diff --git a/src/credentials/BUILD.gn b/src/credentials/BUILD.gn index 9c60ee42c1019d..2abc6e2795fd38 100644 --- a/src/credentials/BUILD.gn +++ b/src/credentials/BUILD.gn @@ -15,7 +15,9 @@ import("//build_overrides/chip.gni") import("//build_overrides/nlassert.gni") import("${chip_root}/src/crypto/crypto.gni") +import("${chip_root}/src/lib/core/core.gni") import("${chip_root}/src/platform/device.gni") + declare_args() { chip_build_example_creds = true } @@ -126,6 +128,24 @@ static_library("credentials") { ] } +source_set("test_paa_store") { + sources = [ + "attestation_verifier/TestPAAStore.cpp", + "attestation_verifier/TestPAAStore.h", + ] + + public_deps = [ + "${chip_root}/src/lib/core:chip_config_header", # for lib/support/Span.h + "${nlassert_root}:nlassert", # for lib/support/Span.h + ] + if (chip_pw_tokenizer_logging) { + import("//build_overrides/pigweed.gni") + public_deps += [ + "${dir_pw_tokenizer}", # for /lib/support/Span.h + ] + } +} + static_library("default_attestation_verifier") { output_name = "libDefaultAttestationVerifier" @@ -144,6 +164,7 @@ static_library("default_attestation_verifier") { public_deps = [ ":credentials", + ":test_paa_store", "${chip_root}/src/crypto", "${nlassert_root}:nlassert", ] diff --git a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp index 7a5ac72b203168..0d7f67ff82b0f6 100644 --- a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp +++ b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -29,14 +30,8 @@ #include #include -namespace chip { -namespace TestCerts { -extern const Span kTestAttestationTrustStoreRoots; -} // namespace TestCerts -} // namespace chip - using namespace chip::Crypto; -using chip::TestCerts::kTestAttestationTrustStoreRoots; +using chip::TestCerts::GetTestPaaRootStore; namespace chip { namespace Credentials { @@ -274,9 +269,7 @@ constexpr std::array gCdSigningKeys = { { struct TestAttestationTrustStore final : public ArrayAttestationTrustStore { - TestAttestationTrustStore() : - ArrayAttestationTrustStore(kTestAttestationTrustStoreRoots.data(), kTestAttestationTrustStoreRoots.size()) - {} + TestAttestationTrustStore() : ArrayAttestationTrustStore(GetTestPaaRootStore().data(), GetTestPaaRootStore().size()) {} }; Global gTestAttestationTrustStore; diff --git a/src/credentials/attestation_verifier/TestPAAStore.cpp b/src/credentials/attestation_verifier/TestPAAStore.cpp new file mode 100644 index 00000000000000..76637c130b547d --- /dev/null +++ b/src/credentials/attestation_verifier/TestPAAStore.cpp @@ -0,0 +1,93 @@ +/* + * + * Copyright (c) 2023 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +namespace chip { +namespace TestCerts { + +// ${chip_root}/credentials/test/attestation/Chip-Test-PAA-FFF1-Cert.pem + +constexpr uint8_t sTestCert_PAA_FFF1_Cert_Array[] = { + 0x30, 0x82, 0x01, 0xbd, 0x30, 0x82, 0x01, 0x64, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x4e, 0xa8, 0xe8, 0x31, 0x82, 0xd4, + 0x1c, 0x1c, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, + 0x31, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f, 0x39, + 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, + 0x31, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xb6, 0xcb, 0x63, 0x72, 0x88, 0x7f, 0x29, 0x28, 0xf5, 0xba, 0xc8, 0x1a, 0xa9, 0xd9, + 0x3a, 0xe2, 0x43, 0x1c, 0xad, 0xa9, 0xd7, 0x9e, 0x24, 0x2f, 0x65, 0x17, 0x7e, 0xf9, 0xce, 0xd9, 0x32, 0xa2, 0x8e, 0xcd, 0x03, + 0xba, 0xaf, 0x6a, 0x8f, 0xca, 0x18, 0x4a, 0x1a, 0x50, 0x35, 0x42, 0x96, 0x0d, 0x45, 0x3f, 0x30, 0x3f, 0x1f, 0x19, 0x42, 0x1d, + 0x75, 0x1e, 0x8f, 0x8f, 0x1a, 0x9a, 0x9b, 0x75, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, + 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, + 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6a, 0xfd, 0x22, 0x77, + 0x1f, 0x51, 0x1f, 0xec, 0xbf, 0x16, 0x41, 0x97, 0x67, 0x10, 0xdc, 0xdc, 0x31, 0xa1, 0x71, 0x7e, 0x30, 0x1f, 0x06, 0x03, 0x55, + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6a, 0xfd, 0x22, 0x77, 0x1f, 0x51, 0x1f, 0xec, 0xbf, 0x16, 0x41, 0x97, 0x67, + 0x10, 0xdc, 0xdc, 0x31, 0xa1, 0x71, 0x7e, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, + 0x00, 0x30, 0x44, 0x02, 0x20, 0x50, 0xaa, 0x80, 0x02, 0xf4, 0xd9, 0x32, 0xa9, 0xa0, 0x05, 0x38, 0xf6, 0x53, 0x68, 0xad, 0x0f, + 0xff, 0xc8, 0xef, 0xbb, 0xc9, 0xbe, 0xb7, 0xda, 0x56, 0x98, 0x35, 0xcf, 0x9a, 0xa7, 0x51, 0x0e, 0x02, 0x20, 0x23, 0xba, 0xc8, + 0xfe, 0x0f, 0x23, 0xe7, 0x54, 0x45, 0xb6, 0x53, 0x39, 0x08, 0x1a, 0x47, 0x99, 0x49, 0x29, 0xc7, 0x2a, 0xaf, 0x0a, 0x15, 0x48, + 0xd4, 0x0d, 0x03, 0x4d, 0x51, 0x4b, 0x25, 0xde, +}; + +// These are used directly by the CryptoPAL test, so need to be declared extern +extern constexpr ByteSpan sTestCert_PAA_FFF1_Cert = ByteSpan(sTestCert_PAA_FFF1_Cert_Array); + +// ${chip_root}/credentials/test/attestation/Chip-Test-PAA-NoVID-Cert.pem + +constexpr uint8_t sTestCert_PAA_NoVID_Cert_Array[] = { + 0x30, 0x82, 0x01, 0x91, 0x30, 0x82, 0x01, 0x37, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x07, 0x0b, 0x8f, 0xba, 0xa8, 0xdd, 0x86, + 0xee, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x30, + 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f, 0x39, 0x39, 0x39, + 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x30, 0x59, + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x03, 0x42, 0x00, 0x04, 0x10, 0xef, 0x02, 0xa8, 0x1a, 0x87, 0xb6, 0x81, 0x21, 0xfb, 0xa8, 0xd3, 0x19, 0x78, 0xf8, 0x07, 0xa3, + 0x17, 0xe5, 0x0a, 0xa8, 0xa8, 0x28, 0x44, 0x68, 0x28, 0x91, 0x4b, 0x93, 0x3d, 0xe8, 0xed, 0xd4, 0xa5, 0xc3, 0x9c, 0x9f, 0xf7, + 0x1a, 0x4c, 0xe3, 0x64, 0x7f, 0xd7, 0xf6, 0x26, 0x53, 0xb7, 0xd2, 0x49, 0x5f, 0xcb, 0xa4, 0xc0, 0xf4, 0x7f, 0x87, 0x68, 0x80, + 0x03, 0x9e, 0x07, 0x20, 0x4a, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, + 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, + 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f, + 0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, 0xea, 0x69, 0x68, 0x82, 0xd5, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, + 0x18, 0x30, 0x16, 0x80, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f, 0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, 0xea, + 0x69, 0x68, 0x82, 0xd5, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, + 0x02, 0x21, 0x00, 0xb9, 0xef, 0xdb, 0x3e, 0xa0, 0x6a, 0x52, 0xec, 0x0b, 0xf0, 0x1e, 0x61, 0xda, 0xed, 0x2c, 0x2d, 0x15, 0x6d, + 0xdb, 0x6c, 0xf0, 0x14, 0x10, 0x1d, 0xab, 0x79, 0x8f, 0xac, 0x05, 0xfa, 0x47, 0xe5, 0x02, 0x20, 0x60, 0x06, 0x1d, 0x3e, 0x35, + 0xd6, 0x0d, 0x9d, 0x4b, 0x0d, 0x44, 0x8d, 0xad, 0x76, 0x12, 0xf7, 0xe8, 0x5c, 0x58, 0x2e, 0x3f, 0xc3, 0x12, 0xdc, 0x18, 0x79, + 0x4d, 0xd3, 0x73, 0x71, 0x5e, 0x5d, +}; + +// These are used directly by the CryptoPAL test, so need to be declared extern +extern constexpr ByteSpan sTestCert_PAA_NoVID_Cert = ByteSpan(sTestCert_PAA_NoVID_Cert_Array); + +const Span kTestAttestationTrustStoreRoots((const ByteSpan[]){ + sTestCert_PAA_FFF1_Cert, + sTestCert_PAA_NoVID_Cert, +}); + +const Span & GetTestPaaRootStore() +{ + return kTestAttestationTrustStoreRoots; +} + +} // namespace TestCerts +} // namespace chip diff --git a/src/credentials/attestation_verifier/TestPAAStore.h b/src/credentials/attestation_verifier/TestPAAStore.h new file mode 100644 index 00000000000000..c690ae68acd832 --- /dev/null +++ b/src/credentials/attestation_verifier/TestPAAStore.h @@ -0,0 +1,38 @@ +/* + * + * Copyright (c) 2021-2023 Project CHIP Authors + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Storage for test attestation PAA certificates. Contains the certs for + * the 0xFFF1 vid PAA cert and the test PAA cert with no VID. + * + * These certs are used by the device attestation and crypto tests + * and by the DefaultDeviceAttestationVerifier. + */ + +#pragma once + +#include + +namespace chip { +namespace TestCerts { + +extern const ByteSpan sTestCert_PAA_FFF1_Cert; +extern const ByteSpan sTestCert_PAA_NoVID_Cert; + +const Span & GetTestPaaRootStore(); + +} // namespace TestCerts +} // namespace chip diff --git a/src/credentials/tests/BUILD.gn b/src/credentials/tests/BUILD.gn index fd24132e4cab1b..05b58b9f3f0441 100644 --- a/src/credentials/tests/BUILD.gn +++ b/src/credentials/tests/BUILD.gn @@ -36,7 +36,10 @@ static_library("cert_test_vectors") { cflags = [ "-Wconversion" ] - public_deps = [ "${chip_root}/src/credentials" ] + public_deps = [ + "${chip_root}/src/credentials", + "${chip_root}/src/credentials:test_paa_store", + ] } chip_test_suite("tests") { diff --git a/src/credentials/tests/CHIPAttCert_test_vectors.cpp b/src/credentials/tests/CHIPAttCert_test_vectors.cpp index 84d35f4f194f01..06e09b17580da4 100644 --- a/src/credentials/tests/CHIPAttCert_test_vectors.cpp +++ b/src/credentials/tests/CHIPAttCert_test_vectors.cpp @@ -3347,35 +3347,6 @@ constexpr uint8_t sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PrivateKey_Array[] extern const ByteSpan sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PrivateKey = ByteSpan(sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PrivateKey_Array); -// ${chip_root}/credentials/test/attestation/Chip-Test-PAA-FFF1-Cert.pem - -constexpr uint8_t sTestCert_PAA_FFF1_Cert_Array[] = { - 0x30, 0x82, 0x01, 0xbd, 0x30, 0x82, 0x01, 0x64, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x4e, 0xa8, 0xe8, 0x31, 0x82, 0xd4, - 0x1c, 0x1c, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, - 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, - 0x31, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f, 0x39, - 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, - 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, - 0x31, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xb6, 0xcb, 0x63, 0x72, 0x88, 0x7f, 0x29, 0x28, 0xf5, 0xba, 0xc8, 0x1a, 0xa9, 0xd9, - 0x3a, 0xe2, 0x43, 0x1c, 0xad, 0xa9, 0xd7, 0x9e, 0x24, 0x2f, 0x65, 0x17, 0x7e, 0xf9, 0xce, 0xd9, 0x32, 0xa2, 0x8e, 0xcd, 0x03, - 0xba, 0xaf, 0x6a, 0x8f, 0xca, 0x18, 0x4a, 0x1a, 0x50, 0x35, 0x42, 0x96, 0x0d, 0x45, 0x3f, 0x30, 0x3f, 0x1f, 0x19, 0x42, 0x1d, - 0x75, 0x1e, 0x8f, 0x8f, 0x1a, 0x9a, 0x9b, 0x75, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, - 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, - 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6a, 0xfd, 0x22, 0x77, - 0x1f, 0x51, 0x1f, 0xec, 0xbf, 0x16, 0x41, 0x97, 0x67, 0x10, 0xdc, 0xdc, 0x31, 0xa1, 0x71, 0x7e, 0x30, 0x1f, 0x06, 0x03, 0x55, - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6a, 0xfd, 0x22, 0x77, 0x1f, 0x51, 0x1f, 0xec, 0xbf, 0x16, 0x41, 0x97, 0x67, - 0x10, 0xdc, 0xdc, 0x31, 0xa1, 0x71, 0x7e, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, - 0x00, 0x30, 0x44, 0x02, 0x20, 0x50, 0xaa, 0x80, 0x02, 0xf4, 0xd9, 0x32, 0xa9, 0xa0, 0x05, 0x38, 0xf6, 0x53, 0x68, 0xad, 0x0f, - 0xff, 0xc8, 0xef, 0xbb, 0xc9, 0xbe, 0xb7, 0xda, 0x56, 0x98, 0x35, 0xcf, 0x9a, 0xa7, 0x51, 0x0e, 0x02, 0x20, 0x23, 0xba, 0xc8, - 0xfe, 0x0f, 0x23, 0xe7, 0x54, 0x45, 0xb6, 0x53, 0x39, 0x08, 0x1a, 0x47, 0x99, 0x49, 0x29, 0xc7, 0x2a, 0xaf, 0x0a, 0x15, 0x48, - 0xd4, 0x0d, 0x03, 0x4d, 0x51, 0x4b, 0x25, 0xde, -}; - -extern const ByteSpan sTestCert_PAA_FFF1_Cert = ByteSpan(sTestCert_PAA_FFF1_Cert_Array); - constexpr uint8_t sTestCert_PAA_FFF1_SKID_Array[] = { 0x6A, 0xFD, 0x22, 0x77, 0x1F, 0x51, 0x1F, 0xEC, 0xBF, 0x16, 0x41, 0x97, 0x67, 0x10, 0xDC, 0xDC, 0x31, 0xA1, 0x71, 0x7E, }; @@ -3506,33 +3477,6 @@ constexpr uint8_t sTestCert_PAA_FFF2_ValInPast_PrivateKey_Array[] = { extern const ByteSpan sTestCert_PAA_FFF2_ValInPast_PrivateKey = ByteSpan(sTestCert_PAA_FFF2_ValInPast_PrivateKey_Array); -// ${chip_root}/credentials/test/attestation/Chip-Test-PAA-NoVID-Cert.pem - -constexpr uint8_t sTestCert_PAA_NoVID_Cert_Array[] = { - 0x30, 0x82, 0x01, 0x91, 0x30, 0x82, 0x01, 0x37, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x07, 0x0b, 0x8f, 0xba, 0xa8, 0xdd, 0x86, - 0xee, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x30, - 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f, 0x39, 0x39, 0x39, - 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x30, 0x59, - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x03, 0x42, 0x00, 0x04, 0x10, 0xef, 0x02, 0xa8, 0x1a, 0x87, 0xb6, 0x81, 0x21, 0xfb, 0xa8, 0xd3, 0x19, 0x78, 0xf8, 0x07, 0xa3, - 0x17, 0xe5, 0x0a, 0xa8, 0xa8, 0x28, 0x44, 0x68, 0x28, 0x91, 0x4b, 0x93, 0x3d, 0xe8, 0xed, 0xd4, 0xa5, 0xc3, 0x9c, 0x9f, 0xf7, - 0x1a, 0x4c, 0xe3, 0x64, 0x7f, 0xd7, 0xf6, 0x26, 0x53, 0xb7, 0xd2, 0x49, 0x5f, 0xcb, 0xa4, 0xc0, 0xf4, 0x7f, 0x87, 0x68, 0x80, - 0x03, 0x9e, 0x07, 0x20, 0x4a, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, - 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, - 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f, - 0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, 0xea, 0x69, 0x68, 0x82, 0xd5, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f, 0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, 0xea, - 0x69, 0x68, 0x82, 0xd5, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, - 0x02, 0x21, 0x00, 0xb9, 0xef, 0xdb, 0x3e, 0xa0, 0x6a, 0x52, 0xec, 0x0b, 0xf0, 0x1e, 0x61, 0xda, 0xed, 0x2c, 0x2d, 0x15, 0x6d, - 0xdb, 0x6c, 0xf0, 0x14, 0x10, 0x1d, 0xab, 0x79, 0x8f, 0xac, 0x05, 0xfa, 0x47, 0xe5, 0x02, 0x20, 0x60, 0x06, 0x1d, 0x3e, 0x35, - 0xd6, 0x0d, 0x9d, 0x4b, 0x0d, 0x44, 0x8d, 0xad, 0x76, 0x12, 0xf7, 0xe8, 0x5c, 0x58, 0x2e, 0x3f, 0xc3, 0x12, 0xdc, 0x18, 0x79, - 0x4d, 0xd3, 0x73, 0x71, 0x5e, 0x5d, -}; - -extern const ByteSpan sTestCert_PAA_NoVID_Cert = ByteSpan(sTestCert_PAA_NoVID_Cert_Array); - constexpr uint8_t sTestCert_PAA_NoVID_SKID_Array[] = { 0x78, 0x5C, 0xE7, 0x05, 0xB8, 0x6B, 0x8F, 0x4E, 0x6F, 0xC7, 0x93, 0xAA, 0x60, 0xCB, 0x43, 0xEA, 0x69, 0x68, 0x82, 0xD5, }; @@ -4289,10 +4233,5 @@ constexpr uint8_t sTestCert_PAI_FFF2_NoPID_Resigned_SKID_Array[] = { extern const ByteSpan sTestCert_PAI_FFF2_NoPID_Resigned_SKID = ByteSpan(sTestCert_PAI_FFF2_NoPID_Resigned_SKID_Array); -extern constexpr Span kTestAttestationTrustStoreRoots((const ByteSpan[]){ - sTestCert_PAA_FFF1_Cert, - sTestCert_PAA_NoVID_Cert, -}); - } // namespace TestCerts } // namespace chip diff --git a/src/credentials/tests/CHIPAttCert_test_vectors.h b/src/credentials/tests/CHIPAttCert_test_vectors.h index 8be73c4a38f09d..00f013bf6b7b2e 100644 --- a/src/credentials/tests/CHIPAttCert_test_vectors.h +++ b/src/credentials/tests/CHIPAttCert_test_vectors.h @@ -23,9 +23,6 @@ namespace chip { namespace TestCerts { -// Root CA certs for chip::Credentials::GetTestAttestationTrustStore() -extern const Span kTestAttestationTrustStoreRoots; - extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Cert; extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_SKID; extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_PublicKey; @@ -316,7 +313,7 @@ extern const ByteSpan sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_SKID; extern const ByteSpan sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PublicKey; extern const ByteSpan sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PrivateKey; -extern const ByteSpan sTestCert_PAA_FFF1_Cert; +// Cert is provided in the PAA store file as it is used in the default verifier. extern const ByteSpan sTestCert_PAA_FFF1_SKID; extern const ByteSpan sTestCert_PAA_FFF1_PublicKey; extern const ByteSpan sTestCert_PAA_FFF1_PrivateKey; @@ -331,7 +328,7 @@ extern const ByteSpan sTestCert_PAA_FFF2_ValInPast_SKID; extern const ByteSpan sTestCert_PAA_FFF2_ValInPast_PublicKey; extern const ByteSpan sTestCert_PAA_FFF2_ValInPast_PrivateKey; -extern const ByteSpan sTestCert_PAA_NoVID_Cert; +// Cert is provided in the PAA store file as it is used in the default verifier. extern const ByteSpan sTestCert_PAA_NoVID_SKID; extern const ByteSpan sTestCert_PAA_NoVID_PublicKey; extern const ByteSpan sTestCert_PAA_NoVID_PrivateKey; diff --git a/src/credentials/tests/TestDeviceAttestationCredentials.cpp b/src/credentials/tests/TestDeviceAttestationCredentials.cpp index c24b0468d90f5e..4707caa3bc6669 100644 --- a/src/credentials/tests/TestDeviceAttestationCredentials.cpp +++ b/src/credentials/tests/TestDeviceAttestationCredentials.cpp @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include diff --git a/src/crypto/tests/BUILD.gn b/src/crypto/tests/BUILD.gn index 0f2fde50996481..cc08520c6dfbbf 100644 --- a/src/crypto/tests/BUILD.gn +++ b/src/crypto/tests/BUILD.gn @@ -64,6 +64,7 @@ chip_test_suite("tests") { cflags = [ "-Wconversion" ] public_deps = [ + "${chip_root}/src/credentials:test_paa_store", "${chip_root}/src/credentials/tests:cert_test_vectors", "${chip_root}/src/crypto", "${chip_root}/src/lib/core", diff --git a/src/crypto/tests/CHIPCryptoPALTest.cpp b/src/crypto/tests/CHIPCryptoPALTest.cpp index fd2c79b06c5b10..14e5ec9c052ead 100644 --- a/src/crypto/tests/CHIPCryptoPALTest.cpp +++ b/src/crypto/tests/CHIPCryptoPALTest.cpp @@ -57,6 +57,7 @@ #endif #include +#include #include #include