CASE spec refresh

project-chip · Jul 23, 2021 · 7c1ca90 · 7c1ca90
1 parent 9b0b5f2
commit 7c1ca90
Show file tree

Hide file tree

Showing 9 changed files with 417 additions and 461 deletions.
diff --git a/src/channel/Channel.h b/src/channel/Channel.h
@@ -107,6 +107,13 @@ class ChannelBuilder
         return *this;
     }
 
+    Credentials::CertificateKeyId & GetTrustedRootId() const { return *mCaseParameters.mTrustedRootId; }
+    ChannelBuilder & SetTrustedRootId(Credentials::CertificateKeyId * trustedRootId)
+    {
+        mCaseParameters.mTrustedRootId = trustedRootId;
+        return *this;
+    }
+
     Optional<Inet::IPAddress> GetForcePeerAddress() const { return mForcePeerAddr; }
     ChannelBuilder & SetForcePeerAddress(Inet::IPAddress peerAddr)
     {
@@ -121,6 +128,7 @@ class ChannelBuilder
     {
         uint16_t mPeerKeyId;
         Credentials::OperationalCredentialSet * mOperationalCredentialSet;
+        Credentials::CertificateKeyId * mTrustedRootId;
     } mCaseParameters;
 
     Optional<Inet::IPAddress> mForcePeerAddr;

diff --git a/src/channel/ChannelContext.cpp b/src/channel/ChannelContext.cpp
@@ -264,9 +264,9 @@ void ChannelContext::EnterCasePairingState()
     // TODO: currently only supports IP/UDP paring
     Transport::PeerAddress addr;
     addr.SetTransportType(Transport::Type::kUdp).SetIPAddress(prepare.mAddress);
-    CHIP_ERROR err = prepare.mCasePairingSession->EstablishSession(addr, &prepare.mBuilder.GetOperationalCredentialSet(),
-                                                                   prepare.mBuilder.GetPeerNodeId(),
-                                                                   mExchangeManager->GetNextKeyId(), ctxt, this);
+    CHIP_ERROR err = prepare.mCasePairingSession->EstablishSession(
+        addr, &prepare.mBuilder.GetOperationalCredentialSet(), prepare.mBuilder.GetTrustedRootId(),
+        prepare.mBuilder.GetPeerNodeId(), mExchangeManager->GetNextKeyId(), ctxt, this);
     if (err != CHIP_NO_ERROR)
     {
         ExitCasePairingState();

diff --git a/src/controller/CHIPDevice.cpp b/src/controller/CHIPDevice.cpp
@@ -533,7 +533,8 @@ CHIP_ERROR Device::WarmupCASESession()
     mLocalMessageCounter = 0;
     mPeerMessageCounter  = 0;
 
-    ReturnErrorOnFailure(mCASESession.EstablishSession(mDeviceAddress, mCredentials, mDeviceId, keyID, exchange, this));
+    ReturnErrorOnFailure(
+        mCASESession.EstablishSession(mDeviceAddress, mCredentials, *mTrustedRootId, mDeviceId, keyID, exchange, this));
 
     mState = ConnectionState::Connecting;
 

diff --git a/src/controller/CHIPDevice.h b/src/controller/CHIPDevice.h
@@ -82,6 +82,7 @@ struct ControllerDeviceInitParams
     Inet::InetLayer * inetLayer                         = nullptr;
     PersistentStorageDelegate * storageDelegate         = nullptr;
     Credentials::OperationalCredentialSet * credentials = nullptr;
+    Credentials::CertificateKeyId * trustedRoot         = nullptr;
     SessionIDAllocator * idAllocator                    = nullptr;
 #if CONFIG_NETWORK_LAYER_BLE
     Ble::BleLayer * bleLayer = nullptr;
@@ -184,6 +185,7 @@ class DLL_EXPORT Device : public Messaging::ExchangeDelegate, public SessionEsta
         mAdminId         = admin;
         mStorageDelegate = params.storageDelegate;
         mCredentials     = params.credentials;
+        mTrustedRootId   = params.trustedRoot;
         mIDAllocator     = params.idAllocator;
 #if CONFIG_NETWORK_LAYER_BLE
         mBleLayer = params.bleLayer;
@@ -477,6 +479,7 @@ class DLL_EXPORT Device : public Messaging::ExchangeDelegate, public SessionEsta
     CASESession mCASESession;
 
     Credentials::OperationalCredentialSet * mCredentials = nullptr;
+    Credentials::CertificateKeyId * mTrustedRootId       = nullptr;
 
     PersistentStorageDelegate * mStorageDelegate = nullptr;
 

diff --git a/src/credentials/CHIPOperationalCredentials.cpp b/src/credentials/CHIPOperationalCredentials.cpp
@@ -363,5 +363,24 @@ P256Keypair * OperationalCredentialSet::GetNodeKeypairAt(const CertificateKeyId
     return nullptr;
 }
 
+const ChipCertificateData * OperationalCredentialSet::GetRootCertificate(const CertificateKeyId & trustedRootId) const
+{
+    for (uint8_t i = 0; i < mOpCredCount; i++)
+    {
+        ChipCertificateSet * certSet = &mOpCreds[i];
+
+        for (uint8_t j = 0; j < certSet->GetCertCount(); j++)
+        {
+            const ChipCertificateData * cert = &certSet->GetCertSet()[j];
+            if (cert->mCertFlags.Has(CertFlags::kIsTrustAnchor) && cert->mAuthKeyId.data_equal(trustedRootId))
+            {
+                return cert;
+            }
+        }
+    }
+
+    return nullptr;
+}
+
 } // namespace Credentials
 } // namespace chip
diff --git a/src/credentials/CHIPOperationalCredentials.h b/src/credentials/CHIPOperationalCredentials.h
@@ -259,6 +259,8 @@ class DLL_EXPORT OperationalCredentialSet
 
     CHIP_ERROR SetDevOpCredKeypair(const CertificateKeyId & trustedRootId, P256Keypair * newKeypair);
 
+    const ChipCertificateData * GetRootCertificate(const CertificateKeyId & trustedRootId) const;
+
 private:
     ChipCertificateSet * mOpCreds;     /**< Pointer to an array of certificate data. */
     uint8_t mOpCredCount;              /**< Number of certificates in mOpCreds