Move TI hardware acceleration into Matter repo

src/crypto/CHIPCryptoPAL.h

@@ -74,17 +74,10 @@ constexpr size_t kEmitDerIntegerWithoutTagOverhead = 1; // 1 sign stuffer
 constexpr size_t kEmitDerIntegerOverhead           = 3; // Tag + Length byte + 1 sign stuffer
 
 /*
- * Worst case is OpenSSL, so let's use its worst case and let static assert tell us if
- * we are wrong, since `typedef SHA_LONG unsigned int` is default.
- *   SHA_LONG h[8];
- *   SHA_LONG Nl, Nh;
- *   SHA_LONG data[SHA_LBLOCK]; // SHA_LBLOCK is 16 for SHA256
- *   unsigned int num, md_len;
- *
- * We also have to account for possibly some custom extensions on some targets,
- * especially for mbedTLS, so an extra sizeof(uint64_t) is added to account.
+ * Worst case is TI mbedtls hardware accelerated context, so let's use its
+ * worst case and let static assert tell us if we are wrong.
  */
-constexpr size_t kMAX_Hash_SHA256_Context_Size = ((sizeof(unsigned int) * (8 + 2 + 16 + 2)) + sizeof(uint64_t));
+constexpr size_t kMAX_Hash_SHA256_Context_Size = (sizeof(unsigned int) * 76);
 
 /*
  * Overhead to encode a raw ECDSA signature in X9.62 format in ASN.1 DER

src/crypto/CHIPCryptoPALmbedTLS.cpp

@@ -254,7 +254,7 @@ CHIP_ERROR Hash_SHA256_stream::GetDigest(MutableByteSpan & out_buffer)
     CHIP_ERROR result = Finish(out_buffer);
 
     // Restore context prior to finalization.
-    *context = previous_ctx;
+    mbedtls_sha256_clone(context, &previous_ctx);
 
     return result;
 }

src/platform/OpenThread/OpenThreadUtils.cpp

@@ -130,11 +130,19 @@ void LogOpenThreadStateChange(otInstance * otInst, uint32_t flags)
             ChipLogDetail(DeviceLayer, "   Mesh Prefix: %s/64", strBuf);
         }
 #if CHIP_CONFIG_SECURITY_TEST_MODE
+
         {
+#if OPENTHREAD_API_VERSION >= 126
+            const otNetworkKey * otKey = otThreadGetNetworkKey(otInst);
+            for (int i = 0; i < OT_NETWORK_KEY_SIZE; i++)
+                snprintf(&strBuf[i * 2], 3, "%02X", otKey->m8[i]);
+            ChipLogDetail(DeviceLayer, "   Network Key: %s", strBuf);
+#else
             const otMasterKey * otKey = otThreadGetMasterKey(otInst);
             for (int i = 0; i < OT_MASTER_KEY_SIZE; i++)
                 snprintf(&strBuf[i * 2], 3, "%02X", otKey->m8[i]);
             ChipLogDetail(DeviceLayer, "   Master Key: %s", strBuf);
+#endif // OPENTHREAD_API_VERSION
         }
 #endif // CHIP_CONFIG_SECURITY_TEST_MODE
     }

src/platform/cc13x2_26x2/crypto/aes_alt.c

@@ -0,0 +1,130 @@
+/*
+ *
+ *    Copyright (c) 2020 Project CHIP Authors
+ *    Copyright (c) 2020 Texas Instruments Incorporated
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include "aes_alt.h"
+#include "mbedtls/aes.h"
+
+#if defined(MBEDTLS_AES_ALT)
+
+#include <string.h>
+
+#include "ti_drivers_config.h"
+
+#include <ti/devices/DeviceFamily.h>
+#include <ti/drivers/AESECB.h>
+#include <ti/drivers/cryptoutils/cryptokey/CryptoKeyPlaintext.h>
+
+/*
+ * number of active contexts, used for power on/off of the crypto core
+ */
+static unsigned int ref_num = 0;
+
+static AESECB_Handle AESECB_handle = NULL;
+
+void mbedtls_aes_init(mbedtls_aes_context * ctx)
+{
+    AESECB_Params AESECBParams;
+
+    if (ref_num++ == 0)
+    {
+        AESECB_Params_init(&AESECBParams);
+        AESECBParams.returnBehavior = AESECB_RETURN_BEHAVIOR_POLLING;
+        AESECB_handle               = AESECB_open(CONFIG_AESECB_1, &AESECBParams);
+
+        // handle will be NULL if open failed, subsequent calls will fail with a generic HW error
+    }
+}
+
+void mbedtls_aes_free(mbedtls_aes_context * ctx)
+{
+    if (--ref_num == 0)
+    {
+        AESECB_close(AESECB_handle);
+
+        AESECB_handle = NULL;
+    }
+
+    memset((void *) ctx, 0x00, sizeof(ctx));
+}
+
+int mbedtls_aes_setkey_enc(mbedtls_aes_context * ctx, const unsigned char * key, unsigned int keybits)
+{
+    int_fast16_t statusCrypto;
+    size_t keylen = keybits / 8U; // 8 bits in a byte
+
+    if (keylen > sizeof(ctx->keyMaterial))
+    {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    /* Initialize AES key */
+    memcpy(ctx->keyMaterial, key, keylen);
+    statusCrypto = CryptoKeyPlaintext_initKey(&ctx->cryptoKey, (uint8_t *) ctx->keyMaterial, keylen);
+
+    if (CryptoKey_STATUS_SUCCESS != statusCrypto)
+    {
+        return MBEDTLS_ERR_AES_HW_ACCEL_FAILED;
+    }
+
+    return 0;
+}
+
+int mbedtls_aes_setkey_dec(mbedtls_aes_context * ctx, const unsigned char * key, unsigned int keybits)
+{
+    int_fast16_t statusCrypto;
+    size_t keylen = keybits / 8U; // 8 bits in a byte
+
+    if (keylen > sizeof(ctx->keyMaterial))
+    {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    /* Initialize AES key */
+    statusCrypto = CryptoKeyPlaintext_initKey(&ctx->cryptoKey, (uint8_t *) key, keylen);
+
+    if (CryptoKey_STATUS_SUCCESS != statusCrypto)
+    {
+        return MBEDTLS_ERR_AES_HW_ACCEL_FAILED;
+    }
+
+    return 0;
+}
+
+int mbedtls_aes_crypt_ecb(mbedtls_aes_context * ctx, int mode, const unsigned char input[16], unsigned char output[16])
+{
+    int statusCrypto;
+    AESECB_Operation operationOneStepEncrypt;
+
+    /* run it through the authentication + encryption, pass the ccmLVal = 2 */
+    AESECB_Operation_init(&operationOneStepEncrypt);
+
+    operationOneStepEncrypt.key         = &ctx->cryptoKey;
+    operationOneStepEncrypt.inputLength = 16;
+    operationOneStepEncrypt.input       = (uint8_t *) input;
+    operationOneStepEncrypt.output      = (uint8_t *) output;
+
+    statusCrypto = AESECB_oneStepEncrypt(AESECB_handle, &operationOneStepEncrypt);
+
+    if (CryptoKey_STATUS_SUCCESS != statusCrypto)
+    {
+        return MBEDTLS_ERR_AES_HW_ACCEL_FAILED;
+    }
+
+    return 0;
+}
+#endif

src/platform/cc13x2_26x2/crypto/aes_alt.h

@@ -0,0 +1,46 @@
+/*
+ *
+ *    Copyright (c) 2020 Project CHIP Authors
+ *    Copyright (c) 2020 Texas Instruments Incorporated
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#pragma once
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls-config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_AES_ALT)
+
+#include <ti/drivers/AESECB.h>
+#include <ti/drivers/cryptoutils/cryptokey/CryptoKey.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct
+{
+    CryptoKey cryptoKey;      /*!<  structure for the AES driver */
+    uint32_t keyMaterial[16]; /*!<  memory for the key bytes used by cryptoKey */
+} mbedtls_aes_context;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_AES_ALT */

src/platform/cc13x2_26x2/cc13x2_26x2-mbedtls-config.h → src/platform/cc13x2_26x2/crypto/cc13x2_26x2-mbedtls-config.h

@@ -42,7 +42,7 @@
 #define MBEDTLS_ECJPAKE_ALT
 #define MBEDTLS_AES_ALT
 #define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
 
 /**
  * Enable Crypto and Entropy modules