diff --git a/src/credentials/CHIPCert.cpp b/src/credentials/CHIPCert.cpp index 3949f558f1e39e..70dc24dd6cb20a 100644 --- a/src/credentials/CHIPCert.cpp +++ b/src/credentials/CHIPCert.cpp @@ -40,6 +40,7 @@ #include #include #include +#include #include namespace chip { @@ -58,8 +59,6 @@ ChipCertificateSet::ChipCertificateSet() mCerts = nullptr; mCertCount = 0; mMaxCerts = 0; - mDecodeBuf = nullptr; - mDecodeBufSize = 0; mMemoryAllocInternal = false; } @@ -68,7 +67,7 @@ ChipCertificateSet::~ChipCertificateSet() Release(); } -CHIP_ERROR ChipCertificateSet::Init(uint8_t maxCertsArraySize, uint16_t decodeBufSize) +CHIP_ERROR ChipCertificateSet::Init(uint8_t maxCertsArraySize) { CHIP_ERROR err = CHIP_NO_ERROR; @@ -76,12 +75,7 @@ CHIP_ERROR ChipCertificateSet::Init(uint8_t maxCertsArraySize, uint16_t decodeBu mCerts = reinterpret_cast(chip::Platform::MemoryAlloc(sizeof(ChipCertificateData) * maxCertsArraySize)); VerifyOrExit(mCerts != nullptr, err = CHIP_ERROR_NO_MEMORY); - VerifyOrExit(decodeBufSize > 0, err = CHIP_ERROR_INVALID_ARGUMENT); - mDecodeBuf = reinterpret_cast(chip::Platform::MemoryAlloc(decodeBufSize)); - VerifyOrExit(mDecodeBuf != nullptr, err = CHIP_ERROR_NO_MEMORY); - mMaxCerts = maxCertsArraySize; - mDecodeBufSize = decodeBufSize; mMemoryAllocInternal = true; Clear(); @@ -95,20 +89,15 @@ CHIP_ERROR ChipCertificateSet::Init(uint8_t maxCertsArraySize, uint16_t decodeBu return err; } -CHIP_ERROR ChipCertificateSet::Init(ChipCertificateData * certsArray, uint8_t certsArraySize, uint8_t * decodeBuf, - uint16_t decodeBufSize) +CHIP_ERROR ChipCertificateSet::Init(ChipCertificateData * certsArray, uint8_t certsArraySize) { CHIP_ERROR err = CHIP_NO_ERROR; VerifyOrExit(certsArray != nullptr, err = CHIP_ERROR_INVALID_ARGUMENT); VerifyOrExit(certsArraySize > 0, err = CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrExit(decodeBuf != nullptr, err = CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrExit(decodeBufSize > 0, err = CHIP_ERROR_INVALID_ARGUMENT); mCerts = certsArray; mMaxCerts = certsArraySize; - mDecodeBuf = decodeBuf; - mDecodeBufSize = decodeBufSize; mMemoryAllocInternal = false; Clear(); @@ -127,11 +116,6 @@ void ChipCertificateSet::Release() chip::Platform::MemoryFree(mCerts); mCerts = nullptr; } - if (mDecodeBuf != nullptr) - { - chip::Platform::MemoryFree(mDecodeBuf); - mDecodeBuf = nullptr; - } } } @@ -187,11 +171,29 @@ CHIP_ERROR ChipCertificateSet::LoadCert(TLVReader & reader, BitFlags asn1TBSBuf; + ReturnErrorCodeIf(!asn1TBSBuf.Alloc(kMaxCHIPCertDecodeBufLength), CHIP_ERROR_NO_MEMORY); + + // Initialize an ASN1Writer and convert the TBS (to-be-signed) portion of the certificate to ASN.1 DER + // encoding. At the same time, parse various components within the certificate and set the corresponding + // fields in the CertificateData object. + writer.Init(asn1TBSBuf.Get(), kMaxCHIPCertDecodeBufLength); + ReturnErrorOnFailure(DecodeConvertTBSCert(reader, writer, cert)); + + // Generate a SHA hash of the encoded TBS certificate. + chip::Crypto::Hash_SHA256(asn1TBSBuf.Get(), writer.GetLengthWritten(), cert.mTBSHash); + + cert.mCertFlags.Set(CertFlags::kTBSHashPresent); + } + else + { + // Initialize an ASN1Writer as a NullWriter. + writer.InitNullWriter(); + ReturnErrorOnFailure(DecodeConvertTBSCert(reader, writer, cert)); + } // Verify the cert has both the Subject Key Id and Authority Key Id extensions present. // Only certs with both these extensions are supported for the purposes of certificate validation. @@ -201,15 +203,6 @@ CHIP_ERROR ChipCertificateSet::LoadCert(TLVReader & reader, BitFlags(opcert.size()), BitFlags())); diff --git a/src/credentials/CHIPCert.h b/src/credentials/CHIPCert.h index 42d4dc97f6e2af..0fb638afeab5bd 100644 --- a/src/credentials/CHIPCert.h +++ b/src/credentials/CHIPCert.h @@ -366,9 +366,6 @@ class DLL_EXPORT ChipCertificateSet aOther.mCerts = nullptr; mCertCount = aOther.mCertCount; mMaxCerts = aOther.mMaxCerts; - mDecodeBuf = aOther.mDecodeBuf; - aOther.mDecodeBuf = nullptr; - mDecodeBufSize = aOther.mDecodeBufSize; mMemoryAllocInternal = aOther.mMemoryAllocInternal; return *this; @@ -380,11 +377,10 @@ class DLL_EXPORT ChipCertificateSet * allocated internally using chip::Platform::MemoryAlloc() and freed with chip::Platform::MemoryFree(). * * @param maxCertsArraySize Maximum number of CHIP certificates to be loaded to the set. - * @param decodeBufSize Size of the buffer that should be allocated to perform CHIP certificate decoding. * * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise **/ - CHIP_ERROR Init(uint8_t maxCertsArraySize, uint16_t decodeBufSize); + CHIP_ERROR Init(uint8_t maxCertsArraySize); /** * @brief Initialize ChipCertificateSet. @@ -393,12 +389,10 @@ class DLL_EXPORT ChipCertificateSet * * @param certsArray A pointer to the array of the ChipCertificateData structures. * @param certsArraySize Number of ChipCertificateData entries in the array. - * @param decodeBuf Buffer to use for temporary storage of intermediate processing results. - * @param decodeBufSize Size of decoding buffer. * * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise **/ - CHIP_ERROR Init(ChipCertificateData * certsArray, uint8_t certsArraySize, uint8_t * decodeBuf, uint16_t decodeBufSize); + CHIP_ERROR Init(ChipCertificateData * certsArray, uint8_t certsArraySize); /** * @brief Release resources allocated by this class. @@ -544,8 +538,6 @@ class DLL_EXPORT ChipCertificateSet had their constructor called, or have had their destructor called since then. */ uint8_t mMaxCerts; /**< Length of mCerts array. */ - uint8_t * mDecodeBuf; /**< Certificate decode buffer. */ - uint16_t mDecodeBufSize; /**< Certificate decode buffer size. */ bool mMemoryAllocInternal; /**< Indicates whether temporary memory buffers are allocated internally. */ /** diff --git a/src/credentials/CHIPOperationalCredentials.cpp b/src/credentials/CHIPOperationalCredentials.cpp index faaba5c5152f35..3c519823af1c51 100644 --- a/src/credentials/CHIPOperationalCredentials.cpp +++ b/src/credentials/CHIPOperationalCredentials.cpp @@ -35,8 +35,7 @@ namespace chip { namespace Credentials { -static constexpr size_t kOperationalCertificatesMax = 3; -static constexpr size_t kOperationalCertificateDecodeBufSize = 1024; +static constexpr size_t kOperationalCertificatesMax = 3; using namespace chip::Crypto; @@ -306,7 +305,7 @@ CHIP_ERROR OperationalCredentialSet::FromSerializable(const OperationalCredentia ChipCertificateSet certificateSet; CertificateKeyId trustedRootId; - SuccessOrExit(err = certificateSet.Init(kOperationalCertificatesMax, kOperationalCertificateDecodeBufSize)); + SuccessOrExit(err = certificateSet.Init(kOperationalCertificatesMax)); err = certificateSet.LoadCert(serializable.mRootCertificate, serializable.mRootCertificateLen, BitFlags(CertDecodeFlags::kIsTrustAnchor)); diff --git a/src/credentials/tests/TestChipCert.cpp b/src/credentials/tests/TestChipCert.cpp index d15cfe2221b312..281c31beb3e723 100644 --- a/src/credentials/tests/TestChipCert.cpp +++ b/src/credentials/tests/TestChipCert.cpp @@ -350,8 +350,9 @@ static void TestChipCert_CertValidation(nlTestSuite * inSuite, void * inContext) ChipCertificateData * resultCert = nullptr; const ValidationTestCase & testCase = sValidationTestCases[i]; - // Initialize the certificate set and load the specified test certificates. - certSet.Init(kMaxCertsPerTestCase, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(kMaxCertsPerTestCase); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); + for (size_t i2 = 0; i2 < kMaxCertsPerTestCase; i2++) { if (testCase.InputCerts[i2].Type != TestCert::kNone) @@ -409,7 +410,8 @@ static void TestChipCert_CertValidTime(nlTestSuite * inSuite, void * inContext) ChipCertificateSet certSet; ValidationContext validContext; - certSet.Init(kStandardCertsCount, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(kStandardCertsCount); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); err = LoadTestCertSet01(certSet); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); @@ -485,6 +487,7 @@ static void TestChipCert_CertUsage(nlTestSuite * inSuite, void * inContext) CHIP_ERROR err; ChipCertificateSet certSet; ValidationContext validContext; + ChipCertificateData certDataArray[kStandardCertsCount]; struct UsageTestCase { @@ -569,7 +572,8 @@ static void TestChipCert_CertUsage(nlTestSuite * inSuite, void * inContext) // clang-format on size_t sNumUsageTestCases = sizeof(sUsageTestCases) / sizeof(sUsageTestCases[0]); - certSet.Init(kStandardCertsCount, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(certDataArray, sizeof(certDataArray) / sizeof(ChipCertificateData)); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); err = LoadTestCertSet01(certSet); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); @@ -624,8 +628,9 @@ static void TestChipCert_CertType(nlTestSuite * inSuite, void * inContext) const TestCase & testCase = sTestCases[i]; uint8_t certType; - // Initialize the certificate set and load the test certificate. - certSet.Init(1, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(1); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); + err = LoadTestCert(certSet, testCase.Cert, sNullLoadFlag, sNullDecodeFlag); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); @@ -641,6 +646,7 @@ static void TestChipCert_CertId(nlTestSuite * inSuite, void * inContext) { CHIP_ERROR err; ChipCertificateSet certSet; + ChipCertificateData certData[1]; struct TestCase { @@ -671,8 +677,9 @@ static void TestChipCert_CertId(nlTestSuite * inSuite, void * inContext) const TestCase & testCase = sTestCases[i]; uint64_t chipId; - // Initialize the certificate set and load the test certificate. - certSet.Init(1, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(certData, 1); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); + err = LoadTestCert(certSet, testCase.Cert, sNullLoadFlag, sNullDecodeFlag); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); @@ -690,7 +697,8 @@ static void TestChipCert_LoadDuplicateCerts(nlTestSuite * inSuite, void * inCont ChipCertificateSet certSet; ValidationContext validContext; - certSet.Init(kStandardCertsCount, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(kStandardCertsCount); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); // Let's load two distinct certificates, and make sure cert count is 2 err = LoadTestCert(certSet, TestCert::kRoot01, sNullLoadFlag, sTrustAnchorFlag); @@ -936,7 +944,7 @@ static void TestChipCert_VerifyGeneratedCerts(nlTestSuite * inSuite, void * inCo sizeof(noc_cert), noc_len) == CHIP_NO_ERROR); ChipCertificateSet certSet; - NL_TEST_ASSERT(inSuite, certSet.Init(3, kMaxCHIPCertDecodeBufLength) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.Init(3) == CHIP_NO_ERROR); static uint8_t rootCertBuf[kMaxCHIPCertLength]; static uint8_t icaCertBuf[kMaxCHIPCertLength]; @@ -946,25 +954,17 @@ static void TestChipCert_VerifyGeneratedCerts(nlTestSuite * inSuite, void * inCo NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(ByteSpan(root_cert, root_len), rootCertBuf, sizeof(rootCertBuf), outCertLen) == CHIP_NO_ERROR); - NL_TEST_ASSERT( - inSuite, - certSet.LoadCert(rootCertBuf, outCertLen, - BitFlags(CertDecodeFlags::kIsTrustAnchor).Set(CertDecodeFlags::kGenerateTBSHash)) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.LoadCert(rootCertBuf, outCertLen, sTrustAnchorFlag) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(ByteSpan(ica_cert, ica_len), icaCertBuf, sizeof(icaCertBuf), outCertLen) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - certSet.LoadCert(icaCertBuf, outCertLen, BitFlags(CertDecodeFlags::kGenerateTBSHash)) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.LoadCert(icaCertBuf, outCertLen, sGenTBSHashFlag) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(ByteSpan(noc_cert, noc_len), nocCertBuf, sizeof(nocCertBuf), outCertLen) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - certSet.LoadCert(nocCertBuf, outCertLen, BitFlags(CertDecodeFlags::kGenerateTBSHash)) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.LoadCert(nocCertBuf, outCertLen, sGenTBSHashFlag) == CHIP_NO_ERROR); ValidationContext validContext; @@ -1024,11 +1024,10 @@ static void TestChipCert_X509ToChipArray(nlTestSuite * inSuite, void * inContext NL_TEST_ASSERT(inSuite, outCert.size() <= sizeof(outCertBuf)); ChipCertificateSet certSet; - NL_TEST_ASSERT(inSuite, certSet.Init(3, kMaxCHIPCertDecodeBufLength) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.Init(3) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - certSet.LoadCerts(outCert.data(), static_cast(outCert.size()), - BitFlags(CertDecodeFlags::kGenerateTBSHash)) == CHIP_NO_ERROR); + certSet.LoadCerts(outCert.data(), static_cast(outCert.size()), sGenTBSHashFlag) == CHIP_NO_ERROR); static uint8_t rootCertBuf[kMaxCHIPCertLength]; @@ -1036,11 +1035,7 @@ static void TestChipCert_X509ToChipArray(nlTestSuite * inSuite, void * inContext NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(ByteSpan(root_cert, root_len), rootCertBuf, sizeof(rootCertBuf), outCertLen) == CHIP_NO_ERROR); - NL_TEST_ASSERT( - inSuite, - certSet.LoadCert(rootCertBuf, outCertLen, - BitFlags(CertDecodeFlags::kIsTrustAnchor).Set(CertDecodeFlags::kGenerateTBSHash)) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.LoadCert(rootCertBuf, outCertLen, sTrustAnchorFlag) == CHIP_NO_ERROR); ValidationContext validContext; @@ -1089,22 +1084,17 @@ static void TestChipCert_X509ToChipArrayNoICA(nlTestSuite * inSuite, void * inCo NL_TEST_ASSERT(inSuite, outCert.size() <= sizeof(outCertBuf)); ChipCertificateSet certSet; - NL_TEST_ASSERT(inSuite, certSet.Init(3, kMaxCHIPCertDecodeBufLength) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.Init(3) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - certSet.LoadCerts(outCert.data(), static_cast(outCert.size()), - BitFlags(CertDecodeFlags::kGenerateTBSHash)) == CHIP_NO_ERROR); + certSet.LoadCerts(outCert.data(), static_cast(outCert.size()), sGenTBSHashFlag) == CHIP_NO_ERROR); static uint8_t rootCertBuf[kMaxCHIPCertLength]; NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(ByteSpan(root_cert, root_len), rootCertBuf, sizeof(rootCertBuf), outCertLen) == CHIP_NO_ERROR); - NL_TEST_ASSERT( - inSuite, - certSet.LoadCert(rootCertBuf, outCertLen, - BitFlags(CertDecodeFlags::kIsTrustAnchor).Set(CertDecodeFlags::kGenerateTBSHash)) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.LoadCert(rootCertBuf, outCertLen, sTrustAnchorFlag) == CHIP_NO_ERROR); ValidationContext validContext; @@ -1225,26 +1215,22 @@ static void TestChipCert_ChipArrayToChipCerts(nlTestSuite * inSuite, void * inCo NL_TEST_ASSERT(inSuite, ExtractCertsFromCertArray(outCert, noc_chip_cert, ica_chip_cert) == CHIP_NO_ERROR); ChipCertificateSet certSet; - NL_TEST_ASSERT(inSuite, certSet.Init(3, kMaxDERCertLength) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.Init(3) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - certSet.LoadCert(noc_chip_cert.data(), static_cast(noc_chip_cert.size()), - BitFlags(CertDecodeFlags::kGenerateTBSHash)) == CHIP_NO_ERROR); + certSet.LoadCert(noc_chip_cert.data(), static_cast(noc_chip_cert.size()), sGenTBSHashFlag) == + CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - certSet.LoadCert(ica_chip_cert.data(), static_cast(ica_chip_cert.size()), - BitFlags(CertDecodeFlags::kGenerateTBSHash)) == CHIP_NO_ERROR); + certSet.LoadCert(ica_chip_cert.data(), static_cast(ica_chip_cert.size()), sGenTBSHashFlag) == + CHIP_NO_ERROR); static uint8_t rootCertBuf[kMaxDERCertLength]; NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(ByteSpan(root_cert, root_len), rootCertBuf, sizeof(rootCertBuf), outCertLen) == CHIP_NO_ERROR); - NL_TEST_ASSERT( - inSuite, - certSet.LoadCert(rootCertBuf, outCertLen, - BitFlags(CertDecodeFlags::kIsTrustAnchor).Set(CertDecodeFlags::kGenerateTBSHash)) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.LoadCert(rootCertBuf, outCertLen, sTrustAnchorFlag) == CHIP_NO_ERROR); ValidationContext validContext; @@ -1297,22 +1283,18 @@ static void TestChipCert_ChipArrayToChipCertsNoICA(nlTestSuite * inSuite, void * NL_TEST_ASSERT(inSuite, ica_chip_cert.data() == nullptr && ica_chip_cert.size() == 0); ChipCertificateSet certSet; - NL_TEST_ASSERT(inSuite, certSet.Init(3, kMaxDERCertLength) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.Init(3) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - certSet.LoadCert(noc_chip_cert.data(), static_cast(noc_chip_cert.size()), - BitFlags(CertDecodeFlags::kGenerateTBSHash)) == CHIP_NO_ERROR); + certSet.LoadCert(noc_chip_cert.data(), static_cast(noc_chip_cert.size()), sGenTBSHashFlag) == + CHIP_NO_ERROR); static uint8_t rootCertBuf[kMaxDERCertLength]; NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(ByteSpan(root_cert, root_len), rootCertBuf, sizeof(rootCertBuf), outCertLen) == CHIP_NO_ERROR); - NL_TEST_ASSERT( - inSuite, - certSet.LoadCert(rootCertBuf, outCertLen, - BitFlags(CertDecodeFlags::kIsTrustAnchor).Set(CertDecodeFlags::kGenerateTBSHash)) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, certSet.LoadCert(rootCertBuf, outCertLen, sTrustAnchorFlag) == CHIP_NO_ERROR); ValidationContext validContext; @@ -1373,7 +1355,7 @@ static void TestChipCert_ExtractPeerId(nlTestSuite * inSuite, void * inContext) ChipCertificateSet certSet; for (auto & testCase : sTestCases) { - CHIP_ERROR err = certSet.Init(1, kMaxCHIPCertDecodeBufLength); + CHIP_ERROR err = certSet.Init(1); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); err = LoadTestCert(certSet, testCase.Cert, sNullLoadFlag, sNullDecodeFlag); diff --git a/src/credentials/tests/TestChipOperationalCredentials.cpp b/src/credentials/tests/TestChipOperationalCredentials.cpp index 5bf98861b27938..ddd0d7b49fba71 100644 --- a/src/credentials/tests/TestChipOperationalCredentials.cpp +++ b/src/credentials/tests/TestChipOperationalCredentials.cpp @@ -121,8 +121,9 @@ static void TestChipOperationalCredentials_CertValidation(nlTestSuite * inSuite, ChipCertificateData * resultCert = nullptr; const ValidationTestCase & testCase = sValidationTestCases[i]; - // Initialize the certificate set and load the specified test certificates. - certSet.Init(kMaxCertsPerTestCase, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(kMaxCertsPerTestCase); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); + for (size_t i2 = 0; i2 < kMaxCertsPerTestCase; i2++) { if (testCase.InputCerts[i2].Type != TestCerts::kNone) @@ -193,7 +194,8 @@ static void TestChipOperationalCredentials_Serialization(nlTestSuite * inSuite, }; // Initialize the certificate set and load the specified test certificates. - certSet.Init(kMaxCerts, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(kMaxCerts); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); err = LoadTestCert(certSet, TestCerts::kRoot01, sNullLoadFlag, sTrustAnchorFlag); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); err = LoadTestCert(certSet, TestCerts::kICA01, sNullLoadFlag, sGenTBSHashFlag); diff --git a/src/protocols/secure_channel/CASESession.cpp b/src/protocols/secure_channel/CASESession.cpp index 92df2f16ccaf2c..fc58c0ae188fc9 100644 --- a/src/protocols/secure_channel/CASESession.cpp +++ b/src/protocols/secure_channel/CASESession.cpp @@ -1197,7 +1197,7 @@ CHIP_ERROR CASESession::Validate_and_RetrieveResponderID(const uint8_t * respond ChipCertificateSet certSet; // Certificate set can contain up to 3 certs (NOC, ICA cert, and Root CA cert) - ReturnErrorOnFailure(certSet.Init(3, kMaxCHIPCertDecodeBufLength)); + ReturnErrorOnFailure(certSet.Init(3)); Encoding::LittleEndian::BufferWriter bbuf(responderID, responderID.Length()); ReturnErrorOnFailure( diff --git a/src/protocols/secure_channel/tests/TestCASESession.cpp b/src/protocols/secure_channel/tests/TestCASESession.cpp index 90b5644105eeba..1978c442cd8488 100644 --- a/src/protocols/secure_channel/tests/TestCASESession.cpp +++ b/src/protocols/secure_channel/tests/TestCASESession.cpp @@ -112,9 +112,9 @@ static CHIP_ERROR InitCredentialSets() ReturnErrorOnFailure(accessoryOpKeys.Deserialize(accessoryOpKeysSerialized)); - ReturnErrorOnFailure(commissionerCertificateSet.Init(kStandardCertsCount, kMaxCHIPCertDecodeBufLength)); + ReturnErrorOnFailure(commissionerCertificateSet.Init(kStandardCertsCount)); - ReturnErrorOnFailure(accessoryCertificateSet.Init(kStandardCertsCount, kMaxCHIPCertDecodeBufLength)); + ReturnErrorOnFailure(accessoryCertificateSet.Init(kStandardCertsCount)); // Add the trusted root certificate to the certificate set. ReturnErrorOnFailure(commissionerCertificateSet.LoadCert(sTestCert_Root01_Chip, sTestCert_Root01_Chip_Len, diff --git a/src/tools/chip-cert/Cmd_PrintCert.cpp b/src/tools/chip-cert/Cmd_PrintCert.cpp index 06913ce0e30794..629a61c38ab789 100644 --- a/src/tools/chip-cert/Cmd_PrintCert.cpp +++ b/src/tools/chip-cert/Cmd_PrintCert.cpp @@ -221,7 +221,7 @@ bool PrintCert(const char * fileName, X509 * cert) res = X509ToChipCert(cert, certBuf.get(), kMaxCHIPCertLength, certLen); VerifyTrueOrExit(res); - err = certSet.Init(1, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(1); if (err != CHIP_NO_ERROR) { fprintf(stderr, "Failed to initialize certificate set: %s\n", chip::ErrorStr(err)); diff --git a/src/tools/chip-cert/Cmd_ValidateCert.cpp b/src/tools/chip-cert/Cmd_ValidateCert.cpp index ded3a91ce2b5f3..b9790c75b369f9 100644 --- a/src/tools/chip-cert/Cmd_ValidateCert.cpp +++ b/src/tools/chip-cert/Cmd_ValidateCert.cpp @@ -159,7 +159,7 @@ bool Cmd_ValidateCert(int argc, char * argv[]) res = ParseArgs(CMD_NAME, argc, argv, gCmdOptionSets, HandleNonOptionArgs); VerifyTrueOrExit(res); - err = certSet.Init(kMaxCerts, kMaxCHIPCertDecodeBufLength); + err = certSet.Init(kMaxCerts); if (err != CHIP_NO_ERROR) { fprintf(stderr, "Failed to initialize certificate set: %s\n", chip::ErrorStr(err)); diff --git a/src/transport/AdminPairingTable.cpp b/src/transport/AdminPairingTable.cpp index e8eaa574efbf09..fed72a2e549563 100644 --- a/src/transport/AdminPairingTable.cpp +++ b/src/transport/AdminPairingTable.cpp @@ -360,7 +360,7 @@ CHIP_ERROR AdminPairingInfo::GetCredentials(OperationalCredentialSet & credentia CertificateKeyId & rootKeyId) { constexpr uint8_t kMaxNumCertsInOpCreds = 3; - ReturnErrorOnFailure(certificates.Init(kMaxNumCertsInOpCreds, kMaxCHIPCertLength * kMaxNumCertsInOpCreds)); + ReturnErrorOnFailure(certificates.Init(kMaxNumCertsInOpCreds)); ReturnErrorOnFailure( certificates.LoadCert(mRootCert, mRootCertLen,