From 3fc8d676525d3b2855b6b3b0278673cfb92a8cdd Mon Sep 17 00:00:00 2001 From: Rohan Sahay Date: Thu, 27 Jun 2024 21:53:56 +0530 Subject: [PATCH] [Silabs] Adds support for both PSA and TinyCrypt on SiWx917 SoC (#29776) * Refactor SiWx917 for mbedtls usage * Refactor PlatformManagerImpl initialization * Remove experimental ECDSA support * Adds multithreaded safety in crypto operations * Adds changes for use of SL_MBEDTLS_USE_TINYCRYPT * Adds changes for use of SL_MBEDTLS_USE_TINYCRYPT * addressed comments * Updated as per comments --------- Co-authored-by: Rohan S <3526930+brosahay@users.noreply.github.com> --- .../silabs/SiWx917/SiWx917/sl_wifi_if.cpp | 14 +- src/platform/silabs/PlatformManagerImpl.cpp | 17 +- src/platform/silabs/PlatformManagerImpl.h | 4 +- src/platform/silabs/SiWx917/BUILD.gn | 12 +- .../SiWx917/siwx917-chip-mbedtls-config.h | 162 +++----- .../silabs/SiWx917/siwx917-chip-psa-config.h | 32 ++ third_party/silabs/SiWx917_sdk.gni | 356 ++++++++++++++---- 7 files changed, 398 insertions(+), 199 deletions(-) create mode 100644 src/platform/silabs/SiWx917/siwx917-chip-psa-config.h diff --git a/examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp b/examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp index c89c6768abe62c..5253b3b2ec5062 100644 --- a/examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp +++ b/examples/platform/silabs/SiWx917/SiWx917/sl_wifi_if.cpp @@ -74,10 +74,10 @@ extern "C" { #include "sl_wifi.h" #include "sl_wifi_callback_framework.h" #include "wfx_host_events.h" -#if SLI_SI91X_MCU_INTERFACE +#if SL_MBEDTLS_USE_TINYCRYPT +#include "sl_si91x_constants.h" #include "sl_si91x_trng.h" -#define TRNGKEY_SIZE 4 -#endif // SLI_SI91X_MCU_INTERFACE +#endif // SL_MBEDTLS_USE_TINYCRYPT } WfxRsi_t wfx_rsi; @@ -456,8 +456,8 @@ static sl_status_t wfx_rsi_init(void) return status; } -#ifdef SLI_SI91X_MCU_INTERFACE - const uint32_t trngKey[TRNGKEY_SIZE] = { 0x16157E2B, 0xA6D2AE28, 0x8815F7AB, 0x3C4FCF09 }; +#ifdef SL_MBEDTLS_USE_TINYCRYPT + const uint32_t trngKey[TRNG_KEY_SIZE] = { 0x16157E2B, 0xA6D2AE28, 0x8815F7AB, 0x3C4FCF09 }; // To check the Entropy of TRNG and verify TRNG functioning. status = sl_si91x_trng_entropy(); @@ -468,13 +468,13 @@ static sl_status_t wfx_rsi_init(void) } // Initiate and program the key required for TRNG hardware engine - status = sl_si91x_trng_program_key((uint32_t *) trngKey, TRNGKEY_SIZE); + status = sl_si91x_trng_program_key((uint32_t *) trngKey, TRNG_KEY_SIZE); if (status != SL_STATUS_OK) { SILABS_LOG("TRNG Key Programming Failed"); return status; } -#endif // SLI_SI91X_MCU_INTERFACE +#endif // SL_MBEDTLS_USE_TINYCRYPT wfx_rsi.events = xEventGroupCreateStatic(&rsiDriverEventGroup); wfx_rsi.dev_state |= WFX_RSI_ST_DEV_READY; diff --git a/src/platform/silabs/PlatformManagerImpl.cpp b/src/platform/silabs/PlatformManagerImpl.cpp index 4e54a2a53f98a5..741a0b6b8676e1 100644 --- a/src/platform/silabs/PlatformManagerImpl.cpp +++ b/src/platform/silabs/PlatformManagerImpl.cpp @@ -31,9 +31,9 @@ #include #include -#if defined(TINYCRYPT_PRIMITIVES) +#if defined(SL_MBEDTLS_USE_TINYCRYPT) #include "tinycrypt/ecc.h" -#endif // TINYCRYPT_PRIMITIVES +#endif // SL_MBEDTLS_USE_TINYCRYPT #if CHIP_SYSTEM_CONFIG_USE_LWIP #include @@ -46,7 +46,7 @@ namespace DeviceLayer { PlatformManagerImpl PlatformManagerImpl::sInstance; -#if defined(TINYCRYPT_PRIMITIVES) +#if defined(SL_MBEDTLS_USE_TINYCRYPT) sys_mutex_t PlatformManagerImpl::rngMutexHandle = NULL; int PlatformManagerImpl::uECC_RNG_Function(uint8_t * dest, unsigned int size) @@ -76,12 +76,10 @@ static int app_entropy_source(void * data, unsigned char * output, size_t len, s return 0; } #endif // !SLI_SI91X_MCU_INTERFACE -#endif // TINYCRYPT_PRIMITIVES - +#endif // SL_MBEDTLS_USE_TINYCRYPT CHIP_ERROR PlatformManagerImpl::_InitChipStack(void) { CHIP_ERROR err; - // Initialize the configuration system. err = chip::DeviceLayer::PersistedStorage::KeyValueStoreMgrImpl().Init(); SuccessOrExit(err); @@ -93,14 +91,15 @@ CHIP_ERROR PlatformManagerImpl::_InitChipStack(void) ReturnErrorOnFailure(System::Clock::InitClock_RealTime()); -#if defined(TINYCRYPT_PRIMITIVES) +#if defined(SL_MBEDTLS_USE_TINYCRYPT) #if !(SLI_SI91X_MCU_INTERFACE) - ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16 /*Threshold value*/)); + // 16 : Threshold value + ReturnErrorOnFailure(chip::Crypto::add_entropy_source(app_entropy_source, NULL, 16)); #endif // !SLI_SI91X_MCU_INTERFACE /* Set RNG function for tinycrypt operations. */ VerifyOrExit(sys_mutex_new(&rngMutexHandle) == ERR_OK, err = CHIP_ERROR_NO_MEMORY); uECC_set_rng(PlatformManagerImpl::uECC_RNG_Function); -#endif // TINYCRYPT_PRIMITIVES +#endif // SL_MBEDTLS_USE_TINYCRYPT // Call _InitChipStack() on the generic implementation base class // to finish the initialization process. diff --git a/src/platform/silabs/PlatformManagerImpl.h b/src/platform/silabs/PlatformManagerImpl.h index 4a0bfdb52c1e81..b44fbadbfa3308 100644 --- a/src/platform/silabs/PlatformManagerImpl.h +++ b/src/platform/silabs/PlatformManagerImpl.h @@ -41,7 +41,7 @@ class PlatformManagerImpl final : public PlatformManager, public Internal::Gener // the implementation methods provided by this class. friend PlatformManager; -#if defined(TINYCRYPT_PRIMITIVES) +#if defined(SL_MBEDTLS_USE_TINYCRYPT) // Since the RNG callback will be called from multiple threads, // use this mutex to lock/unlock the call to Matter RNG API, which // uses some global variables. @@ -51,7 +51,7 @@ class PlatformManagerImpl final : public PlatformManager, public Internal::Gener // It must be set before calling any sign operations, // which are used in both Matter and OT threads. static int uECC_RNG_Function(uint8_t * dest, unsigned int size); -#endif +#endif // SL_MBEDTLS_USE_TINYCRYPT // Allow the generic implementation base class to call helper methods on // this class. diff --git a/src/platform/silabs/SiWx917/BUILD.gn b/src/platform/silabs/SiWx917/BUILD.gn index 27df228be44222..ca3c4042349113 100644 --- a/src/platform/silabs/SiWx917/BUILD.gn +++ b/src/platform/silabs/SiWx917/BUILD.gn @@ -18,11 +18,14 @@ import("${chip_root}/src/platform/device.gni") import("${chip_root}/build/chip/buildconfig_header.gni") import("${chip_root}/src/crypto/crypto.gni") +import("${chip_root}/src/platform/silabs/wifi_args.gni") +import("${chip_root}/third_party/silabs/SiWx917_sdk.gni") import("${chip_root}/third_party/silabs/silabs_board.gni") silabs_platform_dir = "${chip_root}/src/platform/silabs" assert(chip_device_platform == "SiWx917") + if (chip_crypto == "platform") { import("//build_overrides/mbedtls.gni") } @@ -80,7 +83,14 @@ static_library("SiWx917") { # Add platform crypto implementation if (chip_crypto == "platform") { - sources += [ "CHIPCryptoPALTinyCrypt.cpp" ] + if (sl_si91x_crypto_flavor == "tinycrypt") { + sources += [ "CHIPCryptoPALTinyCrypt.cpp" ] + } + + if (sl_si91x_crypto_flavor == "psa") { + sources += [ "${silabs_platform_dir}/efr32/CHIPCryptoPALPsaEfr32.cpp" ] + } + public_deps += [ "${chip_root}/src/crypto", "${mbedtls_root}:mbedtls", diff --git a/src/platform/silabs/SiWx917/siwx917-chip-mbedtls-config.h b/src/platform/silabs/SiWx917/siwx917-chip-mbedtls-config.h index 1fb5fde59341af..de0298957c4836 100644 --- a/src/platform/silabs/SiWx917/siwx917-chip-mbedtls-config.h +++ b/src/platform/silabs/SiWx917/siwx917-chip-mbedtls-config.h @@ -1,111 +1,86 @@ /* - * Copyright (c) 2021, The OpenThread Authors. - * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the - * names of its contributors may be used to endorse or promote products - * derived from this software without specific prior written permission. + * Copyright (c) 2024 Project CHIP Authors + * All rights reserved. * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #pragma once -#include -#include -#include -/** - * Enable FreeRTOS threading support - */ -#define MBEDTLS_FREERTOS +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_MEMORY +#define MBEDTLS_VERSION_C +#define MBEDTLS_VERSION_FEATURES -/** - * Enable H Crypto and Entropy modules - */ -#define MBEDTLS_AES_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ECDH_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_CIPHER_MODE_CTR -#define MBEDTLS_TRNG_C +#define MBEDTLS_HKDF_C +#define MBEDTLS_PKCS5_C -#define MBEDTLS_NO_PLATFORM_ENTROPY -#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +// DIC Specific Configurations +#ifdef DIC_ENABLE -#if defined(MBEDTLS_ECP_ALT) && !defined(MBEDTLS_ECP_RESTARTABLE) -typedef void mbedtls_ecp_restart_ctx; -#endif +#define MBEDTLS_MPI_MAX_SIZE 512 -#ifdef DIC_ENABLE -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_RSA_NO_CRT #define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_CIPHER_MODE_WITH_PADDING #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#define MBEDTLS_PKCS1_V15 #define MBEDTLS_RSA_C +#define MBEDTLS_RSA_NO_CRT #define MBEDTLS_SHA1_C #define MBEDTLS_SSL_IN_CONTENT_LEN 5120 +#define MBEDTLS_SSL_MAX_CONTENT_LEN 5120 #define MBEDTLS_SSL_OUT_CONTENT_LEN 1560 -#define MBEDTLS_DEBUG_C -#define MBEDTLS_CIPHER_MODE_WITH_PADDING -#endif + +#endif // DIC_ENABLE + +#ifdef SL_MBEDTLS_USE_TINYCRYPT +#define TINYCRYPT_PRIMITIVES +#define OPTIMIZE_TINYCRYPT_ASM + +#define MBEDTLS_FREERTOS + +#if (!(DIC_ENABLE) || !defined(DIC_ENABLE)) +/**< Maximum windows size used. */ +#define MBEDTLS_MPI_WINDOW_SIZE 1 + +/**< Maximum number of bytes for usable MPIs. */ +#define MBEDTLS_MPI_MAX_SIZE 32 +/**< Maxium fragment length in bytes */ +#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 +#endif // !(DIC_ENABLE) + +#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES #define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf #define MBEDTLS_AES_ROM_TABLES -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BASE64_C -#define MBEDTLS_BIGNUM_C #define MBEDTLS_CCM_C -#define MBEDTLS_CIPHER_C #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_CIPHER_MODE_CFB -#define MBEDTLS_CMAC_C -#define MBEDTLS_CTR_DRBG_C +#define MBEDTLS_CIPHER_MODE_CTR +#define MBEDTLS_ECDH_C #define MBEDTLS_ECDH_LEGACY_CONTEXT -#define MBEDTLS_ECDSA_C #define MBEDTLS_ECDSA_DETERMINISTIC #define MBEDTLS_ECJPAKE_C -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 #define MBEDTLS_ECP_NIST_OPTIM -#define MBEDTLS_ENTROPY_FORCE_SHA256 -// TODO: 3R -// #define MBEDTLS_ENTROPY_HARDWARE_ALT - +#define MBEDTLS_ECP_WINDOW_SIZE 2 #define MBEDTLS_ERROR_STRERROR_DUMMY #define MBEDTLS_HAVE_ASM -#define MBEDTLS_HKDF_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_MD_C -#define MBEDTLS_OID_C -#define MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PEM_WRITE_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PKCS5_C -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY #define MBEDTLS_SHA256_SMALLER #define MBEDTLS_SHA512_C #define MBEDTLS_SSL_CLI_C @@ -115,38 +90,17 @@ typedef void mbedtls_ecp_restart_ctx; #define MBEDTLS_SSL_EXPORT_KEYS #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -#define MBEDTLS_SSL_PROTO_TLS1_2 #define MBEDTLS_SSL_PROTO_DTLS +#define MBEDTLS_SSL_PROTO_TLS1_2 #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C -#define MBEDTLS_X509_CREATE_C -#define MBEDTLS_X509_CSR_WRITE_C -#define MBEDTLS_X509_CRL_PARSE_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_CSR_PARSE_C -#define MBEDTLS_X509_USE_C - -#define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */ -#ifdef DIC_ENABLE -#define MBEDTLS_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */ -#else -#define MBEDTLS_MPI_MAX_SIZE 32 /**< Maximum number of bytes for usable MPIs. */ -#endif -#define MBEDTLS_ECP_MAX_BITS 256 /**< Maximum bit size of groups */ -#define MBEDTLS_ECP_WINDOW_SIZE 2 /**< Maximum window size used */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 /**< Maximum number of sources supported */ - -#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE -#define MBEDTLS_SSL_MAX_CONTENT_LEN 900 /**< Maxium fragment length in bytes */ -#else -#ifdef DIC_ENABLE -#define MBEDTLS_SSL_MAX_CONTENT_LEN 5120 /**< Maxium fragment length in bytes */ -#else -#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 /**< Maxium fragment length in bytes */ -#endif // DIC +#define MBEDTLS_TRNG_C + +#if defined(MBEDTLS_ECP_ALT) && !defined(MBEDTLS_ECP_RESTARTABLE) +typedef void mbedtls_ecp_restart_ctx; #endif -#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 +#endif // SL_MBEDTLS_USE_TINYCRYPT -#include "mbedtls/check_config.h" +// SLC GENERATED +#include "sl_mbedtls_config.h" diff --git a/src/platform/silabs/SiWx917/siwx917-chip-psa-config.h b/src/platform/silabs/SiWx917/siwx917-chip-psa-config.h new file mode 100644 index 00000000000000..f498cccc2b2582 --- /dev/null +++ b/src/platform/silabs/SiWx917/siwx917-chip-psa-config.h @@ -0,0 +1,32 @@ +/* + * + * Copyright (c) 2024 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +// DIC Specific Configurations +#ifdef DIC_ENABLE +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF + +#define PSA_WANT_ALG_CBC_NO_PADDING +#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN +#define PSA_WANT_ALG_SOME_PAKE +#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY +#endif // DIC_ENABLE + +// SLC GENERATED +#include "psa_crypto_config.h" diff --git a/third_party/silabs/SiWx917_sdk.gni b/third_party/silabs/SiWx917_sdk.gni index ddda1e68b7f4b7..6dd4085381ad4f 100644 --- a/third_party/silabs/SiWx917_sdk.gni +++ b/third_party/silabs/SiWx917_sdk.gni @@ -16,10 +16,12 @@ import("//build_overrides/chip.gni") import("//build_overrides/efr32_sdk.gni") import("//build_overrides/jlink.gni") import("//build_overrides/mbedtls.gni") -import("${efr32_sdk_build_root}/efr32_sdk.gni") import("${chip_root}/src/app/icd/icd.gni") +import("${chip_root}/src/crypto/crypto.gni") import("${chip_root}/src/lib/lib.gni") +import("${chip_root}/src/platform/silabs/wifi_args.gni") +import("${efr32_sdk_build_root}/efr32_sdk.gni") import("silabs_board.gni") examples_plat_dir = "${chip_root}/examples/platform/silabs/SiWx917" @@ -31,6 +33,9 @@ declare_args() { # Periodic time at which the 917 SoC should wakeup si91x_alarm_periodic_time = 30 + # option to select the crypto library + sl_si91x_crypto_flavor = "tinycrypt" + # enable 917 SoC M4 sleep wakeup si917_m4_sleep_enabled = false } @@ -44,13 +49,19 @@ template("siwx917_sdk") { sdk_target_name = target_name config("${sdk_target_name}_config") { + defines = [] include_dirs = [] libs = [] - defines = [] + cflags = [] + if (defined(invoker.include_dirs)) { include_dirs += invoker.include_dirs } + if (defined(invoker.defines)) { + defines += invoker.defines + } + # Treat these includes as system includes, so warnings in them are not fatal. _include_dirs = [ "${chip_root}", @@ -58,11 +69,8 @@ template("siwx917_sdk") { "${efr32_sdk_root}/platform/emdrv/nvm3/inc", "${efr32_sdk_root}/platform/emdrv/common/inc", "${efr32_sdk_root}/platform/service/device_init/inc", - "${sdk_support_root}/matter/mbedtls/tinycrypt/inc", "${sdk_support_root}/matter/si91x/siwx917/BRD4338A/autogen", "${sdk_support_root}/matter/si91x/siwx917/BRD4338A/config", - "${chip_root}/third_party/mbedtls/repo/include", - "${chip_root}/third_party/mbedtls/repo/library", "${chip_root}/src/platform/silabs/rs911x", @@ -173,7 +181,6 @@ template("siwx917_sdk") { # To fix this, these files are also manually depended upon in the source set # declared in siwx917_mbedtls_config further down this file. defines += [ - "MBEDTLS_CONFIG_FILE=\"siwx917-chip-mbedtls-config.h\"", "__STARTUP_CLEAR_BSS", "HARD_FAULT_LOG_ENABLE", "SL_HEAP_SIZE=32768", @@ -197,8 +204,6 @@ template("siwx917_sdk") { "USE_NVM3=1", "SLI_SI91X_ENABLE_BLE=1", "SL_SI91X_ENABLE_LITTLE_ENDIAN=1", - "TINYCRYPT_PRIMITIVES", - "OPTIMIZE_TINYCRYPT_ASM", "__error_t_defined", "RSI_SAMPLE_HAL", "DEBUG_UART=1", @@ -245,7 +250,6 @@ template("siwx917_sdk") { defines += [ "ENABLE_CHIP_SHELL" ] } - import("${chip_root}/src/platform/silabs/wifi_args.gni") defines += [ "LWIP_NETIF_API=1" ] if (lwip_ipv4) { defines += [ @@ -341,11 +345,6 @@ template("siwx917_sdk") { libs += [ "${sdk_support_root}/platform/emdrv/nvm3/lib/libnvm3_CM4_gcc.a" ] - cflags = [] - foreach(include_dir, _include_dirs) { - cflags += [ "-isystem" + rebase_path(include_dir, root_build_dir) ] - } - cflags += [ "-Wno-maybe-uninitialized", "-Wno-shadow", @@ -359,23 +358,256 @@ template("siwx917_sdk") { "-Wno-unused-function", ] - if (defined(invoker.defines)) { - defines += invoker.defines + foreach(include_dir, _include_dirs) { + cflags += [ "-isystem" + rebase_path(include_dir, root_build_dir) ] } } - source_set("siwx917_mbedtls_config") { - # We're setting the mbedTLS config flags here as the siwx917_sdk target - # acts as the mbedTLS target for SiWx917 builds. We need this for the build - # system to recompile mbedTLS (= the SDK) when the mbedTLS config gets - # edited. - sources = [ - "${chip_root}/src/platform/silabs/SiWx917/siwx917-chip-mbedtls-config.h", - ] + assert(chip_crypto == "platform" && (sl_si91x_crypto_flavor == "tinycrypt" || + sl_si91x_crypto_flavor == "psa"), + "sl_si91x_crypto_flavor must be tinycrypt or psa") + + if (chip_crypto == "platform") { + if (sl_si91x_crypto_flavor == "psa") { + _mbedtls_root = "${efr32_sdk_root}/util/third_party/mbedtls" + + sl_si91x_psa_crypto_path = + "${wifi_sdk_root}/components/device/silabs/si91x/wireless/crypto/" + + config("sl_si91x_psa_crypto_config") { + defines = [ + "MBEDTLS_CONFIG_FILE=\"siwx917-chip-mbedtls-config.h\"", + "MBEDTLS_PSA_CRYPTO_CONFIG_FILE=\"siwx917-chip-psa-config.h\"", + + # WISECONNECT 3 SDK + "SLI_AEAD_DEVICE_SI91X=1", + "SLI_CIPHER_DEVICE_SI91X=1", + "SLI_ECDH_DEVICE_SI91X=1", + "SLI_MAC_DEVICE_SI91X=1", + "SLI_SHA_DEVICE_SI91X=1", + "SLI_TRNG_DEVICE_SI91X=1", + "SLI_SECURE_KEY_STORAGE_DEVICE_SI91X=1", + "SLI_MULTITHREAD_DEVICE_SI91X=1", + ] - public_deps = [ "${chip_root}/src/crypto:crypto_buildconfig" ] - } + include_dirs = [ + # WISECONNECT 3 SDK + "${sl_si91x_psa_crypto_path}/inc", + "${sl_si91x_psa_crypto_path}/aes/inc", + "${sl_si91x_psa_crypto_path}/aead/inc", + "${sl_si91x_psa_crypto_path}/ccm/inc", + "${sl_si91x_psa_crypto_path}/ecdh/inc", + "${sl_si91x_psa_crypto_path}/ecdsa/inc", + "${sl_si91x_psa_crypto_path}/hmac/inc", + "${sl_si91x_psa_crypto_path}/mac/inc", + "${sl_si91x_psa_crypto_path}/gcm/inc", + "${sl_si91x_psa_crypto_path}/sha/inc", + "${sl_si91x_psa_crypto_path}/trng/inc", + "${sl_si91x_psa_crypto_path}/wrap/inc", + "${sl_si91x_psa_crypto_path}/multithread/inc", + + # mbedTLS + "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/config", + "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/config/preset", + "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/inc", + "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/inc", + "${efr32_sdk_root}/util/third_party/mbedtls/include", + "${efr32_sdk_root}/util/third_party/mbedtls/library", + ] + } + source_set("sl_si91x_psa_crypto") { + # We're setting the mbedTLS config flags here as the siwx917_sdk target + # acts as the mbedTLS target for SiWx917 builds. We need this for the build + # system to recompile mbedTLS (= the SDK) when the mbedTLS config gets + # edited. + sources = [ + "${_mbedtls_root}/include/mbedtls/platform.h", + "${_mbedtls_root}/include/mbedtls/version.h", + "${chip_root}/src/platform/silabs/SiWx917/siwx917-chip-mbedtls-config.h", + "${chip_root}/src/platform/silabs/SiWx917/siwx917-chip-psa-config.h", + + # mbedtls + "${_mbedtls_root}/library/aes.c", + "${_mbedtls_root}/library/asn1parse.c", + "${_mbedtls_root}/library/asn1write.c", + "${_mbedtls_root}/library/base64.c", + "${_mbedtls_root}/library/bignum.c", + "${_mbedtls_root}/library/bignum_core.c", + "${_mbedtls_root}/library/ccm.c", + "${_mbedtls_root}/library/cipher.c", + "${_mbedtls_root}/library/cipher_wrap.c", + "${_mbedtls_root}/library/cmac.c", + "${_mbedtls_root}/library/constant_time.c", + "${_mbedtls_root}/library/ctr_drbg.c", + "${_mbedtls_root}/library/ecdh.c", + "${_mbedtls_root}/library/ecdsa.c", + "${_mbedtls_root}/library/ecjpake.c", + "${_mbedtls_root}/library/ecp.c", + "${_mbedtls_root}/library/ecp_curves.c", + "${_mbedtls_root}/library/ecp_curves_new.c", + "${_mbedtls_root}/library/entropy.c", + "${_mbedtls_root}/library/entropy_poll.c", + "${_mbedtls_root}/library/hkdf.c", + "${_mbedtls_root}/library/hmac_drbg.c", + "${_mbedtls_root}/library/md.c", + "${_mbedtls_root}/library/oid.c", + "${_mbedtls_root}/library/pem.c", + "${_mbedtls_root}/library/pk.c", + "${_mbedtls_root}/library/pk_wrap.c", + "${_mbedtls_root}/library/pkcs5.c", + "${_mbedtls_root}/library/pkparse.c", + "${_mbedtls_root}/library/pkwrite.c", + "${_mbedtls_root}/library/platform.c", + "${_mbedtls_root}/library/platform_util.c", + "${_mbedtls_root}/library/psa_crypto.c", + "${_mbedtls_root}/library/psa_crypto_aead.c", + "${_mbedtls_root}/library/psa_crypto_cipher.c", + "${_mbedtls_root}/library/psa_crypto_client.c", + "${_mbedtls_root}/library/psa_crypto_driver_wrappers_no_static.c", + "${_mbedtls_root}/library/psa_crypto_ecp.c", + "${_mbedtls_root}/library/psa_crypto_hash.c", + "${_mbedtls_root}/library/psa_crypto_mac.c", + "${_mbedtls_root}/library/psa_crypto_rsa.c", + "${_mbedtls_root}/library/psa_crypto_se.c", + "${_mbedtls_root}/library/psa_crypto_slot_management.c", + "${_mbedtls_root}/library/psa_crypto_storage.c", + "${_mbedtls_root}/library/psa_util.c", + "${_mbedtls_root}/library/sha256.c", + "${_mbedtls_root}/library/ssl_cache.c", + "${_mbedtls_root}/library/ssl_ciphersuites.c", + "${_mbedtls_root}/library/ssl_client.c", + "${_mbedtls_root}/library/ssl_cookie.c", + "${_mbedtls_root}/library/ssl_msg.c", + "${_mbedtls_root}/library/ssl_ticket.c", + "${_mbedtls_root}/library/ssl_tls.c", + "${_mbedtls_root}/library/ssl_tls12_client.c", + "${_mbedtls_root}/library/ssl_tls12_server.c", + "${_mbedtls_root}/library/threading.c", + "${_mbedtls_root}/library/version.c", + "${_mbedtls_root}/library/x509.c", + "${_mbedtls_root}/library/x509_create.c", + "${_mbedtls_root}/library/x509_crl.c", + "${_mbedtls_root}/library/x509_crt.c", + "${_mbedtls_root}/library/x509_csr.c", + "${_mbedtls_root}/library/x509write_crt.c", + "${_mbedtls_root}/library/x509write_csr.c", + + # GECKO SDK + "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/sl_psa_crypto.c", + "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/sli_psa_crypto.c", + "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sl_psa_its_nvm3.c", + "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_psa_trng.c", + + # WISECONNECT 3 SDK + "${sl_si91x_psa_crypto_path}/aead/src/sl_si91x_psa_aead.c", + "${sl_si91x_psa_crypto_path}/aes/src/sl_si91x_aes.c", + "${sl_si91x_psa_crypto_path}/aes/src/sl_si91x_psa_aes.c", + "${sl_si91x_psa_crypto_path}/ccm/src/sl_si91x_ccm.c", + "${sl_si91x_psa_crypto_path}/ecdh/src/sl_si91x_ecdh.c", + "${sl_si91x_psa_crypto_path}/ecdh/src/sl_si91x_psa_ecdh.c", + "${sl_si91x_psa_crypto_path}/ecdsa/src/sl_si91x_ecdsa.c", + "${sl_si91x_psa_crypto_path}/ecdsa/src/sl_si91x_psa_ecdsa.c", + "${sl_si91x_psa_crypto_path}/gcm/src/sl_si91x_gcm.c", + "${sl_si91x_psa_crypto_path}/hmac/src/sl_si91x_hmac.c", + "${sl_si91x_psa_crypto_path}/mac/src/sl_si91x_psa_mac.c", + "${sl_si91x_psa_crypto_path}/multithread/src/sl_si91x_crypto_thread.c", + "${sl_si91x_psa_crypto_path}/sha/src/sl_si91x_psa_sha.c", + "${sl_si91x_psa_crypto_path}/sha/src/sl_si91x_sha.c", + "${sl_si91x_psa_crypto_path}/src/sli_si91x_crypto_driver_functions.c", + "${sl_si91x_psa_crypto_path}/trng/src/sl_si91x_psa_trng.c", + "${sl_si91x_psa_crypto_path}/wrap/src/sl_si91x_psa_wrap.c", + "${sl_si91x_psa_crypto_path}/wrap/src/sl_si91x_wrap.c", + ] + + public_deps = [ "${chip_root}/src/crypto:crypto_buildconfig" ] + + public_configs = [ + ":${sdk_target_name}_config", + ":sl_si91x_psa_crypto_config", + ] + } + } + + if (sl_si91x_crypto_flavor == "tinycrypt") { + _mbedtls_root = "${mbedtls_root}/repo" + + config("siwx917_tinycrypt_config") { + defines = [ + "SL_MBEDTLS_USE_TINYCRYPT", + "MBEDTLS_CONFIG_FILE=\"siwx917-chip-mbedtls-config.h\"", + ] + + include_dirs = [ + "${sdk_support_root}/matter/mbedtls/tinycrypt/inc", + "${_mbedtls_root}/include", + "${_mbedtls_root}/library", + + # GECKO SDK configuration included to be used in autogenerated files + "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/config", + "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/config/preset", + "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/inc", + ] + } + + source_set("siwx917_tinycrypt") { + sources = [ + # config file + "${_mbedtls_root}/include/mbedtls/platform.h", + "${_mbedtls_root}/include/mbedtls/version.h", + "${chip_root}/src/platform/silabs/SiWx917/siwx917-chip-mbedtls-config.h", + + # mbedtls + "${_mbedtls_root}/library/aes.c", + "${_mbedtls_root}/library/asn1parse.c", + "${_mbedtls_root}/library/asn1write.c", + "${_mbedtls_root}/library/base64.c", + "${_mbedtls_root}/library/bignum.c", + "${_mbedtls_root}/library/ccm.c", + "${_mbedtls_root}/library/cipher.c", + "${_mbedtls_root}/library/cipher_wrap.c", + "${_mbedtls_root}/library/constant_time.c", + "${_mbedtls_root}/library/ctr_drbg.c", + "${_mbedtls_root}/library/ecdh.c", + "${_mbedtls_root}/library/ecdsa.c", + "${_mbedtls_root}/library/ecp.c", + "${_mbedtls_root}/library/ecp_curves.c", + "${_mbedtls_root}/library/entropy.c", + "${_mbedtls_root}/library/hkdf.c", + "${_mbedtls_root}/library/hmac_drbg.c", + "${_mbedtls_root}/library/md.c", + "${_mbedtls_root}/library/pem.c", + "${_mbedtls_root}/library/pkcs5.c", + "${_mbedtls_root}/library/platform.c", + "${_mbedtls_root}/library/sha256.c", + "${_mbedtls_root}/library/sha512.c", + "${_mbedtls_root}/library/version.c", + "${_mbedtls_root}/library/x509_create.c", + + # tinycrypt + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/ecc.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/ecc_dh.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/ecc_dsa.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/error.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/oid.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/pk.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/pk_wrap.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/pkparse.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/pkwrite.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/platform_util.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/x509_crt.c", + "${sdk_support_root}/matter/mbedtls/tinycrypt/src/x509write_csr.c", + ] + + public_deps = [ "${chip_root}/src/crypto:crypto_buildconfig" ] + + public_configs = [ + ":${sdk_target_name}_config", + ":siwx917_tinycrypt_config", + ] + } + } + } source_set(sdk_target_name) { sources = [ # si91x component @@ -487,46 +719,9 @@ template("siwx917_sdk") { "${efr32_sdk_root}/platform/service/memory_manager/src/sl_memory_manager_retarget.c", "${efr32_sdk_root}/platform/service/memory_manager/src/sli_memory_manager_common.c", - # mbedtls - "${chip_root}/third_party/mbedtls/repo/library/aes.c", - "${chip_root}/third_party/mbedtls/repo/library/asn1parse.c", - "${chip_root}/third_party/mbedtls/repo/library/asn1write.c", - "${chip_root}/third_party/mbedtls/repo/library/base64.c", - "${chip_root}/third_party/mbedtls/repo/library/bignum.c", - "${chip_root}/third_party/mbedtls/repo/library/ccm.c", - "${chip_root}/third_party/mbedtls/repo/library/cipher.c", - "${chip_root}/third_party/mbedtls/repo/library/cipher_wrap.c", - "${chip_root}/third_party/mbedtls/repo/library/constant_time.c", - "${chip_root}/third_party/mbedtls/repo/library/ctr_drbg.c", - "${chip_root}/third_party/mbedtls/repo/library/ecdh.c", - "${chip_root}/third_party/mbedtls/repo/library/ecdsa.c", - "${chip_root}/third_party/mbedtls/repo/library/ecp.c", - "${chip_root}/third_party/mbedtls/repo/library/ecp_curves.c", - "${chip_root}/third_party/mbedtls/repo/library/entropy.c", - "${chip_root}/third_party/mbedtls/repo/library/hkdf.c", - "${chip_root}/third_party/mbedtls/repo/library/hmac_drbg.c", - "${chip_root}/third_party/mbedtls/repo/library/md.c", - "${chip_root}/third_party/mbedtls/repo/library/pem.c", - "${chip_root}/third_party/mbedtls/repo/library/pkcs5.c", - "${chip_root}/third_party/mbedtls/repo/library/platform.c", - "${chip_root}/third_party/mbedtls/repo/library/sha256.c", - "${chip_root}/third_party/mbedtls/repo/library/sha512.c", - "${chip_root}/third_party/mbedtls/repo/library/x509.c", - "${chip_root}/third_party/mbedtls/repo/library/x509_create.c", + # STARTUP FILES "${efr32_sdk_root}/platform/service/iostream/src/sl_iostream.c", "${efr32_sdk_root}/platform/service/iostream/src/sl_iostream_rtt.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/ecc.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/ecc_dh.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/ecc_dsa.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/error.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/oid.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/pk.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/pk_wrap.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/pkparse.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/pkwrite.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/platform_util.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/x509_crt.c", - "${sdk_support_root}/matter/mbedtls/tinycrypt/src/x509write_csr.c", "${sdk_support_root}/matter/si91x/siwx917/BRD4338A/support/src/startup_common_RS1xxxx.c", "${wifi_sdk_root}/components/device/silabs/si91x/mcu/drivers/service/nvm3/src/sl_si91x_common_flash_intf.c", @@ -579,29 +774,38 @@ template("siwx917_sdk") { "${wifi_sdk_root}/components/device/silabs/si91x/mcu/drivers/systemlevel/src/rsi_time_period.c", ] } + public_deps = [ - ":siwx917_mbedtls_config", "${segger_rtt_root}:segger_rtt", "${segger_rtt_root}:segger_rtt_printf", "${segger_rtt_root}:segger_rtt_syscalls", ] + if (chip_crypto == "platform") { + if (sl_si91x_crypto_flavor == "tinycrypt") { + public_deps += [ ":siwx917_tinycrypt" ] + } + + if (sl_si91x_crypto_flavor == "psa") { + public_deps += [ ":sl_si91x_psa_crypto" ] + } + } if (defined(invoker.sources)) { sources += invoker.sources } if (invoker.enable_dic) { sources += [ - "${chip_root}/third_party/mbedtls/repo/library/debug.c", - "${chip_root}/third_party/mbedtls/repo/library/ecjpake.c", - "${chip_root}/third_party/mbedtls/repo/library/rsa.c", - "${chip_root}/third_party/mbedtls/repo/library/rsa_internal.c", - "${chip_root}/third_party/mbedtls/repo/library/sha1.c", - "${chip_root}/third_party/mbedtls/repo/library/ssl_ciphersuites.c", - "${chip_root}/third_party/mbedtls/repo/library/ssl_cli.c", - "${chip_root}/third_party/mbedtls/repo/library/ssl_msg.c", - "${chip_root}/third_party/mbedtls/repo/library/ssl_srv.c", - "${chip_root}/third_party/mbedtls/repo/library/ssl_tls.c", - "${chip_root}/third_party/silabs/mqtt/stack/mqtt.c", + "${_mbedtls_root}/library/ecjpake.c", + "${_mbedtls_root}/library/rsa.c", + "${_mbedtls_root}/library/rsa_internal.c", + "${_mbedtls_root}/library/sha1.c", + "${_mbedtls_root}/library/ssl_ciphersuites.c", + "${_mbedtls_root}/library/ssl_cli.c", + "${_mbedtls_root}/library/ssl_msg.c", + "${_mbedtls_root}/library/ssl_srv.c", + "${_mbedtls_root}/library/ssl_tls.c", + "${_mbedtls_root}/library/x509.c", + "${efr32_sdk_build_root}/mqtt/stack/mqtt.c", ] }