project-chip · jepenven-silabs · Sep 1, 2023 · Jun 15, 2023 · Jul 20, 2023 · Aug 7, 2023
diff --git a/src/crypto/CHIPCryptoPAL.h b/src/crypto/CHIPCryptoPAL.h
@@ -93,6 +93,8 @@ constexpr size_t kAES_CCM128_Block_Length = kAES_CCM128_Key_Length;
 constexpr size_t kAES_CCM128_Nonce_Length = 13;
 constexpr size_t kAES_CCM128_Tag_Length = 16;
 
+constexpr size_t CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES = kAES_CCM128_Nonce_Length;
+
 /* These sizes are hardcoded here to remove header dependency on underlying crypto library
  * in a public interface file. The validity of these sizes is verified by static_assert in
  * the implementation files.

diff --git a/src/protocols/secure_channel/BUILD.gn b/src/protocols/secure_channel/BUILD.gn
@@ -29,6 +29,8 @@ static_library("secure_channel") {
  "CASEServer.h",
  "CASESession.cpp",
  "CASESession.h",
+ "CheckinMessage.cpp",
+ "CheckinMessage.h",
  "DefaultSessionResumptionStorage.cpp",
  "DefaultSessionResumptionStorage.h",
  "PASESession.cpp",
@@ -50,6 +52,7 @@ static_library("secure_channel") {
 
  public_deps = [
  ":type_definitions",
+ "${chip_root}/src/crypto",
  "${chip_root}/src/lib/core",
  "${chip_root}/src/lib/support",
  "${chip_root}/src/messaging",

diff --git a/src/protocols/secure_channel/CheckinMessage.cpp b/src/protocols/secure_channel/CheckinMessage.cpp
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2020 Project CHIP Authors
+ * All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file
+ * This file implements the Matter Checkin protocol.
+ */
+
+#include "CheckinMessage.h"
+#include <lib/core/CHIPCore.h>
+
+#include <lib/core/CHIPEncoding.h>
+#include <protocols/secure_channel/Constants.h>
+
+namespace chip {
+namespace Protocols {
+namespace SecureChannel {
+
+CHIP_ERROR CheckinMessage::GenerateCheckinMessagePayload(Crypto::Aes128KeyHandle & key, CounterType counter,
+ const ByteSpan & appData, MutableByteSpan & output)
+{
+ VerifyOrReturnError(appData.size() <= sMaxAppDataSize, CHIP_ERROR_INVALID_ARGUMENT);
+ VerifyOrReturnError(output.size() >= (appData.size() + sMinPayloadSize), CHIP_ERROR_INVALID_ARGUMENT);
+
+ CHIP_ERROR err = CHIP_NO_ERROR;
+ uint8_t * appDataStartPtr = output.data() + CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES;
+ Encoding::LittleEndian::Put32(appDataStartPtr, counter);
+
+ chip::Crypto::HMAC_sha shaHandler;
+ uint8_t nonceWorkBuffer[CHIP_CRYPTO_HASH_LEN_BYTES] = { 0 };
+
+ ReturnErrorOnFailure(shaHandler.HMAC_SHA256(key.As<Aes128KeyByteArray>(), sizeof(Aes128KeyByteArray), appDataStartPtr,
+ sizeof(CounterType), nonceWorkBuffer, CHIP_CRYPTO_HASH_LEN_BYTES));
+
+ static_assert(sizeof(nonceWorkBuffer) >= CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES, "We're reading off the end of our buffer.");
+ memcpy(output.data(), nonceWorkBuffer, CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES);
+
+ // In place encryption to save some RAM
+ memcpy(appDataStartPtr + sizeof(CounterType), appData.data(), appData.size());
+
+ uint8_t * micPtr = appDataStartPtr + sizeof(CounterType) + appData.size();
+ ReturnErrorOnFailure(Crypto::AES_CCM_encrypt(appDataStartPtr, sizeof(CounterType) + appData.size(), nullptr, 0, key,
+ output.data(), CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES, appDataStartPtr, micPtr,
+ CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES));
+
+ output.reduce_size(appData.size() + sMinPayloadSize);
+
+ return err;
+}
+
+CHIP_ERROR CheckinMessage::ParseCheckinMessagePayload(Crypto::Aes128KeyHandle & key, ByteSpan & payload, CounterType & counter,
+ MutableByteSpan & appData)
+{
+ VerifyOrReturnError(payload.size() >= sMinPayloadSize, CHIP_ERROR_INVALID_ARGUMENT);
+ VerifyOrReturnError(payload.size() <= (sMinPayloadSize + sMaxAppDataSize), CHIP_ERROR_INVALID_ARGUMENT);
+
+ CHIP_ERROR err = CHIP_NO_ERROR;
+ size_t appDataSize = GetAppDataSize(payload);
+
+ // To prevent workbuffer usage, appData size needs to be large enough to hold both the appData and the counter
+ VerifyOrReturnError(appData.size() >= sizeof(CounterType) + appDataSize, CHIP_ERROR_INVALID_ARGUMENT);
+
+ ByteSpan nonce = payload.SubSpan(0, CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES);
+ ByteSpan encryptedData = payload.SubSpan(CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES, sizeof(CounterType) + appDataSize);
+ ByteSpan mic =
+ payload.SubSpan(CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES + sizeof(CounterType) + appDataSize, CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES);
+
+ err = Crypto::AES_CCM_decrypt(encryptedData.data(), encryptedData.size(), nullptr, 0, mic.data(), mic.size(), key, nonce.data(),
+ nonce.size(), appData.data());
+
+ ReturnErrorOnFailure(err);
+
+ counter = Encoding::LittleEndian::Get32(appData.data());
+ // Shift to remove the counter from the appData
+ memmove(appData.data(), sizeof(CounterType) + appData.data(), appDataSize);
+
+ appData.reduce_size(appDataSize);
+ return err;
+}
+
+size_t CheckinMessage::GetAppDataSize(ByteSpan & payload)
+{
+ return (payload.size() <= sMinPayloadSize) ? 0 : payload.size() - sMinPayloadSize;
+}
+
+} // namespace SecureChannel
+} // namespace Protocols
+} // namespace chip
diff --git a/src/protocols/secure_channel/CheckinMessage.h b/src/protocols/secure_channel/CheckinMessage.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2020 Project CHIP Authors
+ * All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file
+ * This file implements the Matter Checkin protocol.
+ */
+
+#pragma once
+
+#include <crypto/CHIPCryptoPAL.h>
+#include <lib/support/Span.h>
+#include <stdint.h>
+
+namespace chip {
+namespace Protocols {
+namespace SecureChannel {
+using namespace Crypto;
+
+using CounterType = uint32_t;
+
+/**
+ * @brief Implement section 4.18.2 of the spec regarding
+ * Check-in message payload
+ *
+ */
+class DLL_EXPORT CheckinMessage
+{
+public:
+ ~CheckinMessage();
+ /**
+ * @brief Generate Check-in Message payload
+ *
+ * @param key Key with which to encrypt the check-in payload
+ * @param counter Check-in counter
+ * @param appData Application Data to incorporate within the Check-in message. Allowed to be empty.
+ * @param output Buffer in Which to store the generated payload. SUFFICIENT SPACE MUST BE ALLOCATED by the caller
+ * Required Buffer Size is : GetCheckinPayloadSize(appData.size())
+ * @return CHIP_ERROR
+ */
+ static CHIP_ERROR GenerateCheckinMessagePayload(Crypto::Aes128KeyHandle & key, CounterType counter, const ByteSpan & appData,
+ MutableByteSpan & output);
+
+ /**
+ * @brief Parse Check-in Message payload
+ *
+ * @param key Key with which to decrypt the check-in payload
+ * @param payload The received payload to decrypt and parse
+ * @param counter The counter value retrieved from the payload
+ * @param appData The optional application data decrypted. The size of appData must be at least the size of
+ * GetAppDataSize(payload) + sizeof(CounterType)
+ * @return CHIP_ERROR
+ */
+ static CHIP_ERROR ParseCheckinMessagePayload(Crypto::Aes128KeyHandle & key, ByteSpan & payload, CounterType & counter,
+ MutableByteSpan & appData);
+
+ static inline size_t GetCheckinPayloadSize(size_t appDataSize) { return appDataSize + sMinPayloadSize; }
+
+ /**
+ * @brief Get the App Data Size
+ *
+ * @param payload The undecrypted payload
+ * @return size_t size in byte of the application data from the payload
+ */
+ static size_t GetAppDataSize(ByteSpan & payload);
+
+ static constexpr uint16_t sMinPayloadSize =
+ CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES + sizeof(CounterType) + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES;
+
+ // Issue #28603
+ static constexpr uint16_t sMaxAppDataSize = 1024;
+};
+
+} // namespace SecureChannel
+} // namespace Protocols
+} // namespace chip
diff --git a/src/protocols/secure_channel/tests/BUILD.gn b/src/protocols/secure_channel/tests/BUILD.gn
@@ -13,6 +13,7 @@ chip_test_suite("tests") {
 
  # TODO - Fix Message Counter Sync to use group key
  # "TestMessageCounterManager.cpp",
+ "TestCheckinMsg.cpp",
  "TestDefaultSessionResumptionStorage.cpp",
  "TestPASESession.cpp",
  "TestPairingSession.cpp",
@@ -22,6 +23,7 @@ chip_test_suite("tests") {
 
  public_deps = [
  "${chip_root}/src/credentials/tests:cert_test_vectors",
+ "${chip_root}/src/crypto/tests:tests_lib",
  "${chip_root}/src/lib/core",
  "${chip_root}/src/lib/support",
  "${chip_root}/src/lib/support:testing",