blob: 6078541307038231d60d407ec1c22d2639e13344 [file] [log] [blame]
/*
*
* Copyright (c) 2022 Project CHIP Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "SilabsDeviceAttestationCreds.h"
#include <credentials/examples/DeviceAttestationCredsExample.h>
#include <crypto/CHIPCryptoPAL.h>
#include <lib/core/CHIPError.h>
#include <lib/support/CodeUtils.h>
#include <lib/support/Span.h>
#include <lib/support/logging/CHIPLogging.h>
#include <platform/silabs/MigrationManager.h>
#include <platform/silabs/SilabsConfig.h>
#include <psa/crypto.h>
#include "silabs_creds.h"
using namespace chip::DeviceLayer::Internal;
using chip::DeviceLayer::Internal::SilabsConfig;
namespace chip {
namespace Credentials {
namespace Silabs {
namespace {
class DeviceAttestationCredsSilabs : public DeviceAttestationCredentialsProvider
{
// Miss-aligned certificates is a common error, and printing the first few bytes is
// useful to verify proper alignment. Eight bytes is enough for this purpose.
static constexpr size_t kDebugLength = 8;
public:
CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & out_span) override
{
if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_Base_Addr))
{
// Provisioned CD
return GetFile("GetCertificationDeclaration", SilabsConfig::kConfigKey_Creds_CD_Offset, SILABS_CREDENTIALS_CD_OFFSET,
SilabsConfig::kConfigKey_Creds_CD_Size, SILABS_CREDENTIALS_CD_SIZE, out_span);
}
else
{
// Example CD
return Examples::GetExampleDACProvider()->GetCertificationDeclaration(out_span);
}
}
CHIP_ERROR GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) override
{
// TODO: We need a real example FirmwareInformation to be populated.
out_firmware_info_buffer.reduce_size(0);
return CHIP_NO_ERROR;
}
CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & out_span) override
{
if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_Base_Addr))
{
// Provisioned DAC
return GetFile("GetDeviceAttestationCert", SilabsConfig::kConfigKey_Creds_DAC_Offset, SILABS_CREDENTIALS_DAC_OFFSET,
SilabsConfig::kConfigKey_Creds_DAC_Size, SILABS_CREDENTIALS_DAC_SIZE, out_span);
}
else
{
// Example DAC
return Examples::GetExampleDACProvider()->GetDeviceAttestationCert(out_span);
}
}
CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & out_span) override
{
if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_Base_Addr))
{
// Provisioned PAI
return GetFile("GetProductAttestationIntermediateCert", SilabsConfig::kConfigKey_Creds_PAI_Offset,
SILABS_CREDENTIALS_PAI_OFFSET, SilabsConfig::kConfigKey_Creds_PAI_Size, SILABS_CREDENTIALS_PAI_SIZE,
out_span);
}
else
{
// Example PAI
return Examples::GetExampleDACProvider()->GetProductAttestationIntermediateCert(out_span);
}
}
CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_span) override
{
if (SilabsConfig::ConfigValueExists(SilabsConfig::kConfigKey_Creds_KeyId))
{
// Provisioned DAC key
#ifdef SLI_SI91X_MCU_INTERFACE
return CHIP_ERROR_NOT_IMPLEMENTED;
#else
uint32_t key_id = SILABS_CREDENTIALS_DAC_KEY_ID;
uint8_t signature[64] = { 0 };
size_t signature_size = sizeof(signature);
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_KeyId, key_id));
ChipLogProgress(DeviceLayer, "SignWithDeviceAttestationKey, key:%lu", key_id);
psa_status_t err =
psa_sign_message(static_cast<psa_key_id_t>(key_id), PSA_ALG_ECDSA(PSA_ALG_SHA_256), message_to_sign.data(),
message_to_sign.size(), signature, signature_size, &signature_size);
VerifyOrReturnError(!err, CHIP_ERROR_INTERNAL);
return CopySpanToMutableSpan(ByteSpan(signature, signature_size), out_span);
#endif
}
else
{
// Example DAC key
return Examples::GetExampleDACProvider()->SignWithDeviceAttestationKey(message_to_sign, out_span);
}
}
private:
CHIP_ERROR GetFile(const char * description, uint32_t offset_key, uint32_t offset_default, uint32_t size_key,
uint32_t size_default, MutableByteSpan & out_span)
{
uint32_t base_addr = 0;
uint8_t * address = nullptr;
uint32_t offset = offset_default;
uint32_t size = size_default;
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(SilabsConfig::kConfigKey_Creds_Base_Addr, base_addr));
// Offset
if (SilabsConfig::ConfigValueExists(offset_key))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(offset_key, offset));
}
address = (uint8_t *) (base_addr + offset);
// Size
if (SilabsConfig::ConfigValueExists(size_key))
{
ReturnErrorOnFailure(SilabsConfig::ReadConfigValue(size_key, size));
}
ByteSpan span(address, size);
ChipLogProgress(DeviceLayer, "%s, addr:%p, size:%lu", description, address, size);
ChipLogByteSpan(DeviceLayer, ByteSpan(span.data(), kDebugLength > span.size() ? span.size() : kDebugLength));
return CopySpanToMutableSpan(span, out_span);
}
};
} // namespace
DeviceAttestationCredentialsProvider * GetSilabsDacProvider()
{
static DeviceAttestationCredsSilabs dac_provider;
return &dac_provider;
}
} // namespace Silabs
} // namespace Credentials
namespace DeviceLayer {
namespace Silabs {
void MigrateDacProvider(void)
{
constexpr uint32_t kOldKey_Creds_KeyId = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x21);
constexpr uint32_t kOldKey_Creds_Base_Addr = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x22);
constexpr uint32_t kOldKey_Creds_DAC_Offset = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x23);
constexpr uint32_t kOldKey_Creds_DAC_Size = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x24);
constexpr uint32_t kOldKey_Creds_PAI_Offset = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x25);
constexpr uint32_t kOldKey_Creds_PAI_Size = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x26);
constexpr uint32_t kOldKey_Creds_CD_Offset = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x27);
constexpr uint32_t kOldKey_Creds_CD_Size = SilabsConfigKey(SilabsConfig::kMatterConfig_KeyBase, 0x28);
MigrationManager::MigrateUint32(kOldKey_Creds_KeyId, SilabsConfig::kConfigKey_Creds_KeyId);
MigrationManager::MigrateUint32(kOldKey_Creds_Base_Addr, SilabsConfig::kConfigKey_Creds_Base_Addr);
MigrationManager::MigrateUint32(kOldKey_Creds_DAC_Offset, SilabsConfig::kConfigKey_Creds_DAC_Offset);
MigrationManager::MigrateUint32(kOldKey_Creds_DAC_Size, SilabsConfig::kConfigKey_Creds_DAC_Size);
MigrationManager::MigrateUint32(kOldKey_Creds_PAI_Offset, SilabsConfig::kConfigKey_Creds_PAI_Offset);
MigrationManager::MigrateUint32(kOldKey_Creds_PAI_Size, SilabsConfig::kConfigKey_Creds_PAI_Size);
MigrationManager::MigrateUint32(kOldKey_Creds_CD_Offset, SilabsConfig::kConfigKey_Creds_CD_Offset);
MigrationManager::MigrateUint32(kOldKey_Creds_CD_Size, SilabsConfig::kConfigKey_Creds_CD_Size);
}
} // namespace Silabs
} // namespace DeviceLayer
} // namespace chip