Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pr test #38028

Closed
wants to merge 6 commits into from
Closed

Pr test #38028

Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -354,3 +354,10 @@
url = https://github.com/paullouisageneau/libdatachannel.git
platforms = linux
recursive = true
[submodule "third_party/libtrustymatter/repo"]
path = third_party/libtrustymatter/repo
url = https://github.com/nxp-imx/libtrustymatter
[submodule "repo"]
path = third_party/imx-secure-enclave/repo
url = https://github.com/nxp-imx/imx-secure-enclave.git
branch = lf-6.12.3_1.0.0
35 changes: 32 additions & 3 deletions examples/platform/linux/AppMain.cpp
Original file line number Diff line number Diff line change
@@ -126,6 +126,21 @@
#include <platform/Linux/NetworkCommissioningDriver.h>
#endif // CHIP_DEVICE_LAYER_TARGET_LINUX

#if CHIP_ATTESTATION_TRUSTY_OS
#include "DeviceAttestationCreds.h"
using namespace chip::Credentials::Trusty;
#endif

#if CHIP_OP_KEYSTORE_TRUSTY_OS
#include "PersistentStorageOperationalKeystoreTrusty.h"
using namespace chip::Trusty;
#endif

#if CHIP_OP_KEYSTORE_ELE
#include "PersistentStorageOperationalKeystoreEle.h"
using namespace chip::ele;
#endif

using namespace chip;
using namespace chip::ArgParser;
using namespace chip::Credentials;
@@ -571,6 +586,16 @@ void ChipLinuxAppMainLoop(AppMainLoopImplementation * impl)
}
#endif // CHIP_CONFIG_TERMS_AND_CONDITIONS_REQUIRED

#if CHIP_OP_KEYSTORE_TRUSTY_OS
static chip::Trusty::PersistentStorageOperationalKeystoreTrusty sPersistentStorageOperationalKeystore;
initParams.operationalKeystore = &sPersistentStorageOperationalKeystore;
#endif

#if CHIP_OP_KEYSTORE_ELE
static chip::ele::PersistentStorageOperationalKeystoreEle sPersistentStorageOperationalKeystore;
initParams.operationalKeystore = &sPersistentStorageOperationalKeystore;
#endif

#if defined(ENABLE_CHIP_SHELL)
Engine::Root().Init();
Shell::RegisterCommissioneeCommands();
@@ -710,7 +735,11 @@ void ChipLinuxAppMainLoop(AppMainLoopImplementation * impl)
PrintOnboardingCodes(LinuxDeviceOptions::GetInstance().payload);

// Initialize device attestation config
#if CHIP_ATTESTATION_TRUSTY_OS
SetDeviceAttestationCredentialsProvider(&TrustyDACProvider::GetTrustyDACProvider());
#else
SetDeviceAttestationCredentialsProvider(LinuxDeviceOptions::GetInstance().dacProvider);
#endif

#if CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
ChipLogProgress(AppServer, "Starting commissioner");
@@ -737,9 +766,9 @@ void ChipLinuxAppMainLoop(AppMainLoopImplementation * impl)
signal(SIGTERM, StopSignalHandler);
// NOLINTEND(bugprone-signal-handler)
#else
struct sigaction sa = {};
sa.sa_handler = StopSignalHandler;
sa.sa_flags = SA_RESETHAND;
struct sigaction sa = {};
sa.sa_handler = StopSignalHandler;
sa.sa_flags = SA_RESETHAND;
sigaction(SIGINT, &sa, nullptr);
sigaction(SIGTERM, &sa, nullptr);
#endif
45 changes: 45 additions & 0 deletions examples/platform/linux/BUILD.gn
Original file line number Diff line number Diff line change
@@ -17,7 +17,9 @@ import("${chip_root}/examples/common/pigweed/pigweed_rpcs.gni")
import("${chip_root}/src/app/common_flags.gni")
import("${chip_root}/src/app/icd/icd.gni")
import("${chip_root}/src/lib/core/core.gni")
import("${chip_root}/src/lib/imx_ele.gni")
import("${chip_root}/src/lib/lib.gni")
import("${chip_root}/src/lib/trusty.gni")
import("${chip_root}/src/tracing/tracing_args.gni")

if (current_os != "nuttx") {
@@ -96,6 +98,22 @@ source_set("app-main") {
"testing/CustomCSRResponseOperationalKeyStore.h",
]

if (chip_with_trusty_os == 1) {
sources += [
"DeviceAttestationCreds.cpp",
"DeviceAttestationCreds.h",
"PersistentStorageOperationalKeystoreTrusty.cpp",
"PersistentStorageOperationalKeystoreTrusty.h",
]
}

if (chip_with_imx_ele == 1) {
sources += [
"PersistentStorageOperationalKeystoreEle.cpp",
"PersistentStorageOperationalKeystoreEle.h",
]
}

public_deps = [
":boolean-state-configuration-test-event-trigger",
":commissioner-main",
@@ -122,6 +140,33 @@ source_set("app-main") {
public_deps += [ jsoncpp_root ]
}

if (chip_with_trusty_os == 1) {
public_deps += [ "${chip_root}/third_party/libtrustymatter" ]
}

if (chip_with_imx_ele == 1) {
public_deps +=
[ "${chip_root}/third_party/imx-secure-enclave:libelematter" ]
}

if (chip_with_trusty_os == 1) {
defines += [ "CHIP_ATTESTATION_TRUSTY_OS=1" ]
} else {
defines += [ "CHIP_ATTESTATION_TRUSTY_OS=0" ]
}

if (chip_with_trusty_os == 1) {
defines += [ "CHIP_OP_KEYSTORE_TRUSTY_OS=1" ]
} else {
defines += [ "CHIP_OP_KEYSTORE_TRUSTY_OS=0" ]
}

if (chip_with_imx_ele == 1) {
defines += [ "CHIP_OP_KEYSTORE_ELE=1" ]
} else {
defines += [ "CHIP_OP_KEYSTORE_ELE=0" ]
}

if (chip_enable_pw_rpc) {
defines += [ "PW_RPC_ENABLED" ]
}
113 changes: 113 additions & 0 deletions examples/platform/linux/DeviceAttestationCreds.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
/*
*
* Copyright (c) 2021-2022 Project CHIP Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright 2023 NXP
*/
#include "DeviceAttestationCreds.h"

#include <crypto/CHIPCryptoPAL.h>
#include <lib/core/CHIPError.h>
#include <lib/support/Span.h>
#include <trusty_matter.h>

using namespace matter;

namespace chip {
namespace Credentials {
namespace Trusty {

CHIP_ERROR TrustyDACProvider::GetDeviceAttestationCert(MutableByteSpan & out_dac_buffer)
{
size_t out_size = 0;
int rc;

rc = trusty_matter.ExportDACCert(out_dac_buffer.data(), out_dac_buffer.size(), out_size);
if (rc == 0)
{
out_dac_buffer.reduce_size(out_size);
return CHIP_NO_ERROR;
}
else
return CHIP_ERROR_CERT_LOAD_FAILED;
}

CHIP_ERROR TrustyDACProvider::GetProductAttestationIntermediateCert(MutableByteSpan & out_pai_buffer)
{
size_t out_size = 0;
int rc;

rc = trusty_matter.ExportPAICert(out_pai_buffer.data(), out_pai_buffer.size(), out_size);
if (rc == 0)
{
out_pai_buffer.reduce_size(out_size);
return CHIP_NO_ERROR;
}
else
return CHIP_ERROR_CERT_LOAD_FAILED;
}

CHIP_ERROR TrustyDACProvider::GetCertificationDeclaration(MutableByteSpan & out_cd_buffer)
{
size_t out_size = 0;
int rc;

rc = trusty_matter.ExportCDCert(out_cd_buffer.data(), out_cd_buffer.size(), out_size);
if (rc == 0)
{
out_cd_buffer.reduce_size(out_size);
return CHIP_NO_ERROR;
}
else
return CHIP_ERROR_CERT_LOAD_FAILED;
}

CHIP_ERROR TrustyDACProvider::GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer)
{
// TODO: We need a real example FirmwareInformation to be populated.
out_firmware_info_buffer.reduce_size(0);

return CHIP_NO_ERROR;
}

CHIP_ERROR TrustyDACProvider::SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_signature_buffer)
{
int rc = 0;
size_t out_size = 0;

VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT);

rc = trusty_matter.SignWithDACKey(message_to_sign.data(), message_to_sign.size(), out_signature_buffer.data(),
out_signature_buffer.size(), out_size);
if (rc == 0)
{
out_signature_buffer.reduce_size(out_size);
return CHIP_NO_ERROR;
}
else
return CHIP_ERROR_CERT_LOAD_FAILED;
}

TrustyDACProvider & TrustyDACProvider::GetTrustyDACProvider()
{
static TrustyDACProvider trusty_dac_provider;

return trusty_dac_provider;
}

} // namespace Trusty
} // namespace Credentials
} // namespace chip
46 changes: 46 additions & 0 deletions examples/platform/linux/DeviceAttestationCreds.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* Copyright 2023 NXP
*
* Copyright (c) 2021 Project CHIP Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once

#include <credentials/DeviceAttestationCredsProvider.h>
#include <trusty_matter.h>

using namespace matter;

namespace chip {
namespace Credentials {
namespace Trusty {

class TrustyDACProvider : public DeviceAttestationCredentialsProvider
{
public:
static TrustyDACProvider & GetTrustyDACProvider();

CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & out_cd_buffer) override;
CHIP_ERROR GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) override;
CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & out_dac_buffer) override;
CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & out_pai_buffer) override;
CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_signature_buffer) override;

private:
TrustyMatter trusty_matter;
};

} // namespace Trusty
} // namespace Credentials
} // namespace chip
Loading
Loading