Skip to content

Commit

Permalink
Silabs CPMS support added. (#25824)
Browse files Browse the repository at this point in the history
* Silabs CPMS support added.

* SilabsDeviceAttestationCreds: Code review.
  • Loading branch information
rcasallas-silabs authored and pull[bot] committed Aug 14, 2023
1 parent 163b758 commit 718969b
Show file tree
Hide file tree
Showing 3 changed files with 92 additions and 34 deletions.
88 changes: 70 additions & 18 deletions examples/platform/silabs/SilabsDeviceAttestationCreds.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,15 @@
#include <lib/core/CHIPError.h>
#include <lib/support/CodeUtils.h>
#include <lib/support/Span.h>
#include <platform/silabs/SilabsConfig.h>
#include <psa/crypto.h>

#include "psa/crypto.h"
#include "silabs_creds.h"

extern uint8_t __attestation_credentials_base[];
using namespace chip::DeviceLayer::Internal;

extern uint8_t linker_nvm_end[];
static uint8_t * _credentials_address = (uint8_t *) linker_nvm_end;

namespace chip {
namespace Credentials {
Expand All @@ -33,12 +37,28 @@ namespace {

class DeviceAttestationCredsSilabs : public DeviceAttestationCredentialsProvider
{
// Miss-aligned certificates is a common error, and printing the first few bytes is
// useful to verify proper alignment. Eight bytes is enough for this purpose.
static constexpr size_t kDebugLength = 8;

public:
CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & out_buffer) override
CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & out_span) override
{
ByteSpan cd_span(((uint8_t *) __attestation_credentials_base) + SILABS_CREDENTIALS_CD_OFFSET, SILABS_CREDENTIALS_CD_SIZE);
return CopySpanToMutableSpan(cd_span, out_buffer);
uint32_t offset = SILABS_CREDENTIALS_CD_OFFSET;
uint32_t size = SILABS_CREDENTIALS_CD_SIZE;

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_CD_Offset) &&
SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_CD_Size))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_CD_Offset, offset));
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_CD_Size, size));
}

uint8_t * address = _credentials_address + offset;
ByteSpan cd_span(address, size);
ChipLogProgress(DeviceLayer, "GetCertificationDeclaration, addr:%p, size:%lu", address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(cd_span.data(), kDebugLength > cd_span.size() ? cd_span.size() : kDebugLength));
return CopySpanToMutableSpan(cd_span, out_span);
}

CHIP_ERROR GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) override
Expand All @@ -48,31 +68,63 @@ class DeviceAttestationCredsSilabs : public DeviceAttestationCredentialsProvider
return CHIP_NO_ERROR;
}

CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & out_buffer) override
CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & out_span) override
{
ByteSpan cert_span(((uint8_t *) __attestation_credentials_base) + SILABS_CREDENTIALS_DAC_OFFSET,
SILABS_CREDENTIALS_DAC_SIZE);
return CopySpanToMutableSpan(cert_span, out_buffer);
uint32_t offset = SILABS_CREDENTIALS_DAC_OFFSET;
uint32_t size = SILABS_CREDENTIALS_DAC_SIZE;

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_DAC_Offset) &&
SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_DAC_Size))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_DAC_Offset, offset));
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_DAC_Size, size));
}

uint8_t * address = _credentials_address + offset;
ByteSpan cert_span(address, size);
ChipLogProgress(DeviceLayer, "GetDeviceAttestationCert, addr:%p, size:%lu", address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(cert_span.data(), kDebugLength > cert_span.size() ? cert_span.size() : kDebugLength));
return CopySpanToMutableSpan(cert_span, out_span);
}

CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & out_pai_buffer) override
CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & out_span) override
{
ByteSpan cert_span(((uint8_t *) __attestation_credentials_base) + SILABS_CREDENTIALS_PAI_OFFSET,
SILABS_CREDENTIALS_PAI_SIZE);
return CopySpanToMutableSpan(cert_span, out_pai_buffer);
uint32_t offset = SILABS_CREDENTIALS_PAI_OFFSET;
uint32_t size = SILABS_CREDENTIALS_PAI_SIZE;

if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_PAI_Offset) &&
SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_PAI_Size))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_PAI_Offset, offset));
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_PAI_Size, size));
}

uint8_t * address = _credentials_address + offset;
ByteSpan cert_span(address, size);
ChipLogProgress(DeviceLayer, "GetProductAttestationIntermediateCert, addr:%p, size:%lu", address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(cert_span.data(), kDebugLength > cert_span.size() ? cert_span.size() : kDebugLength));
return CopySpanToMutableSpan(cert_span, out_span);
}

CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_buffer) override
CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_span) override
{
psa_key_id_t key_id = SILABS_CREDENTIALS_DAC_KEY_ID;
uint32_t key_id = SILABS_CREDENTIALS_DAC_KEY_ID;
uint8_t signature[64] = { 0 };
size_t signature_size = sizeof(signature);

psa_status_t err = psa_sign_message(key_id, PSA_ALG_ECDSA(PSA_ALG_SHA_256), message_to_sign.data(), message_to_sign.size(),
signature, signature_size, &signature_size);
if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_KeyId))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_KeyId, key_id));
}

ChipLogProgress(DeviceLayer, "SignWithDeviceAttestationKey, key:%lu", key_id);

psa_status_t err =
psa_sign_message(static_cast<psa_key_id_t>(key_id), PSA_ALG_ECDSA(PSA_ALG_SHA_256), message_to_sign.data(),
message_to_sign.size(), signature, signature_size, &signature_size);
VerifyOrReturnError(!err, CHIP_ERROR_INTERNAL);

return CopySpanToMutableSpan(ByteSpan(signature, signature_size), out_buffer);
return CopySpanToMutableSpan(ByteSpan(signature, signature_size), out_span);
}
};

Expand Down
28 changes: 14 additions & 14 deletions examples/platform/silabs/silabs_creds.h
Original file line number Diff line number Diff line change
Expand Up @@ -10,32 +10,32 @@
#ifndef SILABS_DEVICE_CREDENTIALS
#define SILABS_DEVICE_CREDENTIALS

#ifndef SILABS_CREDENTIALS_CD_OFFSET
#define SILABS_CREDENTIALS_CD_OFFSET 0x0000
#ifndef SILABS_CREDENTIALS_DAC_KEY_ID
#define SILABS_CREDENTIALS_DAC_KEY_ID 0x0002
#endif

#ifndef SILABS_CREDENTIALS_CD_SIZE
#define SILABS_CREDENTIALS_CD_SIZE 541
#ifndef SILABS_CREDENTIALS_DAC_OFFSET
#define SILABS_CREDENTIALS_DAC_OFFSET 0x0000
#endif

#ifndef SILABS_CREDENTIALS_PAI_OFFSET
#define SILABS_CREDENTIALS_PAI_OFFSET 0x400
#ifndef SILABS_CREDENTIALS_DAC_SIZE
#define SILABS_CREDENTIALS_DAC_SIZE 0
#endif

#ifndef SILABS_CREDENTIALS_PAI_SIZE
#define SILABS_CREDENTIALS_PAI_SIZE 463
#ifndef SILABS_CREDENTIALS_PAI_OFFSET
#define SILABS_CREDENTIALS_PAI_OFFSET 0x0200
#endif

#ifndef SILABS_CREDENTIALS_DAC_OFFSET
#define SILABS_CREDENTIALS_DAC_OFFSET 0x600
#ifndef SILABS_CREDENTIALS_PAI_SIZE
#define SILABS_CREDENTIALS_PAI_SIZE 0
#endif

#ifndef SILABS_CREDENTIALS_DAC_SIZE
#define SILABS_CREDENTIALS_DAC_SIZE 492
#ifndef SILABS_CREDENTIALS_CD_OFFSET
#define SILABS_CREDENTIALS_CD_OFFSET 0x0400
#endif

#ifndef SILABS_CREDENTIALS_DAC_KEY_ID
#define SILABS_CREDENTIALS_DAC_KEY_ID PSA_KEY_ID_USER_MIN + 1
#ifndef SILABS_CREDENTIALS_CD_SIZE
#define SILABS_CREDENTIALS_CD_SIZE 0
#endif

#endif // SILABS_DEVICE_CREDENTIALS
10 changes: 8 additions & 2 deletions src/platform/silabs/SilabsConfig.h
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,6 @@

#include <functional>

#include <platform/internal/CHIPDeviceLayerInternal.h>

#include "nvm3.h"
#include "nvm3_hal_flash.h"

Expand Down Expand Up @@ -137,6 +135,14 @@ class SilabsConfig
static constexpr Key kConfigKey_YearDaySchedules = SilabsConfigKey(kMatterConfig_KeyBase, 0x16);
static constexpr Key kConfigKey_HolidaySchedules = SilabsConfigKey(kMatterConfig_KeyBase, 0x17);
static constexpr Key kConfigKey_OpKeyMap = SilabsConfigKey(kMatterConfig_KeyBase, 0x20);
static constexpr Key kConfigKey_Creds_KeyId = SilabsConfigKey(kMatterConfig_KeyBase, 0x21);
static constexpr Key kConfigKey_Creds_Base_Addr = SilabsConfigKey(kMatterConfig_KeyBase, 0x22);
static constexpr Key kConfigKey_Creds_DAC_Offset = SilabsConfigKey(kMatterConfig_KeyBase, 0x23);
static constexpr Key kConfigKey_Creds_DAC_Size = SilabsConfigKey(kMatterConfig_KeyBase, 0x24);
static constexpr Key kConfigKey_Creds_PAI_Offset = SilabsConfigKey(kMatterConfig_KeyBase, 0x25);
static constexpr Key kConfigKey_Creds_PAI_Size = SilabsConfigKey(kMatterConfig_KeyBase, 0x26);
static constexpr Key kConfigKey_Creds_CD_Offset = SilabsConfigKey(kMatterConfig_KeyBase, 0x27);
static constexpr Key kConfigKey_Creds_CD_Size = SilabsConfigKey(kMatterConfig_KeyBase, 0x28);

static constexpr Key kConfigKey_GroupKeyMax =
SilabsConfigKey(kMatterConfig_KeyBase, 0x1E); // Allows 16 Group Keys to be created.
Expand Down

0 comments on commit 718969b

Please sign in to comment.