[nrf toup][crypto] Add support for single-part AEAD operation

This commit add support for single-part AEAD operations.

Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>

Author: LuDuda

config/nrfconnect/chip-module/CMakeLists.txt

@@ -196,9 +196,10 @@ else()
 endif()
 
 if (CONFIG_CHIP_CRYPTO_PSA)
-    matter_add_gn_arg_string("chip_crypto"             "psa")
-    matter_add_gn_arg_bool  ("chip_crypto_psa_spake2p" CONFIG_PSA_WANT_ALG_SPAKE2P_MATTER)
-    matter_add_gn_arg_bool  ("chip_use_cracen_kmu"     CONFIG_CHIP_STORE_KEYS_IN_KMU)
+    matter_add_gn_arg_string("chip_crypto"                      "psa")
+    matter_add_gn_arg_bool  ("chip_crypto_psa_spake2p"          CONFIG_PSA_WANT_ALG_SPAKE2P_MATTER)
+    matter_add_gn_arg_bool  ("chip_crypto_psa_aead_single_part" CONFIG_CHIP_CRYPTO_PSA_AEAD_SINGLE_PART)
+    matter_add_gn_arg_bool  ("chip_use_cracen_kmu"              CONFIG_CHIP_STORE_KEYS_IN_KMU)
 endif()
 
 if (BOARD STREQUAL "native_sim")

config/nrfconnect/chip-module/Kconfig.defaults

@@ -351,6 +351,9 @@ config CHIP_CRYPTO_PSA
 
 if CHIP_CRYPTO_PSA
 
+config CHIP_CRYPTO_PSA_AEAD_SINGLE_PART
+    default y if SOC_NRF54LM20A
+
 config PSA_CRYPTO_DRIVER_OBERON
     default y if (SOC_SERIES_NRF52X || SOC_SERIES_NRF53X)
 

config/zephyr/Kconfig

@@ -291,6 +291,13 @@ config CHIP_CRYPTO_PSA
 	  based on the PSA crypto API (instead of the default implementation, which
 	  is based on the legacy mbedTLS APIs).
 
+config CHIP_CRYPTO_PSA_AEAD_SINGLE_PART
+    bool "Use PSA AEAD single-part API"
+    depends on CHIP_CRYPTO_PSA
+    help
+      When enabled, the single-part AEAD API is used with a compile-time
+      static buffer. Otherwise, the multipart API path is used.
+
 config CHIP_PERSISTENT_SUBSCRIPTIONS
 	bool "Persistent subscriptions"
 	help

src/crypto/BUILD.gn

@@ -52,6 +52,7 @@ buildconfig_header("crypto_buildconfig") {
     "CHIP_CRYPTO_MBEDTLS=${chip_crypto_mbedtls}",
     "CHIP_CRYPTO_PSA=${chip_crypto_psa}",
     "CHIP_CRYPTO_PSA_SPAKE2P=${chip_crypto_psa_spake2p}",
+    "CHIP_CRYPTO_PSA_AEAD_SINGLE_PART=${chip_crypto_psa_aead_single_part}",
     "CHIP_CRYPTO_OPENSSL=${chip_crypto_openssl}",
     "CHIP_CRYPTO_BORINGSSL=${chip_crypto_boringssl}",
     "CHIP_CRYPTO_PLATFORM=${chip_crypto_platform}",

src/crypto/CHIPCryptoPALPSA.cpp

@@ -43,6 +43,12 @@
 #include <string.h>
 #include <type_traits>
 
+#if CHIP_CRYPTO_PSA_AEAD_SINGLE_PART
+#define PSA_AEAD_MAX_PLAINTEXT    CHIP_CONFIG_DEFAULT_UDP_MTU_SIZE
+#define PSA_AEAD_MAX_TAG          16
+#define PSA_AEAD_TEMP_BUFFER_SIZE (PSA_AEAD_MAX_PLAINTEXT + PSA_AEAD_MAX_TAG)
+#endif
+
 namespace chip {
 namespace Crypto {
 
@@ -71,8 +77,32 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
 
     const psa_algorithm_t algorithm = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_length);
     psa_status_t status             = PSA_SUCCESS;
+    size_t out_length               = 0;
+
+#ifdef CHIP_CRYPTO_PSA_AEAD_SINGLE_PART
+    uint8_t temp_buf[PSA_AEAD_TEMP_BUFFER_SIZE];
+
+    VerifyOrReturnError(plaintext_length + tag_length <= PSA_AEAD_TEMP_BUFFER_SIZE,
+                        CHIP_ERROR_INVALID_ARGUMENT);
+
+    status = psa_aead_encrypt(key.As<psa_key_id_t>(), algorithm,
+                              nonce, nonce_length,
+                              aad, aad_length,
+                              plaintext, plaintext_length,
+                              temp_buf, sizeof(temp_buf),
+                              &out_length);
+
+    VerifyOrReturnError(status == PSA_SUCCESS && out_length == plaintext_length + tag_length,
+                        CHIP_ERROR_INTERNAL);
+
+    if (plaintext_length)
+    {
+        memcpy(ciphertext, temp_buf, plaintext_length);
+    }
+
+    memcpy(tag, temp_buf + plaintext_length, tag_length);
+#else
     psa_aead_operation_t operation  = PSA_AEAD_OPERATION_INIT;
-    size_t out_length;
     size_t tag_out_length;
 
     status = psa_aead_encrypt_setup(&operation, key.As<psa_key_id_t>(), algorithm);
@@ -110,6 +140,7 @@ CHIP_ERROR AES_CCM_encrypt(const uint8_t * plaintext, size_t plaintext_length, c
         status = psa_aead_finish(&operation, nullptr, 0, &out_length, tag, tag_length, &tag_out_length);
     }
     VerifyOrReturnError(status == PSA_SUCCESS && tag_length == tag_out_length, CHIP_ERROR_INTERNAL);
+#endif
 
     return CHIP_NO_ERROR;
 }
@@ -125,8 +156,32 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
 
     const psa_algorithm_t algorithm = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, tag_length);
     psa_status_t status             = PSA_SUCCESS;
+    size_t out_length               = 0;
+
+#ifdef CHIP_CRYPTO_PSA_AEAD_SINGLE_PART
+    uint8_t temp_buf[PSA_AEAD_TEMP_BUFFER_SIZE];
+
+    VerifyOrReturnError(ciphertext_length + tag_length <= PSA_AEAD_TEMP_BUFFER_SIZE,
+                        CHIP_ERROR_INVALID_ARGUMENT);
+
+    if (ciphertext_length)
+    {
+        memcpy(temp_buf, ciphertext, ciphertext_length);
+    }
+
+    memcpy(temp_buf + ciphertext_length, tag, tag_length);
+
+    status = psa_aead_decrypt(key.As<psa_key_id_t>(), algorithm,
+                              nonce, nonce_length,
+                              aad, aad_length,
+                              temp_buf, ciphertext_length + tag_length,
+                              plaintext, ciphertext_length,
+                              &out_length);
+
+    VerifyOrReturnError(status == PSA_SUCCESS && out_length == ciphertext_length,
+                        CHIP_ERROR_INTERNAL);
+#else
     psa_aead_operation_t operation  = PSA_AEAD_OPERATION_INIT;
-    size_t outLength;
 
     status = psa_aead_decrypt_setup(&operation, key.As<psa_key_id_t>(), algorithm);
     VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
@@ -150,20 +205,21 @@ CHIP_ERROR AES_CCM_decrypt(const uint8_t * ciphertext, size_t ciphertext_length,
     if (ciphertext_length != 0)
     {
         status = psa_aead_update(&operation, ciphertext, ciphertext_length, plaintext,
-                                 PSA_AEAD_UPDATE_OUTPUT_SIZE(PSA_KEY_TYPE_AES, algorithm, ciphertext_length), &outLength);
+                                 PSA_AEAD_UPDATE_OUTPUT_SIZE(PSA_KEY_TYPE_AES, algorithm, ciphertext_length), &out_length);
         VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
 
-        plaintext += outLength;
+        plaintext += out_length;
 
-        status = psa_aead_verify(&operation, plaintext, PSA_AEAD_VERIFY_OUTPUT_SIZE(PSA_KEY_TYPE_AES, algorithm), &outLength, tag,
+        status = psa_aead_verify(&operation, plaintext, PSA_AEAD_VERIFY_OUTPUT_SIZE(PSA_KEY_TYPE_AES, algorithm), &out_length, tag,
                                  tag_length);
     }
     else
     {
-        status = psa_aead_verify(&operation, nullptr, 0, &outLength, tag, tag_length);
+        status = psa_aead_verify(&operation, nullptr, 0, &out_length, tag, tag_length);
     }
 
     VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
+#endif
 
     return CHIP_NO_ERROR;
 }

src/crypto/crypto.gni

@@ -22,6 +22,9 @@ declare_args() {
 
   # Use PSA Spake2+ implementation. Only used if chip_crypto == "psa"
   chip_crypto_psa_spake2p = false
+
+  # Use PSA AEAD single-part implementation.
+  chip_crypto_psa_aead_single_part = false
 }
 
 assert(