Fixed the issues for p_local_crypt not being cleared properly for Infineon HSM OPTIGA Trust M (#34152) (#34188)

ying-css · ankk-css · web-flow · commit d8bd783f0375 · 2024-07-05T12:13:21.000-04:00
* Fixes the issues for p_local_crypt not being cleared.

* 1)Bug fixing for ECDSA Verify Functions

2)Deleted redundant check

* Apply restyled changes.

---------

Co-authored-by: Ank Khandelwal &lt;ank.khandelwal@infineon.com&gt;
Co-authored-by: Ank Khandelwal &lt;108660995+ankk-css@users.noreply.github.com&gt;
diff --git a/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_P256_trustm.cpp b/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_P256_trustm.cpp
@@ -252,15 +252,16 @@ CHIP_ERROR P256Keypair::ECDH_derive_secret(const P256PublicKey & remote_public_k
 
     return_status = trustm_ecdh_derive_secret(OPTIGA_KEY_ID_E100, (uint8_t *) remote_key, (uint16_t) rem_pubKeyLen + 3,
                                               out_secret.Bytes(), (uint8_t) secret_length);
-
     VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
+    out_secret.SetLength(secret_length);
+    error = CHIP_NO_ERROR;
 
 exit:
     if (error != CHIP_NO_ERROR)
     {
         trustm_close();
     }
-    return out_secret.SetLength(secret_length);
+    return error;
 #endif
 }
 
@@ -295,7 +296,7 @@ CHIP_ERROR P256PublicKey::ECDSA_validate_hash_signature(const uint8_t * hash, si
                                         (uint8_t *) bytes, (uint8_t) kP256_PublicKey_Length);
 
     VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
-
+    error = CHIP_NO_ERROR;
 exit:
     if (error != CHIP_NO_ERROR)
     {
@@ -407,7 +408,7 @@ CHIP_ERROR P256PublicKey::ECDSA_validate_msg_signature(const uint8_t * msg, size
                                         (uint8_t *) bytes, (uint8_t) kP256_PublicKey_Length);
 
     VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
-
+    error = CHIP_NO_ERROR;
 exit:
     if (error != CHIP_NO_ERROR)
     {
diff --git a/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_utils_trustm.cpp b/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_utils_trustm.cpp
@@ -426,8 +426,9 @@ optiga_lib_status_t deriveKey_HKDF(const uint8_t * salt, uint16_t salt_length, c
             break;
         }
 
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+        while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
             ;
+
         if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
         {
             // optiga_crypt_hkdf failed
@@ -539,8 +540,9 @@ optiga_lib_status_t hmac_sha256(optiga_hmac_type_t type, const uint8_t * input_d
             break;
         }
 
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+        while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
             ;
+
         if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
         {
             // optiga_crypt_hkdf failed
@@ -578,8 +580,9 @@ optiga_lib_status_t optiga_crypt_rng(uint8_t * random_data, uint16_t random_data
             break;
         }
 
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+        while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
             ;
+
         if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
         {
             // optiga_crypt_random failed
@@ -626,7 +629,7 @@ optiga_lib_status_t trustm_ecc_keygen(uint16_t optiga_key_id, uint8_t key_type,
             break;
         }
 
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+        while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
             ;
 
     } while (0);
@@ -696,8 +699,10 @@ optiga_lib_status_t trustm_hash(uint8_t * msg, uint16_t msg_length, uint8_t * di
             optiga_lib_print_message("optiga_crypt_hash api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
             break;
         }
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+
+        while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
             ;
+
     } while (0);
 
     if (p_local_crypt)
@@ -729,7 +734,8 @@ optiga_lib_status_t trustm_ecdsa_sign(optiga_key_id_t optiga_key_id, uint8_t * d
                                      OPTIGA_UTIL_SERVICE_COLOR);
             break;
         }
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+
+        while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
             ;
 
         for (i = (*signature_length - 1); i >= 0; i--)
@@ -803,8 +809,10 @@ optiga_lib_status_t trustm_ecdsa_verify(uint8_t * digest, uint8_t digest_length,
                                      OPTIGA_UTIL_SERVICE_COLOR);
             break;
         }
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+
+        while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
             ;
+
     } while (0);
 
     if (p_local_crypt)
@@ -852,14 +860,6 @@ CHIP_ERROR trustmGetCertificate(uint16_t optiga_oid, uint8_t * buf, uint16_t * b
 
         memcpy(buf, ifx_cert_hex, ifx_cert_hex_len);
         *buflen = ifx_cert_hex_len;
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
-            ;
-        if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
-        {
-            // optiga_util_read_data failed
-            optiga_lib_print_message("optiga_util_read_data failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
-            break;
-        }
     } while (0);
 
     if (p_local_util)
@@ -896,8 +896,10 @@ optiga_lib_status_t trustm_ecdh_derive_secret(optiga_key_id_t optiga_key_id, uin
             optiga_lib_print_message("optiga_crypt_ecdh api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
             break;
         }
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+
+        while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
             ;
+
     } while (0);
 
     if (p_local_crypt)
@@ -957,7 +959,7 @@ optiga_lib_status_t trustm_PBKDF2_HMAC(const unsigned char * salt, size_t slen,
             }
         }
 
-        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+        while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)
             ;
 
         if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
@@ -978,4 +980,4 @@ optiga_lib_status_t trustm_PBKDF2_HMAC(const unsigned char * salt, size_t slen,
         optiga_crypt_destroy(p_local_crypt);
     }
     return return_status;
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -426,8 +426,9 @@ optiga_lib_status_t deriveKey_HKDF(const uint8_t * salt, uint16_t salt_length, c`
`426`	`426`	`break;`
`427`	`427`	`}`
`428`	`428`
`429`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
	`429`	`+ while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)`
`430`	`430`	`;`
	`431`	`+`
`431`	`432`	`if (OPTIGA_LIB_SUCCESS != optiga_lib_status)`
`432`	`433`	`{`
`433`	`434`	`// optiga_crypt_hkdf failed`
`@@ -539,8 +540,9 @@ optiga_lib_status_t hmac_sha256(optiga_hmac_type_t type, const uint8_t * input_d`
`539`	`540`	`break;`
`540`	`541`	`}`
`541`	`542`
`542`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
	`543`	`+ while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)`
`543`	`544`	`;`
	`545`	`+`
`544`	`546`	`if (OPTIGA_LIB_SUCCESS != optiga_lib_status)`
`545`	`547`	`{`
`546`	`548`	`// optiga_crypt_hkdf failed`
`@@ -578,8 +580,9 @@ optiga_lib_status_t optiga_crypt_rng(uint8_t * random_data, uint16_t random_data`
`578`	`580`	`break;`
`579`	`581`	`}`
`580`	`582`
`581`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
	`583`	`+ while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)`
`582`	`584`	`;`
	`585`	`+`
`583`	`586`	`if (OPTIGA_LIB_SUCCESS != optiga_lib_status)`
`584`	`587`	`{`
`585`	`588`	`// optiga_crypt_random failed`
`@@ -626,7 +629,7 @@ optiga_lib_status_t trustm_ecc_keygen(uint16_t optiga_key_id, uint8_t key_type,`
`626`	`629`	`break;`
`627`	`630`	`}`
`628`	`631`
`629`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
	`632`	`+ while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)`
`630`	`633`	`;`
`631`	`634`
`632`	`635`	`} while (0);`
`@@ -696,8 +699,10 @@ optiga_lib_status_t trustm_hash(uint8_t * msg, uint16_t msg_length, uint8_t * di`
`696`	`699`	`optiga_lib_print_message("optiga_crypt_hash api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);`
`697`	`700`	`break;`
`698`	`701`	`}`
`699`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
	`702`	`+`
	`703`	`+ while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)`
`700`	`704`	`;`
	`705`	`+`
`701`	`706`	`} while (0);`
`702`	`707`
`703`	`708`	`if (p_local_crypt)`
`@@ -729,7 +734,8 @@ optiga_lib_status_t trustm_ecdsa_sign(optiga_key_id_t optiga_key_id, uint8_t * d`
`729`	`734`	`OPTIGA_UTIL_SERVICE_COLOR);`
`730`	`735`	`break;`
`731`	`736`	`}`
`732`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
	`737`	`+`
	`738`	`+ while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)`
`733`	`739`	`;`
`734`	`740`
`735`	`741`	`for (i = (*signature_length - 1); i >= 0; i--)`
`@@ -803,8 +809,10 @@ optiga_lib_status_t trustm_ecdsa_verify(uint8_t * digest, uint8_t digest_length,`
`803`	`809`	`OPTIGA_UTIL_SERVICE_COLOR);`
`804`	`810`	`break;`
`805`	`811`	`}`
`806`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
	`812`	`+`
	`813`	`+ while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)`
`807`	`814`	`;`
	`815`	`+`
`808`	`816`	`} while (0);`
`809`	`817`
`810`	`818`	`if (p_local_crypt)`
`@@ -852,14 +860,6 @@ CHIP_ERROR trustmGetCertificate(uint16_t optiga_oid, uint8_t * buf, uint16_t * b`
`852`	`860`
`853`	`861`	`memcpy(buf, ifx_cert_hex, ifx_cert_hex_len);`
`854`	`862`	`*buflen = ifx_cert_hex_len;`
`855`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
`856`		`- ;`
`857`		`- if (OPTIGA_LIB_SUCCESS != optiga_lib_status)`
`858`		`- {`
`859`		`- // optiga_util_read_data failed`
`860`		`- optiga_lib_print_message("optiga_util_read_data failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);`
`861`		`- break;`
`862`		`- }`
`863`	`863`	`} while (0);`
`864`	`864`
`865`	`865`	`if (p_local_util)`
`@@ -896,8 +896,10 @@ optiga_lib_status_t trustm_ecdh_derive_secret(optiga_key_id_t optiga_key_id, uin`
`896`	`896`	`optiga_lib_print_message("optiga_crypt_ecdh api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);`
`897`	`897`	`break;`
`898`	`898`	`}`
`899`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
	`899`	`+`
	`900`	`+ while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)`
`900`	`901`	`;`
	`902`	`+`
`901`	`903`	`} while (0);`
`902`	`904`
`903`	`905`	`if (p_local_crypt)`
`@@ -957,7 +959,7 @@ optiga_lib_status_t trustm_PBKDF2_HMAC(const unsigned char * salt, size_t slen,`
`957`	`959`	`}`
`958`	`960`	`}`
`959`	`961`
`960`		`- while (optiga_lib_status == OPTIGA_LIB_BUSY)`
	`962`	`+ while (p_local_crypt->instance_state != OPTIGA_LIB_INSTANCE_FREE)`
`961`	`963`	`;`
`962`	`964`
`963`	`965`	`if (OPTIGA_LIB_SUCCESS != optiga_lib_status)`
`@@ -978,4 +980,4 @@ optiga_lib_status_t trustm_PBKDF2_HMAC(const unsigned char * salt, size_t slen,`
`978`	`980`	`optiga_crypt_destroy(p_local_crypt);`
`979`	`981`	`}`
`980`	`982`	`return return_status;`
`981`		`-}`
	`983`	`+}`