project-chip
diff --git a/‎.clang-tidy
+1 b/‎.clang-tidy
+1
diff --git a/‎.gitmodules
+1 b/‎.gitmodules
+1
diff --git a/‎BUILD.gn
+1 b/‎BUILD.gn
+1
diff --git a/‎build/chip/tests.gni
100644100755
+3-2 b/‎build/chip/tests.gni
100644100755
+3-2
diff --git a/‎config/common/cmake/chip_gn.cmake
+1 b/‎config/common/cmake/chip_gn.cmake
+1
diff --git a/‎credentials/development/gen_commissioner_dut_test_plan_table.py
+1-2 b/‎credentials/development/gen_commissioner_dut_test_plan_table.py
+1-2
diff --git a/‎credentials/fetch-paa-certs-from-dcl.py ‎credentials/fetch_paa_certs_from_dcl.py
+56-13 b/‎credentials/fetch-paa-certs-from-dcl.py ‎credentials/fetch_paa_certs_from_dcl.py
+56-13
diff --git a/‎docs/testing/yaml.md
+10-1 b/‎docs/testing/yaml.md
+10-1
diff --git a/‎examples/air-purifier-app/air-purifier-common/air-purifier-app.zap
+2-1 b/‎examples/air-purifier-app/air-purifier-common/air-purifier-app.zap
+2-1
diff --git a/‎examples/air-quality-sensor-app/air-quality-sensor-common/air-quality-sensor-app.zap
+2-1 b/‎examples/air-quality-sensor-app/air-quality-sensor-common/air-quality-sensor-app.zap
+2-1
diff --git a/‎examples/all-clusters-app/all-clusters-common/all-clusters-app.zap
+3-13 b/‎examples/all-clusters-app/all-clusters-common/all-clusters-app.zap
+3-13
diff --git a/‎examples/all-clusters-minimal-app/all-clusters-common/all-clusters-minimal-app.zap
+2-1 b/‎examples/all-clusters-minimal-app/all-clusters-common/all-clusters-minimal-app.zap
+2-1
diff --git a/‎examples/bridge-app/bridge-common/bridge-app.zap
+2-1 b/‎examples/bridge-app/bridge-common/bridge-app.zap
+2-1
@@ -12,6 +12,7 @@ Checks: >
   readability-redundant-string-init,
   -bugprone-assignment-in-if-condition,
   -bugprone-branch-clone,
+  -bugprone-casting-through-void, #TODO remove this after fixing issues in source code, issue 34008
   -bugprone-copy-constructor-init,
   -bugprone-easily-swappable-parameters,
   -bugprone-forward-declaration-namespace,
 
@@ -252,6 +252,7 @@
 [submodule "third_party/boringssl/repo/src"]
 	path = third_party/boringssl/repo/src
 	url = https://github.com/google/boringssl.git
+	branch = master
 [submodule "third_party/mt793x_sdk/filogic"]
 	path = third_party/mt793x_sdk/filogic
 	url = https://github.com/MediaTek-Labs/genio-matter-bsp.git
 
@@ -161,6 +161,7 @@ if (current_toolchain != "${dir_pw_toolchain}/default:default") {
         "${chip_root}/examples/shell/standalone:chip-shell",
         "${chip_root}/src/app/tests/integration:chip-im-initiator",
         "${chip_root}/src/app/tests/integration:chip-im-responder",
+        "${chip_root}/src/inet/tests:inet-layer-test-tool",
         "${chip_root}/src/lib/address_resolve:address-resolve-tool",
         "${chip_root}/src/messaging/tests/echo:chip-echo-requester",
         "${chip_root}/src/messaging/tests/echo:chip-echo-responder",
 
@@ -15,6 +15,7 @@
 import("//build_overrides/build.gni")
 import("//build_overrides/chip.gni")
 
+import("${chip_root}/build/chip/tools.gni")
 import("${chip_root}/src/platform/device.gni")
 
 declare_args() {
@@ -40,6 +41,6 @@ declare_args() {
 }
 
 declare_args() {
-  # Enable use of nlfaultinjection.
-  chip_with_nlfaultinjection = chip_build_tests
+  # Enable use of nlfaultinjection when building tests or when building tools.
+  chip_with_nlfaultinjection = chip_build_tests || chip_build_tools
 }
@@ -158,6 +158,7 @@ macro(matter_build target)
         ${CHIP_ROOT}/src/include
         ${CHIP_ROOT}/third_party/nlassert/repo/include
         ${CHIP_ROOT}/third_party/nlio/repo/include
+        ${CHIP_ROOT}/third_party/nlfaultinjection/include
         ${CHIP_ROOT}/zzz_generated/app-common
         ${CMAKE_CURRENT_BINARY_DIR}/gen/include
     )
 
@@ -86,8 +86,7 @@ def main():
         with open(path, 'r') as f:
             j = json.loads(f.read())
             success_expected = j['is_success_case'].lower() == 'true'
-            pid = 177 if 'fallback_encoding' in p else 32768
-            desc = TestInfo(desc=j['description'], dir=p, pid=pid)
+            desc = TestInfo(desc=j['description'], dir=p, pid=int(j['basic_info_pid']))
             if success_expected:
                 success_cases.append(desc)
             else:
 
@@ -37,6 +37,9 @@
 PRODUCTION_NODE_URL_REST = "https://on.dcl.csa-iot.org"
 TEST_NODE_URL_REST = "https://on.test-net.dcl.csa-iot.org"
 
+MATTER_CERT_CA_SUBJECT = "MFIxDDAKBgNVBAoMA0NTQTEsMCoGA1UEAwwjTWF0dGVyIENlcnRpZmljYXRpb24gYW5kIFRlc3RpbmcgQ0ExFDASBgorBgEEAYKifAIBDARDNUEw"
+MATTER_CERT_CA_SUBJECT_KEY_ID = "97:E4:69:D0:C5:04:14:C2:6F:C7:01:F7:7E:94:77:39:09:8D:F6:A5"
+
 
 def parse_paa_root_certs(cmdpipe, paa_list):
     """
@@ -73,13 +76,14 @@ def parse_paa_root_certs(cmdpipe, paa_list):
         else:
             if b': ' in line:
                 key, value = line.split(b': ')
-                result[key.strip(b' -').decode("utf-8")] = value.strip().decode("utf-8")
+                result[key.strip(b' -').decode("utf-8")
+                       ] = value.strip().decode("utf-8")
                 parse_paa_root_certs.counter += 1
                 if parse_paa_root_certs.counter % 2 == 0:
                     paa_list.append(copy.deepcopy(result))
 
 
-def write_paa_root_cert(certificate, subject):
+def write_cert(certificate, subject):
     filename = 'dcld_mirror_' + \
         re.sub('[^a-zA-Z0-9_-]', '', re.sub('[=, ]', '_', subject))
     with open(filename + '.pem', 'w+') as outfile:
@@ -93,7 +97,8 @@ def write_paa_root_cert(certificate, subject):
                 serialization.Encoding.DER)
             outfile.write(der_certificate)
     except (IOError, ValueError) as e:
-        print(f"ERROR: Failed to convert {filename + '.pem'}: {str(e)}. Skipping...")
+        print(
+            f"ERROR: Failed to convert {filename + '.pem'}: {str(e)}. Skipping...")
 
 
 def parse_paa_root_cert_from_dcld(cmdpipe):
@@ -133,7 +138,38 @@ def use_dcld(dcld, production, cmdlist):
 @optgroup.option('--paa-trust-store-path', default='paa-root-certs', type=str, metavar='PATH', help="PAA trust store path (default: paa-root-certs)")
 def main(use_main_net_dcld, use_test_net_dcld, use_main_net_http, use_test_net_http, paa_trust_store_path):
     """DCL PAA mirroring tools"""
+    fetch_paa_certs(use_main_net_dcld, use_test_net_dcld, use_main_net_http, use_test_net_http, paa_trust_store_path)
+
+
+def get_cert_from_rest(rest_node_url, subject, subject_key_id):
+    response = requests.get(
+        f"{rest_node_url}/dcl/pki/certificates/{subject}/{subject_key_id}").json()["approvedCertificates"]["certs"][0]
+    certificate = response["pemCert"].rstrip("\n")
+    subject = response["subjectAsText"]
+    return certificate, subject
+
+
+def fetch_cd_signing_certs(store_path):
+    ''' Only supports using main net http currently.'''
+    rest_node_url = PRODUCTION_NODE_URL_REST
+    os.makedirs(store_path, exist_ok=True)
+    original_dir = os.getcwd()
+    os.chdir(store_path)
 
+    cd_signer_ids = requests.get(
+        f"{rest_node_url}/dcl/pki/child-certificates/{MATTER_CERT_CA_SUBJECT}/{MATTER_CERT_CA_SUBJECT_KEY_ID}").json()['childCertificates']['certIds']
+    for signer in cd_signer_ids:
+        subject = signer['subject']
+        subject_key_id = signer['subjectKeyId']
+        certificate, subject = get_cert_from_rest(rest_node_url, subject, subject_key_id)
+
+        print(f"Downloaded CD signing cert with subject: {subject}")
+        write_cert(certificate, subject)
+
+    os.chdir(original_dir)
+
+
+def fetch_paa_certs(use_main_net_dcld, use_test_net_dcld, use_main_net_http, use_test_net_http, paa_trust_store_path):
     production = False
     dcld = use_test_net_dcld
 
@@ -148,36 +184,43 @@ def main(use_main_net_dcld, use_test_net_dcld, use_main_net_http, use_test_net_h
     rest_node_url = PRODUCTION_NODE_URL_REST if production else TEST_NODE_URL_REST
 
     os.makedirs(paa_trust_store_path, exist_ok=True)
+    original_dir = os.getcwd()
     os.chdir(paa_trust_store_path)
 
     if use_rest:
-        paa_list = requests.get(f"{rest_node_url}/dcl/pki/root-certificates").json()["approvedRootCertificates"]["certs"]
+        paa_list = requests.get(
+            f"{rest_node_url}/dcl/pki/root-certificates").json()["approvedRootCertificates"]["certs"]
     else:
         cmdlist = ['query', 'pki', 'all-x509-root-certs']
 
-        cmdpipe = subprocess.Popen(use_dcld(dcld, production, cmdlist), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        cmdpipe = subprocess.Popen(use_dcld(
+            dcld, production, cmdlist), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 
         paa_list = []
         parse_paa_root_certs.counter = 0
         parse_paa_root_certs(cmdpipe, paa_list)
 
     for paa in paa_list:
+        if paa['subject'] == MATTER_CERT_CA_SUBJECT and paa['subjectKeyId'] == MATTER_CERT_CA_SUBJECT_KEY_ID:
+            # Don't include the CD signing cert as a PAA root.
+            continue
         if use_rest:
-            response = requests.get(
-                f"{rest_node_url}/dcl/pki/certificates/{paa['subject']}/{paa['subjectKeyId']}").json()["approvedCertificates"]["certs"][0]
-            certificate = response["pemCert"]
-            subject = response["subjectAsText"]
+            certificate, subject = get_cert_from_rest(rest_node_url, paa['subject'], paa['subjectKeyId'])
         else:
-            cmdlist = ['query', 'pki', 'x509-cert', '-u', paa['subject'], '-k', paa['subjectKeyId']]
+            cmdlist = ['query', 'pki', 'x509-cert', '-u',
+                       paa['subject'], '-k', paa['subjectKeyId']]
 
-            cmdpipe = subprocess.Popen(use_dcld(dcld, production, cmdlist), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+            cmdpipe = subprocess.Popen(use_dcld(
+                dcld, production, cmdlist), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 
             (certificate, subject) = parse_paa_root_cert_from_dcld(cmdpipe)
 
         certificate = certificate.rstrip('\n')
 
-        print(f"Downloaded certificate with subject: {subject}")
-        write_paa_root_cert(certificate, subject)
+        print(f"Downloaded PAA certificate with subject: {subject}")
+        write_cert(certificate, subject)
+
+    os.chdir(original_dir)
 
 
 if __name__ == "__main__":
 
@@ -349,7 +349,16 @@ NOTE: use the target appropriate to your system
 
 [chiptool.py](https://github.com/project-chip/connectedhomeip/blob/master/scripts/tests/chipyaml/chiptool.py)
 can be used to run tests against a commissioned DUT (commissioned by chip-tool).
-This will start an interactive instance of chip-tool automatically.
+To commission a DUT using chip-tool use the pairing command. For example:
+
+```
+./out/linux-x64-chip-tool/chip-tool pairing code 0x12344321 MT:-24J0AFN00KA0648G00
+```
+
+In this example, 0x12344321 is the node ID (0x12344321 is the test default) and
+MT:-24J0AFN00KA0648G00 is the QR code.
+
+The chiptool.py tool can then be used to run the tests. For example:
 
 ```
 ./scripts/tests/chipyaml/chiptool.py tests Test_TC_OO_2_1 --server_path ./out/linux-x64-chip-tool/chip-tool
 
@@ -1,6 +1,6 @@
 {
   "fileFormat": 2,
-  "featureLevel": 100,
+  "featureLevel": 103,
   "creator": "zap",
   "keyValuePairs": [
     {
@@ -29,6 +29,7 @@
       "pathRelativity": "relativeToZap",
       "path": "../../../src/app/zap-templates/app-templates.json",
       "type": "gen-templates-json",
+      "category": "matter",
       "version": "chip-v1"
     }
   ],
 
@@ -1,6 +1,6 @@
 {
   "fileFormat": 2,
-  "featureLevel": 100,
+  "featureLevel": 103,
   "creator": "zap",
   "keyValuePairs": [
     {
@@ -29,6 +29,7 @@
       "pathRelativity": "relativeToZap",
       "path": "../../../src/app/zap-templates/app-templates.json",
       "type": "gen-templates-json",
+      "category": "matter",
       "version": "chip-v1"
     }
   ],
 
@@ -1,6 +1,6 @@
 {
   "fileFormat": 2,
-  "featureLevel": 102,
+  "featureLevel": 103,
   "creator": "zap",
   "keyValuePairs": [
     {
@@ -29,6 +29,7 @@
       "pathRelativity": "relativeToZap",
       "path": "../../../src/app/zap-templates/app-templates.json",
       "type": "gen-templates-json",
+      "category": "matter",
       "version": "chip-v1"
     }
   ],
@@ -8226,7 +8227,6 @@
           "define": "OPERATIONAL_STATE_OVEN_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "commands": [
             {
               "name": "Pause",
@@ -8487,7 +8487,6 @@
           "define": "OVEN_MODE_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "commands": [
             {
               "name": "ChangeToMode",
@@ -8644,7 +8643,6 @@
           "define": "LAUNDRY_DRYER_CONTROLS_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "attributes": [
             {
               "name": "SupportedDrynessLevels",
@@ -10898,7 +10896,6 @@
           "define": "MICROWAVE_OVEN_MODE_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "attributes": [
             {
               "name": "SupportedModes",
@@ -12202,7 +12199,6 @@
           "define": "BOOLEAN_STATE_CONFIGURATION_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "commands": [
             {
               "name": "SuppressAlarm",
@@ -12471,7 +12467,6 @@
           "define": "VALVE_CONFIGURATION_AND_CONTROL_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "commands": [
             {
               "name": "Open",
@@ -12788,7 +12783,6 @@
           "define": "ELECTRICAL_POWER_MEASUREMENT_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "attributes": [
             {
               "name": "PowerMode",
@@ -13208,7 +13202,6 @@
           "define": "ELECTRICAL_ENERGY_MEASUREMENT_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "attributes": [
             {
               "name": "Accuracy",
@@ -13580,7 +13573,7 @@
               "code": 5,
               "mfgCode": null,
               "side": "server",
-              "type": "array",
+              "type": "PowerAdjustCapabilityStruct",
               "included": 1,
               "storageOption": "External",
               "singleton": 0,
@@ -13758,7 +13751,6 @@
           "define": "ENERGY_EVSE_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "commands": [
             {
               "name": "GetTargetsResponse",
@@ -14434,7 +14426,6 @@
           "define": "POWER_TOPOLOGY_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "attributes": [
             {
               "name": "AvailableEndpoints",
@@ -14573,7 +14564,6 @@
           "define": "ENERGY_EVSE_MODE_CLUSTER",
           "side": "server",
           "enabled": 1,
-          "apiMaturity": "provisional",
           "commands": [
             {
               "name": "ChangeToMode",
 
@@ -1,6 +1,6 @@
 {
   "fileFormat": 2,
-  "featureLevel": 102,
+  "featureLevel": 103,
   "creator": "zap",
   "keyValuePairs": [
     {
@@ -29,6 +29,7 @@
       "pathRelativity": "relativeToZap",
       "path": "../../../src/app/zap-templates/app-templates.json",
       "type": "gen-templates-json",
+      "category": "matter",
       "version": "chip-v1"
     }
   ],
 
@@ -1,6 +1,6 @@
 {
   "fileFormat": 2,
-  "featureLevel": 100,
+  "featureLevel": 103,
   "creator": "zap",
   "keyValuePairs": [
     {
@@ -29,6 +29,7 @@
       "pathRelativity": "relativeToZap",
       "path": "../../../src/app/zap-templates/app-templates.json",
       "type": "gen-templates-json",
+      "category": "matter",
       "version": "chip-v1"
     }
   ],
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@`
`15`	`15`	`import("//build_overrides/build.gni")`
`16`	`16`	`import("//build_overrides/chip.gni")`
`17`	`17`
	`18`	`+import("${chip_root}/build/chip/tools.gni")`
`18`	`19`	`import("${chip_root}/src/platform/device.gni")`
`19`	`20`
`20`	`21`	`declare_args() {`
`@@ -40,6 +41,6 @@ declare_args() {`
`40`	`41`	`}`
`41`	`42`
`42`	`43`	`declare_args() {`
`43`		`- # Enable use of nlfaultinjection.`
`44`		`- chip_with_nlfaultinjection = chip_build_tests`
	`44`	`+ # Enable use of nlfaultinjection when building tests or when building tools.`
	`45`	`+ chip_with_nlfaultinjection = chip_build_tests \|\| chip_build_tools`
`45`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -158,6 +158,7 @@ macro(matter_build target)`
`158`	`158`	`${CHIP_ROOT}/src/include`
`159`	`159`	`${CHIP_ROOT}/third_party/nlassert/repo/include`
`160`	`160`	`${CHIP_ROOT}/third_party/nlio/repo/include`
	`161`	`+ ${CHIP_ROOT}/third_party/nlfaultinjection/include`
`161`	`162`	`${CHIP_ROOT}/zzz_generated/app-common`
`162`	`163`	`${CMAKE_CURRENT_BINARY_DIR}/gen/include`
`163`	`164`	`)`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"fileFormat": 2,`
`3`		`- "featureLevel": 100,`
	`3`	`+ "featureLevel": 103,`
`4`	`4`	`"creator": "zap",`
`5`	`5`	`"keyValuePairs": [`
`6`	`6`	`{`
`@@ -29,6 +29,7 @@`
`29`	`29`	`"pathRelativity": "relativeToZap",`
`30`	`30`	`"path": "../../../src/app/zap-templates/app-templates.json",`
`31`	`31`	`"type": "gen-templates-json",`
	`32`	`+ "category": "matter",`
`32`	`33`	`"version": "chip-v1"`
`33`	`34`	`}`
`34`	`35`	`],`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"fileFormat": 2,`
`3`		`- "featureLevel": 102,`
	`3`	`+ "featureLevel": 103,`
`4`	`4`	`"creator": "zap",`
`5`	`5`	`"keyValuePairs": [`
`6`	`6`	`{`
`@@ -29,6 +29,7 @@`
`29`	`29`	`"pathRelativity": "relativeToZap",`
`30`	`30`	`"path": "../../../src/app/zap-templates/app-templates.json",`
`31`	`31`	`"type": "gen-templates-json",`
	`32`	`+ "category": "matter",`
`32`	`33`	`"version": "chip-v1"`
`33`	`34`	`}`
`34`	`35`	`],`