Merge branch 'master' into TC-SC-4.3-python-test

Author: raul-marquez-csa

src/credentials/CHIPCert.cpp

@@ -1203,6 +1203,48 @@ CHIP_ERROR ConvertECDSASignatureRawToDER(P256ECDSASignatureSpan rawSig, ASN1Writ
     return err;
 }
 
+CHIP_ERROR ConvertECDSAKeypairRawToDER(const P256SerializedKeypair & rawKeypair, MutableByteSpan & outDerKeypair)
+{
+    CHIP_ERROR err = CHIP_NO_ERROR;
+
+    // The raw key pair contains the public key followed by the private key
+    VerifyOrReturnError(rawKeypair.Length() == kP256_PublicKey_Length + kP256_PrivateKey_Length, CHIP_ERROR_INVALID_ARGUMENT);
+    FixedByteSpan<kP256_PublicKey_Length> publicKey(rawKeypair.ConstBytes());
+    FixedByteSpan<kP256_PrivateKey_Length> privateKey(rawKeypair.ConstBytes() + kP256_PublicKey_Length);
+
+    ASN1Writer writer;
+    writer.Init(outDerKeypair);
+
+    // ECPrivateKey ::= SEQUENCE
+    ASN1_START_SEQUENCE
+    {
+        // version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1)
+        ASN1_ENCODE_INTEGER(1);
+
+        // privateKey OCTET STRING
+        ASN1_ENCODE_OCTET_STRING(privateKey.data(), privateKey.size());
+
+        // parameters [0] ECParameters {{ NamedCurve }} OPTIONAL
+        ASN1_START_CONSTRUCTED(kASN1TagClass_ContextSpecific, 0);
+        {
+            ASN1_ENCODE_OBJECT_ID(kOID_EllipticCurve_prime256v1);
+        }
+        ASN1_END_CONSTRUCTED;
+
+        // publicKey  [1] BIT STRING OPTIONAL
+        ASN1_START_CONSTRUCTED(kASN1TagClass_ContextSpecific, 1);
+        {
+            ReturnErrorOnFailure(writer.PutBitString(0, publicKey.data(), publicKey.size()));
+        }
+        ASN1_END_CONSTRUCTED;
+    }
+    ASN1_END_SEQUENCE;
+
+    outDerKeypair.reduce_size(writer.GetLengthWritten());
+exit:
+    return err;
+}
+
 CHIP_ERROR ExtractNodeIdFabricIdFromOpCert(const ChipCertificateData & opcert, NodeId * outNodeId, FabricId * outFabricId)
 {
     // Since we assume the cert is pre-validated, we are going to assume that

src/credentials/CHIPCert.h

@@ -57,6 +57,9 @@ static constexpr uint32_t kMaxDERCertLength  = 600;
 // As per spec section 11.24 (Wi-Fi Authentication with Per-Device Credentials)
 inline constexpr uint32_t kMaxCHIPCompactNetworkIdentityLength = 137;
 
+// Length of a ASN.1 DER encoded ECPrivateKey structure (RFC 5915) for a P256 key pair.
+inline constexpr uint32_t kP256ECPrivateKeyDERLength = 121;
+
 /** Data Element Tags for the CHIP Certificate
  */
 enum
@@ -730,6 +733,17 @@ CHIP_ERROR ConvertECDSASignatureRawToDER(P256ECDSASignatureSpan rawSig, ASN1::AS
  */
 CHIP_ERROR ConvertECDSASignatureDERToRaw(ASN1::ASN1Reader & reader, chip::TLV::TLVWriter & writer, uint64_t tag);
 
+/**
+ * @brief Convert a raw ECDSA P256 key pair to an ASN.1 DER encoded ECPrivateKey structure (RFC 5915).
+ *
+ * @param rawKeypair    The raw P256 key pair.
+ * @param outDerKeypair Output buffer to receive the ASN.1 DER encoded key pair.
+ *                      Must have a capacity of at least `kP256ECPrivateKeyDERLength` bytes.
+ *
+ * @retval  #CHIP_NO_ERROR If the key pair was successfully converted, or a CHIP_ERROR otherwise.
+ */
+CHIP_ERROR ConvertECDSAKeypairRawToDER(const Crypto::P256SerializedKeypair & rawKeypair, MutableByteSpan & outDerKeypair);
+
 /**
  * Extract the Fabric ID from an operational certificate that has already been
  * parsed.

src/credentials/tests/CHIPCert_test_vectors.cpp

@@ -28,6 +28,7 @@
 
 #include <credentials/CHIPCert.h>
 #include <credentials/CHIPCertificateSet.h>
+#include <crypto/CHIPCryptoPAL.h>
 #include <lib/support/CodeUtils.h>
 
 namespace chip {
@@ -72,6 +73,8 @@ enum class TestCertLoadFlags : uint8_t
 extern CHIP_ERROR GetTestCert(TestCert certType, BitFlags<TestCertLoadFlags> certLoadFlags, ByteSpan & cert);
 extern const char * GetTestCertName(TestCert certType);
 extern CHIP_ERROR GetTestCertPubkey(TestCert certType, ByteSpan & pubkey);
+extern CHIP_ERROR GetTestCertPrivkey(TestCert certType, ByteSpan & privkey);
+extern CHIP_ERROR GetTestCertKeypair(TestCert certType, Crypto::P256SerializedKeypair & keypair);
 extern CHIP_ERROR GetTestCertSKID(TestCert certType, ByteSpan & skid);
 extern CHIP_ERROR GetTestCertAKID(TestCert certType, ByteSpan & akid);
 
@@ -213,6 +216,7 @@ extern const ByteSpan sTestCert_PDCID01_PrivateKey;
 extern const ByteSpan sTestCert_PDCID01_SubjectKeyId;   // empty
 extern const ByteSpan sTestCert_PDCID01_AuthorityKeyId; // empty
 extern const ByteSpan sTestCert_PDCID01_KeyId;
+extern const ByteSpan sTestCert_PDCID01_KeypairDER;
 
 } // namespace TestCerts
 } // namespace chip

src/credentials/tests/CHIPCert_test_vectors.h

@@ -33,6 +33,7 @@
 #include <lib/core/TLV.h>
 #include <lib/support/CHIPMem.h>
 #include <lib/support/CodeUtils.h>
+#include <lib/support/UnitTestExtendedAssertions.h>
 #include <lib/support/UnitTestRegistration.h>
 
 #include <nlunit-test.h>
@@ -2191,6 +2192,20 @@ static void TestChipCert_PDCIdentityGeneration(nlTestSuite * inSuite, void * inC
     NL_TEST_ASSERT(inSuite, ValidateChipNetworkIdentity(tlvCert) == CHIP_NO_ERROR);
 }
 
+static void TestChipCert_KeypairConversion(nlTestSuite * inSuite, void * inContext)
+{
+    P256SerializedKeypair keypair;
+    NL_TEST_ASSERT_SUCCESS(inSuite, GetTestCertKeypair(kPDCID01, keypair));
+
+    uint8_t buffer[kP256ECPrivateKeyDERLength];
+    MutableByteSpan keypairDer(buffer);
+    NL_TEST_ASSERT_SUCCESS(inSuite, ConvertECDSAKeypairRawToDER(keypair, keypairDer));
+
+    // Technically the curve name and public key are optional in the DER format,
+    // but both our code and standard tools include them, so we can just compare.
+    NL_TEST_ASSERT(inSuite, keypairDer.data_equal(sTestCert_PDCID01_KeypairDER));
+}
+
 /**
  *  Set up the test suite.
  */
@@ -2251,6 +2266,7 @@ static const nlTest sTests[] = {
     NL_TEST_DEF("Test extracting PublicKey and SKID from chip certificate", TestChipCert_ExtractPublicKeyAndSKID),
     NL_TEST_DEF("Test PDC Identity Validation", TestChipCert_PDCIdentityValidation),
     NL_TEST_DEF("Test PDC Identity Generation", TestChipCert_PDCIdentityGeneration),
+    NL_TEST_DEF("Test keypair conversion", TestChipCert_KeypairConversion),
     NL_TEST_SENTINEL()
 };
 // clang-format on

src/credentials/tests/TestChipCert.cpp

@@ -484,6 +484,9 @@ struct alignas(size_t) P256KeypairContext
     uint8_t mBytes[kMAX_P256Keypair_Context_Size];
 };
 
+/**
+ * A serialized P256 key pair is the concatenation of the public and private keys, in that order.
+ */
 using P256SerializedKeypair = SensitiveDataBuffer<kP256_PublicKey_Length + kP256_PrivateKey_Length>;
 
 class P256KeypairBase : public ECPKeypair<P256PublicKey, P256ECDHDerivedSecret, P256ECDSASignature>

src/crypto/CHIPCryptoPAL.h

@@ -119,6 +119,46 @@ class OperationalKeystore
      */
     virtual CHIP_ERROR CommitOpKeypairForFabric(FabricIndex fabricIndex) = 0;
 
+    /**
+     * @brief Try to read out the permanently committed operational keypair and save it to the buffer.
+     *
+     * @param fabricIndex - FabricIndex from which the keypair will be exported
+     * @param outKeypair - a reference to P256SerializedKeypair object to store the exported key.
+     * @retval CHIP_ERROR on success.
+     * @retval CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE if the key cannot be exported due to security restrictions.
+     * @retval CHIP_ERROR_NOT_IMPLEMENTED if the exporting is not implemented for the cryptography backend.
+     * @retval CHIP_ERROR_INVALID_FABRIC_INDEX if provided wrong value of `fabricIndex`.
+     * @retval CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND if there is no keypair found for `fabricIndex`.
+     * @retval CHIP_ERROR_BUFFER_TOO_SMALL if `outKeyPair` buffer is too small to store the read out keypair.
+     * @retval other CHIP_ERROR value on internal storage or cryptography backend errors.
+     */
+    virtual CHIP_ERROR ExportOpKeypairForFabric(FabricIndex fabricIndex, Crypto::P256SerializedKeypair & outKeypair)
+    {
+        return CHIP_ERROR_NOT_IMPLEMENTED;
+    };
+
+    /**
+     * @brief Migrate the operational keypair from another Operational keystore (`operationalKeystore`) implementation to this one.
+     *
+     * This method assumes that the operational key for given `fabricIndex` exists in the `operationalKeystore` storage or it has
+     * been already migrated to the new Operational Storage. If a key for the given `fabricIndex` does not exist in any of those
+     * keystores, then the method retuns CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND.
+     *
+     * @param fabricIndex - FabricIndex for which to migrate the operational key
+     * @param operationalKeystore - a reference to the operationalKeystore implementation that may contain saved operational key
+     * for Fabric
+     * @retval CHIP_ERROR on success
+     * @retval CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE if the key cannot be exported due to security restrictions.
+     * @retval CHIP_ERROR_NOT_IMPLEMENTED if the exporting is not implemented for the cryptography backend.
+     * @retval CHIP_ERROR_INVALID_FABRIC_INDEX if there is no keypair found for `fabricIndex`.
+     * @retval CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND if there is no keypair found for `fabricIndex`.
+     * @retval other CHIP_ERROR value on internal storage or crypto engine errors.
+     */
+    virtual CHIP_ERROR MigrateOpKeypairForFabric(FabricIndex fabricIndex, OperationalKeystore & operationalKeystore) const
+    {
+        return CHIP_ERROR_NOT_IMPLEMENTED;
+    };
+
     /**
      * @brief Permanently remove the keypair associated with a fabric
      *

src/crypto/OperationalKeystore.h

@@ -16,6 +16,7 @@
  */
 
 #include "PSAOperationalKeystore.h"
+#include "PersistentStorageOperationalKeystore.h"
 
 #include <lib/support/CHIPMem.h>
 
@@ -135,6 +136,35 @@ CHIP_ERROR PSAOperationalKeystore::NewOpKeypairForFabric(FabricIndex fabricIndex
     return CHIP_NO_ERROR;
 }
 
+CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Deserialize(P256SerializedKeypair & input)
+{
+    CHIP_ERROR error                = CHIP_NO_ERROR;
+    psa_status_t status             = PSA_SUCCESS;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_id_t keyId              = 0;
+    VerifyOrReturnError(input.Length() == mPublicKey.Length() + kP256_PrivateKey_Length, CHIP_ERROR_INVALID_ARGUMENT);
+
+    Destroy();
+
+    // Type based on ECC with the elliptic curve SECP256r1 -> PSA_ECC_FAMILY_SECP_R1
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+    psa_set_key_bits(&attributes, kP256_PrivateKey_Length * 8);
+    psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+    psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_PERSISTENT);
+    psa_set_key_id(&attributes, GetKeyId());
+
+    status = psa_import_key(&attributes, input.ConstBytes() + mPublicKey.Length(), kP256_PrivateKey_Length, &keyId);
+    VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INTERNAL);
+
+    memcpy(mPublicKey.Bytes(), input.ConstBytes(), mPublicKey.Length());
+
+exit:
+    psa_reset_key_attributes(&attributes);
+
+    return error;
+}
+
 CHIP_ERROR PSAOperationalKeystore::ActivateOpKeypairForFabric(FabricIndex fabricIndex, const Crypto::P256PublicKey & nocPublicKey)
 {
     VerifyOrReturnError(IsValidFabricIndex(fabricIndex) && mPendingFabricIndex == fabricIndex, CHIP_ERROR_INVALID_FABRIC_INDEX);
@@ -154,6 +184,40 @@ CHIP_ERROR PSAOperationalKeystore::CommitOpKeypairForFabric(FabricIndex fabricIn
     return CHIP_NO_ERROR;
 }
 
+CHIP_ERROR PSAOperationalKeystore::ExportOpKeypairForFabric(FabricIndex fabricIndex, Crypto::P256SerializedKeypair & outKeypair)
+{
+    // Currently exporting the key is forbidden in PSAOperationalKeystore because the PSA_KEY_USAGE_EXPORT usage flag is not set, so
+    // there is no need to compile the code for the device, but there should be an implementation for test purposes to verify if
+    // the psa_export_key returns an error.
+#if CHIP_CONFIG_TEST
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+    VerifyOrReturnError(HasOpKeypairForFabric(fabricIndex), CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND);
+
+    size_t outSize = 0;
+    psa_status_t status =
+        psa_export_key(PersistentP256Keypair(fabricIndex).GetKeyId(), outKeypair.Bytes(), outKeypair.Capacity(), &outSize);
+
+    if (status == PSA_ERROR_BUFFER_TOO_SMALL)
+    {
+        return CHIP_ERROR_BUFFER_TOO_SMALL;
+    }
+    else if (status == PSA_ERROR_NOT_PERMITTED)
+    {
+        return CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE;
+    }
+    else if (status != PSA_SUCCESS)
+    {
+        return CHIP_ERROR_INTERNAL;
+    }
+
+    outKeypair.SetLength(outSize);
+
+    return CHIP_NO_ERROR;
+#else
+    return CHIP_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
 CHIP_ERROR PSAOperationalKeystore::RemoveOpKeypairForFabric(FabricIndex fabricIndex)
 {
     VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
@@ -209,5 +273,31 @@ void PSAOperationalKeystore::ReleasePendingKeypair()
     mIsPendingKeypairActive = false;
 }
 
+CHIP_ERROR PSAOperationalKeystore::MigrateOpKeypairForFabric(FabricIndex fabricIndex,
+                                                             OperationalKeystore & operationalKeystore) const
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    P256SerializedKeypair serializedKeypair;
+
+    // Do not allow overwriting the existing key and just remove it from the previous Operational Keystore if needed.
+    if (!HasOpKeypairForFabric(fabricIndex))
+    {
+        ReturnErrorOnFailure(operationalKeystore.ExportOpKeypairForFabric(fabricIndex, serializedKeypair));
+
+        PersistentP256Keypair keypair(fabricIndex);
+        ReturnErrorOnFailure(keypair.Deserialize(serializedKeypair));
+
+        // Migrated key is not useful anymore, remove it from the previous keystore.
+        ReturnErrorOnFailure(operationalKeystore.RemoveOpKeypairForFabric(fabricIndex));
+    }
+    else if (operationalKeystore.HasOpKeypairForFabric(fabricIndex))
+    {
+        ReturnErrorOnFailure(operationalKeystore.RemoveOpKeypairForFabric(fabricIndex));
+    }
+
+    return CHIP_NO_ERROR;
+}
+
 } // namespace Crypto
 } // namespace chip

src/crypto/PSAOperationalKeystore.cpp

@@ -19,6 +19,7 @@
 
 #include <crypto/CHIPCryptoPALPSA.h>
 #include <crypto/OperationalKeystore.h>
+#include <lib/core/CHIPPersistentStorageDelegate.h>
 
 namespace chip {
 namespace Crypto {
@@ -31,7 +32,9 @@ class PSAOperationalKeystore final : public OperationalKeystore
     CHIP_ERROR NewOpKeypairForFabric(FabricIndex fabricIndex, MutableByteSpan & outCertificateSigningRequest) override;
     CHIP_ERROR ActivateOpKeypairForFabric(FabricIndex fabricIndex, const Crypto::P256PublicKey & nocPublicKey) override;
     CHIP_ERROR CommitOpKeypairForFabric(FabricIndex fabricIndex) override;
+    CHIP_ERROR ExportOpKeypairForFabric(FabricIndex fabricIndex, Crypto::P256SerializedKeypair & outKeypair) override;
     CHIP_ERROR RemoveOpKeypairForFabric(FabricIndex fabricIndex) override;
+    CHIP_ERROR MigrateOpKeypairForFabric(FabricIndex fabricIndex, OperationalKeystore & operationalKeystore) const;
     void RevertPendingKeypair() override;
     CHIP_ERROR SignWithOpKeypair(FabricIndex fabricIndex, const ByteSpan & message,
                                  Crypto::P256ECDSASignature & outSignature) const override;
@@ -53,13 +56,15 @@ class PSAOperationalKeystore final : public OperationalKeystore
         bool Exists() const;
         CHIP_ERROR Generate();
         CHIP_ERROR Destroy();
+        CHIP_ERROR Deserialize(P256SerializedKeypair & input);
     };
 
     void ReleasePendingKeypair();
 
     PersistentP256Keypair * mPendingKeypair = nullptr;
     FabricIndex mPendingFabricIndex         = kUndefinedFabricIndex;
     bool mIsPendingKeypairActive            = false;
+    PersistentStorageDelegate * mStorage    = nullptr;
 };
 
 } // namespace Crypto