minor changes (mainly review rework of Constructor/Deconstructor) and

include generated zap files. coauthor -- clang format
project-chip · Sep 11, 2021 · adb5725 · adb5725
1 parent 38454ea
commit adb5725
Show file tree

Hide file tree

Showing 21 changed files with 623 additions and 65 deletions.
diff --git a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp
@@ -502,9 +502,6 @@ bool emberAfOperationalCredentialsClusterAttestationRequestCallback(EndpointId e
     VerifyOrExit(attestationNonce.size() == 32, status = EMBER_ZCL_STATUS_FAILURE);
 
     {
-        uint16_t vendorId   = 0xFFF1;
-        uint16_t profileNum = 0x003E;
-        std::vector<ByteSpan> vendorReserved;
         uint8_t certDeclBuf[512];
         MutableByteSpan certDeclSpan(certDeclBuf);
 
@@ -514,8 +511,8 @@ bool emberAfOperationalCredentialsClusterAttestationRequestCallback(EndpointId e
         VerifyOrExit(attestationElements.Alloc(attestationElementsLen), err = CHIP_ERROR_NO_MEMORY);
 
         MutableByteSpan attestationElementsSpan(attestationElements.Get(), attestationElementsLen);
-        SuccessOrExit(err = Credentials::ConstructAttestationElements(certDeclSpan, attestationNonce, 0, ByteSpan(), vendorReserved,
-                                                                      vendorId, profileNum, attestationElementsSpan));
+        SuccessOrExit(err = Credentials::ConstructAttestationElements(certDeclSpan, attestationNonce, 0, ByteSpan(), nullptr, 0, 0,
+                                                                      0, attestationElementsSpan));
         attestationElementsLen = attestationElementsSpan.size();
     }
 

diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp
@@ -752,12 +752,12 @@ CHIP_ERROR DeviceCommissioner::Init(CommissionerInitParams params)
     mUdcTransportMgr = chip::Platform::New<DeviceTransportMgr>();
     ReturnErrorOnFailure(mUdcTransportMgr->Init(Transport::UdpListenParameters(mInetLayer)
                                                     .SetAddressType(Inet::kIPAddressType_IPv6)
-                                                    .SetListenPort((uint16_t) (mUdcListenPort))
+                                                    .SetListenPort((uint16_t)(mUdcListenPort))
 #if INET_CONFIG_ENABLE_IPV4
                                                     ,
                                                 Transport::UdpListenParameters(mInetLayer)
                                                     .SetAddressType(Inet::kIPAddressType_IPv4)
-                                                    .SetListenPort((uint16_t) (mUdcListenPort))
+                                                    .SetListenPort((uint16_t)(mUdcListenPort))
 #endif // INET_CONFIG_ENABLE_IPV4
 #if CONFIG_NETWORK_LAYER_BLE
                                                     ,

diff --git a/src/credentials/BUILD.gn b/src/credentials/BUILD.gn
@@ -25,8 +25,8 @@ static_library("credentials") {
     "CHIPCertToX509.cpp",
     "CHIPOperationalCredentials.cpp",
     "CHIPOperationalCredentials.h",
+    "DeviceAttestationConstructor.cpp",
     "DeviceAttestationConstructor.h",
-    "DeviceAttestationConstructor.cpp", 
     "DeviceAttestationCredsProvider.cpp",
     "DeviceAttestationCredsProvider.h",
     "DeviceAttestationVerifier.cpp",

diff --git a/src/credentials/DeviceAttestationConstructor.cpp b/src/credentials/DeviceAttestationConstructor.cpp
@@ -28,64 +28,57 @@ namespace Credentials {
 // context tag positions
 enum
 {
-    CERTIFICATION_DECLARATION = 1,
-    ATTESTATION_NONCE         = 2,
-    TIMESTAMP                 = 3,
-    FIRMWARE_INFO             = 4,
-    NUMBER_OF_VALID_TAGS      = FIRMWARE_INFO,
+    kCertificationDeclarationTagId = 1,
+    kAttestationNonceTagId         = 2,
+    kTimestampTagId                = 3,
+    kFirmwareInfoTagId             = 4,
 };
 
 CHIP_ERROR DeconstructAttestationElements(const ByteSpan & attestationElements, ByteSpan & certificationDeclaration,
                                           ByteSpan & attestationNonce, uint32_t & timestamp, ByteSpan & firmwareInfo,
-                                          std::vector<ByteSpan> & vendorReserved, uint16_t & vendorId, uint16_t & profileNum)
+                                          ByteSpan * vendorReservedArray, size_t vendorReservedArraySize, uint16_t & vendorId,
+                                          uint16_t & profileNum)
 {
-    CHIP_ERROR error                         = CHIP_NO_ERROR;
-    uint32_t currentDecodeTagId              = 0;
-    bool argExists[NUMBER_OF_VALID_TAGS + 1] = { false }; // the 0 element is not used so it aligns with tag numbers
+    bool certificationDeclarationExists = false;
+    bool attestationNonceExists         = false;
+    bool timestampExists                = false;
+    bool firmwareInfoExists             = false;
+    size_t vendorReservedIdx            = 0;
     TLV::TLVReader tlvReader;
     TLV::TLVType containerType = TLV::kTLVType_Structure;
 
-    vendorReserved.clear();
-
     tlvReader.Init(attestationElements.data(), static_cast<uint32_t>(attestationElements.size()));
     ReturnErrorOnFailure(tlvReader.Next(containerType, TLV::AnonymousTag));
     ReturnErrorOnFailure(tlvReader.EnterContainer(containerType));
 
+    CHIP_ERROR error = CHIP_NO_ERROR;
     while ((error = tlvReader.Next()) == CHIP_NO_ERROR)
     {
-        uint64_t tag;
-        tag = tlvReader.GetTag();
-
-        currentDecodeTagId = TLV::TagNumFromTag(tag);
-        VerifyOrReturnError(currentDecodeTagId != 0, CHIP_ERROR_INVALID_TLV_TAG);
+        uint64_t tag = tlvReader.GetTag();
 
         if (TLV::IsContextTag(tag))
         {
-            VerifyOrReturnError(currentDecodeTagId <= NUMBER_OF_VALID_TAGS, CHIP_ERROR_INVALID_TLV_TAG);
-
-            if (argExists[currentDecodeTagId])
-            {
-                ChipLogProgress(Zcl, "Duplicate TLV tag %" PRIx32, TLV::TagNumFromTag(tag));
-                return CHIP_ERROR_IM_MALFORMED_COMMAND_DATA_ELEMENT;
-            }
-            else
-            {
-                argExists[currentDecodeTagId] = true;
-            }
-
-            switch (currentDecodeTagId)
+            switch (TLV::TagNumFromTag(tag))
             {
-            case CERTIFICATION_DECLARATION:
+            case kCertificationDeclarationTagId:
+                VerifyOrReturnError(certificationDeclarationExists == false, CHIP_ERROR_IM_MALFORMED_COMMAND_DATA_ELEMENT);
                 ReturnErrorOnFailure(tlvReader.Get(certificationDeclaration));
+                certificationDeclarationExists = true;
                 break;
-            case ATTESTATION_NONCE:
+            case kAttestationNonceTagId:
+                VerifyOrReturnError(attestationNonceExists == false, CHIP_ERROR_IM_MALFORMED_COMMAND_DATA_ELEMENT);
                 ReturnErrorOnFailure(tlvReader.Get(attestationNonce));
+                attestationNonceExists = true;
                 break;
-            case TIMESTAMP:
+            case kTimestampTagId:
+                VerifyOrReturnError(timestampExists == false, CHIP_ERROR_IM_MALFORMED_COMMAND_DATA_ELEMENT);
                 ReturnErrorOnFailure(tlvReader.Get(timestamp));
+                timestampExists = true;
                 break;
-            case FIRMWARE_INFO:
+            case kFirmwareInfoTagId:
+                VerifyOrReturnError(firmwareInfoExists == false, CHIP_ERROR_IM_MALFORMED_COMMAND_DATA_ELEMENT);
                 ReturnErrorOnFailure(tlvReader.Get(firmwareInfo));
+                firmwareInfoExists = true;
                 break;
             default:
                 return CHIP_ERROR_IM_MALFORMED_COMMAND_DATA_ELEMENT;
@@ -100,7 +93,7 @@ CHIP_ERROR DeconstructAttestationElements(const ByteSpan & attestationElements,
 
             currentVendorId   = TLV::VendorIdFromTag(tag);
             currentProfileNum = TLV::ProfileNumFromTag(tag);
-            if (false == seenProfile)
+            if (!seenProfile)
             {
                 seenProfile = true;
                 vendorId    = currentVendorId;
@@ -115,7 +108,8 @@ CHIP_ERROR DeconstructAttestationElements(const ByteSpan & attestationElements,
 
             ByteSpan vendorReservedEntry;
             ReturnErrorOnFailure(tlvReader.Get(vendorReservedEntry));
-            vendorReserved.push_back(vendorReservedEntry);
+            VerifyOrReturnError(vendorReservedIdx < vendorReservedArraySize, CHIP_ERROR_NO_MEMORY);
+            vendorReservedArray[vendorReservedIdx++] = vendorReservedEntry;
         }
         else
         {
@@ -124,21 +118,26 @@ CHIP_ERROR DeconstructAttestationElements(const ByteSpan & attestationElements,
     }
 
     VerifyOrReturnError(error == CHIP_END_OF_TLV, error);
-    VerifyOrReturnError(argExists[CERTIFICATION_DECLARATION] && argExists[ATTESTATION_NONCE] && argExists[TIMESTAMP],
+    VerifyOrReturnError(certificationDeclarationExists && attestationNonceExists && timestampExists,
                         CHIP_ERROR_MISSING_TLV_ELEMENT);
 
     return CHIP_NO_ERROR;
 }
 
 CHIP_ERROR ConstructAttestationElements(const ByteSpan & certificationDeclaration, const ByteSpan & attestationNonce,
-                                        uint32_t timestamp, const ByteSpan & firmwareInfo, std::vector<ByteSpan> & vendorReserved,
-                                        uint16_t vendorId, uint16_t profileNum, MutableByteSpan & attestationElements)
+                                        uint32_t timestamp, const ByteSpan & firmwareInfo, ByteSpan * vendorReservedArray,
+                                        size_t vendorReservedArraySize, uint16_t vendorId, uint16_t profileNum,
+                                        MutableByteSpan & attestationElements)
 {
     TLV::TLVWriter tlvWriter;
     TLV::TLVType outerContainerType = TLV::kTLVType_NotSpecified;
 
     VerifyOrReturnError(!certificationDeclaration.empty() && !attestationNonce.empty(), CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(attestationNonce.size() == 32, CHIP_ERROR_INVALID_MESSAGE_LENGTH);
+    if (vendorReservedArraySize != 0)
+    {
+        VerifyOrReturnError(vendorReservedArray != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
+    }
 
     tlvWriter.Init(attestationElements.data(), static_cast<uint32_t>(attestationElements.size()));
     outerContainerType = TLV::kTLVType_NotSpecified;
@@ -152,11 +151,12 @@ CHIP_ERROR ConstructAttestationElements(const ByteSpan & certificationDeclaratio
     }
 
     uint8_t vendorTagNum = 1;
-    for (auto & vendorItem : vendorReserved)
+    for (size_t vendorReservedIdx = 0; vendorReservedIdx < vendorReservedArraySize; ++vendorReservedIdx)
     {
-        if (!vendorItem.empty())
+        if (!vendorReservedArray[vendorReservedIdx].empty())
         {
-            ReturnErrorOnFailure(tlvWriter.Put(TLV::ProfileTag(vendorId, profileNum, vendorTagNum), vendorItem));
+            ReturnErrorOnFailure(
+                tlvWriter.Put(TLV::ProfileTag(vendorId, profileNum, vendorTagNum), vendorReservedArray[vendorReservedIdx]));
         }
         vendorTagNum++;
     }

diff --git a/src/credentials/DeviceAttestationConstructor.h b/src/credentials/DeviceAttestationConstructor.h
@@ -27,18 +27,20 @@ namespace Credentials {
 /**
  *  @brief Take the attestation elements buffer and return each component seperately.
  *
- *  @param[in]  attestationElements Buffer containg source of attestion
- *  @param[out] certificationDeclaration
- *  @param[out] attestationNonce
- *  @param[out] timestamp
- *  @param[out] firmwareInfo
- *  @param[out] vendorReserved elements
- *  @param[out] vendorId (from vendor reserved elements)
- *  @param[out] profileNum (from vendor reserved elements)
+ *  @param[in]    attestationElements Buffer containg source of attestion
+ *  @param[out]   certificationDeclaration
+ *  @param[out]   attestationNonce
+ *  @param[out]   timestamp
+ *  @param[out]   firmwareInfo
+ *  @param[out]   vendorReservedArray
+ *  @param[inout] vendorReservedArraySize
+ *  @param[out]   vendorId (from vendor reserved elements)
+ *  @param[out]   profileNum (from vendor reserved elements)
  */
 CHIP_ERROR DeconstructAttestationElements(const ByteSpan & attestationElements, ByteSpan & certificationDeclaration,
                                           ByteSpan & attestationNonce, uint32_t & timestamp, ByteSpan & firmwareInfo,
-                                          std::vector<ByteSpan> & vendorReserved, uint16_t & vendorId, uint16_t & profileNum);
+                                          ByteSpan * vendorReservedArray, size_t vendorReservedArraySize, uint16_t & vendorId,
+                                          uint16_t & profileNum);
 
 /**
  *  @brief Take each component separately and form the Attestation Elements buffer.
@@ -47,15 +49,17 @@ CHIP_ERROR DeconstructAttestationElements(const ByteSpan & attestationElements,
  *  @param[in]  attestationNonce
  *  @param[in]  timestamp
  *  @param[in]  firmwareInfo
- *  @param[in]  vendorReserved elements
+ *  @param[in]  vendorReservedArray
+ *  @param[in]  vendorReservedArraySize
  *  @param[in]  vendorId (from vendor reserved elements)
  *  @param[in]  profileNum (from vendor reserved elements)
  *  @param[out] attestationElements Buffer containg source of attestion
  */
 
 CHIP_ERROR ConstructAttestationElements(const ByteSpan & certificationDeclaration, const ByteSpan & attestationNonce,
-                                        uint32_t timestamp, const ByteSpan & firmwareInfo, std::vector<ByteSpan> & vendorReserved,
-                                        uint16_t vendorId, uint16_t profileNum, MutableByteSpan & attestationElements);
+                                        uint32_t timestamp, const ByteSpan & firmwareInfo, ByteSpan * vendorReservedArray,
+                                        size_t vendorReservedArraySize, uint16_t vendorId, uint16_t profileNum,
+                                        MutableByteSpan & attestationElements);
 
 } // namespace Credentials
 } // namespace chip
diff --git a/src/credentials/examples/DeviceAttestationVerifierExample.cpp b/src/credentials/examples/DeviceAttestationVerifierExample.cpp
@@ -203,12 +203,13 @@ AttestationVerificationResult ExampleDACVerifier::VerifyAttestationInformation(c
     ByteSpan attestationNonceSpan;
     uint32_t timestampDeconstructed;
     ByteSpan firmwareInfoSpan;
-    std::vector<ByteSpan> vendorReservedDeconstructed;
+    ByteSpan vendorReservedDeconstructed[2];
     uint16_t vendorIdDeconstructed;
     uint16_t profileNumDeconstructed;
     VerifyOrReturnError(DeconstructAttestationElements(attestationInfoBuffer, certificationDeclarationSpan, attestationNonceSpan,
                                                        timestampDeconstructed, firmwareInfoSpan, vendorReservedDeconstructed,
-                                                       vendorIdDeconstructed, profileNumDeconstructed) == CHIP_NO_ERROR,
+                                                       ArraySize(vendorReservedDeconstructed), vendorIdDeconstructed,
+                                                       profileNumDeconstructed) == CHIP_NO_ERROR,
                         AttestationVerificationResult::kAttestationElementsMalformed);
 
     // Verify that Nonce matches with what we sent

diff --git a/zzz_generated/app-common/app-common/zap-generated/callback.h b/zzz_generated/app-common/app-common/zap-generated/callback.h
diff --git a/zzz_generated/app-common/app-common/zap-generated/client-command-macro.h b/zzz_generated/app-common/app-common/zap-generated/client-command-macro.h
diff --git a/zzz_generated/app-common/app-common/zap-generated/command-id.h b/zzz_generated/app-common/app-common/zap-generated/command-id.h