diff --git a/ot-efr32.slce b/ot-efr32.slce index 93734ad5..192796fe 100644 --- a/ot-efr32.slce +++ b/ot-efr32.slce @@ -4,6 +4,6 @@ description: "ot-efr32 extension for Gecko SDK Suite" label: "Silicon Labs Matter" sdk: id: gecko_sdk - version: 4.2.1 + version: 4.3.2 component_path: - path: slc/component diff --git a/slc/component/ot_psa_crypto.slcc b/slc/component/ot_psa_crypto.slcc new file mode 100644 index 00000000..7317de9a --- /dev/null +++ b/slc/component/ot_psa_crypto.slcc @@ -0,0 +1,30 @@ +id: ot_psa_crypto +label: PSA Crypto +package: OpenThread +category: OpenThread +quality: production +description: This component references to all the third party support needed by the OpenThread stack +ui_hints: + visibility: never +provides: + - name: ot_psa_crypto +requires: + - name: psa_crypto + - name: psa_its + - name: psa_crypto_hkdf + - name: psa_crypto_cmac + - name: psa_crypto_hmac + - name: psa_crypto_tls12_prf + - name: psa_crypto_tls12_psk_to_ms + - name: psa_crypto_sha256 + - name: psa_crypto_ecdh + - name: psa_crypto_ecdsa + - name: psa_crypto_ecc_secp256r1 + - name: psa_crypto_pbkdf2_cmac +template_contribution: + - name: mbedtls_config + value: MBEDTLS_USE_PSA_CRYPTO + - name: psa_key_slots + value: + name: psa_key_slots_openthread + count: 15 diff --git a/src/platform_projects/openthread-efr32-soc-with-buttons-power-manager-csl.slcp b/src/platform_projects/openthread-efr32-soc-with-buttons-power-manager-csl.slcp index 9c9d4aa2..18bac711 100644 --- a/src/platform_projects/openthread-efr32-soc-with-buttons-power-manager-csl.slcp +++ b/src/platform_projects/openthread-efr32-soc-with-buttons-power-manager-csl.slcp @@ -9,6 +9,7 @@ quality: production component: - id: ot_platform_abstraction_core - id: ot_psa_crypto + from: ot-efr32 - id: ot_thirdparty - id: uartdrv_usart instance: @@ -53,3 +54,10 @@ configuration: define: - name: OPENTHREAD_CONFIG_MAC_CSL_RECEIVER_ENABLE value: 1 + +sdk: + id: gecko_sdk + version: 4.3.2 +sdk_extension: + - id: ot-efr32 + version: 0.0.1 diff --git a/src/platform_projects/openthread-efr32-soc-with-buttons-power-manager.slcp b/src/platform_projects/openthread-efr32-soc-with-buttons-power-manager.slcp index dbbfae3b..9ee067f8 100644 --- a/src/platform_projects/openthread-efr32-soc-with-buttons-power-manager.slcp +++ b/src/platform_projects/openthread-efr32-soc-with-buttons-power-manager.slcp @@ -9,6 +9,7 @@ quality: production component: - id: ot_platform_abstraction_core - id: ot_psa_crypto + from: ot-efr32 - id: ot_thirdparty - id: uartdrv_usart instance: @@ -49,3 +50,10 @@ configuration: condition: [freertos] - name: SL_STACK_SIZE value: 4608 + +sdk: + id: gecko_sdk + version: 4.3.2 +sdk_extension: + - id: ot-efr32 + version: 0.0.1 diff --git a/src/platform_projects/openthread-efr32-soc-with-buttons.slcp b/src/platform_projects/openthread-efr32-soc-with-buttons.slcp index f834e078..3ed290cf 100644 --- a/src/platform_projects/openthread-efr32-soc-with-buttons.slcp +++ b/src/platform_projects/openthread-efr32-soc-with-buttons.slcp @@ -9,6 +9,7 @@ quality: production component: - id: ot_platform_abstraction_core - id: ot_psa_crypto + from: ot-efr32 - id: ot_thirdparty - id: uartdrv_usart instance: @@ -48,3 +49,10 @@ configuration: condition: [freertos] - name: SL_STACK_SIZE value: 4608 + +sdk: + id: gecko_sdk + version: 4.3.2 +sdk_extension: + - id: ot-efr32 + version: 0.0.1 diff --git a/src/platform_projects/openthread-efr32-soc.slcp b/src/platform_projects/openthread-efr32-soc.slcp index 2fdd99c0..194b488d 100644 --- a/src/platform_projects/openthread-efr32-soc.slcp +++ b/src/platform_projects/openthread-efr32-soc.slcp @@ -8,6 +8,7 @@ quality: production component: - id: ot_platform_abstraction_core - id: ot_psa_crypto + from: ot-efr32 - id: ot_thirdparty - id: uartdrv_usart instance: @@ -35,3 +36,10 @@ configuration: condition: [freertos] - name: SL_STACK_SIZE value: 4608 + +sdk: + id: gecko_sdk + version: 4.3.2 +sdk_extension: + - id: ot-efr32 + version: 0.0.1 diff --git a/src/src/crypto.c b/src/src/crypto.c index dd6b0ca6..d755f5c4 100644 --- a/src/src/crypto.c +++ b/src/src/crypto.c @@ -555,4 +555,81 @@ otError otPlatCryptoEcdsaVerifyUsingKeyRef(otCryptoKeyRef aKe return error; } +otError otPlatCryptoPbkdf2GenerateKey(const uint8_t *aPassword, + uint16_t aPasswordLen, + const uint8_t *aSalt, + uint16_t aSaltLen, + uint32_t aIterationCounter, + uint16_t aKeyLen, + uint8_t *aKey) +{ + psa_status_t status; + size_t outSize; + psa_key_id_t passwordKeyId = 0; + psa_key_id_t saltKeyId = 0; + psa_key_id_t keyId = 0; + + // Algorithm is PBKDF2-AES-CMAC-PRF-128 + psa_algorithm_t algo = PSA_ALG_PBKDF2_AES_CMAC_PRF_128; + + // Initialize key derivation + psa_key_derivation_operation_t operation = psa_key_derivation_operation_init(); + status = psa_key_derivation_setup(&operation, algo); + assert(status == PSA_SUCCESS); + + // Set capacity + status = psa_key_derivation_set_capacity(&operation, aKeyLen); + assert(status == PSA_SUCCESS); + + // Set iteration count as cost + status = psa_key_derivation_input_integer(&operation, PSA_KEY_DERIVATION_INPUT_COST, aIterationCounter); + assert(status == PSA_SUCCESS); + + // Create salt as a key + psa_key_attributes_t saltKeyAttr = psa_key_attributes_init(); + psa_set_key_usage_flags(&saltKeyAttr, PSA_KEY_USAGE_DERIVE); + psa_set_key_type(&saltKeyAttr, PSA_KEY_TYPE_RAW_DATA); + psa_set_key_algorithm(&saltKeyAttr, algo); + assert(status == PSA_SUCCESS); + + status = psa_import_key(&saltKeyAttr, aSalt, aSaltLen, &saltKeyId); + assert(status == PSA_SUCCESS); + + // Provide salt + status = psa_key_derivation_input_key(&operation, PSA_KEY_DERIVATION_INPUT_SALT, saltKeyId); + assert(status == PSA_SUCCESS); + + // Create key for password (key) + psa_key_attributes_t passwordKeyAttr = psa_key_attributes_init(); + psa_set_key_usage_flags(&passwordKeyAttr, PSA_KEY_USAGE_DERIVE); + psa_set_key_type(&passwordKeyAttr, PSA_KEY_TYPE_PASSWORD); + psa_set_key_algorithm(&passwordKeyAttr, algo); + + status = psa_import_key(&passwordKeyAttr, aPassword, aPasswordLen, &passwordKeyId); + assert(status == PSA_SUCCESS); + + // Provide password (key) + status = psa_key_derivation_input_key(&operation, PSA_KEY_DERIVATION_INPUT_PASSWORD, passwordKeyId); + assert(status == PSA_SUCCESS); + + // Configure output as a key + psa_key_attributes_t keyAttrResult = psa_key_attributes_init(); + psa_set_key_bits(&keyAttrResult, (8 * aKeyLen)); + psa_set_key_usage_flags(&keyAttrResult, PSA_KEY_USAGE_EXPORT); + psa_set_key_type(&keyAttrResult, PSA_KEY_TYPE_RAW_DATA); + psa_set_key_algorithm(&keyAttrResult, PSA_ALG_CTR); + + status = psa_key_derivation_output_key(&keyAttrResult, &operation, &keyId); + assert(status == PSA_SUCCESS); + + // Export output key + status = psa_export_key(keyId, aKey, aKeyLen, &outSize); + assert(status == PSA_SUCCESS); + + // Release keys used + psa_destroy_key(keyId); + psa_destroy_key(saltKeyId); + psa_destroy_key(passwordKeyId); +} + #endif // OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE