Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chip tool operational credentials cluster fix #6873

Conversation

vivien-apple
Copy link
Contributor

Problem

chip-tool can not pair anymore since the Operational Credentials cluster has landed because the response to the AddOptCert command is not enabled.
In order to enable it, it requires a few fixes, which is what this PR is about.

Summary of Changes

  • Enable the AddOptCert command/response
  • Do the necessary changes to the templates
  • Update gen/ folders.

@vivien-apple vivien-apple self-assigned this May 17, 2021
@todo
Copy link

todo bot commented May 17, 2021

(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.

// TODO(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.
wasHandled = emberAfOperationalCredentialsClusterOpCSRResponseCallback(apCommandObj, CSR, CSRNonce, VendorReserved1,
VendorReserved2, VendorReserved3, Signature);
}
break;
}
case ZCL_OP_CERT_RESPONSE_COMMAND_ID: {
expectArgumentCount = 3;
uint8_t StatusCode;
uint64_t FabricIndex;
const uint8_t * DebugText;


This comment was generated by todo based on a TODO comment in 2d0e18f in #6873. cc @vivien-apple.

@todo
Copy link

todo bot commented May 17, 2021

(#5542): The cluster handlers should accept a ByteSpan for all string types.

// TODO(#5542): The cluster handlers should accept a ByteSpan for all string types.
TLVUnpackError = aDataTlv.GetDataPtr(DebugText);
break;
default:
// Unsupported tag, ignore it.
ChipLogProgress(Zcl, "Unknown TLV tag during processing.");
break;
}
if (CHIP_NO_ERROR != TLVUnpackError)
{
break;


This comment was generated by todo based on a TODO comment in 2d0e18f in #6873. cc @vivien-apple.

@todo
Copy link

todo bot commented May 17, 2021

(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.

// TODO(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.
wasHandled = emberAfOperationalCredentialsClusterOpCertResponseCallback(apCommandObj, StatusCode, FabricIndex,
const_cast<uint8_t *>(DebugText));
}
break;
}
case ZCL_SET_FABRIC_RESPONSE_COMMAND_ID: {
expectArgumentCount = 1;
chip::FabricId FabricId;


This comment was generated by todo based on a TODO comment in 2d0e18f in #6873. cc @vivien-apple.

Comment on lines +10714 to +10821
| * AddOpCert | 0x06 |
| * OpCSRRequest | 0x04 |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's odd that those are not in order. Not for this PR to fix, but it's odd.

OperationalCredentialsAddOpCert() : ModelCommand("add-op-cert")
{
AddArgument("noc", &mNoc);
AddArgument("iCACertificate", &mICACertificate);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iCACertificate is very odd casig. Suggest ICACertificate.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will provide a fix in a followup. This is because the template is doing {{asCamelCased name}} omitting the second argument of https://github.com/project-chip/zap/blob/7c928747ef6c32671d39901c881b82f57a6e1c08/src-electron/generator/helper-c.js#L200 which force the first letter to be lower cased.


chip::Controller::OperationalCredentialsCluster cluster;
cluster.Associate(device, endpointId);
return cluster.AddOpCert(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add TODO about needing to send the NOC and ICA certs in a CHIP certificate array.

public:
OperationalCredentialsOpCSRRequest() : ModelCommand("op-csrrequest")
{
AddArgument("cSRNonce", &mCSRNonce);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rename to CSRNonce.

Comment on lines 2013 to 2018
ChipLogProgress(Zcl, " CSR: %s", CSR);
ChipLogProgress(Zcl, " CSRNonce: %s", CSRNonce);
ChipLogProgress(Zcl, " VendorReserved1: %s", VendorReserved1);
ChipLogProgress(Zcl, " VendorReserved2: %s", VendorReserved2);
ChipLogProgress(Zcl, " VendorReserved3: %s", VendorReserved3);
ChipLogProgress(Zcl, " Signature: %s", Signature);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

None of these are human readable strings. Is there a reason they are printed as strings here? How does a chip::ByteSpan print? I could not find the path used to convert it to a const char*

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It has mostly been used for debugging. I will remove that in a followup, likely just printing the length of the chip::ByteSpan for OCTET_STRING, while still printing the content for CHAR_STRING (which are chip::ByteSpan under the hood).

Copy link
Contributor

@tcarmelveilleux tcarmelveilleux May 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So what will happen here today, though?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did replace the code that uses %s in order to just prints the size and removes a few other places where chip::Bytespan was printed badly.

As discussed I will use

CHIP_ERROR BytesToHex(const uint8_t * src_bytes, size_t src_size, char * dest_hex, size_t dest_size_max, BitFlags<HexFlags> flags);
in a followup in order to facilitate debugging. I was originally hoping to do it into this PR but I got distracted by a few other things and since chip-tool is broken without this patch I guess it is more urgent to repair it...

chip::Controller::OperationalCredentialsCluster cluster;
cluster.Associate(device, endpointId);
return cluster.OpCSRRequest(onSuccessCallback->Cancel(), onFailureCallback->Cancel(),
chip::ByteSpan(chip::Uint8::from_char(mCSRNonce), strlen(mCSRNonce)));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will crash: mCSRNonce is not a string, it's a byte string. strlen should not be called on any CSR fields.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chip-tool lacks support of real OCTET_STRING.
Ideally it should take a string as input specified as hex byte and convert it before sending. At the moment, everything is a string passed from the command line. So strlen is called on the content of the command line argument. It will likely not crash here, since mCSRNonce is a char *, but it will probably not work as you may expect.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO comment then? or will this stop compiling once we support octed_string and will get fixed as a result?

@vivien-apple vivien-apple force-pushed the ChipTool_OperationalCredentialsClusterFix branch from 2d0e18f to f65cad4 Compare May 17, 2021 13:49
@lazarkov
Copy link
Contributor

@andreilitvin can it be merged as hotfix?

Copy link
Contributor

@tcarmelveilleux tcarmelveilleux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, conditional on not logging any ByteSpan

@woody-apple
Copy link
Contributor

@msandstedt @saurabhst ?

@woody-apple
Copy link
Contributor

@andreilitvin can it be merged as hotfix?

@cjandhyala or @vivien-apple how has this been tested?

@vivien-apple are there any tests we can add to make sure this doesn't regress here? Thanks

@vivien-apple vivien-apple force-pushed the ChipTool_OperationalCredentialsClusterFix branch from f65cad4 to 4c37838 Compare May 17, 2021 19:26
{{/chip_attribute_list_entryTypes}}
{{else}}
{{#if (isOctetString type)}}
ChipLogProgress(Zcl, " {{asSymbol label}}: %zu", entries[i].size());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

%zu is not available on all embedded platforms.

In a future PR, suggest:

Suggest having the code eventually static cast size() to uint32_t in the log call and use PRIu32 for the specifier.

@andy31415
Copy link
Contributor

@woody-apple
Copy link
Contributor

/rebase

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants