3 * Copyright (c) 2020 Project CHIP Authors
4 * Copyright (c) 2020 Nest Labs, Inc.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
21 * Provides an implementation of the Chip GroupKeyStore interface
22 * for platforms based on the NXP SDK.
24 /* this file behaves like a config.h, comes first */
25 #include <platform/internal/CHIPDeviceLayerInternal.h>
27 #include <platform/K32W/GroupKeyStoreImpl.h>
29 using namespace ::chip;
30 using namespace ::chip::Profiles::Security::AppKeys;
33 namespace DeviceLayer {
36 CHIP_ERROR GroupKeyStoreImpl::RetrieveGroupKey(uint32_t keyId, ChipGroupKey & key)
40 // Iterate over all the GroupKey PDM records looking for a matching key...
41 err = ForEachRecord(kConfigKey_GroupKeyBase, kConfigKey_GroupKeyMax, false,
42 [keyId, &key](const Key & nvmIdKey, const size_t & length) -> CHIP_ERROR {
45 uint8_t buf[kMaxEncodedKeySize]; // (buf length == 45 bytes)
48 // Read the PDM obj binary data data into the buffer.
49 err2 = ReadConfigValueBin(nvmIdKey, buf, sizeof(buf), keyLen);
51 // Decode the CHIP key id for the current key.
52 err2 = DecodeGroupKeyId(buf, keyLen, curKeyId);
55 // If it matches the key we're looking for...
56 if (curKeyId == keyId)
58 // Decode the associated key data.
59 err2 = DecodeGroupKey(buf, keyLen, key);
62 // End the iteration by returning a CHIP_END_OF_INPUT result.
63 ExitNow(err2 = CHIP_END_OF_INPUT);
70 // Modify error code for return.
73 case CHIP_END_OF_INPUT:
74 err = CHIP_NO_ERROR; // Match found.
77 err = CHIP_ERROR_KEY_NOT_FOUND; // Match not found.
86 CHIP_ERROR GroupKeyStoreImpl::StoreGroupKey(const ChipGroupKey & key)
90 // Delete any existing group key with the same id (this may or may not exit).
91 DeleteGroupKey(key.KeyId); // no error checking here.
93 // Iterate over all the GroupKey PDM records looking for the first
94 // empty PDM key where we can store the data. (Note- use arg addNewrecord=true)
95 err = ForEachRecord(kConfigKey_GroupKeyBase, kConfigKey_GroupKeyMax, true,
96 [&key](const Key & pdmKey, const size_t & length) -> CHIP_ERROR {
99 uint8_t buf[kMaxEncodedKeySize]; // (buf length == 45 bytes)
101 // Encode the key for storage in an PDM record.
102 err2 = EncodeGroupKey(key, buf, sizeof(buf), keyLen);
105 // Write the encoded binary data into the PDM object.
106 err2 = WriteConfigValueBin(pdmKey, buf, keyLen);
109 // End the iteration by returning a CHIP_END_OF_INPUT result.
110 ExitNow(err2 = CHIP_END_OF_INPUT);
116 // Modify error code for return.
119 case CHIP_END_OF_INPUT:
120 err = CHIP_NO_ERROR; // Key entry was stored.
123 err = CHIP_ERROR_KEY_NOT_FOUND; // Key entry was not stored.
129 if (err == CHIP_NO_ERROR)
131 #if CHIP_PROGRESS_LOGGING
133 char extraKeyInfo[32];
134 if (ChipKeyId::IsAppEpochKey(key.KeyId))
136 snprintf(extraKeyInfo, sizeof(extraKeyInfo), ", start time %" PRId32, key.StartTime);
138 else if (ChipKeyId::IsAppGroupMasterKey(key.KeyId))
140 snprintf(extraKeyInfo, sizeof(extraKeyInfo), ", global id 0x%08" PRIX32, key.GlobalId);
147 #if CHIP_CONFIG_SECURITY_TEST_MODE
148 ChipLogProgress(SecurityManager,
149 "GroupKeyStore: storing key 0x%08" PRIX32 " (%s), len %" PRId8 ", data 0x%02" PRIX8 "...%s", key.KeyId,
150 ChipKeyId::DescribeKey(key.KeyId), key.KeyLen, key.Key[0], extraKeyInfo);
152 ChipLogProgress(SecurityManager, "GroupKeyStore: storing key 0x%08" PRIX32 " (%s), len %" PRId8 "%s", key.KeyId,
153 ChipKeyId::DescribeKey(key.KeyId), key.KeyLen, extraKeyInfo);
161 CHIP_ERROR GroupKeyStoreImpl::DeleteGroupKey(uint32_t keyId)
165 // Iterate over all the GroupKey PDM records looking for a matching key...
166 err = ForEachRecord(kConfigKey_GroupKeyBase, kConfigKey_GroupKeyMax, false,
167 [keyId](const Key & pdmKey, const size_t & length) -> CHIP_ERROR {
170 uint8_t buf[kMaxEncodedKeySize]; // (buf length == 45 bytes)
173 // Read the PDM obj binary data data into the buffer.
174 err2 = ReadConfigValueBin(pdmKey, buf, sizeof(buf), keyLen);
177 // Decode the Chip key id for the current group key.
178 err2 = DecodeGroupKeyId(buf, keyLen, curKeyId);
181 // If it matches the key we are looking for, delete the PDM record.
182 if (curKeyId == keyId)
184 err2 = ClearConfigValue(pdmKey);
185 ChipLogProgress(DeviceLayer, "GroupKeyStore: deleting key 0x%08" PRIX32, curKeyId);
187 // End the iteration by returning a CHIP_END_OF_INPUT result.
188 ExitNow(err2 = CHIP_END_OF_INPUT);
195 // Modify error code for return.
198 case CHIP_END_OF_INPUT:
199 err = CHIP_NO_ERROR; // Key entry was deleted.
202 err = CHIP_ERROR_KEY_NOT_FOUND; // Key entry was not deleted.
211 CHIP_ERROR GroupKeyStoreImpl::DeleteGroupKeysOfAType(uint32_t keyType)
215 // Iterate over all the GroupKey PDM records looking for a matching key...
216 err = ForEachRecord(kConfigKey_GroupKeyBase, kConfigKey_GroupKeyMax, false,
217 [keyType](const Key & pdmKey, const size_t & length) -> CHIP_ERROR {
220 uint8_t buf[kMaxEncodedKeySize]; // (buf length == 45 bytes)
223 // Read the PDM obj binary data data into the buffer.
224 err2 = ReadConfigValueBin(pdmKey, buf, sizeof(buf), keyLen);
227 // Decode the CHIP key id for the current group key.
228 err2 = DecodeGroupKeyId(buf, keyLen, curKeyId);
231 // If the current key matches the type we are looking for, delete the PDM record.
232 if (ChipKeyId::GetType(curKeyId) == keyType)
234 err2 = ClearConfigValue(pdmKey);
235 ChipLogProgress(DeviceLayer, "GroupKeyStore: deleting key 0x%08" PRIX32, curKeyId);
245 CHIP_ERROR GroupKeyStoreImpl::EnumerateGroupKeys(uint32_t keyType, uint32_t * keyIds, uint8_t keyIdsArraySize, uint8_t & keyCount)
251 // Iterate over all the GroupKey records looking for keys of the specified type...
252 err = ForEachRecord(kConfigKey_GroupKeyBase, kConfigKey_GroupKeyMax, false,
253 [keyType, keyIds, keyIdsArraySize, &keyCount](const Key & pdmKey, const size_t & length) -> CHIP_ERROR {
256 uint8_t buf[kMaxEncodedKeySize]; // (buf length == 45 bytes)
259 // Read the PDM obj binary data data into the buffer.
260 err2 = ReadConfigValueBin(pdmKey, buf, sizeof(buf), keyLen);
263 // Decode the CHIP key id for the current group key.
264 err2 = DecodeGroupKeyId(buf, keyLen, curKeyId);
267 // If the current key matches the type we're looking for, add it to the keyIds array.
268 if ((keyType == ChipKeyId::kType_None) || (ChipKeyId::GetType(curKeyId) == keyType))
270 keyIds[keyCount++] = curKeyId;
272 // Stop iterating if there's no more room in the keyIds array.
273 VerifyOrExit(keyCount < keyIdsArraySize, err2 = CHIP_ERROR_BUFFER_TOO_SMALL);
280 // Simply return a truncated list if there are more matching keys than will fit in the array.
281 if (err == CHIP_ERROR_BUFFER_TOO_SMALL)
289 CHIP_ERROR GroupKeyStoreImpl::Clear(void)
293 // Iterate over all the GroupKey PDM records deleting each one...
294 err = ForEachRecord(kConfigKey_GroupKeyBase, kConfigKey_GroupKeyMax, false,
295 [](const Key & pdmKey, const size_t & length) -> CHIP_ERROR {
298 err2 = ClearConfigValue(pdmKey);
308 CHIP_ERROR GroupKeyStoreImpl::RetrieveLastUsedEpochKeyId(void)
312 err = ReadConfigValue(kConfigKey_LastUsedEpochKeyId, LastUsedEpochKeyId);
313 if (err == CHIP_DEVICE_ERROR_CONFIG_NOT_FOUND)
315 LastUsedEpochKeyId = ChipKeyId::kNone;
321 CHIP_ERROR GroupKeyStoreImpl::StoreLastUsedEpochKeyId(void)
323 return WriteConfigValue(kConfigKey_LastUsedEpochKeyId, LastUsedEpochKeyId);
326 CHIP_ERROR GroupKeyStoreImpl::Init()
329 return CHIP_NO_ERROR;
332 CHIP_ERROR GroupKeyStoreImpl::EncodeGroupKey(const ChipGroupKey & key, uint8_t * buf, size_t bufSize, size_t & encodedKeyLen)
334 CHIP_ERROR err = CHIP_NO_ERROR;
337 VerifyOrExit(bufSize >= kFixedEncodedKeySize + key.KeyLen, err = CHIP_ERROR_BUFFER_TOO_SMALL);
339 Encoding::LittleEndian::Write32(p, key.KeyId);
340 Encoding::LittleEndian::Write32(p, key.StartTime);
341 Encoding::Write8(p, key.KeyLen);
342 memcpy(p, key.Key, key.KeyLen);
345 encodedKeyLen = p - buf;
351 CHIP_ERROR GroupKeyStoreImpl::DecodeGroupKeyId(const uint8_t * encodedKey, size_t encodedKeyLen, uint32_t & keyId)
353 CHIP_ERROR err = CHIP_NO_ERROR;
355 VerifyOrExit(encodedKeyLen >= kFixedEncodedKeySize, err = CHIP_ERROR_INVALID_ARGUMENT);
357 keyId = Encoding::LittleEndian::Get32(encodedKey);
363 CHIP_ERROR GroupKeyStoreImpl::DecodeGroupKey(const uint8_t * encodedKey, size_t encodedKeyLen, ChipGroupKey & key)
365 CHIP_ERROR err = CHIP_NO_ERROR;
366 const uint8_t * p = encodedKey;
368 VerifyOrExit(encodedKeyLen >= kFixedEncodedKeySize, err = CHIP_ERROR_INVALID_ARGUMENT);
370 key.KeyId = Encoding::LittleEndian::Read32(p);
371 key.StartTime = Encoding::LittleEndian::Read32(p);
372 key.KeyLen = Encoding::Read8(p);
374 VerifyOrExit(encodedKeyLen >= kFixedEncodedKeySize + key.KeyLen, err = CHIP_ERROR_INVALID_ARGUMENT);
376 memcpy(key.Key, p, key.KeyLen);
382 } // namespace Internal
383 } // namespace DeviceLayer