From 17412825246a038ef4eaba9fd3b5db635f280542 Mon Sep 17 00:00:00 2001 From: mkardous-silabs <84793247+mkardous-silabs@users.noreply.github.com> Date: Mon, 4 Dec 2023 23:36:22 -0500 Subject: [PATCH] [Crypto] Rename aes key byte array to symmetric key byte array (#30802) * Rename aes key byte array to symmetric key byte array * Restyled by clang-format --------- Co-authored-by: Restyled.io --- src/app/icd/ICDCheckInSender.cpp | 4 ++-- src/app/icd/ICDMonitoringTable.cpp | 21 +++++++++--------- .../icd/client/DefaultICDClientStorage.cpp | 13 ++++++----- src/app/icd/client/DefaultICDClientStorage.h | 2 +- src/app/icd/client/ICDClientInfo.h | 5 +++-- src/credentials/GroupDataProviderImpl.h | 8 +++---- src/crypto/CHIPCryptoPAL.h | 2 +- src/crypto/CHIPCryptoPALOpenSSL.cpp | 12 +++++----- src/crypto/CHIPCryptoPALmbedTLS.cpp | 6 +++-- src/crypto/PSASessionKeystore.cpp | 5 +++-- src/crypto/PSASessionKeystore.h | 2 +- src/crypto/RawKeySessionKeystore.cpp | 14 ++++++------ src/crypto/RawKeySessionKeystore.h | 2 +- src/crypto/SessionKeystore.h | 2 +- src/crypto/tests/CHIPCryptoPALTest.cpp | 2 +- src/crypto/tests/TestSessionKeystore.cpp | 2 +- .../common/crypto/CHIPCryptoPALTinyCrypt.cpp | 6 +++-- .../nxp/crypto/se05x/CHIPCryptoPALHost.cpp | 6 +++-- .../crypto/CHIPCryptoPALNXPUltrafastP256.cpp | 6 +++-- .../nxp/k32w/k32w1/CHIPCryptoPalK32W1.cpp | 6 +++-- .../silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp | 6 +++-- .../silabs/efr32/CHIPCryptoPALPsaEfr32.cpp | 22 ++++++++++--------- .../secure_channel/CheckinMessage.cpp | 4 ++-- .../secure_channel/tests/TestCheckinMsg.cpp | 8 +++---- 24 files changed, 92 insertions(+), 74 deletions(-) diff --git a/src/app/icd/ICDCheckInSender.cpp b/src/app/icd/ICDCheckInSender.cpp index 9781069b2c743d..173a1df50ac037 100644 --- a/src/app/icd/ICDCheckInSender.cpp +++ b/src/app/icd/ICDCheckInSender.cpp @@ -89,8 +89,8 @@ CHIP_ERROR ICDCheckInSender::RequestResolve(ICDMonitoringEntry & entry, FabricTa AddressResolve::NodeLookupRequest request(peerId); - memcpy(mKey.AsMutable(), entry.key.As(), - sizeof(Crypto::Aes128KeyByteArray)); + memcpy(mKey.AsMutable(), entry.key.As(), + sizeof(Crypto::Symmetric128BitsKeyByteArray)); CHIP_ERROR err = AddressResolve::Resolver::Instance().LookupNode(request, mAddressLookupHandle); diff --git a/src/app/icd/ICDMonitoringTable.cpp b/src/app/icd/ICDMonitoringTable.cpp index fe8c959983a714..83a06c4f35ad80 100644 --- a/src/app/icd/ICDMonitoringTable.cpp +++ b/src/app/icd/ICDMonitoringTable.cpp @@ -42,7 +42,7 @@ CHIP_ERROR ICDMonitoringEntry::Serialize(TLV::TLVWriter & writer) const ReturnErrorOnFailure(writer.Put(TLV::ContextTag(Fields::kCheckInNodeID), checkInNodeID)); ReturnErrorOnFailure(writer.Put(TLV::ContextTag(Fields::kMonitoredSubject), monitoredSubject)); - ByteSpan buf(key.As()); + ByteSpan buf(key.As()); ReturnErrorOnFailure(writer.Put(TLV::ContextTag(Fields::kKey), buf)); ReturnErrorOnFailure(writer.EndContainer(outer)); return CHIP_NO_ERROR; @@ -70,13 +70,14 @@ CHIP_ERROR ICDMonitoringEntry::Deserialize(TLV::TLVReader & reader) ReturnErrorOnFailure(reader.Get(monitoredSubject)); break; case to_underlying(Fields::kKey): { - ByteSpan buf(key.AsMutable()); + ByteSpan buf(key.AsMutable()); ReturnErrorOnFailure(reader.Get(buf)); // Since we are storing either the raw key or a key ID, we must // simply copy the data as is in the keyHandle. // Calling SetKey here would create another key in storage and will cause // key leakage in some implementation. - memcpy(key.AsMutable(), buf.data(), sizeof(Crypto::Aes128KeyByteArray)); + memcpy(key.AsMutable(), buf.data(), + sizeof(Crypto::Symmetric128BitsKeyByteArray)); keyHandleValid = true; } break; @@ -100,12 +101,12 @@ void ICDMonitoringEntry::Clear() CHIP_ERROR ICDMonitoringEntry::SetKey(ByteSpan keyData) { - VerifyOrReturnError(keyData.size() == sizeof(Crypto::Aes128KeyByteArray), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(keyData.size() == sizeof(Crypto::Symmetric128BitsKeyByteArray), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(symmetricKeystore != nullptr, CHIP_ERROR_INTERNAL); VerifyOrReturnError(!keyHandleValid, CHIP_ERROR_INTERNAL); - Crypto::Aes128KeyByteArray keyMaterial; - memcpy(keyMaterial, keyData.data(), sizeof(Crypto::Aes128KeyByteArray)); + Crypto::Symmetric128BitsKeyByteArray keyMaterial; + memcpy(keyMaterial, keyData.data(), sizeof(Crypto::Symmetric128BitsKeyByteArray)); ReturnErrorOnFailure(symmetricKeystore->CreateKey(keyMaterial, key)); keyHandleValid = true; @@ -174,8 +175,8 @@ ICDMonitoringEntry & ICDMonitoringEntry::operator=(const ICDMonitoringEntry & ic index = icdMonitoringEntry.index; keyHandleValid = icdMonitoringEntry.keyHandleValid; symmetricKeystore = icdMonitoringEntry.symmetricKeystore; - memcpy(key.AsMutable(), icdMonitoringEntry.key.As(), - sizeof(Crypto::Aes128KeyByteArray)); + memcpy(key.AsMutable(), icdMonitoringEntry.key.As(), + sizeof(Crypto::Symmetric128BitsKeyByteArray)); return *this; } @@ -214,8 +215,8 @@ CHIP_ERROR ICDMonitoringTable::Set(uint16_t index, const ICDMonitoringEntry & en e.checkInNodeID = entry.checkInNodeID; e.monitoredSubject = entry.monitoredSubject; e.index = index; - memcpy(e.key.AsMutable(), entry.key.As(), - sizeof(Crypto::Aes128KeyByteArray)); + memcpy(e.key.AsMutable(), entry.key.As(), + sizeof(Crypto::Symmetric128BitsKeyByteArray)); return e.Save(this->mStorage); } diff --git a/src/app/icd/client/DefaultICDClientStorage.cpp b/src/app/icd/client/DefaultICDClientStorage.cpp index 47319f6c874659..add4923e16f5fb 100644 --- a/src/app/icd/client/DefaultICDClientStorage.cpp +++ b/src/app/icd/client/DefaultICDClientStorage.cpp @@ -262,8 +262,9 @@ CHIP_ERROR DefaultICDClientStorage::Load(FabricIndex fabricIndex, std::vector(), buf.data(), sizeof(Crypto::Aes128KeyByteArray)); + VerifyOrReturnError(buf.size() == sizeof(Crypto::Symmetric128BitsKeyByteArray), CHIP_ERROR_INTERNAL); + memcpy(clientInfo.shared_key.AsMutable(), buf.data(), + sizeof(Crypto::Symmetric128BitsKeyByteArray)); ReturnErrorOnFailure(reader.ExitContainer(ICDClientInfoType)); clientInfoVector.push_back(clientInfo); } @@ -279,10 +280,10 @@ CHIP_ERROR DefaultICDClientStorage::Load(FabricIndex fabricIndex, std::vectorCreateKey(keyMaterial, clientInfo.shared_key); } @@ -300,7 +301,7 @@ CHIP_ERROR DefaultICDClientStorage::SerializeToTlv(TLV::TLVWriter & writer, cons ReturnErrorOnFailure(writer.Put(TLV::ContextTag(ClientInfoTag::kStartICDCounter), clientInfo.start_icd_counter)); ReturnErrorOnFailure(writer.Put(TLV::ContextTag(ClientInfoTag::kOffset), clientInfo.offset)); ReturnErrorOnFailure(writer.Put(TLV::ContextTag(ClientInfoTag::kMonitoredSubject), clientInfo.monitored_subject)); - ByteSpan buf(clientInfo.shared_key.As()); + ByteSpan buf(clientInfo.shared_key.As()); ReturnErrorOnFailure(writer.Put(TLV::ContextTag(ClientInfoTag::kSharedKey), buf)); ReturnErrorOnFailure(writer.EndContainer(ICDClientInfoContainerType)); } diff --git a/src/app/icd/client/DefaultICDClientStorage.h b/src/app/icd/client/DefaultICDClientStorage.h index adc8c69113a700..3637221df0c7f1 100644 --- a/src/app/icd/client/DefaultICDClientStorage.h +++ b/src/app/icd/client/DefaultICDClientStorage.h @@ -100,7 +100,7 @@ class DefaultICDClientStorage : public ICDClientStorage { // All the fields added together return TLV::EstimateStructOverhead(sizeof(NodeId), sizeof(FabricIndex), sizeof(uint32_t), sizeof(uint32_t), - sizeof(uint64_t), sizeof(Crypto::Aes128KeyByteArray)); + sizeof(uint64_t), sizeof(Crypto::Symmetric128BitsKeyByteArray)); } static constexpr size_t MaxICDCounterSize() diff --git a/src/app/icd/client/ICDClientInfo.h b/src/app/icd/client/ICDClientInfo.h index 4ab2aeec6dc8e5..f7863b61798148 100644 --- a/src/app/icd/client/ICDClientInfo.h +++ b/src/app/icd/client/ICDClientInfo.h @@ -44,8 +44,9 @@ struct ICDClientInfo start_icd_counter = other.start_icd_counter; offset = other.offset; monitored_subject = other.monitored_subject; - ByteSpan buf(other.shared_key.As()); - memcpy(shared_key.AsMutable(), buf.data(), sizeof(Crypto::Aes128KeyByteArray)); + ByteSpan buf(other.shared_key.As()); + memcpy(shared_key.AsMutable(), buf.data(), + sizeof(Crypto::Symmetric128BitsKeyByteArray)); return *this; } }; diff --git a/src/credentials/GroupDataProviderImpl.h b/src/credentials/GroupDataProviderImpl.h index fad1d87471bc4a..c06165b59ea6a3 100644 --- a/src/credentials/GroupDataProviderImpl.h +++ b/src/credentials/GroupDataProviderImpl.h @@ -156,16 +156,16 @@ class GroupDataProviderImpl : public GroupDataProvider public: GroupKeyContext(GroupDataProviderImpl & provider) : mProvider(provider) {} - GroupKeyContext(GroupDataProviderImpl & provider, const Crypto::Aes128KeyByteArray & encryptionKey, uint16_t hash, - const Crypto::Aes128KeyByteArray & privacyKey) : + GroupKeyContext(GroupDataProviderImpl & provider, const Crypto::Symmetric128BitsKeyByteArray & encryptionKey, uint16_t hash, + const Crypto::Symmetric128BitsKeyByteArray & privacyKey) : mProvider(provider) { Initialize(encryptionKey, hash, privacyKey); } - void Initialize(const Crypto::Aes128KeyByteArray & encryptionKey, uint16_t hash, - const Crypto::Aes128KeyByteArray & privacyKey) + void Initialize(const Crypto::Symmetric128BitsKeyByteArray & encryptionKey, uint16_t hash, + const Crypto::Symmetric128BitsKeyByteArray & privacyKey) { ReleaseKeys(); mKeyHash = hash; diff --git a/src/crypto/CHIPCryptoPAL.h b/src/crypto/CHIPCryptoPAL.h index 60c88b5e399d49..150f86fecf4b49 100644 --- a/src/crypto/CHIPCryptoPAL.h +++ b/src/crypto/CHIPCryptoPAL.h @@ -562,7 +562,7 @@ class P256Keypair : public P256KeypairBase bool mInitialized = false; }; -using Aes128KeyByteArray = uint8_t[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES]; +using Symmetric128BitsKeyByteArray = uint8_t[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES]; /** * @brief Platform-specific AES key diff --git a/src/crypto/CHIPCryptoPALOpenSSL.cpp b/src/crypto/CHIPCryptoPALOpenSSL.cpp index f31911e3b3cbd7..25041654331ac7 100644 --- a/src/crypto/CHIPCryptoPALOpenSSL.cpp +++ b/src/crypto/CHIPCryptoPALOpenSSL.cpp @@ -204,7 +204,7 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c #if CHIP_CRYPTO_BORINGSSL aead = EVP_aead_aes_128_ccm_matter(); - context = EVP_AEAD_CTX_new(aead, key.As(), sizeof(Aes128KeyByteArray), tag_length); + context = EVP_AEAD_CTX_new(aead, key.As(), sizeof(Symmetric128BitsKeyByteArray), tag_length); VerifyOrExit(context != nullptr, error = CHIP_ERROR_NO_MEMORY); result = EVP_AEAD_CTX_seal_scatter(context, ciphertext, tag, &written_tag_len, tag_length, nonce, nonce_length, plaintext, @@ -231,8 +231,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c VerifyOrExit(result == 1, error = CHIP_ERROR_INTERNAL); // Pass in key + nonce - static_assert(kAES_CCM128_Key_Length == sizeof(Aes128KeyByteArray), "Unexpected key length"); - result = EVP_EncryptInit_ex(context, nullptr, nullptr, key.As(), Uint8::to_const_uchar(nonce)); + static_assert(kAES_CCM128_Key_Length == sizeof(Symmetric128BitsKeyByteArray), "Unexpected key length"); + result = EVP_EncryptInit_ex(context, nullptr, nullptr, key.As(), Uint8::to_const_uchar(nonce)); VerifyOrExit(result == 1, error = CHIP_ERROR_INTERNAL); // Pass in plain text length @@ -336,7 +336,7 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length, #if CHIP_CRYPTO_BORINGSSL aead = EVP_aead_aes_128_ccm_matter(); - context = EVP_AEAD_CTX_new(aead, key.As(), sizeof(Aes128KeyByteArray), tag_length); + context = EVP_AEAD_CTX_new(aead, key.As(), sizeof(Symmetric128BitsKeyByteArray), tag_length); VerifyOrExit(context != nullptr, error = CHIP_ERROR_NO_MEMORY); result = EVP_AEAD_CTX_open_gather(context, plaintext, nonce, nonce_length, ciphertext, ciphertext_length, tag, tag_length, aad, @@ -366,8 +366,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length, VerifyOrExit(result == 1, error = CHIP_ERROR_INTERNAL); // Pass in key + nonce - static_assert(kAES_CCM128_Key_Length == sizeof(Aes128KeyByteArray), "Unexpected key length"); - result = EVP_DecryptInit_ex(context, nullptr, nullptr, key.As(), Uint8::to_const_uchar(nonce)); + static_assert(kAES_CCM128_Key_Length == sizeof(Symmetric128BitsKeyByteArray), "Unexpected key length"); + result = EVP_DecryptInit_ex(context, nullptr, nullptr, key.As(), Uint8::to_const_uchar(nonce)); VerifyOrExit(result == 1, error = CHIP_ERROR_INTERNAL); // Pass in cipher text length diff --git a/src/crypto/CHIPCryptoPALmbedTLS.cpp b/src/crypto/CHIPCryptoPALmbedTLS.cpp index 3981ff30575d00..209573c6a99253 100644 --- a/src/crypto/CHIPCryptoPALmbedTLS.cpp +++ b/src/crypto/CHIPCryptoPALmbedTLS.cpp @@ -96,7 +96,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Encrypt @@ -133,7 +134,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Decrypt diff --git a/src/crypto/PSASessionKeystore.cpp b/src/crypto/PSASessionKeystore.cpp index 0b8a237a9d405b..8a85d2c6fa8eaf 100644 --- a/src/crypto/PSASessionKeystore.cpp +++ b/src/crypto/PSASessionKeystore.cpp @@ -49,13 +49,14 @@ class AesKeyAttributes } // namespace -CHIP_ERROR PSASessionKeystore::CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key) +CHIP_ERROR PSASessionKeystore::CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key) { // Destroy the old key if already allocated psa_destroy_key(key.As()); AesKeyAttributes attrs; - psa_status_t status = psa_import_key(&attrs.Get(), keyMaterial, sizeof(Aes128KeyByteArray), &key.AsMutable()); + psa_status_t status = + psa_import_key(&attrs.Get(), keyMaterial, sizeof(Symmetric128BitsKeyByteArray), &key.AsMutable()); VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL); return CHIP_NO_ERROR; diff --git a/src/crypto/PSASessionKeystore.h b/src/crypto/PSASessionKeystore.h index c448d7923a6575..db1ce671e45cbc 100644 --- a/src/crypto/PSASessionKeystore.h +++ b/src/crypto/PSASessionKeystore.h @@ -25,7 +25,7 @@ namespace Crypto { class PSASessionKeystore : public SessionKeystore { public: - CHIP_ERROR CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key) override; + CHIP_ERROR CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key) override; CHIP_ERROR DeriveKey(const P256ECDHDerivedSecret & secret, const ByteSpan & salt, const ByteSpan & info, Aes128KeyHandle & key) override; CHIP_ERROR DeriveSessionKeys(const ByteSpan & secret, const ByteSpan & salt, const ByteSpan & info, Aes128KeyHandle & i2rKey, diff --git a/src/crypto/RawKeySessionKeystore.cpp b/src/crypto/RawKeySessionKeystore.cpp index 7db2c0c8b28962..80f391ac1a4a6c 100644 --- a/src/crypto/RawKeySessionKeystore.cpp +++ b/src/crypto/RawKeySessionKeystore.cpp @@ -24,9 +24,9 @@ namespace Crypto { using HKDF_sha_crypto = HKDF_sha; -CHIP_ERROR RawKeySessionKeystore::CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key) +CHIP_ERROR RawKeySessionKeystore::CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key) { - memcpy(key.AsMutable(), keyMaterial, sizeof(Aes128KeyByteArray)); + memcpy(key.AsMutable(), keyMaterial, sizeof(Symmetric128BitsKeyByteArray)); return CHIP_NO_ERROR; } @@ -36,7 +36,7 @@ CHIP_ERROR RawKeySessionKeystore::DeriveKey(const P256ECDHDerivedSecret & secret HKDF_sha_crypto hkdf; return hkdf.HKDF_SHA256(secret.ConstBytes(), secret.Length(), salt.data(), salt.size(), info.data(), info.size(), - key.AsMutable(), sizeof(Aes128KeyByteArray)); + key.AsMutable(), sizeof(Symmetric128BitsKeyByteArray)); } CHIP_ERROR RawKeySessionKeystore::DeriveSessionKeys(const ByteSpan & secret, const ByteSpan & salt, const ByteSpan & info, @@ -44,22 +44,22 @@ CHIP_ERROR RawKeySessionKeystore::DeriveSessionKeys(const ByteSpan & secret, con AttestationChallenge & attestationChallenge) { HKDF_sha_crypto hkdf; - uint8_t keyMaterial[2 * sizeof(Aes128KeyByteArray) + AttestationChallenge::Capacity()]; + uint8_t keyMaterial[2 * sizeof(Symmetric128BitsKeyByteArray) + AttestationChallenge::Capacity()]; ReturnErrorOnFailure(hkdf.HKDF_SHA256(secret.data(), secret.size(), salt.data(), salt.size(), info.data(), info.size(), keyMaterial, sizeof(keyMaterial))); Encoding::LittleEndian::Reader reader(keyMaterial, sizeof(keyMaterial)); - return reader.ReadBytes(i2rKey.AsMutable(), sizeof(Aes128KeyByteArray)) - .ReadBytes(r2iKey.AsMutable(), sizeof(Aes128KeyByteArray)) + return reader.ReadBytes(i2rKey.AsMutable(), sizeof(Symmetric128BitsKeyByteArray)) + .ReadBytes(r2iKey.AsMutable(), sizeof(Symmetric128BitsKeyByteArray)) .ReadBytes(attestationChallenge.Bytes(), AttestationChallenge::Capacity()) .StatusCode(); } void RawKeySessionKeystore::DestroyKey(Aes128KeyHandle & key) { - ClearSecretData(key.AsMutable()); + ClearSecretData(key.AsMutable()); } } // namespace Crypto diff --git a/src/crypto/RawKeySessionKeystore.h b/src/crypto/RawKeySessionKeystore.h index c8db3eda069518..21ecc630543151 100644 --- a/src/crypto/RawKeySessionKeystore.h +++ b/src/crypto/RawKeySessionKeystore.h @@ -25,7 +25,7 @@ namespace Crypto { class RawKeySessionKeystore : public SessionKeystore { public: - CHIP_ERROR CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key) override; + CHIP_ERROR CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key) override; CHIP_ERROR DeriveKey(const P256ECDHDerivedSecret & secret, const ByteSpan & salt, const ByteSpan & info, Aes128KeyHandle & key) override; CHIP_ERROR DeriveSessionKeys(const ByteSpan & secret, const ByteSpan & salt, const ByteSpan & info, Aes128KeyHandle & i2rKey, diff --git a/src/crypto/SessionKeystore.h b/src/crypto/SessionKeystore.h index edc31dc788dbea..00107b385d37af 100644 --- a/src/crypto/SessionKeystore.h +++ b/src/crypto/SessionKeystore.h @@ -45,7 +45,7 @@ class SessionKeystore * If the method returns no error, the application is responsible for destroying the handle * using DestroyKey() method when the key is no longer needed. */ - virtual CHIP_ERROR CreateKey(const Aes128KeyByteArray & keyMaterial, Aes128KeyHandle & key) = 0; + virtual CHIP_ERROR CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key) = 0; /** * @brief Derive key from a shared secret. diff --git a/src/crypto/tests/CHIPCryptoPALTest.cpp b/src/crypto/tests/CHIPCryptoPALTest.cpp index 38343a60d52e5c..3519d31fc15ec6 100644 --- a/src/crypto/tests/CHIPCryptoPALTest.cpp +++ b/src/crypto/tests/CHIPCryptoPALTest.cpp @@ -183,7 +183,7 @@ struct TestAesKey public: TestAesKey(nlTestSuite * inSuite, const uint8_t * keyBytes, size_t keyLength) { - Crypto::Aes128KeyByteArray keyMaterial; + Crypto::Symmetric128BitsKeyByteArray keyMaterial; memcpy(&keyMaterial, keyBytes, keyLength); CHIP_ERROR err = keystore.CreateKey(keyMaterial, key); diff --git a/src/crypto/tests/TestSessionKeystore.cpp b/src/crypto/tests/TestSessionKeystore.cpp index a1f786d51a3dc1..025cd5c9233cbe 100644 --- a/src/crypto/tests/TestSessionKeystore.cpp +++ b/src/crypto/tests/TestSessionKeystore.cpp @@ -110,7 +110,7 @@ void TestBasicImport(nlTestSuite * inSuite, void * inContext) { const ccm_128_test_vector & test = *testPtr; - Aes128KeyByteArray keyMaterial; + Symmetric128BitsKeyByteArray keyMaterial; memcpy(keyMaterial, test.key, test.key_len); Aes128KeyHandle keyHandle; diff --git a/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp b/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp index b8e0101cdacea9..db5dbada3d00e8 100644 --- a/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp +++ b/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp @@ -145,7 +145,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Encrypt @@ -182,7 +183,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Decrypt diff --git a/src/platform/nxp/crypto/se05x/CHIPCryptoPALHost.cpp b/src/platform/nxp/crypto/se05x/CHIPCryptoPALHost.cpp index 525d3e32ba654f..ffc626c201d373 100644 --- a/src/platform/nxp/crypto/se05x/CHIPCryptoPALHost.cpp +++ b/src/platform/nxp/crypto/se05x/CHIPCryptoPALHost.cpp @@ -130,7 +130,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Encrypt @@ -167,7 +168,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Decrypt diff --git a/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp b/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp index 68ae897de2917e..31156e735232d4 100644 --- a/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp +++ b/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp @@ -136,7 +136,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Encrypt @@ -173,7 +174,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Decrypt diff --git a/src/platform/nxp/k32w/k32w1/CHIPCryptoPalK32W1.cpp b/src/platform/nxp/k32w/k32w1/CHIPCryptoPalK32W1.cpp index 609c0efa8d6e47..b22feed6e10d80 100644 --- a/src/platform/nxp/k32w/k32w1/CHIPCryptoPalK32W1.cpp +++ b/src/platform/nxp/k32w/k32w1/CHIPCryptoPalK32W1.cpp @@ -143,7 +143,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Encrypt @@ -180,7 +181,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co } // Size of key is expressed in bits, hence the multiplication by 8. - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Decrypt diff --git a/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp b/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp index e15237b042285d..bd678ba17e09e7 100644 --- a/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp +++ b/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp @@ -135,7 +135,8 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c } // multiplying by 8 to convert key from bits to byte - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Encrypt @@ -172,7 +173,8 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co } // multiplying by 8 to convert key from bits to byte - result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), sizeof(Aes128KeyByteArray) * 8); + result = mbedtls_ccm_setkey(&context, MBEDTLS_CIPHER_ID_AES, key.As(), + sizeof(Symmetric128BitsKeyByteArray) * 8); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); // Decrypt diff --git a/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp b/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp index 0ad35de132f940..6d3d05910943ce 100644 --- a/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp +++ b/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp @@ -185,14 +185,15 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c psa_crypto_init(); psa_set_key_type(&attr, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attr, sizeof(Aes128KeyByteArray) * 8); + psa_set_key_bits(&attr, sizeof(Symmetric128BitsKeyByteArray) * 8); psa_set_key_algorithm(&attr, PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8)); psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_ENCRYPT); - status = psa_driver_wrapper_aead_encrypt( - &attr, key.As(), sizeof(Aes128KeyByteArray), PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_length), - Uint8::to_const_uchar(nonce), nonce_length, Uint8::to_const_uchar(aad), aad_length, Uint8::to_const_uchar(plaintext), - plaintext_length, allocated_buffer ? buffer : ciphertext, plaintext_length + tag_length, &output_length); + status = psa_driver_wrapper_aead_encrypt(&attr, key.As(), sizeof(Symmetric128BitsKeyByteArray), + PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_length), Uint8::to_const_uchar(nonce), + nonce_length, Uint8::to_const_uchar(aad), aad_length, Uint8::to_const_uchar(plaintext), + plaintext_length, allocated_buffer ? buffer : ciphertext, + plaintext_length + tag_length, &output_length); VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INTERNAL); VerifyOrExit(output_length == plaintext_length + tag_length, error = CHIP_ERROR_INTERNAL); @@ -240,7 +241,7 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co psa_crypto_init(); psa_set_key_type(&attr, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attr, sizeof(Aes128KeyByteArray) * 8); + psa_set_key_bits(&attr, sizeof(Symmetric128BitsKeyByteArray) * 8); psa_set_key_algorithm(&attr, PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8)); psa_set_key_usage_flags(&attr, PSA_KEY_USAGE_DECRYPT); @@ -250,10 +251,11 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co memcpy(buffer + ciphertext_len, tag, tag_length); } - status = psa_driver_wrapper_aead_decrypt( - &attr, key.As(), sizeof(Aes128KeyByteArray), PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_length), - Uint8::to_const_uchar(nonce), nonce_length, Uint8::to_const_uchar(aad), aad_len, allocated_buffer ? buffer : ciphertext, - ciphertext_len + tag_length, plaintext, ciphertext_len, &output_length); + status = + psa_driver_wrapper_aead_decrypt(&attr, key.As(), sizeof(Symmetric128BitsKeyByteArray), + PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_length), Uint8::to_const_uchar(nonce), + nonce_length, Uint8::to_const_uchar(aad), aad_len, allocated_buffer ? buffer : ciphertext, + ciphertext_len + tag_length, plaintext, ciphertext_len, &output_length); if (allocated_buffer) { diff --git a/src/protocols/secure_channel/CheckinMessage.cpp b/src/protocols/secure_channel/CheckinMessage.cpp index 358133a42b81b1..5e63feb3428aa0 100644 --- a/src/protocols/secure_channel/CheckinMessage.cpp +++ b/src/protocols/secure_channel/CheckinMessage.cpp @@ -43,8 +43,8 @@ CHIP_ERROR CheckinMessage::GenerateCheckinMessagePayload(Crypto::Aes128KeyHandle chip::Crypto::HMAC_sha shaHandler; uint8_t nonceWorkBuffer[CHIP_CRYPTO_HASH_LEN_BYTES] = { 0 }; - ReturnErrorOnFailure(shaHandler.HMAC_SHA256(key.As(), sizeof(Aes128KeyByteArray), appDataStartPtr, - sizeof(CounterType), nonceWorkBuffer, CHIP_CRYPTO_HASH_LEN_BYTES)); + ReturnErrorOnFailure(shaHandler.HMAC_SHA256(key.As(), sizeof(Symmetric128BitsKeyByteArray), + appDataStartPtr, sizeof(CounterType), nonceWorkBuffer, CHIP_CRYPTO_HASH_LEN_BYTES)); static_assert(sizeof(nonceWorkBuffer) >= CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES, "We're reading off the end of our buffer."); memcpy(output.data(), nonceWorkBuffer, CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES); diff --git a/src/protocols/secure_channel/tests/TestCheckinMsg.cpp b/src/protocols/secure_channel/tests/TestCheckinMsg.cpp index 37f7c765729dd3..6310cf38c05494 100644 --- a/src/protocols/secure_channel/tests/TestCheckinMsg.cpp +++ b/src/protocols/secure_channel/tests/TestCheckinMsg.cpp @@ -56,7 +56,7 @@ void TestCheckin_Generate(nlTestSuite * inSuite, void * inContext) { const ccm_128_test_vector & test = *testPtr; - Aes128KeyByteArray keyMaterial; + Symmetric128BitsKeyByteArray keyMaterial; memcpy(keyMaterial, test.key, test.key_len); Aes128KeyHandle keyHandle; @@ -87,7 +87,7 @@ void TestCheckin_Generate(nlTestSuite * inSuite, void * inContext) const ccm_128_test_vector & test = *ccm_128_test_vectors[0]; uint8_t gargantuaBuffer[2 * CheckinMessage::sMaxAppDataSize] = { 0 }; - Aes128KeyByteArray keyMaterial; + Symmetric128BitsKeyByteArray keyMaterial; memcpy(keyMaterial, test.key, test.key_len); Aes128KeyHandle keyHandle; @@ -137,7 +137,7 @@ void TestCheckin_Parse(nlTestSuite * inSuite, void * inContext) userData = chip::ByteSpan(data); const ccm_128_test_vector & test = *ccm_128_test_vectors[0]; - Aes128KeyByteArray keyMaterial; + Symmetric128BitsKeyByteArray keyMaterial; memcpy(keyMaterial, test.key, test.key_len); Aes128KeyHandle keyHandle; @@ -180,7 +180,7 @@ void TestCheckin_GenerateParse(nlTestSuite * inSuite, void * inContext) { const ccm_128_test_vector & test = *testPtr; - Aes128KeyByteArray keyMaterial; + Symmetric128BitsKeyByteArray keyMaterial; memcpy(keyMaterial, test.key, test.key_len); Aes128KeyHandle keyHandle;