Merge branch 'master' into modernize_loops

project-chip · Nov 3, 2022 · 669d4f8 · 669d4f8
2 parents b9e6349 + 706e9bb
commit 669d4f8
Show file tree

Hide file tree

Showing 14 changed files with 282 additions and 191 deletions.
diff --git a/README.md b/README.md
diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp
@@ -37,23 +37,27 @@
 /* Device attestation key ids */
 #define DEV_ATTESTATION_KEY_SE05X_ID 0x7D300000
 #define DEV_ATTESTATION_CERT_SE05X_ID 0x7D300001
+#define CERT_DECLARATION_DATA_SE05X_ID 0x7D300002
 
 /* Device attestation key ids (Used with internal sign) */
-#define CD_DEV_ATTESTATION_KEY_SE05X_ID 0x7D300002
-#define NOCSR_DEV_ATTESTATION_KEY_SE05X_ID 0x7D300004
-
-/* Device attestation data ids (for Cert decl) */
-#define CD_CERT_DECLARATION_DATA_SE05X_ID 0x7D300009
-#define CD_ATTEST_NONCE_DATA_SE05X_ID 0x7D30000C
-#define CD_TIME_STAMP_LEN_SE05X_ID 0x7D30000E
-#define CD_TIME_STAMP_DATA_SE05X_ID 0x7D30000F
-#define CD_ATTEST_CHALLENGE_SE05X_ID 0x7D300011
-
-/* Device attestation data ids (for CSR) */
-#define NOCSR_CSR_LEN_SE05X_ID 0x7D300014
-#define NOCSR_CSR_DATA_SE05X_ID 0x7D300015
-#define NOCSR_CSR_NONCE_DATA_SE05X_ID 0x7D300018
-#define NOCSR_ATTEST_CHALLENGE_SE05X_ID 0x7D30001A
+#define DEV_ATTESTATION_KEY_SE05X_ID_IS 0x7D300003
+#define DEV_ATTESTATION_KEY_SE05X_ID_IS_TBS 0x7D300004
+
+#define TAG1_ID 0x7D300005
+#define TAG1_LEN_ID 0x7D300006
+#define TAG1_VALUE_ID 0x7D300007
+#define TAG2_ID 0x7D300008
+#define TAG2_LEN_ID 0x7D300009
+#define TAG2_VALUE_ID 0x7D30000A
+#define TAG3_ID 0x7D30000B
+#define TAG3_LEN_ID 0x7D30000C
+#define TAG3_VALUE_ID 0x7D30000D
+#define ATTEST_CHALLENGE_ID 0x7D30000E
+
+#define START_CONTAINER_SE05X_ID 0x7D30000F
+#define END_CONTAINER_SE05X_ID 0x7D300010
+
+#define NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE 3 /* Starting with TAG1 */
 
 extern CHIP_ERROR se05xGetCertificate(uint32_t keyId, uint8_t * buf, size_t * buflen);
 extern CHIP_ERROR se05xSetCertificate(uint32_t keyId, const uint8_t * buf, size_t buflen);
@@ -66,6 +70,11 @@ namespace Examples {
 
 namespace {
 
+// Note: The example DAC provider class is only for demonstration purpose.
+// Modification to SignWithDeviceAttestationKey member will be required in case there is a change in device attestation sign
+// message (other TLVs are added). In the current implementation of SignWithDeviceAttestationKey only TLV1, TLV2 and TLV3 are
+// expected in the sign message.
+
 class ExampleSe05xDACProviderv2 : public DeviceAttestationCredentialsProvider
 {
 public:
@@ -150,7 +159,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::GetCertificationDeclaration(MutableByteSpa
 #else
     size_t buflen = out_cd_buffer.size();
     ChipLogDetail(Crypto, "Get certificate declaration from se05x");
-    ReturnErrorOnFailure(se05xGetCertificate(CD_CERT_DECLARATION_DATA_SE05X_ID, out_cd_buffer.data(), &buflen));
+    ReturnErrorOnFailure(se05xGetCertificate(CERT_DECLARATION_DATA_SE05X_ID, out_cd_buffer.data(), &buflen));
     out_cd_buffer.reduce_size(buflen);
     return CHIP_NO_ERROR;
 #endif
@@ -167,7 +176,9 @@ CHIP_ERROR ExampleSe05xDACProviderv2::GetFirmwareInformation(MutableByteSpan & o
 CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpan & message_to_sign,
                                                                    MutableByteSpan & out_signature_buffer)
 {
-    CHIP_ERROR err = CHIP_NO_ERROR;
+    CHIP_ERROR err                                                   = CHIP_NO_ERROR;
+    uint8_t signature_se05x[Crypto::kMax_ECDSA_Signature_Length_Der] = { 0 };
+    size_t signature_se05x_len                                       = sizeof(signature_se05x);
     VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT);
 
@@ -178,108 +189,81 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa
 
     msg_reader.Init(message_to_sign);
 
-    /* To be removed. Use common key id to sign message */
-    static bool sign_cert_decl_attest = 1;
+    uint16_t taglen = 0;
+    ByteSpan tagvalue;
+    uint8_t tempBuf[2] = {
+        0,
+    };
+
+    tempBuf[0] = (uint8_t) TLV::TLVElementType::Structure;
+    SuccessOrExit(se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1));
 
-    if (sign_cert_decl_attest)
+    for (int i = 1; i <= NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE; i++)
     {
-        /* Check if certificate declaration tag is present and Skip certificate declaration tag */
-        ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(1), tagReader));
-
-        ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(2), tagReader));
-        uint8_t attlen = tagReader.GetLength();
-        VerifyOrReturnError(attlen > 0, CHIP_ERROR_INVALID_TLV_TAG);
-        /* Get attestation nonce */
-        ByteSpan attest_nonce;
-        ReturnErrorOnFailure(tagReader.Get(attest_nonce));
-        /* Set attestation nonce */
-        VerifyOrReturnError(CHIP_NO_ERROR ==
-                                se05xSetCertificate(CD_ATTEST_NONCE_DATA_SE05X_ID, attest_nonce.data(), attest_nonce.size()),
-                            CHIP_ERROR_INTERNAL);
-
-        ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(3), tagReader));
-        uint8_t tslen = tagReader.GetLength();
-        if (tslen > 0)
+        CHIP_ERROR tlverr = CHIP_NO_ERROR;
+        tlverr            = TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader);
+        if ((i == 3) && (tlverr == CHIP_ERROR_TLV_TAG_NOT_FOUND))
         {
-            ByteSpan time_stamp;
-            ReturnErrorOnFailure(tagReader.Get(time_stamp));
-            /* Set time stamp data */
-            VerifyOrReturnError(CHIP_NO_ERROR ==
-                                    se05xSetCertificate(CD_TIME_STAMP_DATA_SE05X_ID, time_stamp.data(), time_stamp.size()),
-                                CHIP_ERROR_INTERNAL);
+            continue;
         }
-        /* Set time stamp length */
-        VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(CD_TIME_STAMP_LEN_SE05X_ID, &tslen, 1), CHIP_ERROR_INTERNAL);
+        SuccessOrExit(tlverr);
+
+        // Transient binary object ids starting from location 0x7D300005 (TAG1_ID) to 0x7D30000D (TAG3_VALUE_ID)
+        // are used to store the TLV contents.
+        // Binary object id are calculated using the loop iterator in the below code.
 
-        if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16)
+        taglen     = tagReader.GetLength();
+        tempBuf[0] = tagReader.GetControlByte();
+        tempBuf[1] = i;
+        SuccessOrExit(se05xSetCertificate(TAG1_ID + (3 /* tag + length + value ids */ * (i - 1)), tempBuf, 2));
+        if (taglen > 256)
         {
-            /* Set attestation challenge */
-            VerifyOrReturnError(CHIP_NO_ERROR ==
-                                    se05xSetCertificate(CD_ATTEST_CHALLENGE_SE05X_ID, (message_to_sign.end() - 16), 16),
-                                CHIP_ERROR_INTERNAL);
+            tempBuf[0] = taglen & 0xFF;
+            tempBuf[1] = (taglen >> 8) & 0xFF;
+            SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 2));
         }
-    }
-    else
-    {
-        ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(1), tagReader));
-        uint8_t csrlen = tagReader.GetLength();
-        VerifyOrReturnError(csrlen > 0, CHIP_ERROR_INVALID_TLV_TAG);
-        ByteSpan csr_data;
-        /* Get nocsr */
-        ReturnErrorOnFailure(tagReader.Get(csr_data));
-        /* Set nocsr length */
-        VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_LEN_SE05X_ID, &csrlen, 1), CHIP_ERROR_INTERNAL);
-        /* Set nocsr data */
-        se05x_delete_key(NOCSR_CSR_DATA_SE05X_ID);
-        VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_DATA_SE05X_ID, csr_data.data(), csr_data.size()),
-                            CHIP_ERROR_INTERNAL);
-
-        ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(2), tagReader));
-        uint8_t noncelen = tagReader.GetLength();
-        VerifyOrReturnError(noncelen > 0, CHIP_ERROR_INVALID_TLV_TAG);
-        /* Get nocsr nonce */
-        ByteSpan nocsr_nonce;
-        ReturnErrorOnFailure(tagReader.Get(nocsr_nonce));
-        /* Set nocsr nonce data */
-        VerifyOrReturnError(CHIP_NO_ERROR ==
-                                se05xSetCertificate(NOCSR_CSR_NONCE_DATA_SE05X_ID, nocsr_nonce.data(), nocsr_nonce.size()),
-                            CHIP_ERROR_INTERNAL);
-
-        if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16)
+        else
         {
-            /* Set attestation challenge */
-            VerifyOrReturnError(CHIP_NO_ERROR ==
-                                    se05xSetCertificate(NOCSR_ATTEST_CHALLENGE_SE05X_ID, (message_to_sign.end() - 16), 16),
-                                CHIP_ERROR_INTERNAL);
+            tempBuf[0] = taglen;
+            SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 1));
+        }
+        if (taglen > 0)
+        {
+            SuccessOrExit(tagReader.Get(tagvalue));
+            SuccessOrExit(se05xSetCertificate(TAG1_VALUE_ID + (3 * (i - 1)), tagvalue.data(), taglen));
         }
     }
 
-    uint8_t signature_se05x[Crypto::kMax_ECDSA_Signature_Length_Der] = { 0 };
-    size_t signature_se05x_len                                       = sizeof(signature_se05x);
+    tempBuf[0] = (uint8_t) TLV::TLVElementType::EndOfContainer;
+    SuccessOrExit(se05xSetCertificate(END_CONTAINER_SE05X_ID, tempBuf, 1));
 
-    if (sign_cert_decl_attest)
-    {
-        err = se05xPerformInternalSign(CD_DEV_ATTESTATION_KEY_SE05X_ID, signature_se05x, &signature_se05x_len);
-        se05x_delete_key(CD_ATTEST_NONCE_DATA_SE05X_ID);
-        se05x_delete_key(CD_TIME_STAMP_LEN_SE05X_ID);
-        se05x_delete_key(CD_TIME_STAMP_DATA_SE05X_ID);
-        se05x_delete_key(CD_ATTEST_CHALLENGE_SE05X_ID);
-        sign_cert_decl_attest = 0;
-    }
-    else
+    if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16)
     {
-        err = se05xPerformInternalSign(NOCSR_DEV_ATTESTATION_KEY_SE05X_ID, signature_se05x, &signature_se05x_len);
-        se05x_delete_key(NOCSR_CSR_LEN_SE05X_ID);
-        se05x_delete_key(NOCSR_CSR_DATA_SE05X_ID);
-        se05x_delete_key(NOCSR_CSR_NONCE_DATA_SE05X_ID);
-        se05x_delete_key(NOCSR_ATTEST_CHALLENGE_SE05X_ID);
-        sign_cert_decl_attest = 1;
+        /* Set attestation challenge */
+        SuccessOrExit(se05xSetCertificate(ATTEST_CHALLENGE_ID, (message_to_sign.end() - 16), 16));
     }
 
-    ReturnErrorOnFailure(err);
-
-    return chip::Crypto::EcdsaAsn1SignatureToRaw(chip::Crypto::kP256_FE_Length, ByteSpan{ signature_se05x, signature_se05x_len },
-                                                 out_signature_buffer);
+    SuccessOrExit(se05xPerformInternalSign(DEV_ATTESTATION_KEY_SE05X_ID_IS, signature_se05x, &signature_se05x_len));
+
+    err = chip::Crypto::EcdsaAsn1SignatureToRaw(chip::Crypto::kP256_FE_Length, ByteSpan{ signature_se05x, signature_se05x_len },
+                                                out_signature_buffer);
+
+exit:
+    // Delete existing objects if any
+    se05x_delete_key(START_CONTAINER_SE05X_ID);
+    se05x_delete_key(TAG1_ID);
+    se05x_delete_key(TAG1_LEN_ID);
+    se05x_delete_key(TAG1_VALUE_ID);
+    se05x_delete_key(TAG2_ID);
+    se05x_delete_key(TAG2_LEN_ID);
+    se05x_delete_key(TAG2_VALUE_ID);
+    se05x_delete_key(TAG3_ID);
+    se05x_delete_key(TAG3_LEN_ID);
+    se05x_delete_key(TAG3_VALUE_ID);
+    se05x_delete_key(END_CONTAINER_SE05X_ID);
+    se05x_delete_key(ATTEST_CHALLENGE_ID);
+
+    return err;
 }
 
 } // namespace

diff --git a/examples/platform/nxp/se05x/linux/AppMain.cpp b/examples/platform/nxp/se05x/linux/AppMain.cpp
@@ -78,6 +78,7 @@
 
 #if CHIP_CRYPTO_HSM
 #include "DeviceAttestationSe05xCredsExample.h"
+#include "se05x_t4t_utils.h"
 #include <crypto/hsm/CHIPCryptoPALHsm.h>
 #include <crypto/hsm/nxp/PersistentStorageOperationalKeystoreHSM.h>
 #endif
@@ -367,6 +368,10 @@ void ChipLinuxAppMainLoop()
 #else
     static chip::CommonCaseDeviceServerInitParams initParams;
 #endif
+
+#if CHIP_CRYPTO_HSM
+    VerifyOrDie(se05x_enable_contactless_interface() == 0);
+#endif
     VerifyOrDie(initParams.InitializeStaticResourcesBeforeServerInit() == CHIP_NO_ERROR);
 
 #if defined(ENABLE_CHIP_SHELL)

diff --git a/examples/thermostat/nxp/linux-se05x/README.md b/examples/thermostat/nxp/linux-se05x/README.md
@@ -0,0 +1,4 @@
+To cross-compile this example on x64 host and run on **NXP i.MX 8M Mini**
+**EVK**, see the associated
+[README document](../../../../../docs/guides/nxp_imx8m_linux_examples.md) for
+details.
diff --git a/examples/thermostat/nxp/linux-se05x/args.gni b/examples/thermostat/nxp/linux-se05x/args.gni
@@ -15,4 +15,3 @@
 import("//build_overrides/chip.gni")
 import("${chip_root}/config/standalone/args.gni")
 chip_with_se05x = 1
-host = "host_linux"
diff --git a/src/access/AccessControl.cpp b/src/access/AccessControl.cpp
@@ -632,5 +632,10 @@ void SetAccessControl(AccessControl & accessControl)
     globalAccessControl = &accessControl;
 }
 
+void ResetAccessControlToDefault()
+{
+    globalAccessControl = &defaultAccessControl;
+}
+
 } // namespace Access
 } // namespace chip
diff --git a/src/access/AccessControl.h b/src/access/AccessControl.h
@@ -683,7 +683,7 @@ void SetAccessControl(AccessControl & accessControl);
  *
  * Calls to this function must be synchronized externally.
  */
-void ResetAccessControl();
+void ResetAccessControlToDefault();
 
 } // namespace Access
 } // namespace chip
diff --git a/src/access/tests/TestAccessControl.cpp b/src/access/tests/TestAccessControl.cpp
@@ -2173,6 +2173,7 @@ int Setup(void * inContext)
 int Teardown(void * inContext)
 {
     GetAccessControl().Finish();
+    ResetAccessControlToDefault();
     return SUCCESS;
 }
 

diff --git a/src/app/server/Server.cpp b/src/app/server/Server.cpp
@@ -430,6 +430,7 @@ void Server::Shutdown()
     mSessions.Shutdown();
     mTransports.Close();
     mAccessControl.Finish();
+    Access::ResetAccessControlToDefault();
     Credentials::SetGroupDataProvider(nullptr);
     mAttributePersister.Shutdown();
     // TODO(16969): Remove chip::Platform::MemoryInit() call from Server class, it belongs to outer code

diff --git a/src/app/tests/AppTestContext.cpp b/src/app/tests/AppTestContext.cpp
@@ -52,6 +52,7 @@ CHIP_ERROR AppContext::Init()
 void AppContext::Shutdown()
 {
     Access::GetAccessControl().Finish();
+    Access::ResetAccessControlToDefault();
 
     chip::app::InteractionModelEngine::GetInstance()->Shutdown();
     Super::Shutdown();

diff --git a/src/inet/UDPEndPointImplLwIP.cpp b/src/inet/UDPEndPointImplLwIP.cpp
@@ -59,6 +59,12 @@ static_assert(LWIP_VERSION_MAJOR > 1, "CHIP requires LwIP 2.0 or later");
 #undef HAVE_IPV6_MULTICAST
 #endif
 
+#if (LWIP_VERSION_MAJOR == 2) && (LWIP_VERSION_MINOR == 0)
+#define PBUF_STRUCT_DATA_CONTIGUOUS(pbuf) (pbuf)->type == PBUF_RAM || (pbuf)->type == PBUF_POOL
+#else // (LWIP_VERSION_MAJOR == 2) && (LWIP_VERSION_MINOR == 0)
+#define PBUF_STRUCT_DATA_CONTIGUOUS(pbuf) (pbuf)->type_internal & PBUF_TYPE_FLAG_STRUCT_DATA_CONTIGUOUS
+#endif // (LWIP_VERSION_MAJOR == 2) && (LWIP_VERSION_MINOR == 0)
+
 namespace chip {
 namespace Platform {
 template <>
@@ -366,6 +372,7 @@ void UDPEndPointImplLwIP::LwIPReceiveUDPMessage(void * arg, struct udp_pcb * pcb
 {
     Platform::UniquePtr<struct pbuf> pbufFreeGuard(p);
     UDPEndPointImplLwIP * ep = static_cast<UDPEndPointImplLwIP *>(arg);
+    System::PacketBufferHandle buf;
     if (ep->mState == State::kClosed)
     {
         return;
@@ -378,14 +385,38 @@ void UDPEndPointImplLwIP::LwIPReceiveUDPMessage(void * arg, struct udp_pcb * pcb
         return;
     }
 
-    // TODO: Skip copying the buffer if the pbuf already meets the PacketBuffer memory model
-    System::PacketBufferHandle buf = System::PacketBufferHandle::New(p->tot_len, 0);
-    if (buf.IsNull() || pbuf_copy_partial(p, buf->Start(), p->tot_len, 0) != p->tot_len)
+    if (PBUF_STRUCT_DATA_CONTIGUOUS(p))
     {
-        ChipLogError(Inet, "Cannot copy received pbuf of size %u", p->tot_len);
-        return;
+        buf = System::PacketBufferHandle::Adopt(p);
+        // Release pbufFreeGuard since the buf has the ownership of the pbuf.
+        pbufFreeGuard.release();
+        if (buf->HasChainedBuffer())
+        {
+            buf->CompactHead();
+        }
+        if (buf->HasChainedBuffer())
+        {
+            // Have to allocate a new big-enough buffer and copy.
+            uint16_t messageSize            = buf->TotalLength();
+            System::PacketBufferHandle copy = System::PacketBufferHandle::New(messageSize, 0);
+            if (copy.IsNull() || buf->Read(copy->Start(), messageSize) != CHIP_NO_ERROR)
+            {
+                ChipLogError(Inet, "No memory to flatten incoming packet buffer chain of size %u", buf->TotalLength());
+                return;
+            }
+            buf = std::move(copy);
+        }
+    }
+    else
+    {
+        buf = System::PacketBufferHandle::New(p->tot_len, 0);
+        if (buf.IsNull() || pbuf_copy_partial(p, buf->Start(), p->tot_len, 0) != p->tot_len)
+        {
+            ChipLogError(Inet, "Cannot copy received pbuf of size %u", p->tot_len);
+            return;
+        }
+        buf->SetDataLength(p->tot_len);
     }
-    buf->SetDataLength(p->tot_len);
 
     pktInfo->SrcAddress  = IPAddress(*addr);
     pktInfo->DestAddress = IPAddress(*ip_current_dest_addr());