Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[crypto] Fix CASE on some embedded platforms #7948

Merged
merged 1 commit into from
Jun 28, 2021
Merged

[crypto] Fix CASE on some embedded platforms #7948

merged 1 commit into from
Jun 28, 2021

Conversation

Damian-Nordic
Copy link
Contributor

@Damian-Nordic Damian-Nordic commented Jun 28, 2021
edited
Loading

Problem

Establishing a CASE session requires support for P256Keypair::ECDH_derive_secret() function which was
disabled for platforms which define MBEDTLS_ECP_ALT. It is quite common on embedded devices equipped with
dedicated crypto chips to provide custom ECP implementation. As a result, an attempt to resolve a device address or send a ZCL message would fail for nRF Connect-based accessories (other platforms such as Qorvo are probably affected, too).

Change overview

Unblock P256Keypair::ECDH_derive_secret() for platforms which provide a custom ECP implementation.

Testing

Tested commissioning + ZCL commands using the Python controller and nRF Connect Lock Example.

@boring-cyborg boring-cyborg bot added the crypto label Jun 28, 2021
@Damian-Nordic
[crypto] Fix CASE on some embedded platforms
e0a3388 
Establishing a CASE session requires support for
P256Keypair::ECDH_derive_secret() function which was
disabled for platforms which define MBEDTLS_ECP_ALT.
It is quite common on embedded devices equipped with
dedicated crypto chips to provide custom ECP
implementations.
@todo
Copy link

todo bot commented Jun 28, 2021

Enable ECDH_derive_secret for Qorvo when their mbedTLS static libraries are updated

connectedhomeip/src/crypto/CHIPCryptoPALmbedTLS.cpp

Lines 562 to 566 in e0a3388

// TODO: Enable ECDH_derive_secret for Qorvo when their mbedTLS static libraries are updated
#if defined(MBEDTLS_ECDH_C) && !defined(QORVO_CRYPTO_ENGINE)
CHIP_ERROR error = CHIP_NO_ERROR;
int result = 0;
size_t secret_length = (out_secret.Length() == 0) ? out_secret.Capacity() : out_secret.Length();

This comment was generated by todo based on a TODO comment in e0a3388 in #7948. cc @Damian-Nordic.

@woody-apple woody-apple merged commit fead7d1 into project-chip:master Jun 28, 2021
@todo todo bot mentioned this pull request Jun 28, 2021
Closed
@tima-q tima-q mentioned this pull request Jul 7, 2021
Merged
nikita-s-wrk pushed a commit to nikita-s-wrk/connectedhomeip that referenced this pull request Sep 23, 2021
@Damian-Nordic
[crypto] Fix CASE on some embedded platforms (project-chip#7948)
32112aa 
Establishing a CASE session requires support for
P256Keypair::ECDH_derive_secret() function which was
disabled for platforms which define MBEDTLS_ECP_ALT.
It is quite common on embedded devices equipped with
dedicated crypto chips to provide custom ECP
implementations.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tima-q tima-q tima-q left review comments

@saurabhst saurabhst saurabhst approved these changes

@woody-apple woody-apple woody-apple approved these changes

@jmartinez-silabs jmartinez-silabs jmartinez-silabs approved these changes

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@jelderton jelderton Awaiting requested review from jelderton

@LuDuda LuDuda Awaiting requested review from LuDuda

@mspang mspang Awaiting requested review from mspang

@pan-apple pan-apple Awaiting requested review from pan-apple

Assignees
No one assigned
Labels
crypto review - approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Damian-Nordic @saurabhst @woody-apple @tima-q @jmartinez-silabs