Skip to content

Commit

Permalink
Silicon Labs: Attestation credentials now remain upon factory reset. (#…
Browse files Browse the repository at this point in the history 
…27966)
  • Loading branch information
@rcasallas-silabs @pull
rcasallas-silabs authored and pull[bot] committed Nov 15, 2023
1 parent b6b49e6 commit 4508373
Show file tree
Hide file tree
Showing 7 changed files with 118 additions and 62 deletions.
132 changes: 87 additions & 45 deletions examples/platform/silabs/SilabsDeviceAttestationCreds.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@

using namespace chip::DeviceLayer::Internal;

using chip::DeviceLayer::Internal::SilabsConfig;

extern uint8_t linker_nvm_end[];
static uint8_t * _credentials_address = (uint8_t *) linker_nvm_end;

Expand All @@ -44,21 +46,8 @@ class DeviceAttestationCredsSilabs : public DeviceAttestationCredentialsProvider
public:
CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & out_span) override
{
uint32_t offset = SILABS_CREDENTIALS_CD_OFFSET;
uint32_t size = SILABS_CREDENTIALS_CD_SIZE;

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_CD_Offset) &&
SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_CD_Size))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_CD_Offset, offset));
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_CD_Size, size));
}

uint8_t * address = _credentials_address + offset;
ByteSpan cd_span(address, size);
ChipLogProgress(DeviceLayer, "GetCertificationDeclaration, addr:%p, size:%lu", address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(cd_span.data(), kDebugLength > cd_span.size() ? cd_span.size() : kDebugLength));
return CopySpanToMutableSpan(cd_span, out_span);
return GetFile("GetCertificationDeclaration", SilabsConfig::kConfigKey_Creds_CD_Offset, SILABS_CREDENTIALS_CD_OFFSET,
SilabsConfig::kConfigKey_Creds_CD_Size, SILABS_CREDENTIALS_CD_SIZE, out_span);
}

CHIP_ERROR GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) override
Expand All @@ -70,40 +59,15 @@ class DeviceAttestationCredsSilabs : public DeviceAttestationCredentialsProvider

CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & out_span) override
{
uint32_t offset = SILABS_CREDENTIALS_DAC_OFFSET;
uint32_t size = SILABS_CREDENTIALS_DAC_SIZE;

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_DAC_Offset) &&
SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_DAC_Size))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_DAC_Offset, offset));
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_DAC_Size, size));
}

uint8_t * address = _credentials_address + offset;
ByteSpan cert_span(address, size);
ChipLogProgress(DeviceLayer, "GetDeviceAttestationCert, addr:%p, size:%lu", address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(cert_span.data(), kDebugLength > cert_span.size() ? cert_span.size() : kDebugLength));
return CopySpanToMutableSpan(cert_span, out_span);
return GetFile("GetDeviceAttestationCert", SilabsConfig::kConfigKey_Creds_DAC_Offset, SILABS_CREDENTIALS_DAC_OFFSET,
SilabsConfig::kConfigKey_Creds_DAC_Size, SILABS_CREDENTIALS_DAC_SIZE, out_span);
}

CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & out_span) override
{
uint32_t offset = SILABS_CREDENTIALS_PAI_OFFSET;
uint32_t size = SILABS_CREDENTIALS_PAI_SIZE;

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_PAI_Offset) &&
SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_PAI_Size))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_PAI_Offset, offset));
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_PAI_Size, size));
}

uint8_t * address = _credentials_address + offset;
ByteSpan cert_span(address, size);
ChipLogProgress(DeviceLayer, "GetProductAttestationIntermediateCert, addr:%p, size:%lu", address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(cert_span.data(), kDebugLength > cert_span.size() ? cert_span.size() : kDebugLength));
return CopySpanToMutableSpan(cert_span, out_span);
return GetFile("GetProductAttestationIntermediateCert", SilabsConfig::kConfigKey_Creds_PAI_Offset,
SILABS_CREDENTIALS_PAI_OFFSET, SilabsConfig::kConfigKey_Creds_PAI_Size, SILABS_CREDENTIALS_PAI_SIZE,
out_span);
}

CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_span) override
Expand All @@ -126,6 +90,45 @@ class DeviceAttestationCredsSilabs : public DeviceAttestationCredentialsProvider

return CopySpanToMutableSpan(ByteSpan(signature, signature_size), out_span);
}

private:
CHIP_ERROR GetFile(const char * description, uint32_t offset_key, uint32_t offset_default, uint32_t size_key,
uint32_t size_default, MutableByteSpan & out_span)
{
uint8_t * address = nullptr;
uint32_t offset = offset_default;
if (SilabsConfig::ConfigValueExists(offset_key))
{
// NVM-provided offset
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(offset_key, offset));
}

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_Base_Addr))
{
// NVM-provided location
uint32_t base_addr = 0;
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_Base_Addr, base_addr));
address = (uint8_t *) (base_addr + offset);
}
else
{
// Default location
address = _credentials_address + offset;
}

// Size
uint32_t size = size_default;
if (SilabsConfig::ConfigValueExists(size_key))
{
// NVM-provided size
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(size_key, size));
}

ByteSpan span(address, size);
ChipLogProgress(DeviceLayer, "%s, addr:%p, size:%lu", description, address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(span.data(), kDebugLength > span.size() ? span.size() : kDebugLength));
return CopySpanToMutableSpan(span, out_span);
}
};

} // namespace
Expand All @@ -138,4 +141,43 @@ DeviceAttestationCredentialsProvider * GetSilabsDacProvider()

} // namespace Silabs
} // namespace Credentials

namespace DeviceLayer {
namespace Silabs {
namespace {

void MigrateUint32(uint32_t old_key, uint32_t new_key)
{
uint32_t value = 0;
if (SilabsConfig::ConfigValueExists(old_key) && (CHIP_NO_ERROR == SilabsConfig::ReadConfigValue(old_key, value)))
{
SilabsConfig::WriteConfigValue(new_key, value);
}
}

} // namespace

void MigrateDacProvider(void)
{
constexpr uint32_t kOldKey_Creds_KeyId = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x21);
constexpr uint32_t kOldKey_Creds_Base_Addr = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x22);
constexpr uint32_t kOldKey_Creds_DAC_Offset = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x23);
constexpr uint32_t kOldKey_Creds_DAC_Size = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x24);
constexpr uint32_t kOldKey_Creds_PAI_Offset = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x25);
constexpr uint32_t kOldKey_Creds_PAI_Size = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x26);
constexpr uint32_t kOldKey_Creds_CD_Offset = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x27);
constexpr uint32_t kOldKey_Creds_CD_Size = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x28);

MigrateUint32(kOldKey_Creds_KeyId, SilabsConfig::kConfigKey_Creds_KeyId);
MigrateUint32(kOldKey_Creds_Base_Addr, SilabsConfig::kConfigKey_Creds_Base_Addr);
MigrateUint32(kOldKey_Creds_DAC_Offset, SilabsConfig::kConfigKey_Creds_DAC_Offset);
MigrateUint32(kOldKey_Creds_DAC_Size, SilabsConfig::kConfigKey_Creds_DAC_Size);
MigrateUint32(kOldKey_Creds_PAI_Offset, SilabsConfig::kConfigKey_Creds_PAI_Offset);
MigrateUint32(kOldKey_Creds_PAI_Size, SilabsConfig::kConfigKey_Creds_PAI_Size);
MigrateUint32(kOldKey_Creds_CD_Offset, SilabsConfig::kConfigKey_Creds_CD_Offset);
MigrateUint32(kOldKey_Creds_CD_Size, SilabsConfig::kConfigKey_Creds_CD_Size);
}

} // namespace Silabs
} // namespace DeviceLayer
} // namespace chip
2 changes: 2 additions & 0 deletions examples/platform/silabs/SilabsDeviceAttestationCreds.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ namespace Silabs {
*/
DeviceAttestationCredentialsProvider * GetSilabsDacProvider();

void SilabsDacProviderMigration(void);

} // namespace Silabs
} // namespace Credentials
} // namespace chip
9 changes: 9 additions & 0 deletions src/platform/silabs/KeyValueStoreManagerImpl.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,5 +300,14 @@ void KeyValueStoreManagerImpl::KvsMapMigration(void)
}

} // namespace PersistedStorage

namespace Silabs {

void MigrateKvsMap(void)
{
PersistedStorage::KeyValueStoreMgrImpl().KvsMapMigration();
}

} // namespace Silabs
} // namespace DeviceLayer
} // namespace chip
4 changes: 0 additions & 4 deletions src/platform/silabs/KeyValueStoreManagerImpl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,6 @@ namespace PersistedStorage {

class KeyValueStoreManagerImpl final : public KeyValueStoreManager
{
// Allow the KeyValueStoreManager interface class to delegate method calls to
// the implementation methods provided by this class.
friend class KeyValueStoreManager;

public:
CHIP_ERROR Init(void);
CHIP_ERROR _Put(const char * key, const void * value, size_t value_size);
Expand Down
6 changes: 4 additions & 2 deletions src/platform/silabs/MigrationManager.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@

#include "MigrationManager.h"
#include <platform/CHIPDeviceLayer.h>
#include <platform/KeyValueStoreManager.h>
#include <platform/silabs/SilabsConfig.h>
#include <stdio.h>

Expand All @@ -38,7 +37,10 @@ typedef struct

#define COUNT_OF(A) (sizeof(A) / sizeof((A)[0]))
static migrationData_t migrationTable[] = {
{ .migrationGroup = 1, .migrationFunc = &KeyValueStoreMgrImpl().KvsMapMigration },
{ .migrationGroup = 1, .migrationFunc = MigrateKvsMap },
#ifdef SILABS_ATTESTATION_CREDENTIALS
{ .migrationGroup = 2, .migrationFunc = MigrateDacProvider },
#endif
// add any additional migration neccesary. migrationGroup should stay equal if done in the same commit or increment by 1 for
// each new entry.
};
Expand Down
9 changes: 7 additions & 2 deletions src/platform/silabs/MigrationManager.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,6 @@ namespace Silabs {

class MigrationManager
{
friend class KeyValueStoreManagerImpl;

public:
/**
* The Silabs migration manager is implemented as a singleton
Expand All @@ -39,6 +37,13 @@ class MigrationManager
~MigrationManager(){};
};

/**
* Migration functions. These definitions allow the MigrationManager
* to be agnostic of the specifics of each individual migration.
*/
void MigrateKvsMap(void);
void MigrateDacProvider(void);

} // namespace Silabs
} // namespace DeviceLayer
} // namespace chip
18 changes: 9 additions & 9 deletions src/platform/silabs/SilabsConfig.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,14 @@ class SilabsConfig
static constexpr Key kConfigKey_ProductURL = SilabsConfigKey(kMatterFactory_KeyBase, 0x11);
static constexpr Key kConfigKey_PartNumber = SilabsConfigKey(kMatterFactory_KeyBase, 0x12);
static constexpr Key kConfigKey_UniqueId = SilabsConfigKey(kMatterFactory_KeyBase, 0x1F);
static constexpr Key kConfigKey_Creds_KeyId = SilabsConfigKey(kMatterFactory_KeyBase, 0x20);
static constexpr Key kConfigKey_Creds_Base_Addr = SilabsConfigKey(kMatterFactory_KeyBase, 0x21);
static constexpr Key kConfigKey_Creds_DAC_Offset = SilabsConfigKey(kMatterFactory_KeyBase, 0x22);
static constexpr Key kConfigKey_Creds_DAC_Size = SilabsConfigKey(kMatterFactory_KeyBase, 0x23);
static constexpr Key kConfigKey_Creds_PAI_Offset = SilabsConfigKey(kMatterFactory_KeyBase, 0x24);
static constexpr Key kConfigKey_Creds_PAI_Size = SilabsConfigKey(kMatterFactory_KeyBase, 0x25);
static constexpr Key kConfigKey_Creds_CD_Offset = SilabsConfigKey(kMatterFactory_KeyBase, 0x26);
static constexpr Key kConfigKey_Creds_CD_Size = SilabsConfigKey(kMatterFactory_KeyBase, 0x27);
// Matter Config Keys
static constexpr Key kConfigKey_ServiceConfig = SilabsConfigKey(kMatterConfig_KeyBase, 0x01);
static constexpr Key kConfigKey_PairedAccountId = SilabsConfigKey(kMatterConfig_KeyBase, 0x02);
Expand All @@ -135,14 +143,6 @@ class SilabsConfig
static constexpr Key kConfigKey_YearDaySchedules = SilabsConfigKey(kMatterConfig_KeyBase, 0x16);
static constexpr Key kConfigKey_HolidaySchedules = SilabsConfigKey(kMatterConfig_KeyBase, 0x17);
static constexpr Key kConfigKey_OpKeyMap = SilabsConfigKey(kMatterConfig_KeyBase, 0x20);
static constexpr Key kConfigKey_Creds_KeyId = SilabsConfigKey(kMatterConfig_KeyBase, 0x21);
static constexpr Key kConfigKey_Creds_Base_Addr = SilabsConfigKey(kMatterConfig_KeyBase, 0x22);
static constexpr Key kConfigKey_Creds_DAC_Offset = SilabsConfigKey(kMatterConfig_KeyBase, 0x23);
static constexpr Key kConfigKey_Creds_DAC_Size = SilabsConfigKey(kMatterConfig_KeyBase, 0x24);
static constexpr Key kConfigKey_Creds_PAI_Offset = SilabsConfigKey(kMatterConfig_KeyBase, 0x25);
static constexpr Key kConfigKey_Creds_PAI_Size = SilabsConfigKey(kMatterConfig_KeyBase, 0x26);
static constexpr Key kConfigKey_Creds_CD_Offset = SilabsConfigKey(kMatterConfig_KeyBase, 0x27);
static constexpr Key kConfigKey_Creds_CD_Size = SilabsConfigKey(kMatterConfig_KeyBase, 0x28);

static constexpr Key kConfigKey_GroupKeyMax =
SilabsConfigKey(kMatterConfig_KeyBase, 0x1E); // Allows 16 Group Keys to be created.
Expand All @@ -160,7 +160,7 @@ class SilabsConfig

// Set key id limits for each group.
static constexpr Key kMinConfigKey_MatterFactory = SilabsConfigKey(kMatterFactory_KeyBase, 0x00);
static constexpr Key kMaxConfigKey_MatterFactory = SilabsConfigKey(kMatterFactory_KeyBase, 0x1F);
static constexpr Key kMaxConfigKey_MatterFactory = SilabsConfigKey(kMatterFactory_KeyBase, 0x2F);
static constexpr Key kMinConfigKey_MatterConfig = SilabsConfigKey(kMatterConfig_KeyBase, 0x00);
static constexpr Key kMaxConfigKey_MatterConfig = SilabsConfigKey(kMatterConfig_KeyBase, 0x20);

Expand Down

0 comments on commit 4508373

Please sign in to comment.