Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] CacheAndSync feature is not supported,KeySetWrite Command returns Success when sent with GroupKeySecurityPolicy is 1 #26692

Closed
sumaky opened this issue May 19, 2023 · 1 comment · Fixed by #26726
Closed

[BUG] CacheAndSync feature is not supported,KeySetWrite Command returns Success when sent with GroupKeySecurityPolicy is 1 #26692

sumaky opened this issue May 19, 2023 · 1 comment · Fixed by #26726
Labels
cert blocker spec Mismatch between spec and implementation

Comments

@sumaky
Copy link
Contributor

sumaky commented May 19, 2023

Reproduction steps

  1. read feature map CacheandSync Feature value is false
  2. Send Ket-Set-Write with security policy as 1 we get Success response
  3. Key-Set-Read Command returns response with Group Key Security Policy :1

When CacheandSync is not supported expected Ket-Set-Write with security policy as 1 to return invalid command

https://github.com/CHIP-Specifications/chip-test-plans/pull/2381/

Bug prevalence

NA

GitHub hash of the SDK that was being used

NA

Platform

other

Platform Version(s)

NA

Anything else?

No response
@bzbarsky-apple bzbarsky-apple changed the title [BUG] CacheAndSync feature is not supported,KetSetWrite Command returns Success when sent with GroupKeySecurityPolicy is 1 [BUG] CacheAndSync feature is not supported,KeySetWrite Command returns Success when sent with GroupKeySecurityPolicy is 1 May 22, 2023
@bzbarsky-apple bzbarsky-apple added the spec Mismatch between spec and implementation label May 22, 2023
@bzbarsky-apple
Copy link
Contributor

The relevant spec bits here are:

"7.18.1.5. Enumeration (8-bit, 16-bit)" says:

If a client indicates an enumeration value to the server, that is not supported by the server, because it is optional, deprecated, or a new value unrecognized by a legacy server, then the server SHALL generate a general constraint error, , unless the cluster defines alternate behavior

and "Invoke Execution" says:

If a data field violates expected constraints, a CommandStatusIB SHOULD be generated with an error status of CONSTRAINT_ERROR.

and under "11.2.5.4. GroupKeySetStruct Type" we have "GroupKeySecurityPolicy Field" saying:

When CacheAndSync is not supported in the FeatureMap of this cluster, any action attempting to set CacheAndSync in the GroupKeySecurityPolicy field SHALL fail with an INVALID_COMMAND error.

bzbarsky-apple added a commit to bzbarsky-apple/connectedhomeip that referenced this issue May 22, 2023
@bzbarsky-apple
Fix KeySetWrite command payload validation.
e0db58c 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip#26692
@bzbarsky-apple bzbarsky-apple mentioned this issue May 22, 2023
Merged
bzbarsky-apple added a commit to bzbarsky-apple/connectedhomeip that referenced this issue May 22, 2023
@bzbarsky-apple
Fix KeySetWrite command payload validation.
ed777af 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip#26692
@woody-apple woody-apple moved this to Open Cert Blockers in [Certification] Blockers May 22, 2023
bzbarsky-apple added a commit to bzbarsky-apple/connectedhomeip that referenced this issue May 22, 2023
@bzbarsky-apple
Fix KeySetWrite command payload validation.
e664144 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip#26692
@github-project-automation github-project-automation bot moved this from Open Cert Blockers to Complete in [Certification] Blockers May 23, 2023
bzbarsky-apple added a commit that referenced this issue May 23, 2023
@bzbarsky-apple
Fix KeySetWrite command payload validation. (#26726)
46f3dfa 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes #26692
markaj-nordic pushed a commit to markaj-nordic/sdk-connectedhomeip that referenced this issue Oct 6, 2023
@bzbarsky-apple @markaj-nordic
[nrf fromtree] Fix KeySetWrite command payload validation. (#26726)
7fde386 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip/connectedhomeip#26692
markaj-nordic pushed a commit to markaj-nordic/sdk-connectedhomeip that referenced this issue Oct 6, 2023
@bzbarsky-apple @markaj-nordic
[nrf fromtree] Fix KeySetWrite command payload validation. (#26726)
3c76634 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip/connectedhomeip#26692
markaj-nordic pushed a commit to markaj-nordic/sdk-connectedhomeip that referenced this issue Oct 6, 2023
@bzbarsky-apple @markaj-nordic
[nrf fromtree] Fix KeySetWrite command payload validation. (#26726)
f818df5 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip/connectedhomeip#26692
markaj-nordic pushed a commit to markaj-nordic/sdk-connectedhomeip that referenced this issue Oct 6, 2023
@bzbarsky-apple @markaj-nordic
[nrf fromtree] Fix KeySetWrite command payload validation. (#26726)
d1025b4 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip/connectedhomeip#26692
markaj-nordic pushed a commit to markaj-nordic/sdk-connectedhomeip that referenced this issue Oct 9, 2023
@bzbarsky-apple @markaj-nordic
[nrf fromtree] Fix KeySetWrite command payload validation. (#26726)
6ac4023 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip/connectedhomeip#26692
markaj-nordic pushed a commit to markaj-nordic/sdk-connectedhomeip that referenced this issue Oct 9, 2023
@bzbarsky-apple @markaj-nordic
[nrf fromtree] Fix KeySetWrite command payload validation. (#26726)
9d2baf5 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip/connectedhomeip#26692
markaj-nordic pushed a commit to markaj-nordic/sdk-connectedhomeip that referenced this issue Oct 9, 2023
@bzbarsky-apple @markaj-nordic
[nrf fromtree] Fix KeySetWrite command payload validation. (#26726)
d2b6e82 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip/connectedhomeip#26692
markaj-nordic pushed a commit to markaj-nordic/sdk-connectedhomeip that referenced this issue Oct 9, 2023
@bzbarsky-apple @markaj-nordic
[nrf fromtree] Fix KeySetWrite command payload validation. (#26726)
cb06c10 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip/connectedhomeip#26692
markaj-nordic pushed a commit to nrfconnect/sdk-connectedhomeip that referenced this issue Oct 10, 2023
@bzbarsky-apple @markaj-nordic
[nrf fromtree] Fix KeySetWrite command payload validation. (#26726)
7307126 
There are three fixes here:

1. Move the epoch key validity checks up front, since per spec those should
   happen before any internal state verification checks.

2. Add a check that the GroupKeySecurityPolicy in the keyset has a valid value
   for GroupKeySecurityPolicyEnum.

3. If we don't support MCSP, we should be failing out if the
   GroupKeySecurityPolicy is set to CacheAndSync.

Fixes project-chip/connectedhomeip#26692
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cert blocker spec Mismatch between spec and implementation
Projects
[Certification] Blockers
Archived in project
[Enhancements] Spec/XML Alignment
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix KeySetWrite command payload validation. bzbarsky-apple/connectedhomeip
3 participants
@bzbarsky-apple @sumaky @cjandhyala