From 83123f87970879edcbc170b2bbba49cb154408b9 Mon Sep 17 00:00:00 2001 From: Evgeny Margolis <emargolis@google.com> Date: Thu, 6 Oct 2022 05:04:23 -0700 Subject: [PATCH] Updated CSA Official CD Signing Certificates (#23027) (#23037) --- .../CSA_Matter_CD_Signing_Key_001.cert.der | Bin 0 -> 523 bytes .../CSA_Matter_CD_Signing_Key_001.cert.pem | 13 ++ .../CSA_Matter_CD_Signing_Key_002.cert.der | Bin 0 -> 524 bytes .../CSA_Matter_CD_Signing_Key_002.cert.pem | 13 ++ .../CSA_Matter_CD_Signing_Key_003.cert.der | Bin 0 -> 522 bytes .../CSA_Matter_CD_Signing_Key_003.cert.pem | 13 ++ .../CSA_Matter_CD_Signing_Key_004.cert.der | Bin 0 -> 522 bytes .../CSA_Matter_CD_Signing_Key_004.cert.pem | 13 ++ .../CSA_Matter_CD_Signing_Key_005.cert.der | Bin 0 -> 523 bytes .../CSA_Matter_CD_Signing_Key_005.cert.pem | 13 ++ ...tter_Certificate_and_Testing_Root.cert.der | Bin 0 -> 517 bytes ...tter_Certificate_and_Testing_Root.cert.pem | 13 ++ .../cd-certs/Chip-Test-CD-Cert.pem | 12 ++ .../credentials/TestHarnessDACProvider.cpp | 22 +-- .../DefaultDeviceAttestationVerifier.cpp | 155 +++++++++++++++--- .../DeviceAttestationCredsExample.cpp | 24 +-- 16 files changed, 248 insertions(+), 43 deletions(-) create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_001.cert.der create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_001.cert.pem create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_002.cert.der create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_002.cert.pem create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_003.cert.der create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_003.cert.pem create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_004.cert.der create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_004.cert.pem create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_005.cert.der create mode 100644 credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_005.cert.pem create mode 100644 credentials/development/cd-certs/CSA_Matter_Certificate_and_Testing_Root.cert.der create mode 100644 credentials/development/cd-certs/CSA_Matter_Certificate_and_Testing_Root.cert.pem create mode 100644 credentials/development/cd-certs/Chip-Test-CD-Cert.pem diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_001.cert.der b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_001.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..0bcdc2c37db44bb15611c557ddc62233c3a18d9a GIT binary patch literal 523 zcmXqLVq!OFVqCj`nTe5!i9NYEF*zmM(144LL#xf>oGlA8lR=On50K9s%EHCN>>TW9 zsAHf7;xY3m`zDr@q!uYSrxulDre!84mSpDVDJ15lD1@XImt^LpD>yqEiWms7acQ$L zvM@F+s$pW}VR1HfG%!#Q=QT1iG%zqWv^26XHI0(sH!?6cGO#o<fC?BypxJ6<U;wdI z6V*DG)a0DRB8b(&ndx~TYrRt|6$}gvao8PcAk4-N_8k)=)SJwV?95IKEN9=nv~&5f zUHkFHl?Un+r*+Tz|9K1Zhd8m!>l>e*dY6B^(A(+xBeSV5b*?9e6fbI6m(g#&drId+ zG0mMj{l9ORsku1KAO+}M=1^H-M#ldv90qJaiiwfIfDa_b4-x|gC}W#}EQrs?BE}-} z&%}P}O!qSD#CNWi!on7w{?BUr4CF!5$}AEFVhtkGpJZM*$|7<o|2X6Kx+&$BoW0+c zB1aFi2ZMntlY)S0U*V-SA=x4A<?CfP#9oWqk*W8|>GH}KS?8SVKgUQjDKdOqw4=<m hWR~*DZ7%8>kt?QUd!9bazS1oB&@HPAAv2q90s!u1qR{{V literal 0 HcmV?d00001 diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_001.cert.pem b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_001.cert.pem new file mode 100644 index 00000000000000..93697332c9f692 --- /dev/null +++ b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_001.cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBzCCAa2gAwIBAgIHY3NhY2RrMTAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTI4NTVaGA8yMDcyMDky +MDE5Mjg1NVowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwMTEUMBIGCisGAQQBgqJ8AgEMBEM1 +QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATN7uk+RPi3K+PRqcB+IZaLmv/z +tAPwXhZp17Hlyu5vx3FLQufiNpXpLNdjVHOigK5ojze7lInhFim5uU/3sJkpo2Yw +ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +/jQ/lZlHdjth7kU5ExM4SU/mfY4wHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +OQmN9qUwCgYIKoZIzj0EAwIDSAAwRQIgEDWOcdKsVGtUh3evHbBd1lq4aS7yQtOp +6GrOQ3/zXBsCIQDxorh2RXSaI8m2RCcoWaiWa0nLzQepNm3C2jrQVJmC2Q== +-----END CERTIFICATE----- diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_002.cert.der b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_002.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..3e6046ac47a8b08cd49421a48961ec1c952c13e4 GIT binary patch literal 524 zcmXqLV&X7pVqCj`nTe5!i9NYEF*zmM$bgHDL#xf>oGlA8lR=On50K9s%EHCN>>TW9 zsAHf7;xY3m`zDr@q!uYSrxulDre!84mSpDVDJ15lD1@XImt^LpD>yqEiWms7acQ$L zvM@F+s$pW}VR1HfG%!#Q=QT1iG%zqWv@|v|F^iJmH!?6cGO#o<fC?BypxJ6<U;wdI z6V*DG)a0DRB8b(&ndx~TYrRt|6$}iFaM&GbAk4-N_8k)=)SJwV?95IKEX<PTFMc`& zvc!HW3E%CeYWKL*uSaN|Mrdt=`pzqd!){7D^!ztc4-nrJ-_yN_RqW~st54figc^kJ zpXr}^iD4!8;xvO4pm&)=WrZ0T|FduyumLG1Mg{{ukQhHm3>ct{Z3eO+J|Bx1i^yG; z+Y!-<J~9!a?a#t`zqD_=dz{fg9we>IB4HrbATs?)=7pmyB8T#iGk&j|Qf|rF`)w(5 z^e}re7`QPhGR%5+UaaQwa{fQN1TJqr`&~e~XL~{5%FuQf`Qx<~zWd97N+!Q}UZ1u0 g<flzOjxYU7@88{iZ_-je=J!eyWQ%(CW%wNe0JO55wg3PC literal 0 HcmV?d00001 diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_002.cert.pem b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_002.cert.pem new file mode 100644 index 00000000000000..c25dde22d921e8 --- /dev/null +++ b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_002.cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCDCCAa2gAwIBAgIHY3NhY2RrMjAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTM2NDZaGA8yMDcyMDky +MDE5MzY0NlowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwMjEUMBIGCisGAQQBgqJ8AgEMBEM1 +QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQDGTfo+UJRBF3ydFe7RiU+43VO +jBKuKFV9gCe51MNW2RtAjP8yJ1AXsl+Mi6IFFtXIOvK3JBKAE9/Mj5XSAKkLo2Yw +ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +3QTbWFshTBxYFYfmVo30h7bdxwEwHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +OQmN9qUwCgYIKoZIzj0EAwIDSQAwRgIhAJruzxZ806cP/LoQ07PN9xAbjLdwUalV +h0Qfx304Tb92AiEAk+jnf2qtyfKyTEHpT3Xf3bfekqUOA+8ikB1yjL5oTsI= +-----END CERTIFICATE----- diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_003.cert.der b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_003.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..6fd2138beb456bd63f3b9fe63e417295f0eedf61 GIT binary patch literal 522 zcmXqLVq!CBVqCj`nTe5!i9NYEF*zmM*no?TL#xf>oGlA8lR=On50K9s%EHCN>>TW9 zsAHf7;xY3m`zDr@q!uYSrxulDre!84mSpDVDJ15lD1@XImt^LpD>yqEiWms7acQ$L zvM@F+s$pW}VR1HfG%!#Q=QT1iG%zqWv@|g^FpQGmH!?6cGO#o<fC?BypxJ6<U;wdI z6V*DG)a0DRB8b(&ndx~TYrRt|6+mWVw>#26n2jCmJ0?b`H<=mPnVlF|=7+~z{kuI# zUSP?6!w<z1wG-VnK3%Sl&YreMXMYX1;Is+hwV|<!3#KKk*wD1t@>MW@Rikd(<gNMF zQzYV7pEdfrIL#mh=w0SeSz$)T|12B^Y(R>Mk->luB*qUC0|qE#n}IBd&&MLhBH}J! z`uu?3sulZce0_u;KRLuXb%nQqJV;uZMZ!R=L1g-q%nL_ZL=NR2XZ&6_rQDLU_uEqB z=wWteFmPc~Pzaxs+rM>YsPAgQzrPRhu%BO(`MpSCsu|O&wdsGXnSd%PrcQ0S#Z{Cu dH?O|v$6v`$`fuF66q%<LaB3%{J-6k#4ggt=oJarw literal 0 HcmV?d00001 diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_003.cert.pem b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_003.cert.pem new file mode 100644 index 00000000000000..7bd98161c47728 --- /dev/null +++ b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_003.cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBjCCAa2gAwIBAgIHY3NhY2RrMzAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTQxMDFaGA8yMDcyMDky +MDE5NDEwMVowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwMzEUMBIGCisGAQQBgqJ8AgEMBEM1 +QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASfV1zV/bdSHxCk3zHwc5ErYUco +8tN/W2uWvCy/fAsRlpBXfVVdIaCWYKiwgqM56lMPeoEthpO1b9dkGF+rzTL1o2Yw +ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +RxA158BOqqi+fE1ME+PkwgmVqEswHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +OQmN9qUwCgYIKoZIzj0EAwIDRwAwRAIgIFecbY+1mVVNqxH9+8IMB8+safdyIJU2 +AqqtZ/w7AkQCIHiVlYTaCnJsnW5/cvj9GfIv7Eb0cjdmcAkrYGbnPQzX +-----END CERTIFICATE----- diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_004.cert.der b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_004.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..8ac5b038ed8db501c11b44922087ffc9f6ef4491 GIT binary patch literal 522 zcmXqLVq!CBVqCj`nTe5!i9NYEF*zmM#DI&9L#xf>oGlA8lR=On50K9s%EHCN>>TW9 zsAHf7;xY3m`zDr@q!uYSrxulDre!84mSpDVDJ15lD1@XImt^LpD>yqEiWms7acQ$L zvM@F+s$pW}VR1HfG%!#Q=QT1iG%zqWv@|g`GK`YoH!?6cGO#o<fC?BypxJ6<U;wdI z6V*DG)a0DRB8b(&ndx~TYrRt|6$}haaM&GbAk4-N_8k)=)SJwV?95IKEH!_6I|NqD z`SMFryyDaPHx)kutEMl0T7O7**Nu+HiE<_Xx3%njy<%Cns<Ky%X}`Jk>e;yle!^^b z%M_MsTojYxUYur-0`x9(sH`v}<9`+o12!PV#K>U42NL54i2(zYvCTjh#OGrXV-fk* z#=JOFZ-zjT<Gh6rS6hVaEuVVXKprHm%pzeR)*v$dN#=#4EFy>Uk28L+n^JDc+52rN za`Z5}GZ?rqDd;VbpSasQu|3V{<n8$m)Ako`{TFuR{>sm?n{G$XuCnc8Qt;O}(fB4z fILPO_^t~Lx<xdOS&g*K49VqAi$&$gG!T1;eKoy=& literal 0 HcmV?d00001 diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_004.cert.pem b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_004.cert.pem new file mode 100644 index 00000000000000..d2297103961672 --- /dev/null +++ b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_004.cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBjCCAa2gAwIBAgIHY3NhY2RrNDAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTQzMjFaGA8yMDcyMDky +MDE5NDMyMVowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwNDEUMBIGCisGAQQBgqJ8AgEMBEM1 +QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR8/I2IEKic9PoZF3jyr+x4+FF6 +l6Plf8ITutiI42EedP+2hL3rqKaLJSNKXDWPNzurm20wThMG3XYgpSjRFhwLo2Yw +ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +9oYDo2kumBByQZ6h4as4VL13ldMwHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +OQmN9qUwCgYIKoZIzj0EAwIDRwAwRAIgLqAfkbtLYYdmQsnbn0CWv3G1/lbE36nz +HbLbW5t6PY4CIE8oyIHsVhNSTPcb3mwRp+Vxhs8tKhbAdwv5BGgDaAHj +-----END CERTIFICATE----- diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_005.cert.der b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_005.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..5ca3b5a6ccbe0404fd48b524bbd2e6329f842944 GIT binary patch literal 523 zcmXqLVq!OFVqCj`nTe5!i9NYEF*zmM)PRePL#xf>oGlA8lR=On50K9s%EHCN>>TW9 zsAHf7;xY3m`zDr@q!uYSrxulDre!84mSpDVDJ15lD1@XImt^LpD>yqEiWms7acQ$L zvM@F+s$pW}VR1HfG%!#Q=QT1iG%zqWv@|g{G>wwrH!?6cGO#o<fC?BypxJ6<U;wdI z6V*DG)a0DRB8b(&ndx~TYrRt|6$}haao8PcAk4-N_8k)=)SJwV?95IKEY4j)$C4H; zyRPQ`Gj4mZaNd)3{I{)E9?Ud!%C_Z5|0!Vg{QANj?Js`_FZ+~Vw)^Z#)5#SzLghUx zK24835~bkub8(tM3edaEp|Zk^jQ?3U4A_7a6C;BGA4rTJBnAvn#x?_45TB1lj7225 zUd?1}(yM=2-;&<%%+J5{Xa66419_0NGK++PScAy)Cz%(HvWOhYKhF5QZc4c&XYaSA z$kD^>!C>IZq{wjA-D&m{nKj-jGSf2E7;ME7+6$64$BQvWta^L?*>*z)CWT0A&(P{6 g8sAj-6+~xd#?*U%6Eb<9r*UonvX6Op<CiM|07vkhrvLx| literal 0 HcmV?d00001 diff --git a/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_005.cert.pem b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_005.cert.pem new file mode 100644 index 00000000000000..e3dfa07a6c9291 --- /dev/null +++ b/credentials/development/cd-certs/CSA_Matter_CD_Signing_Key_005.cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICBzCCAa2gAwIBAgIHY3NhY2RrNTAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTQ3MTVaGA8yMDcyMDky +MDE5NDcxNVowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwNTEUMBIGCisGAQQBgqJ8AgEMBEM1 +QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARDilLGYqKm1yZH+V63UxNu5K4P +2zqpwWkxQms9CGf5EDrn16G4h+n4E6byb3a7zak1k3h8EneMqPKXXcRaIEL5o2Yw +ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +Y38mNK1i6v5q9mLvuW9v0vy//C8wHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +OQmN9qUwCgYIKoZIzj0EAwIDSAAwRQIhAM1HQpvkHKxLJByWaSYAPRZgh3Bis18W +AViq7c/mtzEAAiBZO0lVe6Qo9iQPIBWZaVx/S/YSNO9uKNa/pvFu3V+nIg== +-----END CERTIFICATE----- diff --git a/credentials/development/cd-certs/CSA_Matter_Certificate_and_Testing_Root.cert.der b/credentials/development/cd-certs/CSA_Matter_Certificate_and_Testing_Root.cert.der new file mode 100644 index 0000000000000000000000000000000000000000..3a75a3657b03a6f775e193cc71a06fb55d9bfc73 GIT binary patch literal 517 zcmXqLVq!FCVqCs}nTe5!i9NYEu_!;k#DI&9L#xf>oGlA8lR=On50K9s%EHCN>>TW9 zsAHf7;xY3m`zDr@q!uYSrxulDre!84mSpDVDJ15lD1@XImt^LpD>yqEiWms7acQ$L zvM@F+s$pW}VR1HfG%!#Q=QT1iFgGwav^26XFo}}jH!=hYm>C*F1!!Vxq=7ISJJ?@L zj8G3UGqN)~F|b&8Ssh*#yYF-n|1(8do3$QE`QHT>ESWTa?Tv&VkIMfaxF>J7&A7^> zr8>%rHE%^B-{kUlZ{MkkGylD5%BXs}&tq|#K?=~L%%QTvjEw(TI1Jc;6cZz(0Ut<= zA0!40N=7yVSrDI(MT|vc`jgBHM_EJ;<sWDKUN@!OlC$^QQUiIAv@(l?fmj1}1xOLY z?7?8*%A`=a>M6VXA@%-{1@kr@SbTTNM~x-Q-QP@|_9-_Dg?Ic)VNzsxzsI1fd#8SX dO9fkF&;!v(2~CSL^DUyg<9*HFeZCo(3jkSUn}PrU literal 0 HcmV?d00001 diff --git a/credentials/development/cd-certs/CSA_Matter_Certificate_and_Testing_Root.cert.pem b/credentials/development/cd-certs/CSA_Matter_Certificate_and_Testing_Root.cert.pem new file mode 100644 index 00000000000000..5a003156fd6c65 --- /dev/null +++ b/credentials/development/cd-certs/CSA_Matter_Certificate_and_Testing_Root.cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICATCCAaegAwIBAgIHY3Nhcm9vdDAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjA3MDcxOTI4MDRaGA8yMTIyMDYx +MzE5MjgwNFowUjEMMAoGA1UECgwDQ1NBMSwwKgYDVQQDDCNNYXR0ZXIgQ2VydGlm +aWNhdGlvbiBhbmQgVGVzdGluZyBDQTEUMBIGCisGAQQBgqJ8AgEMBEM1QTAwWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4SjrDql2+y3IP5iEdPK1IYm/3EaCkkp+t +2GD44nf/wN4fPrYzejSEe1o6BW6ocQ6Td+7t7iUXA/3ZNQEly45Io2YwZDASBgNV +HRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUl+Rp0MUE +FMJvxwH3fpR3OQmN9qUwHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3OQmN9qUw +CgYIKoZIzj0EAwIDSAAwRQIgearlB0fCJ49UoJ6xwKPdlPEopCOL9jVCviODEleI ++mQCIQDvvDCKi7kvj4R4BoFS4BVZGCk4zJ84W4tfTTfu89lRbQ== +-----END CERTIFICATE----- diff --git a/credentials/development/cd-certs/Chip-Test-CD-Cert.pem b/credentials/development/cd-certs/Chip-Test-CD-Cert.pem new file mode 100644 index 00000000000000..0392cd2b6a5dd6 --- /dev/null +++ b/credentials/development/cd-certs/Chip-Test-CD-Cert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBszCCAVqgAwIBAgIIRdrzneR6oI8wCgYIKoZIzj0EAwIwKzEpMCcGA1UEAwwg +TWF0dGVyIFRlc3QgQ0QgU2lnbmluZyBBdXRob3JpdHkwIBcNMjEwNjI4MTQyMzQz +WhgPOTk5OTEyMzEyMzU5NTlaMCsxKTAnBgNVBAMMIE1hdHRlciBUZXN0IENEIFNp +Z25pbmcgQXV0aG9yaXR5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPDmJIkUr +VcrzicJb0bykZWlSzLkOiGkkmthHRlMBTL+V1oeWXgNrUhxRA35rjO3vyh60QEZp +T6CIgu7WUZ3suqNmMGQwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFGL6gjNZrPqplj4c+hQK3fUE83FgMB8GA1UdIwQYMBaAFGL6 +gjNZrPqplj4c+hQK3fUE83FgMAoGCCqGSM49BAMCA0cAMEQCICxUXOTkV9im8NnZ +u+vW7OHd/n+MbZps83UyH8b6xxOEAiBUB3jodDlyUn7t669YaGIgtUB48s1OYqdq +58u5L/VMiw== +-----END CERTIFICATE----- diff --git a/src/app/tests/suites/credentials/TestHarnessDACProvider.cpp b/src/app/tests/suites/credentials/TestHarnessDACProvider.cpp index 4eece60ea37074..c9732447c8ec3d 100644 --- a/src/app/tests/suites/credentials/TestHarnessDACProvider.cpp +++ b/src/app/tests/suites/credentials/TestHarnessDACProvider.cpp @@ -38,7 +38,7 @@ // 0x8048, 0x8049, 0x804A, 0x804B, 0x804C, 0x804D, 0x804E, 0x804F, 0x8050, 0x8051, 0x8052, 0x8053, 0x8054, 0x8055, 0x8056, // 0x8057, 0x8058, 0x8059, 0x805A, 0x805B, 0x805C, 0x805D, 0x805E, 0x805F, 0x8060, 0x8061, 0x8062, 0x8063 ] //-> device_type_id = 0x0016 -//-> certificate_id = "CSA00000MAT00000-00" +//-> certificate_id = "CSA00000SWC00000-00" //-> security_level = 0 //-> security_information = 0 //-> version_number = 1 @@ -46,8 +46,8 @@ //-> dac_origin_vendor_id is not present //-> dac_origin_product_id is not present constexpr const uint8_t kCdForAllExamples[540] = { - 0x30, 0x82, 0x02, 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0x09, 0x30, 0x82, - 0x02, 0x05, 0x02, 0x01, 0x03, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, + 0x30, 0x82, 0x02, 0x17, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0x08, 0x30, 0x82, + 0x02, 0x04, 0x02, 0x01, 0x03, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x82, 0x01, 0x70, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x01, 0x61, 0x04, 0x82, 0x01, 0x5d, 0x15, 0x24, 0x00, 0x01, 0x25, 0x01, 0xf1, 0xff, 0x36, 0x02, 0x05, 0x00, 0x80, 0x05, 0x01, 0x80, 0x05, 0x02, 0x80, 0x05, 0x03, 0x80, 0x05, 0x04, 0x80, 0x05, 0x05, 0x80, 0x05, 0x06, 0x80, 0x05, 0x07, 0x80, 0x05, 0x08, 0x80, 0x05, 0x09, 0x80, 0x05, @@ -64,14 +64,14 @@ constexpr const uint8_t kCdForAllExamples[540] = { 0x50, 0x80, 0x05, 0x51, 0x80, 0x05, 0x52, 0x80, 0x05, 0x53, 0x80, 0x05, 0x54, 0x80, 0x05, 0x55, 0x80, 0x05, 0x56, 0x80, 0x05, 0x57, 0x80, 0x05, 0x58, 0x80, 0x05, 0x59, 0x80, 0x05, 0x5a, 0x80, 0x05, 0x5b, 0x80, 0x05, 0x5c, 0x80, 0x05, 0x5d, 0x80, 0x05, 0x5e, 0x80, 0x05, 0x5f, 0x80, 0x05, 0x60, 0x80, 0x05, 0x61, 0x80, 0x05, 0x62, 0x80, 0x05, 0x63, 0x80, 0x18, 0x24, 0x03, 0x16, - 0x2c, 0x04, 0x13, 0x43, 0x53, 0x41, 0x30, 0x30, 0x30, 0x30, 0x30, 0x4d, 0x41, 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x2d, 0x30, - 0x30, 0x24, 0x05, 0x00, 0x24, 0x06, 0x00, 0x24, 0x07, 0x01, 0x24, 0x08, 0x00, 0x18, 0x31, 0x7d, 0x30, 0x7b, 0x02, 0x01, 0x03, - 0x80, 0x14, 0x83, 0xfa, 0xd7, 0x81, 0xe8, 0x2d, 0x01, 0x8b, 0x4f, 0x14, 0xf0, 0xa1, 0xc7, 0xf6, 0x84, 0x01, 0x8c, 0xc5, 0xd1, - 0x9f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, - 0xce, 0x3d, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x57, 0xc4, 0xb8, 0x18, 0x3a, 0x93, 0xa6, 0xb8, 0xc3, 0x60, - 0x3e, 0x77, 0xde, 0x8e, 0xb1, 0x94, 0x8c, 0x9c, 0xc0, 0x50, 0x60, 0xa6, 0x1a, 0xa9, 0xd7, 0x43, 0xeb, 0xea, 0xf9, 0x5f, 0x73, - 0xc9, 0x02, 0x21, 0x00, 0xa3, 0xd5, 0xa1, 0x1f, 0xb0, 0x71, 0xf2, 0x13, 0xa5, 0xe1, 0x24, 0xed, 0xe7, 0xe1, 0xee, 0x16, 0x7e, - 0x19, 0xc2, 0x8c, 0x3d, 0xed, 0x98, 0x4c, 0xf1, 0x03, 0x96, 0x48, 0xe8, 0x8c, 0xd8, 0x06 + 0x2c, 0x04, 0x13, 0x43, 0x53, 0x41, 0x30, 0x30, 0x30, 0x30, 0x30, 0x53, 0x57, 0x43, 0x30, 0x30, 0x30, 0x30, 0x30, 0x2d, 0x30, + 0x30, 0x24, 0x05, 0x00, 0x24, 0x06, 0x00, 0x24, 0x07, 0x01, 0x24, 0x08, 0x00, 0x18, 0x31, 0x7c, 0x30, 0x7a, 0x02, 0x01, 0x03, + 0x80, 0x14, 0xfe, 0x34, 0x3f, 0x95, 0x99, 0x47, 0x76, 0x3b, 0x61, 0xee, 0x45, 0x39, 0x13, 0x13, 0x38, 0x49, 0x4f, 0xe6, 0x7d, + 0x8e, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x04, 0x03, 0x02, 0x04, 0x46, 0x30, 0x44, 0x02, 0x20, 0x4a, 0x12, 0xf8, 0xd4, 0x2f, 0x90, 0x23, 0x5c, 0x05, 0xa7, + 0x71, 0x21, 0xcb, 0xeb, 0xae, 0x15, 0xd5, 0x90, 0x14, 0x65, 0x58, 0xe9, 0xc9, 0xb4, 0x7a, 0x1a, 0x38, 0xf7, 0xa3, 0x6a, 0x7d, + 0xc5, 0x02, 0x20, 0x20, 0xa4, 0x74, 0x28, 0x97, 0xc3, 0x0a, 0xed, 0xa0, 0xa5, 0x6b, 0x36, 0xe1, 0x4e, 0xbb, 0xc8, 0x5b, 0xbd, + 0xb7, 0x44, 0x93, 0xf9, 0x93, 0x58, 0x1e, 0xb0, 0x44, 0x4e, 0xd6, 0xca, 0x94, 0x0b }; namespace chip { diff --git a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp index 369ba8b22256c7..07bac69978aa5c 100644 --- a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp +++ b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp @@ -128,32 +128,147 @@ constexpr uint8_t gCdRootCert[517] = { // Official CD "Signing Key 001" // // -----BEGIN CERTIFICATE----- -// MIICCDCCAa2gAwIBAgIHY3NhY2RzMTAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +// MIICBzCCAa2gAwIBAgIHY3NhY2RrMTAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND // U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB -// MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjA4MTExOTMxMTVaGA8yMDcyMDcy -// OTE5MzExNVowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +// MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTI4NTVaGA8yMDcyMDky +// MDE5Mjg1NVowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u // IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwMTEUMBIGCisGAQQBgqJ8AgEMBEM1 -// QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARbW8Ou1rqjg/3Pm51ac/rqfmXr -// WSfBxcArHPpLi9trm36yUlE/I/IqWDOdyK24gEYKySHTdte5cMUMO+bm0jbwo2Yw +// QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATN7uk+RPi3K+PRqcB+IZaLmv/z +// tAPwXhZp17Hlyu5vx3FLQufiNpXpLNdjVHOigK5ojze7lInhFim5uU/3sJkpo2Yw // ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU -// g/rXgegtAYtPFPChx/aEAYzF0Z8wHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 -// OQmN9qUwCgYIKoZIzj0EAwIDSQAwRgIhAIbSu8KoWTj5792UxtJ/uSgQXVTLRRsm -// 09ys2m37JxDvAiEA8WMKDbRbwOtkabIyqwDgmiR3KwkyYwaqN4GPsRKfxwQ= +// /jQ/lZlHdjth7kU5ExM4SU/mfY4wHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +// OQmN9qUwCgYIKoZIzj0EAwIDSAAwRQIgEDWOcdKsVGtUh3evHbBd1lq4aS7yQtOp +// 6GrOQ3/zXBsCIQDxorh2RXSaI8m2RCcoWaiWa0nLzQepNm3C2jrQVJmC2Q== // -----END CERTIFICATE----- // constexpr uint8_t gCdSigningKey001PubkeyBytes[65] = { - 0x04, 0x5b, 0x5b, 0xc3, 0xae, 0xd6, 0xba, 0xa3, 0x83, 0xfd, 0xcf, 0x9b, 0x9d, 0x5a, 0x73, 0xfa, 0xea, - 0x7e, 0x65, 0xeb, 0x59, 0x27, 0xc1, 0xc5, 0xc0, 0x2b, 0x1c, 0xfa, 0x4b, 0x8b, 0xdb, 0x6b, 0x9b, 0x7e, - 0xb2, 0x52, 0x51, 0x3f, 0x23, 0xf2, 0x2a, 0x58, 0x33, 0x9d, 0xc8, 0xad, 0xb8, 0x80, 0x46, 0x0a, 0xc9, - 0x21, 0xd3, 0x76, 0xd7, 0xb9, 0x70, 0xc5, 0x0c, 0x3b, 0xe6, 0xe6, 0xd2, 0x36, 0xf0 + 0x04, 0xcd, 0xee, 0xe9, 0x3e, 0x44, 0xf8, 0xb7, 0x2b, 0xe3, 0xd1, 0xa9, 0xc0, 0x7e, 0x21, 0x96, 0x8b, + 0x9a, 0xff, 0xf3, 0xb4, 0x03, 0xf0, 0x5e, 0x16, 0x69, 0xd7, 0xb1, 0xe5, 0xca, 0xee, 0x6f, 0xc7, 0x71, + 0x4b, 0x42, 0xe7, 0xe2, 0x36, 0x95, 0xe9, 0x2c, 0xd7, 0x63, 0x54, 0x73, 0xa2, 0x80, 0xae, 0x68, 0x8f, + 0x37, 0xbb, 0x94, 0x89, 0xe1, 0x16, 0x29, 0xb9, 0xb9, 0x4f, 0xf7, 0xb0, 0x99, 0x29 }; -constexpr uint8_t gCdSigningKey001Kid[20] = { 0x83, 0xfa, 0xd7, 0x81, 0xe8, 0x2d, 0x01, 0x8b, 0x4f, 0x14, - 0xf0, 0xa1, 0xc7, 0xf6, 0x84, 0x01, 0x8c, 0xc5, 0xd1, 0x9f }; +constexpr uint8_t gCdSigningKey001Kid[20] = { 0xFE, 0x34, 0x3F, 0x95, 0x99, 0x47, 0x76, 0x3B, 0x61, 0xEE, + 0x45, 0x39, 0x13, 0x13, 0x38, 0x49, 0x4F, 0xE6, 0x7D, 0x8E }; -std::array<ByteSpan, 2> gCdKids = { ByteSpan{ gTestCdPubkeyKid }, ByteSpan{ gCdSigningKey001Kid } }; -std::array<Crypto::P256PublicKey, 2> gCdPubkeys = { Crypto::P256PublicKey{ gTestCdPubkeyBytes }, - Crypto::P256PublicKey{ gCdSigningKey001PubkeyBytes } }; +// Official CD "Signing Key 002" +// +// -----BEGIN CERTIFICATE----- +// MIICCDCCAa2gAwIBAgIHY3NhY2RrMjAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +// U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +// MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTM2NDZaGA8yMDcyMDky +// MDE5MzY0NlowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +// IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwMjEUMBIGCisGAQQBgqJ8AgEMBEM1 +// QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQDGTfo+UJRBF3ydFe7RiU+43VO +// jBKuKFV9gCe51MNW2RtAjP8yJ1AXsl+Mi6IFFtXIOvK3JBKAE9/Mj5XSAKkLo2Yw +// ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +// 3QTbWFshTBxYFYfmVo30h7bdxwEwHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +// OQmN9qUwCgYIKoZIzj0EAwIDSQAwRgIhAJruzxZ806cP/LoQ07PN9xAbjLdwUalV +// h0Qfx304Tb92AiEAk+jnf2qtyfKyTEHpT3Xf3bfekqUOA+8ikB1yjL5oTsI= +// -----END CERTIFICATE----- +// +constexpr uint8_t gCdSigningKey002PubkeyBytes[65] = { + 0x04, 0x03, 0x19, 0x37, 0xe8, 0xf9, 0x42, 0x51, 0x04, 0x5d, 0xf2, 0x74, 0x57, 0xbb, 0x46, 0x25, 0x3e, + 0xe3, 0x75, 0x4e, 0x8c, 0x12, 0xae, 0x28, 0x55, 0x7d, 0x80, 0x27, 0xb9, 0xd4, 0xc3, 0x56, 0xd9, 0x1b, + 0x40, 0x8c, 0xff, 0x32, 0x27, 0x50, 0x17, 0xb2, 0x5f, 0x8c, 0x8b, 0xa2, 0x05, 0x16, 0xd5, 0xc8, 0x3a, + 0xf2, 0xb7, 0x24, 0x12, 0x80, 0x13, 0xdf, 0xcc, 0x8f, 0x95, 0xd2, 0x00, 0xa9, 0x0b +}; + +constexpr uint8_t gCdSigningKey002Kid[20] = { 0xDD, 0x04, 0xDB, 0x58, 0x5B, 0x21, 0x4C, 0x1C, 0x58, 0x15, + 0x87, 0xE6, 0x56, 0x8D, 0xF4, 0x87, 0xB6, 0xDD, 0xC7, 0x01 }; + +// Official CD "Signing Key 003" +// +// -----BEGIN CERTIFICATE----- +// MIICBjCCAa2gAwIBAgIHY3NhY2RrMzAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +// U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +// MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTQxMDFaGA8yMDcyMDky +// MDE5NDEwMVowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +// IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwMzEUMBIGCisGAQQBgqJ8AgEMBEM1 +// QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASfV1zV/bdSHxCk3zHwc5ErYUco +// 8tN/W2uWvCy/fAsRlpBXfVVdIaCWYKiwgqM56lMPeoEthpO1b9dkGF+rzTL1o2Yw +// ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +// RxA158BOqqi+fE1ME+PkwgmVqEswHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +// OQmN9qUwCgYIKoZIzj0EAwIDRwAwRAIgIFecbY+1mVVNqxH9+8IMB8+safdyIJU2 +// AqqtZ/w7AkQCIHiVlYTaCnJsnW5/cvj9GfIv7Eb0cjdmcAkrYGbnPQzX +// -----END CERTIFICATE----- +// +constexpr uint8_t gCdSigningKey003PubkeyBytes[65] = { + 0x04, 0x9f, 0x57, 0x5c, 0xd5, 0xfd, 0xb7, 0x52, 0x1f, 0x10, 0xa4, 0xdf, 0x31, 0xf0, 0x73, 0x91, 0x2b, + 0x61, 0x47, 0x28, 0xf2, 0xd3, 0x7f, 0x5b, 0x6b, 0x96, 0xbc, 0x2c, 0xbf, 0x7c, 0x0b, 0x11, 0x96, 0x90, + 0x57, 0x7d, 0x55, 0x5d, 0x21, 0xa0, 0x96, 0x60, 0xa8, 0xb0, 0x82, 0xa3, 0x39, 0xea, 0x53, 0x0f, 0x7a, + 0x81, 0x2d, 0x86, 0x93, 0xb5, 0x6f, 0xd7, 0x64, 0x18, 0x5f, 0xab, 0xcd, 0x32, 0xf5 +}; + +constexpr uint8_t gCdSigningKey003Kid[20] = { 0x47, 0x10, 0x35, 0xE7, 0xC0, 0x4E, 0xAA, 0xA8, 0xBE, 0x7C, + 0x4D, 0x4C, 0x13, 0xE3, 0xE4, 0xC2, 0x09, 0x95, 0xA8, 0x4B }; + +// Official CD "Signing Key 004" +// +// -----BEGIN CERTIFICATE----- +// MIICBjCCAa2gAwIBAgIHY3NhY2RrNDAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +// U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +// MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTQzMjFaGA8yMDcyMDky +// MDE5NDMyMVowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +// IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwNDEUMBIGCisGAQQBgqJ8AgEMBEM1 +// QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR8/I2IEKic9PoZF3jyr+x4+FF6 +// l6Plf8ITutiI42EedP+2hL3rqKaLJSNKXDWPNzurm20wThMG3XYgpSjRFhwLo2Yw +// ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +// 9oYDo2kumBByQZ6h4as4VL13ldMwHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +// OQmN9qUwCgYIKoZIzj0EAwIDRwAwRAIgLqAfkbtLYYdmQsnbn0CWv3G1/lbE36nz +// HbLbW5t6PY4CIE8oyIHsVhNSTPcb3mwRp+Vxhs8tKhbAdwv5BGgDaAHj +// -----END CERTIFICATE----- +// +constexpr uint8_t gCdSigningKey004PubkeyBytes[65] = { + 0x04, 0x7c, 0xfc, 0x8d, 0x88, 0x10, 0xa8, 0x9c, 0xf4, 0xfa, 0x19, 0x17, 0x78, 0xf2, 0xaf, 0xec, 0x78, + 0xf8, 0x51, 0x7a, 0x97, 0xa3, 0xe5, 0x7f, 0xc2, 0x13, 0xba, 0xd8, 0x88, 0xe3, 0x61, 0x1e, 0x74, 0xff, + 0xb6, 0x84, 0xbd, 0xeb, 0xa8, 0xa6, 0x8b, 0x25, 0x23, 0x4a, 0x5c, 0x35, 0x8f, 0x37, 0x3b, 0xab, 0x9b, + 0x6d, 0x30, 0x4e, 0x13, 0x06, 0xdd, 0x76, 0x20, 0xa5, 0x28, 0xd1, 0x16, 0x1c, 0x0b +}; + +constexpr uint8_t gCdSigningKey004Kid[20] = { 0xF6, 0x86, 0x03, 0xA3, 0x69, 0x2E, 0x98, 0x10, 0x72, 0x41, + 0x9E, 0xA1, 0xE1, 0xAB, 0x38, 0x54, 0xBD, 0x77, 0x95, 0xD3 }; + +// Official CD "Signing Key 005" +// +// -----BEGIN CERTIFICATE----- +// MIICBzCCAa2gAwIBAgIHY3NhY2RrNTAKBggqhkjOPQQDAjBSMQwwCgYDVQQKDAND +// U0ExLDAqBgNVBAMMI01hdHRlciBDZXJ0aWZpY2F0aW9uIGFuZCBUZXN0aW5nIENB +// MRQwEgYKKwYBBAGConwCAQwEQzVBMDAgFw0yMjEwMDMxOTQ3MTVaGA8yMDcyMDky +// MDE5NDcxNVowWDEMMAoGA1UECgwDQ1NBMTIwMAYDVQQDDClDZXJ0aWZpY2F0aW9u +// IERlY2xhcmF0aW9uIFNpZ25pbmcgS2V5IDAwNTEUMBIGCisGAQQBgqJ8AgEMBEM1 +// QTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARDilLGYqKm1yZH+V63UxNu5K4P +// 2zqpwWkxQms9CGf5EDrn16G4h+n4E6byb3a7zak1k3h8EneMqPKXXcRaIEL5o2Yw +// ZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +// Y38mNK1i6v5q9mLvuW9v0vy//C8wHwYDVR0jBBgwFoAUl+Rp0MUEFMJvxwH3fpR3 +// OQmN9qUwCgYIKoZIzj0EAwIDSAAwRQIhAM1HQpvkHKxLJByWaSYAPRZgh3Bis18W +// AViq7c/mtzEAAiBZO0lVe6Qo9iQPIBWZaVx/S/YSNO9uKNa/pvFu3V+nIg== +// -----END CERTIFICATE----- +// +constexpr uint8_t gCdSigningKey005PubkeyBytes[65] = { + 0x04, 0x43, 0x8a, 0x52, 0xc6, 0x62, 0xa2, 0xa6, 0xd7, 0x26, 0x47, 0xf9, 0x5e, 0xb7, 0x53, 0x13, 0x6e, + 0xe4, 0xae, 0x0f, 0xdb, 0x3a, 0xa9, 0xc1, 0x69, 0x31, 0x42, 0x6b, 0x3d, 0x08, 0x67, 0xf9, 0x10, 0x3a, + 0xe7, 0xd7, 0xa1, 0xb8, 0x87, 0xe9, 0xf8, 0x13, 0xa6, 0xf2, 0x6f, 0x76, 0xbb, 0xcd, 0xa9, 0x35, 0x93, + 0x78, 0x7c, 0x12, 0x77, 0x8c, 0xa8, 0xf2, 0x97, 0x5d, 0xc4, 0x5a, 0x20, 0x42, 0xf9 +}; + +constexpr uint8_t gCdSigningKey005Kid[20] = { 0x63, 0x7F, 0x26, 0x34, 0xAD, 0x62, 0xEA, 0xFE, 0x6A, 0xF6, + 0x62, 0xEF, 0xB9, 0x6F, 0x6F, 0xD2, 0xFC, 0xBF, 0xFC, 0x2F }; + +struct MatterCDSigningKey +{ + const CertificateKeyId mKid; + const P256PublicKeySpan mPubkey; +}; + +std::array<MatterCDSigningKey, 6> gCdSigningKeys = { { + { FixedByteSpan<20>{ gTestCdPubkeyKid }, FixedByteSpan<65>{ gTestCdPubkeyBytes } }, + { FixedByteSpan<20>{ gCdSigningKey001Kid }, FixedByteSpan<65>{ gCdSigningKey001PubkeyBytes } }, + { FixedByteSpan<20>{ gCdSigningKey002Kid }, FixedByteSpan<65>{ gCdSigningKey002PubkeyBytes } }, + { FixedByteSpan<20>{ gCdSigningKey003Kid }, FixedByteSpan<65>{ gCdSigningKey003PubkeyBytes } }, + { FixedByteSpan<20>{ gCdSigningKey004Kid }, FixedByteSpan<65>{ gCdSigningKey004PubkeyBytes } }, + { FixedByteSpan<20>{ gCdSigningKey005Kid }, FixedByteSpan<65>{ gCdSigningKey005PubkeyBytes } }, +} }; const ArrayAttestationTrustStore kTestAttestationTrustStore{ &kTestPaaRoots[0], ArraySize(kTestPaaRoots) }; @@ -522,11 +637,11 @@ CHIP_ERROR CsaCdKeysTrustStore::AddTrustedKey(const ByteSpan & derCertBytes) CHIP_ERROR CsaCdKeysTrustStore::LookupVerifyingKey(const ByteSpan & kid, Crypto::P256PublicKey & outPubKey) const { // First, search for the well known keys - for (size_t keyIdx = 0; keyIdx < gCdKids.size(); keyIdx++) + for (size_t keyIdx = 0; keyIdx < gCdSigningKeys.size(); keyIdx++) { - if (kid.data_equal(gCdKids[keyIdx])) + if (kid.data_equal(gCdSigningKeys[keyIdx].mKid)) { - outPubKey = gCdPubkeys[keyIdx]; + outPubKey = gCdSigningKeys[keyIdx].mPubkey; return CHIP_NO_ERROR; } } diff --git a/src/credentials/examples/DeviceAttestationCredsExample.cpp b/src/credentials/examples/DeviceAttestationCredsExample.cpp index fa1213ef294b2a..bd09e11df67623 100644 --- a/src/credentials/examples/DeviceAttestationCredsExample.cpp +++ b/src/credentials/examples/DeviceAttestationCredsExample.cpp @@ -72,16 +72,16 @@ CHIP_ERROR ExampleDACProvider::GetCertificationDeclaration(MutableByteSpan & out // 0x8048, 0x8049, 0x804A, 0x804B, 0x804C, 0x804D, 0x804E, 0x804F, 0x8050, 0x8051, 0x8052, 0x8053, 0x8054, 0x8055, 0x8056, // 0x8057, 0x8058, 0x8059, 0x805A, 0x805B, 0x805C, 0x805D, 0x805E, 0x805F, 0x8060, 0x8061, 0x8062, 0x8063 ] //-> device_type_id = 0x0016 - //-> certificate_id = "CSA00000MAT00000-00" + //-> certificate_id = "CSA00000SWC00000-00" //-> security_level = 0 //-> security_information = 0 //-> version_number = 1 //-> certification_type = 0 //-> dac_origin_vendor_id is not present //-> dac_origin_product_id is not present - const uint8_t kCdForAllExamples[540] = { - 0x30, 0x82, 0x02, 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0x09, 0x30, - 0x82, 0x02, 0x05, 0x02, 0x01, 0x03, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, + const uint8_t kCdForAllExamples[539] = { + 0x30, 0x82, 0x02, 0x17, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x02, 0x08, 0x30, + 0x82, 0x02, 0x04, 0x02, 0x01, 0x03, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x82, 0x01, 0x70, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x01, 0x61, 0x04, 0x82, 0x01, 0x5d, 0x15, 0x24, 0x00, 0x01, 0x25, 0x01, 0xf1, 0xff, 0x36, 0x02, 0x05, 0x00, 0x80, 0x05, 0x01, 0x80, 0x05, 0x02, 0x80, 0x05, 0x03, 0x80, 0x05, 0x04, 0x80, 0x05, 0x05, 0x80, 0x05, 0x06, 0x80, 0x05, 0x07, 0x80, 0x05, 0x08, @@ -99,14 +99,14 @@ CHIP_ERROR ExampleDACProvider::GetCertificationDeclaration(MutableByteSpan & out 0x05, 0x52, 0x80, 0x05, 0x53, 0x80, 0x05, 0x54, 0x80, 0x05, 0x55, 0x80, 0x05, 0x56, 0x80, 0x05, 0x57, 0x80, 0x05, 0x58, 0x80, 0x05, 0x59, 0x80, 0x05, 0x5a, 0x80, 0x05, 0x5b, 0x80, 0x05, 0x5c, 0x80, 0x05, 0x5d, 0x80, 0x05, 0x5e, 0x80, 0x05, 0x5f, 0x80, 0x05, 0x60, 0x80, 0x05, 0x61, 0x80, 0x05, 0x62, 0x80, 0x05, 0x63, 0x80, 0x18, 0x24, 0x03, 0x16, 0x2c, 0x04, - 0x13, 0x43, 0x53, 0x41, 0x30, 0x30, 0x30, 0x30, 0x30, 0x4d, 0x41, 0x54, 0x30, 0x30, 0x30, 0x30, 0x30, 0x2d, 0x30, 0x30, - 0x24, 0x05, 0x00, 0x24, 0x06, 0x00, 0x24, 0x07, 0x01, 0x24, 0x08, 0x00, 0x18, 0x31, 0x7d, 0x30, 0x7b, 0x02, 0x01, 0x03, - 0x80, 0x14, 0x83, 0xfa, 0xd7, 0x81, 0xe8, 0x2d, 0x01, 0x8b, 0x4f, 0x14, 0xf0, 0xa1, 0xc7, 0xf6, 0x84, 0x01, 0x8c, 0xc5, - 0xd1, 0x9f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, - 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x57, 0xc4, 0xb8, 0x18, 0x3a, 0x93, 0xa6, - 0xb8, 0xc3, 0x60, 0x3e, 0x77, 0xde, 0x8e, 0xb1, 0x94, 0x8c, 0x9c, 0xc0, 0x50, 0x60, 0xa6, 0x1a, 0xa9, 0xd7, 0x43, 0xeb, - 0xea, 0xf9, 0x5f, 0x73, 0xc9, 0x02, 0x21, 0x00, 0xa3, 0xd5, 0xa1, 0x1f, 0xb0, 0x71, 0xf2, 0x13, 0xa5, 0xe1, 0x24, 0xed, - 0xe7, 0xe1, 0xee, 0x16, 0x7e, 0x19, 0xc2, 0x8c, 0x3d, 0xed, 0x98, 0x4c, 0xf1, 0x03, 0x96, 0x48, 0xe8, 0x8c, 0xd8, 0x06 + 0x13, 0x43, 0x53, 0x41, 0x30, 0x30, 0x30, 0x30, 0x30, 0x53, 0x57, 0x43, 0x30, 0x30, 0x30, 0x30, 0x30, 0x2d, 0x30, 0x30, + 0x24, 0x05, 0x00, 0x24, 0x06, 0x00, 0x24, 0x07, 0x01, 0x24, 0x08, 0x00, 0x18, 0x31, 0x7c, 0x30, 0x7a, 0x02, 0x01, 0x03, + 0x80, 0x14, 0xfe, 0x34, 0x3f, 0x95, 0x99, 0x47, 0x76, 0x3b, 0x61, 0xee, 0x45, 0x39, 0x13, 0x13, 0x38, 0x49, 0x4f, 0xe6, + 0x7d, 0x8e, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x04, 0x46, 0x30, 0x44, 0x02, 0x20, 0x4a, 0x12, 0xf8, 0xd4, 0x2f, 0x90, 0x23, + 0x5c, 0x05, 0xa7, 0x71, 0x21, 0xcb, 0xeb, 0xae, 0x15, 0xd5, 0x90, 0x14, 0x65, 0x58, 0xe9, 0xc9, 0xb4, 0x7a, 0x1a, 0x38, + 0xf7, 0xa3, 0x6a, 0x7d, 0xc5, 0x02, 0x20, 0x20, 0xa4, 0x74, 0x28, 0x97, 0xc3, 0x0a, 0xed, 0xa0, 0xa5, 0x6b, 0x36, 0xe1, + 0x4e, 0xbb, 0xc8, 0x5b, 0xbd, 0xb7, 0x44, 0x93, 0xf9, 0x93, 0x58, 0x1e, 0xb0, 0x44, 0x4e, 0xd6, 0xca, 0x94, 0x0b }; return CopySpanToMutableSpan(ByteSpan{ kCdForAllExamples }, out_cd_buffer); }