Improve commissioning logging, especially Device Attestation (#39419)
* Improve enable/disable of Wi-Fi PAF for build_python.sh
This change:
- Removes dead code related to Soft-AP in SetUpCodePairer
- Removes non-normalized logs related to PAF that confused
readers that PAF was enabled when it's not
- Add a flag to build_python.sh to disable Wi-Fi PAF
- Disable IPv4 by default in build_python.sh (which was supposed
to be the case a long time ago), to match the config of
chip-tool for certification builds.
- Add a way to add additional `--gn_args` to the command line so
that we don't have to special case every config for python builds,
and so that trials to test Python controller changes are easier to
build.
- Fixed a couple cut'n'paste mistakes in build_python.sh and
SetUpCodePairer.cpp that were seen during the PR workflow.
Testing done:
- Ran certification tests in Python with `--enable_wifi_paf false` and
no longer see the Wi-Fi PAF logs about errors to run it (since
it's not an error if it's not implemented).
- Tested `scripts/build_python.sh -i out/python_env --gn_args 'chip_crypto="mbedtls"'
and validated the the gn command line (via a `set -x`) has the correct
argument and that the crypto backend is replaced by mbedtls.
* Fix review comment
* Update scripts/build_python.sh
* Address comments from @bzbarsky-apple
* Restyled by clang-format
* Update scripts/build_python.sh
* Update scripts/build_python.sh
* Improve commissioning logging, especially Device Attestation
- Improve logging of all errors in Device Attestation:
- Log DAC/PAI/PAA
- Log SKID/AKID
- Make verbose logging configurable
- Failure of attestation now leads to better error than
CHIP_ERROR_INTERNAL.
- SetupCodePairer logs normalized
- Device commissioner logs normalized (and several missing
CHIP_ERROR now logged)
- DeviceAttestationVerifier validation status codes are now
described.
- Fixed several typos found along the way
- Attestation revocation now correctly logs that it's not
being checked if not checked
- Fixes #35608
Testing done:
- Manually audited forced failure logs, both chip-tool and Python
- Added unit tests for new KeyId conversion code
- All integration tests and unit tests still pass
Sample result of a simulated attestation failure:
```
[MatterTest] 06-04 16:29:50.066 INFO Verifying attestation
[MatterTest] 06-04 16:29:50.070 INFO Device candidate DAC chain details:
[MatterTest] 06-04 16:29:50.070 INFO --> DAC's VID: 0xFFF1, PID: 0x8001
[MatterTest] 06-04 16:29:50.070 INFO ==== DAC certificate considered (491 bytes) ====
[MatterTest] 06-04 16:29:50.070 INFO -----BEGIN CERTIFICATE-----
[MatterTest] 06-04 16:29:50.070 INFO MIIB5zCCAY6gAwIBAgIIac3xDenlTtEwCgYIKoZIzj0EAwIwPTElMCMGA1UEAwwc
[MatterTest] 06-04 16:29:50.070 INFO TWF0dGVyIERldiBQQUkgMHhGRkYxIG5vIFBJRDEUMBIGCisGAQQBgqJ8AgEMBEZG
[MatterTest] 06-04 16:29:50.071 INFO RjEwIBcNMjIwMjA1MDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMFMxJTAjBgNVBAMM
[MatterTest] 06-04 16:29:50.071 INFO HE1hdHRlciBEZXYgREFDIDB4RkZGMS8weDgwMDExFDASBgorBgEEAYKifAIBDARG
[MatterTest] 06-04 16:29:50.071 INFO RkYxMRQwEgYKKwYBBAGConwCAgwEODAwMTBZMBMGByqGSM49AgEGCCqGSM49AwEH
[MatterTest] 06-04 16:29:50.071 INFO A0IABEY6xpNCkQoOVYj8b/Vrtj5i7M7LFI99TrA+5VJgFBV2fRalxmP3k+SRIyYL
[MatterTest] 06-04 16:29:50.071 INFO gpenzX58/HsxaznZjpDSk3dzjoKjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/
[MatterTest] 06-04 16:29:50.072 INFO BAQDAgeAMB0GA1UdDgQWBBSI3eezADgpMs/3NMBGJIEPRBaKbzAfBgNVHSMEGDAW
[MatterTest] 06-04 16:29:50.072 INFO gBRjVA5H9kscONE4hKRi0WwZXY/7PDAKBggqhkjOPQQDAgNHADBEAiABJ6J7S0Rh
[MatterTest] 06-04 16:29:50.072 INFO DuL83E0reIVWNmC8D3bxchntagjfsrPBzQIga1ngr0Xz6yqFuRnTVzFSjGAoxBUj
[MatterTest] 06-04 16:29:50.072 INFO lUXhCOTlTnCXE1M=
[MatterTest] 06-04 16:29:50.072 INFO -----END CERTIFICATE-----
[MatterTest] 06-04 16:29:50.073 INFO --> DAC certificate SKID: 88:DD:E7:B3:00:38:29:32:CF:F7:34:C0:46:24:81:0F:44:16:8A:6F
[MatterTest] 06-04 16:29:50.073 INFO --> DAC certificate AKID: 63:54:0E:47:F6:4B:1C:38:D1:38:84:A4:62:D1:6C:19:5D:8F:FB:3C
[MatterTest] 06-04 16:29:50.074 INFO ==== PAI certificate considered (463 bytes) ====
[MatterTest] 06-04 16:29:50.074 INFO -----BEGIN CERTIFICATE-----
[MatterTest] 06-04 16:29:50.074 INFO MIIByzCCAXGgAwIBAgIIVq2CIq2UW2QwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwP
[MatterTest] 06-04 16:29:50.074 INFO TWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMjAyMDUw
[MatterTest] 06-04 16:29:50.074 INFO MDAwMDBaGA85OTk5MTIzMTIzNTk1OVowPTElMCMGA1UEAwwcTWF0dGVyIERldiBQ
[MatterTest] 06-04 16:29:50.074 INFO QUkgMHhGRkYxIG5vIFBJRDEUMBIGCisGAQQBgqJ8AgEMBEZGRjEwWTATBgcqhkjO
[MatterTest] 06-04 16:29:50.075 INFO PQIBBggqhkjOPQMBBwNCAARBmpMVwhc+DIyHbQPM/JRIUmR/f+xeUIL0BZko7KiU
[MatterTest] 06-04 16:29:50.075 INFO xZQVEwmsYx5MsDOSr2hLC6+35ls7gWLC9Sv5MbjneqqCo2YwZDASBgNVHRMBAf8E
[MatterTest] 06-04 16:29:50.075 INFO CDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUY1QOR/ZLHDjROISk
[MatterTest] 06-04 16:29:50.075 INFO YtFsGV2P+zwwHwYDVR0jBBgwFoAUav0idx9RH+y/FkGXZxDc3DGhcX4wCgYIKoZI
[MatterTest] 06-04 16:29:50.075 INFO zj0EAwIDSAAwRQIhALLvJ/Sa6bUPuR7qyUxNC9u415KcbLiPrOUpNo0SBUwMAiBl
[MatterTest] 06-04 16:29:50.075 INFO Xckrhr2QmIKmxiF3uCXX0F7b58Ivn+pxIg5+pwP4kQ==
[MatterTest] 06-04 16:29:50.075 INFO -----END CERTIFICATE-----
[MatterTest] 06-04 16:29:50.076 INFO --> PAI certificate SKID: 63:54:0E:47:F6:4B:1C:38:D1:38:84:A4:62:D1:6C:19:5D:8F:FB:3C
[MatterTest] 06-04 16:29:50.076 INFO --> PAI certificate AKID: 6A:FD:22:77:1F:51:1F:EC:BF:16:41:97:67:10:DC:DC:31:A1:71:7E
[MatterTest] 06-04 16:29:50.082 INFO ==== PAA certificate considered (449 bytes) ====
[MatterTest] 06-04 16:29:50.082 INFO -----BEGIN CERTIFICATE-----
[MatterTest] 06-04 16:29:50.082 INFO MIIBvTCCAWSgAwIBAgIITqjoMYLUHBwwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwP
[MatterTest] 06-04 16:29:50.082 INFO TWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMTA2Mjgx
[MatterTest] 06-04 16:29:50.082 INFO NDIzNDNaGA85OTk5MTIzMTIzNTk1OVowMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3Qg
[MatterTest] 06-04 16:29:50.082 INFO UEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEH
[MatterTest] 06-04 16:29:50.083 INFO A0IABLbLY3KIfyko9brIGqnZOuJDHK2p154kL2UXfvnO2TKijs0Duq9qj8oYShpQ
[MatterTest] 06-04 16:29:50.083 INFO NUKWDUU/MD8fGUIddR6Pjxqam3WjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD
[MatterTest] 06-04 16:29:50.083 INFO VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAfBgNV
[MatterTest] 06-04 16:29:50.083 INFO HSMEGDAWgBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAKBggqhkjOPQQDAgNHADBEAiBQ
[MatterTest] 06-04 16:29:50.083 INFO qoAC9NkyqaAFOPZTaK0P/8jvu8m+t9pWmDXPmqdRDgIgI7rI/g8j51RFtlM5CBpH
[MatterTest] 06-04 16:29:50.083 INFO mUkpxyqvChVI1A0DTVFLJd4=
[MatterTest] 06-04 16:29:50.083 INFO -----END CERTIFICATE-----
[MatterTest] 06-04 16:29:50.084 INFO --> PAA certificate SKID: 6A:FD:22:77:1F:51:1F:EC:BF:16:41:97:67:10:DC:DC:31:A1:71:7E
[MatterTest] 06-04 16:29:50.084 INFO --> PAA certificate AKID: 6A:FD:22:77:1F:51:1F:EC:BF:16:41:97:67:10:DC:DC:31:A1:71:7E
[MatterTest] 06-04 16:29:50.091 INFO Successfully finished commissioning step 'AttestationVerification'
[MatterTest] 06-04 16:29:50.091 INFO Commissioning stage next step: 'AttestationVerification' -> 'AttestationRevocationCheck'
[MatterTest] 06-04 16:29:50.091 INFO Performing next commissioning step 'AttestationRevocationCheck'
[MatterTest] 06-04 16:29:50.091 INFO Verifying device's DAC chain revocation status
[MatterTest] 06-04 16:29:50.092 INFO WARNING: No revocation delegate available. Revocation checks will be skipped!
[MatterTest] 06-04 16:29:50.092 INFO Successfully validated 'Attestation Information' command received from the device.
[MatterTest] 06-04 16:29:50.092 INFO Successfully finished commissioning step 'AttestationRevocationCheck'
```
* Restyled by clang-format
* Update src/controller/java/DeviceAttestation-JNI.cpp
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Add [[maybe_unused]] to strings generated just for logs
* Address review comments
* Restyled by clang-format
* Address review comments from @andy-31415
* Restyled by clang-format
* Fix ASR / TI builds
* Restyled by clang-format
* Apply suggestions from code review
Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>
* Fix default args of attestation verifiers
* Restyled by clang-format
* Refactor logging of certs
* Update src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.h
Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>
* Update src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp
* Fix build
---------
Co-authored-by: Restyled.io <commits@restyled.io>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>
Builds
Tests
Tools
Documentation
Matter (formerly Project CHIP) creates more connections between more objects, simplifying development for manufacturers and increasing compatibility for consumers, guided by the Connectivity Standards Alliance.
Matter is a unified, open-source application-layer connectivity standard built to enable developers and device manufacturers to connect and build reliable, and secure ecosystems and increase compatibility among connected home devices. It is built with market-proven technologies using Internet Protocol (IP) and is compatible with Thread and Wi-Fi network transports. Matter was developed by a Working Group within the Connectivity Standards Alliance (Alliance). This Working Group develops and promotes the adoption of the Matter standard, a royalty-free connectivity standard to increase compatibility among smart home products, with security as a fundamental design tenet. The vision that led major industry players to come together to build Matter is that smart connectivity should be simple, reliable, and interoperable.
Matter simplifies development for manufacturers and increases compatibility for consumers.
The standard was built around a shared belief that smart home devices should be secure, reliable, and seamless to use. By building upon Internet Protocol (IP), Matter enables communication across smart home devices, mobile apps, and cloud services and defines a specific set of IP-based networking technologies for device certification.
The Matter specification details everything necessary to implement a Matter application and transport layer stack. It is intended to be used by implementers as a complete specification.
The Alliance officially opened the Matter Working Group on January 17, 2020, and the specification is available for adoption now.
Visit buildwithmatter.com to learn more and read the latest news and updates about the project.
Matter is developed with the following goals and principles in mind:
Unifying: Matter is built with and on top of market-tested, existing technologies.
Interoperable: The specification permits communication between any Matter-certified device, subject to users’ permission.
Secure: The specification leverages modern security practices and protocols.
User Control: The end user controls authorization for interaction with devices.
Federated: No single entity serves as a throttle or a single point of failure for root of trust.
Robust: The set of protocols specifies a complete lifecycle of a device — starting with the seamless out-of-box experience, through operational protocols, to device and system management specifications required for proper function in the presence of change.
Low Overhead: The protocols are practically implementable on low compute-resource devices, such as MCUs.
Pervasive: The protocols are broadly deployable and accessible, by leveraging IP and being implementable on low-capability devices.
Ecosystem-Flexible: The protocol is flexible enough to accommodate deployment in ecosystems with differing policies.
Easy to Use: The protocol provides smooth, cohesive, integrated provisioning and out-of-box experience.
Open: The Project’s design and technical processes are open and transparent to the general public, including non-members wherever possible.
Matter aims to build a universal IPv6-based communication protocol for smart home devices. The protocol defines the application layer that will be deployed on devices and the different link layers to help maintain interoperability. The following diagram illustrates the normal operational mode of the stack: 
The architecture is divided into layers to help separate the different responsibilities and introduce a good level of encapsulation among the various pieces of the protocol stack. The vast majority of interactions flow through the stack captured in the following Figure:
Security: An encoded action frame is then sent down to the Security Layer to encrypt and sign the payload to ensure that data is secured and authenticated by both sender and receiver of a packet.
Message Framing & Routing: With an interaction encrypted and signed, the Message Layer constructs the payload format with required and optional header fields; which specify the message's properties and some routing information.
Matter’s design and technical processes are intended to be open and transparent to the general public, including to Working Group non-members wherever possible. The availability of this GitHub repository and its source code under an Apache v2 license is an important and demonstrable step to achieving this commitment. Matter endeavors to bring together the best aspects of market-tested technologies and redeploy them as a unified and cohesive whole-system solution. The overall goal of this approach is to bring the benefits of Matter to consumers and manufacturers as quickly as possible. As a result, what you observe in this repository is an implementation-first approach to the technical specification, vetting integrations in practice. The Matter repository is growing and evolving to implement the overall architecture. The repository currently contains the security foundations, message framing and dispatch, and an implementation of the interaction model and data model. The code examples show simple interactions, and are supported on multiple transports -- Wi-Fi and Thread -- starting with resource-constrained (i.e., memory, processing) silicon platforms to help ensure Matter’s scalability.
We welcome your contributions to Matter. Read our contribution guidelines here.
Instructions about how to build Matter can be found here .
The Matter repository is structured as follows:
| File/Folder | Content |
|---|---|
| build | Build system support content and built output directories |
| build_overrides | Build system parameter customization for different platforms |
| config | Project configurations |
| credentials | Development and test credentials |
| docs | Documentation, including guides. Visit the Matter SDK documentation page to read it. |
| examples | Example firmware applications that demonstrate use of Matter |
| integrations | 3rd party integrations |
| scripts | Scripts needed to work with the Matter repository |
| src | Implementation of Matter |
| third_party | 3rd party code used by Matter |
| zzz_generated | ZAP generated template code - Revolving around cluster information |
| BUILD.gn | Build file for the GN build system |
| CODE_OF_CONDUCT.md | Code of conduct for Matter and contribution to it |
| CONTRIBUTING.md | Guidelines for contributing to Matter |
| LICENSE | Matter license file |
| REVIEWERS.md | PR reviewers |
| gn_build.sh | Build script for specific projects such as Android, EFR32, etc. |
| README.md | This file |
Matter is released under the Apache 2.0 license.