From 569f1bb19b29a0f855df17a8a49f60feca5f334b Mon Sep 17 00:00:00 2001 From: Kedar Sovani Date: Sat, 31 Dec 2022 11:04:33 +0530 Subject: [PATCH] OpCreds: ICAC is optional and may not be added as part of commissioning --- matter/src/data_model/sdm/noc.rs | 9 +++++++-- matter/src/fabric.rs | 20 +++++++++++++++----- matter/src/secure_channel/case.rs | 9 +++++++-- 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/matter/src/data_model/sdm/noc.rs b/matter/src/data_model/sdm/noc.rs index 3812ed6..d03467e 100644 --- a/matter/src/data_model/sdm/noc.rs +++ b/matter/src/data_model/sdm/noc.rs @@ -141,8 +141,13 @@ impl NocCluster { let noc_value = Cert::new(r.noc_value.0).map_err(|_| NocStatus::InvalidNOC)?; info!("Received NOC as: {}", noc_value); - let icac_value = Cert::new(r.icac_value.0).map_err(|_| NocStatus::InvalidNOC)?; - info!("Received ICAC as: {}", icac_value); + let icac_value = if r.icac_value.0.len() != 0 { + let cert = Cert::new(r.icac_value.0).map_err(|_| NocStatus::InvalidNOC)?; + info!("Received ICAC as: {}", cert); + Some(cert) + } else { + None + }; let fabric = Fabric::new( noc_data.key_pair, diff --git a/matter/src/fabric.rs b/matter/src/fabric.rs index 8f85504..f868664 100644 --- a/matter/src/fabric.rs +++ b/matter/src/fabric.rs @@ -52,7 +52,7 @@ pub struct Fabric { fabric_id: u64, key_pair: Box, pub root_ca: Cert, - pub icac: Cert, + pub icac: Option, pub noc: Cert, pub ipk: KeySet, compressed_id: [u8; COMPRESSED_FABRIC_ID_LEN], @@ -63,7 +63,7 @@ impl Fabric { pub fn new( key_pair: KeyPair, root_ca: Cert, - icac: Cert, + icac: Option, noc: Cert, ipk: &[u8], ) -> Result { @@ -107,7 +107,7 @@ impl Fabric { fabric_id: 0, key_pair: Box::new(KeyPairDummy::new()?), root_ca: Cert::default(), - icac: Cert::default(), + icac: Some(Cert::default()), noc: Cert::default(), ipk: KeySet::default(), compressed_id: [0; COMPRESSED_FABRIC_ID_LEN], @@ -165,8 +165,14 @@ impl Fabric { let mut key = [0u8; MAX_CERT_TLV_LEN]; let len = self.root_ca.as_tlv(&mut key)?; psm.set_kv_slice(fb_key!(index, ST_RCA), &key[..len])?; - let len = self.icac.as_tlv(&mut key)?; + + let len = if let Some(icac) = &self.icac { + icac.as_tlv(&mut key)? + } else { + 0 + }; psm.set_kv_slice(fb_key!(index, ST_ICA), &key[..len])?; + let len = self.noc.as_tlv(&mut key)?; psm.set_kv_slice(fb_key!(index, ST_NOC), &key[..len])?; psm.set_kv_slice(fb_key!(index, ST_IPK), self.ipk.epoch_key())?; @@ -191,7 +197,11 @@ impl Fabric { let mut icac = Vec::new(); psm.get_kv_slice(fb_key!(index, ST_ICA), &mut icac)?; - let icac = Cert::new(icac.as_slice())?; + let icac = if icac.len() != 0 { + Some(Cert::new(icac.as_slice())?) + } else { + None + }; let mut noc = Vec::new(); psm.get_kv_slice(fb_key!(index, ST_NOC), &mut noc)?; diff --git a/matter/src/secure_channel/case.rs b/matter/src/secure_channel/case.rs index c034532..d75bf96 100644 --- a/matter/src/secure_channel/case.rs +++ b/matter/src/secure_channel/case.rs @@ -475,7 +475,10 @@ impl Case { let mut tw = TLVWriter::new(&mut write_buf); tw.start_struct(TagType::Anonymous)?; tw.str16_as(TagType::Context(1), |buf| fabric.noc.as_tlv(buf))?; - tw.str16_as(TagType::Context(2), |buf| fabric.icac.as_tlv(buf))?; + if let Some(icac_cert) = &fabric.icac { + tw.str16_as(TagType::Context(2), |buf| icac_cert.as_tlv(buf))? + }; + tw.str8(TagType::Context(3), signature)?; tw.str8(TagType::Context(4), &resumption_id)?; tw.end_container()?; @@ -515,7 +518,9 @@ impl Case { let mut tw = TLVWriter::new(&mut write_buf); tw.start_struct(TagType::Anonymous)?; tw.str16_as(TagType::Context(1), |buf| fabric.noc.as_tlv(buf))?; - tw.str16_as(TagType::Context(2), |buf| fabric.icac.as_tlv(buf))?; + if let Some(icac_cert) = &fabric.icac { + tw.str16_as(TagType::Context(2), |buf| icac_cert.as_tlv(buf))?; + } tw.str8(TagType::Context(3), our_pub_key)?; tw.str8(TagType::Context(4), peer_pub_key)?; tw.end_container()?;