From 3c5fbfd5442487ba6def0f2445ba7f649e007e22 Mon Sep 17 00:00:00 2001 From: Cecille Freeman Date: Sun, 6 Feb 2022 21:48:13 -0500 Subject: [PATCH] Add explicit warning for PID/VID mismatch. --- src/controller/AutoCommissioner.cpp | 10 ++++++++++ src/controller/CHIPDeviceController.cpp | 6 ++++-- src/controller/CommissioningDelegate.h | 9 ++++++++- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/controller/AutoCommissioner.cpp b/src/controller/AutoCommissioner.cpp index e46f2772e26fca..d6069bc9893c2f 100644 --- a/src/controller/AutoCommissioner.cpp +++ b/src/controller/AutoCommissioner.cpp @@ -310,6 +310,16 @@ CHIP_ERROR AutoCommissioner::CommissioningStepFinished(CHIP_ERROR err, Commissio if (err != CHIP_NO_ERROR) { ChipLogError(Controller, "Failed to perform commissioning step %d", static_cast(report.stageCompleted)); + if (report.stageCompleted == CommissioningStage::kAttestationVerification && + (report.Get().attestationResult == + Credentials::AttestationVerificationResult::kDacProductIdMismatch || + report.Get().attestationResult == + Credentials::AttestationVerificationResult::kDacVendorIdMismatch)) + { + ChipLogError(Controller, + "Failed device attestation. Device vendor and/or product ID do not match the IDs given in the device " + "attestation certificate"); + } } else { diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp index cdb3a482bf74b8..da52e5cede48ad 100644 --- a/src/controller/CHIPDeviceController.cpp +++ b/src/controller/CHIPDeviceController.cpp @@ -1126,12 +1126,14 @@ void DeviceCommissioner::OnDeviceAttestationInformationVerification(void * conte if (result != AttestationVerificationResult::kSuccess) { + CommissioningDelegate::CommissioningReport report; + report.Set(result); if (result == AttestationVerificationResult::kNotImplemented) { ChipLogError(Controller, "Failed in verifying 'Attestation Information' command received from the device due to default " "DeviceAttestationVerifier Class not being overridden by a real implementation."); - commissioner->CommissioningStageComplete(CHIP_ERROR_NOT_IMPLEMENTED); + commissioner->CommissioningStageComplete(CHIP_ERROR_NOT_IMPLEMENTED, report); return; } else @@ -1142,7 +1144,7 @@ void DeviceCommissioner::OnDeviceAttestationInformationVerification(void * conte static_cast(result)); // Go look at AttestationVerificationResult enum in src/credentials/DeviceAttestationVerifier.h to understand the // errors. - commissioner->CommissioningStageComplete(CHIP_ERROR_INTERNAL); + commissioner->CommissioningStageComplete(CHIP_ERROR_INTERNAL, report); return; } } diff --git a/src/controller/CommissioningDelegate.h b/src/controller/CommissioningDelegate.h index 16474ee08460c1..761d57b8ddcc42 100644 --- a/src/controller/CommissioningDelegate.h +++ b/src/controller/CommissioningDelegate.h @@ -19,6 +19,7 @@ #pragma once #include #include +#include #include namespace chip { @@ -264,12 +265,18 @@ struct NetworkClusters EndpointId eth = kInvalidEndpointId; }; +struct AdditionalErrorInfo +{ + AdditionalErrorInfo(Credentials::AttestationVerificationResult result) : attestationResult(result) {} + Credentials::AttestationVerificationResult attestationResult; +}; + class CommissioningDelegate { public: virtual ~CommissioningDelegate(){}; struct CommissioningReport : Variant + BasicProduct, BasicSoftware, NetworkClusters, AdditionalErrorInfo> { CommissioningReport() : stageCompleted(CommissioningStage::kError) {} CommissioningStage stageCompleted;