1)Added random number generator using TrustM

Author: ying-css

src/platform/Infineon/crypto/trustm/BUILD.gn

@@ -43,6 +43,7 @@ static_library("infineon_crypto_lib") {
     "CHIPCryptoPALHsm_HKDF_trustm.cpp",
     "CHIPCryptoPALHsm_HMAC_trustm.cpp",
     "CHIPCryptoPALHsm_P256_trustm.cpp",
+    "CHIPCryptoPALHsm_rng_trustm.cpp",
     "CHIPCryptoPALHsm_utils_trustm.cpp",
     "DeviceAttestationCredsExampleTrustM.cpp",
   ]

src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_rng_trustm.cpp

@@ -0,0 +1,61 @@
+/*
+ *
+ * Copyright (c) 2024 Project CHIP Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file
+ * HSM based implementation of CHIP crypto primitives
+ * Based on configurations in CHIPCryptoPALHsm_config.h file,
+ * chip crypto apis use either HSM or rollback to software implementation.
+ */
+
+#include "CHIPCryptoPALHsm_utils_trustm.h"
+#include "optiga/optiga_util.h"
+#include "optiga_crypt.h"
+#include "optiga_lib_types.h"
+#include <lib/core/CHIPEncoding.h>
+
+
+namespace chip {
+namespace Crypto {
+
+CHIP_ERROR DRBG_get_bytes(uint8_t * out_buffer, const size_t out_length)
+{
+    CHIP_ERROR error                  = CHIP_ERROR_INTERNAL;
+    optiga_lib_status_t return_status = OPTIGA_LIB_BUSY;
+
+    VerifyOrReturnError(out_buffer != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrReturnError(out_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
+    // Trust M init
+    trustm_Open();
+
+    ChipLogDetail(Crypto, "Random Number: Using TrustM for Rondom Number Generate !");
+    return_status = optiga_crypt_rng(out_buffer, out_length);
+
+    VerifyOrExit(return_status == OPTIGA_LIB_SUCCESS, error = CHIP_ERROR_INTERNAL);
+
+    error = CHIP_NO_ERROR;
+
+exit:
+    if (error != CHIP_NO_ERROR)
+    {
+        trustm_close();
+    }
+    return CHIP_NO_ERROR;
+}
+
+} // namespace Crypto
+} // namespace chip

src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_utils_trustm.cpp

@@ -536,7 +536,47 @@ optiga_lib_status_t hmac_sha256(optiga_hmac_type_t type, const uint8_t * input_d
     }
     return return_status;
 }
+optiga_lib_status_t optiga_crypt_rng(uint8_t * random_data, uint16_t random_data_length)
+{
+    optiga_lib_status_t return_status;
+    do
+    {
+        // Create an instance of optiga_crypt_t
+        p_local_crypt = optiga_crypt_create(0, optiga_crypt_callback, NULL);
+        if (NULL == p_local_crypt)
+        {
+            optiga_lib_print_message("optiga_crypt_create failed !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+            break;
+        }
+
+        return_status = OPTIGA_LIB_BUSY;
+        return_status = optiga_crypt_random(p_local_crypt,
+                                            OPTIGA_RNG_TYPE_DRNG,
+                                            random_data,
+                                            random_data_length);
+if (OPTIGA_LIB_SUCCESS != return_status)
+        {
+            // optiga_crypt_random api returns error !!!
+            optiga_lib_print_message("optiga_crypt_random api returns error !!!", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+            break;
+        }
 
+        while (optiga_lib_status == OPTIGA_LIB_BUSY)
+            ;
+        if (OPTIGA_LIB_SUCCESS != optiga_lib_status)
+        {
+            // optiga_crypt_random failed
+            optiga_lib_print_message("optiga_crypt_random failed", OPTIGA_UTIL_SERVICE, OPTIGA_UTIL_SERVICE_COLOR);
+            break;
+        }
+    } while (0);
+
+    if (p_local_crypt)
+    {
+        optiga_crypt_destroy(p_local_crypt);
+    }
+    return return_status;
+}
 optiga_lib_status_t trustm_ecc_keygen(uint16_t optiga_key_id, uint8_t key_type, optiga_ecc_curve_t curve_id, uint8_t * pubkey,
                                       uint16_t *pubkey_length)
 {

src/platform/Infineon/crypto/trustm/CHIPCryptoPALHsm_utils_trustm.h

@@ -75,6 +75,7 @@ void trustm_close(void);
 CHIP_ERROR trustmGetCertificate(uint16_t optiga_oid, uint8_t * buf, uint16_t * buflen);
 optiga_lib_status_t trustm_ecdh_derive_secret(optiga_key_id_t optiga_key_id, uint8_t * public_key, uint16_t public_key_length,
                                               uint8_t * shared_secret, uint8_t shared_secret_length);
+optiga_lib_status_t optiga_crypt_rng(uint8_t * random_data, uint16_t random_data_length);                                              
 optiga_lib_status_t trustm_PBKDF2_HMAC(const unsigned char * salt, size_t slen, unsigned int iteration_count, uint32_t key_length,
                                        unsigned char * output);
 #ifdef __cplusplus