@@ -78,7 +78,6 @@ extern CHIP_ERROR ECDSA_validate_msg_signature_H(const P256PublicKey * public_ke
78
78
extern CHIP_ERROR ECDSA_validate_hash_signature_H (const P256PublicKey * public_key, const uint8_t * hash, const size_t hash_length,
79
79
const P256ECDSASignature & signature);
80
80
81
- #if (ENABLE_TRUSTM_GENERATE_EC_KEY || ENABLE_TRUSTM_ECDSA_VERIFY)
82
81
static CHIP_ERROR get_trustm_keyid_from_keypair (const P256KeypairContext mKeypair , uint32_t * key_id)
83
82
{
84
83
if (0 != memcmp (&mKeypair .mBytes [0 ], trustm_magic_no, sizeof (trustm_magic_no)))
@@ -87,36 +86,21 @@ static CHIP_ERROR get_trustm_keyid_from_keypair(const P256KeypairContext mKeypai
87
86
}
88
87
89
88
*key_id += (mKeypair .mBytes [CRYPTO_KEYPAIR_KEYID_OFFSET]) | (mKeypair .mBytes [CRYPTO_KEYPAIR_KEYID_OFFSET + 1 ] << 8 );
90
-
91
89
return CHIP_NO_ERROR;
92
90
}
93
- #endif // #if (ENABLE_TRUSTM_GENERATE_EC_KEY || ENABLE_TRUSTM_ECDSA_VERIFY)
94
91
95
92
P256Keypair::~P256Keypair ()
96
93
{
97
- // Add method to get the keyid
98
94
if (CHIP_NO_ERROR != get_trustm_keyid_from_keypair (mKeypair , &keyid))
99
95
{
100
96
Clear ();
101
97
}
102
- else
103
- {
104
- // Delete the key in SE
105
- }
106
98
}
107
99
108
100
CHIP_ERROR P256Keypair::Initialize (ECPKeyTarget key_target)
109
101
{
110
102
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
111
103
112
- #if !ENABLE_TRUSTM_GENERATE_EC_KEY
113
- if (CHIP_NO_ERROR == Initialize_H (this , &mPublicKey , &mKeypair ))
114
- {
115
- mInitialized = true ;
116
- }
117
- error = CHIP_NO_ERROR;
118
- return error;
119
- #else
120
104
uint8_t pubkey[128 ] = {
121
105
0 ,
122
106
};
@@ -136,11 +120,20 @@ CHIP_ERROR P256Keypair::Initialize(ECPKeyTarget key_target)
136
120
}
137
121
else
138
122
{
123
+ #if !ENABLE_TRUSTM_NOC_KEYGEN
124
+ error = Initialize_H (this , &mPublicKey , &mKeypair );
125
+ if (CHIP_NO_ERROR == error)
126
+ {
127
+ mInitialized = true ;
128
+ }
129
+ return error;
130
+ #else
139
131
// Add the logic to use different keyid
140
132
keyid = TRUSTM_NODE_OID_KEY_START;
141
133
// Trust M ECC 256 Key Gen
142
134
ChipLogDetail (Crypto, " Generating NIST256 key in TrustM !" );
143
135
key_usage = (optiga_key_usage_t ) (OPTIGA_KEY_USAGE_SIGN | OPTIGA_KEY_USAGE_AUTHENTICATION);
136
+ #endif // ! ENABLE_TRUSTM_NOC_KEYGEN
144
137
}
145
138
// Trust M init
146
139
trustm_Open ();
@@ -167,14 +160,13 @@ CHIP_ERROR P256Keypair::Initialize(ECPKeyTarget key_target)
167
160
trustm_close ();
168
161
}
169
162
return error;
170
- #endif
171
163
}
172
164
173
165
CHIP_ERROR P256Keypair::ECDSA_sign_msg (const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) const
174
166
{
175
- # if !ENABLE_TRUSTM_GENERATE_EC_KEY
176
- return ECDSA_sign_msg_H (& mKeypair , msg, msg_length, out_signature );
177
- # else
167
+ VerifyOrReturnError ( mInitialized , CHIP_ERROR_UNINITIALIZED);
168
+ uint16_t keyid = ( mKeypair . mBytes [CRYPTO_KEYPAIR_KEYID_OFFSET]) | ( mKeypair . mBytes [CRYPTO_KEYPAIR_KEYID_OFFSET + 1 ] << 8 );
169
+
178
170
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
179
171
optiga_lib_status_t return_status = OPTIGA_LIB_BUSY;
180
172
@@ -188,20 +180,31 @@ CHIP_ERROR P256Keypair::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P
188
180
189
181
VerifyOrReturnError (msg != nullptr , CHIP_ERROR_INVALID_ARGUMENT);
190
182
VerifyOrReturnError (msg_length > 0 , CHIP_ERROR_INVALID_ARGUMENT);
191
- ChipLogDetail (Crypto, " TrustM: ECDSA_sign_msg" );
192
183
// Trust M Init
193
184
trustm_Open ();
194
185
// Hash to get the digest
195
186
Hash_SHA256 (msg, msg_length, &digest[0 ]);
196
- uint16_t keyid = (mKeypair .mBytes [CRYPTO_KEYPAIR_KEYID_OFFSET]) | (mKeypair .mBytes [CRYPTO_KEYPAIR_KEYID_OFFSET + 1 ] << 8 );
197
- // Api call to calculate the signature
198
- if (keyid == OPTIGA_KEY_ID_E0F2)
187
+
188
+ if (keyid == OPTIGA_KEY_ID_E0F0)
199
189
{
200
- return_status = trustm_ecdsa_sign (OPTIGA_KEY_ID_E0F2, digest, digest_length, signature_trustm, &signature_trustm_len);
190
+ ChipLogDetail (Crypto, " TrustM: ECDSA_sign_msg" );
191
+
192
+ // Api call to calculate the signature
193
+ return_status = trustm_ecdsa_sign (OPTIGA_KEY_ID_E0F0, digest, digest_length, signature_trustm, &signature_trustm_len);
201
194
}
202
195
else
203
196
{
204
- return_status = trustm_ecdsa_sign (OPTIGA_KEY_ID_E0F0, digest, digest_length, signature_trustm, &signature_trustm_len);
197
+ #if !ENABLE_TRUSTM_NOC_KEYGEN
198
+ // Use the mbedtls based method
199
+ ChipLogDetail (Crypto, " ECDSA sing msg mbedtls" );
200
+ return ECDSA_sign_msg_H (&mKeypair , msg, msg_length, out_signature);
201
+ #else
202
+ if (keyid == OPTIGA_KEY_ID_E0F2)
203
+ {
204
+ ChipLogDetail (Crypto, " TrustM: ECDSA_sign_msg" );
205
+ return_status = trustm_ecdsa_sign (OPTIGA_KEY_ID_E0F2, digest, digest_length, signature_trustm, &signature_trustm_len);
206
+ }
207
+ #endif // ! ENABLE_TRUSTM_NOC_KEYGEN
205
208
}
206
209
207
210
VerifyOrExit (return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
@@ -220,14 +223,10 @@ CHIP_ERROR P256Keypair::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P
220
223
trustm_close ();
221
224
}
222
225
return error;
223
- #endif
224
226
}
225
227
226
228
CHIP_ERROR P256Keypair::ECDH_derive_secret (const P256PublicKey & remote_public_key, P256ECDHDerivedSecret & out_secret) const
227
229
{
228
- #if !ENABLE_TRUSTM_GENERATE_EC_KEY
229
- return ECDH_derive_secret_H (&mKeypair , remote_public_key, out_secret);
230
- #else
231
230
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
232
231
optiga_lib_status_t return_status = OPTIGA_LIB_BUSY;
233
232
size_t secret_length = (out_secret.Length () == 0 ) ? out_secret.Capacity () : out_secret.Length ();
@@ -262,7 +261,6 @@ CHIP_ERROR P256Keypair::ECDH_derive_secret(const P256PublicKey & remote_public_k
262
261
trustm_close ();
263
262
}
264
263
return error;
265
- #endif
266
264
}
267
265
268
266
CHIP_ERROR P256PublicKey::ECDSA_validate_hash_signature (const uint8_t * hash, size_t hash_length,
@@ -313,6 +311,12 @@ CHIP_ERROR P256Keypair::Serialize(P256SerializedKeypair & output) const
313
311
0 ,
314
312
};
315
313
314
+ if (0 != memcmp (&mKeypair .mBytes [0 ], trustm_magic_no, sizeof (trustm_magic_no)))
315
+ {
316
+ VerifyOrReturnError (mInitialized , CHIP_ERROR_UNINITIALIZED);
317
+ return Serialize_H (mKeypair , mPublicKey , output);
318
+ }
319
+
316
320
/* Set the public key */
317
321
P256PublicKey & public_key = const_cast <P256PublicKey &>(Pubkey ());
318
322
bbuf.Put (Uint8::to_uchar (public_key), public_key.Length ());
@@ -358,16 +362,11 @@ CHIP_ERROR P256Keypair::Deserialize(P256SerializedKeypair & input)
358
362
}
359
363
else
360
364
{
361
- #if !ENABLE_TRUSTM_KEY_IMPORT
362
365
if (CHIP_NO_ERROR == (error = Deserialize_H (this , &mPublicKey , &mKeypair , input)))
363
366
{
364
367
mInitialized = true ;
365
368
}
366
369
return error;
367
- #else
368
- // Add in code for Trust M
369
- return CHIP_NO_ERROR;
370
- #endif
371
370
}
372
371
}
373
372
@@ -430,9 +429,6 @@ static void add_tlv(uint8_t * buf, size_t buf_index, uint8_t tag, size_t len, ui
430
429
431
430
CHIP_ERROR P256Keypair::NewCertificateSigningRequest (uint8_t * csr, size_t & csr_length) const
432
431
{
433
- #if !ENABLE_TRUSTM_GENERATE_EC_KEY
434
- return NewCertificateSigningRequest_H (&mKeypair , csr, csr_length);
435
- #else
436
432
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
437
433
optiga_lib_status_t return_status = OPTIGA_LIB_BUSY;
438
434
@@ -585,8 +581,6 @@ CHIP_ERROR P256Keypair::NewCertificateSigningRequest(uint8_t * csr, size_t & csr
585
581
trustm_close ();
586
582
}
587
583
return error;
588
-
589
- #endif
590
584
}
591
585
592
586
} // namespace Crypto
0 commit comments