From c407879a02f4bd8456a0ee2a41911ef261c678af Mon Sep 17 00:00:00 2001 From: Andrei Litvin Date: Thu, 20 Feb 2025 09:52:11 -0500 Subject: [PATCH 1/2] Detect provisional in cmd and attributes --- scripts/py_matter_idl/matter_idl/lint/lint_rules_parser.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/py_matter_idl/matter_idl/lint/lint_rules_parser.py b/scripts/py_matter_idl/matter_idl/lint/lint_rules_parser.py index 3f9745850f6ca5..6723c0956d18aa 100755 --- a/scripts/py_matter_idl/matter_idl/lint/lint_rules_parser.py +++ b/scripts/py_matter_idl/matter_idl/lint/lint_rules_parser.py @@ -90,6 +90,9 @@ def DecodeClusterFromXml(element: xml.etree.ElementTree.Element): if 'optional' in attr.attrib and attr.attrib['optional'] == 'true': continue + if 'apiMaturity' in attr.attrib and attr.attrib['apiMaturity'] == 'provisional': + continue + # when introducing access controls, the content of attributes may either be: # myName # or @@ -112,6 +115,9 @@ def DecodeClusterFromXml(element: xml.etree.ElementTree.Element): if 'optional' in cmd.attrib and cmd.attrib['optional'] == 'true': continue + if 'apiMaturity' in cmd.attrib and cmd.attrib['apiMaturity'] == 'provisional': + continue + required_commands.append(RequiredCommand( name=cmd.attrib["name"], code=parseNumberString(cmd.attrib['code']))) From bc0d0caef4473a7a2188f5c9dbdf8b4ade34df6d Mon Sep 17 00:00:00 2001 From: Andrei Litvin Date: Thu, 20 Feb 2025 10:10:44 -0500 Subject: [PATCH 2/2] Zap regen --- .../camera-common/camera-app.matter | 27 +++++++++++++++++-- .../rootnode_rainsensor_a7aa5d7738.matter | 27 +++++++++++++++++-- ...node_waterfreezedetector_dd94a13a16.matter | 27 +++++++++++++++++-- 3 files changed, 75 insertions(+), 6 deletions(-) diff --git a/examples/camera-app/camera-common/camera-app.matter b/examples/camera-app/camera-common/camera-app.matter index 0592f24c669731..c9f84a61375cb7 100644 --- a/examples/camera-app/camera-common/camera-app.matter +++ b/examples/camera-app/camera-common/camera-app.matter @@ -1883,12 +1883,14 @@ cluster OperationalCredentials = 62 { fabric_id fabricID = 3; node_id nodeID = 4; char_string<32> label = 5; + optional octet_string<85> vidVerificationStatement = 6; fabric_idx fabricIndex = 254; } fabric_scoped struct NOCStruct { - fabric_sensitive octet_string noc = 1; - nullable fabric_sensitive octet_string icac = 2; + octet_string noc = 1; + nullable octet_string icac = 2; + optional octet_string vvsc = 3; fabric_idx fabricIndex = 254; } @@ -1963,6 +1965,23 @@ cluster OperationalCredentials = 62 { octet_string rootCACertificate = 0; } + request struct SetVidVerificationStatementRequest { + optional vendor_id vendorID = 0; + optional octet_string vidVerificationStatement = 1; + optional octet_string vvsc = 2; + } + + request struct SignVidVerificationRequestRequest { + fabric_idx fabricIndex = 0; + octet_string<32> clientChallenge = 1; + } + + response struct SignVidVerificationResponse = 14 { + fabric_idx fabricIndex = 0; + int8u fabricBindingVersion = 1; + octet_string signature = 2; + } + /** Sender is requesting attestation information from the receiver. */ command access(invoke: administer) AttestationRequest(AttestationRequestRequest): AttestationResponse = 0; /** Sender is requesting a device attestation certificate from the receiver. */ @@ -1979,6 +1998,10 @@ cluster OperationalCredentials = 62 { command access(invoke: administer) RemoveFabric(RemoveFabricRequest): NOCResponse = 10; /** This command SHALL add a Trusted Root CA Certificate, provided as its CHIP Certificate representation. */ command access(invoke: administer) AddTrustedRootCertificate(AddTrustedRootCertificateRequest): DefaultSuccess = 11; + /** This command SHALL be used to update any of the accessing fabric's associated VendorID, VidVerificatioNStatement or VVSC (Vendor Verification Signing Certificate). */ + fabric command access(invoke: administer) SetVidVerificationStatement(SetVidVerificationStatementRequest): DefaultSuccess = 12; + /** This command SHALL be used to request that the server authenticate the fabric associated with the FabricIndex given. */ + command access(invoke: administer) SignVidVerificationRequest(SignVidVerificationRequestRequest): SignVidVerificationResponse = 13; } /** The Group Key Management Cluster is the mechanism by which group keys are managed. */ diff --git a/examples/chef/devices/rootnode_rainsensor_a7aa5d7738.matter b/examples/chef/devices/rootnode_rainsensor_a7aa5d7738.matter index f4677e73306f05..1ff0f0572e8341 100644 --- a/examples/chef/devices/rootnode_rainsensor_a7aa5d7738.matter +++ b/examples/chef/devices/rootnode_rainsensor_a7aa5d7738.matter @@ -1333,12 +1333,14 @@ cluster OperationalCredentials = 62 { fabric_id fabricID = 3; node_id nodeID = 4; char_string<32> label = 5; + optional octet_string<85> vidVerificationStatement = 6; fabric_idx fabricIndex = 254; } fabric_scoped struct NOCStruct { - fabric_sensitive octet_string noc = 1; - nullable fabric_sensitive octet_string icac = 2; + octet_string noc = 1; + nullable octet_string icac = 2; + optional octet_string vvsc = 3; fabric_idx fabricIndex = 254; } @@ -1413,6 +1415,23 @@ cluster OperationalCredentials = 62 { octet_string rootCACertificate = 0; } + request struct SetVidVerificationStatementRequest { + optional vendor_id vendorID = 0; + optional octet_string vidVerificationStatement = 1; + optional octet_string vvsc = 2; + } + + request struct SignVidVerificationRequestRequest { + fabric_idx fabricIndex = 0; + octet_string<32> clientChallenge = 1; + } + + response struct SignVidVerificationResponse = 14 { + fabric_idx fabricIndex = 0; + int8u fabricBindingVersion = 1; + octet_string signature = 2; + } + /** Sender is requesting attestation information from the receiver. */ command access(invoke: administer) AttestationRequest(AttestationRequestRequest): AttestationResponse = 0; /** Sender is requesting a device attestation certificate from the receiver. */ @@ -1429,6 +1448,10 @@ cluster OperationalCredentials = 62 { command access(invoke: administer) RemoveFabric(RemoveFabricRequest): NOCResponse = 10; /** This command SHALL add a Trusted Root CA Certificate, provided as its CHIP Certificate representation. */ command access(invoke: administer) AddTrustedRootCertificate(AddTrustedRootCertificateRequest): DefaultSuccess = 11; + /** This command SHALL be used to update any of the accessing fabric's associated VendorID, VidVerificatioNStatement or VVSC (Vendor Verification Signing Certificate). */ + fabric command access(invoke: administer) SetVidVerificationStatement(SetVidVerificationStatementRequest): DefaultSuccess = 12; + /** This command SHALL be used to request that the server authenticate the fabric associated with the FabricIndex given. */ + command access(invoke: administer) SignVidVerificationRequest(SignVidVerificationRequestRequest): SignVidVerificationResponse = 13; } /** The Group Key Management Cluster is the mechanism by which group keys are managed. */ diff --git a/examples/chef/devices/rootnode_waterfreezedetector_dd94a13a16.matter b/examples/chef/devices/rootnode_waterfreezedetector_dd94a13a16.matter index eb45f311cece37..910a50682a3f7f 100644 --- a/examples/chef/devices/rootnode_waterfreezedetector_dd94a13a16.matter +++ b/examples/chef/devices/rootnode_waterfreezedetector_dd94a13a16.matter @@ -1333,12 +1333,14 @@ cluster OperationalCredentials = 62 { fabric_id fabricID = 3; node_id nodeID = 4; char_string<32> label = 5; + optional octet_string<85> vidVerificationStatement = 6; fabric_idx fabricIndex = 254; } fabric_scoped struct NOCStruct { - fabric_sensitive octet_string noc = 1; - nullable fabric_sensitive octet_string icac = 2; + octet_string noc = 1; + nullable octet_string icac = 2; + optional octet_string vvsc = 3; fabric_idx fabricIndex = 254; } @@ -1413,6 +1415,23 @@ cluster OperationalCredentials = 62 { octet_string rootCACertificate = 0; } + request struct SetVidVerificationStatementRequest { + optional vendor_id vendorID = 0; + optional octet_string vidVerificationStatement = 1; + optional octet_string vvsc = 2; + } + + request struct SignVidVerificationRequestRequest { + fabric_idx fabricIndex = 0; + octet_string<32> clientChallenge = 1; + } + + response struct SignVidVerificationResponse = 14 { + fabric_idx fabricIndex = 0; + int8u fabricBindingVersion = 1; + octet_string signature = 2; + } + /** Sender is requesting attestation information from the receiver. */ command access(invoke: administer) AttestationRequest(AttestationRequestRequest): AttestationResponse = 0; /** Sender is requesting a device attestation certificate from the receiver. */ @@ -1429,6 +1448,10 @@ cluster OperationalCredentials = 62 { command access(invoke: administer) RemoveFabric(RemoveFabricRequest): NOCResponse = 10; /** This command SHALL add a Trusted Root CA Certificate, provided as its CHIP Certificate representation. */ command access(invoke: administer) AddTrustedRootCertificate(AddTrustedRootCertificateRequest): DefaultSuccess = 11; + /** This command SHALL be used to update any of the accessing fabric's associated VendorID, VidVerificatioNStatement or VVSC (Vendor Verification Signing Certificate). */ + fabric command access(invoke: administer) SetVidVerificationStatement(SetVidVerificationStatementRequest): DefaultSuccess = 12; + /** This command SHALL be used to request that the server authenticate the fabric associated with the FabricIndex given. */ + command access(invoke: administer) SignVidVerificationRequest(SignVidVerificationRequestRequest): SignVidVerificationResponse = 13; } /** The Group Key Management Cluster is the mechanism by which group keys are managed. */