forked from project-chip/connectedhomeip
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathOperationalCredentialCluster.xml
325 lines (319 loc) · 14.4 KB
/
OperationalCredentialCluster.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
<?xml version="1.0"?>
<!--
Copyright (C) Connectivity Standards Alliance (2021). All rights reserved.
The information within this document is the property of the Connectivity
Standards Alliance and its use and disclosure are restricted, except as
expressly set forth herein.
Connectivity Standards Alliance hereby grants you a fully-paid, non-exclusive,
nontransferable, worldwide, limited and revocable license (without the right to
sublicense), under Connectivity Standards Alliance's applicable copyright
rights, to view, download, save, reproduce and use the document solely for your
own internal purposes and in accordance with the terms of the license set forth
herein. This license does not authorize you to, and you expressly warrant that
you shall not: (a) permit others (outside your organization) to use this
document; (b) post or publish this document; (c) modify, adapt, translate, or
otherwise change this document in any manner or create any derivative work
based on this document; (d) remove or modify any notice or label on this
document, including this Copyright Notice, License and Disclaimer. The
Connectivity Standards Alliance does not grant you any license hereunder other
than as expressly stated herein.
Elements of this document may be subject to third party intellectual property
rights, including without limitation, patent, copyright or trademark rights,
and any such third party may or may not be a member of the Connectivity
Standards Alliance. Connectivity Standards Alliance members grant other
Connectivity Standards Alliance members certain intellectual property rights as
set forth in the Connectivity Standards Alliance IPR Policy. Connectivity
Standards Alliance members do not grant you any rights under this license. The
Connectivity Standards Alliance is not responsible for, and shall not be held
responsible in any manner for, identifying or failing to identify any or all
such third party intellectual property rights. Please visit www.csa-iot.org for
more information on how to become a member of the Connectivity Standards
Alliance.
This document and the information contained herein are provided on an “AS IS”
basis and the Connectivity Standards Alliance DISCLAIMS ALL WARRANTIES EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO (A) ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OF THIRD PARTIES (INCLUDING
WITHOUT LIMITATION ANY INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENT, COPYRIGHT
OR TRADEMARK RIGHTS); OR (B) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT. IN NO EVENT WILL THE
CONNECTIVITY STANDARDS ALLIANCE BE LIABLE FOR ANY LOSS OF PROFITS, LOSS OF
BUSINESS, LOSS OF USE OF DATA, INTERRUPTION OF BUSINESS, OR FOR ANY OTHER
DIRECT, INDIRECT, SPECIAL OR EXEMPLARY, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL
DAMAGES OF ANY KIND, IN CONTRACT OR IN TORT, IN CONNECTION WITH THIS DOCUMENT
OR THE INFORMATION CONTAINED HEREIN, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
LOSS OR DAMAGE.
All company, brand and product names in this document may be trademarks that
are the sole property of their respective owners.
This notice and disclaimer must be included on all copies of this document.
Connectivity Standards Alliance
508 Second Street, Suite 206
Davis, CA 95616, USA
-->
<cluster xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="types types.xsd cluster cluster.xsd" id="" name="Node Operational Credentials Cluster" revision="1">
<revisionHistory>
<revision revision="1" summary="Initial Release"/>
</revisionHistory>
<clusterIds>
<clusterId id="0x003E" name="Operational Credentials"/>
</clusterIds>
<classification hierarchy="base" role="utility" picsCode="OPCREDS" scope="Node"/>
<dataTypes>
<number name="Attestation Elements" type=""/>
<number name="Attestation Information" type=""/>
<number name="NOCSR Elements" type=""/>
<number name="NOCSR Information" type=""/>
<number name="RESP_MAX Constant" type=""/>
<enum name="CertificateChainTypeEnum">
<item value="1" name="DACCertificate" summary="Request the DER-encoded DAC certificate">
<mandatoryConform/>
</item>
<item value="2" name="PAICertificate" summary="Request the DER-encoded PAI certificate">
<mandatoryConform/>
</item>
</enum>
<enum name="NodeOperationalCertStatusEnum">
<item value="0" name="OK" summary="OK, no error">
<mandatoryConform/>
</item>
<item value="1" name="InvalidPublicKey" summary="[[ref_InvalidPublicKey]] Public Key in the NOC does not match the public key in the NOCSR">
<mandatoryConform/>
</item>
<item value="2" name="InvalidNodeOpId" summary="[[ref_InvalidOperationalId]] The Node Operational ID in the NOC is not formatted correctly.">
<mandatoryConform/>
</item>
<item value="3" name="InvalidNOC" summary="[[ref_InvalidNoc]] Any other validation error in NOC chain">
<mandatoryConform/>
</item>
<item value="4" name="MissingCsr" summary="[[ref_MissingCsr]] No record of prior CSR for which this NOC could match">
<mandatoryConform/>
</item>
<item value="5" name="TableFull" summary="[[ref_TableFull]] NOCs table full, cannot add another one">
<mandatoryConform/>
</item>
<item value="6" name="InvalidAdminSubject" summary="[[ref_InvalidAdminSubject]] Invalid CaseAdminSubject field for an AddNOC command.">
<mandatoryConform/>
</item>
<item value="7" name="Item7" summary="Reserved for future use">
<mandatoryConform/>
</item>
<item value="8" name="Item8" summary="Reserved for future use">
<mandatoryConform/>
</item>
<item value="9" name="FabricConflict" summary="[[ref_FabricConflict]] Trying to AddNOC instead of UpdateNOC against an existing Fabric.">
<mandatoryConform/>
</item>
<item value="10" name="LabelConflict" summary="[[ref_LabelConflict]] Label already exists on another Fabric.">
<mandatoryConform/>
</item>
<item value="11" name="InvalidFabricIndex" summary="[[ref_InvalidFabricIndex]] FabricIndex argument is invalid.">
<mandatoryConform/>
</item>
</enum>
<struct name="FabricDescriptorStruct">
<field id="1" name="RootPublicKey" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="65"/>
</field>
<field id="2" name="VendorID" type="vendor-id">
<mandatoryConform/>
<constraint type="desc"/>
</field>
<field id="3" name="FabricID" type="fabric-id">
<mandatoryConform/>
</field>
<field id="4" name="NodeID" type="node-id">
<mandatoryConform/>
</field>
<field id="5" name="Label" type="string" default=""">
<mandatoryConform/>
<constraint type="maxLength" value="32"/>
</field>
<access fabricScoped="true"/>
</struct>
<struct name="NOCStruct">
<field id="1" name="NOC" type="octstr">
<access fabricSensitive="true"/>
<mandatoryConform/>
<constraint type="maxLength" value="400"/>
</field>
<field id="2" name="ICAC" type="octstr">
<access fabricSensitive="true"/>
<quality nullable="true"/>
<mandatoryConform/>
<constraint type="maxLength" value="400"/>
</field>
<access fabricScoped="true"/>
</struct>
</dataTypes>
<attributes>
<attribute id="0x0000" name="NOCs" type="list">
<entry type="NOCStruct"/>
<access read="true" readPrivilege="admin" fabricScoped="true"/>
<quality changeOmitted="true" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
<mandatoryConform/>
<constraint type="maxCount" value="SupportedFabrics"/>
</attribute>
<attribute id="0x0001" name="Fabrics" type="list">
<entry type="FabricDescriptorStruct"/>
<access read="true" readPrivilege="view" fabricScoped="true"/>
<quality changeOmitted="false" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
<mandatoryConform/>
<constraint type="maxCount" value="SupportedFabrics"/>
</attribute>
<attribute id="0x0002" name="SupportedFabrics" type="uint8">
<access read="true" readPrivilege="view"/>
<quality changeOmitted="false" nullable="false" scene="false" persistence="fixed" reportable="false"/>
<mandatoryConform/>
<constraint type="between" from="5" to="254"/>
</attribute>
<attribute id="0x0003" name="CommissionedFabrics" type="uint8">
<access read="true" readPrivilege="view"/>
<quality changeOmitted="false" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
<mandatoryConform/>
<constraint type="max" value="SupportedFabrics"/>
</attribute>
<attribute id="0x0004" name="TrustedRootCertificates" type="list">
<entry type="octstr">
<constraint type="maxLength" value="400"/>
</entry>
<access read="true" readPrivilege="view"/>
<quality changeOmitted="true" nullable="false" scene="false" persistence="nonVolatile" reportable="false"/>
<mandatoryConform/>
<constraint type="maxCount" value="SupportedFabrics"/>
</attribute>
<attribute id="0x0005" name="CurrentFabricIndex" type="uint8" default="0">
<access read="true" readPrivilege="view"/>
<mandatoryConform/>
</attribute>
</attributes>
<commands>
<command id="0x00" name="AttestationRequest" direction="commandToServer" response="AttestationResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="AttestationNonce" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="32"/>
</field>
</command>
<command id="0x01" name="AttestationResponse" direction="responseFromServer">
<mandatoryConform/>
<field id="0" name="AttestationElements" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="RESP_MAX Constant Type"/>
</field>
<field id="1" name="AttestationSignature" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="64"/>
</field>
</command>
<command id="0x02" name="CertificateChainRequest" direction="commandToServer" response="CertificateChainResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="CertificateType" type="CertificateChainTypeEnum">
<mandatoryConform/>
<constraint type="desc"/>
</field>
</command>
<command id="0x03" name="CertificateChainResponse" direction="responseFromServer">
<mandatoryConform/>
<field id="0" name="Certificate" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="600"/>
</field>
</command>
<command id="0x04" name="CSRRequest" direction="commandToServer" response="CSRResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="CSRNonce" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="32"/>
</field>
<field id="1" name="IsForUpdateNOC" type="bool" default="false">
<optionalConform/>
</field>
</command>
<command id="0x05" name="CSRResponse" direction="responseFromServer">
<mandatoryConform/>
<field id="0" name="NOCSRElements" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="RESP_MAX Constant Type"/>
</field>
<field id="1" name="AttestationSignature" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="64"/>
</field>
</command>
<command id="0x06" name="AddNOC" direction="commandToServer" response="NOCResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="NOCValue" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="400"/>
</field>
<field id="1" name="ICACValue" type="octstr">
<optionalConform/>
<constraint type="maxLength" value="400"/>
</field>
<field id="2" name="IPKValue" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="16"/>
</field>
<field id="3" name="CaseAdminSubject" type="SubjectID">
<mandatoryConform/>
</field>
<field id="4" name="AdminVendorId" type="vendor-id">
<mandatoryConform/>
</field>
</command>
<command id="0x07" name="UpdateNOC" direction="commandToServer" response="NOCResponse">
<access invokePrivilege="admin" fabricScoped="true"/>
<mandatoryConform/>
<field id="0" name="NOCValue" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="400"/>
</field>
<field id="1" name="ICACValue" type="octstr">
<optionalConform/>
<constraint type="maxLength" value="400"/>
</field>
</command>
<command id="0x08" name="NOCResponse" direction="responseFromServer">
<mandatoryConform/>
<field id="0" name="StatusCode" type="NodeOperationalCertStatusEnum">
<mandatoryConform/>
</field>
<field id="1" name="FabricIndex" type="fabric-idx">
<optionalConform/>
<constraint type="between" from="1" to="254"/>
</field>
<field id="2" name="DebugText" type="string">
<optionalConform/>
<constraint type="maxLength" value="128"/>
</field>
</command>
<command id="0x09" name="UpdateFabricLabel" direction="commandToServer" response="NOCResponse">
<access invokePrivilege="admin" fabricScoped="true"/>
<mandatoryConform/>
<field id="0" name="Label" type="string">
<mandatoryConform/>
<constraint type="maxLength" value="32"/>
</field>
</command>
<command id="0x0A" name="RemoveFabric" direction="commandToServer" response="NOCResponse">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="FabricIndex" type="fabric-idx">
<mandatoryConform/>
<constraint type="between" from="1" to="254"/>
</field>
</command>
<command id="0x0B" name="AddTrustedRootCertificate" direction="commandToServer" response="Y">
<access invokePrivilege="admin"/>
<mandatoryConform/>
<field id="0" name="RootCACertificate" type="octstr">
<mandatoryConform/>
<constraint type="maxLength" value="400"/>
</field>
</command>
</commands>
</cluster>