From 9f167d211e59d2548307c8751eede676b10f50ff Mon Sep 17 00:00:00 2001 From: "Restyled.io" Date: Tue, 28 Nov 2023 08:51:01 +0000 Subject: [PATCH] Restyled by whitespace Restyled by clang-format Restyled by gn Restyled by prettier-markdown Restyled by autopep8 Restyled by isort --- docs/guides/nxp_manufacturing_flow.md | 58 +++++++++------- .../nxp/k32w/k32w0/README.md | 14 ++-- .../nxp/k32w/k32w0/main/AppTask.cpp | 7 +- .../lighting-app/nxp/k32w/k32w0/README.md | 14 ++-- .../nxp/k32w/k32w0/main/AppTask.cpp | 3 +- .../nxp/factory_data_generator/generate.py | 1 + scripts/tools/nxp/generate_certs.py | 22 +++--- scripts/tools/nxp/ota/crypto_utils.py | 67 ++++++++++--------- scripts/tools/nxp/ota/ota_image_tool.py | 8 ++- .../nxp/k32w/common/BLEManagerCommon.cpp | 2 +- .../nxp/k32w/common/BLEManagerCommon.h | 7 +- .../nxp/k32w/common/FactoryDataProvider.cpp | 5 +- .../nxp/k32w/common/OTATlvProcessor.cpp | 56 +++++++++------- .../nxp/k32w/k32w0/OTAFirmwareProcessor.cpp | 12 ++-- third_party/nxp/k32w0_sdk/k32w0_sdk.gni | 54 +++++++-------- 15 files changed, 180 insertions(+), 150 deletions(-) diff --git a/docs/guides/nxp_manufacturing_flow.md b/docs/guides/nxp_manufacturing_flow.md index d7fcec53c0fc78..64bafd53c89329 100644 --- a/docs/guides/nxp_manufacturing_flow.md +++ b/docs/guides/nxp_manufacturing_flow.md @@ -33,9 +33,10 @@ ninja -C out spake2p ### a. Certificates -To generate the different certificates, NXP provides a Python script `scripts/tools/nxp/generate_certs.py`. -This script will always generate the PAI and DAC certificates/keys. -It can also generate the Certification Declaration and the PAA certificate/key depending on the parameters. +To generate the different certificates, NXP provides a Python script +`scripts/tools/nxp/generate_certs.py`. This script will always generate the PAI +and DAC certificates/keys. It can also generate the Certification Declaration +and the PAA certificate/key depending on the parameters. | Parameter | Description | Type | Required | | ------------------ | ------------------------------------------------------------------------------------------------- | ---------------------- | -------- | @@ -53,19 +54,22 @@ It can also generate the Certification Declaration and the PAA certificate/key d | `--valid_from` | The start date for the certificate's validity period. | string | No | | `--lifetime` | The lifetime for the certificates, in whole days. | string | No | -You can also run the following command to get more details on the parameters and their default value (if applicable): +You can also run the following command to get more details on the parameters and +their default value (if applicable): ```shell python scripts/tools/nxp/generate_certs.py --help ``` -Example of a command that will generate CD, PAA, PAI and DAC certificates and keys in both .pem and .der formats: +Example of a command that will generate CD, PAA, PAI and DAC certificates and +keys in both .pem and .der formats: ```shell python scripts/tools/nxp/generate_certs.py --gen_cd --cd_type 1 --chip_cert_path ./out/chip-cert --vendor_id 0x1037 --product_id 0xA220 --vendor_name "NXP Semiconductors" --product_name all-clusters-app --device_type 65535 --output . ``` -> **Note**: the commands provided in this guide are just for the example and shall be adapted to your use case accordingly +> **Note**: the commands provided in this guide are just for the example and +> shall be adapted to your use case accordingly ### c. Provisioning data @@ -150,7 +154,8 @@ location given by `__MATTER_FACTORY_DATA_START`, using `JLink`: loadfile factory_data.bin 0xf4000 ``` -where `0xf4000` is the value of `__MATTER_FACTORY_DATA_START` in the corresponding .map file (can be different if using a custom linker script). +where `0xf4000` is the value of `__MATTER_FACTORY_DATA_START` in the +corresponding .map file (can be different if using a custom linker script). For the **RT1060**, **RT1170** and **RW61X** platform, the binary needs to be written using `MCUXpresso Flash Tool GUI` at the address value corresponding to @@ -195,23 +200,27 @@ Also, demo **DAC**, **PAI** and **PAA** certificates needed in case Supported platforms: -- K32W1 - `src/plaftorm/nxp/k32w/k32w1/FactoryDataProviderImpl.h` +- K32W1 - `src/plaftorm/nxp/k32w/k32w1/FactoryDataProviderImpl.h` -For platforms that have a secure subsystem (`SSS`), the DAC private key can be converted -to an encrypted blob. This blob will overwrite the DAC private key in factory data and -will be imported in the `SSS` at initialization, by the factory data provider instance. +For platforms that have a secure subsystem (`SSS`), the DAC private key can be +converted to an encrypted blob. This blob will overwrite the DAC private key in +factory data and will be imported in the `SSS` at initialization, by the factory +data provider instance. -The conversion process shall happen at manufacturing time and should be run one time only: +The conversion process shall happen at manufacturing time and should be run one +time only: -- Write factory data binary. -- Build the application with `chip_with_factory_data=1 chip_convert_dac_private_key=1` set. -- Write the application to the board and let it run. +- Write factory data binary. +- Build the application with + `chip_with_factory_data=1 chip_convert_dac_private_key=1` set. +- Write the application to the board and let it run. After the conversion process: -- Make sure the application is built with `chip_with_factory_data=1`, but without - `chip_convert_dac_private_key` arg, since conversion already happened. -- Write the application to the board. +- Make sure the application is built with `chip_with_factory_data=1`, but + without `chip_convert_dac_private_key` arg, since conversion already + happened. +- Write the application to the board. If you are using Jlink, you can see a conversion script example in: @@ -219,14 +228,17 @@ If you are using Jlink, you can see a conversion script example in: ./scripts/tools/nxp/factory_data_generator/k32w1/example_convert_dac_private_key.jlink ``` -Factory data should now contain a corresponding encrypted blob instead of the DAC private key. +Factory data should now contain a corresponding encrypted blob instead of the +DAC private key. -If an encrypted blob of the DAC private key is already available (e.g. obtained previously, using -other methods), then the conversion process shall be skipped. Instead, option `--dac_key_use_sss_blob` -can be used in the factory data generation command: +If an encrypted blob of the DAC private key is already available (e.g. obtained +previously, using other methods), then the conversion process shall be skipped. +Instead, option `--dac_key_use_sss_blob` can be used in the factory data +generation command: ```shell python3 ./scripts/tools/nxp/factory_data_generator/generate.py -i 10000 -s UXKLzwHdN3DZZLBaL2iVGhQi/OoQwIwJRQV4rpEalbA= -p 14014 -d 1000 --vid "0x1037" --pid "0xA221" --vendor_name "NXP Semiconductors" --product_name "Lighting app" --serial_num "12345678" --date "2023-01-01" --hw_version 1 --hw_version_str "1.0" --cert_declaration ./Chip-Test-CD-1037-A221.der --dac_cert ./Chip-DAC-NXP-1037-A221-Cert.der --dac_key ./Chip-DAC-NXP-1037-A221-Key-encrypted-blob.bin --pai_cert ./Chip-PAI-NXP-1037-A221-Cert.der --spake2p_path ./out/spake2p --unique_id "00112233445566778899aabbccddeeff" --dac_key_use_sss_blob --out ./factory_data_with_blob.bin ``` -Please note that `--dac_key` now points to a binary file that contains the encrypted blob. +Please note that `--dac_key` now points to a binary file that contains the +encrypted blob. diff --git a/examples/contact-sensor-app/nxp/k32w/k32w0/README.md b/examples/contact-sensor-app/nxp/k32w/k32w0/README.md index 5ca63d5b8e4af3..f616ddfeeca4f9 100644 --- a/examples/contact-sensor-app/nxp/k32w/k32w0/README.md +++ b/examples/contact-sensor-app/nxp/k32w/k32w0/README.md @@ -463,14 +463,18 @@ Optionally, add the following defines: #### Simple hash verification -When secure boot is not used, a simple hash can be appended at the end of the image -for integrity check. Applications should be built with `chip_simple_hash_verification=1`. +When secure boot is not used, a simple hash can be appended at the end of the +image for integrity check. Applications should be built with +`chip_simple_hash_verification=1`. + +To support simple hash verification feature, the SSBL project must be compiled +with: -To support simple hash verification feature, the SSBL project must be compiled with: - `gSimpleHashVerification=1` -and update the post-build command to use simple hash verification instead of the default -options. Go to `Project -> Properties -> C/C++ Build -> Settings -> Build steps` and press +and update the post-build command to use simple hash verification instead of the +default options. Go to +`Project -> Properties -> C/C++ Build -> Settings -> Build steps` and press `Edit` under `Post-build steps` subsection. The command should look similar to: ![SSBL_SIMPLE_HASH_VERIFICATION](../../../../platform/nxp/k32w/k32w0/doc/images/ssbl_simple_hash.JPG) diff --git a/examples/contact-sensor-app/nxp/k32w/k32w0/main/AppTask.cpp b/examples/contact-sensor-app/nxp/k32w/k32w0/main/AppTask.cpp index 4f88fee26698a3..216689d5606372 100644 --- a/examples/contact-sensor-app/nxp/k32w/k32w0/main/AppTask.cpp +++ b/examples/contact-sensor-app/nxp/k32w/k32w0/main/AppTask.cpp @@ -258,10 +258,11 @@ CHIP_ERROR AppTask::Init() /* SSBL will always be seen as booting from address 0, thanks to the remapping mechanism. * This means the SSBL version will always offset from address 0. */ extern uint32_t __MATTER_SSBL_VERSION_START[]; - K32W_LOG("Current SSBL Version: %ld. Found at address 0x%lx", *((uint32_t*) __MATTER_SSBL_VERSION_START), (uint32_t)__MATTER_SSBL_VERSION_START); + K32W_LOG("Current SSBL Version: %ld. Found at address 0x%lx", *((uint32_t *) __MATTER_SSBL_VERSION_START), + (uint32_t) __MATTER_SSBL_VERSION_START); #endif - auto& bleManager = chip::DeviceLayer::Internal::BLEMgrImpl(); + auto & bleManager = chip::DeviceLayer::Internal::BLEMgrImpl(); bleManager.RegisterAppCallbacks(app_gap_callback, app_gatt_callback); return err; @@ -865,7 +866,7 @@ void AppTask::DispatchEvent(AppEvent * aEvent) else #endif - if (aEvent->Handler) + if (aEvent->Handler) { aEvent->Handler(aEvent); } diff --git a/examples/lighting-app/nxp/k32w/k32w0/README.md b/examples/lighting-app/nxp/k32w/k32w0/README.md index cbb5674d0ddbb4..b43a08622eb330 100644 --- a/examples/lighting-app/nxp/k32w/k32w0/README.md +++ b/examples/lighting-app/nxp/k32w/k32w0/README.md @@ -480,14 +480,18 @@ Optionally, add the following defines: #### Simple hash verification -When secure boot is not used, a simple hash can be appended at the end of the image -for integrity check. Applications should be built with `chip_simple_hash_verification=1`. +When secure boot is not used, a simple hash can be appended at the end of the +image for integrity check. Applications should be built with +`chip_simple_hash_verification=1`. + +To support simple hash verification feature, the SSBL project must be compiled +with: -To support simple hash verification feature, the SSBL project must be compiled with: - `gSimpleHashVerification=1` -and update the post-build command to use simple hash verification instead of the default -options. Go to `Project -> Properties -> C/C++ Build -> Settings -> Build steps` and press +and update the post-build command to use simple hash verification instead of the +default options. Go to +`Project -> Properties -> C/C++ Build -> Settings -> Build steps` and press `Edit` under `Post-build steps` subsection. The command should look similar to: ![SSBL_SIMPLE_HASH_VERIFICATION](../../../../platform/nxp/k32w/k32w0/doc/images/ssbl_simple_hash.JPG) diff --git a/examples/lighting-app/nxp/k32w/k32w0/main/AppTask.cpp b/examples/lighting-app/nxp/k32w/k32w0/main/AppTask.cpp index 496c5083dabd0e..e63c35a1489ee0 100644 --- a/examples/lighting-app/nxp/k32w/k32w0/main/AppTask.cpp +++ b/examples/lighting-app/nxp/k32w/k32w0/main/AppTask.cpp @@ -253,7 +253,8 @@ CHIP_ERROR AppTask::Init() /* SSBL will always be seen as booting from address 0, thanks to the remapping mechanism. * This means the SSBL version will always offset from address 0. */ extern uint32_t __MATTER_SSBL_VERSION_START[]; - K32W_LOG("Current SSBL Version: %ld. Found at address 0x%lx", *((uint32_t*) __MATTER_SSBL_VERSION_START), (uint32_t)__MATTER_SSBL_VERSION_START); + K32W_LOG("Current SSBL Version: %ld. Found at address 0x%lx", *((uint32_t *) __MATTER_SSBL_VERSION_START), + (uint32_t) __MATTER_SSBL_VERSION_START); #endif return err; diff --git a/scripts/tools/nxp/factory_data_generator/generate.py b/scripts/tools/nxp/factory_data_generator/generate.py index da5e2005b50fba..69b8bac3f5b9ef 100755 --- a/scripts/tools/nxp/factory_data_generator/generate.py +++ b/scripts/tools/nxp/factory_data_generator/generate.py @@ -30,6 +30,7 @@ # Global variable for hash ID hash_id = "CE47BA5E" + def set_logger(): stdout_handler = logging.StreamHandler(stream=sys.stdout) logging.basicConfig( diff --git a/scripts/tools/nxp/generate_certs.py b/scripts/tools/nxp/generate_certs.py index 8af61399da9ab4..d6c23a92dc0f18 100644 --- a/scripts/tools/nxp/generate_certs.py +++ b/scripts/tools/nxp/generate_certs.py @@ -194,17 +194,17 @@ def allow_any_int(i): return int(i, 0) log.basicConfig(format='[%(levelname)s] %(message)s', level=log.INFO) gen_test_certs(args.chip_cert_path, - args.output, - args.vendor_id, - args.product_id, - args.vendor_name + " " + args.product_name, - args.gen_cd, - args.cd_type, - args.device_type, - args.paa_cert, - args.paa_key, - args.valid_from, - args.lifetime) + args.output, + args.vendor_id, + args.product_id, + args.vendor_name + " " + args.product_name, + args.gen_cd, + args.cd_type, + args.device_type, + args.paa_cert, + args.paa_key, + args.valid_from, + args.lifetime) if __name__ == "__main__": diff --git a/scripts/tools/nxp/ota/crypto_utils.py b/scripts/tools/nxp/ota/crypto_utils.py index e0e144c1ac8bbb..978929b8d052fa 100755 --- a/scripts/tools/nxp/ota/crypto_utils.py +++ b/scripts/tools/nxp/ota/crypto_utils.py @@ -256,9 +256,9 @@ def __init__(self, key, block_size=16): tt = tk[KC - 1] tk[0] ^= (S[(tt >> 16) & 0xFF] & 0xFF) << 24 ^ \ (S[(tt >> 8) & 0xFF] & 0xFF) << 16 ^ \ - (S[tt & 0xFF] & 0xFF) << 8 ^ \ + (S[tt & 0xFF] & 0xFF) << 8 ^ \ (S[(tt >> 24) & 0xFF] & 0xFF) ^ \ - (rcon[rconpointer] & 0xFF) << 24 + (rcon[rconpointer] & 0xFF) << 24 rconpointer += 1 if KC != 8: for i in range(1, KC): @@ -285,9 +285,9 @@ def __init__(self, key, block_size=16): for j in range(BC): tt = Kd[r][j] Kd[r][j] = U1[(tt >> 24) & 0xFF] ^ \ - U2[(tt >> 16) & 0xFF] ^ \ - U3[(tt >> 8) & 0xFF] ^ \ - U4[tt & 0xFF] + U2[(tt >> 16) & 0xFF] ^ \ + U3[(tt >> 8) & 0xFF] ^ \ + U4[tt & 0xFF] self.Ke = Ke self.Kd = Kd @@ -330,8 +330,8 @@ def encrypt(self, plaintext): tt = Ke[ROUNDS][i] result.append((S[(t[i] >> 24) & 0xFF] ^ (tt >> 24)) & 0xFF) result.append((S[(t[(i + s1) % BC] >> 16) & 0xFF] ^ (tt >> 16)) & 0xFF) - result.append((S[(t[(i + s2) % BC] >> 8) & 0xFF] ^ (tt >> 8)) & 0xFF) - result.append((S[ t[(i + s3) % BC] & 0xFF] ^ tt) & 0xFF) + result.append((S[(t[(i + s2) % BC] >> 8) & 0xFF] ^ (tt >> 8)) & 0xFF) + result.append((S[t[(i + s3) % BC] & 0xFF] ^ tt) & 0xFF) return ''.join(list(map(chr, result))) def decrypt(self, ciphertext): @@ -339,7 +339,7 @@ def decrypt(self, ciphertext): raise ValueError('wrong block length, expected ' + str(self.block_size) + ' got ' + str(len(ciphertext))) Kd = self.Kd - BC = int (self.block_size / 4) + BC = int(self.block_size / 4) ROUNDS = len(Kd) - 1 if BC == 4: SC = 0 @@ -373,8 +373,8 @@ def decrypt(self, ciphertext): tt = Kd[ROUNDS][i] result.append((Si[(t[i] >> 24) & 0xFF] ^ (tt >> 24)) & 0xFF) result.append((Si[(t[(i + s1) % BC] >> 16) & 0xFF] ^ (tt >> 16)) & 0xFF) - result.append((Si[(t[(i + s2) % BC] >> 8) & 0xFF] ^ (tt >> 8)) & 0xFF) - result.append((Si[ t[(i + s3) % BC] & 0xFF] ^ tt) & 0xFF) + result.append((Si[(t[(i + s2) % BC] >> 8) & 0xFF] ^ (tt >> 8)) & 0xFF) + result.append((Si[t[(i + s3) % BC] & 0xFF] ^ tt) & 0xFF) return ''.join(map(chr, result)) @@ -384,32 +384,32 @@ def encryptFlashData(nonce, key, data, imageLen): for x in range(16 - (imageLen % 16)): data = data + bytes([255]) imageLen = len(data) - + r = rijndael(key, block_size=16) - + for x in range(int(imageLen / 16)): # use nonce value to create encrypted chunk - encryptNonce = '' + encryptNonce = '' for i in nonce: tempString = "%08x" % i y = 0 while y < 8: encryptNonce = encryptNonce + chr(int(tempString[y:y+2], 16)) - y= y + 2 + y = y + 2 encChunk = r.encrypt(encryptNonce) # increment the nonce value - if(nonce[3] == 0xffffffff): + if (nonce[3] == 0xffffffff): nonce[3] = 0 else: nonce[3] += 1 - + # xor encypted junk with data chunk - chunk = data[x*16:(x+1)*16] # Read 16 byte chucks. 128 bits + chunk = data[x*16:(x+1)*16] # Read 16 byte chucks. 128 bits lchunk = chunk lencChunk = list(map(ord, encChunk)) - + outputString = '' loutChunk = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] for i in range(16): @@ -421,15 +421,14 @@ def encryptFlashData(nonce, key, data, imageLen): def aParsePassKeyString(sPassKey): lstu32Passkey = [0, 0, 0, 0] - + try: lstStrPassKey = sPassKey.split(",") - + except: sPassKey = "0x00000000, 0x00000000, 0x00000000, 0x00000000" lstStrPassKey = sPassKey.split(",") - - + if len(lstStrPassKey) == 4: for i in range(4): if "0x" in lstStrPassKey[i]: @@ -438,7 +437,7 @@ def aParsePassKeyString(sPassKey): lstu32Passkey[i] = int(lstStrPassKey[i], 10) logging.info(f"\t-key: {lstu32Passkey[0]}, {lstu32Passkey[1]}, {lstu32Passkey[2]}, {lstu32Passkey[3]}") - abEncryptKey = struct.pack(">LLLL",lstu32Passkey[0], + abEncryptKey = struct.pack(">LLLL", lstu32Passkey[0], lstu32Passkey[1], lstu32Passkey[2], lstu32Passkey[3]) @@ -447,37 +446,39 @@ def aParsePassKeyString(sPassKey): def aParseNonce(sNonceValue): lstu32Nonce = [0, 0, 0, 0] - + try: lstStrNonce = sNonceValue.split(",") - + except: sNonceValue = "0x00000000, 0x00000000, 0x00000000, 0x00000000" lstStrNonce = self.sNonceValue.split(",") - - + if len(lstStrNonce) == 4: for i in range(4): if "0x" in lstStrNonce[i]: lstu32Nonce[i] = int(lstStrNonce[i], 16) else: lstu32Nonce[i] = int(lstStrNonce[i], 10) - + logging.info(f"Nonce : {lstu32Nonce[0]}, {lstu32Nonce[1]}, {lstu32Nonce[2]}, {lstu32Nonce[3]}") - + return lstu32Nonce + def encryptData(sSrcData, sPassKey, aPassIv): sKeyString = sPassKey.strip() assert len(sKeyString) == 32, 'the length of encryption key should be equal to 32' - sPassString = "0x" + sKeyString[:8]+ ',' + "0x" + sKeyString[8:16] + ',' + "0x" + sKeyString[16:24] + ',' + "0x" + sKeyString[24:32] + sPassString = "0x" + sKeyString[:8] + ',' + "0x" + sKeyString[8:16] + \ + ',' + "0x" + sKeyString[16:24] + ',' + "0x" + sKeyString[24:32] aPassKey = aParsePassKeyString(sPassString) - + sIvString = aPassIv.strip() - sPassString = "0x" + sIvString[:8] + ',' + "0x" + sIvString[8:16] + ',' + "0x" + sIvString[16:24] + ',' + "0x" + sIvString[24:32] + sPassString = "0x" + sIvString[:8] + ',' + "0x" + sIvString[8:16] + \ + ',' + "0x" + sIvString[16:24] + ',' + "0x" + sIvString[24:32] aNonce = aParseNonce(sPassString) - + logging.info("Started Encrypting with key[{}] ......".format(sPassKey)) encryptedData = encryptFlashData(aNonce, aPassKey, sSrcData, len(sSrcData)) diff --git a/scripts/tools/nxp/ota/ota_image_tool.py b/scripts/tools/nxp/ota/ota_image_tool.py index 9f0fb9ffa5ae86..64715d784aeecd 100755 --- a/scripts/tools/nxp/ota/ota_image_tool.py +++ b/scripts/tools/nxp/ota/ota_image_tool.py @@ -35,8 +35,8 @@ import logging import os import sys -import crypto_utils +import crypto_utils import jsonschema sys.path.insert(0, os.path.join( @@ -164,7 +164,7 @@ def generate_bootloader(args: object): descriptor = generate_descriptor(args.bl_version, args.bl_version_str, args.bl_build_date) logging.info(f"Bootloader encryption enable: {args.enc_enable}") if args.enc_enable: - inputFile = open(args.bl_input_file,"rb") + inputFile = open(args.bl_input_file, "rb") enc_file = crypto_utils.encryptData(inputFile.read(), args.input_ota_key, INITIALIZATION_VECTOR) enc_file1 = bytes([ord(x) for x in enc_file]) file_size = len(enc_file1) @@ -267,6 +267,7 @@ def create_image(args: object): for filename in glob.glob(os.path.dirname(__file__) + "/enc_ota_temp_*"): os.remove(filename) + def main(): """ This function is a modified version of ota_image_tool.py main function. @@ -337,7 +338,8 @@ def any_base_int(s): return int(s, 0) create_parser.add_argument('--json', help="[path] Path to the JSON describing custom TLVs") create_parser.add_argument('--enc_enable', action="store_true", help='enable ota encryption') - create_parser.add_argument('--input_ota_key', type=str, default="1234567890ABCDEFA1B2C3D4E5F6F1B4", help='Input OTA Encryption KEY (string:16Bytes)') + create_parser.add_argument('--input_ota_key', type=str, default="1234567890ABCDEFA1B2C3D4E5F6F1B4", + help='Input OTA Encryption KEY (string:16Bytes)') create_parser.add_argument('-i', '--input_files', default=list(), help='Path to input image payload file') diff --git a/src/platform/nxp/k32w/common/BLEManagerCommon.cpp b/src/platform/nxp/k32w/common/BLEManagerCommon.cpp index 0a19d18bbf54fd..5d20035aa99940 100644 --- a/src/platform/nxp/k32w/common/BLEManagerCommon.cpp +++ b/src/platform/nxp/k32w/common/BLEManagerCommon.cpp @@ -917,7 +917,7 @@ void BLEManagerCommon::DoBleProcessing(void) void BLEManagerCommon::RegisterAppCallbacks(BLECallbackDelegate::GapGenericCallback gapCallback, BLECallbackDelegate::GattServerCallback gattCallback) { - callbackDelegate.gapCallback = gapCallback; + callbackDelegate.gapCallback = gapCallback; callbackDelegate.gattCallback = gattCallback; } diff --git a/src/platform/nxp/k32w/common/BLEManagerCommon.h b/src/platform/nxp/k32w/common/BLEManagerCommon.h index 56a51243bcd640..32ccdd762cdea4 100644 --- a/src/platform/nxp/k32w/common/BLEManagerCommon.h +++ b/src/platform/nxp/k32w/common/BLEManagerCommon.h @@ -55,7 +55,7 @@ struct BLECallbackDelegate using GapGenericCallback = void (*)(gapGenericEvent_t * event); using GattServerCallback = void (*)(deviceId_t id, gattServerEvent_t * event); - GapGenericCallback gapCallback = nullptr; + GapGenericCallback gapCallback = nullptr; GattServerCallback gattCallback = nullptr; }; @@ -232,11 +232,12 @@ class BLEManagerCommon : public BLEManager, protected BleLayer, private BlePlatf public: virtual CHIP_ERROR InitHostController(BLECallbackDelegate::GapGenericCallback cb_fp) = 0; - virtual BLEManagerCommon * GetImplInstance() = 0; + virtual BLEManagerCommon * GetImplInstance() = 0; void DoBleProcessing(void); BLECallbackDelegate callbackDelegate; - void RegisterAppCallbacks(BLECallbackDelegate::GapGenericCallback gapCallback, BLECallbackDelegate::GattServerCallback gattCallback); + void RegisterAppCallbacks(BLECallbackDelegate::GapGenericCallback gapCallback, + BLECallbackDelegate::GattServerCallback gattCallback); }; inline BLEManager::CHIPoBLEServiceMode BLEManagerCommon::_GetCHIPoBLEServiceMode(void) diff --git a/src/platform/nxp/k32w/common/FactoryDataProvider.cpp b/src/platform/nxp/k32w/common/FactoryDataProvider.cpp index 5fd3933da25fbd..315811cbf32442 100644 --- a/src/platform/nxp/k32w/common/FactoryDataProvider.cpp +++ b/src/platform/nxp/k32w/common/FactoryDataProvider.cpp @@ -40,9 +40,8 @@ static constexpr size_t kSpake2pSerializedVerifier_MaxBase64Len = BASE64_ENCODED_LEN(chip::Crypto::kSpake2p_VerifierSerialized_Length) + 1; static constexpr size_t kSpake2pSalt_MaxBase64Len = BASE64_ENCODED_LEN(chip::Crypto::kSpake2p_Max_PBKDF_Salt_Length) + 1; - -uint32_t FactoryDataProvider::kFactoryDataStart = (uint32_t)__MATTER_FACTORY_DATA_START; -uint32_t FactoryDataProvider::kFactoryDataSize = (uint32_t)__MATTER_FACTORY_DATA_SIZE; +uint32_t FactoryDataProvider::kFactoryDataStart = (uint32_t) __MATTER_FACTORY_DATA_START; +uint32_t FactoryDataProvider::kFactoryDataSize = (uint32_t) __MATTER_FACTORY_DATA_SIZE; uint32_t FactoryDataProvider::kFactoryDataPayloadStart = kFactoryDataStart + sizeof(FactoryDataProvider::Header); FactoryDataProvider::FactoryDataProvider() diff --git a/src/platform/nxp/k32w/common/OTATlvProcessor.cpp b/src/platform/nxp/k32w/common/OTATlvProcessor.cpp index 536690b97da8f2..7571e693728c00 100644 --- a/src/platform/nxp/k32w/common/OTATlvProcessor.cpp +++ b/src/platform/nxp/k32w/common/OTATlvProcessor.cpp @@ -23,8 +23,8 @@ #include #include #if OTA_ENCRYPTION_ENABLE -#include "rom_aes.h" #include "OtaUtils.h" +#include "rom_aes.h" #endif namespace chip { @@ -107,7 +107,7 @@ CHIP_ERROR OTATlvProcessor::vOtaProcessInternalEncryption(MutableByteSpan & bloc { uint8_t iv[16]; uint8_t key[16]; - uint8_t dataOut[16]={0}; + uint8_t dataOut[16] = { 0 }; uint32_t u32IVCount; uint32_t Offset = 0; uint8_t data; @@ -116,51 +116,57 @@ CHIP_ERROR OTATlvProcessor::vOtaProcessInternalEncryption(MutableByteSpan & bloc memcpy(iv, au8Iv, sizeof(au8Iv)); - u32IVCount = (((uint32_t)iv[12])<<24) | (((uint32_t)iv[13])<<16) | (((uint32_t)iv[14])<<8) | (iv[15]); + u32IVCount = (((uint32_t) iv[12]) << 24) | (((uint32_t) iv[13]) << 16) | (((uint32_t) iv[14]) << 8) | (iv[15]); u32IVCount += (mIVOffset >> 4); - iv[12] = (uint8_t)((u32IVCount >> 24) & 0xff); - iv[13] = (uint8_t)((u32IVCount >> 16) & 0xff); - iv[14] = (uint8_t)((u32IVCount >> 8) & 0xff); - iv[15] = (uint8_t)(u32IVCount & 0xff); - + iv[12] = (uint8_t) ((u32IVCount >> 24) & 0xff); + iv[13] = (uint8_t) ((u32IVCount >> 16) & 0xff); + iv[14] = (uint8_t) ((u32IVCount >> 8) & 0xff); + iv[15] = (uint8_t) (u32IVCount & 0xff); + size_t len = strlen(OTA_ENCRYPTION_KEY); - if (len != 32) { + if (len != 32) + { return CHIP_ERROR_INVALID_ARGUMENT; } - for (size_t i = 0; i < len; i += 2) { - char hex[3] = {OTA_ENCRYPTION_KEY[i], OTA_ENCRYPTION_KEY[i+1], '\0'}; - key[i/2] = (uint8_t)strtol(hex, NULL, 16); + for (size_t i = 0; i < len; i += 2) + { + char hex[3] = { OTA_ENCRYPTION_KEY[i], OTA_ENCRYPTION_KEY[i + 1], '\0' }; + key[i / 2] = (uint8_t) strtol(hex, NULL, 16); } ByteSpan KEY = ByteSpan(key); Encoding::LittleEndian::Reader reader_key(KEY.data(), KEY.size()); - ReturnErrorOnFailure(reader_key.Read32(&sKey.u32register0).Read32(&sKey.u32register1).Read32(&sKey.u32register2).Read32(&sKey.u32register3).StatusCode()); + ReturnErrorOnFailure(reader_key.Read32(&sKey.u32register0) + .Read32(&sKey.u32register1) + .Read32(&sKey.u32register2) + .Read32(&sKey.u32register3) + .StatusCode()); - while (Offset+16 <= block.size()) + while (Offset + 16 <= block.size()) { /*Encrypt the IV*/ - Context.mode = AES_MODE_ECB_ENCRYPT; - Context.pSoftwareKey = (uint32_t*)&sKey; - AES_128_ProcessBlocks(&Context, (uint32_t*)&iv[0], (uint32_t*)&dataOut[0], 1); + Context.mode = AES_MODE_ECB_ENCRYPT; + Context.pSoftwareKey = (uint32_t *) &sKey; + AES_128_ProcessBlocks(&Context, (uint32_t *) &iv[0], (uint32_t *) &dataOut[0], 1); /* Decrypt a block of the buffer */ - for(uint8_t i=0;i<16;i++) + for (uint8_t i = 0; i < 16; i++) { - data = block[Offset+i] ^ dataOut[i]; - memcpy(&block[Offset+i], &data, sizeof(uint8_t)); + data = block[Offset + i] ^ dataOut[i]; + memcpy(&block[Offset + i], &data, sizeof(uint8_t)); } /* increment the IV for the next block */ u32IVCount++; - iv[12] = (uint8_t)((u32IVCount >> 24) & 0xff); - iv[13] = (uint8_t)((u32IVCount >> 16) & 0xff); - iv[14] = (uint8_t)((u32IVCount >> 8) & 0xff); - iv[15] = (uint8_t)(u32IVCount & 0xff); + iv[12] = (uint8_t) ((u32IVCount >> 24) & 0xff); + iv[13] = (uint8_t) ((u32IVCount >> 16) & 0xff); + iv[14] = (uint8_t) ((u32IVCount >> 8) & 0xff); + iv[15] = (uint8_t) (u32IVCount & 0xff); - Offset += 16; /* increment the buffer offset */ + Offset += 16; /* increment the buffer offset */ mIVOffset += 16; } diff --git a/src/platform/nxp/k32w/k32w0/OTAFirmwareProcessor.cpp b/src/platform/nxp/k32w/k32w0/OTAFirmwareProcessor.cpp index b4f78e5dfffe86..760c9ef2eec8fc 100644 --- a/src/platform/nxp/k32w/k32w0/OTAFirmwareProcessor.cpp +++ b/src/platform/nxp/k32w/k32w0/OTAFirmwareProcessor.cpp @@ -17,8 +17,8 @@ */ #include -#include #include +#include #include #include "OtaSupport.h" @@ -74,11 +74,11 @@ CHIP_ERROR OTAFirmwareProcessor::ProcessInternal(ByteSpan & block) memcpy(&mBlock[0], &mBlock[requestedOtaMaxBlockSize], mUnalignmentNum); memcpy(&mBlock[mUnalignmentNum], block.data(), block.size()); - if(mUnalignmentNum + block.size() < requestedOtaMaxBlockSize) + if (mUnalignmentNum + block.size() < requestedOtaMaxBlockSize) { uint32_t mAlignmentNum = (mUnalignmentNum + block.size()) / 16; - mAlignmentNum = mAlignmentNum * 16; - mUnalignmentNum = (mUnalignmentNum + block.size()) % 16; + mAlignmentNum = mAlignmentNum * 16; + mUnalignmentNum = (mUnalignmentNum + block.size()) % 16; memcpy(&mBlock[requestedOtaMaxBlockSize], &mBlock[mAlignmentNum], mUnalignmentNum); mBlock.reduce_size(mAlignmentNum); } @@ -98,9 +98,9 @@ CHIP_ERROR OTAFirmwareProcessor::ProcessInternal(ByteSpan & block) return CHIP_OTA_PROCESSOR_MAKE_ROOM; } #if OTA_ENCRYPTION_ENABLE - status = OTA_PushImageChunk((uint8_t*) mBlock.data(), (uint16_t) mBlock.size(), NULL, NULL); + status = OTA_PushImageChunk((uint8_t *) mBlock.data(), (uint16_t) mBlock.size(), NULL, NULL); #else - status = OTA_PushImageChunk((uint8_t*) block.data(), (uint16_t) block.size(), NULL, NULL); + status = OTA_PushImageChunk((uint8_t *) block.data(), (uint16_t) block.size(), NULL, NULL); #endif if (gOtaSuccess_c != status) { diff --git a/third_party/nxp/k32w0_sdk/k32w0_sdk.gni b/third_party/nxp/k32w0_sdk/k32w0_sdk.gni index 230d4c6d569952..00e6847ce733f7 100644 --- a/third_party/nxp/k32w0_sdk/k32w0_sdk.gni +++ b/third_party/nxp/k32w0_sdk/k32w0_sdk.gni @@ -45,18 +45,18 @@ declare_args() { chip_reduce_ssbl_size = false chip_enable_ota_firmware_processor = 1 chip_enable_ota_factory_data_processor = 0 - chip_with_pdm_encryption=1 - ota_custom_entry_address="0x000C1000" + chip_with_pdm_encryption = 1 + ota_custom_entry_address = "0x000C1000" use_antenna_diversity = 0 #ICD Matter Configuration flags - chip_ot_idle_interval_ms = 2000 # 2s Idle Intervals - chip_ot_active_interval_ms = 500 # 500ms Active Intervals + chip_ot_idle_interval_ms = 2000 # 2s Idle Intervals + chip_ot_active_interval_ms = 500 # 500ms Active Intervals - nxp_idle_mode_interval_s = 600 # 10min Idle Mode Interval - nxp_active_mode_interval_ms = 10000 # 10s Active Mode Interval - nxp_active_mode_threshold_ms = 1000 # 1s Active Mode Threshold + nxp_idle_mode_interval_s = 600 # 10min Idle Mode Interval + nxp_active_mode_interval_ms = 10000 # 10s Active Mode Interval + nxp_active_mode_threshold_ms = 1000 # 1s Active Mode Threshold nxp_icd_supported_clients_per_fabric = 2 # 2 registration slots per fabric chip_with_ota_encryption = 0 @@ -147,10 +147,9 @@ template("k32w0_sdk") { chip_with_ntag = 0 } - if(k32w0_sdk_root == "${chip_root}/third_party/nxp/k32w0_sdk/repo/core") { + if (k32w0_sdk_root == "${chip_root}/third_party/nxp/k32w0_sdk/repo/core") { chip_with_sdk_package = 0 - } - else { + } else { chip_with_sdk_package = 1 } print("device:", device) @@ -270,10 +269,8 @@ template("k32w0_sdk") { "${k32w0_sdk_root}/rtos/amazon-freertos/lib/include/private", "${k32w0_sdk_root}/rtos/amazon-freertos/lib/third_party/unity/src", ] - if(chip_with_sdk_package == 1) { - _sdk_include_dirs += [ - "${k32w0_sdk_root}/devices/${device}/drivers", - ] + if (chip_with_sdk_package == 1) { + _sdk_include_dirs += [ "${k32w0_sdk_root}/devices/${device}/drivers" ] } else { _sdk_include_dirs += [ "${k32w0_sdk_root}/devices/K32W061/drivers", @@ -367,6 +364,7 @@ template("k32w0_sdk") { "gSecLibUseSha256Alt_d=1", "gOTA_UseSecLibAes=1", "gResetSystemReset_d=1", + # TODO: move these platform specific defines to args.gni "NXP_OT_IDLE_INTERVAL=${chip_ot_idle_interval_ms}", "NXP_OT_ACTIVE_INTERVAL=${chip_ot_active_interval_ms}", @@ -416,12 +414,12 @@ template("k32w0_sdk") { } if (chip_with_ota_encryption == 1) { - defines += [ + defines += [ "OTA_ENCRYPTION_ENABLE=1", "OTA_ENCRYPTION_KEY=\"${chip_with_ota_key}\"", - ] + ] } else { - defines += [ "OTA_ENCRYPTION_ENABLE=0"] + defines += [ "OTA_ENCRYPTION_ENABLE=0" ] } if (chip_mdns == "platform") { @@ -631,7 +629,7 @@ template("k32w0_sdk") { "${k32w0_sdk_root}/rtos/amazon-freertos/lib/FreeRTOS/tasks.c", "${k32w0_sdk_root}/rtos/amazon-freertos/lib/FreeRTOS/timers.c", ] - if(chip_with_sdk_package == 1) { + if (chip_with_sdk_package == 1) { sources += [ "${k32w0_sdk_root}/devices/${device}/drivers/fsl_adc.c", "${k32w0_sdk_root}/devices/${device}/drivers/fsl_aes.c", @@ -659,27 +657,27 @@ template("k32w0_sdk") { ] } else { sources += [ - "${k32w0_sdk_root}/drivers/lpc_adc/fsl_adc.c", - "${k32w0_sdk_root}/drivers/aes/fsl_aes.c", "${k32w0_sdk_root}/devices/K32W061/drivers/fsl_clock.c", + "${k32w0_sdk_root}/devices/K32W061/drivers/fsl_power.c", + "${k32w0_sdk_root}/devices/K32W061/drivers/fsl_reset.c", + "${k32w0_sdk_root}/devices/K32W061/drivers/fsl_wtimer.c", + "${k32w0_sdk_root}/drivers/aes/fsl_aes.c", "${k32w0_sdk_root}/drivers/common/fsl_common.c", "${k32w0_sdk_root}/drivers/ctimer/fsl_ctimer.c", - "${k32w0_sdk_root}/drivers/jn_flash/fsl_flash.c", "${k32w0_sdk_root}/drivers/flexcomm/fsl_flexcomm.c", - "${k32w0_sdk_root}/drivers/fmeas/fsl_fmeas.c", - "${k32w0_sdk_root}/drivers/lpc_gpio/fsl_gpio.c", "${k32w0_sdk_root}/drivers/flexcomm/fsl_i2c.c", "${k32w0_sdk_root}/drivers/flexcomm/fsl_i2c_freertos.c", + "${k32w0_sdk_root}/drivers/flexcomm/fsl_usart.c", + "${k32w0_sdk_root}/drivers/fmeas/fsl_fmeas.c", "${k32w0_sdk_root}/drivers/inputmux/fsl_inputmux.c", - "${k32w0_sdk_root}/drivers/pint/fsl_pint.c", - "${k32w0_sdk_root}/devices/K32W061/drivers/fsl_power.c", - "${k32w0_sdk_root}/devices/K32W061/drivers/fsl_reset.c", + "${k32w0_sdk_root}/drivers/jn_flash/fsl_flash.c", "${k32w0_sdk_root}/drivers/jn_rng/fsl_rng.c", "${k32w0_sdk_root}/drivers/jn_rtc/fsl_rtc.c", + "${k32w0_sdk_root}/drivers/lpc_adc/fsl_adc.c", + "${k32w0_sdk_root}/drivers/lpc_gpio/fsl_gpio.c", + "${k32w0_sdk_root}/drivers/pint/fsl_pint.c", "${k32w0_sdk_root}/drivers/sha/fsl_sha.c", "${k32w0_sdk_root}/drivers/spifi/fsl_spifi.c", - "${k32w0_sdk_root}/drivers/flexcomm/fsl_usart.c", - "${k32w0_sdk_root}/devices/K32W061/drivers/fsl_wtimer.c", "${k32w0_sdk_root}/utilities/debug_console/fsl_debug_console.c", "${k32w0_sdk_root}/utilities/debug_console/str/fsl_str.c", ]