Skip to content

Commit

Permalink
DEBUG IN PROGRESS: chip_crypto='psa'
Browse files Browse the repository at this point in the history
  • Loading branch information
@rcasallas-silabs
rcasallas-silabs committed Aug 11, 2023
1 parent 85d1314 commit 64c2709
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 3 deletions.
24 changes: 23 additions & 1 deletion src/crypto/CHIPCryptoPALPSA.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,16 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
const Aes128KeyHandle & key, const uint8_t * nonce, size_t nonce_length, uint8_t * ciphertext,
uint8_t * tag, size_t tag_length)
{
uint8_t kbuf[sizeof(Aes128KeyByteArray)];
size_t key_len = 0;
psa_status_t stat = 0;

stat = psa_export_key(key.As<psa_key_id_t>(), kbuf, sizeof(kbuf), &key_len);

Progress::Debug("◆ AES_CCM_encrypt, key(%u):%04x [%02x %02x] !%d",
key_len, (unsigned)key.As<psa_key_id_t>(), kbuf[0], kbuf[1], stat);


VerifyOrReturnError(isBufferNonEmpty(nonce, nonce_length), CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(isValidTag(tag, tag_length), CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError((ciphertext != nullptr && plaintext != nullptr) || plaintext_length == 0, CHIP_ERROR_INVALID_ARGUMENT);
Expand Down Expand Up @@ -160,6 +170,16 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
const uint8_t * tag, size_t tag_length, const Aes128KeyHandle & key, const uint8_t * nonce,
size_t nonce_length, uint8_t * plaintext)
{
uint8_t kbuf[sizeof(Aes128KeyByteArray)];
size_t key_len = 0;
psa_status_t stat = 0;

stat = psa_export_key(key.As<psa_key_id_t>(), kbuf, sizeof(kbuf), &key_len);

Progress::Debug("◇ AES_CCM_encrypt, key(%u):%04x [%02x %02x] !%d",
key_len, (unsigned)key.As<psa_key_id_t>(), kbuf[0], kbuf[1], stat);


VerifyOrReturnError(isBufferNonEmpty(nonce, nonce_length), CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(isValidTag(tag, tag_length), CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError((ciphertext != nullptr && plaintext != nullptr) || ciphertext_length == 0, CHIP_ERROR_INVALID_ARGUMENT);
Expand All @@ -168,7 +188,7 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
const psa_algorithm_t algorithm = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_length);
psa_status_t status = PSA_SUCCESS;
psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
size_t outLength;
size_t outLength = 0;

status = psa_aead_decrypt_setup(&operation, key.As<psa_key_id_t>(), algorithm);
VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
Expand All @@ -193,12 +213,14 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
{
status = psa_aead_update(&operation, ciphertext, ciphertext_length, plaintext,
PSA_AEAD_UPDATE_OUTPUT_SIZE(PSA_KEY_TYPE_AES, algorithm, ciphertext_length), &outLength);
Progress::Debug("AES_CCM_decrypt, psa_aead_update: !%d, olen:%u", status, (unsigned)outLength);
VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);

plaintext += outLength;

status = psa_aead_verify(&operation, plaintext, PSA_AEAD_VERIFY_OUTPUT_SIZE(PSA_KEY_TYPE_AES, algorithm), &outLength, tag,
tag_length);
Progress::Debug("AES_CCM_decrypt, psa_aead_verify1: !%d", status);
}
else
{
Expand Down
2 changes: 1 addition & 1 deletion src/crypto/PSASessionKeystore.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ class AesKeyAttributes

psa_set_key_type(&mAttrs, PSA_KEY_TYPE_AES);
psa_set_key_algorithm(&mAttrs, kAlgorithm);
psa_set_key_usage_flags(&mAttrs, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_usage_flags(&mAttrs, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT);
psa_set_key_bits(&mAttrs, CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES * 8);
}

Expand Down
2 changes: 1 addition & 1 deletion src/platform/silabs/efr32/args.gni
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ openthread_external_mbedtls = mbedtls_target

# default to platform crypto implementation but allow commandline override
if (chip_crypto == "") {
chip_crypto = "platform"
chip_crypto = "psa"
}

chip_device_platform = "efr32"
Expand Down

0 comments on commit 64c2709

Please sign in to comment.