Changes to bump connectedhomeip submodule to revision: 8642c0d

- Replaced component esp32_mbedtls with mbedtls from requirements - Enabled CONFIG_MBEDTLS_HKDF_C option in all the sdkconfig.defaults - Removed secure cert dac provider from here and using one in connectedhomeip repo - Enabled CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL in sdkconfig.defaults.esp32h2
2026-04-27 11:03:05 +00:00 · 2023-05-25 16:11:45 +05:30
parent d2fd1f482e
commit c6899403c1
21 changed files with 40 additions and 194 deletions
@@ -190,7 +190,7 @@ build_esp_matter_examples_idf_v5_1:
    extends:
        - .build_examples_template
    variables:
-        IDF_VERSION: "bb9200acec7dd60e9adb4a381e5400dcd5024534"
+        IDF_VERSION: "6ad6fb9755ac6433be4d22e30f1811f6605de085"
    script:
        - *build_examples_idf_v5_1

@@ -12,7 +12,7 @@ Espressif's SDK for Matter is the official Matter development framework for ESP3

 - This SDK currently works with [v1.1-branch](https://github.com/project-chip/connectedhomeip/tree/v1.1-branch) of connectedhomeip.
 - For ESP32, ESP32-C3, and ESP32-S3, ESP-IDF [v5.0.1 release](https://github.com/espressif/esp-idf/releases/tag/v5.0.1) is required.
- For ESP32-C2, ESP32-H2(preview) and ESP32-C6(preview) and Zigbee Bridge example, ESP-IDF branch at [commit 420ebd208](https://github.com/espressif/esp-idf/tree/420ebd208) in branch release/v5.1 should be used.
+- For ESP32-C2, ESP32-H2(preview) and ESP32-C6(preview) and Zigbee Bridge example, ESP-IDF branch at [commit 6ad6fb9](https://github.com/espressif/esp-idf/tree/6ad6fb9) in branch release/v5.1 should be used.


 ## Documentation
@@ -69,7 +69,7 @@ set(INCLUDE_DIRS_LIST   "."
                        "${MATTER_SDK_PATH}/src"
                        "${ZAP_GENERATED_PATH}/../")

-set(REQUIRES_LIST       chip bt esp_matter_console nvs_flash app_update esp_secure_cert_mgr esp32_mbedtls esp_system openthread)
+set(REQUIRES_LIST       chip bt esp_matter_console nvs_flash app_update esp_secure_cert_mgr mbedtls esp_system openthread)

 idf_component_register( SRC_DIRS        ${SRC_DIRS_LIST}
                        INCLUDE_DIRS    ${INCLUDE_DIRS_LIST}
@@ -16,7 +16,7 @@
 #include <esp_matter_providers.h>
 #include <platform/ESP32/ESP32DeviceInfoProvider.h>
 #include <platform/ESP32/ESP32FactoryDataProvider.h>
-#include <secure_cert_dac_provider.h>
+#include <platform/ESP32/ESP32SecureCertDACProvider.h>

 using namespace chip::DeviceLayer;
 using namespace chip::Credentials;
@@ -73,7 +73,7 @@ void set_custom_device_info_provider(DeviceInfoProvider *provider)
 static DeviceAttestationCredentialsProvider *get_dac_provider(void)
 {
 #if CONFIG_SEC_CERT_DAC_PROVIDER
-    static SecureCertDACProvider instance;
+    static ESP32SecureCertDACProvider instance;
    return &instance;
 #elif CONFIG_FACTORY_PARTITION_DAC_PROVIDER
    return &factory_data_provider;
@@ -1,144 +0,0 @@
-// Copyright 2023 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <credentials/CHIPCert.h>
-#include <crypto/CHIPCryptoPAL.h>
-#include <esp_fault.h>
-#include <esp_log.h>
-#include <esp_secure_cert_read.h>
-#include <platform/ESP32/ESP32Config.h>
-#include <secure_cert_dac_provider.h>
-
-#define TAG "dac_provider"
-
-#if CONFIG_SEC_CERT_DAC_PROVIDER
-
-namespace chip {
-namespace DeviceLayer {
-
-using namespace chip::Credentials;
-using namespace chip::DeviceLayer::Internal;
-
-namespace {
-static constexpr uint32_t kDACPrivateKeySize = 32;
-static constexpr uint32_t kDACPublicKeySize = 65;
-static constexpr uint8_t kPrivKeyOffset = 7;
-static constexpr uint8_t kPubKeyOffset = 56;
-
-CHIP_ERROR LoadKeypairFromRaw(ByteSpan privateKey, ByteSpan publicKey, Crypto::P256Keypair &keypair)
-{
-    Crypto::P256SerializedKeypair serializedKeypair;
-    ReturnErrorOnFailure(serializedKeypair.SetLength(privateKey.size() + publicKey.size()));
-    memcpy(serializedKeypair.Bytes(), publicKey.data(), publicKey.size());
-    memcpy(serializedKeypair.Bytes() + publicKey.size(), privateKey.data(), privateKey.size());
-    return keypair.Deserialize(serializedKeypair);
-}
-} // namespace
-
-CHIP_ERROR SecureCertDACProvider::GetCertificationDeclaration(MutableByteSpan &outBuffer)
-{
-    size_t certSize;
-    ReturnErrorOnFailure(ESP32Config::ReadConfigValueBin(ESP32Config::kConfigKey_CertDeclaration, outBuffer.data(),
-                                                         outBuffer.size(), certSize));
-    outBuffer.reduce_size(certSize);
-    return CHIP_NO_ERROR;
-}
-
-CHIP_ERROR SecureCertDACProvider::GetFirmwareInformation(MutableByteSpan &out_firmware_info_buffer)
-{
-    // We do not provide any FirmwareInformation.
-    out_firmware_info_buffer.reduce_size(0);
-    return CHIP_NO_ERROR;
-}
-
-CHIP_ERROR SecureCertDACProvider::GetDeviceAttestationCert(MutableByteSpan &outBuffer)
-{
-    char *dac_cert = NULL;
-    uint32_t dac_len = 0;
-
-    esp_err_t err = esp_secure_cert_get_device_cert(&dac_cert, &dac_len);
-    if (err == ESP_OK && dac_cert != NULL && dac_len != 0) {
-        ESP_FAULT_ASSERT(err == ESP_OK && dac_cert != NULL && dac_len != 0);
-        VerifyOrReturnError(dac_len <= kMaxDERCertLength, CHIP_ERROR_UNSUPPORTED_CERT_FORMAT,
-                            esp_secure_cert_free_ca_cert(dac_cert));
-        VerifyOrReturnError(dac_len <= outBuffer.size(), CHIP_ERROR_BUFFER_TOO_SMALL,
-                            esp_secure_cert_free_ca_cert(dac_cert));
-        memcpy(outBuffer.data(), dac_cert, outBuffer.size());
-        outBuffer.reduce_size(dac_len);
-        esp_secure_cert_free_device_cert(dac_cert);
-        return CHIP_NO_ERROR;
-    }
-
-    ESP_LOGE(TAG, "esp_secure_cert_get_device_cert failed err:%d", err);
-    return CHIP_ERROR_INCORRECT_STATE;
-}
-
-CHIP_ERROR SecureCertDACProvider::GetProductAttestationIntermediateCert(MutableByteSpan &outBuffer)
-{
-    char *pai_cert = NULL;
-    uint32_t pai_len = 0;
-
-    esp_err_t err = esp_secure_cert_get_ca_cert(&pai_cert, &pai_len);
-    if (err == ESP_OK && pai_cert != NULL && pai_len != 0) {
-        ESP_FAULT_ASSERT(err == ESP_OK && pai_cert != NULL && pai_len != 0);
-        VerifyOrReturnError(pai_len <= kMaxDERCertLength, CHIP_ERROR_UNSUPPORTED_CERT_FORMAT,
-                            esp_secure_cert_free_ca_cert(pai_cert));
-        VerifyOrReturnError(pai_len <= outBuffer.size(), CHIP_ERROR_BUFFER_TOO_SMALL,
-                            esp_secure_cert_free_ca_cert(pai_cert));
-        memcpy(outBuffer.data(), pai_cert, outBuffer.size());
-        outBuffer.reduce_size(pai_len);
-        esp_secure_cert_free_ca_cert(pai_cert);
-        return CHIP_NO_ERROR;
-    }
-
-    ESP_LOGE(TAG, "esp_secure_cert_get_ca_cert failed err:%d", err);
-    return CHIP_ERROR_INCORRECT_STATE;
-}
-
-CHIP_ERROR SecureCertDACProvider::SignWithDeviceAttestationKey(const ByteSpan &messageToSign,
-                                                               MutableByteSpan &outSignBuffer)
-{
-    Crypto::P256ECDSASignature signature;
-    Crypto::P256Keypair keypair;
-    char *sc_keypair = NULL;
-    uint32_t sc_keypair_len = 0;
-
-    VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT);
-    VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT);
-    VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL);
-
-    esp_err_t err = esp_secure_cert_get_priv_key(&sc_keypair, &sc_keypair_len);
-    if (err == ESP_OK && sc_keypair != NULL && sc_keypair_len != 0) {
-        ESP_FAULT_ASSERT(err == ESP_OK && sc_keypair != NULL && sc_keypair_len != 0);
-
-        CHIP_ERROR chipError = LoadKeypairFromRaw(
-            ByteSpan(reinterpret_cast<const uint8_t *>(sc_keypair + kPrivKeyOffset), kDACPrivateKeySize),
-            ByteSpan(reinterpret_cast<const uint8_t *>(sc_keypair + kPubKeyOffset), kDACPublicKeySize), keypair);
-        VerifyOrReturnError(chipError == CHIP_NO_ERROR, chipError, esp_secure_cert_free_priv_key(sc_keypair));
-
-        chipError = keypair.ECDSA_sign_msg(messageToSign.data(), messageToSign.size(), signature);
-        VerifyOrReturnError(chipError == CHIP_NO_ERROR, chipError, esp_secure_cert_free_priv_key(sc_keypair));
-
-        esp_secure_cert_free_priv_key(sc_keypair);
-        chipError = CopySpanToMutableSpan(ByteSpan{signature.ConstBytes(), signature.Length()}, outSignBuffer);
-        return chipError;
-    }
-
-    ESP_LOGE(TAG, "esp_secure_cert_get_priv_key failed err:%d", err);
-    return CHIP_ERROR_INCORRECT_STATE;
-}
-} // namespace DeviceLayer
-} // namespace chip
-
-#endif // CONFIG_SEC_CERT_DAC_PROVIDER
@@ -1,41 +0,0 @@
-// Copyright 2023 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-#pragma once
-
-#include <credentials/DeviceAttestationCredsProvider.h>
-#include <sdkconfig.h>
-
-#if CONFIG_SEC_CERT_DAC_PROVIDER
-namespace chip {
-namespace DeviceLayer {
-
-class SecureCertDACProvider : public Credentials::DeviceAttestationCredentialsProvider
-{
-public:
-    SecureCertDACProvider() : Credentials::DeviceAttestationCredentialsProvider() {}
-
-    CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & outBuffer) override;
-
-    CHIP_ERROR GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) override;
-
-    CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & outBuffer) override;
-
-    CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & outBuffer) override;
-
-    CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & messageToSign, MutableByteSpan & outSignBuffer) override;
-};
-
-} // namespace DeviceLayer
-} // namespace chip
-#endif // CONFIG_SEC_CERT_DAC_PROVIDER
@@ -4,4 +4,4 @@ if (CONFIG_ENABLE_CHIP_SHELL)
 endif()
 idf_component_register(SRCS ${srcs_list}
                    INCLUDE_DIRS .
-                    PRIV_REQUIRES chip esp32_mbedtls esp_timer bt openthread)
+                    PRIV_REQUIRES chip mbedtls esp_timer bt openthread)
@@ -62,7 +62,7 @@ For using VSCode for development, please check `Developing in WSL <https://code.
   ::

      git clone --recursive https://github.com/espressif/esp-idf.git
-      cd esp-idf; git checkout 420ebd208; git submodule update --init --recursive;
+      cd esp-idf; git checkout 6ad6fb9; git submodule update --init --recursive;
      ./install.sh
      cd ..

@@ -56,3 +56,6 @@ CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=n

 # Use compact attribute storage mode
 CONFIG_ESP_MATTER_NVS_USE_COMPACT_ATTR_STORAGE=y
+
+# Enable HKDF in mbedtls
+CONFIG_MBEDTLS_HKDF_C=y
@@ -42,3 +42,6 @@ CONFIG_ESP_MATTER_COMMISSIONER_ENABLE=y

 # Use compact attribute storage mode
 CONFIG_ESP_MATTER_NVS_USE_COMPACT_ATTR_STORAGE=y
+
+# Enable HKDF in mbedtls
+CONFIG_MBEDTLS_HKDF_C=y
@@ -40,3 +40,6 @@ CONFIG_ESPNOW_CONTROL_AUTO_CHANNEL_SENDING=y
 CONFIG_ESPNOW_CONTROL_RETRANSMISSION_TIMES=5
 CONFIG_ESPNOW_CONTROL_FORWARD_TTL=10
 CONFIG_ESPNOW_CONTROL_FORWARD_RSSI=-55
+
+# Enable HKDF in mbedtls
+CONFIG_MBEDTLS_HKDF_C=y
@@ -43,6 +43,8 @@ CONFIG_ENABLE_ESP32_DEVICE_INFO_PROVIDER=y
 CONFIG_FACTORY_DEVICE_INFO_PROVIDER=y
 CONFIG_FACTORY_COMMISSIONABLE_DATA_PROVIDER=y

-
 # Use compact attribute storage mode
 CONFIG_ESP_MATTER_NVS_USE_COMPACT_ATTR_STORAGE=y
+
+# Enable HKDF in mbedtls
+CONFIG_MBEDTLS_HKDF_C=y
@@ -71,3 +71,5 @@ CONFIG_BUTTON_LONG_PRESS_TIME_MS=5000
 # Enable chip shell
 CONFIG_ENABLE_CHIP_SHELL=y

+# Enable DS Peripheral
+CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=y
@@ -40,3 +40,6 @@ CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=n

 # Use compact attribute storage mode
 CONFIG_ESP_MATTER_NVS_USE_COMPACT_ATTR_STORAGE=y
+
+# Enable HKDF in mbedtls
+CONFIG_MBEDTLS_HKDF_C=y
@@ -71,3 +71,5 @@ CONFIG_BUTTON_LONG_PRESS_TIME_MS=5000
 # Enable chip shell
 CONFIG_ENABLE_CHIP_SHELL=y

+# Enable DS Peripheral
+CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=y
@@ -40,3 +40,6 @@ CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=n

 # Use compact attribute storage mode
 CONFIG_ESP_MATTER_NVS_USE_COMPACT_ATTR_STORAGE=y
+
+# Enable HKDF in mbedtls
+CONFIG_MBEDTLS_HKDF_C=y
@@ -71,3 +71,5 @@ CONFIG_BUTTON_LONG_PRESS_TIME_MS=5000
 # Enable chip shell
 CONFIG_ENABLE_CHIP_SHELL=y

+# Enable DS Peripheral
+CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=y
@@ -33,3 +33,6 @@ CONFIG_BUTTON_LONG_PRESS_TIME_MS=5000

 # disable softap by default
 CONFIG_ESP_WIFI_SOFTAP_SUPPORT=n
+
+# Enable HKDF in mbedtls
+CONFIG_MBEDTLS_HKDF_C=y
@@ -71,3 +71,5 @@ CONFIG_BUTTON_LONG_PRESS_TIME_MS=5000
 # Enable chip shell
 CONFIG_ENABLE_CHIP_SHELL=y

+# Enable DS Peripheral
+CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=y
@@ -43,3 +43,6 @@ CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL=n

 # Use compact attribute storage mode
 CONFIG_ESP_MATTER_NVS_USE_COMPACT_ATTR_STORAGE=y
+
+# Enable HKDF in mbedtls
+CONFIG_MBEDTLS_HKDF_C=y