Refactor SiWx917 for mbedtls usage

brosahay · rosahay-silabs · commit 8c07b961a275 · 2024-06-17T22:20:39.000+05:30
diff --git a/src/platform/silabs/PlatformManagerImpl.cpp b/src/platform/silabs/PlatformManagerImpl.cpp
@@ -46,7 +46,7 @@ namespace DeviceLayer {
 
 PlatformManagerImpl PlatformManagerImpl::sInstance;
 
-#if defined(TINYCRYPT_PRIMITIVES)
+#if defined(SL_MBEDTLS_USE_TINYCRYPT)
 sys_mutex_t PlatformManagerImpl::rngMutexHandle = NULL;
 
 int PlatformManagerImpl::uECC_RNG_Function(uint8_t * dest, unsigned int size)
@@ -75,8 +75,7 @@ static int app_entropy_source(void * data, unsigned char * output, size_t len, s
 
     return 0;
 }
-#endif // !SLI_SI91X_MCU_INTERFACE
-#endif // TINYCRYPT_PRIMITIVES
+#endif // SL_MBEDTLS_USE_TINYCRYPT
 
 CHIP_ERROR PlatformManagerImpl::_InitChipStack(void)
 {
@@ -93,14 +92,14 @@ CHIP_ERROR PlatformManagerImpl::_InitChipStack(void)
 
     ReturnErrorOnFailure(System::Clock::InitClock_RealTime());
 
-#if defined(TINYCRYPT_PRIMITIVES)
-#if !(SLI_SI91X_MCU_INTERFACE)
-    ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16 /*Threshold value*/));
-#endif // !SLI_SI91X_MCU_INTERFACE
+#if defined(SL_MBEDTLS_USE_TINYCRYPT)
+    // 16 : Threshold value
+    ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16));
+
     /* Set RNG function for tinycrypt operations. */
     VerifyOrExit(sys_mutex_new(&rngMutexHandle) == ERR_OK, err = CHIP_ERROR_NO_MEMORY);
     uECC_set_rng(PlatformManagerImpl::uECC_RNG_Function);
-#endif // TINYCRYPT_PRIMITIVES
+#endif // SL_MBEDTLS_USE_TINYCRYPT
 
     // Call _InitChipStack() on the generic implementation base class
     // to finish the initialization process.
diff --git a/src/platform/silabs/SiWx917/BUILD.gn b/src/platform/silabs/SiWx917/BUILD.gn
@@ -18,11 +18,14 @@ import("${chip_root}/src/platform/device.gni")
 
 import("${chip_root}/build/chip/buildconfig_header.gni")
 import("${chip_root}/src/crypto/crypto.gni")
+import("${chip_root}/src/platform/silabs/wifi_args.gni")
+import("${chip_root}/third_party/silabs/SiWx917_sdk.gni")
 import("${chip_root}/third_party/silabs/silabs_board.gni")
 
 silabs_platform_dir = "${chip_root}/src/platform/silabs"
 
 assert(chip_device_platform == "SiWx917")
+
 if (chip_crypto == "platform") {
   import("//build_overrides/mbedtls.gni")
 }
@@ -81,7 +84,14 @@ static_library("SiWx917") {
 
   # Add platform crypto implementation
   if (chip_crypto == "platform") {
-    sources += [ "CHIPCryptoPALTinyCrypt.cpp" ]
+    if (sl_si91x_crypto_flavor == "tinycrypt") {
+      sources += [ "CHIPCryptoPALTinyCrypt.cpp" ]
+    }
+
+    if (sl_si91x_crypto_flavor == "psa") {
+      sources += [ "${silabs_platform_dir}/efr32/CHIPCryptoPALPsaEfr32.cpp" ]
+    }
+
     public_deps += [
       "${chip_root}/src/crypto",
       "${mbedtls_root}:mbedtls",
diff --git a/src/platform/silabs/SiWx917/siwx917-chip-mbedtls-config.h b/src/platform/silabs/SiWx917/siwx917-chip-mbedtls-config.h
@@ -1,111 +1,87 @@
 /*
- *  Copyright (c) 2021, The OpenThread Authors.
- *  All rights reserved.
  *
- *  Redistribution and use in source and binary forms, with or without
- *  modification, are permitted provided that the following conditions are met:
- *  1. Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *  2. Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in the
- *     documentation and/or other materials provided with the distribution.
- *  3. Neither the name of the copyright holder nor the
- *     names of its contributors may be used to endorse or promote products
- *     derived from this software without specific prior written permission.
+ *    Copyright (c) 2024 Project CHIP Authors
+ *    All rights reserved.
  *
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- *  POSSIBILITY OF SUCH DAMAGE.
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
  */
 
 #pragma once
 
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-/**
- * Enable FreeRTOS threading support
- */
-#define MBEDTLS_FREERTOS
+#define MBEDTLS_PLATFORM_C
+#define MBEDTLS_PLATFORM_MEMORY
+#define MBEDTLS_VERSION_C
+#define MBEDTLS_VERSION_FEATURES
 
-/**
- * Enable H Crypto and Entropy modules
- */
-#define MBEDTLS_AES_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_SHA256_C
-#define MBEDTLS_CIPHER_MODE_CTR
-#define MBEDTLS_TRNG_C
+#define MBEDTLS_HKDF_C
+#define MBEDTLS_PKCS5_C
 
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+// DIC Specific Configurations
+#ifdef DIC_ENABLE
 
-#if defined(MBEDTLS_ECP_ALT) && !defined(MBEDTLS_ECP_RESTARTABLE)
-typedef void mbedtls_ecp_restart_ctx;
-#endif
+#define MBEDTLS_MPI_MAX_SIZE 512
 
-#ifdef DIC_ENABLE
-#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_RSA_NO_CRT
 #define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_CIPHER_MODE_WITH_PADDING
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define MBEDTLS_PKCS1_V15
 #define MBEDTLS_RSA_C
+#define MBEDTLS_RSA_NO_CRT
 #define MBEDTLS_SHA1_C
 #define MBEDTLS_SSL_IN_CONTENT_LEN 5120
+#define MBEDTLS_SSL_MAX_CONTENT_LEN 5120
 #define MBEDTLS_SSL_OUT_CONTENT_LEN 1560
-#define MBEDTLS_DEBUG_C
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
-#endif
+
+#endif // DIC_ENABLE
+
+#ifdef SL_MBEDTLS_USE_TINYCRYPT
+#define TINYCRYPT_PRIMITIVES
+#define OPTIMIZE_TINYCRYPT_ASM
+
+#define MBEDTLS_FREERTOS
+
+#if (!(DIC_ENABLE) || !defined(DIC_ENABLE))
+/**< Maximum windows size used. */
+#define MBEDTLS_MPI_WINDOW_SIZE 1
+
+/**< Maximum number of bytes for usable MPIs. */
+#define MBEDTLS_MPI_MAX_SIZE 32
+/**< Maxium fragment length in bytes */
+#define MBEDTLS_SSL_MAX_CONTENT_LEN 768
+#endif // !(DIC_ENABLE)
+
+#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 #define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
 
 #define MBEDTLS_AES_ROM_TABLES
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#define MBEDTLS_BASE64_C
-#define MBEDTLS_BIGNUM_C
 #define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
 #define MBEDTLS_CIPHER_MODE_CBC
 #define MBEDTLS_CIPHER_MODE_CFB
-#define MBEDTLS_CMAC_C
-#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_CIPHER_MODE_CTR
+#define MBEDTLS_ECDH_C
 #define MBEDTLS_ECDH_LEGACY_CONTEXT
-#define MBEDTLS_ECDSA_C
 #define MBEDTLS_ECDSA_DETERMINISTIC
 #define MBEDTLS_ECJPAKE_C
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
 #define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ENTROPY_FORCE_SHA256
-// TODO: 3R
+#define MBEDTLS_ECP_WINDOW_SIZE 2
 // #define MBEDTLS_ENTROPY_HARDWARE_ALT
-
 #define MBEDTLS_ERROR_STRERROR_DUMMY
 #define MBEDTLS_HAVE_ASM
-#define MBEDTLS_HKDF_C
 #define MBEDTLS_HMAC_DRBG_C
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#define MBEDTLS_MD_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PEM_PARSE_C
-#define MBEDTLS_PEM_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PKCS5_C
-#define MBEDTLS_PLATFORM_C
-#define MBEDTLS_PLATFORM_MEMORY
 #define MBEDTLS_SHA256_SMALLER
 #define MBEDTLS_SHA512_C
 #define MBEDTLS_SSL_CLI_C
@@ -115,38 +91,21 @@ typedef void mbedtls_ecp_restart_ctx;
 #define MBEDTLS_SSL_EXPORT_KEYS
 #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-#define MBEDTLS_SSL_PROTO_TLS1_2
 #define MBEDTLS_SSL_PROTO_DTLS
+#define MBEDTLS_SSL_PROTO_TLS1_2
 #define MBEDTLS_SSL_SRV_C
 #define MBEDTLS_SSL_TLS_C
-#define MBEDTLS_X509_CREATE_C
-#define MBEDTLS_X509_CSR_WRITE_C
-#define MBEDTLS_X509_CRL_PARSE_C
-#define MBEDTLS_X509_CRT_PARSE_C
-#define MBEDTLS_X509_CSR_PARSE_C
-#define MBEDTLS_X509_USE_C
-
-#define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */
-#ifdef DIC_ENABLE
-#define MBEDTLS_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
-#else
-#define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */
-#endif
-#define MBEDTLS_ECP_MAX_BITS 256        /**< Maximum bit size of groups */
-#define MBEDTLS_ECP_WINDOW_SIZE 2       /**< Maximum window size used */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */
-#define MBEDTLS_ENTROPY_MAX_SOURCES 2   /**< Maximum number of sources supported */
-
-#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE
-#define MBEDTLS_SSL_MAX_CONTENT_LEN 900 /**< Maxium fragment length in bytes */
-#else
-#ifdef DIC_ENABLE
-#define MBEDTLS_SSL_MAX_CONTENT_LEN 5120 /**< Maxium fragment length in bytes */
-#else
-#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 /**< Maxium fragment length in bytes */
-#endif                                  // DIC
+#define MBEDTLS_TRNG_C
+
+#if defined(MBEDTLS_ECP_ALT) && !defined(MBEDTLS_ECP_RESTARTABLE)
+typedef void mbedtls_ecp_restart_ctx;
 #endif
 
-#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+#endif // SL_MBEDTLS_USE_TINYCRYPT
+
+// SLC GENERATED
+#include "sl_mbedtls_config.h"
 
+#if SL_MBEDTLS_USE_TINYCRYPT
 #include "mbedtls/check_config.h"
+#endif // SL_MBEDTLS_USE_TINYCRYPT
diff --git a/src/platform/silabs/SiWx917/siwx917-chip-psa-config.h b/src/platform/silabs/SiWx917/siwx917-chip-psa-config.h
@@ -0,0 +1,32 @@
+/*
+ *
+ *    Copyright (c) 2024 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#pragma once
+
+// DIC Specific Configurations
+#ifdef DIC_ENABLE
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF
+
+#define PSA_WANT_ALG_CBC_NO_PADDING
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#define PSA_WANT_ALG_SOME_PAKE
+#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+#endif // DIC_ENABLE
+
+// SLC GENERATED
+#include "psa_crypto_config.h"
diff --git a/third_party/silabs/SiWx917_sdk.gni b/third_party/silabs/SiWx917_sdk.gni
