From 5da8a0a659f99097d7bba1071114610ff3eb6188 Mon Sep 17 00:00:00 2001 From: Jean-Francois Penven <67962328+jepenven-silabs@users.noreply.github.com> Date: Thu, 3 Mar 2022 12:31:01 -0500 Subject: [PATCH] Updated Key policy with spec (#15804) --- .../all-clusters-common/all-clusters-app.matter | 4 ++-- .../lighting-app/lighting-common/lighting-app.matter | 4 ++-- examples/pump-app/pump-common/pump-app.matter | 4 ++-- examples/thermostat/thermostat-common/thermostat.matter | 4 ++-- examples/tv-app/tv-common/tv-app.matter | 4 ++-- .../tv-casting-common/tv-casting-app.matter | 4 ++-- src/app/tests/suites/TestGroupDemoConfig.yaml | 4 ++-- src/app/tests/suites/TestGroupMessaging.yaml | 9 ++++----- .../zcl/data-model/chip/group-key-mgmt-cluster.xml | 4 ++-- src/controller/data_model/controller-clusters.matter | 4 ++-- src/controller/python/chip/clusters/Objects.py | 4 ++-- src/credentials/GroupDataProvider.h | 2 +- src/credentials/GroupDataProviderImpl.cpp | 4 ++-- src/credentials/tests/TestGroupDataProvider.cpp | 4 ++-- .../Framework/CHIP/zap-generated/CHIPClustersObjc.h | 4 ++-- src/lib/support/TestGroupData.h | 8 ++++---- .../app-common/app-common/zap-generated/cluster-enums.h | 4 ++-- zzz_generated/chip-tool/zap-generated/test/Commands.h | 6 +++--- 18 files changed, 40 insertions(+), 41 deletions(-) diff --git a/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter b/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter index b0a847f6285c1b..b52ff7812d2259 100644 --- a/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter +++ b/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter @@ -1458,8 +1458,8 @@ server cluster GeneralDiagnostics = 51 { server cluster GroupKeyManagement = 63 { enum GroupKeySecurityPolicy : ENUM8 { - kStandard = 0; - kTrustFirst = 1; + kTrustFirst = 0; + kCacheAndSync = 1; } struct GroupKeyMapStruct { diff --git a/examples/lighting-app/lighting-common/lighting-app.matter b/examples/lighting-app/lighting-common/lighting-app.matter index 4186c8ecf445e7..fc1c797c713c92 100644 --- a/examples/lighting-app/lighting-common/lighting-app.matter +++ b/examples/lighting-app/lighting-common/lighting-app.matter @@ -624,8 +624,8 @@ server cluster GeneralDiagnostics = 51 { server cluster GroupKeyManagement = 63 { enum GroupKeySecurityPolicy : ENUM8 { - kStandard = 0; - kTrustFirst = 1; + kTrustFirst = 0; + kCacheAndSync = 1; } struct GroupKeyMapStruct { diff --git a/examples/pump-app/pump-common/pump-app.matter b/examples/pump-app/pump-common/pump-app.matter index 5d104c980acb8f..8bd33ad6b1d3ac 100644 --- a/examples/pump-app/pump-common/pump-app.matter +++ b/examples/pump-app/pump-common/pump-app.matter @@ -365,8 +365,8 @@ server cluster GeneralDiagnostics = 51 { server cluster GroupKeyManagement = 63 { enum GroupKeySecurityPolicy : ENUM8 { - kStandard = 0; - kTrustFirst = 1; + kTrustFirst = 0; + kCacheAndSync = 1; } struct GroupKeyMapStruct { diff --git a/examples/thermostat/thermostat-common/thermostat.matter b/examples/thermostat/thermostat-common/thermostat.matter index 2e65369354f3db..c960cab320af0c 100644 --- a/examples/thermostat/thermostat-common/thermostat.matter +++ b/examples/thermostat/thermostat-common/thermostat.matter @@ -381,8 +381,8 @@ server cluster GeneralDiagnostics = 51 { server cluster GroupKeyManagement = 63 { enum GroupKeySecurityPolicy : ENUM8 { - kStandard = 0; - kTrustFirst = 1; + kTrustFirst = 0; + kCacheAndSync = 1; } struct GroupKeyMapStruct { diff --git a/examples/tv-app/tv-common/tv-app.matter b/examples/tv-app/tv-common/tv-app.matter index a975dee1183ac2..12a4f1428a4f29 100644 --- a/examples/tv-app/tv-common/tv-app.matter +++ b/examples/tv-app/tv-common/tv-app.matter @@ -741,8 +741,8 @@ server cluster GeneralDiagnostics = 51 { server cluster GroupKeyManagement = 63 { enum GroupKeySecurityPolicy : ENUM8 { - kStandard = 0; - kTrustFirst = 1; + kTrustFirst = 0; + kCacheAndSync = 1; } struct GroupKeyMapStruct { diff --git a/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter b/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter index fc9d523fd77fe8..25c15f0677a0ee 100644 --- a/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter +++ b/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter @@ -1382,8 +1382,8 @@ server cluster GeneralDiagnostics = 51 { server cluster GroupKeyManagement = 63 { enum GroupKeySecurityPolicy : ENUM8 { - kStandard = 0; - kTrustFirst = 1; + kTrustFirst = 0; + kCacheAndSync = 1; } struct GroupKeyMapStruct { diff --git a/src/app/tests/suites/TestGroupDemoConfig.yaml b/src/app/tests/suites/TestGroupDemoConfig.yaml index 4faab5bec6334a..ea475248d45e1e 100644 --- a/src/app/tests/suites/TestGroupDemoConfig.yaml +++ b/src/app/tests/suites/TestGroupDemoConfig.yaml @@ -64,8 +64,8 @@ tests: value: { GroupKeySetID: 0x01a1, # TODO Revert this once MCSP is implemented - # GroupKeySecurityPolicy: 0, - GroupKeySecurityPolicy: 1, # 1 => LowLatency => TrustFirst + # GroupKeySecurityPolicy: 1, + GroupKeySecurityPolicy: 0, # 0 => TrustFirst EpochKey0: "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf", EpochStartTime0: 1110000, EpochKey1: "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf", diff --git a/src/app/tests/suites/TestGroupMessaging.yaml b/src/app/tests/suites/TestGroupMessaging.yaml index bcfb9884abd4e1..46d762ccaba3db 100644 --- a/src/app/tests/suites/TestGroupMessaging.yaml +++ b/src/app/tests/suites/TestGroupMessaging.yaml @@ -77,8 +77,8 @@ tests: value: { GroupKeySetID: 0x01a1, # TODO Revert this once MCSP is implemented - # GroupKeySecurityPolicy: 0, - GroupKeySecurityPolicy: 1, # 1 => TrustFirst + # GroupKeySecurityPolicy: 1, + GroupKeySecurityPolicy: 0, # 0 => TrustFirst EpochKey0: "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf", EpochStartTime0: 1110000, EpochKey1: "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf", @@ -93,10 +93,9 @@ tests: arguments: values: - name: "GroupKeySet" - value: - { + value: { GroupKeySetID: 0x01a2, - GroupKeySecurityPolicy: 1, + GroupKeySecurityPolicy: 0, # TrustFirst EpochKey0: "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf", EpochStartTime0: 2220000, EpochKey1: "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef", diff --git a/src/app/zap-templates/zcl/data-model/chip/group-key-mgmt-cluster.xml b/src/app/zap-templates/zcl/data-model/chip/group-key-mgmt-cluster.xml index 7d894ea728a08d..41c338211a42d5 100644 --- a/src/app/zap-templates/zcl/data-model/chip/group-key-mgmt-cluster.xml +++ b/src/app/zap-templates/zcl/data-model/chip/group-key-mgmt-cluster.xml @@ -46,8 +46,8 @@ limitations under the License. - - + + diff --git a/src/controller/data_model/controller-clusters.matter b/src/controller/data_model/controller-clusters.matter index 12c21d790dd846..652b9c1a08c895 100644 --- a/src/controller/data_model/controller-clusters.matter +++ b/src/controller/data_model/controller-clusters.matter @@ -1822,8 +1822,8 @@ client cluster GeneralDiagnostics = 51 { client cluster GroupKeyManagement = 63 { enum GroupKeySecurityPolicy : ENUM8 { - kStandard = 0; - kTrustFirst = 1; + kTrustFirst = 0; + kCacheAndSync = 1; } struct GroupKeyMapStruct { diff --git a/src/controller/python/chip/clusters/Objects.py b/src/controller/python/chip/clusters/Objects.py index 16260fba82fb82..92099613845d55 100644 --- a/src/controller/python/chip/clusters/Objects.py +++ b/src/controller/python/chip/clusters/Objects.py @@ -14546,8 +14546,8 @@ def descriptor(cls) -> ClusterObjectDescriptor: class Enums: class GroupKeySecurityPolicy(IntEnum): - kStandard = 0x00 - kTrustFirst = 0x01 + kTrustFirst = 0x00 + kCacheAndSync = 0x01 class Structs: diff --git a/src/credentials/GroupDataProvider.h b/src/credentials/GroupDataProvider.h index 602f794e56cc8a..72c65359482af1 100644 --- a/src/credentials/GroupDataProvider.h +++ b/src/credentials/GroupDataProvider.h @@ -139,7 +139,7 @@ class GroupDataProvider // Logical id provided by the Administrator that configured the entry uint16_t keyset_id = 0; // Security policy to use for groups that use this keyset - SecurityPolicy policy = SecurityPolicy::kStandard; + SecurityPolicy policy = SecurityPolicy::kCacheAndSync; // Number of keys present uint8_t num_keys_used = 0; diff --git a/src/credentials/GroupDataProviderImpl.cpp b/src/credentials/GroupDataProviderImpl.cpp index af3468bce89787..48fdc388857be1 100644 --- a/src/credentials/GroupDataProviderImpl.cpp +++ b/src/credentials/GroupDataProviderImpl.cpp @@ -718,7 +718,7 @@ struct KeySetData : PersistentData bool first = true; uint16_t keyset_id = 0; - GroupDataProvider::SecurityPolicy policy = GroupDataProvider::SecurityPolicy::kStandard; + GroupDataProvider::SecurityPolicy policy = GroupDataProvider::SecurityPolicy::kCacheAndSync; uint8_t keys_count = 0; OperationalKey operational_keys[KeySet::kEpochKeysMax]; @@ -738,7 +738,7 @@ struct KeySetData : PersistentData void Clear() override { - policy = GroupDataProvider::SecurityPolicy::kStandard; + policy = GroupDataProvider::SecurityPolicy::kCacheAndSync; keys_count = 0; memset(operational_keys, 0x00, sizeof(operational_keys)); next = 0xffff; diff --git a/src/credentials/tests/TestGroupDataProvider.cpp b/src/credentials/tests/TestGroupDataProvider.cpp index 64d296f9de8655..6639a16b0f33fe 100644 --- a/src/credentials/tests/TestGroupDataProvider.cpp +++ b/src/credentials/tests/TestGroupDataProvider.cpp @@ -95,10 +95,10 @@ static const GroupKey kGroup3Keyset1(kGroup3, kKeysetId1); static const GroupKey kGroup3Keyset2(kGroup3, kKeysetId2); static const GroupKey kGroup3Keyset3(kGroup3, kKeysetId3); -static KeySet kKeySet0(kKeysetId0, SecurityPolicy::kStandard, 3); +static KeySet kKeySet0(kKeysetId0, SecurityPolicy::kCacheAndSync, 3); static KeySet kKeySet1(kKeysetId1, SecurityPolicy::kTrustFirst, 1); static KeySet kKeySet2(kKeysetId2, SecurityPolicy::kTrustFirst, 2); -static KeySet kKeySet3(kKeysetId3, SecurityPolicy::kStandard, 3); +static KeySet kKeySet3(kKeysetId3, SecurityPolicy::kCacheAndSync, 3); uint8_t kZeroKey[EpochKey::kLengthBytes] = { 0 }; diff --git a/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h b/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h index 85b933a1f826fa..6728647fd3ff05 100644 --- a/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h +++ b/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h @@ -8495,8 +8495,8 @@ typedef NS_ENUM(NSInteger, CHIPOperationalCredentialsOperationalCertStatus) { }; typedef NS_ENUM(NSInteger, CHIPGroupKeyManagementGroupKeySecurityPolicy) { - CHIPGroupKeyManagementGroupKeySecurityPolicyStandard = 0x00, - CHIPGroupKeyManagementGroupKeySecurityPolicyTrustFirst = 0x01, + CHIPGroupKeyManagementGroupKeySecurityPolicyTrustFirst = 0x00, + CHIPGroupKeyManagementGroupKeySecurityPolicyCacheAndSync = 0x01, }; typedef NS_ENUM(NSInteger, CHIPDoorLockDlAlarmCode) { diff --git a/src/lib/support/TestGroupData.h b/src/lib/support/TestGroupData.h index 075c6607b8f094..94a14d8cc0dce4 100644 --- a/src/lib/support/TestGroupData.h +++ b/src/lib/support/TestGroupData.h @@ -58,8 +58,8 @@ CHIP_ERROR InitGroupData() // Key Sets - chip::Credentials::GroupDataProvider::KeySet keyset1(kKeySet1, chip::Credentials::GroupDataProvider::SecurityPolicy::kStandard, - 3); + chip::Credentials::GroupDataProvider::KeySet keyset1(kKeySet1, + chip::Credentials::GroupDataProvider::SecurityPolicy::kCacheAndSync, 3); const chip::Credentials::GroupDataProvider::EpochKey epoch_keys1[] = { { 1110000, { 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf } }, { 1110001, { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf } }, @@ -69,8 +69,8 @@ CHIP_ERROR InitGroupData() CHIP_ERROR err = sGroupsProvider.SetKeySet(kFabric1, keyset1); ReturnErrorOnFailure(err); - chip::Credentials::GroupDataProvider::KeySet keyset2(kKeySet2, chip::Credentials::GroupDataProvider::SecurityPolicy::kStandard, - 3); + chip::Credentials::GroupDataProvider::KeySet keyset2(kKeySet2, + chip::Credentials::GroupDataProvider::SecurityPolicy::kCacheAndSync, 3); const chip::Credentials::GroupDataProvider::EpochKey epoch_keys2[] = { { 2220000, { 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf } }, { 2220001, { 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef } }, diff --git a/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h b/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h index 068fa6e41386ac..e935d9fe8257a8 100644 --- a/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h +++ b/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h @@ -917,8 +917,8 @@ namespace GroupKeyManagement { // Enum for GroupKeySecurityPolicy enum class GroupKeySecurityPolicy : uint8_t { - kStandard = 0x00, - kTrustFirst = 0x01, + kTrustFirst = 0x00, + kCacheAndSync = 0x01, }; } // namespace GroupKeyManagement diff --git a/zzz_generated/chip-tool/zap-generated/test/Commands.h b/zzz_generated/chip-tool/zap-generated/test/Commands.h index 860857832846b6..2b0812efbc8a31 100644 --- a/zzz_generated/chip-tool/zap-generated/test/Commands.h +++ b/zzz_generated/chip-tool/zap-generated/test/Commands.h @@ -93931,7 +93931,7 @@ class TestGroupMessagingSuite : public TestCommand request.groupKeySet.groupKeySetID = 417U; request.groupKeySet.groupKeySecurityPolicy = - static_cast(1); + static_cast(0); request.groupKeySet.epochKey0.SetNonNull(); request.groupKeySet.epochKey0.Value() = chip::ByteSpan(chip::Uint8::from_const_char( @@ -93983,7 +93983,7 @@ class TestGroupMessagingSuite : public TestCommand request.groupKeySet.groupKeySetID = 418U; request.groupKeySet.groupKeySecurityPolicy = - static_cast(1); + static_cast(0); request.groupKeySet.epochKey0.SetNonNull(); request.groupKeySet.epochKey0.Value() = chip::ByteSpan(chip::Uint8::from_const_char( @@ -97715,7 +97715,7 @@ class TestGroupDemoConfigSuite : public TestCommand request.groupKeySet.groupKeySetID = 417U; request.groupKeySet.groupKeySecurityPolicy = - static_cast(1); + static_cast(0); request.groupKeySet.epochKey0.SetNonNull(); request.groupKeySet.epochKey0.Value() = chip::ByteSpan(chip::Uint8::from_const_char(