diff --git a/README.md b/README.md index 2a43dcf4522101..d552a52da0a64f 100644 --- a/README.md +++ b/README.md @@ -21,22 +21,45 @@ [![ZAP Templates](https://github.com/project-chip/connectedhomeip/workflows/ZAP/badge.svg)](https://github.com/project-chip/connectedhomeip/actions/workflows/zap_templates.yaml) # About -Matter (formerly Project CHIP) creates more connections between more objects, simplifying development for manufacturers and increasing compatibility for consumers, guided by the Connectivity Standards Alliance. -# What is Matter? -Matter is a unified, open-source application-layer connectivity standard built to enable developers and device manufacturers to connect and build reliable, and secure ecosystems and increase compatibility among connected home devices. It is built with market-proven technologies using Internet Protocol (IP) and is compatible with Thread and Wi-Fi network transports. -Matter was developed by a Working Group within the Connectivity Standards Alliance (Alliance). This Working Group develops and promotes the adoption of the Matter standard, a royalty-free connectivity standard to increase compatibility among smart home products, with security as a fundamental design tenet. The vision that led major industry players to come together to build Matter is that smart connectivity should be simple, reliable, and interoperable. - -Matter simplifies development for manufacturers and increases compatibility for consumers. - -The standard was built around a shared belief that smart home devices should be secure, reliable, and seamless to use. By building upon Internet Protocol (IP), Matter enables communication across smart home devices, mobile apps, and cloud services and defines a specific set of IP-based networking technologies for device certification. - -The Matter specification details everything necessary to implement a Matter application and transport layer stack. It is intended to be used by implementers as a complete specification. +Matter (formerly Project CHIP) creates more connections between more objects, +simplifying development for manufacturers and increasing compatibility for +consumers, guided by the Connectivity Standards Alliance. -The Alliance officially opened the Matter Working Group on January 17, 2020, and the specification is [available](https://csa-iot.org/developer-resource/specifications-download-request/) for adoption now. - -Visit [buildwithmatter.com](https://buildwithmatter.com) to learn more and read the latest news and updates about the project. +# What is Matter? +Matter is a unified, open-source application-layer connectivity standard built +to enable developers and device manufacturers to connect and build reliable, and +secure ecosystems and increase compatibility among connected home devices. It is +built with market-proven technologies using Internet Protocol (IP) and is +compatible with Thread and Wi-Fi network transports. Matter was developed by a +Working Group within the Connectivity Standards Alliance (Alliance). This +Working Group develops and promotes the adoption of the Matter standard, a +royalty-free connectivity standard to increase compatibility among smart home +products, with security as a fundamental design tenet. The vision that led major +industry players to come together to build Matter is that smart connectivity +should be simple, reliable, and interoperable. + +Matter simplifies development for manufacturers and increases compatibility for +consumers. + +The standard was built around a shared belief that smart home devices should be +secure, reliable, and seamless to use. By building upon Internet Protocol (IP), +Matter enables communication across smart home devices, mobile apps, and cloud +services and defines a specific set of IP-based networking technologies for +device certification. + +The Matter specification details everything necessary to implement a Matter +application and transport layer stack. It is intended to be used by implementers +as a complete specification. + +The Alliance officially opened the Matter Working Group on January 17, 2020, and +the specification is +[available](https://csa-iot.org/developer-resource/specifications-download-request/) +for adoption now. + +Visit [buildwithmatter.com](https://buildwithmatter.com) to learn more and read +the latest news and updates about the project. # Project Overview @@ -44,75 +67,106 @@ Visit [buildwithmatter.com](https://buildwithmatter.com) to learn more and read Matter is developed with the following goals and principles in mind: +**Unifying:** Matter is built with and on top of market-tested, existing +technologies. -**Unifying:** Matter is built with and on top of market-tested, existing technologies. - - -**Interoperable:** The specification permits communication between any Matter-certified device, subject to users’ permission. - +**Interoperable:** The specification permits communication between any +Matter-certified device, subject to users’ permission. **Secure:** The specification leverages modern security practices and protocols. -**User Control:** The end user controls authorization for interaction with devices. - - -**Federated:** No single entity serves as a throttle or a single point of failure for root of trust. - -**Robust:** The set of protocols specifies a complete lifecycle of a device — starting with the seamless out-of-box experience, through operational protocols, to device and system management specifications required for proper function in the presence of change. - -**Low Overhead:** The protocols are practically implementable on low compute-resource devices, such as MCUs. +**User Control:** The end user controls authorization for interaction with +devices. +**Federated:** No single entity serves as a throttle or a single point of +failure for root of trust. -**Pervasive:** The protocols are broadly deployable and accessible, by leveraging IP and being implementable on low-capability devices. +**Robust:** The set of protocols specifies a complete lifecycle of a device — +starting with the seamless out-of-box experience, through operational protocols, +to device and system management specifications required for proper function in +the presence of change. +**Low Overhead:** The protocols are practically implementable on low +compute-resource devices, such as MCUs. -**Ecosystem-Flexible:** The protocol is flexible enough to accommodate deployment in ecosystems with differing policies. +**Pervasive:** The protocols are broadly deployable and accessible, by +leveraging IP and being implementable on low-capability devices. +**Ecosystem-Flexible:** The protocol is flexible enough to accommodate +deployment in ecosystems with differing policies. -**Easy to Use:** The protocol provides smooth, cohesive, integrated provisioning and out-of-box experience. +**Easy to Use:** The protocol provides smooth, cohesive, integrated provisioning +and out-of-box experience. - -**Open:** The Project’s design and technical processes are open and transparent to the general public, including non-members wherever possible. +**Open:** The Project’s design and technical processes are open and transparent +to the general public, including non-members wherever possible. ## Architecture Overview -Matter aims to build a universal IPv6-based communication protocol for smart home devices. The protocol defines the application layer that will be deployed on devices and the different link layers to help maintain interoperability. The following diagram illustrates the normal operational mode of the stack: -![Matter Architecture Overview](docs/images/Matter_Arch_Overview.png) - - -The architecture is divided into layers to help separate the different responsibilities and introduce a good level of encapsulation amongst the various pieces of the protocol stack. The vast majority of interactions flow through the stack captured in the following Figure: +Matter aims to build a universal IPv6-based communication protocol for smart +home devices. The protocol defines the application layer that will be deployed +on devices and the different link layers to help maintain interoperability. The +following diagram illustrates the normal operational mode of the stack: +![Matter Architecture Overview](docs/images/Matter_Arch_Overview.png) +The architecture is divided into layers to help separate the different +responsibilities and introduce a good level of encapsulation among the various +pieces of the protocol stack. The vast majority of interactions flow through the +stack captured in the following Figure: ![Matter Stack Architecture](docs/images/Matter_Layered_Arch.png) -1. **Application:** High-order business logic of a device. For example, an application that is focused on lighting might contain logic to handle turning on/off the bulb as well as its color characteristics. - - -2. **Data Model:** The data layer corresponds to the data and verb elements that help support the functionality of the application. The Application operates on these data structures when there is an intent to interact with the device. +1. **Application:** High-order business logic of a device. For example, an + application that is focused on lighting might contain logic to handle turning + on/off the bulb as well as its color characteristics. +2) **Data Model:** The data layer corresponds to the data and verb elements that + help support the functionality of the application. The Application operates + on these data structures when there is an intent to interact with the device. -3. **Interaction Model:** The Interaction Model layer defines a set of interactions that can be performed between a client and server device. For example, reading or writing attributes on a server device would correspond to application behavior on the device. These interactions operate on the elements defined at the data model layer. - - -4. **Action Framing:** Once an action is constructed using the Interaction Model, it is serialized into a prescribed packed binary format to encode for network transmission. Security: An encoded action frame is then processed by the Security Layer: the message is encrypted and appended with a message authentication code. These actions ensure the data remain confidential and authentic between sender and receiver of the message. +3. **Interaction Model:** The Interaction Model layer defines a set of + interactions that can be performed between a client and server device. For + example, reading or writing attributes on a server device would correspond to + application behavior on the device. These interactions operate on the + elements defined at the data model layer. +4) **Action Framing:** Once an action is constructed using the Interaction + Model, it is serialized into a prescribed packed binary format to encode for + network transmission. Security: An encoded action frame is then processed by + the Security Layer: the message is encrypted and appended with a message + authentication code. These actions ensure the data remain confidential and + authentic between sender and receiver of the message. 5. **Security:** An encoded action frame is then sent down to the Security Layer to encrypt and sign the payload to ensure that data is secured and authenticated by both sender and receiver of a packet. -6. **Message Framing & Routing:** With an interaction encrypted and signed, the Message Layer constructs the payload format with required and optional header fields; which specify the message's properties and some routing information. - - -7. **IP Framing & Transport Management:** After the final payload has been constructed, it is sent to the underlying transport protocol for IP management of the data. +6. **Message Framing & Routing:** With an interaction encrypted and signed, the + Message Layer constructs the payload format with required and optional header + fields; which specify the message's properties and some routing information. +7) **IP Framing & Transport Management:** After the final payload has been + constructed, it is sent to the underlying transport protocol for IP + management of the data. # Current Status of Matter -Matter’s design and technical processes are intended to be open and transparent to the general public, including to Working Group non-members wherever possible. The availability of this GitHub repository and its source code under an Apache v2 license is an important and demonstrable step to achieving this commitment. -Matter endeavors to bring together the best aspects of market-tested technologies and redeploy them as a unified and cohesive whole-system solution. The overall goal of this approach is to bring the benefits of Matter to consumers and manufacturers as quickly as possible. As a result, what you observe in this repository is an implementation-first approach to the technical specification, vetting integrations in practice. -The Matter repository is growing and evolving to implement the overall architecture. The repository currently contains the security foundations, message framing and dispatch, and an implementation of the interaction model and data model. The code examples show simple interactions, and are supported on multiple transports -- Wi-Fi and Thread -- starting with resource-constrained (i.e., memory, processing) silicon platforms to help ensure Matter’s scalability. - +Matter’s design and technical processes are intended to be open and transparent +to the general public, including to Working Group non-members wherever possible. +The availability of this GitHub repository and its source code under an Apache +v2 license is an important and demonstrable step to achieving this commitment. +Matter endeavors to bring together the best aspects of market-tested +technologies and redeploy them as a unified and cohesive whole-system solution. +The overall goal of this approach is to bring the benefits of Matter to +consumers and manufacturers as quickly as possible. As a result, what you +observe in this repository is an implementation-first approach to the technical +specification, vetting integrations in practice. The Matter repository is +growing and evolving to implement the overall architecture. The repository +currently contains the security foundations, message framing and dispatch, and +an implementation of the interaction model and data model. The code examples +show simple interactions, and are supported on multiple transports -- Wi-Fi and +Thread -- starting with resource-constrained (i.e., memory, processing) silicon +platforms to help ensure Matter’s scalability. # How to Contribute @@ -126,26 +180,27 @@ Instructions about how to build Matter can be found [here](./docs/README.md). # Directory Structure The Matter repository is structured as follows: -| File/Folder | Content | -|--------------------|---------------------------------------------------------------------| -| build | Build system support content and built output directories  | -| build_overrides | Build system parameter customization for different platforms | -| config | Project configurations | -| credentials | Development and test credentials | -| docs | Documentation, including guides  | -| examples | Example firmware applications that demonstrate use of Matter  | -| integrations | 3rd Party integrations  | -| scripts | Scripts needed to work with the Matter repository  | -| src | Implementation of Matter  | -| third_party | 3rd party code used by Matter  | -| zzz_generated | zap generated template code - Revolving around cluster information  | -| BUILD.gn | Build file for the gn build system  | -| CODE_OF_CONDUCT.md | Code of conduct for Matter and contribution to it  | -| CONTRIBUTING.md | Guidelines for contributing to Matter | -| LICENSE | Matter license file  | -| REVIEWERS.md | PR reviewers  | -| gn_build.sh | Build script for specific projects such as Android, EFR32, etc.  | -| README.md | This File | + +| File/Folder | Content | +| ------------------ | ------------------------------------------------------------------ | +| build | Build system support content and built output directories | +| build_overrides | Build system parameter customization for different platforms | +| config | Project configurations | +| credentials | Development and test credentials | +| docs | Documentation, including guides | +| examples | Example firmware applications that demonstrate use of Matter | +| integrations | 3rd Party integrations | +| scripts | Scripts needed to work with the Matter repository | +| src | Implementation of Matter | +| third_party | 3rd party code used by Matter | +| zzz_generated | zap generated template code - Revolving around cluster information | +| BUILD.gn | Build file for the gn build system | +| CODE_OF_CONDUCT.md | Code of conduct for Matter and contribution to it | +| CONTRIBUTING.md | Guidelines for contributing to Matter | +| LICENSE | Matter license file | +| REVIEWERS.md | PR reviewers | +| gn_build.sh | Build script for specific projects such as Android, EFR32, etc. | +| README.md | This File | # License diff --git a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp index ba214759dde8aa..eb3b5e52553180 100644 --- a/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp +++ b/examples/platform/nxp/se05x/DeviceAttestationSe05xCredsExample_v2.cpp @@ -37,23 +37,27 @@ /* Device attestation key ids */ #define DEV_ATTESTATION_KEY_SE05X_ID 0x7D300000 #define DEV_ATTESTATION_CERT_SE05X_ID 0x7D300001 +#define CERT_DECLARATION_DATA_SE05X_ID 0x7D300002 /* Device attestation key ids (Used with internal sign) */ -#define CD_DEV_ATTESTATION_KEY_SE05X_ID 0x7D300002 -#define NOCSR_DEV_ATTESTATION_KEY_SE05X_ID 0x7D300004 - -/* Device attestation data ids (for Cert decl) */ -#define CD_CERT_DECLARATION_DATA_SE05X_ID 0x7D300009 -#define CD_ATTEST_NONCE_DATA_SE05X_ID 0x7D30000C -#define CD_TIME_STAMP_LEN_SE05X_ID 0x7D30000E -#define CD_TIME_STAMP_DATA_SE05X_ID 0x7D30000F -#define CD_ATTEST_CHALLENGE_SE05X_ID 0x7D300011 - -/* Device attestation data ids (for CSR) */ -#define NOCSR_CSR_LEN_SE05X_ID 0x7D300014 -#define NOCSR_CSR_DATA_SE05X_ID 0x7D300015 -#define NOCSR_CSR_NONCE_DATA_SE05X_ID 0x7D300018 -#define NOCSR_ATTEST_CHALLENGE_SE05X_ID 0x7D30001A +#define DEV_ATTESTATION_KEY_SE05X_ID_IS 0x7D300003 +#define DEV_ATTESTATION_KEY_SE05X_ID_IS_TBS 0x7D300004 + +#define TAG1_ID 0x7D300005 +#define TAG1_LEN_ID 0x7D300006 +#define TAG1_VALUE_ID 0x7D300007 +#define TAG2_ID 0x7D300008 +#define TAG2_LEN_ID 0x7D300009 +#define TAG2_VALUE_ID 0x7D30000A +#define TAG3_ID 0x7D30000B +#define TAG3_LEN_ID 0x7D30000C +#define TAG3_VALUE_ID 0x7D30000D +#define ATTEST_CHALLENGE_ID 0x7D30000E + +#define START_CONTAINER_SE05X_ID 0x7D30000F +#define END_CONTAINER_SE05X_ID 0x7D300010 + +#define NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE 3 /* Starting with TAG1 */ extern CHIP_ERROR se05xGetCertificate(uint32_t keyId, uint8_t * buf, size_t * buflen); extern CHIP_ERROR se05xSetCertificate(uint32_t keyId, const uint8_t * buf, size_t buflen); @@ -66,6 +70,11 @@ namespace Examples { namespace { +// Note: The example DAC provider class is only for demonstration purpose. +// Modification to SignWithDeviceAttestationKey member will be required in case there is a change in device attestation sign +// message (other TLVs are added). In the current implementation of SignWithDeviceAttestationKey only TLV1, TLV2 and TLV3 are +// expected in the sign message. + class ExampleSe05xDACProviderv2 : public DeviceAttestationCredentialsProvider { public: @@ -150,7 +159,7 @@ CHIP_ERROR ExampleSe05xDACProviderv2::GetCertificationDeclaration(MutableByteSpa #else size_t buflen = out_cd_buffer.size(); ChipLogDetail(Crypto, "Get certificate declaration from se05x"); - ReturnErrorOnFailure(se05xGetCertificate(CD_CERT_DECLARATION_DATA_SE05X_ID, out_cd_buffer.data(), &buflen)); + ReturnErrorOnFailure(se05xGetCertificate(CERT_DECLARATION_DATA_SE05X_ID, out_cd_buffer.data(), &buflen)); out_cd_buffer.reduce_size(buflen); return CHIP_NO_ERROR; #endif @@ -167,7 +176,9 @@ CHIP_ERROR ExampleSe05xDACProviderv2::GetFirmwareInformation(MutableByteSpan & o CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpan & message_to_sign, MutableByteSpan & out_signature_buffer) { - CHIP_ERROR err = CHIP_NO_ERROR; + CHIP_ERROR err = CHIP_NO_ERROR; + uint8_t signature_se05x[Crypto::kMax_ECDSA_Signature_Length_Der] = { 0 }; + size_t signature_se05x_len = sizeof(signature_se05x); VerifyOrReturnError(IsSpanUsable(out_signature_buffer), CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(IsSpanUsable(message_to_sign), CHIP_ERROR_INVALID_ARGUMENT); @@ -178,108 +189,81 @@ CHIP_ERROR ExampleSe05xDACProviderv2::SignWithDeviceAttestationKey(const ByteSpa msg_reader.Init(message_to_sign); - /* To be removed. Use common key id to sign message */ - static bool sign_cert_decl_attest = 1; + uint16_t taglen = 0; + ByteSpan tagvalue; + uint8_t tempBuf[2] = { + 0, + }; + + tempBuf[0] = (uint8_t) TLV::TLVElementType::Structure; + SuccessOrExit(se05xSetCertificate(START_CONTAINER_SE05X_ID, tempBuf, 1)); - if (sign_cert_decl_attest) + for (int i = 1; i <= NO_OF_DEV_ATTEST_MSG_TAGS_TO_PARSE; i++) { - /* Check if certificate declaration tag is present and Skip certificate declaration tag */ - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(1), tagReader)); - - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(2), tagReader)); - uint8_t attlen = tagReader.GetLength(); - VerifyOrReturnError(attlen > 0, CHIP_ERROR_INVALID_TLV_TAG); - /* Get attestation nonce */ - ByteSpan attest_nonce; - ReturnErrorOnFailure(tagReader.Get(attest_nonce)); - /* Set attestation nonce */ - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(CD_ATTEST_NONCE_DATA_SE05X_ID, attest_nonce.data(), attest_nonce.size()), - CHIP_ERROR_INTERNAL); - - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(3), tagReader)); - uint8_t tslen = tagReader.GetLength(); - if (tslen > 0) + CHIP_ERROR tlverr = CHIP_NO_ERROR; + tlverr = TLV::Utilities::Find(msg_reader, TLV::ContextTag(i), tagReader); + if ((i == 3) && (tlverr == CHIP_ERROR_TLV_TAG_NOT_FOUND)) { - ByteSpan time_stamp; - ReturnErrorOnFailure(tagReader.Get(time_stamp)); - /* Set time stamp data */ - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(CD_TIME_STAMP_DATA_SE05X_ID, time_stamp.data(), time_stamp.size()), - CHIP_ERROR_INTERNAL); + continue; } - /* Set time stamp length */ - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(CD_TIME_STAMP_LEN_SE05X_ID, &tslen, 1), CHIP_ERROR_INTERNAL); + SuccessOrExit(tlverr); + + // Transient binary object ids starting from location 0x7D300005 (TAG1_ID) to 0x7D30000D (TAG3_VALUE_ID) + // are used to store the TLV contents. + // Binary object id are calculated using the loop iterator in the below code. - if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16) + taglen = tagReader.GetLength(); + tempBuf[0] = tagReader.GetControlByte(); + tempBuf[1] = i; + SuccessOrExit(se05xSetCertificate(TAG1_ID + (3 /* tag + length + value ids */ * (i - 1)), tempBuf, 2)); + if (taglen > 256) { - /* Set attestation challenge */ - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(CD_ATTEST_CHALLENGE_SE05X_ID, (message_to_sign.end() - 16), 16), - CHIP_ERROR_INTERNAL); + tempBuf[0] = taglen & 0xFF; + tempBuf[1] = (taglen >> 8) & 0xFF; + SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 2)); } - } - else - { - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(1), tagReader)); - uint8_t csrlen = tagReader.GetLength(); - VerifyOrReturnError(csrlen > 0, CHIP_ERROR_INVALID_TLV_TAG); - ByteSpan csr_data; - /* Get nocsr */ - ReturnErrorOnFailure(tagReader.Get(csr_data)); - /* Set nocsr length */ - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_LEN_SE05X_ID, &csrlen, 1), CHIP_ERROR_INTERNAL); - /* Set nocsr data */ - se05x_delete_key(NOCSR_CSR_DATA_SE05X_ID); - VerifyOrReturnError(CHIP_NO_ERROR == se05xSetCertificate(NOCSR_CSR_DATA_SE05X_ID, csr_data.data(), csr_data.size()), - CHIP_ERROR_INTERNAL); - - ReturnErrorOnFailure(TLV::Utilities::Find(msg_reader, TLV::ContextTag(2), tagReader)); - uint8_t noncelen = tagReader.GetLength(); - VerifyOrReturnError(noncelen > 0, CHIP_ERROR_INVALID_TLV_TAG); - /* Get nocsr nonce */ - ByteSpan nocsr_nonce; - ReturnErrorOnFailure(tagReader.Get(nocsr_nonce)); - /* Set nocsr nonce data */ - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(NOCSR_CSR_NONCE_DATA_SE05X_ID, nocsr_nonce.data(), nocsr_nonce.size()), - CHIP_ERROR_INTERNAL); - - if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16) + else { - /* Set attestation challenge */ - VerifyOrReturnError(CHIP_NO_ERROR == - se05xSetCertificate(NOCSR_ATTEST_CHALLENGE_SE05X_ID, (message_to_sign.end() - 16), 16), - CHIP_ERROR_INTERNAL); + tempBuf[0] = taglen; + SuccessOrExit(se05xSetCertificate(TAG1_LEN_ID + (3 * (i - 1)), tempBuf, 1)); + } + if (taglen > 0) + { + SuccessOrExit(tagReader.Get(tagvalue)); + SuccessOrExit(se05xSetCertificate(TAG1_VALUE_ID + (3 * (i - 1)), tagvalue.data(), taglen)); } } - uint8_t signature_se05x[Crypto::kMax_ECDSA_Signature_Length_Der] = { 0 }; - size_t signature_se05x_len = sizeof(signature_se05x); + tempBuf[0] = (uint8_t) TLV::TLVElementType::EndOfContainer; + SuccessOrExit(se05xSetCertificate(END_CONTAINER_SE05X_ID, tempBuf, 1)); - if (sign_cert_decl_attest) - { - err = se05xPerformInternalSign(CD_DEV_ATTESTATION_KEY_SE05X_ID, signature_se05x, &signature_se05x_len); - se05x_delete_key(CD_ATTEST_NONCE_DATA_SE05X_ID); - se05x_delete_key(CD_TIME_STAMP_LEN_SE05X_ID); - se05x_delete_key(CD_TIME_STAMP_DATA_SE05X_ID); - se05x_delete_key(CD_ATTEST_CHALLENGE_SE05X_ID); - sign_cert_decl_attest = 0; - } - else + if ((tagReader.GetRemainingLength() + 1 /* End container */) >= 16) { - err = se05xPerformInternalSign(NOCSR_DEV_ATTESTATION_KEY_SE05X_ID, signature_se05x, &signature_se05x_len); - se05x_delete_key(NOCSR_CSR_LEN_SE05X_ID); - se05x_delete_key(NOCSR_CSR_DATA_SE05X_ID); - se05x_delete_key(NOCSR_CSR_NONCE_DATA_SE05X_ID); - se05x_delete_key(NOCSR_ATTEST_CHALLENGE_SE05X_ID); - sign_cert_decl_attest = 1; + /* Set attestation challenge */ + SuccessOrExit(se05xSetCertificate(ATTEST_CHALLENGE_ID, (message_to_sign.end() - 16), 16)); } - ReturnErrorOnFailure(err); - - return chip::Crypto::EcdsaAsn1SignatureToRaw(chip::Crypto::kP256_FE_Length, ByteSpan{ signature_se05x, signature_se05x_len }, - out_signature_buffer); + SuccessOrExit(se05xPerformInternalSign(DEV_ATTESTATION_KEY_SE05X_ID_IS, signature_se05x, &signature_se05x_len)); + + err = chip::Crypto::EcdsaAsn1SignatureToRaw(chip::Crypto::kP256_FE_Length, ByteSpan{ signature_se05x, signature_se05x_len }, + out_signature_buffer); + +exit: + // Delete existing objects if any + se05x_delete_key(START_CONTAINER_SE05X_ID); + se05x_delete_key(TAG1_ID); + se05x_delete_key(TAG1_LEN_ID); + se05x_delete_key(TAG1_VALUE_ID); + se05x_delete_key(TAG2_ID); + se05x_delete_key(TAG2_LEN_ID); + se05x_delete_key(TAG2_VALUE_ID); + se05x_delete_key(TAG3_ID); + se05x_delete_key(TAG3_LEN_ID); + se05x_delete_key(TAG3_VALUE_ID); + se05x_delete_key(END_CONTAINER_SE05X_ID); + se05x_delete_key(ATTEST_CHALLENGE_ID); + + return err; } } // namespace diff --git a/examples/platform/nxp/se05x/linux/AppMain.cpp b/examples/platform/nxp/se05x/linux/AppMain.cpp index f0a49794dd32e2..b4652f5a491a6b 100644 --- a/examples/platform/nxp/se05x/linux/AppMain.cpp +++ b/examples/platform/nxp/se05x/linux/AppMain.cpp @@ -78,6 +78,7 @@ #if CHIP_CRYPTO_HSM #include "DeviceAttestationSe05xCredsExample.h" +#include "se05x_t4t_utils.h" #include #include #endif @@ -367,6 +368,10 @@ void ChipLinuxAppMainLoop() #else static chip::CommonCaseDeviceServerInitParams initParams; #endif + +#if CHIP_CRYPTO_HSM + VerifyOrDie(se05x_enable_contactless_interface() == 0); +#endif VerifyOrDie(initParams.InitializeStaticResourcesBeforeServerInit() == CHIP_NO_ERROR); #if defined(ENABLE_CHIP_SHELL) diff --git a/examples/thermostat/nxp/linux-se05x/README.md b/examples/thermostat/nxp/linux-se05x/README.md new file mode 100644 index 00000000000000..9a90a11e0dccc4 --- /dev/null +++ b/examples/thermostat/nxp/linux-se05x/README.md @@ -0,0 +1,4 @@ +To cross-compile this example on x64 host and run on **NXP i.MX 8M Mini** +**EVK**, see the associated +[README document](../../../../../docs/guides/nxp_imx8m_linux_examples.md) for +details. diff --git a/examples/thermostat/nxp/linux-se05x/args.gni b/examples/thermostat/nxp/linux-se05x/args.gni index 7f8ae31b2a2a4b..c9ccb79255d82b 100644 --- a/examples/thermostat/nxp/linux-se05x/args.gni +++ b/examples/thermostat/nxp/linux-se05x/args.gni @@ -15,4 +15,3 @@ import("//build_overrides/chip.gni") import("${chip_root}/config/standalone/args.gni") chip_with_se05x = 1 -host = "host_linux" diff --git a/src/access/AccessControl.cpp b/src/access/AccessControl.cpp index c84c1fc313d58a..0f6c80c9f38e21 100644 --- a/src/access/AccessControl.cpp +++ b/src/access/AccessControl.cpp @@ -632,5 +632,10 @@ void SetAccessControl(AccessControl & accessControl) globalAccessControl = &accessControl; } +void ResetAccessControlToDefault() +{ + globalAccessControl = &defaultAccessControl; +} + } // namespace Access } // namespace chip diff --git a/src/access/AccessControl.h b/src/access/AccessControl.h index d4dfddd9cfaaab..7ed2d5809f007c 100644 --- a/src/access/AccessControl.h +++ b/src/access/AccessControl.h @@ -683,7 +683,7 @@ void SetAccessControl(AccessControl & accessControl); * * Calls to this function must be synchronized externally. */ -void ResetAccessControl(); +void ResetAccessControlToDefault(); } // namespace Access } // namespace chip diff --git a/src/access/tests/TestAccessControl.cpp b/src/access/tests/TestAccessControl.cpp index f1c28fdf6c9160..9691c7296257b1 100644 --- a/src/access/tests/TestAccessControl.cpp +++ b/src/access/tests/TestAccessControl.cpp @@ -2173,6 +2173,7 @@ int Setup(void * inContext) int Teardown(void * inContext) { GetAccessControl().Finish(); + ResetAccessControlToDefault(); return SUCCESS; } diff --git a/src/app/server/Server.cpp b/src/app/server/Server.cpp index bc8f94335fb46e..a3a2b49d70eb46 100644 --- a/src/app/server/Server.cpp +++ b/src/app/server/Server.cpp @@ -430,6 +430,7 @@ void Server::Shutdown() mSessions.Shutdown(); mTransports.Close(); mAccessControl.Finish(); + Access::ResetAccessControlToDefault(); Credentials::SetGroupDataProvider(nullptr); mAttributePersister.Shutdown(); // TODO(16969): Remove chip::Platform::MemoryInit() call from Server class, it belongs to outer code diff --git a/src/app/tests/AppTestContext.cpp b/src/app/tests/AppTestContext.cpp index 11995376dcf9b9..3a63c3e21c5952 100644 --- a/src/app/tests/AppTestContext.cpp +++ b/src/app/tests/AppTestContext.cpp @@ -52,6 +52,7 @@ CHIP_ERROR AppContext::Init() void AppContext::Shutdown() { Access::GetAccessControl().Finish(); + Access::ResetAccessControlToDefault(); chip::app::InteractionModelEngine::GetInstance()->Shutdown(); Super::Shutdown(); diff --git a/src/inet/UDPEndPointImplLwIP.cpp b/src/inet/UDPEndPointImplLwIP.cpp index 7b9cc6f46415ee..07ce94c7d653e9 100644 --- a/src/inet/UDPEndPointImplLwIP.cpp +++ b/src/inet/UDPEndPointImplLwIP.cpp @@ -59,6 +59,12 @@ static_assert(LWIP_VERSION_MAJOR > 1, "CHIP requires LwIP 2.0 or later"); #undef HAVE_IPV6_MULTICAST #endif +#if (LWIP_VERSION_MAJOR == 2) && (LWIP_VERSION_MINOR == 0) +#define PBUF_STRUCT_DATA_CONTIGUOUS(pbuf) (pbuf)->type == PBUF_RAM || (pbuf)->type == PBUF_POOL +#else // (LWIP_VERSION_MAJOR == 2) && (LWIP_VERSION_MINOR == 0) +#define PBUF_STRUCT_DATA_CONTIGUOUS(pbuf) (pbuf)->type_internal & PBUF_TYPE_FLAG_STRUCT_DATA_CONTIGUOUS +#endif // (LWIP_VERSION_MAJOR == 2) && (LWIP_VERSION_MINOR == 0) + namespace chip { namespace Platform { template <> @@ -366,6 +372,7 @@ void UDPEndPointImplLwIP::LwIPReceiveUDPMessage(void * arg, struct udp_pcb * pcb { Platform::UniquePtr pbufFreeGuard(p); UDPEndPointImplLwIP * ep = static_cast(arg); + System::PacketBufferHandle buf; if (ep->mState == State::kClosed) { return; @@ -378,14 +385,38 @@ void UDPEndPointImplLwIP::LwIPReceiveUDPMessage(void * arg, struct udp_pcb * pcb return; } - // TODO: Skip copying the buffer if the pbuf already meets the PacketBuffer memory model - System::PacketBufferHandle buf = System::PacketBufferHandle::New(p->tot_len, 0); - if (buf.IsNull() || pbuf_copy_partial(p, buf->Start(), p->tot_len, 0) != p->tot_len) + if (PBUF_STRUCT_DATA_CONTIGUOUS(p)) { - ChipLogError(Inet, "Cannot copy received pbuf of size %u", p->tot_len); - return; + buf = System::PacketBufferHandle::Adopt(p); + // Release pbufFreeGuard since the buf has the ownership of the pbuf. + pbufFreeGuard.release(); + if (buf->HasChainedBuffer()) + { + buf->CompactHead(); + } + if (buf->HasChainedBuffer()) + { + // Have to allocate a new big-enough buffer and copy. + uint16_t messageSize = buf->TotalLength(); + System::PacketBufferHandle copy = System::PacketBufferHandle::New(messageSize, 0); + if (copy.IsNull() || buf->Read(copy->Start(), messageSize) != CHIP_NO_ERROR) + { + ChipLogError(Inet, "No memory to flatten incoming packet buffer chain of size %u", buf->TotalLength()); + return; + } + buf = std::move(copy); + } + } + else + { + buf = System::PacketBufferHandle::New(p->tot_len, 0); + if (buf.IsNull() || pbuf_copy_partial(p, buf->Start(), p->tot_len, 0) != p->tot_len) + { + ChipLogError(Inet, "Cannot copy received pbuf of size %u", p->tot_len); + return; + } + buf->SetDataLength(p->tot_len); } - buf->SetDataLength(p->tot_len); pktInfo->SrcAddress = IPAddress(*addr); pktInfo->DestAddress = IPAddress(*ip_current_dest_addr()); diff --git a/third_party/simw-top-mini/BUILD.gn b/third_party/simw-top-mini/BUILD.gn index 300adb83957fb6..0cd9eb9dc2a009 100644 --- a/third_party/simw-top-mini/BUILD.gn +++ b/third_party/simw-top-mini/BUILD.gn @@ -13,6 +13,7 @@ # limitations under the License. import("//build_overrides/chip.gni") +import("${chip_root}/src/platform/device.gni") import("${chip_root}/third_party/simw-top-mini/simw_config.gni") config("se05x_config") { @@ -26,7 +27,7 @@ config("se05x_config") { #defines += ["FLOW_VERBOSE"] - if (host == "host_k32w") { + if (chip_device_platform == "k32w0") { defines += [ "AX_EMBEDDED", "LPC_K32W", @@ -34,6 +35,10 @@ config("se05x_config") { ] } + if (chip_rpi_se05x_t4t_demo == 1) { + defines += [ "CHIP_RPI_SE05X_T4T_DEMO" ] + } + include_dirs = [ "${chip_root}/third_party/simw-top-mini/repo", "${chip_root}/third_party/simw-top-mini/repo/sss/inc", @@ -49,7 +54,7 @@ config("se05x_config") { "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/inc", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/smCom", ] - if (host == "host_k32w") { + if (chip_device_platform == "k32w0") { include_dirs += [ "${chip_root}/third_party/simw-top-mini/repo/demos/ksdk/common/boards/DK6/wireless_examples/chip", "${chip_root}/third_party/simw-top-mini/repo/demos/ksdk/common/freertos/boards/DK6", @@ -66,6 +71,7 @@ source_set("se05x") { "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/infra/sm_printf.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/log/nxLog.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/smCom/smCom.c", + "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/generic/se05x_t4t_utils.cpp", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/rsp/se05x_reset.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/se05x/src/se05x_ECC_curves.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/se05x/src/se05x_mw.c", @@ -93,12 +99,12 @@ source_set("se05x") { "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/libCommon/smCom/smComT1oI2C.c", ] - if (host == "host_k32w") { + if (chip_device_platform == "k32w0") { sources += [ "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/ksdk/i2c_dk6.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/ksdk/timer_kinetis_freertos.c", ] - } else if (host == "host_linux") { + } else if (chip_device_platform == "linux") { sources += [ "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/generic/sm_timer.c", "${chip_root}/third_party/simw-top-mini/repo/hostlib/hostLib/platform/linux/i2c_a7.c", diff --git a/third_party/simw-top-mini/repo b/third_party/simw-top-mini/repo index bb2b2e95335394..be0dfb64b28dea 160000 --- a/third_party/simw-top-mini/repo +++ b/third_party/simw-top-mini/repo @@ -1 +1 @@ -Subproject commit bb2b2e95335394c999812de97a8bec73d7c6dc1a +Subproject commit be0dfb64b28dea3509425755e3b4b5b35c38d327 diff --git a/third_party/simw-top-mini/simw_config.gni b/third_party/simw-top-mini/simw_config.gni index 4f46c788353204..2bffa51eaa6c42 100644 --- a/third_party/simw-top-mini/simw_config.gni +++ b/third_party/simw-top-mini/simw_config.gni @@ -15,6 +15,5 @@ # Configuration file declare_args() { - # possible values host_k32w, host_linux - host = "host_k32w" + chip_rpi_se05x_t4t_demo = 0 }