[NXP][crypto] Enable rw61x secure OpKey storage/usage (project-chip#40692)

* [NXP][crypto] Enable rw61x secure OpKey storage/usage

Signed-off-by: Martin Girardot <martin.girardot@nxp.com>

* [NXP] update nxp matter support

Signed-off-by: Martin Girardot <martin.girardot@nxp.com>

* fix PR comments

Signed-off-by: Martin Girardot <martin.girardot@nxp.com>

* Restyled by whitespace

* Restyled by clang-format

* Restyled by gn

* [NXP] Fix mcxw71 gn build issue when using --check arg

Signed-off-by: Martin Girardot <martin.girardot@nxp.com>

* [NXP] fix PR comment

Signed-off-by: Martin Girardot <martin.girardot@nxp.com>

---------

Signed-off-by: Martin Girardot <martin.girardot@nxp.com>
Co-authored-by: Restyled.io <commits@restyled.io>

Author: Martin-NXP

config/nxp/chip-cmake-freertos/Kconfig

@@ -240,7 +240,7 @@ config NETWORK_LAYER_BLE
 
 config OPERATIONAL_KEYSTORE
 	bool "Use custom implementation of operational keystore"
-	default y if CHIP_NXP_PLATFORM_MCXW71 || CHIP_NXP_PLATFORM_MCXW72
+	default y if CHIP_NXP_PLATFORM_MCXW71 || CHIP_NXP_PLATFORM_MCXW72 || CHIP_NXP_PLATFORM_RW61X
 	default y if CHIP_SE05X
 	help
 		"Use custom implementation of operational keystore"

examples/all-clusters-app/nxp/rt/rw61x/BUILD.gn

@@ -152,6 +152,7 @@ rt_executable("all_cluster_app") {
     "${common_example_dir}/device_callbacks/include",
     "${common_example_dir}/app_task/include",
     "${common_example_dir}/factory_data/include",
+    "${common_example_dir}/operational_keystore/include",
   ]
 
   sources += [
@@ -161,6 +162,7 @@ rt_executable("all_cluster_app") {
     "${common_example_dir}/device_manager/source/CHIPDeviceManager.cpp",
     "${common_example_dir}/icd/source/ICDUtil.cpp",
     "${common_example_dir}/matter_button/source/ButtonRegistrationEmpty.cpp",
+    "${common_example_dir}/operational_keystore/source/OperationalKeystoreS50.cpp",
   ]
 
   deps = [
@@ -171,6 +173,9 @@ rt_executable("all_cluster_app") {
     "${chip_root}/src/setup_payload:onboarding-codes-utils",
   ]
 
+  # Operational key secure storage
+  defines += [ "CONFIG_OPERATIONAL_KEYSTORE=1" ]
+
   sources += [
     "${chip_root}/examples/all-clusters-app/all-clusters-common/src/bridged-actions-stub.cpp",
     "${chip_root}/examples/all-clusters-app/all-clusters-common/src/smco-stub.cpp",

examples/laundry-washer-app/nxp/rt/rw61x/BUILD.gn

@@ -174,6 +174,7 @@ rt_executable("laundry-washer") {
     "${common_example_dir}/device_callbacks/include",
     "${common_example_dir}/app_task/include",
     "${common_example_dir}/factory_data/include",
+    "${common_example_dir}/operational_keystore/include",
   ]
 
   sources += [
@@ -183,6 +184,7 @@ rt_executable("laundry-washer") {
     "${common_example_dir}/device_manager/source/CHIPDeviceManager.cpp",
     "${common_example_dir}/icd/source/ICDUtil.cpp",
     "${common_example_dir}/matter_button/source/ButtonRegistrationEmpty.cpp",
+    "${common_example_dir}/operational_keystore/source/OperationalKeystoreS50.cpp",
   ]
 
   deps = [
@@ -192,6 +194,9 @@ rt_executable("laundry-washer") {
     "${chip_root}/src/setup_payload:onboarding-codes-utils",
   ]
 
+  # Operational key secure storage
+  defines += [ "CONFIG_OPERATIONAL_KEYSTORE=1" ]
+
   sources += [
     "${chip_root}/examples/all-clusters-app/all-clusters-common/src/bridged-actions-stub.cpp",
     "${chip_root}/examples/all-clusters-app/all-clusters-common/src/laundry-washer-controls-delegate-impl.cpp",

examples/platform/nxp/common/Kconfig

@@ -187,7 +187,13 @@ if CHIP_APP_OPERATIONAL_KEYSTORE
     choice CHIP_APP_OPERATIONAL_KEYSTORE_SELECTION
         prompt "Select Operation Keystore Implementation"
         default CHIP_APP_OPERATIONAL_KEYSTORE_SE05X if CHIP_SE05X
-        default CHIP_APP_OPERATIONAL_KEYSTORE_S200
+        default CHIP_APP_OPERATIONAL_KEYSTORE_S200 if CHIP_NXP_PLATFORM_MCXW71 || CHIP_NXP_PLATFORM_MCXW72
+        default CHIP_APP_OPERATIONAL_KEYSTORE_S50 if CHIP_NXP_PLATFORM_RW61X
+
+        config CHIP_APP_OPERATIONAL_KEYSTORE_S50
+            bool "Operation Keystore S50"
+            help
+                Enable application Operational keystore S50 implementation.
 
         config CHIP_APP_OPERATIONAL_KEYSTORE_S200
             bool "Operation Keystore S200"
@@ -205,6 +211,12 @@ if CHIP_APP_OPERATIONAL_KEYSTORE
                 Enable application Operational keystore SE05X implementation.
 
     endchoice # CHIP_APP_OPERATIONAL_KEYSTORE_SELECTION
+
+    config PRIVATE_ECC_KEY_BLOB_SIZE
+        int "Operational private ECC key blob size"
+        default 120 if CHIP_APP_OPERATIONAL_KEYSTORE_S200
+        default 48 if CHIP_APP_OPERATIONAL_KEYSTORE_S50
+
 endif # CHIP_APP_OPERATIONAL_KEYSTORE
 
 config CHIP_APP_OTA_REQUESTOR

examples/platform/nxp/common/app_common.cmake

@@ -216,7 +216,12 @@ if (CONFIG_CHIP_APP_OPERATIONAL_KEYSTORE)
     target_include_directories(app PRIVATE
         ${EXAMPLE_PLATFORM_NXP_COMMON_DIR}/operational_keystore/include
     )
-    if (CONFIG_CHIP_APP_OPERATIONAL_KEYSTORE_S200)
+
+    if (CONFIG_CHIP_APP_OPERATIONAL_KEYSTORE_S50)
+        target_sources(app PRIVATE
+            ${EXAMPLE_PLATFORM_NXP_COMMON_DIR}/operational_keystore/source/OperationalKeystoreS50.cpp
+        )
+    elseif (CONFIG_CHIP_APP_OPERATIONAL_KEYSTORE_S200)
         target_sources(app PRIVATE
             ${EXAMPLE_PLATFORM_NXP_COMMON_DIR}/operational_keystore/source/OperationalKeystoreS200.cpp
         )

examples/platform/nxp/common/operational_keystore/source/OperationalKeystoreS200.cpp

@@ -16,7 +16,7 @@
  */
 
 #include "OperationalKeystore.h"
-#include <platform/nxp/common/crypto/PersistentStorageOpKeystoreS200.h>
+#include <platform/nxp/common/crypto/S200/PersistentStorageOpKeystoreS200.h>
 
 static chip::PersistentStorageOpKeystoreS200 sInstance;
 

examples/platform/nxp/common/operational_keystore/source/OperationalKeystoreS50.cpp

@@ -0,0 +1,32 @@
+/*
+ *    Copyright (c) 2024 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include "OperationalKeystore.h"
+#include <platform/nxp/common/crypto/S50/PersistentStorageOpKeystoreS50.h>
+
+static chip::PersistentStorageOpKeystoreS50 sInstance;
+
+chip::Crypto::OperationalKeystore * chip::NXP::App::OperationalKeystore::GetInstance()
+{
+    return &sInstance;
+}
+
+CHIP_ERROR chip::NXP::App::OperationalKeystore::Init(PersistentStorageDelegate * delegate)
+{
+    VerifyOrReturnError(delegate != nullptr, CHIP_ERROR_INTERNAL);
+    return sInstance.Init(delegate);
+}

examples/thermostat/nxp/rt/rw61x/BUILD.gn

@@ -194,6 +194,7 @@ rt_executable("thermostat") {
     "${common_example_dir}/device_callbacks/include",
     "${common_example_dir}/app_task/include",
     "${common_example_dir}/factory_data/include",
+    "${common_example_dir}/operational_keystore/include",
   ]
 
   sources += [
@@ -203,6 +204,7 @@ rt_executable("thermostat") {
     "${common_example_dir}/device_manager/source/CHIPDeviceManager.cpp",
     "${common_example_dir}/icd/source/ICDUtil.cpp",
     "${common_example_dir}/matter_button/source/ButtonRegistrationEmpty.cpp",
+    "${common_example_dir}/operational_keystore/source/OperationalKeystoreS50.cpp",
   ]
 
   deps = [
@@ -212,6 +214,9 @@ rt_executable("thermostat") {
     "${chip_root}/src/setup_payload:onboarding-codes-utils",
   ]
 
+  # Operational key secure storage
+  defines += [ "CONFIG_OPERATIONAL_KEYSTORE=1" ]
+
   if (nxp_enable_matter_cli) {
     defines += [ "ENABLE_CHIP_SHELL" ]
     deps += [