diff --git a/src/controller/ExampleOperationalCredentialsIssuer.cpp b/src/controller/ExampleOperationalCredentialsIssuer.cpp index e2d0e731f0a6d6..12c85aabb48e1e 100644 --- a/src/controller/ExampleOperationalCredentialsIssuer.cpp +++ b/src/controller/ExampleOperationalCredentialsIssuer.cpp @@ -131,7 +131,7 @@ CHIP_ERROR ExampleOperationalCredentialsIssuer::GenerateNOCChainAfterValidation( // If root certificate not found in the storage, generate new root certificate. else { - ReturnErrorOnFailure(rcac_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, mIssuerId)); + ReturnErrorOnFailure(rcac_dn.AddAttribute_MatterRCACId(mIssuerId)); ChipLogProgress(Controller, "Generating RCAC"); X509CertRequestParams rcac_request = { 0, mNow, mNow + mValidity, rcac_dn, rcac_dn }; @@ -155,7 +155,7 @@ CHIP_ERROR ExampleOperationalCredentialsIssuer::GenerateNOCChainAfterValidation( // If intermediate certificate not found in the storage, generate new intermediate certificate. else { - ReturnErrorOnFailure(icac_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipICAId, mIntermediateIssuerId)); + ReturnErrorOnFailure(icac_dn.AddAttribute_MatterICACId(mIntermediateIssuerId)); ChipLogProgress(Controller, "Generating ICAC"); X509CertRequestParams icac_request = { 0, mNow, mNow + mValidity, icac_dn, rcac_dn }; @@ -167,8 +167,8 @@ CHIP_ERROR ExampleOperationalCredentialsIssuer::GenerateNOCChainAfterValidation( } ChipDN noc_dn; - ReturnErrorOnFailure(noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, fabricId)); - ReturnErrorOnFailure(noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, nodeId)); + ReturnErrorOnFailure(noc_dn.AddAttribute_MatterFabricId(fabricId)); + ReturnErrorOnFailure(noc_dn.AddAttribute_MatterNodeId(nodeId)); ReturnErrorOnFailure(noc_dn.AddCATs(cats)); ChipLogProgress(Controller, "Generating NOC"); diff --git a/src/controller/java/AndroidOperationalCredentialsIssuer.cpp b/src/controller/java/AndroidOperationalCredentialsIssuer.cpp index 08dbf659fa4e57..440046d8e6095f 100644 --- a/src/controller/java/AndroidOperationalCredentialsIssuer.cpp +++ b/src/controller/java/AndroidOperationalCredentialsIssuer.cpp @@ -97,7 +97,7 @@ CHIP_ERROR AndroidOperationalCredentialsIssuer::GenerateNOCChainAfterValidation( // If root certificate not found in the storage, generate new root certificate. else { - ReturnErrorOnFailure(rcac_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, mIssuerId)); + ReturnErrorOnFailure(rcac_dn.AddAttribute_MatterRCACId(mIssuerId)); ChipLogProgress(Controller, "Generating RCAC"); chip::Credentials::X509CertRequestParams rcac_request = { 0, mNow, mNow + mValidity, rcac_dn, rcac_dn }; @@ -111,8 +111,8 @@ CHIP_ERROR AndroidOperationalCredentialsIssuer::GenerateNOCChainAfterValidation( icac.reduce_size(0); ChipDN noc_dn; - ReturnErrorOnFailure(noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, fabricId)); - ReturnErrorOnFailure(noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, nodeId)); + ReturnErrorOnFailure(noc_dn.AddAttribute_MatterFabricId(fabricId)); + ReturnErrorOnFailure(noc_dn.AddAttribute_MatterNodeId(nodeId)); ReturnErrorOnFailure(noc_dn.AddCATs(cats)); ChipLogProgress(Controller, "Generating NOC"); diff --git a/src/credentials/CHIPCert.cpp b/src/credentials/CHIPCert.cpp index 0ab3b25cb2b8a1..31febe6b882148 100644 --- a/src/credentials/CHIPCert.cpp +++ b/src/credentials/CHIPCert.cpp @@ -582,7 +582,7 @@ CHIP_ERROR ChipDN::AddCATs(const chip::CATValues & cats) { if (cat != kUndefinedCAT) { - ReturnErrorOnFailure(AddAttribute(chip::ASN1::kOID_AttributeType_ChipCASEAuthenticatedTag, cat)); + ReturnErrorOnFailure(AddAttribute_MatterCASEAuthTag(cat)); } } @@ -615,31 +615,31 @@ CHIP_ERROR ChipDN::GetCertType(uint8_t & certType) const for (uint8_t i = 0; i < rdnCount; i++) { - if (rdn[i].mAttrOID == kOID_AttributeType_ChipRootId) + if (rdn[i].mAttrOID == kOID_AttributeType_MatterRCACId) { VerifyOrExit(lCertType == kCertType_NotSpecified, err = CHIP_ERROR_WRONG_CERT_DN); lCertType = kCertType_Root; } - else if (rdn[i].mAttrOID == kOID_AttributeType_ChipICAId) + else if (rdn[i].mAttrOID == kOID_AttributeType_MatterICACId) { VerifyOrExit(lCertType == kCertType_NotSpecified, err = CHIP_ERROR_WRONG_CERT_DN); lCertType = kCertType_ICA; } - else if (rdn[i].mAttrOID == kOID_AttributeType_ChipNodeId) + else if (rdn[i].mAttrOID == kOID_AttributeType_MatterNodeId) { VerifyOrExit(lCertType == kCertType_NotSpecified, err = CHIP_ERROR_WRONG_CERT_DN); VerifyOrReturnError(IsOperationalNodeId(rdn[i].mChipVal), CHIP_ERROR_WRONG_CERT_DN); lCertType = kCertType_Node; } - else if (rdn[i].mAttrOID == kOID_AttributeType_ChipFirmwareSigningId) + else if (rdn[i].mAttrOID == kOID_AttributeType_MatterFirmwareSigningId) { VerifyOrExit(lCertType == kCertType_NotSpecified, err = CHIP_ERROR_WRONG_CERT_DN); lCertType = kCertType_FirmwareSigning; } - else if (rdn[i].mAttrOID == kOID_AttributeType_ChipFabricId) + else if (rdn[i].mAttrOID == kOID_AttributeType_MatterFabricId) { // Only one fabricId attribute is allowed per DN. VerifyOrExit(!fabricIdPresent, err = CHIP_ERROR_WRONG_CERT_DN); @@ -669,10 +669,10 @@ CHIP_ERROR ChipDN::GetCertChipId(uint64_t & chipId) const { switch (rdn[i].mAttrOID) { - case kOID_AttributeType_ChipRootId: - case kOID_AttributeType_ChipICAId: - case kOID_AttributeType_ChipNodeId: - case kOID_AttributeType_ChipFirmwareSigningId: + case kOID_AttributeType_MatterRCACId: + case kOID_AttributeType_MatterICACId: + case kOID_AttributeType_MatterNodeId: + case kOID_AttributeType_MatterFirmwareSigningId: VerifyOrReturnError(chipId == 0, CHIP_ERROR_WRONG_CERT_DN); chipId = rdn[i].mChipVal; @@ -695,7 +695,7 @@ CHIP_ERROR ChipDN::GetCertFabricId(uint64_t & fabricId) const { switch (rdn[i].mAttrOID) { - case kOID_AttributeType_ChipFabricId: + case kOID_AttributeType_MatterFabricId: // Ensure only one FabricID RDN present, since start value is kUndefinedFabricId, which is reserved and never seen. VerifyOrReturnError(fabricId == kUndefinedFabricId, CHIP_ERROR_WRONG_CERT_DN); VerifyOrReturnError(IsValidFabricId(rdn[i].mChipVal), CHIP_ERROR_WRONG_CERT_DN); @@ -782,11 +782,11 @@ CHIP_ERROR ChipDN::DecodeFromTLV(TLVReader & reader) uint64_t chipAttr; VerifyOrReturnError(attrIsPrintableString == false, CHIP_ERROR_INVALID_TLV_TAG); ReturnErrorOnFailure(reader.Get(chipAttr)); - if (attrOID == chip::ASN1::kOID_AttributeType_ChipNodeId) + if (attrOID == chip::ASN1::kOID_AttributeType_MatterNodeId) { VerifyOrReturnError(IsOperationalNodeId(attrOID), CHIP_ERROR_INVALID_ARGUMENT); } - else if (attrOID == chip::ASN1::kOID_AttributeType_ChipFabricId) + else if (attrOID == chip::ASN1::kOID_AttributeType_MatterFabricId) { VerifyOrReturnError(IsValidFabricId(attrOID), CHIP_ERROR_INVALID_ARGUMENT); } @@ -798,7 +798,7 @@ CHIP_ERROR ChipDN::DecodeFromTLV(TLVReader & reader) uint32_t chipAttr; VerifyOrReturnError(attrIsPrintableString == false, CHIP_ERROR_INVALID_TLV_TAG); ReturnErrorOnFailure(reader.Get(chipAttr)); - if (attrOID == chip::ASN1::kOID_AttributeType_ChipCASEAuthenticatedTag) + if (attrOID == chip::ASN1::kOID_AttributeType_MatterCASEAuthTag) { VerifyOrReturnError(IsValidCASEAuthTag(chipAttr), CHIP_ERROR_INVALID_ARGUMENT); } @@ -937,11 +937,11 @@ CHIP_ERROR ChipDN::DecodeFromASN1(ASN1Reader & reader) chipAttr) == sizeof(uint64_t), ASN1_ERROR_INVALID_ENCODING); - if (attrOID == chip::ASN1::kOID_AttributeType_ChipNodeId) + if (attrOID == chip::ASN1::kOID_AttributeType_MatterNodeId) { VerifyOrReturnError(IsOperationalNodeId(chipAttr), CHIP_ERROR_WRONG_CERT_DN); } - else if (attrOID == chip::ASN1::kOID_AttributeType_ChipFabricId) + else if (attrOID == chip::ASN1::kOID_AttributeType_MatterFabricId) { VerifyOrReturnError(IsValidFabricId(chipAttr), CHIP_ERROR_WRONG_CERT_DN); } @@ -1135,12 +1135,12 @@ CHIP_ERROR ExtractNodeIdFabricIdFromOpCert(const ChipCertificateData & opcert, N for (uint8_t i = 0; i < subjectDN.RDNCount(); ++i) { const auto & rdn = subjectDN.rdn[i]; - if (rdn.mAttrOID == ASN1::kOID_AttributeType_ChipNodeId) + if (rdn.mAttrOID == ASN1::kOID_AttributeType_MatterNodeId) { nodeId = rdn.mChipVal; foundNodeId = true; } - else if (rdn.mAttrOID == ASN1::kOID_AttributeType_ChipFabricId) + else if (rdn.mAttrOID == ASN1::kOID_AttributeType_MatterFabricId) { fabricId = rdn.mChipVal; foundFabricId = true; @@ -1182,7 +1182,7 @@ CHIP_ERROR ExtractFabricIdFromCert(const ChipCertificateData & cert, FabricId * for (uint8_t i = 0; i < subjectDN.RDNCount(); ++i) { const auto & rdn = subjectDN.rdn[i]; - if (rdn.mAttrOID == ASN1::kOID_AttributeType_ChipFabricId) + if (rdn.mAttrOID == ASN1::kOID_AttributeType_MatterFabricId) { *fabricId = rdn.mChipVal; return CHIP_NO_ERROR; @@ -1216,7 +1216,7 @@ CHIP_ERROR ExtractCATsFromOpCert(const ChipCertificateData & opcert, CATValues & for (uint8_t i = 0; i < subjectDN.RDNCount(); ++i) { const auto & rdn = subjectDN.rdn[i]; - if (rdn.mAttrOID == ASN1::kOID_AttributeType_ChipCASEAuthenticatedTag) + if (rdn.mAttrOID == ASN1::kOID_AttributeType_MatterCASEAuthTag) { // This error should never happen in practice because valid NOC cannot have more // than kMaxSubjectCATAttributeCount CATs in its subject. The check that it is diff --git a/src/credentials/CHIPCert.h b/src/credentials/CHIPCert.h index 633668bd88fde5..52fd9a266e6265 100644 --- a/src/credentials/CHIPCert.h +++ b/src/credentials/CHIPCert.h @@ -251,6 +251,86 @@ class ChipDN **/ CHIP_ERROR AddAttribute(chip::ASN1::OID oid, CharSpan val, bool isPrintableString); + inline CHIP_ERROR AddAttribute_CommonName(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_CommonName, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_Surname(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_Surname, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_SerialNumber(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_SerialNumber, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_CountryName(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_CountryName, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_LocalityName(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_LocalityName, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_StateOrProvinceName(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_StateOrProvinceName, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_OrganizationName(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_OrganizationName, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_OrganizationalUnitName(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_OrganizationalUnitName, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_Title(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_Title, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_Name(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_Name, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_GivenName(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_GivenName, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_Initials(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_Initials, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_GenerationQualifier(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_GenerationQualifier, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_DNQualifier(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_DNQualifier, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_Pseudonym(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_Pseudonym, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_DomainComponent(CharSpan val, bool isPrintableString) + { + return AddAttribute(ASN1::kOID_AttributeType_DomainComponent, val, isPrintableString); + } + inline CHIP_ERROR AddAttribute_MatterNodeId(uint64_t val) { return AddAttribute(ASN1::kOID_AttributeType_MatterNodeId, val); } + inline CHIP_ERROR AddAttribute_MatterFirmwareSigningId(uint64_t val) + { + return AddAttribute(ASN1::kOID_AttributeType_MatterFirmwareSigningId, val); + } + inline CHIP_ERROR AddAttribute_MatterICACId(uint64_t val) { return AddAttribute(ASN1::kOID_AttributeType_MatterICACId, val); } + inline CHIP_ERROR AddAttribute_MatterRCACId(uint64_t val) { return AddAttribute(ASN1::kOID_AttributeType_MatterRCACId, val); } + inline CHIP_ERROR AddAttribute_MatterFabricId(uint64_t val) + { + return AddAttribute(ASN1::kOID_AttributeType_MatterFabricId, val); + } + inline CHIP_ERROR AddAttribute_MatterCASEAuthTag(CASEAuthTag val) + { + return AddAttribute(ASN1::kOID_AttributeType_MatterCASEAuthTag, val); + } + /** * @brief Determine type of a CHIP certificate. * This method performs an assessment of a certificate's type based on the structure @@ -729,9 +809,9 @@ CHIP_ERROR ChipEpochToASN1Time(uint32_t epochTime, chip::ASN1::ASN1UniversalTime **/ inline bool IsChip64bitDNAttr(chip::ASN1::OID oid) { - return (oid == chip::ASN1::kOID_AttributeType_ChipNodeId || oid == chip::ASN1::kOID_AttributeType_ChipFirmwareSigningId || - oid == chip::ASN1::kOID_AttributeType_ChipICAId || oid == chip::ASN1::kOID_AttributeType_ChipRootId || - oid == chip::ASN1::kOID_AttributeType_ChipFabricId); + return (oid == chip::ASN1::kOID_AttributeType_MatterNodeId || oid == chip::ASN1::kOID_AttributeType_MatterFirmwareSigningId || + oid == chip::ASN1::kOID_AttributeType_MatterICACId || oid == chip::ASN1::kOID_AttributeType_MatterRCACId || + oid == chip::ASN1::kOID_AttributeType_MatterFabricId); } /** @@ -739,7 +819,7 @@ inline bool IsChip64bitDNAttr(chip::ASN1::OID oid) **/ inline bool IsChip32bitDNAttr(chip::ASN1::OID oid) { - return (oid == chip::ASN1::kOID_AttributeType_ChipCASEAuthenticatedTag); + return (oid == chip::ASN1::kOID_AttributeType_MatterCASEAuthTag); } /** diff --git a/src/credentials/tests/TestChipCert.cpp b/src/credentials/tests/TestChipCert.cpp index 0d0953d24a7ab7..9f4ea1d33a1f27 100644 --- a/src/credentials/tests/TestChipCert.cpp +++ b/src/credentials/tests/TestChipCert.cpp @@ -192,19 +192,13 @@ static void TestChipCert_ChipDN(nlTestSuite * inSuite, void * inContext) const static CATValues noc_cats = { { 0xABCD0001, chip::kUndefinedCAT, chip::kUndefinedCAT } }; ChipDN chip_dn; - NL_TEST_ASSERT(inSuite, - chip_dn.AddAttribute(chip::ASN1::kOID_AttributeType_CommonName, CharSpan(noc_rdn, strlen(noc_rdn)), false) == - CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, chip_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xAAAABBBBCCCCDDDD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, chip_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB00000FAB00001) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - chip_dn.AddAttribute(chip::ASN1::kOID_AttributeType_GivenName, CharSpan(noc_rdn2, strlen(noc_rdn2)), true) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, chip_dn.AddAttribute_CommonName(CharSpan(noc_rdn, strlen(noc_rdn)), false) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, chip_dn.AddAttribute_MatterNodeId(0xAAAABBBBCCCCDDDD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, chip_dn.AddAttribute_MatterFabricId(0xFAB00000FAB00001) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, chip_dn.AddAttribute_GivenName(CharSpan(noc_rdn2, strlen(noc_rdn2)), true) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, chip_dn.AddCATs(noc_cats) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - chip_dn.AddAttribute(chip::ASN1::kOID_AttributeType_GivenName, CharSpan(noc_rdn2, strlen(noc_rdn2)), true) == - CHIP_ERROR_NO_MEMORY); + NL_TEST_ASSERT(inSuite, chip_dn.AddAttribute_GivenName(CharSpan(noc_rdn2, strlen(noc_rdn2)), true) == CHIP_ERROR_NO_MEMORY); uint8_t certType; NL_TEST_ASSERT(inSuite, chip_dn.GetCertType(certType) == CHIP_NO_ERROR); @@ -789,7 +783,7 @@ static void TestChipCert_GenerateRootCert(nlTestSuite * inSuite, void * inContex ChipCertificateData certData; ChipDN root_dn; - NL_TEST_ASSERT(inSuite, root_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0xabcdabcd) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_dn.AddAttribute_MatterRCACId(0xabcdabcd) == CHIP_NO_ERROR); X509CertRequestParams root_params = { 1234, 631161876, 729942000, root_dn, root_dn }; MutableByteSpan signed_cert_span(signed_cert); @@ -804,27 +798,22 @@ static void TestChipCert_GenerateRootCert(nlTestSuite * inSuite, void * inContex // Test error case: root cert subject provided ICA OID Attribute. root_params.SubjectDN.Clear(); - NL_TEST_ASSERT(inSuite, - root_params.SubjectDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipICAId, 0xabcdabcd) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_params.SubjectDN.AddAttribute_MatterICACId(0xabcdabcd) == CHIP_NO_ERROR); root_params.IssuerDN.Clear(); - NL_TEST_ASSERT(inSuite, - root_params.IssuerDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipICAId, 0xabcdabcd) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_params.IssuerDN.AddAttribute_MatterICACId(0xabcdabcd) == CHIP_NO_ERROR); MutableByteSpan signed_cert_span1(signed_cert); NL_TEST_ASSERT(inSuite, NewRootX509Cert(root_params, keypair, signed_cert_span1) == CHIP_ERROR_INVALID_ARGUMENT); // Test error case: root cert provided different subject and issuer DNs. root_params.SubjectDN.Clear(); - NL_TEST_ASSERT(inSuite, - root_params.SubjectDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0xabcdabcd) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_params.SubjectDN.AddAttribute_MatterRCACId(0xabcdabcd) == CHIP_NO_ERROR); root_params.IssuerDN.Clear(); - NL_TEST_ASSERT(inSuite, - root_params.IssuerDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0xffffeeee) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_params.IssuerDN.AddAttribute_MatterRCACId(0xffffeeee) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, NewRootX509Cert(root_params, keypair, signed_cert_span1) == CHIP_ERROR_INVALID_ARGUMENT); // Test that serial number cannot be negative root_params.IssuerDN.Clear(); - NL_TEST_ASSERT(inSuite, - root_params.IssuerDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0xabcdabcd) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_params.IssuerDN.AddAttribute_MatterRCACId(0xabcdabcd) == CHIP_NO_ERROR); root_params.SerialNumber = -1; NL_TEST_ASSERT(inSuite, NewRootX509Cert(root_params, keypair, signed_cert_span1) == CHIP_ERROR_INVALID_ARGUMENT); } @@ -843,8 +832,8 @@ static void TestChipCert_GenerateRootFabCert(nlTestSuite * inSuite, void * inCon MutableByteSpan outCert(outCertBuf); ChipDN root_dn; - NL_TEST_ASSERT(inSuite, root_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0xabcdabcd) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, root_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xabcd) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_dn.AddAttribute_MatterRCACId(0xabcdabcd) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_dn.AddAttribute_MatterFabricId(0xabcd) == CHIP_NO_ERROR); X509CertRequestParams root_params_fabric = { 1234, 631161876, 729942000, root_dn, root_dn }; @@ -870,9 +859,9 @@ static void TestChipCert_GenerateICACert(nlTestSuite * inSuite, void * inContext ChipCertificateData certData; ChipDN ica_dn; - NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipICAId, 0xABCDABCDABCDABCD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute_MatterICACId(0xABCDABCDABCDABCD) == CHIP_NO_ERROR); ChipDN issuer_dn; - NL_TEST_ASSERT(inSuite, issuer_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0x43215678FEDCABCD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, issuer_dn.AddAttribute_MatterRCACId(0x43215678FEDCABCD) == CHIP_NO_ERROR); X509CertRequestParams ica_params = { 1234, 631161876, 729942000, ica_dn, issuer_dn }; P256Keypair ica_keypair; @@ -887,19 +876,15 @@ static void TestChipCert_GenerateICACert(nlTestSuite * inSuite, void * inContext // Test error case: ICA cert subject provided a node ID attribute ica_params.SubjectDN.Clear(); - NL_TEST_ASSERT( - inSuite, ica_params.SubjectDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xABCDABCDABCDABCD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - ica_params.SubjectDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB00000FAB00001) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, ica_params.SubjectDN.AddAttribute_MatterNodeId(0xABCDABCDABCDABCD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, ica_params.SubjectDN.AddAttribute_MatterFabricId(0xFAB00000FAB00001) == CHIP_NO_ERROR); MutableByteSpan signed_cert_span1(signed_cert); NL_TEST_ASSERT(inSuite, NewICAX509Cert(ica_params, ica_keypair.Pubkey(), keypair, signed_cert_span1) == CHIP_ERROR_INVALID_ARGUMENT); // Test that serial number cannot be negative ica_params.SubjectDN.Clear(); - NL_TEST_ASSERT( - inSuite, ica_params.SubjectDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipICAId, 0xABCDABCDABCDABCD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, ica_params.SubjectDN.AddAttribute_MatterICACId(0xABCDABCDABCDABCD) == CHIP_NO_ERROR); ica_params.SerialNumber = -1; NL_TEST_ASSERT(inSuite, NewICAX509Cert(ica_params, ica_keypair.Pubkey(), keypair, signed_cert_span1) == CHIP_ERROR_INVALID_ARGUMENT); @@ -919,10 +904,10 @@ static void TestChipCert_GenerateNOCRoot(nlTestSuite * inSuite, void * inContext ChipCertificateData certData; ChipDN noc_dn; - NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xABCDABCDABCDABCD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB00000FAB00001) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_MatterNodeId(0xABCDABCDABCDABCD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_MatterFabricId(0xFAB00000FAB00001) == CHIP_NO_ERROR); ChipDN issuer_dn; - NL_TEST_ASSERT(inSuite, issuer_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0x8888999944442222) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, issuer_dn.AddAttribute_MatterRCACId(0x8888999944442222) == CHIP_NO_ERROR); X509CertRequestParams noc_params = { 123456, 631161876, 729942000, noc_dn, issuer_dn }; P256Keypair noc_keypair; @@ -938,9 +923,7 @@ static void TestChipCert_GenerateNOCRoot(nlTestSuite * inSuite, void * inContext // Test error case: NOC cert subject doesn't have NodeId attribute noc_params.SubjectDN.Clear(); - NL_TEST_ASSERT(inSuite, - noc_params.SubjectDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB00000FAB00001) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_params.SubjectDN.AddAttribute_MatterFabricId(0xFAB00000FAB00001) == CHIP_NO_ERROR); MutableByteSpan signed_cert_span1(signed_cert, sizeof(signed_cert)); NL_TEST_ASSERT(inSuite, @@ -949,8 +932,7 @@ static void TestChipCert_GenerateNOCRoot(nlTestSuite * inSuite, void * inContext // Test error case: NOC cert subject doesn't have fabric ID attribute noc_params.SubjectDN.Clear(); - NL_TEST_ASSERT( - inSuite, noc_params.SubjectDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xABCDABCDABCDABCD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_params.SubjectDN.AddAttribute_MatterNodeId(0xABCDABCDABCDABCD) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, NewNodeOperationalX509Cert(noc_params, noc_keypair.Pubkey(), keypair, signed_cert_span1) == @@ -958,17 +940,11 @@ static void TestChipCert_GenerateNOCRoot(nlTestSuite * inSuite, void * inContext // Test error case: issuer cert DN type is Node certificate noc_params.SubjectDN.Clear(); - NL_TEST_ASSERT( - inSuite, noc_params.SubjectDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xABCDABCDABCDABCD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - noc_params.SubjectDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB00000FAB00001) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_params.SubjectDN.AddAttribute_MatterNodeId(0xABCDABCDABCDABCD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_params.SubjectDN.AddAttribute_MatterFabricId(0xFAB00000FAB00001) == CHIP_NO_ERROR); noc_params.IssuerDN.Clear(); - NL_TEST_ASSERT( - inSuite, noc_params.IssuerDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0x8888999944442222) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - noc_params.IssuerDN.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB00000FAB00001) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_params.IssuerDN.AddAttribute_MatterNodeId(0x8888999944442222) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_params.IssuerDN.AddAttribute_MatterFabricId(0xFAB00000FAB00001) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, NewNodeOperationalX509Cert(noc_params, noc_keypair.Pubkey(), keypair, signed_cert_span1) == @@ -996,21 +972,16 @@ static void TestChipCert_GenerateNOCICA(nlTestSuite * inSuite, void * inContext) const static char noc_name_rdn[] = "Smith"; ChipDN noc_dn; + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_CommonName(CharSpan(noc_cn_rdn, strlen(noc_cn_rdn)), false) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_MatterNodeId(0xAAAABBBBCCCCDDDD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_MatterFabricId(0xFAB00000FAB00001) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_CommonName, CharSpan(noc_cn_rdn, strlen(noc_cn_rdn)), - false) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xAAAABBBBCCCCDDDD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB00000FAB00001) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_GivenName, - CharSpan(noc_givenname_rdn, strlen(noc_givenname_rdn)), true) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_Name, CharSpan(noc_name_rdn, strlen(noc_name_rdn)), true) == - CHIP_NO_ERROR); + noc_dn.AddAttribute_GivenName(CharSpan(noc_givenname_rdn, strlen(noc_givenname_rdn)), true) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_Name(CharSpan(noc_name_rdn, strlen(noc_name_rdn)), true) == CHIP_NO_ERROR); ChipDN ica_dn; - NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipICAId, 0x8888999944442222) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB00000FAB00001) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute_MatterICACId(0x8888999944442222) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute_MatterFabricId(0xFAB00000FAB00001) == CHIP_NO_ERROR); X509CertRequestParams noc_params = { 12348765, 631161876, 729942000, noc_dn, ica_dn }; P256Keypair noc_keypair; @@ -1037,8 +1008,8 @@ static void TestChipCert_VerifyGeneratedCerts(nlTestSuite * inSuite, void * inCo static uint8_t root_cert[kMaxDERCertLength]; ChipDN root_dn; - NL_TEST_ASSERT(inSuite, root_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0xAAAABBBBCCCCDDDD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, root_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB0000000008888) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_dn.AddAttribute_MatterRCACId(0xAAAABBBBCCCCDDDD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_dn.AddAttribute_MatterFabricId(0xFAB0000000008888) == CHIP_NO_ERROR); X509CertRequestParams root_params = { 1234, 631161876, 729942000, root_dn, root_dn }; MutableByteSpan root_cert_span(root_cert); @@ -1047,8 +1018,8 @@ static void TestChipCert_VerifyGeneratedCerts(nlTestSuite * inSuite, void * inCo static uint8_t ica_cert[kMaxDERCertLength]; ChipDN ica_dn; - NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipICAId, 0xAABBCCDDAABBCCDD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB0000000008888) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute_MatterICACId(0xAABBCCDDAABBCCDD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, ica_dn.AddAttribute_MatterFabricId(0xFAB0000000008888) == CHIP_NO_ERROR); X509CertRequestParams ica_params = { 12345, 631161876, 729942000, ica_dn, root_dn }; P256Keypair ica_keypair; @@ -1060,8 +1031,8 @@ static void TestChipCert_VerifyGeneratedCerts(nlTestSuite * inSuite, void * inCo static uint8_t noc_cert[kMaxDERCertLength]; ChipDN noc_dn; - NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xAABBCCDDAABBCCDD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB0000000008888) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_MatterNodeId(0xAABBCCDDAABBCCDD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_MatterFabricId(0xFAB0000000008888) == CHIP_NO_ERROR); X509CertRequestParams noc_params = { 123456, 631161876, 729942000, noc_dn, ica_dn }; P256Keypair noc_keypair; @@ -1117,11 +1088,9 @@ static void TestChipCert_VerifyGeneratedCertsNoICA(nlTestSuite * inSuite, void * const static char root_cn_rdn[] = "Test Root Operational Cert"; ChipDN root_dn; - NL_TEST_ASSERT(inSuite, - root_dn.AddAttribute(chip::ASN1::kOID_AttributeType_CommonName, CharSpan(root_cn_rdn, strlen(root_cn_rdn)), - false) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, root_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0xAAAABBBBCCCCDDDD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, root_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB0000000008888) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_dn.AddAttribute_CommonName(CharSpan(root_cn_rdn, strlen(root_cn_rdn)), false) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_dn.AddAttribute_MatterRCACId(0xAAAABBBBCCCCDDDD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, root_dn.AddAttribute_MatterFabricId(0xFAB0000000008888) == CHIP_NO_ERROR); X509CertRequestParams root_params = { 1234, 631161876, 729942000, root_dn, root_dn }; MutableByteSpan root_cert_span(root_cert); @@ -1132,13 +1101,10 @@ static void TestChipCert_VerifyGeneratedCertsNoICA(nlTestSuite * inSuite, void * const static char noc_cn_rdn[] = "Test NOC"; ChipDN noc_dn; - NL_TEST_ASSERT(inSuite, - noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_CommonName, CharSpan(noc_cn_rdn, strlen(noc_cn_rdn)), true) == - CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xAABBCCDDAABBCCDD) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB0000000008888) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipCASEAuthenticatedTag, 0xABCD0010) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_CommonName(CharSpan(noc_cn_rdn, strlen(noc_cn_rdn)), true) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_MatterNodeId(0xAABBCCDDAABBCCDD) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_MatterFabricId(0xFAB0000000008888) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, noc_dn.AddAttribute_MatterCASEAuthTag(0xABCD0010) == CHIP_NO_ERROR); X509CertRequestParams noc_params = { 1234, 631161876, 729942000, noc_dn, root_dn }; P256Keypair noc_keypair; @@ -1430,50 +1396,29 @@ static void TestChipCert_ExtractSubjectDNFromChipCert(nlTestSuite * inSuite, voi }; ChipDN expectedSubjectDN_Root01; - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_Root01.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0xCACACACA00000001) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, expectedSubjectDN_Root01.AddAttribute_MatterRCACId(0xCACACACA00000001) == CHIP_NO_ERROR); ChipDN expectedSubjectDN_Root02; - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_Root02.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, 0xCACACACA00000002) == - CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_Root02.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB000000000001D) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, expectedSubjectDN_Root02.AddAttribute_MatterRCACId(0xCACACACA00000002) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, expectedSubjectDN_Root02.AddAttribute_MatterFabricId(0xFAB000000000001D) == CHIP_NO_ERROR); ChipDN expectedSubjectDN_ICA02; - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_ICA02.AddAttribute(chip::ASN1::kOID_AttributeType_ChipICAId, 0xCACACACA00000004) == - CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_ICA02.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB000000000001D) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, expectedSubjectDN_ICA02.AddAttribute_MatterICACId(0xCACACACA00000004) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, expectedSubjectDN_ICA02.AddAttribute_MatterFabricId(0xFAB000000000001D) == CHIP_NO_ERROR); ChipDN expectedSubjectDN_Node01_01; - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_Node01_01.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xDEDEDEDE00010001) == - CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_Node01_01.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB000000000001D) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, expectedSubjectDN_Node01_01.AddAttribute_MatterNodeId(0xDEDEDEDE00010001) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, expectedSubjectDN_Node01_01.AddAttribute_MatterFabricId(0xFAB000000000001D) == CHIP_NO_ERROR); const static char commonName_RDN[] = "TestCert02_03"; ChipDN expectedSubjectDN_Node02_03; + NL_TEST_ASSERT(inSuite, expectedSubjectDN_Node02_03.AddAttribute_MatterNodeId(0xDEDEDEDE00020003) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, expectedSubjectDN_Node02_03.AddAttribute_MatterFabricId(0xFAB000000000001D) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - expectedSubjectDN_Node02_03.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, 0xDEDEDEDE00020003) == - CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_Node02_03.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, 0xFAB000000000001D) == - CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_Node02_03.AddAttribute(chip::ASN1::kOID_AttributeType_CommonName, - CharSpan(commonName_RDN, strlen(commonName_RDN)), - false) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, - expectedSubjectDN_Node02_03.AddAttribute(chip::ASN1::kOID_AttributeType_ChipCASEAuthenticatedTag, 0xABCD0001) == + expectedSubjectDN_Node02_03.AddAttribute_CommonName(CharSpan(commonName_RDN, strlen(commonName_RDN)), false) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, expectedSubjectDN_Node02_03.AddAttribute_MatterCASEAuthTag(0xABCD0001) == CHIP_NO_ERROR); // clang-format off TestCase sTestCases[] = { diff --git a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm index a6430f910a571c..b908f5b18ec2d4 100644 --- a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm +++ b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm @@ -346,8 +346,8 @@ static void ClearSecretData(NSMutableData * data) } } if (!haveRootCert) { - ReturnErrorOnFailure(rcac_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, mIssuerId)); - ReturnErrorOnFailure(rcac_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, fabricId)); + ReturnErrorOnFailure(rcac_dn.AddAttribute_MatterRCACId(mIssuerId)); + ReturnErrorOnFailure(rcac_dn.AddAttribute_MatterFabricId(fabricId)); NSLog(@"Generating RCAC"); X509CertRequestParams rcac_request = { 0, validityStart, validityEnd, rcac_dn, rcac_dn }; @@ -363,8 +363,8 @@ static void ClearSecretData(NSMutableData * data) icac.reduce_size(0); ChipDN noc_dn; - ReturnErrorOnFailure(noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, fabricId)); - ReturnErrorOnFailure(noc_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipNodeId, nodeId)); + ReturnErrorOnFailure(noc_dn.AddAttribute_MatterFabricId(fabricId)); + ReturnErrorOnFailure(noc_dn.AddAttribute_MatterNodeId(nodeId)); ReturnErrorOnFailure(noc_dn.AddCATs(cats)); X509CertRequestParams noc_request = { 1, validityStart, validityEnd, noc_dn, rcac_dn }; diff --git a/src/lib/asn1/gen_asn1oid.py b/src/lib/asn1/gen_asn1oid.py index 8076a9c649cde6..2566a67bc0a1a9 100755 --- a/src/lib/asn1/gen_asn1oid.py +++ b/src/lib/asn1/gen_asn1oid.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # -# Copyright (c) 2020 Project CHIP Authors +# Copyright (c) 2020-2022 Project CHIP Authors # Copyright (c) 2019 Google LLC. # Copyright (c) 2013-2017 Nest Labs, Inc. # All rights reserved. @@ -22,8 +22,8 @@ # # @file # This file implements a Python script to generate a C/C++ header -# for individual ASN1 Object IDs (OIDs) that are used in CHIP -# TLV encodings (notably the CHIP Certificate object). +# for individual ASN1 Object IDs (OIDs) that are used in Matter +# TLV encodings (notably the Matter Certificate object). # from __future__ import absolute_import @@ -40,7 +40,7 @@ def identity(n): ansi_X9_62 = identity certicom = identity characteristicTwo = identity -chip = identity +matter = identity curve = identity curves = identity digest_algorithm = identity @@ -83,7 +83,7 @@ def identity(n): # !!! WARNING !!! # - # The enumerated values associated with individual object IDs are used in CHIP TLV encodings (notably the CHIP Certificate object). + # The enumerated values associated with individual object IDs are used in Matter TLV encodings (notably the Matter Certificate object). # Because of this, the Enum Values assigned to object IDs in this table MUST NOT BE CHANGED once in use. @@ -134,18 +134,18 @@ def identity(n): [joint_iso_ccitt(2), ds(5), 4, 65]), ("AttributeType", "DomainComponent", 16, [itu_t(0), 9, 2342, 19200300, 100, 1, 25]), - ("AttributeType", "ChipNodeId", 17, [iso(1), organization( - 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), chip(1), 1]), - ("AttributeType", "ChipFirmwareSigningId", 18, [iso(1), organization( - 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), chip(1), 2]), - ("AttributeType", "ChipICAId", 19, [iso(1), organization( - 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), chip(1), 3]), - ("AttributeType", "ChipRootId", 20, [iso(1), organization( - 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), chip(1), 4]), - ("AttributeType", "ChipFabricId", 21, [iso(1), organization( - 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), chip(1), 5]), - ("AttributeType", "ChipCASEAuthenticatedTag", 22, [iso(1), organization( - 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), chip(1), 6]), + ("AttributeType", "MatterNodeId", 17, [iso(1), organization( + 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), matter(1), 1]), + ("AttributeType", "MatterFirmwareSigningId", 18, [iso(1), organization( + 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), matter(1), 2]), + ("AttributeType", "MatterICACId", 19, [iso(1), organization( + 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), matter(1), 3]), + ("AttributeType", "MatterRCACId", 20, [iso(1), organization( + 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), matter(1), 4]), + ("AttributeType", "MatterFabricId", 21, [iso(1), organization( + 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), matter(1), 5]), + ("AttributeType", "MatterCASEAuthTag", 22, [iso(1), organization( + 3), dod(6), internet(1), private(4), enterprise(1), zigbee(37244), matter(1), 6]), # Elliptic Curves ("EllipticCurve", "prime256v1", 1, [ @@ -199,7 +199,7 @@ def encodeOID(oid): TEMPLATE = '''/* * - * Copyright (c) 2020 Project CHIP Authors + * Copyright (c) 2020-2022 Project CHIP Authors * Copyright (c) 2019 Google LLC. * Copyright (c) 2013-2017 Nest Labs, Inc. * All rights reserved. diff --git a/src/lib/asn1/tests/TestASN1.cpp b/src/lib/asn1/tests/TestASN1.cpp index 4f2b540aa44d76..9aa7a480889789 100644 --- a/src/lib/asn1/tests/TestASN1.cpp +++ b/src/lib/asn1/tests/TestASN1.cpp @@ -313,7 +313,7 @@ static void TestASN1_ObjectID(nlTestSuite * inSuite, void * inContext) ASN1_START_SEQUENCE { - ASN1_ENCODE_OBJECT_ID(kOID_AttributeType_ChipNodeId); + ASN1_ENCODE_OBJECT_ID(kOID_AttributeType_MatterNodeId); ASN1_ENCODE_OBJECT_ID(kOID_SigAlgo_ECDSAWithSHA256); ASN1_ENCODE_OBJECT_ID(kOID_EllipticCurve_prime256v1); ASN1_ENCODE_OBJECT_ID(kOID_Extension_AuthorityKeyIdentifier); diff --git a/src/tools/chip-cert/CertUtils.cpp b/src/tools/chip-cert/CertUtils.cpp index 00a86e4d8c96f6..59bac7fa7ad911 100644 --- a/src/tools/chip-cert/CertUtils.cpp +++ b/src/tools/chip-cert/CertUtils.cpp @@ -48,22 +48,22 @@ bool ToolChipDN::SetCertSubjectDN(X509 * cert) const case kOID_AttributeType_CommonName: attrNID = NID_commonName; break; - case kOID_AttributeType_ChipNodeId: + case kOID_AttributeType_MatterNodeId: attrNID = gNIDChipNodeId; break; - case kOID_AttributeType_ChipFirmwareSigningId: + case kOID_AttributeType_MatterFirmwareSigningId: attrNID = gNIDChipFirmwareSigningId; break; - case kOID_AttributeType_ChipICAId: + case kOID_AttributeType_MatterICACId: attrNID = gNIDChipICAId; break; - case kOID_AttributeType_ChipRootId: + case kOID_AttributeType_MatterRCACId: attrNID = gNIDChipRootId; break; - case kOID_AttributeType_ChipFabricId: + case kOID_AttributeType_MatterFabricId: attrNID = gNIDChipFabricId; break; - case kOID_AttributeType_ChipCASEAuthenticatedTag: + case kOID_AttributeType_MatterCASEAuthTag: attrNID = gNIDChipCASEAuthenticatedTag; break; default: diff --git a/src/tools/chip-cert/Cmd_GenCert.cpp b/src/tools/chip-cert/Cmd_GenCert.cpp index d9f3a9a422ec79..348bfc22efec93 100644 --- a/src/tools/chip-cert/Cmd_GenCert.cpp +++ b/src/tools/chip-cert/Cmd_GenCert.cpp @@ -195,7 +195,6 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char CHIP_ERROR err = CHIP_NO_ERROR; uint64_t chip64bitAttr; uint32_t chip32bitAttr; - OID attrOID; switch (id) { @@ -243,23 +242,22 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char PrintArgError("%s: Invalid value specified for chip node-id attribute: %s\n", progName, arg); return false; } - attrOID = kOID_AttributeType_ChipNodeId; + err = gSubjectDN.AddAttribute_MatterNodeId(chip64bitAttr); break; case kCertType_FirmwareSigning: - attrOID = kOID_AttributeType_ChipFirmwareSigningId; + err = gSubjectDN.AddAttribute_MatterFirmwareSigningId(chip64bitAttr); break; case kCertType_ICA: - attrOID = kOID_AttributeType_ChipICAId; + err = gSubjectDN.AddAttribute_MatterICACId(chip64bitAttr); break; case kCertType_Root: - attrOID = kOID_AttributeType_ChipRootId; + err = gSubjectDN.AddAttribute_MatterRCACId(chip64bitAttr); break; default: PrintArgError("%s: Certificate type argument should be specified prior to subject attribute: %s\n", progName, arg); return false; } - err = gSubjectDN.AddAttribute(attrOID, chip64bitAttr); if (err != CHIP_NO_ERROR) { fprintf(stderr, "Failed to add subject DN attribute: %s\n", chip::ErrorStr(err)); @@ -274,9 +272,8 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char arg); return false; } - attrOID = kOID_AttributeType_ChipCASEAuthenticatedTag; - err = gSubjectDN.AddAttribute(attrOID, chip32bitAttr); + err = gSubjectDN.AddAttribute_MatterCASEAuthTag(chip32bitAttr); if (err != CHIP_NO_ERROR) { fprintf(stderr, "Failed to add subject DN attribute: %s\n", chip::ErrorStr(err)); @@ -298,7 +295,7 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char return false; } - err = gSubjectDN.AddAttribute(kOID_AttributeType_ChipFabricId, chip64bitAttr); + err = gSubjectDN.AddAttribute_MatterFabricId(chip64bitAttr); if (err != CHIP_NO_ERROR) { fprintf(stderr, "Failed to add Fabric Id attribute to the subject DN: %s\n", chip::ErrorStr(err)); @@ -307,7 +304,7 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char break; case 'c': - err = gSubjectDN.AddAttribute(kOID_AttributeType_CommonName, chip::CharSpan::fromCharString(arg), false); + err = gSubjectDN.AddAttribute_CommonName(chip::CharSpan::fromCharString(arg), false); if (err != CHIP_NO_ERROR) { fprintf(stderr, "Failed to add Common Name attribute to the subject DN: %s\n", chip::ErrorStr(err));