From 2fb6f58d848f069f9186b8226ae62bf135908bf5 Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Wed, 27 Mar 2024 12:45:45 -0400 Subject: [PATCH] Add a lint for toplevel "using namespace" in headers. We had all sorts of things using the wrong namespaces because everything was being imported into multiple namespaces if things happened to include certain headers. Remove the "using namespace" bits in core headers, fix the resulting compile issues, add a lint so people stop doing that. --- .github/workflows/lint.yml | 15 +++++++++ .../commands/pairing/IssueNOCChainCommand.h | 2 +- .../pairing/OpenCommissioningWindowCommand.h | 4 +-- .../ElectricalPowerMeasurementDelegate.cpp | 2 ++ .../administrator-commissioning-server.cpp | 1 + .../device-energy-management-server.h | 32 +++++++++---------- .../electrical-power-measurement-server.h | 3 -- .../operational-credentials-server.cpp | 1 + src/app/icd/client/CheckInHandler.cpp | 2 ++ src/app/icd/client/DefaultCheckInDelegate.h | 2 -- .../icd/client/DefaultICDClientStorage.cpp | 2 +- src/app/icd/client/DefaultICDClientStorage.h | 3 +- src/app/icd/client/ICDClientStorage.h | 4 +-- src/app/server/CommissioningWindowManager.cpp | 1 + src/app/server/CommissioningWindowManager.h | 7 ++-- src/app/tests/TestCommissionManager.cpp | 8 +++-- src/controller/AutoCommissioner.cpp | 1 + src/controller/AutoCommissioner.h | 4 ++- src/controller/CHIPDeviceController.cpp | 1 + src/controller/CHIPDeviceController.h | 9 +++--- src/controller/CHIPDeviceControllerFactory.h | 2 +- src/controller/CommissioningDelegate.h | 19 ++++++----- src/controller/CommissioningWindowOpener.cpp | 3 +- src/controller/CommissioningWindowOpener.h | 4 +-- src/controller/java/AndroidCheckInDelegate.h | 2 -- ...r-ScriptPairingDeviceDiscoveryDelegate.cpp | 2 +- .../tests/CHIPCert_test_vectors.cpp | 2 ++ src/credentials/tests/CHIPCert_test_vectors.h | 8 ++--- src/crypto/tests/TestChipCryptoPAL.cpp | 1 + .../secure_channel/CheckinMessage.cpp | 2 ++ src/protocols/secure_channel/CheckinMessage.h | 3 +- src/protocols/secure_channel/PASESession.h | 25 ++++----------- .../secure_channel/RendezvousParameters.h | 7 ++-- .../secure_channel/tests/TestCASESession.cpp | 1 + .../secure_channel/tests/TestCheckinMsg.cpp | 1 + .../secure_channel/tests/TestPASESession.cpp | 1 + src/tools/spake2p/Cmd_GenVerifier.cpp | 27 ++++++++-------- 37 files changed, 116 insertions(+), 98 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c028e0ad018381..69e7668a700da0 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -285,3 +285,18 @@ jobs: if: always() run: | git grep -I -n 'SuccessOrExit([^=)]*(' -- './*' ':(exclude).github/workflows/lint.yml' && exit 1 || exit 0 + + # git grep exits with 0 if it finds a match, but we want + # to fail (exit nonzero) on match. + - name: Check for use of "using namespace" outside of a class/function in headers. + if: always() + run: | + # Various platforms have `using namespace chip::Ble` in their BLEManager* headers; just exclude those for now. + # + # Exclude platform openiotsdk bits that do this in their persistent storage header. + # + # Also exclude examples (for now) and third_party, which have various instances of this. + # + # Ignore uses of `System::Clock::Literals`, because that's the only way to have things using _ms32 or whatnot + # in a header file. + git grep -I -n -e '^using namespace' --and --not -e 'System::Clock::Literals' -- './**/*.h' ':(exclude)src/platform/*/BLEManager*.h' ':(exclude)src/platform/openiotsdk/KVPsaPsStore.h' ':(exclude)./examples' ':(exclude)./third_party' && exit 1 || exit 0 diff --git a/examples/chip-tool/commands/pairing/IssueNOCChainCommand.h b/examples/chip-tool/commands/pairing/IssueNOCChainCommand.h index 8b4c273c3820f8..8b89f07f106006 100644 --- a/examples/chip-tool/commands/pairing/IssueNOCChainCommand.h +++ b/examples/chip-tool/commands/pairing/IssueNOCChainCommand.h @@ -46,7 +46,7 @@ class IssueNOCChainCommand : public CHIPCommand static void OnDeviceNOCChainGeneration(void * context, CHIP_ERROR status, const chip::ByteSpan & noc, const chip::ByteSpan & icac, const chip::ByteSpan & rcac, - chip::Optional ipk, + chip::Optional ipk, chip::Optional adminSubject) { auto command = static_cast(context); diff --git a/examples/chip-tool/commands/pairing/OpenCommissioningWindowCommand.h b/examples/chip-tool/commands/pairing/OpenCommissioningWindowCommand.h index ca05ac12c500e8..3a199745601c93 100644 --- a/examples/chip-tool/commands/pairing/OpenCommissioningWindowCommand.h +++ b/examples/chip-tool/commands/pairing/OpenCommissioningWindowCommand.h @@ -36,8 +36,8 @@ class OpenCommissioningWindowCommand : public CHIPCommand "1 to use Enhanced Commissioning Method.\n 0 to use Basic Commissioning Method."); AddArgument("window-timeout", 0, UINT16_MAX, &mCommissioningWindowTimeout, "Time, in seconds, before the commissioning window closes."); - AddArgument("iteration", chip::kSpake2p_Min_PBKDF_Iterations, chip::kSpake2p_Max_PBKDF_Iterations, &mIteration, - "Number of PBKDF iterations to use to derive the verifier. Ignored if 'option' is 0."); + AddArgument("iteration", chip::Crypto::kSpake2p_Min_PBKDF_Iterations, chip::Crypto::kSpake2p_Max_PBKDF_Iterations, + &mIteration, "Number of PBKDF iterations to use to derive the verifier. Ignored if 'option' is 0."); AddArgument("discriminator", 0, 4096, &mDiscriminator, "Discriminator to use for advertising. Ignored if 'option' is 0."); AddArgument("timeout", 0, UINT16_MAX, &mTimeout, "Time, in seconds, before this command is considered to have timed out."); } diff --git a/examples/energy-management-app/energy-management-common/src/ElectricalPowerMeasurementDelegate.cpp b/examples/energy-management-app/energy-management-common/src/ElectricalPowerMeasurementDelegate.cpp index fdda913a868a22..a99f7f42054062 100644 --- a/examples/energy-management-app/energy-management-common/src/ElectricalPowerMeasurementDelegate.cpp +++ b/examples/energy-management-app/energy-management-common/src/ElectricalPowerMeasurementDelegate.cpp @@ -26,6 +26,8 @@ using namespace chip::app; using namespace chip::app::DataModel; using namespace chip::app::Clusters; using namespace chip::app::Clusters::ElectricalPowerMeasurement; +using namespace chip::app::Clusters::ElectricalPowerMeasurement::Attributes; +using namespace chip::app::Clusters::ElectricalPowerMeasurement::Structs; CHIP_ERROR ElectricalPowerMeasurementInstance::Init() { diff --git a/src/app/clusters/administrator-commissioning-server/administrator-commissioning-server.cpp b/src/app/clusters/administrator-commissioning-server/administrator-commissioning-server.cpp index 8189ae3d67ae12..739b9ae13a1efa 100644 --- a/src/app/clusters/administrator-commissioning-server/administrator-commissioning-server.cpp +++ b/src/app/clusters/administrator-commissioning-server/administrator-commissioning-server.cpp @@ -42,6 +42,7 @@ using namespace chip::app; using namespace chip::app::Clusters; using namespace chip::app::Clusters::AdministratorCommissioning; using namespace chip::Protocols; +using namespace chip::Crypto; using chip::Protocols::InteractionModel::Status; class AdministratorCommissioningAttrAccess : public AttributeAccessInterface diff --git a/src/app/clusters/device-energy-management-server/device-energy-management-server.h b/src/app/clusters/device-energy-management-server/device-energy-management-server.h index 7aeb06da661cd1..2f09dad1fee85e 100644 --- a/src/app/clusters/device-energy-management-server/device-energy-management-server.h +++ b/src/app/clusters/device-energy-management-server/device-energy-management-server.h @@ -34,8 +34,6 @@ namespace app { namespace Clusters { namespace DeviceEnergyManagement { -using namespace chip::app::Clusters::DeviceEnergyManagement::Attributes; - class Delegate { public: @@ -160,24 +158,24 @@ class Delegate // ------------------------------------------------------------------ // Get attribute methods - virtual ESATypeEnum GetESAType() = 0; - virtual bool GetESACanGenerate() = 0; - virtual ESAStateEnum GetESAState() = 0; - virtual int64_t GetAbsMinPower() = 0; - virtual int64_t GetAbsMaxPower() = 0; - virtual PowerAdjustmentCapability::TypeInfo::Type GetPowerAdjustmentCapability() = 0; - virtual DataModel::Nullable GetForecast() = 0; - virtual OptOutStateEnum GetOptOutState() = 0; + virtual ESATypeEnum GetESAType() = 0; + virtual bool GetESACanGenerate() = 0; + virtual ESAStateEnum GetESAState() = 0; + virtual int64_t GetAbsMinPower() = 0; + virtual int64_t GetAbsMaxPower() = 0; + virtual Attributes::PowerAdjustmentCapability::TypeInfo::Type GetPowerAdjustmentCapability() = 0; + virtual DataModel::Nullable GetForecast() = 0; + virtual OptOutStateEnum GetOptOutState() = 0; // ------------------------------------------------------------------ // Set attribute methods - virtual CHIP_ERROR SetESAType(ESATypeEnum) = 0; - virtual CHIP_ERROR SetESACanGenerate(bool) = 0; - virtual CHIP_ERROR SetESAState(ESAStateEnum) = 0; - virtual CHIP_ERROR SetAbsMinPower(int64_t) = 0; - virtual CHIP_ERROR SetAbsMaxPower(int64_t) = 0; - virtual CHIP_ERROR SetPowerAdjustmentCapability(PowerAdjustmentCapability::TypeInfo::Type) = 0; - virtual CHIP_ERROR SetForecast(DataModel::Nullable) = 0; + virtual CHIP_ERROR SetESAType(ESATypeEnum) = 0; + virtual CHIP_ERROR SetESACanGenerate(bool) = 0; + virtual CHIP_ERROR SetESAState(ESAStateEnum) = 0; + virtual CHIP_ERROR SetAbsMinPower(int64_t) = 0; + virtual CHIP_ERROR SetAbsMaxPower(int64_t) = 0; + virtual CHIP_ERROR SetPowerAdjustmentCapability(Attributes::PowerAdjustmentCapability::TypeInfo::Type) = 0; + virtual CHIP_ERROR SetForecast(DataModel::Nullable) = 0; protected: EndpointId mEndpointId = 0; diff --git a/src/app/clusters/electrical-power-measurement-server/electrical-power-measurement-server.h b/src/app/clusters/electrical-power-measurement-server/electrical-power-measurement-server.h index 28af3fa0abb343..8204a271434e63 100644 --- a/src/app/clusters/electrical-power-measurement-server/electrical-power-measurement-server.h +++ b/src/app/clusters/electrical-power-measurement-server/electrical-power-measurement-server.h @@ -29,9 +29,6 @@ namespace app { namespace Clusters { namespace ElectricalPowerMeasurement { -using namespace chip::app::Clusters::ElectricalPowerMeasurement::Attributes; -using namespace chip::app::Clusters::ElectricalPowerMeasurement::Structs; - class Delegate { public: diff --git a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp index 459c42fcbcc8b3..452e6d49816c46 100644 --- a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp +++ b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp @@ -55,6 +55,7 @@ using namespace chip::app; using namespace chip::app::Clusters; using namespace chip::app::Clusters::OperationalCredentials; using namespace chip::Credentials; +using namespace chip::Crypto; using namespace chip::Protocols::InteractionModel; namespace { diff --git a/src/app/icd/client/CheckInHandler.cpp b/src/app/icd/client/CheckInHandler.cpp index f6ef50a0019d66..8f0a4de9c1a064 100644 --- a/src/app/icd/client/CheckInHandler.cpp +++ b/src/app/icd/client/CheckInHandler.cpp @@ -37,6 +37,8 @@ #include +using namespace chip::Protocols::SecureChannel; + namespace chip { namespace app { diff --git a/src/app/icd/client/DefaultCheckInDelegate.h b/src/app/icd/client/DefaultCheckInDelegate.h index 5465994ef1bda0..355259f561ea40 100644 --- a/src/app/icd/client/DefaultCheckInDelegate.h +++ b/src/app/icd/client/DefaultCheckInDelegate.h @@ -24,8 +24,6 @@ namespace chip { namespace app { -using namespace std; - class InteractionModelEngine; /// Callbacks for check in protocol diff --git a/src/app/icd/client/DefaultICDClientStorage.cpp b/src/app/icd/client/DefaultICDClientStorage.cpp index 7ada84287fa4df..73e7b5f5c1fdf9 100644 --- a/src/app/icd/client/DefaultICDClientStorage.cpp +++ b/src/app/icd/client/DefaultICDClientStorage.cpp @@ -463,7 +463,7 @@ CHIP_ERROR DefaultICDClientStorage::DeleteAllEntries(FabricIndex fabricIndex) } CHIP_ERROR DefaultICDClientStorage::ProcessCheckInPayload(const ByteSpan & payload, ICDClientInfo & clientInfo, - CounterType & counter) + Protocols::SecureChannel::CounterType & counter) { uint8_t appDataBuffer[kAppDataLength]; MutableByteSpan appData(appDataBuffer); diff --git a/src/app/icd/client/DefaultICDClientStorage.h b/src/app/icd/client/DefaultICDClientStorage.h index 8a2d44115abccf..c2a95fd2a1064b 100644 --- a/src/app/icd/client/DefaultICDClientStorage.h +++ b/src/app/icd/client/DefaultICDClientStorage.h @@ -117,7 +117,8 @@ class DefaultICDClientStorage : public ICDClientStorage */ CHIP_ERROR DeleteAllEntries(FabricIndex fabricIndex); - CHIP_ERROR ProcessCheckInPayload(const ByteSpan & payload, ICDClientInfo & clientInfo, CounterType & counter) override; + CHIP_ERROR ProcessCheckInPayload(const ByteSpan & payload, ICDClientInfo & clientInfo, + Protocols::SecureChannel::CounterType & counter) override; protected: enum class ClientInfoTag : uint8_t diff --git a/src/app/icd/client/ICDClientStorage.h b/src/app/icd/client/ICDClientStorage.h index d65a64ff8c21a8..3da8cb906146ad 100644 --- a/src/app/icd/client/ICDClientStorage.h +++ b/src/app/icd/client/ICDClientStorage.h @@ -31,7 +31,6 @@ namespace chip { namespace app { -using namespace Protocols::SecureChannel; /** * The ICDClientStorage class is an abstract interface that defines the operations * for storing, retrieving and deleting ICD client information in persistent storage. @@ -81,7 +80,8 @@ class ICDClientStorage * @param[out] clientInfo retrieved matched clientInfo from storage * @param[out] counter counter value received in the check-in message */ - virtual CHIP_ERROR ProcessCheckInPayload(const ByteSpan & payload, ICDClientInfo & clientInfo, CounterType & counter) = 0; + virtual CHIP_ERROR ProcessCheckInPayload(const ByteSpan & payload, ICDClientInfo & clientInfo, + Protocols::SecureChannel::CounterType & counter) = 0; // 4 bytes for counter + 2 bytes for ActiveModeThreshold static inline constexpr uint8_t kAppDataLength = 6; diff --git a/src/app/server/CommissioningWindowManager.cpp b/src/app/server/CommissioningWindowManager.cpp index c523564382904c..a205d093c27d00 100644 --- a/src/app/server/CommissioningWindowManager.cpp +++ b/src/app/server/CommissioningWindowManager.cpp @@ -31,6 +31,7 @@ using namespace chip::app::Clusters; using namespace chip::System::Clock; +using namespace chip::Crypto; using AdministratorCommissioning::CommissioningWindowStatusEnum; using chip::app::DataModel::MakeNullable; diff --git a/src/app/server/CommissioningWindowManager.h b/src/app/server/CommissioningWindowManager.h index 26a2f9ceb19b71..6b4e1efded76f4 100644 --- a/src/app/server/CommissioningWindowManager.h +++ b/src/app/server/CommissioningWindowManager.h @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -93,7 +94,7 @@ class CommissioningWindowManager : public Messaging::UnsolicitedMessageHandler, FabricIndex fabricIndex, VendorId vendorId); CHIP_ERROR OpenEnhancedCommissioningWindow(System::Clock::Seconds16 commissioningTimeout, uint16_t discriminator, - Spake2pVerifier & verifier, uint32_t iterations, chip::ByteSpan salt, + Crypto::Spake2pVerifier & verifier, uint32_t iterations, chip::ByteSpan salt, FabricIndex fabricIndex, VendorId vendorId); void CloseCommissioningWindow(); @@ -204,7 +205,7 @@ class CommissioningWindowManager : public Messaging::UnsolicitedMessageHandler, uint8_t mFailedCommissioningAttempts = 0; bool mUseECM = false; - Spake2pVerifier mECMPASEVerifier; + Crypto::Spake2pVerifier mECMPASEVerifier; uint16_t mECMDiscriminator = 0; // mListeningForPASE is true only when we are listening for // PBKDFParamRequest messages or when we're in the middle of a PASE @@ -214,7 +215,7 @@ class CommissioningWindowManager : public Messaging::UnsolicitedMessageHandler, bool mCommissioningTimeoutTimerArmed = false; uint32_t mECMIterations = 0; uint32_t mECMSaltLength = 0; - uint8_t mECMSalt[kSpake2p_Max_PBKDF_Salt_Length]; + uint8_t mECMSalt[Crypto::kSpake2p_Max_PBKDF_Salt_Length]; // For tests only, so that we can test the commissioning window timeout // without having to wait 3 minutes. diff --git a/src/app/tests/TestCommissionManager.cpp b/src/app/tests/TestCommissionManager.cpp index a12ec42ec3c49a..c88b459742de16 100644 --- a/src/app/tests/TestCommissionManager.cpp +++ b/src/app/tests/TestCommissionManager.cpp @@ -32,6 +32,8 @@ #include +using namespace chip::Crypto; + using chip::CommissioningWindowAdvertisement; using chip::CommissioningWindowManager; using chip::Server; @@ -328,9 +330,9 @@ void CheckCommissioningWindowManagerEnhancedWindowTask(intptr_t context) CHIP_ERROR err = chip::DeviceLayer::GetCommissionableDataProvider()->GetSetupDiscriminator(originDiscriminator); NL_TEST_ASSERT(suite, err == CHIP_NO_ERROR); uint16_t newDiscriminator = static_cast(originDiscriminator + 1); - chip::Spake2pVerifier verifier; - constexpr uint32_t kIterations = chip::kSpake2p_Min_PBKDF_Iterations; - uint8_t salt[chip::kSpake2p_Min_PBKDF_Salt_Length]; + Spake2pVerifier verifier; + constexpr uint32_t kIterations = kSpake2p_Min_PBKDF_Iterations; + uint8_t salt[kSpake2p_Min_PBKDF_Salt_Length]; chip::ByteSpan saltData(salt); NL_TEST_ASSERT(suite, !sWindowStatusDirty); diff --git a/src/controller/AutoCommissioner.cpp b/src/controller/AutoCommissioner.cpp index 42b39a10c7ab48..b61eaa0a1c8407 100644 --- a/src/controller/AutoCommissioner.cpp +++ b/src/controller/AutoCommissioner.cpp @@ -29,6 +29,7 @@ namespace chip { namespace Controller { using namespace chip::app::Clusters; +using namespace chip::Crypto; using chip::app::DataModel::MakeNullable; using chip::app::DataModel::NullNullable; diff --git a/src/controller/AutoCommissioner.h b/src/controller/AutoCommissioner.h index 389beee75f9d07..3399e2776946de 100644 --- a/src/controller/AutoCommissioner.h +++ b/src/controller/AutoCommissioner.h @@ -19,6 +19,7 @@ #include #include #include +#include #include namespace chip { @@ -70,7 +71,8 @@ class AutoCommissioner : public CommissioningDelegate ByteSpan GetDAC() const { return ByteSpan(mDAC, mDACLen); } ByteSpan GetPAI() const { return ByteSpan(mPAI, mPAILen); } - CHIP_ERROR NOCChainGenerated(ByteSpan noc, ByteSpan icac, ByteSpan rcac, IdentityProtectionKeySpan ipk, NodeId adminSubject); + CHIP_ERROR NOCChainGenerated(ByteSpan noc, ByteSpan icac, ByteSpan rcac, Crypto::IdentityProtectionKeySpan ipk, + NodeId adminSubject); EndpointId GetEndpoint(const CommissioningStage & stage) const; CommissioningStage GetNextCommissioningStageInternal(CommissioningStage currentStage, CHIP_ERROR & lastErr); diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp index af0a66ea834da3..cd7887564d9660 100644 --- a/src/controller/CHIPDeviceController.cpp +++ b/src/controller/CHIPDeviceController.cpp @@ -77,6 +77,7 @@ using namespace chip::System; using namespace chip::Transport; using namespace chip::Credentials; using namespace chip::app::Clusters; +using namespace chip::Crypto; namespace chip { namespace Controller { diff --git a/src/controller/CHIPDeviceController.h b/src/controller/CHIPDeviceController.h index dd7b5bc31eec46..8ce2dbdab6a633 100644 --- a/src/controller/CHIPDeviceController.h +++ b/src/controller/CHIPDeviceController.h @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include @@ -79,8 +80,6 @@ namespace chip { namespace Controller { -using namespace chip::Protocols::UserDirectedCommissioning; - inline constexpr uint16_t kNumMaxActiveDevices = CHIP_CONFIG_CONTROLLER_MAX_ACTIVE_DEVICES; struct ControllerInitParams @@ -272,7 +271,7 @@ class DLL_EXPORT DeviceController : public AbstractDnssdDiscoveryController * @return CHIP_ERROR CHIP_NO_ERROR on success, or corresponding error */ CHIP_ERROR ComputePASEVerifier(uint32_t iterations, uint32_t setupPincode, const ByteSpan & salt, - Spake2pVerifier & outVerifier); + Crypto::Spake2pVerifier & outVerifier); void RegisterDeviceDiscoveryDelegate(DeviceDiscoveryDelegate * delegate) { mDeviceDiscoveryDelegate = delegate; } @@ -821,7 +820,7 @@ class DLL_EXPORT DeviceCommissioner : public DeviceController, The function does not hold a reference to the device object. */ CHIP_ERROR SendOperationalCertificate(DeviceProxy * device, const ByteSpan & nocCertBuf, const Optional & icaCertBuf, - IdentityProtectionKeySpan ipk, NodeId adminSubject, + Crypto::IdentityProtectionKeySpan ipk, NodeId adminSubject, Optional timeout); /* This function sends the trusted root certificate to the device. The function does not hold a reference to the device object. @@ -886,7 +885,7 @@ class DLL_EXPORT DeviceCommissioner : public DeviceController, Credentials::AttestationVerificationResult result); static void OnDeviceNOCChainGeneration(void * context, CHIP_ERROR status, const ByteSpan & noc, const ByteSpan & icac, - const ByteSpan & rcac, Optional ipk, + const ByteSpan & rcac, Optional ipk, Optional adminSubject); static void OnArmFailSafe(void * context, const chip::app::Clusters::GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data); diff --git a/src/controller/CHIPDeviceControllerFactory.h b/src/controller/CHIPDeviceControllerFactory.h index 6b4aa77fdc00c8..764149c9d4a5c2 100644 --- a/src/controller/CHIPDeviceControllerFactory.h +++ b/src/controller/CHIPDeviceControllerFactory.h @@ -120,7 +120,7 @@ struct FactoryInitParams Inet::EndPointManager * tcpEndPointManager = nullptr; Inet::EndPointManager * udpEndPointManager = nullptr; FabricTable * fabricTable = nullptr; - OperationalKeystore * operationalKeystore = nullptr; + Crypto::OperationalKeystore * operationalKeystore = nullptr; Credentials::OperationalCertificateStore * opCertStore = nullptr; SessionResumptionStorage * sessionResumptionStorage = nullptr; #if CONFIG_NETWORK_LAYER_BLE diff --git a/src/controller/CommissioningDelegate.h b/src/controller/CommissioningDelegate.h index 4b1040fcd79690..08da786b7b06f9 100644 --- a/src/controller/CommissioningDelegate.h +++ b/src/controller/CommissioningDelegate.h @@ -22,6 +22,7 @@ #include #include #include +#include #include #include @@ -232,9 +233,9 @@ class CommissioningParameters // Epoch key for the identity protection key for the node being commissioned. In the AutoCommissioner, this is set by by the // kGenerateNOCChain stage through the OperationalCredentialsDelegate. // This value must be set before calling PerformCommissioningStep for the kSendNOC step. - const Optional GetIpk() const + const Optional GetIpk() const { - return mIpk.HasValue() ? Optional(mIpk.Value().Span()) : Optional(); + return mIpk.HasValue() ? MakeOptional(mIpk.Value().Span()) : NullOptional; } // Admin subject id used for the case access control entry created if the AddNOC command succeeds. In the AutoCommissioner, this @@ -416,9 +417,9 @@ class CommissioningParameters mIcac.SetValue(icac); return *this; } - CommissioningParameters & SetIpk(const IdentityProtectionKeySpan ipk) + CommissioningParameters & SetIpk(const Crypto::IdentityProtectionKeySpan ipk) { - mIpk.SetValue(IdentityProtectionKey(ipk)); + mIpk.SetValue(Crypto::IdentityProtectionKey(ipk)); return *this; } CommissioningParameters & SetAdminSubject(const NodeId adminSubject) @@ -599,7 +600,7 @@ class CommissioningParameters Optional mRootCert; Optional mNoc; Optional mIcac; - Optional mIpk; + Optional mIpk; Optional mAdminSubject; // Items that come from the device in commissioning steps Optional mAttestationElements; @@ -651,13 +652,15 @@ struct CSRResponse struct NocChain { - NocChain(ByteSpan newNoc, ByteSpan newIcac, ByteSpan newRcac, IdentityProtectionKeySpan newIpk, NodeId newAdminSubject) : - noc(newNoc), icac(newIcac), rcac(newRcac), ipk(newIpk), adminSubject(newAdminSubject) + NocChain(ByteSpan newNoc, ByteSpan newIcac, ByteSpan newRcac, Crypto::IdentityProtectionKeySpan newIpk, + NodeId newAdminSubject) : + noc(newNoc), + icac(newIcac), rcac(newRcac), ipk(newIpk), adminSubject(newAdminSubject) {} ByteSpan noc; ByteSpan icac; ByteSpan rcac; - IdentityProtectionKeySpan ipk; + Crypto::IdentityProtectionKeySpan ipk; NodeId adminSubject; }; diff --git a/src/controller/CommissioningWindowOpener.cpp b/src/controller/CommissioningWindowOpener.cpp index 7cc4fbe0de5adf..47666972137bcc 100644 --- a/src/controller/CommissioningWindowOpener.cpp +++ b/src/controller/CommissioningWindowOpener.cpp @@ -25,6 +25,7 @@ using namespace chip::app::Clusters; using namespace chip::System::Clock; +using namespace chip::Crypto; namespace { // TODO: What should the timed invoke timeout here be? @@ -134,7 +135,7 @@ CHIP_ERROR CommissioningWindowOpener::OpenCommissioningWindowInternal(Messaging: if (mCommissioningWindowOption != CommissioningWindowOption::kOriginalSetupCode) { - chip::Spake2pVerifierSerialized serializedVerifier; + Spake2pVerifierSerialized serializedVerifier; MutableByteSpan serializedVerifierSpan(serializedVerifier); ReturnErrorOnFailure(mVerifier.Serialize(serializedVerifierSpan)); diff --git a/src/controller/CommissioningWindowOpener.h b/src/controller/CommissioningWindowOpener.h index d213600b4cb633..10547dce3a662d 100644 --- a/src/controller/CommissioningWindowOpener.h +++ b/src/controller/CommissioningWindowOpener.h @@ -139,10 +139,10 @@ class CommissioningWindowOpener NodeId mNodeId = kUndefinedNodeId; System::Clock::Seconds16 mCommissioningWindowTimeout = System::Clock::kZero; CommissioningWindowOption mCommissioningWindowOption = CommissioningWindowOption::kOriginalSetupCode; - Spake2pVerifier mVerifier; // Used for non-basic commissioning. + Crypto::Spake2pVerifier mVerifier; // Used for non-basic commissioning. // Parameters needed for non-basic commissioning. uint32_t mPBKDFIterations = 0; - uint8_t mPBKDFSaltBuffer[kSpake2p_Max_PBKDF_Salt_Length]; + uint8_t mPBKDFSaltBuffer[Crypto::kSpake2p_Max_PBKDF_Salt_Length]; ByteSpan mPBKDFSalt; Callback::Callback mDeviceConnected; diff --git a/src/controller/java/AndroidCheckInDelegate.h b/src/controller/java/AndroidCheckInDelegate.h index 5616b2815ed9b2..7c3bb99ac96440 100644 --- a/src/controller/java/AndroidCheckInDelegate.h +++ b/src/controller/java/AndroidCheckInDelegate.h @@ -25,8 +25,6 @@ namespace chip { namespace app { -using namespace std; - class InteractionModelEngine; /// Callbacks for check in protocol diff --git a/src/controller/python/ChipDeviceController-ScriptPairingDeviceDiscoveryDelegate.cpp b/src/controller/python/ChipDeviceController-ScriptPairingDeviceDiscoveryDelegate.cpp index 850ec208ac3e4b..e5cb7d768e4d18 100644 --- a/src/controller/python/ChipDeviceController-ScriptPairingDeviceDiscoveryDelegate.cpp +++ b/src/controller/python/ChipDeviceController-ScriptPairingDeviceDiscoveryDelegate.cpp @@ -40,7 +40,7 @@ void ScriptPairingDeviceDiscoveryDelegate::OnDiscoveredDevice(const Dnssd::Disco Inet::InterfaceId interfaceId = nodeData.resolutionData.ipAddress[0].IsIPv6LinkLocal() ? nodeData.resolutionData.interfaceId : Inet::InterfaceId::Null(); - PeerAddress peerAddress = PeerAddress::UDP(nodeData.resolutionData.ipAddress[0], port, interfaceId); + auto peerAddress = Transport::PeerAddress::UDP(nodeData.resolutionData.ipAddress[0], port, interfaceId); RendezvousParameters keyExchangeParams = RendezvousParameters().SetSetupPINCode(mSetupPasscode).SetPeerAddress(peerAddress); diff --git a/src/credentials/tests/CHIPCert_test_vectors.cpp b/src/credentials/tests/CHIPCert_test_vectors.cpp index e798a19cbd43a7..ca9bd9556550c6 100644 --- a/src/credentials/tests/CHIPCert_test_vectors.cpp +++ b/src/credentials/tests/CHIPCert_test_vectors.cpp @@ -28,6 +28,8 @@ #include "CHIPCert_test_vectors.h" +using namespace chip::Credentials; + namespace chip { namespace TestCerts { diff --git a/src/credentials/tests/CHIPCert_test_vectors.h b/src/credentials/tests/CHIPCert_test_vectors.h index daacaed690c2b6..104436e5acc107 100644 --- a/src/credentials/tests/CHIPCert_test_vectors.h +++ b/src/credentials/tests/CHIPCert_test_vectors.h @@ -34,8 +34,6 @@ namespace chip { namespace TestCerts { -using namespace chip::Credentials; - enum TestCert { kNone = 0, @@ -78,9 +76,9 @@ extern CHIP_ERROR GetTestCertKeypair(TestCert certType, Crypto::P256SerializedKe extern CHIP_ERROR GetTestCertSKID(TestCert certType, ByteSpan & skid); extern CHIP_ERROR GetTestCertAKID(TestCert certType, ByteSpan & akid); -extern CHIP_ERROR DecodeTestCert(ChipCertificateData & certData, TestCert certType); -extern CHIP_ERROR LoadTestCert(ChipCertificateSet & certSet, TestCert certType, BitFlags certLoadFlags, - BitFlags decodeFlags); +extern CHIP_ERROR DecodeTestCert(Credentials::ChipCertificateData & certData, TestCert certType); +extern CHIP_ERROR LoadTestCert(Credentials::ChipCertificateSet & certSet, TestCert certType, + BitFlags certLoadFlags, BitFlags decodeFlags); extern const TestCert gTestCerts[]; extern const size_t gNumTestCerts; diff --git a/src/crypto/tests/TestChipCryptoPAL.cpp b/src/crypto/tests/TestChipCryptoPAL.cpp index db5ee6b74480cd..239d951910c80e 100644 --- a/src/crypto/tests/TestChipCryptoPAL.cpp +++ b/src/crypto/tests/TestChipCryptoPAL.cpp @@ -77,6 +77,7 @@ using namespace chip; using namespace chip::Crypto; +using namespace chip::Credentials; using namespace chip::TLV; namespace { diff --git a/src/protocols/secure_channel/CheckinMessage.cpp b/src/protocols/secure_channel/CheckinMessage.cpp index 972b61c35ff0c0..91dfccd52510b3 100644 --- a/src/protocols/secure_channel/CheckinMessage.cpp +++ b/src/protocols/secure_channel/CheckinMessage.cpp @@ -25,6 +25,8 @@ #include #include +using namespace chip::Crypto; + namespace chip { namespace Protocols { namespace SecureChannel { diff --git a/src/protocols/secure_channel/CheckinMessage.h b/src/protocols/secure_channel/CheckinMessage.h index 0750c3cf319f94..0ab248372f4a18 100644 --- a/src/protocols/secure_channel/CheckinMessage.h +++ b/src/protocols/secure_channel/CheckinMessage.h @@ -30,7 +30,6 @@ namespace chip { namespace Protocols { namespace SecureChannel { -using namespace Crypto; using CounterType = uint32_t; @@ -101,7 +100,7 @@ class DLL_EXPORT CheckinMessage static size_t GetAppDataSize(const ByteSpan & payload); static constexpr uint16_t kMinPayloadSize = - CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES + sizeof(CounterType) + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES; + Crypto::CHIP_CRYPTO_AEAD_NONCE_LENGTH_BYTES + sizeof(CounterType) + Crypto::CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES; private: /** diff --git a/src/protocols/secure_channel/PASESession.h b/src/protocols/secure_channel/PASESession.h index e270baf42e80f1..f90c2545b7d787 100644 --- a/src/protocols/secure_channel/PASESession.h +++ b/src/protocols/secure_channel/PASESession.h @@ -46,19 +46,6 @@ extern const char kSpake2pR2ISessionInfo[]; inline constexpr uint16_t kPBKDFParamRandomNumberSize = 32; -using namespace Crypto; - -struct PASESessionSerialized; - -struct PASESessionSerializable -{ - uint16_t mKeLen; - uint8_t mKe[kMAX_Hash_Length]; - uint8_t mPairingComplete; - uint16_t mLocalSessionId; - uint16_t mPeerSessionId; -}; - class DLL_EXPORT PASESession : public Messaging::UnsolicitedMessageHandler, public Messaging::ExchangeDelegate, public PairingSession @@ -94,7 +81,7 @@ class DLL_EXPORT PASESession : public Messaging::UnsolicitedMessageHandler, * * @return CHIP_ERROR The result of initialization */ - CHIP_ERROR WaitForPairing(SessionManager & sessionManager, const Spake2pVerifier & verifier, uint32_t pbkdf2IterCount, + CHIP_ERROR WaitForPairing(SessionManager & sessionManager, const Crypto::Spake2pVerifier & verifier, uint32_t pbkdf2IterCount, const ByteSpan & salt, Optional mrpLocalConfig, SessionEstablishmentDelegate * delegate); @@ -128,7 +115,7 @@ class DLL_EXPORT PASESession : public Messaging::UnsolicitedMessageHandler, * * @return CHIP_ERROR The result of PASE verifier generation */ - static CHIP_ERROR GeneratePASEVerifier(Spake2pVerifier & verifier, uint32_t pbkdf2IterCount, const ByteSpan & salt, + static CHIP_ERROR GeneratePASEVerifier(Crypto::Spake2pVerifier & verifier, uint32_t pbkdf2IterCount, const ByteSpan & salt, bool useRandomPIN, uint32_t & setupPIN); /** @@ -211,9 +198,9 @@ class DLL_EXPORT PASESession : public Messaging::UnsolicitedMessageHandler, // mNextExpectedMsg is set when we are expecting a message. Optional mNextExpectedMsg; - Spake2p_P256_SHA256_HKDF_HMAC mSpake2p; + Crypto::Spake2p_P256_SHA256_HKDF_HMAC mSpake2p; - Spake2pVerifier mPASEVerifier; + Crypto::Spake2pVerifier mPASEVerifier; uint32_t mSetupPINCode; @@ -221,7 +208,7 @@ class DLL_EXPORT PASESession : public Messaging::UnsolicitedMessageHandler, uint8_t mPBKDFLocalRandomData[kPBKDFParamRandomNumberSize]; - Hash_SHA256_stream mCommissioningHash; + Crypto::Hash_SHA256_stream mCommissioningHash; uint32_t mIterationCount = 0; uint16_t mSaltLength = 0; uint8_t * mSalt = nullptr; @@ -232,7 +219,7 @@ class DLL_EXPORT PASESession : public Messaging::UnsolicitedMessageHandler, }; protected: - uint8_t mKe[kMAX_Hash_Length]; + uint8_t mKe[Crypto::kMAX_Hash_Length]; size_t mKeLen = sizeof(mKe); diff --git a/src/protocols/secure_channel/RendezvousParameters.h b/src/protocols/secure_channel/RendezvousParameters.h index e5e366d3b3b704..5586dbada42791 100644 --- a/src/protocols/secure_channel/RendezvousParameters.h +++ b/src/protocols/secure_channel/RendezvousParameters.h @@ -23,6 +23,7 @@ #include #endif // CONFIG_NETWORK_LAYER_BLE +#include #include #include #include @@ -67,8 +68,8 @@ class RendezvousParameters } bool HasPASEVerifier() const { return mHasPASEVerifier; } - const Spake2pVerifier & GetPASEVerifier() const { return mPASEVerifier; } - RendezvousParameters & SetPASEVerifier(Spake2pVerifier & verifier) + const Crypto::Spake2pVerifier & GetPASEVerifier() const { return mPASEVerifier; } + RendezvousParameters & SetPASEVerifier(Crypto::Spake2pVerifier & verifier) { memmove(&mPASEVerifier, &verifier, sizeof(verifier)); mHasPASEVerifier = true; @@ -131,7 +132,7 @@ class RendezvousParameters uint32_t mSetupPINCode = 0; ///< the target peripheral setup PIN Code uint16_t mDiscriminator = UINT16_MAX; ///< the target peripheral discriminator - Spake2pVerifier mPASEVerifier; + Crypto::Spake2pVerifier mPASEVerifier; bool mHasPASEVerifier = false; Optional mMRPConfig; diff --git a/src/protocols/secure_channel/tests/TestCASESession.cpp b/src/protocols/secure_channel/tests/TestCASESession.cpp index e72da8af1cbad7..df4a2edf05ea29 100644 --- a/src/protocols/secure_channel/tests/TestCASESession.cpp +++ b/src/protocols/secure_channel/tests/TestCASESession.cpp @@ -52,6 +52,7 @@ using namespace chip::Inet; using namespace chip::Transport; using namespace chip::Messaging; using namespace chip::Protocols; +using namespace chip::Crypto; namespace chip { namespace { diff --git a/src/protocols/secure_channel/tests/TestCheckinMsg.cpp b/src/protocols/secure_channel/tests/TestCheckinMsg.cpp index f756b627defef9..a1ad1b7ac68af8 100644 --- a/src/protocols/secure_channel/tests/TestCheckinMsg.cpp +++ b/src/protocols/secure_channel/tests/TestCheckinMsg.cpp @@ -33,6 +33,7 @@ using namespace chip; using namespace chip::Protocols; using namespace chip::Protocols::SecureChannel; +using namespace chip::Crypto; using TestSessionKeystoreImpl = Crypto::DefaultSessionKeystore; namespace chip { diff --git a/src/protocols/secure_channel/tests/TestPASESession.cpp b/src/protocols/secure_channel/tests/TestPASESession.cpp index a68b69f417838b..073a2afb6ae651 100644 --- a/src/protocols/secure_channel/tests/TestPASESession.cpp +++ b/src/protocols/secure_channel/tests/TestPASESession.cpp @@ -51,6 +51,7 @@ using namespace chip::Inet; using namespace chip::Transport; using namespace chip::Messaging; using namespace chip::Protocols; +using namespace chip::Crypto; namespace { diff --git a/src/tools/spake2p/Cmd_GenVerifier.cpp b/src/tools/spake2p/Cmd_GenVerifier.cpp index 7b4d7ce003ce95..dae873020b67fa 100644 --- a/src/tools/spake2p/Cmd_GenVerifier.cpp +++ b/src/tools/spake2p/Cmd_GenVerifier.cpp @@ -36,6 +36,8 @@ #include #include +using namespace chip::Crypto; + namespace { using namespace chip::ArgParser; @@ -151,7 +153,7 @@ OptionSet *gCmdOptionSets[] = uint32_t gCount = 1; uint32_t gPinCode = chip::kSetupPINCodeUndefinedValue; uint32_t gIterationCount = 0; -uint8_t gSalt[BASE64_MAX_DECODED_LEN(BASE64_ENCODED_LEN(chip::kSpake2p_Max_PBKDF_Salt_Length))]; +uint8_t gSalt[BASE64_MAX_DECODED_LEN(BASE64_ENCODED_LEN(kSpake2p_Max_PBKDF_Salt_Length))]; uint8_t gSaltDecodedLen = 0; uint8_t gSaltLen = 0; const char * gOutFileName = nullptr; @@ -215,7 +217,7 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char case 'i': if (!ParseInt(arg, gIterationCount) || - !(gIterationCount >= chip::kSpake2p_Min_PBKDF_Iterations && gIterationCount <= chip::kSpake2p_Max_PBKDF_Iterations)) + !(gIterationCount >= kSpake2p_Min_PBKDF_Iterations && gIterationCount <= kSpake2p_Max_PBKDF_Iterations)) { PrintArgError("%s: Invalid value specified for the iteration-count parameter: %s\n", progName, arg); return false; @@ -223,8 +225,7 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char break; case 'l': - if (!ParseInt(arg, gSaltLen) || - !(gSaltLen >= chip::kSpake2p_Min_PBKDF_Salt_Length && gSaltLen <= chip::kSpake2p_Max_PBKDF_Salt_Length)) + if (!ParseInt(arg, gSaltLen) || !(gSaltLen >= kSpake2p_Min_PBKDF_Salt_Length && gSaltLen <= kSpake2p_Max_PBKDF_Salt_Length)) { PrintArgError("%s: Invalid value specified for salt length parameter: %s\n", progName, arg); return false; @@ -232,7 +233,7 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char break; case 's': - if (strlen(arg) > BASE64_ENCODED_LEN(chip::kSpake2p_Max_PBKDF_Salt_Length)) + if (strlen(arg) > BASE64_ENCODED_LEN(kSpake2p_Max_PBKDF_Salt_Length)) { fprintf(stderr, "%s: Salt parameter too long: %s\n", progName, arg); return false; @@ -242,13 +243,13 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char // The first check was just to make sure Base64Decode32 would not write beyond the buffer. // Now double-check if the length is correct. - if (gSaltDecodedLen > chip::kSpake2p_Max_PBKDF_Salt_Length) + if (gSaltDecodedLen > kSpake2p_Max_PBKDF_Salt_Length) { fprintf(stderr, "%s: Salt parameter too long: %s\n", progName, arg); return false; } - if (gSaltDecodedLen < chip::kSpake2p_Min_PBKDF_Salt_Length) + if (gSaltDecodedLen < kSpake2p_Min_PBKDF_Salt_Length) { fprintf(stderr, "%s: Salt parameter too short: %s\n", progName, arg); return false; @@ -332,7 +333,7 @@ bool Cmd_GenVerifier(int argc, char * argv[]) for (uint32_t i = 0; i < gCount; i++) { - uint8_t salt[chip::kSpake2p_Max_PBKDF_Salt_Length]; + uint8_t salt[kSpake2p_Max_PBKDF_Salt_Length]; if (gSaltDecodedLen == 0) { CHIP_ERROR err = chip::Crypto::DRBG_get_bytes(salt, gSaltLen); @@ -347,7 +348,7 @@ bool Cmd_GenVerifier(int argc, char * argv[]) memcpy(salt, gSalt, gSaltLen); } - chip::Spake2pVerifier verifier; + Spake2pVerifier verifier; CHIP_ERROR err = chip::PASESession::GeneratePASEVerifier(verifier, gIterationCount, chip::ByteSpan(salt, gSaltLen), (gPinCode == chip::kSetupPINCodeUndefinedValue), gPinCode); if (err != CHIP_NO_ERROR) @@ -356,7 +357,7 @@ bool Cmd_GenVerifier(int argc, char * argv[]) return false; } - chip::Spake2pVerifierSerialized serializedVerifier; + Spake2pVerifierSerialized serializedVerifier; chip::MutableByteSpan serializedVerifierSpan(serializedVerifier); err = verifier.Serialize(serializedVerifierSpan); if (err != CHIP_NO_ERROR) @@ -365,12 +366,12 @@ bool Cmd_GenVerifier(int argc, char * argv[]) return false; } - char saltB64[BASE64_ENCODED_LEN(chip::kSpake2p_Max_PBKDF_Salt_Length) + 1]; + char saltB64[BASE64_ENCODED_LEN(kSpake2p_Max_PBKDF_Salt_Length) + 1]; uint32_t saltB64Len = chip::Base64Encode32(salt, gSaltLen, saltB64); saltB64[saltB64Len] = '\0'; - char verifierB64[BASE64_ENCODED_LEN(chip::kSpake2p_VerifierSerialized_Length) + 1]; - uint32_t verifierB64Len = chip::Base64Encode32(serializedVerifier, chip::kSpake2p_VerifierSerialized_Length, verifierB64); + char verifierB64[BASE64_ENCODED_LEN(kSpake2p_VerifierSerialized_Length) + 1]; + uint32_t verifierB64Len = chip::Base64Encode32(serializedVerifier, kSpake2p_VerifierSerialized_Length, verifierB64); verifierB64[verifierB64Len] = '\0'; if (fprintf(outFile, "%d,%08d,%d,%s,%s\n", i, gPinCode, gIterationCount, saltB64, verifierB64) < 0 || ferror(outFile))