Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Se05x HSM support in thermostat example #22220

Merged
merged 25 commits into from
Oct 6, 2022
Merged

Se05x HSM support in thermostat example #22220

Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
1262d25
fix - pbkdf integration
sujaygkulkarni-nxp Aug 23, 2022
90f23b4
Merge branch 'project-chip:master' into feature/device-attestation-si…
sujaygkulkarni-nxp Aug 23, 2022
d4d16df
added se05x platform support for thermostat example
sujaygkulkarni-nxp Aug 23, 2022
29546f8
device attest with internal sign working
sujaygkulkarni-nxp Aug 25, 2022
9f7824e
code clean up
sujaygkulkarni-nxp Aug 26, 2022
f959076
Merge branch 'project-chip:master' into feature/device-attestation-si…
sujaygkulkarni-nxp Aug 26, 2022
6d9ff62
updated simw repo commit id
sujaygkulkarni-nxp Aug 26, 2022
e9ba2cb
restyler
sujaygkulkarni-nxp Aug 26, 2022
da21eb0
updated api names
sujaygkulkarni-nxp Aug 26, 2022
bd6375b
Merge branch 'project-chip:master' into feature/device-attestation-si…
sujaygkulkarni-nxp Aug 29, 2022
cb53360
Merge branch 'project-chip:master' into feature/device-attestation-si…
sujaygkulkarni-nxp Aug 29, 2022
1592ed1
restyler
sujaygkulkarni-nxp Aug 29, 2022
eacc3fb
deleting tlv objects after use
sujaygkulkarni-nxp Aug 29, 2022
b0f9238
updated tlv parsing code
sujaygkulkarni-nxp Sep 1, 2022
5440608
updated error checks for TLV lengths
sujaygkulkarni-nxp Sep 4, 2022
856a83e
using GetRemainingLength() insted of recomputing the length
sujaygkulkarni-nxp Sep 11, 2022
caf6d1c
restyler
sujaygkulkarni-nxp Sep 11, 2022
54d3cff
using length of TLV after Get() member is called
sujaygkulkarni-nxp Sep 11, 2022
d35dbf0
Merge branch 'master' into feature/device-attestation-sign-using-se05x
sujaygkulkarni-nxp Sep 11, 2022
cf45b00
Merge branch 'project-chip:master' into feature/device-attestation-si…
Jagadish-NXP Sep 19, 2022
9d1a84a
Merge branch 'project-chip:master' into feature/device-attestation-si…
sujaygkulkarni-nxp Sep 27, 2022
9c053fa
Merge branch 'master' into feature/device-attestation-sign-using-se05x
sujaygkulkarni-nxp Sep 30, 2022
be4770c
Merge branch 'master' into feature/device-attestation-sign-using-se05x
sujaygkulkarni-nxp Sep 30, 2022
ac37f45
Merge branch 'master' into feature/device-attestation-sign-using-se05x
sujaygkulkarni-nxp Oct 3, 2022
0bd1383
Merge branch 'master' into feature/device-attestation-sign-using-se05x
sujaygkulkarni-nxp Oct 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
108 changes: 57 additions & 51 deletions examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
#include <lib/core/CHIPTLV.h>
#include <lib/core/CHIPTLVTags.h>
#include <lib/core/CHIPTLVTypes.h>
#include <lib/core/CHIPTLVUtilities.hpp>
#include <lib/support/Span.h>

#if CHIP_CRYPTO_HSM
Expand Down Expand Up @@ -172,49 +173,50 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa

ChipLogDetail(Crypto, "Sign using DA key from se05x (Using internal sign)");

MutableByteSpan tlv_buffer = ((MutableByteSpan &) message_to_sign).SubSpan(1); // Exclude the Start container

TLV::TLVReader msg_reader;
TLV::Tag tagValue;
TLV::TLVReader tagReader;

msg_reader.Init(tlv_buffer);
msg_reader.Next();
msg_reader.Init(message_to_sign);

/* To be removed. Use common key id to sign message */
static bool sign_cert_decl_attest = 1;

if (sign_cert_decl_attest)
{
/* Skip certificate declaration tag */
msg_reader.Next();

tagValue = msg_reader.GetTag();
VerifyOrReturnError(TLV::ContextTag(2) == tagValue, CHIP_ERROR_INVALID_TLV_TAG);
/* Get attestation nonce */
ByteSpan attest_nonce;
msg_reader.Get(attest_nonce);
/* Set attestation nonce */
VerifyOrReturnError(CHIP_NO_ERROR ==
se05xSetCertificate(CD_ATTEST_NONCE_DATA_SE05X_ID, attest_nonce.data(), attest_nonce.size()),
CHIP_ERROR_INTERNAL);

msg_reader.Next();
tagValue = msg_reader.GetTag();
VerifyOrReturnError(TLV::ContextTag(3) == tagValue, CHIP_ERROR_INVALID_TLV_TAG);
ByteSpan time_stamp;
msg_reader.Get(time_stamp);
uint8_t tmp = time_stamp.size();
/* Get length and Skip certificate declaration tag */
ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(1), tagReader));
uint8_t cdlen = tagReader.GetLength();

ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(2), tagReader));
uint8_t attlen = tagReader.GetLength();
if (attlen > 0)
{
/* Get attestation nonce */
ByteSpan attest_nonce;
ReturnErrorOnFailure(tagReader.Get(attest_nonce));
/* Set attestation nonce */
VerifyOrReturnError(CHIP_NO_ERROR ==
se05xSetCertificate(CD_ATTEST_NONCE_DATA_SE05X_ID, attest_nonce.data(), attest_nonce.size()),
CHIP_ERROR_INTERNAL);
}

ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(3), tagReader));
uint8_t tslen = tagReader.GetLength();
/* Set time stamp length */
VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(CD_TIME_STAMP_LEN_SE05X_ID, &tmp, 1), CHIP_ERROR_INTERNAL);
if (time_stamp.size() > 0)
VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(CD_TIME_STAMP_LEN_SE05X_ID, &tslen, 1), CHIP_ERROR_INTERNAL);
if (tslen > 0)
{
ByteSpan time_stamp;
tagReader.Get(time_stamp);
/* Set time stamp data */
VerifyOrReturnError(CHIP_NO_ERROR ==
se05xSetCertificate(CD_TIME_STAMP_DATA_SE05X_ID, time_stamp.data(), time_stamp.size()),
CHIP_ERROR_INTERNAL);
}

if (message_to_sign.size() >= 16)
if (message_to_sign.size() -
(cdlen + attlen + tslen + 9 /* Tag + control byte + len */ + 2 /* start and end containers*/) >=
16)
{
/* Set attestation challenge */
VerifyOrReturnError(CHIP_NO_ERROR ==
Expand All @@ -224,31 +226,35 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa
}
else
{
tagValue = msg_reader.GetTag();
VerifyOrReturnError(TLV::ContextTag(1) == tagValue, CHIP_ERROR_INVALID_TLV_TAG);
/* Get nocsr */
ByteSpan csr_data;
msg_reader.Get(csr_data);
uint8_t tmp = csr_data.size();
ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(1), tagReader));
uint8_t csrlen = tagReader.GetLength();
/* Set nocsr length */
VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_LEN_SE05X_ID, &tmp, 1), CHIP_ERROR_INTERNAL);
/* Set nocsr data */
se05x_delete_key(NOCSR_CSR_DATA_SE05X_ID);
VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_DATA_SE05X_ID, csr_data.data(), csr_data.size()),
CHIP_ERROR_INTERNAL);

msg_reader.Next();
tagValue = msg_reader.GetTag();
VerifyOrReturnError(TLV::ContextTag(2) == tagValue, CHIP_ERROR_INVALID_TLV_TAG);
/* Get nocsr nonce */
ByteSpan nocsr_nonce;
msg_reader.Get(nocsr_nonce);
/* Set nocsr nonce data */
VerifyOrReturnError(CHIP_NO_ERROR ==
se05xSetCertificate(NOCSR_CSR_NONCE_DATA_SE05X_ID, nocsr_nonce.data(), nocsr_nonce.size()),
CHIP_ERROR_INTERNAL);

if (message_to_sign.size() >= 16)
VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_LEN_SE05X_ID, &csrlen, 1), CHIP_ERROR_INTERNAL);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not initializing csrlen from csr_data.size()?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

get() member will return error in case the tag length is 0. So using the GetLength() before get() member is called.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again, Get does not return error on zero length....

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have created the issue to check this as well as other changes you suggested in the previous conversation. (#23064). Will address these in the next PR.

if (csrlen > 0)
{
/* Get nocsr */
ByteSpan csr_data;
ReturnErrorOnFailure(tagReader.Get(csr_data));
/* Set nocsr data */
se05x_delete_key(NOCSR_CSR_DATA_SE05X_ID);
VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_DATA_SE05X_ID, csr_data.data(), csr_data.size()),
CHIP_ERROR_INTERNAL);
}

ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(2), tagReader));
uint8_t noncelen = tagReader.GetLength();
if (noncelen > 0)
{
/* Get nocsr nonce */
ByteSpan nocsr_nonce;
ReturnErrorOnFailure(tagReader.Get(nocsr_nonce));
/* Set nocsr nonce data */
VerifyOrReturnError(CHIP_NO_ERROR ==
se05xSetCertificate(NOCSR_CSR_NONCE_DATA_SE05X_ID, nocsr_nonce.data(), nocsr_nonce.size()),
CHIP_ERROR_INTERNAL);
}

if (message_to_sign.size() - (csrlen + noncelen + 6 /* Tag + control byte + len */ + 2 /* start and end containers*/) >= 16)
{
/* Set attestation challenge */
VerifyOrReturnError(CHIP_NO_ERROR ==
Expand Down