| <?xml version="1.0"?> |
| <!-- |
| Copyright (c) 2021 Project CHIP Authors |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <configurator> |
| <domain name="CHIP"/> |
| |
| <struct name="FabricDescriptor" isFabricScoped="true"> |
| <cluster code="0x003E"/> |
| <item fieldId="1" name="RootPublicKey" type="OCTET_STRING" length="65"/> |
| <item fieldId="2" name="VendorId" type="VENDOR_ID"/> |
| <item fieldId="3" name="FabricId" type="FABRIC_ID"/> |
| <item fieldId="4" name="NodeId" type="NODE_ID"/> |
| <item fieldId="5" name="Label" type="CHAR_STRING" length="32"/> |
| </struct> |
| |
| <enum name="OperationalCertStatus" type="ENUM8"> |
| <cluster code="0x003E"/> |
| <item name="SUCCESS" value="0x00"/> |
| <item name="InvalidPublicKey" value="0x01"/> |
| <item name="InvalidNodeOpId" value="0x02"/> |
| <item name="InvalidNOC" value="0x03"/> |
| <item name="MissingCsr" value="0x04"/> |
| <item name="TableFull" value="0x05"/> |
| <item name="InvalidAdminSubject" value="0x06"/> |
| <item name="FabricConflict" value="0x09"/> |
| <item name="LabelConflict" value="0x0a"/> |
| <item name="InvalidFabricIndex" value="0x0b"/> |
| </enum> |
| |
| <struct name="NOCStruct" isFabricScoped="true"> |
| <cluster code="0x003E"/> |
| <item fieldId="1" name="NOC" type="OCTET_STRING" isFabricSensitive="true"/> |
| <item fieldId="2" name="ICAC" type="OCTET_STRING" isNullable="true" isFabricSensitive="true"/> |
| </struct> |
| |
| <cluster> |
| <domain>General</domain> |
| <name>Operational Credentials</name> |
| <code>0x003E</code> |
| <define>OPERATIONAL_CREDENTIALS_CLUSTER</define> |
| <description>This cluster is used to add or remove Operational Credentials on a Commissionee or Node, as well as manage the associated Fabrics.</description> |
| |
| <attribute side="server" code="0x0000" define="NOCS" type="ARRAY" entryType="NOCStruct" writable="false" optional="false"> |
| <description>NOCs</description> |
| <access op="read" privilege="administer"/> |
| </attribute> |
| <attribute side="server" code="0x0001" define="FABRICS" type="ARRAY" entryType="FabricDescriptor" writable="false" optional="false">Fabrics</attribute> |
| <attribute side="server" code="0x0002" define="SUPPORTED_FABRICS" type="INT8U" writable="false" optional="false">SupportedFabrics</attribute> |
| <attribute side="server" code="0x0003" define="COMMISSIONED_FABRICS" type="INT8U" writable="false" optional="false">CommissionedFabrics</attribute> |
| <attribute side="server" code="0x0004" define="TRUSTED_ROOT_CERTIFICATES" type="ARRAY" entryType="OCTET_STRING" writable="false" optional="false">TrustedRootCertificates</attribute> |
| <attribute side="server" code="0x0005" define="CURRENT_FABRIC_INDEX" type="INT8U" writable="false" optional="false">CurrentFabricIndex</attribute> |
| |
| <command source="client" code="0x00" name="AttestationRequest" response="AttestationResponse" optional="false"> |
| <description>Sender is requesting attestation information from the receiver.</description> |
| <arg name="AttestationNonce" type="OCTET_STRING"/> |
| <access op="invoke" privilege="administer"/> |
| </command> |
| |
| <command source="server" code="0x01" name="AttestationResponse" optional="false"> |
| <description>An attestation information confirmation from the server.</description> |
| <arg name="AttestationElements" type="OCTET_STRING"/> |
| <arg name="Signature" type="OCTET_STRING"/> |
| </command> |
| |
| <command source="client" code="0x02" name="CertificateChainRequest" response="CertificateChainResponse" optional="false"> |
| <description>Sender is requesting a device attestation certificate from the receiver.</description> |
| <arg name="CertificateType" type="INT8U"/> |
| <access op="invoke" privilege="administer"/> |
| </command> |
| |
| <command source="server" code="0x03" name="CertificateChainResponse" optional="false"> |
| <description>A device attestation certificate (DAC) or product attestation intermediate (PAI) certificate from the server.</description> |
| <arg name="Certificate" type="OCTET_STRING"/> |
| </command> |
| |
| <command source="client" code="0x04" name="CSRRequest" response="CSRResponse" optional="false"> |
| <description>Sender is requesting a certificate signing request (CSR) from the receiver.</description> |
| <arg name="CSRNonce" type="OCTET_STRING"/> |
| <arg name="IsForUpdateNOC" type="boolean" optional="true"/> |
| <access op="invoke" privilege="administer"/> |
| </command> |
| |
| <!-- TODO: Fix to match chip-spec:#3346 --> |
| <command source="server" code="0x05" name="CSRResponse" optional="false"> |
| <description>A certificate signing request (CSR) from the server.</description> |
| <arg name="NOCSRElements" type="OCTET_STRING"/> |
| <arg name="AttestationSignature" type="OCTET_STRING"/> |
| </command> |
| |
| <command source="client" code="0x06" name="AddNOC" response="NOCResponse" optional="false"> |
| <description>Sender is requesting to add the new node operational certificates.</description> |
| <arg name="NOCValue" type="OCTET_STRING"/> |
| <arg name="ICACValue" type="OCTET_STRING" optional="true"/> |
| <arg name="IPKValue" type="OCTET_STRING"/> |
| <arg name="CaseAdminSubject" type="Int64u"/> |
| <arg name="AdminVendorId" type="VENDOR_ID"/> |
| <access op="invoke" privilege="administer"/> |
| </command> |
| |
| <command source="client" code="0x07" name="UpdateNOC" response="NOCResponse" isFabricScoped="true" optional="false"> |
| <description>Sender is requesting to update the node operational certificates.</description> |
| <arg name="NOCValue" type="OCTET_STRING"/> |
| <arg name="ICACValue" type="OCTET_STRING" optional="true"/> |
| <access op="invoke" privilege="administer"/> |
| </command> |
| |
| <command source="server" code="0x08" name="NOCResponse" optional="false"> |
| <description>Response to AddNOC or UpdateNOC commands.</description> |
| <arg name="StatusCode" type="OperationalCertStatus"/> |
| <arg name="FabricIndex" type="fabric_idx" optional="true"/> |
| <arg name="DebugText" type="CHAR_STRING" optional="true"/> |
| </command> |
| |
| <command source="client" code="0x09" name="UpdateFabricLabel" response="NOCResponse" isFabricScoped="true" optional="false"> |
| <description>This command SHALL be used by an Administrative Node to set the user-visible Label field for a given Fabric, as reflected by entries in the Fabrics attribute.</description> |
| <arg name="Label" type="CHAR_STRING" length="32"/> |
| <access op="invoke" privilege="administer"/> |
| </command> |
| |
| <command source="client" code="0x0a" name="RemoveFabric" response="NOCResponse" optional="false"> |
| <description>This command is used by Administrative Nodes to remove a given fabric index and delete all associated fabric-scoped data.</description> |
| <arg name="FabricIndex" type="fabric_idx"/> |
| <access op="invoke" privilege="administer"/> |
| </command> |
| |
| <command source="client" code="0x0b" name="AddTrustedRootCertificate" optional="false"> |
| <description>This command SHALL add a Trusted Root CA Certificate, provided as its CHIP Certificate representation.</description> |
| <arg name="RootCertificate" type="OCTET_STRING"/> |
| <access op="invoke" privilege="administer"/> |
| </command> |
| </cluster> |
| </configurator> |