-
Notifications
You must be signed in to change notification settings - Fork 2.1k
/
Copy pathTest_TC_OPCREDS_3_4.yaml
325 lines (260 loc) · 16.9 KB
/
Test_TC_OPCREDS_3_4.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
# Copyright (c) 2021 Project CHIP Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Auto-generated scripts for harness use only, please review before automation. The endpoints and cluster names are currently set to default
name: 15.2.3. [TC-OPCREDS-3.4] UpdateNOC-Error Condition [DUT-Server]
PICS:
- OPCREDS.S
config:
nodeId: 0x12344321
cluster: "Basic Information"
endpoint: 0
tests:
- label: "Precondition"
verification: |
TH and DUT are commissioned
disabled: true
- label: "Step 1: TH1 fully commissions the DUT"
verification: |
"DUT side:
sudo ./chip-all-clusters-app --wifi
TH side:
./chip-tool pairing ble-wifi 1 zigbeehome matter123 20202021 3841 --trace_decode 1
[1650455358.501816][4366:4371] CHIP:TOO: Device commissioning completed with success"
disabled: true
- label:
"Step 2: TH1 reads the NOCs attribute from the Node Operational
Credentials cluster using a fabric-filtered read"
verification: |
./chip-tool operationalcredentials read nocs 1 0 --fabric-filtered 1
Verify NOC lists and verify the returned lists has single entry in TH(chip-tool) Log
[1658736497.592132][3787:3792] CHIP:TOO: Endpoint: 0 Cluster: 0x0000_003E Attribute 0x0000_0000 DataVersion: 999376603
[1658736497.595396][3787:3792] CHIP:TOO: NOCs: 1 entries
[1658736497.595477][3787:3792] CHIP:TOO: [1]: {
[1658736497.595519][3787:3792] CHIP:TOO: Noc: 1530010101240201370324130118260480228127260580254D3A3706241501241101182407012408013009410410C15281FE7A04637C46E47E30948152C5F9481B6D62D08C9D476A3D44D26E20C704DCAE97FCA4612B17A2A9B16A2D78BF9220F63E9CD19C6589CFC4CE09FF90370A350128011824020136030402040118300414C8FF1A09BE17C6824D61DA88A603A7B180804009300514574F6879804602B57796FB2D6F7212969A171E7118300B40A969CA49361A3F69E3220B19583F05F6D6B2D156AFE1992FDAD8A67A22049A0A7F62E7F303BA0B8AFDC2826A77AC94A3D042F4C611FDE66B41E34B812CEB3CFB18
[1658736497.595588][3787:3792] CHIP:TOO: Icac: 1530010100240201370324140018260480228127260580254D3A37062413011824070124080130094104650A6D674CF5E46402644A71D2BD59888911C9B997F5797369BAA8545057A2379DDA08AF05269B0C009AF76F940EA120DCBAF0E7720921A44C22DC07BF1BD44C370A3501290118240260300414574F6879804602B57796FB2D6F7212969A171E713005142D48B9286C5E218E5AD7EFFC31E492E297FCA12818300B40604E48C301208B4CA077AD7EEAB2DAFA2A728556A86D610234AD8200E7AE0D85836279320D5F3EFF97D573D53FC9D88B44103602FC3CA8574C844A8379BCC52C18
[1658736497.595621][3787:3792] CHIP:TOO: FabricIndex: 1
[1658736497.595662][3787:3792] CHIP:TOO: }
disabled: true
- label:
"Step 3: TH1 reads the TrustedRootCertificates attribute from the Node
Operational Credentials cluster"
verification: |
./chip-tool operationalcredentials read trusted-root-certificates 1 0
Verify the value returned has a single entry
[1658736567.913921][3938:3943] CHIP:TOO: Endpoint: 0 Cluster: 0x0000_003E Attribute 0x0000_0004 DataVersion: 999376603
[1658736567.914057][3938:3943] CHIP:TOO: TrustedRootCertificates: 1 entries
[1658736567.914145][3938:3943] CHIP:TOO: [1]: 1530010100240201370324140018260480228127260580254D3A3706241400182407012408013009410470D319542F3A50625EF977E66A1277F3E50FCFF4516A5162E25016CB4E170A4D62562797E12184EB9A88A0160697122C9E473B7AA7F776E239CCB4420A82D4FE370A35012901182402603004142D48B9286C5E218E5AD7EFFC31E492E297FCA1283005142D48B9286C5E218E5AD7EFFC31E492E297FCA12818300B40C7EB3A1BA993A52EBC1D2E16C763CD9C9E4BDD82B166084FA72B5DF73437E9EB257271E09C69A8DEB6A2C09D42F833A788FD0E4092F0DA7229992B31587EE9DF18
disabled: true
- label:
"Step 4: TH1 sends the UpdateNOC command to the Node Operational
Credentials cluster with the following fields: NOCValue is set to
noc_original ICACValue is to set icac_original"
verification: |
Verify that the DUT responds with FAILSAFE_REQUIRED
./chip-tool operationalcredentials update-noc hex:1530010101240201370324130118260480228127260580254D3A3706241501241101182407012408013009410410C15281FE7A04637C46E47E30948152C5F9481B6D62D08C9D476A3D44D26E20C704DCAE97FCA4612B17A2A9B16A2D78BF9220F63E9CD19C6589CFC4CE09FF90370A350128011824020136030402040118300414C8FF1A09BE17C6824D61DA88A603A7B180804009300514574F6879804602B57796FB2D6F7212969A171E7118300B40A969CA49361A3F69E3220B19583F05F6D6B2D156AFE1992FDAD8A67A22049A0A7F62E7F303BA0B8AFDC2826A77AC94A3D042F4C611FDE66B41E34B812CEB3CFB18 1 0
[1658736631.224352][4080:4085] CHIP:DMG: ICR moving to [ResponseRe]
[1658736631.224399][4080:4085] CHIP:DMG: InvokeResponseMessage =
[1658736631.224425][4080:4085] CHIP:DMG: {
[1658736631.224450][4080:4085] CHIP:DMG: suppressResponse = false,
[1658736631.224476][4080:4085] CHIP:DMG: InvokeResponseIBs =
[1658736631.224506][4080:4085] CHIP:DMG: [
[1658736631.224531][4080:4085] CHIP:DMG: InvokeResponseIB =
[1658736631.224563][4080:4085] CHIP:DMG: {
[1658736631.224589][4080:4085] CHIP:DMG: CommandStatusIB =
[1658736631.224618][4080:4085] CHIP:DMG: {
[1658736631.224665][4080:4085] CHIP:DMG: CommandPathIB =
[1658736631.224706][4080:4085] CHIP:DMG: {
[1658736631.224739][4080:4085] CHIP:DMG: EndpointId = 0x0,
[1658736631.224776][4080:4085] CHIP:DMG: ClusterId = 0x3e,
[1658736631.224807][4080:4085] CHIP:DMG: CommandId = 0x7,
[1658736631.224843][4080:4085] CHIP:DMG: },
[1658736631.224876][4080:4085] CHIP:DMG:
[1658736631.224906][4080:4085] CHIP:DMG: StatusIB =
[1658736631.224940][4080:4085] CHIP:DMG: {
[1658736631.224977][4080:4085] CHIP:DMG: status = 0xca (FAILSAFE_REQUIRED),
[1658736631.225012][4080:4085] CHIP:DMG: },
[1658736631.225046][4080:4085] CHIP:DMG:
[1658736631.225075][4080:4085] CHIP:DMG: },
[1658736631.225109][4080:4085] CHIP:DMG:
[1658736631.225134][4080:4085] CHIP:DMG: },
[1658736631.225165][4080:4085] CHIP:DMG:
[1658736631.225189][4080:4085] CHIP:DMG: ],
[1658736631.225218][4080:4085] CHIP:DMG:
[1658736631.225243][4080:4085] CHIP:DMG: InteractionModelRevision = 1
[1658736631.225271][4080:4085] CHIP:DMG: },
[1658736631.225332][4080:4085] CHIP:DMG: Received Command Response Status for Endpoint=0 Cluster=0x0000_003E Command=0x0000_0007 Status=0xca
[1658736631.225367][4080:4085] CHIP:TOO: Error: IM Error 0x000005CA: General error: 0xca (FAILSAFE_REQUIRED)
disabled: true
- label:
"Step 5: TH1 sends ArmFailSafe command to the DUT with the
ExpiryLengthSeconds field set to 900"
verification: |
./chip-tool generalcommissioning arm-fail-safe 900 0 1 0
Verify the ArmFailSafeResponse with the ErrorCode set to OK is returned
[1658736675.488274][4129:4134] CHIP:DMG: Received Command Response Data, Endpoint=0 Cluster=0x0000_0030 Command=0x0000_0001
[1658736675.488329][4129:4134] CHIP:TOO: Endpoint: 0 Cluster: 0x0000_0030 Command 0x0000_0001
[1658736675.488401][4129:4134] CHIP:TOO: ArmFailSafeResponse: {
[1658736675.488441][4129:4134] CHIP:TOO: errorCode: 0
[1658736675.488471][4129:4134] CHIP:TOO: debugText:
[1658736675.488496][4129:4134] CHIP:TOO: }
disabled: true
- label:
"Step 6: TH1 sends the UpdateNOC command to the Node Operational
Credentials cluster with the following fields: NOCValue is set to
noc_original ICACValue is to set icac_original"
verification: |
Verify that the DUT responds with a NOCResponse with the StatusCode field set to MissingCsr that is status code 4
./chip-tool operationalcredentials update-noc hex:1530010101240201370324130118260480228127260580254D3A3706241501241101182407012408013009410410C15281FE7A04637C46E47E30948152C5F9481B6D62D08C9D476A3D44D26E20C704DCAE97FCA4612B17A2A9B16A2D78BF9220F63E9CD19C6589CFC4CE09FF90370A350128011824020136030402040118300414C8FF1A09BE17C6824D61DA88A603A7B180804009300514574F6879804602B57796FB2D6F7212969A171E7118300B40A969CA49361A3F69E3220B19583F05F6D6B2D156AFE1992FDAD8A67A22049A0A7F62E7F303BA0B8AFDC2826A77AC94A3D042F4C611FDE66B41E34B812CEB3CFB18 1 0
[1658736892.440441][4160:4170] CHIP:TOO: Endpoint: 0 Cluster: 0x0000_003E Command 0x0000_0008
[1658736892.440714][4160:4170] CHIP:TOO: NOCResponse: {
[1658736892.440945][4160:4170] CHIP:TOO: statusCode: 4
[1658736892.441000][4160:4170] CHIP:TOO: }
[1658736892.441078][4160:4170] CHIP:DMG: ICR moving to [AwaitingDe]
disabled: true
- label:
"Step 7: TH1 Sends CSRRequest command with the IsForUpdateNOC field
set to false"
verification: |
Verify that the DUT returns a CSRResponse and save as csr_not_update
To get csr nonce give below command 2 times in TH(chip-tool) Log
echo hex:$(hexdump -vn32 -e'4/4 "%08X" ' /dev/urandom)
./chip-tool operationalcredentials csrrequest hex:C11D6EAA00A54066220DA7F3FC5DC0F684C13D8B8FD3758B51163C2AEDD6F10F 1 0 --IsForUpdateNOC 0
Verify DUT returns a CSRResponse in TH(chip-tool) Log
[1658743641.233113][9670:9675] CHIP:DMG: Received Command Response Data, Endpoint=0 Cluster=0x0000_003E Command=0x0000_0005
[1658743641.233162][9670:9675] CHIP:TOO: Endpoint: 0 Cluster: 0x0000_003E Command 0x0000_0005
[1658743641.233226][9670:9675] CHIP:TOO: CSRResponse: {
[1658743641.233269][9670:9675] CHIP:TOO: NOCSRElements: 153001CA3081C73070020100300E310C300A060355040A0C034353523059301306072A8648CE3D020106082A8648CE3D03010703420004D3C12FD39A573184AC822E12F9D76C43EA3872B8D541BF0DCF68FF33AF7E62E71ADB4D4F35AA9E206D00CC290CCA1BAD557537A05BA8D3BAD1B7F3EE323B2CE9A000300A06082A8648CE3D04030203470030440220232B91662198D24E57F5967A06C0A554991CAA02D958D507AAAABB41450AD39002204575858E909DCE43563F33725928FF2AA01A176CECF611F9B248CD9D2CBC76CA300220C11D6EAA00A54066220DA7F3FC5DC0F684C13D8B8FD3758B51163C2AEDD6F10F18
[1658743641.233306][9670:9675] CHIP:TOO: attestationSignature: 2D4052E30061B78A79B5C2D392C93BEFADE17BA5F3547776A545D4913EC935CF446C9105E9F203BF898BF17F87106E63AD8E93E894C5398CAC344F7D6ECE27F6
disabled: true
- label:
"Step 8: TH1 generates a new NOC chain with ICAC with the following
properties: new NOC is generated from the NOCSR returned in
csr_not_for_update and is signed by ICA. Save as noc_not_for_update
ICAC must be signed by the original key for trusted_root_original.
Save as icac_not_for_update"
verification: |
disabled: true
- label:
"Step 9: TH1 sends the UpdateNOC command to the Node Operational
Credentials cluster with the following fields: NOCValue is set to
noc_not_for_update ICACValue is to set icac_not_for_update"
verification: |
disabled: true
- label:
"Step 10: TH1 Sends CSRRequest command with the IsForUpdateNOC field
set to true"
verification: |
disabled: true
- label:
"Step 11: TH1 sends the UpdateNOC command to the Node Operational
Credentials cluster with the following fields: NOCValue is set to
noc_original ICACValue is to set icac_original"
verification: |
disabled: true
- label:
"Step 12: TH1 generates a new Trusted Root Certificate and Private Key
and saves as new_root_cert and new_root_key so that TH can generate an
NOC for UpdateNOC that doesnt chain to the original root"
verification: |
disabled: true
- label:
"Step 13: TH1 generates a new NOC and ICAC with the following
properties: new NOC is generated from the NOCSR returned in csr_update
and is signed by new ICA. Save as noc_update_new_root new ICAC is
generated and signed by new_root_key. Save as icac_update_new_root"
verification: |
disabled: true
- label:
"Step 14: TH1 sends the UpdateNOC command to the Node Operational
Credentials cluster with the following fields: NOCValue is set to
noc_update_new_root ICACValue is to set icac_update_new_root"
verification: |
disabled: true
- label:
"Step 15: TH1 generates a new NOC and ICAC with the following
properties: new NOC is generated from the NOCSR returned in csr_update
with the matter-fabric-id set to a different value than noc_original.
The NOC is signed by new ICA. Save as noc_update_bad_fabric_on_noc new
ICAC is generated with the and matter-fabric-id omitted. ICAC is
signed by the original key for trusted_root_original. Save as
icac_update_bad_fabric_on_noc"
verification: |
disabled: true
- label:
"Step 16: TH1 sends the UpdateNOC command to the Node Operational
Credentials cluster with the following fields: NOCValue is set to
noc_update_bad_fabric_on_noc ICACValue is to set
icac_update_bad_fabric_on_noc"
verification: |
disabled: true
- label:
"Step 17: TH1 generates a new NOC and ICAC with the following
properties: new NOC is generated from the NOCSR returned in csr_update
with the matter-fabric-id set to the same value as noc_original. The
NOC is signed by new ICA. Save as noc_update_bad_fabric_on_icac new
ICAC is generated with the and matter-fabric-id included as set to a
different value than noc_original. ICAC is signed by the original key
for trusted_root_original. Save as icac_update_bad_fabric_on_icac"
verification: |
disabled: true
- label:
"Step 18: TH1 sends the UpdateNOC command to the Node Operational
Credentials cluster with the following fields: NOCValue is set to
noc_update_bad_fabric_on_icac ICACValue is to set
icac_update_bad_fabric_on_icac"
verification: |
disabled: true
- label:
"Step 19: TH1 sends AddTrustedRootCertificate command to DUT again
with the RootCACertificate field set to new_root_cert"
verification: |
disabled: true
- label:
"Step 20: TH1 sends the UpdateNOC command to the Node Operational
Credentials cluster with the following fields: NOCValue is set to
noc_update_new_root ICACValue is to set icac_update_new_root"
verification: |
disabled: true
- label:
"Step 21: TH1 sends ArmFailSafe command to the DUT with the
ExpiryLengthSeconds field set to 0"
verification: |
disabled: true
- label: "Step 22: TH1 sends an OpenCommissioningWindow command to the DUT"
verification: |
disabled: true
- label:
"Step 23: TH1 connects to the DUT over PASE and sends ArmFailSafe
command to the DUT with the ExpiryLengthSeconds field set to 900.
Steps 24-26 are all performed over the PASE connection."
verification: |
disabled: true
- label:
"Step 24: TH1 Sends CSRRequest command over PASE with the
IsForUpdateNOC field set to true"
verification: |
disabled: true
- label:
"Step 25: TH1 generates a new NOC chain with ICAC with the following
properties: new NOC is generated from the NOCSR returned in csr_pase
and is signed by ICA. Save as noc_pase ICAC must be signed by the
original key for trusted_root_original. Save as icac_pase"
verification: |
disabled: true
- label:
"Step 26: TH1 sends the UpdateNOC command to the Node Operational
Credentials cluster over PASE with the following fields: NOCValue is
set to noc_pase ICACValue is to set icac_pase"
verification: |
disabled: true