From 622f5a460d6ee8c27a5b3d140bd7994cf375cfc1 Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Tue, 8 Aug 2023 18:31:00 -0400 Subject: [PATCH] Add support for controllers not advertising their operational identities. (#28537) If multiple controllers are running, and some want to enable server interactions while others do not, the ones not enabling server interactions should not advertise. Fixes https://github.com/project-chip/connectedhomeip/issues/28279 --- src/app/server/Dnssd.cpp | 5 ++ src/controller/CHIPDeviceController.cpp | 24 ++++----- .../CHIPDeviceControllerFactory.cpp | 31 ++++++++--- src/controller/CHIPDeviceControllerFactory.h | 1 + src/credentials/FabricTable.cpp | 41 ++++++++------- src/credentials/FabricTable.h | 51 +++++++++++++------ src/credentials/tests/TestFabricTable.cpp | 29 ++++++++--- 7 files changed, 121 insertions(+), 61 deletions(-) diff --git a/src/app/server/Dnssd.cpp b/src/app/server/Dnssd.cpp index 17c9b4a459af9e..86a70a0a8c69e2 100644 --- a/src/app/server/Dnssd.cpp +++ b/src/app/server/Dnssd.cpp @@ -152,6 +152,11 @@ CHIP_ERROR DnssdServer::AdvertiseOperational() for (const FabricInfo & fabricInfo : *mFabricTable) { + if (!fabricInfo.ShouldAdvertiseIdentity()) + { + continue; + } + uint8_t macBuffer[DeviceLayer::ConfigurationManager::kPrimaryMACAddressLength]; MutableByteSpan mac(macBuffer); if (chip::DeviceLayer::ConfigurationMgr().GetPrimaryMACAddress(mac) != CHIP_NO_ERROR) diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp index babc6688ad45c1..8cb41b167169cc 100644 --- a/src/controller/CHIPDeviceController.cpp +++ b/src/controller/CHIPDeviceController.cpp @@ -129,15 +129,6 @@ CHIP_ERROR DeviceController::Init(ControllerInitParams params) if (params.operationalKeypair != nullptr || !params.controllerNOC.empty() || !params.controllerRCAC.empty()) { ReturnErrorOnFailure(InitControllerNOCChain(params)); - - if (params.enableServerInteractions) - { - // - // Advertise our operational identity on the network to facilitate discovery by clients that look to - // establish CASE with a controller that is also offering server-side capabilities (e.g an OTA provider). - // - app::DnssdServer::Instance().AdvertiseOperational(); - } } mSystemState = params.systemState->Retain(); @@ -239,6 +230,9 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & CHIP_ERROR err = CHIP_NO_ERROR; + auto advertiseOperational = + params.enableServerInteractions ? FabricTable::AdvertiseIdentity::Yes : FabricTable::AdvertiseIdentity::No; + // // We permit colliding fabrics when multiple controllers are present on the same logical fabric // since each controller is associated with a unique FabricInfo 'identity' object and consequently, @@ -261,7 +255,7 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & if (fabricFoundInTable) { err = fabricTable->UpdatePendingFabricWithProvidedOpKey(fabricIndex, nocSpan, icacSpan, externalOperationalKeypair, - hasExternallyOwnedKeypair); + hasExternallyOwnedKeypair, advertiseOperational); } else // CASE 2: New fabric with injected key @@ -269,8 +263,9 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & err = fabricTable->AddNewPendingTrustedRootCert(rcacSpan); if (err == CHIP_NO_ERROR) { - err = fabricTable->AddNewPendingFabricWithProvidedOpKey( - nocSpan, icacSpan, newFabricVendorId, externalOperationalKeypair, hasExternallyOwnedKeypair, &fabricIndex); + err = fabricTable->AddNewPendingFabricWithProvidedOpKey(nocSpan, icacSpan, newFabricVendorId, + externalOperationalKeypair, hasExternallyOwnedKeypair, + &fabricIndex, advertiseOperational); } } } @@ -283,7 +278,7 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & { VerifyOrReturnError(fabricTable->HasOperationalKeyForFabric(fabricIndex), CHIP_ERROR_KEY_NOT_FOUND); - err = fabricTable->UpdatePendingFabricWithOperationalKeystore(fabricIndex, nocSpan, icacSpan); + err = fabricTable->UpdatePendingFabricWithOperationalKeystore(fabricIndex, nocSpan, icacSpan, advertiseOperational); } else // CASE 4: New fabric with operational keystore @@ -291,7 +286,8 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & err = fabricTable->AddNewPendingTrustedRootCert(rcacSpan); if (err == CHIP_NO_ERROR) { - err = fabricTable->AddNewPendingFabricWithOperationalKeystore(nocSpan, icacSpan, newFabricVendorId, &fabricIndex); + err = fabricTable->AddNewPendingFabricWithOperationalKeystore(nocSpan, icacSpan, newFabricVendorId, &fabricIndex, + advertiseOperational); } if (err == CHIP_NO_ERROR) diff --git a/src/controller/CHIPDeviceControllerFactory.cpp b/src/controller/CHIPDeviceControllerFactory.cpp index c57cb9a57dd28c..e6392e8440739a 100644 --- a/src/controller/CHIPDeviceControllerFactory.cpp +++ b/src/controller/CHIPDeviceControllerFactory.cpp @@ -256,13 +256,6 @@ CHIP_ERROR DeviceControllerFactory::InitSystemState(FactoryInitParams params) // Consequently, reach in set the fabric table pointer to point to the right version. // app::DnssdServer::Instance().SetFabricTable(stateParams.fabricTable); - - // - // Start up the DNS-SD server. We are not giving it a - // CommissioningModeProvider, so it will not claim we are in - // commissioning mode. - // - chip::app::DnssdServer::Instance().StartServer(); } stateParams.sessionSetupPool = Platform::New(); @@ -315,6 +308,18 @@ void DeviceControllerFactory::PopulateInitParams(ControllerInitParams & controll controllerParams.enableServerInteractions = params.enableServerInteractions; } +void DeviceControllerFactory::ControllerInitialized(const DeviceController & controller) +{ + if (mEnableServerInteractions && controller.GetFabricIndex() != kUndefinedFabricIndex) + { + // Restart DNS-SD advertising, because initialization of this controller could + // have modified whether a particular fabric identity should be + // advertised. Just calling AdvertiseOperational() is not good enough + // here, since we might be removing advertising. + app::DnssdServer::Instance().StartServer(); + } +} + CHIP_ERROR DeviceControllerFactory::SetupController(SetupParams params, DeviceController & controller) { VerifyOrReturnError(mSystemState != nullptr, CHIP_ERROR_INCORRECT_STATE); @@ -326,6 +331,12 @@ CHIP_ERROR DeviceControllerFactory::SetupController(SetupParams params, DeviceCo PopulateInitParams(controllerParams, params); CHIP_ERROR err = controller.Init(controllerParams); + + if (err == CHIP_NO_ERROR) + { + ControllerInitialized(controller); + } + return err; } @@ -347,6 +358,12 @@ CHIP_ERROR DeviceControllerFactory::SetupCommissioner(SetupParams params, Device commissionerParams.deviceAttestationVerifier = params.deviceAttestationVerifier; CHIP_ERROR err = commissioner.Init(commissionerParams); + + if (err == CHIP_NO_ERROR) + { + ControllerInitialized(commissioner); + } + return err; } diff --git a/src/controller/CHIPDeviceControllerFactory.h b/src/controller/CHIPDeviceControllerFactory.h index 04855d62cfc3d2..ad1376eca9d301 100644 --- a/src/controller/CHIPDeviceControllerFactory.h +++ b/src/controller/CHIPDeviceControllerFactory.h @@ -252,6 +252,7 @@ class DeviceControllerFactory void PopulateInitParams(ControllerInitParams & controllerParams, const SetupParams & params); CHIP_ERROR InitSystemState(FactoryInitParams params); CHIP_ERROR InitSystemState(); + void ControllerInitialized(const DeviceController & controller); uint16_t mListenPort; DeviceControllerSystemState * mSystemState = nullptr; diff --git a/src/credentials/FabricTable.cpp b/src/credentials/FabricTable.cpp index eeb5932f01a48a..8ec4691f9f80fa 100644 --- a/src/credentials/FabricTable.cpp +++ b/src/credentials/FabricTable.cpp @@ -78,12 +78,13 @@ CHIP_ERROR FabricInfo::Init(const FabricInfo::InitParams & initParams) Reset(); - mNodeId = initParams.nodeId; - mFabricId = initParams.fabricId; - mFabricIndex = initParams.fabricIndex; - mCompressedFabricId = initParams.compressedFabricId; - mRootPublicKey = initParams.rootPublicKey; - mVendorId = static_cast(initParams.vendorId); + mNodeId = initParams.nodeId; + mFabricId = initParams.fabricId; + mFabricIndex = initParams.fabricIndex; + mCompressedFabricId = initParams.compressedFabricId; + mRootPublicKey = initParams.rootPublicKey; + mVendorId = static_cast(initParams.vendorId); + mShouldAdvertiseIdentity = initParams.advertiseIdentity; // Deal with externally injected keys if (initParams.operationalKeypair != nullptr) @@ -105,12 +106,13 @@ void FabricInfo::operator=(FabricInfo && other) { Reset(); - mNodeId = other.mNodeId; - mFabricId = other.mFabricId; - mFabricIndex = other.mFabricIndex; - mCompressedFabricId = other.mCompressedFabricId; - mRootPublicKey = other.mRootPublicKey; - mVendorId = other.mVendorId; + mNodeId = other.mNodeId; + mFabricId = other.mFabricId; + mFabricIndex = other.mFabricIndex; + mCompressedFabricId = other.mCompressedFabricId; + mRootPublicKey = other.mRootPublicKey; + mVendorId = other.mVendorId; + mShouldAdvertiseIdentity = other.mShouldAdvertiseIdentity; SetFabricLabel(other.GetFabricLabel()); @@ -768,7 +770,7 @@ CHIP_ERROR FabricTable::NotifyFabricCommitted(FabricIndex fabricIndex) CHIP_ERROR FabricTable::AddOrUpdateInner(FabricIndex fabricIndex, bool isAddition, Crypto::P256Keypair * existingOpKey, - bool isExistingOpKeyExternallyOwned, uint16_t vendorId) + bool isExistingOpKeyExternallyOwned, uint16_t vendorId, AdvertiseIdentity advertiseIdentity) { // All parameters pre-validated before we get here @@ -867,6 +869,8 @@ FabricTable::AddOrUpdateInner(FabricIndex fabricIndex, bool isAddition, Crypto:: return CHIP_ERROR_INCORRECT_STATE; } + newFabricInfo.advertiseIdentity = (advertiseIdentity == AdvertiseIdentity::Yes); + // Update local copy of fabric data. For add it's a new entry, for update, it's `mPendingFabric` shadow entry. ReturnErrorOnFailure(fabricEntry->Init(newFabricInfo)); @@ -1642,7 +1646,7 @@ CHIP_ERROR FabricTable::FindExistingFabricByNocChaining(FabricIndex pendingFabri CHIP_ERROR FabricTable::AddNewPendingFabricCommon(const ByteSpan & noc, const ByteSpan & icac, uint16_t vendorId, Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, - FabricIndex * outNewFabricIndex) + AdvertiseIdentity advertiseIdentity, FabricIndex * outNewFabricIndex) { VerifyOrReturnError(mOpCertStore != nullptr, CHIP_ERROR_INCORRECT_STATE); VerifyOrReturnError(outNewFabricIndex != nullptr, CHIP_ERROR_INVALID_ARGUMENT); @@ -1692,8 +1696,8 @@ CHIP_ERROR FabricTable::AddNewPendingFabricCommon(const ByteSpan & noc, const By ReturnErrorOnFailure(mOpCertStore->AddNewOpCertsForFabric(fabricIndexToUse, noc, icac)); VerifyOrReturnError(SetPendingDataFabricIndex(fabricIndexToUse), CHIP_ERROR_INCORRECT_STATE); - CHIP_ERROR err = - AddOrUpdateInner(fabricIndexToUse, /* isAddition = */ true, existingOpKey, isExistingOpKeyExternallyOwned, vendorId); + CHIP_ERROR err = AddOrUpdateInner(fabricIndexToUse, /* isAddition = */ true, existingOpKey, isExistingOpKeyExternallyOwned, + vendorId, advertiseIdentity); if (err != CHIP_NO_ERROR) { // Revert partial state added on error @@ -1712,7 +1716,8 @@ CHIP_ERROR FabricTable::AddNewPendingFabricCommon(const ByteSpan & noc, const By } CHIP_ERROR FabricTable::UpdatePendingFabricCommon(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac, - Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned) + Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, + AdvertiseIdentity advertiseIdentity) { VerifyOrReturnError(mOpCertStore != nullptr, CHIP_ERROR_INCORRECT_STATE); VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_ARGUMENT); @@ -1751,7 +1756,7 @@ CHIP_ERROR FabricTable::UpdatePendingFabricCommon(FabricIndex fabricIndex, const VerifyOrReturnError(SetPendingDataFabricIndex(fabricIndex), CHIP_ERROR_INCORRECT_STATE); CHIP_ERROR err = AddOrUpdateInner(fabricIndex, /* isAddition = */ false, existingOpKey, isExistingOpKeyExternallyOwned, - fabricInfo->GetVendorId()); + fabricInfo->GetVendorId(), advertiseIdentity); if (err != CHIP_NO_ERROR) { // Revert partial state added on error diff --git a/src/credentials/FabricTable.h b/src/credentials/FabricTable.h index 26102984e81130..96b5c415f7e237 100644 --- a/src/credentials/FabricTable.h +++ b/src/credentials/FabricTable.h @@ -112,6 +112,8 @@ class DLL_EXPORT FabricInfo bool HasOperationalKey() const { return mOperationalKey != nullptr; } + bool ShouldAdvertiseIdentity() const { return mShouldAdvertiseIdentity; } + friend class FabricTable; private: @@ -125,6 +127,7 @@ class DLL_EXPORT FabricInfo VendorId vendorId = VendorId::NotSpecified; /**< Vendor ID for commissioner of fabric */ Crypto::P256Keypair * operationalKeypair = nullptr; bool hasExternallyOwnedKeypair = false; + bool advertiseIdentity = false; CHIP_ERROR AreValid() const { @@ -204,7 +207,9 @@ class DLL_EXPORT FabricInfo { chip::Platform::Delete(mOperationalKey); } - mOperationalKey = nullptr; + mOperationalKey = nullptr; + mHasExternallyOwnedOperationalKey = false; + mShouldAdvertiseIdentity = true; mFabricIndex = kUndefinedFabricIndex; mNodeId = kUndefinedNodeId; @@ -230,14 +235,16 @@ class DLL_EXPORT FabricInfo // mFabricLabel is 33 bytes, so ends on a 1 mod 4 byte boundary. char mFabricLabel[kFabricLabelMaxLengthInBytes + 1] = { '\0' }; - // mFabricIndex, mVendorId, mHasExternallyOwnedOperationalKey are 4 bytes - // and do not end up with any padding if they come after the 33-byte - // mFabricLabel, so end on a 1 mod 4 byte boundary. + // mFabricIndex, mVendorId, mHasExternallyOwnedOperationalKey, + // mShouldAdvertiseIdentity are 5 bytes and do not include any padding if + // they come after the 33-byte mFabricLabel, so end on a 2 mod 4 byte + // boundary. FabricIndex mFabricIndex = kUndefinedFabricIndex; VendorId mVendorId = VendorId::NotSpecified; bool mHasExternallyOwnedOperationalKey = false; + bool mShouldAdvertiseIdentity = true; - // 3 bytes of padding here, since mOperationalKey needs to be void*-aligned, + // 2 bytes of padding here, since mOperationalKey needs to be void*-aligned, // so has to be at a 0 mod 4 byte location. mutable Crypto::P256Keypair * mOperationalKey = nullptr; @@ -400,6 +407,12 @@ class DLL_EXPORT FabricTable FabricTable(FabricTable const &) = delete; void operator=(FabricTable const &) = delete; + enum class AdvertiseIdentity : uint8_t + { + Yes, + No + }; + // Returns CHIP_ERROR_NOT_FOUND if there is no fabric for that index. CHIP_ERROR Delete(FabricIndex fabricIndex); void DeleteAllFabrics(); @@ -783,9 +796,10 @@ class DLL_EXPORT FabricTable * @retval other CHIP_ERROR_* on internal errors or certificate validation errors. */ CHIP_ERROR AddNewPendingFabricWithOperationalKeystore(const ByteSpan & noc, const ByteSpan & icac, uint16_t vendorId, - FabricIndex * outNewFabricIndex) + FabricIndex * outNewFabricIndex, + AdvertiseIdentity advertiseIdentity = AdvertiseIdentity::Yes) { - return AddNewPendingFabricCommon(noc, icac, vendorId, nullptr, false, outNewFabricIndex); + return AddNewPendingFabricCommon(noc, icac, vendorId, nullptr, false, advertiseIdentity, outNewFabricIndex); }; /** @@ -818,9 +832,11 @@ class DLL_EXPORT FabricTable */ CHIP_ERROR AddNewPendingFabricWithProvidedOpKey(const ByteSpan & noc, const ByteSpan & icac, uint16_t vendorId, Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, - FabricIndex * outNewFabricIndex) + FabricIndex * outNewFabricIndex, + AdvertiseIdentity advertiseIdentity = AdvertiseIdentity::Yes) { - return AddNewPendingFabricCommon(noc, icac, vendorId, existingOpKey, isExistingOpKeyExternallyOwned, outNewFabricIndex); + return AddNewPendingFabricCommon(noc, icac, vendorId, existingOpKey, isExistingOpKeyExternallyOwned, advertiseIdentity, + outNewFabricIndex); }; /** @@ -852,9 +868,10 @@ class DLL_EXPORT FabricTable * @retval CHIP_ERROR_INVALID_ARGUMENT if any of the arguments are invalid such as too large or out of bounds. * @retval other CHIP_ERROR_* on internal errors or certificate validation errors. */ - CHIP_ERROR UpdatePendingFabricWithOperationalKeystore(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac) + CHIP_ERROR UpdatePendingFabricWithOperationalKeystore(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac, + AdvertiseIdentity advertiseIdentity = AdvertiseIdentity::Yes) { - return UpdatePendingFabricCommon(fabricIndex, noc, icac, nullptr, false); + return UpdatePendingFabricCommon(fabricIndex, noc, icac, nullptr, false, advertiseIdentity); } /** @@ -886,9 +903,10 @@ class DLL_EXPORT FabricTable */ CHIP_ERROR UpdatePendingFabricWithProvidedOpKey(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac, - Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned) + Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, + AdvertiseIdentity advertiseIdentity = AdvertiseIdentity::Yes) { - return UpdatePendingFabricCommon(fabricIndex, noc, icac, existingOpKey, isExistingOpKeyExternallyOwned); + return UpdatePendingFabricCommon(fabricIndex, noc, icac, existingOpKey, isExistingOpKeyExternallyOwned, advertiseIdentity); } /** @@ -1050,16 +1068,17 @@ class DLL_EXPORT FabricTable // Core validation logic for fabric additions/updates CHIP_ERROR AddOrUpdateInner(FabricIndex fabricIndex, bool isAddition, Crypto::P256Keypair * existingOpKey, - bool isExistingOpKeyExternallyOwned, uint16_t vendorId); + bool isExistingOpKeyExternallyOwned, uint16_t vendorId, AdvertiseIdentity advertiseIdentity); // Common code for fabric addition, for either OperationalKeystore or injected key scenarios. CHIP_ERROR AddNewPendingFabricCommon(const ByteSpan & noc, const ByteSpan & icac, uint16_t vendorId, Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, - FabricIndex * outNewFabricIndex); + AdvertiseIdentity advertiseIdentity, FabricIndex * outNewFabricIndex); // Common code for fabric updates, for either OperationalKeystore or injected key scenarios. CHIP_ERROR UpdatePendingFabricCommon(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac, - Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned); + Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, + AdvertiseIdentity advertiseIdentity); // Common code for looking up a fabric given a root public key, a fabric ID and an optional node id scoped to that fabric. const FabricInfo * FindFabricCommon(const Crypto::P256PublicKey & rootPubKey, FabricId fabricId, diff --git a/src/credentials/tests/TestFabricTable.cpp b/src/credentials/tests/TestFabricTable.cpp index 83866b3c8bf78b..96ed242a684310 100644 --- a/src/credentials/tests/TestFabricTable.cpp +++ b/src/credentials/tests/TestFabricTable.cpp @@ -145,7 +145,8 @@ static CHIP_ERROR LoadTestFabric_Node01_02(nlTestSuite * inSuite, FabricTable & /** * Load a single test fabric with with the Root02:ICA02:Node02_01 identity. */ -static CHIP_ERROR LoadTestFabric_Node02_01(nlTestSuite * inSuite, FabricTable & fabricTable, bool doCommit) +static CHIP_ERROR LoadTestFabric_Node02_01(nlTestSuite * inSuite, FabricTable & fabricTable, bool doCommit, + FabricTable::AdvertiseIdentity advertiseIdentity = FabricTable::AdvertiseIdentity::Yes) { Crypto::P256SerializedKeypair opKeysSerialized; FabricIndex fabricIndex; @@ -166,8 +167,9 @@ static CHIP_ERROR LoadTestFabric_Node02_01(nlTestSuite * inSuite, FabricTable & NL_TEST_ASSERT(inSuite, fabricTable.AddNewPendingTrustedRootCert(rcacSpan) == CHIP_NO_ERROR); - CHIP_ERROR err = fabricTable.AddNewPendingFabricWithProvidedOpKey(nocSpan, icacSpan, VendorId::TestVendor1, &opKey_Node02_01, - /*isExistingOpKeyExternallyOwned =*/true, &fabricIndex); + CHIP_ERROR err = + fabricTable.AddNewPendingFabricWithProvidedOpKey(nocSpan, icacSpan, VendorId::TestVendor1, &opKey_Node02_01, + /*isExistingOpKeyExternallyOwned =*/true, &fabricIndex, advertiseIdentity); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); if (doCommit) @@ -821,7 +823,9 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext) ByteSpan noc = fabric44CertAuthority.GetNoc(); NL_TEST_ASSERT_EQUALS(inSuite, fabricTable.FabricCount(), 2); - NL_TEST_ASSERT_SUCCESS(inSuite, fabricTable.UpdatePendingFabricWithOperationalKeystore(2, noc, ByteSpan{})); + NL_TEST_ASSERT_SUCCESS( + inSuite, + fabricTable.UpdatePendingFabricWithOperationalKeystore(2, noc, ByteSpan{}, FabricTable::AdvertiseIdentity::No)); NL_TEST_ASSERT_EQUALS(inSuite, fabricTable.FabricCount(), 2); // No storage yet @@ -839,12 +843,14 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext) { NL_TEST_ASSERT(inSuite, iterFabricInfo.GetNodeId() == 55); NL_TEST_ASSERT(inSuite, iterFabricInfo.GetFabricId() == 11); + NL_TEST_ASSERT(inSuite, iterFabricInfo.ShouldAdvertiseIdentity()); saw1 = true; } if (iterFabricInfo.GetFabricIndex() == 2) { NL_TEST_ASSERT(inSuite, iterFabricInfo.GetNodeId() == 1000); NL_TEST_ASSERT(inSuite, iterFabricInfo.GetFabricId() == 44); + NL_TEST_ASSERT(inSuite, !iterFabricInfo.ShouldAdvertiseIdentity()); saw2 = true; } } @@ -1961,6 +1967,7 @@ void TestUpdateNocFailSafe(nlTestSuite * inSuite, void * inContext) { NL_TEST_ASSERT(inSuite, iterFabricInfo.GetNodeId() == 1000); NL_TEST_ASSERT(inSuite, iterFabricInfo.GetFabricId() == 44); + NL_TEST_ASSERT(inSuite, iterFabricInfo.ShouldAdvertiseIdentity()); saw1 = true; } } @@ -2072,6 +2079,7 @@ void TestUpdateNocFailSafe(nlTestSuite * inSuite, void * inContext) { NL_TEST_ASSERT(inSuite, iterFabricInfo.GetNodeId() == 1001); NL_TEST_ASSERT(inSuite, iterFabricInfo.GetFabricId() == 44); + NL_TEST_ASSERT(inSuite, iterFabricInfo.ShouldAdvertiseIdentity()); saw1 = true; } } @@ -2342,7 +2350,9 @@ void TestFabricLookup(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, fabricTableHolder.Init(&testStorage) == CHIP_NO_ERROR); FabricTable & fabricTable = fabricTableHolder.GetFabricTable(); NL_TEST_ASSERT(inSuite, LoadTestFabric_Node01_01(inSuite, fabricTable, /* doCommit = */ true) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, LoadTestFabric_Node02_01(inSuite, fabricTable, /* doCommit = */ true) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, + LoadTestFabric_Node02_01(inSuite, fabricTable, /* doCommit = */ true, FabricTable::AdvertiseIdentity::No) == + CHIP_NO_ERROR); // Attempt lookup of the Root01 fabric. { @@ -2360,6 +2370,7 @@ void TestFabricLookup(nlTestSuite * inSuite, void * inContext) return; } NL_TEST_ASSERT(inSuite, fabricInfo->GetFabricIndex() == 1); + NL_TEST_ASSERT(inSuite, fabricInfo->ShouldAdvertiseIdentity()); } // Attempt lookup of the Root02 fabric. @@ -2378,6 +2389,7 @@ void TestFabricLookup(nlTestSuite * inSuite, void * inContext) return; } NL_TEST_ASSERT(inSuite, fabricInfo->GetFabricIndex() == 2); + NL_TEST_ASSERT(inSuite, !fabricInfo->ShouldAdvertiseIdentity()); } } @@ -2446,7 +2458,8 @@ void TestAddNocRootCollision(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT_SUCCESS(inSuite, fabricTable.AddNewPendingTrustedRootCert(rcac)); FabricIndex newFabricIndex = kUndefinedFabricIndex; NL_TEST_ASSERT_SUCCESS(inSuite, - fabricTable.AddNewPendingFabricWithOperationalKeystore(noc, icac, kVendorId, &newFabricIndex)); + fabricTable.AddNewPendingFabricWithOperationalKeystore(noc, icac, kVendorId, &newFabricIndex, + FabricTable::AdvertiseIdentity::No)); NL_TEST_ASSERT_EQUALS(inSuite, fabricTable.FabricCount(), 1); NL_TEST_ASSERT(inSuite, newFabricIndex == 1); @@ -2457,6 +2470,8 @@ void TestAddNocRootCollision(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, fabricInfo != nullptr); if (fabricInfo != nullptr) { + NL_TEST_ASSERT(inSuite, !fabricInfo->ShouldAdvertiseIdentity()); + Credentials::ChipCertificateSet certificates; NL_TEST_ASSERT_SUCCESS(inSuite, certificates.Init(1)); NL_TEST_ASSERT_SUCCESS(inSuite, @@ -2561,6 +2576,8 @@ void TestAddNocRootCollision(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, fabricInfo != nullptr); if (fabricInfo != nullptr) { + NL_TEST_ASSERT(inSuite, fabricInfo->ShouldAdvertiseIdentity()); + Credentials::ChipCertificateSet certificates; NL_TEST_ASSERT_SUCCESS(inSuite, certificates.Init(1)); NL_TEST_ASSERT_SUCCESS(inSuite,