diff --git a/src/lib/core/CHIPConfig.h b/src/lib/core/CHIPConfig.h index 132b1b4d371db6..fc4614c7b5f70b 100644 --- a/src/lib/core/CHIPConfig.h +++ b/src/lib/core/CHIPConfig.h @@ -157,7 +157,7 @@ * #CHIP_CONFIG_USE_MICRO_ECC. */ #ifndef CHIP_CONFIG_USE_OPENSSL_ECC -#define CHIP_CONFIG_USE_OPENSSL_ECC 1 +#define CHIP_CONFIG_USE_OPENSSL_ECC 0 #endif // CHIP_CONFIG_USE_OPENSSL_ECC /** @@ -876,7 +876,7 @@ * */ #ifndef CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL -#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 1 +#define CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL 0 #endif // CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL /** @@ -902,7 +902,8 @@ CHIP_CONFIG_HASH_IMPLEMENTATION_MINCRYPT + \ CHIP_CONFIG_HASH_IMPLEMENTATION_OPENSSL + \ CHIP_CONFIG_HASH_IMPLEMENTATION_MBEDTLS) != 1) -#error "Please assert exactly one CHIP_CONFIG_HASH_IMPLEMENTATION_... option." +// TODO(#2093): Need to reimplement with CHIP defined crypto primitives +// #error "Please assert exactly one CHIP_CONFIG_HASH_IMPLEMENTATION_... option." #endif diff --git a/src/lib/message/CHIPConnection.cpp b/src/lib/message/CHIPConnection.cpp index f5b5e8fced465f..e2c21752753b04 100644 --- a/src/lib/message/CHIPConnection.cpp +++ b/src/lib/message/CHIPConnection.cpp @@ -552,7 +552,9 @@ CHIP_ERROR ChipConnection::SendMessage(ChipMessageInfo * msgInfo, PacketBuffer * else #endif { +#if INET_CONFIG_ENABLE_TCP_ENDPOINT res = mTcpEndPoint->Send(msgBuf, true); +#endif } msgBuf = NULL; @@ -604,7 +606,9 @@ CHIP_ERROR ChipConnection::Shutdown() if (State == kState_Connected) { State = kState_SendShutdown; +#if INET_CONFIG_ENABLE_TCP_ENDPOINT mTcpEndPoint->Shutdown(); +#endif } return CHIP_NO_ERROR; @@ -794,7 +798,11 @@ CHIP_ERROR ChipConnection::EnableKeepAlive(uint16_t interval, uint16_t timeoutCo if (!StateAllowsSend()) return CHIP_ERROR_INCORRECT_STATE; +#if INET_CONFIG_ENABLE_TCP_ENDPOINT return mTcpEndPoint->EnableKeepAlive(interval, timeoutCount); +#endif + + return CHIP_ERROR_NOT_IMPLEMENTED; } /** @@ -830,7 +838,11 @@ CHIP_ERROR ChipConnection::DisableKeepAlive() if (!StateAllowsSend()) return CHIP_ERROR_INCORRECT_STATE; +#if INET_CONFIG_ENABLE_TCP_ENDPOINT return mTcpEndPoint->DisableKeepAlive(); +#endif + + return CHIP_ERROR_NOT_IMPLEMENTED; } /** @@ -876,7 +888,11 @@ CHIP_ERROR ChipConnection::SetUserTimeout(uint32_t userTimeoutMillis) if (!StateAllowsSend()) return CHIP_ERROR_INCORRECT_STATE; +#if INET_CONFIG_ENABLE_TCP_ENDPOINT return mTcpEndPoint->SetUserTimeout(userTimeoutMillis); +#endif + + return CHIP_ERROR_NOT_IMPLEMENTED; } /** @@ -930,7 +946,9 @@ CHIP_ERROR ChipConnection::SetIdleTimeout(uint32_t timeoutMS) else #endif { +#if INET_CONFIG_ENABLE_TCP_ENDPOINT mTcpEndPoint->SetIdleTimeout(timeoutMS); +#endif } return CHIP_NO_ERROR; @@ -960,6 +978,7 @@ void ChipConnection::DoClose(CHIP_ERROR err, uint8_t flags) else #endif { +#if INET_CONFIG_ENABLE_TCP_ENDPOINT if (mTcpEndPoint != NULL) { if (err == CHIP_NO_ERROR) @@ -969,7 +988,7 @@ void ChipConnection::DoClose(CHIP_ERROR err, uint8_t flags) mTcpEndPoint->Free(); mTcpEndPoint = NULL; } - +#endif #if CHIP_CONFIG_ENABLE_DNS_RESOLVER // Cancel any outstanding DNS query that may still be active. (This situation can // arise if the application initiates a connection to a peer using a DNS name and @@ -1085,6 +1104,7 @@ void ChipConnection::StartSession() CHIP_ERROR ChipConnection::StartConnect() { +#if INET_CONFIG_ENABLE_TCP_ENDPOINT CHIP_ERROR err; // TODO: this is wrong. PeerNodeId should only be set once we have a successful connection (including security). @@ -1139,8 +1159,13 @@ CHIP_ERROR ChipConnection::StartConnect() #endif // Initiate the TCP connection. return mTcpEndPoint->Connect(PeerAddr, PeerPort, mTargetInterface); + +#else + return CHIP_ERROR_NOT_IMPLEMENTED; +#endif //INET_CONFIG_ENABLE_TCP_ENDPOINT } +#if INET_CONFIG_ENABLE_TCP_ENDPOINT void ChipConnection::HandleConnectComplete(TCPEndPoint * endPoint, INET_ERROR conRes) { ChipConnection * con = (ChipConnection *) endPoint->AppState; @@ -1405,6 +1430,7 @@ void ChipConnection::HandleTcpConnectionClosed(TCPEndPoint * endPoint, INET_ERRO err = CHIP_ERROR_CONNECTION_CLOSED_UNEXPECTEDLY; con->DoClose(err, 0); } +#endif // #if INET_CONFIG_ENABLE_TCP_ENDPOINT void ChipConnection::HandleSecureSessionEstablished(ChipSecurityManager * sm, ChipConnection * con, void * reqState, uint16_t sessionKeyId, uint64_t peerNodeId, uint8_t encType) @@ -1450,7 +1476,9 @@ void ChipConnection::Init(ChipMessageLayer * msgLayer) OnConnectionClosed = DefaultConnectionClosedHandler; OnReceiveError = NULL; memset(&mPeerAddrs, 0, sizeof(mPeerAddrs)); +#if INET_CONFIG_ENABLE_TCP_ENDPOINT mTcpEndPoint = NULL; +#endif #if CONFIG_NETWORK_LAYER_BLE mBleEndPoint = NULL; #endif @@ -1482,6 +1510,7 @@ void ChipConnection::DefaultConnectionClosedHandler(ChipConnection * con, CHIP_E con->Close(); } +#if INET_CONFIG_ENABLE_TCP_ENDPOINT void ChipConnection::MakeConnectedTcp(TCPEndPoint * endPoint, const IPAddress & localAddr, const IPAddress & peerAddr) { mTcpEndPoint = endPoint; @@ -1518,6 +1547,7 @@ void ChipConnection::MakeConnectedTcp(TCPEndPoint * endPoint, const IPAddress & State = kState_Connected; } +#endif #if CONFIG_NETWORK_LAYER_BLE @@ -1708,7 +1738,6 @@ void ChipConnection::MakeConnectedBle(BLEEndPoint * endPoint) mRefCount++; } - #endif // CONFIG_NETWORK_LAYER_BLE void ChipConnection::DisconnectOnError(CHIP_ERROR err) diff --git a/src/lib/message/CHIPMessageLayer.cpp b/src/lib/message/CHIPMessageLayer.cpp index 4881e4c4e88e95..7cff129ac46b38 100644 --- a/src/lib/message/CHIPMessageLayer.cpp +++ b/src/lib/message/CHIPMessageLayer.cpp @@ -155,11 +155,16 @@ CHIP_ERROR ChipMessageLayer::Init(InitContext * context) SetEphemeralUDPPortEnabled(context->enableEphemeralUDPPort); #endif +#if INET_CONFIG_ENABLE_TCP_ENDPOINT mIPv6TCPListen = NULL; +#endif + mIPv6UDP = NULL; #if INET_CONFIG_ENABLE_IPV4 +#if INET_CONFIG_ENABLE_TCP_ENDPOINT mIPv4TCPListen = NULL; +#endif mIPv4UDP = NULL; #endif // INET_CONFIG_ENABLE_IPV4 @@ -1618,6 +1623,7 @@ void ChipMessageLayer::HandleIncomingBleConnection(BLEEndPoint * bleEP) } #endif /* CONFIG_NETWORK_LAYER_BLE */ +#if INET_CONFIG_ENABLE_TCP_ENDPOINT void ChipMessageLayer::HandleIncomingTcpConnection(TCPEndPoint * listeningEP, TCPEndPoint * conEP, const IPAddress & peerAddr, uint16_t peerPort) { @@ -1705,6 +1711,7 @@ void ChipMessageLayer::HandleAcceptError(TCPEndPoint * ep, INET_ERROR err) if (msgLayer->OnAcceptError != NULL) msgLayer->OnAcceptError(msgLayer, err); } +#endif /* INET_CONFIG_ENABLE_TCP_ENDPOINT */ /** * Refresh the InetLayer endpoints based on the current state of the system's network interfaces. @@ -1754,6 +1761,7 @@ CHIP_ERROR ChipMessageLayer::RefreshEndpoints() #endif // CHIP_CONFIG_ENABLE_TARGETED_LISTEN +#if INET_CONFIG_ENABLE_TCP_ENDPOINT // ================================================================================ // Enable / disable TCP listening endpoints... // ================================================================================ @@ -1763,7 +1771,6 @@ CHIP_ERROR ChipMessageLayer::RefreshEndpoints() const bool listenIPv6TCP = (listenTCP && listenIPv6); #if INET_CONFIG_ENABLE_IPV4 - const bool listenIPv4TCP = (listenTCP && listenIPv4); // Enable / disable the CHIP IPv4 TCP listening endpoint @@ -1774,7 +1781,6 @@ CHIP_ERROR ChipMessageLayer::RefreshEndpoints() err = RefreshEndpoint(mIPv4TCPListen, listenIPv4TCP, "CHIP IPv4 TCP listen", kIPAddressType_IPv4, listenIPv4Addr, CHIP_PORT); SuccessOrExit(err); - #endif // INET_CONFIG_ENABLE_IPV4 // Enable / disable the CHIP IPv6 TCP listening endpoint @@ -1787,7 +1793,6 @@ CHIP_ERROR ChipMessageLayer::RefreshEndpoints() SuccessOrExit(err); #if CHIP_CONFIG_ENABLE_UNSECURED_TCP_LISTEN - // Enable / disable the Unsecured IPv6 TCP listening endpoint // // The Unsecured IPv6 TCP listening endpoint is use to listen for incoming IPv6 TCP connections @@ -1798,9 +1803,9 @@ CHIP_ERROR ChipMessageLayer::RefreshEndpoints() err = RefreshEndpoint(mUnsecuredIPv6TCPListen, listenUnsecuredIPv6TCP, "unsecured IPv6 TCP listen", kIPAddressType_IPv6, listenIPv6Addr, CHIP_UNSECURED_PORT); SuccessOrExit(err); - #endif // CHIP_CONFIG_ENABLE_UNSECURED_TCP_LISTEN } +#endif // INET_CONFIG_ENABLE_TCP_ENDPOINT // ================================================================================ // Enable / disable UDP endpoints... @@ -1907,6 +1912,7 @@ CHIP_ERROR ChipMessageLayer::RefreshEndpoints() return err; } +#if INET_CONFIG_ENABLE_TCP_ENDPOINT CHIP_ERROR ChipMessageLayer::RefreshEndpoint(TCPEndPoint *& endPoint, bool enable, const char * name, IPAddressType addrType, IPAddress addr, uint16_t port) { @@ -1958,6 +1964,7 @@ CHIP_ERROR ChipMessageLayer::RefreshEndpoint(TCPEndPoint *& endPoint, bool enabl } return err; } +#endif /* INET_CONFIG_ENABLE_TCP_ENDPOINT */ CHIP_ERROR ChipMessageLayer::RefreshEndpoint(UDPEndPoint *& endPoint, bool enable, const char * name, IPAddressType addrType, IPAddress addr, uint16_t port, InterfaceId intfId) @@ -2097,11 +2104,13 @@ void ChipMessageLayer::CloseListeningEndpoints(void) { ChipBindLog("Closing endpoints"); +#if INET_CONFIG_ENABLE_TCP_ENDPOINT if (mIPv6TCPListen != NULL) { mIPv6TCPListen->Free(); mIPv6TCPListen = NULL; } +#endif if (mIPv6UDP != NULL) { @@ -2140,12 +2149,13 @@ void ChipMessageLayer::CloseListeningEndpoints(void) #endif // CHIP_CONFIG_ENABLE_UNSECURED_TCP_LISTEN #if INET_CONFIG_ENABLE_IPV4 - +#if INET_CONFIG_ENABLE_TCP_ENDPOINT if (mIPv4TCPListen != NULL) { mIPv4TCPListen->Free(); mIPv4TCPListen = NULL; } +#endif if (mIPv4UDP != NULL) { diff --git a/src/lib/message/CHIPMessageLayer.h b/src/lib/message/CHIPMessageLayer.h index 272526cd518f86..826dd6e494137f 100644 --- a/src/lib/message/CHIPMessageLayer.h +++ b/src/lib/message/CHIPMessageLayer.h @@ -30,6 +30,7 @@ #include #include +#include #include #include #include @@ -288,7 +289,9 @@ class ChipConnection CHIP_ERROR ResetUserTimeout(void); uint16_t LogId(void) const { return static_cast(reinterpret_cast(this)); } +#if INET_CONFIG_ENABLE_TCP_ENDPOINT TCPEndPoint * GetTCPEndPoint(void) const { return mTcpEndPoint; } +#endif /** * This function is the application callback that is invoked when a connection setup is complete. @@ -349,7 +352,9 @@ class ChipConnection } DoCloseFlags; IPAddress mPeerAddrs[CHIP_CONFIG_CONNECT_IP_ADDRS]; +#if INET_CONFIG_ENABLE_TCP_ENDPOINT TCPEndPoint * mTcpEndPoint; +#endif InterfaceId mTargetInterface; uint32_t mConnectTimeout; uint8_t mRefCount; @@ -365,7 +370,6 @@ class ChipConnection uint8_t mFlags; /**< Various flags associated with the connection. */ void Init(ChipMessageLayer * msgLayer); - void MakeConnectedTcp(TCPEndPoint * endPoint, const IPAddress & localAddr, const IPAddress & peerAddr); CHIP_ERROR StartConnect(void); void DoClose(CHIP_ERROR err, uint8_t flags); CHIP_ERROR TryNextPeerAddress(CHIP_ERROR lastErr); @@ -379,9 +383,12 @@ class ChipConnection CHIP_ERROR StartConnectToAddressLiteral(const char * peerAddr, size_t peerAddrLen); static void HandleResolveComplete(void * appState, INET_ERROR err, uint8_t addrCount, IPAddress * addrArray); +#if INET_CONFIG_ENABLE_TCP_ENDPOINT + void MakeConnectedTcp(TCPEndPoint * endPoint, const IPAddress & localAddr, const IPAddress & peerAddr); static void HandleConnectComplete(TCPEndPoint * endPoint, INET_ERROR conRes); static void HandleDataReceived(TCPEndPoint * endPoint, PacketBuffer * data); static void HandleTcpConnectionClosed(TCPEndPoint * endPoint, INET_ERROR err); +#endif static void HandleSecureSessionEstablished(ChipSecurityManager * sm, ChipConnection * con, void * reqState, uint16_t sessionKeyId, uint64_t peerNodeId, uint8_t encType); static void HandleSecureSessionError(ChipSecurityManager * sm, ChipConnection * con, void * reqState, CHIP_ERROR localErr, @@ -638,7 +645,9 @@ class DLL_EXPORT ChipMessageLayer kFlag_ForceRefreshUDPEndPoints = 0x10, }; +#if INET_CONFIG_ENABLE_TCP_ENDPOINT TCPEndPoint * mIPv6TCPListen; +#endif UDPEndPoint * mIPv6UDP; ChipConnection mConPool[CHIP_CONFIG_MAX_CONNECTIONS]; uint8_t mFlags; @@ -656,7 +665,9 @@ class DLL_EXPORT ChipMessageLayer #if INET_CONFIG_ENABLE_IPV4 UDPEndPoint * mIPv4UDP; +#if INET_CONFIG_ENABLE_TCP_ENDPOINT TCPEndPoint * mIPv4TCPListen; +#endif #endif // INET_CONFIG_ENABLE_IPV4 #if CHIP_CONFIG_ENABLE_EPHEMERAL_UDP_PORT @@ -679,8 +690,10 @@ class DLL_EXPORT ChipMessageLayer void CloseListeningEndpoints(void); +#if INET_CONFIG_ENABLE_TCP_ENDPOINT CHIP_ERROR RefreshEndpoint(TCPEndPoint *& endPoint, bool enable, const char * name, IPAddressType addrType, IPAddress addr, uint16_t port); +#endif CHIP_ERROR RefreshEndpoint(UDPEndPoint *& endPoint, bool enable, const char * name, IPAddressType addrType, IPAddress addr, uint16_t port, InterfaceId intfId); @@ -699,9 +712,11 @@ class DLL_EXPORT ChipMessageLayer static void HandleUDPMessage(UDPEndPoint * endPoint, PacketBuffer * msg, const IPPacketInfo * pktInfo); static void HandleUDPReceiveError(UDPEndPoint * endPoint, INET_ERROR err, const IPPacketInfo * pktInfo); +#if INET_CONFIG_ENABLE_TCP_ENDPOINT static void HandleIncomingTcpConnection(TCPEndPoint * listeningEndPoint, TCPEndPoint * conEndPoint, const IPAddress & peerAddr, uint16_t peerPort); static void HandleAcceptError(TCPEndPoint * endPoint, INET_ERROR err); +#endif static void Encrypt_AES128CTRSHA1(const ChipMessageInfo * msgInfo, const uint8_t * key, const uint8_t * inData, uint16_t inLen, uint8_t * outBuf); static void ComputeIntegrityCheck_AES128CTRSHA1(const ChipMessageInfo * msgInfo, const uint8_t * key, const uint8_t * inData, diff --git a/src/lib/message/support/crypto/AESBlockCipher.cpp b/src/lib/message/support/crypto/AESBlockCipher.cpp index 187947cf691a69..ffeda611272a1a 100644 --- a/src/lib/message/support/crypto/AESBlockCipher.cpp +++ b/src/lib/message/support/crypto/AESBlockCipher.cpp @@ -26,17 +26,19 @@ * */ -#include - #include "AESBlockCipher.h" #include "CHIPCrypto.h" +#include + namespace chip { namespace Platform { namespace Security { using namespace chip::Crypto; +// TODO(#2093):: Implement the functions within this file with chip crypto promitives + AES128BlockCipher::AES128BlockCipher() { memset(&mKey, 0, sizeof(mKey)); @@ -52,25 +54,13 @@ void AES128BlockCipher::Reset() ClearSecretData((uint8_t *) &mKey, sizeof(mKey)); } -void AES128BlockCipherEnc::SetKey(const uint8_t * key) -{ - // AES_set_encrypt_key(key, kKeyLengthBits, &mKey); -} +void AES128BlockCipherEnc::SetKey(const uint8_t * key) {} -void AES128BlockCipherEnc::EncryptBlock(const uint8_t * inBlock, uint8_t * outBlock) -{ - // AES_encrypt(inBlock, outBlock, &mKey); -} +void AES128BlockCipherEnc::EncryptBlock(const uint8_t * inBlock, uint8_t * outBlock) {} -void AES128BlockCipherDec::SetKey(const uint8_t * key) -{ - // AES_set_decrypt_key(key, kKeyLengthBits, &mKey); -} +void AES128BlockCipherDec::SetKey(const uint8_t * key) {} -void AES128BlockCipherDec::DecryptBlock(const uint8_t * inBlock, uint8_t * outBlock) -{ - // AES_decrypt(inBlock, outBlock, &mKey); -} +void AES128BlockCipherDec::DecryptBlock(const uint8_t * inBlock, uint8_t * outBlock) {} AES256BlockCipher::AES256BlockCipher() { @@ -87,25 +77,13 @@ void AES256BlockCipher::Reset() ClearSecretData((uint8_t *) &mKey, sizeof(mKey)); } -void AES256BlockCipherEnc::SetKey(const uint8_t * key) -{ - // AES_set_encrypt_key(key, kKeyLengthBits, &mKey); -} +void AES256BlockCipherEnc::SetKey(const uint8_t * key) {} -void AES256BlockCipherEnc::EncryptBlock(const uint8_t * inBlock, uint8_t * outBlock) -{ - // AES_encrypt(inBlock, outBlock, &mKey); -} +void AES256BlockCipherEnc::EncryptBlock(const uint8_t * inBlock, uint8_t * outBlock) {} -void AES256BlockCipherDec::SetKey(const uint8_t * key) -{ - // AES_set_decrypt_key(key, kKeyLengthBits, &mKey); -} +void AES256BlockCipherDec::SetKey(const uint8_t * key) {} -void AES256BlockCipherDec::DecryptBlock(const uint8_t * inBlock, uint8_t * outBlock) -{ - // AES_decrypt(inBlock, outBlock, &mKey); -} +void AES256BlockCipherDec::DecryptBlock(const uint8_t * inBlock, uint8_t * outBlock) {} } // namespace Security } // namespace Platform diff --git a/src/lib/message/support/crypto/CHIPCrypto.cpp b/src/lib/message/support/crypto/CHIPCrypto.cpp index 7bc2c513e4ac7d..4855e304db0f15 100644 --- a/src/lib/message/support/crypto/CHIPCrypto.cpp +++ b/src/lib/message/support/crypto/CHIPCrypto.cpp @@ -23,9 +23,8 @@ * */ -#include - #include "CHIPCrypto.h" +#include namespace chip { namespace Crypto { diff --git a/src/lib/message/support/crypto/CTRMode.cpp b/src/lib/message/support/crypto/CTRMode.cpp index c52f0d534fca17..e8b66f8a56aa77 100644 --- a/src/lib/message/support/crypto/CTRMode.cpp +++ b/src/lib/message/support/crypto/CTRMode.cpp @@ -28,10 +28,10 @@ #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS #endif -#include -#include #include "CTRMode.h" +#include +#include namespace chip { namespace Crypto { diff --git a/src/lib/protocols/BUILD.gn b/src/lib/protocols/BUILD.gn index a84cea387f7e2c..5f0d5c4cf548f3 100644 --- a/src/lib/protocols/BUILD.gn +++ b/src/lib/protocols/BUILD.gn @@ -26,8 +26,6 @@ static_library("protocols") { output_name = "libChipProtocols" sources = [ - "CHIPServerBase.cpp", - "CHIPServerBase.h", "common/CHIPMessage.cpp", "common/CHIPMessage.h", "common/RetainedPacketBuffer.cpp", diff --git a/src/lib/protocols/CHIPServerBase.cpp b/src/lib/protocols/CHIPServerBase.cpp deleted file mode 100644 index a130cda0c784b8..00000000000000 --- a/src/lib/protocols/CHIPServerBase.cpp +++ /dev/null @@ -1,239 +0,0 @@ -/* - * - * Copyright (c) 2020 Project CHIP Authors - * Copyright (c) 2013-2017 Nest Labs, Inc. - * All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file - * This file implements a common, non-instantiatable base object - * for implementing CHIP protocol unsolicited responders - * (i.e. servers) that encapsulates validating authenticated - * requests and sending status reports and also provides common - * data member storage for fabric state and an exchange manager. - * - */ - -#include "CHIPServerBase.h" -#include "CHIPProtocols.h" - -#include -#include -#include -#include -#include - -namespace chip { -namespace Protocols { - -using namespace chip::Encoding; -using namespace chip::TLV; - -/** - * Determine whether an incoming request message to a CHIP server should be accepted or discarded. - * - * This method is intended to be used by CHIP server implementations to implement extensible access control - * policy for incoming request messages. Server implementations that rely on delegate objects should call - * this method early in message processing to determine whether message processing should continue. - * - * This method calls the virtual ChipServerDelegateBase::EnforceAccessControl() method on the supplied delegate to evaluate access - * control policy for the message. CHIP server delegate classes, and application-specific delegates derived - * from the standard server classes, should override the virtual method to enforce specific access control - * policies. - * - * @param[in] ec The ExchangeContext over which the message was received. - * @param[in] msgProfileId The profile id of the received message. - * @param[in] msgType The message type of the received message. - * @param[in] msgInfo A ChipMessageInfo structure containing information about the received message. - * @param[in] delegate The delegate object supplied by the application that can be used to override - * the default message access control policy. - * - * @retval true If the message should be accepted and processed as normal. - * @retval false If message processing should stop and the message the should be discarded. - */ -bool ChipServerBase::EnforceAccessControl(ExchangeContext * ec, uint32_t msgProfileId, uint8_t msgType, - const ChipMessageInfo * msgInfo, ChipServerDelegateBase * delegate) -{ - // Reject all messages if the application hasn't specified a delegate object. - if (delegate == NULL) - { - ChipServerBase::SendStatusReport(ec, kChipProtocol_Common, Common::kStatus_InternalError, CHIP_NO_ERROR); - return false; - } - - // Invoke the virtual method to evaluate the message and decide whether or not to accept it. - ChipServerDelegateBase::AccessControlResult res = ChipServerDelegateBase::kAccessControlResult_NotDetermined; - delegate->EnforceAccessControl(ec, msgProfileId, msgType, msgInfo, res); - - // If the final determination was that the message should be accepted AND the delegate called all the way up to - // the base method, then tell the caller that the message should be accepted. - if (res == ChipServerDelegateBase::kAccessControlResult_FinalAccepted) - { - return true; - } - - // Otherwise the message should not be accepted... - else - { - // Clear the 'Final' bit so that the following checks ignore it. - res &= ~ChipServerDelegateBase::kAccessControlResult_IsFinal; - - // Send a standard response to the requester unless the delegate has already sent a response, or determined - // that no response should be sent. - if (res != ChipServerDelegateBase::kAccessControlResult_Rejected_RespSent && - res != ChipServerDelegateBase::kAccessControlResult_Rejected_Silent) - { - uint16_t statusCode = (msgInfo->PeerAuthMode == kChipAuthMode_None) ? Common::kStatus_AuthenticationRequired - : Common::kStatus_AccessDenied; - ChipServerBase::SendStatusReport(ec, kChipProtocol_Common, statusCode, CHIP_NO_ERROR); - } - - // Tell the caller the message should NOT be accepted. - return false; - } -} - -/** - * Send a CHIP status report with default message flags to the - * initiator on the specified exchange containing the status code in - * the specified profile and system error. - * - * @param[in] ec A pointer to the exchange context to send - * the status report on. - * - * @param[in] statusProfileId The profile for the specified status code. - * - * @param[in] statusCode The status code to send. - * - * @param[in] sysError The system error associated or correlated - * with the status code. - * - */ -CHIP_ERROR ChipServerBase::SendStatusReport(ExchangeContext * ec, uint32_t statusProfileId, uint16_t statusCode, - CHIP_ERROR sysError) -{ - const uint16_t sendFlags = 0; - - return SendStatusReport(ec, statusProfileId, statusCode, sysError, sendFlags); -} - -/** - * Send a CHIP status report with the provided message flags to the - * initiator on the specified exchange containing the status code in - * the specified profile and system error. - * - * @param[in] ec A pointer to the exchange context to send - * the status report on. - * - * @param[in] statusProfileId The profile for the specified status code. - * - * @param[in] statusCode The status code to send. - * - * @param[in] sysError The system error associated or correlated - * with the status code. - * - * @param[in] sendFlags Flags set by the application for the CHIP - * status report being sent. - * - */ -CHIP_ERROR ChipServerBase::SendStatusReport(ExchangeContext * ec, uint32_t statusProfileId, uint16_t statusCode, - CHIP_ERROR sysError, uint16_t sendFlags) -{ - CHIP_ERROR err; - PacketBuffer * respBuf; - uint8_t * p; - uint8_t respLen = 18; // sizeof(statusProfileId) + sizeof(statusCode) + StartContainer(1) + kTag_SystemErrorCode TLV Len (10), - // EndContainer (1) - - respBuf = PacketBuffer::NewWithAvailableSize(respLen); - VerifyOrExit(respBuf != NULL, err = CHIP_ERROR_NO_MEMORY); - VerifyOrDie(ec != NULL); - - p = respBuf->Start(); - LittleEndian::Write32(p, statusProfileId); - LittleEndian::Write16(p, statusCode); - respBuf->SetDataLength(6); - - if (sysError != CHIP_NO_ERROR) - { - TLVWriter statusWriter; - TLVType outerContainerType; - - statusWriter.Init(respBuf); - - err = statusWriter.StartContainer(AnonymousTag, kTLVType_Structure, outerContainerType); - SuccessOrExit(err); - - err = statusWriter.Put(ProfileTag(kChipProtocol_Common, Common::kTag_SystemErrorCode), (uint32_t) sysError); - SuccessOrExit(err); - - err = statusWriter.EndContainer(outerContainerType); - SuccessOrExit(err); - - err = statusWriter.Finalize(); - SuccessOrExit(err); - } - - err = ec->SendMessage(kChipProtocol_Common, Common::kMsgType_StatusReport, respBuf, sendFlags); - respBuf = NULL; - -exit: - if (respBuf != NULL) - PacketBuffer::Free(respBuf); - return err; -} - -/** - * Virtual method for determining message-level access control policy for incoming server request messages. - * - * This method is called by the CHIP server infrastructure to determine whether an incoming request message - * should be accepted and processed normally, or rejected. Delegate classes associated with CHIP server - * implementations must override this method to implement an appropriate access control policies for their - * protocols. Applications may further override this method to support custom policies beyond those provide - * by the standard server implementations. - * - * Implementations of this method are expected to return a result value of Accepted or Rejected based on - * the outcome of access control policy evaluation. Returning a result of Rejected causes a StatusReport - * to be sent to the requester containing the status Common/AccessDenied. Alternatively, method implementations - * can choose to send their own responses, which can be a StatusReport or any other type of message. In this - * case, the method should return a result of Reject_RespSent to signal that a response has already been sent. - * Finally, implementations can return Reject_Silent to indicate that the request should be rejected without - * sending a response to the requester. - * - * Classes that override the EnforceAccessControl() method are required in call cases to call the like-named - * method on their immediate parent class, be that the ChipServerDelegateBase class, or a class derived from - * that class. Overriding methods should first update the result value with their determination of the access - * control policy, and then call on their base class to make its determination. - * - * @param[in] ec The ExchangeContext over which the message was received. - * @param[in] msgProfileId The profile id of the received message. - * @param[in] msgType The message type of the received message. - * @param[in] msgInfo A ChipMessageInfo structure containing information about the received message. - * @param[inout] result An enumerated value describing the result of access control policy evaluation for - * the received message. Upon entry to the method, the value represents the tentative - * result at the current point in the evaluation process. Upon return, the result - * is expected to represent the final assessment of access control policy for the - * message. - */ -void ChipServerDelegateBase::EnforceAccessControl(ExchangeContext * ec, uint32_t msgProfileId, uint8_t msgType, - const ChipMessageInfo * msgInfo, AccessControlResult & result) -{ - // Mark the result as 'Final', confirming that the subclass properly called up to the base class. - result |= kAccessControlResult_IsFinal; -} - -} // namespace Protocols -} // namespace chip diff --git a/src/lib/protocols/CHIPServerBase.h b/src/lib/protocols/CHIPServerBase.h deleted file mode 100644 index 9112b13dcabcfe..00000000000000 --- a/src/lib/protocols/CHIPServerBase.h +++ /dev/null @@ -1,111 +0,0 @@ -/* - * - * Copyright (c) 2020 Project CHIP Authors - * Copyright (c) 2013-2017 Nest Labs, Inc. - * All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file - * This file defines a common, base object that can be derived - * from but not instantiated itself. The object may be used for - * implementing CHIP protocol unsolicited responders (i.e., servers). - * It encapsulates validating authenticated requests and sending - * status reports. It also provides common data member storage for - * fabric state and an exchange manager. - * - */ - -#ifndef CHIPSERVERBASE_H_ -#define CHIPSERVERBASE_H_ - -#include -#include - -namespace chip { -namespace Protocols { - -class ChipServerDelegateBase; - -/** - * @class ChipServerBase - * - * @brief - * Common, base object for implementing CHIP protocol unsolicited - * responders (servers) that encapsulates validating - * authenticated requests and sending status reports and provides - * common data member storage for fabric state and an exchange - * manager. - * - */ -class ChipServerBase -{ -public: - ChipFabricState * FabricState; ///< [READ ONLY] Fabric state object - ChipExchangeManager * ExchangeMgr; ///< [READ ONLY] Exchange manager object - - static CHIP_ERROR SendStatusReport(ExchangeContext * ec, uint32_t statusProfileId, uint16_t statusCode, CHIP_ERROR sysError); - - static CHIP_ERROR SendStatusReport(ExchangeContext * ec, uint32_t statusProfileId, uint16_t statusCode, CHIP_ERROR sysError, - uint16_t sendFlags); - -protected: - ChipServerBase(void) {} - - bool EnforceAccessControl(ExchangeContext * ec, uint32_t msgProfileId, uint8_t msgType, const ChipMessageInfo * msgInfo, - ChipServerDelegateBase * delegate); - -private: - ChipServerBase(const ChipServerBase &); // not defined -}; - -/** - * A common base class for implementing CHIP server delegate objects. - */ -class ChipServerDelegateBase -{ - friend class ChipServerBase; - -protected: - ChipServerDelegateBase(void) {} - - typedef uint8_t AccessControlResult; - - enum - { - kAccessControlResult_NotDetermined = 0, ///< The message has not yet been accepted or rejected. - kAccessControlResult_Accepted = 1, ///< The message has been accepted. - kAccessControlResult_Rejected = 2, ///< The message has been rejected, and a default response should be sent. - kAccessControlResult_Rejected_RespSent = 3, ///< The message has been rejected, and a response has already been sent. - kAccessControlResult_Rejected_Silent = 4, ///< The message has been rejected, but no response should be sent. - }; - - virtual void EnforceAccessControl(ExchangeContext * ec, uint32_t msgProfileId, uint8_t msgType, const ChipMessageInfo * msgInfo, - AccessControlResult & result); - -private: - enum - { - kAccessControlResult_IsFinal = - 0x80, ///< A flag indicating that access control evaluation is complete and the result is final. - kAccessControlResult_FinalAccepted = kAccessControlResult_Accepted | kAccessControlResult_IsFinal - ///< Access control evaluation is complete and the message has been accepted. - }; -}; - -} // namespace Protocols -} // namespace chip - -#endif /* CHIPSERVERBASE_H_ */ diff --git a/src/lib/protocols/common/CHIPMessage.cpp b/src/lib/protocols/common/CHIPMessage.cpp index c7310bcb467d31..3ac11cc6b0fbab 100644 --- a/src/lib/protocols/common/CHIPMessage.cpp +++ b/src/lib/protocols/common/CHIPMessage.cpp @@ -24,9 +24,8 @@ * */ -#include - #include "CHIPMessage.h" +#include using namespace chip; using namespace chip::TLV; diff --git a/src/lib/protocols/security/CHIPApplicationKeys.cpp b/src/lib/protocols/security/CHIPApplicationKeys.cpp index 8b37a0bc7ab34b..4b6dd97c863c23 100644 --- a/src/lib/protocols/security/CHIPApplicationKeys.cpp +++ b/src/lib/protocols/security/CHIPApplicationKeys.cpp @@ -28,11 +28,10 @@ #define __STDC_LIMIT_MACROS #endif +#include "CHIPApplicationKeys.h" #include #include -#include "CHIPApplicationKeys.h" - namespace chip { namespace Protocols { namespace Security { diff --git a/src/lib/protocols/status-report/StatusReportProtocol.cpp b/src/lib/protocols/status-report/StatusReportProtocol.cpp index d26ed961a9085f..c418296200be16 100644 --- a/src/lib/protocols/status-report/StatusReportProtocol.cpp +++ b/src/lib/protocols/status-report/StatusReportProtocol.cpp @@ -23,13 +23,12 @@ * profile. */ +#include "StatusReportProtocol.h" #include #include #include #include -#include "StatusReportProtocol.h" - using namespace chip; using namespace chip::TLV; using namespace chip::Protocols; diff --git a/src/lib/support/ErrorStr.cpp b/src/lib/support/ErrorStr.cpp index 4023f2330c4e94..695203da0d364d 100644 --- a/src/lib/support/ErrorStr.cpp +++ b/src/lib/support/ErrorStr.cpp @@ -27,10 +27,10 @@ #define __STDC_FORMAT_MACROS #endif +#include "ErrorStr.h" +#include #include #include - -#include #include namespace chip { diff --git a/src/platform/ESP32/CHIPPlatformConfig.h b/src/platform/ESP32/CHIPPlatformConfig.h index 0803880c62109a..95c476a8a76013 100644 --- a/src/platform/ESP32/CHIPPlatformConfig.h +++ b/src/platform/ESP32/CHIPPlatformConfig.h @@ -75,6 +75,12 @@ #define CHIP_CONFIG_ENABLE_PROVISIONING_BUNDLE_SUPPORT 0 +// ==================== General Configuration Overrides ==================== + +#ifndef CHIP_CONFIG_RMP_TIMER_DEFAULT_PERIOD +#define CHIP_CONFIG_RMP_TIMER_DEFAULT_PERIOD 50 +#endif // CHIP_CONFIG_RMP_TIMER_DEFAULT_PERIOD + // ==================== Kconfig Overrides ==================== // The following values are configured via the ESP-IDF Kconfig mechanism. @@ -83,7 +89,6 @@ #define CHIP_CONFIG_MAX_PEER_NODES CONFIG_MAX_PEER_NODES #define CHIP_CONFIG_MAX_UNSOLICITED_MESSAGE_HANDLERS CONFIG_MAX_UNSOLICITED_MESSAGE_HANDLERS #define CHIP_CONFIG_MAX_EXCHANGE_CONTEXTS CONFIG_MAX_EXCHANGE_CONTEXTS -#define CHIP_CONFIG_RMP_TIMER_DEFAULT_PERIOD CONFIG_RMP_TIMER_DEFAULT_PERIOD #define CHIP_CONFIG_MAX_SESSION_KEYS CONFIG_MAX_SESSION_KEYS #define CHIP_CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC CONFIG_USE_APP_GROUP_KEYS_FOR_MSG_ENC #define CHIP_CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS CONFIG_MAX_CACHED_MSG_ENC_APP_KEYS