Group encryption/decryption enabled.

examples/chip-tool/commands/common/Commands.cpp

@@ -25,6 +25,7 @@
 
 #include <lib/support/CHIPMem.h>
 #include <lib/support/CodeUtils.h>
+#include <lib/support/TestGroupData.h>
 
 void Commands::Register(const char * clusterName, commands_list commandsList)
 {
@@ -41,8 +42,8 @@ int Commands::Run(int argc, char ** argv)
     err = chip::Platform::MemoryInit();
     VerifyOrExit(err == CHIP_NO_ERROR, ChipLogError(Controller, "Init Memory failure: %s", chip::ErrorStr(err)));
 
-    err = mStorage.Init();
-    VerifyOrExit(err == CHIP_NO_ERROR, ChipLogError(Controller, "Init Storage failure: %s", chip::ErrorStr(err)));
+    err = chip::GroupTesting::InitGroupData();
+    VerifyOrExit(err == CHIP_NO_ERROR, ChipLogError(Controller, "Init Group Data failure: %s", chip::ErrorStr(err)));
 
     chip::Logging::SetLogFilter(mStorage.GetLoggingLevel());
 

src/app/clusters/group-key-mgmt-server/group-key-mgmt-server.cpp

@@ -267,7 +267,7 @@ bool emberAfGroupKeyManagementClusterKeySetWriteCallback(
         return true;
     }
 
-    if (commandData.groupKeySet.epochKey0.empty() || (0 == commandData.groupKeySet.epochStartTime0))
+    if (commandData.groupKeySet.epochKey0.empty() || 0 == commandData.groupKeySet.epochStartTime0)
     {
         // If the EpochKey0 field is null or its associated EpochStartTime0 field is null,
         // then this command SHALL fail with an INVALID_COMMAND
@@ -285,7 +285,8 @@ bool emberAfGroupKeyManagementClusterKeySetWriteCallback(
     // Epoch Key 1
     if (!commandData.groupKeySet.epochKey1.empty())
     {
-        if (commandData.groupKeySet.epochStartTime1 <= commandData.groupKeySet.epochStartTime0)
+        if (0 == commandData.groupKeySet.epochStartTime1 ||
+            commandData.groupKeySet.epochStartTime1 <= commandData.groupKeySet.epochStartTime0)
         {
             // If the EpochKey1 field is not null, its associated EpochStartTime1 field SHALL contain
             // a later epoch start time than the epoch start time found in the EpochStartTime0 field.
@@ -300,11 +301,13 @@ bool emberAfGroupKeyManagementClusterKeySetWriteCallback(
     // Epoch Key 2
     if (!commandData.groupKeySet.epochKey2.empty())
     {
-        keyset.num_keys_used++;
-        if (commandData.groupKeySet.epochStartTime2 <= commandData.groupKeySet.epochStartTime1)
+        if (commandData.groupKeySet.epochKey1.empty() || 0 == commandData.groupKeySet.epochStartTime2 ||
+            commandData.groupKeySet.epochStartTime2 <= commandData.groupKeySet.epochStartTime1)
         {
-            // If the EpochKey1 field is not null, its associated EpochStartTime1 field SHALL contain
-            // a later epoch start time than the epoch start time found in the EpochStartTime0 field.
+            // If the EpochKey2 field is not null then:
+            // * The EpochKey1 field SHALL NOT be null
+            // * Its associated EpochStartTime1 field SHALL contain a later epoch start time
+            //   than the epoch start time found in the EpochStartTime0 field.
             emberAfSendImmediateDefaultResponse(EMBER_ZCL_STATUS_INVALID_COMMAND);
             return true;
         }
@@ -364,35 +367,34 @@ bool emberAfGroupKeyManagementClusterKeySetReadCallback(
     if (keyset.num_keys_used > 0)
     {
         response.groupKeySet.epochStartTime0 = keyset.epoch_keys[0].start_time;
-        response.groupKeySet.epochKey0       = chip::ByteSpan(nullptr, 0);
     }
     else
     {
         response.groupKeySet.epochStartTime0 = 0;
-        response.groupKeySet.epochKey0       = chip::ByteSpan(nullptr, 0);
     }
+    response.groupKeySet.epochKey0 = ByteSpan();
+
     // Keyset 1
     if (keyset.num_keys_used > 1)
     {
         response.groupKeySet.epochStartTime1 = keyset.epoch_keys[1].start_time;
-        response.groupKeySet.epochKey1       = chip::ByteSpan(nullptr, 0);
     }
     else
     {
         response.groupKeySet.epochStartTime1 = 0;
-        response.groupKeySet.epochKey1       = chip::ByteSpan(nullptr, 0);
     }
+    response.groupKeySet.epochKey1 = ByteSpan();
+
     // Keyset 2
     if (keyset.num_keys_used > 2)
     {
         response.groupKeySet.epochStartTime2 = keyset.epoch_keys[2].start_time;
-        response.groupKeySet.epochKey2       = chip::ByteSpan(nullptr, 0);
     }
     else
     {
         response.groupKeySet.epochStartTime2 = 0;
-        response.groupKeySet.epochKey2       = chip::ByteSpan(nullptr, 0);
     }
+    response.groupKeySet.epochKey2 = ByteSpan();
 
     CHIP_ERROR err = commandObj->AddResponseData(commandPath, response);
     if (CHIP_NO_ERROR != err)

src/app/tests/TestWriteInteraction.cpp

@@ -25,6 +25,7 @@
 #include <lib/core/CHIPTLVDebug.hpp>
 #include <lib/core/CHIPTLVUtilities.hpp>
 #include <lib/support/ErrorStr.h>
+#include <lib/support/TestGroupData.h>
 #include <lib/support/TestPersistentStorageDelegate.h>
 #include <lib/support/UnitTestRegistration.h>
 #include <messaging/ExchangeContext.h>
@@ -417,12 +418,6 @@ void TestWriteInteraction::TestWriteRoundtrip(nlTestSuite * apSuite, void * apCo
 
 namespace {
 
-constexpr uint16_t kMaxGroupsPerFabric    = 5;
-constexpr uint16_t kMaxGroupKeysPerFabric = 8;
-
-static chip::TestPersistentStorageDelegate sDelegate;
-static chip::Credentials::GroupDataProviderImpl sProvider(sDelegate, kMaxGroupsPerFabric, kMaxGroupKeysPerFabric);
-
 /**
  *   Test Suite. It lists all the test functions.
  */
@@ -446,13 +441,12 @@ const nlTest sTests[] =
  */
 int Test_Setup(void * inContext)
 {
-    SetGroupDataProvider(&sProvider);
     VerifyOrReturnError(CHIP_NO_ERROR == chip::Platform::MemoryInit(), FAILURE);
-    VerifyOrReturnError(CHIP_NO_ERROR == sProvider.Init(), FAILURE);
-
 
     VerifyOrReturnError(TestContext::Initialize(inContext) == SUCCESS, FAILURE);
 
+    VerifyOrReturnError(CHIP_NO_ERROR == chip::GroupTesting::InitGroupData(), FAILURE);
+
     return SUCCESS;
 }
 

src/app/tests/suites/TestGroupKeyManagementCluster.yaml

@@ -23,6 +23,19 @@ tests:
       cluster: "DelayCommands"
       command: "WaitForCommissionee"
 
+    - label: "Read maxGroupsPerFabric"
+      command: "readAttribute"
+      attribute: "maxGroupsPerFabric"
+      response:
+          constraints:
+              minValue: 2
+
+    - label: "Read maxGroupKeysPerFabric"
+      command: "readAttribute"
+      attribute: "maxGroupKeysPerFabric"
+      response:
+          value: 2
+
     - label: "Add Group 1"
       disabled: true
       cluster: "Groups"
@@ -167,15 +180,3 @@ tests:
                       groupName: "Group #1",
                   },
               ]
-
-    - label: "Read maxGroupsPerFabric"
-      command: "readAttribute"
-      attribute: "maxGroupsPerFabric"
-      response:
-          value: 1
-
-    - label: "Read maxGroupKeysPerFabric"
-      command: "readAttribute"
-      attribute: "maxGroupKeysPerFabric"
-      response:
-          value: 1

src/app/tests/suites/TestGroupMessaging.yaml

@@ -63,6 +63,39 @@ tests:
               - name: "groupId"
                 value: 0x0001
 
+    - label: "KeySet Write"
+      cluster: "Group Key Management"
+      command: "KeySetWrite"
+      arguments:
+          values:
+              - name: "GroupKeySet"
+                value:
+                    {
+                        groupKeySetID: 0x0101,
+                        securityPolicy: 0,
+                        epochKey0: "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf",
+                        epochStartTime0: 1110000,
+                        epochKey1: "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf",
+                        epochStartTime1: 1110001,
+                        epochKey2: "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
+                        epochStartTime2: 1110002,
+                    }
+      response:
+          error: 0
+
+    - label: "Write Group Keys"
+      cluster: "Group Key Management"
+      command: "writeAttribute"
+      attribute: "groupKeyMap"
+      arguments:
+          value:
+              [
+                  { fabricIndex: 1, groupId: 0x1234, groupKeySetID: 0x0101 },
+                  { fabricIndex: 1, groupId: 0x0001, groupKeySetID: 0x0101 },
+              ]
+      response:
+          error: 0
+
     # Test Pair 1 : Sends a Group Write Attribute
     - label: "Group Write Attribute"
       command: "writeAttribute"

src/credentials/GroupDataProviderImpl.cpp

@@ -1596,6 +1596,9 @@ CHIP_ERROR GroupDataProviderImpl::SetKeySet(chip::FabricIndex fabric_index, cons
     keyset.policy     = in_keyset.policy;
     keyset.keys_count = in_keyset.num_keys_used;
     memset(keyset.operational_keys, 0x00, sizeof(keyset.operational_keys));
+    keyset.operational_keys[0].start_time = in_keyset.epoch_keys[0].start_time;
+    keyset.operational_keys[1].start_time = in_keyset.epoch_keys[1].start_time;
+    keyset.operational_keys[2].start_time = in_keyset.epoch_keys[2].start_time;
 
     // Store the operational keys and hash instead of the epoch keys
     for (size_t i = 0; i < in_keyset.num_keys_used; ++i)
@@ -1638,8 +1641,11 @@ CHIP_ERROR GroupDataProviderImpl::GetKeySet(chip::FabricIndex fabric_index, uint
     out_keyset.keyset_id     = keyset.keyset_id;
     out_keyset.policy        = keyset.policy;
     out_keyset.num_keys_used = keyset.keys_count;
-    // Epoch keys are not read back
+    // Epoch keys are not read back, only the times
     memset(out_keyset.epoch_keys, 0x00, sizeof(out_keyset.epoch_keys));
+    out_keyset.epoch_keys[0].start_time = keyset.operational_keys[0].start_time;
+    out_keyset.epoch_keys[1].start_time = keyset.operational_keys[1].start_time;
+    out_keyset.epoch_keys[2].start_time = keyset.operational_keys[2].start_time;
     return CHIP_NO_ERROR;
 }