From d72fee1c4e2343d56e990bb38f5fcbd5085fa630 Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Fri, 4 Aug 2023 20:17:52 -0400 Subject: [PATCH] Add support for controllers not advertising their operational identities. If multiple controllers are running, and some want to enable server interactions while others do not, the ones not enabling server interactions should not advertise. Fixes https://github.com/project-chip/connectedhomeip/issues/28279 --- src/app/server/Dnssd.cpp | 5 ++ src/controller/CHIPDeviceController.cpp | 28 +++++----- .../CHIPDeviceControllerFactory.cpp | 7 --- src/credentials/FabricTable.cpp | 41 ++++++++------- src/credentials/FabricTable.h | 51 +++++++++++++------ src/credentials/tests/TestFabricTable.cpp | 29 ++++++++--- 6 files changed, 101 insertions(+), 60 deletions(-) diff --git a/src/app/server/Dnssd.cpp b/src/app/server/Dnssd.cpp index 17c9b4a459af9e..86a70a0a8c69e2 100644 --- a/src/app/server/Dnssd.cpp +++ b/src/app/server/Dnssd.cpp @@ -152,6 +152,11 @@ CHIP_ERROR DnssdServer::AdvertiseOperational() for (const FabricInfo & fabricInfo : *mFabricTable) { + if (!fabricInfo.ShouldAdvertiseIdentity()) + { + continue; + } + uint8_t macBuffer[DeviceLayer::ConfigurationManager::kPrimaryMACAddressLength]; MutableByteSpan mac(macBuffer); if (chip::DeviceLayer::ConfigurationMgr().GetPrimaryMACAddress(mac) != CHIP_NO_ERROR) diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp index babc6688ad45c1..f57c2bd326ee57 100644 --- a/src/controller/CHIPDeviceController.cpp +++ b/src/controller/CHIPDeviceController.cpp @@ -130,14 +130,11 @@ CHIP_ERROR DeviceController::Init(ControllerInitParams params) { ReturnErrorOnFailure(InitControllerNOCChain(params)); - if (params.enableServerInteractions) - { - // - // Advertise our operational identity on the network to facilitate discovery by clients that look to - // establish CASE with a controller that is also offering server-side capabilities (e.g an OTA provider). - // - app::DnssdServer::Instance().AdvertiseOperational(); - } + // Restart our DNS-SD advertising, to account for our new state. + // Note that just AdvertiseOperational() is not enough here: we could + // have params.enableServerInteractions false, and then we need to + // withdraw existing advertisements. + app::DnssdServer::Instance().StartServer(); } mSystemState = params.systemState->Retain(); @@ -239,6 +236,9 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & CHIP_ERROR err = CHIP_NO_ERROR; + auto advertiseOperational = + params.enableServerInteractions ? FabricTable::AdvertiseIdentity::Yes : FabricTable::AdvertiseIdentity::No; + // // We permit colliding fabrics when multiple controllers are present on the same logical fabric // since each controller is associated with a unique FabricInfo 'identity' object and consequently, @@ -261,7 +261,7 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & if (fabricFoundInTable) { err = fabricTable->UpdatePendingFabricWithProvidedOpKey(fabricIndex, nocSpan, icacSpan, externalOperationalKeypair, - hasExternallyOwnedKeypair); + hasExternallyOwnedKeypair, advertiseOperational); } else // CASE 2: New fabric with injected key @@ -269,8 +269,9 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & err = fabricTable->AddNewPendingTrustedRootCert(rcacSpan); if (err == CHIP_NO_ERROR) { - err = fabricTable->AddNewPendingFabricWithProvidedOpKey( - nocSpan, icacSpan, newFabricVendorId, externalOperationalKeypair, hasExternallyOwnedKeypair, &fabricIndex); + err = fabricTable->AddNewPendingFabricWithProvidedOpKey(nocSpan, icacSpan, newFabricVendorId, + externalOperationalKeypair, hasExternallyOwnedKeypair, + &fabricIndex, advertiseOperational); } } } @@ -283,7 +284,7 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & { VerifyOrReturnError(fabricTable->HasOperationalKeyForFabric(fabricIndex), CHIP_ERROR_KEY_NOT_FOUND); - err = fabricTable->UpdatePendingFabricWithOperationalKeystore(fabricIndex, nocSpan, icacSpan); + err = fabricTable->UpdatePendingFabricWithOperationalKeystore(fabricIndex, nocSpan, icacSpan, advertiseOperational); } else // CASE 4: New fabric with operational keystore @@ -291,7 +292,8 @@ CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & err = fabricTable->AddNewPendingTrustedRootCert(rcacSpan); if (err == CHIP_NO_ERROR) { - err = fabricTable->AddNewPendingFabricWithOperationalKeystore(nocSpan, icacSpan, newFabricVendorId, &fabricIndex); + err = fabricTable->AddNewPendingFabricWithOperationalKeystore(nocSpan, icacSpan, newFabricVendorId, &fabricIndex, + advertiseOperational); } if (err == CHIP_NO_ERROR) diff --git a/src/controller/CHIPDeviceControllerFactory.cpp b/src/controller/CHIPDeviceControllerFactory.cpp index c57cb9a57dd28c..5587cd6ec69294 100644 --- a/src/controller/CHIPDeviceControllerFactory.cpp +++ b/src/controller/CHIPDeviceControllerFactory.cpp @@ -256,13 +256,6 @@ CHIP_ERROR DeviceControllerFactory::InitSystemState(FactoryInitParams params) // Consequently, reach in set the fabric table pointer to point to the right version. // app::DnssdServer::Instance().SetFabricTable(stateParams.fabricTable); - - // - // Start up the DNS-SD server. We are not giving it a - // CommissioningModeProvider, so it will not claim we are in - // commissioning mode. - // - chip::app::DnssdServer::Instance().StartServer(); } stateParams.sessionSetupPool = Platform::New(); diff --git a/src/credentials/FabricTable.cpp b/src/credentials/FabricTable.cpp index eeb5932f01a48a..8ec4691f9f80fa 100644 --- a/src/credentials/FabricTable.cpp +++ b/src/credentials/FabricTable.cpp @@ -78,12 +78,13 @@ CHIP_ERROR FabricInfo::Init(const FabricInfo::InitParams & initParams) Reset(); - mNodeId = initParams.nodeId; - mFabricId = initParams.fabricId; - mFabricIndex = initParams.fabricIndex; - mCompressedFabricId = initParams.compressedFabricId; - mRootPublicKey = initParams.rootPublicKey; - mVendorId = static_cast(initParams.vendorId); + mNodeId = initParams.nodeId; + mFabricId = initParams.fabricId; + mFabricIndex = initParams.fabricIndex; + mCompressedFabricId = initParams.compressedFabricId; + mRootPublicKey = initParams.rootPublicKey; + mVendorId = static_cast(initParams.vendorId); + mShouldAdvertiseIdentity = initParams.advertiseIdentity; // Deal with externally injected keys if (initParams.operationalKeypair != nullptr) @@ -105,12 +106,13 @@ void FabricInfo::operator=(FabricInfo && other) { Reset(); - mNodeId = other.mNodeId; - mFabricId = other.mFabricId; - mFabricIndex = other.mFabricIndex; - mCompressedFabricId = other.mCompressedFabricId; - mRootPublicKey = other.mRootPublicKey; - mVendorId = other.mVendorId; + mNodeId = other.mNodeId; + mFabricId = other.mFabricId; + mFabricIndex = other.mFabricIndex; + mCompressedFabricId = other.mCompressedFabricId; + mRootPublicKey = other.mRootPublicKey; + mVendorId = other.mVendorId; + mShouldAdvertiseIdentity = other.mShouldAdvertiseIdentity; SetFabricLabel(other.GetFabricLabel()); @@ -768,7 +770,7 @@ CHIP_ERROR FabricTable::NotifyFabricCommitted(FabricIndex fabricIndex) CHIP_ERROR FabricTable::AddOrUpdateInner(FabricIndex fabricIndex, bool isAddition, Crypto::P256Keypair * existingOpKey, - bool isExistingOpKeyExternallyOwned, uint16_t vendorId) + bool isExistingOpKeyExternallyOwned, uint16_t vendorId, AdvertiseIdentity advertiseIdentity) { // All parameters pre-validated before we get here @@ -867,6 +869,8 @@ FabricTable::AddOrUpdateInner(FabricIndex fabricIndex, bool isAddition, Crypto:: return CHIP_ERROR_INCORRECT_STATE; } + newFabricInfo.advertiseIdentity = (advertiseIdentity == AdvertiseIdentity::Yes); + // Update local copy of fabric data. For add it's a new entry, for update, it's `mPendingFabric` shadow entry. ReturnErrorOnFailure(fabricEntry->Init(newFabricInfo)); @@ -1642,7 +1646,7 @@ CHIP_ERROR FabricTable::FindExistingFabricByNocChaining(FabricIndex pendingFabri CHIP_ERROR FabricTable::AddNewPendingFabricCommon(const ByteSpan & noc, const ByteSpan & icac, uint16_t vendorId, Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, - FabricIndex * outNewFabricIndex) + AdvertiseIdentity advertiseIdentity, FabricIndex * outNewFabricIndex) { VerifyOrReturnError(mOpCertStore != nullptr, CHIP_ERROR_INCORRECT_STATE); VerifyOrReturnError(outNewFabricIndex != nullptr, CHIP_ERROR_INVALID_ARGUMENT); @@ -1692,8 +1696,8 @@ CHIP_ERROR FabricTable::AddNewPendingFabricCommon(const ByteSpan & noc, const By ReturnErrorOnFailure(mOpCertStore->AddNewOpCertsForFabric(fabricIndexToUse, noc, icac)); VerifyOrReturnError(SetPendingDataFabricIndex(fabricIndexToUse), CHIP_ERROR_INCORRECT_STATE); - CHIP_ERROR err = - AddOrUpdateInner(fabricIndexToUse, /* isAddition = */ true, existingOpKey, isExistingOpKeyExternallyOwned, vendorId); + CHIP_ERROR err = AddOrUpdateInner(fabricIndexToUse, /* isAddition = */ true, existingOpKey, isExistingOpKeyExternallyOwned, + vendorId, advertiseIdentity); if (err != CHIP_NO_ERROR) { // Revert partial state added on error @@ -1712,7 +1716,8 @@ CHIP_ERROR FabricTable::AddNewPendingFabricCommon(const ByteSpan & noc, const By } CHIP_ERROR FabricTable::UpdatePendingFabricCommon(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac, - Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned) + Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, + AdvertiseIdentity advertiseIdentity) { VerifyOrReturnError(mOpCertStore != nullptr, CHIP_ERROR_INCORRECT_STATE); VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_ARGUMENT); @@ -1751,7 +1756,7 @@ CHIP_ERROR FabricTable::UpdatePendingFabricCommon(FabricIndex fabricIndex, const VerifyOrReturnError(SetPendingDataFabricIndex(fabricIndex), CHIP_ERROR_INCORRECT_STATE); CHIP_ERROR err = AddOrUpdateInner(fabricIndex, /* isAddition = */ false, existingOpKey, isExistingOpKeyExternallyOwned, - fabricInfo->GetVendorId()); + fabricInfo->GetVendorId(), advertiseIdentity); if (err != CHIP_NO_ERROR) { // Revert partial state added on error diff --git a/src/credentials/FabricTable.h b/src/credentials/FabricTable.h index 26102984e81130..96b5c415f7e237 100644 --- a/src/credentials/FabricTable.h +++ b/src/credentials/FabricTable.h @@ -112,6 +112,8 @@ class DLL_EXPORT FabricInfo bool HasOperationalKey() const { return mOperationalKey != nullptr; } + bool ShouldAdvertiseIdentity() const { return mShouldAdvertiseIdentity; } + friend class FabricTable; private: @@ -125,6 +127,7 @@ class DLL_EXPORT FabricInfo VendorId vendorId = VendorId::NotSpecified; /**< Vendor ID for commissioner of fabric */ Crypto::P256Keypair * operationalKeypair = nullptr; bool hasExternallyOwnedKeypair = false; + bool advertiseIdentity = false; CHIP_ERROR AreValid() const { @@ -204,7 +207,9 @@ class DLL_EXPORT FabricInfo { chip::Platform::Delete(mOperationalKey); } - mOperationalKey = nullptr; + mOperationalKey = nullptr; + mHasExternallyOwnedOperationalKey = false; + mShouldAdvertiseIdentity = true; mFabricIndex = kUndefinedFabricIndex; mNodeId = kUndefinedNodeId; @@ -230,14 +235,16 @@ class DLL_EXPORT FabricInfo // mFabricLabel is 33 bytes, so ends on a 1 mod 4 byte boundary. char mFabricLabel[kFabricLabelMaxLengthInBytes + 1] = { '\0' }; - // mFabricIndex, mVendorId, mHasExternallyOwnedOperationalKey are 4 bytes - // and do not end up with any padding if they come after the 33-byte - // mFabricLabel, so end on a 1 mod 4 byte boundary. + // mFabricIndex, mVendorId, mHasExternallyOwnedOperationalKey, + // mShouldAdvertiseIdentity are 5 bytes and do not include any padding if + // they come after the 33-byte mFabricLabel, so end on a 2 mod 4 byte + // boundary. FabricIndex mFabricIndex = kUndefinedFabricIndex; VendorId mVendorId = VendorId::NotSpecified; bool mHasExternallyOwnedOperationalKey = false; + bool mShouldAdvertiseIdentity = true; - // 3 bytes of padding here, since mOperationalKey needs to be void*-aligned, + // 2 bytes of padding here, since mOperationalKey needs to be void*-aligned, // so has to be at a 0 mod 4 byte location. mutable Crypto::P256Keypair * mOperationalKey = nullptr; @@ -400,6 +407,12 @@ class DLL_EXPORT FabricTable FabricTable(FabricTable const &) = delete; void operator=(FabricTable const &) = delete; + enum class AdvertiseIdentity : uint8_t + { + Yes, + No + }; + // Returns CHIP_ERROR_NOT_FOUND if there is no fabric for that index. CHIP_ERROR Delete(FabricIndex fabricIndex); void DeleteAllFabrics(); @@ -783,9 +796,10 @@ class DLL_EXPORT FabricTable * @retval other CHIP_ERROR_* on internal errors or certificate validation errors. */ CHIP_ERROR AddNewPendingFabricWithOperationalKeystore(const ByteSpan & noc, const ByteSpan & icac, uint16_t vendorId, - FabricIndex * outNewFabricIndex) + FabricIndex * outNewFabricIndex, + AdvertiseIdentity advertiseIdentity = AdvertiseIdentity::Yes) { - return AddNewPendingFabricCommon(noc, icac, vendorId, nullptr, false, outNewFabricIndex); + return AddNewPendingFabricCommon(noc, icac, vendorId, nullptr, false, advertiseIdentity, outNewFabricIndex); }; /** @@ -818,9 +832,11 @@ class DLL_EXPORT FabricTable */ CHIP_ERROR AddNewPendingFabricWithProvidedOpKey(const ByteSpan & noc, const ByteSpan & icac, uint16_t vendorId, Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, - FabricIndex * outNewFabricIndex) + FabricIndex * outNewFabricIndex, + AdvertiseIdentity advertiseIdentity = AdvertiseIdentity::Yes) { - return AddNewPendingFabricCommon(noc, icac, vendorId, existingOpKey, isExistingOpKeyExternallyOwned, outNewFabricIndex); + return AddNewPendingFabricCommon(noc, icac, vendorId, existingOpKey, isExistingOpKeyExternallyOwned, advertiseIdentity, + outNewFabricIndex); }; /** @@ -852,9 +868,10 @@ class DLL_EXPORT FabricTable * @retval CHIP_ERROR_INVALID_ARGUMENT if any of the arguments are invalid such as too large or out of bounds. * @retval other CHIP_ERROR_* on internal errors or certificate validation errors. */ - CHIP_ERROR UpdatePendingFabricWithOperationalKeystore(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac) + CHIP_ERROR UpdatePendingFabricWithOperationalKeystore(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac, + AdvertiseIdentity advertiseIdentity = AdvertiseIdentity::Yes) { - return UpdatePendingFabricCommon(fabricIndex, noc, icac, nullptr, false); + return UpdatePendingFabricCommon(fabricIndex, noc, icac, nullptr, false, advertiseIdentity); } /** @@ -886,9 +903,10 @@ class DLL_EXPORT FabricTable */ CHIP_ERROR UpdatePendingFabricWithProvidedOpKey(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac, - Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned) + Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, + AdvertiseIdentity advertiseIdentity = AdvertiseIdentity::Yes) { - return UpdatePendingFabricCommon(fabricIndex, noc, icac, existingOpKey, isExistingOpKeyExternallyOwned); + return UpdatePendingFabricCommon(fabricIndex, noc, icac, existingOpKey, isExistingOpKeyExternallyOwned, advertiseIdentity); } /** @@ -1050,16 +1068,17 @@ class DLL_EXPORT FabricTable // Core validation logic for fabric additions/updates CHIP_ERROR AddOrUpdateInner(FabricIndex fabricIndex, bool isAddition, Crypto::P256Keypair * existingOpKey, - bool isExistingOpKeyExternallyOwned, uint16_t vendorId); + bool isExistingOpKeyExternallyOwned, uint16_t vendorId, AdvertiseIdentity advertiseIdentity); // Common code for fabric addition, for either OperationalKeystore or injected key scenarios. CHIP_ERROR AddNewPendingFabricCommon(const ByteSpan & noc, const ByteSpan & icac, uint16_t vendorId, Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, - FabricIndex * outNewFabricIndex); + AdvertiseIdentity advertiseIdentity, FabricIndex * outNewFabricIndex); // Common code for fabric updates, for either OperationalKeystore or injected key scenarios. CHIP_ERROR UpdatePendingFabricCommon(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac, - Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned); + Crypto::P256Keypair * existingOpKey, bool isExistingOpKeyExternallyOwned, + AdvertiseIdentity advertiseIdentity); // Common code for looking up a fabric given a root public key, a fabric ID and an optional node id scoped to that fabric. const FabricInfo * FindFabricCommon(const Crypto::P256PublicKey & rootPubKey, FabricId fabricId, diff --git a/src/credentials/tests/TestFabricTable.cpp b/src/credentials/tests/TestFabricTable.cpp index 83866b3c8bf78b..96ed242a684310 100644 --- a/src/credentials/tests/TestFabricTable.cpp +++ b/src/credentials/tests/TestFabricTable.cpp @@ -145,7 +145,8 @@ static CHIP_ERROR LoadTestFabric_Node01_02(nlTestSuite * inSuite, FabricTable & /** * Load a single test fabric with with the Root02:ICA02:Node02_01 identity. */ -static CHIP_ERROR LoadTestFabric_Node02_01(nlTestSuite * inSuite, FabricTable & fabricTable, bool doCommit) +static CHIP_ERROR LoadTestFabric_Node02_01(nlTestSuite * inSuite, FabricTable & fabricTable, bool doCommit, + FabricTable::AdvertiseIdentity advertiseIdentity = FabricTable::AdvertiseIdentity::Yes) { Crypto::P256SerializedKeypair opKeysSerialized; FabricIndex fabricIndex; @@ -166,8 +167,9 @@ static CHIP_ERROR LoadTestFabric_Node02_01(nlTestSuite * inSuite, FabricTable & NL_TEST_ASSERT(inSuite, fabricTable.AddNewPendingTrustedRootCert(rcacSpan) == CHIP_NO_ERROR); - CHIP_ERROR err = fabricTable.AddNewPendingFabricWithProvidedOpKey(nocSpan, icacSpan, VendorId::TestVendor1, &opKey_Node02_01, - /*isExistingOpKeyExternallyOwned =*/true, &fabricIndex); + CHIP_ERROR err = + fabricTable.AddNewPendingFabricWithProvidedOpKey(nocSpan, icacSpan, VendorId::TestVendor1, &opKey_Node02_01, + /*isExistingOpKeyExternallyOwned =*/true, &fabricIndex, advertiseIdentity); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); if (doCommit) @@ -821,7 +823,9 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext) ByteSpan noc = fabric44CertAuthority.GetNoc(); NL_TEST_ASSERT_EQUALS(inSuite, fabricTable.FabricCount(), 2); - NL_TEST_ASSERT_SUCCESS(inSuite, fabricTable.UpdatePendingFabricWithOperationalKeystore(2, noc, ByteSpan{})); + NL_TEST_ASSERT_SUCCESS( + inSuite, + fabricTable.UpdatePendingFabricWithOperationalKeystore(2, noc, ByteSpan{}, FabricTable::AdvertiseIdentity::No)); NL_TEST_ASSERT_EQUALS(inSuite, fabricTable.FabricCount(), 2); // No storage yet @@ -839,12 +843,14 @@ void TestBasicAddNocUpdateNocFlow(nlTestSuite * inSuite, void * inContext) { NL_TEST_ASSERT(inSuite, iterFabricInfo.GetNodeId() == 55); NL_TEST_ASSERT(inSuite, iterFabricInfo.GetFabricId() == 11); + NL_TEST_ASSERT(inSuite, iterFabricInfo.ShouldAdvertiseIdentity()); saw1 = true; } if (iterFabricInfo.GetFabricIndex() == 2) { NL_TEST_ASSERT(inSuite, iterFabricInfo.GetNodeId() == 1000); NL_TEST_ASSERT(inSuite, iterFabricInfo.GetFabricId() == 44); + NL_TEST_ASSERT(inSuite, !iterFabricInfo.ShouldAdvertiseIdentity()); saw2 = true; } } @@ -1961,6 +1967,7 @@ void TestUpdateNocFailSafe(nlTestSuite * inSuite, void * inContext) { NL_TEST_ASSERT(inSuite, iterFabricInfo.GetNodeId() == 1000); NL_TEST_ASSERT(inSuite, iterFabricInfo.GetFabricId() == 44); + NL_TEST_ASSERT(inSuite, iterFabricInfo.ShouldAdvertiseIdentity()); saw1 = true; } } @@ -2072,6 +2079,7 @@ void TestUpdateNocFailSafe(nlTestSuite * inSuite, void * inContext) { NL_TEST_ASSERT(inSuite, iterFabricInfo.GetNodeId() == 1001); NL_TEST_ASSERT(inSuite, iterFabricInfo.GetFabricId() == 44); + NL_TEST_ASSERT(inSuite, iterFabricInfo.ShouldAdvertiseIdentity()); saw1 = true; } } @@ -2342,7 +2350,9 @@ void TestFabricLookup(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, fabricTableHolder.Init(&testStorage) == CHIP_NO_ERROR); FabricTable & fabricTable = fabricTableHolder.GetFabricTable(); NL_TEST_ASSERT(inSuite, LoadTestFabric_Node01_01(inSuite, fabricTable, /* doCommit = */ true) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, LoadTestFabric_Node02_01(inSuite, fabricTable, /* doCommit = */ true) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, + LoadTestFabric_Node02_01(inSuite, fabricTable, /* doCommit = */ true, FabricTable::AdvertiseIdentity::No) == + CHIP_NO_ERROR); // Attempt lookup of the Root01 fabric. { @@ -2360,6 +2370,7 @@ void TestFabricLookup(nlTestSuite * inSuite, void * inContext) return; } NL_TEST_ASSERT(inSuite, fabricInfo->GetFabricIndex() == 1); + NL_TEST_ASSERT(inSuite, fabricInfo->ShouldAdvertiseIdentity()); } // Attempt lookup of the Root02 fabric. @@ -2378,6 +2389,7 @@ void TestFabricLookup(nlTestSuite * inSuite, void * inContext) return; } NL_TEST_ASSERT(inSuite, fabricInfo->GetFabricIndex() == 2); + NL_TEST_ASSERT(inSuite, !fabricInfo->ShouldAdvertiseIdentity()); } } @@ -2446,7 +2458,8 @@ void TestAddNocRootCollision(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT_SUCCESS(inSuite, fabricTable.AddNewPendingTrustedRootCert(rcac)); FabricIndex newFabricIndex = kUndefinedFabricIndex; NL_TEST_ASSERT_SUCCESS(inSuite, - fabricTable.AddNewPendingFabricWithOperationalKeystore(noc, icac, kVendorId, &newFabricIndex)); + fabricTable.AddNewPendingFabricWithOperationalKeystore(noc, icac, kVendorId, &newFabricIndex, + FabricTable::AdvertiseIdentity::No)); NL_TEST_ASSERT_EQUALS(inSuite, fabricTable.FabricCount(), 1); NL_TEST_ASSERT(inSuite, newFabricIndex == 1); @@ -2457,6 +2470,8 @@ void TestAddNocRootCollision(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, fabricInfo != nullptr); if (fabricInfo != nullptr) { + NL_TEST_ASSERT(inSuite, !fabricInfo->ShouldAdvertiseIdentity()); + Credentials::ChipCertificateSet certificates; NL_TEST_ASSERT_SUCCESS(inSuite, certificates.Init(1)); NL_TEST_ASSERT_SUCCESS(inSuite, @@ -2561,6 +2576,8 @@ void TestAddNocRootCollision(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, fabricInfo != nullptr); if (fabricInfo != nullptr) { + NL_TEST_ASSERT(inSuite, fabricInfo->ShouldAdvertiseIdentity()); + Credentials::ChipCertificateSet certificates; NL_TEST_ASSERT_SUCCESS(inSuite, certificates.Init(1)); NL_TEST_ASSERT_SUCCESS(inSuite,