HSM_DEVICE_ATTESTATION diff --git a/examples/platform/nxp/se05x/linux/AppMain.cpp b/examples/platform/nxp/se05x/linux/AppMain.cpp index 5d8d4199e550cd..b4652f5a491a6b 100644 --- a/examples/platform/nxp/se05x/linux/AppMain.cpp +++ b/examples/platform/nxp/se05x/linux/AppMain.cpp @@ -77,13 +77,12 @@ #include "CommissionableInit.h" #if CHIP_CRYPTO_HSM -#include "se05x_t4t_utils.h" #include "DeviceAttestationSe05xCredsExample.h" +#include "se05x_t4t_utils.h" #include #include #endif - using namespace chip; using namespace chip::ArgParser; using namespace chip::Credentials; From fe6df6b4a0f874808e236149921abf2301a76293 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Sun, 16 Oct 2022 21:05:37 +0530 Subject: [PATCH 09/18] restyler-diff --- examples/thermostat/nxp/linux-se05x/README.md | 5 ++++- third_party/simw-top-mini/BUILD.gn | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/examples/thermostat/nxp/linux-se05x/README.md b/examples/thermostat/nxp/linux-se05x/README.md index 8b922016a1d5b8..9a90a11e0dccc4 100644 --- a/examples/thermostat/nxp/linux-se05x/README.md +++ b/examples/thermostat/nxp/linux-se05x/README.md @@ -1 +1,4 @@ -TBU +To cross-compile this example on x64 host and run on **NXP i.MX 8M Mini** +**EVK**, see the associated +[README document](../../../../../docs/guides/nxp_imx8m_linux_examples.md) for +details. diff --git a/third_party/simw-top-mini/BUILD.gn b/third_party/simw-top-mini/BUILD.gn index 011192070e5ab9..0cd9eb9dc2a009 100644 --- a/third_party/simw-top-mini/BUILD.gn +++ b/third_party/simw-top-mini/BUILD.gn @@ -13,8 +13,8 @@ # limitations under the License. import("//build_overrides/chip.gni") -import("${chip_root}/third_party/simw-top-mini/simw_config.gni") import("${chip_root}/src/platform/device.gni") +import("${chip_root}/third_party/simw-top-mini/simw_config.gni") config("se05x_config") { defines = [ "SSS_USE_FTR_FILE" ] @@ -36,7 +36,7 @@ config("se05x_config") { } if (chip_rpi_se05x_t4t_demo == 1) { - defines += ["CHIP_RPI_SE05X_T4T_DEMO"] + defines += [ "CHIP_RPI_SE05X_T4T_DEMO" ] } include_dirs = [ @@ -71,6 +71,7 @@ source_set("se05x") { "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/infra/sm_printf.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/log/nxLog.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/smCom/smCom.c", + "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/generic/se05x_t4t_utils.cpp", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/rsp/se05x_reset.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/se05x/src/se05x_ECC_curves.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/se05x/src/se05x_mw.c", @@ -89,7 +90,6 @@ source_set("se05x") { "${chip_root}/third_party/simw-top-mini/repo/sss/src/se05x/fsl_sss_se05x_apis.c", "${chip_root}/third_party/simw-top-mini/repo/sss/src/se05x/fsl_sss_se05x_mw.c", "${chip_root}/third_party/simw-top-mini/repo/sss/src/se05x/fsl_sss_se05x_policy.c", - "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/generic/se05x_t4t_utils.cpp", ] sources += [ From 02ea2ded1a5520466b6bea1591a45ff6879d6536 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Mon, 17 Oct 2022 18:27:01 +0530 Subject: [PATCH 10/18] updated simw-repo submodule --- third_party/simw-top-mini/repo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third_party/simw-top-mini/repo b/third_party/simw-top-mini/repo index a0535eba5aa298..be0dfb64b28dea 160000 --- a/third_party/simw-top-mini/repo +++ b/third_party/simw-top-mini/repo @@ -1 +1 @@ -Subproject commit a0535eba5aa29851a354f1bcaaaa757d18fc9a05 +Subproject commit be0dfb64b28dea3509425755e3b4b5b35c38d327 From c8aafde60a4c23f46b532b7ae028a22abd94337d Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Fri, 21 Oct 2022 14:20:59 +0530 Subject: [PATCH 11/18] updated device attestation provider to handle TLV errors --- .../DeviceAttestationSe05xCredsExample_v2.cpp | 71 ++++++++++--------- 1 file changed, 37 insertions(+), 34 deletions(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index dd6aa9b8d5ab81..16bc164d46c231 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -170,6 +170,8 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa MutableByteSpan & out_signature_buffer) { CHIP_ERROR err = CHIP_NO_ERROR; + uint8_t signature_se05x[Crypto::kMax_ECDSA_Signature_Length_Der] = { 0 }; + size_t signature_se05x_len = sizeof(signature_se05x); VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); @@ -186,59 +188,59 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa 0, }; + tempBuf[0] = (uint8_t) TLV::TLVElementType::Structure; - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1), CHIP_ERROR_INTERNAL); + SuccessOrExit(se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1)); for (int i = 1; i <= 3; i++) { - if (TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader) == CHIP_NO_ERROR) + CHIP_ERROR tlverr = CHIP_NO_ERROR; + tlverr = TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader); + if (tlverr == CHIP_ERROR_TLV_TAG_NOT_FOUND){ + continue; + } + SuccessOrExit(tlverr); + + taglen = tagReader.GetLength(); + tempBuf[0] = tagReader.GetControlByte(); + ; + tempBuf[1] = i; + SuccessOrExit(se05xSetCertificate(TAG1_ID + (3 * (i - 1)), tempBuf, 2)); + if (taglen > 256) + { + tempBuf[0] = taglen & 0xFF; + tempBuf[1] = (taglen >> 8) & 0xFF; + SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 2)); + } + else { - taglen = tagReader.GetLength(); - tempBuf[0] = tagReader.GetControlByte(); - ; - tempBuf[1] = i; - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(TAG1_ID + (3 * (i - 1)), tempBuf, 2), CHIP_ERROR_INTERNAL); - if (taglen > 256) - { - tempBuf[0] = taglen & 0xFF; - tempBuf[1] = (taglen >> 8) & 0xFF; - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 2), - CHIP_ERROR_INTERNAL); - } - else - { - tempBuf[0] = taglen; - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 1), - CHIP_ERROR_INTERNAL); - } - if (taglen > 0) - { - ReturnErrorOnFailure(tagReader.Get(tagvalue)); - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(TAG1_VALUE_ID + (3 * (i - 1)), tagvalue.data(), taglen), - CHIP_ERROR_INTERNAL); - } + tempBuf[0] = taglen; + SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 1)); + } + if (taglen > 0) + { + SuccessOrExit(tagReader.Get(tagvalue)); + SuccessOrExit(se05xSetCertificate(TAG1_VALUE_ID + (3 * (i - 1)), tagvalue.data(), taglen)); } } tempBuf[0] = (uint8_t) TLV::TLVElementType::EndOfContainer; - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(END_CONTAINER_SE05X_ID, tempBuf, 1), CHIP_ERROR_INTERNAL); + SuccessOrExit(se05xSetCertificate(END_CONTAINER_SE05X_ID, tempBuf, 1)); if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16) { /* Set attestation challenge */ - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(ATTEST_CHALLENGE_ID, (message_to_sign.end() - 16), 16), - CHIP_ERROR_INTERNAL); + SuccessOrExit(se05xSetCertificate(ATTEST_CHALLENGE_ID, (message_to_sign.end() - 16), 16)); } - uint8_t signature_se05x[Crypto::kMax_ECDSA_Signature_Length_Der] = { 0 }; - size_t signature_se05x_len = sizeof(signature_se05x); - - err = se05xPerformInternalSign(DEV_ATTESTATION_KEY_SE05X_ID_IS, signature_se05x, &signature_se05x_len); - ReturnErrorOnFailure(err); + SuccessOrExit(se05xPerformInternalSign(DEV_ATTESTATION_KEY_SE05X_ID_IS, signature_se05x, &signature_se05x_len)); err = chip::Crypto::EcdsaAsn1SignatureToRaw(chip::Crypto::kP256_FE_Length, ByteSpan{ signature_se05x, signature_se05x_len }, out_signature_buffer); +exit: + // Delete existing objects if any + se05x_delete_key(START_CONTAINER_SE05X_ID); se05x_delete_key(TAG1_ID); se05x_delete_key(TAG1_LEN_ID); se05x_delete_key(TAG1_VALUE_ID); @@ -248,6 +250,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa se05x_delete_key(TAG3_ID); se05x_delete_key(TAG3_LEN_ID); se05x_delete_key(TAG3_VALUE_ID); + se05x_delete_key(END_CONTAINER_SE05X_ID); se05x_delete_key(ATTEST_CHALLENGE_ID); return err; From bb6be75f9483e2a4e88f702ae1b5b4fb71f64fc2 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Sat, 22 Oct 2022 17:37:37 +0530 Subject: [PATCH 12/18] removed extra semicolon restyler --- .../nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index 16bc164d46c231..959bcfac3800ec 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -169,7 +169,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::GetFirmwareInformation(MutableByteSpan & o CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_signature_buffer) { - CHIP_ERROR err = CHIP_NO_ERROR; + CHIP_ERROR err = CHIP_NO_ERROR; uint8_t signature_se05x[Crypto::kMax_ECDSA_Signature_Length_Der] = { 0 }; size_t signature_se05x_len = sizeof(signature_se05x); VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT); @@ -188,22 +188,21 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa 0, }; - tempBuf[0] = (uint8_t) TLV::TLVElementType::Structure; SuccessOrExit(se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1)); for (int i = 1; i <= 3; i++) { CHIP_ERROR tlverr = CHIP_NO_ERROR; - tlverr = TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader); - if (tlverr == CHIP_ERROR_TLV_TAG_NOT_FOUND){ + tlverr = TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader); + if (tlverr == CHIP_ERROR_TLV_TAG_NOT_FOUND) + { continue; } SuccessOrExit(tlverr); taglen = tagReader.GetLength(); tempBuf[0] = tagReader.GetControlByte(); - ; tempBuf[1] = i; SuccessOrExit(se05xSetCertificate(TAG1_ID + (3 * (i - 1)), tempBuf, 2)); if (taglen > 256) From d5f853cd96559241c0db37236473d65431e8af0a Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Sat, 22 Oct 2022 18:04:16 +0530 Subject: [PATCH 13/18] updated comments in DAC provider --- .../DeviceAttestationSe05xCredsExample_v2.cpp | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index 959bcfac3800ec..9c9fb5fc0dd2a2 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -57,6 +57,8 @@ #define START_CONTAINER_SE05X_ID 0x7D30000F #define END_CONTAINER_SE05X_ID 0x7D300010 +#define NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE 3 /* Starting with TAG1 */ + extern CHIP_ERROR se05xGetCertificate(uint32_t keyId, uint8_t * buf, size_t * buflen); extern CHIP_ERROR se05xSetCertificate(uint32_t keyId, const uint8_t * buf, size_t buflen); extern CHIP_ERROR se05xPerformInternalSign(uint32_t keyId, uint8_t * sigBuf, size_t * sigBufLen); @@ -68,6 +70,11 @@ namespace Examples { namespace { +// Note: The example DAC provider class is only for demonstration purpose. +// Modification to SignWithDeviceAttestationKey memeber will be required in case there is a change in device attestation sign +// message (other TLVs are added). In the current implementation of SignWithDeviceAttestationKey only TLV1, TLV2 and TLV3 are +// expected in the sign message. + class ExampleSe05xDACProviderv2 : public DeviceAttestationCredentialsProvider { public: @@ -191,7 +198,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa tempBuf[0] = (uint8_t) TLV::TLVElementType::Structure; SuccessOrExit(se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1)); - for (int i = 1; i <= 3; i++) + for (int i = 1; i <= NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE; i++) { CHIP_ERROR tlverr = CHIP_NO_ERROR; tlverr = TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader); @@ -201,25 +208,30 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa } SuccessOrExit(tlverr); + // Transisnet binary object ids starting from location 0x7D300005 (TAG1_ID) to 0x7D30000D (TAG3_VALUE_ID) + // are used to store the TLV contents. + // Binary object id are calulated using the loop iterator in the below code. + taglen = tagReader.GetLength(); tempBuf[0] = tagReader.GetControlByte(); tempBuf[1] = i; - SuccessOrExit(se05xSetCertificate(TAG1_ID + (3 * (i - 1)), tempBuf, 2)); + SuccessOrExit(se05xSetCertificate(TAG1_ID + (NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE * (i - 1)), tempBuf, 2)); if (taglen > 256) { tempBuf[0] = taglen & 0xFF; tempBuf[1] = (taglen >> 8) & 0xFF; - SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 2)); + SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE * (i - 1)), tempBuf, 2)); } else { tempBuf[0] = taglen; - SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 1)); + SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE * (i - 1)), tempBuf, 1)); } if (taglen > 0) { SuccessOrExit(tagReader.Get(tagvalue)); - SuccessOrExit(se05xSetCertificate(TAG1_VALUE_ID + (3 * (i - 1)), tagvalue.data(), taglen)); + SuccessOrExit( + se05xSetCertificate(TAG1_VALUE_ID + (NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE * (i - 1)), tagvalue.data(), taglen)); } } From df6e526c4eef69de9507965aca28672abc74ff06 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Sat, 22 Oct 2022 21:52:08 +0530 Subject: [PATCH 14/18] making only TAG3 optional --- .../nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index 9c9fb5fc0dd2a2..55f63c87eb70c8 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -202,7 +202,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa { CHIP_ERROR tlverr = CHIP_NO_ERROR; tlverr = TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader); - if (tlverr == CHIP_ERROR_TLV_TAG_NOT_FOUND) + if ((i == 3) && (tlverr == CHIP_ERROR_TLV_TAG_NOT_FOUND)) { continue; } From 23c796f2a358c47ebeaf3e1bb0b0d1d43e20bd22 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Sat, 22 Oct 2022 22:29:05 +0530 Subject: [PATCH 15/18] spell check --- .../nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index 55f63c87eb70c8..94ccd39c33d546 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -71,7 +71,7 @@ namespace Examples { namespace { // Note: The example DAC provider class is only for demonstration purpose. -// Modification to SignWithDeviceAttestationKey memeber will be required in case there is a change in device attestation sign +// Modification to SignWithDeviceAttestationKey member will be required in case there is a change in device attestation sign // message (other TLVs are added). In the current implementation of SignWithDeviceAttestationKey only TLV1, TLV2 and TLV3 are // expected in the sign message. @@ -210,7 +210,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa // Transisnet binary object ids starting from location 0x7D300005 (TAG1_ID) to 0x7D30000D (TAG3_VALUE_ID) // are used to store the TLV contents. - // Binary object id are calulated using the loop iterator in the below code. + // Binary object id are calculated using the loop iterator in the below code. taglen = tagReader.GetLength(); tempBuf[0] = tagReader.GetControlByte(); From 4ac60ce85aefabee535370e0847d1bd56a914d40 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Sat, 22 Oct 2022 22:58:50 +0530 Subject: [PATCH 16/18] updated comments --- .../nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index 94ccd39c33d546..aa4917d8a62887 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -215,23 +215,23 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa taglen = tagReader.GetLength(); tempBuf[0] = tagReader.GetControlByte(); tempBuf[1] = i; - SuccessOrExit(se05xSetCertificate(TAG1_ID + (NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE * (i - 1)), tempBuf, 2)); + SuccessOrExit(se05xSetCertificate(TAG1_ID + (3 /* tag + length + value ids */ * (i - 1)), tempBuf, 2)); if (taglen > 256) { tempBuf[0] = taglen & 0xFF; tempBuf[1] = (taglen >> 8) & 0xFF; - SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE * (i - 1)), tempBuf, 2)); + SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 2)); } else { tempBuf[0] = taglen; - SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE * (i - 1)), tempBuf, 1)); + SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 1)); } if (taglen > 0) { SuccessOrExit(tagReader.Get(tagvalue)); SuccessOrExit( - se05xSetCertificate(TAG1_VALUE_ID + (NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE * (i - 1)), tagvalue.data(), taglen)); + se05xSetCertificate(TAG1_VALUE_ID + (3 * (i - 1)), tagvalue.data(), taglen)); } } From f98c7999066468b2032cd8d46414a39ffbc175f0 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp <77627602+sujaygkulkarni-nxp@users.noreply.github.com> Date: Tue, 25 Oct 2022 20:20:26 +0530 Subject: [PATCH 17/18] Update examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp Co-authored-by: Boris Zbarsky --- .../nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index aa4917d8a62887..d9f63d7a59d378 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -208,7 +208,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa } SuccessOrExit(tlverr); - // Transisnet binary object ids starting from location 0x7D300005 (TAG1_ID) to 0x7D30000D (TAG3_VALUE_ID) + // Transient binary object ids starting from location 0x7D300005 (TAG1_ID) to 0x7D30000D (TAG3_VALUE_ID) // are used to store the TLV contents. // Binary object id are calculated using the loop iterator in the below code. From ccb2cb263ab969af0a54ded8af1e38daedd52302 Mon Sep 17 00:00:00 2001 From: sujaygkulkarni-nxp Date: Wed, 26 Oct 2022 00:38:49 +0530 Subject: [PATCH 18/18] restyle-diff --- .../nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index d9f63d7a59d378..eb3b5e52553180 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -230,8 +230,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa if (taglen > 0) { SuccessOrExit(tagReader.Get(tagvalue)); - SuccessOrExit( - se05xSetCertificate(TAG1_VALUE_ID + (3 * (i - 1)), tagvalue.data(), taglen)); + SuccessOrExit(se05xSetCertificate(TAG1_VALUE_ID + (3 * (i - 1)), tagvalue.data(), taglen)); } }