diff --git a/examples/chef/efr32/BUILD.gn b/examples/chef/efr32/BUILD.gn index 4161916a993f49..8016d069fb4b34 100644 --- a/examples/chef/efr32/BUILD.gn +++ b/examples/chef/efr32/BUILD.gn @@ -336,6 +336,11 @@ efr32_executable("chef_app") { ] } + # Attestation Credentials + if (chip_build_platform_attestation_credentials_provider) { + deps += [ "${examples_plat_dir}:efr32-attestation-credentials" ] + } + output_dir = root_out_dir } diff --git a/examples/chef/efr32/src/AppTask.cpp b/examples/chef/efr32/src/AppTask.cpp index 15ff91d64a5fa6..b6450ba696d126 100644 --- a/examples/chef/efr32/src/AppTask.cpp +++ b/examples/chef/efr32/src/AppTask.cpp @@ -43,9 +43,6 @@ #include -#include -#include - #include #include @@ -167,7 +164,6 @@ Identify gIdentify = { } // namespace using namespace chip::TLV; -using namespace ::chip::Credentials; using namespace ::chip::DeviceLayer; AppTask AppTask::sAppTask; @@ -205,11 +201,6 @@ CHIP_ERROR AppTask::Init() sWiFiNetworkCommissioningInstance.Init(); #endif - chip::DeviceLayer::PlatformMgr().LockChipStack(); - // Initialize device attestation config - SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); - chip::DeviceLayer::PlatformMgr().UnlockChipStack(); - // Create FreeRTOS sw timer for Function Selection. sFunctionTimer = xTimerCreate("FnTmr", // Just a text name, not used by the RTOS kernel 1, // == default timer period (mS) diff --git a/examples/chef/efr32/src/main.cpp b/examples/chef/efr32/src/main.cpp index 920f51b8e5805d..3f2cc598599b4e 100644 --- a/examples/chef/efr32/src/main.cpp +++ b/examples/chef/efr32/src/main.cpp @@ -25,12 +25,19 @@ #include "sl_system_kernel.h" #include #include +#include #include +#if EFR32_ATTESTATION_CREDENTIALS +#include +#else +#include +#endif #define BLE_DEV_NAME "SiLabs-Chef-App" using namespace ::chip; using namespace ::chip::Inet; using namespace ::chip::DeviceLayer; +using namespace ::chip::Credentials; #define UNUSED_PARAMETER(a) (a = a) @@ -49,6 +56,15 @@ int main(void) gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); + chip::DeviceLayer::PlatformMgr().LockChipStack(); + // Initialize device attestation config +#if EFR32_ATTESTATION_CREDENTIALS + SetDeviceAttestationCredentialsProvider(EFR32::GetEFR32DacProvider()); +#else + SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); +#endif + chip::DeviceLayer::PlatformMgr().UnlockChipStack(); + EFR32_LOG("Starting App Task"); if (GetAppTask().StartAppTask() != CHIP_NO_ERROR) appError(CHIP_ERROR_INTERNAL); diff --git a/examples/light-switch-app/efr32/BUILD.gn b/examples/light-switch-app/efr32/BUILD.gn index 7d870ecd737eb0..0aba620a8fee8f 100644 --- a/examples/light-switch-app/efr32/BUILD.gn +++ b/examples/light-switch-app/efr32/BUILD.gn @@ -323,6 +323,11 @@ efr32_executable("light_switch_app") { ] } + # Attestation Credentials + if (chip_build_platform_attestation_credentials_provider) { + deps += [ "${examples_plat_dir}:efr32-attestation-credentials" ] + } + output_dir = root_out_dir } diff --git a/examples/light-switch-app/efr32/src/AppTask.cpp b/examples/light-switch-app/efr32/src/AppTask.cpp index d92124af297648..da0e20396ba733 100644 --- a/examples/light-switch-app/efr32/src/AppTask.cpp +++ b/examples/light-switch-app/efr32/src/AppTask.cpp @@ -41,13 +41,6 @@ #include -#include -#ifdef EFR32_ATTESTATION_CREDENTIALS -#include -#else -#include -#endif - #include #include @@ -162,7 +155,6 @@ Identify gIdentify = { }; } // namespace using namespace chip::TLV; -using namespace ::chip::Credentials; using namespace ::chip::DeviceLayer; AppTask AppTask::sAppTask; @@ -200,15 +192,6 @@ CHIP_ERROR AppTask::Init() sWiFiNetworkCommissioningInstance.Init(); #endif - chip::DeviceLayer::PlatformMgr().LockChipStack(); - // Initialize device attestation config -#ifdef EFR32_ATTESTATION_CREDENTIALS - SetDeviceAttestationCredentialsProvider(EFR32::GetDACProvider()); -#else - SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); -#endif - chip::DeviceLayer::PlatformMgr().UnlockChipStack(); - // Create FreeRTOS sw timer for Function Selection. sFunctionTimer = xTimerCreate("FnTmr", // Just a text name, not used by the RTOS kernel 1, // == default timer period (mS) diff --git a/examples/light-switch-app/efr32/src/main.cpp b/examples/light-switch-app/efr32/src/main.cpp index 685d223daf8eed..12e9d085b953ef 100644 --- a/examples/light-switch-app/efr32/src/main.cpp +++ b/examples/light-switch-app/efr32/src/main.cpp @@ -25,12 +25,19 @@ #include "sl_system_kernel.h" #include #include +#include #include +#if EFR32_ATTESTATION_CREDENTIALS +#include +#else +#include +#endif #define BLE_DEV_NAME "SiLabs-Light-Switch" using namespace ::chip; using namespace ::chip::Inet; using namespace ::chip::DeviceLayer; +using namespace ::chip::Credentials; #define UNUSED_PARAMETER(a) (a = a) @@ -49,6 +56,15 @@ int main(void) gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); + chip::DeviceLayer::PlatformMgr().LockChipStack(); + // Initialize device attestation config +#if EFR32_ATTESTATION_CREDENTIALS + SetDeviceAttestationCredentialsProvider(EFR32::GetEFR32DacProvider()); +#else + SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); +#endif + chip::DeviceLayer::PlatformMgr().UnlockChipStack(); + EFR32_LOG("Starting App Task"); if (GetAppTask().StartAppTask() != CHIP_NO_ERROR) appError(CHIP_ERROR_INTERNAL); diff --git a/examples/lighting-app/efr32/BUILD.gn b/examples/lighting-app/efr32/BUILD.gn index 192833797494b2..56f0cf92688cf8 100644 --- a/examples/lighting-app/efr32/BUILD.gn +++ b/examples/lighting-app/efr32/BUILD.gn @@ -331,6 +331,11 @@ efr32_executable("lighting_app") { ] } + # Attestation Credentials + if (chip_build_platform_attestation_credentials_provider) { + deps += [ "${examples_plat_dir}:efr32-attestation-credentials" ] + } + output_dir = root_out_dir } diff --git a/examples/lighting-app/efr32/src/AppTask.cpp b/examples/lighting-app/efr32/src/AppTask.cpp index 4e43169e4a1a2c..3edc00dfa8855e 100644 --- a/examples/lighting-app/efr32/src/AppTask.cpp +++ b/examples/lighting-app/efr32/src/AppTask.cpp @@ -39,13 +39,6 @@ #include -#include -#if EFR32_ATTESTATION_CREDENTIALS -#include -#else -#include -#endif - #include #include @@ -167,7 +160,6 @@ Identify gIdentify = { } // namespace using namespace chip::TLV; -using namespace ::chip::Credentials; using namespace ::chip::DeviceLayer; AppTask AppTask::sAppTask; @@ -205,15 +197,6 @@ CHIP_ERROR AppTask::Init() sWiFiNetworkCommissioningInstance.Init(); #endif - chip::DeviceLayer::PlatformMgr().LockChipStack(); - // Initialize device attestation config -#if EFR32_ATTESTATION_CREDENTIALS - SetDeviceAttestationCredentialsProvider(EFR32::GetDACProvider()); -#else - SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); -#endif - chip::DeviceLayer::PlatformMgr().UnlockChipStack(); - // Create FreeRTOS sw timer for Function Selection. sFunctionTimer = xTimerCreate("FnTmr", // Just a text name, not used by the RTOS kernel 1, // == default timer period (mS) diff --git a/examples/lighting-app/efr32/src/main.cpp b/examples/lighting-app/efr32/src/main.cpp index 54137f45c89043..1484e6e18a4290 100644 --- a/examples/lighting-app/efr32/src/main.cpp +++ b/examples/lighting-app/efr32/src/main.cpp @@ -25,12 +25,19 @@ #include "sl_system_kernel.h" #include #include +#include #include +#if EFR32_ATTESTATION_CREDENTIALS +#include +#else +#include +#endif #define BLE_DEV_NAME "SiLabs-Light" using namespace ::chip; using namespace ::chip::Inet; using namespace ::chip::DeviceLayer; +using namespace ::chip::Credentials; #define UNUSED_PARAMETER(a) (a = a) @@ -49,6 +56,15 @@ int main(void) gExampleDeviceInfoProvider.SetStorageDelegate(&chip::Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); + chip::DeviceLayer::PlatformMgr().LockChipStack(); + // Initialize device attestation config +#if EFR32_ATTESTATION_CREDENTIALS + SetDeviceAttestationCredentialsProvider(EFR32::GetEFR32DacProvider()); +#else + SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); +#endif + chip::DeviceLayer::PlatformMgr().UnlockChipStack(); + EFR32_LOG("Starting App Task"); if (GetAppTask().StartAppTask() != CHIP_NO_ERROR) appError(CHIP_ERROR_INTERNAL); diff --git a/examples/lock-app/efr32/BUILD.gn b/examples/lock-app/efr32/BUILD.gn index 679ed1f46cda3d..4add2a9528504b 100644 --- a/examples/lock-app/efr32/BUILD.gn +++ b/examples/lock-app/efr32/BUILD.gn @@ -328,6 +328,11 @@ efr32_executable("lock_app") { ] } + # Attestation Credentials + if (chip_build_platform_attestation_credentials_provider) { + deps += [ "${examples_plat_dir}:efr32-attestation-credentials" ] + } + output_dir = root_out_dir } group("efr32") { diff --git a/examples/lock-app/efr32/src/AppTask.cpp b/examples/lock-app/efr32/src/AppTask.cpp index 8fde0eabc239ef..ac3914476a3f1e 100644 --- a/examples/lock-app/efr32/src/AppTask.cpp +++ b/examples/lock-app/efr32/src/AppTask.cpp @@ -43,13 +43,6 @@ #include -#include -#ifdef EFR32_ATTESTATION_CREDENTIALS -#include -#else -#include -#endif - #include #include @@ -177,7 +170,6 @@ Identify gIdentify = { } // namespace using namespace chip::TLV; -using namespace ::chip::Credentials; using namespace ::chip::DeviceLayer; AppTask AppTask::sAppTask; @@ -215,15 +207,6 @@ CHIP_ERROR AppTask::Init() sWiFiNetworkCommissioningInstance.Init(); #endif - chip::DeviceLayer::PlatformMgr().LockChipStack(); - // Initialize device attestation config -#ifdef EFR32_ATTESTATION_CREDENTIALS - SetDeviceAttestationCredentialsProvider(EFR32::GetDACProvider()); -#else - SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); -#endif - chip::DeviceLayer::PlatformMgr().UnlockChipStack(); - // Create FreeRTOS sw timer for Function Selection. sFunctionTimer = xTimerCreate("FnTmr", // Just a text name, not used by the RTOS kernel 1, // == default timer period (mS) diff --git a/examples/lock-app/efr32/src/main.cpp b/examples/lock-app/efr32/src/main.cpp index cbc0c3643f07ff..444910bf16856e 100644 --- a/examples/lock-app/efr32/src/main.cpp +++ b/examples/lock-app/efr32/src/main.cpp @@ -25,12 +25,19 @@ #include "sl_system_kernel.h" #include #include +#include #include +#if EFR32_ATTESTATION_CREDENTIALS +#include +#else +#include +#endif #define BLE_DEV_NAME "SiLabs-Door-Lock" using namespace ::chip; using namespace ::chip::Inet; using namespace ::chip::DeviceLayer; +using namespace ::chip::Credentials; #define UNUSED_PARAMETER(a) (a = a) @@ -49,6 +56,15 @@ int main(void) gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); + chip::DeviceLayer::PlatformMgr().LockChipStack(); + // Initialize device attestation config +#if EFR32_ATTESTATION_CREDENTIALS + SetDeviceAttestationCredentialsProvider(EFR32::GetEFR32DacProvider()); +#else + SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); +#endif + chip::DeviceLayer::PlatformMgr().UnlockChipStack(); + EFR32_LOG("Starting App Task"); if (GetAppTask().StartAppTask() != CHIP_NO_ERROR) appError(CHIP_ERROR_INTERNAL); diff --git a/examples/platform/efr32/BUILD.gn b/examples/platform/efr32/BUILD.gn index 7b981b118798d7..cefa2c94599d8a 100644 --- a/examples/platform/efr32/BUILD.gn +++ b/examples/platform/efr32/BUILD.gn @@ -37,11 +37,6 @@ config("chip_examples_project_config") { "-Wl,--wrap=_free_r", "-Wl,--wrap=_calloc_r", ] - - defines = [ - # Set to 1 to enable EFR32 attestation credentials - "EFR32_ATTESTATION_CREDENTIALS=0", - ] } source_set("openthread_core_config_efr32_chip_examples") { @@ -69,3 +64,18 @@ source_set("efr-matter-shell") { ] } } + +source_set("efr32-attestation-credentials") { + public_deps = [ + "${chip_root}/src/credentials", + "${chip_root}/src/platform:platform_base", + ] + defines = [ + # Set to 1 to enable EFR32 attestation credentials + "EFR32_ATTESTATION_CREDENTIALS=1", + ] + sources = [ + "EFR32DeviceAttestationCreds.cpp", + "EFR32DeviceAttestationCreds.h", + ] +} diff --git a/src/platform/EFR32/EFR32DeviceAttestationCreds.cpp b/examples/platform/efr32/EFR32DeviceAttestationCreds.cpp similarity index 91% rename from src/platform/EFR32/EFR32DeviceAttestationCreds.cpp rename to examples/platform/efr32/EFR32DeviceAttestationCreds.cpp index 678099d1c54410..3ef57746e8341b 100644 --- a/src/platform/EFR32/EFR32DeviceAttestationCreds.cpp +++ b/examples/platform/efr32/EFR32DeviceAttestationCreds.cpp @@ -70,9 +70,9 @@ class DeviceAttestationCredsEFR32 : public DeviceAttestationCredentialsProvider CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & digest_to_sign, MutableByteSpan & out_buffer) override { - psa_key_id_t key_id = MFG_MATTER_DAC_KEY_ID; - uint8_t signature[chip::Crypto::kSHA256_Hash_Length] = { 0 }; - size_t signature_size = sizeof(signature); + psa_key_id_t key_id = MFG_MATTER_DAC_KEY_ID; + uint8_t signature[64] = { 0 }; + size_t signature_size = sizeof(signature); psa_status_t err = psa_sign_hash(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), digest_to_sign.data(), digest_to_sign.size(), signature, signature_size, &signature_size); @@ -84,7 +84,7 @@ class DeviceAttestationCredsEFR32 : public DeviceAttestationCredentialsProvider } // namespace -DeviceAttestationCredentialsProvider * GetDACProvider() +DeviceAttestationCredentialsProvider * GetEFR32DacProvider() { static DeviceAttestationCredsEFR32 dac_provider; return &dac_provider; diff --git a/src/platform/EFR32/EFR32DeviceAttestationCreds.h b/examples/platform/efr32/EFR32DeviceAttestationCreds.h similarity index 95% rename from src/platform/EFR32/EFR32DeviceAttestationCreds.h rename to examples/platform/efr32/EFR32DeviceAttestationCreds.h index 923b8d45f68471..3dbc48a01b0872 100644 --- a/src/platform/EFR32/EFR32DeviceAttestationCreds.h +++ b/examples/platform/efr32/EFR32DeviceAttestationCreds.h @@ -32,7 +32,7 @@ namespace EFR32 { * @returns a singleton DeviceAttestationCredentialsProvider that relies on no * storage abstractions. */ -DeviceAttestationCredentialsProvider * GetDACProvider(); +DeviceAttestationCredentialsProvider * GetEFR32DacProvider(); } // namespace EFR32 } // namespace Credentials diff --git a/examples/platform/efr32/efr32_creds.h b/examples/platform/efr32/efr32_creds.h index 3ce14016918ad3..52514adec3969f 100644 --- a/examples/platform/efr32/efr32_creds.h +++ b/examples/platform/efr32/efr32_creds.h @@ -1,5 +1,14 @@ -#ifndef MATTER_DEVICE_CREDENTIALS_EFR32 -#define MATTER_DEVICE_CREDENTIALS_EFR32 +/** + * This is a boilerplat header to define the EFR32 authentication credentials. + * Applications must provide their own version of this header, and include: + * - The content of the CSA-provided Certification Declaration + * - The location and size of the PAI, and DAC + * - The key ID of the key-pair associated with the DAC + * + * These credentials MUST be provided if the build variable "chip_build_device_attestation_credentials" is set to true. + */ +#ifndef EFR32_EXAMPLE_DEVICE_CREDENTIALS +#define EFR32_EXAMPLE_DEVICE_CREDENTIALS //-> format_version = 1 //-> vendor_id = 0xFFF1 @@ -54,4 +63,4 @@ const uint8_t kCertificationDeclaration[541] = { #define MFG_MATTER_DAC_SIZE 492 #define MFG_MATTER_DAC_KEY_ID PSA_KEY_ID_USER_MIN + 1 -#endif // MATTER_DEVICE_CREDENTIALS_EFR32 +#endif // EFR32_EXAMPLE_DEVICE_CREDENTIALS diff --git a/examples/window-app/efr32/BUILD.gn b/examples/window-app/efr32/BUILD.gn index d829fa9d15116b..c526f50cbf9204 100644 --- a/examples/window-app/efr32/BUILD.gn +++ b/examples/window-app/efr32/BUILD.gn @@ -278,6 +278,11 @@ efr32_executable("window_app") { "-Wl,SILABS_WIFI=1", ] } + + # Attestation Credentials + if (chip_build_platform_attestation_credentials_provider) { + deps += [ "${examples_plat_dir}:efr32-attestation-credentials" ] + } } group("efr32") { diff --git a/src/lib/lib.gni b/src/lib/lib.gni index c78be22c2d9196..213592c274939f 100644 --- a/src/lib/lib.gni +++ b/src/lib/lib.gni @@ -20,4 +20,7 @@ declare_args() { # a Commissioner or Administrator that employs different or more complex # logic, this should be set to false. chip_build_default_attestation_verifier = true + + # Set to true to enable device-specific attestation credentials + chip_build_platform_attestation_credentials_provider = false } diff --git a/src/platform/EFR32/BUILD.gn b/src/platform/EFR32/BUILD.gn index 814d9b835ca17d..a50db957df5e48 100644 --- a/src/platform/EFR32/BUILD.gn +++ b/src/platform/EFR32/BUILD.gn @@ -25,7 +25,6 @@ if (chip_enable_openthread) { static_library("EFR32") { sources = [ - "${chip_root}/src/credentials/DeviceAttestationCredsProvider.h", "../FreeRTOS/SystemTimeSupport.cpp", "../SingletonConfigurationManager.cpp", "BLEManagerImpl.cpp", @@ -44,8 +43,6 @@ static_library("EFR32") { "DiagnosticDataProviderImpl.h", "EFR32Config.cpp", "EFR32Config.h", - "EFR32DeviceAttestationCreds.cpp", - "EFR32DeviceAttestationCreds.h", "InetPlatformConfig.h", "KeyValueStoreManagerImpl.cpp", "KeyValueStoreManagerImpl.h",