-
Notifications
You must be signed in to change notification settings - Fork 2.1k
/
Copy pathoperational-credentials-cluster.xml
173 lines (152 loc) · 8.24 KB
/
operational-credentials-cluster.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
<?xml version="1.0"?>
<!--
Copyright (c) 2021 Project CHIP Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configurator>
<domain name="CHIP"/>
<struct name="FabricDescriptorStruct" isFabricScoped="true">
<cluster code="0x003E"/>
<item fieldId="1" name="RootPublicKey" type="octet_string" length="65"/>
<item fieldId="2" name="VendorID" type="vendor_id"/>
<item fieldId="3" name="FabricID" type="fabric_id"/>
<item fieldId="4" name="NodeID" type="node_id"/>
<item fieldId="5" name="Label" type="char_string" length="32"/>
</struct>
<enum name="NodeOperationalCertStatusEnum" type="enum8">
<cluster code="0x003E"/>
<item name="OK" value="0x00"/>
<item name="InvalidPublicKey" value="0x01"/>
<item name="InvalidNodeOpId" value="0x02"/>
<item name="InvalidNOC" value="0x03"/>
<item name="MissingCsr" value="0x04"/>
<item name="TableFull" value="0x05"/>
<item name="InvalidAdminSubject" value="0x06"/>
<item name="FabricConflict" value="0x09"/>
<item name="LabelConflict" value="0x0a"/>
<item name="InvalidFabricIndex" value="0x0b"/>
</enum>
<struct name="NOCStruct" isFabricScoped="true">
<cluster code="0x003E"/>
<item fieldId="1" name="NOC" type="octet_string" isFabricSensitive="true"/>
<item fieldId="2" name="ICAC" type="octet_string" isNullable="true" isFabricSensitive="true"/>
</struct>
<enum name="CertificateChainTypeEnum" type="enum8">
<cluster code="0x003E"/>
<item name="DACCertificate" value="0x01"/>
<item name="PAICertificate" value="0x02"/>
</enum>
<cluster>
<domain>General</domain>
<name>Operational Credentials</name>
<code>0x003E</code>
<define>OPERATIONAL_CREDENTIALS_CLUSTER</define>
<description>This cluster is used to add or remove Operational Credentials on a Commissionee or Node, as well as manage the associated Fabrics.</description>
<attribute side="server" code="0x0000" name="NOCs" define="NOCS" type="array" entryType="NOCStruct" writable="false" optional="false">
<access op="read" privilege="administer"/>
<mandatoryConform/>
</attribute>
<attribute side="server" code="0x0001" name="Fabrics" define="FABRICS" type="array" entryType="FabricDescriptorStruct">
<mandatoryConform/>
</attribute>
<attribute side="server" code="0x0002" name="SupportedFabrics" define="SUPPORTED_FABRICS" type="int8u" min="5" max="254">
<mandatoryConform/>
</attribute>
<attribute side="server" code="0x0003" name="CommissionedFabrics" define="COMMISSIONED_FABRICS" type="int8u">
<mandatoryConform/>
</attribute>
<attribute side="server" code="0x0004" name="TrustedRootCertificates" define="TRUSTED_ROOT_CERTIFICATES" type="array" entryType="octet_string">
<mandatoryConform/>
</attribute>
<attribute side="server" code="0x0005" name="CurrentFabricIndex" define="CURRENT_FABRIC_INDEX" type="int8u">
<mandatoryConform/>
</attribute>
<command source="client" code="0x00" name="AttestationRequest" response="AttestationResponse" optional="false">
<description>Sender is requesting attestation information from the receiver.</description>
<arg name="AttestationNonce" type="octet_string" length="32"/>
<access op="invoke" privilege="administer"/>
<mandatoryConform/>
</command>
<command source="server" code="0x01" name="AttestationResponse" optional="false">
<description>An attestation information confirmation from the server.</description>
<arg name="AttestationElements" type="octet_string" length="900"/>
<arg name="AttestationSignature" type="octet_string" length="64"/>
<mandatoryConform/>
</command>
<command source="client" code="0x02" name="CertificateChainRequest" response="CertificateChainResponse" optional="false">
<description>Sender is requesting a device attestation certificate from the receiver.</description>
<arg name="CertificateType" type="CertificateChainTypeEnum"/>
<access op="invoke" privilege="administer"/>
<mandatoryConform/>
</command>
<command source="server" code="0x03" name="CertificateChainResponse" optional="false">
<description>A device attestation certificate (DAC) or product attestation intermediate (PAI) certificate from the server.</description>
<arg name="Certificate" type="octet_string" length="600"/>
<mandatoryConform/>
</command>
<command source="client" code="0x04" name="CSRRequest" response="CSRResponse" optional="false">
<description>Sender is requesting a certificate signing request (CSR) from the receiver.</description>
<arg name="CSRNonce" type="octet_string" length="32"/>
<arg name="IsForUpdateNOC" type="boolean" optional="true"/>
<access op="invoke" privilege="administer"/>
<mandatoryConform/>
</command>
<!-- TODO: Fix to match chip-spec:#3346 -->
<command source="server" code="0x05" name="CSRResponse" optional="false">
<description>A certificate signing request (CSR) from the server.</description>
<arg name="NOCSRElements" type="octet_string"/>
<arg name="AttestationSignature" type="octet_string"/>
<mandatoryConform/>
</command>
<command source="client" code="0x06" name="AddNOC" response="NOCResponse" optional="false">
<description>Sender is requesting to add the new node operational certificates.</description>
<arg name="NOCValue" type="octet_string" length="400"/>
<arg name="ICACValue" type="octet_string" optional="true" length="400"/>
<arg name="IPKValue" type="octet_string" length="16"/>
<arg name="CaseAdminSubject" type="int64u"/>
<arg name="AdminVendorId" type="vendor_id"/>
<access op="invoke" privilege="administer"/>
<mandatoryConform/>
</command>
<command source="client" code="0x07" name="UpdateNOC" response="NOCResponse" isFabricScoped="true" optional="false">
<description>Sender is requesting to update the node operational certificates.</description>
<arg name="NOCValue" type="octet_string"/>
<arg name="ICACValue" type="octet_string" optional="true"/>
<access op="invoke" privilege="administer"/>
<mandatoryConform/>
</command>
<command source="server" code="0x08" name="NOCResponse" optional="false">
<description>Response to AddNOC or UpdateNOC commands.</description>
<arg name="StatusCode" type="NodeOperationalCertStatusEnum"/>
<arg name="FabricIndex" type="fabric_idx" optional="true"/>
<arg name="DebugText" type="char_string" optional="true" length="128"/>
<mandatoryConform/>
</command>
<command source="client" code="0x09" name="UpdateFabricLabel" response="NOCResponse" isFabricScoped="true" optional="false">
<description>This command SHALL be used by an Administrative Node to set the user-visible Label field for a given Fabric, as reflected by entries in the Fabrics attribute.</description>
<arg name="Label" type="char_string" length="32"/>
<access op="invoke" privilege="administer"/>
<mandatoryConform/>
</command>
<command source="client" code="0x0a" name="RemoveFabric" response="NOCResponse" optional="false">
<description>This command is used by Administrative Nodes to remove a given fabric index and delete all associated fabric-scoped data.</description>
<arg name="FabricIndex" type="fabric_idx"/>
<access op="invoke" privilege="administer"/>
<mandatoryConform/>
</command>
<command source="client" code="0x0b" name="AddTrustedRootCertificate" optional="false">
<description>This command SHALL add a Trusted Root CA Certificate, provided as its CHIP Certificate representation.</description>
<arg name="RootCACertificate" type="octet_string"/>
<access op="invoke" privilege="administer"/>
<mandatoryConform/>
</command>
</cluster>
</configurator>