Google Git
Sign in
pigweed / third_party / github / project-chip / connectedhomeip / e663746f0caa64781720d79d33eb8e0ce9709e6f / . / src / app / zap-templates / zcl / data-model / chip / operational-credentials-cluster.xml
blob: 30ef7856af36ac394dd3d02ebbd3a1caffaa1c4b [file] [log] [blame]
<?xml version="1.0"?>
<!--
Copyright (c) 2021 Project CHIP Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configurator>
<domain name="CHIP"/>
<struct name="FabricDescriptorStruct" isFabricScoped="true">
<cluster code="0x003E"/>
<item fieldId="1" name="RootPublicKey" type="OCTET_STRING" length="65"/>
<item fieldId="2" name="VendorID" type="VENDOR_ID"/>
<item fieldId="3" name="FabricID" type="FABRIC_ID"/>
<item fieldId="4" name="NodeID" type="NODE_ID"/>
<item fieldId="5" name="Label" type="CHAR_STRING" length="32"/>
</struct>
<enum name="NodeOperationalCertStatusEnum" type="ENUM8">
<cluster code="0x003E"/>
<item name="OK" value="0x00"/>
<item name="InvalidPublicKey" value="0x01"/>
<item name="InvalidNodeOpId" value="0x02"/>
<item name="InvalidNOC" value="0x03"/>
<item name="MissingCsr" value="0x04"/>
<item name="TableFull" value="0x05"/>
<item name="InvalidAdminSubject" value="0x06"/>
<item name="FabricConflict" value="0x09"/>
<item name="LabelConflict" value="0x0a"/>
<item name="InvalidFabricIndex" value="0x0b"/>
</enum>
<struct name="NOCStruct" isFabricScoped="true">
<cluster code="0x003E"/>
<item fieldId="1" name="NOC" type="OCTET_STRING" isFabricSensitive="true"/>
<item fieldId="2" name="ICAC" type="OCTET_STRING" isNullable="true" isFabricSensitive="true"/>
</struct>
<enum name="CertificateChainTypeEnum" type="ENUM8">
<cluster code="0x003E"/>
<item name="DACCertificate" value="0x01"/>
<item name="PAICertificate" value="0x02"/>
</enum>
<cluster>
<domain>General</domain>
<name>Operational Credentials</name>
<code>0x003E</code>
<define>OPERATIONAL_CREDENTIALS_CLUSTER</define>
<description>This cluster is used to add or remove Operational Credentials on a Commissionee or Node, as well as manage the associated Fabrics.</description>
<attribute side="server" code="0x0000" define="NOCS" type="ARRAY" entryType="NOCStruct" writable="false" optional="false">
<description>NOCs</description>
<access op="read" privilege="administer"/>
</attribute>
<attribute side="server" code="0x0001" define="FABRICS" type="ARRAY" entryType="FabricDescriptorStruct" writable="false" optional="false">Fabrics</attribute>
<attribute side="server" code="0x0002" define="SUPPORTED_FABRICS" type="INT8U" writable="false" min="5" max="254" optional="false">SupportedFabrics</attribute>
<attribute side="server" code="0x0003" define="COMMISSIONED_FABRICS" type="INT8U" writable="false" optional="false">CommissionedFabrics</attribute>
<attribute side="server" code="0x0004" define="TRUSTED_ROOT_CERTIFICATES" type="ARRAY" entryType="OCTET_STRING" writable="false" optional="false">TrustedRootCertificates</attribute>
<attribute side="server" code="0x0005" define="CURRENT_FABRIC_INDEX" type="INT8U" writable="false" optional="false">CurrentFabricIndex</attribute>
<command source="client" code="0x00" name="AttestationRequest" response="AttestationResponse" optional="false">
<description>Sender is requesting attestation information from the receiver.</description>
<arg name="AttestationNonce" type="OCTET_STRING"/>
<access op="invoke" privilege="administer"/>
</command>
<command source="server" code="0x01" name="AttestationResponse" optional="false">
<description>An attestation information confirmation from the server.</description>
<arg name="AttestationElements" type="OCTET_STRING"/>
<arg name="AttestationSignature" type="OCTET_STRING"/>
</command>
<command source="client" code="0x02" name="CertificateChainRequest" response="CertificateChainResponse" optional="false">
<description>Sender is requesting a device attestation certificate from the receiver.</description>
<arg name="CertificateType" type="CertificateChainTypeEnum"/>
<access op="invoke" privilege="administer"/>
</command>
<command source="server" code="0x03" name="CertificateChainResponse" optional="false">
<description>A device attestation certificate (DAC) or product attestation intermediate (PAI) certificate from the server.</description>
<arg name="Certificate" type="OCTET_STRING"/>
</command>
<command source="client" code="0x04" name="CSRRequest" response="CSRResponse" optional="false">
<description>Sender is requesting a certificate signing request (CSR) from the receiver.</description>
<arg name="CSRNonce" type="OCTET_STRING"/>
<arg name="IsForUpdateNOC" type="boolean" optional="true"/>
<access op="invoke" privilege="administer"/>
</command>
<!-- TODO: Fix to match chip-spec:#3346 -->
<command source="server" code="0x05" name="CSRResponse" optional="false">
<description>A certificate signing request (CSR) from the server.</description>
<arg name="NOCSRElements" type="OCTET_STRING"/>
<arg name="AttestationSignature" type="OCTET_STRING"/>
</command>
<command source="client" code="0x06" name="AddNOC" response="NOCResponse" optional="false">
<description>Sender is requesting to add the new node operational certificates.</description>
<arg name="NOCValue" type="OCTET_STRING"/>
<arg name="ICACValue" type="OCTET_STRING" optional="true"/>
<arg name="IPKValue" type="OCTET_STRING"/>
<arg name="CaseAdminSubject" type="Int64u"/>
<arg name="AdminVendorId" type="VENDOR_ID"/>
<access op="invoke" privilege="administer"/>
</command>
<command source="client" code="0x07" name="UpdateNOC" response="NOCResponse" isFabricScoped="true" optional="false">
<description>Sender is requesting to update the node operational certificates.</description>
<arg name="NOCValue" type="OCTET_STRING"/>
<arg name="ICACValue" type="OCTET_STRING" optional="true"/>
<access op="invoke" privilege="administer"/>
</command>
<command source="server" code="0x08" name="NOCResponse" optional="false">
<description>Response to AddNOC or UpdateNOC commands.</description>
<arg name="StatusCode" type="NodeOperationalCertStatusEnum"/>
<arg name="FabricIndex" type="fabric_idx" optional="true"/>
<arg name="DebugText" type="CHAR_STRING" optional="true"/>
</command>
<command source="client" code="0x09" name="UpdateFabricLabel" response="NOCResponse" isFabricScoped="true" optional="false">
<description>This command SHALL be used by an Administrative Node to set the user-visible Label field for a given Fabric, as reflected by entries in the Fabrics attribute.</description>
<arg name="Label" type="CHAR_STRING" length="32"/>
<access op="invoke" privilege="administer"/>
</command>
<command source="client" code="0x0a" name="RemoveFabric" response="NOCResponse" optional="false">
<description>This command is used by Administrative Nodes to remove a given fabric index and delete all associated fabric-scoped data.</description>
<arg name="FabricIndex" type="fabric_idx"/>
<access op="invoke" privilege="administer"/>
</command>
<command source="client" code="0x0b" name="AddTrustedRootCertificate" optional="false">
<description>This command SHALL add a Trusted Root CA Certificate, provided as its CHIP Certificate representation.</description>
<arg name="RootCACertificate" type="OCTET_STRING"/>
<access op="invoke" privilege="administer"/>
</command>
</cluster>
</configurator>