From ad38d0ec74e72ff6ada4b7417559f4b21043d2f6 Mon Sep 17 00:00:00 2001 From: Karsten Sperling Date: Mon, 30 Oct 2023 12:11:37 +1300 Subject: [PATCH 1/5] TLVReader: Factor Expect() helper out of Next(...) --- src/credentials/CHIPCertToX509.cpp | 4 +-- src/lib/core/TLVReader.cpp | 27 ++++++++++------- src/lib/core/TLVReader.h | 47 +++++++++++++----------------- 3 files changed, 39 insertions(+), 39 deletions(-) diff --git a/src/credentials/CHIPCertToX509.cpp b/src/credentials/CHIPCertToX509.cpp index 47781c59d57eec..6341e2239e914c 100644 --- a/src/credentials/CHIPCertToX509.cpp +++ b/src/credentials/CHIPCertToX509.cpp @@ -574,9 +574,7 @@ static CHIP_ERROR DecodeConvertCert(TLVReader & reader, ASN1Writer & writer, ASN { ReturnErrorOnFailure(reader.Next()); } - VerifyOrReturnError(reader.GetType() == kTLVType_Structure, CHIP_ERROR_WRONG_TLV_TYPE); - VerifyOrReturnError(reader.GetTag() == AnonymousTag(), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); - + ReturnErrorOnFailure(reader.Expect(kTLVType_Structure, AnonymousTag())); ReturnErrorOnFailure(reader.EnterContainer(containerType)); // Certificate ::= SEQUENCE diff --git a/src/lib/core/TLVReader.cpp b/src/lib/core/TLVReader.cpp index c44d0947d87d1c..1fe3b6b4c695f0 100644 --- a/src/lib/core/TLVReader.cpp +++ b/src/lib/core/TLVReader.cpp @@ -583,23 +583,30 @@ CHIP_ERROR TLVReader::Next() return CHIP_NO_ERROR; } +CHIP_ERROR TLVReader::Expect(Tag expectedTag) +{ + VerifyOrReturnError(mElemTag == expectedTag, CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); + return CHIP_NO_ERROR; +} + CHIP_ERROR TLVReader::Next(Tag expectedTag) { - CHIP_ERROR err = Next(); - if (err != CHIP_NO_ERROR) - return err; - if (mElemTag != expectedTag) - return CHIP_ERROR_UNEXPECTED_TLV_ELEMENT; + ReturnErrorOnFailure(Next()); + ReturnErrorOnFailure(Expect(expectedTag)); + return CHIP_NO_ERROR; +} + +CHIP_ERROR TLVReader::Expect(TLVType expectedType, Tag expectedTag) +{ + ReturnErrorOnFailure(Expect(expectedTag)); + VerifyOrReturnError(GetType() == expectedType, CHIP_ERROR_WRONG_TLV_TYPE); return CHIP_NO_ERROR; } CHIP_ERROR TLVReader::Next(TLVType expectedType, Tag expectedTag) { - CHIP_ERROR err = Next(expectedTag); - if (err != CHIP_NO_ERROR) - return err; - if (GetType() != expectedType) - return CHIP_ERROR_WRONG_TLV_TYPE; + ReturnErrorOnFailure(Next()); + ReturnErrorOnFailure(Expect(expectedType, expectedTag)); return CHIP_NO_ERROR; } diff --git a/src/lib/core/TLVReader.h b/src/lib/core/TLVReader.h index 0acc618bc86598..7e4253b4e5ce3a 100644 --- a/src/lib/core/TLVReader.h +++ b/src/lib/core/TLVReader.h @@ -167,32 +167,36 @@ class DLL_EXPORT TLVReader * Advances the TLVReader object to the next TLV element to be read, asserting the tag of * the new element. * - * The Next(Tag expectedTag) method is a convenience method that has the - * same behavior as Next(), but also verifies that the tag of the new TLV element matches - * the supplied argument. + * This is a convenience method that combines the behavior of Next() and Expect(). * - * @param[in] expectedTag The expected tag for the next element. + * @retval #CHIP_NO_ERROR If the reader was successfully positioned on a new element + * matching the expected parameters. + * @retval other See return values of Next() and Expect(). + */ + CHIP_ERROR Next(Tag expectedTag); + + /* Checks that the TLV reader is position at an element with the expected tag. * - * @retval #CHIP_NO_ERROR If the reader was successfully positioned on a new element. - * @retval #CHIP_END_OF_TLV If no further elements are available. + * @retval #CHIP_NO_ERROR If the reader is positioned on the expected element. * @retval #CHIP_ERROR_UNEXPECTED_TLV_ELEMENT * If the tag associated with the new element does not match the * value of the @p expectedTag argument. - * @retval #CHIP_ERROR_TLV_UNDERRUN If the underlying TLV encoding ended prematurely. - * @retval #CHIP_ERROR_INVALID_TLV_ELEMENT - * If the reader encountered an invalid or unsupported TLV - * element type. - * @retval #CHIP_ERROR_INVALID_TLV_TAG If the reader encountered a TLV tag in an invalid context. - * @retval other Other CHIP or platform error codes returned by the configured - * TLVBackingStore. - * */ - CHIP_ERROR Next(Tag expectedTag); + CHIP_ERROR Expect(Tag expectedTag); /** * Advances the TLVReader object to the next TLV element to be read, asserting the type and tag of * the new element. * + * This is a convenience method that combines the behavior of Next() and Expect(). + * + * @retval #CHIP_NO_ERROR If the reader was successfully positioned on a new element + * matching the expected parameters. + * @retval other See return values of Next() and Expect(). + */ + CHIP_ERROR Next(TLVType expectedType, Tag expectedTag); + + /** * The Next(TLVType expectedType, Tag expectedTag) method is a convenience method that has the * same behavior as Next(), but also verifies that the type and tag of the new TLV element match * the supplied arguments. @@ -200,23 +204,14 @@ class DLL_EXPORT TLVReader * @param[in] expectedType The expected data type for the next element. * @param[in] expectedTag The expected tag for the next element. * - * @retval #CHIP_NO_ERROR If the reader was successfully positioned on a new element. - * @retval #CHIP_END_OF_TLV If no further elements are available. + * @retval #CHIP_NO_ERROR If the reader is positioned on the expected element. * @retval #CHIP_ERROR_WRONG_TLV_TYPE If the type of the new element does not match the value * of the @p expectedType argument. * @retval #CHIP_ERROR_UNEXPECTED_TLV_ELEMENT * If the tag associated with the new element does not match the * value of the @p expectedTag argument. - * @retval #CHIP_ERROR_TLV_UNDERRUN If the underlying TLV encoding ended prematurely. - * @retval #CHIP_ERROR_INVALID_TLV_ELEMENT - * If the reader encountered an invalid or unsupported TLV - * element type. - * @retval #CHIP_ERROR_INVALID_TLV_TAG If the reader encountered a TLV tag in an invalid context. - * @retval other Other CHIP or platform error codes returned by the configured - * TLVBackingStore. - * */ - CHIP_ERROR Next(TLVType expectedType, Tag expectedTag); + CHIP_ERROR Expect(TLVType expectedType, Tag expectedTag); /** * Returns the type of the current TLV element. From 510e10cc76470511be8f5f8ccbd6c5a7e8ba3399 Mon Sep 17 00:00:00 2001 From: Karsten Sperling Date: Thu, 2 Nov 2023 11:11:06 +1300 Subject: [PATCH 2/5] ChipCert: Make issuerKeypair parameters const --- src/credentials/CHIPCert.h | 6 +++--- src/credentials/GenerateChipX509Cert.cpp | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/credentials/CHIPCert.h b/src/credentials/CHIPCert.h index 0f8ba1df4b2955..af2c5c1916de4b 100644 --- a/src/credentials/CHIPCert.h +++ b/src/credentials/CHIPCert.h @@ -569,7 +569,7 @@ struct X509CertRequestParams * * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise **/ -CHIP_ERROR NewRootX509Cert(const X509CertRequestParams & requestParams, Crypto::P256Keypair & issuerKeypair, +CHIP_ERROR NewRootX509Cert(const X509CertRequestParams & requestParams, const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert); /** @@ -583,7 +583,7 @@ CHIP_ERROR NewRootX509Cert(const X509CertRequestParams & requestParams, Crypto:: * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise **/ CHIP_ERROR NewICAX509Cert(const X509CertRequestParams & requestParams, const Crypto::P256PublicKey & subjectPubkey, - Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert); + const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert); /** * @brief Generate a new X.509 DER encoded Node operational certificate @@ -596,7 +596,7 @@ CHIP_ERROR NewICAX509Cert(const X509CertRequestParams & requestParams, const Cry * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise **/ CHIP_ERROR NewNodeOperationalX509Cert(const X509CertRequestParams & requestParams, const Crypto::P256PublicKey & subjectPubkey, - Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert); + const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert); /** * @brief diff --git a/src/credentials/GenerateChipX509Cert.cpp b/src/credentials/GenerateChipX509Cert.cpp index 86c7decf50e863..16b4b56fc11228 100644 --- a/src/credentials/GenerateChipX509Cert.cpp +++ b/src/credentials/GenerateChipX509Cert.cpp @@ -378,7 +378,7 @@ CHIP_ERROR EncodeTBSCert(const X509CertRequestParams & requestParams, const Cryp } CHIP_ERROR NewChipX509Cert(const X509CertRequestParams & requestParams, const Crypto::P256PublicKey & subjectPubkey, - Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert) + const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert) { CHIP_ERROR err = CHIP_NO_ERROR; ASN1Writer writer; @@ -411,7 +411,7 @@ CHIP_ERROR NewChipX509Cert(const X509CertRequestParams & requestParams, const Cr return err; } -DLL_EXPORT CHIP_ERROR NewRootX509Cert(const X509CertRequestParams & requestParams, Crypto::P256Keypair & issuerKeypair, +DLL_EXPORT CHIP_ERROR NewRootX509Cert(const X509CertRequestParams & requestParams, const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert) { CertType certType; @@ -424,7 +424,7 @@ DLL_EXPORT CHIP_ERROR NewRootX509Cert(const X509CertRequestParams & requestParam } DLL_EXPORT CHIP_ERROR NewICAX509Cert(const X509CertRequestParams & requestParams, const Crypto::P256PublicKey & subjectPubkey, - Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert) + const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert) { CertType certType; @@ -438,8 +438,8 @@ DLL_EXPORT CHIP_ERROR NewICAX509Cert(const X509CertRequestParams & requestParams } DLL_EXPORT CHIP_ERROR NewNodeOperationalX509Cert(const X509CertRequestParams & requestParams, - const Crypto::P256PublicKey & subjectPubkey, Crypto::P256Keypair & issuerKeypair, - MutableByteSpan & x509Cert) + const Crypto::P256PublicKey & subjectPubkey, + const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert) { CertType certType; From f61524f29265fd1fb18275f8bc8d5d4c1ecb2aaf Mon Sep 17 00:00:00 2001 From: Karsten Sperling Date: Thu, 2 Nov 2023 14:26:50 +1300 Subject: [PATCH 3/5] ChipCert: Factor out EncodeExtKeyUsageExtension helper ... and tidy up the API of some other helpers a little to make them easier to re-use. --- src/credentials/GenerateChipX509Cert.cpp | 88 +++++++++++------------- 1 file changed, 39 insertions(+), 49 deletions(-) diff --git a/src/credentials/GenerateChipX509Cert.cpp b/src/credentials/GenerateChipX509Cert.cpp index 16b4b56fc11228..8297b85c4c5909 100644 --- a/src/credentials/GenerateChipX509Cert.cpp +++ b/src/credentials/GenerateChipX509Cert.cpp @@ -27,6 +27,7 @@ #endif #include +#include #include #include @@ -81,9 +82,7 @@ CHIP_ERROR EncodeAuthorityKeyIdentifierExtension(const Crypto::P256PublicKey & p ASN1_START_SEQUENCE { - OID extensionOID = GetOID(kOIDCategory_Extension, static_cast(kTag_AuthorityKeyIdentifier)); - - ASN1_ENCODE_OBJECT_ID(extensionOID); + ASN1_ENCODE_OBJECT_ID(kOID_Extension_AuthorityKeyIdentifier); ASN1_START_OCTET_STRING_ENCAPSULATED { @@ -111,9 +110,7 @@ CHIP_ERROR EncodeSubjectKeyIdentifierExtension(const Crypto::P256PublicKey & pub ASN1_START_SEQUENCE { - OID extensionOID = GetOID(kOIDCategory_Extension, static_cast(kTag_SubjectKeyIdentifier)); - - ASN1_ENCODE_OBJECT_ID(extensionOID); + ASN1_ENCODE_OBJECT_ID(kOID_Extension_SubjectKeyIdentifier); ASN1_START_OCTET_STRING_ENCAPSULATED { @@ -130,21 +127,46 @@ CHIP_ERROR EncodeSubjectKeyIdentifierExtension(const Crypto::P256PublicKey & pub return err; } -CHIP_ERROR EncodeKeyUsageExtension(uint16_t keyUsageBits, ASN1Writer & writer) +CHIP_ERROR EncodeExtKeyUsageExtension(std::initializer_list keyPurposeOIDs, ASN1Writer & writer) { CHIP_ERROR err = CHIP_NO_ERROR; - ASN1_START_SEQUENCE { - OID extensionOID = GetOID(kOIDCategory_Extension, static_cast(kTag_KeyUsage)); + ASN1_ENCODE_OBJECT_ID(kOID_Extension_ExtendedKeyUsage); + + // ExtKeyUsage extension MUST be marked as critical. + ASN1_ENCODE_BOOLEAN(true); + ASN1_START_OCTET_STRING_ENCAPSULATED + { + ASN1_START_SEQUENCE + { + for (auto && oid : keyPurposeOIDs) + { + ASN1_ENCODE_OBJECT_ID(oid); + } + } + ASN1_END_SEQUENCE; + } + ASN1_END_ENCAPSULATED; + } + ASN1_END_SEQUENCE; + +exit: + return err; +} - ASN1_ENCODE_OBJECT_ID(extensionOID); +CHIP_ERROR EncodeKeyUsageExtension(BitFlags keyUsageFlags, ASN1Writer & writer) +{ + CHIP_ERROR err = CHIP_NO_ERROR; + ASN1_START_SEQUENCE + { + ASN1_ENCODE_OBJECT_ID(kOID_Extension_KeyUsage); // KeyUsage extension MUST be marked as critical. ASN1_ENCODE_BOOLEAN(true); ASN1_START_OCTET_STRING_ENCAPSULATED { - ASN1_ENCODE_BIT_STRING(keyUsageBits); + ASN1_ENCODE_BIT_STRING(keyUsageFlags.Raw()); } ASN1_END_ENCAPSULATED; } @@ -157,12 +179,9 @@ CHIP_ERROR EncodeKeyUsageExtension(uint16_t keyUsageBits, ASN1Writer & writer) CHIP_ERROR EncodeIsCAExtension(IsCACert isCA, ASN1Writer & writer) { CHIP_ERROR err = CHIP_NO_ERROR; - ASN1_START_SEQUENCE { - OID extensionOID = GetOID(kOIDCategory_Extension, static_cast(kTag_BasicConstraints)); - - ASN1_ENCODE_OBJECT_ID(extensionOID); + ASN1_ENCODE_OBJECT_ID(kOID_Extension_BasicConstraints); // BasicConstraints extension MUST be marked as critical. ASN1_ENCODE_BOOLEAN(true); @@ -191,46 +210,17 @@ CHIP_ERROR EncodeIsCAExtension(IsCACert isCA, ASN1Writer & writer) CHIP_ERROR EncodeCASpecificExtensions(ASN1Writer & writer) { ReturnErrorOnFailure(EncodeIsCAExtension(kCACert, writer)); - - uint16_t keyUsageBits = static_cast(KeyUsageFlags::kKeyCertSign) | static_cast(KeyUsageFlags::kCRLSign); - - ReturnErrorOnFailure(EncodeKeyUsageExtension(keyUsageBits, writer)); - + ReturnErrorOnFailure( + EncodeKeyUsageExtension(BitFlags(KeyUsageFlags::kKeyCertSign, KeyUsageFlags::kCRLSign), writer)); return CHIP_NO_ERROR; } CHIP_ERROR EncodeNOCSpecificExtensions(ASN1Writer & writer) { - CHIP_ERROR err = CHIP_NO_ERROR; - - uint16_t keyUsageBits = static_cast(KeyUsageFlags::kDigitalSignature); - ReturnErrorOnFailure(EncodeIsCAExtension(kNotCACert, writer)); - ReturnErrorOnFailure(EncodeKeyUsageExtension(keyUsageBits, writer)); - - ASN1_START_SEQUENCE - { - OID extensionOID = GetOID(kOIDCategory_Extension, static_cast(kTag_ExtendedKeyUsage)); - - ASN1_ENCODE_OBJECT_ID(extensionOID); - - // ExtKeyUsage extension MUST be marked as critical. - ASN1_ENCODE_BOOLEAN(true); - ASN1_START_OCTET_STRING_ENCAPSULATED - { - ASN1_START_SEQUENCE - { - ASN1_ENCODE_OBJECT_ID(kOID_KeyPurpose_ClientAuth); - ASN1_ENCODE_OBJECT_ID(kOID_KeyPurpose_ServerAuth); - } - ASN1_END_SEQUENCE; - } - ASN1_END_ENCAPSULATED; - } - ASN1_END_SEQUENCE; - -exit: - return err; + ReturnErrorOnFailure(EncodeKeyUsageExtension(KeyUsageFlags::kDigitalSignature, writer)); + ReturnErrorOnFailure(EncodeExtKeyUsageExtension({ kOID_KeyPurpose_ClientAuth, kOID_KeyPurpose_ServerAuth }, writer)); + return CHIP_NO_ERROR; } CHIP_ERROR EncodeFutureExtension(const Optional & futureExt, ASN1Writer & writer) From d68b7772480a572b8c612fa5e4c53d1222da9ca6 Mon Sep 17 00:00:00 2001 From: Karsten Sperling Date: Thu, 2 Nov 2023 20:22:59 +1300 Subject: [PATCH 4/5] Fix doc comments as per review --- src/lib/core/TLVReader.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/lib/core/TLVReader.h b/src/lib/core/TLVReader.h index 7e4253b4e5ce3a..6be621e6382ce6 100644 --- a/src/lib/core/TLVReader.h +++ b/src/lib/core/TLVReader.h @@ -175,7 +175,8 @@ class DLL_EXPORT TLVReader */ CHIP_ERROR Next(Tag expectedTag); - /* Checks that the TLV reader is position at an element with the expected tag. + /** + * Checks that the TLV reader is positioned at an element with the expected tag. * * @retval #CHIP_NO_ERROR If the reader is positioned on the expected element. * @retval #CHIP_ERROR_UNEXPECTED_TLV_ELEMENT @@ -197,9 +198,7 @@ class DLL_EXPORT TLVReader CHIP_ERROR Next(TLVType expectedType, Tag expectedTag); /** - * The Next(TLVType expectedType, Tag expectedTag) method is a convenience method that has the - * same behavior as Next(), but also verifies that the type and tag of the new TLV element match - * the supplied arguments. + * Checks that the TLV reader is positioned at an element with the expected type and tag. * * @param[in] expectedType The expected data type for the next element. * @param[in] expectedTag The expected tag for the next element. From efdf34289b8b2e31c59fd13f6094b9a99f04d951 Mon Sep 17 00:00:00 2001 From: Karsten Sperling Date: Thu, 2 Nov 2023 23:41:04 +1300 Subject: [PATCH 5/5] Condense a few more checks into an Expect() --- .../ExampleOperationalCredentialsIssuer.cpp | 3 +-- .../AndroidOperationalCredentialsIssuer.cpp | 6 ++--- src/credentials/CHIPCertToX509.cpp | 23 +++++-------------- .../CHIP/MTROperationalCredentialsDelegate.mm | 3 +-- src/lib/core/OTAImageHeader.cpp | 2 +- 5 files changed, 11 insertions(+), 26 deletions(-) diff --git a/src/controller/ExampleOperationalCredentialsIssuer.cpp b/src/controller/ExampleOperationalCredentialsIssuer.cpp index 132f111a18c3e0..09a9a5a99bc9bb 100644 --- a/src/controller/ExampleOperationalCredentialsIssuer.cpp +++ b/src/controller/ExampleOperationalCredentialsIssuer.cpp @@ -348,8 +348,7 @@ CHIP_ERROR ExampleOperationalCredentialsIssuer::GenerateNOCChain(const ByteSpan ReturnErrorOnFailure(reader.Next()); } - VerifyOrReturnError(reader.GetType() == kTLVType_Structure, CHIP_ERROR_WRONG_TLV_TYPE); - VerifyOrReturnError(reader.GetTag() == AnonymousTag(), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); + ReturnErrorOnFailure(reader.Expect(kTLVType_Structure, AnonymousTag())); TLVType containerType; ReturnErrorOnFailure(reader.EnterContainer(containerType)); diff --git a/src/controller/java/AndroidOperationalCredentialsIssuer.cpp b/src/controller/java/AndroidOperationalCredentialsIssuer.cpp index 063ba5dfb6cdc3..1cfa9d28d25960 100644 --- a/src/controller/java/AndroidOperationalCredentialsIssuer.cpp +++ b/src/controller/java/AndroidOperationalCredentialsIssuer.cpp @@ -186,8 +186,7 @@ CHIP_ERROR AndroidOperationalCredentialsIssuer::CallbackGenerateNOCChain(const B ReturnErrorOnFailure(reader.Next()); } - VerifyOrReturnError(reader.GetType() == kTLVType_Structure, CHIP_ERROR_WRONG_TLV_TYPE); - VerifyOrReturnError(reader.GetTag() == AnonymousTag(), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); + ReturnErrorOnFailure(reader.Expect(kTLVType_Structure, AnonymousTag())); TLVType containerType; ReturnErrorOnFailure(reader.EnterContainer(containerType)); @@ -335,8 +334,7 @@ CHIP_ERROR AndroidOperationalCredentialsIssuer::LocalGenerateNOCChain(const Byte ReturnErrorOnFailure(reader.Next()); } - VerifyOrReturnError(reader.GetType() == kTLVType_Structure, CHIP_ERROR_WRONG_TLV_TYPE); - VerifyOrReturnError(reader.GetTag() == AnonymousTag(), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); + ReturnErrorOnFailure(reader.Expect(kTLVType_Structure, AnonymousTag())); TLVType containerType; ReturnErrorOnFailure(reader.EnterContainer(containerType)); diff --git a/src/credentials/CHIPCertToX509.cpp b/src/credentials/CHIPCertToX509.cpp index 6341e2239e914c..7001e51dd66faf 100644 --- a/src/credentials/CHIPCertToX509.cpp +++ b/src/credentials/CHIPCertToX509.cpp @@ -152,9 +152,7 @@ static CHIP_ERROR DecodeConvertAuthorityKeyIdentifierExtension(TLVReader & reade { // keyIdentifier [0] IMPLICIT KeyIdentifier // KeyIdentifier ::= OCTET STRING - VerifyOrReturnError(reader.GetType() == kTLVType_ByteString, CHIP_ERROR_WRONG_TLV_TYPE); - VerifyOrReturnError(reader.GetTag() == ContextTag(kTag_AuthorityKeyIdentifier), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); - + ReturnErrorOnFailure(reader.Expect(kTLVType_ByteString, ContextTag(kTag_AuthorityKeyIdentifier))); ReturnErrorOnFailure(reader.Get(certData.mAuthKeyId)); static_assert(CertificateKeyId().size() <= UINT16_MAX, "Authority key id size doesn't fit in a uint16_t"); @@ -177,9 +175,7 @@ static CHIP_ERROR DecodeConvertSubjectKeyIdentifierExtension(TLVReader & reader, // SubjectKeyIdentifier ::= KeyIdentifier // KeyIdentifier ::= OCTET STRING - VerifyOrReturnError(reader.GetType() == kTLVType_ByteString, CHIP_ERROR_WRONG_TLV_TYPE); - VerifyOrReturnError(reader.GetTag() == ContextTag(kTag_SubjectKeyIdentifier), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); - + ReturnErrorOnFailure(reader.Expect(kTLVType_ByteString, ContextTag(kTag_SubjectKeyIdentifier))); ReturnErrorOnFailure(reader.Get(certData.mSubjectKeyId)); static_assert(CertificateKeyId().size() <= UINT16_MAX, "Subject key id size doesn't fit in a uint16_t"); @@ -198,8 +194,7 @@ static CHIP_ERROR DecodeConvertKeyUsageExtension(TLVReader & reader, ASN1Writer certData.mCertFlags.Set(CertFlags::kExtPresent_KeyUsage); // KeyUsage ::= BIT STRING - VerifyOrReturnError(reader.GetTag() == ContextTag(kTag_KeyUsage), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); - + ReturnErrorOnFailure(reader.Expect(ContextTag(kTag_KeyUsage))); ReturnErrorOnFailure(reader.Get(keyUsageBits)); { @@ -229,9 +224,7 @@ static CHIP_ERROR DecodeConvertBasicConstraintsExtension(TLVReader & reader, ASN // BasicConstraints ::= SEQUENCE ASN1_START_SEQUENCE { - VerifyOrReturnError(reader.GetTag() == ContextTag(kTag_BasicConstraints), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); - VerifyOrReturnError(reader.GetType() == kTLVType_Structure, CHIP_ERROR_WRONG_TLV_TYPE); - + ReturnErrorOnFailure(reader.Expect(kTLVType_Structure, ContextTag(kTag_BasicConstraints))); ReturnErrorOnFailure(reader.EnterContainer(outerContainer)); // cA BOOLEAN DEFAULT FALSE @@ -282,9 +275,7 @@ static CHIP_ERROR DecodeConvertExtendedKeyUsageExtension(TLVReader & reader, ASN // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId ASN1_START_SEQUENCE { - VerifyOrReturnError(reader.GetTag() == ContextTag(kTag_ExtendedKeyUsage), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); - VerifyOrReturnError(reader.GetType() == kTLVType_Array, CHIP_ERROR_WRONG_TLV_TYPE); - + ReturnErrorOnFailure(reader.Expect(kTLVType_Array, ContextTag(kTag_ExtendedKeyUsage))); ReturnErrorOnFailure(reader.EnterContainer(outerContainer)); while ((err = reader.Next(AnonymousTag())) == CHIP_NO_ERROR) @@ -312,9 +303,7 @@ static CHIP_ERROR DecodeConvertFutureExtension(TLVReader & tlvReader, ASN1Writer ByteSpan extensionSequence; ASN1Reader reader; - VerifyOrReturnError(tlvReader.GetTag() == ContextTag(kTag_FutureExtension), CHIP_ERROR_INVALID_TLV_TAG); - VerifyOrReturnError(tlvReader.GetType() == kTLVType_ByteString, CHIP_ERROR_WRONG_TLV_TYPE); - + ReturnErrorOnFailure(tlvReader.Expect(kTLVType_ByteString, ContextTag(kTag_FutureExtension))); ReturnErrorOnFailure(tlvReader.Get(extensionSequence)); reader.Init(extensionSequence); diff --git a/src/darwin/Framework/CHIP/MTROperationalCredentialsDelegate.mm b/src/darwin/Framework/CHIP/MTROperationalCredentialsDelegate.mm index 71ee2e6c198f50..888e3ddba38bfc 100644 --- a/src/darwin/Framework/CHIP/MTROperationalCredentialsDelegate.mm +++ b/src/darwin/Framework/CHIP/MTROperationalCredentialsDelegate.mm @@ -273,8 +273,7 @@ ReturnErrorOnFailure(reader.Next()); } - VerifyOrReturnError(reader.GetType() == kTLVType_Structure, CHIP_ERROR_WRONG_TLV_TYPE); - VerifyOrReturnError(reader.GetTag() == AnonymousTag(), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); + ReturnErrorOnFailure(reader.Expect(kTLVType_Structure, AnonymousTag())); TLVType containerType; ReturnErrorOnFailure(reader.EnterContainer(containerType)); diff --git a/src/lib/core/OTAImageHeader.cpp b/src/lib/core/OTAImageHeader.cpp index ebf644fff9daf8..674c08afb31429 100644 --- a/src/lib/core/OTAImageHeader.cpp +++ b/src/lib/core/OTAImageHeader.cpp @@ -163,7 +163,7 @@ CHIP_ERROR OTAImageHeaderParser::DecodeTlv(OTAImageHeader & header) ReturnErrorOnFailure(tlvReader.Next()); } - VerifyOrReturnError(tlvReader.GetTag() == TLV::ContextTag(Tag::kImageDigestType), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT); + ReturnErrorOnFailure(tlvReader.Expect(TLV::ContextTag(Tag::kImageDigestType))); ReturnErrorOnFailure(tlvReader.Get(header.mImageDigestType)); ReturnErrorOnFailure(tlvReader.Next(TLV::ContextTag(Tag::kImageDigest))); ReturnErrorOnFailure(tlvReader.Get(header.mImageDigest));