EFR32: DeviceAttestationCredentialsProvider: Review comments applied.

examples/chef/efr32/BUILD.gn

@@ -336,6 +336,11 @@ efr32_executable("chef_app") {
     ]
   }
 
+  # Attestation Credentials
+  if (chip_build_platform_attestation_credentials_provider) {
+    deps += [ "${examples_plat_dir}:efr32-attestation-credentials" ]
+  }
+
   output_dir = root_out_dir
 }
 

examples/chef/efr32/src/AppTask.cpp

@@ -43,9 +43,6 @@
 
 #include <assert.h>
 
-#include <credentials/DeviceAttestationCredsProvider.h>
-#include <credentials/examples/DeviceAttestationCredsExample.h>
-
 #include <setup_payload/QRCodeSetupPayloadGenerator.h>
 #include <setup_payload/SetupPayload.h>
 
@@ -167,7 +164,6 @@ Identify gIdentify = {
 
 } // namespace
 using namespace chip::TLV;
-using namespace ::chip::Credentials;
 using namespace ::chip::DeviceLayer;
 
 AppTask AppTask::sAppTask;
@@ -205,11 +201,6 @@ CHIP_ERROR AppTask::Init()
     sWiFiNetworkCommissioningInstance.Init();
 #endif
 
-    chip::DeviceLayer::PlatformMgr().LockChipStack();
-    // Initialize device attestation config
-    SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider());
-    chip::DeviceLayer::PlatformMgr().UnlockChipStack();
-
     // Create FreeRTOS sw timer for Function Selection.
     sFunctionTimer = xTimerCreate("FnTmr",          // Just a text name, not used by the RTOS kernel
                                   1,                // == default timer period (mS)

examples/chef/efr32/src/main.cpp

@@ -25,12 +25,19 @@
 #include "sl_system_kernel.h"
 #include <DeviceInfoProviderImpl.h>
 #include <app/server/Server.h>
+#include <credentials/DeviceAttestationCredsProvider.h>
 #include <matter_config.h>
+#if EFR32_ATTESTATION_CREDENTIALS
+#include <platform/EFR32/EFR32DeviceAttestationCreds.h>
+#else
+#include <credentials/examples/DeviceAttestationCredsExample.h>
+#endif
 
 #define BLE_DEV_NAME "SiLabs-Chef-App"
 using namespace ::chip;
 using namespace ::chip::Inet;
 using namespace ::chip::DeviceLayer;
+using namespace ::chip::Credentials;
 
 #define UNUSED_PARAMETER(a) (a = a)
 
@@ -49,6 +56,15 @@ int main(void)
     gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
     chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);
 
+    chip::DeviceLayer::PlatformMgr().LockChipStack();
+    // Initialize device attestation config
+#if EFR32_ATTESTATION_CREDENTIALS
+    SetDeviceAttestationCredentialsProvider(EFR32::GetEFR32DacProvider());
+#else
+    SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider());
+#endif
+    chip::DeviceLayer::PlatformMgr().UnlockChipStack();
+
     EFR32_LOG("Starting App Task");
     if (GetAppTask().StartAppTask() != CHIP_NO_ERROR)
         appError(CHIP_ERROR_INTERNAL);

examples/light-switch-app/efr32/BUILD.gn

@@ -323,6 +323,11 @@ efr32_executable("light_switch_app") {
     ]
   }
 
+  # Attestation Credentials
+  if (chip_build_platform_attestation_credentials_provider) {
+    deps += [ "${examples_plat_dir}:efr32-attestation-credentials" ]
+  }
+
   output_dir = root_out_dir
 }
 

examples/light-switch-app/efr32/src/AppTask.cpp

@@ -41,13 +41,6 @@
 
 #include <assert.h>
 
-#include <credentials/DeviceAttestationCredsProvider.h>
-#ifdef EFR32_ATTESTATION_CREDENTIALS
-#include <platform/EFR32/EFR32DeviceAttestationCreds.h>
-#else
-#include <credentials/examples/DeviceAttestationCredsExample.h>
-#endif
-
 #include <setup_payload/QRCodeSetupPayloadGenerator.h>
 #include <setup_payload/SetupPayload.h>
 
@@ -162,7 +155,6 @@ Identify gIdentify = {
 };
 } // namespace
 using namespace chip::TLV;
-using namespace ::chip::Credentials;
 using namespace ::chip::DeviceLayer;
 
 AppTask AppTask::sAppTask;
@@ -200,15 +192,6 @@ CHIP_ERROR AppTask::Init()
     sWiFiNetworkCommissioningInstance.Init();
 #endif
 
-    chip::DeviceLayer::PlatformMgr().LockChipStack();
-    // Initialize device attestation config
-#ifdef EFR32_ATTESTATION_CREDENTIALS
-    SetDeviceAttestationCredentialsProvider(EFR32::GetDACProvider());
-#else
-    SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider());
-#endif
-    chip::DeviceLayer::PlatformMgr().UnlockChipStack();
-
     // Create FreeRTOS sw timer for Function Selection.
     sFunctionTimer = xTimerCreate("FnTmr",          // Just a text name, not used by the RTOS kernel
                                   1,                // == default timer period (mS)

examples/light-switch-app/efr32/src/main.cpp

@@ -25,12 +25,19 @@
 #include "sl_system_kernel.h"
 #include <DeviceInfoProviderImpl.h>
 #include <app/server/Server.h>
+#include <credentials/DeviceAttestationCredsProvider.h>
 #include <matter_config.h>
+#if EFR32_ATTESTATION_CREDENTIALS
+#include <platform/EFR32/EFR32DeviceAttestationCreds.h>
+#else
+#include <credentials/examples/DeviceAttestationCredsExample.h>
+#endif
 
 #define BLE_DEV_NAME "SiLabs-Light-Switch"
 using namespace ::chip;
 using namespace ::chip::Inet;
 using namespace ::chip::DeviceLayer;
+using namespace ::chip::Credentials;
 
 #define UNUSED_PARAMETER(a) (a = a)
 
@@ -49,6 +56,15 @@ int main(void)
     gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
     chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);
 
+    chip::DeviceLayer::PlatformMgr().LockChipStack();
+    // Initialize device attestation config
+#if EFR32_ATTESTATION_CREDENTIALS
+    SetDeviceAttestationCredentialsProvider(EFR32::GetEFR32DacProvider());
+#else
+    SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider());
+#endif
+    chip::DeviceLayer::PlatformMgr().UnlockChipStack();
+
     EFR32_LOG("Starting App Task");
     if (GetAppTask().StartAppTask() != CHIP_NO_ERROR)
         appError(CHIP_ERROR_INTERNAL);

examples/lighting-app/efr32/BUILD.gn

@@ -331,6 +331,11 @@ efr32_executable("lighting_app") {
     ]
   }
 
+  # Attestation Credentials
+  if (chip_build_platform_attestation_credentials_provider) {
+    deps += [ "${examples_plat_dir}:efr32-attestation-credentials" ]
+  }
+
   output_dir = root_out_dir
 }
 

examples/lighting-app/efr32/src/AppTask.cpp

@@ -39,13 +39,6 @@
 
 #include <assert.h>
 
-#include <credentials/DeviceAttestationCredsProvider.h>
-#if EFR32_ATTESTATION_CREDENTIALS
-#include <platform/EFR32/EFR32DeviceAttestationCreds.h>
-#else
-#include <credentials/examples/DeviceAttestationCredsExample.h>
-#endif
-
 #include <setup_payload/QRCodeSetupPayloadGenerator.h>
 #include <setup_payload/SetupPayload.h>
 
@@ -167,7 +160,6 @@ Identify gIdentify = {
 } // namespace
 
 using namespace chip::TLV;
-using namespace ::chip::Credentials;
 using namespace ::chip::DeviceLayer;
 
 AppTask AppTask::sAppTask;
@@ -205,15 +197,6 @@ CHIP_ERROR AppTask::Init()
     sWiFiNetworkCommissioningInstance.Init();
 #endif
 
-    chip::DeviceLayer::PlatformMgr().LockChipStack();
-    // Initialize device attestation config
-#if EFR32_ATTESTATION_CREDENTIALS
-    SetDeviceAttestationCredentialsProvider(EFR32::GetDACProvider());
-#else
-    SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider());
-#endif
-    chip::DeviceLayer::PlatformMgr().UnlockChipStack();
-
     // Create FreeRTOS sw timer for Function Selection.
     sFunctionTimer = xTimerCreate("FnTmr",          // Just a text name, not used by the RTOS kernel
                                   1,                // == default timer period (mS)

examples/lighting-app/efr32/src/main.cpp

@@ -25,12 +25,19 @@
 #include "sl_system_kernel.h"
 #include <DeviceInfoProviderImpl.h>
 #include <app/server/Server.h>
+#include <credentials/DeviceAttestationCredsProvider.h>
 #include <matter_config.h>
+#if EFR32_ATTESTATION_CREDENTIALS
+#include <platform/EFR32/EFR32DeviceAttestationCreds.h>
+#else
+#include <credentials/examples/DeviceAttestationCredsExample.h>
+#endif
 
 #define BLE_DEV_NAME "SiLabs-Light"
 using namespace ::chip;
 using namespace ::chip::Inet;
 using namespace ::chip::DeviceLayer;
+using namespace ::chip::Credentials;
 
 #define UNUSED_PARAMETER(a) (a = a)
 
@@ -49,6 +56,15 @@ int main(void)
     gExampleDeviceInfoProvider.SetStorageDelegate(&chip::Server::GetInstance().GetPersistentStorage());
     chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);
 
+    chip::DeviceLayer::PlatformMgr().LockChipStack();
+    // Initialize device attestation config
+#if EFR32_ATTESTATION_CREDENTIALS
+    SetDeviceAttestationCredentialsProvider(EFR32::GetEFR32DacProvider());
+#else
+    SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider());
+#endif
+    chip::DeviceLayer::PlatformMgr().UnlockChipStack();
+
     EFR32_LOG("Starting App Task");
     if (GetAppTask().StartAppTask() != CHIP_NO_ERROR)
         appError(CHIP_ERROR_INTERNAL);

examples/lock-app/efr32/BUILD.gn

@@ -328,6 +328,11 @@ efr32_executable("lock_app") {
     ]
   }
 
+  # Attestation Credentials
+  if (chip_build_platform_attestation_credentials_provider) {
+    deps += [ "${examples_plat_dir}:efr32-attestation-credentials" ]
+  }
+
   output_dir = root_out_dir
 }
 group("efr32") {

examples/lock-app/efr32/src/AppTask.cpp

@@ -43,13 +43,6 @@
 
 #include <assert.h>
 
-#include <credentials/DeviceAttestationCredsProvider.h>
-#ifdef EFR32_ATTESTATION_CREDENTIALS
-#include <platform/EFR32/EFR32DeviceAttestationCreds.h>
-#else
-#include <credentials/examples/DeviceAttestationCredsExample.h>
-#endif
-
 #include <setup_payload/QRCodeSetupPayloadGenerator.h>
 #include <setup_payload/SetupPayload.h>
 
@@ -177,7 +170,6 @@ Identify gIdentify = {
 } // namespace
 
 using namespace chip::TLV;
-using namespace ::chip::Credentials;
 using namespace ::chip::DeviceLayer;
 
 AppTask AppTask::sAppTask;
@@ -215,15 +207,6 @@ CHIP_ERROR AppTask::Init()
     sWiFiNetworkCommissioningInstance.Init();
 #endif
 
-    chip::DeviceLayer::PlatformMgr().LockChipStack();
-    // Initialize device attestation config
-#ifdef EFR32_ATTESTATION_CREDENTIALS
-    SetDeviceAttestationCredentialsProvider(EFR32::GetDACProvider());
-#else
-    SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider());
-#endif
-    chip::DeviceLayer::PlatformMgr().UnlockChipStack();
-
     // Create FreeRTOS sw timer for Function Selection.
     sFunctionTimer = xTimerCreate("FnTmr",          // Just a text name, not used by the RTOS kernel
                                   1,                // == default timer period (mS)

examples/lock-app/efr32/src/main.cpp

@@ -25,12 +25,19 @@
 #include "sl_system_kernel.h"
 #include <DeviceInfoProviderImpl.h>
 #include <app/server/Server.h>
+#include <credentials/DeviceAttestationCredsProvider.h>
 #include <matter_config.h>
+#if EFR32_ATTESTATION_CREDENTIALS
+#include <platform/EFR32/EFR32DeviceAttestationCreds.h>
+#else
+#include <credentials/examples/DeviceAttestationCredsExample.h>
+#endif
 
 #define BLE_DEV_NAME "SiLabs-Door-Lock"
 using namespace ::chip;
 using namespace ::chip::Inet;
 using namespace ::chip::DeviceLayer;
+using namespace ::chip::Credentials;
 
 #define UNUSED_PARAMETER(a) (a = a)
 
@@ -49,6 +56,15 @@ int main(void)
     gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
     chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);
 
+    chip::DeviceLayer::PlatformMgr().LockChipStack();
+    // Initialize device attestation config
+#if EFR32_ATTESTATION_CREDENTIALS
+    SetDeviceAttestationCredentialsProvider(EFR32::GetEFR32DacProvider());
+#else
+    SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider());
+#endif
+    chip::DeviceLayer::PlatformMgr().UnlockChipStack();
+
     EFR32_LOG("Starting App Task");
     if (GetAppTask().StartAppTask() != CHIP_NO_ERROR)
         appError(CHIP_ERROR_INTERNAL);

examples/platform/efr32/BUILD.gn

@@ -37,11 +37,6 @@ config("chip_examples_project_config") {
     "-Wl,--wrap=_free_r",
     "-Wl,--wrap=_calloc_r",
   ]
-
-  defines = [
-    # Set to 1 to enable EFR32 attestation credentials
-    "EFR32_ATTESTATION_CREDENTIALS=0",
-  ]
 }
 
 source_set("openthread_core_config_efr32_chip_examples") {
@@ -69,3 +64,18 @@ source_set("efr-matter-shell") {
     ]
   }
 }
+
+source_set("efr32-attestation-credentials") {
+  public_deps = [
+    "${chip_root}/src/credentials",
+    "${chip_root}/src/platform:platform_base",
+  ]
+  defines = [
+    # Set to 1 to enable EFR32 attestation credentials
+    "EFR32_ATTESTATION_CREDENTIALS=1",
+  ]
+  sources = [
+    "EFR32DeviceAttestationCreds.cpp",
+    "EFR32DeviceAttestationCreds.h",
+  ]
+}

src/platform/EFR32/EFR32DeviceAttestationCreds.cpp → examples/platform/efr32/EFR32DeviceAttestationCreds.cpp

@@ -70,9 +70,9 @@ class DeviceAttestationCredsEFR32 : public DeviceAttestationCredentialsProvider
 
     CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & digest_to_sign, MutableByteSpan & out_buffer) override
     {
-        psa_key_id_t key_id                                  = MFG_MATTER_DAC_KEY_ID;
-        uint8_t signature[chip::Crypto::kSHA256_Hash_Length] = { 0 };
-        size_t signature_size                                = sizeof(signature);
+        psa_key_id_t key_id   = MFG_MATTER_DAC_KEY_ID;
+        uint8_t signature[64] = { 0 };
+        size_t signature_size = sizeof(signature);
 
         psa_status_t err = psa_sign_hash(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), digest_to_sign.data(), digest_to_sign.size(),
                                          signature, signature_size, &signature_size);
@@ -84,7 +84,7 @@ class DeviceAttestationCredsEFR32 : public DeviceAttestationCredentialsProvider
 
 } // namespace
 
-DeviceAttestationCredentialsProvider * GetDACProvider()
+DeviceAttestationCredentialsProvider * GetEFR32DacProvider()
 {
     static DeviceAttestationCredsEFR32 dac_provider;
     return &dac_provider;

src/platform/EFR32/EFR32DeviceAttestationCreds.h → examples/platform/efr32/EFR32DeviceAttestationCreds.h

@@ -32,7 +32,7 @@ namespace EFR32 {
  * @returns a singleton DeviceAttestationCredentialsProvider that relies on no
  *          storage abstractions.
  */
-DeviceAttestationCredentialsProvider * GetDACProvider();
+DeviceAttestationCredentialsProvider * GetEFR32DacProvider();
 
 } // namespace EFR32
 } // namespace Credentials