search

project-chip / connectedhomeip

Matter (formerly Project CHIP) creates more connections between more objects, simplifying development for manufacturers and increasing compatibility for consumers, guided by the Connectivity Standards Alliance.
https://buildwithmatter.com
Apache License 2.0
7.54k stars 2.03k forks source link

[BUG] Unable to complete the commissioning using CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN #35995

Open sbh82 opened 1 month ago

sbh82 commented 1 month ago

Reproduction steps

  1. Using Matter SDK 1.3 with ESP-IDF 5.2.1 on ESP32-C6
  2. Added esp-cryptoauthlib as component, enabled the secure element and enabled CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN in sdkconfig
  3. Used the light example as a template to create a simple light on/off switch Matter endpoint
  4. Launch the commissioning from a smartphone and a Matter compatible app
  5. The commissioning fails reporting this error in ESP log: E (117103) chip[CR]: mbedTLS error: BIGNUM - The buffer is too small to write to

Bug prevalence

Always

GitHub hash of the SDK that was being used

82748b9f0e5a4cdc4d10715f10c6160d49d87e75

Platform

esp32-c6

Platform Version(s)

ESP-IDF 5.2.1

Anything else?

Without the step 2, i.e. removing the esp-cryptoauthlib and disable the CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN flag the commissioning works perfectly. Insepcting the SDK code it seems the error comes from P256Keypair::ECDSA_sign_msg method in src/crypto/CHIPCryptoPALmbedTLS.cpp file and the call to method mbedtls_ecdsa_sign returns the error. I report the error log:

I (117073) chip[ZCL]: OpCreds: Received an AttestationRequest command
I (117083) chip[EM]: <<< [E:27454r S:61872 M:244198318 (Ack:142956033)] (S) Msg TX to 0:FFFFFFFB00000000 [0000] [UDP:192.168.1.121:28710] --- Type 0000:10 (SecureChannel:StandaloneAck)
D (117093) chip[EM]: Flushed pending ack for MessageCounter:142956033 on exchange 27454r
E (117103) chip[CR]: mbedTLS error: BIGNUM - The buffer is too small to write to
E (117123) chip[DMG]: Endpoint=0 Cluster=0x0000_003E Command=0x0000_0000 status 0x01 (no additional context)
D (117133) chip[DMG]: Command handler moving to [NewRespons]
bzbarsky-apple commented 1 month ago

I wonder whether this is a similar problem to https://github.com/project-chip/connectedhomeip/issues/35155 ...

@shubhamdp @dhrishi

shubhamdp commented 1 month ago

@sbh82 will take a look.

sbh82 commented 1 month ago

@shubhamdp thanks! I'm going into more detail and I found that when I set CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN flag in sdkconfig the macro MBEDTLS_ECDSA_SIGN_ALT is defined. When this macro is defined the mbedtls_ecdsa_sign is not implemented in third_party/mbedtls/repo/library/ecdsa.c but it is implemented in esp-cryptoauthlib defined as a wrapper that simply call the method atca_mbedtls_ecdsa_sign. Inside this method it calls mbedtls_mpi_write_binary returning the MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL error.

ianzo commented 6 days ago

I have the same issue of @sbh82 using Matter SDK 1.3 with ESP-IDF 5.3.1 on ESP32-C6. I report the error log:

I (471247) esp_matter_command: Received command 0x00000000 for endpoint 0x0000's cluster 0x0000003E I (471257) chip[ZCL]: OpCreds: Received an AttestationRequest command E (471257) chip[CR]: mbedTLS error: BIGNUM - The buffer is too small to write to E (471267) chip[DMG]: Endpoint=0 Cluster=0x0000_003E Command=0x0000_0000 status 0x01 (no additional context) D (471287) chip[DMG]: Command handler moving to [NewRespons] D (471287) chip[DMG]: Command handler moving to [ Preparing] D (471297) chip[DMG]: Command handler moving to [AddingComm] D (471297) chip[DMG]: Command handler moving to [AddedComma] E (471307) chip[ZCL]: OpCreds: Failed AttestationRequest request with IM error 0x01 (err = ac) D (471317) chip[DMG]: Decreasing reference count for CommandHandlerImpl, remaining 1 D (471317) chip[DMG]: Decreasing reference count for CommandHandlerImpl, remaining 0 D (471327) chip[DMG]: Command handler moving to [AwaitingDe] I (471327) chip[EM]: <<< [E:53965r S:16227 M:147944626] (S) Msg TX to 0:FFFFFFFB00000000 [0000] [BLE] --- Type 0001:09 (IM:InvokeCommandResponse) (B:63)