Skip to content

Commit 997ccd0

Browse files
authored
[Ameba] Add Ameba crypto implementation (#33208)
* [Ameba] Add Ameba crypto implementation * Add Ameba cryto implementation for security purposes * Inject only customized operational key storage * Remove the use of chip_crypto = platform, instead keep it as mbedtls, and only inject customized operaional key storage
1 parent e29eef4 commit 997ccd0

File tree

10 files changed

+667
-5
lines changed

10 files changed

+667
-5
lines changed

examples/air-purifier-app/ameba/main/chipinterface.cpp

+9
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,9 @@
3737
#include <platform/CHIPDeviceLayer.h>
3838
#include <setup_payload/ManualSetupPayloadGenerator.h>
3939
#include <setup_payload/QRCodeSetupPayloadGenerator.h>
40+
#if CONFIG_ENABLE_AMEBA_CRYPTO
41+
#include <platform/Ameba/crypto/AmebaPersistentStorageOperationalKeystore.h>
42+
#endif
4043

4144
#include <lwip_netconf.h>
4245

@@ -130,6 +133,12 @@ static void InitServer(intptr_t context)
130133
// Init ZCL Data Model and CHIP App Server
131134
static chip::CommonCaseDeviceServerInitParams initParams;
132135
(void) initParams.InitializeStaticResourcesBeforeServerInit();
136+
#if CONFIG_ENABLE_AMEBA_CRYPTO
137+
ChipLogProgress(DeviceLayer, "platform crypto enabled!");
138+
static chip::AmebaPersistentStorageOperationalKeystore sAmebaPersistentStorageOpKeystore;
139+
VerifyOrDie((sAmebaPersistentStorageOpKeystore.Init(initParams.persistentStorageDelegate)) == CHIP_NO_ERROR);
140+
initParams.operationalKeystore = &sAmebaPersistentStorageOpKeystore;
141+
#endif
133142
chip::Server::GetInstance().Init(initParams);
134143
gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
135144
chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);

examples/all-clusters-app/ameba/main/chipinterface.cpp

+10
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,9 @@
4141
#include <microwave-oven-device.h>
4242
#include <platform/Ameba/AmebaConfig.h>
4343
#include <platform/Ameba/NetworkCommissioningDriver.h>
44+
#if CONFIG_ENABLE_AMEBA_CRYPTO
45+
#include <platform/Ameba/crypto/AmebaPersistentStorageOperationalKeystore.h>
46+
#endif
4447
#include <platform/CHIPDeviceLayer.h>
4548
#include <setup_payload/ManualSetupPayloadGenerator.h>
4649
#include <setup_payload/QRCodeSetupPayloadGenerator.h>
@@ -153,6 +156,13 @@ static void InitServer(intptr_t context)
153156

154157
initParams.InitializeStaticResourcesBeforeServerInit();
155158

159+
#if CONFIG_ENABLE_AMEBA_CRYPTO
160+
ChipLogProgress(DeviceLayer, "platform crypto enabled!");
161+
static chip::AmebaPersistentStorageOperationalKeystore sAmebaPersistentStorageOpKeystore;
162+
VerifyOrDie((sAmebaPersistentStorageOpKeystore.Init(initParams.persistentStorageDelegate)) == CHIP_NO_ERROR);
163+
initParams.operationalKeystore = &sAmebaPersistentStorageOpKeystore;
164+
#endif
165+
156166
chip::Server::GetInstance().Init(initParams);
157167
gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
158168
// TODO: Use our own DeviceInfoProvider

examples/light-switch-app/ameba/main/chipinterface.cpp

+9
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,9 @@
3434
#include <lib/core/ErrorStr.h>
3535
#include <platform/Ameba/AmebaConfig.h>
3636
#include <platform/Ameba/NetworkCommissioningDriver.h>
37+
#if CONFIG_ENABLE_AMEBA_CRYPTO
38+
#include <platform/Ameba/crypto/AmebaPersistentStorageOperationalKeystore.h>
39+
#endif
3740
#include <platform/CHIPDeviceLayer.h>
3841
#include <setup_payload/ManualSetupPayloadGenerator.h>
3942
#include <setup_payload/QRCodeSetupPayloadGenerator.h>
@@ -100,6 +103,12 @@ static void InitServer(intptr_t context)
100103
// Init ZCL Data Model and CHIP App Server
101104
static chip::CommonCaseDeviceServerInitParams initParams;
102105
initParams.InitializeStaticResourcesBeforeServerInit();
106+
#if CONFIG_ENABLE_AMEBA_CRYPTO
107+
ChipLogProgress(DeviceLayer, "platform crypto enabled!");
108+
static chip::AmebaPersistentStorageOperationalKeystore sAmebaPersistentStorageOpKeystore;
109+
VerifyOrDie((sAmebaPersistentStorageOpKeystore.Init(initParams.persistentStorageDelegate)) == CHIP_NO_ERROR);
110+
initParams.operationalKeystore = &sAmebaPersistentStorageOpKeystore;
111+
#endif
103112
chip::Server::GetInstance().Init(initParams);
104113
gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
105114
chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);

examples/lighting-app/ameba/main/chipinterface.cpp

+10-2
Original file line numberDiff line numberDiff line change
@@ -35,12 +35,14 @@
3535
#include <lib/core/ErrorStr.h>
3636
#include <platform/Ameba/AmebaConfig.h>
3737
#include <platform/Ameba/NetworkCommissioningDriver.h>
38+
#if CONFIG_ENABLE_AMEBA_CRYPTO
39+
#include <platform/Ameba/crypto/AmebaPersistentStorageOperationalKeystore.h>
40+
#endif
41+
#include <lwip_netconf.h>
3842
#include <platform/CHIPDeviceLayer.h>
3943
#include <setup_payload/ManualSetupPayloadGenerator.h>
4044
#include <setup_payload/QRCodeSetupPayloadGenerator.h>
4145

42-
#include <lwip_netconf.h>
43-
4446
#if CONFIG_ENABLE_PW_RPC
4547
#include "Rpc.h"
4648
#endif
@@ -121,6 +123,12 @@ static void InitServer(intptr_t context)
121123
// Init ZCL Data Model and CHIP App Server
122124
static chip::CommonCaseDeviceServerInitParams initParams;
123125
(void) initParams.InitializeStaticResourcesBeforeServerInit();
126+
#if CONFIG_ENABLE_AMEBA_CRYPTO
127+
ChipLogProgress(DeviceLayer, "platform crypto enabled!");
128+
static chip::AmebaPersistentStorageOperationalKeystore sAmebaPersistentStorageOpKeystore;
129+
VerifyOrDie((sAmebaPersistentStorageOpKeystore.Init(initParams.persistentStorageDelegate)) == CHIP_NO_ERROR);
130+
initParams.operationalKeystore = &sAmebaPersistentStorageOpKeystore;
131+
#endif
124132
chip::Server::GetInstance().Init(initParams);
125133
gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
126134
chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);

src/platform/Ameba/BUILD.gn

+2
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,8 @@ static_library("Ameba") {
5050
"SoftwareUpdateManagerImpl.h",
5151
"SystemTimeSupport.cpp",
5252
"SystemTimeSupport.h",
53+
"crypto/AmebaPersistentStorageOperationalKeystore.cpp",
54+
"crypto/AmebaPersistentStorageOperationalKeystore.h",
5355
]
5456

5557
deps = [

src/platform/Ameba/FactoryDataDecoder.cpp

100644100755
+11
Original file line numberDiff line numberDiff line change
@@ -41,5 +41,16 @@ CHIP_ERROR FactoryDataDecoder::DecodeFactoryData(uint8_t * buffer, FactoryData *
4141
return err;
4242
}
4343

44+
#if CONFIG_ENABLE_AMEBA_CRYPTO
45+
CHIP_ERROR FactoryDataDecoder::GetSign(uint8_t * PublicKeyData, size_t PublicKeySize, const unsigned char * MessageData,
46+
size_t MessageSize, unsigned char * Signature)
47+
{
48+
int32_t error = matter_get_signature(PublicKeyData, PublicKeySize, MessageData, MessageSize, Signature);
49+
CHIP_ERROR err = CHIP_NO_ERROR;
50+
51+
return err;
52+
}
53+
#endif
54+
4455
} // namespace DeviceLayer
4556
} // namespace chip

src/platform/Ameba/FactoryDataDecoder.h

100644100755
+4
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,10 @@ class FactoryDataDecoder
2727
public:
2828
CHIP_ERROR ReadFactoryData(uint8_t * buffer, uint16_t * pfactorydata_len);
2929
CHIP_ERROR DecodeFactoryData(uint8_t * buffer, FactoryData * fdata, uint16_t factorydata_len);
30+
#if CONFIG_ENABLE_AMEBA_CRYPTO
31+
CHIP_ERROR GetSign(uint8_t * PublicKeyData, size_t PublicKeySize, const unsigned char * MessageData, size_t MessageSize,
32+
unsigned char * Signature);
33+
#endif
3034
static FactoryDataDecoder & GetInstance()
3135
{
3236
static FactoryDataDecoder instance;

src/platform/Ameba/FactoryDataProvider.cpp

+20-3
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,6 @@
1616
*/
1717

1818
#include "FactoryDataProvider.h"
19-
2019
#include "FactoryDataDecoder.h"
2120
#include <crypto/CHIPCryptoPAL.h>
2221
#include <lib/core/CHIPError.h>
@@ -254,25 +253,43 @@ CHIP_ERROR FactoryDataProvider::SignWithDeviceAttestationKey(const ByteSpan & me
254253

255254
if (kReadFromFlash)
256255
{
256+
#if CONFIG_ENABLE_AMEBA_CRYPTO
257+
ReturnErrorCodeIf(!mFactoryData.dac.dac_cert.value, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND);
258+
// Extract public key from DAC cert.
259+
ByteSpan dacCertSpan{ reinterpret_cast<uint8_t *>(mFactoryData.dac.dac_cert.value), mFactoryData.dac.dac_cert.len };
260+
chip::Crypto::P256PublicKey dacPublicKey;
261+
262+
ReturnErrorOnFailure(chip::Crypto::ExtractPubkeyFromX509Cert(dacCertSpan, dacPublicKey));
263+
264+
CHIP_ERROR err = CHIP_NO_ERROR;
265+
FactoryDataDecoder decoder = FactoryDataDecoder::GetInstance();
266+
err = decoder.GetSign(dacPublicKey.Bytes(), dacPublicKey.Length(), messageToSign.data(), messageToSign.size(),
267+
signature.Bytes());
268+
#else
257269
ReturnErrorCodeIf(!mFactoryData.dac.dac_cert.value, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND);
258270
ReturnErrorCodeIf(!mFactoryData.dac.dac_key.value, CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND);
259271
// Extract public key from DAC cert.
260272
ByteSpan dacCertSpan{ reinterpret_cast<uint8_t *>(mFactoryData.dac.dac_cert.value), mFactoryData.dac.dac_cert.len };
261273
chip::Crypto::P256PublicKey dacPublicKey;
262274

263275
ReturnErrorOnFailure(chip::Crypto::ExtractPubkeyFromX509Cert(dacCertSpan, dacPublicKey));
276+
264277
ReturnErrorOnFailure(
265278
LoadKeypairFromRaw(ByteSpan(reinterpret_cast<uint8_t *>(mFactoryData.dac.dac_key.value), mFactoryData.dac.dac_key.len),
266279
ByteSpan(dacPublicKey.Bytes(), dacPublicKey.Length()), keypair));
280+
#endif
267281
}
268282
else
269283
{
270284
ReturnErrorOnFailure(LoadKeypairFromRaw(ByteSpan(kDacPrivateKey), ByteSpan(kDacPublicKey), keypair));
271285
}
272-
286+
#if CONFIG_ENABLE_AMEBA_CRYPTO
287+
VerifyOrReturnError(signature.SetLength(chip::Crypto::kP256_ECDSA_Signature_Length_Raw) == CHIP_NO_ERROR, CHIP_ERROR_INTERNAL);
288+
return CopySpanToMutableSpan(ByteSpan{ signature.ConstBytes(), signature.Length() }, outSignBuffer);
289+
#else
273290
ReturnErrorOnFailure(keypair.ECDSA_sign_msg(messageToSign.data(), messageToSign.size(), signature));
274-
275291
return CopySpanToMutableSpan(ByteSpan{ signature.ConstBytes(), signature.Length() }, outSignBuffer);
292+
#endif
276293
}
277294

278295
CHIP_ERROR FactoryDataProvider::GetSetupDiscriminator(uint16_t & setupDiscriminator)

0 commit comments

Comments
 (0)