Support for FW based NOC key-pair generation.

ankk-css · ankk-css · commit 48b91ae24016 · 2024-08-02T11:16:51.000+08:00
diff --git a/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_P256_trustm.cpp b/src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_P256_trustm.cpp
@@ -93,14 +93,12 @@ static CHIP_ERROR get_trustm_keyid_from_keypair(const P256KeypairContext mKeypai
 
 P256Keypair::~P256Keypair()
 {
-    // Add method to get the keyid
     if (CHIP_NO_ERROR != get_trustm_keyid_from_keypair(mKeypair, &keyid))
     {
         Clear();
     }
     else
     {
-        // Delete the key in SE
     }
 }
 
@@ -110,6 +108,7 @@ CHIP_ERROR P256Keypair::Initialize(ECPKeyTarget key_target)
 
     if (key_target == ECPKeyTarget::ECDSA)
     {
+        printf("Generating ECDSA key");
         // Use the mbedtls based method
         if (CHIP_NO_ERROR == Initialize_H(this, &mPublicKey, &mKeypair))
         {
@@ -166,7 +165,9 @@ CHIP_ERROR P256Keypair::Initialize(ECPKeyTarget key_target)
 
 CHIP_ERROR P256Keypair::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) const
 {
+    VerifyOrReturnError(mInitialized, CHIP_ERROR_UNINITIALIZED);
     uint16_t keyid = (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET+1]) | (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET] << 8);
+    
     // Check if there is any matching key_id to Optiga OID
     if (keyid == OPTIGA_KEY_ID_E0F0)
     {
@@ -211,9 +212,8 @@ CHIP_ERROR P256Keypair::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P
     // Use the mbedtls based method
     else
     {
-        printf("ECDSA sing msg sw\n");
+        printf("ECDSA sing msg mbedtls\n");
         return ECDSA_sign_msg_H(&mKeypair, msg, msg_length, out_signature);
-
     }
 }
 
@@ -306,6 +306,13 @@ CHIP_ERROR P256Keypair::Serialize(P256SerializedKeypair & output) const
     uint8_t privkey[kP256_PrivateKey_Length] = {
         0,
     };
+    
+    if (0 != memcmp(&mKeypair.mBytes[0], trustm_magic_no, sizeof(trustm_magic_no)))
+    {
+        VerifyOrReturnError(mInitialized, CHIP_ERROR_UNINITIALIZED);
+        return Serialize_H(mKeypair, mPublicKey, output);
+        
+    }
 
     /* Set the public key */
     P256PublicKey & public_key = const_cast<P256PublicKey &>(Pubkey());

Original file line number	Diff line number	Diff line change
`@@ -93,14 +93,12 @@ static CHIP_ERROR get_trustm_keyid_from_keypair(const P256KeypairContext mKeypai`
`93`	`93`
`94`	`94`	`P256Keypair::~P256Keypair()`
`95`	`95`	`{`
`96`		`- // Add method to get the keyid`
`97`	`96`	`if (CHIP_NO_ERROR != get_trustm_keyid_from_keypair(mKeypair, &keyid))`
`98`	`97`	`{`
`99`	`98`	`Clear();`
`100`	`99`	`}`
`101`	`100`	`else`
`102`	`101`	`{`
`103`		`- // Delete the key in SE`
`104`	`102`	`}`
`105`	`103`	`}`
`106`	`104`
`@@ -110,6 +108,7 @@ CHIP_ERROR P256Keypair::Initialize(ECPKeyTarget key_target)`
`110`	`108`
`111`	`109`	`if (key_target == ECPKeyTarget::ECDSA)`
`112`	`110`	`{`
	`111`	`+ printf("Generating ECDSA key");`
`113`	`112`	`// Use the mbedtls based method`
`114`	`113`	`if (CHIP_NO_ERROR == Initialize_H(this, &mPublicKey, &mKeypair))`
`115`	`114`	`{`
`@@ -166,7 +165,9 @@ CHIP_ERROR P256Keypair::Initialize(ECPKeyTarget key_target)`
`166`	`165`
`167`	`166`	`CHIP_ERROR P256Keypair::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) const`
`168`	`167`	`{`
	`168`	`+ VerifyOrReturnError(mInitialized, CHIP_ERROR_UNINITIALIZED);`
`169`	`169`	`uint16_t keyid = (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET+1]) \| (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET] << 8);`
	`170`	`+`
`170`	`171`	`// Check if there is any matching key_id to Optiga OID`
`171`	`172`	`if (keyid == OPTIGA_KEY_ID_E0F0)`
`172`	`173`	`{`
`@@ -211,9 +212,8 @@ CHIP_ERROR P256Keypair::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P`
`211`	`212`	`// Use the mbedtls based method`
`212`	`213`	`else`
`213`	`214`	`{`
`214`		`- printf("ECDSA sing msg sw\n");`
	`215`	`+ printf("ECDSA sing msg mbedtls\n");`
`215`	`216`	`return ECDSA_sign_msg_H(&mKeypair, msg, msg_length, out_signature);`
`216`		`-`
`217`	`217`	`}`
`218`	`218`	`}`
`219`	`219`
`@@ -306,6 +306,13 @@ CHIP_ERROR P256Keypair::Serialize(P256SerializedKeypair & output) const`
`306`	`306`	`uint8_t privkey[kP256_PrivateKey_Length] = {`
`307`	`307`	`0,`
`308`	`308`	`};`
	`309`	`+`
	`310`	`+ if (0 != memcmp(&mKeypair.mBytes[0], trustm_magic_no, sizeof(trustm_magic_no)))`
	`311`	`+ {`
	`312`	`+ VerifyOrReturnError(mInitialized, CHIP_ERROR_UNINITIALIZED);`
	`313`	`+ return Serialize_H(mKeypair, mPublicKey, output);`
	`314`	`+`
	`315`	`+ }`
`309`	`316`
`310`	`317`	`/* Set the public key */`
`311`	`318`	`P256PublicKey & public_key = const_cast<P256PublicKey &>(Pubkey());`