Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Properly manage operational key lifecycle for fail-safe (#19277)
* Properly manage operational key lifecycle for fail-safe - Fail-safe did not properly manage the roll-back of operational keys - Operational key storage being centralized by value in FabricTable prevented ability to back keys by hardware/OS and allow the rollback of keys on failsafe expiry - CASE code was using "raw" FabricInfo * which could go stale on UpdateNOC or after fail-safe expiry. This PR: - Adds an OperationalKeystore interface - Make the FabricTable use the OperationalKeystore for when a commissionable node (with Opcreds cluster) is being commissioned - Retain legacy controller behavior that allows injection of operational keys - Simplifies the fail-safe handling lifecycle - Add logging to fail-safe handling - Add logging to general commissioning cluster - Make CASE use ScopedNodeId everywhere - Implement IsForUpdateNOC in fail-safe and opcreds cluster Fixes #19072 Issue #18633 Fixes #16443 * Fix merge of upstream * Restyled by whitespace * Restyled by clang-format * Revert unintended testing changes * Add remove operation * Fix CI and add tests to support further tests * Fix more CI * Restyled by clang-format * Darwin changes to use the new setup * Added unit test and HasOpKeypairForFabric() * Restyled by clang-format * Restyled by gn * Apply review comments from @msandstedt * Add plumbing for init of controllers * Restyled by clang-format * Fix darwin tests * Fix CI and address review comments * Fix comment typos * Apply review comments from @bzbarsky-apple and @tehampson * Restyled by clang-format * Fix more comments * Restyled by clang-format * Fix CI * Fix cirque * Restyled by clang-format * Update src/crypto/tests/TestPersistentStorageOpKeyStore.cpp Co-authored-by: tehampson <thampson@google.com> * Address review comments * Fix CI * More clang-tidy fixes Co-authored-by: Restyled.io <commits@restyled.io> Co-authored-by: Boris Zbarsky <bzbarsky@apple.com> Co-authored-by: Justin Wood <woody@apple.com> Co-authored-by: tehampson <thampson@google.com>
- Loading branch information