Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge d3e9662 into 303f5af
Browse files Browse the repository at this point in the history
Jagadish-NXP authored Jun 22, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents 303f5af + d3e9662 commit 4008819
Showing 7 changed files with 86 additions and 18 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/examples-k32w.yaml
Original file line number Diff line number Diff line change
@@ -65,14 +65,14 @@ jobs:
timeout-minutes: 5
run: scripts/examples/k32w_example.sh
examples/lock-app/k32w out/lock_app_debug
- name: Build example K32W Lighting App
timeout-minutes: 5
run: scripts/examples/k32w_example.sh
examples/lighting-app/k32w out/lighting_app_debug
- name: Build example K32W Shell App
timeout-minutes: 5
run: scripts/examples/k32w_example.sh
examples/shell/k32w out/shell_app_debug
- name: Build example K32W Lighting App with Secure Element
timeout-minutes: 5
run: scripts/examples/k32w_se_example.sh
examples/lighting-app/k32w out/lighting_app_se_release
- name: Binary artifact suffix
id: outsuffix
uses: haya14busa/[email protected]
24 changes: 22 additions & 2 deletions examples/lighting-app/k32w/README.md
Original file line number Diff line number Diff line change
@@ -55,6 +55,22 @@ default settings by pressing a button. However, this mode does not guarantee
that the device will be able to communicate with the CHIP controller and other
devices.

### SE051H Secure Element

Deployment of this firmware configuration requires the K32W061 board setups
using the K32W0/JN5189 module board, SE051 Expansion board and Generic Expansion
board as shown below:

![SE051H + K32W061 DK6](../../platform/k32w/doc/images/k32w-se.jpg)

The SE051H Secure Element extension may be used for best in class security and
offloading some of the Project CHIP cryptographic operations. Depending on your
hardware configuration, choose one of the options below (building with or
without Secure Element). NOTE: the SE051H is a derivative of the SE051 product
family (see http://www.nxp.com/SE051) including dedicated CHIP support in
addition to the SE051 feature set. See the material provided separately by NXP
for more details on SE051H.

### Bluetooth LE Advertising

In this example, to commission the device onto a Project CHIP network, it must
@@ -153,18 +169,22 @@ distribution (the demo-application was compiled on Ubuntu 20.04).
the one from the image below.
![MCUXpresso SDK Download](../../platform/k32w/doc/images/mcux-sdk-download.JPG)

- Start building the application
- Start building the application either with Secure Element or without
- with Secure Element

```
user@ubuntu:~/Desktop/git/connectedhomeip$ export K32W061_SDK_ROOT=/home/user/Desktop/SDK_2.6.3_K32W061DK6/
user@ubuntu:~/Desktop/git/connectedhomeip$ ./third_party/k32w_sdk/sdk_fixes/patch_k32w_sdk.sh
user@ubuntu:~/Desktop/git/connectedhomeip$ source ./scripts/activate.sh
user@ubuntu:~/Desktop/git/connectedhomeip$ cd examples/lighting-app/k32w/
user@ubuntu:~/Desktop/git/connectedhomeip/examples/lighting-app/k32w$ gn gen out/debug --args="k32w_sdk_root=\"${K32W061_SDK_ROOT}\" chip_with_OM15082=1 chip_with_ot_cli=0 is_debug=false"
user@ubuntu:~/Desktop/git/connectedhomeip/examples/lighting-app/k32w$ gn gen out/debug --args="k32w_sdk_root=\"${K32W061_SDK_ROOT}\" chip_with_OM15082=1 chip_with_ot_cli=0 is_debug=false chip_crypto=\"mbedtls\" chip_with_se05x=1"
user@ubuntu:~/Desktop/git/connectedhomeip/examples/lightin-app/k32w$ ninja -C out/debug
user@ubuntu:~/Desktop/git/connectedhomeip/examples/lighting-app/k32w$ $K32W061_SDK_ROOT/tools/imagetool/sign_images.sh out/debug/
```

- without Secure element
Exactly the same steps as above but set chip_with_se05x=0 in the gn command

Note that "patch_k32w_sdk.sh" script must be run for patching the K32W061 SDK
2.6.3.

25 changes: 23 additions & 2 deletions examples/lock-app/k32w/README.md
Original file line number Diff line number Diff line change
@@ -56,6 +56,22 @@ default settings by pressing a button. However, this mode does not guarantee
that the device will be able to communicate with the CHIP controller and other
devices.

### SE051H Secure Element

Deployment of this firmware configuration requires the K32W061 board setups
using the K32W0/JN5189 module board, SE051 Expansion board and Generic Expansion
board as shown below:

![SE051H + K32W061 DK6](../../platform/k32w/doc/images/k32w-se.jpg)

The SE051H Secure Element extension may be used for best in class security and
offloading some of the Project CHIP cryptographic operations. Depending on your
hardware configuration, choose one of the options below (building with or
without Secure Element). NOTE: the SE051H is a derivative of the SE051 product
family (see http://www.nxp.com/SE051) including dedicated CHIP support in
addition to the SE051 feature set. See the material provided separately by NXP
for more details on SE051H.

### Bluetooth LE Advertising

In this example, to commission the device onto a Project CHIP network, it must
@@ -156,18 +172,23 @@ distribution (the demo-application was compiled on Ubuntu 20.04).
the one from the image below.
![MCUXpresso SDK Download](../../platform/k32w/doc/images/mcux-sdk-download.JPG)

- Start building the application
- Start building the application either with Secure Element or without

- with Secure Element

```
user@ubuntu:~/Desktop/git/connectedhomeip$ export K32W061_SDK_ROOT=/home/user/Desktop/SDK_2.6.3_K32W061DK6/
user@ubuntu:~/Desktop/git/connectedhomeip$ ./third_party/k32w_sdk/sdk_fixes/patch_k32w_sdk.sh
user@ubuntu:~/Desktop/git/connectedhomeip$ source ./scripts/activate.sh
user@ubuntu:~/Desktop/git/connectedhomeip$ cd examples/lock-app/k32w/
user@ubuntu:~/Desktop/git/connectedhomeip/examples/lock-app/k32w$ gn gen out/debug --args="k32w_sdk_root=\"${K32W061_SDK_ROOT}\" chip_with_OM15082=1 chip_with_ot_cli=0 is_debug=false"
user@ubuntu:~/Desktop/git/connectedhomeip/examples/lock-app/k32w$ gn gen out/debug --args="k32w_sdk_root=\"${K32W061_SDK_ROOT}\" chip_with_OM15082=1 chip_with_ot_cli=0 is_debug=false chip_crypto=\"mbedtls\" chip_with_se05x=1"
user@ubuntu:~/Desktop/git/connectedhomeip/examples/lock-app/k32w$ ninja -C out/debug
user@ubuntu:~/Desktop/git/connectedhomeip/examples/lock-app/k32w$ $K32W061_SDK_ROOT/tools/imagetool/sign_images.sh out/debug/
```

- without Secure element
Exactly the same steps as above but set chip_with_se05x=0 in the gn command

Note that "patch_k32w_sdk.sh" script must be run for patching the K32W061 SDK
2.6.3.

Binary file added examples/platform/k32w/doc/images/k32w-se.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
31 changes: 31 additions & 0 deletions scripts/examples/k32w_se_example.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#!/usr/bin/env bash

#
# Copyright (c) 2021 Project CHIP Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

set -e

# Build script for K32W examples GitHub workflow.

source "$(dirname "$0")/../../scripts/activate.sh"

set -x
env

"$(dirname "$0")"/../../third_party/k32w_sdk/sdk_fixes/patch_k32w_sdk.sh

gn gen --check --fail-on-unused-args --root="$1" "$2" --args="k32w_sdk_root=\"$K32W061_SDK_ROOT\" is_debug=false chip_crypto=\"mbedtls\" chip_with_se05x=1"
ninja -C "$2"
14 changes: 5 additions & 9 deletions src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_Spake2p.cpp
Original file line number Diff line number Diff line change
@@ -159,11 +159,7 @@ CHIP_ERROR Spake2p_ComputeRoundOne_HSM(hsm_pake_context_t * phsm_pake_context, c

if (role == chip::Crypto::CHIP_SPAKE2P_ROLE::VERIFIER)
{
if (pab == NULL)
{
/* Need X/Y value to verify abort condition */
goto exit;
}
VerifyOrReturnError(pab != NULL, CHIP_ERROR_INVALID_ARGUMENT);
}

#if SSS_HAVE_SE05X_VER_GTE_16_03
@@ -487,7 +483,7 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::ComputeRoundTwo(const uint8_t * in,
uint8_t pKeyKe[16] = {
0,
};
constexpr size_t pkeyKeLen = sizeof(pKeyKe);
size_t pkeyKeLen = sizeof(pKeyKe);

const CHIP_ERROR error = Spake2p_ComputeRoundTwo_HSM(&hsm_pake_context, role, in, in_len, out, out_len, pKeyKe, &pkeyKeLen);
if (CHIP_NO_ERROR == error)
@@ -500,7 +496,7 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::ComputeRoundTwo(const uint8_t * in,

CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::KeyConfirm(const uint8_t * in, size_t in_len)
{
VerifyOrExit(state == CHIP_SPAKE2P_STATE::R2, error = CHIP_ERROR_INTERNAL);
VerifyOrReturnError(state == CHIP_SPAKE2P_STATE::R2, CHIP_ERROR_INTERNAL);

#if !ENABLE_HSM_SPAKE_VERIFIER
const bool sw_rollback_verifier = (role == chip::Crypto::CHIP_SPAKE2P_ROLE::VERIFIER);
@@ -518,8 +514,8 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::KeyConfirm(const uint8_t * in, size
{
return Spake2p::KeyConfirm(in, in_len);
}

const CHIP_ERROR error = Spake2p_KeyConfirm_HSM(&hsm_pake_context, role, in, in_len);
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
error = Spake2p_KeyConfirm_HSM(&hsm_pake_context, role, in, in_len);
if (CHIP_NO_ERROR == error)
{
state = CHIP_SPAKE2P_STATE::KC;
2 changes: 1 addition & 1 deletion third_party/simw-top-mini/simw_config.gni
Original file line number Diff line number Diff line change
@@ -16,5 +16,5 @@

declare_args() {
# possible values host_k32w, host_linux
host = "host_linux"
host = "host_k32w"
}

0 comments on commit 4008819

Please sign in to comment.