<TrustM> Fixed Sigma3 and ecdsa keyid selection issues.

Author: ankk-css

src/platform/Infineon/crypto/trustm/CHIPCryptoPALHost.cpp

@@ -83,6 +83,7 @@ typedef struct
 } EntropyContext;
 
 static EntropyContext gsEntropyContext;
+static mbedtls_ccm_context ccm_context;
 
 static void _log_mbedTLS_error(int error_code)
 {
@@ -107,16 +108,14 @@ static bool _isValidTagLength(size_t tag_length)
     }
     return false;
 }
-
 CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, const uint8_t * aad, size_t aad_length,
                            const Aes128KeyHandle & key, const uint8_t * nonce, size_t nonce_length, uint8_t * ciphertext,
                            uint8_t * tag, size_t tag_length)
 {
     CHIP_ERROR error = CHIP_NO_ERROR;
     int result       = 1;
 
-    mbedtls_ccm_context context;
-    mbedtls_ccm_init(&context);
+    mbedtls_ccm_init(&ccm_context);
 
     VerifyOrExit(plaintext != nullptr || plaintext_length == 0, error = CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrExit(ciphertext != nullptr || plaintext_length == 0, error = CHIP_ERROR_INVALID_ARGUMENT);
@@ -130,18 +129,18 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
     }
 
     // Size of key is expressed in bits, hence the multiplication by 8.
-    result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Symmetric128BitsKeyByteArray>(), sizeof(Symmetric128BitsKeyByteArray) * 8);
+    result = mbedtls_ccm_setkey(&ccm_context, MBEDTLS_CIPHER_ID_AES, key.As<Symmetric128BitsKeyByteArray>(), sizeof(Symmetric128BitsKeyByteArray) * 8);
     VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
 
     // Encrypt
-    result = mbedtls_ccm_encrypt_and_tag(&context, plaintext_length, Uint8::to_const_uchar(nonce), nonce_length,
+    result = mbedtls_ccm_encrypt_and_tag(&ccm_context, plaintext_length, Uint8::to_const_uchar(nonce), nonce_length,
                                          Uint8::to_const_uchar(aad), aad_length, Uint8::to_const_uchar(plaintext),
                                          Uint8::to_uchar(ciphertext), Uint8::to_uchar(tag), tag_length);
     _log_mbedTLS_error(result);
     VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
 
 exit:
-    mbedtls_ccm_free(&context);
+    mbedtls_ccm_free(&ccm_context);
     return error;
 }
 
@@ -152,8 +151,7 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co
     CHIP_ERROR error = CHIP_NO_ERROR;
     int result       = 1;
 
-    mbedtls_ccm_context context;
-    mbedtls_ccm_init(&context);
+    mbedtls_ccm_init(&ccm_context);
 
     VerifyOrExit(plaintext != nullptr || ciphertext_len == 0, error = CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrExit(ciphertext != nullptr || ciphertext_len == 0, error = CHIP_ERROR_INVALID_ARGUMENT);
@@ -167,18 +165,18 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co
     }
 
     // Size of key is expressed in bits, hence the multiplication by 8.
-    result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As<Symmetric128BitsKeyByteArray>(), sizeof(Symmetric128BitsKeyByteArray) * 8);
+    result = mbedtls_ccm_setkey(&ccm_context, MBEDTLS_CIPHER_ID_AES, key.As<Symmetric128BitsKeyByteArray>(), sizeof(Symmetric128BitsKeyByteArray) * 8);
     VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
 
     // Decrypt
-    result = mbedtls_ccm_auth_decrypt(&context, ciphertext_len, Uint8::to_const_uchar(nonce), nonce_length,
+    result = mbedtls_ccm_auth_decrypt(&ccm_context, ciphertext_len, Uint8::to_const_uchar(nonce), nonce_length,
                                       Uint8::to_const_uchar(aad), aad_len, Uint8::to_const_uchar(ciphertext),
                                       Uint8::to_uchar(plaintext), Uint8::to_const_uchar(tag), tag_length);
     _log_mbedTLS_error(result);
     VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
 
 exit:
-    mbedtls_ccm_free(&context);
+    mbedtls_ccm_free(&ccm_context);
     return error;
 }
 

src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_P256_trustm.cpp

@@ -48,7 +48,6 @@ const uint8_t kTlvHeader = 2;
 
 // Define keyid
 uint32_t keyid =0;
-
 namespace chip {
 namespace Crypto {
 
@@ -87,8 +86,7 @@ static CHIP_ERROR get_trustm_keyid_from_keypair(const P256KeypairContext mKeypai
         return CHIP_ERROR_INTERNAL;
     }
 
-    *key_id += (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET] << (8 * 1) & 0xFF00) |
-        (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET + 1] << (8 * 0) & 0x00FF);
+    *key_id += (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET]) | (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET + 1] << 8 );
 
     return CHIP_NO_ERROR;
 }
@@ -117,6 +115,7 @@ CHIP_ERROR P256Keypair::Initialize(ECPKeyTarget key_target)
     {
         mInitialized = true;
     }
+    error = CHIP_NO_ERROR;
     return error;
 #else    
     uint8_t pubkey[128]               = {
@@ -125,61 +124,40 @@ CHIP_ERROR P256Keypair::Initialize(ECPKeyTarget key_target)
     uint16_t pubKeyLen = sizeof(pubkey);
     optiga_lib_status_t return_status = OPTIGA_LIB_BUSY;
     P256PublicKey & public_key = const_cast<P256PublicKey &>(Pubkey());
+    optiga_key_usage_t key_usage;
+    uint16_t keyid;
 
-    if (key_target == ECPKeyTarget::ECDH)
-    {
+    if (key_target == ECPKeyTarget::ECDH) {   
         keyid = TRUSTM_ECDH_OID_KEY;
-        // Trust M init
-        trustm_Open();
+
         // Trust M ECC 256 Key Gen
         ChipLogDetail(Crypto, "Generating NIST256 key in TrustM for ECDH!");
-        uint8_t key_usage = (optiga_key_usage_t)(OPTIGA_KEY_USAGE_KEY_AGREEMENT);
-
-        return_status = trustm_ecc_keygen(OPTIGA_KEY_ID_E0F3, key_usage, OPTIGA_ECC_CURVE_NIST_P_256, pubkey, &pubKeyLen);
-
-        // Add signature length
-        VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
-
-        /* Set the public key */
-        VerifyOrReturnError((size_t) pubKeyLen > NIST256_HEADER_OFFSET, CHIP_ERROR_INTERNAL);
-        VerifyOrReturnError(((size_t) pubKeyLen - NIST256_HEADER_OFFSET) <= kP256_PublicKey_Length, CHIP_ERROR_INTERNAL);
-        memcpy((void *) Uint8::to_const_uchar(public_key), pubkey + NIST256_HEADER_OFFSET, pubKeyLen - NIST256_HEADER_OFFSET);
-
-       memcpy(&mKeypair.mBytes[0], trustm_magic_no, sizeof(trustm_magic_no));
-       mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET] = (keyid >> (1 * 8)) & 0x00FF;
-       mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET + 1] = (keyid >> (0 * 8)) & 0x00FF;
-
-       mInitialized = true;
-       error = CHIP_NO_ERROR;
-    }
-    else
-    {
+        key_usage = OPTIGA_KEY_USAGE_KEY_AGREEMENT;
+    } else {
         // Add the logic to use different keyid
-        keyid   = TRUSTM_NODE_OID_KEY_START;
-        // Trust M init
-        trustm_Open();
+        keyid = TRUSTM_NODE_OID_KEY_START;
         // Trust M ECC 256 Key Gen
         ChipLogDetail(Crypto, "Generating NIST256 key in TrustM !");
-        uint8_t key_usage = (optiga_key_usage_t)(OPTIGA_KEY_USAGE_SIGN | OPTIGA_KEY_USAGE_AUTHENTICATION);
-
-        return_status = trustm_ecc_keygen(OPTIGA_KEY_ID_E0F2, key_usage, OPTIGA_ECC_CURVE_NIST_P_256, pubkey, &pubKeyLen);
-        // Add signature length
-        VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
-
-        /* Set the public key */
-        VerifyOrReturnError((size_t) pubKeyLen > NIST256_HEADER_OFFSET, CHIP_ERROR_INTERNAL);
-        VerifyOrReturnError(((size_t) pubKeyLen - NIST256_HEADER_OFFSET) <= kP256_PublicKey_Length, CHIP_ERROR_INTERNAL);
-        memcpy((void *) Uint8::to_const_uchar(public_key), pubkey + NIST256_HEADER_OFFSET, pubKeyLen - NIST256_HEADER_OFFSET);
+        key_usage = (optiga_key_usage_t)(OPTIGA_KEY_USAGE_SIGN | OPTIGA_KEY_USAGE_AUTHENTICATION);
+    }
+    // Trust M init
+    trustm_Open();
+    return_status = trustm_ecc_keygen(keyid, key_usage, OPTIGA_ECC_CURVE_NIST_P_256, pubkey, &pubKeyLen);
 
-       memcpy(&mKeypair.mBytes[0], trustm_magic_no, sizeof(trustm_magic_no));
-       mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET] = (keyid >> (1 * 8)) & 0x00FF;
-       mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET + 1] = (keyid >> (0 * 8)) & 0x00FF;
+    // Add signature length
+    VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
 
-       mInitialized = true;
-       error = CHIP_NO_ERROR;
+    /* Set the public key */
+    VerifyOrReturnError((size_t) pubKeyLen > NIST256_HEADER_OFFSET, CHIP_ERROR_INTERNAL);
+    VerifyOrReturnError(((size_t) pubKeyLen - NIST256_HEADER_OFFSET) <= kP256_PublicKey_Length, CHIP_ERROR_INTERNAL);
+    memcpy((void *) Uint8::to_const_uchar(public_key), pubkey + NIST256_HEADER_OFFSET, pubKeyLen - NIST256_HEADER_OFFSET);
 
-    }
+    memcpy(&mKeypair.mBytes[0], trustm_magic_no, sizeof(trustm_magic_no));
+    mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET] = (keyid >> (0 * 8)) & 0xFF;
+    mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET + 1] = (keyid >> (1 * 8)) & 0xFF;
 
+    mInitialized = true;
+    error = CHIP_NO_ERROR;
 
 exit:
     if (error != CHIP_NO_ERROR)
@@ -213,14 +191,19 @@ CHIP_ERROR P256Keypair::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P
     trustm_Open();
     // Hash to get the digest
     Hash_SHA256(msg, msg_length, &digest[0]);
+    uint16_t keyid =  (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET]) | (mKeypair.mBytes[CRYPTO_KEYPAIR_KEYID_OFFSET+1] << 8);
     // Api call to calculate the signature
-    return_status = trustm_ecdsa_sign(OPTIGA_KEY_ID_E0F0, digest, digest_length, signature_trustm, &signature_trustm_len);
-
+    if (keyid == OPTIGA_KEY_ID_E0F2) {
+        return_status = trustm_ecdsa_sign(OPTIGA_KEY_ID_E0F2, digest, digest_length, signature_trustm, &signature_trustm_len);
+    } else {
+        return_status = trustm_ecdsa_sign(OPTIGA_KEY_ID_E0F0, digest, digest_length, signature_trustm, &signature_trustm_len);
+    }
+    
     VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
 
     error = EcdsaAsn1SignatureToRaw(kP256_FE_Length, ByteSpan{ signature_trustm, signature_trustm_len }, out_raw_sig_span);
 
-    ChipLogError(NotSpecified, "EcdsaAsn1SignatureToRaw %" CHIP_ERROR_FORMAT, error.Format());
+    // ChipLogError(NotSpecified, "EcdsaAsn1SignatureToRaw %" CHIP_ERROR_FORMAT, error.Format());
 
     SuccessOrExit(error);
 
@@ -257,9 +240,16 @@ CHIP_ERROR P256Keypair::ECDH_derive_secret(const P256PublicKey & remote_public_k
 
     const uint8_t * const rem_pubKey = Uint8::to_const_uchar(remote_public_key);
     const size_t rem_pubKeyLen       = remote_public_key.Length();
-    return_status = trustm_ecdh_derive_secret(OPTIGA_KEY_ID_E0F3, (uint8_t*)rem_pubKey, (uint16_t)rem_pubKeyLen, 
-                        out_secret.Bytes(), (uint8_t)secret_length);
- 
+    
+    uint8_t remote_key[68];
+    uint8_t header[3] = {0x03, 0x42, 0x00};
+
+    memcpy(remote_key, &header, 3);
+    memcpy(remote_key+3, rem_pubKey, rem_pubKeyLen);
+
+    return_status = trustm_ecdh_derive_secret(OPTIGA_KEY_ID_E0F3, (uint8_t*)remote_key, (uint16_t)rem_pubKeyLen+3, 
+                        out_secret.Bytes(), (uint8_t)secret_length); 
+    
     VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL) ;
 
     exit:
@@ -357,9 +347,10 @@ CHIP_ERROR P256Keypair::Deserialize(P256SerializedKeypair & input)
         VerifyOrReturnError(bbuf.Fit(), CHIP_ERROR_NO_MEMORY);
 
         memcpy(&mKeypair.mBytes[0], trustm_magic_no, sizeof(trustm_magic_no));
-        mKeypair.mBytes[8]  = *(privkey + 8);
-        mKeypair.mBytes[9]  = *(privkey + 9);
-        // ChipLogDetail(Crypto, "Parsed keyId = 0x%02X%02X", mKeypair.mBytes[8], mKeypair.mBytes[9]);
+
+        mKeypair.mBytes[4]  = *(privkey + 4);
+        mKeypair.mBytes[5]  = *(privkey + 5);
+        // ChipLogDetail(Crypto, "Parsed keyId = 0x%02X%02X", mKeypair.mBytes[4], mKeypair.mBytes[5]);
 
         mInitialized = true;
 
@@ -443,7 +434,7 @@ CHIP_ERROR P256Keypair::NewCertificateSigningRequest(uint8_t * csr, size_t & csr
 {
 #if !ENABLE_TRUSTM_GENERATE_EC_KEY
     return NewCertificateSigningRequest_H(&mKeypair, csr, csr_length);
-#else    
+#else
     CHIP_ERROR error = CHIP_ERROR_INTERNAL;
     optiga_lib_status_t return_status = OPTIGA_LIB_BUSY;
 
@@ -593,7 +584,6 @@ CHIP_ERROR P256Keypair::NewCertificateSigningRequest(uint8_t * csr, size_t & csr
     csr_length = (csr_index + signature_len);
 
     error = CHIP_NO_ERROR;
-    
     exit:
         if (error != CHIP_NO_ERROR)
         {

src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_utils_trustm.h

@@ -51,7 +51,7 @@ extern optiga_util_t * p_local_util;
     }
 
 static const uint8_t trustm_magic_no[] = IFX_CRYPTO_KEY_MAGIC;
-
+static const uint8_t DA_KEY_ID[] = {0xE0, 0xF0};
 /* Open session to trustm */
 void trustm_Open(void);
 void read_certificate_from_optiga(uint16_t optiga_oid, char * cert_pem, uint16_t * cert_pem_length);

src/platform/Infineon/crypto/trustm/CHIPCryptoPAL_HostFallBack.cpp

@@ -442,13 +442,6 @@ CHIP_ERROR Deserialize_H(P256Keypair * pk, P256PublicKey * mPublicKey, P256Keypa
     bbuf.Put(input.ConstBytes(), mPublicKey->Length());
     VerifyOrExit(bbuf.Fit(), error = CHIP_ERROR_NO_MEMORY);
 
-    printf("\n");
-    for (size_t i = 0; i < mPublicKey->Length(); i++)
-    {
-        printf("0x%02X ", Uint8::to_const_uchar(*mPublicKey)[i]);
-    }
-    printf("\n");
-
     result = mbedtls_ecp_point_read_binary(&keypair->CHIP_CRYPTO_PAL_PRIVATE(grp), &keypair->CHIP_CRYPTO_PAL_PRIVATE(Q),
                                            Uint8::to_const_uchar(*mPublicKey), mPublicKey->Length());
     VerifyOrExit(result == 0, error = CHIP_ERROR_INVALID_ARGUMENT);

src/platform/Infineon/crypto/trustm/DeviceAttestationCredsExampleTrustM.cpp

@@ -117,7 +117,7 @@ CHIP_ERROR ExampleTrustMDACProvider::SignWithDeviceAttestationKey(const ByteSpan
 
     memset(serialized_keypair.Bytes(), 0, Crypto::kP256_PublicKey_Length);
     memcpy(serialized_keypair.Bytes() + Crypto::kP256_PublicKey_Length, trustm_magic_no, sizeof(trustm_magic_no));
-    
+    memcpy(serialized_keypair.Bytes() + (Crypto::kP256_PublicKey_Length + sizeof (trustm_magic_no)), DA_KEY_ID, 2);
 
     ReturnErrorOnFailure(keypair.Deserialize(serialized_keypair));