Add ICD CIP and DAC key slots for PSA

project-chip · Aug 12, 2024 · 0f6de14 · 0f6de14
1 parent 5f5d696
commit 0f6de14
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/src/crypto/BUILD.gn b/src/crypto/BUILD.gn
@@ -71,6 +71,7 @@ source_set("public_headers") {
     "${chip_root}/src/lib/core",
     "${chip_root}/src/lib/core:types",
     "${chip_root}/src/lib/support",
+    "${chip_root}/src/app/icd/server:icd-server-config",
     "${nlassert_root}:nlassert",
   ]
 }

diff --git a/src/crypto/CHIPCryptoPALPSA.h b/src/crypto/CHIPCryptoPALPSA.h
@@ -27,6 +27,7 @@
 #pragma once
 
 #include "CHIPCryptoPAL.h"
+#include <app/icd/server/ICDServerConfig.h>
 #include <lib/core/DataModelTypes.h>
 #include <lib/support/SafePointerCast.h>
 
@@ -55,14 +56,27 @@ namespace Crypto {
 #define CHIP_CONFIG_CRYPTO_PSA_KEY_ID_BASE 0x30000
 #endif // CHIP_CONFIG_CRYPTO_PSA_KEY_ID_BASE
 
+#if CHIP_CONFIG_ENABLE_ICD_CIP
+static constexpr uint32_t kMaxICDClientKeys = CHIP_CONFIG_ICD_CLIENTS_SUPPORTED_PER_FABRIC * CHIP_CONFIG_MAX_FABRICS;
+#endif // CHIP_CONFIG_ENABLE_ICD_CIP
+
 /**
  * @brief Defines subranges of the PSA key identifier space used by Matter.
  */
 enum class KeyIdBase : psa_key_id_t
 {
-    Minimum     = CHIP_CONFIG_CRYPTO_PSA_KEY_ID_BASE,
-    Operational = Minimum, ///< Base of the PSA key ID range for Node Operational Certificate private keys
-    Maximum     = Operational + kMaxValidFabricIndex,
+    Minimum              = CHIP_CONFIG_CRYPTO_PSA_KEY_ID_BASE,
+    Operational          = Minimum, ///< Base of the PSA key ID range for Node Operational Certificate private keys
+    DACPrivKey           = Operational + kMaxValidFabricIndex + 1,
+#if CHIP_CONFIG_ENABLE_ICD_CIP
+    ICDHmacKeyRangeStart = DACPrivKey + 1,
+    ICDAesKeyRangeStart  = ICDHmacKeyRangeStart + kMaxICDClientKeys,
+    ICDKeysRangeEnd      = ICDAesKeyRangeStart + kMaxICDClientKeys,
+#else
+    // If Check-In Protocol is disabled, set ICDKeysRangeEnd to previous key, to allow setting next key ID to `ICDKeysRangeEnd + 1`
+    ICDKeysRangeEnd      = DACPrivKey,
+#endif // CHIP_CONFIG_ENABLE_ICD_CIP
+    Maximum              = ICDKeysRangeEnd,
 };
 
 static_assert(to_underlying(KeyIdBase::Minimum) >= PSA_KEY_ID_USER_MIN && to_underlying(KeyIdBase::Maximum) <= PSA_KEY_ID_USER_MAX,