Updated Key policy with spec (#15804)

project-chip · Oct 25, 2023 · 5da8a0a · 5da8a0a
1 parent 32c80a9
commit 5da8a0a
Show file tree

Hide file tree

Showing 18 changed files with 40 additions and 41 deletions.
diff --git a/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter b/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter
@@ -1458,8 +1458,8 @@ server cluster GeneralDiagnostics = 51 {
 
 server cluster GroupKeyManagement = 63 {
   enum GroupKeySecurityPolicy : ENUM8 {
-    kStandard = 0;
-    kTrustFirst = 1;
+    kTrustFirst = 0;
+    kCacheAndSync = 1;
   }
 
   struct GroupKeyMapStruct {

diff --git a/examples/lighting-app/lighting-common/lighting-app.matter b/examples/lighting-app/lighting-common/lighting-app.matter
@@ -624,8 +624,8 @@ server cluster GeneralDiagnostics = 51 {
 
 server cluster GroupKeyManagement = 63 {
   enum GroupKeySecurityPolicy : ENUM8 {
-    kStandard = 0;
-    kTrustFirst = 1;
+    kTrustFirst = 0;
+    kCacheAndSync = 1;
   }
 
   struct GroupKeyMapStruct {

diff --git a/examples/pump-app/pump-common/pump-app.matter b/examples/pump-app/pump-common/pump-app.matter
@@ -365,8 +365,8 @@ server cluster GeneralDiagnostics = 51 {
 
 server cluster GroupKeyManagement = 63 {
   enum GroupKeySecurityPolicy : ENUM8 {
-    kStandard = 0;
-    kTrustFirst = 1;
+    kTrustFirst = 0;
+    kCacheAndSync = 1;
   }
 
   struct GroupKeyMapStruct {

diff --git a/examples/thermostat/thermostat-common/thermostat.matter b/examples/thermostat/thermostat-common/thermostat.matter
@@ -381,8 +381,8 @@ server cluster GeneralDiagnostics = 51 {
 
 server cluster GroupKeyManagement = 63 {
   enum GroupKeySecurityPolicy : ENUM8 {
-    kStandard = 0;
-    kTrustFirst = 1;
+    kTrustFirst = 0;
+    kCacheAndSync = 1;
   }
 
   struct GroupKeyMapStruct {

diff --git a/examples/tv-app/tv-common/tv-app.matter b/examples/tv-app/tv-common/tv-app.matter
@@ -741,8 +741,8 @@ server cluster GeneralDiagnostics = 51 {
 
 server cluster GroupKeyManagement = 63 {
   enum GroupKeySecurityPolicy : ENUM8 {
-    kStandard = 0;
-    kTrustFirst = 1;
+    kTrustFirst = 0;
+    kCacheAndSync = 1;
   }
 
   struct GroupKeyMapStruct {

diff --git a/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter b/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter
@@ -1382,8 +1382,8 @@ server cluster GeneralDiagnostics = 51 {
 
 server cluster GroupKeyManagement = 63 {
   enum GroupKeySecurityPolicy : ENUM8 {
-    kStandard = 0;
-    kTrustFirst = 1;
+    kTrustFirst = 0;
+    kCacheAndSync = 1;
   }
 
   struct GroupKeyMapStruct {

diff --git a/src/app/tests/suites/TestGroupDemoConfig.yaml b/src/app/tests/suites/TestGroupDemoConfig.yaml
@@ -64,8 +64,8 @@ tests:
                 value: {
                         GroupKeySetID: 0x01a1,
                         #  TODO Revert this once MCSP is implemented
-                        # GroupKeySecurityPolicy: 0,
-                        GroupKeySecurityPolicy: 1, # 1 => LowLatency => TrustFirst
+                        # GroupKeySecurityPolicy: 1,
+                        GroupKeySecurityPolicy: 0, # 0 => TrustFirst
                         EpochKey0: "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf",
                         EpochStartTime0: 1110000,
                         EpochKey1: "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf",

diff --git a/src/app/tests/suites/TestGroupMessaging.yaml b/src/app/tests/suites/TestGroupMessaging.yaml
@@ -77,8 +77,8 @@ tests:
                 value: {
                         GroupKeySetID: 0x01a1,
                         #  TODO Revert this once MCSP is implemented
-                        # GroupKeySecurityPolicy: 0,
-                        GroupKeySecurityPolicy: 1, # 1 => TrustFirst
+                        # GroupKeySecurityPolicy: 1,
+                        GroupKeySecurityPolicy: 0, # 0 => TrustFirst
                         EpochKey0: "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf",
                         EpochStartTime0: 1110000,
                         EpochKey1: "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf",
@@ -93,10 +93,9 @@ tests:
       arguments:
           values:
               - name: "GroupKeySet"
-                value:
-                    {
+                value: {
                         GroupKeySetID: 0x01a2,
-                        GroupKeySecurityPolicy: 1,
+                        GroupKeySecurityPolicy: 0, # TrustFirst
                         EpochKey0: "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
                         EpochStartTime0: 2220000,
                         EpochKey1: "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef",

diff --git a/src/app/zap-templates/zcl/data-model/chip/group-key-mgmt-cluster.xml b/src/app/zap-templates/zcl/data-model/chip/group-key-mgmt-cluster.xml
@@ -46,8 +46,8 @@ limitations under the License.
 
   <enum name="GroupKeySecurityPolicy" type="ENUM8">
     <cluster code="0x003F"/>
-    <item name="Standard" value="0x00"/>
-    <item name="TrustFirst" value="0x01"/>
+    <item name="TrustFirst" value="0x00"/>
+    <item name="CacheAndSync" value="0x01"/>
   </enum>
 
   <cluster>

diff --git a/src/controller/data_model/controller-clusters.matter b/src/controller/data_model/controller-clusters.matter
@@ -1822,8 +1822,8 @@ client cluster GeneralDiagnostics = 51 {
 
 client cluster GroupKeyManagement = 63 {
   enum GroupKeySecurityPolicy : ENUM8 {
-    kStandard = 0;
-    kTrustFirst = 1;
+    kTrustFirst = 0;
+    kCacheAndSync = 1;
   }
 
   struct GroupKeyMapStruct {

diff --git a/src/controller/python/chip/clusters/Objects.py b/src/controller/python/chip/clusters/Objects.py
diff --git a/src/credentials/GroupDataProvider.h b/src/credentials/GroupDataProvider.h
@@ -139,7 +139,7 @@ class GroupDataProvider
         // Logical id provided by the Administrator that configured the entry
         uint16_t keyset_id = 0;
         // Security policy to use for groups that use this keyset
-        SecurityPolicy policy = SecurityPolicy::kStandard;
+        SecurityPolicy policy = SecurityPolicy::kCacheAndSync;
         // Number of keys present
         uint8_t num_keys_used = 0;
 

diff --git a/src/credentials/GroupDataProviderImpl.cpp b/src/credentials/GroupDataProviderImpl.cpp
@@ -718,7 +718,7 @@ struct KeySetData : PersistentData<kPersistentBufferMax>
     bool first                     = true;
 
     uint16_t keyset_id                       = 0;
-    GroupDataProvider::SecurityPolicy policy = GroupDataProvider::SecurityPolicy::kStandard;
+    GroupDataProvider::SecurityPolicy policy = GroupDataProvider::SecurityPolicy::kCacheAndSync;
     uint8_t keys_count                       = 0;
     OperationalKey operational_keys[KeySet::kEpochKeysMax];
 
@@ -738,7 +738,7 @@ struct KeySetData : PersistentData<kPersistentBufferMax>
 
     void Clear() override
     {
-        policy     = GroupDataProvider::SecurityPolicy::kStandard;
+        policy     = GroupDataProvider::SecurityPolicy::kCacheAndSync;
         keys_count = 0;
         memset(operational_keys, 0x00, sizeof(operational_keys));
         next = 0xffff;

diff --git a/src/credentials/tests/TestGroupDataProvider.cpp b/src/credentials/tests/TestGroupDataProvider.cpp
@@ -95,10 +95,10 @@ static const GroupKey kGroup3Keyset1(kGroup3, kKeysetId1);
 static const GroupKey kGroup3Keyset2(kGroup3, kKeysetId2);
 static const GroupKey kGroup3Keyset3(kGroup3, kKeysetId3);
 
-static KeySet kKeySet0(kKeysetId0, SecurityPolicy::kStandard, 3);
+static KeySet kKeySet0(kKeysetId0, SecurityPolicy::kCacheAndSync, 3);
 static KeySet kKeySet1(kKeysetId1, SecurityPolicy::kTrustFirst, 1);
 static KeySet kKeySet2(kKeysetId2, SecurityPolicy::kTrustFirst, 2);
-static KeySet kKeySet3(kKeysetId3, SecurityPolicy::kStandard, 3);
+static KeySet kKeySet3(kKeysetId3, SecurityPolicy::kCacheAndSync, 3);
 
 uint8_t kZeroKey[EpochKey::kLengthBytes] = { 0 };
 

diff --git a/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h b/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h
diff --git a/src/lib/support/TestGroupData.h b/src/lib/support/TestGroupData.h
@@ -58,8 +58,8 @@ CHIP_ERROR InitGroupData()
 
     // Key Sets
 
-    chip::Credentials::GroupDataProvider::KeySet keyset1(kKeySet1, chip::Credentials::GroupDataProvider::SecurityPolicy::kStandard,
-                                                         3);
+    chip::Credentials::GroupDataProvider::KeySet keyset1(kKeySet1,
+                                                         chip::Credentials::GroupDataProvider::SecurityPolicy::kCacheAndSync, 3);
     const chip::Credentials::GroupDataProvider::EpochKey epoch_keys1[] = {
         { 1110000, { 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf } },
         { 1110001, { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf } },
@@ -69,8 +69,8 @@ CHIP_ERROR InitGroupData()
     CHIP_ERROR err = sGroupsProvider.SetKeySet(kFabric1, keyset1);
     ReturnErrorOnFailure(err);
 
-    chip::Credentials::GroupDataProvider::KeySet keyset2(kKeySet2, chip::Credentials::GroupDataProvider::SecurityPolicy::kStandard,
-                                                         3);
+    chip::Credentials::GroupDataProvider::KeySet keyset2(kKeySet2,
+                                                         chip::Credentials::GroupDataProvider::SecurityPolicy::kCacheAndSync, 3);
     const chip::Credentials::GroupDataProvider::EpochKey epoch_keys2[] = {
         { 2220000, { 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf } },
         { 2220001, { 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef } },

diff --git a/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h b/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h
diff --git a/zzz_generated/chip-tool/zap-generated/test/Commands.h b/zzz_generated/chip-tool/zap-generated/test/Commands.h