Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[nrf noup] Implement Spake2pVerifier for PSA crypto #514

Merged
merged 1 commit into from
Nov 27, 2024
+88 −22
Merged

[nrf noup] Implement Spake2pVerifier for PSA crypto #514

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 26 additions & 22 deletions src/crypto/CHIPCryptoPAL.cpp
View file
Original file line number Diff line number Diff line change
@@ -238,6 +238,8 @@ CHIP_ERROR Find16BitUpperCaseHexAfterPrefix(const ByteSpan & buffer, const char

using HKDF_sha_crypto = HKDF_sha;

#if !CHIP_CRYPTO_PSA_SPAKE2P

CHIP_ERROR Spake2p::InternalHash(const uint8_t * in, size_t in_len)
{
const uint64_t u64_len = in_len;
@@ -546,28 +548,6 @@ CHIP_ERROR Spake2p_P256_SHA256_HKDF_HMAC::ComputeW0(uint8_t * w0out, size_t * w0
return CHIP_NO_ERROR;
}

CHIP_ERROR Spake2pVerifier::Serialize(MutableByteSpan & outSerialized) const
{
VerifyOrReturnError(outSerialized.size() >= kSpake2p_VerifierSerialized_Length, CHIP_ERROR_INVALID_ARGUMENT);

memcpy(&outSerialized.data()[0], mW0, sizeof(mW0));
memcpy(&outSerialized.data()[sizeof(mW0)], mL, sizeof(mL));

outSerialized.reduce_size(kSpake2p_VerifierSerialized_Length);

return CHIP_NO_ERROR;
}

CHIP_ERROR Spake2pVerifier::Deserialize(const ByteSpan & inSerialized)
{
VerifyOrReturnError(inSerialized.size() >= kSpake2p_VerifierSerialized_Length, CHIP_ERROR_INVALID_ARGUMENT);

memcpy(mW0, &inSerialized.data()[0], sizeof(mW0));
memcpy(mL, &inSerialized.data()[sizeof(mW0)], sizeof(mL));

return CHIP_NO_ERROR;
}

CHIP_ERROR Spake2pVerifier::Generate(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t setupPin)
{
uint8_t serializedWS[kSpake2p_WS_Length * 2] = { 0 };
@@ -596,6 +576,30 @@ CHIP_ERROR Spake2pVerifier::Generate(uint32_t pbkdf2IterCount, const ByteSpan &
return err;
}

#endif // !CHIP_CRYPTO_PSA_SPAKE2P

CHIP_ERROR Spake2pVerifier::Serialize(MutableByteSpan & outSerialized) const
{
VerifyOrReturnError(outSerialized.size() >= kSpake2p_VerifierSerialized_Length, CHIP_ERROR_INVALID_ARGUMENT);

memcpy(&outSerialized.data()[0], mW0, sizeof(mW0));
memcpy(&outSerialized.data()[sizeof(mW0)], mL, sizeof(mL));

outSerialized.reduce_size(kSpake2p_VerifierSerialized_Length);

return CHIP_NO_ERROR;
}

CHIP_ERROR Spake2pVerifier::Deserialize(const ByteSpan & inSerialized)
{
VerifyOrReturnError(inSerialized.size() >= kSpake2p_VerifierSerialized_Length, CHIP_ERROR_INVALID_ARGUMENT);

memcpy(mW0, &inSerialized.data()[0], sizeof(mW0));
memcpy(mL, &inSerialized.data()[sizeof(mW0)], sizeof(mL));

return CHIP_NO_ERROR;
}

CHIP_ERROR Spake2pVerifier::ComputeWS(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t setupPin, uint8_t * ws,
uint32_t ws_len)
{
62 changes: 62 additions & 0 deletions src/crypto/PSASpake2p.cpp
View file
Original file line number Diff line number Diff line change
@@ -197,5 +197,67 @@ CHIP_ERROR PSASpake2p_P256_SHA256_HKDF_HMAC::GetKeys(SessionKeystore & keystore,
return CHIP_NO_ERROR;
}

CHIP_ERROR Spake2pVerifier::Generate(uint32_t pbkdf2IterCount, const ByteSpan & salt, uint32_t setupPin)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t passwordKey = PSA_KEY_ID_NULL;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_id_t spakeKey = PSA_KEY_ID_NULL;
uint8_t verifier[kP256_FE_Length + kP256_Point_Length];
size_t verifierLen;

// Prepare password key
uint8_t password[sizeof(uint32_t)];
Encoding::LittleEndian::Put32(password, setupPin);

psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&attributes, PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256));
psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);

status = psa_import_key(&attributes, password, sizeof(password), &passwordKey);
psa_reset_key_attributes(&attributes);
VerifyOrExit(status == PSA_SUCCESS, );

// Run PBKDF
status = psa_key_derivation_setup(&operation, PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256));
VerifyOrExit(status == PSA_SUCCESS, );

status = psa_key_derivation_input_integer(&operation, PSA_KEY_DERIVATION_INPUT_COST, pbkdf2IterCount);
VerifyOrExit(status == PSA_SUCCESS, );

status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_SALT, salt.data(), salt.size());
VerifyOrExit(status == PSA_SUCCESS, );

status = psa_key_derivation_input_key(&operation, PSA_KEY_DERIVATION_INPUT_PASSWORD, passwordKey);
VerifyOrExit(status == PSA_SUCCESS, );

attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
psa_set_key_algorithm(&attributes, PSA_ALG_SPAKE2P_MATTER);
psa_set_key_type(&attributes, PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&attributes, kP256_FE_Length * 8);

status = psa_key_derivation_output_key(&attributes, &operation, &spakeKey);
psa_reset_key_attributes(&attributes);
VerifyOrExit(status == PSA_SUCCESS, );

// Export verifier as raw bytes
status = psa_export_public_key(spakeKey, verifier, sizeof(verifier), &verifierLen);

exit:
psa_key_derivation_abort(&operation);
psa_destroy_key(passwordKey);
psa_destroy_key(spakeKey);

if (status != PSA_SUCCESS)
{
ChipLogError(Crypto, "PSA error: %d", static_cast<int>(status));
return CHIP_ERROR_INTERNAL;
}

return Deserialize(ByteSpan(verifier, verifierLen));
}

} // namespace Crypto
} // namespace chip