From c6899403c17b41bd4f23aa8b5002f6ff5835a67a Mon Sep 17 00:00:00 2001 From: Shubham Patil Date: Thu, 25 May 2023 16:11:45 +0530 Subject: [PATCH] Changes to bump connectedhomeip submodule to revision: 8642c0d - Replaced component esp32_mbedtls with mbedtls from requirements - Enabled CONFIG_MBEDTLS_HKDF_C option in all the sdkconfig.defaults - Removed secure cert dac provider from here and using one in connectedhomeip repo - Enabled CONFIG_ESP_SECURE_CERT_DS_PERIPHERAL in sdkconfig.defaults.esp32h2 --- .gitlab-ci.yml | 2 +- README.md | 2 +- components/esp_matter/CMakeLists.txt | 2 +- .../esp_matter/esp_matter_providers.cpp | 4 +- .../esp_matter/secure_cert_dac_provider.cpp | 144 ------------------ .../esp_matter/secure_cert_dac_provider.h | 41 ----- components/esp_matter_console/CMakeLists.txt | 2 +- connectedhomeip/connectedhomeip | 2 +- docs/en/developing.rst | 2 +- examples/blemesh_bridge/sdkconfig.defaults | 3 + examples/controller/sdkconfig.defaults | 3 + .../esp-now_bridge_light/sdkconfig.defaults | 3 + examples/generic_switch/sdkconfig.defaults | 4 +- .../generic_switch/sdkconfig.defaults.esp32h2 | 2 + examples/light/sdkconfig.defaults | 3 + examples/light/sdkconfig.defaults.esp32h2 | 2 + examples/light_switch/sdkconfig.defaults | 3 + .../light_switch/sdkconfig.defaults.esp32h2 | 2 + examples/zap_light/sdkconfig.defaults | 3 + examples/zap_light/sdkconfig.defaults.esp32h2 | 2 + examples/zigbee_bridge/sdkconfig.defaults | 3 + 21 files changed, 40 insertions(+), 194 deletions(-) delete mode 100644 components/esp_matter/secure_cert_dac_provider.cpp delete mode 100644 components/esp_matter/secure_cert_dac_provider.h diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 82b05a014..741f4d9fb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -190,7 +190,7 @@ build_esp_matter_examples_idf_v5_1: extends: - .build_examples_template variables: - IDF_VERSION: "bb9200acec7dd60e9adb4a381e5400dcd5024534" + IDF_VERSION: "6ad6fb9755ac6433be4d22e30f1811f6605de085" script: - *build_examples_idf_v5_1 diff --git a/README.md b/README.md index 661c1803c..001d73eea 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Espressif's SDK for Matter is the official Matter development framework for ESP3 - This SDK currently works with [v1.1-branch](https://github.com/project-chip/connectedhomeip/tree/v1.1-branch) of connectedhomeip. - For ESP32, ESP32-C3, and ESP32-S3, ESP-IDF [v5.0.1 release](https://github.com/espressif/esp-idf/releases/tag/v5.0.1) is required. -- For ESP32-C2, ESP32-H2(preview) and ESP32-C6(preview) and Zigbee Bridge example, ESP-IDF branch at [commit 420ebd208](https://github.com/espressif/esp-idf/tree/420ebd208) in branch release/v5.1 should be used. +- For ESP32-C2, ESP32-H2(preview) and ESP32-C6(preview) and Zigbee Bridge example, ESP-IDF branch at [commit 6ad6fb9](https://github.com/espressif/esp-idf/tree/6ad6fb9) in branch release/v5.1 should be used. ## Documentation diff --git a/components/esp_matter/CMakeLists.txt b/components/esp_matter/CMakeLists.txt index cebc19452..41a0a6abb 100644 --- a/components/esp_matter/CMakeLists.txt +++ b/components/esp_matter/CMakeLists.txt @@ -69,7 +69,7 @@ set(INCLUDE_DIRS_LIST "." "${MATTER_SDK_PATH}/src" "${ZAP_GENERATED_PATH}/../") -set(REQUIRES_LIST chip bt esp_matter_console nvs_flash app_update esp_secure_cert_mgr esp32_mbedtls esp_system openthread) +set(REQUIRES_LIST chip bt esp_matter_console nvs_flash app_update esp_secure_cert_mgr mbedtls esp_system openthread) idf_component_register( SRC_DIRS ${SRC_DIRS_LIST} INCLUDE_DIRS ${INCLUDE_DIRS_LIST} diff --git a/components/esp_matter/esp_matter_providers.cpp b/components/esp_matter/esp_matter_providers.cpp index 48f956e01..082b55111 100644 --- a/components/esp_matter/esp_matter_providers.cpp +++ b/components/esp_matter/esp_matter_providers.cpp @@ -16,7 +16,7 @@ #include #include #include -#include +#include using namespace chip::DeviceLayer; using namespace chip::Credentials; @@ -73,7 +73,7 @@ void set_custom_device_info_provider(DeviceInfoProvider *provider) static DeviceAttestationCredentialsProvider *get_dac_provider(void) { #if CONFIG_SEC_CERT_DAC_PROVIDER - static SecureCertDACProvider instance; + static ESP32SecureCertDACProvider instance; return &instance; #elif CONFIG_FACTORY_PARTITION_DAC_PROVIDER return &factory_data_provider; diff --git a/components/esp_matter/secure_cert_dac_provider.cpp b/components/esp_matter/secure_cert_dac_provider.cpp deleted file mode 100644 index af9614d94..000000000 --- a/components/esp_matter/secure_cert_dac_provider.cpp +++ /dev/null @@ -1,144 +0,0 @@ -// Copyright 2023 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include -#include -#include -#include -#include -#include -#include - -#define TAG "dac_provider" - -#if CONFIG_SEC_CERT_DAC_PROVIDER - -namespace chip { -namespace DeviceLayer { - -using namespace chip::Credentials; -using namespace chip::DeviceLayer::Internal; - -namespace { -static constexpr uint32_t kDACPrivateKeySize = 32; -static constexpr uint32_t kDACPublicKeySize = 65; -static constexpr uint8_t kPrivKeyOffset = 7; -static constexpr uint8_t kPubKeyOffset = 56; - -CHIP_ERROR LoadKeypairFromRaw(ByteSpan privateKey, ByteSpan publicKey, Crypto::P256Keypair &keypair) -{ - Crypto::P256SerializedKeypair serializedKeypair; - ReturnErrorOnFailure(serializedKeypair.SetLength(privateKey.size() + publicKey.size())); - memcpy(serializedKeypair.Bytes(), publicKey.data(), publicKey.size()); - memcpy(serializedKeypair.Bytes() + publicKey.size(), privateKey.data(), privateKey.size()); - return keypair.Deserialize(serializedKeypair); -} -} // namespace - -CHIP_ERROR SecureCertDACProvider::GetCertificationDeclaration(MutableByteSpan &outBuffer) -{ - size_t certSize; - ReturnErrorOnFailure(ESP32Config::ReadConfigValueBin(ESP32Config::kConfigKey_CertDeclaration, outBuffer.data(), - outBuffer.size(), certSize)); - outBuffer.reduce_size(certSize); - return CHIP_NO_ERROR; -} - -CHIP_ERROR SecureCertDACProvider::GetFirmwareInformation(MutableByteSpan &out_firmware_info_buffer) -{ - // We do not provide any FirmwareInformation. - out_firmware_info_buffer.reduce_size(0); - return CHIP_NO_ERROR; -} - -CHIP_ERROR SecureCertDACProvider::GetDeviceAttestationCert(MutableByteSpan &outBuffer) -{ - char *dac_cert = NULL; - uint32_t dac_len = 0; - - esp_err_t err = esp_secure_cert_get_device_cert(&dac_cert, &dac_len); - if (err == ESP_OK && dac_cert != NULL && dac_len != 0) { - ESP_FAULT_ASSERT(err == ESP_OK && dac_cert != NULL && dac_len != 0); - VerifyOrReturnError(dac_len <= kMaxDERCertLength, CHIP_ERROR_UNSUPPORTED_CERT_FORMAT, - esp_secure_cert_free_ca_cert(dac_cert)); - VerifyOrReturnError(dac_len <= outBuffer.size(), CHIP_ERROR_BUFFER_TOO_SMALL, - esp_secure_cert_free_ca_cert(dac_cert)); - memcpy(outBuffer.data(), dac_cert, outBuffer.size()); - outBuffer.reduce_size(dac_len); - esp_secure_cert_free_device_cert(dac_cert); - return CHIP_NO_ERROR; - } - - ESP_LOGE(TAG, "esp_secure_cert_get_device_cert failed err:%d", err); - return CHIP_ERROR_INCORRECT_STATE; -} - -CHIP_ERROR SecureCertDACProvider::GetProductAttestationIntermediateCert(MutableByteSpan &outBuffer) -{ - char *pai_cert = NULL; - uint32_t pai_len = 0; - - esp_err_t err = esp_secure_cert_get_ca_cert(&pai_cert, &pai_len); - if (err == ESP_OK && pai_cert != NULL && pai_len != 0) { - ESP_FAULT_ASSERT(err == ESP_OK && pai_cert != NULL && pai_len != 0); - VerifyOrReturnError(pai_len <= kMaxDERCertLength, CHIP_ERROR_UNSUPPORTED_CERT_FORMAT, - esp_secure_cert_free_ca_cert(pai_cert)); - VerifyOrReturnError(pai_len <= outBuffer.size(), CHIP_ERROR_BUFFER_TOO_SMALL, - esp_secure_cert_free_ca_cert(pai_cert)); - memcpy(outBuffer.data(), pai_cert, outBuffer.size()); - outBuffer.reduce_size(pai_len); - esp_secure_cert_free_ca_cert(pai_cert); - return CHIP_NO_ERROR; - } - - ESP_LOGE(TAG, "esp_secure_cert_get_ca_cert failed err:%d", err); - return CHIP_ERROR_INCORRECT_STATE; -} - -CHIP_ERROR SecureCertDACProvider::SignWithDeviceAttestationKey(const ByteSpan &messageToSign, - MutableByteSpan &outSignBuffer) -{ - Crypto::P256ECDSASignature signature; - Crypto::P256Keypair keypair; - char *sc_keypair = NULL; - uint32_t sc_keypair_len = 0; - - VerifyOrReturnError(IsSpanUsable(outSignBuffer), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(IsSpanUsable(messageToSign), CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrReturnError(outSignBuffer.size() >= signature.Capacity(), CHIP_ERROR_BUFFER_TOO_SMALL); - - esp_err_t err = esp_secure_cert_get_priv_key(&sc_keypair, &sc_keypair_len); - if (err == ESP_OK && sc_keypair != NULL && sc_keypair_len != 0) { - ESP_FAULT_ASSERT(err == ESP_OK && sc_keypair != NULL && sc_keypair_len != 0); - - CHIP_ERROR chipError = LoadKeypairFromRaw( - ByteSpan(reinterpret_cast(sc_keypair + kPrivKeyOffset), kDACPrivateKeySize), - ByteSpan(reinterpret_cast(sc_keypair + kPubKeyOffset), kDACPublicKeySize), keypair); - VerifyOrReturnError(chipError == CHIP_NO_ERROR, chipError, esp_secure_cert_free_priv_key(sc_keypair)); - - chipError = keypair.ECDSA_sign_msg(messageToSign.data(), messageToSign.size(), signature); - VerifyOrReturnError(chipError == CHIP_NO_ERROR, chipError, esp_secure_cert_free_priv_key(sc_keypair)); - - esp_secure_cert_free_priv_key(sc_keypair); - chipError = CopySpanToMutableSpan(ByteSpan{signature.ConstBytes(), signature.Length()}, outSignBuffer); - return chipError; - } - - ESP_LOGE(TAG, "esp_secure_cert_get_priv_key failed err:%d", err); - return CHIP_ERROR_INCORRECT_STATE; -} -} // namespace DeviceLayer -} // namespace chip - -#endif // CONFIG_SEC_CERT_DAC_PROVIDER diff --git a/components/esp_matter/secure_cert_dac_provider.h b/components/esp_matter/secure_cert_dac_provider.h deleted file mode 100644 index a8f07927c..000000000 --- a/components/esp_matter/secure_cert_dac_provider.h +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright 2023 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -#pragma once - -#include -#include - -#if CONFIG_SEC_CERT_DAC_PROVIDER -namespace chip { -namespace DeviceLayer { - -class SecureCertDACProvider : public Credentials::DeviceAttestationCredentialsProvider -{ -public: - SecureCertDACProvider() : Credentials::DeviceAttestationCredentialsProvider() {} - - CHIP_ERROR GetCertificationDeclaration(MutableByteSpan & outBuffer) override; - - CHIP_ERROR GetFirmwareInformation(MutableByteSpan & out_firmware_info_buffer) override; - - CHIP_ERROR GetDeviceAttestationCert(MutableByteSpan & outBuffer) override; - - CHIP_ERROR GetProductAttestationIntermediateCert(MutableByteSpan & outBuffer) override; - - CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & messageToSign, MutableByteSpan & outSignBuffer) override; -}; - -} // namespace DeviceLayer -} // namespace chip -#endif // CONFIG_SEC_CERT_DAC_PROVIDER diff --git a/components/esp_matter_console/CMakeLists.txt b/components/esp_matter_console/CMakeLists.txt index a81f64459..2ba5e8378 100644 --- a/components/esp_matter_console/CMakeLists.txt +++ b/components/esp_matter_console/CMakeLists.txt @@ -4,4 +4,4 @@ if (CONFIG_ENABLE_CHIP_SHELL) endif() idf_component_register(SRCS ${srcs_list} INCLUDE_DIRS . - PRIV_REQUIRES chip esp32_mbedtls esp_timer bt openthread) + PRIV_REQUIRES chip mbedtls esp_timer bt openthread) diff --git a/connectedhomeip/connectedhomeip b/connectedhomeip/connectedhomeip index 82db97695..8642c0d8d 160000 --- a/connectedhomeip/connectedhomeip +++ b/connectedhomeip/connectedhomeip @@ -1 +1 @@ -Subproject commit 82db97695c2c899cc130c2d6a0d72b3c92c144db +Subproject commit 8642c0d8dc52bd142ff2a633359a7ee5658ed3a5 diff --git a/docs/en/developing.rst b/docs/en/developing.rst index f9f231587..e4b4c90ce 100644 --- a/docs/en/developing.rst +++ b/docs/en/developing.rst @@ -62,7 +62,7 @@ For using VSCode for development, please check `Developing in WSL