forked from project-chip/connectedhomeip
-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
da_revocation: user guide and dac_provider test vectors (project-chip…
…#37122) * da_revocation: added dac_provider test vectors These test vectors support testing with sample revocation sets. * dac_revocation: device attestation revocation user guide This document lists the process for testing device attestation revocation using the dac provider test vectors sample revocation sets. * Restyled by whitespace * Restyled by prettier-markdown * Match the enum string with correct value in the doc --------- Co-authored-by: Restyled.io <[email protected]>
- Loading branch information
1 parent
7f32ff8
commit 080185d
Showing
5 changed files
with
88 additions
and
0 deletions.
There are no files selected for viewing
9 changes: 9 additions & 0 deletions
9
...tials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| { | ||
| "description": "Revoked DAC 01: use this with revocation-sets/revocation-set-for-pai.json", | ||
| "basic_info_pid": 32769, | ||
| "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", | ||
| "pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891", | ||
| "dac_cert": "308201e53082018ba003020102020819367d978eac533a300a06082a8648ce3d040302303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30503122302006035504030c194d61747465722044657620444143205265766f6b656420303131143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d030107034200042a3d7370f2209bb139b42ca6d95dbf2f701888b4718e32c63ae71327145e05187868b528f1a99d246f1470b0ccd855ee94383526ee090de0bb2fde038fee3e0ba360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414f58ae953a4e6cfb0cc3de4dc4c33afe097aa1182301f0603551d2304183016801463540e47f64b1c38d13884a462d16c195d8ffb3c300a06082a8648ce3d0403020348003045022018336444494d4d18c7814b6f3b0f3f7fa5dd21256515031da31fd7ff8d1b10fd022100e75cbf171a38907a932a1679e5d5b423e6a166729d823fec844f22ef398912a4", | ||
| "dac_private_key": "246eea662a44cb6de93effd614e96d3715de8cfb6d4e975644ee5e66ecb79c79", | ||
| "dac_public_key": "042a3d7370f2209bb139b42ca6d95dbf2f701888b4718e32c63ae71327145e05187868b528f1a99d246f1470b0ccd855ee94383526ee090de0bb2fde038fee3e0b" | ||
| } |
9 changes: 9 additions & 0 deletions
9
...tials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| { | ||
| "description": "Revoked DAC 02: use this with revocation-sets/revocation-set-for-pai.json", | ||
| "basic_info_pid": 32769, | ||
| "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", | ||
| "pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891", | ||
| "dac_cert": "308201e53082018ba00302010202082569383d24bb36ea300a06082a8648ce3d040302303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30503122302006035504030c194d61747465722044657620444143205265766f6b656420303231143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d03010703420004d9713c48a59527e93e7a3e549e8fb0e00829d4a02c8cedf28dfd74672b00198c7ee43f35e3ace1d1ab497b32dde4cdd6a8476162191c9514aef7bf115fb6c472a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414e3af9182b3340fdc85c7a58b4b3884a6554b314f301f0603551d2304183016801463540e47f64b1c38d13884a462d16c195d8ffb3c300a06082a8648ce3d0403020348003045022100afbe8ff0962e875a3054ee5a2df5c4c78c05465b40d3103f99f7e5628780f90302201a6157f0df7823223ae24aa3a8f7a6137b4914c6b6f5e40a297d7ab771e9cbc6", | ||
| "dac_private_key": "22f8d19a6b524130eccad5d187ce8eb7ea9d7ffd5868b4e0ca91bc2b6c84399c", | ||
| "dac_public_key": "04d9713c48a59527e93e7a3e549e8fb0e00829d4a02c8cedf28dfd74672b00198c7ee43f35e3ace1d1ab497b32dde4cdd6a8476162191c9514aef7bf115fb6c472" | ||
| } |
9 changes: 9 additions & 0 deletions
9
...tials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| { | ||
| "description": "Revoked DAC 03: use this with revocation-sets/revocation-set-for-pai.json", | ||
| "basic_info_pid": 32769, | ||
| "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", | ||
| "pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891", | ||
| "dac_cert": "308201e63082018ba00302010202080ab042494323fe54300a06082a8648ce3d040302303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30503122302006035504030c194d61747465722044657620444143205265766f6b656420303331143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d0301070342000422e57365e98990ff7506e11ebec33ff834a39999f2d9d635ef5847ebe058d87d1bfbe1e5e2411bb6dc11f3f27e842cc0ccabe02a4f269d50f5ca072a2635db04a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e041604142ad1e7d3f1480029366ee4c5f07107f24a9d9bad301f0603551d2304183016801463540e47f64b1c38d13884a462d16c195d8ffb3c300a06082a8648ce3d0403020349003046022100e66960cc3b6ea61f8830bf788830166b5c6a318e83284604a95bc2655bd874eb022100f503806797a512ab509312e8082fc828622696d3d7501f7f3e68b61abfe5bdb8", | ||
| "dac_private_key": "98c2d8b375f1d792e572c701b4740e7fb81a9e9cc936aa2a0f876ce8dae5578c", | ||
| "dac_public_key": "0422e57365e98990ff7506e11ebec33ff834a39999f2d9d635ef5847ebe058d87d1bfbe1e5e2411bb6dc11f3f27e842cc0ccabe02a4f269d50f5ca072a2635db04" | ||
| } |
9 changes: 9 additions & 0 deletions
9
credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-pai.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| { | ||
| "description": "Revoked PAI: use this with revocation-sets/revocation-set-for-paa.json", | ||
| "basic_info_pid": 32769, | ||
| "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", | ||
| "pai_cert": "308201d43082017aa0030201020208302664392b8a3f2a300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a3046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004bd58a84f7862e0751c4e56280f149697df7c51aadc5a4fa393c96277a59079de40907ab7860d069de652ea8bc8f7053bfe7c3a8ef4700d76b9cc20db312caf91a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041491337c5cfe7bb29376fe887d3c94e7f59dd83d2f301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d04030203480030450221009c74f6a84b3acb5a369de90399114ebf0a55150babd3d52b2898708847bc9c6e0220651881c81b7a20c346b97c68313c4be1c0a88f4f3a4072ed3c7ea11dc60984fc", | ||
| "dac_cert": "308201e33082018aa00302010202087f1c17c6070c22d2300a06082a8648ce3d0403023046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30463118301606035504030c0f4d617474657220546573742044414331143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d03010703420004b0d7f20c57c8240b975456ba886d2cb09cd4f9d2f5cf1406f463c97983f34ed5a36761f696d8aff4f3e282865bc37914deb512aae88e5a15a719a4b57a26640fa360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e0416041438248c0e17b222347e42aab9af3fdc1d3d614904301f0603551d2304183016801491337c5cfe7bb29376fe887d3c94e7f59dd83d2f300a06082a8648ce3d040302034700304402202bf8b3b554efe5b53f6612891a9a9e6cb7267a55257ef3414929b259d1b7a2e102206dcfd0d84ad5a32c9bd05eec4a1b0ff7a435feed4bc540f087b81f6ec5009ba2", | ||
| "dac_private_key": "91fa91640fee5dcc5ab56decb1cb4d2e0056c16b45283104c0c849ec13dcceef", | ||
| "dac_public_key": "04b0d7f20c57c8240b975456ba886d2cb09cd4f9d2f5cf1406f463c97983f34ed5a36761f696d8aff4f3e282865bc37914deb512aae88e5a15a719a4b57a26640f" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| # Device Attestation Revocation Testing Guide | ||
|
|
||
| ## Overview | ||
|
|
||
| The device attestation revocation tests help identify the devices with revoked | ||
| DACs (Device Attestation Certificates) and PAIs (Product Attestation | ||
| Intermediates) during commissioning. | ||
|
|
||
| This guide demonstrates how to use a sample application and chip-tool to test | ||
| the device attestation revocation functionality. | ||
|
|
||
| The sample application is injected with revoked DAC and/or PAI certificates. | ||
|
|
||
| During commissioning, chip-tool is provided with a revocation set that is | ||
| pre-generated using the `generate_revocation_set.py` script. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| - Matter application for Linux platform (e.g., examples/lighting-app/linux) | ||
| - DAC provider JSON file containing revoked DAC and/or PAI certificates | ||
| - chip-tool | ||
| - Device attestation revocation set for the respective DAC and/or PAI | ||
|
|
||
| ## Test Setup | ||
|
|
||
| - Build the lighting-app/linux and chip-tool: | ||
|
|
||
| ``` | ||
| ./scripts/examples/gn_build_example.sh examples/lighting-app/linux out/host | ||
| ./scripts/examples/gn_build_example.sh examples/chip-tool out/host | ||
| ``` | ||
|
|
||
| - Run the lighting-app/linux: | ||
|
|
||
| ``` | ||
| ./out/host/chip-lighting-app --dac_provider <json-file-with-attestation-information> | ||
| ``` | ||
|
|
||
| - Run the chip-tool with the revocation set: | ||
|
|
||
| ``` | ||
| ./out/host/chip-tool pairing onnetwork 11 20202021 --dac-revocation-set-path <revocation-set-file> | ||
| ``` | ||
|
|
||
| ### Test Vectors | ||
|
|
||
| | Description | DAC Provider | Revocation Set | Expected Result | | ||
| | --------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | | ||
| | PAI revoked by PAA | [revoked-pai.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-pai.json) | [revocation-set-for-paa.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json) | Commissioning fails with `kPaiRevoked` (202) | | ||
| | DAC-01 revoked by PAI | [revoked-dac-01.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) | | ||
| | DAC-02 revoked by PAI | [revoked-dac-02.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) | | ||
| | DAC-03 revoked by PAI | [revoked-dac-03.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) | |