Skip to content

Commit

Permalink
Merge branch 'master' into test-keys-signature-count
Browse files Browse the repository at this point in the history
  • Loading branch information
@bzbarsky-apple
bzbarsky-apple authored Aug 1, 2023
2 parents 635bb27 + c6fcc20 commit 38f70b8
Show file tree
Hide file tree
Showing 10 changed files with 12,492 additions and 116 deletions.
1,475 changes: 1,475 additions & 0 deletions examples/chef/devices/rootnode_roboticvacuumcleaner_1807ff0c49.matter
View file

Large diffs are not rendered by default.

10,848 changes: 10,848 additions & 0 deletions examples/chef/devices/rootnode_roboticvacuumcleaner_1807ff0c49.zap
View file

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion examples/chef/sample_app_util/matter_device_types.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,6 @@
"Video Remote Control": 42,
"Mode Select": 39,
"Air Purifier": 45,
"Air Quality Sensor": 44
"Air Quality Sensor": 44,
"Robotic Vacuum Cleaner": 116
}
27 changes: 21 additions & 6 deletions src/controller/CHIPDeviceControllerFactory.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ CHIP_ERROR DeviceControllerFactory::Init(FactoryInitParams params)
mOperationalKeystore = params.operationalKeystore;
mOpCertStore = params.opCertStore;
mCertificateValidityPolicy = params.certificateValidityPolicy;
mSessionResumptionStorage = params.sessionResumptionStorage;
mEnableServerInteractions = params.enableServerInteractions;

CHIP_ERROR err = InitSystemState(params);
Expand Down Expand Up @@ -94,6 +95,7 @@ CHIP_ERROR DeviceControllerFactory::InitSystemState()
params.operationalKeystore = mOperationalKeystore;
params.opCertStore = mOpCertStore;
params.certificateValidityPolicy = mCertificateValidityPolicy;
params.sessionResumptionStorage = mSessionResumptionStorage;
}

return InitSystemState(params);
Expand Down Expand Up @@ -195,12 +197,24 @@ CHIP_ERROR DeviceControllerFactory::InitSystemState(FactoryInitParams params)
tempFabricTable = stateParams.fabricTable;
}

auto sessionResumptionStorage = chip::Platform::MakeUnique<SimpleSessionResumptionStorage>();
ReturnErrorOnFailure(sessionResumptionStorage->Init(params.fabricIndependentStorage));
stateParams.sessionResumptionStorage = std::move(sessionResumptionStorage);
SessionResumptionStorage * sessionResumptionStorage;
if (params.sessionResumptionStorage == nullptr)
{
auto ownedSessionResumptionStorage = chip::Platform::MakeUnique<SimpleSessionResumptionStorage>();
ReturnErrorOnFailure(ownedSessionResumptionStorage->Init(params.fabricIndependentStorage));
stateParams.ownedSessionResumptionStorage = std::move(ownedSessionResumptionStorage);
stateParams.externalSessionResumptionStorage = nullptr;
sessionResumptionStorage = stateParams.ownedSessionResumptionStorage.get();
}
else
{
stateParams.ownedSessionResumptionStorage = nullptr;
stateParams.externalSessionResumptionStorage = params.sessionResumptionStorage;
sessionResumptionStorage = stateParams.externalSessionResumptionStorage;
}

auto delegate = chip::Platform::MakeUnique<ControllerFabricDelegate>();
ReturnErrorOnFailure(delegate->Init(stateParams.sessionResumptionStorage.get(), stateParams.groupDataProvider));
ReturnErrorOnFailure(delegate->Init(sessionResumptionStorage, stateParams.groupDataProvider));
stateParams.fabricTableDelegate = delegate.get();
ReturnErrorOnFailure(stateParams.fabricTable->AddFabricDelegate(stateParams.fabricTableDelegate));
delegate.release();
Expand All @@ -222,7 +236,7 @@ CHIP_ERROR DeviceControllerFactory::InitSystemState(FactoryInitParams params)

// Enable listening for session establishment messages.
ReturnErrorOnFailure(stateParams.caseServer->ListenForSessionEstablishment(
stateParams.exchangeMgr, stateParams.sessionMgr, stateParams.fabricTable, stateParams.sessionResumptionStorage.get(),
stateParams.exchangeMgr, stateParams.sessionMgr, stateParams.fabricTable, sessionResumptionStorage,
stateParams.certificateValidityPolicy, stateParams.groupDataProvider));

//
Expand Down Expand Up @@ -256,7 +270,7 @@ CHIP_ERROR DeviceControllerFactory::InitSystemState(FactoryInitParams params)

CASEClientInitParams sessionInitParams = {
.sessionManager = stateParams.sessionMgr,
.sessionResumptionStorage = stateParams.sessionResumptionStorage.get(),
.sessionResumptionStorage = sessionResumptionStorage,
.certificateValidityPolicy = stateParams.certificateValidityPolicy,
.exchangeMgr = stateParams.exchangeMgr,
.fabricTable = stateParams.fabricTable,
Expand Down Expand Up @@ -373,6 +387,7 @@ void DeviceControllerFactory::Shutdown()
mOperationalKeystore = nullptr;
mOpCertStore = nullptr;
mCertificateValidityPolicy = nullptr;
mSessionResumptionStorage = nullptr;
}

void DeviceControllerSystemState::Shutdown()
Expand Down
7 changes: 5 additions & 2 deletions src/controller/CHIPDeviceControllerFactory.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
#include <credentials/GroupDataProvider.h>
#include <credentials/OperationalCertificateStore.h>
#include <credentials/attestation_verifier/DeviceAttestationVerifier.h>
#include <protocols/secure_channel/SessionResumptionStorage.h>

namespace chip {

Expand Down Expand Up @@ -106,8 +107,8 @@ struct SetupParams
};

// TODO everything other than the fabric storage, group data provider, OperationalKeystore,
// OperationalCertificateStore and SessionKeystore here should be removed. We're blocked
// because of the need to support !CHIP_DEVICE_LAYER
// OperationalCertificateStore, SessionKeystore, and SessionResumptionStorage here should
// be removed. We're blocked because of the need to support !CHIP_DEVICE_LAYER
struct FactoryInitParams
{
System::Layer * systemLayer = nullptr;
Expand All @@ -121,6 +122,7 @@ struct FactoryInitParams
FabricTable * fabricTable = nullptr;
OperationalKeystore * operationalKeystore = nullptr;
Credentials::OperationalCertificateStore * opCertStore = nullptr;
SessionResumptionStorage * sessionResumptionStorage = nullptr;
#if CONFIG_NETWORK_LAYER_BLE
Ble::BleLayer * bleLayer = nullptr;
#endif
Expand Down Expand Up @@ -257,6 +259,7 @@ class DeviceControllerFactory
Crypto::OperationalKeystore * mOperationalKeystore = nullptr;
Credentials::OperationalCertificateStore * mOpCertStore = nullptr;
Credentials::CertificateValidityPolicy * mCertificateValidityPolicy = nullptr;
SessionResumptionStorage * mSessionResumptionStorage = nullptr;
bool mEnableServerInteractions = false;
};

Expand Down
27 changes: 23 additions & 4 deletions src/controller/CHIPDeviceControllerSystemState.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,10 +85,18 @@ struct DeviceControllerSystemStateParams
Credentials::GroupDataProvider * groupDataProvider = nullptr;
Crypto::SessionKeystore * sessionKeystore = nullptr;

// NOTE: Exactly one of externalSessionResumptionStorage (externally provided,
// externally owned) or ownedSessionResumptionStorage (managed by the system
// state) must be non-null.
SessionResumptionStorage * externalSessionResumptionStorage = nullptr;

// Params that will be deallocated via Platform::Delete in
// DeviceControllerSystemState::Shutdown.
DeviceTransportMgr * transportMgr = nullptr;
Platform::UniquePtr<SimpleSessionResumptionStorage> sessionResumptionStorage;
// NOTE: Exactly one of externalSessionResumptionStorage (externally provided,
// externally owned) or ownedSessionResumptionStorage (managed by the system
// state) must be non-null.
Platform::UniquePtr<SimpleSessionResumptionStorage> ownedSessionResumptionStorage;
Credentials::CertificateValidityPolicy * certificateValidityPolicy = nullptr;
SessionManager * sessionMgr = nullptr;
Protocols::SecureChannel::UnsolicitedStatusHandler * unsolicitedStatusHandler = nullptr;
Expand Down Expand Up @@ -132,8 +140,18 @@ class DeviceControllerSystemState
mCASESessionManager(params.caseSessionManager), mSessionSetupPool(params.sessionSetupPool),
mCASEClientPool(params.caseClientPool), mGroupDataProvider(params.groupDataProvider), mTimerDelegate(params.timerDelegate),
mReportScheduler(params.reportScheduler), mSessionKeystore(params.sessionKeystore),
mFabricTableDelegate(params.fabricTableDelegate), mSessionResumptionStorage(std::move(params.sessionResumptionStorage))
mFabricTableDelegate(params.fabricTableDelegate),
mOwnedSessionResumptionStorage(std::move(params.ownedSessionResumptionStorage))
{
if (mOwnedSessionResumptionStorage)
{
mSessionResumptionStorage = mOwnedSessionResumptionStorage.get();
}
else
{
mSessionResumptionStorage = params.externalSessionResumptionStorage;
}

#if CONFIG_NETWORK_LAYER_BLE
mBleLayer = params.bleLayer;
#endif
Expand Down Expand Up @@ -172,7 +190,7 @@ class DeviceControllerSystemState
mUnsolicitedStatusHandler != nullptr && mExchangeMgr != nullptr && mMessageCounterManager != nullptr &&
mFabrics != nullptr && mCASESessionManager != nullptr && mSessionSetupPool != nullptr && mCASEClientPool != nullptr &&
mGroupDataProvider != nullptr && mReportScheduler != nullptr && mTimerDelegate != nullptr &&
mSessionKeystore != nullptr;
mSessionKeystore != nullptr && mSessionResumptionStorage != nullptr;
};

System::Layer * SystemLayer() const { return mSystemLayer; };
Expand Down Expand Up @@ -221,7 +239,8 @@ class DeviceControllerSystemState
app::reporting::ReportScheduler * mReportScheduler = nullptr;
Crypto::SessionKeystore * mSessionKeystore = nullptr;
FabricTable::Delegate * mFabricTableDelegate = nullptr;
Platform::UniquePtr<SimpleSessionResumptionStorage> mSessionResumptionStorage;
SessionResumptionStorage * mSessionResumptionStorage = nullptr;
Platform::UniquePtr<SimpleSessionResumptionStorage> mOwnedSessionResumptionStorage;

// If mTempFabricTable is not null, it was created during
// DeviceControllerFactory::InitSystemState and needs to be
Expand Down
15 changes: 15 additions & 0 deletions src/credentials/FabricTable.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2080,4 +2080,19 @@ CHIP_ERROR FabricTable::GetFabricLabel(FabricIndex fabricIndex, CharSpan & outFa
return CHIP_NO_ERROR;
}

CHIP_ERROR FabricTable::PeekFabricIndexForNextAddition(FabricIndex & outIndex)
{
EnsureNextAvailableFabricIndexUpdated();
if (!mNextAvailableFabricIndex.HasValue())
{
return CHIP_ERROR_NO_MEMORY;
}

FabricIndex index = mNextAvailableFabricIndex.Value();
VerifyOrReturnError(IsValidFabricIndex(index), CHIP_ERROR_INVALID_FABRIC_INDEX);

outIndex = index;
return CHIP_NO_ERROR;
}

} // namespace chip
8 changes: 8 additions & 0 deletions src/credentials/FabricTable.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -971,6 +971,14 @@ class DLL_EXPORT FabricTable
#endif // CONFIG_BUILD_FOR_HOST_UNIT_TEST
}

/**
* Get the fabric index that will be used for the next fabric that will be
* added. Returns error if no more fabrics can be added, otherwise writes
* the fabric index that will be used for the next addition into the
* outparam.
*/
CHIP_ERROR PeekFabricIndexForNextAddition(FabricIndex & outIndex);

private:
enum class StateFlags : uint16_t
{
Expand Down
89 changes: 89 additions & 0 deletions src/credentials/tests/TestFabricTable.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -523,6 +523,12 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext)

NL_TEST_ASSERT_EQUALS(inSuite, fabricTable.FabricCount(), 0);

{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 1);
}

size_t numFabricsIterated = 0;

size_t numStorageKeysAtStart = storage.GetNumKeys();
Expand Down Expand Up @@ -588,6 +594,13 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext)
// No storage yet
NL_TEST_ASSERT(inSuite, storage.GetNumKeys() == numStorageKeysAtStart);

// Next fabric index has not been updated yet.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 1);
}

// Validate iterator sees pending
{
numFabricsIterated = 0;
Expand All @@ -612,6 +625,13 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext)

NL_TEST_ASSERT(inSuite, storage.GetNumKeys() == (numStorageKeysAtStart + 4)); // 2 opcerts + fabric metadata + index

// Next fabric index has been updated.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 2);
}

// Validate contents
const auto * fabricInfo = fabricTable.FindFabricWithIndex(1);
NL_TEST_ASSERT(inSuite, fabricInfo != nullptr);
Expand Down Expand Up @@ -679,6 +699,14 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext)
ByteSpan noc = fabric44CertAuthority.GetNoc();

NL_TEST_ASSERT_EQUALS(inSuite, fabricTable.FabricCount(), 1);

// Next fabric index should still be the same as before.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 2);
}

NL_TEST_ASSERT_SUCCESS(inSuite, fabricTable.AddNewPendingTrustedRootCert(rcac));
FabricIndex newFabricIndex = kUndefinedFabricIndex;

Expand All @@ -689,6 +717,12 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext)
NL_TEST_ASSERT(inSuite, newFabricIndex == 2);
// No storage yet
NL_TEST_ASSERT(inSuite, storage.GetNumKeys() == numStorageAfterFirstAdd);
// Next fabric index has not been updated yet.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 2);
}

// Commit, now storage should have keys
NL_TEST_ASSERT_SUCCESS(inSuite, fabricTable.CommitPendingFabricData());
Expand All @@ -697,6 +731,13 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext)
NL_TEST_ASSERT_EQUALS(inSuite, storage.GetNumKeys(),
(numStorageAfterFirstAdd + 5)); // 3 opcerts + fabric metadata + 1 operational key

// Next fabric index has been updated.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 3);
}

// Validate contents
const auto * fabricInfo = fabricTable.FindFabricWithIndex(2);
NL_TEST_ASSERT(inSuite, fabricInfo != nullptr);
Expand Down Expand Up @@ -879,6 +920,13 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext)
NL_TEST_ASSERT(inSuite, saw1 == true);
NL_TEST_ASSERT(inSuite, saw2 == true);
}

// Next fabric index has stayed the same.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 3);
}
}

size_t numStorageAfterUpdate = storage.GetNumKeys();
Expand All @@ -904,6 +952,13 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext)
NL_TEST_ASSERT(inSuite, fabricInfo->GetFabricLabel().data_equal(CharSpan{ "roboto", strlen("roboto") }));
}
}

// Next fabric index has stayed the same.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 3);
}
}

// Sequence 5: Remove FabricIndex 1 (FabricId 11, NodeId 55), make sure FabricIndex 2 (FabricId 44, NodeId 1000) still exists
Expand All @@ -917,6 +972,13 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext)
NL_TEST_ASSERT_EQUALS(inSuite, storage.GetNumKeys(), (numStorageAfterUpdate - 3)); // Deleted NOC, RCAC, Metadata
}

// Next fabric index has stayed the same.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 3);
}

// Validate contents of Fabric Index 2 is still OK
const auto * fabricInfo = fabricTable.FindFabricWithIndex(2);
NL_TEST_ASSERT(inSuite, fabricInfo != nullptr);
Expand Down Expand Up @@ -1374,6 +1436,13 @@ void TestPersistence(nlTestSuite * inSuite, void * inContext)
NL_TEST_ASSERT(inSuite, saw1 == true);
NL_TEST_ASSERT(inSuite, saw2 == true);
}

// Next fabric index should now be 3, since we added 1 and 2 above.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 3);
}
}

// Global: Last known good time + fabric index = 2
Expand Down Expand Up @@ -1501,6 +1570,13 @@ void TestPersistence(nlTestSuite * inSuite, void * inContext)
CHIP_ERROR_INVALID_SIGNATURE);
}
}

// Validate that next fabric index is still 3;
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 3);
}
}
}

Expand Down Expand Up @@ -1544,6 +1620,12 @@ void TestAddNocFailSafe(nlTestSuite * inSuite, void * inContext)
NL_TEST_ASSERT_SUCCESS(inSuite, fabricTable.AddNewPendingTrustedRootCert(rcac));
FabricIndex newFabricIndex = kUndefinedFabricIndex;

{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 1);
}

NL_TEST_ASSERT_EQUALS(inSuite, fabricTable.FabricCount(), 0);
NL_TEST_ASSERT_SUCCESS(inSuite,
fabricTable.AddNewPendingFabricWithOperationalKeystore(noc, ByteSpan{}, kVendorId, &newFabricIndex));
Expand Down Expand Up @@ -1596,6 +1678,13 @@ void TestAddNocFailSafe(nlTestSuite * inSuite, void * inContext)
NL_TEST_ASSERT(inSuite, numFabricsIterated == 0);
NL_TEST_ASSERT(inSuite, saw1 == false);
}

// Validate next fabric index has not changed.
{
FabricIndex nextFabricIndex = kUndefinedFabricIndex;
NL_TEST_ASSERT(inSuite, fabricTable.PeekFabricIndexForNextAddition(nextFabricIndex) == CHIP_NO_ERROR);
NL_TEST_ASSERT_EQUALS(inSuite, nextFabricIndex, 1);
}
}

size_t numStorageAfterRevert = storage.GetNumKeys();
Expand Down
Loading

0 comments on commit 38f70b8

Please sign in to comment.