Alignments to the Matter Core.

ArekBalysNordic · Apr 10, 2024 · f0b7593 · f0b7593
1 parent 5933e57
commit f0b7593
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 9 deletions.
diff --git a/config/nrfconnect/chip-module/CMakeLists.txt b/config/nrfconnect/chip-module/CMakeLists.txt
@@ -168,8 +168,11 @@ else()
 endif()
 
 if (CONFIG_CHIP_CRYPTO_PSA)
-    matter_add_gn_arg_string("chip_crypto"             "psa")
-    matter_add_gn_arg_bool  ("chip_crypto_psa_spake2p" TRUE)
+    matter_add_gn_arg_string("chip_crypto" "psa")
+    # PSA Spake2+ implementation is not ready for the POSIX target yet
+    if((NOT BOARD STREQUAL "native_posix") AND (NOT BOARD STREQUAL "native_posix_64"))
+        matter_add_gn_arg_bool  ("chip_crypto_psa_spake2p" TRUE)
+    endif()
 endif()
 
 if (BOARD STREQUAL "native_posix")

diff --git a/src/crypto/CHIPCryptoPALPSA.cpp b/src/crypto/CHIPCryptoPALPSA.cpp
@@ -315,7 +315,6 @@ CHIP_ERROR PsaKdf::InitOperation(psa_key_id_t hkdfKey, const ByteSpan & salt, co
 CHIP_ERROR PsaKdf::DeriveBytes(const MutableByteSpan & output)
 {
     psa_status_t status = psa_key_derivation_output_bytes(&mOperation, output.data(), output.size());
-
     VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
 
     return CHIP_NO_ERROR;

diff --git a/src/crypto/PSASpake2p.cpp b/src/crypto/PSASpake2p.cpp
@@ -1,5 +1,5 @@
 /*
- *    Copyright (c) 2023 Project CHIP Authors
+ *    Copyright (c) 2024 Project CHIP Authors
  *    All rights reserved.
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
@@ -181,7 +181,7 @@ CHIP_ERROR PSASpake2p_P256_SHA256_HKDF_HMAC::KeyConfirm(const uint8_t * in, size
     return CHIP_NO_ERROR;
 }
 
-CHIP_ERROR PSASpake2p_P256_SHA256_HKDF_HMAC::GetKeys(uint8_t * out, size_t * out_len)
+CHIP_ERROR PSASpake2p_P256_SHA256_HKDF_HMAC::GetKeys(SessionKeystore & keystore, HkdfKeyHandle & key) const
 {
     auto & keyId = key.AsMutable<psa_key_id_t>();
 
@@ -191,7 +191,7 @@ CHIP_ERROR PSASpake2p_P256_SHA256_HKDF_HMAC::GetKeys(uint8_t * out, size_t * out
     psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
     psa_set_key_algorithm(&attributes, PSA_ALG_HKDF(PSA_ALG_SHA_256));
 
-    psa_status_t status = psa_pake_get_shared_key(&mOperation, &attributes, &keyId);
+    psa_status_t status = psa_pake_get_shared_key(const_cast<psa_pake_operation_t *>(&(mOperation)), &attributes, &keyId);
     VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
 
     return CHIP_NO_ERROR;

diff --git a/src/crypto/PSASpake2p.h b/src/crypto/PSASpake2p.h
@@ -1,5 +1,5 @@
 /*
- *    Copyright (c) 2023 Project CHIP Authors
+ *    Copyright (c) 2024 Project CHIP Authors
  *    All rights reserved.
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
@@ -151,7 +151,7 @@ class PSASpake2p_P256_SHA256_HKDF_HMAC
      *
      * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise
      **/
-    CHIP_ERROR GetKeys(uint8_t * out, size_t * out_len);
+    CHIP_ERROR GetKeys(SessionKeystore & keystore, HkdfKeyHandle & key) const;
 
 private:
     psa_pake_operation_t mOperation = PSA_PAKE_OPERATION_INIT;

diff --git a/src/protocols/secure_channel/PASESession.h b/src/protocols/secure_channel/PASESession.h
@@ -202,7 +202,7 @@ class DLL_EXPORT PASESession : public Messaging::UnsolicitedMessageHandler,
     Optional<Protocols::SecureChannel::MsgType> mNextExpectedMsg;
 
 #if CHIP_CRYPTO_PSA_SPAKE2P
-    Spake2p_P256_SHA256_HKDF_HMAC mSpake2p;
+    Crypto::PSASpake2p_P256_SHA256_HKDF_HMAC mSpake2p;
 #else
     Crypto::Spake2p_P256_SHA256_HKDF_HMAC mSpake2p;
 #endif