From fb6fe11312fe76ead01d35f3db967ace5d67569a Mon Sep 17 00:00:00 2001 From: Evgeni Margolis Date: Fri, 28 Jan 2022 14:36:59 -0800 Subject: [PATCH] CHIP Config Cleanup: Removed Legacy (Unused) Security Configs --- config/android/CHIPProjectConfig.h | 9 +- config/esp32/components/chip/Kconfig | 127 +- config/ios/CHIPProjectConfig.h | 9 +- config/python/CHIPProjectConfig.h | 9 +- config/standalone/CHIPProjectConfig.h | 9 +- .../chip-tool/include/CHIPProjectAppConfig.h | 9 +- src/lib/core/BUILD.gn | 5 +- src/lib/core/CHIPConfig.h | 1061 +---------------- src/platform/Ameba/CHIPPlatformConfig.h | 42 +- .../CYW30739/KeyValueStoreManagerImpl.h | 2 +- src/platform/Darwin/CHIPPlatformConfig.h | 44 +- src/platform/EFR32/CHIPPlatformConfig.h | 44 +- src/platform/ESP32/CHIPPlatformConfig.h | 33 +- src/platform/Linux/CHIPPlatformConfig.h | 42 +- src/platform/P6/CHIPPlatformConfig.h | 22 +- src/platform/Tizen/CHIPPlatformConfig.h | 44 +- src/platform/android/CHIPPlatformConfig.h | 44 +- src/platform/cc13x2_26x2/CHIPPlatformConfig.h | 45 +- src/platform/mbed/CHIPPlatformConfig.h | 44 +- src/platform/nrfconnect/CHIPPlatformConfig.h | 44 +- .../nxp/k32w/k32w0/CHIPPlatformConfig.h | 44 +- src/platform/qpg/CHIPPlatformConfig.h | 42 +- src/platform/telink/CHIPPlatformConfig.h | 44 +- 23 files changed, 29 insertions(+), 1789 deletions(-) diff --git a/config/android/CHIPProjectConfig.h b/config/android/CHIPProjectConfig.h index 674a918ca2a9c0..6804dd9cd1739e 100644 --- a/config/android/CHIPProjectConfig.h +++ b/config/android/CHIPProjectConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020-2021 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2016-2017 Nest Labs, Inc. * Copyright (c) 2019-2020 Google LLC. * All rights reserved. @@ -34,16 +34,9 @@ #define INET_CONFIG_OVERRIDE_SYSTEM_TCP_USER_TIMEOUT 0 -// Enable passcode encryption configuration 1 -#define CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY 1 - // Uncomment this for a large Tunnel MTU. //#define CHIP_CONFIG_TUNNEL_INTERFACE_MTU (9000) -#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0 - -#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0 - #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 300 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1 diff --git a/config/esp32/components/chip/Kconfig b/config/esp32/components/chip/Kconfig index 3e4dfb53823eb5..528181501fb430 100644 --- a/config/esp32/components/chip/Kconfig +++ b/config/esp32/components/chip/Kconfig @@ -1,5 +1,5 @@ # -# Copyright (c) 2020 Project CHIP Authors +# Copyright (c) 2020-2022 Project CHIP Authors # Copyright (c) 2018 Nest Labs, Inc. # All rights reserved. # @@ -166,125 +166,6 @@ menu "CHIP Core" help The maximum number of simultaneously active session keys. - config DEFAULT_SECURITY_SESSION_ESTABLISHMENT_TIMEOUT - int "Default Security Session Establishment Timeout (ms)" - range 0 65535 - default 30000 - help - The default amount of time, in milliseconds, after which an in-progess - session establishment will fail due to a timeout. - - This value can be overridden by the application at runtime. - - config DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT - int "Default Security Session Idle Timeout (ms)" - range 0 65535 - default 15000 - help - The default minimum amount of time, in milliseconds, that an unreserved - and idle security session will be allowed to exist before being destroyed. - In practice, unreserved idle sessions can exist for up to twice this value. - - This value can be overridden by the application at runtime. - - menu "Protocols" - - config ENABLE_PASE_INITIATOR - bool "Enable PASE Initiator" - default n - help - Enable support for initiating PASE security sessions with a remote node. - - This feature is rarely needed in device applications of CHIP. - - (PASE = Password Authenticated Session Establishment). - - config ENABLE_PASE_RESPONDER - bool "Enable PASE Responder" - default y - help - Enable support for responding to a request from a remote node to initiate - a PASE security session. - - This feature is necessary to support standard CHIP pairing. - - (PASE = Password Authenticated Session Establishment). - - config ENABLE_CASE_INITIATOR - bool "Enable CASE Initiator" - default y - help - Enable support for initiating CASE security sessions with a remote node. - - This feature is necessary to support interacting with CHIP cloud services. - - (CASE = Certificate Authenticated Session Establishment). - - config ENABLE_CASE_RESPONDER - bool "Enable CASE Responder" - default y - help - Enable support for responding to a request from a remote note to initiate - a CASE security session. - - This feature is necessary to support standard CHIP pairing. - - (CASE = Certificate Authenticated Session Establishment). - - endmenu # "Protocols" - - menu "Group Keys" - - config USE_APP_GROUP_KEYS_FOR_MSG_ENC - bool "Enable Group Keys for CHIP Message Encryption" - default y - help - Enable the use of application group keys for CHIP message encryption. - - config MAX_CACHED_MSG_ENC_APP_KEYS - int "Group Key Cache Size" - range 0 255 - default 5 - depends on USE_APP_GROUP_KEYS_FOR_MSG_ENC - help - The size of the cache (in number of keys) used to store derived application - group encryption keys. - - This value is only meaningful when group keys are enabled for CHIP message - encryption. - - config MAX_APPLICATION_EPOCH_KEYS - int "Max Application Epoch Keys" - range 0 8 - default 4 - help - The maximum number of simultaneously supported application epoch keys. - - (Epoch keys are a kind of symmetric key that gets mixed together with - other key material to form a group encryption key which can be used - for private communication amongst a set of related CHIP nodes). - - This value should be set to the maximum number of epoch keys that - can be simultaneously provisioned on the local CHIP node. The - maximum supported value is 8, however, in most cases only two such - keys will exist at any given point in time. - - config MAX_APPLICATION_GROUPS - int "Max Application Master Keys" - range 0 255 - default 4 - help - The maximum number of simultaneously supported application group master keys. - - (Application group master keys are a kind of symmetric key that gets mixed - together with other key material to form a group encryption key which can - be used for private communication amongst a set of related CHIP nodes). - - This value should be set to the number of CHIP application groups - in which the local CHIP device will be a member. - - endmenu # "Group Keys" - menu "Debugging" config SECURITY_TEST_MODE @@ -307,12 +188,6 @@ menu "CHIP Core" WARNING: This option makes it possible to circumvent basic CHIP security functionality. Because of this it SHOULD NEVER BE ENABLED IN PRODUCTION BUILDS. - config DEBUG_CERT_VALIDATION - bool "Enable Certificate Validation Debugging" - default n - help - Enable support for debugging output from certificate validation. - endmenu # "Debugging" endmenu # "Security Options" diff --git a/config/ios/CHIPProjectConfig.h b/config/ios/CHIPProjectConfig.h index 78b5d9d8af91af..60cf429bdd65c9 100644 --- a/config/ios/CHIPProjectConfig.h +++ b/config/ios/CHIPProjectConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020-2021 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2016-2017 Nest Labs, Inc. * Copyright (c) 2019-2020 Google LLC. * All rights reserved. @@ -34,16 +34,9 @@ #define INET_CONFIG_OVERRIDE_SYSTEM_TCP_USER_TIMEOUT 0 -// Enable passcode encryption configuration 1 -#define CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY 1 - // Uncomment this for a large Tunnel MTU. //#define CHIP_CONFIG_TUNNEL_INTERFACE_MTU (9000) -#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0 - -#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0 - #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 300 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1 diff --git a/config/python/CHIPProjectConfig.h b/config/python/CHIPProjectConfig.h index 7282f35db3a033..9084ff3f77bf42 100644 --- a/config/python/CHIPProjectConfig.h +++ b/config/python/CHIPProjectConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020-2021 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -53,15 +53,8 @@ #define CHIP_CONFIG_SECURITY_TEST_MODE 0 #define CHIP_CONFIG_REQUIRE_AUTH 1 -// Increase session idle timeout in stand-alone builds for the convenience of developers. -#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT 120000 - #define CHIP_CONFIG_ENABLE_UPDATE 1 -#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0 - -#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0 - #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 0 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1 diff --git a/config/standalone/CHIPProjectConfig.h b/config/standalone/CHIPProjectConfig.h index 33d5a5f0d417a4..f86d4a098f8183 100644 --- a/config/standalone/CHIPProjectConfig.h +++ b/config/standalone/CHIPProjectConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020-2021 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2016-2017 Nest Labs, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -56,15 +56,8 @@ #define CHIP_CONFIG_SECURITY_TEST_MODE 0 #define CHIP_CONFIG_REQUIRE_AUTH 1 -// Increase session idle timeout in stand-alone builds for the convenience of developers. -#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT 120000 - #define CHIP_CONFIG_ENABLE_UPDATE 1 -#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0 - -#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0 - #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 0 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1 diff --git a/examples/chip-tool/include/CHIPProjectAppConfig.h b/examples/chip-tool/include/CHIPProjectAppConfig.h index 81010d4cacffad..15e2281c6929ae 100644 --- a/examples/chip-tool/include/CHIPProjectAppConfig.h +++ b/examples/chip-tool/include/CHIPProjectAppConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020-2021 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -53,15 +53,8 @@ #define CHIP_CONFIG_SECURITY_TEST_MODE 0 #define CHIP_CONFIG_REQUIRE_AUTH 1 -// Increase session idle timeout in stand-alone builds for the convenience of developers. -#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT 120000 - #define CHIP_CONFIG_ENABLE_UPDATE 1 -#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0 - -#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0 - #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 0 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1 diff --git a/src/lib/core/BUILD.gn b/src/lib/core/BUILD.gn index a58605a80de1be..40fc2aa7264f8b 100644 --- a/src/lib/core/BUILD.gn +++ b/src/lib/core/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2020-2021 Project CHIP Authors +# Copyright (c) 2020-2022 Project CHIP Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,8 +30,6 @@ buildconfig_header("chip_buildconfig") { chip_config_memory_management_malloc = chip_config_memory_management == "malloc" - chip_config_memory_management_simple = - chip_config_memory_management == "simple" chip_config_memory_management_platform = chip_config_memory_management == "platform" @@ -55,7 +53,6 @@ buildconfig_header("chip_buildconfig") { "HAVE_MALLOC=${chip_config_memory_management_malloc}", "HAVE_FREE=${chip_config_memory_management_malloc}", "HAVE_NEW=false", - "CHIP_CONFIG_MEMORY_MGMT_SIMPLE=${chip_config_memory_management_simple}", "CHIP_CONFIG_MEMORY_MGMT_PLATFORM=${chip_config_memory_management_platform}", "CHIP_CONFIG_MEMORY_DEBUG_CHECKS=${chip_config_memory_debug_checks}", "CHIP_CONFIG_MEMORY_DEBUG_DMALLOC=${chip_config_memory_debug_dmalloc}", diff --git a/src/lib/core/CHIPConfig.h b/src/lib/core/CHIPConfig.h index 061307b5b143f9..3ee77cc3696c0b 100644 --- a/src/lib/core/CHIPConfig.h +++ b/src/lib/core/CHIPConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020-2021 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2019 Google LLC. * Copyright (c) 2013-2018 Nest Labs, Inc. * @@ -72,259 +72,6 @@ #include CHIP_PLATFORM_CONFIG_INCLUDE #endif -/** - * @name chip Elliptic Curve Security Configuration - * - * @brief - * The following definitions enable one or more of four potential - * elliptic curves: - * - * * #CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP160R1 - * * #CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP192R1 - * * #CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP224R1 - * * #CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP256R1 - * - * @{ - */ - -/** - * @def CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP160R1 - * - * @brief - * Enable (1) or disable (0) support for the Standards for - * Efficient Cryptography Group (SECG) secp160r1 elliptic curve. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP160R1 -#define CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP160R1 0 -#endif // CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP160R1 - -/** - * @def CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP192R1 - * - * @brief - * Enable (1) or disable (0) support for the Standards for - * Efficient Cryptography Group (SECG) secp192r1 elliptic curve. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP192R1 -#define CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP192R1 1 -#endif // CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP192R1 - -/** - * @def CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP224R1 - * - * @brief - * Enable (1) or disable (0) support for the Standards for - * Efficient Cryptography Group (SECG) secp224r1 / National - * Institute of Standards (NIST) P-224 elliptic curve. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP224R1 -#define CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP224R1 1 -#endif // CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP224R1 - -/** - * @def CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP256R1 - * - * @brief - * Enable (1) or disable (0) support for the Standards for - * Efficient Cryptography Group (SECG) secp256r1 / American - * National Standards Institute (ANSI) prime256v1 / National - * Institute of Standards (NIST) P-256 elliptic curve. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP256R1 -#define CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP256R1 1 -#endif // CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP256R1 - -/** - * @} - */ - -/** - * @name chip Password Authenticated Session Establishment (PASE) Configuration - * - * @brief - * The following definitions define the configurations supported - * for chip's Password Authenticated Session Establishment (PASE) - * protocol. - * - * This protocol is used primarily for establishing a secure - * session for provisioning. chip supports the following PASE - * configurations: - * - * * #CHIP_CONFIG_SUPPORT_PASE_CONFIG0_TEST_ONLY - * * #CHIP_CONFIG_SUPPORT_PASE_CONFIG1 - * * #CHIP_CONFIG_SUPPORT_PASE_CONFIG2 - * * #CHIP_CONFIG_SUPPORT_PASE_CONFIG3 - * * #CHIP_CONFIG_SUPPORT_PASE_CONFIG4 - * * #CHIP_CONFIG_SUPPORT_PASE_CONFIG5 - * - * which are summarized in the table below: - * - * | Configuration | J-PAKE Style | Curve | Test Only | Notes | - * | :------------: | :-------------- | :-------: | :---------: | :----------------------------------- | - * | 0 | - | - | Y | Test-only | - * | 1 | Finite Field | - | N | Original chip default configuration | - * | 2 | Elliptic Curve | secp160r1 | N | | - * | 3 | Elliptic Curve | secp192r1 | N | | - * | 4 | Elliptic Curve | secp224r1 | N | Future chip default configuration | - * | 5 | Elliptic Curve | secp256r1 | N | | - * - * @{ - * - */ - -/** - * @def CHIP_CONFIG_SUPPORT_PASE_CONFIG0_TEST_ONLY - * - * @brief - * This chip PASE configuration does not use the J-PAKE algorithm - * and sends deterministic messages over the communications - * channel. The size and structure of the messages are similar to - * #CHIP_CONFIG_SUPPORT_PASE_CONFIG5. - * - * @note The results of this configuration are insecure because the - * computational overhead of the cryptography has largely been - * disabled since the focus of this configuration is testing - * the overall PASE protocol exchange, independently of the - * cryptography. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_PASE_CONFIG0_TEST_ONLY -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0_TEST_ONLY 0 -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG0_TEST_ONLY - -/** - * @def CHIP_CONFIG_SUPPORT_PASE_CONFIG1 - * - * @brief - * This chip PASE configuration uses Finite Field J-PAKE and is - * the original, default chip PASE configuration. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_PASE_CONFIG1 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 1 -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG1 - -/** - * @def CHIP_CONFIG_SUPPORT_PASE_CONFIG2 - * - * @brief - * This chip PASE configuration uses Elliptic Curve J-PAKE with a - * SECG secp160r1 curve. - * - * @note When this PASE configuration is enabled, the corresponding - * elliptic curve (i.e. #CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP160R1) - * should also be enabled. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_PASE_CONFIG2 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG2 - -/** - * @def CHIP_CONFIG_SUPPORT_PASE_CONFIG3 - * - * @brief - * This chip PASE configuration uses Elliptic Curve J-PAKE with a - * SECG secp192r1 curve. - * - * @note When this PASE configuration is enabled, the corresponding - * elliptic curve (i.e. #CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP192R1) - * should also be enabled. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_PASE_CONFIG3 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG3 - -/** - * @def CHIP_CONFIG_SUPPORT_PASE_CONFIG4 - * - * @brief - * This chip PASE configuration uses Elliptic Curve J-PAKE with a - * SECG secp224r1 curve and will be the new, default chip PASE - * configuration. - * - * @note When this PASE configuration is enabled, the corresponding - * elliptic curve (i.e. #CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP224R1) - * should also be enabled. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_PASE_CONFIG4 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG4 - -/** - * @def CHIP_CONFIG_SUPPORT_PASE_CONFIG5 - * - * @brief - * This chip PASE configuration uses Elliptic Curve J-PAKE with a - * SECG secp256r1 curve. - * - * @note When this PASE configuration is enabled, the corresponding - * elliptic curve (i.e. #CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP256R1) - * should also be enabled. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_PASE_CONFIG5 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG5 0 -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG5 - -/** - * @} - */ - -#if CHIP_CONFIG_SUPPORT_PASE_CONFIG2 && !CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP160R1 -#error "Please assert CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP160R1 when CHIP_CONFIG_SUPPORT_PASE_CONFIG2 is asserted" -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG2 && !CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP160R1 - -#if CHIP_CONFIG_SUPPORT_PASE_CONFIG3 && !CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP192R1 -#error "Please assert CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP192R1 when CHIP_CONFIG_SUPPORT_PASE_CONFIG3 is asserted" -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG3 && !CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP192R1 - -#if CHIP_CONFIG_SUPPORT_PASE_CONFIG4 && !CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP224R1 -#error "Please assert CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP224R1 when CHIP_CONFIG_SUPPORT_PASE_CONFIG4 is asserted" -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG4 && !CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP224R1 - -#if CHIP_CONFIG_SUPPORT_PASE_CONFIG5 && !CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP256R1 -#error "Please assert CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP256R1 when CHIP_CONFIG_SUPPORT_PASE_CONFIG5 is asserted" -#endif // CHIP_CONFIG_SUPPORT_PASE_CONFIG5 && !CHIP_CONFIG_SUPPORT_ELLIPTIC_CURVE_SECP256R1 - -/** - * @def CHIP_CONFIG_PASE_RATE_LIMITER_TIMEOUT - * - * @brief - * The amount of time (in milliseconds) in which the Security Manager - * is allowed to have maximum #CHIP_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS - * counted PASE attempts. - * - */ -#ifndef CHIP_CONFIG_PASE_RATE_LIMITER_TIMEOUT -#define CHIP_CONFIG_PASE_RATE_LIMITER_TIMEOUT 15000 -#endif // CHIP_CONFIG_PASE_RATE_LIMITER_TIMEOUT - -/** - * @def CHIP_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS - * - * @brief - * The maximum number of PASE attempts after which the - * next PASE session establishment attempt will be allowed - * only after #CHIP_CONFIG_PASE_RATE_LIMITER_TIMEOUT expires. - * * For PASE negotiations with key confirmation option enabled: - * only attempts that failed with key confirmation error are counted. - * Successful PASE negotiations do not reset the rate limiter. - * * For PASE negotiations with key confirmation option disabled: - * every PASE negotiation, successful or otherwise, is added - * to the rate limiter. - * - */ -#ifndef CHIP_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS -#define CHIP_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS 3 -#endif // CHIP_CONFIG_PASE_RATE_LIMITER_MAX_ATTEMPTS - /** * @name chip Security Manager Memory Management Configuration * @@ -351,7 +98,6 @@ * functions. * * @note This configuration is mutual exclusive with - * #CHIP_CONFIG_MEMORY_MGMT_SIMPLE and * #CHIP_CONFIG_MEMORY_MGMT_MALLOC. * */ @@ -359,24 +105,6 @@ #define CHIP_CONFIG_MEMORY_MGMT_PLATFORM 0 #endif // CHIP_CONFIG_MEMORY_MGMT_PLATFORM -/** - * @def CHIP_CONFIG_MEMORY_MGMT_SIMPLE - * - * @brief - * Enable (1) or disable (0) support for a chip-provided - * implementation of chip Security Manager memory-management - * functions based on temporary network buffer allocation / - * release. - * - * @note This configuration is mutual exclusive with - * #CHIP_CONFIG_MEMORY_MGMT_PLATFORM and - * #CHIP_CONFIG_MEMORY_MGMT_MALLOC. - * - */ -#ifndef CHIP_CONFIG_MEMORY_MGMT_SIMPLE -#define CHIP_CONFIG_MEMORY_MGMT_SIMPLE 0 -#endif // CHIP_CONFIG_MEMORY_MGMT_SIMPLE - /** * @def CHIP_CONFIG_MEMORY_MGMT_MALLOC * @@ -387,8 +115,7 @@ * functions. * * @note This configuration is mutual exclusive with - * #CHIP_CONFIG_MEMORY_MGMT_PLATFORM and - * #CHIP_CONFIG_MEMORY_MGMT_SIMPLE. + * #CHIP_CONFIG_MEMORY_MGMT_PLATFORM. * */ #ifndef CHIP_CONFIG_MEMORY_MGMT_MALLOC @@ -399,33 +126,14 @@ * @} */ -#if ((CHIP_CONFIG_MEMORY_MGMT_PLATFORM + CHIP_CONFIG_MEMORY_MGMT_SIMPLE + CHIP_CONFIG_MEMORY_MGMT_MALLOC) != 1) -#error \ - "Please assert exactly one of CHIP_CONFIG_MEMORY_MGMT_PLATFORM, CHIP_CONFIG_MEMORY_MGMT_SIMPLE, or CHIP_CONFIG_MEMORY_MGMT_MALLOC." -#endif // ((CHIP_CONFIG_MEMORY_MGMT_PLATFORM + CHIP_CONFIG_MEMORY_MGMT_SIMPLE + CHIP_CONFIG_MEMORY_MGMT_MALLOC) != 1) +#if ((CHIP_CONFIG_MEMORY_MGMT_PLATFORM + CHIP_CONFIG_MEMORY_MGMT_MALLOC) != 1) +#error "Please assert exactly one of CHIP_CONFIG_MEMORY_MGMT_PLATFORM or CHIP_CONFIG_MEMORY_MGMT_MALLOC." +#endif // ((CHIP_CONFIG_MEMORY_MGMT_PLATFORM + CHIP_CONFIG_MEMORY_MGMT_MALLOC) != 1) #if !CHIP_CONFIG_MEMORY_MGMT_MALLOC && CHIP_SYSTEM_CONFIG_USE_BSD_IFADDRS #error "!CHIP_CONFIG_MEMORY_MGMT_MALLOC but getifaddrs() uses malloc()" #endif -/** - * @def CHIP_CONFIG_SIMPLE_ALLOCATOR_USE_SMALL_BUFFERS - * - * @brief - * Enable (1) or disable (0) simple memory allocator support - * for small size network buffers. When enabled, this configuration - * requires 4 network buffers with minimum available payload size of - * 600 bytes. - * - * @note This configuration is only relevant when - * #CHIP_CONFIG_MEMORY_MGMT_SIMPLE is set and - * ignored otherwise. - * - */ -#ifndef CHIP_CONFIG_SIMPLE_ALLOCATOR_USE_SMALL_BUFFERS -#define CHIP_CONFIG_SIMPLE_ALLOCATOR_USE_SMALL_BUFFERS 0 -#endif // CHIP_CONFIG_SIMPLE_ALLOCATOR_USE_SMALL_BUFFERS - /** * @def CHIP_CONFIG_MEMORY_DEBUG_CHECKS * @@ -512,303 +220,6 @@ #error "Please assert exactly one of CHIP_CONFIG_SECURITY_MGR_TIME_ALERTS_DUMMY or CHIP_CONFIG_SECURITY_MGR_TIME_ALERTS_PLATFORM." #endif // ((CHIP_CONFIG_SECURITY_MGR_TIME_ALERTS_DUMMY + CHIP_CONFIG_SECURITY_MGR_TIME_ALERTS_PLATFORM) != 1) -/** - * @name chip Random Number Generator (RNG) Implementation Configuration - * - * @brief - * The following definitions enable one of three potential chip - * RNG implementation options: - * - * * #CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM - * * #CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG - * * #CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL - * - * Note that these options are mutually exclusive and only one of - * these options should be set. - * - * @{ - */ - -/** - * @def CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM - * - * @brief - * Enable (1) or disable (0) support for platform-specific - * implementation of the chip Random Number Generator. - * - * @note This configuration is mutual exclusive with - * #CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG and - * #CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL. - * - */ -#ifndef CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 -#endif // CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM - -/** - * @def CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG - * - * @brief - * Enable (1) or disable (0) support for a chip-provided - * implementation of the chip Random Number Generator. - * This implementation is based on AES-CTR DRBG as - * specified in the NIST SP800-90A document. - * - * @note This configuration is mutual exclusive with - * #CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM and - * #CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL. - * - */ -#ifndef CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 0 -#endif // CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG - -/** - * @def CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL - * - * @brief - * Enable (1) or disable (0) support for a standard OpenSSL - * implementation of the chip Random Number Generator. - * - * @note This configuration is mutual exclusive with - * #CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM and - * #CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG. - * - */ -#ifndef CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 1 -#endif // CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL - -/** - * @} - */ - -#if ((CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM + CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG + \ - CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL) != 1) -#error \ - "Please assert exactly one of CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM, CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG, or CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL." -#endif // ((CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM + CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG + - // CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL) != 1) - -/** - * @def CHIP_CONFIG_DEV_RANDOM_DRBG_SEED - * - * @brief - * Enable (1) or disable (0) a function for seeding the DRBG with - * entropy from the /dev/(u)random device. - * - * @note When enabled along with #CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG - * this function becomes the default seeding function for the DRBG if - * another isn't specified at initialization time. - * - */ -#ifndef CHIP_CONFIG_DEV_RANDOM_DRBG_SEED -#define CHIP_CONFIG_DEV_RANDOM_DRBG_SEED 0 -#endif // CHIP_CONFIG_DEV_RANDOM_DRBG_SEED - -/** - * @def CHIP_CONFIG_DEV_RANDOM_DEVICE_NAME - * - * @brief - * The device name used by the dev random entropy function. - * - * @note Only meaningful when #CHIP_CONFIG_DEV_RANDOM_DRBG_SEED is enabled. - * - */ -#ifndef CHIP_CONFIG_DEV_RANDOM_DEVICE_NAME -#define CHIP_CONFIG_DEV_RANDOM_DEVICE_NAME "/dev/urandom" -#endif // CHIP_CONFIG_DEV_RANDOM_DEVICE_NAME - -/** - * @name chip AES Block Cipher Algorithm Implementation Configuration. - * - * @brief - * The following definitions enable one of the potential chip - * AES implementation options: - * - * * #CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM - * * #CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL - * - * Note that these options are mutually exclusive and only one of - * these options should be set. - * - * @{ - */ - -/** - * @def CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM - * - * @brief - * Enable (1) or disable (0) support for platform-specific - * implementation of the chip AES functions. - * - * @note This configuration is mutual exclusive with - * #CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL and - * #CHIP_CONFIG_AES_IMPLEMENTATION_AESNI - * - */ -#ifndef CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 -#endif // CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM - -/** - * @def CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL - * - * @brief - * Enable (1) or disable (0) support for the OpenSSL - * implementation of the chip AES functions. - * - * @note This configuration is mutual exclusive with other - * CHIP_CONFIG_AES_IMPLEMENTATION options. - * - */ -#ifndef CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 1 -#endif // CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL - -/** - * @def CHIP_CONFIG_AES_IMPLEMENTATION_AESNI - * - * @brief - * Enable (1) or disable (0) support for an implementation - * of the chip AES functions using Intel AES-NI intrinsics. - * - * @note This configuration is mutual exclusive with other - * CHIP_CONFIG_AES_IMPLEMENTATION options. - * - */ -#ifndef CHIP_CONFIG_AES_IMPLEMENTATION_AESNI -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#endif // CHIP_CONFIG_AES_IMPLEMENTATION_AESNI - -/** - * @def CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS - * - * @brief - * Enable (1) or disable (0) support the mbed TLS - * implementation of the chip AES functions. - * - * @note This configuration is mutual exclusive with other - * CHIP_CONFIG_AES_IMPLEMENTATION options. - * - */ -#ifndef CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 0 -#endif // CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS - -/** - * @} - */ - -#if ((CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM + CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL + CHIP_CONFIG_AES_IMPLEMENTATION_AESNI + \ - CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS) != 1) -#error "Please assert exactly one CHIP_CONFIG_AES_IMPLEMENTATION_... option." -#endif - -/** - * @def CHIP_CONFIG_AES_USE_EXPANDED_KEY - * - * @brief - * Defines whether AES key is used in its expanded (1) or native (0) form. - * - * @note OpenSSL AES implementation uses its own AES key declaration - * and this configuration option is ignored when - * #CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL is set. - * - */ -#ifndef CHIP_CONFIG_AES_USE_EXPANDED_KEY -#define CHIP_CONFIG_AES_USE_EXPANDED_KEY 0 -#endif // CHIP_CONFIG_AES_USE_EXPANDED_KEY - -/** - * @name chip SHA1 and SHA256 Hash Algorithms Implementation Configuration. - * - * @brief - * The following definitions enable one of three potential chip - * hash implementation options: - * - * * #CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM - * * #CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT - * * #CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL - * * #CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS - * - * Note that these options are mutually exclusive and only one of - * these options should be set. - * - * @{ - */ - -/** - * @def CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM - * - * @brief - * Enable (1) or disable (0) support for platform-specific - * implementation of the chip SHA1 and SHA256 hashes. - * - * @note This configuration is mutual exclusive with other - * CHIP_CONFIG_HASH_IMPLEMENTATION options. - * - */ -#ifndef CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 -#endif // CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM - -/** - * @def CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT - * - * @brief - * Enable (1) or disable (0) support for a chip-provided - * implementation of the chip SHA1 and SHA256 hash functions. - * This implementation is using sha1 and sha256 engines from - * mincrypt library of Android core. - * - * @note This configuration is mutual exclusive with other - * CHIP_CONFIG_HASH_IMPLEMENTATION options. - * - */ -#ifndef CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 0 -#endif // CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT - -/** - * @def CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL - * - * @brief - * Enable (1) or disable (0) support for the OpenSSL - * implementation of the chip SHA1 and SHA256 hash functions. - * - * @note This configuration is mutual exclusive with other - * CHIP_CONFIG_HASH_IMPLEMENTATION options. - * - */ -#ifndef CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 1 -#endif // CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL - -/** - * @def CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS - * - * @brief - * Enable (1) or disable (0) support for the mbedTLS - * implementation of the chip SHA1 and SHA256 hash functions. - * - * @note This configuration is mutual exclusive with other - * CHIP_CONFIG_HASH_IMPLEMENTATION options. - * - */ -#ifndef CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#endif // CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS - -/** - * @} - */ - -#if ((CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM + CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT + \ - CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL + CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS) != 1) -#error "Please assert exactly one CHIP_CONFIG_HASH_IMPLEMENTATION_... option." -#endif - /** * @def CHIP_CONFIG_SHA256_CONTEXT_SIZE * @@ -831,92 +242,6 @@ #define CHIP_CONFIG_SHA256_CONTEXT_SIZE ((sizeof(unsigned int) * (8 + 2 + 16 + 2)) + sizeof(uint64_t)) #endif // CHIP_CONFIG_SHA256_CONTEXT_SIZE -/** - * @name chip key export protocol configuration. - * - * @brief - * The following definitions define the configurations supported - * for chip's key export protocol. - * - * This protocol is used to export secret key material from chip device. - * chip supports the following protocol configurations: - * - * * #CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG1 - * * #CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG2 - * - * which are summarized in the table below: - * - * | Configuration | Curve | Notes | - * | :------------: | :-------: | :---------------------- | - * | 1 | secp224r1 | Default configuration | - * | 2 | secp256r1 | | - * - * @{ - * - */ - -/** - * @def CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG1 - * - * @brief - * This chip key export protocol configuration uses secp224r1 - * Elliptic Curve. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG1 -#define CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG1 1 -#endif // CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG1 - -/** - * @def CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG2 - * - * @brief - * This chip key export protocol configuration uses secp256r1 - * Elliptic Curve. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG2 -#define CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG2 1 -#endif // CHIP_CONFIG_SUPPORT_KEY_EXPORT_CONFIG2 - -/** - * @} - */ - -/** - * @def CHIP_CONFIG_ALLOW_NON_STANDARD_ELLIPTIC_CURVES - * - * @brief - * Allow the use of elliptic curves beyond the standard ones - * supported by chip. - * - */ -#ifndef CHIP_CONFIG_ALLOW_NON_STANDARD_ELLIPTIC_CURVES -#define CHIP_CONFIG_ALLOW_NON_STANDARD_ELLIPTIC_CURVES 0 -#endif // CHIP_CONFIG_ALLOW_NON_STANDARD_ELLIPTIC_CURVES - -/** - * @def CHIP_CONFIG_MAX_EC_BITS - * - * @brief - * The maximum size elliptic curve supported, in bits. - * - */ -#ifndef CHIP_CONFIG_MAX_EC_BITS -#define CHIP_CONFIG_MAX_EC_BITS 256 -#endif // CHIP_CONFIG_MAX_EC_BITS - -/** - * @def CHIP_CONFIG_MAX_RSA_BITS - * - * @brief - * The maximum size RSA modulus supported, in bits. - * - */ -#ifndef CHIP_CONFIG_MAX_RSA_BITS -#define CHIP_CONFIG_MAX_RSA_BITS 4096 -#endif // CHIP_CONFIG_MAX_RSA_BITS - /** * @def CHIP_CONFIG_MAX_PEER_NODES * @@ -982,161 +307,6 @@ #define CHIP_CONFIG_MAX_SESSION_KEYS CHIP_CONFIG_MAX_CONNECTIONS #endif // CHIP_CONFIG_MAX_SESSION_KEYS -/** - * @def CHIP_CONFIG_MAX_APPLICATION_EPOCH_KEYS - * - * @brief - * Maximum number of simultaneously supported application epoch keys. - * This define should be set to the maximum number of epoch keys - * that can be simultaneously provisioned on chip node by chip - * service. The maximum supported value is 8, however, in most cases - * only two such keys will exist on device at any given point in time. - * - */ -#ifndef CHIP_CONFIG_MAX_APPLICATION_EPOCH_KEYS -#define CHIP_CONFIG_MAX_APPLICATION_EPOCH_KEYS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_EPOCH_KEYS - -/** - * @def CHIP_CONFIG_MAX_APPLICATION_GROUPS - * - * @brief - * Maximum number of simultaneously supported application groups. - * This define should be set to the number of chip application - * groups, in which associated chip node has membership. - * - */ -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 8 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -/** - * @def CHIP_CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC - * - * @brief - * Enable (1) or disable (0) support for the application group keys - * used for chip message encryption. - * - */ -#ifndef CHIP_CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC -#define CHIP_CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC 1 -#endif // CHIP_CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC - -/** - * @def CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS - * - * @brief - * Maximum number of simultaneously cached chip message encryption - * application keys. - * Caching these keys speeds up message encoding/decoding processes - * and eliminates the need to retrieve constituent key material from - * the platform memory every time we derive these keys. - * This define can be set equal to the number of application groups - * (#CHIP_CONFIG_MAX_APPLICATION_GROUPS) supported by the chip node - * such that exactly one key can be cached for each application group. - * It might be a good idea to allocate few more entries in the key - * cache for the corner cases, where application group is having - * simultaneous conversations using an 'old' and a 'new' epoch key. - * - * @note This configuration is only relevant when - * #CHIP_CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC is set and - * ignored otherwise. - * - */ -#ifndef CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS -#define CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS (CHIP_CONFIG_MAX_APPLICATION_GROUPS + 1) -#endif // CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS - -#if !(CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS > 0 && CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS < 256) -#error "Please set CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS to a value greater than zero and smaller than 256." -#endif // !(CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS > 0 && CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS < 256) - -/** - * @name chip Encrypted Passcode Configuration - * - * @brief - * The following definitions enable (1) or disable (0) supported for - * chip encrypted passcode configurations. Each configuration - * uniquely specifies how chip passcode was encrypted, authenticated, - * and structured. chip supports the following passcode - * configurations: - * - * * #CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY - * * #CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG2 - * - * which are summarized in the table below: - * - * | Configuration | Encryption | Authentication | Fingerprint | Notes | - * | :-----------: | :--------: | :------------: | :---------: | :-------------------- | - * | 1 | - | SHA1 Hash | SHA1 Hash | Test-only | - * | 2 | AES128-ECB | SHA1 HMAC | SHA1 HMAC | Default configuration | - * - * @{ - * - */ - -/** - * @def CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY - * - * @brief - * This chip passcode configuration does not encrypt the passcode - * and doesn't use secret keys to authenticate and uniquely identify - * (fingerprint) the passcode. - * - * @note For this configuration the computational overhead of the - * cryptography has largely been disabled since the focus - * of this configuration is testing the overall passcode - * encryption/decryption protocol, independently of the - * cryptography. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY -#define CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY 0 -#endif // CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY - -/** - * @def CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG2 - * - * @brief - * This chip passcode configuration uses AES128 algorithm in ECB - * mode to encrypt passcodes. It also uses SHA1 Hash-based Message - * Authentication Code (HMAC) to authenticate and uniquely identify - * (fingerprint) the passcode. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG2 -#define CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG2 1 -#endif // CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG2 - -/** - * @} - */ - -/** - * @def CHIP_CONFIG_DEFAULT_SECURITY_SESSION_ESTABLISHMENT_TIMEOUT - * - * @brief - * The default amount of time, in milliseconds, after which an in-progess - * session establishment will fail due to a timeout. - * - */ -#ifndef CHIP_CONFIG_DEFAULT_SECURITY_SESSION_ESTABLISHMENT_TIMEOUT -#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_ESTABLISHMENT_TIMEOUT 30000 -#endif // CHIP_CONFIG_DEFAULT_SECURITY_SESSION_ESTABLISHMENT_TIMEOUT - -/** - * @def CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT - * - * @brief - * The default minimum amount of time, in milliseconds, that an unreserved and idle - * security session will be allowed to exist before being destroyed. In practice, - * unreserved idle sessions can exist for up to twice this value. - * - */ -#ifndef CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT -#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT 15000 -#endif // CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT - /** * @def CHIP_CONFIG_NUM_MESSAGE_BUFS * @@ -1428,207 +598,10 @@ #define CHIP_CONFIG_CERT_MAX_RDN_ATTRIBUTES 5 #endif // CHIP_CONFIG_CERT_MAX_RDN_ATTRIBUTES -/** - * @def CHIP_CONFIG_DEBUG_CERT_VALIDATION - * - * @brief - * Enable support for debugging output from certificate validation. - * - */ -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 1 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -/** - * @def CHIP_CONFIG_OP_DEVICE_CERT_VALID_DATE_NOT_BEFORE - * - * @brief - * This is a packed valid date to be encoded in the chip - * operational device certificate. Any date before - * that date the certificate is considered invalid. - * The following functions can be used to calculate packed - * date/time: PackCertTime() and PackedCertTimeToDate(). - * chip packed certificate dates are limited to representing - * dates that are on or after 2000/01/01. - * Mathematical expression to calculate packed date is: - * (((year - 2000) * 12 + (mon - 1)) * 31 + (day - 1)) - * Currently encoded value corresponds to 2019/01/01. - * - */ -#ifndef CHIP_CONFIG_OP_DEVICE_CERT_VALID_DATE_NOT_BEFORE -#define CHIP_CONFIG_OP_DEVICE_CERT_VALID_DATE_NOT_BEFORE 0x1B9C -#endif // CHIP_CONFIG_OP_DEVICE_CERT_VALID_DATE_NOT_BEFORE - -/** - * @def CHIP_CONFIG_OP_DEVICE_CERT_VALID_DATE_NOT_AFTER - * - * @brief - * This is the valid date to be encoded in the chip - * operational device certificate. Any date after - * that date the certificate is considered invalid. - * The following functions can be used to calculate packed - * date/time: PackCertTime() and PackedCertTimeToDate(). - * chip packed certificate dates are limited to representing - * dates that are on or after 2000/01/01. - * Mathematical expression to calculate packed date is: - * (((year - 2000) * 12 + (mon - 1)) * 31 + (day - 1)) - * Currently encoded value corresponds to 2069/01/01. - * - */ -#ifndef CHIP_CONFIG_OP_DEVICE_CERT_VALID_DATE_NOT_AFTER -#define CHIP_CONFIG_OP_DEVICE_CERT_VALID_DATE_NOT_AFTER 0x6444 -#endif // CHIP_CONFIG_OP_DEVICE_CERT_VALID_DATE_NOT_AFTER - -/** - * @def CHIP_CONFIG_ENABLE_PASE_INITIATOR - * - * @brief - * Enable support for initiating PASE sessions. - * - */ -#ifndef CHIP_CONFIG_ENABLE_PASE_INITIATOR -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 1 -#endif // CHIP_CONFIG_ENABLE_PASE_INITIATOR - -/** - * @def CHIP_CONFIG_ENABLE_PASE_RESPONDER - * - * @brief - * Enable support for responding to PASE sessions initiated by - * other nodes. - * - */ -#ifndef CHIP_CONFIG_ENABLE_PASE_RESPONDER -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_PASE_RESPONDER - -/** - * @def CHIP_CONFIG_ENABLE_CASE_INITIATOR - * - * @brief - * Enable support for initiating CASE sessions. - * - */ -#ifndef CHIP_CONFIG_ENABLE_CASE_INITIATOR -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 -#endif // CHIP_CONFIG_ENABLE_CASE_INITIATOR - -/** - * @def CHIP_CONFIG_ENABLE_CASE_RESPONDER - * - * @brief - * Enable support for responding to CASE sessions initiated by other nodes. - * - */ -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER - -/** - * @def CHIP_CONFIG_SUPPORT_CASE_CONFIG1 - * - * @brief - * Enable use of CASE protocol configuration 1. - * - * @note CASE config 1 uses SHA-1 for message signatures, which is deprecated. - * - */ -#ifndef CHIP_CONFIG_SUPPORT_CASE_CONFIG1 -#define CHIP_CONFIG_SUPPORT_CASE_CONFIG1 1 -#endif // CHIP_CONFIG_SUPPORT_CASE_CONFIG1 - #ifndef CHIP_CONFIG_PERSISTED_STORAGE_KEY_GLOBAL_MESSAGE_COUNTER #define CHIP_CONFIG_PERSISTED_STORAGE_KEY_GLOBAL_MESSAGE_COUNTER "GlobalMCTR" #endif // CHIP_CONFIG_PERSISTED_STORAGE_KEY_GLOBAL_MESSAGE_COUNTER -/** - * @def CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE - * - * @brief - * Enable use of the legacy chipCASEAuthDelegate interface. - */ -#ifndef CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE -#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 1 -#endif - -/** - * @def CHIP_CONFIG_MAX_SHARED_SESSIONS_END_NODES - * - * @brief - * The maximum number of end nodes simultaneously supported - * for all active shared sessions. - * - */ -#ifndef CHIP_CONFIG_MAX_SHARED_SESSIONS_END_NODES -#define CHIP_CONFIG_MAX_SHARED_SESSIONS_END_NODES 10 -#endif // CHIP_CONFIG_MAX_SHARED_SESSIONS_END_NODES - -/** - * @def CHIP_CONFIG_MAX_END_NODES_PER_SHARED_SESSION - * - * @brief - * The maximum number of end nodes simultaneously supported - * per active shared session. - * - */ -#ifndef CHIP_CONFIG_MAX_END_NODES_PER_SHARED_SESSION -#define CHIP_CONFIG_MAX_END_NODES_PER_SHARED_SESSION 10 -#endif // CHIP_CONFIG_MAX_END_NODES_PER_SHARED_SESSION - -/** - * @def CHIP_CONFIG_ENABLE_TAKE_INITIATOR - * - * @brief - * Enable support for initiating TAKE sessions. - * - */ -#ifndef CHIP_CONFIG_ENABLE_TAKE_INITIATOR -#define CHIP_CONFIG_ENABLE_TAKE_INITIATOR 0 -#endif // CHIP_CONFIG_ENABLE_TAKE_INITIATOR - -/** - * @def CHIP_CONFIG_ENABLE_TAKE_RESPONDER - * - * @brief - * Enable support for responding to TAKE sessions initiated by other nodes. - * - */ -#ifndef CHIP_CONFIG_ENABLE_TAKE_RESPONDER -#define CHIP_CONFIG_ENABLE_TAKE_RESPONDER 0 -#endif // CHIP_CONFIG_ENABLE_TAKE_RESPONDER - -/** - * @def CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR - * - * @brief - * Enable support for initiating key export request. - * - */ -#ifndef CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 1 -#endif // CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR - -/** - * @def CHIP_CONFIG_ENABLE_KEY_EXPORT_RESPONDER - * - * @brief - * Enable support for responding to key export request initiated by other nodes. - * - */ -#ifndef CHIP_CONFIG_ENABLE_KEY_EXPORT_RESPONDER -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_KEY_EXPORT_RESPONDER - -/** - * @def CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE - * - * @brief - * Enable use of the legacy chipKeyExportDelegate interface. - */ -#ifndef CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE -#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 1 -#endif - /** * @def CHIP_CONFIG_REQUIRE_AUTH * @@ -1723,27 +696,6 @@ #define CHIP_CONFIG_REQUIRE_AUTH_SERVICE_PROV CHIP_CONFIG_REQUIRE_AUTH #endif // CHIP_CONFIG_REQUIRE_AUTH_SERVICE_PROV -/** - * @def CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT - * - * @brief - * Enable (1) or disable (0) support for the handling of chip - * Provisioning Bundles. - * - * chip Provisioning Bundles are a chip TLV payload containing - * the chip certificate, corresponding private key, and pairing - * code / entry key that a chip device would have otherwise - * received at its time of manufacture. - * - * Enable this if your family of device needs to support in-field - * provisioning (IFP). IFP for chip devices is neither generally - * supported nor recommended. - * - */ -#ifndef CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 1 -#endif // CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT - /** * @def CHIP_ERROR_LOGGING * @@ -2325,8 +1277,7 @@ * includes development/testing features that should never be used in production contexts. */ #ifndef CHIP_NON_PRODUCTION_MARKER -#if (CHIP_CONFIG_SECURITY_TEST_MODE || CHIP_CONFIG_SUPPORT_PASE_CONFIG0_TEST_ONLY || \ - CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY || (!CHIP_CONFIG_REQUIRE_AUTH) || CHIP_FUZZING_ENABLED) +#if (CHIP_CONFIG_SECURITY_TEST_MODE || (!CHIP_CONFIG_REQUIRE_AUTH) || CHIP_FUZZING_ENABLED) #define CHIP_NON_PRODUCTION_MARKER WARNING__DO_NOT_SHIP__CONTAINS_NON_PRODUCTION_CHIP_CODE #endif #endif diff --git a/src/platform/Ameba/CHIPPlatformConfig.h b/src/platform/Ameba/CHIPPlatformConfig.h index ce998b6abf3c54..c77899dd7d7a7b 100644 --- a/src/platform/Ameba/CHIPPlatformConfig.h +++ b/src/platform/Ameba/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -44,32 +44,6 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 1 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -95,17 +69,3 @@ #ifndef CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS #define CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS 1 #endif // CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS - -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER diff --git a/src/platform/CYW30739/KeyValueStoreManagerImpl.h b/src/platform/CYW30739/KeyValueStoreManagerImpl.h index 6cc0fbe0a85032..a166b876681b6a 100644 --- a/src/platform/CYW30739/KeyValueStoreManagerImpl.h +++ b/src/platform/CYW30739/KeyValueStoreManagerImpl.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2021 Project CHIP Authors + * Copyright (c) 2021-2022 Project CHIP Authors * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/src/platform/Darwin/CHIPPlatformConfig.h b/src/platform/Darwin/CHIPPlatformConfig.h index ecb10eeb94e614..6b99d01dc8277c 100644 --- a/src/platform/Darwin/CHIPPlatformConfig.h +++ b/src/platform/Darwin/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -41,34 +41,6 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -102,17 +74,3 @@ // TODO - Fine tune MRP default parameters for Darwin platform #define CHIP_CONFIG_MRP_DEFAULT_INITIAL_RETRY_INTERVAL (15000) #define CHIP_CONFIG_MRP_DEFAULT_ACTIVE_RETRY_INTERVAL (2000_ms32) - -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER diff --git a/src/platform/EFR32/CHIPPlatformConfig.h b/src/platform/EFR32/CHIPPlatformConfig.h index c36b1f6ca208b1..3c8dd7b2238f30 100644 --- a/src/platform/EFR32/CHIPPlatformConfig.h +++ b/src/platform/EFR32/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2019 Google LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -42,38 +42,10 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - // FIXME: EFR32 set to MBED-TLS (But this is third-party repo in CHIP, not SDK) -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - // FIXME: EFR32 currently set to CHIP (Does this use Entropy.cpp ?) -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -120,20 +92,6 @@ #define CHIP_CONFIG_MAX_DEVICE_ADMINS 5 // 4 fabrics + 1 for rotation slack #endif -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER - // ==================== FreeRTOS Configuration Overrides ==================== #ifndef CHIP_CONFIG_FREERTOS_USE_STATIC_TASK #define CHIP_CONFIG_FREERTOS_USE_STATIC_TASK 1 diff --git a/src/platform/ESP32/CHIPPlatformConfig.h b/src/platform/ESP32/CHIPPlatformConfig.h index a55aa4aefb39a0..7a1e507b0c8783 100644 --- a/src/platform/ESP32/CHIPPlatformConfig.h +++ b/src/platform/ESP32/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2018 Nest Labs, Inc. * All rights reserved. * @@ -49,26 +49,6 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== Kconfig Overrides ==================== // The following values are configured via the ESP-IDF Kconfig mechanism. @@ -78,19 +58,8 @@ #define CHIP_CONFIG_MAX_UNSOLICITED_MESSAGE_HANDLERS CONFIG_MAX_UNSOLICITED_MESSAGE_HANDLERS #define CHIP_CONFIG_MAX_EXCHANGE_CONTEXTS CONFIG_MAX_EXCHANGE_CONTEXTS #define CHIP_CONFIG_MAX_SESSION_KEYS CONFIG_MAX_SESSION_KEYS -#define CHIP_CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC -#define CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS -#define CHIP_CONFIG_MAX_APPLICATION_EPOCH_KEYS CONFIG_MAX_APPLICATION_EPOCH_KEYS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_ESTABLISHMENT_TIMEOUT CONFIG_DEFAULT_SECURITY_SESSION_ESTABLISHMENT_TIMEOUT -#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT #define CHIP_CONFIG_SECURITY_TEST_MODE CONFIG_SECURITY_TEST_MODE #define CHIP_CONFIG_REQUIRE_AUTH !CONFIG_DISABLE_PROVISIONING_AUTH -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR CONFIG_ENABLE_PASE_INITIATOR -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER CONFIG_ENABLE_PASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR CONFIG_ENABLE_CASE_INITIATOR -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER CONFIG_ENABLE_CASE_RESPONDER #define CHIP_CONFIG_DEFAULT_INCOMING_CONNECTION_IDLE_TIMEOUT CONFIG_DEFAULT_INCOMING_CONNECTION_IDLE_TIMEOUT #ifdef CONFIG_ENABLE_WIFI_STATION diff --git a/src/platform/Linux/CHIPPlatformConfig.h b/src/platform/Linux/CHIPPlatformConfig.h index 2151db75cc857e..97ece6ac9891d7 100644 --- a/src/platform/Linux/CHIPPlatformConfig.h +++ b/src/platform/Linux/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -45,34 +45,6 @@ using CHIP_CONFIG_PERSISTED_STORAGE_KEY_TYPE = const char *; // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -105,18 +77,6 @@ using CHIP_CONFIG_PERSISTED_STORAGE_KEY_TYPE = const char *; // ==================== Security Configuration Overrides ==================== -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER - #ifndef CHIP_CONFIG_KVS_PATH #define CHIP_CONFIG_KVS_PATH "/tmp/chip_kvs" #endif // CHIP_CONFIG_KVS_PATH diff --git a/src/platform/P6/CHIPPlatformConfig.h b/src/platform/P6/CHIPPlatformConfig.h index d0991c5c83cd0e..62aa40ee04799c 100644 --- a/src/platform/P6/CHIPPlatformConfig.h +++ b/src/platform/P6/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2021 Project CHIP Authors + * Copyright (c) 2021-2022 Project CHIP Authors * Copyright (c) 2018 Nest Labs, Inc. * All rights reserved. * @@ -51,23 +51,3 @@ #define CHIP_CONFIG_ABORT() abort() // ==================== Security Adaptations ==================== - -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 diff --git a/src/platform/Tizen/CHIPPlatformConfig.h b/src/platform/Tizen/CHIPPlatformConfig.h index de93cf7cee0fad..1adc38a484d28c 100644 --- a/src/platform/Tizen/CHIPPlatformConfig.h +++ b/src/platform/Tizen/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2021 Project CHIP Authors + * Copyright (c) 2021-2022 Project CHIP Authors * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -35,34 +35,6 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -84,17 +56,3 @@ #ifndef CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS #define CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS 1 #endif // CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS - -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER diff --git a/src/platform/android/CHIPPlatformConfig.h b/src/platform/android/CHIPPlatformConfig.h index 43c7d244982226..183dd35c468ef8 100644 --- a/src/platform/android/CHIPPlatformConfig.h +++ b/src/platform/android/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020-2021 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,34 +43,6 @@ using CHIP_CONFIG_PERSISTED_STORAGE_KEY_TYPE = const char *; // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -100,17 +72,3 @@ using CHIP_CONFIG_PERSISTED_STORAGE_KEY_TYPE = const char *; #ifndef CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS #define CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS 1 #endif // CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS - -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER diff --git a/src/platform/cc13x2_26x2/CHIPPlatformConfig.h b/src/platform/cc13x2_26x2/CHIPPlatformConfig.h index 3c8935a414883b..6763d43846e6c2 100644 --- a/src/platform/cc13x2_26x2/CHIPPlatformConfig.h +++ b/src/platform/cc13x2_26x2/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2020 Texas Instruments Incorporated * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -40,38 +40,11 @@ #define CHIP_CONFIG_PERSISTED_STORAGE_KEY_GLOBAL_MESSAGE_COUNTER 0x2 // ==================== Security Adaptations ==================== -#define CHIP_DEVICE_CONFIG_PERSISTED_STORAGE_GLOBAL_EIDC_KEY 2 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 +#define CHIP_DEVICE_CONFIG_PERSISTED_STORAGE_GLOBAL_EIDC_KEY 2 #define CHIP_CONFIG_SHA256_CONTEXT_SIZE (sizeof(unsigned int) * 76) -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -110,17 +83,3 @@ #ifndef CHIP_CONFIG_MAX_DEVICE_ADMINS #define CHIP_CONFIG_MAX_DEVICE_ADMINS 5 #endif // CHIP_CONFIG_MAX_DEVICE_ADMINS - -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER diff --git a/src/platform/mbed/CHIPPlatformConfig.h b/src/platform/mbed/CHIPPlatformConfig.h index f6d9e5e0eafc37..c3a76c3eff2a58 100644 --- a/src/platform/mbed/CHIPPlatformConfig.h +++ b/src/platform/mbed/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2019 Google LLC. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -41,38 +41,10 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - // FIXME: EFR32 set to MBED-TLS (But this is third-party repo in CHIP, not SDK) -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - // FIXME: EFR32 currently set to CHIP (Does this use Entropy.cpp ?) -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -98,17 +70,3 @@ #ifndef CHIP_CONFIG_MAX_LOCAL_ADDR_UDP_ENDPOINTS #define CHIP_CONFIG_MAX_LOCAL_ADDR_UDP_ENDPOINTS 4 #endif // CHIP_CONFIG_MAX_LOCAL_ADDR_UDP_ENDPOINTS - -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER diff --git a/src/platform/nrfconnect/CHIPPlatformConfig.h b/src/platform/nrfconnect/CHIPPlatformConfig.h index d78a44be15ce8f..9864374c88596c 100644 --- a/src/platform/nrfconnect/CHIPPlatformConfig.h +++ b/src/platform/nrfconnect/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,34 +38,6 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -99,17 +71,3 @@ #ifndef CHIP_CONFIG_MAX_DEVICE_ADMINS #define CHIP_CONFIG_MAX_DEVICE_ADMINS 5 #endif - -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER diff --git a/src/platform/nxp/k32w/k32w0/CHIPPlatformConfig.h b/src/platform/nxp/k32w/k32w0/CHIPPlatformConfig.h index 2e09e277a78927..edaaebc6fc463f 100644 --- a/src/platform/nxp/k32w/k32w0/CHIPPlatformConfig.h +++ b/src/platform/nxp/k32w/k32w0/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2020 Google LLC. * All rights reserved. * @@ -49,36 +49,8 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - // FIXME: K32W currently set to CHIP (Does this use Entropy.cpp ?) -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -109,20 +81,6 @@ #define CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS 1 #endif // CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER - // ==================== WDM Configuration Overrides ==================== #ifndef WDM_MAX_NUM_SUBSCRIPTION_CLIENTS diff --git a/src/platform/qpg/CHIPPlatformConfig.h b/src/platform/qpg/CHIPPlatformConfig.h index 920a1e3bf46ce7..bddfcc1fe4303e 100644 --- a/src/platform/qpg/CHIPPlatformConfig.h +++ b/src/platform/qpg/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,34 +43,6 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -107,18 +79,6 @@ // ==================== Security Configuration Overrides ==================== -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER - #ifndef CHIP_CONFIG_FREERTOS_USE_STATIC_QUEUE #define CHIP_CONFIG_FREERTOS_USE_STATIC_QUEUE 1 #endif diff --git a/src/platform/telink/CHIPPlatformConfig.h b/src/platform/telink/CHIPPlatformConfig.h index 156d3c23d6235f..affd965bd98064 100644 --- a/src/platform/telink/CHIPPlatformConfig.h +++ b/src/platform/telink/CHIPPlatformConfig.h @@ -1,6 +1,6 @@ /* * - * Copyright (c) 2021 Project CHIP Authors + * Copyright (c) 2021-2022 Project CHIP Authors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -37,34 +37,6 @@ // ==================== Security Adaptations ==================== -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT 1 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS 0 -#define CHIP_CONFIG_HASH_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_AES_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_AESNI 0 -#define CHIP_CONFIG_AES_IMPLEMENTATION_MBEDTLS 1 -#define CHIP_CONFIG_AES_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_RNG_IMPLEMENTATION_OPENSSL 0 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_CHIPDRBG 1 -#define CHIP_CONFIG_RNG_IMPLEMENTATION_PLATFORM 0 - -#define CHIP_CONFIG_ENABLE_PASE_INITIATOR 0 -#define CHIP_CONFIG_ENABLE_PASE_RESPONDER 1 -#define CHIP_CONFIG_ENABLE_CASE_INITIATOR 1 - -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG0 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG1 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG2 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG3 0 -#define CHIP_CONFIG_SUPPORT_PASE_CONFIG4 1 - -#define CHIP_CONFIG_ENABLE_KEY_EXPORT_INITIATOR 0 - -#define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 - // ==================== General Configuration Overrides ==================== #ifndef CHIP_CONFIG_MAX_PEER_NODES @@ -86,17 +58,3 @@ #ifndef CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS #define CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS 1 #endif // CHIP_CONFIG_BDX_MAX_NUM_TRANSFERS - -// ==================== Security Configuration Overrides ==================== - -#ifndef CHIP_CONFIG_MAX_APPLICATION_GROUPS -#define CHIP_CONFIG_MAX_APPLICATION_GROUPS 4 -#endif // CHIP_CONFIG_MAX_APPLICATION_GROUPS - -#ifndef CHIP_CONFIG_DEBUG_CERT_VALIDATION -#define CHIP_CONFIG_DEBUG_CERT_VALIDATION 0 -#endif // CHIP_CONFIG_DEBUG_CERT_VALIDATION - -#ifndef CHIP_CONFIG_ENABLE_CASE_RESPONDER -#define CHIP_CONFIG_ENABLE_CASE_RESPONDER 1 -#endif // CHIP_CONFIG_ENABLE_CASE_RESPONDER