-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Properly manage operational key lifecycle for fail-safe (#19277)
* Properly manage operational key lifecycle for fail-safe - Fail-safe did not properly manage the roll-back of operational keys - Operational key storage being centralized by value in FabricTable prevented ability to back keys by hardware/OS and allow the rollback of keys on failsafe expiry - CASE code was using "raw" FabricInfo * which could go stale on UpdateNOC or after fail-safe expiry. This PR: - Adds an OperationalKeystore interface - Make the FabricTable use the OperationalKeystore for when a commissionable node (with Opcreds cluster) is being commissioned - Retain legacy controller behavior that allows injection of operational keys - Simplifies the fail-safe handling lifecycle - Add logging to fail-safe handling - Add logging to general commissioning cluster - Make CASE use ScopedNodeId everywhere - Implement IsForUpdateNOC in fail-safe and opcreds cluster Fixes #19072 Issue #18633 Fixes #16443 * Fix merge of upstream * Restyled by whitespace * Restyled by clang-format * Revert unintended testing changes * Add remove operation * Fix CI and add tests to support further tests * Fix more CI * Restyled by clang-format * Darwin changes to use the new setup * Added unit test and HasOpKeypairForFabric() * Restyled by clang-format * Restyled by gn * Apply review comments from @msandstedt * Add plumbing for init of controllers * Restyled by clang-format * Fix darwin tests * Fix CI and address review comments * Fix comment typos * Apply review comments from @bzbarsky-apple and @tehampson * Restyled by clang-format * Fix more comments * Restyled by clang-format * Fix CI * Fix cirque * Restyled by clang-format * Update src/crypto/tests/TestPersistentStorageOpKeyStore.cpp Co-authored-by: tehampson <[email protected]> * Address review comments * Fix CI * More clang-tidy fixes Co-authored-by: Restyled.io <[email protected]> Co-authored-by: Boris Zbarsky <[email protected]> Co-authored-by: Justin Wood <[email protected]> Co-authored-by: tehampson <[email protected]>
- Loading branch information
1 parent
5dd202c
commit 4e3930a
Showing
42 changed files
with
1,862 additions
and
497 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.