Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick TC-RR-1.1 (and dependencies) in SVE2 branch #22076

Closed
wants to merge 3 commits into from
Closed

Cherry-pick TC-RR-1.1 (and dependencies) in SVE2 branch #22076

wants to merge 3 commits into from

Commits on Aug 22, 2022

  1. CertificateAuthority + Manager support in Python (project-chip#21981) 

    * CertificateAuthority + Manager support in Python

This shifts the logic in the existing FabricAdmin that manages a given
Root CA to its own CertificateAuthority class. This now permits a more
spec-aligned structure that has a CertificateAuthorityManager that
manages a set of CertificateAuthority instances, each associated with a
single Root PK. Each of those manages a list of FabricAdmins
adminstering a fabric within that CA, which in turn manage a list of
ChipDeviceController instances within that fabric.

These now permit passing in separate PersistentStorage instances so that
it is more flexible/easier to sand-box each CA's storage constructs,
which makes it easier to integrate with chip-tool's INI files.

The PersistentStorage construct has been updated to permit both storage
to file as well as just a 'soft' cache.

* Review feedback
    @mrjerryjohns @tcarmelveilleux
    mrjerryjohns authored and tcarmelveilleux committed Aug 22, 2022
    Configuration menu
    Copy the full SHA
    49eeb9b View commit details
    Browse the repository at this point in the history

  2. Python CAT Value support for Controllers (project-chip#22019) 

    * Python CAT Value support for Controllers

* Review feedback
    @mrjerryjohns @tcarmelveilleux
    mrjerryjohns authored and tcarmelveilleux committed Aug 22, 2022
    Configuration menu
    Copy the full SHA
    756cea0 View commit details
    Browse the repository at this point in the history

  3. Introduce initial TC-RR-1.1 (project-chip#22032) 

    * Introduce initial TC-RR-1.1

- TC-RR-1.1 is a critical test to validate multi-fabric
  behavior is stable and actually works. The test, broadly,
  validates most of the minimas of the core elements of the spec,
  including ACL entries, certificate sizes, number of CASE
  sessions and subscriptions, number of paths, etc.

Issue project-chip#21736

- This PR introduces the core test and all associated minor
  changes to infrastructure to make it work.
- Still TODO:
  - More extensive cert size maximization (closer to 400 TLV bytes)
  - Add controller and commissionee CAT tags (test is 95% equivalent
    to test plan, but a couple ACL fields differ because of this, in
    ways that don't detract from proving what needs proving
  - Validation that local/peer session IDs have not changed. This is
    not technically needed with the SDK as-is based on the methodology
    but it would future-proof the test against some future optimizations
    that may change subscription behavior in a way that the test would
    not validate CASE sessions remain.
  - Clean-up more after the test, so that a factory reset before/after
    is not needed.

Testing done:
- Passes on Linux against all-clusters, all-clusters-minimal and
  lighting app, with both minimal mdns and Avahi.
- Passes on some other platforms (not named here)

To run within SDK (from scratch: the build steps can be skipped thereafter):

- In one terminal:
  - Build chip-lighting-app linux
  - `clear && rm -f kvs1 && out/debug/standalone/chip-lighting-app --discriminator 1234 --KVS kvs1 --trace_decode 1`

- In another terminal:
  - Build
    - `rm -rf out/python*`
    - `scripts/build_python.sh -m platform -i separate`
  - Run
    - `source ./out/python_env/bin/activate`
    - `python3 src/python_testing/TC_RR_1_1.py --commissioning-method on-network --long-discriminator 1234 --passcode 20202021`
      - Add `--bool-arg skip_user_label_cluster_steps:true` to the end of the command line
        if your DUT has broken UserLabel clusters (but if you have those, fix them :)

* More work towards CAT tags

* Address review comments

* Fixed CAT tag testing

* Update src/controller/python/chip/utils/CommissioningBuildingBlocks.py

Co-authored-by: Jerry Johns <johnsj@google.com>
    @tcarmelveilleux @mrjerryjohns
    tcarmelveilleux and mrjerryjohns committed Aug 22, 2022
    Configuration menu
    Copy the full SHA
    cb23aaa View commit details
    Browse the repository at this point in the history