| /** |
| * |
| * Copyright (c) 2020-2022 Project CHIP Authors |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include <app-common/zap-generated/attributes/Accessors.h> |
| #include <app-common/zap-generated/cluster-objects.h> |
| #include <app/AttributeAccessInterface.h> |
| #include <app/CommandHandler.h> |
| #include <app/MessageDef/StatusIB.h> |
| #include <app/att-storage.h> |
| #include <app/server/Server.h> |
| #include <app/util/af.h> |
| #include <app/util/attribute-storage.h> |
| #include <credentials/GroupDataProvider.h> |
| #include <lib/support/CodeUtils.h> |
| |
| using namespace chip; |
| using namespace chip::app; |
| using namespace chip::Credentials; |
| using namespace chip::app::Clusters; |
| using namespace chip::app::Clusters::GroupKeyManagement; |
| using chip::Protocols::InteractionModel::Status; |
| |
| // |
| // Attributes |
| // |
| |
| namespace { |
| |
| struct GroupTableCodec |
| { |
| static constexpr TLV::Tag TagFabric() |
| { |
| return TLV::ContextTag(GroupKeyManagement::Structs::GroupInfoMapStruct::Fields::kFabricIndex); |
| } |
| static constexpr TLV::Tag TagGroup() |
| { |
| return TLV::ContextTag(GroupKeyManagement::Structs::GroupInfoMapStruct::Fields::kGroupId); |
| } |
| static constexpr TLV::Tag TagEndpoints() |
| { |
| return TLV::ContextTag(GroupKeyManagement::Structs::GroupInfoMapStruct::Fields::kEndpoints); |
| } |
| static constexpr TLV::Tag TagGroupName() |
| { |
| return TLV::ContextTag(GroupKeyManagement::Structs::GroupInfoMapStruct::Fields::kGroupName); |
| } |
| |
| GroupDataProvider * mProvider = nullptr; |
| chip::FabricIndex mFabric; |
| GroupDataProvider::GroupInfo mInfo; |
| |
| GroupTableCodec(GroupDataProvider * provider, chip::FabricIndex fabric_index, GroupDataProvider::GroupInfo & info) : |
| mProvider(provider), mFabric(fabric_index), mInfo(info) |
| {} |
| |
| static constexpr bool kIsFabricScoped = true; |
| |
| auto GetFabricIndex() const { return mFabric; } |
| |
| CHIP_ERROR EncodeForRead(TLV::TLVWriter & writer, TLV::Tag tag, FabricIndex accessingFabricIndex) const |
| { |
| TLV::TLVType outer; |
| ReturnErrorOnFailure(writer.StartContainer(tag, TLV::kTLVType_Structure, outer)); |
| |
| // FabricIndex |
| ReturnErrorOnFailure(DataModel::Encode(writer, TagFabric(), mFabric)); |
| // GroupId |
| ReturnErrorOnFailure(DataModel::Encode(writer, TagGroup(), mInfo.group_id)); |
| // Endpoints |
| TLV::TLVType inner; |
| ReturnErrorOnFailure(writer.StartContainer(TagEndpoints(), TLV::kTLVType_Array, inner)); |
| GroupDataProvider::GroupEndpoint mapping; |
| auto iter = mProvider->IterateEndpoints(mFabric, MakeOptional(mInfo.group_id)); |
| if (nullptr != iter) |
| { |
| while (iter->Next(mapping)) |
| { |
| ReturnErrorOnFailure(writer.Put(TLV::AnonymousTag(), static_cast<uint16_t>(mapping.endpoint_id))); |
| } |
| iter->Release(); |
| } |
| ReturnErrorOnFailure(writer.EndContainer(inner)); |
| // GroupName |
| uint32_t name_size = static_cast<uint32_t>(strnlen(mInfo.name, GroupDataProvider::GroupInfo::kGroupNameMax)); |
| ReturnErrorOnFailure(writer.PutString(TagGroupName(), mInfo.name, name_size)); |
| |
| ReturnErrorOnFailure(writer.EndContainer(outer)); |
| return CHIP_NO_ERROR; |
| } |
| }; |
| |
| class GroupKeyManagementAttributeAccess : public AttributeAccessInterface |
| { |
| public: |
| // Register for the GroupKeyManagement cluster on all endpoints. |
| GroupKeyManagementAttributeAccess() : AttributeAccessInterface(Optional<EndpointId>(0), GroupKeyManagement::Id) {} |
| |
| // TODO: Once there is MCSP support, this may need to change. |
| static constexpr bool IsMCSPSupported() { return false; } |
| static constexpr uint16_t kImplementedClusterRevision = 2; |
| |
| CHIP_ERROR Read(const ConcreteReadAttributePath & aPath, AttributeValueEncoder & aEncoder) override |
| { |
| VerifyOrDie(aPath.mClusterId == GroupKeyManagement::Id); |
| |
| switch (aPath.mAttributeId) |
| { |
| case GroupKeyManagement::Attributes::ClusterRevision::Id: |
| return aEncoder.Encode(kImplementedClusterRevision); |
| case Attributes::FeatureMap::Id: { |
| uint32_t features = 0; |
| if (IsMCSPSupported()) |
| { |
| // TODO: Once there is MCSP support, this will need to add the |
| // right feature bit. |
| } |
| return aEncoder.Encode(features); |
| } |
| case GroupKeyManagement::Attributes::GroupKeyMap::Id: |
| return ReadGroupKeyMap(aPath.mEndpointId, aEncoder); |
| case GroupKeyManagement::Attributes::GroupTable::Id: |
| return ReadGroupTable(aPath.mEndpointId, aEncoder); |
| case GroupKeyManagement::Attributes::MaxGroupsPerFabric::Id: |
| return ReadMaxGroupsPerFabric(aPath.mEndpointId, aEncoder); |
| case GroupKeyManagement::Attributes::MaxGroupKeysPerFabric::Id: |
| return ReadMaxGroupKeysPerFabric(aPath.mEndpointId, aEncoder); |
| default: |
| break; |
| } |
| return CHIP_ERROR_READ_FAILED; |
| } |
| |
| CHIP_ERROR Write(const ConcreteDataAttributePath & aPath, AttributeValueDecoder & aDecoder) override |
| { |
| |
| if (GroupKeyManagement::Attributes::GroupKeyMap::Id == aPath.mAttributeId) |
| { |
| return WriteGroupKeyMap(aPath, aDecoder); |
| } |
| return CHIP_ERROR_WRITE_FAILED; |
| } |
| |
| private: |
| static constexpr uint16_t kClusterRevision = 1; |
| |
| CHIP_ERROR ReadClusterRevision(EndpointId endpoint, AttributeValueEncoder & aEncoder) |
| { |
| return aEncoder.Encode(kClusterRevision); |
| } |
| CHIP_ERROR ReadGroupKeyMap(EndpointId endpoint, AttributeValueEncoder & aEncoder) |
| { |
| auto provider = GetGroupDataProvider(); |
| VerifyOrReturnError(nullptr != provider, CHIP_ERROR_INTERNAL); |
| |
| CHIP_ERROR err = aEncoder.EncodeList([provider](const auto & encoder) -> CHIP_ERROR { |
| for (auto & fabric : Server::GetInstance().GetFabricTable()) |
| { |
| auto fabric_index = fabric.GetFabricIndex(); |
| auto iter = provider->IterateGroupKeys(fabric_index); |
| VerifyOrReturnError(nullptr != iter, CHIP_ERROR_NO_MEMORY); |
| |
| GroupDataProvider::GroupKey mapping; |
| while (iter->Next(mapping)) |
| { |
| GroupKeyManagement::Structs::GroupKeyMapStruct::Type key = { |
| .groupId = mapping.group_id, |
| .groupKeySetID = mapping.keyset_id, |
| .fabricIndex = fabric_index, |
| }; |
| encoder.Encode(key); |
| } |
| iter->Release(); |
| } |
| return CHIP_NO_ERROR; |
| }); |
| return err; |
| } |
| |
| CHIP_ERROR WriteGroupKeyMap(const ConcreteDataAttributePath & aPath, AttributeValueDecoder & aDecoder) |
| { |
| auto fabric_index = aDecoder.AccessingFabricIndex(); |
| auto provider = GetGroupDataProvider(); |
| |
| if (!aPath.IsListItemOperation()) |
| { |
| Attributes::GroupKeyMap::TypeInfo::DecodableType list; |
| size_t new_count; |
| |
| VerifyOrReturnError(nullptr != provider, CHIP_ERROR_INTERNAL); |
| ReturnErrorOnFailure(aDecoder.Decode(list)); |
| ReturnErrorOnFailure(list.ComputeSize(&new_count)); |
| |
| // Remove existing keys, ignore errors |
| provider->RemoveGroupKeys(fabric_index); |
| |
| // Add the new keys |
| auto iter = list.begin(); |
| size_t i = 0; |
| while (iter.Next()) |
| { |
| const auto & value = iter.GetValue(); |
| VerifyOrReturnError(fabric_index == value.fabricIndex, CHIP_ERROR_INVALID_FABRIC_INDEX); |
| // Cannot map to IPK, see `GroupKeyMapStruct` in Group Key Management cluster spec |
| VerifyOrReturnError(value.groupKeySetID != 0, CHIP_IM_GLOBAL_STATUS(ConstraintError)); |
| |
| ReturnErrorOnFailure(provider->SetGroupKeyAt(value.fabricIndex, i++, |
| GroupDataProvider::GroupKey(value.groupId, value.groupKeySetID))); |
| } |
| ReturnErrorOnFailure(iter.GetStatus()); |
| } |
| else if (aPath.mListOp == ConcreteDataAttributePath::ListOperation::AppendItem) |
| { |
| Structs::GroupKeyMapStruct::DecodableType value; |
| size_t current_count = 0; |
| VerifyOrReturnError(nullptr != provider, CHIP_ERROR_INTERNAL); |
| ReturnErrorOnFailure(aDecoder.Decode(value)); |
| VerifyOrReturnError(fabric_index == value.fabricIndex, CHIP_ERROR_INVALID_FABRIC_INDEX); |
| // Cannot map to IPK, see `GroupKeyMapStruct` in Group Key Management cluster spec |
| VerifyOrReturnError(value.groupKeySetID != 0, CHIP_IM_GLOBAL_STATUS(ConstraintError)); |
| |
| { |
| auto iter = provider->IterateGroupKeys(fabric_index); |
| current_count = iter->Count(); |
| iter->Release(); |
| } |
| |
| ReturnErrorOnFailure(provider->SetGroupKeyAt(value.fabricIndex, current_count, |
| GroupDataProvider::GroupKey(value.groupId, value.groupKeySetID))); |
| } |
| else |
| { |
| return CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE; |
| } |
| |
| return CHIP_NO_ERROR; |
| } |
| |
| CHIP_ERROR ReadGroupTable(EndpointId endpoint, AttributeValueEncoder & aEncoder) |
| { |
| auto provider = GetGroupDataProvider(); |
| VerifyOrReturnError(nullptr != provider, CHIP_ERROR_INTERNAL); |
| |
| CHIP_ERROR err = aEncoder.EncodeList([provider](const auto & encoder) -> CHIP_ERROR { |
| for (auto & fabric : Server::GetInstance().GetFabricTable()) |
| { |
| auto fabric_index = fabric.GetFabricIndex(); |
| auto iter = provider->IterateGroupInfo(fabric_index); |
| VerifyOrReturnError(nullptr != iter, CHIP_ERROR_NO_MEMORY); |
| |
| GroupDataProvider::GroupInfo info; |
| while (iter->Next(info)) |
| { |
| encoder.Encode(GroupTableCodec(provider, fabric_index, info)); |
| } |
| iter->Release(); |
| } |
| return CHIP_NO_ERROR; |
| }); |
| return err; |
| } |
| CHIP_ERROR ReadMaxGroupsPerFabric(EndpointId endpoint, AttributeValueEncoder & aEncoder) |
| { |
| auto * provider = GetGroupDataProvider(); |
| VerifyOrReturnError(nullptr != provider, CHIP_ERROR_INTERNAL); |
| return aEncoder.Encode(provider->GetMaxGroupsPerFabric()); |
| } |
| CHIP_ERROR ReadMaxGroupKeysPerFabric(EndpointId endpoint, AttributeValueEncoder & aEncoder) |
| { |
| auto * provider = GetGroupDataProvider(); |
| VerifyOrReturnError(nullptr != provider, CHIP_ERROR_INTERNAL); |
| return aEncoder.Encode(provider->GetMaxGroupKeysPerFabric()); |
| } |
| }; |
| |
| Status |
| ValidateKeySetWriteArguments(const chip::app::Clusters::GroupKeyManagement::Commands::KeySetWrite::DecodableType & commandData) |
| { |
| // SPEC: If the EpochKey0 field is null or its associated EpochStartTime0 field is null, then this command SHALL fail with an |
| // INVALID_COMMAND status code responded to the client. |
| if (commandData.groupKeySet.epochKey0.IsNull() || commandData.groupKeySet.epochStartTime0.IsNull()) |
| { |
| return Status::InvalidCommand; |
| } |
| |
| // SPEC: If the EpochStartTime0 is set to 0, then this command SHALL fail with an INVALID_COMMAND status code responded to the |
| // client. |
| if (0 == commandData.groupKeySet.epochStartTime0.Value()) |
| { |
| return Status::InvalidCommand; |
| } |
| |
| // By now we at least have epochKey0. |
| static_assert(GroupDataProvider::EpochKey::kLengthBytes == 16, |
| "Expect EpochKey internal data structure to have a length of 16 bytes."); |
| |
| // SPEC: If the EpochKey0 field's length is not exactly 16 bytes, then this command SHALL fail with a CONSTRAINT_ERROR status |
| // code responded to the client. |
| if (commandData.groupKeySet.epochKey0.Value().size() != GroupDataProvider::EpochKey::kLengthBytes) |
| { |
| return Status::ConstraintError; |
| } |
| |
| // Already known to be false by now |
| bool epoch_key0_is_null = false; |
| uint64_t epoch_start_time0 = commandData.groupKeySet.epochStartTime0.Value(); |
| |
| bool epoch_key1_is_null = commandData.groupKeySet.epochKey1.IsNull(); |
| bool epoch_start_time1_is_null = commandData.groupKeySet.epochStartTime1.IsNull(); |
| |
| uint64_t epoch_start_time1 = 0; // Will be overridden when known to be present. |
| |
| // SPEC: If exactly one of the EpochKey1 or EpochStartTime1 is null, rather than both being null, or neither being null, then |
| // this command SHALL fail with an INVALID_COMMAND status code responded to the client. |
| if (epoch_key1_is_null != epoch_start_time1_is_null) |
| { |
| return Status::InvalidCommand; |
| } |
| |
| if (!epoch_key1_is_null) |
| { |
| // SPEC: If the EpochKey1 field is not null, then the EpochKey0 field SHALL NOT be null. Otherwise this command SHALL fail |
| // with an INVALID_COMMAND status code responded to the client. |
| if (epoch_key0_is_null) |
| { |
| return Status::InvalidCommand; |
| } |
| |
| // SPEC: If the EpochKey1 field is not null, and the field's length is not exactly 16 bytes, then this command SHALL fail |
| // with a CONSTRAINT_ERROR status code responded to the client. |
| if (commandData.groupKeySet.epochKey1.Value().size() != GroupDataProvider::EpochKey::kLengthBytes) |
| { |
| return Status::ConstraintError; |
| } |
| |
| // By now, if EpochKey1 was present, we know EpochStartTime1 was also present. |
| epoch_start_time1 = commandData.groupKeySet.epochStartTime1.Value(); |
| |
| // SPEC: If the EpochKey1 field is not null, its associated EpochStartTime1 field SHALL NOT be null and SHALL contain a |
| // later epoch start time than the epoch start time found in the EpochStartTime0 field. Otherwise this command SHALL fail |
| // with an INVALID_COMMAND status code responded to the client. |
| bool epoch1_later_than_epoch0 = epoch_start_time1 > epoch_start_time0; |
| if (!epoch1_later_than_epoch0) |
| { |
| return Status::InvalidCommand; |
| } |
| } |
| |
| bool epoch_key2_is_null = commandData.groupKeySet.epochKey2.IsNull(); |
| bool epoch_start_time2_is_null = commandData.groupKeySet.epochStartTime2.IsNull(); |
| |
| // SPEC: If exactly one of the EpochKey2 or EpochStartTime2 is null, rather than both being null, or neither being null, then |
| // this command SHALL fail with an INVALID_COMMAND status code responded to the client. |
| if (epoch_key2_is_null != epoch_start_time2_is_null) |
| { |
| return Status::InvalidCommand; |
| } |
| |
| if (!epoch_key2_is_null) |
| { |
| // SPEC: If the EpochKey2 field is not null, then the EpochKey1 and EpochKey0 fields SHALL NOT be null. Otherwise this |
| // command SHALL fail with an INVALID_COMMAND status code responded to the client. |
| if (epoch_key0_is_null || epoch_key1_is_null) |
| { |
| return Status::InvalidCommand; |
| } |
| |
| // SPEC: If the EpochKey2 field is not null, and the field's length is not exactly 16 bytes, then this command SHALL fail |
| // with a CONSTRAINT_ERROR status code responded to the client. |
| if (commandData.groupKeySet.epochKey2.Value().size() != GroupDataProvider::EpochKey::kLengthBytes) |
| { |
| return Status::ConstraintError; |
| } |
| |
| // By now, if EpochKey2 was present, we know EpochStartTime2 was also present. |
| uint64_t epoch_start_time2 = commandData.groupKeySet.epochStartTime2.Value(); |
| |
| // SPEC: If the EpochKey2 field is not null, its associated EpochStartTime2 field SHALL NOT be null and SHALL contain a |
| // later epoch start time than the epoch start time found in the EpochStartTime1 field. Otherwise this command SHALL fail |
| // with an INVALID_COMMAND status code responded to the client. |
| bool epoch2_later_than_epoch1 = epoch_start_time2 > epoch_start_time1; |
| if (!epoch2_later_than_epoch1) |
| { |
| return Status::InvalidCommand; |
| } |
| } |
| |
| return Status::Success; |
| } |
| |
| bool GetProviderAndFabric(chip::app::CommandHandler * commandObj, const chip::app::ConcreteCommandPath & commandPath, |
| Credentials::GroupDataProvider ** outGroupDataProvider, const FabricInfo ** outFabricInfo) |
| { |
| VerifyOrDie(commandObj != nullptr); |
| VerifyOrDie(outGroupDataProvider != nullptr); |
| VerifyOrDie(outFabricInfo != nullptr); |
| |
| // Internal failures on internal inconsistencies. |
| auto provider = GetGroupDataProvider(); |
| auto fabric = Server::GetInstance().GetFabricTable().FindFabricWithIndex(commandObj->GetAccessingFabricIndex()); |
| |
| if (nullptr == provider) |
| { |
| commandObj->AddStatusAndLogIfFailure(commandPath, Status::Failure, "Internal consistency error on provider!"); |
| return false; |
| } |
| |
| if (nullptr == fabric) |
| { |
| commandObj->AddStatusAndLogIfFailure(commandPath, Status::Failure, "Internal consistency error on access fabric!"); |
| return false; |
| } |
| |
| *outGroupDataProvider = provider; |
| *outFabricInfo = fabric; |
| |
| return true; |
| } |
| |
| GroupKeyManagementAttributeAccess gAttribute; |
| |
| } // anonymous namespace |
| |
| void MatterGroupKeyManagementPluginServerInitCallback() |
| { |
| registerAttributeAccessOverride(&gAttribute); |
| } |
| |
| // |
| // Commands |
| // |
| |
| bool emberAfGroupKeyManagementClusterKeySetWriteCallback( |
| chip::app::CommandHandler * commandObj, const chip::app::ConcreteCommandPath & commandPath, |
| const chip::app::Clusters::GroupKeyManagement::Commands::KeySetWrite::DecodableType & commandData) |
| { |
| Credentials::GroupDataProvider * provider = nullptr; |
| const FabricInfo * fabric = nullptr; |
| |
| if (!GetProviderAndFabric(commandObj, commandPath, &provider, &fabric)) |
| { |
| // Command will already have status populated from validation. |
| return true; |
| } |
| |
| // Pre-validate all complex data dependency assumptions about the epoch keys |
| Status status = ValidateKeySetWriteArguments(commandData); |
| if (status != Status::Success) |
| { |
| commandObj->AddStatusAndLogIfFailure(commandPath, status, "Failure to validate KeySet data dependencies."); |
| return true; |
| } |
| |
| if (commandData.groupKeySet.groupKeySecurityPolicy == GroupKeySecurityPolicyEnum::kUnknownEnumValue) |
| { |
| // If a client indicates an enumeration value to the server, that is not |
| // supported by the server, because it is ... a new value unrecognized |
| // by a legacy server, then the server SHALL generate a general |
| // constraint error |
| commandObj->AddStatusAndLogIfFailure(commandPath, Status::ConstraintError, |
| "Received unknown GroupKeySecurityPolicyEnum value"); |
| return true; |
| } |
| |
| if (!GroupKeyManagementAttributeAccess::IsMCSPSupported() && |
| commandData.groupKeySet.groupKeySecurityPolicy == GroupKeySecurityPolicyEnum::kCacheAndSync) |
| { |
| // When CacheAndSync is not supported in the FeatureMap of this cluster, |
| // any action attempting to set CacheAndSync in the |
| // GroupKeySecurityPolicy field SHALL fail with an INVALID_COMMAND |
| // error. |
| commandObj->AddStatusAndLogIfFailure(commandPath, Status::InvalidCommand, |
| "Received a CacheAndSync GroupKeySecurityPolicyEnum when MCSP not supported"); |
| return true; |
| } |
| |
| // All flight checks completed: by now we know that non-null keys are all valid and correct size. |
| bool epoch_key1_present = !commandData.groupKeySet.epochKey1.IsNull(); |
| bool epoch_key2_present = !commandData.groupKeySet.epochKey2.IsNull(); |
| |
| GroupDataProvider::KeySet keyset(commandData.groupKeySet.groupKeySetID, commandData.groupKeySet.groupKeySecurityPolicy, 0); |
| |
| // Epoch Key 0 always present |
| keyset.epoch_keys[0].start_time = commandData.groupKeySet.epochStartTime0.Value(); |
| memcpy(keyset.epoch_keys[0].key, commandData.groupKeySet.epochKey0.Value().data(), GroupDataProvider::EpochKey::kLengthBytes); |
| keyset.num_keys_used++; |
| |
| // Epoch Key 1 |
| if (epoch_key1_present) |
| { |
| keyset.epoch_keys[1].start_time = commandData.groupKeySet.epochStartTime1.Value(); |
| memcpy(keyset.epoch_keys[1].key, commandData.groupKeySet.epochKey1.Value().data(), |
| GroupDataProvider::EpochKey::kLengthBytes); |
| keyset.num_keys_used++; |
| } |
| |
| // Epoch Key 2 |
| if (epoch_key2_present) |
| { |
| keyset.epoch_keys[2].start_time = commandData.groupKeySet.epochStartTime2.Value(); |
| memcpy(keyset.epoch_keys[2].key, commandData.groupKeySet.epochKey2.Value().data(), |
| GroupDataProvider::EpochKey::kLengthBytes); |
| keyset.num_keys_used++; |
| } |
| |
| uint8_t compressed_fabric_id_buffer[sizeof(uint64_t)]; |
| MutableByteSpan compressed_fabric_id(compressed_fabric_id_buffer); |
| CHIP_ERROR err = fabric->GetCompressedFabricIdBytes(compressed_fabric_id); |
| if (CHIP_NO_ERROR != err) |
| { |
| commandObj->AddStatus(commandPath, Status::Failure); |
| return true; |
| } |
| |
| // Set KeySet |
| err = provider->SetKeySet(fabric->GetFabricIndex(), compressed_fabric_id, keyset); |
| if (CHIP_ERROR_INVALID_LIST_LENGTH == err) |
| { |
| commandObj->AddStatusAndLogIfFailure(commandPath, Status::ResourceExhausted, "Not enough space left to add a new KeySet"); |
| return true; |
| } |
| |
| if (CHIP_NO_ERROR == err) |
| { |
| ChipLogDetail(Zcl, "GroupKeyManagementCluster: KeySetWrite OK"); |
| } |
| else |
| { |
| ChipLogDetail(Zcl, "GroupKeyManagementCluster: KeySetWrite: %" CHIP_ERROR_FORMAT, err.Format()); |
| } |
| |
| // Send response |
| commandObj->AddStatus(commandPath, StatusIB(err).mStatus); |
| return true; |
| } |
| |
| bool emberAfGroupKeyManagementClusterKeySetReadCallback( |
| chip::app::CommandHandler * commandObj, const chip::app::ConcreteCommandPath & commandPath, |
| const chip::app::Clusters::GroupKeyManagement::Commands::KeySetRead::DecodableType & commandData) |
| { |
| Credentials::GroupDataProvider * provider = nullptr; |
| const FabricInfo * fabric = nullptr; |
| |
| if (!GetProviderAndFabric(commandObj, commandPath, &provider, &fabric)) |
| { |
| // Command will already have status populated from validation. |
| return true; |
| } |
| |
| FabricIndex fabricIndex = fabric->GetFabricIndex(); |
| GroupDataProvider::KeySet keyset; |
| if (CHIP_NO_ERROR != provider->GetKeySet(fabricIndex, commandData.groupKeySetID, keyset)) |
| { |
| // KeySet ID not found |
| commandObj->AddStatusAndLogIfFailure(commandPath, Status::NotFound, "Keyset ID not found in KeySetRead"); |
| return true; |
| } |
| |
| // In KeySetReadResponse, EpochKey0, EpochKey1 and EpochKey2 key contents shall be null |
| GroupKeyManagement::Commands::KeySetReadResponse::Type response; |
| response.groupKeySet.groupKeySetID = keyset.keyset_id; |
| response.groupKeySet.groupKeySecurityPolicy = keyset.policy; |
| |
| // Keyset 0 |
| if (keyset.num_keys_used > 0) |
| { |
| response.groupKeySet.epochStartTime0.SetNonNull(keyset.epoch_keys[0].start_time); |
| } |
| else |
| { |
| response.groupKeySet.epochStartTime0.SetNull(); |
| } |
| response.groupKeySet.epochKey0.SetNull(); |
| |
| // Keyset 1 |
| if (keyset.num_keys_used > 1) |
| { |
| response.groupKeySet.epochStartTime1.SetNonNull(keyset.epoch_keys[1].start_time); |
| } |
| else |
| { |
| response.groupKeySet.epochStartTime1.SetNull(); |
| } |
| response.groupKeySet.epochKey1.SetNull(); |
| |
| // Keyset 2 |
| if (keyset.num_keys_used > 2) |
| { |
| response.groupKeySet.epochStartTime2.SetNonNull(keyset.epoch_keys[2].start_time); |
| } |
| else |
| { |
| response.groupKeySet.epochStartTime2.SetNull(); |
| } |
| response.groupKeySet.epochKey2.SetNull(); |
| |
| commandObj->AddResponse(commandPath, response); |
| return true; |
| } |
| |
| bool emberAfGroupKeyManagementClusterKeySetRemoveCallback( |
| chip::app::CommandHandler * commandObj, const chip::app::ConcreteCommandPath & commandPath, |
| const chip::app::Clusters::GroupKeyManagement::Commands::KeySetRemove::DecodableType & commandData) |
| |
| { |
| Credentials::GroupDataProvider * provider = nullptr; |
| const FabricInfo * fabric = nullptr; |
| |
| if (!GetProviderAndFabric(commandObj, commandPath, &provider, &fabric)) |
| { |
| // Command will already have status populated from validation. |
| return true; |
| } |
| |
| if (commandData.groupKeySetID == GroupDataProvider::kIdentityProtectionKeySetId) |
| { |
| // SPEC: This command SHALL fail with an INVALID_COMMAND status code back to the initiator if the GroupKeySetID being |
| // removed is 0, which is the Key Set associated with the Identity Protection Key (IPK). |
| commandObj->AddStatusAndLogIfFailure(commandPath, Status::InvalidCommand, |
| "Attempted to KeySetRemove the identity protection key!"); |
| return true; |
| } |
| |
| // Remove keyset |
| FabricIndex fabricIndex = fabric->GetFabricIndex(); |
| CHIP_ERROR err = provider->RemoveKeySet(fabricIndex, commandData.groupKeySetID); |
| |
| Status status = Status::Success; |
| if (CHIP_ERROR_KEY_NOT_FOUND == err) |
| { |
| status = Status::NotFound; |
| } |
| else if (CHIP_NO_ERROR != err) |
| { |
| status = Status::Failure; |
| } |
| |
| // Send status response. |
| commandObj->AddStatusAndLogIfFailure(commandPath, status, "KeySetRemove failed"); |
| return true; |
| } |
| |
| struct KeySetReadAllIndicesResponse |
| { |
| static constexpr CommandId GetCommandId() { return GroupKeyManagement::Commands::KeySetReadAllIndicesResponse::Id; } |
| static constexpr ClusterId GetClusterId() { return GroupKeyManagement::Id; } |
| |
| GroupDataProvider::KeySetIterator * mIterator = nullptr; |
| |
| KeySetReadAllIndicesResponse(GroupDataProvider::KeySetIterator * iter) : mIterator(iter) {} |
| |
| CHIP_ERROR Encode(TLV::TLVWriter & writer, TLV::Tag tag) const |
| { |
| TLV::TLVType outer; |
| ReturnErrorOnFailure(writer.StartContainer(tag, TLV::kTLVType_Structure, outer)); |
| |
| TLV::TLVType array; |
| ReturnErrorOnFailure(writer.StartContainer( |
| TLV::ContextTag(GroupKeyManagement::Commands::KeySetReadAllIndicesResponse::Fields::kGroupKeySetIDs), |
| TLV::kTLVType_Array, array)); |
| |
| GroupDataProvider::KeySet keyset; |
| while (mIterator && mIterator->Next(keyset)) |
| { |
| ReturnErrorOnFailure(app::DataModel::Encode(writer, TLV::AnonymousTag(), keyset.keyset_id)); |
| } |
| |
| ReturnErrorOnFailure(writer.EndContainer(array)); |
| ReturnErrorOnFailure(writer.EndContainer(outer)); |
| return CHIP_NO_ERROR; |
| } |
| }; |
| |
| bool emberAfGroupKeyManagementClusterKeySetReadAllIndicesCallback( |
| chip::app::CommandHandler * commandObj, const chip::app::ConcreteCommandPath & commandPath, |
| const chip::app::Clusters::GroupKeyManagement::Commands::KeySetReadAllIndices::DecodableType & commandData) |
| { |
| Credentials::GroupDataProvider * provider = nullptr; |
| const FabricInfo * fabric = nullptr; |
| |
| if (!GetProviderAndFabric(commandObj, commandPath, &provider, &fabric)) |
| { |
| // Command will already have status populated from validation. |
| return true; |
| } |
| |
| FabricIndex fabricIndex = fabric->GetFabricIndex(); |
| auto keysIt = provider->IterateKeySets(fabricIndex); |
| if (nullptr == keysIt) |
| { |
| commandObj->AddStatusAndLogIfFailure(commandPath, Status::Failure, "Failed iteration of key set indices!"); |
| return true; |
| } |
| |
| commandObj->AddResponse(commandPath, KeySetReadAllIndicesResponse(keysIt)); |
| keysIt->Release(); |
| return true; |
| } |