From ee141065916b3c012294256fc5c039f47dcbf6b1 Mon Sep 17 00:00:00 2001 From: Arkadiusz Balys Date: Mon, 11 Mar 2024 16:27:44 +0100 Subject: [PATCH] [nrfconnect] Adapt nrfconnect examples to PSA Crypto API Enabled PSA Crypto api in all nrfconnect examples. --- .../nrfconnect/main/AppTask.cpp | 23 ++++++++ .../nrfconnect/main/AppTask.cpp | 24 ++++++++ examples/chef/nrfconnect/main.cpp | 16 +++++- .../nrfconnect/main/AppTask.cpp | 24 ++++++++ .../lighting-app/nrfconnect/main/AppTask.cpp | 23 ++++++++ .../lit-icd-app/nrfconnect/main/AppTask.cpp | 23 ++++++++ examples/lock-app/nrfconnect/main/AppTask.cpp | 24 ++++++++ .../nrfconnect/util/MigrationManager.cpp | 57 +++++++++++++++++++ .../util/include/MigrationManager.h | 41 +++++++++++++ examples/pump-app/nrfconnect/main/AppTask.cpp | 24 ++++++++ .../window-app/nrfconnect/main/AppTask.cpp | 24 ++++++++ 11 files changed, 302 insertions(+), 1 deletion(-) create mode 100644 examples/platform/nrfconnect/util/MigrationManager.cpp create mode 100644 examples/platform/nrfconnect/util/include/MigrationManager.h diff --git a/examples/all-clusters-app/nrfconnect/main/AppTask.cpp b/examples/all-clusters-app/nrfconnect/main/AppTask.cpp index f8d117790fac3d..efdee7153b493c 100644 --- a/examples/all-clusters-app/nrfconnect/main/AppTask.cpp +++ b/examples/all-clusters-app/nrfconnect/main/AppTask.cpp @@ -45,6 +45,13 @@ #include "OTAUtil.h" #endif +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +#include "MigrationManager.h" +#endif +#endif + #include #include #include @@ -88,6 +95,9 @@ bool sHaveBLEConnections = false; app::Clusters::TemperatureControl::AppSupportedTemperatureLevelsDelegate sAppSupportedTemperatureLevelsDelegate; +#ifdef CONFIG_CHIP_CRYPTO_PSA +chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{}; +#endif } // namespace namespace LedConsts { @@ -209,11 +219,24 @@ CHIP_ERROR AppTask::Init() static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{}; VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR); VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR); +#ifdef CONFIG_CHIP_CRYPTO_PSA + initParams.operationalKeystore = &sPSAOperationalKeystore; +#endif (void) initParams.InitializeStaticResourcesBeforeServerInit(); initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate; ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); AppFabricTableDelegate::Init(); +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS + err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate, + sLocalInitData.mServerInitParams->operationalKeystore); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("MoveOperationalKeysFromKvsToIts() failed"); + return err; + } +#endif + gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); diff --git a/examples/all-clusters-minimal-app/nrfconnect/main/AppTask.cpp b/examples/all-clusters-minimal-app/nrfconnect/main/AppTask.cpp index 02f0704f080a58..b3c8b951372c0f 100644 --- a/examples/all-clusters-minimal-app/nrfconnect/main/AppTask.cpp +++ b/examples/all-clusters-minimal-app/nrfconnect/main/AppTask.cpp @@ -34,6 +34,13 @@ #include "OTAUtil.h" #endif +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#ifdef CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +#include "MigrationManager.h" +#endif +#endif + #include #include #include @@ -59,6 +66,10 @@ FactoryResetLEDsWrapper<3> sFactoryResetLEDs{ { FACTORY_RESET_SIGNAL_LED, FACTOR bool sIsNetworkProvisioned = false; bool sIsNetworkEnabled = false; bool sHaveBLEConnections = false; + +#ifdef CONFIG_CHIP_CRYPTO_PSA +chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{}; +#endif } // namespace namespace LedConsts { @@ -155,10 +166,23 @@ CHIP_ERROR AppTask::Init() #endif static chip::CommonCaseDeviceServerInitParams initParams; +#ifdef CONFIG_CHIP_CRYPTO_PSA + initParams.operationalKeystore = &sPSAOperationalKeystore; +#endif (void) initParams.InitializeStaticResourcesBeforeServerInit(); ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); AppFabricTableDelegate::Init(); +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS + err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate, + sLocalInitData.mServerInitParams->operationalKeystore); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("MoveOperationalKeysFromKvsToIts() failed"); + return err; + } +#endif + // We only have network commissioning on endpoint 0. emberAfEndpointEnableDisable(kNetworkCommissioningEndpointSecondary, false); ConfigurationMgr().LogDeviceConfig(); diff --git a/examples/chef/nrfconnect/main.cpp b/examples/chef/nrfconnect/main.cpp index d132252ecd87b3..c79694e2e792a7 100644 --- a/examples/chef/nrfconnect/main.cpp +++ b/examples/chef/nrfconnect/main.cpp @@ -43,6 +43,13 @@ #include "Rpc.h" #endif +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +#include "MigrationManager.h" +#endif +#endif + LOG_MODULE_REGISTER(app, CONFIG_CHIP_APP_LOG_LEVEL); using namespace chip; @@ -51,7 +58,11 @@ using namespace chip::DeviceLayer; namespace { constexpr int kExtDiscoveryTimeoutSecs = 20; -} + +#ifdef CONFIG_CHIP_CRYPTO_PSA +chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{}; +#endif +} // namespace int main() { @@ -110,6 +121,9 @@ int main() // Start IM server static chip::CommonCaseDeviceServerInitParams initParams; +#ifdef CONFIG_CHIP_CRYPTO_PSA + initParams.operationalKeystore = &sPSAOperationalKeystore; +#endif (void) initParams.InitializeStaticResourcesBeforeServerInit(); err = chip::Server::GetInstance().Init(initParams); if (err != CHIP_NO_ERROR) diff --git a/examples/light-switch-app/nrfconnect/main/AppTask.cpp b/examples/light-switch-app/nrfconnect/main/AppTask.cpp index 06ac797f6a6899..fc1c947150dd95 100644 --- a/examples/light-switch-app/nrfconnect/main/AppTask.cpp +++ b/examples/light-switch-app/nrfconnect/main/AppTask.cpp @@ -46,6 +46,13 @@ #include "OTAUtil.h" #endif +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +#include "MigrationManager.h" +#endif +#endif + #include #include #include @@ -94,6 +101,10 @@ k_timer sDimmerPressKeyTimer; k_timer sDimmerTimer; chip::DeviceLayer::DeviceInfoProviderImpl gExampleDeviceInfoProvider; + +#ifdef CONFIG_CHIP_CRYPTO_PSA +chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{}; +#endif } // namespace namespace LedConsts { @@ -220,11 +231,24 @@ CHIP_ERROR AppTask::Init() static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{}; VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR); VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR); +#ifdef CONFIG_CHIP_CRYPTO_PSA + initParams.operationalKeystore = &sPSAOperationalKeystore; +#endif (void) initParams.InitializeStaticResourcesBeforeServerInit(); initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate; ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); AppFabricTableDelegate::Init(); +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS + err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate, + sLocalInitData.mServerInitParams->operationalKeystore); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("MoveOperationalKeysFromKvsToIts() failed"); + return err; + } +#endif + gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); diff --git a/examples/lighting-app/nrfconnect/main/AppTask.cpp b/examples/lighting-app/nrfconnect/main/AppTask.cpp index 5eaa1b1b401524..88964d9aa1d3c8 100644 --- a/examples/lighting-app/nrfconnect/main/AppTask.cpp +++ b/examples/lighting-app/nrfconnect/main/AppTask.cpp @@ -49,6 +49,13 @@ #include "OTAUtil.h" #endif +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +#include "MigrationManager.h" +#endif +#endif + #include #include #include @@ -108,6 +115,9 @@ DeferredAttributePersistenceProvider gDeferredAttributePersister(Server::GetInst Span(&gCurrentLevelPersister, 1), System::Clock::Milliseconds32(5000)); +#ifdef CONFIG_CHIP_CRYPTO_PSA +chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{}; +#endif } // namespace namespace LedConsts { @@ -248,11 +258,24 @@ CHIP_ERROR AppTask::Init() static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{}; VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR); VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR); +#ifdef CONFIG_CHIP_CRYPTO_PSA + initParams.operationalKeystore = &sPSAOperationalKeystore; +#endif (void) initParams.InitializeStaticResourcesBeforeServerInit(); initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate; ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); AppFabricTableDelegate::Init(); +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS + err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate, + sLocalInitData.mServerInitParams->operationalKeystore); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("MoveOperationalKeysFromKvsToIts() failed"); + return err; + } +#endif + gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); app::SetAttributePersistenceProvider(&gDeferredAttributePersister); diff --git a/examples/lit-icd-app/nrfconnect/main/AppTask.cpp b/examples/lit-icd-app/nrfconnect/main/AppTask.cpp index 50622d0c88b96e..d7d35bb53fcc04 100644 --- a/examples/lit-icd-app/nrfconnect/main/AppTask.cpp +++ b/examples/lit-icd-app/nrfconnect/main/AppTask.cpp @@ -38,6 +38,13 @@ #include "OTAUtil.h" #endif +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +#include "MigrationManager.h" +#endif +#endif + #include #include #include @@ -76,6 +83,9 @@ bool sIsNetworkProvisioned = false; bool sIsNetworkEnabled = false; bool sHaveBLEConnections = false; +#ifdef CONFIG_CHIP_CRYPTO_PSA +chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{}; +#endif } // namespace namespace LedConsts { @@ -186,11 +196,24 @@ CHIP_ERROR AppTask::Init() static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{}; VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR); VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR); +#ifdef CONFIG_CHIP_CRYPTO_PSA + initParams.operationalKeystore = &sPSAOperationalKeystore; +#endif (void) initParams.InitializeStaticResourcesBeforeServerInit(); initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate; ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); AppFabricTableDelegate::Init(); +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS + err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate, + sLocalInitData.mServerInitParams->operationalKeystore); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("MoveOperationalKeysFromKvsToIts() failed"); + return err; + } +#endif + gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); ConfigurationMgr().LogDeviceConfig(); diff --git a/examples/lock-app/nrfconnect/main/AppTask.cpp b/examples/lock-app/nrfconnect/main/AppTask.cpp index 07a96b6d6c29b2..1025a045184aee 100644 --- a/examples/lock-app/nrfconnect/main/AppTask.cpp +++ b/examples/lock-app/nrfconnect/main/AppTask.cpp @@ -47,6 +47,13 @@ #include "OTAUtil.h" #endif +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +#include "MigrationManager.h" +#endif +#endif + #include #include #include @@ -90,6 +97,10 @@ bool sIsNetworkEnabled = false; bool sHaveBLEConnections = false; chip::DeviceLayer::DeviceInfoProviderImpl gExampleDeviceInfoProvider; + +#ifdef CONFIG_CHIP_CRYPTO_PSA +chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{}; +#endif } // namespace namespace LedConsts { @@ -214,11 +225,24 @@ CHIP_ERROR AppTask::Init() static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{}; VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR); VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR); +#ifdef CONFIG_CHIP_CRYPTO_PSA + initParams.operationalKeystore = &sPSAOperationalKeystore; +#endif (void) initParams.InitializeStaticResourcesBeforeServerInit(); initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate; ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); AppFabricTableDelegate::Init(); +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS + err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate, + sLocalInitData.mServerInitParams->operationalKeystore); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("MoveOperationalKeysFromKvsToIts() failed"); + return err; + } +#endif + gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); ConfigurationMgr().LogDeviceConfig(); diff --git a/examples/platform/nrfconnect/util/MigrationManager.cpp b/examples/platform/nrfconnect/util/MigrationManager.cpp new file mode 100644 index 00000000000000..364120863bc7e2 --- /dev/null +++ b/examples/platform/nrfconnect/util/MigrationManager.cpp @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2024 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "migration_manager.h" + +#include +#include + +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +CHIP_ERROR MoveOperationalKeysFromKvsToIts(chip::PersistentStorageDelegate * storage, chip::Crypto::OperationalKeystore * keystore) +{ + CHIP_ERROR err = CHIP_NO_ERROR; + + VerifyOrReturnError(keystore && storage, CHIP_ERROR_INVALID_ARGUMENT); + + /* Initialize the obsolete Operational Keystore*/ + chip::PersistentStorageOperationalKeystore obsoleteKeystore; + err = obsoleteKeystore.Init(storage); + VerifyOrReturnError(err == CHIP_NO_ERROR, err); + + /* Migrate all obsolete Operational Keys to PSA ITS */ + for (const chip::FabricInfo & fabric : chip::Server::GetInstance().GetFabricTable()) + { + err = keystore->MigrateOpKeypairForFabric(fabric.GetFabricIndex(), obsoleteKeystore); + if (CHIP_NO_ERROR != err) + { + break; + } + } + +#ifdef CONFIG_CHIP_FACTORY_RESET_ON_KEY_MIGRATION_FAILURE + if (CHIP_NO_ERROR != err) + { + chip::Server::GetInstance().ScheduleFactoryReset(); + /* Return a success to not block the Matter event Loop and allow to call scheduled factory + * reset. */ + err = CHIP_NO_ERROR; + } +#endif /* CONFIG_CHIP_FACTORY_RESET_ON_KEY_MIGRATION_FAILURE */ + + return err; +} +#endif /* CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS */ diff --git a/examples/platform/nrfconnect/util/include/MigrationManager.h b/examples/platform/nrfconnect/util/include/MigrationManager.h new file mode 100644 index 00000000000000..22b2c5de110de3 --- /dev/null +++ b/examples/platform/nrfconnect/util/include/MigrationManager.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2024 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include + +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +/** + * @brief Migrate all stored Operational Keys from the persistent storage (KVS) to secure PSA ITS. + * + * This function will schedule a factory reset automatically if the + * CONFIG_CHIP_FACTORY_RESET_ON_KEY_MIGRATION_FAILURE + * Kconfig option is set to 'y'. In this case, the function returns CHIP_NO_ERROR to not block any further + * operations until the scheduled factory reset is done. + * + * @note This function should be called just after Matter Server Init to avoid problems with further CASE + * session re-establishments. + * @param storage + * @param keystore + * @retval CHIP_NO_ERROR if all keys have been migrated properly to PSA ITS or if the error occurs, but + * the CONFIG_CHIP_FACTORY_RESET_ON_KEY_MIGRATION_FAILURE kconfig is set to 'y'. + * @retval CHIP_ERROR_INVALID_ARGUMENT when keystore or storage are not defined. + * @retval Other CHIP_ERROR codes related to internal Migration operations. + */ +CHIP_ERROR MoveOperationalKeysFromKvsToIts(chip::PersistentStorageDelegate * storage, chip::Crypto::OperationalKeystore * keystore); +#endif diff --git a/examples/pump-app/nrfconnect/main/AppTask.cpp b/examples/pump-app/nrfconnect/main/AppTask.cpp index 3a6eb9023ded0a..d3f4ea89735304 100644 --- a/examples/pump-app/nrfconnect/main/AppTask.cpp +++ b/examples/pump-app/nrfconnect/main/AppTask.cpp @@ -41,6 +41,13 @@ #include "OTAUtil.h" #endif +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +#include "MigrationManager.h" +#endif +#endif + #include #include #include @@ -77,6 +84,9 @@ bool sHaveBLEConnections = false; chip::DeviceLayer::DeviceInfoProviderImpl gExampleDeviceInfoProvider; +#ifdef CONFIG_CHIP_CRYPTO_PSA +chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{}; +#endif } // namespace namespace LedConsts { @@ -191,11 +201,25 @@ CHIP_ERROR AppTask::Init() static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{}; VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR); VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR); +#ifdef CONFIG_CHIP_CRYPTO_PSA + initParams.operationalKeystore = &sPSAOperationalKeystore; +#endif + (void) initParams.InitializeStaticResourcesBeforeServerInit(); (void) initParams.InitializeStaticResourcesBeforeServerInit(); initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate; ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); AppFabricTableDelegate::Init(); +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS + err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate, + sLocalInitData.mServerInitParams->operationalKeystore); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("MoveOperationalKeysFromKvsToIts() failed"); + return err; + } +#endif + gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider); diff --git a/examples/window-app/nrfconnect/main/AppTask.cpp b/examples/window-app/nrfconnect/main/AppTask.cpp index 7c50aedc97e2bb..5f971b67f9f9bf 100644 --- a/examples/window-app/nrfconnect/main/AppTask.cpp +++ b/examples/window-app/nrfconnect/main/AppTask.cpp @@ -37,6 +37,13 @@ #include "OTAUtil.h" #endif +#ifdef CONFIG_CHIP_CRYPTO_PSA +#include +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS +#include "MigrationManager.h" +#endif +#endif + #include #include #include @@ -72,6 +79,10 @@ chip::DeviceLayer::DeviceInfoProviderImpl gExampleDeviceInfoProvider; bool sIsNetworkProvisioned = false; bool sIsNetworkEnabled = false; bool sHaveBLEConnections = false; + +#ifdef CONFIG_CHIP_CRYPTO_PSA +chip::Crypto::PSAOperationalKeystore sPSAOperationalKeystore{}; +#endif } // namespace namespace LedConsts { @@ -193,11 +204,24 @@ CHIP_ERROR AppTask::Init() static OTATestEventTriggerHandler sOtaTestEventTriggerHandler{}; VerifyOrDie(sTestEventTriggerDelegate.Init(ByteSpan(sTestEventTriggerEnableKey)) == CHIP_NO_ERROR); VerifyOrDie(sTestEventTriggerDelegate.AddHandler(&sOtaTestEventTriggerHandler) == CHIP_NO_ERROR); +#ifdef CONFIG_CHIP_CRYPTO_PSA + initParams.operationalKeystore = &sPSAOperationalKeystore; +#endif (void) initParams.InitializeStaticResourcesBeforeServerInit(); initParams.testEventTriggerDelegate = &sTestEventTriggerDelegate; ReturnErrorOnFailure(chip::Server::GetInstance().Init(initParams)); AppFabricTableDelegate::Init(); +#ifdef CONFIG_CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS + err = MoveOperationalKeysFromKvsToIts(sLocalInitData.mServerInitParams->persistentStorageDelegate, + sLocalInitData.mServerInitParams->operationalKeystore); + if (err != CHIP_NO_ERROR) + { + LOG_ERR("MoveOperationalKeysFromKvsToIts() failed"); + return err; + } +#endif + gExampleDeviceInfoProvider.SetStorageDelegate(&Server::GetInstance().GetPersistentStorage()); chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);