From 2329120619d13762680388986ece9c35647dcde6 Mon Sep 17 00:00:00 2001 From: C Freeman Date: Tue, 22 Aug 2023 17:34:09 -0400 Subject: [PATCH] Add two additional CD checks, fix test, add comments (#28789) --- src/credentials/CertificationDeclaration.h | 8 ++++++++ .../DefaultDeviceAttestationVerifier.cpp | 8 ++++++++ .../tests/TestCommissionerDUTVectors.cpp | 14 +++++++++++--- 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/src/credentials/CertificationDeclaration.h b/src/credentials/CertificationDeclaration.h index 8d4b6b2662e6aa..3c5fee096466f7 100644 --- a/src/credentials/CertificationDeclaration.h +++ b/src/credentials/CertificationDeclaration.h @@ -93,6 +93,14 @@ struct CertificationElementsWithoutPIDs char certificateId[kCertificateIdLength + 1] = { 0 }; }; +enum class CertificationType : uint8_t +{ + kDevelopmentAndTest, + kProvisional, + kOfficial, + kReserved, +}; + class CertificationElementsDecoder { public: diff --git a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp index 475feddb475163..75c2135cf33799 100644 --- a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp +++ b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp @@ -505,6 +505,14 @@ AttestationVerificationResult DefaultDACVerifier::ValidateCertificateDeclaration // TODO: validate contents based on DCL } + // Verify the cd elements are as required by the spec + // security_level, security_information are meant to be ignored. version_number is not meant to be interpreted by the + // commissioners. + if (cdContent.formatVersion != 1 || cdContent.certificationType >= chip::to_underlying(CertificationType::kReserved)) + { + return AttestationVerificationResult::kAttestationElementsMalformed; + } + // The vendor_id field in the Certification Declaration SHALL match the VendorID attribute found in the Basic Information // cluster VerifyOrReturnError(cdContent.vendorId == deviceInfo.vendorId, diff --git a/src/credentials/tests/TestCommissionerDUTVectors.cpp b/src/credentials/tests/TestCommissionerDUTVectors.cpp index 99a586d1b5b5b8..4c7efea882c4c2 100644 --- a/src/credentials/tests/TestCommissionerDUTVectors.cpp +++ b/src/credentials/tests/TestCommissionerDUTVectors.cpp @@ -148,10 +148,18 @@ static void TestCommissionerDUTVectors(nlTestSuite * inSuite, void * inContext) example_dac_verifier->VerifyAttestationInformation(info, &attestationInformationVerificationCallback); bool isSuccessCase = dacProvider.IsSuccessCase(); - // The DefaultDACVerifier doesn't currently check validity of CD elements values. + // The following test vectors are success conditions for an SDK commissioner for the following reasons: + // struct_cd_device_type_id_mismatch - requires DCL access, which the SDK does not have and is not required + // struct_cd_security_info_wrong - while devices are required to set this to 0, commissioners are required to ignore it + // (see 6.3.1) + // hence this is marked as a failure for devices, but should be a success case for + // commissioners + // struct_cd_security_level_wrong - as with security info, commissioners are required to ignore this value (see 6.3.1) + // struct_cd_version_number_wrong - this value is not meant to be interpreted by commissioners, so errors here should be + // ignored (6.3.1) + // struct_cd_cert_id_mismatch - requires DCL access, which the SDK does not have and is not required. if (strstr(entry->d_name, "struct_cd_device_type_id_mismatch") || strstr(entry->d_name, "struct_cd_security_info_wrong") || - strstr(entry->d_name, "struct_cd_cert_type_wrong") || strstr(entry->d_name, "struct_cd_security_level_wrong") || - strstr(entry->d_name, "struct_cd_version_number_wrong") || strstr(entry->d_name, "struct_cd_format_version_2") || + strstr(entry->d_name, "struct_cd_security_level_wrong") || strstr(entry->d_name, "struct_cd_version_number_wrong") || strstr(entry->d_name, "struct_cd_cert_id_mismatch")) { isSuccessCase = true;