blob: 3ffac89a6e08e91414da50d6587db4bd16f5cd95 [file] [log] [blame]
/*
*
* Copyright (c) 2021-2022 Project CHIP Authors
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <platform/CHIPDeviceLayer.h>
#include <platform/PlatformManager.h>
#include <string>
#if CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
#include <app/clusters/network-commissioning/network-commissioning.h>
#include <app/server/Dnssd.h>
#include <app/server/OnboardingCodesUtil.h>
#include <app/server/Server.h>
#include <crypto/CHIPCryptoPAL.h>
#include <crypto/RawKeySessionKeystore.h>
#include <lib/core/CHIPError.h>
#include <lib/core/NodeId.h>
#include <lib/support/logging/CHIPLogging.h>
#include <credentials/DeviceAttestationConstructor.h>
#include <credentials/DeviceAttestationVendorReserved.h>
#include <credentials/GroupDataProviderImpl.h>
#include <credentials/attestation_verifier/DacOnlyPartialAttestationVerifier.h>
#include <credentials/attestation_verifier/DefaultDeviceAttestationVerifier.h>
#include <credentials/attestation_verifier/DeviceAttestationVerifier.h>
#include <credentials/examples/DeviceAttestationCredsExample.h>
#include <lib/support/CHIPMem.h>
#include <lib/support/ScopedBuffer.h>
#include <lib/support/TestGroupData.h>
#include <setup_payload/QRCodeSetupPayloadGenerator.h>
#include <setup_payload/SetupPayload.h>
#include <platform/CommissionableDataProvider.h>
#include <platform/DeviceInstanceInfoProvider.h>
#include <platform/DiagnosticDataProvider.h>
#include <platform/TestOnlyCommissionableDataProvider.h>
#include <controller/CHIPDeviceControllerFactory.h>
#include <controller/ExampleOperationalCredentialsIssuer.h>
#include <lib/core/CHIPPersistentStorageDelegate.h>
#include <platform/KeyValueStoreManager.h>
#if CHIP_CONFIG_TRANSPORT_TRACE_ENABLED
#include "TraceHandlers.h"
#endif // CHIP_CONFIG_TRANSPORT_TRACE_ENABLED
#include <signal.h>
#include "CommissionerMain.h"
using namespace chip;
using namespace chip::Credentials;
using namespace chip::DeviceLayer;
using namespace chip::Inet;
using namespace chip::Transport;
using namespace chip::app::Clusters;
using namespace chip::Protocols::UserDirectedCommissioning;
using namespace ::chip::Messaging;
using namespace ::chip::Controller;
class MyServerStorageDelegate : public PersistentStorageDelegate
{
CHIP_ERROR SyncGetKeyValue(const char * key, void * buffer, uint16_t & size) override
{
ChipLogProgress(AppServer, "Retrieving value from server storage.");
size_t bytesRead = 0;
CHIP_ERROR err = PersistedStorage::KeyValueStoreMgr().Get(key, buffer, size, &bytesRead);
if (err == CHIP_NO_ERROR)
{
ChipLogProgress(AppServer, "Retrieved value from server storage.");
}
size = static_cast<uint16_t>(bytesRead);
return err;
}
CHIP_ERROR SyncSetKeyValue(const char * key, const void * value, uint16_t size) override
{
ChipLogProgress(AppServer, "Stored value in server storage");
return PersistedStorage::KeyValueStoreMgr().Put(key, value, size);
}
CHIP_ERROR SyncDeleteKeyValue(const char * key) override
{
ChipLogProgress(AppServer, "Delete value in server storage");
return PersistedStorage::KeyValueStoreMgr().Delete(key);
}
};
class MyCommissionerCallback : public CommissionerCallback
{
void ReadyForCommissioning(uint32_t pincode, uint16_t longDiscriminator, PeerAddress peerAddress) override
{
CommissionerPairOnNetwork(pincode, longDiscriminator, peerAddress);
}
};
AutoCommissioner gAutoCommissioner;
DeviceCommissioner gCommissioner;
CommissionerDiscoveryController gCommissionerDiscoveryController;
MyCommissionerCallback gCommissionerCallback;
MyServerStorageDelegate gServerStorage;
ExampleOperationalCredentialsIssuer gOpCredsIssuer;
NodeId gLocalId = kMaxOperationalNodeId;
Credentials::GroupDataProviderImpl gGroupDataProvider;
Crypto::RawKeySessionKeystore gSessionKeystore;
CHIP_ERROR InitCommissioner(uint16_t commissionerPort, uint16_t udcListenPort, FabricId fabricId)
{
Controller::FactoryInitParams factoryParams;
Controller::SetupParams params;
// use a different listen port for the commissioner than the default used by chip-tool.
factoryParams.listenPort = commissionerPort;
factoryParams.fabricIndependentStorage = &gServerStorage;
factoryParams.fabricTable = &Server::GetInstance().GetFabricTable();
factoryParams.sessionKeystore = &gSessionKeystore;
gGroupDataProvider.SetStorageDelegate(&gServerStorage);
gGroupDataProvider.SetSessionKeystore(factoryParams.sessionKeystore);
ReturnErrorOnFailure(gGroupDataProvider.Init());
factoryParams.groupDataProvider = &gGroupDataProvider;
params.operationalCredentialsDelegate = &gOpCredsIssuer;
uint16_t vendorId;
DeviceLayer::GetDeviceInstanceInfoProvider()->GetVendorId(vendorId);
ChipLogProgress(Support, " ----- Commissioner using vendorId 0x%04X", vendorId);
params.controllerVendorId = static_cast<VendorId>(vendorId);
ReturnErrorOnFailure(gOpCredsIssuer.Initialize(gServerStorage));
if (fabricId != kUndefinedFabricId)
{
gOpCredsIssuer.SetFabricIdForNextNOCRequest(fabricId);
}
// No need to explicitly set the UDC port since we will use default
ChipLogProgress(Support, " ----- UDC listening on port %d", udcListenPort);
ReturnErrorOnFailure(gCommissioner.SetUdcListenPort(udcListenPort));
// Initialize device attestation verifier
// TODO: Replace testingRootStore with a AttestationTrustStore that has the necessary official PAA roots available
const Credentials::AttestationTrustStore * testingRootStore = Credentials::GetTestAttestationTrustStore();
SetDeviceAttestationVerifier(GetDefaultDACVerifier(testingRootStore));
Platform::ScopedMemoryBuffer<uint8_t> noc;
VerifyOrReturnError(noc.Alloc(Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY);
MutableByteSpan nocSpan(noc.Get(), Controller::kMaxCHIPDERCertLength);
Platform::ScopedMemoryBuffer<uint8_t> icac;
VerifyOrReturnError(icac.Alloc(Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY);
MutableByteSpan icacSpan(icac.Get(), Controller::kMaxCHIPDERCertLength);
Platform::ScopedMemoryBuffer<uint8_t> rcac;
VerifyOrReturnError(rcac.Alloc(Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY);
MutableByteSpan rcacSpan(rcac.Get(), Controller::kMaxCHIPDERCertLength);
Crypto::P256Keypair ephemeralKey;
ReturnErrorOnFailure(ephemeralKey.Initialize(Crypto::ECPKeyTarget::ECDSA));
ReturnErrorOnFailure(gOpCredsIssuer.GenerateNOCChainAfterValidation(gLocalId, /* fabricId = */ 1, chip::kUndefinedCATs,
ephemeralKey.Pubkey(), rcacSpan, icacSpan, nocSpan));
params.operationalKeypair = &ephemeralKey;
params.controllerRCAC = rcacSpan;
params.controllerICAC = icacSpan;
params.controllerNOC = nocSpan;
params.defaultCommissioner = &gAutoCommissioner;
params.enableServerInteractions = true;
// assign prefered feature settings
CommissioningParameters commissioningParams = gAutoCommissioner.GetCommissioningParameters();
commissioningParams.SetCheckForMatchingFabric(true);
gAutoCommissioner.SetCommissioningParameters(commissioningParams);
auto & factory = Controller::DeviceControllerFactory::GetInstance();
ReturnErrorOnFailure(factory.Init(factoryParams));
ReturnErrorOnFailure(factory.SetupCommissioner(params, gCommissioner));
FabricIndex fabricIndex = gCommissioner.GetFabricIndex();
VerifyOrReturnError(fabricIndex != kUndefinedFabricIndex, CHIP_ERROR_INTERNAL);
uint8_t compressedFabricId[sizeof(uint64_t)] = { 0 };
MutableByteSpan compressedFabricIdSpan(compressedFabricId);
ReturnErrorOnFailure(gCommissioner.GetCompressedFabricIdBytes(compressedFabricIdSpan));
ChipLogProgress(Support,
"Setting up group data for Fabric Index %u with Compressed Fabric ID:", static_cast<unsigned>(fabricIndex));
ChipLogByteSpan(Support, compressedFabricIdSpan);
// TODO: Once ExampleOperationalCredentialsIssuer has support, set default IPK on it as well so
// that commissioned devices get the IPK set from real values rather than "test-only" internal hookups.
ByteSpan defaultIpk = chip::GroupTesting::DefaultIpkValue::GetDefaultIpk();
ReturnLogErrorOnFailure(
chip::Credentials::SetSingleIpkEpochKey(&gGroupDataProvider, fabricIndex, defaultIpk, compressedFabricIdSpan));
gCommissionerDiscoveryController.SetUserDirectedCommissioningServer(gCommissioner.GetUserDirectedCommissioningServer());
gCommissionerDiscoveryController.SetCommissionerCallback(&gCommissionerCallback);
// advertise operational since we are an admin
app::DnssdServer::Instance().AdvertiseOperational();
ChipLogProgress(Support,
"InitCommissioner nodeId=0x" ChipLogFormatX64 " fabric.fabricId=0x" ChipLogFormatX64 " fabricIndex=0x%x",
ChipLogValueX64(gCommissioner.GetNodeId()), ChipLogValueX64(fabricId), static_cast<unsigned>(fabricIndex));
return CHIP_NO_ERROR;
}
void ShutdownCommissioner()
{
UserDirectedCommissioningServer * udcServer = gCommissioner.GetUserDirectedCommissioningServer();
if (udcServer != nullptr)
{
udcServer->SetUserConfirmationProvider(nullptr);
}
gCommissioner.Shutdown();
}
class PairingCommand : public Controller::DevicePairingDelegate
{
public:
PairingCommand() :
mOnDeviceConnectedCallback(OnDeviceConnectedFn, this),
mOnDeviceConnectionFailureCallback(OnDeviceConnectionFailureFn, this){};
/////////// DevicePairingDelegate Interface /////////
void OnStatusUpdate(Controller::DevicePairingDelegate::Status status) override;
void OnPairingComplete(CHIP_ERROR error) override;
void OnPairingDeleted(CHIP_ERROR error) override;
void OnCommissioningComplete(NodeId deviceId, CHIP_ERROR error) override;
void OnCommissioningStatusUpdate(PeerId peerId, CommissioningStage stageCompleted, CHIP_ERROR error) override;
void OnReadCommissioningInfo(const ReadCommissioningInfo & info) override;
void OnFabricCheck(NodeId matchingNodeId) override;
private:
#if CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
static void OnDeviceConnectedFn(void * context, chip::Messaging::ExchangeManager & exchangeMgr,
const chip::SessionHandle & sessionHandle);
static void OnDeviceConnectionFailureFn(void * context, const ScopedNodeId & peerId, CHIP_ERROR error);
chip::Callback::Callback<chip::OnDeviceConnected> mOnDeviceConnectedCallback;
chip::Callback::Callback<chip::OnDeviceConnectionFailure> mOnDeviceConnectionFailureCallback;
#endif // CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
};
PairingCommand gPairingCommand;
NodeId gRemoteId = kTestDeviceNodeId;
void PairingCommand::OnStatusUpdate(DevicePairingDelegate::Status status)
{
switch (status)
{
case DevicePairingDelegate::Status::SecurePairingSuccess:
ChipLogProgress(AppServer, "Secure Pairing Success");
break;
case DevicePairingDelegate::Status::SecurePairingFailed:
ChipLogError(AppServer, "Secure Pairing Failed");
#if CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
CommissionerDiscoveryController * cdc = GetCommissionerDiscoveryController();
if (cdc != nullptr)
{
cdc->CommissioningFailed(CHIP_ERROR_CONNECTION_ABORTED);
}
#endif // CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
break;
}
}
void PairingCommand::OnPairingComplete(CHIP_ERROR err)
{
if (err == CHIP_NO_ERROR)
{
ChipLogProgress(AppServer, "Pairing Success");
}
else
{
ChipLogProgress(AppServer, "Pairing Failure: %s", ErrorStr(err));
}
}
void PairingCommand::OnPairingDeleted(CHIP_ERROR err)
{
if (err == CHIP_NO_ERROR)
{
ChipLogProgress(AppServer, "Pairing Deleted Success");
}
else
{
ChipLogProgress(AppServer, "Pairing Deleted Failure: %s", ErrorStr(err));
}
}
void PairingCommand::OnCommissioningComplete(NodeId nodeId, CHIP_ERROR err)
{
if (err == CHIP_NO_ERROR)
{
#if CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
ChipLogProgress(AppServer, "Device commissioning completed with success - getting OperationalDeviceProxy");
gCommissioner.GetConnectedDevice(gAutoCommissioner.GetCommissioningParameters().GetRemoteNodeId().ValueOr(nodeId),
&mOnDeviceConnectedCallback, &mOnDeviceConnectionFailureCallback);
#else // CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
ChipLogProgress(AppServer, "Device commissioning completed with success");
#endif // CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
}
else
{
ChipLogProgress(AppServer, "Device commissioning Failure: %s", ErrorStr(err));
#if CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
CommissionerDiscoveryController * cdc = GetCommissionerDiscoveryController();
if (cdc != nullptr)
{
cdc->CommissioningFailed(err);
}
#endif // CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
}
}
void PairingCommand::OnCommissioningStatusUpdate(PeerId peerId, CommissioningStage stageCompleted, CHIP_ERROR error)
{
ChipLogProgress(AppServer, "OnCommissioningStatusUpdate - stageCompleted='%s' error='%s'", StageToString(stageCompleted),
ErrorStr(error));
// if we have successfully finished attestation AND this device already has a NodeId on our fabric
// then stop commissioning and attempt to connect to it.
if (stageCompleted == CommissioningStage::kAttestationVerification && error == CHIP_NO_ERROR &&
gAutoCommissioner.GetCommissioningParameters().GetRemoteNodeId().HasValue())
{
gAutoCommissioner.StopCommissioning();
}
}
void PairingCommand::OnReadCommissioningInfo(const Controller::ReadCommissioningInfo & info)
{
ChipLogProgress(AppServer, "OnReadCommissioningInfo - vendorId=0x%04X productId=0x%04X", info.basic.vendorId,
info.basic.productId);
// The string in CharSpan received from the device is not null-terminated, we use std::string here for coping and
// appending a numm-terminator at the end of the string.
std::string userActiveModeTriggerInstruction;
// Note: the callback doesn't own the buffer, should make a copy if it will be used it later.
if (info.icd.userActiveModeTriggerInstruction.size() != 0)
{
userActiveModeTriggerInstruction =
std::string(info.icd.userActiveModeTriggerInstruction.data(), info.icd.userActiveModeTriggerInstruction.size());
}
if (info.icd.userActiveModeTriggerHint.HasAny())
{
ChipLogProgress(AppServer, "OnReadCommissioningInfo - LIT UserActiveModeTriggerHint=0x%08x",
info.icd.userActiveModeTriggerHint.Raw());
ChipLogProgress(AppServer, "OnReadCommissioningInfo - LIT UserActiveModeTriggerInstruction=%s",
userActiveModeTriggerInstruction.c_str());
}
ChipLogProgress(AppServer, "OnReadCommissioningInfo ICD - IdleModeDuration=%u activeModeDuration=%u activeModeThreshold=%u",
info.icd.idleModeDuration, info.icd.activeModeDuration, info.icd.activeModeThreshold);
}
void PairingCommand::OnFabricCheck(NodeId matchingNodeId)
{
if (matchingNodeId != kUndefinedNodeId)
{
ChipLogProgress(AppServer, "ALREADY ON FABRIC WITH nodeId=0x" ChipLogFormatX64, ChipLogValueX64(matchingNodeId));
// wait until attestation verification before cancelling so we can validate vid/pid
}
}
#if CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
void PairingCommand::OnDeviceConnectedFn(void * context, Messaging::ExchangeManager & exchangeMgr,
const SessionHandle & sessionHandle)
{
ChipLogProgress(Controller, "OnDeviceConnectedFn");
CommissionerDiscoveryController * cdc = GetCommissionerDiscoveryController();
if (cdc != nullptr)
{
uint16_t vendorId = gAutoCommissioner.GetCommissioningParameters().GetRemoteVendorId().Value();
uint16_t productId = gAutoCommissioner.GetCommissioningParameters().GetRemoteProductId().Value();
ChipLogProgress(Support, " ----- AutoCommissioner -- Commissionee vendorId=0x%04X productId=0x%04X", vendorId, productId);
cdc->CommissioningSucceeded(vendorId, productId, gRemoteId, exchangeMgr, sessionHandle);
}
}
void PairingCommand::OnDeviceConnectionFailureFn(void * context, const ScopedNodeId & peerId, CHIP_ERROR err)
{
ChipLogProgress(Controller, "OnDeviceConnectionFailureFn - attempt to get OperationalDeviceProxy failed");
CommissionerDiscoveryController * cdc = GetCommissionerDiscoveryController();
{
cdc->CommissioningFailed(err);
}
}
#endif // CHIP_DEVICE_CONFIG_APP_PLATFORM_ENABLED
CHIP_ERROR CommissionerPairOnNetwork(uint32_t pincode, uint16_t disc, Transport::PeerAddress address)
{
RendezvousParameters params = RendezvousParameters().SetSetupPINCode(pincode).SetDiscriminator(disc).SetPeerAddress(address);
gOpCredsIssuer.GetRandomOperationalNodeId(&gRemoteId);
gCommissioner.RegisterPairingDelegate(&gPairingCommand);
gCommissioner.PairDevice(gRemoteId, params);
return CHIP_NO_ERROR;
}
CHIP_ERROR CommissionerPairUDC(uint32_t pincode, size_t index)
{
UDCClientState * state = gCommissioner.GetUserDirectedCommissioningServer()->GetUDCClients().GetUDCClientState(index);
if (state == nullptr)
{
ChipLogProgress(AppServer, "udc client[%ld] null \r\n", static_cast<long>(index));
return CHIP_ERROR_KEY_NOT_FOUND;
}
else
{
Transport::PeerAddress peerAddress = state->GetPeerAddress();
state->SetUDCClientProcessingState(UDCClientProcessingState::kCommissioningNode);
return CommissionerPairOnNetwork(pincode, state->GetLongDiscriminator(), peerAddress);
}
}
DeviceCommissioner * GetDeviceCommissioner()
{
return &gCommissioner;
}
CommissionerDiscoveryController * GetCommissionerDiscoveryController()
{
return &gCommissionerDiscoveryController;
}
#endif // CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE