Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate CASE state machine with the controller #6810

Merged
merged 6 commits into from
May 14, 2021
Merged

Integrate CASE state machine with the controller #6810

merged 6 commits into from
May 14, 2021

Conversation

pan-apple
Copy link
Contributor

Problem

Need to integrate CASE state machine with device controller.

Summary of Changes

This PR adds controller specific logic to trigger the CASE session setup.
Currently, it'll trigger the session setup when the first message is sent by the controller. The logic can be enhanced to trigger the session setup for other use cases.

This PR is dependent on #6791, and would require a rebase once that merges.

@todo
Copy link

todo bot commented May 14, 2021

- Enable keys derived from CASE Session

connectedhomeip/src/controller/CHIPDevice.cpp

Lines 423 to 433 in a15b4ec

// TODO - Enable keys derived from CASE Session
// CHIP_ERROR err = mSessionManager->NewPairing(Optional<Transport::PeerAddress>::Value(mDeviceAddress), mDeviceId,
// &mCASESession,
// SecureSession::SessionRole::kInitiator, mAdminId, nullptr);
// if (err != CHIP_NO_ERROR)
// {
// ChipLogError(Controller, "Failed in setting up CASE secure channel: err %s", ErrorStr(err));
// OnSessionEstablishmentError(err);
// return;
// }
}

This comment was generated by todo based on a TODO comment in a15b4ec in #6810. cc @pan-apple.

@todo
Copy link

todo bot commented May 14, 2021

- Detect when the device is fully provisioned, instead of relying on UpdateDevice()

connectedhomeip/src/controller/CHIPDeviceController.cpp

Lines 471 to 477 in a15b4ec

// TODO - Detect when the device is fully provisioned, instead of relying on UpdateDevice()
device->ProvisioningComplete(mNextKeyId++);
PersistDevice(device);
PersistNextKeyId();
#if CHIP_DEVICE_CONFIG_ENABLE_MDNS
return Mdns::Resolver::Instance().ResolveNodeId(chip::PeerId().SetNodeId(device->GetDeviceId()).SetFabricId(fabricId),
chip::Inet::kIPAddressType_Any);

This comment was generated by todo based on a TODO comment in a15b4ec in #6810. cc @pan-apple.

@todo
Copy link

todo bot commented May 14, 2021

- enable check for certificate validity dates

connectedhomeip/src/credentials/CHIPCert.cpp

Lines 494 to 498 in a15b4ec

// TODO - enable check for certificate validity dates
// VerifyOrExit(context.mEffectiveTime >= cert->mNotBeforeTime, err = CHIP_ERROR_CERT_NOT_VALID_YET);
}
if (cert->mNotAfterTime != 0 && !validateFlags.Has(CertValidateFlags::kIgnoreNotAfter))
{

This comment was generated by todo based on a TODO comment in a15b4ec in #6810. cc @pan-apple.

@todo
Copy link

todo bot commented May 14, 2021

- enable generating a random issuer ID and saving it in persistent storage

connectedhomeip/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm

Lines 53 to 57 in a15b4ec

// TODO - enable generating a random issuer ID and saving it in persistent storage
// err = SetIssuerID(storage);
}
CHIP_LOG_ERROR("CHIPOperationalCredentialsDelegate::init returning %d", err);

This comment was generated by todo based on a TODO comment in a15b4ec in #6810. cc @pan-apple.

@todo
Copy link

todo bot commented May 14, 2021

- figure out how to find admin ID for CASE SigmaR1 message

connectedhomeip/src/protocols/secure_channel/CASEServer.cpp

Lines 61 to 71 in a15b4ec

// TODO - figure out how to find admin ID for CASE SigmaR1 message
// ReturnErrorCodeIf(mAdminId == Transport::kUndefinedAdminId, CHIP_ERROR_INVALID_ARGUMENT);
mAdminId = 0;
mAdmins->LoadFromStorage(mAdminId);
Transport::AdminPairingInfo * admin = mAdmins->FindAdminWithId(mAdminId);
ReturnErrorCodeIf(admin == nullptr, CHIP_ERROR_INVALID_ARGUMENT);
ReturnErrorOnFailure(admin->GetCredentials(mCredentials, mCertificates, mRootKeyId));

This comment was generated by todo based on a TODO comment in a15b4ec in #6810. cc @pan-apple.

@todo
Copy link

todo bot commented May 14, 2021

- Enable multiple concurrent CASE session establishment

connectedhomeip/src/protocols/secure_channel/CASEServer.cpp

Lines 90 to 100 in a15b4ec

// TODO - Enable multiple concurrent CASE session establishment
// This will prevent CASEServer to process another CASE session establishment request until the current
// one completes (successfully or failed)
mExchangeManager->UnregisterUnsolicitedMessageHandlerForType(Protocols::SecureChannel::MsgType::CASE_SigmaR1);
}
void CASEServer::Cleanup()
{
// Let's re-register for CASE SigmaR1 message, so that the next CASE session setup request can be processed.
mExchangeManager->RegisterUnsolicitedMessageHandlerForType(Protocols::SecureChannel::MsgType::CASE_SigmaR1, this);
mAdminId = Transport::kUndefinedAdminId;

This comment was generated by todo based on a TODO comment in a15b4ec in #6810. cc @pan-apple.

@todo
Copy link

todo bot commented May 14, 2021

- enable use of secure session established via CASE

connectedhomeip/src/protocols/secure_channel/CASEServer.cpp

Lines 113 to 123 in a15b4ec

// TODO - enable use of secure session established via CASE
// CHIP_ERROR err =
// mSessionMgr->NewPairing(Optional<Transport::PeerAddress>::Value(mPairingSession.PeerConnection().GetPeerAddress()),
// mPairingSession.PeerConnection().GetPeerNodeId(), &mPairingSession,
// SecureSession::SessionRole::kResponder, mAdminId, nullptr);
// if (err != CHIP_NO_ERROR)
// {
// ChipLogError(Inet, "Failed in setting up secure channel: err %s", ErrorStr(err));
// OnSessionEstablishmentError(err);
// return;
// }

This comment was generated by todo based on a TODO comment in a15b4ec in #6810. cc @pan-apple.

@todo
Copy link

todo bot commented May 14, 2021

- Add support of ICA certificates

connectedhomeip/src/transport/AdminPairingTable.cpp

Lines 265 to 275 in a15b4ec

// TODO - Add support of ICA certificates
credentials.Release();
ReturnErrorOnFailure(credentials.Init(&certificates, certificates.GetCertCount()));
const CertificateKeyId * id = credentials.GetTrustedRootId(0);
rootKeyId.mId = id->mId;
rootKeyId.mLen = id->mLen;
ReturnErrorOnFailure(credentials.SetDevOpCred(rootKeyId, mOperationalCert, mOpCertLen));
ReturnErrorOnFailure(credentials.SetDevOpCredKeypair(rootKeyId, mOperationalKey));

This comment was generated by todo based on a TODO comment in a15b4ec in #6810. cc @pan-apple.

@pan-apple pan-apple changed the title Case controller integration Integrate CASE state machine with the controller May 14, 2021
@todo
Copy link

todo bot commented May 14, 2021

- Use PK of the root CA for the initiator to figure out the admin.

connectedhomeip/src/protocols/secure_channel/CASEServer.cpp

Lines 56 to 66 in a5308c7

// TODO - Use PK of the root CA for the initiator to figure out the admin.
mAdminId = ec->GetSecureSession().GetAdminId();
// TODO - figure out how to find admin ID for CASE SigmaR1 message
// ReturnErrorCodeIf(mAdminId == Transport::kUndefinedAdminId, CHIP_ERROR_INVALID_ARGUMENT);
mAdminId = 0;
mAdmins->LoadFromStorage(mAdminId);
Transport::AdminPairingInfo * admin = mAdmins->FindAdminWithId(mAdminId);
ReturnErrorCodeIf(admin == nullptr, CHIP_ERROR_INVALID_ARGUMENT);

This comment was generated by todo based on a TODO comment in a5308c7 in #6810. cc @pan-apple.

@pan-apple pan-apple force-pushed the case-controller-integration branch from a5308c7 to 0247a14 Compare May 14, 2021 15:10
@pan-apple pan-apple requested a review from andy31415 May 14, 2021 15:17
@todo
Copy link

todo bot commented May 14, 2021

- Use section [4.368] to find admin ID for CASE SigmaR1 message

connectedhomeip/src/protocols/secure_channel/CASEServer.cpp

Lines 59 to 69 in baf4e73

// TODO - Use section [4.368] to find admin ID for CASE SigmaR1 message
// ReturnErrorCodeIf(mAdminId == Transport::kUndefinedAdminId, CHIP_ERROR_INVALID_ARGUMENT);
mAdminId = 0;
mAdmins->LoadFromStorage(mAdminId);
Transport::AdminPairingInfo * admin = mAdmins->FindAdminWithId(mAdminId);
ReturnErrorCodeIf(admin == nullptr, CHIP_ERROR_INVALID_ARGUMENT);
ReturnErrorOnFailure(admin->GetCredentials(mCredentials, mCertificates, mRootKeyId));

This comment was generated by todo based on a TODO comment in baf4e73 in #6810. cc @pan-apple.

@pan-apple pan-apple requested a review from tcarmelveilleux May 14, 2021 17:52
@woody-apple
Copy link
Contributor

@msandstedt @andy31415 @jepenven-silabs ?

@todo
Copy link

todo bot commented May 14, 2021

- Use section [4.368] and definition of `Destination Identifier` to find admin ID for CASE SigmaR1 message

connectedhomeip/src/protocols/secure_channel/CASEServer.cpp

Lines 59 to 69 in c1e7fd1

// TODO - Use section [4.368] and definition of `Destination Identifier` to find admin ID for CASE SigmaR1 message
// ReturnErrorCodeIf(mAdminId == Transport::kUndefinedAdminId, CHIP_ERROR_INVALID_ARGUMENT);
mAdminId = 0;
mAdmins->LoadFromStorage(mAdminId);
Transport::AdminPairingInfo * admin = mAdmins->FindAdminWithId(mAdminId);
ReturnErrorCodeIf(admin == nullptr, CHIP_ERROR_INVALID_ARGUMENT);
ReturnErrorOnFailure(admin->GetCredentials(mCredentials, mCertificates, mRootKeyId));

This comment was generated by todo based on a TODO comment in c1e7fd1 in #6810. cc @pan-apple.

@pan-apple pan-apple force-pushed the case-controller-integration branch from c1e7fd1 to 5686bf5 Compare May 14, 2021 19:46
@todo
Copy link

todo bot commented May 14, 2021

- Use section [4.368] and definition of `Destination Identifier` to find admin ID for CASE SigmaR1 message

connectedhomeip/src/protocols/secure_channel/CASEServer.cpp

Lines 59 to 69 in 5686bf5

// TODO - Use section [4.368] and definition of `Destination Identifier` to find admin ID for CASE SigmaR1 message
// ReturnErrorCodeIf(mAdminId == Transport::kUndefinedAdminId, CHIP_ERROR_INVALID_ARGUMENT);
mAdminId = 0;
mAdmins->LoadFromStorage(mAdminId);
Transport::AdminPairingInfo * admin = mAdmins->FindAdminWithId(mAdminId);
ReturnErrorCodeIf(admin == nullptr, CHIP_ERROR_INVALID_ARGUMENT);
ReturnErrorOnFailure(admin->GetCredentials(mCredentials, mCertificates, mRootKeyId));

This comment was generated by todo based on a TODO comment in 5686bf5 in #6810. cc @pan-apple.

@pan-apple
Copy link
Contributor Author

rebase and resolve conflicts

@andy31415 andy31415 merged commit aeebd19 into project-chip:master May 14, 2021
This was referenced May 14, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@github-actions
Copy link

Size increase report for "nrfconnect-example-build" from f72e0b7

File Section File VM
chip-lighting.elf text 224 224
chip-lighting.elf rodata 104 100
chip-lock.elf text 224 224
chip-lock.elf rodata 96 100
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-lighting.elf and ./pull_artifact/chip-lighting.elf:

sections,vmsize,filesize
.debug_info,0,143394
.debug_line,0,9925
.debug_abbrev,0,7313
.strtab,0,254
text,224,224
.debug_str,0,222
.symtab,0,112
rodata,100,104
.debug_frame,0,4
.shstrtab,0,2
.debug_loc,0,-2
.debug_ranges,0,-32

Comparing ./master_artifact/chip-shell.elf and ./pull_artifact/chip-shell.elf:

sections,vmsize,filesize
.debug_info,0,22827
.debug_str,0,2864
.debug_abbrev,0,1253
.debug_line,0,1112
.debug_loc,0,196
.debug_ranges,0,32
.debug_frame,0,4

Comparing ./master_artifact/chip-lock.elf and ./pull_artifact/chip-lock.elf:

sections,vmsize,filesize
.debug_info,0,50247
.debug_abbrev,0,4124
.debug_line,0,2673
.strtab,0,254
text,224,224
.debug_str,0,222
.symtab,0,112
rodata,100,96
.debug_frame,0,4
.shstrtab,0,2
.debug_loc,0,-6
.debug_ranges,0,-32

@github-actions
Copy link

Size increase report for "esp32-example-build" from f72e0b7

File Section File VM
chip-all-clusters-app.elf .flash.text 336 336
chip-all-clusters-app.elf .flash.rodata 104 104
chip-all-clusters-app.elf .dram0.bss 0 8
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-all-clusters-app.elf and ./pull_artifact/chip-all-clusters-app.elf:

sections,vmsize,filesize
.debug_info,0,73011
.debug_abbrev,0,5857
.debug_line,0,4041
.debug_loc,0,372
.flash.text,336,336
.strtab,0,319
.debug_str,0,222
.flash.rodata,104,104
.xt.lit._ZN4chip8Platform3NewINS_6Crypto11P256KeypairEJEEEPT_DpOT0_,0,88
.symtab,0,48
.debug_frame,0,24
.xt.prop._ZN4chip8Platform3NewINS_6Crypto11P256KeypairEJEEEPT_DpOT0_,0,12
.debug_aranges,0,8
.dram0.bss,8,0
.shstrtab,0,1
.xt.prop._ZTVN4chip11DeviceLayer37DeviceNetworkProvisioningDelegateImplE,0,-3
.debug_ranges,0,-16
.xt.prop._ZN4chip9Transport16AdminPairingInfo5ResetEv,0,-80
[Unmapped],0,-104

Comparing ./master_artifact/chip-pigweed-app.elf and ./pull_artifact/chip-pigweed-app.elf:

sections,vmsize,filesize

@pan-apple pan-apple deleted the case-controller-integration branch May 14, 2021 23:02
@pan-apple pan-apple mentioned this pull request May 17, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woody-apple woody-apple woody-apple approved these changes

@msandstedt msandstedt msandstedt approved these changes

@andy31415 andy31415 andy31415 approved these changes

@tcarmelveilleux tcarmelveilleux tcarmelveilleux approved these changes

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@jelderton jelderton Awaiting requested review from jelderton

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@LuDuda LuDuda Awaiting requested review from LuDuda

@mspang mspang Awaiting requested review from mspang

@saurabhst saurabhst Awaiting requested review from saurabhst

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wehale wehale Awaiting requested review from wehale

Assignees
No one assigned
Labels
app controller darwin transport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pan-apple @woody-apple @tcarmelveilleux @andy31415 @msandstedt