Merge branch 'master' into im/subscribe-handler-app-callback

.clang-tidy

@@ -1,4 +1,4 @@
 ---
-Checks: 'bugprone-*,-bugprone-not-null-terminated-result,-bugprone-suspicious-memory-comparison,-bugprone-argument-comment,-bugprone-unused-return-value,-bugprone-branch-clone,-bugprone-easily-swappable-parameters,-bugprone-reserved-identifier,-bugprone-macro-parentheses,-bugprone-forward-declaration-namespace,-bugprone-forwarding-reference-overload,-bugprone-undelegated-constructor,-bugprone-sizeof-expression,-bugprone-implicit-widening-of-multiplication-result,-bugprone-too-small-loop-variable,-bugprone-narrowing-conversions,-bugprone-misplaced-widening-cast,-bugprone-suspicious-include,-bugprone-signed-char-misuse,-bugprone-copy-constructor-init,-clang-analyzer-core.CallAndMessage,-clang-analyzer-core.UndefinedBinaryOperatorResult,-clang-analyzer-core.NullDereference,-clang-analyzer-optin.cplusplus.UninitializedObject,-clang-analyzer-core.uninitialized.Branch,-clang-analyzer-optin.performance,-clang-analyzer-deadcode.DeadStores,-clang-analyzer-cplusplus.Move,-clang-analyzer-optin.cplusplus.VirtualCall,-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-nullability.NullablePassedToNonnull,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-unix.cstring.NullArg,-clang-analyzer-security.insecureAPI.rand,-clang-analyzer-core.NonNullParamChecker,-clang-analyzer-nullability.NullPassedToNonnull,-clang-analyzer-unix.Malloc,-clang-analyzer-valist.Unterminated,-clang-analyzer-cplusplus.NewDeleteLeaks,-clang-diagnostic-implicit-int-conversion'
+Checks: 'bugprone-*,-bugprone-not-null-terminated-result,-bugprone-suspicious-memory-comparison,-bugprone-argument-comment,-bugprone-unused-return-value,-bugprone-branch-clone,-bugprone-easily-swappable-parameters,-bugprone-reserved-identifier,-bugprone-macro-parentheses,-bugprone-forward-declaration-namespace,-bugprone-forwarding-reference-overload,-bugprone-undelegated-constructor,-bugprone-sizeof-expression,-bugprone-implicit-widening-of-multiplication-result,-bugprone-too-small-loop-variable,-bugprone-narrowing-conversions,-bugprone-misplaced-widening-cast,-bugprone-suspicious-include,-bugprone-signed-char-misuse,-bugprone-copy-constructor-init,-clang-analyzer-core.CallAndMessage,-clang-analyzer-core.UndefinedBinaryOperatorResult,-clang-analyzer-core.NullDereference,-clang-analyzer-optin.cplusplus.UninitializedObject,-clang-analyzer-core.uninitialized.Branch,-clang-analyzer-optin.performance,-clang-analyzer-optin.osx.cocoa.localizability.EmptyLocalizationContextChecker,-clang-analyzer-deadcode.DeadStores,-clang-analyzer-cplusplus.Move,-clang-analyzer-optin.cplusplus.VirtualCall,-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-nullability.NullablePassedToNonnull,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-unix.cstring.NullArg,-clang-analyzer-security.insecureAPI.rand,-clang-analyzer-core.NonNullParamChecker,-clang-analyzer-nullability.NullPassedToNonnull,-clang-analyzer-unix.Malloc,-clang-analyzer-valist.Unterminated,-clang-analyzer-cplusplus.NewDeleteLeaks,-clang-diagnostic-implicit-int-conversion'
 WarningsAsErrors: '*'
 HeaderFilterRegex: '(src|examples|zzz_generated|credentials)'

.github/.wordlist.txt

@@ -95,6 +95,7 @@ ATWC
 AudioOutput
 auth
 AuthMode
+autoApplyImage
 autocompletion
 autoconnect
 autocrlf
@@ -912,6 +913,7 @@ outgoingCommands
 OxygenConcentrationMeasurement
 OzoneConcentrationMeasurement
 PAA
+PAAs
 PacketBuffer
 PAI
 PairDevice
@@ -1113,6 +1115,7 @@ showDocumentation
 shubhamdp
 SIGINT
 SiLabs
+Silabs's
 SiliconLabs
 SimpleFileExFlags
 SimpleLink
@@ -1435,3 +1438,4 @@ UTF
 localedef
 nameserver
 nmcli
+tsan

.github/workflows/build.yaml

@@ -160,13 +160,22 @@ jobs:
                   for BUILD_TYPE  in gcc_release clang; do
                       case $BUILD_TYPE in
                           "gcc_release") GN_ARGS='is_debug=false';;
-                          "clang") GN_ARGS='is_clang=true pw_command_launcher="`pwd`/../scripts/helpers/clang-tidy-launcher.py"';;
+                          "clang") GN_ARGS='is_clang=true';;
                       esac
 
-                      scripts/build/gn_gen.sh --args="$GN_ARGS"
-                      scripts/run_in_build_env.sh "ninja -C ./out"
-                      scripts/tests/gn_tests.sh
+                      BUILD_TYPE=$BUILD_TYPE scripts/build/gn_gen.sh --args="$GN_ARGS" --export-compile-commands
+                      scripts/run_in_build_env.sh "ninja -C ./out/$BUILD_TYPE"
+                      BUILD_TYPE=$BUILD_TYPE scripts/tests/gn_tests.sh
                   done
+            - name: Clang-tidy validation
+              timeout-minutes: 45
+              run: |
+                  ./scripts/run_in_build_env.sh \
+                    "./scripts/run-clang-tidy-on-compile-commands.py \
+                       --no-log-timestamps \
+                       --compile-database out/clang/compile_commands.json \
+                       check \
+                    "
             - name: Run Tests with sanitizers
               timeout-minutes: 30
               env:
@@ -189,13 +198,12 @@ jobs:
               run: |
                   ./scripts/run_in_build_env.sh \
                     "./scripts/build/build_examples.py --no-log-timestamps \
-                       --target linux-x64-all-clusters-ipv6only \
-                       --target linux-x64-chip-tool-ipv6only \
-                       --target linux-x64-minmdns-ipv6only \
+                       --target linux-x64-all-clusters-ipv6only-clang \
+                       --target linux-x64-chip-tool-ipv6only-clang \
+                       --target linux-x64-minmdns-ipv6only-clang \
                        --target linux-x64-rpc-console \
                        build \
                     "
-
             - name: Run fake linux tests with build_examples
               timeout-minutes: 15
               run: |
@@ -321,20 +329,36 @@ jobs:
                   scripts/run_in_build_env.sh "ninja -C ./out/$BUILD_TYPE"
             - name: Setup Build, Run Build and Run Tests
               timeout-minutes: 120
-              # Just go ahead and do the "all" build; on Darwin that's fairly
-              # fast.  If this ever becomes slow, we can think about ways to do
-              # the examples-linux-standalone.yaml tests on darwin without too
-              # much code duplication.
               run: |
-                  for BUILD_TYPE  in clang python_lib; do
+                  for BUILD_TYPE in default python_lib; do
                       case $BUILD_TYPE in
-                          "clang") GN_ARGS='is_clang=true target_os="all" is_asan=true pw_command_launcher="`pwd`/../scripts/helpers/clang-tidy-launcher.py"';;
+                          # We want to build various standalone example apps
+                          # (similar to what examples-linux-standalone.yaml
+                          # does), so use target_os="all" to get those picked
+                          # up as part of the "unified" build.  But then to
+                          # save CI resources we want to exclude a few
+                          # redundant things:
+                          #
+                          # * the mbedtls build, since we don't really plan to
+                          #   use that on Darwin.
+                          # * the "host clang" build, which uses the pigweed
+                          #   clang.
+                          "default") GN_ARGS='target_os="all" is_asan=true enable_host_clang_build=false enable_host_gcc_mbedtls_build=false';;
                           "python_lib") GN_ARGS='enable_rtti=true enable_pylib=true';;
                       esac
-                      scripts/build/gn_gen.sh --args="$GN_ARGS"
-                      scripts/run_in_build_env.sh "ninja -C ./out"
-                      scripts/tests/gn_tests.sh
+                      BUILD_TYPE=$BUILD_TYPE scripts/build/gn_gen.sh --args="$GN_ARGS" --export-compile-commands
+                      scripts/run_in_build_env.sh "ninja -C ./out/$BUILD_TYPE"
+                      BUILD_TYPE=$BUILD_TYPE scripts/tests/gn_tests.sh
                   done
+            - name: Clang-tidy validation
+              timeout-minutes: 45
+              run: |
+                  ./scripts/run_in_build_env.sh \
+                    "./scripts/run-clang-tidy-on-compile-commands.py \
+                       --no-log-timestamps \
+                       --compile-database out/default/compile_commands.json \
+                       check \
+                    "
             - name: Uploading diagnostic logs
               uses: actions/upload-artifact@v2
               if: ${{ failure() }} && ${{ !env.ACT }}

.github/workflows/examples-esp32.yaml

@@ -26,7 +26,7 @@ jobs:
     # TODO ESP32 https://github.com/project-chip/connectedhomeip/issues/1510
     esp32:
         name: ESP32
-        timeout-minutes: 80
+        timeout-minutes: 90
 
         runs-on: ubuntu-latest
         if: github.actor != 'restyled-io[bot]'
@@ -111,7 +111,7 @@ jobs:
 
     esp32_1:
         name: ESP32_1
-        timeout-minutes: 70
+        timeout-minutes: 90
 
         runs-on: ubuntu-latest
         if: github.actor != 'restyled-io[bot]'

.github/workflows/examples-linux-standalone.yaml

@@ -90,8 +90,7 @@ jobs:
             - name: Build example Standalone All Clusters Server
               timeout-minutes: 5
               run: |
-                  scripts/examples/gn_build_example.sh examples/all-clusters-app/linux out/all_clusters_debug \
-                    chip_bypass_rendezvous=true
+                  scripts/examples/gn_build_example.sh examples/all-clusters-app/linux out/all_clusters_debug
                   .environment/pigweed-venv/bin/python3 scripts/tools/memory/gh_sizes.py \
                     linux debug all-clusters-app \
                     out/all_clusters_debug/chip-all-clusters-app \

.github/workflows/examples-nrfconnect.yaml

@@ -111,7 +111,7 @@ jobs:
                     /tmp/bloat_reports/
             - name: Build example nRF Connect SDK Lighting App on nRF52840 DK with RPC
               if: github.event_name == 'push' || steps.changed_paths.outputs.nrfconnect == 'true'
-              timeout-minutes: 10
+              timeout-minutes: 20
               run: |
                   scripts/examples/nrfconnect_example.sh lighting-app nrf52840dk_nrf52840 -DOVERLAY_CONFIG=rpc.overlay
                   .environment/pigweed-venv/bin/python3 scripts/tools/memory/gh_sizes.py \

.github/workflows/tests.yaml

@@ -274,7 +274,7 @@ jobs:
             - name: Run Tests
               timeout-minutes: 30
               run: |
-                    scripts/run_in_build_env.sh './scripts/tests/run_python_test.py --app chip-all-clusters-app --factoryreset -- -t 3600 --disable-test ClusterObjectTests.TestTimedRequestTimeout'
+                    scripts/run_in_build_env.sh './scripts/tests/run_python_test.py --app out/linux-x64-all-clusters-no-ble-no-wifi-tsan-clang/chip-all-clusters-app --factoryreset --script-args "-t 3600 --disable-test ClusterObjectTests.TestTimedRequestTimeout"'
             - name: Uploading core files
               uses: actions/upload-artifact@v2
               if: ${{ failure() }} && ${{ !env.ACT }}
@@ -356,7 +356,7 @@ jobs:
             - name: Run Tests
               timeout-minutes: 30
               run: |
-                    scripts/run_in_build_env.sh './scripts/tests/run_python_test.py --app chip-all-clusters-app --factoryreset --app-params "--discriminator 3840 --interface-id -1" -- -t 3600 --disable-test ClusterObjectTests.TestTimedRequestTimeout'
+                    scripts/run_in_build_env.sh './scripts/tests/run_python_test.py --app out/darwin-x64-all-clusters-no-ble-no-wifi-tsan-clang/chip-all-clusters-app --factoryreset --app-args "--discriminator 3840 --interface-id -1" --script-args "-t 3600 --disable-test ClusterObjectTests.TestTimedRequestTimeout"'
             - name: Uploading core files
               uses: actions/upload-artifact@v2
               if: ${{ failure() }} && ${{ !env.ACT }}

config/ameba/args.gni

@@ -29,7 +29,6 @@ chip_build_tests = false
 chip_inet_config_enable_tcp_endpoint = true
 chip_inet_config_enable_udp_endpoint = true
 
-chip_bypass_rendezvous = false
 chip_config_network_layer_ble = true
 
 custom_toolchain = "//third_party/connectedhomeip/config/ameba/toolchain:ameba"

config/mbed/CMakeLists.txt

@@ -275,7 +275,6 @@ chip_gn_arg_bool  ("chip_build_tests"                     CONFIG_CHIP_BUILD_TEST
 chip_gn_arg_bool  ("chip_monolithic_tests"                CONFIG_CHIP_BUILD_TESTS)
 chip_gn_arg_bool  ("chip_build_libshell"                  CONFIG_CHIP_LIB_SHELL)
 chip_gn_arg_bool  ("chip_with_platform_mbedtls"           CONFIG_CHIP_WITH_EXTERNAL_MBEDTLS)
-chip_gn_arg_bool  ("chip_bypass_rendezvous"               CONFIG_CHIP_BYPASS_RENDEZVOUS)
 chip_gn_arg_bool  ("chip_build_pw_rpc_lib"                CONFIG_CHIP_PW_RPC)
 chip_gn_arg_bool  ("chip_enable_data_model"               CONFIG_CHIP_DATA_MODEL)
 if (CONFIG_CHIP_PW_RPC)

config/nrfconnect/app/sample-defaults.conf

@@ -22,6 +22,7 @@ CONFIG_STD_CPP14=y
 CONFIG_LOG=y
 CONFIG_LOG_MODE_MINIMAL=y
 CONFIG_MATTER_LOG_LEVEL_DBG=y
+CONFIG_LOG_DEFAULT_LEVEL=2
 CONFIG_PRINTK_SYNC=y
 CONFIG_ASSERT=y
 CONFIG_HW_STACK_PROTECTION=y
@@ -107,3 +108,12 @@ CONFIG_MBEDTLS_POLY1305_C=n
 CONFIG_MBEDTLS_CHACHAPOLY_C=n
 CONFIG_MBEDTLS_GCM_C=n
 CONFIG_MBEDTLS_RSA_C=n
+
+# Disable not used shell modules
+CONFIG_SENSOR_SHELL=n
+CONFIG_DEVICE_SHELL=n
+CONFIG_DATE_SHELL=n
+CONFIG_DEVMEM_SHELL=n
+CONFIG_MCUBOOT_SHELL=n
+CONFIG_CLOCK_CONTROL_NRF_SHELL=n
+CONFIG_FLASH_SHELL=n

config/nrfconnect/chip-module/CMakeLists.txt

@@ -63,8 +63,8 @@ macro(chip_gn_arg_string ARG STRING)
     string(APPEND CHIP_GN_ARGS "--arg-string\n${ARG}\n${STRING}\n")
 endmacro()
 
-macro(chip_gn_arg_bool ARG BOOLEAN)
-    if (${BOOLEAN})
+macro(chip_gn_arg_bool ARG)
+    if (${ARGN})
         string(APPEND CHIP_GN_ARGS "--arg\n${ARG}\ntrue\n")
     else()
         string(APPEND CHIP_GN_ARGS "--arg\n${ARG}\nfalse\n")
@@ -214,6 +214,10 @@ chip_gn_arg_bool  ("chip_build_tests"                       CONFIG_CHIP_BUILD_TE
 chip_gn_arg_bool  ("chip_monolithic_tests"                  CONFIG_CHIP_BUILD_TESTS)
 chip_gn_arg_bool  ("chip_inet_config_enable_tcp_endpoint"   CONFIG_CHIP_BUILD_TESTS)
 chip_gn_arg_bool  ("chip_build_libshell"                    CONFIG_CHIP_LIB_SHELL)
+chip_gn_arg_bool  ("chip_error_logging"                     CONFIG_MATTER_LOG_LEVEL GREATER_EQUAL 1)
+chip_gn_arg_bool  ("chip_progress_logging"                  CONFIG_MATTER_LOG_LEVEL GREATER_EQUAL 3)
+chip_gn_arg_bool  ("chip_detail_logging"                    CONFIG_MATTER_LOG_LEVEL GREATER_EQUAL 4)
+chip_gn_arg_bool  ("chip_automation_logging"                "false")
 
 if (CONFIG_CHIP_ROTATING_DEVICE_ID)
     chip_gn_arg_bool("chip_enable_rotating_device_id"          "true")

config/standalone/CHIPProjectConfig.h

@@ -69,6 +69,14 @@
 #define CHIP_DEVICE_CONFIG_DYNAMIC_ENDPOINT_COUNT 4
 #endif
 
+#ifndef CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION
+#define CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION 1
+#endif
+
+#ifndef CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION_STRING
+#define CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION_STRING "1.0"
+#endif
+
 //
 // Default of 8 ECs is not sufficient for some of the unit tests
 // that try to validate multiple simultaneous interactions.

credentials/development/fetch-development-paa-certs-from-dcl.py

@@ -0,0 +1,131 @@
+#!/usr/bin/python
+
+#
+# Copyright (c) 2022 Project CHIP Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Script that was used to fetch CHIP Development Product Attestation Authority (PAA)
+# certificates from DCL.
+# The script expects the path to the dcld tool binary as an input argument.
+#
+# Usage example when the script is run from the CHIP SDK root directory:
+#     python ./credentials/development/fetch-development-paa-certs-from-dcl.py /path/to/dcld
+#
+# The result will be stored in:
+#     credentials/development/paa-root-certs
+#
+
+import os
+import sys
+import subprocess
+import copy
+import re
+from cryptography.hazmat.primitives import serialization
+from cryptography import x509
+
+
+def parse_paa_root_certs(cmdpipe, paa_list):
+    """
+    example output of a query to all x509 root certs in DCL:
+
+    certs:
+    - subject: CN=Non Production ONLY - XFN PAA Class 3
+      subject_key_id: F8:99:A9:D5:AD:71:71:E4:C3:81:7F:14:10:7F:78:F0:D9:F7:62:E9
+    - subject: CN=Matter Development PAA
+      subject_key_id: FA:92:CF:9:5E:FA:42:E1:14:30:65:16:32:FE:FE:1B:2C:77:A7:C8
+    - subject: CN=Matter PAA 1,O=Google,C=US,1.3.6.1.4.1.37244.2.1=#130436303036
+      subject_key_id: B0:0:56:81:B8:88:62:89:62:80:E1:21:18:A1:A8:BE:9:DE:93:21
+    - subject: CN=Matter Test PAA,1.3.6.1.4.1.37244.2.1=#130431323544
+      subject_key_id: E2:90:8D:36:9C:3C:A3:C1:13:BB:9:E2:4D:C1:CC:C5:A6:66:91:D4
+
+    Brief:
+    This method will search for the first line that contains ': ' char sequence.
+    From there, it assumes every 2 lines contain subject and subject key id info of
+    a valid PAA root certificate.
+    The paa_list parameter will contain a list of all valid PAA Root certificates
+    from DCL.
+    """
+
+    result = {}
+
+    while True:
+        line = cmdpipe.stdout.readline()
+        if not line:
+            break
+        else:
+            if b': ' in line:
+                key, value = line.split(b': ')
+                result[key.strip(b' -')] = value.strip()
+                parse_paa_root_certs.counter += 1
+                if parse_paa_root_certs.counter % 2 == 0:
+                    paa_list.append(copy.deepcopy(result))
+
+
+def write_paa_root_cert(cmdpipe, subject):
+    filename = 'paa-root-certs/dcld_mirror_' + \
+        re.sub('[^a-zA-Z0-9_-]', '', re.sub('[=, ]', '_', subject))
+    with open(filename + '.pem', 'wb+') as outfile:
+        while True:
+            line = cmdpipe.stdout.readline()
+            if not line:
+                break
+            else:
+                if b'pem_cert: |' in line:
+                    while True:
+                        line = cmdpipe.stdout.readline()
+                        outfile.write(line.strip(b' \t'))
+                        if b'-----END CERTIFICATE-----' in line:
+                            break
+    # convert pem file to der
+    with open(filename + '.pem', 'rb') as infile:
+        pem_certificate = x509.load_pem_x509_certificate(infile.read())
+    with open(filename + '.der', 'wb+') as outfile:
+        der_certificate = pem_certificate.public_bytes(
+            serialization.Encoding.DER)
+        outfile.write(der_certificate)
+
+
+def main():
+    if len(sys.argv) == 2:
+        dcld = sys.argv[1]
+    else:
+        sys.exit(
+            "Error: Please specify exactly one input argument; the path to the dcld tool binary")
+
+    previous_dir = os.getcwd()
+    abspath = os.path.dirname(sys.argv[0])
+    os.chdir(abspath)
+
+    os.makedirs('paa-root-certs', exist_ok=True)
+
+    cmdpipe = subprocess.Popen([dcld, 'query', 'pki', 'all-x509-root-certs'],
+                               stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+
+    paa_list = []
+    parse_paa_root_certs.counter = 0
+    parse_paa_root_certs(cmdpipe, paa_list)
+
+    for paa in paa_list:
+        cmdpipe = subprocess.Popen(
+            [dcld, 'query', 'pki', 'x509-cert', '-u',
+                paa[b'subject'].decode("utf-8"), '-k', paa[b'subject_key_id'].decode("utf-8")],
+            stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        write_paa_root_cert(cmdpipe, paa[b'subject'].decode("utf-8"))
+
+    os.chdir(previous_dir)
+
+
+if __name__ == "__main__":
+    main()