DEBUG IN PROGRESS.

rcasallas-silabs · Aug 24, 2023 · b5df142 · b5df142
1 parent 64c2709
commit b5df142
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 15 deletions.
diff --git a/src/crypto/CHIPCryptoPALOpenSSL.cpp b/src/crypto/CHIPCryptoPALOpenSSL.cpp
@@ -173,6 +173,15 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
     uint8_t placeholder_ciphertext[kAES_CCM128_Block_Length];
     bool ciphertext_was_null = (ciphertext == nullptr);
 
+    const uint8_t *kbuf = key.As<Aes128KeyByteArray>();
+    size_t key_len = sizeof(Aes128KeyByteArray);
+
+    Progress::Debug("◆ AES_CCM_encrypt(OSSL)");
+    si_debug_hex("Key  ", kbuf, key_len);
+    // si_debug_hex("AAD  ", aad, aad_length);
+    // si_debug_hex("Nonce", nonce, nonce_length);
+    si_debug_hex("Plain", plaintext, plaintext_length);
+
     if (plaintext_length == 0)
     {
         if (plaintext == nullptr)
@@ -267,6 +276,9 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
     VerifyOrExit(result == 1, error = CHIP_ERROR_INTERNAL);
 #endif // CHIP_CRYPTO_BORINGSSL
 
+    si_debug_hex("Cipher", ciphertext, ciphertext_length);
+    si_debug_hex("Tag", tag, tag_length);
+
 exit:
     if (context != nullptr)
     {
@@ -307,6 +319,18 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
     uint8_t placeholder_plaintext[kAES_CCM128_Block_Length];
     bool plaintext_was_null = (plaintext == nullptr);
 
+
+    const uint8_t *kbuf = key.As<Aes128KeyByteArray>();
+    size_t key_len = sizeof(Aes128KeyByteArray);
+
+    Progress::Debug("◇ AES_CCM_decrypt(OSSL)");
+    si_debug_hex("Key   ", kbuf, key_len);
+    // si_debug_hex("AAD   ", aad, aad_length);
+    // si_debug_hex("Nonce ", nonce, nonce_length);
+    si_debug_hex("Cipher", ciphertext, ciphertext_length);
+    si_debug_hex("Tag", tag, tag_length);
+
+
     if (ciphertext_length == 0)
     {
         if (ciphertext == nullptr)

diff --git a/src/crypto/CHIPCryptoPALPSA.cpp b/src/crypto/CHIPCryptoPALPSA.cpp
@@ -109,12 +109,12 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
     uint8_t kbuf[sizeof(Aes128KeyByteArray)];
     size_t key_len = 0;
     psa_status_t stat = 0;
-
     stat = psa_export_key(key.As<psa_key_id_t>(), kbuf, sizeof(kbuf), &key_len);
-
-    Progress::Debug("◆ AES_CCM_encrypt, key(%u):%04x [%02x %02x] !%d",
-    key_len, (unsigned)key.As<psa_key_id_t>(), kbuf[0], kbuf[1], stat);
-
+    Progress::Debug("◆ AES_CCM_encrypt(PSA), key(%04x) !%d", (unsigned)key.As<psa_key_id_t>(), stat);
+    si_debug_hex("Key  ", kbuf, key_len);
+    // si_debug_hex("AAD  ", aad, aad_length);
+    // si_debug_hex("Nonce", nonce, nonce_length);
+    si_debug_hex("Plain", plaintext, plaintext_length);
 
     VerifyOrReturnError(isBufferNonEmpty(nonce, nonce_length), CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(isValidTag(tag, tag_length), CHIP_ERROR_INVALID_ARGUMENT);
@@ -163,22 +163,27 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
     }
     VerifyOrReturnError(status == PSA_SUCCESS && tag_length == tag_out_length, CHIP_ERROR_INTERNAL);
 
+    si_debug_hex("Tag", tag, tag_length);
     return CHIP_NO_ERROR;
 }
 
 CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length, const uint8_t * aad, size_t aad_length,
                            const uint8_t * tag, size_t tag_length, const Aes128KeyHandle & key, const uint8_t * nonce,
                            size_t nonce_length, uint8_t * plaintext)
 {
-    uint8_t kbuf[sizeof(Aes128KeyByteArray)];
+    uint8_t kbuf[sizeof(Aes128KeyByteArray)] = { 0 };
     size_t key_len = 0;
     psa_status_t stat = 0;
+    uint8_t * p = plaintext;
 
+    // memset(plaintext, 0x00, ciphertext_length);
     stat = psa_export_key(key.As<psa_key_id_t>(), kbuf, sizeof(kbuf), &key_len);
-
-    Progress::Debug("◇ AES_CCM_encrypt, key(%u):%04x [%02x %02x] !%d",
-    key_len, (unsigned)key.As<psa_key_id_t>(), kbuf[0], kbuf[1], stat);
-
+    Progress::Debug("◇ AES_CCM_decrypt(PSA), key(%04x) !%d; %p, %p", (unsigned)key.As<psa_key_id_t>(), stat, ciphertext, plaintext);
+    si_debug_hex("Key   ", kbuf, key_len);
+    // si_debug_hex("AAD   ", aad, aad_length);
+    // si_debug_hex("Nonce ", nonce, nonce_length);
+    si_debug_hex("Cipher", ciphertext, ciphertext_length);
+    si_debug_hex("Tag", tag, tag_length);
 
     VerifyOrReturnError(isBufferNonEmpty(nonce, nonce_length), CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(isValidTag(tag, tag_length), CHIP_ERROR_INVALID_ARGUMENT);
@@ -214,13 +219,14 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
         status = psa_aead_update(&operation, ciphertext, ciphertext_length, plaintext,
                                  PSA_AEAD_UPDATE_OUTPUT_SIZE(PSA_KEY_TYPE_AES, algorithm, ciphertext_length), &outLength);
         Progress::Debug("AES_CCM_decrypt, psa_aead_update: !%d, olen:%u", status, (unsigned)outLength);
+        // si_debug_hex("Plain-", p, ciphertext_length);
         VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
 
         plaintext += outLength;
-
         status = psa_aead_verify(&operation, plaintext, PSA_AEAD_VERIFY_OUTPUT_SIZE(PSA_KEY_TYPE_AES, algorithm), &outLength, tag,
                                  tag_length);
-        Progress::Debug("AES_CCM_decrypt, psa_aead_verify1: !%d", status);
+        si_debug_hex("Plain+", p, ciphertext_length);
+        Progress::Debug("AES_CCM_decrypt, psa_aead_verify1(%u): !%d", (unsigned)outLength, status);
     }
     else
     {
@@ -254,11 +260,13 @@ CHIP_ERROR Hash_SHA1(const uint8_t * data, const size_t data_length, uint8_t * o
 
 static inline psa_hash_operation_t * toHashOperation(HashSHA256OpaqueContext * context)
 {
+    // Progress::Debug("◇ toHashOperation*(%u; %u)", sizeof(HashSHA256OpaqueContext), sizeof(psa_hash_operation_t));
     return SafePointerCast<psa_hash_operation_t *>(context);
 }
 
 static inline psa_hash_operation_t & toHashOperation(HashSHA256OpaqueContext & context)
 {
+    // Progress::Debug("◇ toHashOperation&(%u; %u)", sizeof(HashSHA256OpaqueContext), sizeof(psa_hash_operation_t));
     return *SafePointerCast<psa_hash_operation_t *>(&context);
 }
 

diff --git a/src/lib/core/CHIPConfig.h b/src/lib/core/CHIPConfig.h
@@ -182,7 +182,7 @@
  *
  */
 #ifndef CHIP_CONFIG_SHA256_CONTEXT_SIZE
-#define CHIP_CONFIG_SHA256_CONTEXT_SIZE ((sizeof(unsigned int) * (8 + 2 + 16 + 2)) + sizeof(uint64_t))
+#define CHIP_CONFIG_SHA256_CONTEXT_SIZE 230 //((sizeof(unsigned int) * (8 + 2 + 16 + 2)) + sizeof(uint64_t))
 #endif // CHIP_CONFIG_SHA256_CONTEXT_SIZE
 
 /**

diff --git a/src/lib/support/logging/Progress.cpp b/src/lib/support/logging/Progress.cpp
@@ -37,7 +37,7 @@ size_t si_format_hex(const uint8_t *input, size_t in_size, char *output, size_t
             }
             else
             {
-                n = snprintf(&output[out_off], out_left, "  %02x", (unsigned)input[in_offset]);
+                n = snprintf(&output[out_off], out_left, "\n%02x", (unsigned)input[in_offset]);
             }
         }
         else if(in_offset % 4 == 0)
@@ -69,5 +69,5 @@ void si_debug_hex(const char *tag, const uint8_t *data, size_t data_size)
 {
     char buffer[1024];
     si_format_hex(data, data_size, buffer, sizeof(buffer));
-    printf("%s(%u): %s\n", tag, (unsigned) data_size, buffer);
+    printf("%s(%u):\n%s\n", tag, (unsigned) data_size, buffer);
 }
diff --git a/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp b/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp
@@ -167,13 +167,20 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
     size_t output_length      = 0;
     uint8_t * buffer          = nullptr;
     bool allocated_buffer     = false;
+    const uint8_t *kbuf = key.As<Aes128KeyByteArray>();
+    size_t key_len = sizeof(Aes128KeyByteArray);
 
     VerifyOrExit(_isValidTagLength(tag_length), error = CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrExit(nonce != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrExit(nonce_length > 0, error = CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrExit(CanCastTo<int>(nonce_length), error = CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrExit(tag != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
 
+    Progress::Debug("◆ AES_CCM_encrypt(EFR32)");
+    si_debug_hex("Key", kbuf, key_len);
+    si_debug_hex("AAD", aad, aad_length);
+    si_debug_hex("Nonce", nonce, nonce_length);
+
     // If the ciphertext and tag outputs aren't a contiguous buffer, the PSA API requires buffer copying
     if (Uint8::to_uchar(ciphertext) + plaintext_length != Uint8::to_uchar(tag))
     {
@@ -223,12 +230,19 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_len, co
     size_t output_length      = 0;
     uint8_t * buffer          = nullptr;
     bool allocated_buffer     = false;
+    const uint8_t *kbuf = key.As<Aes128KeyByteArray>();
+    size_t key_len = sizeof(Aes128KeyByteArray);
 
     VerifyOrExit(_isValidTagLength(tag_length), error = CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrExit(tag != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrExit(nonce != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrExit(nonce_length > 0, error = CHIP_ERROR_INVALID_ARGUMENT);
 
+    Progress::Debug("◇ AES_CCM_decrypt(EFR32)");
+    si_debug_hex("Key", kbuf, key_len);
+    si_debug_hex("AAD", aad, aad_len);
+    si_debug_hex("Nonce", nonce, nonce_length);
+
     // If the ciphertext and tag outputs aren't a contiguous buffer, the PSA API requires buffer copying
     if (Uint8::to_const_uchar(ciphertext) + ciphertext_len != Uint8::to_const_uchar(tag))
     {

diff --git a/src/platform/silabs/efr32/psa_crypto_config.h b/src/platform/silabs/efr32/psa_crypto_config.h
@@ -44,6 +44,7 @@
 #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
 #endif
 // end of user configuration section >>>
+#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
 
 // AUTO GENERATED PSA CONFIG SECTION BELOW. **KEEP AS IS FUTURE GSDK UPDATE**
 #define PSA_WANT_KEY_TYPE_AES