From 0eeae751b74128b1acc9325c3f151c011cefb587 Mon Sep 17 00:00:00 2001 From: Maciej Baczmanski Date: Fri, 9 Aug 2024 15:36:29 +0200 Subject: [PATCH] Implement setting key persitence for ICD server --- .../icd-management-server.cpp | 2 +- src/app/icd/server/ICDMonitoringTable.cpp | 21 +++++++++++++++++-- src/app/icd/server/ICDMonitoringTable.h | 5 +++-- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/src/app/clusters/icd-management-server/icd-management-server.cpp b/src/app/clusters/icd-management-server/icd-management-server.cpp index c2625b050d4661..848cf56bcfdd16 100644 --- a/src/app/clusters/icd-management-server/icd-management-server.cpp +++ b/src/app/clusters/icd-management-server/icd-management-server.cpp @@ -315,7 +315,7 @@ Status ICDManagementServer::RegisterClient(CommandHandler * commandObj, const Co entry.DeleteKey(); } - err = entry.SetKey(key); + err = entry.SetKey(key, true); VerifyOrReturnError(CHIP_ERROR_INVALID_ARGUMENT != err, Status::ConstraintError); VerifyOrReturnError(CHIP_NO_ERROR == err, Status::Failure); err = table.Set(entry.index, entry); diff --git a/src/app/icd/server/ICDMonitoringTable.cpp b/src/app/icd/server/ICDMonitoringTable.cpp index 280984f296227d..48a816f40b36c1 100644 --- a/src/app/icd/server/ICDMonitoringTable.cpp +++ b/src/app/icd/server/ICDMonitoringTable.cpp @@ -19,6 +19,10 @@ #include +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#endif + namespace chip { enum class Fields : uint8_t @@ -131,7 +135,7 @@ void ICDMonitoringEntry::Clear() this->clientType = app::Clusters::IcdManagement::ClientTypeEnum::kPermanent; } -CHIP_ERROR ICDMonitoringEntry::SetKey(ByteSpan keyData) +CHIP_ERROR ICDMonitoringEntry::SetKey(ByteSpan keyData, bool persistent) { VerifyOrReturnError(keyData.size() == sizeof(Crypto::Symmetric128BitsKeyByteArray), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(symmetricKeystore != nullptr, CHIP_ERROR_INTERNAL); @@ -140,7 +144,20 @@ CHIP_ERROR ICDMonitoringEntry::SetKey(ByteSpan keyData) Crypto::Symmetric128BitsKeyByteArray keyMaterial; memcpy(keyMaterial, keyData.data(), sizeof(Crypto::Symmetric128BitsKeyByteArray)); - // TODO - Add function to set PSA key lifetime +#ifdef CONFIG_CHIP_CRYPTO_PSA + if (persistent) + { + ReturnErrorOnFailure(Crypto::FindFreeKeySlotInRange(aesKeyHandle.AsMutable(), + to_underlying(Crypto::KeyIdBase::ICDAesKeyRangeStart), + Crypto::kMaxICDClientKeys)); + ReturnErrorOnFailure(Crypto::FindFreeKeySlotInRange(hmacKeyHandle.AsMutable(), + to_underlying(Crypto::KeyIdBase::ICDHmacKeyRangeStart), + Crypto::kMaxICDClientKeys)); + } +#else + IgnoreUnusedVariable(persistent); +#endif // CONFIG_CHIP_CRYPTO_PSA + ReturnErrorOnFailure(symmetricKeystore->CreateKey(keyMaterial, aesKeyHandle)); CHIP_ERROR error = symmetricKeystore->CreateKey(keyMaterial, hmacKeyHandle); diff --git a/src/app/icd/server/ICDMonitoringTable.h b/src/app/icd/server/ICDMonitoringTable.h index 942c56fda45e71..2ee72b04afb34e 100644 --- a/src/app/icd/server/ICDMonitoringTable.h +++ b/src/app/icd/server/ICDMonitoringTable.h @@ -69,13 +69,14 @@ struct ICDMonitoringEntry : public PersistentData * A new entry object should be used for each key when adding entries to the ICDMonitoring * table. * - * @param keyData A byte span containing the raw key + * @param keyData A byte span containing the raw key + * @param persistent Persistence of the key to be set (optional, needed only when setting persistent key with PSA Crypto API) * @return CHIP_ERROR CHIP_NO_ERROR success * CHIP_ERROR_INVALID_ARGUMENT wrong size of the raw key * CHIP_ERROR_INTERNAL No KeyStore for the entry or Key Handle already present * CHIP_ERROR_XXX Crypto API related failure */ - CHIP_ERROR SetKey(ByteSpan keyData); + CHIP_ERROR SetKey(ByteSpan keyData, bool persistent = false); CHIP_ERROR DeleteKey(void); inline bool IsValid() {