Add ability to add pending fabric at a chosen fabric index

mspang · mspang · commit 6af5226e63a1 · 2024-05-28T20:38:40.000-04:00
Currently it's only possible to allocate fabric indexes sequentially
starting from 1.

Sparse fabric tables could be produced by adding &amp; removing fabrics,
but not directly.

This allow the application to control the assignment of fabric ids
directly by providing a function that overrides the next index to use.

eg If an application has 3 fabrics, it can recreate the fabric table
from scratch while keeping consistent indexes.
diff --git a/src/credentials/FabricTable.cpp b/src/credentials/FabricTable.cpp
@@ -2124,4 +2124,16 @@ CHIP_ERROR FabricTable::PeekFabricIndexForNextAddition(FabricIndex & outIndex)
     return CHIP_NO_ERROR;
 }
 
+CHIP_ERROR FabricTable::SetFabricIndexForNextAddition(FabricIndex fabricIndex)
+{
+    VerifyOrReturnError(!mStateFlags.Has(StateFlags::kIsPendingFabricDataPresent), CHIP_ERROR_INCORRECT_STATE);
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    const FabricInfo * fabricInfo = FindFabricWithIndex(fabricIndex);
+    VerifyOrReturnError(fabricInfo == nullptr, CHIP_ERROR_FABRIC_EXISTS);
+
+    mNextAvailableFabricIndex.SetValue(fabricIndex);
+    return CHIP_NO_ERROR;
+}
+
 } // namespace chip
diff --git a/src/credentials/FabricTable.h b/src/credentials/FabricTable.h
@@ -1003,6 +1003,13 @@ class DLL_EXPORT FabricTable
      */
     CHIP_ERROR PeekFabricIndexForNextAddition(FabricIndex & outIndex);
 
+    /**
+     * Set the fabric index that will be used fo the next fabric added.
+     *
+     * Returns an error if the |fabricIndex| is already in use.
+     */
+    CHIP_ERROR SetFabricIndexForNextAddition(FabricIndex fabricIndex);
+
 private:
     enum class StateFlags : uint16_t
     {
diff --git a/src/credentials/tests/TestFabricTable.cpp b/src/credentials/tests/TestFabricTable.cpp
@@ -79,6 +79,10 @@ class ScopedFabricTable
     chip::Credentials::PersistentStorageOpCertStore mOpCertStore;
 };
 
+constexpr FabricId kNode01_01_FabricId = 0xFAB000000000001D;
+
+constexpr FabricId kNode02_01_FabricId = 0xFAB000000000001D;
+
 /**
  * Load a single test fabric with with the Root01:ICA01:Node01_01 identity.
  */
@@ -183,6 +187,18 @@ static CHIP_ERROR LoadTestFabric_Node02_01(FabricTable & fabricTable, bool doCom
     return err;
 }
 
+const FabricInfo * FindFabric(FabricTable & fabricTable, ByteSpan rootPublicKey, FabricId fabricId)
+{
+    Crypto::P256PublicKey key;
+    EXPECT_GE(key.Length(), rootPublicKey.size());
+    if (key.Length() < rootPublicKey.size())
+    {
+        return nullptr;
+    }
+    memcpy(key.Bytes(), rootPublicKey.data(), rootPublicKey.size());
+    return fabricTable.FindFabric(key, fabricId);
+}
+
 struct TestFabricTable : public ::testing::Test
 {
 
@@ -2281,14 +2297,7 @@ TEST_F(TestFabricTable, TestFabricLookup)
 
     // Attempt lookup of the Root01 fabric.
     {
-        Crypto::P256PublicKey key;
-        EXPECT_GE(key.Length(), TestCerts::sTestCert_Root01_PublicKey.size());
-        if (key.Length() < TestCerts::sTestCert_Root01_PublicKey.size())
-        {
-            return;
-        }
-        memcpy(key.Bytes(), TestCerts::sTestCert_Root01_PublicKey.data(), TestCerts::sTestCert_Root01_PublicKey.size());
-        auto fabricInfo = fabricTable.FindFabric(key, 0xFAB000000000001D);
+        auto fabricInfo = FindFabric(fabricTable, TestCerts::sTestCert_Root01_PublicKey, kNode01_01_FabricId);
         ASSERT_NE(fabricInfo, nullptr);
 
         EXPECT_EQ(fabricInfo->GetFabricIndex(), 1);
@@ -2297,14 +2306,7 @@ TEST_F(TestFabricTable, TestFabricLookup)
 
     // Attempt lookup of the Root02 fabric.
     {
-        Crypto::P256PublicKey key;
-        EXPECT_GE(key.Length(), TestCerts::sTestCert_Root02_PublicKey.size());
-        if (key.Length() < TestCerts::sTestCert_Root02_PublicKey.size())
-        {
-            return;
-        }
-        memcpy(key.Bytes(), TestCerts::sTestCert_Root02_PublicKey.data(), TestCerts::sTestCert_Root02_PublicKey.size());
-        auto fabricInfo = fabricTable.FindFabric(key, 0xFAB000000000001D);
+        auto fabricInfo = FindFabric(fabricTable, TestCerts::sTestCert_Root02_PublicKey, kNode02_01_FabricId);
         ASSERT_NE(fabricInfo, nullptr);
 
         EXPECT_EQ(fabricInfo->GetFabricIndex(), 2);
@@ -2317,6 +2319,65 @@ TEST_F(TestFabricTable, TestFabricLookup)
     }
 }
 
+TEST_F(TestFabricTable, ShouldFailSetFabricIndexWithInvalidIndex)
+{
+    chip::TestPersistentStorageDelegate testStorage;
+    ScopedFabricTable fabricTableHolder;
+    EXPECT_EQ(fabricTableHolder.Init(&testStorage), CHIP_NO_ERROR);
+    FabricTable & fabricTable = fabricTableHolder.GetFabricTable();
+
+    EXPECT_EQ(fabricTable.SetFabricIndexForNextAddition(kUndefinedFabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+}
+
+TEST_F(TestFabricTable, ShouldFailSetFabricIndexWithPendingFabric)
+{
+    chip::TestPersistentStorageDelegate testStorage;
+    ScopedFabricTable fabricTableHolder;
+    EXPECT_EQ(fabricTableHolder.Init(&testStorage), CHIP_NO_ERROR);
+    FabricTable & fabricTable = fabricTableHolder.GetFabricTable();
+
+    EXPECT_EQ(fabricTable.AddNewPendingTrustedRootCert(ByteSpan(TestCerts::sTestCert_Root01_Chip)), CHIP_NO_ERROR);
+
+    EXPECT_EQ(fabricTable.SetFabricIndexForNextAddition(1), CHIP_ERROR_INCORRECT_STATE);
+}
+
+TEST_F(TestFabricTable, ShouldFailSetFabricIndexWhenInUse)
+{
+    chip::TestPersistentStorageDelegate testStorage;
+    ScopedFabricTable fabricTableHolder;
+    EXPECT_EQ(fabricTableHolder.Init(&testStorage), CHIP_NO_ERROR);
+    FabricTable & fabricTable = fabricTableHolder.GetFabricTable();
+
+    EXPECT_EQ(LoadTestFabric_Node01_01(fabricTable, /* doCommit = */ true), CHIP_NO_ERROR);
+    EXPECT_EQ(fabricTable.SetFabricIndexForNextAddition(1), CHIP_ERROR_FABRIC_EXISTS);
+}
+
+TEST_F(TestFabricTable, ShouldAddFabricAtRequestedIndex)
+{
+    chip::TestPersistentStorageDelegate testStorage;
+    ScopedFabricTable fabricTableHolder;
+    EXPECT_EQ(fabricTableHolder.Init(&testStorage), CHIP_NO_ERROR);
+    FabricTable & fabricTable = fabricTableHolder.GetFabricTable();
+
+    EXPECT_EQ(fabricTable.SetFabricIndexForNextAddition(2), CHIP_NO_ERROR);
+    EXPECT_EQ(LoadTestFabric_Node02_01(fabricTable, /* doCommit = */ true), CHIP_NO_ERROR);
+
+    EXPECT_EQ(fabricTable.SetFabricIndexForNextAddition(1), CHIP_NO_ERROR);
+    EXPECT_EQ(LoadTestFabric_Node01_01(fabricTable, /* doCommit = */ true), CHIP_NO_ERROR);
+
+    {
+        auto fabricInfo = FindFabric(fabricTable, TestCerts::sTestCert_Root01_PublicKey, kNode01_01_FabricId);
+        ASSERT_NE(fabricInfo, nullptr);
+        EXPECT_EQ(fabricInfo->GetFabricIndex(), 1);
+    }
+
+    {
+        auto fabricInfo = FindFabric(fabricTable, TestCerts::sTestCert_Root02_PublicKey, kNode02_01_FabricId);
+        ASSERT_NE(fabricInfo, nullptr);
+        EXPECT_EQ(fabricInfo->GetFabricIndex(), 2);
+    }
+}
+
 TEST_F(TestFabricTable, TestFetchCATs)
 {
     // Initialize a fabric table.
