Switched to kmu file, content of the file is not changed to KMU

Author: ArekBalysNordic

config/nrfconnect/chip-module/CMakeLists.txt

@@ -154,6 +154,7 @@ matter_add_gn_arg_bool  ("chip_enable_factory_data"               CONFIG_CHIP_FA
 matter_add_gn_arg_bool  ("chip_enable_read_client"                CONFIG_CHIP_ENABLE_READ_CLIENT)
 matter_add_gn_arg_bool  ("chip_mdns_minimal"                      CONFIG_WIFI_NRF70)
 matter_add_gn_arg_bool  ("chip_mdns_platform"                     CONFIG_NET_L2_OPENTHREAD)
+matter_add_gn_arg_bool  ("chip_crypto_psa_use_kmu"                CONFIG_CHIP_CRYPTO_PSA_KMU)
 
 if (CONFIG_CHIP_ENABLE_ICD_SUPPORT)
     matter_add_gn_arg_bool  ("chip_enable_icd_lit"                       CONFIG_CHIP_ICD_LIT_SUPPORT)

config/nrfconnect/chip-module/Kconfig.features

@@ -40,6 +40,21 @@ config CHIP_WIFI
 	imply NET_STATISTICS_IPV6
 	imply NET_STATISTICS_USER_API
 
+config CHIP_CRYPTO_PSA_KMU
+	bool "Use KMU to store persistent keys"
+	depends on SOC_SERIES_NRF54LX
+	default y
+	help
+	  Uses Key Management Unit module to store persistent keys if the PSA ITS
+	  is disabled.
+
+config CHIP_CRYPTO_PSA_KMU_ENCRYPTION
+	bool "Use encryption while storing persistent keys in KMU"
+	depends on CHIP_CRYPTO_PSA_KMU
+	help
+	  Uses encryption while storing persistent keys in Key Management Unit.
+	  This operation costs two KMU slots more than without encryption.
+
 config CHIP_QSPI_NOR
 	bool "Enable QSPI NOR feature set"
 	imply NORDIC_QSPI_NOR

src/crypto/BUILD.gn

@@ -145,11 +145,22 @@ static_library("crypto") {
 
   if (chip_crypto == "psa") {
     sources += [
-      "PSAOperationalKeystore.cpp",
       "PSAOperationalKeystore.h",
       "PSASessionKeystore.cpp",
       "PSASessionKeystore.h",
     ]
+
+    if(chip_crypto_psa_use_kmu)
+    {
+      sources += [
+        "PSAKMUOperationalKeystore.cpp",
+      ]
+    } else
+    {
+      sources += [
+        "PSAOperationalKeystore.cpp",
+      ]
+    }
   } else {
     sources += [
       "RawKeySessionKeystore.cpp",

src/crypto/PSAKMUOperationalKeystore.cpp

@@ -0,0 +1,307 @@
+/*
+ *    Copyright (c) 2023 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include "PSAOperationalKeystore.h"
+#include "PersistentStorageOperationalKeystore.h"
+
+#include <lib/support/CHIPMem.h>
+
+#include <psa/crypto.h>
+
+#ifdef CHIP_CONFIG_CRYPTO_PSA_KMU
+#include <cracen_psa_kmu.h>
+#endif
+
+namespace chip {
+namespace Crypto {
+
+PSAOperationalKeystore::PersistentP256Keypair::PersistentP256Keypair(FabricIndex fabricIndex)
+{
+    ToPsaContext(mKeypair).key_id = MakeOperationalKeyId(fabricIndex);
+    mInitialized                  = true;
+}
+
+PSAOperationalKeystore::PersistentP256Keypair::~PersistentP256Keypair()
+{
+    // This class requires explicit control of the key lifetime. Therefore, clear the key ID
+    // to prevent it from being destroyed by the base class destructor.
+    ToPsaContext(mKeypair).key_id = 0;
+}
+
+inline psa_key_id_t PSAOperationalKeystore::PersistentP256Keypair::GetKeyId() const
+{
+    return ToConstPsaContext(mKeypair).key_id;
+}
+
+bool PSAOperationalKeystore::PersistentP256Keypair::Exists() const
+{
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status             = psa_get_key_attributes(GetKeyId(), &attributes);
+
+    psa_reset_key_attributes(&attributes);
+
+    return status == PSA_SUCCESS;
+}
+
+CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Generate()
+{
+    CHIP_ERROR error                = CHIP_NO_ERROR;
+    psa_status_t status             = PSA_SUCCESS;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_id_t keyId              = 0;
+    size_t publicKeyLength;
+
+    Destroy();
+
+    // Type based on ECC with the elliptic curve SECP256r1 -> PSA_ECC_FAMILY_SECP_R1
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+    psa_set_key_bits(&attributes, kP256_PrivateKey_Length * 8);
+    psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT);
+    psa_set_key_id(&attributes, GetKeyId());
+
+    status = psa_generate_key(&attributes, &keyId);
+    VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INTERNAL);
+
+    status = psa_export_public_key(keyId, mPublicKey.Bytes(), mPublicKey.Length(), &publicKeyLength);
+    VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INTERNAL);
+    VerifyOrExit(publicKeyLength == kP256_PublicKey_Length, error = CHIP_ERROR_INTERNAL);
+
+exit:
+    psa_reset_key_attributes(&attributes);
+
+    return error;
+}
+
+CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Destroy()
+{
+    psa_status_t status = psa_destroy_key(GetKeyId());
+
+    ReturnErrorCodeIf(status == PSA_ERROR_INVALID_HANDLE, CHIP_ERROR_INVALID_FABRIC_INDEX);
+    VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
+
+    return CHIP_NO_ERROR;
+}
+
+bool PSAOperationalKeystore::HasPendingOpKeypair() const
+{
+    return mPendingFabricIndex != kUndefinedFabricIndex;
+}
+
+bool PSAOperationalKeystore::HasOpKeypairForFabric(FabricIndex fabricIndex) const
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), false);
+
+    if (mPendingFabricIndex == fabricIndex)
+    {
+        return mIsPendingKeypairActive;
+    }
+
+    return PersistentP256Keypair(fabricIndex).Exists();
+}
+
+CHIP_ERROR PSAOperationalKeystore::NewOpKeypairForFabric(FabricIndex fabricIndex, MutableByteSpan & outCertificateSigningRequest)
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    if (HasPendingOpKeypair())
+    {
+        VerifyOrReturnError(fabricIndex == mPendingFabricIndex, CHIP_ERROR_INVALID_FABRIC_INDEX);
+    }
+
+    if (mPendingKeypair == nullptr)
+    {
+        mPendingKeypair = Platform::New<PersistentP256Keypair>(fabricIndex);
+    }
+
+    VerifyOrReturnError(mPendingKeypair != nullptr, CHIP_ERROR_NO_MEMORY);
+    ReturnErrorOnFailure(mPendingKeypair->Generate());
+
+    size_t csrLength = outCertificateSigningRequest.size();
+    ReturnErrorOnFailure(mPendingKeypair->NewCertificateSigningRequest(outCertificateSigningRequest.data(), csrLength));
+    outCertificateSigningRequest.reduce_size(csrLength);
+    mPendingFabricIndex = fabricIndex;
+
+    return CHIP_NO_ERROR;
+}
+
+CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Deserialize(P256SerializedKeypair & input)
+{
+    CHIP_ERROR error                = CHIP_NO_ERROR;
+    psa_status_t status             = PSA_SUCCESS;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_id_t keyId              = 0;
+    VerifyOrReturnError(input.Length() == mPublicKey.Length() + kP256_PrivateKey_Length, CHIP_ERROR_INVALID_ARGUMENT);
+
+    Destroy();
+
+    // Type based on ECC with the elliptic curve SECP256r1 -> PSA_ECC_FAMILY_SECP_R1
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+    psa_set_key_bits(&attributes, kP256_PrivateKey_Length * 8);
+    psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT);
+    psa_set_key_id(&attributes, GetKeyId());
+
+    status = psa_import_key(&attributes, input.ConstBytes() + mPublicKey.Length(), kP256_PrivateKey_Length, &keyId);
+    VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INTERNAL);
+
+    memcpy(mPublicKey.Bytes(), input.ConstBytes(), mPublicKey.Length());
+
+exit:
+    psa_reset_key_attributes(&attributes);
+
+    return error;
+}
+
+CHIP_ERROR PSAOperationalKeystore::ActivateOpKeypairForFabric(FabricIndex fabricIndex, const Crypto::P256PublicKey & nocPublicKey)
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex) && mPendingFabricIndex == fabricIndex, CHIP_ERROR_INVALID_FABRIC_INDEX);
+    VerifyOrReturnError(mPendingKeypair->Pubkey().Matches(nocPublicKey), CHIP_ERROR_INVALID_PUBLIC_KEY);
+    mIsPendingKeypairActive = true;
+
+    return CHIP_NO_ERROR;
+}
+
+CHIP_ERROR PSAOperationalKeystore::CommitOpKeypairForFabric(FabricIndex fabricIndex)
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex) && mPendingFabricIndex == fabricIndex, CHIP_ERROR_INVALID_FABRIC_INDEX);
+    VerifyOrReturnError(mIsPendingKeypairActive, CHIP_ERROR_INCORRECT_STATE);
+
+    ReleasePendingKeypair();
+
+    return CHIP_NO_ERROR;
+}
+
+CHIP_ERROR PSAOperationalKeystore::ExportOpKeypairForFabric(FabricIndex fabricIndex, Crypto::P256SerializedKeypair & outKeypair)
+{
+    // Currently exporting the key is forbidden in PSAOperationalKeystore because the PSA_KEY_USAGE_EXPORT usage flag is not set, so
+    // there is no need to compile the code for the device, but there should be an implementation for test purposes to verify if
+    // the psa_export_key returns an error.
+#if CHIP_CONFIG_TEST
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+    VerifyOrReturnError(HasOpKeypairForFabric(fabricIndex), CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND);
+
+    size_t outSize = 0;
+    psa_status_t status =
+        psa_export_key(PersistentP256Keypair(fabricIndex).GetKeyId(), outKeypair.Bytes(), outKeypair.Capacity(), &outSize);
+
+    if (status == PSA_ERROR_BUFFER_TOO_SMALL)
+    {
+        return CHIP_ERROR_BUFFER_TOO_SMALL;
+    }
+    else if (status == PSA_ERROR_NOT_PERMITTED)
+    {
+        return CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE;
+    }
+    else if (status != PSA_SUCCESS)
+    {
+        return CHIP_ERROR_INTERNAL;
+    }
+
+    outKeypair.SetLength(outSize);
+
+    return CHIP_NO_ERROR;
+#else
+    return CHIP_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
+CHIP_ERROR PSAOperationalKeystore::RemoveOpKeypairForFabric(FabricIndex fabricIndex)
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    if (mPendingFabricIndex == fabricIndex)
+    {
+        RevertPendingKeypair();
+        return CHIP_NO_ERROR;
+    }
+
+    return PersistentP256Keypair(fabricIndex).Destroy();
+}
+
+void PSAOperationalKeystore::RevertPendingKeypair()
+{
+    VerifyOrReturn(HasPendingOpKeypair());
+    mPendingKeypair->Destroy();
+    ReleasePendingKeypair();
+}
+
+CHIP_ERROR PSAOperationalKeystore::SignWithOpKeypair(FabricIndex fabricIndex, const ByteSpan & message,
+                                                     Crypto::P256ECDSASignature & outSignature) const
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    if (mPendingFabricIndex == fabricIndex)
+    {
+        VerifyOrReturnError(mIsPendingKeypairActive, CHIP_ERROR_INVALID_FABRIC_INDEX);
+        return mPendingKeypair->ECDSA_sign_msg(message.data(), message.size(), outSignature);
+    }
+
+    PersistentP256Keypair keypair(fabricIndex);
+    VerifyOrReturnError(keypair.Exists(), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    return keypair.ECDSA_sign_msg(message.data(), message.size(), outSignature);
+}
+
+Crypto::P256Keypair * PSAOperationalKeystore::AllocateEphemeralKeypairForCASE()
+{
+    return Platform::New<Crypto::P256Keypair>();
+}
+
+void PSAOperationalKeystore::ReleaseEphemeralKeypair(Crypto::P256Keypair * keypair)
+{
+    Platform::Delete(keypair);
+}
+
+void PSAOperationalKeystore::ReleasePendingKeypair()
+{
+    Platform::Delete(mPendingKeypair);
+    mPendingKeypair         = nullptr;
+    mPendingFabricIndex     = kUndefinedFabricIndex;
+    mIsPendingKeypairActive = false;
+}
+
+CHIP_ERROR PSAOperationalKeystore::MigrateOpKeypairForFabric(FabricIndex fabricIndex,
+                                                             OperationalKeystore & operationalKeystore) const
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    P256SerializedKeypair serializedKeypair;
+
+    // Do not allow overwriting the existing key and just remove it from the previous Operational Keystore if needed.
+    if (!HasOpKeypairForFabric(fabricIndex))
+    {
+        ReturnErrorOnFailure(operationalKeystore.ExportOpKeypairForFabric(fabricIndex, serializedKeypair));
+
+        PersistentP256Keypair keypair(fabricIndex);
+        ReturnErrorOnFailure(keypair.Deserialize(serializedKeypair));
+
+        // Migrated key is not useful anymore, remove it from the previous keystore.
+        ReturnErrorOnFailure(operationalKeystore.RemoveOpKeypairForFabric(fabricIndex));
+    }
+    else if (operationalKeystore.HasOpKeypairForFabric(fabricIndex))
+    {
+        ReturnErrorOnFailure(operationalKeystore.RemoveOpKeypairForFabric(fabricIndex));
+    }
+
+    return CHIP_NO_ERROR;
+}
+
+} // namespace Crypto
+} // namespace chip

src/crypto/crypto.gni

@@ -22,6 +22,9 @@ declare_args() {
 
   # Use PSA Spake2+ implementation. Only used if chip_crypto == "psa"
   chip_crypto_psa_spake2p = false
+
+  # Use PSA KMU storage. Only used if device == nRF54LX series.
+  chip_crypto_psa_use_kmu = false
 }
 
 assert(

src/platform/nrfconnect/CHIPPlatformConfig.h

@@ -59,6 +59,14 @@
 #define CHIP_CONFIG_CRYPTO_PSA_KEY_ID_BASE 0x30000
 #endif // CHIP_CONFIG_CRYPTO_PSA_KEY_ID_BASE
 
+#ifndef CHIP_CONFIG_CRYPTO_PSA_KMU
+#define CHIP_CONFIG_CRYPTO_PSA_KMU CONFIG_CHIP_CRYPTO_PSA_KMU
+#endif // CHIP_CONFIG_CRYPTO_PSA_KMU
+
+#ifndef CHIP_CONFIG_CRYPTO_PSA_KMU_USE_ENCRYPTION
+#define CHIP_CONFIG_CRYPTO_PSA_KMU_USE_ENCRYPTION CONFIG_CHIP_CRYPTO_PSA_KMU_ENCRYPTION
+#endif // CHIP_CONFIG_CRYPTO_PSA_KMU_USE_ENCRYPTION
+
 // ==================== General Configuration Overrides ====================
 
 #ifndef CHIP_CONFIG_MAX_UNSOLICITED_MESSAGE_HANDLERS