Implement VID Verification in OpCreds cluster (2/2) #38469
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add VVS/VVSC storage in PersistentStorageOpCertStore - Finished all attributes and commands in Opcreds cluster - Bumped Opcreds revision to 2 - Added all necessary testability features to matter_testing support for list subscriptions - NOTE: this includes project-chip#38445 temporarily until merged Testing done: - Integration tests through TC-OPCREDS-3.9 - More unit tests to follow, but coverage through TC-OPCREDS-3.9 is near exhaustive.
|
PR #38469: Size comparison from 7ecc28c to d258a5e Increases above 0.2%:
Full report (72 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
|
PR #38469: Size comparison from 56a0c43 to 3af1a87 Increases above 0.2%:
Full report (75 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
…to add-set-vid-verify-statement
|
PR #38469: Size comparison from 54ff531 to 1997d59 Increases above 0.2%:
Full report (75 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
- Fabric table was incorrectly read, which could lead to issues when the fabric table has more fields than before.
|
PR #38469: Size comparison from 54ff531 to f7d74a8 Increases above 0.2%:
Full report (75 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
swan-amazon
approved these changes
Apr 22, 2025
cecille
reviewed
Apr 22, 2025
src/app/clusters/operational-credentials-server/operational-credentials-server.cpp
Outdated
Show resolved
Hide resolved
src/app/clusters/operational-credentials-server/operational-credentials-server.cpp
Outdated
Show resolved
Hide resolved
src/app/clusters/operational-credentials-server/operational-credentials-server.cpp
Show resolved
Hide resolved
|
PR #38469: Size comparison from 54ff531 to 5f7f79c Increases above 0.2%:
Full report (75 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
cecille
reviewed
Apr 23, 2025
Contributor
cecille
left a comment
There was a problem hiding this comment.
if this is for OPCREDS-3.8, does the test do this part? * Ensure that only accessing fabric's VidVerificationStatement can be set/clear
src/python_testing/matter_testing_infrastructure/chip/testing/matter_testing.py
Show resolved
Hide resolved
cecille
approved these changes
Apr 23, 2025
|
PR #38469: Size comparison from 574cc67 to 5258cff Increases above 0.2%:
Full report (75 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
tcarmelveilleux
commented
Apr 23, 2025
tcarmelveilleux
commented
Apr 23, 2025
|
PR #38469: Size comparison from 574cc67 to 66dee3d Increases above 0.2%:
Full report (75 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
- The scripts did not factory reset properly so they were impacted by lack of hermeticity, causing a failure of CGEN-2.9 after unrelated master changes. - The method to find "commissioner's fabric" before some fabric removal was wrong in CGEN-2.9. Fixed the method to use CurrentFabricIndex
This reverts commit 66dee3d.
This reverts commit b188e36.
|
PR #38469: Size comparison from 1b5ddd2 to 300da1f Increases above 0.2%:
Full report (3 builds for cc32xx, stm32)
|
|
PR #38469: Size comparison from 1b5ddd2 to 0611d9b Increases above 0.2%:
Full report (75 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
|
| ReturnErrorOnFailure(BasicVidVerificationAssumptionsAreMet(fabricIndex)); | ||
| VerifyOrReturnError(vvsc.empty() || vvsc.size() <= Credentials::kMaxCHIPCertLength, CHIP_ERROR_INVALID_ARGUMENT); | ||
|
|
||
| // Can't try to set a VVSC if ICAC present. |
Contributor
There was a problem hiding this comment.
The API did not document that this is the responsibility of the callee to check.
In general, it would be nice if the cluster implementation could do these checks instead of every opcert store backend having to do them... Not sure how viable that is.
| ByteSpan vidVerificationStatement) | ||
| { | ||
| ReturnErrorOnFailure(BasicVidVerificationAssumptionsAreMet(fabricIndex)); | ||
| VerifyOrReturnError(vidVerificationStatement.empty() || |
Contributor
There was a problem hiding this comment.
Again, it would be nice if this size check were just in the cluster...
Contributor
Author
There was a problem hiding this comment.
I can do that for sure. I was trying to cover more unit tests in the opcerstore since the cluster is not unit testable yet, due to legacy design, but it has an integration test that may suffice.
| static StorageKeyName FabricNOC(FabricIndex fabric) { return StorageKeyName::Formatted("f/%x/n", fabric); } | ||
| static StorageKeyName FabricICAC(FabricIndex fabric) { return StorageKeyName::Formatted("f/%x/i", fabric); } | ||
| static StorageKeyName FabricRCAC(FabricIndex fabric) { return StorageKeyName::Formatted("f/%x/r", fabric); } | ||
| static StorageKeyName FabricVVSC(FabricIndex fabric) { return StorageKeyName::Formatted("f/%x/vvvc", fabric); } |
Contributor
There was a problem hiding this comment.
Why vvvc, not vvsc? Worth documenting if there is a good reason.
Contributor
Author
There was a problem hiding this comment.
It's a typo, will fix.
dsavitsky-dsr
pushed a commit
to popovdg/connectedhomeip
that referenced
this pull request
Apr 29, 2025
* Implement VID Verification in OpCreds cluster (2/2) - Add VVS/VVSC storage in PersistentStorageOpCertStore - Finished all attributes and commands in Opcreds cluster - Bumped Opcreds revision to 2 - Added all necessary testability features to matter_testing support for list subscriptions - NOTE: this includes project-chip#38445 temporarily until merged Testing done: - Integration tests through TC-OPCREDS-3.9 - More unit tests to follow, but coverage through TC-OPCREDS-3.9 is near exhaustive. * Restyled by clang-format * Restyled by autopep8 * Restyled by isort * Fix TC-CGEN-2.9 - Fabric table was incorrectly read, which could lead to issues when the fabric table has more fields than before. * Address review comments from cecille@ * Restyled by clang-format * Renamed TC-OPCREDS-3.9 to TC-OPCREDS-3.8 * Added comments to AttributeMatcher * Renamed test in TC_OPCREDS_3_8.py * Restyled by autopep8 * More logging in TC-CGEN-2.9 * Restyled by autopep8 * Restyled by isort * Add a verification against some node ID to diagnose CI * Restyled by clang-format * Fix hermeticity of TC-CGEN scripts in CI - The scripts did not factory reset properly so they were impacted by lack of hermeticity, causing a failure of CGEN-2.9 after unrelated master changes. - The method to find "commissioner's fabric" before some fabric removal was wrong in CGEN-2.9. Fixed the method to use CurrentFabricIndex * Add logging * Restyled by autopep8 * Revert "Restyled by clang-format" This reverts commit 66dee3d. * Revert "Add a verification against some node ID to diagnose CI" This reverts commit b188e36. * Use fix-cgen-2.9 * Update cgen --------- Co-authored-by: Restyled.io <[email protected]>
tcarmelveilleux
added a commit
to tcarmelveilleux/connectedhomeip
that referenced
this pull request
Apr 30, 2025
- Apply follow-ups requested by @bzbarsky-apple in project-chip#38469: - Fix vvvc/vvsc persisten storage key typo - Move the burden of ICAC/VVSC interlock to Fabric table - Document why Fabrics attribute is always reported after VVS/VVSC are touched during fail-safe - Fix documentation of classes to match above. - Minor fix of UpdateNOC handling when VVS/VVSC is involved Testing done: - Added exhaustive cases of fail-safe handling for VVS/VVSC to TestFabricTable.
mergify bot
pushed a commit
that referenced
this pull request
May 2, 2025
* Small bugfix and test improvements for VID Verification - Apply follow-ups requested by @bzbarsky-apple in #38469: - Fix vvvc/vvsc persisten storage key typo - Move the burden of ICAC/VVSC interlock to Fabric table - Document why Fabrics attribute is always reported after VVS/VVSC are touched during fail-safe - Fix documentation of classes to match above. - Minor fix of UpdateNOC handling when VVS/VVSC is involved Testing done: - Added exhaustive cases of fail-safe handling for VVS/VVSC to TestFabricTable. * Restyled by whitespace * Restyled by clang-format * Add more coverage for storage usage * Minor comment fix * Restyled by whitespace * Restyled by clang-format * Apply suggestions from code review Co-authored-by: C Freeman <[email protected]> * Address review comments for VVS/VVSC tests * Restyled by clang-format --------- Co-authored-by: Restyled.io <[email protected]> Co-authored-by: C Freeman <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
for list subscriptions
Testing
exhaustive.