diff --git a/.github/.wordlist.txt b/.github/.wordlist.txt index dcf58ac5b08236..da19c93eaf202a 100644 --- a/.github/.wordlist.txt +++ b/.github/.wordlist.txt @@ -879,6 +879,7 @@ nongnu nordicsemi NotAvailable notValue +npm nRF nrfconnect nrfdks diff --git a/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter b/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter index 16eca56f80a1b7..4a7b6386ddf2e3 100644 --- a/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter +++ b/examples/all-clusters-app/all-clusters-common/all-clusters-app.matter @@ -2498,6 +2498,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -2544,7 +2545,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/bridge-app/bridge-common/bridge-app.matter b/examples/bridge-app/bridge-common/bridge-app.matter index 1f7ce69cb038dd..6aa76455fde40a 100644 --- a/examples/bridge-app/bridge-common/bridge-app.matter +++ b/examples/bridge-app/bridge-common/bridge-app.matter @@ -726,6 +726,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -772,7 +773,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/light-switch-app/light-switch-common/light-switch-app.matter b/examples/light-switch-app/light-switch-common/light-switch-app.matter index 1c7012fd25b73f..5faf93fec4674d 100644 --- a/examples/light-switch-app/light-switch-common/light-switch-app.matter +++ b/examples/light-switch-app/light-switch-common/light-switch-app.matter @@ -1160,6 +1160,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1206,7 +1207,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/lighting-app/lighting-common/lighting-app.matter b/examples/lighting-app/lighting-common/lighting-app.matter index e9be0c6640002f..68c3d9a4b98bcd 100644 --- a/examples/lighting-app/lighting-common/lighting-app.matter +++ b/examples/lighting-app/lighting-common/lighting-app.matter @@ -1250,6 +1250,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1296,7 +1297,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/lock-app/lock-common/lock-app.matter b/examples/lock-app/lock-common/lock-app.matter index e60c6e0cc09767..701522a7f47a52 100644 --- a/examples/lock-app/lock-common/lock-app.matter +++ b/examples/lock-app/lock-common/lock-app.matter @@ -1387,6 +1387,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1433,7 +1434,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/log-source-app/log-source-common/log-source-app.matter b/examples/log-source-app/log-source-common/log-source-app.matter index 41e3b2295736da..df17eea7ca6ce4 100644 --- a/examples/log-source-app/log-source-common/log-source-app.matter +++ b/examples/log-source-app/log-source-common/log-source-app.matter @@ -315,6 +315,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -353,7 +354,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/ota-provider-app/ota-provider-common/ota-provider-app.matter b/examples/ota-provider-app/ota-provider-common/ota-provider-app.matter index 848319ce2e7725..7838f5889af2ff 100644 --- a/examples/ota-provider-app/ota-provider-common/ota-provider-app.matter +++ b/examples/ota-provider-app/ota-provider-common/ota-provider-app.matter @@ -461,6 +461,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -507,7 +508,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/ota-requestor-app/ota-requestor-common/ota-requestor-app.matter b/examples/ota-requestor-app/ota-requestor-common/ota-requestor-app.matter index 650331e4bcdb22..ccbd4f72e730ef 100644 --- a/examples/ota-requestor-app/ota-requestor-common/ota-requestor-app.matter +++ b/examples/ota-requestor-app/ota-requestor-common/ota-requestor-app.matter @@ -500,6 +500,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -546,7 +547,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/placeholder/linux/apps/app1/config.matter b/examples/placeholder/linux/apps/app1/config.matter index 4025109d541cf2..282b3c71d08d8c 100644 --- a/examples/placeholder/linux/apps/app1/config.matter +++ b/examples/placeholder/linux/apps/app1/config.matter @@ -1540,6 +1540,7 @@ client cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1579,7 +1580,7 @@ client cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } @@ -1623,6 +1624,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1662,7 +1664,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/placeholder/linux/apps/app2/config.matter b/examples/placeholder/linux/apps/app2/config.matter index 4025109d541cf2..282b3c71d08d8c 100644 --- a/examples/placeholder/linux/apps/app2/config.matter +++ b/examples/placeholder/linux/apps/app2/config.matter @@ -1540,6 +1540,7 @@ client cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1579,7 +1580,7 @@ client cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } @@ -1623,6 +1624,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1662,7 +1664,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/pump-app/pump-common/pump-app.matter b/examples/pump-app/pump-common/pump-app.matter index 2f223d56cc141c..ece3562ef5f076 100644 --- a/examples/pump-app/pump-common/pump-app.matter +++ b/examples/pump-app/pump-common/pump-app.matter @@ -970,6 +970,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1016,7 +1017,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/pump-controller-app/pump-controller-common/pump-controller-app.matter b/examples/pump-controller-app/pump-controller-common/pump-controller-app.matter index 80bd05ca663bc1..8f16e834cdeaee 100644 --- a/examples/pump-controller-app/pump-controller-common/pump-controller-app.matter +++ b/examples/pump-controller-app/pump-controller-common/pump-controller-app.matter @@ -856,6 +856,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -902,7 +903,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/temperature-measurement-app/esp32/main/temperature-measurement.matter b/examples/temperature-measurement-app/esp32/main/temperature-measurement.matter index d0c19c463b3cdf..8cc6a8fcb827d4 100644 --- a/examples/temperature-measurement-app/esp32/main/temperature-measurement.matter +++ b/examples/temperature-measurement-app/esp32/main/temperature-measurement.matter @@ -524,6 +524,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -570,7 +571,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/thermostat/thermostat-common/thermostat.matter b/examples/thermostat/thermostat-common/thermostat.matter index 562aa8c03ebbec..69490d4cfa3f61 100644 --- a/examples/thermostat/thermostat-common/thermostat.matter +++ b/examples/thermostat/thermostat-common/thermostat.matter @@ -761,6 +761,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -807,7 +808,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/tv-app/tv-common/tv-app.matter b/examples/tv-app/tv-common/tv-app.matter index 73da3b4d128990..e1e00c653e60a5 100644 --- a/examples/tv-app/tv-common/tv-app.matter +++ b/examples/tv-app/tv-common/tv-app.matter @@ -1499,6 +1499,7 @@ client cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1545,7 +1546,7 @@ client cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } @@ -1598,6 +1599,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1644,7 +1646,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter b/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter index acd364b3e8f50c..710a6fde3e5d38 100644 --- a/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter +++ b/examples/tv-casting-app/tv-casting-common/tv-casting-app.matter @@ -1554,6 +1554,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -1600,7 +1601,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/examples/window-app/common/window-app.matter b/examples/window-app/common/window-app.matter index 28166b8d99580e..9de5a5df57e516 100644 --- a/examples/window-app/common/window-app.matter +++ b/examples/window-app/common/window-app.matter @@ -822,6 +822,7 @@ server cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -871,7 +872,7 @@ server cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp index ca2a005ea89079..bf3788f7c59f4d 100644 --- a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp +++ b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp @@ -73,8 +73,15 @@ constexpr uint8_t kDACCertificate = 1; constexpr uint8_t kPAICertificate = 2; CHIP_ERROR CreateAccessControlEntryForNewFabricAdministrator(const Access::SubjectDescriptor & subjectDescriptor, - FabricIndex fabricIndex, NodeId subject) + FabricIndex fabricIndex, uint64_t subject) { + NodeId subjectAsNodeID = static_cast(subject); + + if (!IsOperationalNodeId(subjectAsNodeID) && !IsCASEAuthTag(subjectAsNodeID)) + { + return CHIP_ERROR_INVALID_ADMIN_SUBJECT; + } + Access::AccessControl::Entry entry; ReturnErrorOnFailure(Access::GetAccessControl().PrepareEntry(entry)); ReturnErrorOnFailure(entry.SetFabricIndex(fabricIndex)); @@ -607,6 +614,14 @@ OperationalCertStatus ConvertToNOCResponseStatus(CHIP_ERROR err) { return OperationalCertStatus::kInvalidFabricIndex; } + if (err == CHIP_ERROR_INVALID_ADMIN_SUBJECT) + { + return OperationalCertStatus::kInvalidAdminSubject; + } + if (err == CHIP_ERROR_INSUFFICIENT_PRIVILEGE) + { + return OperationalCertStatus::kInsufficientPrivilege; + } return OperationalCertStatus::kInvalidNOC; } @@ -624,13 +639,15 @@ bool emberAfOperationalCredentialsClusterAddNOCCallback(app::CommandHandler * co auto & ipkValue = commandData.IPKValue; auto * groupDataProvider = Credentials::GetGroupDataProvider(); auto nocResponse = OperationalCertStatus::kSuccess; + auto nonDefaultStatus = Status::Success; CHIP_ERROR err = CHIP_NO_ERROR; FabricIndex fabricIndex = 0; Credentials::GroupDataProvider::KeySet keyset; FabricInfo * newFabricInfo = nullptr; - auto * secureSession = commandObj->GetExchangeContext()->GetSessionHandle()->AsSecureSession(); + auto * secureSession = commandObj->GetExchangeContext()->GetSessionHandle()->AsSecureSession(); + FailSafeContext & failSafeContext = DeviceControlServer::DeviceControlSvr().GetFailSafeContext(); uint8_t compressed_fabric_id_buffer[sizeof(uint64_t)]; MutableByteSpan compressed_fabric_id(compressed_fabric_id_buffer); @@ -643,19 +660,16 @@ bool emberAfOperationalCredentialsClusterAddNOCCallback(app::CommandHandler * co return true; } - FailSafeContext & failSafeContext = DeviceControlServer::DeviceControlSvr().GetFailSafeContext(); + VerifyOrExit(NOCValue.size() <= 400, nonDefaultStatus = Status::InvalidCommand); - if (!failSafeContext.IsFailSafeArmed(commandObj->GetAccessingFabricIndex())) - { - LogErrorOnFailure(commandObj->AddStatus(commandPath, Status::UnsupportedAccess)); - return true; - } + VerifyOrExit(!ICACValue.HasValue() || ICACValue.Value().size() <= 400, nonDefaultStatus = Status::InvalidCommand); - if (failSafeContext.NocCommandHasBeenInvoked()) - { - LogErrorOnFailure(commandObj->AddStatus(commandPath, Status::ConstraintError)); - return true; - } + VerifyOrExit(ipkValue.size() == Crypto::CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES, nonDefaultStatus = Status::InvalidCommand); + + VerifyOrExit(failSafeContext.IsFailSafeArmed(commandObj->GetAccessingFabricIndex()), + nonDefaultStatus = Status::UnsupportedAccess); + + VerifyOrExit(!failSafeContext.NocCommandHasBeenInvoked(), nonDefaultStatus = Status::ConstraintError); err = gFabricBeingCommissioned.SetNOCCert(NOCValue); VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err)); @@ -668,19 +682,7 @@ bool emberAfOperationalCredentialsClusterAddNOCCallback(app::CommandHandler * co err = Server::GetInstance().GetFabricTable().AddNewFabric(gFabricBeingCommissioned, &fabricIndex); VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err)); - // The Fabric Index associated with the armed fail-safe context SHALL be updated to match the Fabric - // Index just allocated. - err = failSafeContext.SetAddNocCommandInvoked(fabricIndex); - if (err != CHIP_NO_ERROR) - { - Server::GetInstance().GetFabricTable().Delete(fabricIndex); - nocResponse = ConvertToNOCResponseStatus(err); - SuccessOrExit(err); - } - // Set the Identity Protection Key (IPK) - VerifyOrExit(ipkValue.size() == Crypto::CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES, - nocResponse = ConvertToNOCResponseStatus(CHIP_ERROR_INVALID_ARGUMENT)); // The IPK SHALL be the operational group key under GroupKeySetID of 0 keyset.keyset_id = Credentials::GroupDataProvider::kIdentityProtectionKeySetId; keyset.policy = GroupKeyManagement::GroupKeySecurityPolicy::kTrustFirst; @@ -704,7 +706,7 @@ bool emberAfOperationalCredentialsClusterAddNOCCallback(app::CommandHandler * co * . If the current secure session was established with CASE, subsequent configuration * of the newly installed Fabric requires the opening of a new CASE session from the * Administrator from the Fabric just installed. This Administrator is the one listed - * in the `CaseAdminNode` argument. + * in the `caseAdminSubject` argument. * */ if (secureSession->GetSecureSessionType() == SecureSession::Type::kPASE) @@ -716,25 +718,45 @@ bool emberAfOperationalCredentialsClusterAddNOCCallback(app::CommandHandler * co // Creating the initial ACL must occur after the PASE session has adopted the fabric index // (see above) so that the concomitant event, which is fabric scoped, is properly handled. err = CreateAccessControlEntryForNewFabricAdministrator(commandObj->GetSubjectDescriptor(), fabricIndex, - commandData.caseAdminNode); + commandData.caseAdminSubject); VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err)); + // The Fabric Index associated with the armed fail-safe context SHALL be updated to match the Fabric + // Index just allocated. + err = failSafeContext.SetAddNocCommandInvoked(fabricIndex); + if (err != CHIP_NO_ERROR) + { + Server::GetInstance().GetFabricTable().Delete(fabricIndex); + nocResponse = ConvertToNOCResponseStatus(err); + SuccessOrExit(err); + } + // We might have a new operational identity, so we should start advertising it right away. app::DnssdServer::Instance().AdvertiseOperational(); exit: - gFabricBeingCommissioned.Reset(); - SendNOCResponse(commandObj, commandPath, nocResponse, fabricIndex, CharSpan()); - - if (nocResponse != OperationalCertStatus::kSuccess) + // We have an NOC response + if (nonDefaultStatus == Status::Success) { - ChipLogError(Zcl, "OpCreds: Failed AddNOC request (err=%" CHIP_ERROR_FORMAT "). Status %d", err.Format(), - to_underlying(nocResponse)); + SendNOCResponse(commandObj, commandPath, nocResponse, fabricIndex, CharSpan()); + // Failed to add NOC + if (nocResponse != OperationalCertStatus::kSuccess) + { + ChipLogError(Zcl, "OpCreds: Failed AddNOC request (err=%" CHIP_ERROR_FORMAT ") with OperationalCert error %d", + err.Format(), to_underlying(nocResponse)); + } + // Success + else + { + ChipLogProgress(Zcl, "OpCreds: successfully created fabric index 0x%x via AddNOC", static_cast(fabricIndex)); + } } + // No NOC response - Failed constraints else { - ChipLogProgress(Zcl, "OpCreds: successfully created fabric index 0x%x via AddNOC", static_cast(fabricIndex)); + commandObj->AddStatus(commandPath, nonDefaultStatus); + ChipLogError(Zcl, "OpCreds: Failed AddNOC request with IM error 0x%02u", to_underlying(nonDefaultStatus)); } return true; @@ -748,7 +770,8 @@ bool emberAfOperationalCredentialsClusterUpdateNOCCallback(app::CommandHandler * auto & NOCValue = commandData.NOCValue; auto & ICACValue = commandData.ICACValue; - auto nocResponse = OperationalCertStatus::kSuccess; + auto nocResponse = OperationalCertStatus::kSuccess; + auto nonDefaultStatus = Status::Success; CHIP_ERROR err = CHIP_NO_ERROR; FabricIndex fabricIndex = 0; @@ -757,25 +780,19 @@ bool emberAfOperationalCredentialsClusterUpdateNOCCallback(app::CommandHandler * FailSafeContext & failSafeContext = DeviceControlServer::DeviceControlSvr().GetFailSafeContext(); - if (!failSafeContext.IsFailSafeArmed(commandObj->GetAccessingFabricIndex())) - { - LogErrorOnFailure(commandObj->AddStatus(commandPath, Status::UnsupportedAccess)); - return true; - } + // Fetch current fabric. If not available, command was invoked over PASE which is not legal + FabricInfo * fabric = RetrieveCurrentFabric(commandObj); + VerifyOrExit(fabric != nullptr, nocResponse = ConvertToNOCResponseStatus(CHIP_ERROR_INSUFFICIENT_PRIVILEGE)); + fabricIndex = fabric->GetFabricIndex(); - if (failSafeContext.NocCommandHasBeenInvoked()) - { - LogErrorOnFailure(commandObj->AddStatus(commandPath, Status::ConstraintError)); - return true; - } + VerifyOrExit(NOCValue.size() <= 400, nonDefaultStatus = Status::InvalidCommand); - // Fetch current fabric - FabricInfo * fabric = RetrieveCurrentFabric(commandObj); - VerifyOrExit(fabric != nullptr, nocResponse = ConvertToNOCResponseStatus(CHIP_ERROR_INVALID_FABRIC_INDEX)); + VerifyOrExit(!ICACValue.HasValue() || ICACValue.Value().size() <= 400, nonDefaultStatus = Status::InvalidCommand); - // Flag on the fail-safe context that the UpdateNOC command was invoked. - err = failSafeContext.SetUpdateNocCommandInvoked(); - VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err)); + VerifyOrExit(failSafeContext.IsFailSafeArmed(commandObj->GetAccessingFabricIndex()), + nonDefaultStatus = Status::UnsupportedAccess); + + VerifyOrExit(!failSafeContext.NocCommandHasBeenInvoked(), nonDefaultStatus = Status::ConstraintError); err = fabric->SetNOCCert(NOCValue); VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err)); @@ -783,7 +800,9 @@ bool emberAfOperationalCredentialsClusterUpdateNOCCallback(app::CommandHandler * err = fabric->SetICACert(ICACValue); VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err)); - fabricIndex = fabric->GetFabricIndex(); + // Flag on the fail-safe context that the UpdateNOC command was invoked. + err = failSafeContext.SetUpdateNocCommandInvoked(); + VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err)); // We might have a new operational identity, so we should start advertising // it right away. Also, we need to withdraw our old operational identity. @@ -791,17 +810,27 @@ bool emberAfOperationalCredentialsClusterUpdateNOCCallback(app::CommandHandler * app::DnssdServer::Instance().StartServer(); exit: - - SendNOCResponse(commandObj, commandPath, nocResponse, fabricIndex, CharSpan()); - - if (nocResponse != OperationalCertStatus::kSuccess) + // We have an NOC response + if (nonDefaultStatus == Status::Success) { - ChipLogError(Zcl, "OpCreds: Failed UpdateNOC request (err=%" CHIP_ERROR_FORMAT "). Sending Status %d", err.Format(), - to_underlying(nocResponse)); + SendNOCResponse(commandObj, commandPath, nocResponse, fabricIndex, CharSpan()); + // Failed to update NOC + if (nocResponse != OperationalCertStatus::kSuccess) + { + ChipLogError(Zcl, "OpCreds: Failed UpdateNOC request (err=%" CHIP_ERROR_FORMAT ") with OperationalCert error %d", + err.Format(), to_underlying(nocResponse)); + } + // Success + else + { + ChipLogProgress(Zcl, "OpCreds: UpdateNOC successful."); + } } + // No NOC response - Failed constraints else { - ChipLogProgress(Zcl, "OpCreds: UpdateNOC successful."); + commandObj->AddStatus(commandPath, nonDefaultStatus); + ChipLogError(Zcl, "OpCreds: Failed AddNOC request with IM error 0x%02u", to_underlying(nonDefaultStatus)); } return true; diff --git a/src/app/zap-templates/README.md b/src/app/zap-templates/README.md index 52fc2b6344f26b..ccc9b5dae9c85b 100644 --- a/src/app/zap-templates/README.md +++ b/src/app/zap-templates/README.md @@ -8,6 +8,10 @@ This directory contains generation templates for ZAP, ZCL Advanced Platform. ### How to configure an application +Before running ZAP, you need to have [npm](https://www.npmjs.com/) installed. +The best way is to simply download latest install of +[node](https://nodejs.org/en/download/) and you will get npm. + Run ZAP with UI to configure endpoints and clusters ``` @@ -20,6 +24,8 @@ or ./scripts/tools/zap/run_zaptool.sh ``` +## Generating Files + ### How to generate files for all applications When any of the `.zapt` templates has been changed, all examples applications @@ -51,6 +57,16 @@ the command is: ./scripts/tools/zap/generate.py examples/lighting-app/lighting-common/lighting-app.zap -o zzz_generated/lighting-app/zap-generated ``` +### Note + +If you are encountering issues while generating zap files, try running the +following commands + +``` +source ./scripts/activate.sh +./scripts/tools/zap/run_zaptool.sh +``` + ### How to generate files for a single application using custom templates An application may use some custom templates to generate additional files. diff --git a/src/app/zap-templates/zcl/data-model/chip/operational-credentials-cluster.xml b/src/app/zap-templates/zcl/data-model/chip/operational-credentials-cluster.xml index e4c212e330fab1..cda8c0bc39446a 100644 --- a/src/app/zap-templates/zcl/data-model/chip/operational-credentials-cluster.xml +++ b/src/app/zap-templates/zcl/data-model/chip/operational-credentials-cluster.xml @@ -35,6 +35,7 @@ limitations under the License. + @@ -106,7 +107,7 @@ limitations under the License. - + diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp index e9dc953fc91e4b..06974bab97e8b7 100644 --- a/src/controller/CHIPDeviceController.cpp +++ b/src/controller/CHIPDeviceController.cpp @@ -1181,11 +1181,11 @@ CHIP_ERROR DeviceCommissioner::SendOperationalCertificate(DeviceProxy * device, VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT); OperationalCredentials::Commands::AddNOC::Type request; - request.NOCValue = nocCertBuf; - request.ICACValue = icaCertBuf; - request.IPKValue = ipk; - request.caseAdminNode = adminSubject; - request.adminVendorId = mVendorId; + request.NOCValue = nocCertBuf; + request.ICACValue = icaCertBuf; + request.IPKValue = ipk; + request.caseAdminSubject = adminSubject; + request.adminVendorId = mVendorId; ReturnErrorOnFailure( SendCommand(device, request, OnOperationalCertificateAddResponse, OnAddNOCFailureResponse)); @@ -1212,9 +1212,12 @@ CHIP_ERROR DeviceCommissioner::ConvertFromOperationalCertStatus(OperationalCrede return CHIP_ERROR_INCORRECT_STATE; case OperationalCertStatus::kTableFull: return CHIP_ERROR_NO_MEMORY; + case OperationalCertStatus::kInvalidAdminSubject: + return CHIP_ERROR_INVALID_ADMIN_SUBJECT; case OperationalCertStatus::kFabricConflict: return CHIP_ERROR_FABRIC_EXISTS; case OperationalCertStatus::kInsufficientPrivilege: + return CHIP_ERROR_INSUFFICIENT_PRIVILEGE; case OperationalCertStatus::kLabelConflict: return CHIP_ERROR_INVALID_ARGUMENT; case OperationalCertStatus::kInvalidFabricIndex: diff --git a/src/controller/data_model/controller-clusters.matter b/src/controller/data_model/controller-clusters.matter index fd4cda6bf058da..af551eb1b21600 100644 --- a/src/controller/data_model/controller-clusters.matter +++ b/src/controller/data_model/controller-clusters.matter @@ -2901,6 +2901,7 @@ client cluster OperationalCredentials = 62 { kInvalidNOC = 3; kMissingCsr = 4; kTableFull = 5; + kInvalidAdminSubject = 6; kInsufficientPrivilege = 8; kFabricConflict = 9; kLabelConflict = 10; @@ -2950,7 +2951,7 @@ client cluster OperationalCredentials = 62 { OCTET_STRING NOCValue = 0; optional OCTET_STRING ICACValue = 1; OCTET_STRING IPKValue = 2; - NODE_ID caseAdminNode = 3; + Int64u caseAdminSubject = 3; VENDOR_ID adminVendorId = 4; } diff --git a/src/controller/java/zap-generated/chip/devicecontroller/ChipClusters.java b/src/controller/java/zap-generated/chip/devicecontroller/ChipClusters.java index 6aa545cebc36e9..009addcaa9c697 100644 --- a/src/controller/java/zap-generated/chip/devicecontroller/ChipClusters.java +++ b/src/controller/java/zap-generated/chip/devicecontroller/ChipClusters.java @@ -13903,7 +13903,7 @@ public void addNOC( byte[] NOCValue, Optional ICACValue, byte[] IPKValue, - Long caseAdminNode, + Long caseAdminSubject, Integer adminVendorId) { addNOC( chipClusterPtr, @@ -13911,7 +13911,7 @@ public void addNOC( NOCValue, ICACValue, IPKValue, - caseAdminNode, + caseAdminSubject, adminVendorId, null); } @@ -13921,7 +13921,7 @@ public void addNOC( byte[] NOCValue, Optional ICACValue, byte[] IPKValue, - Long caseAdminNode, + Long caseAdminSubject, Integer adminVendorId, int timedInvokeTimeoutMs) { addNOC( @@ -13930,7 +13930,7 @@ public void addNOC( NOCValue, ICACValue, IPKValue, - caseAdminNode, + caseAdminSubject, adminVendorId, timedInvokeTimeoutMs); } @@ -14022,7 +14022,7 @@ private native void addNOC( byte[] NOCValue, Optional ICACValue, byte[] IPKValue, - Long caseAdminNode, + Long caseAdminSubject, Integer adminVendorId, @Nullable Integer timedInvokeTimeoutMs); diff --git a/src/controller/java/zap-generated/chip/devicecontroller/ClusterInfoMapping.java b/src/controller/java/zap-generated/chip/devicecontroller/ClusterInfoMapping.java index 8f8d8c2146681f..0071f79493364c 100644 --- a/src/controller/java/zap-generated/chip/devicecontroller/ClusterInfoMapping.java +++ b/src/controller/java/zap-generated/chip/devicecontroller/ClusterInfoMapping.java @@ -10932,10 +10932,10 @@ public Map> getCommandMap() { operationalCredentialsaddNOCCommandParams.put( "IPKValue", operationalCredentialsaddNOCIPKValueCommandParameterInfo); - CommandParameterInfo operationalCredentialsaddNOCcaseAdminNodeCommandParameterInfo = - new CommandParameterInfo("caseAdminNode", Long.class); + CommandParameterInfo operationalCredentialsaddNOCcaseAdminSubjectCommandParameterInfo = + new CommandParameterInfo("caseAdminSubject", Long.class); operationalCredentialsaddNOCCommandParams.put( - "caseAdminNode", operationalCredentialsaddNOCcaseAdminNodeCommandParameterInfo); + "caseAdminSubject", operationalCredentialsaddNOCcaseAdminSubjectCommandParameterInfo); CommandParameterInfo operationalCredentialsaddNOCadminVendorIdCommandParameterInfo = new CommandParameterInfo("adminVendorId", Integer.class); @@ -10951,7 +10951,7 @@ public Map> getCommandMap() { (byte[]) commandArguments.get("NOCValue"), (Optional) commandArguments.get("ICACValue"), (byte[]) commandArguments.get("IPKValue"), - (Long) commandArguments.get("caseAdminNode"), + (Long) commandArguments.get("caseAdminSubject"), (Integer) commandArguments.get("adminVendorId")); }, () -> new DelegatedNOCResponseCallback(), diff --git a/src/controller/python/chip/clusters/CHIPClusters.py b/src/controller/python/chip/clusters/CHIPClusters.py index ab641a2460fbf9..4bea41ab405789 100644 --- a/src/controller/python/chip/clusters/CHIPClusters.py +++ b/src/controller/python/chip/clusters/CHIPClusters.py @@ -4352,7 +4352,7 @@ class ChipClusters: "NOCValue": "bytes", "ICACValue": "bytes", "IPKValue": "bytes", - "caseAdminNode": "int", + "caseAdminSubject": "int", "adminVendorId": "int", }, }, diff --git a/src/controller/python/chip/clusters/Objects.py b/src/controller/python/chip/clusters/Objects.py index a59ea71bbfc1d1..c24808707b762b 100644 --- a/src/controller/python/chip/clusters/Objects.py +++ b/src/controller/python/chip/clusters/Objects.py @@ -14163,6 +14163,7 @@ class OperationalCertStatus(IntEnum): kInvalidNOC = 0x03 kMissingCsr = 0x04 kTableFull = 0x05 + kInvalidAdminSubject = 0x06 kInsufficientPrivilege = 0x08 kFabricConflict = 0x09 kLabelConflict = 0x0A @@ -14316,14 +14317,14 @@ def descriptor(cls) -> ClusterObjectDescriptor: ClusterObjectFieldDescriptor(Label="NOCValue", Tag=0, Type=bytes), ClusterObjectFieldDescriptor(Label="ICACValue", Tag=1, Type=typing.Optional[bytes]), ClusterObjectFieldDescriptor(Label="IPKValue", Tag=2, Type=bytes), - ClusterObjectFieldDescriptor(Label="caseAdminNode", Tag=3, Type=uint), + ClusterObjectFieldDescriptor(Label="caseAdminSubject", Tag=3, Type=uint), ClusterObjectFieldDescriptor(Label="adminVendorId", Tag=4, Type=uint), ]) NOCValue: 'bytes' = b"" ICACValue: 'typing.Optional[bytes]' = None IPKValue: 'bytes' = b"" - caseAdminNode: 'uint' = 0 + caseAdminSubject: 'uint' = 0 adminVendorId: 'uint' = 0 @dataclass diff --git a/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h b/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h index a847d4c35f2af6..ecb39a85135e57 100644 --- a/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h +++ b/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.h @@ -21934,6 +21934,7 @@ typedef NS_ENUM(uint8_t, CHIPOperationalCredentialsOperationalCertStatus) { CHIPOperationalCredentialsOperationalCertStatusInvalidNOC = 0x03, CHIPOperationalCredentialsOperationalCertStatusMissingCsr = 0x04, CHIPOperationalCredentialsOperationalCertStatusTableFull = 0x05, + CHIPOperationalCredentialsOperationalCertStatusInvalidAdminSubject = 0x06, CHIPOperationalCredentialsOperationalCertStatusInsufficientPrivilege = 0x08, CHIPOperationalCredentialsOperationalCertStatusFabricConflict = 0x09, CHIPOperationalCredentialsOperationalCertStatusLabelConflict = 0x0A, diff --git a/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.mm b/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.mm index fae086280e0551..35e37c258d14d4 100644 --- a/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.mm +++ b/src/darwin/Framework/CHIP/zap-generated/CHIPClustersObjc.mm @@ -48586,7 +48586,7 @@ - (void)addNOCWithParams:(CHIPOperationalCredentialsClusterAddNOCParams *)params definedValue_0 = [self asByteSpan:params.icacValue]; } request.IPKValue = [self asByteSpan:params.ipkValue]; - request.caseAdminNode = params.caseAdminNode.unsignedLongLongValue; + request.caseAdminSubject = params.caseAdminSubject.unsignedLongLongValue; request.adminVendorId = static_cast>(params.adminVendorId.unsignedShortValue); diff --git a/src/darwin/Framework/CHIP/zap-generated/CHIPCommandPayloadsObjc.h b/src/darwin/Framework/CHIP/zap-generated/CHIPCommandPayloadsObjc.h index 01739048896ffc..fd2a3bd0ecac1a 100644 --- a/src/darwin/Framework/CHIP/zap-generated/CHIPCommandPayloadsObjc.h +++ b/src/darwin/Framework/CHIP/zap-generated/CHIPCommandPayloadsObjc.h @@ -3161,7 +3161,7 @@ NS_ASSUME_NONNULL_BEGIN @property (strong, nonatomic) NSData * _Nonnull ipkValue; -@property (strong, nonatomic) NSNumber * _Nonnull caseAdminNode; +@property (strong, nonatomic) NSNumber * _Nonnull caseAdminSubject; @property (strong, nonatomic) NSNumber * _Nonnull adminVendorId; /** diff --git a/src/darwin/Framework/CHIP/zap-generated/CHIPCommandPayloadsObjc.mm b/src/darwin/Framework/CHIP/zap-generated/CHIPCommandPayloadsObjc.mm index 799c7e60756145..762a0319637064 100644 --- a/src/darwin/Framework/CHIP/zap-generated/CHIPCommandPayloadsObjc.mm +++ b/src/darwin/Framework/CHIP/zap-generated/CHIPCommandPayloadsObjc.mm @@ -1820,7 +1820,7 @@ - (instancetype)init _ipkValue = [NSData data]; - _caseAdminNode = @(0); + _caseAdminSubject = @(0); _adminVendorId = @(0); _timedInvokeTimeoutMs = nil; diff --git a/src/lib/core/CHIPError.cpp b/src/lib/core/CHIPError.cpp index e7006ba8c0b70a..82f7c974b08eb4 100644 --- a/src/lib/core/CHIPError.cpp +++ b/src/lib/core/CHIPError.cpp @@ -209,6 +209,12 @@ bool FormatCHIPError(char * buf, uint16_t bufSize, CHIP_ERROR err) case CHIP_ERROR_MISSING_SECURE_SESSION.AsInteger(): desc = "Missing secure session"; break; + case CHIP_ERROR_INVALID_ADMIN_SUBJECT.AsInteger(): + desc = "CaseAdminSubject is not valid"; + break; + case CHIP_ERROR_INSUFFICIENT_PRIVILEGE.AsInteger(): + desc = "Required privilege was insufficient during an operation"; + break; case CHIP_ERROR_INVALID_PATH_LIST.AsInteger(): desc = "Invalid TLV path list"; break; diff --git a/src/lib/core/CHIPError.h b/src/lib/core/CHIPError.h index 52c5ff047dec6a..93ed129de525b1 100644 --- a/src/lib/core/CHIPError.h +++ b/src/lib/core/CHIPError.h @@ -1509,9 +1509,24 @@ using CHIP_ERROR = ::chip::ChipError; */ #define CHIP_ERROR_MISSING_SECURE_SESSION CHIP_CORE_ERROR(0x77) -// unused CHIP_CORE_ERROR(0x78) +/** + * @def CHIP_ERROR_INVALID_ADMIN_SUBJECT + * + * @brief + * The CaseAdminSubject field is not valid in AddNOC command. + * + */ +#define CHIP_ERROR_INVALID_ADMIN_SUBJECT CHIP_CORE_ERROR(0x78) + +/** + * @def CHIP_ERROR_INSUFFICIENT_PRIVILEGE + * + * @brief + * Required privilege was insufficient during an operation. + * + */ +#define CHIP_ERROR_INSUFFICIENT_PRIVILEGE CHIP_CORE_ERROR(0x79) -// unused CHIP_CORE_ERROR(0x79) // unused CHIP_CORE_ERROR(0x7a) diff --git a/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h b/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h index da6117336c352f..7d9c297c6b497a 100644 --- a/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h +++ b/zzz_generated/app-common/app-common/zap-generated/cluster-enums.h @@ -925,6 +925,7 @@ enum class OperationalCertStatus : uint8_t kInvalidNOC = 0x03, kMissingCsr = 0x04, kTableFull = 0x05, + kInvalidAdminSubject = 0x06, kInsufficientPrivilege = 0x08, kFabricConflict = 0x09, kLabelConflict = 0x0A, diff --git a/zzz_generated/app-common/app-common/zap-generated/cluster-objects.cpp b/zzz_generated/app-common/app-common/zap-generated/cluster-objects.cpp index 8a4b65b11eb375..63440502ef9eef 100644 --- a/zzz_generated/app-common/app-common/zap-generated/cluster-objects.cpp +++ b/zzz_generated/app-common/app-common/zap-generated/cluster-objects.cpp @@ -11162,7 +11162,7 @@ CHIP_ERROR Type::Encode(TLV::TLVWriter & writer, TLV::Tag tag) const ReturnErrorOnFailure(DataModel::Encode(writer, TLV::ContextTag(to_underlying(Fields::kNOCValue)), NOCValue)); ReturnErrorOnFailure(DataModel::Encode(writer, TLV::ContextTag(to_underlying(Fields::kICACValue)), ICACValue)); ReturnErrorOnFailure(DataModel::Encode(writer, TLV::ContextTag(to_underlying(Fields::kIPKValue)), IPKValue)); - ReturnErrorOnFailure(DataModel::Encode(writer, TLV::ContextTag(to_underlying(Fields::kCaseAdminNode)), caseAdminNode)); + ReturnErrorOnFailure(DataModel::Encode(writer, TLV::ContextTag(to_underlying(Fields::kCaseAdminSubject)), caseAdminSubject)); ReturnErrorOnFailure(DataModel::Encode(writer, TLV::ContextTag(to_underlying(Fields::kAdminVendorId)), adminVendorId)); ReturnErrorOnFailure(writer.EndContainer(outer)); return CHIP_NO_ERROR; @@ -11191,8 +11191,8 @@ CHIP_ERROR DecodableType::Decode(TLV::TLVReader & reader) case to_underlying(Fields::kIPKValue): ReturnErrorOnFailure(DataModel::Decode(reader, IPKValue)); break; - case to_underlying(Fields::kCaseAdminNode): - ReturnErrorOnFailure(DataModel::Decode(reader, caseAdminNode)); + case to_underlying(Fields::kCaseAdminSubject): + ReturnErrorOnFailure(DataModel::Decode(reader, caseAdminSubject)); break; case to_underlying(Fields::kAdminVendorId): ReturnErrorOnFailure(DataModel::Decode(reader, adminVendorId)); diff --git a/zzz_generated/app-common/app-common/zap-generated/cluster-objects.h b/zzz_generated/app-common/app-common/zap-generated/cluster-objects.h index c6204b8656edcf..5c4aebc938656b 100644 --- a/zzz_generated/app-common/app-common/zap-generated/cluster-objects.h +++ b/zzz_generated/app-common/app-common/zap-generated/cluster-objects.h @@ -15442,11 +15442,11 @@ struct DecodableType namespace AddNOC { enum class Fields { - kNOCValue = 0, - kICACValue = 1, - kIPKValue = 2, - kCaseAdminNode = 3, - kAdminVendorId = 4, + kNOCValue = 0, + kICACValue = 1, + kIPKValue = 2, + kCaseAdminSubject = 3, + kAdminVendorId = 4, }; struct Type @@ -15459,7 +15459,7 @@ struct Type chip::ByteSpan NOCValue; Optional ICACValue; chip::ByteSpan IPKValue; - chip::NodeId caseAdminNode = static_cast(0); + uint64_t caseAdminSubject = static_cast(0); chip::VendorId adminVendorId = static_cast(0); CHIP_ERROR Encode(TLV::TLVWriter & writer, TLV::Tag tag) const; @@ -15478,7 +15478,7 @@ struct DecodableType chip::ByteSpan NOCValue; Optional ICACValue; chip::ByteSpan IPKValue; - chip::NodeId caseAdminNode = static_cast(0); + uint64_t caseAdminSubject = static_cast(0); chip::VendorId adminVendorId = static_cast(0); CHIP_ERROR Decode(TLV::TLVReader & reader); }; diff --git a/zzz_generated/chip-tool/zap-generated/cluster/Commands.h b/zzz_generated/chip-tool/zap-generated/cluster/Commands.h index e63573b500d039..15ab9b4f85e84d 100644 --- a/zzz_generated/chip-tool/zap-generated/cluster/Commands.h +++ b/zzz_generated/chip-tool/zap-generated/cluster/Commands.h @@ -6642,7 +6642,7 @@ class OperationalCredentialsAddNOC : public ClusterCommand AddArgument("NOCValue", &mRequest.NOCValue); AddArgument("ICACValue", &mRequest.ICACValue); AddArgument("IPKValue", &mRequest.IPKValue); - AddArgument("CaseAdminNode", 0, UINT64_MAX, &mRequest.caseAdminNode); + AddArgument("CaseAdminSubject", 0, UINT64_MAX, &mRequest.caseAdminSubject); AddArgument("AdminVendorId", 0, UINT16_MAX, &mRequest.adminVendorId); ClusterCommand::AddArguments(); } diff --git a/zzz_generated/darwin-framework-tool/zap-generated/cluster/Commands.h b/zzz_generated/darwin-framework-tool/zap-generated/cluster/Commands.h index 269a597fa35c4f..b28e34fe7b5b6c 100644 --- a/zzz_generated/darwin-framework-tool/zap-generated/cluster/Commands.h +++ b/zzz_generated/darwin-framework-tool/zap-generated/cluster/Commands.h @@ -57826,7 +57826,7 @@ class OperationalCredentialsAddNOC : public ClusterCommand { AddArgument("NOCValue", &mRequest.NOCValue); AddArgument("ICACValue", &mRequest.ICACValue); AddArgument("IPKValue", &mRequest.IPKValue); - AddArgument("CaseAdminNode", 0, UINT64_MAX, &mRequest.caseAdminNode); + AddArgument("CaseAdminSubject", 0, UINT64_MAX, &mRequest.caseAdminSubject); AddArgument("AdminVendorId", 0, UINT16_MAX, &mRequest.adminVendorId); ClusterCommand::AddArguments(); } @@ -57849,7 +57849,7 @@ class OperationalCredentialsAddNOC : public ClusterCommand { params.icacValue = nil; } params.ipkValue = [NSData dataWithBytes:mRequest.IPKValue.data() length:mRequest.IPKValue.size()]; - params.caseAdminNode = [NSNumber numberWithUnsignedLongLong:mRequest.caseAdminNode]; + params.caseAdminSubject = [NSNumber numberWithUnsignedLongLong:mRequest.caseAdminSubject]; params.adminVendorId = [NSNumber numberWithUnsignedShort:chip::to_underlying(mRequest.adminVendorId)]; uint16_t repeatCount = mRepeatCount.ValueOr(1); uint16_t __block responsesNeeded = repeatCount;