Allow platforms to bring their own crypto backend, and implement PSA Crypto and opaque keys for [EFR32] (#21415)
* Remove unused member from struct
* Add a way to use a platform-defined crypto backend
* Moving the checks and defaulting to the BUILD.gn file, to allow
both platform and commandline overriding of the chip_crypto setting
* Add an option 'platform' which skips adding dependencies and compiling
'CHIPCryptoPALxxx.cpp' into the library. Whoever/whatever is setting
chip_crypto to platform is responsible for maintaining their own
dependencies and keeping their implementation up to date with
CHIPCryptoPAL.h
* [EFR32] Add a PSA Crypto backend for EFR32
The EFR32 SDK has an SDK-supplied implementation of PSA which is hardware
backed.
* [EFR32] Speed and size improvements by going straight for the driver layer
Considering all keys pass in plaintext through this abstraction, this
doesn't really matter all that much for the time being.
* [EFR32] Finetune PSA Crypto configuration
Remove blanket 'BUILTIN_ALG' defines since they will cause PSA Crypto
to not be able to compile out these algorithm implementations in software,
which again causes pretty hefty dependencies on mbedTLS
* [EFR32] Now that we have HMAC through PSA, we don't need PKCS5 anymore
This saves quite some codespace by allowing to strip dead code dangling
from OpenThread's use of mbedtls_pk_parse_key (which, when PKCS5 is
enabled, will always include code for parsing password-protected PEM
files, but no such files are ever used in the context of Matter)
* [EFR32] Add implementation of opaque keys and opaque operational key store
* [EFR32] Implement persistence for operational keys and cleanup
* Implemented persistence of operational key map and runtime resizing
on key map should the setting change and be OTA'ed over.
* Changed namespacing to put EFR32 classes under the internal layer
* Added 'ConfigValueExists' overload to the config manager which returns
the size of an object if it exists.
* [EFR32] Set correct SHA context size on devices with HW acceleration
* [EFR32] fix incorrect usage of VerifyOrExit
* Add empty definition of TestAddEntropySources for platform
* [EFR32] Fix circular dependency
* [EFR32] Fix dependencies for Wifi build
* Fix default crypto build
Moving the override of chip_crypto in case it isn't set into crypto's
BUILD.gn instead of crypto.gni means that the toplevel BUILD.gn no longer
can see which crypto instance it ends up building with. This was only used
to determine whether or not to build chip-cert tool by default.
This commit clarifies that by duplicating the exact logic that was backing
this into the tools.gni file under a more descriptive variable name. The
actual logic probably needs cleaning up, but that would be outside the scope
of this PR.
* Pull apart the crypto library into headers, intermediate and backend
Instead of viewing crypto as a monolithic library, encode it more
granular to better allow platform crypto implementations. It now consists
of its public headers (which the crypto backends depend on), a static
library containing the abstractly-implemented functions, and a set
of source sets for each of the crypto backends provided by the main tree.
* [EFR32] Fix dependency encoding of crypto backend
The EFR32 crypto backend (brought in by setting chip_crypto to platform)
now correctly advertises a dependency on the matter crypto PAL. It only
needs the intermediate layer of the crypto PAL, not a backend, which is
taken care of due to chip_crypto being set to platform.
* [EFR32] Address readability according to review comments
* [EFR32] Use Matter CSR generation instead of mbedTLS
Use GenerateCertificateSigningRequest instead of replicating the mbedTLS
implementation of CSR generation. Since there were no other parts of the
app depending on mbedTLS CSR writing functionality, this saved 3.5kB of
code space for the light sample app on EFR32 BRD4161A.
* MbedTLS backend depends on Crypto PAL headers regardless of where it lives
* Restyled by gn
* Fix typo
* [EFR32] Allow building EFR32 examples with in-tree crypto backends
* [EFR32] Remove dead TinyCrypt code from EFR32 crypto backend
* [EFR32] Ensure mbedTLS gets rebuilt when config header is modified
* [EFR32] Dynamically size the keymap object for the operational keystore
* [EFR32] Some parts need mbedTLS's entropy API still
* rebase and restyle
Co-authored-by: Restyled.io <commits@restyled.io>
Co-authored-by: Junior Martinez <junior.martinez@silabs.com>
diff --git a/src/platform/EFR32/EFR32Config.cpp b/src/platform/EFR32/EFR32Config.cpp
index 9c156ac..1abd6cf 100644
--- a/src/platform/EFR32/EFR32Config.cpp
+++ b/src/platform/EFR32/EFR32Config.cpp
@@ -394,6 +394,22 @@
return (err == CHIP_NO_ERROR);
}
+bool EFR32Config::ConfigValueExists(Key key, size_t & dataLen)
+{
+ uint32_t objectType;
+ size_t dLen;
+
+ // Find object with key id.
+ CHIP_ERROR err = MapNvm3Error(nvm3_getObjectInfo(nvm3_defaultHandle, key, &objectType, &dLen));
+
+ if (err == CHIP_NO_ERROR)
+ {
+ dataLen = dLen;
+ }
+
+ return (err == CHIP_NO_ERROR);
+}
+
CHIP_ERROR EFR32Config::FactoryResetConfig(void)
{
// Deletes all nvm3 'Config' type objects.
