Skip to content

Commit

Permalink
[nrfconnect] Adapt nrfconnect examples to PSA Crypto API
Browse files Browse the repository at this point in the history
Enabled PSA Crypto api in all nrfconnect examples.
  • Loading branch information
ArekBalysNordic committed Mar 12, 2024
1 parent e7edefe commit e9869b8
Show file tree
Hide file tree
Showing 11 changed files with 302 additions and 1 deletion.
23 changes: 23 additions & 0 deletions examples/all-clusters-app/nrfconnect/main/AppTask.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,13 @@
#include "OTAUtil.h"
#endif

#ifdef CONFIG_CHIP_CRYPTO_PSA
#include <crypto/PSAOperationalKeystore.h>
#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
#include "MigrationManager.h"
#endif
#endif

#include <dk_buttons_and_leds.h>
#include <zephyr/kernel.h>
#include <zephyr/logging/log.h>
Expand Down Expand Up @@ -88,6 +95,9 @@ bool sHaveBLEConnections = false;

app::Clusters::TemperatureControl::AppSupportedTemperatureLevelsDelegate sAppSupportedTemperatureLevelsDelegate;

#ifdef CONFIG_CHIP_CRYPTO_PSA
chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{};
#endif
} // namespace

namespace LedConsts {
Expand Down Expand Up @@ -209,11 +219,24 @@ CHIP_ERROR AppTask::Init()
static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{};
VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR);
VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR);
#ifdef CONFIG_CHIP_CRYPTO_PSA
initParams.operationalKeystore = &sPSAOperationalKeystore;
#endif
(void) initParams.InitializeStaticResourcesBeforeServerInit();
initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate;
ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams));
AppFabricTableDelegate::Init();

#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate,
sLocalInitData.mServerInitParams->operationalKeystore);
if (err != CHIP_NO_ERROR)
{
LOG_ERR("MoveOperationalKeysFromKvsToIts() failed");
return err;
}
#endif

gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);

Expand Down
24 changes: 24 additions & 0 deletions examples/all-clusters-minimal-app/nrfconnect/main/AppTask.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,13 @@
#include "OTAUtil.h"
#endif

#ifdef CONFIG_CHIP_CRYPTO_PSA
#include <crypto/PSAOperationalKeystore.h>
#ifdef CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
#include "MigrationManager.h"
#endif
#endif

#include <dk_buttons_and_leds.h>
#include <zephyr/kernel.h>
#include <zephyr/logging/log.h>
Expand All @@ -59,6 +66,10 @@ FactoryResetLEDsWrapper<3> sFactoryResetLEDs{ { FACTORY_RESET_SIGNAL_LED, FACTOR
bool sIsNetworkProvisioned = false;
bool sIsNetworkEnabled = false;
bool sHaveBLEConnections = false;

#ifdef CONFIG_CHIP_CRYPTO_PSA
chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{};
#endif
} // namespace

namespace LedConsts {
Expand Down Expand Up @@ -155,10 +166,23 @@ CHIP_ERROR AppTask::Init()
#endif

static chip::CommonCaseDeviceServerInitParams initParams;
#ifdef CONFIG_CHIP_CRYPTO_PSA
initParams.operationalKeystore = &sPSAOperationalKeystore;
#endif
(void) initParams.InitializeStaticResourcesBeforeServerInit();
ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams));
AppFabricTableDelegate::Init();

#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate,
sLocalInitData.mServerInitParams->operationalKeystore);
if (err != CHIP_NO_ERROR)
{
LOG_ERR("MoveOperationalKeysFromKvsToIts() failed");
return err;
}
#endif

// We only have network commissioning on endpoint 0.
emberAfEndpointEnableDisable(kNetworkCommissioningEndpointSecondary, false);
ConfigurationMgr().LogDeviceConfig();
Expand Down
16 changes: 15 additions & 1 deletion examples/chef/nrfconnect/main.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,13 @@
#include "Rpc.h"
#endif

#ifdef CONFIG_CHIP_CRYPTO_PSA
#include <crypto/PSAOperationalKeystore.h>
#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
#include "MigrationManager.h"
#endif
#endif

LOG_MODULE_REGISTER(app, CONFIG_CHIP_APP_LOG_LEVEL);

using namespace chip;
Expand All @@ -51,7 +58,11 @@ using namespace chip::DeviceLayer;

namespace {
constexpr int kExtDiscoveryTimeoutSecs = 20;
}

#ifdef CONFIG_CHIP_CRYPTO_PSA
chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{};
#endif
} // namespace

int main()
{
Expand Down Expand Up @@ -110,6 +121,9 @@ int main()

// Start IM server
static chip::CommonCaseDeviceServerInitParams initParams;
#ifdef CONFIG_CHIP_CRYPTO_PSA
initParams.operationalKeystore = &sPSAOperationalKeystore;
#endif
(void) initParams.InitializeStaticResourcesBeforeServerInit();
err = chip::Server::GetInstance().Init(initParams);
if (err != CHIP_NO_ERROR)
Expand Down
24 changes: 24 additions & 0 deletions examples/light-switch-app/nrfconnect/main/AppTask.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,13 @@
#include "OTAUtil.h"
#endif

#ifdef CONFIG_CHIP_CRYPTO_PSA
#include <crypto/PSAOperationalKeystore.h>
#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
#include "MigrationManager.h"
#endif
#endif

#include <dk_buttons_and_leds.h>
#include <zephyr/kernel.h>
#include <zephyr/logging/log.h>
Expand Down Expand Up @@ -94,6 +101,10 @@ k_timer sDimmerPressKeyTimer;
k_timer sDimmerTimer;

chip::DeviceLayer::DeviceInfoProviderImpl gExampleDeviceInfoProvider;

#ifdef CONFIG_CHIP_CRYPTO_PSA
chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{};
#endif
} // namespace

namespace LedConsts {
Expand Down Expand Up @@ -220,11 +231,24 @@ CHIP_ERROR AppTask::Init()
static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{};
VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR);
VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR);
#ifdef CONFIG_CHIP_CRYPTO_PSA
initParams.operationalKeystore = &sPSAOperationalKeystore;
#endif
(void) initParams.InitializeStaticResourcesBeforeServerInit();
initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate;
ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams));
AppFabricTableDelegate::Init();

#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate,
sLocalInitData.mServerInitParams->operationalKeystore);
if (err != CHIP_NO_ERROR)
{
LOG_ERR("MoveOperationalKeysFromKvsToIts() failed");
return err;
}
#endif

gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);

Expand Down
23 changes: 23 additions & 0 deletions examples/lighting-app/nrfconnect/main/AppTask.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,13 @@
#include "OTAUtil.h"
#endif

#ifdef CONFIG_CHIP_CRYPTO_PSA
#include <crypto/PSAOperationalKeystore.h>
#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
#include "MigrationManager.h"
#endif
#endif

#include <dk_buttons_and_leds.h>
#include <zephyr/kernel.h>
#include <zephyr/logging/log.h>
Expand Down Expand Up @@ -108,6 +115,9 @@ DeferredAttributePersistenceProvider gDeferredAttributePersister(Server::GetInst
Span<DeferredAttribute>(&gCurrentLevelPersister, 1),
System::Clock::Milliseconds32(5000));

#ifdef CONFIG_CHIP_CRYPTO_PSA
chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{};
#endif
} // namespace

namespace LedConsts {
Expand Down Expand Up @@ -248,11 +258,24 @@ CHIP_ERROR AppTask::Init()
static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{};
VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR);
VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR);
#ifdef CONFIG_CHIP_CRYPTO_PSA
initParams.operationalKeystore = &sPSAOperationalKeystore;
#endif
(void) initParams.InitializeStaticResourcesBeforeServerInit();
initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate;
ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams));
AppFabricTableDelegate::Init();

#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate,
sLocalInitData.mServerInitParams->operationalKeystore);
if (err != CHIP_NO_ERROR)
{
LOG_ERR("MoveOperationalKeysFromKvsToIts() failed");
return err;
}
#endif

gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);
app::SetAttributePersistenceProvider(&gDeferredAttributePersister);
Expand Down
23 changes: 23 additions & 0 deletions examples/lit-icd-app/nrfconnect/main/AppTask.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,13 @@
#include "OTAUtil.h"
#endif

#ifdef CONFIG_CHIP_CRYPTO_PSA
#include <crypto/PSAOperationalKeystore.h>
#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
#include "MigrationManager.h"
#endif
#endif

#include <dk_buttons_and_leds.h>
#include <zephyr/kernel.h>
#include <zephyr/logging/log.h>
Expand Down Expand Up @@ -76,6 +83,9 @@ bool sIsNetworkProvisioned = false;
bool sIsNetworkEnabled = false;
bool sHaveBLEConnections = false;

#ifdef CONFIG_CHIP_CRYPTO_PSA
chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{};
#endif
} // namespace

namespace LedConsts {
Expand Down Expand Up @@ -186,11 +196,24 @@ CHIP_ERROR AppTask::Init()
static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{};
VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR);
VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR);
#ifdef CONFIG_CHIP_CRYPTO_PSA
initParams.operationalKeystore = &sPSAOperationalKeystore;
#endif
(void) initParams.InitializeStaticResourcesBeforeServerInit();
initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate;
ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams));
AppFabricTableDelegate::Init();

#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate,
sLocalInitData.mServerInitParams->operationalKeystore);
if (err != CHIP_NO_ERROR)
{
LOG_ERR("MoveOperationalKeysFromKvsToIts() failed");
return err;
}
#endif

gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);
ConfigurationMgr().LogDeviceConfig();
Expand Down
24 changes: 24 additions & 0 deletions examples/lock-app/nrfconnect/main/AppTask.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,13 @@
#include "OTAUtil.h"
#endif

#ifdef CONFIG_CHIP_CRYPTO_PSA
#include <crypto/PSAOperationalKeystore.h>
#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
#include "MigrationManager.h"
#endif
#endif

#include <dk_buttons_and_leds.h>
#include <zephyr/kernel.h>
#include <zephyr/logging/log.h>
Expand Down Expand Up @@ -90,6 +97,10 @@ bool sIsNetworkEnabled = false;
bool sHaveBLEConnections = false;

chip::DeviceLayer::DeviceInfoProviderImpl gExampleDeviceInfoProvider;

#ifdef CONFIG_CHIP_CRYPTO_PSA
chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{};
#endif
} // namespace

namespace LedConsts {
Expand Down Expand Up @@ -214,11 +225,24 @@ CHIP_ERROR AppTask::Init()
static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{};
VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR);
VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR);
#ifdef CONFIG_CHIP_CRYPTO_PSA
initParams.operationalKeystore = &sPSAOperationalKeystore;
#endif
(void) initParams.InitializeStaticResourcesBeforeServerInit();
initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate;
ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams));
AppFabricTableDelegate::Init();

#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate,
sLocalInitData.mServerInitParams->operationalKeystore);
if (err != CHIP_NO_ERROR)
{
LOG_ERR("MoveOperationalKeysFromKvsToIts() failed");
return err;
}
#endif

gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage());
chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);
ConfigurationMgr().LogDeviceConfig();
Expand Down
57 changes: 57 additions & 0 deletions examples/platform/nrfconnect/util/MigrationManager.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
/*
* Copyright (c) 2024 Project CHIP Authors
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

#include "migration_manager.h"

#include <crypto/OperationalKeystore.h>
#include <crypto/PersistentStorageOperationalKeystore.h>

#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
CHIP_ERROR MoveOperationalKeysFromKvsToIts(chip::PersistentStorageDelegate * storage, chip::Crypto::OperationalKeystore * keystore)
{
CHIP_ERROR err = CHIP_NO_ERROR;

VerifyOrReturnError(keystore && storage, CHIP_ERROR_INVALID_ARGUMENT);

/* Initialize the obsolete Operational Keystore*/
chip::PersistentStorageOperationalKeystore obsoleteKeystore;
err = obsoleteKeystore.Init(storage);
VerifyOrReturnError(err == CHIP_NO_ERROR, err);

/* Migrate all obsolete Operational Keys to PSA ITS */
for (const chip::FabricInfo & fabric : chip::Server::GetInstance().GetFabricTable())
{
err = keystore->MigrateOpKeypairForFabric(fabric.GetFabricIndex(), obsoleteKeystore);
if (CHIP_NO_ERROR != err)
{
break;
}
}

#ifdef CONFIG_CHIP_FACTORY_RESET_ON_KEY_MIGRATION_FAILURE
if (CHIP_NO_ERROR != err)
{
chip::Server::GetInstance().ScheduleFactoryReset();
/* Return a success to not block the Matter event Loop and allow to call scheduled factory
* reset. */
err = CHIP_NO_ERROR;
}
#endif /* CONFIG_CHIP_FACTORY_RESET_ON_KEY_MIGRATION_FAILURE */

return err;
}
#endif /* CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS */
Loading

0 comments on commit e9869b8

Please sign in to comment.