src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_HMAC.cpp - third_party/github/project-chip/connectedhomeip - Git at Google

 /*
  *
  *    Copyright (c) 2021 Project CHIP Authors
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
  *    You may obtain a copy of the License at
  *
  *        http://www.apache.org/licenses/LICENSE-2.0
  *
  *    Unless required by applicable law or agreed to in writing, software
  *    distributed under the License is distributed on an "AS IS" BASIS,
  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *    See the License for the specific language governing permissions and
  *    limitations under the License.
  */

 /**
  *    @file
  *      HSM based implementation of CHIP crypto primitives
  *      Based on configurations in CHIPCryptoPALHsm_config.h file,
  *      chip crypto apis use either HSM or rollback to software implementation.
  */

 #include "CHIPCryptoPALHsm_SE05X_utils.h"
 #include <lib/core/CHIPEncoding.h>

 #if ENABLE_HSM_HMAC_SHA256

 #define MAX_MAC_ONE_SHOT_DATA_LEN 900

 namespace chip {
 namespace Crypto {

 HMAC_shaHSM::HMAC_shaHSM()
 {
     keyid = kKeyId_hmac_sha256_keyid;
 }
 HMAC_shaHSM::~HMAC_shaHSM() {}

 CHIP_ERROR HMAC_shaHSM::HMAC_SHA256(const uint8_t * key, size_t key_length, const uint8_t * message, size_t message_length,
                                     uint8_t * out_buffer, size_t out_length)

 {
     CHIP_ERROR error       = CHIP_ERROR_INTERNAL;
     sss_mac_t ctx_mac      = { 0 };
     sss_object_t keyObject = { 0 };

     VerifyOrReturnError(key != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(key_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(message != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(message_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(out_length >= CHIP_CRYPTO_HASH_LEN_BYTES, CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(out_buffer != nullptr, CHIP_ERROR_INVALID_ARGUMENT);

     if (key_length > 256)
     {
         return HMAC_sha::HMAC_SHA256(key, key_length, message, message_length, out_buffer, out_length);
     }

     VerifyOrReturnError(keyid != kKeyId_NotInitialized, CHIP_ERROR_HSM);

     se05x_sessionOpen();
     VerifyOrReturnError(gex_sss_chip_ctx.ks.session != NULL, CHIP_ERROR_INTERNAL);

     sss_status_t status = sss_key_object_init(&keyObject, &gex_sss_chip_ctx.ks);
     VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

     status = sss_key_object_allocate_handle(&keyObject, keyid, kSSS_KeyPart_Default, kSSS_CipherType_HMAC, key_length,
                                             kKeyObject_Mode_Transient);
     VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

     status = sss_key_store_set_key(&gex_sss_chip_ctx.ks, &keyObject, key, key_length, key_length * 8, NULL, 0);
     VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

     status = sss_mac_context_init(&ctx_mac, &gex_sss_chip_ctx.session, &keyObject, kAlgorithm_SSS_HMAC_SHA256, kMode_SSS_Mac);
     VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

     if (message_length <= MAX_MAC_ONE_SHOT_DATA_LEN)
     {
         status = sss_mac_one_go(&ctx_mac, message, message_length, out_buffer, &out_length);
         VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
     }
     else
     {
         /* Calculate MAC using multistep calls */
         size_t datalenTemp = 0;
         size_t rem_len     = message_length;

         status = sss_mac_init(&ctx_mac);
         VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

         while (rem_len > 0)
         {
             datalenTemp = (rem_len > MAX_MAC_ONE_SHOT_DATA_LEN) ? MAX_MAC_ONE_SHOT_DATA_LEN : rem_len;
             status      = sss_mac_update(&ctx_mac, (message + (message_length - rem_len)), datalenTemp);
             VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
             rem_len = rem_len - datalenTemp;
         }

         status = sss_mac_finish(&ctx_mac, out_buffer, &out_length);
         VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
     }

     error = CHIP_NO_ERROR;
 exit:

     if (ctx_mac.session != NULL)
     {
         sss_mac_context_free(&ctx_mac);
     }

     sss_key_store_erase_key(&gex_sss_chip_ctx.ks, &keyObject);

     return error;
 }

 } // namespace Crypto
 } // namespace chip

 #endif //#if ENABLE_HSM_HMAC_SHA256
	/*
	*
	* Copyright (c) 2021 Project CHIP Authors
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	/**
	* @file
	* HSM based implementation of CHIP crypto primitives
	* Based on configurations in CHIPCryptoPALHsm_config.h file,
	* chip crypto apis use either HSM or rollback to software implementation.
	*/

	#include "CHIPCryptoPALHsm_SE05X_utils.h"
	#include <lib/core/CHIPEncoding.h>

	#if ENABLE_HSM_HMAC_SHA256

	#define MAX_MAC_ONE_SHOT_DATA_LEN 900

	namespace chip {
	namespace Crypto {

	HMAC_shaHSM::HMAC_shaHSM()
	{
	keyid = kKeyId_hmac_sha256_keyid;
	}
	HMAC_shaHSM::~HMAC_shaHSM() {}

	CHIP_ERROR HMAC_shaHSM::HMAC_SHA256(const uint8_t * key, size_t key_length, const uint8_t * message, size_t message_length,
	uint8_t * out_buffer, size_t out_length)

	{
	CHIP_ERROR error = CHIP_ERROR_INTERNAL;
	sss_mac_t ctx_mac = { 0 };
	sss_object_t keyObject = { 0 };

	VerifyOrReturnError(key != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
	VerifyOrReturnError(key_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
	VerifyOrReturnError(message != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
	VerifyOrReturnError(message_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
	VerifyOrReturnError(out_length >= CHIP_CRYPTO_HASH_LEN_BYTES, CHIP_ERROR_INVALID_ARGUMENT);
	VerifyOrReturnError(out_buffer != nullptr, CHIP_ERROR_INVALID_ARGUMENT);

	if (key_length > 256)
	{
	return HMAC_sha::HMAC_SHA256(key, key_length, message, message_length, out_buffer, out_length);
	}

	VerifyOrReturnError(keyid != kKeyId_NotInitialized, CHIP_ERROR_HSM);

	se05x_sessionOpen();
	VerifyOrReturnError(gex_sss_chip_ctx.ks.session != NULL, CHIP_ERROR_INTERNAL);

	sss_status_t status = sss_key_object_init(&keyObject, &gex_sss_chip_ctx.ks);
	VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

	status = sss_key_object_allocate_handle(&keyObject, keyid, kSSS_KeyPart_Default, kSSS_CipherType_HMAC, key_length,
	kKeyObject_Mode_Transient);
	VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

	status = sss_key_store_set_key(&gex_sss_chip_ctx.ks, &keyObject, key, key_length, key_length * 8, NULL, 0);
	VerifyOrReturnError(status == kStatus_SSS_Success, CHIP_ERROR_INTERNAL);

	status = sss_mac_context_init(&ctx_mac, &gex_sss_chip_ctx.session, &keyObject, kAlgorithm_SSS_HMAC_SHA256, kMode_SSS_Mac);
	VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

	if (message_length <= MAX_MAC_ONE_SHOT_DATA_LEN)
	{
	status = sss_mac_one_go(&ctx_mac, message, message_length, out_buffer, &out_length);
	VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
	}
	else
	{
	/* Calculate MAC using multistep calls */
	size_t datalenTemp = 0;
	size_t rem_len = message_length;

	status = sss_mac_init(&ctx_mac);
	VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

	while (rem_len > 0)
	{
	datalenTemp = (rem_len > MAX_MAC_ONE_SHOT_DATA_LEN) ? MAX_MAC_ONE_SHOT_DATA_LEN : rem_len;
	status = sss_mac_update(&ctx_mac, (message + (message_length - rem_len)), datalenTemp);
	VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
	rem_len = rem_len - datalenTemp;
	}

	status = sss_mac_finish(&ctx_mac, out_buffer, &out_length);
	VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
	}

	error = CHIP_NO_ERROR;
	exit:

	if (ctx_mac.session != NULL)
	{
	sss_mac_context_free(&ctx_mac);
	}

	sss_key_store_erase_key(&gex_sss_chip_ctx.ks, &keyObject);

	return error;
	}

	} // namespace Crypto
	} // namespace chip

	#endif //#if ENABLE_HSM_HMAC_SHA256