CHIP Config Cleanup: Removed Legacy (Unused) Security Configs (#14553)

project-chip · Nov 14, 2023 · 3260885 · 3260885
1 parent 2536f0b
commit 3260885
Show file tree

Hide file tree

Showing 23 changed files with 29 additions and 1,789 deletions.
diff --git a/config/android/CHIPProjectConfig.h b/config/android/CHIPProjectConfig.h
@@ -1,6 +1,6 @@
 /*
  *
- *    Copyright (c) 2020-2021 Project CHIP Authors
+ *    Copyright (c) 2020-2022 Project CHIP Authors
  *    Copyright (c) 2016-2017 Nest Labs, Inc.
  *    Copyright (c) 2019-2020 Google LLC.
  *    All rights reserved.
@@ -34,16 +34,9 @@
 
 #define INET_CONFIG_OVERRIDE_SYSTEM_TCP_USER_TIMEOUT 0
 
-// Enable passcode encryption configuration 1
-#define CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY 1
-
 // Uncomment this for a large Tunnel MTU.
 //#define CHIP_CONFIG_TUNNEL_INTERFACE_MTU                           (9000)
 
-#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0
-
-#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0
-
 #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 300
 
 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1

diff --git a/config/esp32/components/chip/Kconfig b/config/esp32/components/chip/Kconfig
@@ -1,5 +1,5 @@
 #
-#    Copyright (c) 2020 Project CHIP Authors
+#    Copyright (c) 2020-2022 Project CHIP Authors
 #    Copyright (c) 2018 Nest Labs, Inc.
 #    All rights reserved.
 #
@@ -166,125 +166,6 @@ menu "CHIP Core"
             help
                 The maximum number of simultaneously active session keys.
 
-        config DEFAULT_SECURITY_SESSION_ESTABLISHMENT_TIMEOUT
-            int "Default Security Session Establishment Timeout (ms)"
-            range 0 65535
-            default 30000
-            help
-                The default amount of time, in milliseconds, after which an in-progess
-                session establishment will fail due to a timeout.
-
-                This value can be overridden by the application at runtime.
-
-        config DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT
-            int "Default Security Session Idle Timeout (ms)"
-            range 0 65535
-            default 15000
-            help
-                The default minimum amount of time, in milliseconds, that an unreserved
-                and idle security session will be allowed to exist before being destroyed.
-                In practice, unreserved idle sessions can exist for up to twice this value.
-
-                This value can be overridden by the application at runtime.
-
-        menu "Protocols"
-
-            config ENABLE_PASE_INITIATOR
-                bool "Enable PASE Initiator"
-                default n
-                help
-                    Enable support for initiating PASE security sessions with a remote node.
-
-                    This feature is rarely needed in device applications of CHIP.
-
-                    (PASE = Password Authenticated Session Establishment).
-
-            config ENABLE_PASE_RESPONDER
-                bool "Enable PASE Responder"
-                default y
-                help
-                    Enable support for responding to a request from a remote node to initiate
-                    a PASE security session.
-
-                    This feature is necessary to support standard CHIP pairing.
-
-                    (PASE = Password Authenticated Session Establishment).
-
-            config ENABLE_CASE_INITIATOR
-                bool "Enable CASE Initiator"
-                default y
-                help
-                    Enable support for initiating CASE security sessions with a remote node.
-
-                    This feature is necessary to support interacting with CHIP cloud services.
-
-                    (CASE = Certificate Authenticated Session Establishment).
-
-            config ENABLE_CASE_RESPONDER
-                bool "Enable CASE Responder"
-                default y
-                help
-                    Enable support for responding to a request from a remote note to initiate
-                    a CASE security session.
-
-                    This feature is necessary to support standard CHIP pairing.
-
-                    (CASE = Certificate Authenticated Session Establishment).
-
-        endmenu # "Protocols"
-
-        menu "Group Keys"
-
-            config USE_APP_GROUP_KEYS_FOR_MSG_ENC
-                bool "Enable Group Keys for CHIP Message Encryption"
-                default y
-                help
-                    Enable the use of application group keys for CHIP message encryption.
-
-            config MAX_CACHED_MSG_ENC_APP_KEYS
-                int "Group Key Cache Size"
-                range 0 255
-                default 5
-                depends on USE_APP_GROUP_KEYS_FOR_MSG_ENC
-                help
-                    The size of the cache (in number of keys) used to store derived application
-                    group encryption keys.
-
-                    This value is only meaningful when group keys are enabled for CHIP message
-                    encryption.
-
-            config MAX_APPLICATION_EPOCH_KEYS
-                int "Max Application Epoch Keys"
-                range 0 8
-                default 4
-                help
-                    The maximum number of simultaneously supported application epoch keys.
-
-                    (Epoch keys are a kind of symmetric key that gets mixed together with
-                    other key material to form a group encryption key which can be used
-                    for private communication amongst a set of related CHIP nodes).
-
-                    This value should be set to the maximum number of epoch keys that
-                    can be simultaneously provisioned on the local CHIP node.  The
-                    maximum supported value is 8, however, in most cases only two such
-                    keys will exist at any given point in time.
-
-            config MAX_APPLICATION_GROUPS
-                int "Max Application Master Keys"
-                range 0 255
-                default 4
-                help
-                    The maximum number of simultaneously supported application group master keys.
-
-                    (Application group master keys are a kind of symmetric key that gets mixed
-                    together with other key material to form a group encryption key which can
-                    be used for private communication amongst a set of related CHIP nodes).
-
-                    This value should be set to the number of CHIP application groups
-                    in which the local CHIP device will be a member.
-
-        endmenu # "Group Keys"
-
         menu "Debugging"
 
             config SECURITY_TEST_MODE
@@ -307,12 +188,6 @@ menu "CHIP Core"
                     WARNING: This option makes it possible to circumvent basic CHIP security functionality.
                     Because of this it SHOULD NEVER BE ENABLED IN PRODUCTION BUILDS.
 
-            config DEBUG_CERT_VALIDATION
-                bool "Enable Certificate Validation Debugging"
-                default n
-                help
-                    Enable support for debugging output from certificate validation.
-
         endmenu # "Debugging"
 
     endmenu # "Security Options"

diff --git a/config/ios/CHIPProjectConfig.h b/config/ios/CHIPProjectConfig.h
@@ -1,6 +1,6 @@
 /*
  *
- *    Copyright (c) 2020-2021 Project CHIP Authors
+ *    Copyright (c) 2020-2022 Project CHIP Authors
  *    Copyright (c) 2016-2017 Nest Labs, Inc.
  *    Copyright (c) 2019-2020 Google LLC.
  *    All rights reserved.
@@ -34,16 +34,9 @@
 
 #define INET_CONFIG_OVERRIDE_SYSTEM_TCP_USER_TIMEOUT 0
 
-// Enable passcode encryption configuration 1
-#define CHIP_CONFIG_SUPPORT_PASSCODE_CONFIG1_TEST_ONLY 1
-
 // Uncomment this for a large Tunnel MTU.
 //#define CHIP_CONFIG_TUNNEL_INTERFACE_MTU                           (9000)
 
-#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0
-
-#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0
-
 #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 300
 
 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1

diff --git a/config/python/CHIPProjectConfig.h b/config/python/CHIPProjectConfig.h
@@ -1,6 +1,6 @@
 /*
  *
- *    Copyright (c) 2020-2021 Project CHIP Authors
+ *    Copyright (c) 2020-2022 Project CHIP Authors
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -53,15 +53,8 @@
 #define CHIP_CONFIG_SECURITY_TEST_MODE 0
 #define CHIP_CONFIG_REQUIRE_AUTH 1
 
-// Increase session idle timeout in stand-alone builds for the convenience of developers.
-#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT 120000
-
 #define CHIP_CONFIG_ENABLE_UPDATE 1
 
-#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0
-
-#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0
-
 #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 0
 
 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1

diff --git a/config/standalone/CHIPProjectConfig.h b/config/standalone/CHIPProjectConfig.h
@@ -1,6 +1,6 @@
 /*
  *
- *    Copyright (c) 2020-2021 Project CHIP Authors
+ *    Copyright (c) 2020-2022 Project CHIP Authors
  *    Copyright (c) 2016-2017 Nest Labs, Inc.
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
@@ -56,15 +56,8 @@
 #define CHIP_CONFIG_SECURITY_TEST_MODE 0
 #define CHIP_CONFIG_REQUIRE_AUTH 1
 
-// Increase session idle timeout in stand-alone builds for the convenience of developers.
-#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT 120000
-
 #define CHIP_CONFIG_ENABLE_UPDATE 1
 
-#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0
-
-#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0
-
 #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 0
 
 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1

diff --git a/examples/chip-tool/include/CHIPProjectAppConfig.h b/examples/chip-tool/include/CHIPProjectAppConfig.h
@@ -1,6 +1,6 @@
 /*
  *
- *    Copyright (c) 2020-2021 Project CHIP Authors
+ *    Copyright (c) 2020-2022 Project CHIP Authors
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -53,15 +53,8 @@
 #define CHIP_CONFIG_SECURITY_TEST_MODE 0
 #define CHIP_CONFIG_REQUIRE_AUTH 1
 
-// Increase session idle timeout in stand-alone builds for the convenience of developers.
-#define CHIP_CONFIG_DEFAULT_SECURITY_SESSION_IDLE_TIMEOUT 120000
-
 #define CHIP_CONFIG_ENABLE_UPDATE 1
 
-#define CHIP_CONFIG_LEGACY_CASE_AUTH_DELEGATE 0
-
-#define CHIP_CONFIG_LEGACY_KEY_EXPORT_DELEGATE 0
-
 #define CHIP_SYSTEM_CONFIG_PACKETBUFFER_POOL_SIZE 0
 
 #define CHIP_CONFIG_DATA_MANAGEMENT_CLIENT_EXPERIMENTAL 1

diff --git a/src/lib/core/BUILD.gn b/src/lib/core/BUILD.gn
@@ -1,4 +1,4 @@
-# Copyright (c) 2020-2021 Project CHIP Authors
+# Copyright (c) 2020-2022 Project CHIP Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -30,8 +30,6 @@ buildconfig_header("chip_buildconfig") {
 
   chip_config_memory_management_malloc =
       chip_config_memory_management == "malloc"
-  chip_config_memory_management_simple =
-      chip_config_memory_management == "simple"
   chip_config_memory_management_platform =
       chip_config_memory_management == "platform"
 
@@ -55,7 +53,6 @@ buildconfig_header("chip_buildconfig") {
     "HAVE_MALLOC=${chip_config_memory_management_malloc}",
     "HAVE_FREE=${chip_config_memory_management_malloc}",
     "HAVE_NEW=false",
-    "CHIP_CONFIG_MEMORY_MGMT_SIMPLE=${chip_config_memory_management_simple}",
     "CHIP_CONFIG_MEMORY_MGMT_PLATFORM=${chip_config_memory_management_platform}",
     "CHIP_CONFIG_MEMORY_DEBUG_CHECKS=${chip_config_memory_debug_checks}",
     "CHIP_CONFIG_MEMORY_DEBUG_DMALLOC=${chip_config_memory_debug_dmalloc}",