Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use operational credentials cluster in Commissioner #6651

Closed
wants to merge 3 commits into from

Conversation

pan-apple
Copy link
Contributor

Problem

Need to integrate operational credentials provisioning with CHIP commissioner and device apps.

Summary of Changes

This PR brings in the integration of commissioner and device code with operational credentials cluster.
The controller provisions the operational certificates as part of the provisioning.
Provisioning of trusted root will be done as a separate PR, as it needs its own cluster.
There are some TODOs in the PR that are dependent on ZAP tool updates.

@todo
Copy link

todo bot commented May 11, 2021

- Update ZAP to use 16 bit length for OCTET_STRING. This is a temporary hack, as it only supports 8 bit strings

// TODO - Update ZAP to use 16 bit length for OCTET_STRING. This is a temporary hack, as it only supports 8 bit strings
if (opCertBuf.size() >= UINT8_MAX)
{
ByteSpan tempCertFragment(&opCertBuf.data()[UINT8_MAX], opCertBuf.size() - UINT8_MAX);
ByteSpan opCertFragment(opCertBuf.data(), UINT8_MAX);
ReturnErrorOnFailure(cluster.AddOpCert(successCallback, failureCallback, opCertFragment, tempCertFragment,
ByteSpan(nullptr, 0), mLocalDeviceId, 0));
}
else
{


This comment was generated by todo based on a TODO comment in 64b0cc2 in #6651. cc @pan-apple.

@todo
Copy link

todo bot commented May 11, 2021

(#5590) We should encode a response of status code for invalid TLV.

// TODO(#5590) We should encode a response of status code for invalid TLV.
if (CHIP_NO_ERROR == TLVError && CHIP_NO_ERROR == TLVUnpackError && 7 == validArgumentCount)
{
// TODO(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.
emberAfOperationalCredentialsClusterOpCSRResponseCallback(apCommandObj, CSR, CSRLen, CSRNonce, VendorReserved1,
VendorReserved2, VendorReserved3, Signature);
}
else
{
apCommandObj->AddStatusCode(nullptr, Protocols::SecureChannel::GeneralStatusCode::kBadRequest,
Protocols::SecureChannel::Id, Protocols::SecureChannel::kProtocolCodeGeneralFailure);


This comment was generated by todo based on a TODO comment in 64b0cc2 in #6651. cc @pan-apple.

@todo
Copy link

todo bot commented May 11, 2021

(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.

// TODO(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.
emberAfOperationalCredentialsClusterOpCSRResponseCallback(apCommandObj, CSR, CSRLen, CSRNonce, VendorReserved1,
VendorReserved2, VendorReserved3, Signature);
}
else
{
apCommandObj->AddStatusCode(nullptr, Protocols::SecureChannel::GeneralStatusCode::kBadRequest,
Protocols::SecureChannel::Id, Protocols::SecureChannel::kProtocolCodeGeneralFailure);
ChipLogProgress(
Zcl, "Failed to dispatch command, %d/%" PRIu32 " arguments parsed, TLVError=%" PRIu32 ", UnpackError=%" PRIu32,
7, validArgumentCount, TLVError, TLVUnpackError);


This comment was generated by todo based on a TODO comment in 64b0cc2 in #6651. cc @pan-apple.

@todo
Copy link

todo bot commented May 11, 2021

(#5542): The cluster handlers should accept a ByteSpan for all string types.

// TODO(#5542): The cluster handlers should accept a ByteSpan for all string types.
TLVUnpackError = aDataTlv.GetDataPtr(DebugText);
if (CHIP_NO_ERROR == TLVUnpackError)
{
DebugTextExists = true;
validArgumentCount++;
}
break;
default:
// Unsupported tag, ignore it.
ChipLogProgress(Zcl, "Unknown TLV tag during processing.");


This comment was generated by todo based on a TODO comment in 64b0cc2 in #6651. cc @pan-apple.

@todo
Copy link

todo bot commented May 11, 2021

(#5590) We should encode a response of status code for invalid TLV.

// TODO(#5590) We should encode a response of status code for invalid TLV.
if (CHIP_NO_ERROR == TLVError && CHIP_NO_ERROR == TLVUnpackError && 3 == validArgumentCount)
{
// TODO(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.
emberAfOperationalCredentialsClusterOpCertResponseCallback(apCommandObj, StatusCode, FabricIndex,
const_cast<uint8_t *>(DebugText));
}
else
{
apCommandObj->AddStatusCode(nullptr, Protocols::SecureChannel::GeneralStatusCode::kBadRequest,
Protocols::SecureChannel::Id, Protocols::SecureChannel::kProtocolCodeGeneralFailure);


This comment was generated by todo based on a TODO comment in 64b0cc2 in #6651. cc @pan-apple.

@todo
Copy link

todo bot commented May 11, 2021

(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.

// TODO(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.
emberAfOperationalCredentialsClusterOpCertResponseCallback(apCommandObj, StatusCode, FabricIndex,
const_cast<uint8_t *>(DebugText));
}
else
{
apCommandObj->AddStatusCode(nullptr, Protocols::SecureChannel::GeneralStatusCode::kBadRequest,
Protocols::SecureChannel::Id, Protocols::SecureChannel::kProtocolCodeGeneralFailure);
ChipLogProgress(
Zcl, "Failed to dispatch command, %d/%" PRIu32 " arguments parsed, TLVError=%" PRIu32 ", UnpackError=%" PRIu32,
3, validArgumentCount, TLVError, TLVUnpackError);


This comment was generated by todo based on a TODO comment in 64b0cc2 in #6651. cc @pan-apple.

@github-actions
Copy link

Size increase report for "nrfconnect-example-build" from 5abb72c

File Section File VM
chip-shell.elf text 4476 4476
chip-shell.elf rodata 664 668
chip-shell.elf device_handles -12 -12
chip-lock.elf text 4480 4480
chip-lock.elf rodata 672 668
chip-lighting.elf text 4512 4512
chip-lighting.elf rodata 664 668
Full report output
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-shell.elf and ./pull_artifact/chip-shell.elf:

sections,vmsize,filesize
.debug_info,0,18387
.debug_loc,0,7470
text,4476,4476
.debug_line,0,3962
.debug_abbrev,0,2979
.strtab,0,2086
.symtab,0,2032
.debug_str,0,1622
rodata,668,664
.debug_frame,0,588
.debug_ranges,0,584
.debug_aranges,0,192
.shstrtab,0,-2
device_handles,-12,-12

Comparing ./master_artifact/chip-lock.elf and ./pull_artifact/chip-lock.elf:

sections,vmsize,filesize
.debug_info,0,21717
.debug_loc,0,7432
text,4480,4480
.debug_line,0,3964
.debug_abbrev,0,3711
.strtab,0,2219
.symtab,0,2096
.debug_str,0,1640
rodata,668,672
.debug_frame,0,624
.debug_ranges,0,552
.debug_aranges,0,200
.shstrtab,0,1

Comparing ./master_artifact/chip-lighting.elf and ./pull_artifact/chip-lighting.elf:

sections,vmsize,filesize
.debug_info,0,21814
.debug_loc,0,7436
text,4512,4512
.debug_line,0,3925
.debug_abbrev,0,3705
.strtab,0,2237
.symtab,0,2144
.debug_str,0,1640
rodata,668,664
.debug_frame,0,664
.debug_ranges,0,552
.debug_aranges,0,200
.shstrtab,0,3


@pan-apple pan-apple closed this May 12, 2021
@pan-apple pan-apple deleted the opcreds-controller branch May 12, 2021 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant