UIC-3222: Use raw data for credentials that are not PinCode or password

Author: silabs-borisl

applications/zpc/components/zcl_cluster_servers/src/user_credential_cluster_server.cpp

@@ -877,8 +877,7 @@ std::string mqtt_topic_add_attribute(const std::string &base_mqtt_topic,
  * @return The payload value.
  */
 std::string get_payload_value(attribute_store::attribute updated_node_cpp,
-                              mqtt_data data,
-                              bool need_utf8_conversion = false)
+                              std::function<std::string(uint32_t)> convert_function = nullptr)
 {
   std::string payload_str = "";
 
@@ -899,32 +898,15 @@ std::string get_payload_value(attribute_store::attribute updated_node_cpp,
       json_payload["value"] = updated_node_cpp.reported<std::string>();
       break;
     case BYTE_ARRAY_STORAGE_TYPE: {
-      // Convert the byte array to a string
-      // Credential data are encoded in different way that's why we store them as raw byte array and interpret their value
-
-      std::string output;
+      // Convert the byte array to a string that contains the hex representation
       auto raw_data = updated_node_cpp.reported<std::vector<uint8_t>>();
 
-      // Check if we need to convert the value to UTF-8
-      if (need_utf8_conversion) {
-        std::u16string utf16_str;
-        for (size_t i = 0; i < raw_data.size(); i += 2) {
-          char16_t char16 = (raw_data[i] << 8) | raw_data[i + 1];
-          utf16_str.push_back(char16);
-        }
-        std::wstring_convert<std::codecvt_utf8_utf16<char16_t>, char16_t> cnv;
-        output = cnv.to_bytes(utf16_str);
-        if (cnv.converted() < utf16_str.size()) {
-          sl_log_error(LOG_TAG, "Error converting UTF-16 to UTF-8");
-        }
-      } else {
-        output.reserve(raw_data.size());
-        for (auto c: raw_data) {
-          output.push_back(static_cast<char>(c));
-        }
+      std::stringstream ss;
+      ss << std::hex << std::setfill('0');
+      for(auto c : raw_data) {
+        ss << std::setw(2) << static_cast<unsigned int>(c);
       }
-
-      json_payload["value"] = output;
+      json_payload["value"] = ss.str();
     } break;
 
     default:
@@ -934,22 +916,57 @@ std::string get_payload_value(attribute_store::attribute updated_node_cpp,
   }
 
   // Check if we need to convert the enum to a string
-  const auto &enum_name_conversion = data.convert_function;
-  if (enum_name_conversion) {
-    json_payload["value"] = enum_name_conversion(json_payload["value"]);
+  if (convert_function) {
+    json_payload["value"] = convert_function(json_payload["value"]);
   }
 
   // Create payload
   payload_str = json_payload.dump();
   // Handle booleans
-  if (enum_name_conversion) {
+  if (convert_function) {
     boost::replace_all(payload_str, "\"true\"", "true");
     boost::replace_all(payload_str, "\"false\"", "false");
   }
 
   return payload_str;
 }
 
+std::string
+  get_credential_data_value(attribute_store::attribute updated_node_cpp,
+                            user_credential_type_t type)
+{
+  std::string output;
+
+  auto raw_data = updated_node_cpp.reported<std::vector<uint8_t>>();
+  // Convert the byte array to a string
+  // Credential data are encoded in different way that's why we store them as raw byte array and interpret their value
+  switch (type) {
+    case ZCL_CRED_TYPE_PIN_CODE:
+      output.reserve(raw_data.size());
+      for (auto c: raw_data) {
+        output.push_back(static_cast<char>(c));
+      }
+      break;
+    case ZCL_CRED_TYPE_PASSWORD: {
+      std::u16string utf16_str;
+      for (size_t i = 0; i < raw_data.size(); i += 2) {
+        char16_t char16 = (raw_data[i] << 8) | raw_data[i + 1];
+        utf16_str.push_back(char16);
+      }
+      std::wstring_convert<std::codecvt_utf8_utf16<char16_t>, char16_t> cnv;
+      output = cnv.to_bytes(utf16_str);
+      if (cnv.converted() < utf16_str.size()) {
+        sl_log_error(LOG_TAG, "Error converting UTF-16 to UTF-8");
+      }
+    } break;
+    default:
+      return get_payload_value(updated_node_cpp);
+  }
+  nlohmann::json json_payload;
+  json_payload["value"] = output;
+  return json_payload.dump();
+}
+
 void publish_mqtt_topic(const std::string &base_topic,
                         mqtt_data data,
                         attribute_store::attribute updated_node_cpp,
@@ -966,11 +983,9 @@ void publish_mqtt_topic(const std::string &base_topic,
       user_credential_type_t type
         = updated_node_cpp.first_parent(ATTRIBUTE(CREDENTIAL_TYPE))
             .reported<user_credential_type_t>();
-      payload_str = get_payload_value(updated_node_cpp,
-                                      data,
-                                      (type == ZCL_CRED_TYPE_PASSWORD));
+      payload_str = get_credential_data_value(updated_node_cpp, type);
     } else {
-      payload_str = get_payload_value(updated_node_cpp, data);
+      payload_str = get_payload_value(updated_node_cpp, data.convert_function);
     }
     if (payload_str.empty()) {
       return;

applications/zpc/components/zcl_cluster_servers/test/user_credential_cluster_server_test.cpp

@@ -798,7 +798,8 @@ attribute_store_node_t
   helper_add_complete_credential(user_credential_user_unique_id_t user_id,
                                  user_credential_type_t credential_type,
                                  user_credential_slot_t credential_slot,
-                                 const char *credential_data)
+                                 const char *credential_data,
+                                 std::vector<uint8_t> expected_credential_data_vector = {})
 {
   attribute_store_node_t user_id_node = helper_add_user_id(user_id);
 
@@ -826,10 +827,12 @@ attribute_store_node_t
       credential_data_vector.push_back((uint8_t)(c >> 8));
       credential_data_vector.push_back((uint8_t)c);
     }
-  } else {
+  } else if (credential_type == ZCL_CRED_TYPE_PIN_CODE) {
     credential_data_vector
       = std::vector<uint8_t>(cpp_str_credential_data.begin(),
                              cpp_str_credential_data.end());
+  } else {
+    credential_data_vector = expected_credential_data_vector;
   }
 
   mock_expected_cred_mqtt_topic(
@@ -980,13 +983,15 @@ void helper_test_desired_user_attributes(
                             "Expiring Timeout mismatch");
 }
 
+// Need to specify credential_data_vector if credential_type is not ZCL_CRED_TYPE_PIN_CODE or ZCL_CRED_TYPE_PASSWORD
 void helper_test_desired_credential_attributes(
   user_credential_user_unique_id_t user_id_node,
   user_credential_type_t credential_type,
   user_credential_slot_t credential_slot,
   const char *credential_data,
   bool desired_credential_identifiers,
-  user_credential_operation_type_t credential_operation_type)
+  user_credential_operation_type_t credential_operation_type,
+  std::vector<uint8_t> credential_data_vector = {})
 {
   attribute_store_node_value_state_t credential_identifier_state
     = desired_credential_identifiers ? DESIRED_ATTRIBUTE : REPORTED_ATTRIBUTE;
@@ -1031,11 +1036,13 @@ void helper_test_desired_credential_attributes(
       expected_credential_data_vector.push_back((uint8_t)(c >> 8));
       expected_credential_data_vector.push_back((uint8_t)c);
     }
-  } else {
+  } else if (credential_type == ZCL_CRED_TYPE_PIN_CODE) { // Should be in ascii we can convert it
     expected_credential_data_vector
       = std::vector<uint8_t>(str_credential_data.begin(),
                              str_credential_data.end());
-  }
+  } else {
+    expected_credential_data_vector = credential_data_vector;
+  } 
 
   // Credential Data
   attribute_store::attribute credential_data_node
@@ -1486,7 +1493,7 @@ void test_user_credential_cluster_add_credential_others_happy_case()
   user_credential_user_unique_id_t user_unique_id = 12;
   CredType credential_type               = CredType::ZCL_CRED_TYPE_RFID_CODE;
   user_credential_slot_t credential_slot = 1;
-  const char *credential_data            = "hunter2";
+  const char *credential_data            = "abcdef123456";
 
   // Add simple user
   helper_add_user_id(user_unique_id);
@@ -1515,7 +1522,8 @@ void test_user_credential_cluster_add_credential_others_happy_case()
                                             credential_slot,
                                             credential_data,
                                             true,
-                                            USER_CREDENTIAL_OPERATION_TYPE_ADD);
+                                            USER_CREDENTIAL_OPERATION_TYPE_ADD,
+                                            {0xab, 0xcd, 0xef, 0x12, 0x34, 0x56});
 }
 
 ///////////////////////////////////////////////////
@@ -1661,14 +1669,15 @@ void test_user_credential_cluster_modify_credential_others_happy_case()
   user_credential_user_unique_id_t user_unique_id = 12;
   CredType credential_type                        = CredType::ZCL_CRED_TYPE_BLE;
   user_credential_slot_t credential_slot          = 2;
-  std::string credential_data = "FAST TURBO ENGINE DOG PRO MAX";
+  std::string credential_data = "cafe12";
 
   auto user_id_node = helper_add_complete_credential(user_unique_id,
                                                      credential_type,
                                                      credential_slot,
-                                                     credential_data.c_str());
-  // Test UTF-16 conversion for password
-  credential_data = "FAE124A54E5F9325874A23E3646B";
+                                                     credential_data.c_str(),
+                                                     {0xca, 0xfe, 0x12});
+  // New data
+  credential_data = "eF12Ca";
   TEST_ASSERT_EQUAL_MESSAGE(
     SL_STATUS_OK,
     modify_credential_command(supporting_node_unid,
@@ -1686,7 +1695,8 @@ void test_user_credential_cluster_modify_credential_others_happy_case()
     credential_slot,
     credential_data.c_str(),
     false,
-    USER_CREDENTIAL_OPERATION_TYPE_MODIFY);
+    USER_CREDENTIAL_OPERATION_TYPE_MODIFY,
+    {0xef, 0x12, 0xca});
 }
 
 ///////////////////////////////////////////////////
@@ -1829,7 +1839,7 @@ void test_user_credential_cluster_delete_all_credential_happy_case()
   user_credential_slot_t credential_slot          = 0;
 
   std::vector<user_credential_user_unique_id_t> user_ids = {12, 12, 12, 15, 19};
-  std::vector<user_credential_type_t> credential_types   = {1, 1, 2, 5, 1};
+  std::vector<user_credential_type_t> credential_types   = {1, 1, 2, 2, 1};
   std::vector<user_credential_slot_t> credential_slots   = {1, 2, 2, 1, 3};
 
   // WARNING : Make sure that all the vector above have the same size
@@ -1888,7 +1898,7 @@ void test_user_credential_cluster_delete_all_credential_for_user_happy_case()
 
   std::vector<user_credential_user_unique_id_t> user_ids
     = {user_unique_id, user_unique_id, user_unique_id, 15, 19};
-  std::vector<user_credential_type_t> credential_types = {1, 1, 2, 5, 1};
+  std::vector<user_credential_type_t> credential_types = {1, 1, 2, 2, 1};
   std::vector<user_credential_slot_t> credential_slots = {1, 2, 2, 1, 3};
 
   // WARNING : Make sure that all the vector above have the same size
@@ -1950,7 +1960,7 @@ void test_user_credential_cluster_delete_all_credential_for_user_by_type_happy_c
   std::vector<user_credential_user_unique_id_t> user_ids
     = {user_unique_id, user_unique_id, user_unique_id, 15, 19};
   std::vector<user_credential_type_t> credential_types
-    = {credential_type, credential_type, 2, 5, credential_type};
+    = {credential_type, credential_type, 2, 2, credential_type};
   std::vector<user_credential_slot_t> credential_slots = {1, 2, 2, 1, 3};
 
   // WARNING : Make sure that all the vector above have the same size
@@ -2012,7 +2022,7 @@ void test_user_credential_cluster_delete_all_credential_by_type_happy_case()
 
   std::vector<user_credential_user_unique_id_t> user_ids = {12, 12, 12, 15, 19};
   std::vector<user_credential_type_t> credential_types
-    = {credential_type, credential_type, 2, 5, credential_type};
+    = {credential_type, credential_type, 2, 2, credential_type};
   std::vector<user_credential_slot_t> credential_slots = {1, 2, 2, 1, 3};
 
   // WARNING : Make sure that all the vector above have the same size

applications/zpc/components/zwave_command_classes/src/private/user_credential/user_credential_credential_type_capabilities.cpp

@@ -20,6 +20,7 @@
 // Needed for credential data (password) per specification
 #include <locale>
 #include <codecvt>
+#include <regex> // std::regex_replace
 
 // Boost
 #include <boost/format.hpp>
@@ -183,8 +184,23 @@ std::vector<uint8_t>
       }
       break;
     default:
-      for (const auto &c: credential_data_str) {
-        credential_data_vector.push_back(c);
+      if (credential_data_str.size() % 2 != 0) {
+        throw std::runtime_error(
+          "Credential data size is not valid. Should be even since it expect raw hexa.");
+      }
+      if (!std::regex_match(credential_data_str, std::regex("[0-9a-fA-F]+"))) {
+        throw std::runtime_error(
+          "Credential data is not valid. It should be a raw hexa string (e.g. CAFE1234).");
+      }
+
+      std::stringstream ss;
+      int value;
+      for (size_t i = 0; i < credential_data_str.size(); i += 2) {
+        ss.clear();
+        auto sub_str = credential_data_str.substr(i, 2);
+        ss << std::hex << sub_str;
+        ss >> value;
+        credential_data_vector.push_back(value);
       }
   }
 

applications/zpc/components/zwave_command_classes/test/zwave_command_class_user_credential_test.cpp

@@ -2544,7 +2544,7 @@ void test_user_credential_credential_add_capabilites_happy_case()
       user_id,
       ZCL_CRED_TYPE_HAND_BIOMETRIC,
       1,
-      "TURBO"),
+      "ABCD"),
     "Credential #1 should be valid");
 
   TEST_ASSERT_EQUAL_MESSAGE(
@@ -2577,7 +2577,7 @@ void test_user_credential_credential_modify_capabilites_failure_cases()
   std::vector<uint8_t> supported_cl                = {1};
   std::vector<uint16_t> supported_credential_slots = {1};
   std::vector<uint8_t> supported_cred_min_length   = {2};
-  std::vector<uint8_t> supported_cred_max_length   = {7};
+  std::vector<uint8_t> supported_cred_max_length   = {17};
   helper_simulate_credential_capabilites_report(supported_credential_checksum,
                                                 support_admin_code,
                                                 support_admin_code_deactivation,
@@ -2595,7 +2595,7 @@ void test_user_credential_credential_modify_capabilites_failure_cases()
       user_id,
       ZCL_CRED_TYPE_HAND_BIOMETRIC,
       1,
-      "VOITURE"),
+      "ABCDEF0123456789"),
     "Should be able to add credential");
 
   TEST_ASSERT_EQUAL_MESSAGE(
@@ -2605,7 +2605,7 @@ void test_user_credential_credential_modify_capabilites_failure_cases()
       user_id,
       ZCL_CRED_TYPE_HAND_BIOMETRIC,
       1,
-      "V"),
+      "A"),
     "Should not be able to modify credential data : it's too short");
 
   TEST_ASSERT_EQUAL_MESSAGE(
@@ -2615,8 +2615,27 @@ void test_user_credential_credential_modify_capabilites_failure_cases()
       user_id,
       ZCL_CRED_TYPE_HAND_BIOMETRIC,
       1,
-      "MAX SPEEEEEEEEEEEEED TURBO"),
+      "ABCDEF0123456789A"),
     "Should not be able to modify credential data : it's too long");
+  TEST_ASSERT_EQUAL_MESSAGE(
+    SL_STATUS_FAIL,
+    zwave_command_class_user_credential_modify_credential(
+      endpoint_id_node,
+      user_id,
+      ZCL_CRED_TYPE_HAND_BIOMETRIC,
+      1,
+      "TURBO"),
+    "Should not be able to modify credential data : it's not hexa");
+
+  TEST_ASSERT_EQUAL_MESSAGE(
+    SL_STATUS_FAIL,
+    zwave_command_class_user_credential_modify_credential(
+      endpoint_id_node,
+      user_id,
+      ZCL_CRED_TYPE_HAND_BIOMETRIC,
+      1,
+      "AAB"),
+    "Should not be able to modify credential data : odd size for hexa value");
 }
 
 void helper_test_credential_rejected_case(uint8_t report_type)