Google Git
Sign in
pigweed / third_party / github / project-chip / connectedhomeip / de95c3275bee1bdd59d43070ca60e1c98be7cb9a / . / src / app / tests / suites / certification / Test_TC_ACE_1_6.yaml
blob: 9738fefb7024feb3889bddcee0df0c98aedab0ce [file] [log] [blame]
# Copyright (c) 2023 Project CHIP Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: 49.1.6. [TC-ACE-1.6] Group auth mode
PICS:
- MCORE.ROLE.COMMISSIONEE
- G.S
config:
nodeId: 0x12344321
cluster: "Access Control"
endpoint: 0
#PIXIT.G.ENDPOINT
Groups.Endpoint: 1
tests:
- label: "Step 0: Wait for the commissioned device to be retrieved for TH1"
cluster: "DelayCommands"
command: "WaitForCommissionee"
arguments:
values:
- name: "nodeId"
value: nodeId
- label: "TH reads the fabric index and saves for future use."
cluster: "Operational Credentials"
command: "readAttribute"
attribute: "CurrentFabricIndex"
response:
saveAs: FabricIndexValue
- label: "TH reads the commissioner nodeID and saves for future use."
cluster: "CommissionerCommands"
command: "GetCommissionerNodeId"
response:
values:
- name: "nodeId"
saveAs: commissionerNodeId
- label:
"Step 1a: TH sends KeySetWrite command in the GroupKeyManagement
cluster to DUT using a key that is pre-installed on the TH.
GroupKeySet fields are as follows: GroupKeySetID: 0x01a3
GroupKeySecurityPolicy: TrustFirst (0) EpochKey0:
d0d1d2d3d4d5d6d7d8d9dadbdcdddedf EpochStartTime0: 2220000 EpochKey1:
d1d1d2d3d4d5d6d7d8d9dadbdcdddedf EpochStartTime1: 2220001 EpochKey2:
d2d1d2d3d4d5d6d7d8d9dadbdcdddedf EpochStartTime2: 2220002"
cluster: "Group Key Management"
command: "KeySetWrite"
arguments:
values:
- name: GroupKeySet
value:
{
GroupKeySetID: 0x01a3,
GroupKeySecurityPolicy: 0,
EpochKey0: "hex:d0d1d2d3d4d5d6d7d8d9dadbdcdddedf",
EpochStartTime0: 2220000,
EpochKey1: "hex:d1d1d2d3d4d5d6d7d8d9dadbdcdddedf",
EpochStartTime1: 2220001,
EpochKey2: "hex:d2d1d2d3d4d5d6d7d8d9dadbdcdddedf",
EpochStartTime2: 2220002,
}
- label:
"Step 1b: TH sends KeySetWrite command in the GroupKeyManagement
cluster to DUT using a key that is pre-installed on the TH.
GroupKeySet fields are as follows: GroupKeySetID: 0x01a1
GroupKeySecurityPolicy: TrustFirst (0) EpochKey0:
a0d1d2d3d4d5d6d7d8d9dadbdcdddedf EpochStartTime0: 2220000 EpochKey1:
b1d1d2d3d4d5d6d7d8d9dadbdcdddedf EpochStartTime1: 2220001 EpochKey2:
c2d1d2d3d4d5d6d7d8d9dadbdcdddedf EpochStartTime2: 2220002"
cluster: "Group Key Management"
command: "KeySetWrite"
arguments:
values:
- name: GroupKeySet
value:
{
GroupKeySetID: 0x01a1,
GroupKeySecurityPolicy: 0,
EpochKey0: "hex:a0d1d2d3d4d5d6d7d8d9dadbdcdddedf",
EpochStartTime0: 2220000,
EpochKey1: "hex:b1d1d2d3d4d5d6d7d8d9dadbdcdddedf",
EpochStartTime1: 2220001,
EpochKey2: "hex:c2d1d2d3d4d5d6d7d8d9dadbdcdddedf",
EpochStartTime2: 2220002,
}
- label:
"Step 2: TH binds GroupIds 0x0101 and 0x0102 with GroupKeySetID 0x01a1
and GroupId 0x0103 with GroupKeySetID 0x01a3 in the GroupKeyMap
attribute list on GroupKeyManagement cluster by writing the
GroupKeyMap attribute with three entries as follows: List item 1:
GroupId: 0x0101, GroupKeySetId: 0x01a1, List item 2: GroupId: 0x0102,
GroupKeySetId: 0x01a1, List item 3: GroupId: 0x0103, GroupKeySetId:
0x01a3"
cluster: "Group Key Management"
command: "writeAttribute"
attribute: "GroupKeyMap"
arguments:
value:
[
{ FabricIndex: 0, GroupId: 0x0101, GroupKeySetID: 0x01a1 },
{ FabricIndex: 0, GroupId: 0x0102, GroupKeySetID: 0x01a1 },
{ FabricIndex: 0, GroupId: 0x0103, GroupKeySetID: 0x01a3 },
]
- label:
"Step 3: TH sends a AddGroup Command to the Groups cluster on Endpoint
PIXIT.G.ENDPOINT over CASE with the GroupID field set to 0x0103 and
the GroupName set to an empty string"
cluster: "Groups"
endpoint: Groups.Endpoint
command: "AddGroup"
arguments:
values:
- name: GroupID
value: 0x0103
- name: GroupName
value: ""
- label:
"Step 4: TH writes The ACL attribute in the Access Control cluster to
add Manage privileges for group 0x0103 and maintain the current
administrative privileges for the TH on the Access Control cluster.
The following access control list shall be used: List item 1 (TH
admin): Privilege: Administer (5) AuthMode: CASE (2) Subjects: [N1]
Targets: [{Cluster: AccessControl (0x001f), Endpoint: 0}] List item 2
(group Manage access): Privilege: Manage (4) AuthMode: Group (3)
Subjects: group 0x0103 ([0x0103]) Targets: {Cluster: Groups (0x0004),
Endpoint: PIXIT.G.ENDPOINT}"
command: "writeAttribute"
attribute: "ACL"
arguments:
value: [
{
FabricIndex: 0,
Privilege: 5, #Administer
AuthMode: 2, #CASE
Subjects: [commissionerNodeId],
Targets:
[
{
Cluster: 0x001f,
Endpoint: endpoint,
DeviceType: null,
},
],
},
{
FabricIndex: 0,
Privilege: 4, #Manage
AuthMode: 3, #Group
Subjects: [0x0103], #group 0x0103
Targets:
[
{
Cluster: 0x0004,
Endpoint: Groups.Endpoint,
DeviceType: null,
},
],
},
]
- label:
"Step 5: TH sends a AddGroup Command to the Groups cluster on Endpoint
PIXIT.G.ENDPOINT over CASE with the GroupID field set to 0x0104 and
the GroupName set to an empty string"
cluster: "Groups"
endpoint: Groups.Endpoint
command: "AddGroup"
arguments:
values:
- name: GroupID
value: 0x0104
- name: GroupName
value: ""
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 6: TH sends a AddGroup Command to the Groups cluster with the
GroupID field set to 0x0101 and the GroupName set to an empty string.
The command is sent as a group command using GroupID 0x0103"
cluster: "Groups"
groupId: 0x0103
command: "AddGroup"
arguments:
values:
- name: GroupID
value: 0x0101
- name: GroupName
value: ""
# multicast if the unicast packet is sent immediately after the multicast one.
- label: "Wait for AddGroup"
cluster: "DelayCommands"
command: "WaitForMs"
arguments:
values:
- name: "ms"
value: 1000
- label:
"Step 7: TH sends a AddGroup Command to the Groups cluster with the
GroupID field set to 0x0102 and the GroupName set to an empty string.
The command is sent as a group command using GroupID 0x0101"
cluster: "Groups"
groupId: 0x0101
command: "AddGroup"
arguments:
values:
- name: GroupID
value: 0x0102
- name: GroupName
value: ""
# multicast if the unicast packet is sent immediately after the multicast one.
- label: "Wait for AddGroup"
cluster: "DelayCommands"
command: "WaitForMs"
arguments:
values:
- name: "ms"
value: 1000
- label:
"Step 8: TH writes The ACL attribute in the Access Control cluster to
revoke groups Management access and restore full access over CASE by
setting the following ACL list items: List item 1 (TH admin):
Privilege: Administer (5) AuthMode: CASE (2) Subjects: [N1] Targets:
null"
command: "writeAttribute"
attribute: "ACL"
arguments:
value: [
{
FabricIndex: 0,
Privilege: 5, #Administer
AuthMode: 2, #CASE
Subjects: [commissionerNodeId],
Targets: null,
},
]
- label:
"Step 9: TH sends a ViewGroup Command to the Groups cluster on
Endpoint PIXIT.G.ENDPOINT over CASE with the GroupID set to 0x0101 to
confirm that the AddGroup command from step 6 was successful"
cluster: "Groups"
endpoint: Groups.Endpoint
command: "ViewGroup"
arguments:
values:
- name: GroupID
value: 0x0101
response:
values:
- name: Status
value: 0
- name: GroupID
value: 0x0101
- name: GroupName
value: ""
- label:
"Step 10: TH sends a ViewGroup Command to the Groups cluster on
Endpoint PIXIT.G.ENDPOINT over CASE with the GroupID set to 0x0102 to
confirm that the AddGroup command from step 7 was not successful"
cluster: "Groups"
endpoint: Groups.Endpoint
command: "ViewGroup"
arguments:
values:
- name: GroupID
value: 0x0102
response:
values:
- name: Status
value: 139
- name: GroupID
value: 0x0102
- name: GroupName
value: ""
- label:
"Step 11: TH sends a AddGroup Command to the Groups cluster with the
GroupID field set to 0x0105 and the GroupName set to an empty string.
The command is sent as a group command using GroupID 0x0103"
cluster: "Groups"
groupId: 0x0103
command: "AddGroup"
arguments:
values:
- name: GroupID
value: 0x0105
- name: GroupName
value: ""
- label:
"Step 12: TH sends a ViewGroup Command to the Groups cluster on
Endpoint PIXIT.G.ENDPOINT over CASE with the GroupID set to 0x0105 to
confirm that the AddGroup command from step 11 was not successful"
cluster: "Groups"
endpoint: Groups.Endpoint
command: "ViewGroup"
arguments:
values:
- name: GroupID
value: 0x0105
response:
values:
- name: Status
value: 139
- name: GroupID
value: 0x0105
- name: GroupName
value: ""
- label:
"Step 13: TH sends the RemoveAllGroups Command to the Groups cluster
on Endpoint PIXIT.G.ENDPOINT over CASE"
cluster: "Groups"
endpoint: Groups.Endpoint
command: "RemoveAllGroups"
- label:
"Step 14: TH resets the GroupKeyMap attribute list on
GroupKeyManagement cluster by writing the GroupKeyMap attribute with
an empty list"
cluster: "Group Key Management"
command: "writeAttribute"
attribute: "GroupKeyMap"
arguments:
value: []
- label:
"Step 15: TH resets the key set by sending the KeySetRemove command to
the GroupKeyManagement cluster over CASE with the following fields:
GroupKeySetID: 0x01a3"
cluster: "Group Key Management"
command: "KeySetRemove"
arguments:
values:
- name: GroupKeySetID
value: 0x01a3
- label:
"Step 16: TH resets the key set by sending the KeySetRemove command to
the GroupKeyManagement cluster over CASE with the following fields:
GroupKeySetID: 0x01a1"
cluster: "Group Key Management"
command: "KeySetRemove"
arguments:
values:
- name: GroupKeySetID
value: 0x01a1