Skip to content

Commit

Permalink
Introduce initial TC-RR-1.1
Browse files Browse the repository at this point in the history
- TC-RR-1.1 is a critical test to validate multi-fabric
  behavior is stable and actually works. The test, broadly,
  validates most of the minimas of the core elements of the spec,
  including ACL entries, certificate sizes, number of CASE
  sessions and subscriptions, number of paths, etc.

Issue project-chip#21736

- This PR introduces the core test and all associated minor
  changes to infrastructure to make it work.
- Still TODO:
  - More extensive cert size maximization (closer to 400 TLV bytes)
  - Add controller and commissionee CAT tags (test is 95% equivalent
    to test plan, but a couple ACL fields differ because of this, in
    ways that don't detract from proving what needs proving
  - Validation that local/peer session IDs have not changed. This is
    not technically needed with the SDK as-is based on the methodology
    but it would future-proof the test against some future optimizations
    that may change subscription behavior in a way that the test would
    not validate CASE sessions remain.
  - Clean-up more after the test, so that a factory reset before/after
    is not needed.

Testing done:
- Passes on Linux against all-clusters, all-clusters-minimal and
  lighting app, with both minimal mdns and Avahi.
- Passes on some other platforms (not named here)
  • Loading branch information
tcarmelveilleux committed Aug 19, 2022
1 parent c1f1c8b commit d6f04fb
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 8 deletions.
3 changes: 1 addition & 2 deletions src/controller/ExampleOperationalCredentialsIssuer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -146,8 +146,7 @@ CHIP_ERROR IssueX509Cert(uint32_t now, uint32_t validity, ChipDN issuerDn, ChipD

ReturnErrorOnFailure(ConvertX509CertToChipCert(paddedDerSpan, paddedTlvSpan));

// TODO: REMOVE
printf(" TLV: %d DER: %d\n", (int)paddedTlvSpan.size(), (int)paddedDerSpan.size());
ChipLogProgress(Controller, "Generated maximized certificate with %u DER bytes, %u TLV bytes", static_cast<unsigned>(paddedDerSpan.size()), static_cast<unsigned>(paddedTlvSpan.size()));
if (paddedDerSpan.size() <= kMaxDERCertLength && paddedTlvSpan.size() <= kMaxCHIPCertLength)
{
return CopySpanToMutableSpan(paddedDerSpan, outX509Cert);
Expand Down
15 changes: 11 additions & 4 deletions src/python_testing/TC_RR_1_1.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@
# the trigger the subscriptions not re-opening a new CASE session
#


class TC_RR_1_1(MatterBaseTest):
def setup_class(self):
self._pseudo_random_generator = random.Random(1234)
Expand Down Expand Up @@ -311,10 +310,18 @@ async def test_TC_RR_1_1(self):
if sub_test_failed:
asserts.fail("Failed step 7 !")

# Step 8: TODO: Validate sessions have not changed by doing a read on NodeLabel from all clients
# Step 8: Validate sessions have not changed by doing a read on NodeLabel from all clients
logging.info("Step 8: Read back NodeLabel directly from all clients")
for sub_idx, client in enumerate(client_list):
logging.info("Reading NodeLabel (%d/%d) from controller node %s" % (sub_idx + 1, len(client_list), client.name))

# Step 9: Fill user label list
label_readback = await self.read_single_attribute(client, node_id=self.dut_node_id, endpoint=0, attribute=Clusters.Basic.Attributes.NodeLabel)
asserts.assert_equal(label_readback, AFTER_LABEL)

# TODO: Compare before/after session IDs. Requires more native changes, and the
# subcription method above is actually good enough we think.

# Step 9: Fill user label list
if has_user_labels and not skip_user_label_cluster_steps:
await self.fill_user_label_list(dev_ctrl, self.dut_node_id)
else:
Expand Down Expand Up @@ -421,4 +428,4 @@ def build_acl(self, fabric_number, client_by_name, num_controllers_per_fabric):


if __name__ == "__main__":
default_matter_test_main()
default_matter_test_main(maximize_cert_chains=True)
12 changes: 10 additions & 2 deletions src/python_testing/matter_testing_support.py
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ class MatterTestConfig:
discriminator: int = None
setup_passcode: int = None
commissionee_ip_address_just_for_testing: str = None
maximize_cert_chains: bool = False

qr_code_content: str = None
manual_code: str = None
Expand Down Expand Up @@ -187,7 +188,7 @@ def _init_stack(self, already_initialized: bool, **kwargs):
self._logger.warn(
"Didn't find any CertificateAuthorities in storage -- creating a new CertificateAuthority + FabricAdmin...")
ca = self._certificate_authority_manager.NewCertificateAuthority(caIndex = self._config.root_of_trust_index)
ca.maximizeCertChains = True
ca.maximizeCertChains = self._config.maximize_cert_chains
ca.NewFabricAdmin(vendorId=0xFFF1, fabricId=self._config.fabric_id)
elif (len(self._certificate_authority_manager.activeCaList[0].adminList) == 0):
self._logger.warn("Didn't find any FabricAdmins in storage -- creating a new one...")
Expand Down Expand Up @@ -666,7 +667,7 @@ def _commission_device(self) -> bool:
raise ValueError("Invalid commissioning method %s!" % conf.commissioning_method)


def default_matter_test_main(argv=None):
def default_matter_test_main(argv=None, **kwargs):
"""Execute the test class in a test module.
This is the default entry point for running a test script file directly.
In this case, only one test class in a test script is allowed.
Expand All @@ -692,6 +693,13 @@ def default_matter_test_main(argv=None):
if len(matter_test_config.tests) > 0:
tests = matter_test_config.tests

# This is required in case we need any testing with maximized certificate chains.
# We need *all* issuers from the start, even for default controller, to use
# maximized chains, before MatterStackState init, others some stale certs
# may not chain properly.
if "maximize_cert_chains" in kwargs:
matter_test_config.maximize_cert_chains = kwargs["maximize_cert_chains"]

stack = MatterStackState(matter_test_config)
test_config.user_params["matter_stack"] = stash_globally(stack)

Expand Down

0 comments on commit d6f04fb

Please sign in to comment.