From 94331de79d23b17eabfdeb448137afe5082d01e3 Mon Sep 17 00:00:00 2001 From: Evgeny Margolis Date: Wed, 14 Dec 2022 15:00:22 -0800 Subject: [PATCH] Generated Negative Test Cases for Matter Operational Certificates (NOC, ICAC, RCAC). (#24043) Added python script that generates negative test vectors using chip-cert tool. Those new test vectors are used to verify failure scenarios for the following use cases: - Conversion of DER encoded operation certificate to CHIP TLV format - Conversion of CHIP TLV encoded certificate to DER format - Loading and parsing of the CHIP TLV encoded certificate - Checking validity of the certificate subject field As a result of these new test one bug was found and fixed in the ChipDN::DecodeFromTLV() function, where chipAttr should be used instead of attrOID when NodeId/FabricId validity is checked. Some extra validity checks were added to the following methods: - ConvertChipCertToX509Cert() - ConvertX509CertToChipCert() The chip-cert tool was updated and enhanced with more error cases. --- .gitattributes | 2 + .../Chip-Test-ICAC-Cert-Version-V2-Cert.der | Bin 0 -> 451 bytes .../Chip-Test-ICAC-Cert-Version-V2-Key.der | Bin 0 -> 121 bytes ...est-ICAC-Ext-AKID-Length-Invalid-Cert.chip | Bin 0 -> 261 bytes ...Test-ICAC-Ext-AKID-Length-Invalid-Cert.der | Bin 0 -> 450 bytes ...Test-ICAC-Ext-AKID-Length-Invalid-Key.chip | 1 + ...-Test-ICAC-Ext-AKID-Length-Invalid-Key.der | Bin 0 -> 121 bytes .../Chip-Test-ICAC-Ext-AKID-Missing-Cert.chip | Bin 0 -> 239 bytes .../Chip-Test-ICAC-Ext-AKID-Missing-Key.chip | Bin 0 -> 97 bytes ...p-Test-ICAC-Ext-Basic-CA-Missing-Cert.chip | Bin 0 -> 260 bytes ...ip-Test-ICAC-Ext-Basic-CA-Missing-Cert.der | Bin 0 -> 450 bytes ...ip-Test-ICAC-Ext-Basic-CA-Missing-Key.chip | 1 + ...hip-Test-ICAC-Ext-Basic-CA-Missing-Key.der | Bin 0 -> 121 bytes ...hip-Test-ICAC-Ext-Basic-CA-Wrong-Cert.chip | Bin 0 -> 262 bytes ...Chip-Test-ICAC-Ext-Basic-CA-Wrong-Key.chip | 2 + ...t-ICAC-Ext-Basic-Critical-Missing-Cert.der | Bin 0 -> 447 bytes ...st-ICAC-Ext-Basic-Critical-Missing-Key.der | Bin 0 -> 121 bytes ...est-ICAC-Ext-Basic-Critical-Wrong-Cert.der | Bin 0 -> 448 bytes ...Test-ICAC-Ext-Basic-Critical-Wrong-Key.der | Bin 0 -> 121 bytes ...Chip-Test-ICAC-Ext-Basic-Missing-Cert.chip | Bin 0 -> 257 bytes .../Chip-Test-ICAC-Ext-Basic-Missing-Key.chip | 1 + ...Ext-Basic-PathLen-Presence-Wrong-Cert.chip | Bin 0 -> 262 bytes ...-Ext-Basic-PathLen-Presence-Wrong-Key.chip | 1 + ...hip-Test-ICAC-Ext-Basic-PathLen2-Cert.chip | Bin 0 -> 262 bytes ...Chip-Test-ICAC-Ext-Basic-PathLen2-Key.chip | 1 + ...CAC-Ext-KeyUsage-Critical-Missing-Cert.der | Bin 0 -> 448 bytes ...ICAC-Ext-KeyUsage-Critical-Missing-Key.der | Bin 0 -> 121 bytes ...-ICAC-Ext-KeyUsage-Critical-Wrong-Cert.der | Bin 0 -> 448 bytes ...t-ICAC-Ext-KeyUsage-Critical-Wrong-Key.der | Bin 0 -> 121 bytes ...C-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip | Bin 0 -> 262 bytes ...AC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip | 1 + ...p-Test-ICAC-Ext-KeyUsage-Missing-Cert.chip | Bin 0 -> 259 bytes ...ip-Test-ICAC-Ext-KeyUsage-Missing-Key.chip | Bin 0 -> 97 bytes ...est-ICAC-Ext-SKID-Length-Invalid-Cert.chip | Bin 0 -> 261 bytes ...Test-ICAC-Ext-SKID-Length-Invalid-Cert.der | Bin 0 -> 449 bytes ...Test-ICAC-Ext-SKID-Length-Invalid-Key.chip | 1 + ...-Test-ICAC-Ext-SKID-Length-Invalid-Key.der | Bin 0 -> 121 bytes .../Chip-Test-ICAC-Ext-SKID-Missing-Cert.chip | Bin 0 -> 239 bytes .../Chip-Test-ICAC-Ext-SKID-Missing-Key.chip | 1 + .../Chip-Test-ICAC-Issuer-Missing-Cert.chip | Bin 0 -> 249 bytes .../Chip-Test-ICAC-Issuer-Missing-Key.chip | 2 + .../Chip-Test-ICAC-Oversized-Cert.chip | Bin 0 -> 463 bytes .../Chip-Test-ICAC-Oversized-Cert.der | Bin 0 -> 678 bytes .../Chip-Test-ICAC-Oversized-Key.chip | 1 + .../Chip-Test-ICAC-Oversized-Key.der | Bin 0 -> 121 bytes .../Chip-Test-ICAC-PublicKey-Wrong-Cert.chip | Bin 0 -> 262 bytes .../Chip-Test-ICAC-PublicKey-Wrong-Key.chip | 2 + ...-Test-ICAC-Serial-Number-Missing-Cert.chip | Bin 0 -> 251 bytes ...p-Test-ICAC-Serial-Number-Missing-Key.chip | 1 + ...st-ICAC-Sig-Algo-ECDSA-With-SHA1-Cert.chip | Bin 0 -> 262 bytes ...est-ICAC-Sig-Algo-ECDSA-With-SHA1-Cert.der | Bin 0 -> 448 bytes ...est-ICAC-Sig-Algo-ECDSA-With-SHA1-Key.chip | 2 + ...Test-ICAC-Sig-Algo-ECDSA-With-SHA1-Key.der | Bin 0 -> 121 bytes ...ip-Test-ICAC-Sig-Curve-Secp256k1-Cert.chip | Bin 0 -> 262 bytes ...hip-Test-ICAC-Sig-Curve-Secp256k1-Cert.der | Bin 0 -> 448 bytes ...hip-Test-ICAC-Sig-Curve-Secp256k1-Key.chip | 1 + ...Chip-Test-ICAC-Sig-Curve-Secp256k1-Key.der | Bin 0 -> 118 bytes .../Chip-Test-ICAC-Signature-Wrong-Cert.chip | Bin 0 -> 262 bytes .../Chip-Test-ICAC-Signature-Wrong-Key.chip | 2 + ...ip-Test-ICAC-Subject-CAT-Invalid-Cert.chip | Bin 0 -> 268 bytes ...hip-Test-ICAC-Subject-CAT-Invalid-Cert.der | Bin 0 -> 477 bytes ...hip-Test-ICAC-Subject-CAT-Invalid-Key.chip | 2 + ...Chip-Test-ICAC-Subject-CAT-Invalid-Key.der | Bin 0 -> 121 bytes ...Chip-Test-ICAC-Subject-CAT-Twice-Cert.chip | Bin 0 -> 274 bytes .../Chip-Test-ICAC-Subject-CAT-Twice-Key.chip | Bin 0 -> 97 bytes ...st-ICAC-Subject-FabricId-Invalid-Cert.chip | Bin 0 -> 255 bytes ...est-ICAC-Subject-FabricId-Invalid-Cert.der | Bin 0 -> 451 bytes ...est-ICAC-Subject-FabricId-Invalid-Key.chip | 1 + ...Test-ICAC-Subject-FabricId-Invalid-Key.der | Bin 0 -> 121 bytes ...Test-ICAC-Subject-FabricId-Twice-Cert.chip | Bin 0 -> 272 bytes ...-Test-ICAC-Subject-FabricId-Twice-Key.chip | Bin 0 -> 97 bytes ...st-ICAC-Subject-MatterId-Missing-Cert.chip | Bin 0 -> 252 bytes ...est-ICAC-Subject-MatterId-Missing-Key.chip | 2 + ...Test-ICAC-Subject-MatterId-Twice-Cert.chip | Bin 0 -> 272 bytes ...-Test-ICAC-Subject-MatterId-Twice-Key.chip | Bin 0 -> 97 bytes .../Chip-Test-ICAC-Subject-Missing-Cert.chip | Bin 0 -> 239 bytes .../Chip-Test-ICAC-Subject-Missing-Key.chip | 1 + ...-ICAC-Validity-Not-After-Missing-Cert.chip | Bin 0 -> 256 bytes ...t-ICAC-Validity-Not-After-Missing-Cert.der | Bin 0 -> 439 bytes ...t-ICAC-Validity-Not-After-Missing-Key.chip | 1 + ...st-ICAC-Validity-Not-After-Missing-Key.der | Bin 0 -> 121 bytes ...ICAC-Validity-Not-Before-Missing-Cert.chip | Bin 0 -> 256 bytes ...-ICAC-Validity-Not-Before-Missing-Cert.der | Bin 0 -> 439 bytes ...-ICAC-Validity-Not-Before-Missing-Key.chip | 1 + ...t-ICAC-Validity-Not-Before-Missing-Key.der | Bin 0 -> 121 bytes .../Chip-Test-ICAC-Validity-Wrong-Cert.chip | Bin 0 -> 262 bytes .../Chip-Test-ICAC-Validity-Wrong-Cert.der | Bin 0 -> 451 bytes .../Chip-Test-ICAC-Validity-Wrong-Key.chip | Bin 0 -> 97 bytes .../Chip-Test-ICAC-Validity-Wrong-Key.der | Bin 0 -> 121 bytes .../Chip-Test-NOC-Cert-Version-V2-Cert.der | Bin 0 -> 519 bytes .../Chip-Test-NOC-Cert-Version-V2-Key.der | Bin 0 -> 121 bytes ...Test-NOC-Ext-AKID-Length-Invalid-Cert.chip | Bin 0 -> 278 bytes ...-Test-NOC-Ext-AKID-Length-Invalid-Cert.der | Bin 0 -> 516 bytes ...-Test-NOC-Ext-AKID-Length-Invalid-Key.chip | 2 + ...p-Test-NOC-Ext-AKID-Length-Invalid-Key.der | Bin 0 -> 121 bytes .../Chip-Test-NOC-Ext-AKID-Missing-Cert.chip | Bin 0 -> 256 bytes .../Chip-Test-NOC-Ext-AKID-Missing-Key.chip | 2 + ...ip-Test-NOC-Ext-Basic-CA-Missing-Cert.chip | Bin 0 -> 277 bytes ...hip-Test-NOC-Ext-Basic-CA-Missing-Cert.der | Bin 0 -> 522 bytes ...hip-Test-NOC-Ext-Basic-CA-Missing-Key.chip | 2 + ...Chip-Test-NOC-Ext-Basic-CA-Missing-Key.der | Bin 0 -> 121 bytes ...Chip-Test-NOC-Ext-Basic-CA-Wrong-Cert.chip | Bin 0 -> 279 bytes .../Chip-Test-NOC-Ext-Basic-CA-Wrong-Key.chip | 1 + ...st-NOC-Ext-Basic-Critical-Missing-Cert.der | Bin 0 -> 513 bytes ...est-NOC-Ext-Basic-Critical-Missing-Key.der | Bin 0 -> 121 bytes ...Test-NOC-Ext-Basic-Critical-Wrong-Cert.der | Bin 0 -> 513 bytes ...-Test-NOC-Ext-Basic-Critical-Wrong-Key.der | Bin 0 -> 121 bytes .../Chip-Test-NOC-Ext-Basic-Missing-Cert.chip | Bin 0 -> 274 bytes .../Chip-Test-NOC-Ext-Basic-Missing-Key.chip | 1 + ...Ext-Basic-PathLen-Presence-Wrong-Cert.chip | Bin 0 -> 279 bytes ...-Ext-Basic-PathLen-Presence-Wrong-Cert.der | Bin 0 -> 520 bytes ...-Ext-Basic-PathLen-Presence-Wrong-Key.chip | 1 + ...C-Ext-Basic-PathLen-Presence-Wrong-Key.der | Bin 0 -> 121 bytes ...Chip-Test-NOC-Ext-Basic-PathLen2-Cert.chip | Bin 0 -> 279 bytes .../Chip-Test-NOC-Ext-Basic-PathLen2-Key.chip | 2 + ...NOC-Ext-KeyUsage-Critical-Missing-Cert.der | Bin 0 -> 512 bytes ...-NOC-Ext-KeyUsage-Critical-Missing-Key.der | Bin 0 -> 121 bytes ...t-NOC-Ext-KeyUsage-Critical-Wrong-Cert.der | Bin 0 -> 513 bytes ...st-NOC-Ext-KeyUsage-Critical-Wrong-Key.der | Bin 0 -> 121 bytes ...C-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip | Bin 0 -> 279 bytes ...OC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip | 2 + ...ip-Test-NOC-Ext-KeyUsage-Missing-Cert.chip | Bin 0 -> 276 bytes ...hip-Test-NOC-Ext-KeyUsage-Missing-Key.chip | 1 + ...Test-NOC-Ext-SKID-Length-Invalid-Cert.chip | Bin 0 -> 278 bytes ...-Test-NOC-Ext-SKID-Length-Invalid-Cert.der | Bin 0 -> 515 bytes ...-Test-NOC-Ext-SKID-Length-Invalid-Key.chip | 1 + ...p-Test-NOC-Ext-SKID-Length-Invalid-Key.der | Bin 0 -> 121 bytes .../Chip-Test-NOC-Ext-SKID-Missing-Cert.chip | Bin 0 -> 256 bytes .../Chip-Test-NOC-Ext-SKID-Missing-Key.chip | 2 + .../Chip-Test-NOC-Issuer-Missing-Cert.chip | Bin 0 -> 256 bytes .../Chip-Test-NOC-Issuer-Missing-Key.chip | 3 + .../Chip-Test-NOC-Oversized-Cert.chip | Bin 0 -> 480 bytes .../Chip-Test-NOC-Oversized-Cert.der | Bin 0 -> 744 bytes .../Chip-Test-NOC-Oversized-Key.chip | 1 + .../Chip-Test-NOC-Oversized-Key.der | Bin 0 -> 121 bytes .../Chip-Test-NOC-PublicKey-Wrong-Cert.chip | Bin 0 -> 279 bytes .../Chip-Test-NOC-PublicKey-Wrong-Key.chip | Bin 0 -> 97 bytes ...p-Test-NOC-Serial-Number-Missing-Cert.chip | Bin 0 -> 268 bytes ...ip-Test-NOC-Serial-Number-Missing-Key.chip | 1 + ...est-NOC-Sig-Algo-ECDSA-With-SHA1-Cert.chip | Bin 0 -> 279 bytes ...Test-NOC-Sig-Algo-ECDSA-With-SHA1-Cert.der | Bin 0 -> 517 bytes ...Test-NOC-Sig-Algo-ECDSA-With-SHA1-Key.chip | 1 + ...-Test-NOC-Sig-Algo-ECDSA-With-SHA1-Key.der | Bin 0 -> 121 bytes ...hip-Test-NOC-Sig-Curve-Secp256k1-Cert.chip | Bin 0 -> 279 bytes ...Chip-Test-NOC-Sig-Curve-Secp256k1-Cert.der | Bin 0 -> 515 bytes ...Chip-Test-NOC-Sig-Curve-Secp256k1-Key.chip | 1 + .../Chip-Test-NOC-Sig-Curve-Secp256k1-Key.der | Bin 0 -> 118 bytes .../Chip-Test-NOC-Signature-Wrong-Cert.chip | Bin 0 -> 279 bytes .../Chip-Test-NOC-Signature-Wrong-Key.chip | Bin 0 -> 97 bytes ...hip-Test-NOC-Subject-CAT-Invalid-Cert.chip | Bin 0 -> 285 bytes ...Chip-Test-NOC-Subject-CAT-Invalid-Cert.der | Bin 0 -> 544 bytes ...Chip-Test-NOC-Subject-CAT-Invalid-Key.chip | 1 + .../Chip-Test-NOC-Subject-CAT-Invalid-Key.der | Bin 0 -> 121 bytes .../Chip-Test-NOC-Subject-CAT-Twice-Cert.chip | Bin 0 -> 291 bytes .../Chip-Test-NOC-Subject-CAT-Twice-Key.chip | 2 + ...est-NOC-Subject-FabricId-Invalid-Cert.chip | Bin 0 -> 272 bytes ...Test-NOC-Subject-FabricId-Invalid-Cert.der | Bin 0 -> 518 bytes ...Test-NOC-Subject-FabricId-Invalid-Key.chip | 2 + ...-Test-NOC-Subject-FabricId-Invalid-Key.der | Bin 0 -> 121 bytes ...est-NOC-Subject-FabricId-Missing-Cert.chip | Bin 0 -> 269 bytes ...Test-NOC-Subject-FabricId-Missing-Key.chip | 1 + ...-Test-NOC-Subject-FabricId-Twice-Cert.chip | Bin 0 -> 289 bytes ...p-Test-NOC-Subject-FabricId-Twice-Key.chip | 1 + ...est-NOC-Subject-MatterId-Missing-Cert.chip | Bin 0 -> 269 bytes ...Test-NOC-Subject-MatterId-Missing-Key.chip | 3 + ...-Test-NOC-Subject-MatterId-Twice-Cert.chip | Bin 0 -> 289 bytes ...p-Test-NOC-Subject-MatterId-Twice-Key.chip | 1 + .../Chip-Test-NOC-Subject-Missing-Cert.chip | Bin 0 -> 256 bytes .../Chip-Test-NOC-Subject-Missing-Key.chip | Bin 0 -> 97 bytes ...-Test-NOC-Subject-NodeId-Invalid-Cert.chip | Bin 0 -> 279 bytes ...p-Test-NOC-Subject-NodeId-Invalid-Cert.der | Bin 0 -> 517 bytes ...p-Test-NOC-Subject-NodeId-Invalid-Key.chip | 1 + ...ip-Test-NOC-Subject-NodeId-Invalid-Key.der | Bin 0 -> 121 bytes ...t-NOC-Validity-Not-After-Missing-Cert.chip | Bin 0 -> 273 bytes ...st-NOC-Validity-Not-After-Missing-Cert.der | Bin 0 -> 506 bytes ...st-NOC-Validity-Not-After-Missing-Key.chip | Bin 0 -> 97 bytes ...est-NOC-Validity-Not-After-Missing-Key.der | Bin 0 -> 121 bytes ...-NOC-Validity-Not-Before-Missing-Cert.chip | Bin 0 -> 273 bytes ...t-NOC-Validity-Not-Before-Missing-Cert.der | Bin 0 -> 505 bytes ...t-NOC-Validity-Not-Before-Missing-Key.chip | 2 + ...st-NOC-Validity-Not-Before-Missing-Key.der | Bin 0 -> 121 bytes .../Chip-Test-NOC-Validity-Wrong-Cert.chip | Bin 0 -> 279 bytes .../Chip-Test-NOC-Validity-Wrong-Cert.der | Bin 0 -> 519 bytes .../Chip-Test-NOC-Validity-Wrong-Key.chip | 1 + .../Chip-Test-NOC-Validity-Wrong-Key.der | Bin 0 -> 121 bytes .../Chip-Test-RCAC-Cert-Version-V2-Cert.der | Bin 0 -> 416 bytes .../Chip-Test-RCAC-Cert-Version-V2-Key.der | Bin 0 -> 121 bytes ...est-RCAC-Ext-AKID-Length-Invalid-Cert.chip | Bin 0 -> 251 bytes ...Test-RCAC-Ext-AKID-Length-Invalid-Cert.der | Bin 0 -> 415 bytes ...Test-RCAC-Ext-AKID-Length-Invalid-Key.chip | 1 + ...-Test-RCAC-Ext-AKID-Length-Invalid-Key.der | Bin 0 -> 121 bytes .../Chip-Test-RCAC-Ext-AKID-Missing-Cert.chip | Bin 0 -> 229 bytes .../Chip-Test-RCAC-Ext-AKID-Missing-Key.chip | Bin 0 -> 97 bytes ...p-Test-RCAC-Ext-Basic-CA-Missing-Cert.chip | Bin 0 -> 250 bytes ...ip-Test-RCAC-Ext-Basic-CA-Missing-Cert.der | Bin 0 -> 417 bytes ...ip-Test-RCAC-Ext-Basic-CA-Missing-Key.chip | 3 + ...hip-Test-RCAC-Ext-Basic-CA-Missing-Key.der | Bin 0 -> 121 bytes ...hip-Test-RCAC-Ext-Basic-CA-Wrong-Cert.chip | Bin 0 -> 252 bytes ...Chip-Test-RCAC-Ext-Basic-CA-Wrong-Key.chip | 1 + ...t-RCAC-Ext-Basic-Critical-Missing-Cert.der | Bin 0 -> 414 bytes ...st-RCAC-Ext-Basic-Critical-Missing-Key.der | Bin 0 -> 121 bytes ...est-RCAC-Ext-Basic-Critical-Wrong-Cert.der | Bin 0 -> 414 bytes ...Test-RCAC-Ext-Basic-Critical-Wrong-Key.der | Bin 0 -> 121 bytes ...Chip-Test-RCAC-Ext-Basic-Missing-Cert.chip | Bin 0 -> 247 bytes .../Chip-Test-RCAC-Ext-Basic-Missing-Key.chip | Bin 0 -> 97 bytes ...Ext-Basic-PathLen-Presence-Wrong-Cert.chip | Bin 0 -> 252 bytes ...-Ext-Basic-PathLen-Presence-Wrong-Key.chip | 1 + ...hip-Test-RCAC-Ext-Basic-PathLen2-Cert.chip | Bin 0 -> 252 bytes ...Chip-Test-RCAC-Ext-Basic-PathLen2-Key.chip | 1 + ...CAC-Ext-KeyUsage-Critical-Missing-Cert.der | Bin 0 -> 414 bytes ...RCAC-Ext-KeyUsage-Critical-Missing-Key.der | Bin 0 -> 121 bytes ...-RCAC-Ext-KeyUsage-Critical-Wrong-Cert.der | Bin 0 -> 414 bytes ...t-RCAC-Ext-KeyUsage-Critical-Wrong-Key.der | Bin 0 -> 121 bytes ...C-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip | Bin 0 -> 252 bytes ...AC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip | 1 + ...p-Test-RCAC-Ext-KeyUsage-Missing-Cert.chip | Bin 0 -> 249 bytes ...ip-Test-RCAC-Ext-KeyUsage-Missing-Key.chip | Bin 0 -> 97 bytes ...est-RCAC-Ext-SKID-Length-Invalid-Cert.chip | Bin 0 -> 251 bytes ...Test-RCAC-Ext-SKID-Length-Invalid-Cert.der | Bin 0 -> 414 bytes ...Test-RCAC-Ext-SKID-Length-Invalid-Key.chip | Bin 0 -> 97 bytes ...-Test-RCAC-Ext-SKID-Length-Invalid-Key.der | Bin 0 -> 121 bytes .../Chip-Test-RCAC-Ext-SKID-Missing-Cert.chip | Bin 0 -> 229 bytes .../Chip-Test-RCAC-Ext-SKID-Missing-Key.chip | 1 + .../Chip-Test-RCAC-Issuer-Missing-Cert.chip | Bin 0 -> 239 bytes .../Chip-Test-RCAC-Issuer-Missing-Key.chip | 1 + .../Chip-Test-RCAC-Oversized-Cert.chip | Bin 0 -> 654 bytes .../Chip-Test-RCAC-Oversized-Cert.der | Bin 0 -> 871 bytes .../Chip-Test-RCAC-Oversized-Key.chip | 2 + .../Chip-Test-RCAC-Oversized-Key.der | Bin 0 -> 121 bytes .../Chip-Test-RCAC-PublicKey-Wrong-Cert.chip | Bin 0 -> 252 bytes .../Chip-Test-RCAC-PublicKey-Wrong-Key.chip | 2 + ...-Test-RCAC-Serial-Number-Missing-Cert.chip | Bin 0 -> 241 bytes ...p-Test-RCAC-Serial-Number-Missing-Key.chip | 2 + ...st-RCAC-Sig-Algo-ECDSA-With-SHA1-Cert.chip | Bin 0 -> 252 bytes ...est-RCAC-Sig-Algo-ECDSA-With-SHA1-Cert.der | Bin 0 -> 414 bytes ...est-RCAC-Sig-Algo-ECDSA-With-SHA1-Key.chip | 1 + ...Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Key.der | Bin 0 -> 121 bytes ...ip-Test-RCAC-Sig-Curve-Secp256k1-Cert.chip | Bin 0 -> 252 bytes ...hip-Test-RCAC-Sig-Curve-Secp256k1-Cert.der | Bin 0 -> 414 bytes ...hip-Test-RCAC-Sig-Curve-Secp256k1-Key.chip | 1 + ...Chip-Test-RCAC-Sig-Curve-Secp256k1-Key.der | Bin 0 -> 118 bytes .../Chip-Test-RCAC-Signature-Wrong-Cert.chip | Bin 0 -> 252 bytes .../Chip-Test-RCAC-Signature-Wrong-Key.chip | 1 + ...ip-Test-RCAC-Subject-CAT-Invalid-Cert.chip | Bin 0 -> 264 bytes ...hip-Test-RCAC-Subject-CAT-Invalid-Cert.der | Bin 0 -> 470 bytes ...hip-Test-RCAC-Subject-CAT-Invalid-Key.chip | 1 + ...Chip-Test-RCAC-Subject-CAT-Invalid-Key.der | Bin 0 -> 121 bytes ...Chip-Test-RCAC-Subject-CAT-Twice-Cert.chip | Bin 0 -> 276 bytes .../Chip-Test-RCAC-Subject-CAT-Twice-Key.chip | Bin 0 -> 97 bytes ...st-RCAC-Subject-FabricId-Invalid-Cert.chip | Bin 0 -> 238 bytes ...est-RCAC-Subject-FabricId-Invalid-Cert.der | Bin 0 -> 416 bytes ...est-RCAC-Subject-FabricId-Invalid-Key.chip | 2 + ...Test-RCAC-Subject-FabricId-Invalid-Key.der | Bin 0 -> 121 bytes ...Test-RCAC-Subject-FabricId-Twice-Cert.chip | Bin 0 -> 272 bytes ...-Test-RCAC-Subject-FabricId-Twice-Key.chip | 1 + ...st-RCAC-Subject-MatterId-Missing-Cert.chip | 3 + ...est-RCAC-Subject-MatterId-Missing-Key.chip | 2 + ...Test-RCAC-Subject-MatterId-Twice-Cert.chip | Bin 0 -> 272 bytes ...-Test-RCAC-Subject-MatterId-Twice-Key.chip | Bin 0 -> 97 bytes .../Chip-Test-RCAC-Subject-Missing-Cert.chip | Bin 0 -> 239 bytes .../Chip-Test-RCAC-Subject-Missing-Key.chip | Bin 0 -> 97 bytes ...-RCAC-Validity-Not-After-Missing-Cert.chip | Bin 0 -> 246 bytes ...t-RCAC-Validity-Not-After-Missing-Cert.der | Bin 0 -> 403 bytes ...t-RCAC-Validity-Not-After-Missing-Key.chip | 1 + ...st-RCAC-Validity-Not-After-Missing-Key.der | Bin 0 -> 121 bytes ...RCAC-Validity-Not-Before-Missing-Cert.chip | Bin 0 -> 246 bytes ...-RCAC-Validity-Not-Before-Missing-Cert.der | Bin 0 -> 404 bytes ...-RCAC-Validity-Not-Before-Missing-Key.chip | Bin 0 -> 97 bytes ...t-RCAC-Validity-Not-Before-Missing-Key.der | Bin 0 -> 121 bytes .../Chip-Test-RCAC-Validity-Wrong-Cert.chip | Bin 0 -> 252 bytes .../Chip-Test-RCAC-Validity-Wrong-Cert.der | Bin 0 -> 417 bytes .../Chip-Test-RCAC-Validity-Wrong-Key.chip | 1 + .../Chip-Test-RCAC-Validity-Wrong-Key.der | Bin 0 -> 121 bytes .../Chip-Test-ICA02-Cert.chip-b64 | 1 + .../Chip-Test-ICA02-Cert.pem | 13 + .../Chip-Test-ICA02-Key.pem | 5 + .../Chip-Test-Root01-Cert.chip-b64 | 1 + .../Chip-Test-Root01-Cert.pem | 11 + .../Chip-Test-Root01-Key.pem | 5 + src/credentials/CHIPCert.cpp | 4 +- src/credentials/CHIPCertFromX509.cpp | 22 +- src/credentials/CHIPCertToX509.cpp | 6 + .../tests/CHIPCert_error_test_vectors.cpp | 2877 ++++++++++++++++- .../tests/CHIPCert_error_test_vectors.h | 157 +- src/credentials/tests/TestChipCert.cpp | 91 +- src/tools/chip-cert/CertUtils.cpp | 42 +- src/tools/chip-cert/Cmd_GenCert.cpp | 70 +- src/tools/chip-cert/Cmd_PrintCert.cpp | 7 +- src/tools/chip-cert/chip-cert.h | 33 +- .../chip-cert/gen_com_dut_test_vectors.py | 4 +- .../chip-cert/gen_op_cert_test_vectors.py | 733 +++++ 291 files changed, 4048 insertions(+), 134 deletions(-) create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Cert-Version-V2-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Cert-Version-V2-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Length-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Length-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Length-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Length-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Critical-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Critical-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Critical-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Critical-Wrong-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen-Presence-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen-Presence-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen2-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen2-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Wrong-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Issuer-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Issuer-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Oversized-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Oversized-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Oversized-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Oversized-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-PublicKey-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-PublicKey-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Serial-Number-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Serial-Number-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Algo-ECDSA-With-SHA1-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Algo-ECDSA-With-SHA1-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Algo-ECDSA-With-SHA1-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Algo-ECDSA-With-SHA1-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Curve-Secp256k1-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Curve-Secp256k1-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Curve-Secp256k1-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Curve-Secp256k1-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Signature-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Signature-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Twice-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Twice-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Twice-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Twice-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Twice-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Twice-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Cert-Version-V2-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Cert-Version-V2-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Critical-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Critical-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Critical-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Critical-Wrong-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen2-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen2-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Critical-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Critical-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Critical-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Critical-Wrong-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Issuer-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Issuer-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Oversized-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Oversized-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Oversized-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Oversized-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-PublicKey-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-PublicKey-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Serial-Number-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Serial-Number-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Algo-ECDSA-With-SHA1-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Algo-ECDSA-With-SHA1-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Algo-ECDSA-With-SHA1-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Algo-ECDSA-With-SHA1-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Curve-Secp256k1-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Curve-Secp256k1-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Curve-Secp256k1-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Curve-Secp256k1-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Signature-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Signature-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Twice-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Twice-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Twice-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Twice-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-MatterId-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-MatterId-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-MatterId-Twice-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-MatterId-Twice-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Cert-Version-V2-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Cert-Version-V2-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Critical-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Critical-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Critical-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Critical-Wrong-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-PathLen-Presence-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-PathLen-Presence-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-PathLen2-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-PathLen2-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Wrong-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Length-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Length-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Length-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Length-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Issuer-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Issuer-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-PublicKey-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-PublicKey-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Serial-Number-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Serial-Number-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Signature-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Signature-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Twice-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Twice-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Twice-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Twice-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Twice-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Twice-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-After-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-After-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-After-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-After-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Key.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Cert.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Cert.der create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Key.chip create mode 100644 credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Key.der create mode 100644 credentials/test/operational-certificates/Chip-Test-ICA02-Cert.chip-b64 create mode 100644 credentials/test/operational-certificates/Chip-Test-ICA02-Cert.pem create mode 100644 credentials/test/operational-certificates/Chip-Test-ICA02-Key.pem create mode 100644 credentials/test/operational-certificates/Chip-Test-Root01-Cert.chip-b64 create mode 100644 credentials/test/operational-certificates/Chip-Test-Root01-Cert.pem create mode 100644 credentials/test/operational-certificates/Chip-Test-Root01-Key.pem create mode 100755 src/tools/chip-cert/gen_op_cert_test_vectors.py diff --git a/.gitattributes b/.gitattributes index af5568cf35ee6b..7fe901534f6899 100644 --- a/.gitattributes +++ b/.gitattributes @@ -7,3 +7,5 @@ src/controller/python/chip/clusters/CHIPClusters.py linguist-generated src/controller/python/chip/clusters/Objects.py linguist-generated # Let bat file use CRLF linebreak **/*.bat eol=crlf +# Mark Matter operational certificate/key files as binary +**/*.chip binary diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Cert-Version-V2-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Cert-Version-V2-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..156b0b16c1c03edf84781ea04f6829882ed40b33 GIT binary patch literal 451 zcmXqLV%%@g#F)B(nTe5+i6hXs+jd{#i%J77HV&;ek8`#x%uEJKh6)C9Y+TxGj4X^z zi)t8Icm$jsAammL>dUQv4h>k#0YgDGb1~*69bFI)@dxqeS4RzC_DRI>s`d@yFbtLFee>h zH9FJwQ}MrEf#J=MmA0=WqduH>6FzIRBK_|aj%v=Q^ZzLJJvM7NlY3@yvO%H&KO1wX ztS}?ve->5)W*}w22NK{12>`=^kg4sloBcp~~#RVBpH6U=(958*3wAr#9a( z%ZF{zxkX;DSHCK}cxBlI!4qfG@AWV#GW-wYXIXt<+8G1sfAJ3MZZj8hnB3ZNvft{H M_M6mWpN&@m0LZh5@c;k- literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Cert-Version-V2-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Cert-Version-V2-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..28cc8d293ed1ddcbd20e4de67595efe45c34d102 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1Rw>F7a}pMC@VdCTfe(9jZhIPo<@)zFs<}50)6J-*}8XJ?a@+ b@XtmQ%{-`Q{geoM3FV*sA&%oVfXr>o=;buC literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Length-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Length-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..fd81561d2d43327e6312f9dca7178e2f5b5ae936 GIT binary patch literal 261 zcmWeNVB`qWT9bE5^P#f}6Qen^x(Fi!1H&mGkWgcJFD|XF#+tWvr;juSa3lvIB0} zu6B67#`V2YfuGbhh0DVJ_v4tfzuz;`a0xvdw)$9#IhQG;CZmK3Q-T4D$Q+ky;adr; z#uwcTUmrhyR!~B9GM@pf@EKu_^-bsB1;lN#4&VPG%TO#eSi*qY;nhAakJWvd=Tn>; z9y2f|rkslDmd(;)yyvn1&x0o_6Ekzo&uNA@w8zBPrAE8_hEIUsx->wv)%x J$G!fi1OUPDV=Mpw literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Length-Invalid-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Length-Invalid-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..d7268fc9fe7331dab4c94348f16bc03f70f1222f GIT binary patch literal 450 zcmXqLV%%rY#F(;xnTe5!iG!zE-~g*G<7)#hHV&;ek8`#x%uEJKh6)C9Y+TxGj4X^z zi)t8Icm$jsAammL>dUQv4h>k#0YgDGb1~*69Y>S)1r%0Wcy0*o{HFJ-)6(BGs#WuPk7zu zCu;&8cRZiCrqA8&m)_M+LK2~kwKGB*pG=Z`_ja!0=66>wcwU%QbY|D$B!dJ4em3S% zSz$)T|17Kq%s|S34W^xrjVKFf-M zfdrIRW)U|KZ4f>q%(1@d{JVg-P1fQ2Ut}4Ir3NDhDzgWJfh&_j;62Njsp0NFPrQsR zUS|Ey^~UxFg_9K)3qQsCUOT^WMg@~1!{x)4+qD878n>2hy_~hrUn?_uf(Zm-9(j%u0zZ=?_<>O){DDL0#@GT%(a0$%&x4=}1_&yK zNX|V20SBQ(13~}oNF4gi9 b7*&CNm{ft}k{RypoguUC)zC@MnsUs#sxdUd literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-AKID-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..bac8cadb99ae44b1950db9f7b4a6ff1a5e8e40fe GIT binary patch literal 239 zcmWeNVB`q0eW<^V`?aVF6Qen^x(Fi!1H&mGkWgcJFD|XF#+tWvr;jsN>>Sdo-V`N^V)F zqkQz{8(XC%?Exib>MO(?e=m1l#P5A!-=3@HaRGPv%(+Y%H5nyTm=X+FMCN3N94tC@ zllz%!;E@}F&er>09Xcmr!0q6+_rJc3{528LN5yM&d^`@{ire9-wd=+ammL>dUQv4h>k#0YgDGb1~*69dbedy8fNG5M#>GTx)~HvjCr>F?G|T)E@X zyIzg8TVGuWVA$lW6L;p MT-tqhZCi6308dznOaK4? literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Missing-Key.chip new file mode 100644 index 00000000000000..a5de11dc35b776 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Missing-Key.chip @@ -0,0 +1 @@ +(LKy�:������y�&��NK�j���U��J�ݣUq�����>�Q�[lԋ�>�̱����j�y�߼y) ���a���sM��+nF�^t \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..69706a9ed315599f08a271a8c5f5bb846a2c8e3b GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R%2AHthzSnYYGs3LIPs1e3snDeY7JHU!qqZ+S5<9NC}>1_&yK zNX|V20SBQ(13~}Cnlrp2?QhMVm+q{Qskq|qjVP_P>d;UCvO_Fh)BLrs b>YZyp1N!+N8?97f#B18IE0rJQUKC$o=oL0@ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-CA-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..d740d10552b660f9a6251d29085516948f8e0718 GIT binary patch literal 262 zcmV+h0r~zFFaZc6uzobPqNz+I0s%JzClmny007F$%E}lf1n(CcCng1MwYf|;1}75( z0002W%F4;3-0J^&#F~r6bxAZ5a|*e!8N(IfHwrZYC;=EG0$?x% z6s$`xauAD0@HwqdTo;2^v-uJ+3@`;0%o7N&g3s0hV`O1$ zT2#Zx!Xx192!RF=U}zvG&TC{~Xkch+Xkuh+VjLyTYl7e!MH#rDnZb-hzGd|@8 z@*rtt76}8f29Yzu9P69TzYB=lWF5Z$MV6shYH&PqkTSb77`QMg)Nf~b(7J4jvwL=+ zk;TOA)^nFwyj$gY#!XG|QD)`uDS1o^k+$rqQU{nY!HFTx+Y&Y_ngFTCfD@`OOAVk31_&yK zNX|V20SBQ(13~}}$)*r+REyCD076l2S6{JuD|I_YjRX1Hs b=;K9~yPbVgf%z%6xtp?u^%l1}KyLh&+q literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Critical-Wrong-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Critical-Wrong-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..99dc78e9d3cf2b780e353ad8f131008cb4c59c3b GIT binary patch literal 448 zcmXqLV%%fU#F(^znTe5!iKAqd)G>LU)xQn6*f_M>JkHs&Ff$n_87dgav2kg$F|sf= zEvjK;;Sq3lgg^rbFf@=8=QT1gG%z$ZG%+$ZF^&@FH9>HVq6}Qn%wWba!x&8kE02Ji zqZ8Bu5M}6M5NROH#twED6C>1t%#7^JP7Ew;iJcq|+BiZd^7q~OmwNur|1a$?pLSZt z1m7#N+q(3_r|mb@)9042Of&ehKwkdwv>aE%_tPJ?Uv-LG%ej5S$E%5p6Aa=Ec-WXj zWrbN-4VW1j{~Pduc>F*X3osBE*$iYsd_ER27Lgvoi-sT1JEw-uzcv57lHYlqSK6Bl zevzs_<#l!AS*0&4o)oTQQjnBfM)6Vp4Ja$g$H)b4PKo}<|C Ld)Mu-U2Y!%87PcW literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Critical-Wrong-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Critical-Wrong-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..b34c99b868f08aaefce6d93b24e518a4d8c64948 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1Rxp`O&)_02%ou80J4S0!Bo@^A4{{)mb8cVr3SAPhV7sV1_&yK zNX|V20SBQ(13~}<24RT^;D!iQkq?gC{$e30=Eib(+YQKW$9Ua&~Hwq*IU@!y}Z5jfH z8fbgn+Fb*n7aGtZ-Xk zQpu={`~j)1Sdm(QEOU8%9Ex+eg6HV HO_swLipFS7 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Missing-Key.chip new file mode 100644 index 00000000000000..cccf3a7d939f13 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-Missing-Key.chip @@ -0,0 +1 @@ +� R�w�Pqv~�LJ���0-�����M����a8��ց4���J�')�� �-/�,j����A�6}����%�plZ�K�ʤG` ���iRƔ0�� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen-Presence-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen-Presence-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..bc098586a8302089513de6b8cf418ed0f3bd8afe GIT binary patch literal 262 zcmWeNVC0DU#F^!wsD46)iP4-{U4)T=f#DPoNT{*A7nfF7W6j&T)5n}mU6>gvp)M*5 zWHB&o_$8sj&Zxq{Xu#>nqGR+;@v6kn(gjy@r(|Rp6&!x#+{pRvUFd=3uU4uTR!hk~ zlV8HjVQ^V`d;g9LncWM#EMHgZSXg|W9QD-VWn_-4IhQG;CZmK3Q-T4D$T?Qi8UOab zTaqwsp3eR-)<3Kl;CBxS2zg~46G3&JUrD|E6`Fi{N K{fvDdv?KsNpJ$T* literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen-Presence-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen-Presence-Wrong-Key.chip new file mode 100644 index 00000000000000..6b4c32330a4d3a --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen-Presence-Wrong-Key.chip @@ -0,0 +1 @@ +,2�!��u��m�hh2p��C� ��U���'q{��0�����i��J9�y,88��Z�8�YlE;�cQ���e�!l��ވ�y���ԍx���w1 \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen2-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-Basic-PathLen2-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..a55551f2af0f96cff09bbd712e222b7a8d8cdd4f GIT binary patch literal 262 zcmV+h0r~zFFaZb>g@LgFi6yKg0s%JzClmny007F$%E}lf1n(CcCng1MwYf|;1}75( z0002W%F4f;x)FwNU(yy9ǖ� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Missing-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Missing-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..5702c8dd8cf2cc2b3e6b95279bb2f2589537f018 GIT binary patch literal 448 zcmXqLV%%fU#F(^znTe5!i6dm|ef?h9FEb6e*f_M>JkHs&Ff$n_87dgav2kg$F|sf= zEvjK;;Sq3lgg^rbFf@=8=QT1gG%z$ZG%+$ZF^&@FH9>HVq6}Qn%wWba!x&8kE02Ji zqZ8Bu5M}6M5NROH#twED6C>1t%#7^JP7ExcCC+JwdDmq4t#*E5b6D`?8{QfK1Y*7;mo^;ee z9we>IB4HrbAaX{SV|~;4cL8ymti$)e$TAd54UR_+Qf3bZ16L*m<~T2>v;4JlQ~90- zEZ_g~fT%ORlP?AdWsR+aCS>EfG8KpZt# literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Wrong-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Wrong-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..0def0f97f2ad61f5f775a2f28e11e186ac0ab302 GIT binary patch literal 448 zcmXqLV%%fU#F(^znTe5!iK9&S(8l1KkCz#6v2kd%d7QIlVP-N=GE^{-W8>0hV`O1$ zT2#Zx!Xx192!RF=U}zvG&TC{~Xkch+Xkuh+VjLyTYl7e!MH#rDnZb-c8>+c1BhC zj%NM#H#P6$i;Mp8^cv_La7$i$Z_$*4fkJtOpEujD*1ECs%F1xoF8|$&6Aa=E_}Q34 zWrZ0T|Ff_fFas$AZjb;!3osBE*$iYs96lB?7Ll(VYCAPO-M=e7Pk*%bb^Z&7=h62J zU!M(F&f&ao}&p#*KKerqfDQo;Qcf+U14?8bS L7n!SiJM1n1A;gWM literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Wrong-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Critical-Wrong-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..e6d6f26da6b02597fec36a43bc68d00593ea82e8 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R#T;QMRU3Lnm+V7SHvtO$zV2oInnH-~aby>+%0PpM;}sPTnxxFYHV9%q1h-DSx-@eD7a#a{dgBFfPDG bW3Aqzl)+IFZgKOoKdUO(snn@g1&U9*;88f| literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..17743d3a2826537253a9c65e6f79839555294bae GIT binary patch literal 262 zcmWeNVB}zmGP+k+^v_;}iP4-{U4)T=f#DPoNT{*A7nfF7W6j&T)5n}mU6>gvp)M*5 zWHB&o_$8sj&Zxq{Xu#>nk{7&h=b=k+iE&S!_AyUoE$+SbdQNN8!^+L&Use9+wat5O z`AmLsnQyQg1O9$(6cdbTk0it(429+B*ScLLtCm~)vjYBEZwFgX~oh)CNgo9$lH zX3nn1AbhCrz|YT*MU)I!Ma~FwtZzF1E+B4`b@=`lS%zY%!SNCX+z#99g2L4T?0(&` z{w^e6x?yQ($iBX+DKo8BzO_y6Uv{WYy!vBFEcZLE;|rs7O{d(SA;xH3ptD%`*+kY9 KhSHARb`k(}Zf5-e literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip new file mode 100644 index 00000000000000..52dcdd85c8b45a --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip @@ -0,0 +1 @@ +nS����^a^���s��뜅��y�w�$�n���9��v3����$��hZ�i�3�\�k��P��Je�e�@�w�KCJ��`7�V��U��7�" \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-KeyUsage-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..1ffa9635eed613d48f89bee9f219102c0ab18e5e GIT binary patch literal 259 zcmV+e0sQ_IFaZc9NEeRQO>*=k0s%JzClmny007F$%E}lf1n(CcCng1MwYf|;1}75( z0002W%F4h-VcSnRihJNDVt6dgudp7;1<_p8 z+rtfG4&DX@&umxY(FM74RlJPLY*2HwrZYDFGNT1QZxO ztv@oKDn6r<#;RinG6QVQ6Ra==6wDI{uY%9+P+qb-SHI|LF&1T0Ul=e8K-93tGPL;- zEFikp@1Vda7WAx6I>O*i70|CUMBPBmJhqn>An+(4j7~L^=7KKGCsN+iULhK3Q-nIZ J4O2ewZx|Ph-VcSnRihJNDVt6dgudp7;1<_p8+rtfG4&DX@&umxY(FM74RlJPLY*24j37(6j9onDj5s`hK&KKz!hl|$eps^J3Zm1D2|Wm D$R#Z9 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..d3417e13f3d7f5a08f1a926bddbba40d56f7eb86 GIT binary patch literal 261 zcmV+g0s8(GFaZcLY5(+;QR_D(0s%JzClmny007F$%E}lf1n(CcCng1MwYf|;1}75( z0002W%F45e_>c$qG6dMpz^W_X79E;*u$di07%)e1HwrZYDFGNH0$?x% z6WCS4LXAS>xfNpGSduxeZ*`ijFa;FM69}(@&+brOvO8D5=xQ+*Wm8`mFbhD4J;$$xFb literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..b7c4080e9fdac6c8dc48780d3fa2f26491de857a GIT binary patch literal 449 zcmXqLV%%%c#F(;xnTe5!iGy*|UF|;ItK9}%Y#dr`9_MUXn3)We3>6II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#hfl^BNf#8W@@yniv_I7)OconjpAFQ3ft(W-w!zVT`7Nl}EtM z(Ftk+h%$6Bh%^vpV+Xs7i4p2RW=3{qCkB?JEnRhUJY{Y`K6FY7lfPBKU^;AdkF zl@(@W{LjK_zzn1e_&@^uAOT=FFtQoQfcShYqAbG3>hkAnQi4>wHgsMzS+VeY_MCSH z@*r7d76}8f29Yzu9P69TzYB=lWF5Z$MV6shYH&PqpfbBN7`QMg#NX@9bD#N-dFh3H zWe%VHZ?oj={pt8NOHOz4`T3vM9{�������:�< e�g�T���2����+��w��C0Gq�6�D��qB�a���{�7c��h=UHꤱ� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Length-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..854295d62c1a8fcbb9c623f20e3185c39d99c63c GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R!Vjg7X~kdGOF-5|&YKBsqA|Hws-knzh#sa@4){+K`?D{s)`kK)USH@|``j&agExUgvp)M*5 zWHB&o_$8sj&Zxq{Xu#>na^r8vx=9vR(_%Y1UxYH|OpzmHM z3y9lf9lrlXmZ4Z`aJ+;8x5M(%l~13>9^AV~_u%fm+GVfm-p^IN8OtxT^YxD9Yx>2z npElii5oeV2Z{ckXrr>iu9|IdXf96P4_U!&2+PL`rZBq#VOsrq8 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Missing-Key.chip new file mode 100644 index 00000000000000..8f8e1305e16607 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Ext-SKID-Missing-Key.chip @@ -0,0 +1 @@ +��T��8:�]���Ul����YI�lAv���G����5}J��Q���f������0��N�ڽ(b-����s$�$ 6���ЫÛ�P���:r \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Issuer-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Issuer-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..3ab543066316f9665b265530b37067f7c22688ee GIT binary patch literal 249 zcmV#ZR0s$rj?-v^yD_H1Fg{cZ5!zd$Q*kyeGcyD29Cow3N-;K0T?6#U@!y}87g2i;a0QkA6XD7 zNZAriM7!#DFa;FM69}(@&+brOvO8D5=xQ+*Wm8`mFbhDb1O*iM%bDUhV*_0kPfT^l zX4&i_s|eJ=fb^PY2X}Jq?V0IX0edSG^ky^$qrmwxJ))cf78o;DWg8b39y0bAOln�xì���}� ��%k�8��De \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Oversized-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Oversized-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..713f0aca87db8a1f4f682da0a626956f3b7c67b1 GIT binary patch literal 463 zcmWeNVB}ysDcEH4^Aej16Qen^x(Fi!1H&mGkWgcJFD|XF#+tWvr;jb=9!NpI(v81FZGpV#BRUs|ENTDPnRl&b3 zwWv6=DpkR?s0b(&l3HAnoLHPXIE;``VP{m~U^L)#WSPCda`pD)!^_gF9o0l8Z0)e0 z?$hX!!|wXUc6y96II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#hfl^BNf#8W@@yniv_I7)OconjpAFQ3g$ns%WM#W0+!$rh=76 zz|GMKY6XZgbTRZaaA#uy+zDgp|Hq!yPXCl;p;PNNJW4TRa)!9mZ&2#o_~Ms{W= z29{4J&m7M*TI(KthbO(%s_$zb!`@E*RVr^4Gs6$&R-V|ct2QS)GkDsM3F}PC`dRnr z8t%8={LV;jXNB$gmV@)}doNBlNHpLFhMuf2BjbM-Rs&`rWxxj#;0Fl+qneS;Ko-R3 zV-aH!*;hNkM`E9GteeDrm+947XH9>&vKh#Oq?K7D48$5l&Iog?Z#w@jAa0X&`2H7J zhGMC~@yH2>*@MBrl}VxYtnZ)xTigt1bvlmqjsU%h52_^XA!%2^ZF$JMEhe06X;YT? bkgha#j|IFfF~2*r?lK;^csy8jV7(x=0T{}Lz1Q6Kgu$XnJ@(u%o7N&g3szcCegFSN_SyKPsxBQ MYOb&;8So4&j0`b literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-PublicKey-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-PublicKey-Wrong-Key.chip new file mode 100644 index 00000000000000..eb304458ec0a6e --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-PublicKey-Wrong-Key.chip @@ -0,0 +1,2 @@ +�� ����[���%��-h%-Ŝ���� C� ��@u��S�I\�hk�n��O�([*=5HIc��X���rIlE^�+�2>�����y +�^ \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Serial-Number-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Serial-Number-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..277e2552c3e964f8da0f17743026288bf7bb0ae7 GIT binary patch literal 251 zcmVhClwt4 z00000u=*Gz2LU7q0Wb+c1dVhf{EgU=YC5bBp^(l%Q$aj1LuBVmLr!iD6yaYK1npz< zkRY$E9EtB^{W#E^suncasU?B|4^}06ou^H_6*mes0Vx3(Bm!VC1Qg2+%Awe`3YH*{ z`iGFE#~Eg0exfi16wDI{uY%9+P+qb-SHI|LF&1T0Ul=e8K({W)m7PJTGE_ctZ1&4- z*5veGl#3<$r@LIti5Tx^ohLlG(DyD#I+>+9W*y77>3rXB{NPvvTxkqY18xEOh- BW0n8_ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Serial-Number-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Serial-Number-Missing-Key.chip new file mode 100644 index 00000000000000..56754d6e31a618 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Serial-Number-Missing-Key.chip @@ -0,0 +1 @@ +�t#��ؑj:����@SA<0Cd�KCNn �_�c� ����c�8М�4٩%�V%{��M�d�(*laÑֽ�m��Z�]��}��\vk��Z�& \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Algo-ECDSA-With-SHA1-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Algo-ECDSA-With-SHA1-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..413a2ad8c498e43b0618645ab036343ecf9d7190 GIT binary patch literal 262 zcmWeNVC2y0E;urEMU9~f6O%c!x(Fi!1H&mGkWgcJFD|XF#+tWvr;j{sEQm0^&AVhwp!pWhj;!94}$O?Vx&{`PAwBEx#_+ zNW5>W2ya=m^h?z1Q*Qs(-pFu2Yt*&hnl&#!y(?J!bnWViS!xv{YLH8LDYM^HNqd=XJ>=rIS`+J+n+te7kU9 zBfCt5>y}T^UGsK*U6!u9wdUHlv^gjGUPdurYW})PXxogo_7tnT7fTi=8zdU=voVLt z3NtePXJIv922uumAOU`m01Gg9*bHPrd_ER27Lm;R%N8^~NV7jVOQIB4HrbAaX{SV|~;4cL8ymti$)e$TAd54UR_&RAzSu0~aO*_dV&;Ru{EK0{2OF3b#-P#2X2 zvKSaP{E|>%XH?-}GT?M%+4tnetalu9Dz~!8i!96geH}Iao4oH3;SlbAw0U(f$8tYCb1qXxO-2b7rUU~PktuIZmHv2K zx%=r7r#r^h)=WNv4m%B4Ma~FwtZzF1E+B4`b@=`lS%zY%!SNCX+zwNkb|jb;_TIHy zk^R0+=K9j!z#mT{FW4k9dp?+B6|P+PbNAA$-AwDJ_#a8HoVvG3%uG;bWtl;H%*?MT KW!@ojaS{L*sbjtX literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Curve-Secp256k1-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Sig-Curve-Secp256k1-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..1c3c24b5924258596044c40daf6930cd194d4ac0 GIT binary patch literal 448 zcmXqLV%%fU#F(^znTe5!iNo%~Le5Ff9$5xlY#dr`9_MUXn3)We3>6II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#hfl^BNf#8W@@yniv_I7)OconjpAFQ3ft(W-w!zVT`7Nl}EtM z(Ftk+h%$6B2s031V+Xs7iII&}yOD)~i`j{RMLO{Ag4KWTY^^Wd%rx1^g*{yEvx)G9 zSjQ(pcI6Y=r&b@6aM`1?RVjN`)w)f>=Tv3G9>0v>il5V{x7*TM*wlX2;$(wF1AaE< zP+4I{#{Vp=2FyUpfDa_V4-x0{2OF3b#-P#2X2 zvKSaP{E|>%XH?-}G~je(`5BSzt<;}jklr1Z$Jz90Rv@#-53VIl{Lc)mS8YEdY~t{c zC)xRuoy6UiK8~y0BHK>fo%lVf+9yQ0;BI1HLFXHDE>lKLMhO+B1Opb4gsMHWRV@8` zz0#A|wq9mTx#CvPYrraUMwnxL)A@G+aht5e_rJ(86iW?`moVUVnABqPr6XKlXp7y> z$9WMOXRUh~RsXfu?VJ4CDX$Z9݄�� ��ݑ�Z{LT#p�a�p��O�6�Ip�z���2�'�tj��1/<����� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..3ccafff87fc6bbc1741ad2ea1ac10e0275fad3c7 GIT binary patch literal 268 zcmWeNVC2wx-?Bq@;%^HTCPs5+brD7e28L5WAfd+cUR+vTjWuuUP9JkNbzx?xgu19K zkj22T;g^~i1H;+X5-RMBDjbXkoQ^Cx9i7#}7CO9z8rh3-)C0d+va!xzn>Nu}dya^r zv#-xZQy;F1lr>AYEv|UwD0toH^N#v8x18Osm38TTK6OPdeStZbDWfK%gbGuF0gFh; zvHZIE_DRvAk+~0FbN0>6|D(3mfK}v-Fvt3)^X~%UHd%-7f01P6II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#hfl^BNf#8W@@yniv_I7)OconjpAFQ3i2nW-w!zVT`7Nl}EtM z(Ftk+h%$6BlrRuOat9j^hoh6T3s^~{fiN38*u_kYP^U99vNJm|u$;5W+#_<{{DIG> zs6-!yWuYp`?SA^%%QTvjEw(TSPhtglmQ<|fFC3P3?W7~16dHCk420{WZqd-$>75> za|QB?+*$X%%`7@;(rX|Ol2&E`y1zl>j4;Rgrt|Lt;x<`_?|+eHD3%%=j~w329t;Mq zOo|LYB)>Q^?Qs3F{mK@dGarQFZnsHjD~OwT>Dn6HD(GZ8&7_dh_j^}w)wcz6m;d&w ZJYm0j=g$;!Ze@?1_&yK zNX|V20SBQ(13~}<&OB+n6wf!{O!8V`OdzIJBx8q8Zx|Hdh}h-*!)@@>G&BH$*VkP< b!L}{9FrfTGlXbN3*b@5XYNN$o$5dTr+b=Ww literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Twice-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-CAT-Twice-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..d42b100e2d6941b6513cffd5f7133c1635ff57b8 GIT binary patch literal 274 zcmWeNVC1OWGpl<4lYLQE`3=F4$Kthe>y|}cx8f)Ixoj&Gl>cY%W33X9f zAd7)v!!I>40fw`y)x;!#q=X7PqY4M30jDEN&x`kBUpv&ZU3`LOOzre{3Kw5~OO09P z(chOV?DSmb@*NBgSytxS=-qh8+3AG1S~pwxd(PsjjsO0CTXuaOhn}`Mmnowrql5}m zf&q)jlpU=xN7Xmg@~oP(x9@}1u^Sah9}HMU&Iog?Z#w@jAa0X&`2H7JhGMC~@e&5y z4(d05l^nR^WAgLtbJ>p!OUuuFQRME`UUbARt*h5mn8s(I7zM(ow&~%XS D&A2ei literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..e14712408e95d1c8041946210588b90bd432f4bf GIT binary patch literal 255 zcmVo!N64!QR-BeYu-B~_cQQvTZ=byWV=@w6e z-4o9#hhN`Q^;yL6z~n>k{=eIJ^lr3~$)YzmHM3y9lf9lrlXmZ4Z`a6EFTGJ7x>xH2h3miNy8p8tMkbIz@=52JEU z)%gDp-(019r%hN>)8bpzHYP=e{|DF2`a1QzSi5poM$n?B_M>Z}4c0L=8YlnQWH^1- G>c;>Mca1jy literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Key.chip new file mode 100644 index 00000000000000..b22c2043ad026b --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Key.chip @@ -0,0 +1 @@ +��)e/���ϑ`�H���m�T܇a_���4~ٴ�ܺ+�� 5�<�,�J)C���3: ���Q2}��a���?P�5yI�^!c8���+�V�i��F� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-FabricId-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..47160ac0196299e3c0169ad2f2c6b606e8a9b8a7 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R(d1ehq}{U-1;%;No9Dj3i5l(SA-moow@<`6KSM7R{gv1_&yK zNX|V20SBQ(13~}os9dupK%$&=VQIk^@O!lZtH>E)j`dCF-vz{NvJT(>BFj)LH8@_vfZJg&ms^^I zmHnAV(c5@L4sF)9+~i_aCo0POb{<1VznJ)LgMZR{{kE-mU0s(K`o?Mfq}jhD_GUGF Ps8~6@zA^t*Gks&_@lu+SalypeDN-|cx zb0cVdh3g)e{>J>fq8#|EQr9jvQNN?G8aoCm0Y*(w=b0v;+o;ESR0Tjx5I(Gs)_)v1 D#R4rS literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..00f9710304ba43e3062a527c03b7db764b511ed7 GIT binary patch literal 252 zcmVQPBnJT`2mvq&K?GV=CCKOfBXWCgh{7*>Cr*&=jZm$>bj*b@9rNdK4XMP4 zaELskYRbumJu7Gey;Fj%V?VYPnCR`QUYK&N%?mdQH32CB7$gE6f<`X9r=de~g2e+aZq+>kw`A9V$f33}>xncFkkn_aNHcwFo!m)-5L?h80=O8& Cmtq$H literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Missing-Key.chip new file mode 100644 index 00000000000000..5d2b1c66d7bb4a --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Missing-Key.chip @@ -0,0 +1,2 @@ +ZU%���#r{n��/{'N��P��t̅1��p �Ĉp�<�j�Ɇ=+h�S��c?�����^�r�� ��g +D)�w!0�L��*h{�\b�� �G�u� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Twice-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Twice-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..75af369aaeef2a1944ce54ac93645dbb08fa92d1 GIT binary patch literal 272 zcmWeNVC3)*R=>gvp)Sk< zV~NTFSquyteo3gXGpcYf8gM$Y%v1i#aPF$v9@!6Pe*M$mcthH9xv~)BtN-i!c9>gC z*{!WCwD?}xwP$RzeEwg0@xF=oe%YZ#N~TMH2-+Ny+dA|9O>-_&MomTu6{Z9O7Lg>ZNRpg8?$NHx8?*igBS%>d`k!2{B8XPZS!0q5MyIuQ| z$9V~sy(8TTygDQqEY5PssChn PZ#IcN|Hr>z?KcSkxj$;8 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Twice-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-MatterId-Twice-Key.chip new file mode 100644 index 0000000000000000000000000000000000000000..9bc995b9364b72eb592366d36dd6c2808386eb60 GIT binary patch literal 97 zcmV-n0G|H@o+I@D&eb-&9q`Qh{x7lE8#$*V5&`P}ua3AkIF!39BNC(DcGl(wnoR%F z=HA~mJ>5j?^kwVB`9dwAA?gl-!zb`U_ea~&`UgsT_SINsA1CyC64#Oa7K Dl0Y#C literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Subject-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..72a19c0a34495b7ec83a55672f445c1c8ee1a6af GIT binary patch literal 239 zcmVC*yD@~BPp^`I9196;_%)jb7qP7iYnwzg6ViN4Z4CyNa_HiG_2bOBK+<`ggm z6wDI{uY%9+P+qb-SHI|LF&1T0Ul=e8K*|0F?A`38rBf5?xI8M>7Q$qAjEnEUl{QPBnJT`2mvq&K?ESC&#&glK>o={FFI0BzMQu1a&*}Uu&~&ue8qlE zheUoZV_x>GK2zR!2YsG5cS1%TAM=7{Ci6ugp6-<%YQQ%NH32CB7$gE7kyhE!g%jmQ){T$~QPxE$75alPlMm GoA(%&6=k;o literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..7e8062bec129336e20f21fb87815493de0140a38 GIT binary patch literal 439 zcmXqLV%%)d#2B%FnTe5!iGxo*%jrRaPNxAE8;4e#$2nUTW+nqALj?mlHZE;8Mi$1V zMKz2pJOa*+5NH4ah6aM-yha9w28O1FCPv04#!>PN1}O)=Oo|ngHl`f)V(&42T3cl zNEnDUh@27TSl@L1T|nF>>+tP_f;l}BXyXGQiZ-xu4HuPMZ z)YiCKIPm>D>9-8tKMvpE)ma5pGNXD~^TYdkzHx1H!^Q7zQm?q-#3U~JSj%j|{#oBk H&o2Z3ztM(? literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Key.chip new file mode 100644 index 00000000000000..e327f6371d32ef --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Key.chip @@ -0,0 +1 @@ + �ϯ��@��H/:RO����rt���ب|�~M�D~.c^��>S�x}�7wBF�f&�E ��j��ʌ߬#�H|gT�F+�an�2J�C�4_D b-� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-After-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..4db8862e35aedc51f3cda3c2029fc7d19223957a GIT binary patch literal 121 zcmV-<0EYiCcLD(c1Rxpe9?RhI;3KuSVoahoqi&->?_ATv>Ce_Bawcknm8zf$1_&yK zNX|V20SBQ(13~}LU>ODNX`(D@{3tIni zSwU%Y(9vH_Zee`iyvq397B0C^S}N6X`Jj)U%=9g0bMmX#*02A2rD<_<$#YTl_O3b! E0Ht+jEC2ui literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..e46e566cd52360172d4336816d2614bb5c48b403 GIT binary patch literal 439 zcmXqLV%%)d#2B%FnTe5!iK8Op-r_~-QW*wZY#dr`9_MUXn3)We3>6II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#ax5Gl=t=7#JEDni`rI8JieI8MvTnW5&>CjHZH>N5IX|32G*Y zGITMBG!SNE2Rns{5$YypMs{W=29|79IX3xhDZ%$z$FKao>K|t<^z)R-`6sJpe?IVd zw(jCiCo_p&xnpjoy0?BhyMKS)dR#T|C))(Yxo;kSyQ6!({Qu%)gG2*)*i#{K8WZd7%)M@(8VXL;7 GP7eSPj)PVJ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Key.chip new file mode 100644 index 00000000000000..838930ffbf7171 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Key.chip @@ -0,0 +1 @@ +gL5�B|�@�S�y_�V�a�ND��iq|0��c{�kq����΄n>F�c�%'f�C�oT�C^���S�o���+m~��oCfT��u�\ \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Not-Before-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..d80a57add7eddc6835b6701867422899094bc928 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R(N}$Mg*C)Jlk?&MmA@RR8Di*@3lC0p~ql|LDcaYF3~M1_&yK zNX|V20SBQ(13~}LN*wU9>zvB bE!z1*NB8H2$0bqu29P10?Bn*_E!TJd439bN literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..cbc5c442598dd6c6a6cd238c5878e1d420919f5b GIT binary patch literal 262 zcmV+h0r~zFFaZc2n#77Dc+U(Z0s%JzClmny007F$%E}lf1a7stOeO{I7aJ!x1}75( z0002W%F4_f zp~bkAa(|+!i{GorbW;$d#ThvQGao9lZfgR?8lNsA9&pYmw^R%;HwrZYDFGNH0$?x% z6!M3jv$4I8^Cr>V-VDg!fQVfL#V`dF%o7N&g3sMpN3Xb759S+iv2kd%d7QIlVP-N=GE^{-W8>0hV`O1$ zT2#Zx!Xx192!RF=U}zvG&TC>|Xkch+Xkuh+ViYCLYlPq$M;W-FnZb-JIGx)zq|6d;tQYcRTb+s?>&zH8~@O1j(y2H!6NM{(WhF-Y z#y#Gpel2qTlqTtdjoCXcaTp43;$6w4$gp1ER_;}X`Q}wyS#;jKYF@YCM8xN+75S^z M{cN1=GEc?{0LsUSasU7T literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Key.chip new file mode 100644 index 0000000000000000000000000000000000000000..e896a4619bf04e14cdb5eab3b893d8aa6e0d40f7 GIT binary patch literal 97 zcmV-n0G|H@gb=PK*aD6LgX!!Y)E2qm(@g*l4c>_fp~bkAa(|+!i{GorbW;$d#ThvQ zGao9lZfgR?8lNsA9&pYmw^R%;BVL)&GK{BOGx_IT(hG|ge772s0F5ljVWWyHw`PA# DAZ;oZ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-ICAC-Validity-Wrong-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..a8b939a29585b33b806bd20469586a198fd46ed7 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R!pTT2OVoX)q`WjhYcmY40M>`2??vTTWcZp}gJ5h!vm;1_&yK zNX|V20SBQ(13~}rD1jYZ(*9H0kH&o1z(+A0^4J1h`ETaE3_eG|` b3vr)|dB-8>Ot*S?uPNT+U;SUJkHs&Ff$pr7%CXZv2kg$F|sf= zEvjK;<`Hmqgg^rbFhNtn$|K-gLuGzVs9`|0P$5pd@%zNHV$Brv9hu=Gr?Jm2C^U( zd@N!tBD0<;|EhR$V0)-=Y2~iYo}H6_ZjdpM2T3clNEnDUh&+6rmtNi~d%Z+#?_JY3 zHo`UTns<;RhS`(Bz>P_f;iLJ1+!uR(+1k1Je5)?{_{^bn?{mS%89xof3PfKwe2@ex ndA05N(gt>hs}fAz3%zpBPH>#GOK*wHi9pUehr^d%KJNqoHqMj$ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Cert-Version-V2-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Cert-Version-V2-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..7e2603377562b83b12dc41113afab9cce3281e8c GIT binary patch literal 121 zcmV-<0EYiCcLD(c1RyG~bm^hRj%cL}Pqd2&$LTG5@4wQC!6Y&nq=a_&C-k5S1_&yK zNX|V20SBQ(13~}rNkY zHg!Qp21bT^K!Bt~g`H7_gVBJ~k;P3ozWQs5j*;ohlO6HC8_o2bC#fsH6qa;Tm^M2?K72 z#MZ=3=7IZ#7^)T(&%ZDuiGd^NqO@9Mb)V1Cs}{w2E}wVi%~Gya^x3)Y#ncln+*y++ UBxL`(QTo^Jx@XhxvNhro053^qn*aa+ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..9f8bf27aa0284ca806bbaff26110f6c0648a02b3 GIT binary patch literal 516 zcmXqLVq!38VqCU>nTe5!iG$tyvTxGTb{PXMHV&;ek8`#x%uEI@h6)C9Y+TxGj4X^z zi)t8|c?6stA6}wW@87toQV|$@{*8ygMk z4S3j?LuG{-8UM2|888^|fq48N9x$BP8w?acd{q!%%s_;V0~lhgtnAE8a2BJ1EJy_( zix`VYd*#8#zx_v;Z@)2|%#a?tzNK=;NnkJorIlI44MZD+A3o1ZFK?B-ULv;luIU>a z;Tm^MJq^u&uGk-Y^o@a?*JyrY{0DY10DQ@jG5`Po literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Key.chip new file mode 100644 index 00000000000000..e71c0cb4fb6b65 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Key.chip @@ -0,0 +1,2 @@ +F_{�d,25�Ɉ_M�6.C�'#��լ]�������9[q�}I�Z+��!b$q�Ƚ�o(��H�1�����0~����x� +�A�p���2�D�� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Length-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..ef10af5ffd29c8600a65708abec531c5efe52e2d GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R%ESklo{-Y2M^dQTp{!7e&WAZYC^7d@a5-w}knQikiYGTS literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..f9d1e4ce662d3c996997114a32647938a0d8fcbb GIT binary patch literal 256 zcmWeNVC3MId(8iZVKcJ|6Qen^x-bg^1H&mGP#2X2vKSaP{E|>(c`q)luEv_Tb*GOx zo4Oz)10%ydAV5;0!p^9|!Dztg$RcxN#Xix;6SYMvR7{1w7QXQ4PyD{StH?w*_{yD^ zvrN$w|;$Pcico-%T2<7+u?M<#`W?NQ`}!yiLF^0@NZGxwuypr y#~o6kyg|6#=^^WGG;$Trd`-7(9IfWHQRed*;7aUhY|o*h+dHZ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Missing-Key.chip new file mode 100644 index 00000000000000..43a0f06e514aad --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-AKID-Missing-Key.chip @@ -0,0 +1,2 @@ +ب��+x$5�q�H�a���r4-S���ee@� +��(4qa\����QS�����⬆�ȡ�O�/Ҍ+ϥ�UhO���;�� R�M��� ��V� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..0dceec5cc8139ab9b1a0719745c909263db6081c GIT binary patch literal 277 zcmWeNVB}!DusNsKB#KRiiP4-{U6_S|f#DPosEf)1Squyteo3gYycd^NS7XiFy3@y; zO@i>DwCfrOstvsdvZ8e?`e5Wi)w`> zVVgUdLSC09wBPEwl)JXJSjgR&>Cy6OZ%kWvDXAy&%>KXOt~r+}qXf_`X3Q*1EQ}Hc zEFwXDwlk-0nutRfGe=cSjo%3d!K+k4majg4@PyXGAU18xV$ zCOK9Q&ai#g7d_>y4t%~araHOqP5GmB+@I$cSlW4PO76YAF8-NXFKhOx*G(I0?rkW# T^`SJ)VM5p5hD>qk8Oag=xw>hV literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..ba428a3db4d994e9277017deaebf9bafefb8ae7a GIT binary patch literal 522 zcmXqLVq!CBVqCp|nTe5!i9=-9e4Rxz-<&YuV&l+i^EhYA!pvmgVyIvs$Ht}2#>m3h zw5W!WnMc6c5dsY$zywVNE02JiqZ3pTL>amm$cghB85kNEni`rI8JieKiSwEuxJFSJ zwlMMtxVS5l%VJ68iUQK;oQf#&yCC6SsGK zTkv#x(UL{ECyUS4#+Xj%DgAhE%G{_$tszZokMcD~1(>hBv?Sa0i$?P8;FT)`7dN&U zG&URXvoVLt3NtePXJIt}h8cqaA4q^7BmfL6_67q55MLF<7c&rH;{b*lD=RxQ6P(3p zAPZ8#$0Eiea-#bBl{a_nwp}z{X>7guY1rkpnqda=AZcY52?MbPk%!Oo(#uxG^a*^lZGZ`S!KW^e>wGeI7F~9yyRNyJ=!Yxy0Ekm5Y0> r+?fefa(~@XkC(qLZ8mM3lil_A=KSo!XMY|R8}ulCIT*sB)xHt{-a?wH literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Key.chip new file mode 100644 index 00000000000000..ffe6900247423e --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Key.chip @@ -0,0 +1,2 @@ +�������2�$��a|���W +��)8{ �V��T�u`�ڊ�m�}sG3⧖�5��"'a ���ݡ��W��;����m7X��J�c��u�Z�> \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..f1c1602cdd7c10832da4bb42dc4bde2079cc780c GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R!rzBXgO0$ZH~I2b2zJ8CDF4p-0PBg>lO&X*_q%05hNp1_&yK zNX|V20SBQ(13~}<6J*Z>RsGdaVVssTeiML^w}|$j<(G1#qHW1@&3#-okc@Tl&Xk>6 bqJ>m~t;G(5T2MEw(xhue^eAK7Q>myCfy6Rp literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-CA-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..f8a7f31eb864ef2a5fae7176ac12ba478f750a8b GIT binary patch literal 279 zcmWeNVB|19cs#&tdeT7^CPs5+bzv3;28L5Wpe`y4WHB&o_$8sn@?Kn8U5zzw>rNkY zHg!Qp21bT^K!Bt~g`H7_gVBJ~k>$g_(tlRR=AQa?vF87Bmi3+2nnkz0nWVLQ`>c13 zJWH5spGFvWmG-UKG-onX)3g0Wx8L)-&-xTEcJtH@WrgRSF0$rari_}55Kd-kmOD#~@sqUopstH{IWdFkb?ve!$*_TDvpVmetqb7ws<9%SeFBAolJkHs&Ff$pr7%CXZv2kg$F|sf= zEvjK;<`Hmqgg^rbFhNtn$|K?R=Ii@=EwsLqWUxU+d1e>-^!NALiYV5so>wndKel;(CKx z15P&PP+4IXCIbcoJ`j_ik?}tZFpSt63=}|oRS;jyK!lA07+S2X?95DX7NdbINCh8@ z7>mfBvnvbFXj_^{Md-18-x=Z(>Na7TfjmfBnMJ}ttU=`A^St!(R@v(%VtenJzOfOm zao4d{bQQb;-V j!-3(Q7@LOu=0b-Z(_MQNqBp;=3F|O=e)Ni?%zRk@;YN*j literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Critical-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Critical-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..cfe4918e7cf36848058d88d1b1812518c6cc6d0d GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R#joXG{%K;g+KGNW|eyOD88xmgrGMoN=jC5Z!N9FhQUS1_&yK zNX|V20SBQ(13~}<_o?s;5B))@ZpOOGSRVR;EC;dB#Ue^y-Rq&qJ91~o|vjpx5kRmi1 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Critical-Wrong-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Critical-Wrong-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..a29779078f922e86a3356e343d9d4e0834a4f942 GIT binary patch literal 513 zcmXqLV*G2+#JG3?GZP~d6Nh%gJzm{uGt&*Y*f_M>JkHs&Ff$pr7%CXZv2kg$F|sf= zEvjK;<`Hmqgg^rbFhNtn$|K>dFl-epx1!f< b@D8{IF&nI3(wTQR3^_p3Vn+3rpcl$0#Pl-* literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..69bd1bce614bd8420346ea9d575bb85297148d67 GIT binary patch literal 274 zcmWeNVB}zUP`Fxs)zW4aCPs5+bzv3;28L5Wpe`y4WHB&o_$8sn@?Kn8U5zzw>rNkY zHg!Qp21bT^K!Bt~g`H7_gVBJ~ktHKVCe*L1Y;(z1k3a)8pSO<=e>!g1aG34!jhinH zX&ec#`}#-x?21UcY{kH5(~Y||O9ch0R!5)tp&xzg>`|TGCFWc}hnO+5FtIR77_f+J zS}fK3N47t3p8F}@{0W9yvX@kj8L)~xe4dwH-YR>&L~QR}(>FH4HSU^sBn-G6#y zxvaUhaOt1wGt*~YEW6}=BcYMkuE$QEC&y>ga-$HNuG4#k568&}AOCfHp2O1io*?gqxXXBmh+eY>fZ_ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Missing-Key.chip new file mode 100644 index 00000000000000..ee6d988569059b --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-Missing-Key.chip @@ -0,0 +1 @@ +hdUN�v�t�HQ0&L�����1�������(�P>��ͨY>k!Q�3�)uz�[��/[���,������l���h�k@�2Y�K��S��܀�Y \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..d5387e839e7a4d9014c7a74624a13a05bbd6086c GIT binary patch literal 279 zcmWeNVC3L#Q*Y}nh76ZeEUlM98@5QCn)mZbk?({Kd zQx{}pU}U%l1V~C$*cnwg7!5cbS(>)@*VgpSG3dXS?s2MQ?K9gAd+a?9eV5uM$2Q{* zk7&G>*uGCQV?M|2DYsHuTjo?$DGTQQG-ze=o&L-7A6)( z2?G|98NnsS@9S5;t4clZZN|pP@ZyEZb^}(ChtKoU%Uflymx%4XYx>4UxW--cj)VcX z!_L(7>nBWAJii6^Jf3ReG-;CNtvzO+E}wfkBUb83^{=P$CUTZjHcIcFDR5Z(XY_xm Wb30Vpwn`^3pHZLUq1)tSB>?~o{Ao)7 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..6ca096b6a9c7857bacc19e39e4311245365a76db GIT binary patch literal 520 zcmXqLVq!69VqCp|nTe5!i6e8h3iCZl&OQS!HV&;ek8`#x%uEI@h6)C9Y+TxGj4X^z zi)t8|c?6stA6}wW@87toQV_@pTOSymaftvu$z#iyPYv z8k-IH*_cCRg&7(Dv#=U~!pwjVB)|_60EQKNgMk8wuL|Oe8HliP07H$Hm7SRh&SEr> z1*za;5n~Z~aemW9k!= LXrt{J&+!!t;SOMF#R9X=N4(1F;5?htKoU%Uflymx%4X zYx>4UxW--c4szTuyE7QLFey~MW;qhR@!E;_@4NHAr1zeFvnKSpoaUs@`y`peBK#`( om=tWMuDcm#WmTa0=X&eOX_M`raa8kM`yx^{_u1*s=LBLk0MI>|a{vGU literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Key.chip new file mode 100644 index 00000000000000..d29cd462c257bc --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Key.chip @@ -0,0 +1 @@ +���}|��0��gH�t��=��?H����� _*��\�^�w:"�vB{~��0�*��A�j5�����i��+C�\/Tq>=E�Q�?�##�R���� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-Basic-PathLen-Presence-Wrong-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..5d8819ec6f67b12466ac46795b73f1294c4e0066 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R&PfRB)O>s)C_AE(c`q)luEv_Tb*GOx zo4Oz)10%ydAV5;0!p^9|!Dztg$g=6l$8*2_WM1()(q!4X=uC2ChX>2H7tIoPRjh^8 z-@gAN92hNSE6U21WG?#o#oZ4lW11YBAKy{&H`&bXUUWn`$DGTQQG-ze=o&L-7A6)( z2?G`p8<8XYJ8$OB?Ov@>^kjdY%`@-4u?DOn51;3ym$%AZFA>{&*Yu5zaE-g>9SH+& z2VdEoSC&%VFZ22N1B=6m3h zw5W!WnMc6c5dsY$zywVNE02JiqZ3pTL>amm$cghB85kNEni`rI8JieKiSwEuxJFSJ zwlMMtxVS`H&VB_~wRb|MD9jLoR0S57Jt; ziIXK*?vY3Lq}R{cnpa+ZTFJw&{c`RX;l2%@O|M={Xj)>F=D%p_+|~D!k}}U2Ev`4H zHQ-@m4wV&VWc<&1*za; z5n~a#^TY0{?AnrAPoAqCM&A+~{Id=y8pwmBm02VV#2Q2%KF>=pZ-VBI(MJYSw_Iw9wz^H7D`9NDt?WxWQ;!sb3h!hl1)I9V jA>Mn>*QzG*Ja{rET5jph%v0O0-c%5J*j{w|z1u7Rf0B`) literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Critical-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Critical-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..9f2d3ca8ced40451b0cfaa8d8448d759e4ea619b GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R$+ix@fYJH~M;i9=v)G@5A1l`6&Z3Ch-5OxJupDO_iVu1_&yK zNX|V20SBQ(13~}<@Mc<3?ASGrr`YjS(P_U@DyFgt1XCX3NQ;u|=LUnR)#Z5%4=d@N b^b?M-^EK7hV1lGFW>2D(ovYtsVrk4WyVN*| literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Critical-Wrong-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Critical-Wrong-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..5017cc1f8af839e543e6a582b6d6f272cce39943 GIT binary patch literal 513 zcmXqLV*G2+#JG3?GZP~d6NhThVxc$O4&?@1Y#dr`9_MUXn3)V*3>6II*toRW7+Dyb z7S%8^^9VRQLZATzn4qa(dmbb?BPC_@(mIdNVi149EtQ$rIYV-w>jab6Py*C-0Z z7DgTc7gq=b834jW*b-?V%*GCOITIt)3(Sn{%uWm}?%O9Yec#LHc{(%2@U7_nMy*+? zI=p>br`bkLda>K`@`it3S2X++oU%Ll^g6fG7Vc(?f24hQ7Bq2%aMBS+x$uUf#q|cY z20U!cp|Zk^jQ?4f3>XZ!K|FpIU>LDC7$|@^svs#b0}(b3U}&+jvNJQmS&RmpXa5Qx5{2G5!-v$^o@;h zjl1R@JuYNTe literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..b0efb5d8387278cb0b08ae10a3910daa421ae62e GIT binary patch literal 279 zcmWeNVB|=A^J91IER`!NOpNBt>cT7x3=F4$KwVT8$YNmF@Jm9C<-NGHx*BWV)}21) zZ0drH42%r-fB;E}3Ol0;2crR}Bg?sa4Zo&NtX(26_w_0BEIy~c%)RtL zXU9($Yo7&2vTUWZbtc}?2{qiL@%L!JJ?^~%F~!>^-w8@*ykO2{%BaC8p~9qS#>~RR z!YED6jgX|7Hubr=>AT002Hbac}?t literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip new file mode 100644 index 00000000000000..6d65ea75571bdd --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-KeyCertSign-Wrong-Key.chip @@ -0,0 +1,2 @@ +�ހ���}����B��e�gm��� �����D;L��j=k,��,U1�(��P� �\s���Rg��1��_A ��S,O�1D��K}�^ +Q��#�I \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..ff07c1500ed059c0199fcfec6c08686cddd3bb1e GIT binary patch literal 276 zcmWeNVC1OU<#>~RR!YEW*V;HN$;R3p&4QKPz7?q5f}%#>{>KtRO$R3J%e*8306A=G2LJ#7 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Missing-Key.chip new file mode 100644 index 00000000000000..d3253abb7e5ba7 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-KeyUsage-Missing-Key.chip @@ -0,0 +1 @@ +�.�nѲlul�]{��k�fb��'�R�I��%kX�}b �Zȱ���S�P�3!n�z^���������j�SnJ�g{E� �${1a�oQ�鼐g \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..0e93c50bf18f3db7e6c324c2bd484a63062c6820 GIT binary patch literal 278 zcmWeNVB`?f^8Hm{B;ujM#Awc}F3iHfz;Fr()J0{1ECz-Rza-RH-iu4CtFh*7-RWb_ zrY^|Hz{qe92#}PhursP~FdA?=vOHb(zD4|)^jA+!vHVtpWnUH*Z3s$CwfghC`Srwp z-^SFt?*zYjc75OF@M~QcQ(M%^6D^tF)U|nzz4KMfNq^^CYtCiLsKF=!bd4D^3lj^Y zgaM22N9`E7yFN_(jeF!?D9DS3PWJaRU=?}zJTJYxRrY#`*xtLQZ)}8X+%@k=7;rmu z-dUO;peJ$v_3Msz6Z-!}-z%E9K)?4>#W|w`%;i!w_tGYq8qRZBb5dkem7K@+1?Ob4 U0hV`O1$ zT2#Zx%p>6J2!RF=V1lNCl}EtM(FrOEq6}RO>gVN0ZeFdIAAcE91eD_0L4F2c5 z5tm&*m0Ng1Pon!jCxO}f1*E5Q?1}mlY3+OJchBh!a>-(sQ?8t37Wwv&fBE8DiyIpa z>J50sml?=|WR+PY48$5l9zM@YFK?B-ULv;luIU>a z;Tm_%JIK+(?9O1|!lV$Hyd;9H5I<=nTL}suu&%@*W4<;z7{IO`Qk!hL%02m9B(f|Me literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Key.chip new file mode 100644 index 00000000000000..c368e01f5b919b --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Key.chip @@ -0,0 +1 @@ +����I)o�0���r�Rae:��둏M�e���I���@����Z�Ȅi�'+ ��M!lg�M}���J4�qF#0pI)`Q�<%�����T��"X \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Length-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..2a342cda09e3f1317f1b575b17e2cea0726422b0 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1Ryjk;&KtC9H?(NyBtZ$=$|?tU141Se%DSx^5Ll>)`y@91_&yK zNX|V20SBQ(13~}9q%KMDVupVO;(`3}i0~Ge*52vHr_ir+% literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..b7939205f20c6768da5db52494504000c8a09394 GIT binary patch literal 256 zcmWeNVC2yAc_%r4(OOp(CPs5+bzv3;28L5Wpe`y4WHB&o_$8sn@?Kn8U5zzw>rNkY zHg!Qp21bT^K!Bt~g`H7_gVBJ~k>$gI@Y>*Wnhvc+FLT_V&!|}TMdDo>bIIQ#`Kguy z8<}pgl%3E1a%%F##wV-9qpa;#MVt>iaiL8%W%Hbrd8-3c514bAGHNhN09|9o%)-RN zC}F@V^6+_HdU>nt^%AkYcTL~e2-mo4-jOiic1THCox-I$`$oem_GMiR?+Tv#3$5g| yVC9`I`qyvD>{qseR)tlKr{^pF)O;ElHSNdZjPEC&KkGkyYpbG5S(h$jq67e27+_Zb literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Missing-Key.chip new file mode 100644 index 00000000000000..cb49243dd1883b --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Ext-SKID-Missing-Key.chip @@ -0,0 +1,2 @@ +��W}S�)@�r�lG�x���t�r�9��v�k�ʓ���Z;>�X�V�Іd��d��Qe�=��5�Y�����r +Z�cq�n'tD�����! \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Issuer-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Issuer-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..1c09635478ed6ce9e64e69c6831851ba2bc9abae GIT binary patch literal 256 zcmV+b0ssCLFaZc}fPCnzd*?eO0s$rj?-v^n&(h;{e3N-;J0T?6#0X72!0t5jVFa#8TT4>OI zuRMjX$buj+Ko5DC6^`#P1r*`uZfAFe9oKXgz1=nJJQI9JDcl$^3qX6OgN=rL&9Gco zb8(QL3g|dkZe?LuAPU%~R3Vij>whHTrNkY zHg!Qp21bT^K!8x9!|33gpPQSXr{I^Eo2n38nv|8AT%zFOr{GvpQk0ogT9T@emS3b$ zl98(5UzS=_oLQBs;967!6beZ#E=f)-P8}RZNT{$gs&FtGa5}OW=rK)C?OrCjZ0W-j z*_Sqa)IH`jp;n_pQP^Pq@uU}9>seo{&yVK`6!CCKxwF)9?uwJr`=5MqYRk6>%ar|G z{V~^^%al=rQ34pOX3Q*1EQ}HcEFz&xV+%vka^tRfGe=cSjo z%3d!K+k4majg4@PyXGAU18#>2d$-+xbTevm&v(w-rc2y2cl_;3us8Z=X(al8#j&G{ pYtue*hfiMqw{_EjAB(MbpI>*oe#7*3t4~`kWG+l!Ap5FA0svBGw{idg literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Oversized-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Oversized-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..7946c671b74be86acff6c82345cb4aa73decef0b GIT binary patch literal 744 zcmXqLVtQiG#MHfjnTe5!iGx`?DJtKS|DgdF8;4e#$2nUTW+np{Lj?mlHZE;8Mi$1V zMKz4fJOa*+5NH4aCTJ>Hc?8@XouHB+%Fx9?PMp`sz|g?Z)X>Dp*u*$WoYw@wHHtE5 zVpK&lg^@?V#T5cUMu0Gy3M}>*dK$R1F^94+^Ef!?=jP_;DflJkrYZ!NCS|22mngXS zDL9st6lErrmZU1AG^Rf;mHH#Y_#iKnna^g< zq3{(CQi{ayzulp_x%B9q?Z;FlB_(I?*SbGrabvSVV}k(?F#KeN85#exFc~ly@PT;z zARaI+us0YefcUB)zL?2}>engtQ0$IIsW^w|N$xMh>@e0HmM_1_&yK zNX|V20SBQ(13~}<<=~LPzritxK?&8g6M|97azj8248*J`m*aIB{2T$`ZfOG!Je(c`q)luEv_Tb*GOx zo4Oz)10%ydAV5;0!p^9|!Dztg$P#AY(>G;S6ZZux`HkNrMEEo_^!>dY)}GKU*(c>T z{eX-9q%olu?6G0_YkuW)>zEMhOEJ5#RmV(kco( z57x&`o2$eB_^-KN!5jltk%!Oo(#uoroyS(>vh6ZHzgz6-qGVI6+x=Ibb%&XH_vfxW8m*kC6~Fw& KOy_0C%_RUnXl0B5 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Serial-Number-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Serial-Number-Missing-Key.chip new file mode 100644 index 00000000000000..3f2cb2a2f3095f --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Serial-Number-Missing-Key.chip @@ -0,0 +1 @@ +�B�� �ŎDW�?�;�^%4[Ë��wF��UZ��PPrƭu����r�s�"��֒���Z��ݐm��`ߝ����x��1?�0��뢶�\ \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Algo-ECDSA-With-SHA1-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Algo-ECDSA-With-SHA1-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..1878d928f4f4eecb39c4d5ad635de0965960fdce GIT binary patch literal 279 zcmWeNVB`q--80$PFg9I(>9X(|7w+(@0aaPoR-<{b$G zZU>FI6E4TE_1`h=r9Xp4!y?h@NLx4KcD2A)vzOW~mf-lirC7h%(caW(+jj*99*6TM W-zw##nJD%sMSgHFc&~SCf&>7G$7nqO literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Algo-ECDSA-With-SHA1-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Algo-ECDSA-With-SHA1-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..ee2596f5ee8a7057ff9f5518cb9e55e8a4daf21d GIT binary patch literal 517 zcmXqLVq!FCVqCs}nTe5!iK8mlLjyxoLlYxo6XPgxUK0e@CkaBxZ%-_nzjm-v) z4F)`H%%QTvjEw(Tm<$*U_&_{<5RZkKiM_!<0mN4Y@x=^8*f@Ye#>&dh%mimK8pwiF z@Ue)oi1P_f;Ubp+`#tN1q6NF6CUIIieR$C>r_Ggz)A96&|3H m_pUD3dbW}1GscbPywq0NpcP=U;RhV5|E$@1_&yK zNX|V20SBQ(13~};-Z*I=P+$){4cx^k>8ahTHs{cyj=ZxFWfPr literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Curve-Secp256k1-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Curve-Secp256k1-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..d1df822de187facc169abf37ca200d2c97f2bcea GIT binary patch literal 279 zcmWeNVC0ApkB)DB^}Sn#iP4-{U6_S|f#DPosEf)1Squyteo3gYycd^NS7XiFy3@y; zOaW3ww|IeRGej2cfJba#)UfwEuy+my9UDG!R}frVY}7qc8wRDw4s_gsXQSnNM?Ro6m=Z Vk4`0D+?nN(wZ%Z{^v^YO??U literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Curve-Secp256k1-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Sig-Curve-Secp256k1-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..98a88067f571bbf0f70f290f38b6b96cab5d8dab GIT binary patch literal 515 zcmXqLV*GE=#JF?;GZP~d6NjqJ@9ARurdu0uv2kd%d7QIlVP-OLF;p;+W8>0hV`O1$ zT2#Zx%p>6J2!RF=V1lNCl}EtM(FrOEq6}RO>gVM~~S02@2lu+P~22vwE}y` zlod_-;%(0UkDo88cP{*V@4G_%&U=5}`8q$HaXD$OyTI~^{*v!m%bi!9Pm(ES=vv&^ zY|z+Xz{AEIDl5#$_@9NzfWd$d#N!9?fT6_RV4wivtAhAq1|n=6!0=*aWoKrBvltCz zK`QuI#8^a@{=aiVdRnQ>X{Fokk7oQdn9suW#Xue;t;`}}Al4xA@OfT(d8_R860yB^ zP2boE*SKrmL5>w>4+aBQCWUAR_tTnO`}t3nZ0xzaD&TQyBm2(l(%9q<=$k^WOI$f4ScL?oC7G YnA2jNM-ZoxPZ{q8cSEYrVjOb-imlExQUCw| literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Signature-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Signature-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..5a0205cc2080431c30f00b11980ff51c2ab84b7c GIT binary patch literal 279 zcmWeNVB}!$J$5HO{OuDJCPs5+bzv3;28L5Wpe`y4WHB&o_$8sn@?Kn8U5zzw>rNkY zHg!Qp21bT^K!Bt~g`H7_gVBJ~k;T@Et9wbFgw~lLy{${mmAYMAW*;;Cyg=v9{n>eI zU+vjxcI&Ej`!DVb8+An&FMM^-<{b$G zZifcvw-M7APu(c_5_9MGrBzoArq|rNz?7uWC6F$rrJ!(Z{>P1zwQcrodLUb(bSXf! X;QcJavpzaWGn8MPz96JkXdnRqUteun literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Signature-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Signature-Wrong-Key.chip new file mode 100644 index 0000000000000000000000000000000000000000..ff94cd5f0e6b06dbd9e9a9e679be8ae57c716d73 GIT binary patch literal 97 zcmV-n0G|H@Jvs`Dq;420%u+73q|S9l(WXCKm(LK1xxZ^}t?InFHrmxYhx!Z9u`Ly& zq3X#(D}n!be{Gjij?;hpx~fj*a$^{Hv%N#Vx6R|J$tnc{yEHd?4ghA10d^)T5hcWj DG*2$x literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..42756bfe0fc562c3b8a1cb0da89f5c0efcb99f40 GIT binary patch literal 285 zcmWeNVC0C}b3^d!l9}68m>A8O)rDCY7#L0gfx4(Hkj22T;g^IO%X@KYbv4$!tvh|p z+0+FY85kMv0RcjZnivDa+0_y%?2IZLj0T*JEd5&Y{<%i~e5^i1u37kef4uc3zwkug zSSP+O$-Cp;9ThEn$8mRNjGcUi|2+w-e*)8db^UEVU2!?O+38D-w$ti2=3J(X8jKP^ zH<>ZBFtIR77_f-E=k7_#o>p(xre3sHDEq~##05uH4Om4UKF>=pZUawmwS4xTjfa`qkq)V(uKJGKsaJG1CsXbeyZN{J+$O!SRWw c_bi279?`OwLR7=JeBLh2iE=++cx{0M0DF*V3jhEB literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..f29c26d64a26044df2fd332b470f46be069b52da GIT binary patch literal 544 zcmXqLVv;dvVm!2fnTe5!i6isZC0>z}+pimNv2kd%d7QIlVP-OLF;p;+W8>0hV`O1$ zT2#Zx%p>6J2!RF=V1lNCl}EtM(FrOEq6}RON#dcc4j9A zmX!KuEbMNYQ|F(RnLk@&_427}y@C=8uGxhDje6#HZq~aCx^>A_-bL@e7ay0uR??QA zvUBG1pSG)9D=J&(-#g(xZ*gO@L1Tjf4;yo+tS}?ve-Dt3*UX?LL ztc}|Gx&4(0^L2-P9~{5PyeXDtQV?BZb9#2kCvDFueor6q-<4y^30*pEzRyG1d{M)= H4DR^=hme|D literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Key.chip new file mode 100644 index 00000000000000..4c697c6ec0eb64 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Key.chip @@ -0,0 +1 @@ +�*Om2�L:�Y���_;�NWaM]B�c�^��q�ݙ\>xO�:��M-O<��DųB�|+B�찬��ƳM��[$D�;��v��i�b��4��� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..cf480303ad61a2ef421916ded1a40244f72e70f4 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R!58nO(}jMTYaB#W^6-8Dwd!M1_&yK zNX|V20SBQ(13~}#)BH6Qen^x-bg^1H&mGP#2X2vKSaP{E|>(c`q)luEv_Tb*GOx zo4Oz)10%ydAV4Tl6BA%KyIM_50!T`zursP~FdA?=vc!IxK5N6i$-4~h9Ql=9H}|G% zhwSmq9G_D^a^KCns8aAg`F@=18vfn(I=;DW)47R{q_0r%XAAUAL8m?Gw-MX@*Mtlcy_OKlxr_q0pqv>c*@iye}QY iyM1=&JE)5pF8L-c{Lg43;}@CVtMz&7zl%uONdN%1$7w47 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Twice-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Twice-Key.chip new file mode 100644 index 00000000000000..1ffcdfeb29ce52 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-CAT-Twice-Key.chip @@ -0,0 +1,2 @@ +]򗚰���0���k~��E�dz�e� �n�$p�c�^E��?,Mm�� +bsLJ;l�T�/����ݖM"SG���'�1IS8ّ��H �c��� � \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..a6f477efc1eb554d94b57930e3a01e75716bee05 GIT binary patch literal 272 zcmV+r0q_15FaZb`e(Aq|bx&X<0s%JzCldq!007F$%E~7d9RL6T006N17$yYo7aJ!g z1#Y#uOg9E65di=J0N&o--Xs+O7$gS)BnSa82|)z#QyQ+%ppsZ;wATT{6`2j^Es?_( zKAl^iB1F5OJ)64`3QSBj(09bB;vUU^g%x)*aYzE>cH5Ur;Jx0-b$9kR3N-;J0T?6# z0X72!0t5jVFa#7r_?y@oPnQF`D7PI3x6)^#D`TcG1r*`uZfAFe9oKXgz1=nJJQI9J zDcl$^3qZ1>K#*#(5w&i8sr>%~kG6XFgkURzhf&p$E#YzweuOF(5pxD)dbq6yy7O^$ Wy(-wAP)*P@ai%J|S93c2*|Hd@oM-m{ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..a29d345ef82802aa8b78de0bf6d126d4d50c8904 GIT binary patch literal 518 zcmXqLVq!9AVqCF+nTe5!i9^!lghEG8>Kg+tHV&;ek8`#x%uEI@h6)C9Y+TxGj4X^z zi)t8|c?6stA)`fJg&jHg>SfnHZs7U}j`zc4AoH4f1wx)`)T>d8FQ7BHEVSb{y4k1 zvDu)p!GMR2IaF4dk?}tZlL3PPABe{f;sFDSy}>{M#8(CJ#SBE)IDkRM%F52n1ZOcC z$bwYxv52vVG&|NG>6(5?a?0XWJKszQ`S(P=n#({QB(2OMVIbBZ^6+_HdU>nt^%AkY zcTL~e2-mo4-a(ESW)B7fS0+V8k18=9wK~JCjVV*?kWSkkNF{Q-5)@(B$vw6SsrjUjqPD(2_I& literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Key.chip new file mode 100644 index 00000000000000..0736f6c71c13ae --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Key.chip @@ -0,0 +1,2 @@ +�S�Ϡ�Xg���� �-��>�[�"D��=�� +LL5�wĨ���w3qH�vۗK���uw�2}�II��@L��6b���~�3+ҁ�cc�v��3 \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..db7a596effe8910902a659dcfcabe72164d4fa8d GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R!`*L9^97%lmB$v2^ZbrYX@wO1^> bP1br}GQhua76b>&ALD49BV#FjEy4KBYs)e& literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..829b685443a7293994f612f261008aca7987da2e GIT binary patch literal 269 zcmV+o0rLJ8FaZc_^QQJ~Vv@-u0s%JzCldq!007F$%E~7d9RL6T006N17$yYo7aJ!g z1#Y#uOg9E65di=J0N&o--WVhY0VD_kFbP2fGUlnR9f$%yJE8r?qUK)cxQCraFG2L2 z4a0q)qI|}h)iB~>Jkgw(({c&4U+4-pPi>=E-g&UWd0HwrZYC;=EG0s%Gy z1OfyB7%&7BUkKlNqAN+sPWo7^hm-h9^bW#0Fa;Fh=Wb_rg&o&)7QNjy>^u{EM=9JG zFbhDtmGRlc$sBGKrORQJ>;?T(km!d5UJvYeR6iMzs#K2`h08k}U@|q>MyO-T_1qlE TOj8M*^xCt@Wv@c!hJ1Gz5$|fl literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Missing-Key.chip new file mode 100644 index 00000000000000..5430cd3cd6213c --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Missing-Key.chip @@ -0,0 +1 @@ +2橭�?;��Ƣ�^踇�F/A�� �}��|�2_0�;�i{%U$����7x���S��8�v�{$6ý�.�!�&_���`�[۞��+7:'z�ۺ \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Twice-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Twice-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..7acf2999671cdedd146fd1190e45cb609b98975b GIT binary patch literal 289 zcmWeNVB`oE->$LGspf_X6Qen^x-bg^1H&mGP#2X2vKSaP{E|>(c`q)luEv_Tb*GOx zo4Oz)10%ydAV4Tl7gdKTR$*sU;b1i2bY%HCLz4C1x8n+y!Q;f#k(w3daZBGTgv5VTVukgtEtHv+S$85b|dr-yj+x^VHJrh_fj{Id%iMz(a*tm7$sqv%Sb%Cl literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Twice-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Twice-Key.chip new file mode 100644 index 00000000000000..9a490fa231a943 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-FabricId-Twice-Key.chip @@ -0,0 +1 @@ +������]�d���3�x]`��FE�_�3 9��=�R�>Z��q���3��\��=�$1���}K4'a�����0�֕%�������m�g \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-MatterId-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-MatterId-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..6a261888f1337db67f01fb187d0448b9e0c6047f GIT binary patch literal 269 zcmWeNVB~Pz9i@Jv(Bq;C6Qen^x-bg^1H&mGP#2X2vKSaP{E|>(c`q)luEv_Tb*GOx z8��ܲ�;��É�������%v��Z5� +5�6�YE���.���ɂ��?-j�3�o'�M�� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-MatterId-Twice-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-MatterId-Twice-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..2b3fcb89624487ce8c2c2a66ce6647e37d63a552 GIT binary patch literal 289 zcmWeNVC0a@e{0z0Bpai`#Awc}F3iHfz;Fr()J0{1ECz-Rza-RH-iu4CtFh*7-RWb_ zrY^|Hz{qe92-F3cU@U}U6?R4y4n_k`N0$6|`?tHFtFSVe)KRxy)Ov|6yHmC01Wz=Al0J_VJ znT3gkQNn;l@^5b7R z{XY!r45H5XAksyv2yFX^dkd#iPp$8rK&P15kg&y~`Rvmh-?0DLi(9l-Rx@nRigO;N Gq%jzML1$P1 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-Missing-Key.chip new file mode 100644 index 0000000000000000000000000000000000000000..08adf01bfa9645c4cd12ffcba8c2e7414d369f4d GIT binary patch literal 97 zcmV-n0G|H@KIOGBnBzRm{k67f0Hk$aB>3hsPHw4q&SC0HYbWHwoa~>vJfa@ic#4x- zP68D*7JqQ2nGaC@FgYptlD01fC^BxUP(ddm`v=e=pSKQ~HajwYfPU!& D1XwHx literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..07c8941e78177bb1ededda0a28ca8493baf2c8cb GIT binary patch literal 279 zcmWeNVB~OFY8S|U@<*x)6Qen^x-bg^1H&mGP#2X2vKSaP{E|>(c`q)luEv_Tb*GOx zo4Oz;Q24|D|NoJcsIW7ta4;HhIVYli&IX7~_f`HrH^OGmHj_J(E|wRWCPkQYnKEiHN&sDB#>~RR z!YE&b literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..8cc4b9868e5a3da5de45a9f29446397550841237 GIT binary patch literal 517 zcmXqLVq!FCVqCF+nTe5!iGy)wguU)(tD6Q~Y#dr`9_MUXn3)V*3>6II*toRW7+Dyb z7S%8^^9VRQLZATzn4qa(dmbb?BPC_@(mIdNVi149EtQ$rIYV-w>jab6Py*C-0Z z7Dk{M5CAjBk_cNO4TRa)!7gWFgnEIQk)7Fzf#u=3&yW5q6iCjjoMMx!r}8W*>d~Gn zJ=HT~KgOEyStu-G_fBVz@tZ$+QPw`C3H;Nz&qXTN)lYvr&FfZx#oPaXbQU)@8#Fc; z@USt5$_g_w{%2t_U@+hV@%TYJU_h}q7$|`Fsvy3Yfe0H1FvwV0*_oN(EJg!akP1E) zF&2^c7Lxr(BXry+Kf2$rBx1YYj|=g>2J#?jWflnou?CTc&-2pDTV=18i0!>=`o>1M z#$EFca>OvZGZ?rqDWvXek2qWV&|LVU{`--y?eDYz+xV6( literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Key.chip new file mode 100644 index 00000000000000..561d1bb41a4a64 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Key.chip @@ -0,0 +1 @@ +��2�AIy��L�����\Ʋ��N����o6��I�R]?'%����P�M#��X<��4ܒ�wr5bX�"kU"�70 ����!V�{octH3�@`BH� � \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Subject-NodeId-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..37537447df6d2b081b77c1af60bf3d005e32a50d GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R$G-UQ43>7$=jL@lHSJsf|c|@R@(I=_GQL#PO_d^yr`p1_&yK zNX|V20SBQ(13~}<;m-5o{~&M~nR%2vZ7w9{Vp`(7)Qo$XUGZHs4mcp92TNxMTuz^p bqH4Y(kPns%&RHXVf0yl+O4?93?f?8Ntx7h+ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..587624afb69c85d7efbb797a40c23a1061942af9 GIT binary patch literal 273 zcmWeNVC3L$e`d(>ZXS~g6Qen^x-bg^1H&mGP#2X2vKSaP{E|>(c`q)lZqBAI$jHFR za1RKOBvsfMRX7+8I2~C|TRQ#rnXuW)ytBgX&olR>O4Gv3op;aYVc)tuV(&Xw3--$~ zcVjFqr%Ud#@w1*>s8ZRGW)^SCaCwW;?KyQvY9^a=nKEiHN&wwq#>~RR!YEDb=!A(q;?k!Ky-*%+-JD-mMtH{IWdFkb?ve!$*_TDvpVnz81QV@6II*toRW7+Dyb z7S%8^^9VRQLZATzn4qa(dmbb?BPC_@(mL2+Iq149EtQ$rIYV-w>jc?JxF8F>U; zTpllZp{ECl!dJ3GpD|#z7-SGZ3<>bXgYpa^d%O%$Dy*L*)HXAfH81S$$ zhsp{wGX7^_GGH*^1M&DlJYd+cHy9{@_^Kejn1Kiz2QZXaS=pJH;4DT1S&#}o7BLo) ztrHiU?t8Otw%)60KEJjfiilVL=Vc%dl2&GsFc51HdH6gpy}VWSdWqQHyQXh!glpV2 z?;ytovnPXr8lmDys7JOVfWB%#8KmVH7-)x-Son*7~?V%&5Ov8Xm+LXL6 i>fP6`UH^2?>}jWO{;)nG-stgM`Rl_T^-`g5&!+&Sy_0GH literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Key.chip new file mode 100644 index 0000000000000000000000000000000000000000..8629f9c1061d6e485929f17842524d980f79c2d5 GIT binary patch literal 97 zcmV-n0G|H@%Q-^(OpvoWH;H&g{N_icB9>M+L%W|02eqeIz3xRg2h&{LTsb+H8M-`9 zJCkuFd4Og%Uo`;Jv?AM_e#Cr}8;VTyAZ0G{d&~0>xzlx8PCnfJ-ch$bJ<>t_u$!>t DY&kCB literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-After-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..40ba900f068451ea8814660b3d79c6e320adfe32 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1Rzs_4yct;Mf_et2I~dqRFrsq=K^>9mcRcHOu0d|4DBfd*H4`4vG9x0+83`j5og#t2CtsPPUi bAPEhqjd-%yOZt?_(P29}e0kG!JMT&fjKwnJ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..d8e9766be920e6c631bfa0f792d8e7ebc5c9ffad GIT binary patch literal 273 zcmWeNVC2X?tv(&D*-u$DB=Fkdc9r z;T{kmNvg0js&FtGa5}PlefE5{>R#XLfxEZ)rc}$mE|~o(Y8uzWnB)^>ttY=pZqBb?y;+ Rlnz~<5-=&q>|C3U1OTz_Zj=B3 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..a055aa8bb75c788666b2cb7c9d5f1b6f84b1a6f4 GIT binary patch literal 505 zcmXqLV*F~*#5j8aGZP~d69;>Z=en)3m*yI9v2kd%d7QIlVP-OLF;p;+W8>0hV`O1$ zT2#Zx%p>6J2!RF=V1lNCl}EtM(FrOEq6}RO1mzjTc})xq4Gc{UO^l39jG{0MX5RMnHZt2W@cn(c4A;z8nsy3HFtjc5Bn?T*8=7{pW|286FAdx zVUfms!Ohm)rz|pl%uK!g!~OUBxC+64=da#8T2xxT&QbL~|Ix<{>+Xv!ZfrJaY%t(q zV-A%SW@P-&!eqc;zz5>-gLuHOVQ(-{0P$5pd@%zNHV$AYv9hu=Gr?Jm2C^U(d@N!t zB7fa%kG@&7;Ji}9MakM(&NF}ANo+EZ2T3clNEnDUh&+6rmtNi~d%Z+#?_JY3Ho`UT zns<=ng4u(?z?Dgn;fd_|{e{;Kv#(LH>0xfV^0+}?h0{2!;Lsuc6M`mIZ;mi2IF+=; i&h1zmD`d8;Ni$vO%$KXKIj)*MZ;#EbS-PNlITrvO>XAGE literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Key.chip new file mode 100644 index 00000000000000..824092d058596a --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Key.chip @@ -0,0 +1,2 @@ +���%�M�Q��Md{�p��Z� +�\c�v�����!��,t�����|D�5L��i��F��L�ga.͞$)Xg٨�:q�G�g`w���sח���T� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Not-Before-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..2f9ece56543f25e5ebb43e1c474f79daac54614f GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R!RzDsvXf1jP1S_X8|OYm>PSoV)Y?2N8^9=eiB7>5rfa1_&yK zNX|V20SBQ(13~}H?~9m=Ki9ZYtMKRl)wFvOo{q(Y>uvcxIE|43Fcg;j2es*K-ZWtvoNtR zN*J(+>=qB;nb%pp?LVLUPS0zH?2JyjTN<#6Jba#)UfwEuy+my9UDG!ha~{+hHAF} literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..2a92019f3e9f0f2429626890588a63fd2a0caed1 GIT binary patch literal 519 zcmXqLVq!LEVqCF+nTe5!iGy8=SI_F%-L(c>Y#dr`9_MUXn3)V*3>6II*toRW7+Dyb z7S%8^^9VRQLZATzn4qa(dmbb?BPC_@(mIdNVS149EtQ$rIYV-uq&ab6{M#8(CJ#SBE)IDkRM%F52n1ZOcC$bwYx zv52vV-<{jjSVfJJ&aAQ(r_@J2iYO0c*clWOb(bt_5WH0V2?K1e#zwnw`uj-8Vk9Pu< meDr>Cpu6Xls(E4=gLpdQ1kt#?hA;2wi}nP)ax$D7m<|B_6poPq literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Key.chip new file mode 100644 index 00000000000000..3abac78a7eb283 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Key.chip @@ -0,0 +1 @@ +z$��� �<�6���P'lk�4W�K%���A��9M]�ٿr|�� `#��dZ�Ɯ-W Ő5vQd\讑��#AT�R{�p!�axH`� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-NOC-Validity-Wrong-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..10a02a1ba6e05e4f2aba507dcf3d0d51ce818013 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R$Z6V`-G}lrGpVGg*PS@_#>}@URdJh9tC^g$uyjmK&f71_&yK zNX|V20SBQ(13~}u1iov?oTD13+?<*PqC0Jhplhi723OjxKK@o}oWeL6II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#hfl^BNf#8W@@yniv_I7)OconjpAFQAC*$X&}tT4z`tv5o$d% zBRjJb154I6DgIUJn=UBD|Egem{6favuvS4Rb5CK*zq?yovgh&{*k~sSK6|?8=wDT4 zC520$J)az#tiXTZ%CY&M)?b}ryL)l6L81Xa8*`|vFeBrC7FGjhAZ5S@65t030DZ~G zW*`gV^RbArh#0L2GVb_bxA~tkFSBL$fy`{Ra}x~YLDI@B5(Z)o*cBj!8M8ZsfeVv@ zx@EZYU+4|etow8*u#S?izQ>f@&W*YW+gFc`N1_&yK zNX|V20SBQ(13~}OQ#-H-9)tEiIKl3zJ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..9ed58215a0cd4ef2bc1241320da18b2114cc4738 GIT binary patch literal 251 zcmWeNVB}!qiM)8i`Sm#!CPs5+brD7e28L5WAfd+cUR+vTjWuuUP9JkNBncIEMimZ5 z15QVlrStvz_I%d*=6Ow=DU3Is_l)3$rB#aa7q55A^Q$xZtIu8HTJTrp*!~F{ygv)oqr|?^}8J zKNzqIV-c1x;C3i2EiO@=!_QTnX5YO3`{2yhggp+&1p|#jE^hxIlEz^hZ?SWN fh;{Rej_}|w4+WN$@G6P5dQRvP_}THSIa~q&D9mAN literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..259d15978aa2254b965053bd606900dc087cd499 GIT binary patch literal 415 zcmXqLVw`Qz#OSnunTe5!i6d;^f0;VHnu!KnY#dr`9_MUXn3)We3>6II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#hfl^BNf#8W@@yniv_I7)OconjpAFQAC*$X&}tT4z`tv5o$d% zBRjJb1IxU1$(PfTPi#7^zkR~ocWlS1=G^OF@9=regPU1D{=Gfzz`yju&bjs3^1ryO zy(euv!d7rB=f{(it+yFv?l~)#Ty9;QWRPIM&&C`oE6m9FpM}+c8AuuMfdu$L0zh9f zvKh#N_=k)ixb90}vJTn&r1_4l7nMK?{v_Tk)0^}fLc4shf zVNy_af3UQ^OL3XqTfhDFn!jpqt?zd=5smWuTlznkx2jQ$Nx?F9c_i!nlR6IOQ-8c% YrziZ(=+$`+S=Cm}#oxH}KC+w!07A8grT_o{ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Key.chip new file mode 100644 index 00000000000000..668bd01f4bf1d6 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Key.chip @@ -0,0 +1 @@ +��N���*�I�V _ �Хz!���FnN~2�/ tEp�,������!ϩa���d��-|�0�� 4%r<39Я~�_�K�!�LvQ ��8��o \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-AKID-Length-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..6515b58e2a4f5751109323f83190d325fef0925b GIT binary patch literal 121 zcmV-<0EYiCcLD(c1RxZDsA5hf|9XL>S#t;RMT#E!8jn@?aOKbaML^?(T-l%s1_&yK zNX|V20SBQ(13~}U{_V>^52et#oquZ| b`U*QslCi`FaK>!-l){rGzFd=yK2d&X#qpgS7iYgTyYlUK z#We{7ZU<2bNtfMT`9=Aw)=iti$Z;f2QZl0J9hziX*Emnox!3R8jsi-_g)V-FMNt%{0>SbBcN@~XdqHV-5W zSg{IA7;rlnPc&G!=G@F1)h6hyr96V>+if6zZ6II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#hfl^BNf#8W@@yniv_I7)OconjpAFQAC*$X&}tT4z`tv5o$d% zBRjJb0}E&OOym2q!D7mDZ*5Srh==Y1Vt+{BhuV{Y2S&hHA;TOWW=( z%32#Jk{Q#HQTJE$PuTx09gA)1s}?64BpUFuF^9?uGcx{XVKo5ymcf7zB)|_60Q!=V z%|I5!=VK9L5joNF^6u{WOQz47+@7p^WH;yhH_l83@*rtt76}8f2J8xu!i?F2!N8SC z!Bxj6J7iY#=D+%PF4-;He3I3wc`AqUzI7f^{Yf7-@K0t^WSH}ZbLXj_HH~{Mo8t?o Xeo^19XcM^fEQ3`CXT|D9d-GHP$1;Kn literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Missing-Key.chip new file mode 100644 index 00000000000000..db698e051f82ec --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Missing-Key.chip @@ -0,0 +1,3 @@ +��8�0� +�K'8�����W{��_�� q��Y���1� өe���5j���Csb!"���EuZq�p�=dKÃ��=L�R��J����?h�Q� +� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..061d73a52b1e43307cfb59a33570593bfd40e0ad GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R%$NDwacRYH_YtB#u<_D^1HRt*`icQ<~ca7@0BMp9Y``1_&yK zNX|V20SBQ(13~}<35%IC-yKsHBc0l?A~_1p%Z&F0N;c;kG?qKP?EF9q>*OO#m?d=f b(zf2BYOPTeXVZ^RAZd=^r`v{jR-pYgO(~sr?d+lLDq}^XuR9 zZfB-`%`=(M(zQ2=uN2y?F!6IX=Q3r~V3bf{N-$s%`7B*tD$L70;X|ofVfX^2>uchw zV+~lb3QHJpJ2ckU37=0od+H?j@hvPH?r8PaXGcn(dBc+3;U?($;c^N0gTfg`o>qEd eeU{gR{Nf*dSv%u)tmoXAvNhhj8!t7_mjD3pNn;}b literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Wrong-Key.chip new file mode 100644 index 00000000000000..9dfff23d29de97 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-CA-Wrong-Key.chip @@ -0,0 +1 @@ +O|�&��� �/�(+���7���g���}�ڪm���P��N���i/|�Uu��s�q>�4NC%����-0��/�7����w��s� j��� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Critical-Missing-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Critical-Missing-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..fb4928fe420519a5ca32cee4090e91c376c9fb4d GIT binary patch literal 414 zcmXqLVw`2r#OSbqnTe5!iNp7TxU0jNVip4~HV&;ek8`#x%uEJKh6)C9Y+TxGj4X^z zi)t8Icm$jsA zk)7Fzf#uB>2A`uRR99`OH&|QU{7&47{UmFQe(0S8Y#aBhm%8`MU-&GZBCzcI#>8C$ zUv!r|6a8@D!e-}(&a3`w>_6E0>GI+PgE#{oHs(-SVHQ>cW=6*U27DkMKaj-&^dcjh zfh>s6$0Eie@-$!`%i0MXMf`57FTQ-_dNH)?mydxwNLrai!a%G6y8@&DWATm9d WT@@GqQg%&*vrJf2v#}U=xg7vE_-(N8O!CQURrE5JACGhoVdf~m3>`Da*yAzq~n{Heyo(qXQw^r#^f5`LS#y}n(#{#2AC!aqxUcjWlrS*rCai2ld^6dFPJKn7e VHSm2~&;0nKa+FT#h1B)D3jh#Le<1(> literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Critical-Wrong-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Critical-Wrong-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..8b0cde3d002d3573f5cc89747bed7cb31ccce5c8 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R&WCX_klBXr5mPG@cq${uB~?G%QQ~5c`@XK0!n;^Q)i=1_&yK zNX|V20SBQ(13~}<4a0`>SUNrSAdv^fAz1-;9vbO5wKl`d%pMm&)2WV%#BImf-?9cf b0)R7MZ1JymAufo?U?B>_V0_5><(&T0b6GK! literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..b46d7a9a0ab98019324a8d0dfb1976f7799ff128 GIT binary patch literal 247 zcmWeNVB`>HjlHx`JnXIt6Qen^x(Fi!1H&mGkWgcJFD|XF#+tWvr;j-sl7tF7qY4M3 z0jDF&{>uUF@8aYwwwk&}lx+>OPpsRg+0eZ$%gpo(^P#COe>zda5)pNOcEc@!pQ*Qz*3z{!J-@f4B^#h9)dbXY`Ef?GI a*Q#7?a&pcthHT*iP4-{U4)T=f#DPoNT{*A7nfF7W6j&T)5n|*NkWC4QH6ui zfYXtMx4PQ#o|5_=A*n)Hb>3Ye zRBynFRanA++aV?AW9|DXzfVj%ttnmSu%%OC>%^x&+9x-PPQBqWTO(1H?VXzOTJKl` fH?;@Ce{#-GwH9CUA8O)kPQ?7#L0gfrJ{%dvR%XHP*bXJAKUAkR(*t8C5tK z4LBWHY*ft3mLG~Me$~{kkZ}9?PMvtApUHWTPj?5Oz2^1Pke^qf^e(fmMsD;i{?vfS z=El=fq&CYrd|RdKd{uSIM$v9_E>lKLMhO+B1Opb4s?L~4X$@<+S6o>c&Y^v*>Dq6t z2?nfKg(VEQ9bP7=9$>nAXok-&=gUcFr@B1knf8>sQ}3))ib$x^+Jw->r=Q1b+;~vE dFNEDth&i=Cj63g|(1f%S1CI2`OwJQ(B>*6*Vm|-? literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-PathLen2-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-PathLen2-Key.chip new file mode 100644 index 00000000000000..cd416e96ad48a7 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-Basic-PathLen2-Key.chip @@ -0,0 +1 @@ +<$6v��^sꂏ `��,_"�cn�ˋS��J�1 u�-(m[�eP�73�d�@��-C�%����x�5�����݅0������+"�3"t�@��4�ni \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Missing-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Missing-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..e9644755574c3390eb425fb5793fa4eb7a0bfdf0 GIT binary patch literal 414 zcmXqLVw`2r#OSbqnTe5!iNicF6II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#hfl^BNf#8W@@yniv_I7)OconjpAFQAC*$X&}tT4z`tv5o$d% zBRjJb1B+l}MvkFw$E+pCWG)*`gawF&JGY2FpvjHE3-%#h&5nWfD~ZN9t;MqObSe1 z9`?WI8XP$xX7%LRt6T9|f?k^#OpM(QCTbg3!m)n6_mFI`RJf0s!LCdYS+L literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..82f00b536118663ccfb85bfbf5836ac53388093b GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R$O7g40)*n(I0wX_5wEw&UTeO|1t4h_OZTUv+pMGQ^+?1_&yK zNX|V20SBQ(13~}<5m{(#F)fIiq{kkjkt6sU_$>oU)%($>^*!(h3Dyqe8yh_=^Wjyv b`Fq}B`%%hnFCIS20kbLn82N1xO$k6To6$0H literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Wrong-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-Critical-Wrong-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..5abaa6359b8d06cfd460c8a6f654b18a56b6c20a GIT binary patch literal 414 zcmXqLVw`2r#OSbqnTe5!i6b?H+h=>G%XtGXHV&;ek8`#x%uEJKh6)C9Y+TxGj4X^z zi)t8Icm$jsA zk)7Fzf#tl%r>lpQCpa_5RqOb^Pm+AkAIbeXSKqbNooQX1>qq~y9S)WSll98vx`lI8 zt={dO&G0GV8}rP(+!IZ<$3nXvEKV?pGvH@q4wV&VWc<&1_&yK zNX|V20SBQ(13~}<&q(ss!XuDF173S9P48kE?+;lE>uoPZbw>iOUPbXw&4@rbaFZ@} b9*YxfB|7fCn*j1)_5+!2ZODQ>##M^oxP~xY literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-KeyUsage-KeyCertSign-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..e82d104bbbb9d8d0fd0c566e020d177ea56461e3 GIT binary patch literal 252 zcmWeNVC1kda#$@aw0)Nf6Qen^x(Fi!1H&mGkWgcJFD|XF#+tWvr;j-sl7tF7qY4M3 z0jDF&mFkNv8zcB^owuA7^j{RR?!{)7IZSr~pG&Hk_Qv}4>TdnqA--wegsL+)G&ZXo zP?+&{;*zqEsHgFhcUB&dZC{;a&SlD|$ta=1JtFda#4pp~A8O)kPQ?7#L0gfrJ{%dvR%XHP*bXJAKUAkR(*t8C5tK z4LBWH*mLaM=hgAWZQAmj`TH9G?F+uYh+ez+#BQvW zEnmSa=eKaqNekg=c}W4>?O7Aexl9=~86^x@MD}w}>)6V?JGXX1_NF-jBCF43v}qc! zVilG!;C6`0ba$LRPx#5LdW%WI&b4`*kCeOPx|{Ew3GYc>X=srCn5BHOFY~E}ks^kp%NTf; DJ2@*0 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Length-Invalid-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Length-Invalid-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..0ec97a8dd0d7ec3c4842c21293e3c9ff40c2cb5b GIT binary patch literal 251 zcmWeNVB}!hvMs6lfB0k-CPs5+brD7e28L5WAfd+cUR+vTjWuuUP9JkNBncIEMimZ5 z15QU4EuKc!vWAAgDLJ3DCgyK%n3H_jvp+}brlKLMhO+B1Opb~#>DD^EdhCP5ewE_#G=w%55ZioCOwTX{v3#~o`na|3f!&hqMJ~zeGy6M;U{eM%|TCQT7Ud(10hV`O1$ zT2#Zx!Xx192!RF=U}zvG&TC{~Xkch+Xkuh+VjLyTYl7e!MG<92q=7ISJJ?nxMyU17 zjO@%#3@nT;96ySCCvzW*e(-&EhR*tLNxK8i7M080zi_`{$>q;!>}LhkY(@0iPF}g$ zdP#Zp$*#$h*Tx=AVexM~;3-qZ+_^Z>Al`tVjX6|Sn33^63#$P$kTT!{3GjmifWBm8 zGmruC`B+3*ge3$XzJBGxUUW+%IrM+9OGS$RPhbcDWtCaP4MZET$|Hpsvpa)<3zI_K z?>CDB9l9GPXA3OSEH`~FLG3sWKys(F!=xSzd;Vq)P0v;?3g{} Vh0?>-pAzFPd|he%zWe&Zc>w21g)jgB literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Length-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Length-Invalid-Key.chip new file mode 100644 index 0000000000000000000000000000000000000000..362dc9a125f8e4bb8100b07d3a85107103e09b60 GIT binary patch literal 97 zcmV-n0G|H@Dhz=Ic7TBWWNh;)k#DzvoMY2Tk8B$GN-YFX+Hcwr)|jyv<`+emR{(hI zf;_w9hG7NNz=uhevBPEA#WTLHhrV254CQOI)v}0Hm0JLQE`3=F4$Kthe>y|}cx8f)Ixoj&GlND?aSj4B+A z2Aqy8FKngn-Pp|?air($niD^}E}V$|%seYk=hj&{ajTCje=NUsAtv4{@o>0+PLk(U zw{;>@{Er`)6H&h*?$EXuTmMYgH|H{C)MS)UVM;Jy60ZHAOnS4853e3H_exh1X!NmsSKks`uZZkI9Bv16bHP_u!SzfF$ b)jRO;=8omOJ!Wa_zWFPr{xe*@*h~TdIjvqb literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Missing-Key.chip new file mode 100644 index 00000000000000..c23b0d1a5c88d5 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Ext-SKID-Missing-Key.chip @@ -0,0 +1 @@ +�=�ػ XČͬ�����[��n,��:�����\_Ja�W,bI�F��O���X�^¶���/�E���͋7j����&#�B��b�[���E \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Issuer-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Issuer-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..b25c3c64b465746088aca7bcb5b343850dd3529e GIT binary patch literal 239 zcmWeNVB}zLIJKJhVALZOCPp=u_u|s(YOHx%clwyKsf#c&Ffg0~0tpp%MimZ515QVl z4ef@lAq%3r%ib1VyZdO(5n~O7l4&MqLpXgJ?teNQy=K$Zxsv}`FZ?-iXL9gw@m$fF zXIu__kBi^gGUw>_KQ`Md%(+Y%H5nyTm=X+FM1mb^7BBV-SpNNI;I*d{4_aCp+PWLC zVilG!;CAQ;d|~^|CNxKT@^eiiGuv?@GDVI`J|Q~Iix)!+e-bU(=3IW b`{nbBlw#H{kJ}fyN#YBG#gj`qO#dVRD&=P4 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Issuer-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Issuer-Missing-Key.chip new file mode 100644 index 00000000000000..a18c3dd37bd16d --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Issuer-Missing-Key.chip @@ -0,0 +1 @@ +��1�T�[�v�q����3( t�4�T L����[��՝����ܓS�m��D��^_���ŷ�<�xg0~����>�9��Ĩ�**w]���8�H���< \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..d2cab3b21fdfc4bf3e7e7fba229b3e1b5f1efcd3 GIT binary patch literal 654 zcmWeNVB|3EpKvC{hH;w;6Qen^x(Fi!1H&mG&|!3N&d<%w&r|SA%uQ7YE=|fxO)gPz z@l$XtDJjZKDlJJ>NXsu$D9K1w@Gna(D$cA*Rd6jT0t$ts7MCO^7N-slBP7&V-iu4C ztFh*7-RWb_HXMDZ!p^9|!Dztg$Rf(sX?ri-^?r}l26z6$a@8y51)tNO+pc9F6Cl@? zv)Un7YPpcnW8ubqJ5;2q)`%Wqy&#(HbUeZ9^f^t(h3w_t=3J(Xnv4=EObG@oBHj)R zQ)1&4OE$J0Huh_M{MN8_HJ1S^R$&PPZU_Gh&!@@Xk9%C@d`4yR*F(#n9_IP$7jwC2 vgW>tuGM?5MGvcfCPX1#x?M{BxHRH(Hq^APgMJ5I6oz2$`f11^osU-mbm+tME literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..26b563f5e81781906ea6dfd9d41b0e76d8f96d30 GIT binary patch literal 871 zcmXqLVoo+_V&+`H%*4pV#1S)pb%nR~v>66mY#dr`9_MUXn3)Wk7?}+f4CL6jwAmP0 z7@HQ=FtYFnI6Fe10R$KtdK$R1F^94+^Ef!?=jP_;DflJkrYZ!NCS|22mngXSDL9st z6lErrmZU1AnGD*Ih1Q`G~fp&GFf3p#{Vp=2FyUpfDa_V4-x>TRYo=gSrDI(MT|wHifQ`iyjk;?78)9; z8ym5?YI8F-8OVdAm02VV#2Tspky@DZ2TGXPA) B5s3f* literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Key.chip new file mode 100644 index 00000000000000..ab7b738ed963bc --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Key.chip @@ -0,0 +1,2 @@ + +�=�gEߌ:�G�{��S�/��*?\P�l�@m�2����$z���kB�`J��)A�wK�E7�~���E��wݜ86�^�p?߰j���ϭ� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Oversized-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..05281310f95fedf9316b4435a862a88dede6bc4f GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R${g{`N#@$i(qoMt*ej(GJj;S^h)?O)e7iypi1_&yK zNX|V20SBQ(13~}f#NT5Gv@XLFhI&6P&QQg2k&H_nc-=K* literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-PublicKey-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-PublicKey-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..bd64ff101bb8785cfd0319c8e9fdd7a4c44c4ee2 GIT binary patch literal 252 zcmWeNVB}zUaH{Id)9?K%OpNBt>LQE`3=F4$Kthe>y|}cx8f)Ixoj&GlND?aSj4B+A z2Aqy8jfwXzKHa9iZe@D;gDb(iMP8&VIqvzdG5FOi!Aftgc=Pku1*TVIY?$%pIo~#8 z<{3N0d?oC)4$QgoB_qhVMXWHuoXeC^lTkv2DZzk6Wa0NJsjvk*-WzUmJ*48z@1;@L z<7>bwk`pvZ=Wvk(CyQ_mNAc84=`Z{01tko)9k$s#ar#nYy{5vQK}~8wT)TMQ^kuyj yZ6=G$4C~|7PCp1QK4{Pu>**hM|B-CFe?FzleNN#+>*WhxNdN$}gk;?S literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-PublicKey-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-PublicKey-Wrong-Key.chip new file mode 100644 index 00000000000000..2f4706b00bed75 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-PublicKey-Wrong-Key.chip @@ -0,0 +1,2 @@ +�a���'��gw��S��d�8I��S�yK +_7���xh�����3��M?*����hR3�qP�A������Ec �H[��9## ��~ \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Serial-Number-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Serial-Number-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..917e77d0be7e91059fd2d257c1eb6e8256d7fa89 GIT binary patch literal 241 zcmWetVPZ6ARu^GpU|=`}1QKd2@5QCn)mZbk?({KdLy}NoXH?-}G~je(c`Xq2C6%|S zfjgGp^Fxo|!0ra{q+w>epWNDn8_o>g39kb)NG6;=Hp}mnEJ@DO`9LQtf_9 zp;eQ4!|$!3=3J(Xnv4=EObG@oBH44UB`NC9Tyciutc<3lxhzH|6Ej#x{C4(nJ~KDvlWhMzq_!;xTAXZzsn@OSU#6Ok%qw?zI$_$f>wrIPZ V`sF@>=k_J#E=K9CZxgr60st5yf!zQA literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Key.chip new file mode 100644 index 00000000000000..b56185a7350d4f --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Key.chip @@ -0,0 +1 @@ +�O�Z8Lǡ����D�7hq�Q�q�t�S�t�b^<���Ff�d���O�3����h��E$܇���.m��р_k�Sm�����\������� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Algo-ECDSA-With-SHA1-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..90fda44ea72e48b9a6b1b1129d84c7d5ac64ca8d GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R#`dwA&DHgi34-%2)fMh3?*PBqgBWQe87_%b!xRrYfKc1_&yK zNX|V20SBQ(13~}%az% b*s*~2zd?`<1MQo~4mL(3$p-&O8n&QP734L2 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..8437e1b034b67b45e9847a1aef3caa70484d91ea GIT binary patch literal 252 zcmWeNVC1m-C^X0Q($O##CPs5+brD7e28L5WAfd+cUR+vTjWuuUP9JkNBncIEMimYw z15QVl1=Z)4hCdao3AtQ!YJzaLd>zwMqo*~|akCC3yJ=sMy(NDqzV+v%X7z81YqdG7_T4SnlG4Me|yyw@o)VbyIOtk z2pX_r6_zmIcG&-Yd)LbhgUv3TVSg3m*Ii+IW_sXP+llV@*uI-*N>AsCZFbzI!Ff~Z e?o(xv=~V`L(%aHIvwU7C+_si(h0*f_M>JkHs&Ff$n_87dgav2kg$F|sf= zEvjK;;Sq3lgg^rbFf@=8=QT1gG%z$ZG%+$ZF^&@FH9>HVqKGmh%s_yR9c(KTBO9xB zBMSo;vl9bL+`*Qa?8Z4<-`JN(&-LEmvhK(H#tgAEpLtjFC6tZcui)Q!`rBJm;mMog zFGv;etx4+(fBtO>w*=q4@DEzw9&T%2oNSP2z|Y1UDl5#$_@9N`@PP#QK>|Q8 zGO`)Sg7|zaVk{z^8p=YMGK+pY2ZeP=2u})CT`SLOAPTFwQ XYZl*IHYGom@BWK%N`Alnwm~!i?+|p? literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Key.chip new file mode 100644 index 00000000000000..be3870774fe0ff --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Key.chip @@ -0,0 +1 @@ +�{ΥW�|T�rʐ�~�2�|[^��cF+���_����'�!�*5;�>\�4�ߍ h`�r�+�r� �7?��# OWBu����e�L� `�^���� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Sig-Curve-Secp256k1-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..c1ab2f77d006f6b8c00970184dd50791a63062a9 GIT binary patch literal 118 zcmV-+0Ez!FbOHeZ1RzAD)bTI}soky0r_O`kzqW^He5Jy-0u-*utmFYFd>o($1_djD z1ON)5L<2$q1YW^}nFlj$3ib!28=XtAM6URsfoK+HOrF(m7$Y+8s1LEr_U$zjld@mX Y8gLG*W{y|q_LK`44&GPrD)!;Fhkq?J761SM literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Signature-Wrong-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Signature-Wrong-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..00904fdb5e44b5c346fd0c5ba12ff3520f27060a GIT binary patch literal 252 zcmWeNVC2Y2&G1uM(6C>HiP4-{U4)T=f#DPoNT{*A7nfF7W6j&T)5n|*NkWC4QH6ui zfYXtMBe1CW%gj}3;)yG@KF+&kB5)<>R7}Xr=T}<<%il@XF5D%axyWbI`k-CywkIqj z4tob3-TKfb@5N8|i+i*px{7?wxl9=~86{Mh5)4>Gw(oU5wZxexjx3L+RDSrr+hJPGk0n7lr^Qx_&Dya`P2v}e!k3Twiw_kRDbMR&{5;4j z^z7A*^(i<1Z<@DBRP3W;(W0fi(frGb-_@FPnKEiJN~ka;7_f*Ox|gkXZ12i7?2j+a zzVbq;A?=*3y8$a!VF?3nhr1i57aU6II*toRW7+Dyb z7S%Aa@CZ0NLZATz7#d0#h#{$9mQBBpFgYIC8FpS+_~Kck zvY@p0+c&n@b4%EMzF1tEv!lDY?0DTH&6kGi_PpH=rB4|bCmSRh@Ut<8$_g_w{%2t| zU{dSkN_}b7}*SDL3}^Pmueu)h`FPEK?Ueil7kswryj&-@`nLL$o^+Esppt97 k3%>~7`u*T{=fWRRY`PD7dD^Oq>|NXK4+pI~IotmS0AlWpegFUf literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Invalid-Key.chip new file mode 100644 index 00000000000000..0d6bd0b0c9bcb0 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Invalid-Key.chip @@ -0,0 +1 @@ +�y���@�|��Rl�����&� ��/��qr#����RJU�ձd������Ar�� [�s�}�IsL̺���e=$R e��C�J�D�)�ڶ��� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..173cf22050345233288b6e7cae2d101d88da1c4e GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R(dLbm$Vyw*QYbY6!@he_OBT&8LUXG|V+qttAopE*YQ-1_&yK zNX|V20SBQ(13~}?1iyIMobzqef>4NrvirmWLBzRM&l3~T%`$dUX79JLgg*-y bJ@e6Xb!@ncgLcP$;wkAdCqE5~Ky~E-iO)74 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Twice-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-CAT-Twice-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..e67c10c84657f0fb68e7fe9778040bebf9bc3819 GIT binary patch literal 276 zcmWeNVC3)))XWKNX4h9?Vl-z~7hz;zU^oQ?YGMKmXIHCBw^Vmb(-u0IMBeMRv-*gC- z7u9h1FlX8hHVIQZE^{tZMomTu6{Z9O7LkCi@F$FO+@>#8esWjM_vXbpRd-hzuwoUK zFyMCBRrX{}bXdviH&5g5^_>2P^BMO`0004ZV)6h0 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..280f1ae02b8cb60f00a4891c88e0785c76cd3e9a GIT binary patch literal 416 zcmXqLVw_{p#OS<$nTe5!iNiZ}d2&nT=GO*XY#dr`9_MUXn3)We3>6II*toRW7+Dyb z7S%Aa@(389137VCBLhPNLsLT&BV!ZeC~;mB1lK5vC^I4rgxT1^wlXn7t!HLrXLe#> zS+Z!#6HTs*8lTSJY&hpRNAFCfjN_w^3yrs1+}WjUl6ymYYwPiO9#{Vs@-7x%WbA+Z zYL9!f#U6p>otMkoj>R(gEKW8^G~j1r4wV&VWc<&%3LXVSSf$p5%unCCXbKa7_B4DHYr@@%+^HObUWu-X(T^p8Rc34F8n76?|`kVs6EE QZIttzD{ZI0^4a@+0C35G=Kufz literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Key.chip new file mode 100644 index 00000000000000..2c18d37b3a78a7 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Key.chip @@ -0,0 +1,2 @@ +��Gb�-]�k�){q�o~��^�!b|�j0�_{x�S� �D҅��9�Xj�G�@U(@𜖸5> +޺Vg⺫&���&Yr�-�,̄�xjkk=��~�]j \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Invalid-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..0db40c3dbd7bb9263bee110870d1e651fdd8463a GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R%Q4@Qa@e*h+^sHTJIFZgf@-joB5fw1Lbqj{5E1{d%AZ1_&yK zNX|V20SBQ(13~}aFoBQ$N;E478ko=DaG baSfvvqBBp&)r?1jIJ^+2iPLw6#$5nR37a@( literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Twice-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Twice-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..69d98468fb32c86b6e14e2fb2f4f323910603dcb GIT binary patch literal 272 zcmWeNVB`>7|1maNYvTS z4e!mnV?Nn_@9KN3tRj#AMiIP1TKb)5I)Src_$ jY}>rLM(L literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Twice-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Twice-Key.chip new file mode 100644 index 00000000000000..02417d66f3eb37 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-FabricId-Twice-Key.chip @@ -0,0 +1 @@ +_X#]�t�b�-��K�p�ݓs款�=P�g��:W�i�j�1ޞ�7�?����$��j+��bIw�ۈf�f��4��@e��gmd�]-"�E6� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Missing-Cert.chip new file mode 100644 index 00000000000000..d770bcb5fece2e --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Missing-Cert.chip @@ -0,0 +1,3 @@ +0,j�c) `�$7&�'&n��L7$$0 Am�C,"�X�w�j�#���Op�9>��� +��J���"�� �u��3��YJ8����:wD����ì�7 +5)$`0�%���]�g�R4������0�%���]�g�R4������0 @�g���[+~o�-�Z?!�=����H�RݸsТyi�n��Vߌ+R��8F7HDs?b�ݺ�>�\ \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Missing-Key.chip new file mode 100644 index 00000000000000..8b163a485d8ebc --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Missing-Key.chip @@ -0,0 +1,2 @@ +m�C,"�X�w�j�#���Op�9>��� +��J���"�� �u��3��YJ8����:wD����ì�����^ ����'k�������A:S�v��L�8z \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Twice-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Twice-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..15265de7018c54925769bb2d4dfe42c77424e075 GIT binary patch literal 272 zcmWeNVC1Nu8~LQE`3=F4$KwX3h%92oHc`q)luEv_Tb*GOx8&)MM z?2IZLj0T*JEIFM5n>zj)8W!0*k zmGa3I&LaOBEN=vH_QbvWWYhaxn}@;HoXeC^lTkv2DZzk6#P4;e^pjF&KK1?uh4!D` zzVF)Qx88sitFVLtx5Lq&snIDc=DG_OTwnNQ^*bfI$gR&#yk9tz<2S#G$g##oj*}a8 jN?Hz_|7h`>zwv#>4&UT`NsKwOulmY<3)=Fs#76=E>R)bu literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Twice-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-MatterId-Twice-Key.chip new file mode 100644 index 0000000000000000000000000000000000000000..4a891f5c97d02d635ec87eac8263990c76b125af GIT binary patch literal 97 zcmV-n0G|H@Y>5!Ei2X4!azEsjm>YR^-zSMSC3Nu$87Sl6awe~6ap=d*Yb{JL#(E>k zs6!O~fH~Mw35;Iu@;r^_D+~ZVhJ+Y6r3ZxT7R$j(`T)Dc;+zBVq&FiSmj@sYai6(QWT`DQxxwl8T1l@v zeT|F6ktw^xSq^gP^f3FHbD1(~GD@g0B^a=X=x$&&iLW!r=2>F0Q%N=0^@Yek4FguJ z!V(7D4!`C~xV*}i%au`Gu~F@nZHM#<)-B2x&i=WV91!8QU+ci*iu~{dT|W);s}?tA ZKU4d%%t*)0eSvc;>m0#})g~YKB>+(qSU>;( literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-Missing-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Subject-Missing-Key.chip new file mode 100644 index 0000000000000000000000000000000000000000..0153104c199909b70845505e3b09ada18198ce70 GIT binary patch literal 97 zcmV-n0G|H@)>3H6<$f?34O*g=@;4oe9n07l+H2eMkhBL(K>*v#u99B!3&?6Fp)}YD zPU|8ri)XAv7{rvi7X-lyEQ|w9I_5vutJUw+a3GtAi^wb3;sW%HSQ8T;kh1qNunTDa Dyjd^cTf4z`*SDMBk4i=zRo1eN$k1Bo!nw+NUZ>d_&&b4B4Gm-WW9L(3G<|ux z?!10k7dB~b)yWB}=3J(Xnv4=EObG@oB7tm`CrnPutQVU1Pj2J4!%7D;j2{@VVilG! z;CA?0CcC5m)-2D$ok^~p_wEQxU9hZfU!Rnm!EM3oXTGoZKcl7X{=_Z0tNv)`;UCqf X{2sfk$=L2MT@vZ}a`VJJJJciqmVaRi literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-After-Missing-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-After-Missing-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..d5633e6c794888aa8f8f2d41458afeecb8fa53c5 GIT binary patch literal 403 zcmXqLV(d3)Vl-R8%*4pV#Nofi+qz+ktg`_Z8;4e#$2nUTW+nqALj?mlHZE;8Mi$1V zMKz2pJOa*+5NH4ah6aM-yha9w28O1FCPv04#!>PNL}`mO5N2ZsTg1c&wUL>To!N=3tZXa=KLW2y!!J=ii?vC5)Js-m_ucS85#exuo^G}DFZ%`06$0o=rKk%16dHC zk420{r0d>Of%5O1qDS8@PS~pPY1*FS{Hg}>AZcY52?MbP>:��+�M�����Z�#*=Xh*�D �;��6�IYa]((3G��d)M ����~V��zɐ%V��$��HI����X�5)���8(�l��� \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-After-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-After-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..244a9c0a745c90b46df02729b8392c86a1684437 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R&m`KreyNiT{c-O_{BF`%44Y!U4dLCFy88Al%^1aB`pu1_&yK zNX|V20SBQ(13~}AJ*k(w1Jqz5;5!KrhHupx6F|Hf%fQsEeuY&5;ep bOdmaVo~MMwn|G1B5Y)6rL*Qr6C+CtOdW$#+ literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Cert.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Cert.chip new file mode 100644 index 0000000000000000000000000000000000000000..7b1bd17613736c0fa6eed951bc32a5a18e1f7490 GIT binary patch literal 246 zcmWeNVC3M=di&~K+r7UkOpNBt>LQE`3=F4$Kthc*Z|hDUb2cO)6?R4y4n_k`N0!@D zwx+WGV0DQ1ENees`z3DP!shRW2^;sWT%`6)@LKWwde?2SyO}r3?ce-mvUmKN_(x4U zw4S$y3McOpk=8QHjWOpkWz=MpP+>|iU=dlKVae#ePh^tdO6H0gvI}Mzho&YNuwoUK zFyMAr!=35N%AWYFOnpJe;up`unr-fQq_*W2EbC4A7asOgl;y2_e8YPqRPcb_}! Yl`;Lwlbto^W>2~QOVC{P)D;y809X@Z0ssI2 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..47a818b5b04697f0df98060927196d8856789cca GIT binary patch literal 404 zcmXqLVw_;m#AvpFnTe5!iKFTo!NnMI&^3s{yV|Lft S{q<{uYh$j*E&uqio}q*HF<`O1siG$45!Q2`e?_)ky92Wxzq9m{ zOJA&C;)1v;=Y>@hW4aU@DmHCgX%3L6c_N@YJeL{dBZMU=IAj2-rOnc;+Zr*iY#&;= D3XUyO literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Not-Before-Missing-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..3bcbbf95a51fc0c02ead39ecd8791e780ec787e7 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R$Dg@!gqX%GmkUfSKCQ=W8T7b{E~#sdM%4Y^F(1Bv7CV1_&yK zNX|V20SBQ(13~}zRanA++d=oujxAA_57u#Qu$z9l^zhZbykA$&W(#k*QTKd@^sYH%Xk{ ftfGEU`tsIEAH0>yoL6~SUU-=2EhV<^_E8A{Otosk literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Cert.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Cert.der new file mode 100644 index 0000000000000000000000000000000000000000..2574264b6b21834c86d9873bc35aa5de73334c4b GIT binary patch literal 417 zcmXqLVw`Kx#OS<$nTe5!i9=K_O(*KHnxg?18;4e#$2nUTW+nqALj?mlHZE;8Mi$1V zMKz2pJOa*+5NH4ah6Zxtye0;Q28O1FCPv04Mp5FtMhLEP6j5eG8VIwogKcGEgj&zc z$jV4jqRI|Rvo8>MYoO(`jUz^~qOQsPj znveEJT)zG$YraiO&);{?9Wv_l&Mi(hNHpMQV-A%SW@P-&!fL<_qzw2#0{kEWpf4HO z3}iukJ{B<+k?Hz&3wIO1c+ytFRLZ_x~cy+{ho$9;~Da~`eLIhrjykk;iSe>KzQ2EL9ZAu)>?#C>a XO}g78c2`%W^lDvZmte*XdhEy;o3 literal 0 HcmV?d00001 diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Key.chip b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Key.chip new file mode 100644 index 00000000000000..1190826b869a96 --- /dev/null +++ b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Key.chip @@ -0,0 +1 @@ +~�ɐM�<�E)ž�NQ}=���0^{���'�A�̌2��*g���2~*��!9懽�����ڌ�ߌ����+�����F�YQ���������IP \ No newline at end of file diff --git a/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Key.der b/credentials/test/operational-certificates-error-cases/Chip-Test-RCAC-Validity-Wrong-Key.der new file mode 100644 index 0000000000000000000000000000000000000000..7f68c417a5b1ab84d56de3aa7a52eaa1601308b5 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1R!9mP8Q819<39sisS2_D)b=*Zm)es1e!P^F^D5T^!cC)1_&yK zNX|V20SBQ(13~} - #include namespace chip { namespace TestCerts { -extern const uint8_t kTestErrorCert_NOC_0001_InvCATVerZero_Cert_Array[275]; -extern const uint8_t kTestErrorCert_NOC_0001_InvCATVerZero_PublicKey_Array[65]; -extern const uint8_t kTestErrorCert_NOC_0001_InvCATVerZero_PrivateKey_Array[32]; +extern const ByteSpan gTestCert_X509ToChip_ErrorCases[50]; + +extern const ByteSpan gTestCert_ChipToX509_ErrorCases[43]; + +extern const ByteSpan gTestCert_ChipCertLoad_ErrorCases[40]; -extern ByteSpan kTestErrorCert_NOC_0001_InvCATVerZero_Cert; -extern ByteSpan kTestErrorCert_NOC_0001_InvCATVerZero_PrivateKey; -extern ByteSpan kTestErrorCert_NOC_0001_InvCATVerZero_PublicKey; +extern const ByteSpan gTestCert_ValidateChipRCAC_ErrorCases[84]; -extern const uint8_t kTestErrorCert_NOC_0002_InvCATMulVers_Cert_Array[287]; -extern const uint8_t kTestErrorCert_NOC_0002_InvCATMulVers_PublicKey_Array[65]; -extern const uint8_t kTestErrorCert_NOC_0002_InvCATMulVers_PrivateKey_Array[32]; +extern const ByteSpan gTestCert_GetCertType_ErrorCases[12]; -extern ByteSpan kTestErrorCert_NOC_0002_InvCATMulVers_Cert; -extern ByteSpan kTestErrorCert_NOC_0002_InvCATMulVers_PrivateKey; -extern ByteSpan kTestErrorCert_NOC_0002_InvCATMulVers_PublicKey; +extern const uint8_t sChipTest_NOC_Oversized_Cert_DER[744]; +extern const uint8_t sChipTest_ICAC_Oversized_Cert_DER[678]; +extern const uint8_t sChipTest_RCAC_Oversized_Cert_DER[871]; +extern const uint8_t sChipTest_NOC_Cert_Version_V2_Cert_DER[519]; +extern const uint8_t sChipTest_ICAC_Cert_Version_V2_Cert_DER[451]; +extern const uint8_t sChipTest_RCAC_Cert_Version_V2_Cert_DER[416]; +extern const uint8_t sChipTest_NOC_Sig_Algo_ECDSA_With_SHA1_Cert_DER[517]; +extern const uint8_t sChipTest_ICAC_Sig_Algo_ECDSA_With_SHA1_Cert_DER[448]; +extern const uint8_t sChipTest_RCAC_Sig_Algo_ECDSA_With_SHA1_Cert_DER[414]; +extern const uint8_t sChipTest_NOC_Validity_Not_Before_Missing_Cert_DER[505]; +extern const uint8_t sChipTest_ICAC_Validity_Not_Before_Missing_Cert_DER[439]; +extern const uint8_t sChipTest_RCAC_Validity_Not_Before_Missing_Cert_DER[404]; +extern const uint8_t sChipTest_NOC_Validity_Not_After_Missing_Cert_DER[506]; +extern const uint8_t sChipTest_ICAC_Validity_Not_After_Missing_Cert_DER[439]; +extern const uint8_t sChipTest_RCAC_Validity_Not_After_Missing_Cert_DER[403]; +extern const uint8_t sChipTest_NOC_Validity_Wrong_Cert_DER[519]; +extern const uint8_t sChipTest_ICAC_Validity_Wrong_Cert_DER[451]; +extern const uint8_t sChipTest_RCAC_Validity_Wrong_Cert_DER[417]; +extern const uint8_t sChipTest_NOC_Subject_NodeId_Invalid_Cert_DER[517]; +extern const uint8_t sChipTest_NOC_Subject_FabricId_Invalid_Cert_DER[518]; +extern const uint8_t sChipTest_ICAC_Subject_FabricId_Invalid_Cert_DER[451]; +extern const uint8_t sChipTest_RCAC_Subject_FabricId_Invalid_Cert_DER[416]; +extern const uint8_t sChipTest_NOC_Subject_CAT_Invalid_Cert_DER[544]; +extern const uint8_t sChipTest_ICAC_Subject_CAT_Invalid_Cert_DER[477]; +extern const uint8_t sChipTest_RCAC_Subject_CAT_Invalid_Cert_DER[470]; +extern const uint8_t sChipTest_NOC_Sig_Curve_Secp256k1_Cert_DER[515]; +extern const uint8_t sChipTest_ICAC_Sig_Curve_Secp256k1_Cert_DER[448]; +extern const uint8_t sChipTest_RCAC_Sig_Curve_Secp256k1_Cert_DER[414]; +extern const uint8_t sChipTest_NOC_Ext_Basic_Critical_Missing_Cert_DER[513]; +extern const uint8_t sChipTest_ICAC_Ext_Basic_Critical_Missing_Cert_DER[447]; +extern const uint8_t sChipTest_RCAC_Ext_Basic_Critical_Missing_Cert_DER[414]; +extern const uint8_t sChipTest_NOC_Ext_Basic_Critical_Wrong_Cert_DER[513]; +extern const uint8_t sChipTest_ICAC_Ext_Basic_Critical_Wrong_Cert_DER[448]; +extern const uint8_t sChipTest_RCAC_Ext_Basic_Critical_Wrong_Cert_DER[414]; +extern const uint8_t sChipTest_NOC_Ext_Basic_CA_Missing_Cert_DER[522]; +extern const uint8_t sChipTest_ICAC_Ext_Basic_CA_Missing_Cert_DER[450]; +extern const uint8_t sChipTest_RCAC_Ext_Basic_CA_Missing_Cert_DER[417]; +extern const uint8_t sChipTest_NOC_Ext_Basic_PathLen_Presence_Wrong_Cert_DER[520]; +extern const uint8_t sChipTest_NOC_Ext_KeyUsage_Critical_Missing_Cert_DER[512]; +extern const uint8_t sChipTest_ICAC_Ext_KeyUsage_Critical_Missing_Cert_DER[448]; +extern const uint8_t sChipTest_RCAC_Ext_KeyUsage_Critical_Missing_Cert_DER[414]; +extern const uint8_t sChipTest_NOC_Ext_KeyUsage_Critical_Wrong_Cert_DER[513]; +extern const uint8_t sChipTest_ICAC_Ext_KeyUsage_Critical_Wrong_Cert_DER[448]; +extern const uint8_t sChipTest_RCAC_Ext_KeyUsage_Critical_Wrong_Cert_DER[414]; +extern const uint8_t sChipTest_NOC_Ext_AKID_Length_Invalid_Cert_DER[516]; +extern const uint8_t sChipTest_ICAC_Ext_AKID_Length_Invalid_Cert_DER[450]; +extern const uint8_t sChipTest_RCAC_Ext_AKID_Length_Invalid_Cert_DER[415]; +extern const uint8_t sChipTest_NOC_Ext_SKID_Length_Invalid_Cert_DER[515]; +extern const uint8_t sChipTest_ICAC_Ext_SKID_Length_Invalid_Cert_DER[449]; +extern const uint8_t sChipTest_RCAC_Ext_SKID_Length_Invalid_Cert_DER[414]; +extern const uint8_t sChipTest_NOC_Oversized_Cert_CHIP[480]; +extern const uint8_t sChipTest_ICAC_Oversized_Cert_CHIP[463]; +extern const uint8_t sChipTest_RCAC_Oversized_Cert_CHIP[654]; +extern const uint8_t sChipTest_NOC_Serial_Number_Missing_Cert_CHIP[268]; +extern const uint8_t sChipTest_ICAC_Serial_Number_Missing_Cert_CHIP[251]; +extern const uint8_t sChipTest_RCAC_Serial_Number_Missing_Cert_CHIP[241]; +extern const uint8_t sChipTest_NOC_Sig_Algo_ECDSA_With_SHA1_Cert_CHIP[279]; +extern const uint8_t sChipTest_ICAC_Sig_Algo_ECDSA_With_SHA1_Cert_CHIP[262]; +extern const uint8_t sChipTest_RCAC_Sig_Algo_ECDSA_With_SHA1_Cert_CHIP[252]; +extern const uint8_t sChipTest_NOC_Issuer_Missing_Cert_CHIP[256]; +extern const uint8_t sChipTest_ICAC_Issuer_Missing_Cert_CHIP[249]; +extern const uint8_t sChipTest_RCAC_Issuer_Missing_Cert_CHIP[239]; +extern const uint8_t sChipTest_NOC_Validity_Not_Before_Missing_Cert_CHIP[273]; +extern const uint8_t sChipTest_ICAC_Validity_Not_Before_Missing_Cert_CHIP[256]; +extern const uint8_t sChipTest_RCAC_Validity_Not_Before_Missing_Cert_CHIP[246]; +extern const uint8_t sChipTest_NOC_Validity_Not_After_Missing_Cert_CHIP[273]; +extern const uint8_t sChipTest_ICAC_Validity_Not_After_Missing_Cert_CHIP[256]; +extern const uint8_t sChipTest_RCAC_Validity_Not_After_Missing_Cert_CHIP[246]; +extern const uint8_t sChipTest_NOC_Validity_Wrong_Cert_CHIP[279]; +extern const uint8_t sChipTest_ICAC_Validity_Wrong_Cert_CHIP[262]; +extern const uint8_t sChipTest_RCAC_Validity_Wrong_Cert_CHIP[252]; +extern const uint8_t sChipTest_NOC_Subject_Missing_Cert_CHIP[256]; +extern const uint8_t sChipTest_ICAC_Subject_Missing_Cert_CHIP[239]; +extern const uint8_t sChipTest_RCAC_Subject_Missing_Cert_CHIP[239]; +extern const uint8_t sChipTest_NOC_Subject_MatterId_Missing_Cert_CHIP[269]; +extern const uint8_t sChipTest_ICAC_Subject_MatterId_Missing_Cert_CHIP[252]; +extern const uint8_t sChipTest_RCAC_Subject_MatterId_Missing_Cert_CHIP[232]; +extern const uint8_t sChipTest_NOC_Subject_NodeId_Invalid_Cert_CHIP[279]; +extern const uint8_t sChipTest_NOC_Subject_MatterId_Twice_Cert_CHIP[289]; +extern const uint8_t sChipTest_ICAC_Subject_MatterId_Twice_Cert_CHIP[272]; +extern const uint8_t sChipTest_RCAC_Subject_MatterId_Twice_Cert_CHIP[272]; +extern const uint8_t sChipTest_NOC_Subject_FabricId_Missing_Cert_CHIP[269]; +extern const uint8_t sChipTest_NOC_Subject_FabricId_Invalid_Cert_CHIP[272]; +extern const uint8_t sChipTest_ICAC_Subject_FabricId_Invalid_Cert_CHIP[255]; +extern const uint8_t sChipTest_RCAC_Subject_FabricId_Invalid_Cert_CHIP[238]; +extern const uint8_t sChipTest_NOC_Subject_FabricId_Twice_Cert_CHIP[289]; +extern const uint8_t sChipTest_ICAC_Subject_FabricId_Twice_Cert_CHIP[272]; +extern const uint8_t sChipTest_RCAC_Subject_FabricId_Twice_Cert_CHIP[272]; +extern const uint8_t sChipTest_NOC_Subject_CAT_Invalid_Cert_CHIP[285]; +extern const uint8_t sChipTest_ICAC_Subject_CAT_Invalid_Cert_CHIP[268]; +extern const uint8_t sChipTest_RCAC_Subject_CAT_Invalid_Cert_CHIP[264]; +extern const uint8_t sChipTest_NOC_Subject_CAT_Twice_Cert_CHIP[291]; +extern const uint8_t sChipTest_ICAC_Subject_CAT_Twice_Cert_CHIP[274]; +extern const uint8_t sChipTest_RCAC_Subject_CAT_Twice_Cert_CHIP[276]; +extern const uint8_t sChipTest_NOC_Sig_Curve_Secp256k1_Cert_CHIP[279]; +extern const uint8_t sChipTest_ICAC_Sig_Curve_Secp256k1_Cert_CHIP[262]; +extern const uint8_t sChipTest_RCAC_Sig_Curve_Secp256k1_Cert_CHIP[252]; +extern const uint8_t sChipTest_NOC_PublicKey_Wrong_Cert_CHIP[279]; +extern const uint8_t sChipTest_ICAC_PublicKey_Wrong_Cert_CHIP[262]; +extern const uint8_t sChipTest_RCAC_PublicKey_Wrong_Cert_CHIP[252]; +extern const uint8_t sChipTest_NOC_Ext_Basic_Missing_Cert_CHIP[274]; +extern const uint8_t sChipTest_ICAC_Ext_Basic_Missing_Cert_CHIP[257]; +extern const uint8_t sChipTest_RCAC_Ext_Basic_Missing_Cert_CHIP[247]; +extern const uint8_t sChipTest_NOC_Ext_Basic_CA_Missing_Cert_CHIP[277]; +extern const uint8_t sChipTest_ICAC_Ext_Basic_CA_Missing_Cert_CHIP[260]; +extern const uint8_t sChipTest_RCAC_Ext_Basic_CA_Missing_Cert_CHIP[250]; +extern const uint8_t sChipTest_NOC_Ext_Basic_CA_Wrong_Cert_CHIP[279]; +extern const uint8_t sChipTest_ICAC_Ext_Basic_CA_Wrong_Cert_CHIP[262]; +extern const uint8_t sChipTest_RCAC_Ext_Basic_CA_Wrong_Cert_CHIP[252]; +extern const uint8_t sChipTest_NOC_Ext_Basic_PathLen_Presence_Wrong_Cert_CHIP[279]; +extern const uint8_t sChipTest_ICAC_Ext_Basic_PathLen_Presence_Wrong_Cert_CHIP[262]; +extern const uint8_t sChipTest_RCAC_Ext_Basic_PathLen_Presence_Wrong_Cert_CHIP[252]; +extern const uint8_t sChipTest_NOC_Ext_Basic_PathLen2_Cert_CHIP[279]; +extern const uint8_t sChipTest_ICAC_Ext_Basic_PathLen2_Cert_CHIP[262]; +extern const uint8_t sChipTest_RCAC_Ext_Basic_PathLen2_Cert_CHIP[252]; +extern const uint8_t sChipTest_NOC_Ext_KeyUsage_Missing_Cert_CHIP[276]; +extern const uint8_t sChipTest_ICAC_Ext_KeyUsage_Missing_Cert_CHIP[259]; +extern const uint8_t sChipTest_RCAC_Ext_KeyUsage_Missing_Cert_CHIP[249]; +extern const uint8_t sChipTest_NOC_Ext_KeyUsage_KeyCertSign_Wrong_Cert_CHIP[279]; +extern const uint8_t sChipTest_ICAC_Ext_KeyUsage_KeyCertSign_Wrong_Cert_CHIP[262]; +extern const uint8_t sChipTest_RCAC_Ext_KeyUsage_KeyCertSign_Wrong_Cert_CHIP[252]; +extern const uint8_t sChipTest_NOC_Ext_AKID_Missing_Cert_CHIP[256]; +extern const uint8_t sChipTest_ICAC_Ext_AKID_Missing_Cert_CHIP[239]; +extern const uint8_t sChipTest_RCAC_Ext_AKID_Missing_Cert_CHIP[229]; +extern const uint8_t sChipTest_NOC_Ext_AKID_Length_Invalid_Cert_CHIP[278]; +extern const uint8_t sChipTest_ICAC_Ext_AKID_Length_Invalid_Cert_CHIP[261]; +extern const uint8_t sChipTest_RCAC_Ext_AKID_Length_Invalid_Cert_CHIP[251]; +extern const uint8_t sChipTest_NOC_Ext_SKID_Missing_Cert_CHIP[256]; +extern const uint8_t sChipTest_ICAC_Ext_SKID_Missing_Cert_CHIP[239]; +extern const uint8_t sChipTest_RCAC_Ext_SKID_Missing_Cert_CHIP[229]; +extern const uint8_t sChipTest_NOC_Ext_SKID_Length_Invalid_Cert_CHIP[278]; +extern const uint8_t sChipTest_ICAC_Ext_SKID_Length_Invalid_Cert_CHIP[261]; +extern const uint8_t sChipTest_RCAC_Ext_SKID_Length_Invalid_Cert_CHIP[251]; +extern const uint8_t sChipTest_NOC_Signature_Wrong_Cert_CHIP[279]; +extern const uint8_t sChipTest_ICAC_Signature_Wrong_Cert_CHIP[262]; +extern const uint8_t sChipTest_RCAC_Signature_Wrong_Cert_CHIP[252]; } // namespace TestCerts } // namespace chip diff --git a/src/credentials/tests/TestChipCert.cpp b/src/credentials/tests/TestChipCert.cpp index a61da27841e4ef..97db2695424514 100644 --- a/src/credentials/tests/TestChipCert.cpp +++ b/src/credentials/tests/TestChipCert.cpp @@ -190,6 +190,74 @@ static void TestChipCert_ChipToX509(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_INVALID_TLV_TAG); } +static void TestChipCert_ChipToX509_ErrorCases(nlTestSuite * inSuite, void * inContext) +{ + CHIP_ERROR err; + uint8_t outCertBuf[kMaxDERCertLength]; + + for (auto chipCert : gTestCert_ChipToX509_ErrorCases) + { + MutableByteSpan outCert(outCertBuf); + + err = ConvertChipCertToX509Cert(chipCert, outCert); + NL_TEST_ASSERT(inSuite, err != CHIP_NO_ERROR); + } +} + +static void TestChipCert_ChipCertLoad_ErrorCases(nlTestSuite * inSuite, void * inContext) +{ + CHIP_ERROR err; + ChipCertificateSet certSet; + + err = certSet.Init(1); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); + + for (auto chipCert : gTestCert_ChipCertLoad_ErrorCases) + { + err = certSet.LoadCert(chipCert, sNullDecodeFlag); + NL_TEST_ASSERT(inSuite, err != CHIP_NO_ERROR); + + certSet.Clear(); + } + + certSet.Release(); +} + +static void TestChipCert_ValidateChipRCAC_ErrorCases(nlTestSuite * inSuite, void * inContext) +{ + CHIP_ERROR err; + + for (auto chipCert : gTestCert_ValidateChipRCAC_ErrorCases) + { + err = ValidateChipRCAC(chipCert); + NL_TEST_ASSERT(inSuite, err != CHIP_NO_ERROR); + } +} + +static void TestChipCert_GetCertType_ErrorCases(nlTestSuite * inSuite, void * inContext) +{ + CHIP_ERROR err; + ChipCertificateSet certSet; + + err = certSet.Init(1); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); + + for (auto chipCert : gTestCert_GetCertType_ErrorCases) + { + uint8_t certType; + + err = certSet.LoadCert(chipCert, sNullDecodeFlag); + NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); + + err = certSet.GetCertSet()->mSubjectDN.GetCertType(certType); + NL_TEST_ASSERT(inSuite, err != CHIP_NO_ERROR || certType == kCertType_NotSpecified); + + certSet.Clear(); + } + + certSet.Release(); +} + static void TestChipCert_X509ToChip(nlTestSuite * inSuite, void * inContext) { CHIP_ERROR err; @@ -213,6 +281,20 @@ static void TestChipCert_X509ToChip(nlTestSuite * inSuite, void * inContext) } } +static void TestChipCert_X509ToChip_ErrorCases(nlTestSuite * inSuite, void * inContext) +{ + CHIP_ERROR err; + uint8_t outCertBuf[kMaxCHIPCertLength]; + + for (auto derCert : gTestCert_X509ToChip_ErrorCases) + { + MutableByteSpan outCert(outCertBuf); + + err = ConvertX509CertToChipCert(derCert, outCert); + NL_TEST_ASSERT(inSuite, err != CHIP_NO_ERROR); + } +} + static void TestChipCert_ChipDN(nlTestSuite * inSuite, void * inContext) { const static char noc_rdn[] = "Test NOC"; @@ -1875,14 +1957,14 @@ static void TestChipCert_ExtractAndValidateCATsFromOpCert(nlTestSuite * inSuite, // Error case: NOC with invalid CAT version. { CATValues cats; - CHIP_ERROR err = ExtractCATsFromOpCert(kTestErrorCert_NOC_0001_InvCATVerZero_Cert, cats); + CHIP_ERROR err = ExtractCATsFromOpCert(ByteSpan(sChipTest_NOC_Subject_CAT_Invalid_Cert_CHIP), cats); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_INVALID_ARGUMENT); } // Error case: NOC with multiple versions of the same CAT tag. { CATValues cats; - CHIP_ERROR err = ExtractCATsFromOpCert(kTestErrorCert_NOC_0002_InvCATMulVers_Cert, cats); + CHIP_ERROR err = ExtractCATsFromOpCert(ByteSpan(sChipTest_NOC_Subject_CAT_Twice_Cert_CHIP), cats); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_WRONG_CERT_DN); } } @@ -2038,7 +2120,12 @@ int TestChipCert_Teardown(void * inContext) // clang-format off static const nlTest sTests[] = { NL_TEST_DEF("Test CHIP Certificate CHIP to X509 Conversion", TestChipCert_ChipToX509), + NL_TEST_DEF("Test CHIP Certificate CHIP to X509 Conversion - Error Cases", TestChipCert_ChipToX509_ErrorCases), + NL_TEST_DEF("Test CHIP Certificate Loading - Error Cases", TestChipCert_ChipCertLoad_ErrorCases), + NL_TEST_DEF("Test CHIP Certificate Validate RCAC - Error Cases", TestChipCert_ValidateChipRCAC_ErrorCases), + NL_TEST_DEF("Test CHIP Certificate Get Cert Type from Subject - Error Cases", TestChipCert_GetCertType_ErrorCases), NL_TEST_DEF("Test CHIP Certificate X509 to CHIP Conversion", TestChipCert_X509ToChip), + NL_TEST_DEF("Test CHIP Certificate X509 to CHIP Conversion - Error Cases", TestChipCert_X509ToChip_ErrorCases), NL_TEST_DEF("Test CHIP Certificate Distinguish Name", TestChipCert_ChipDN), NL_TEST_DEF("Test CHIP Certificate Validation", TestChipCert_CertValidation), NL_TEST_DEF("Test CHIP Certificate Validation time", TestChipCert_CertValidTime), diff --git a/src/tools/chip-cert/CertUtils.cpp b/src/tools/chip-cert/CertUtils.cpp index d275c9bf575929..ed7f09d040ad26 100644 --- a/src/tools/chip-cert/CertUtils.cpp +++ b/src/tools/chip-cert/CertUtils.cpp @@ -500,7 +500,7 @@ bool SetKeyUsageExtension(X509 * cert, bool isCA, CertStructConfig & certConfig) * value of the BIT STRING subjectPublicKey (excluding the tag, * length, and number of unused bits). */ -bool AddSubjectKeyId(X509 * cert) +bool AddSubjectKeyId(X509 * cert, bool isSKIDLengthValid) { bool res = true; ASN1_BIT_STRING * pk = X509_get0_pubkey_bitstr(cert); @@ -519,6 +519,11 @@ bool AddSubjectKeyId(X509 * cert) ExitNow(res = false); } + if (!isSKIDLengthValid) + { + pkHashLen--; + } + if (!ASN1_STRING_set(pkHashOS.get(), pkHash, static_cast(pkHashLen))) { ReportOpenSSLErrorAndExit("ASN1_STRING_set", res = false); @@ -533,7 +538,7 @@ bool AddSubjectKeyId(X509 * cert) return res; } -bool AddAuthorityKeyId(X509 * cert, X509 * caCert) +bool AddAuthorityKeyId(X509 * cert, X509 * caCert, bool isAKIDLengthValid) { bool res = true; int isCritical; @@ -546,6 +551,11 @@ bool AddAuthorityKeyId(X509 * cert, X509 * caCert) ReportOpenSSLErrorAndExit("X509_get_ext_d2i", res = false); } + if (!isAKIDLengthValid) + { + akid->keyid->length = 19; + } + if (!X509_add1_ext_i2d(cert, NID_authority_key_identifier, akid.get(), 0, X509V3_ADD_APPEND)) { ReportOpenSSLErrorAndExit("X509_add1_ext_i2d", res = false); @@ -922,7 +932,7 @@ bool MakeCert(uint8_t certType, const ToolChipDN * subjectDN, X509 * caCert, EVP // Add a subject key id extension for the certificate. if (certConfig.IsExtensionSKIDPresent()) { - res = AddSubjectKeyId(newCert); + res = AddSubjectKeyId(newCert, certConfig.IsExtensionSKIDLengthValid()); VerifyTrueOrExit(res); } @@ -932,9 +942,9 @@ bool MakeCert(uint8_t certType, const ToolChipDN * subjectDN, X509 * caCert, EVP { if ((certType == kCertType_Root) && !certConfig.IsExtensionSKIDPresent()) { - res = AddSubjectKeyId(newCert); + res = AddSubjectKeyId(newCert, certConfig.IsExtensionSKIDLengthValid()); VerifyTrueOrExit(res); - res = AddAuthorityKeyId(newCert, newCert); + res = AddAuthorityKeyId(newCert, newCert, certConfig.IsExtensionAKIDLengthValid()); VerifyTrueOrExit(res); // Remove that temporary added subject key id @@ -949,7 +959,7 @@ bool MakeCert(uint8_t certType, const ToolChipDN * subjectDN, X509 * caCert, EVP } else { - res = AddAuthorityKeyId(newCert, caCert); + res = AddAuthorityKeyId(newCert, caCert, certConfig.IsExtensionAKIDLengthValid()); VerifyTrueOrExit(res); } } @@ -1110,7 +1120,7 @@ CHIP_ERROR MakeCertChipTLV(uint8_t certType, const ToolChipDN * subjectDN, X509 if (certConfig.IsExtensionBasicCAPresent()) { ReturnErrorOnFailure(writer.PutBoolean(ContextTag(kTag_BasicConstraints_IsCA), - certConfig.IsExtensionBasicCACorrect() ? true : false)); + certConfig.IsExtensionBasicCACorrect() ? isCA : !isCA)); } // TODO if (pathLen != kPathLength_NotSpecified) @@ -1146,7 +1156,11 @@ CHIP_ERROR MakeCertChipTLV(uint8_t certType, const ToolChipDN * subjectDN, X509 if (certConfig.IsExtensionBasicPresent()) { ReturnErrorOnFailure(writer.StartContainer(ContextTag(kTag_BasicConstraints), kTLVType_Structure, containerType3)); - ReturnErrorOnFailure(writer.PutBoolean(ContextTag(kTag_BasicConstraints_IsCA), false)); + if (certConfig.IsExtensionBasicCAPresent()) + { + ReturnErrorOnFailure(writer.PutBoolean(ContextTag(kTag_BasicConstraints_IsCA), + certConfig.IsExtensionBasicCACorrect() ? isCA : !isCA)); + } ReturnErrorOnFailure(writer.EndContainer(containerType3)); } @@ -1190,14 +1204,16 @@ CHIP_ERROR MakeCertChipTLV(uint8_t certType, const ToolChipDN * subjectDN, X509 if (certConfig.IsExtensionSKIDPresent()) { ReturnErrorOnFailure(Crypto::Hash_SHA1(subjectPubkey, sizeof(subjectPubkey), keyid)); - ReturnErrorOnFailure(writer.Put(ContextTag(kTag_SubjectKeyIdentifier), ByteSpan(keyid))); + size_t keyIdLen = certConfig.IsExtensionSKIDLengthValid() ? sizeof(keyid) : sizeof(keyid) - 1; + ReturnErrorOnFailure(writer.Put(ContextTag(kTag_SubjectKeyIdentifier), ByteSpan(keyid, keyIdLen))); } // authority key identifier if (certConfig.IsExtensionAKIDPresent()) { ReturnErrorOnFailure(Crypto::Hash_SHA1(issuerPubkey, sizeof(issuerPubkey), keyid)); - ReturnErrorOnFailure(writer.Put(ContextTag(kTag_AuthorityKeyIdentifier), ByteSpan(keyid))); + size_t keyIdLen = certConfig.IsExtensionAKIDLengthValid() ? sizeof(keyid) : sizeof(keyid) - 1; + ReturnErrorOnFailure(writer.Put(ContextTag(kTag_AuthorityKeyIdentifier), ByteSpan(keyid, keyIdLen))); } for (uint8_t i = 0; i < futureExtsCount; i++) @@ -1252,7 +1268,7 @@ bool ResignCert(X509 * cert, X509 * caCert, EVP_PKEY * caKey) } } - res = AddAuthorityKeyId(cert, caCert); + res = AddAuthorityKeyId(cert, caCert, true); VerifyTrueOrExit(res); if (!X509_sign(cert, caKey, EVP_sha256())) @@ -1418,14 +1434,14 @@ bool MakeAttCert(AttCertType attCertType, const char * subjectCN, uint16_t subje if (certConfig.IsExtensionSKIDPresent()) { // Add a subject key id extension for the certificate. - res = AddSubjectKeyId(newCert); + res = AddSubjectKeyId(newCert, certConfig.IsExtensionSKIDLengthValid()); VerifyTrueOrExit(res); } if (certConfig.IsExtensionAKIDPresent()) { // Add the authority key id extension from the signing certificate. - res = AddAuthorityKeyId(newCert, caCert); + res = AddAuthorityKeyId(newCert, caCert, certConfig.IsExtensionAKIDLengthValid()); VerifyTrueOrExit(res); } diff --git a/src/tools/chip-cert/Cmd_GenCert.cpp b/src/tools/chip-cert/Cmd_GenCert.cpp index 32be5bdcbaf589..c17780eec584d4 100644 --- a/src/tools/chip-cert/Cmd_GenCert.cpp +++ b/src/tools/chip-cert/Cmd_GenCert.cpp @@ -230,14 +230,16 @@ const char * const gCmdOptionHelp = " validity-wrong - Certificate will have validity not-before and not-after values switched,\n" " where not-before will have greater value than not-after.\n" " subject-missing - Certificate won't have required Subject field.\n" - " subject-node-id-missing - Subject won't have NodeId attribute.\n" + " subject-matter-id-missing - Subject won't have Matter Id (Node, ICAC or RCAC identifier) attribute.\n" " subject-node-id-invalid - Subject will include invalid NodeId value.\n" - " subject-node-id-twice - Subject will include two NodeId attributes.\n" + " subject-matter-id-twice - Subject will include two Matter Id (Node, ICAC or RCAC identifier) attributes.\n" " subject-fabric-id-missing - Subject won't have FabricId attribute.\n" " subject-fabric-id-invalid - Subject will include invalid FabricId value.\n" " subject-fabric-id-twice - Subject will include two FabricId attributes.\n" " subject-fabric-id-mismatch - The FabricId in the subject won't match FabricId in the issuer field.\n" " subject-cat-invalid - Subject will include invalid CASE Authenticated Tag (CAT) value.\n" + " subject-cat-twice - Subject will include two valid CAT attributes with same Value component\n" + " but different Version components.\n" " sig-curve - Use secp256k1 curve to generate certificate signature instead of\n" " required secp256r1 (aka prime256v1).\n" " publickey - Error will be injected in one of the bytes of the public key value.\n" @@ -246,8 +248,8 @@ const char * const gCmdOptionHelp = " ext-basic-critical-missing - Basic Constraint extension won't have critical field.\n" " ext-basic-critical-wrong - Basic Constraint extension will be marked as non-critical.\n" " ext-basic-ca-missing - Basic Constraint extension won't have cA field.\n" - " ext-basic-ca-wrong - Basic Constraint extension cA field will be set to TRUE for DAC\n" - " and to FALSE for PAI and PAA.\n" + " ext-basic-ca-wrong - Basic Constraint extension cA field will be set to TRUE for NOC\n" + " and to FALSE for ICAC/RCAC.\n" " ext-basic-pathlen-presence-wrong - Basic Constraint extension will include pathLen field for NOC.\n" " ext-basic-pathlen0 - Basic Constraint extension pathLen field will be set to 0.\n" " ext-basic-pathlen1 - Basic Constraint extension pathLen field will be set to 1.\n" @@ -261,8 +263,10 @@ const char * const gCmdOptionHelp = " and won't be set for ICAC/RCAC.\n" " ext-key-usage-crl-sign - Key Usage extension cRLSign flag will be set for NOC\n" " and won't set for ICAC/RCAC.\n" - " ext-akid-missing - Certificate won't have required Authority Key ID extension.\n" - " ext-skid-missing - Certificate won't have required Subject Key ID extension.\n" + " ext-akid-missing - Certificate won't have required Authority Key ID (AKID) extension.\n" + " ext-akid-len-invalid - Authority Key ID (AKID) extension length is 19 bytes instead of required 20.\n" + " ext-skid-missing - Certificate won't have required Subject Key ID (SKID) extension.\n" + " ext-skid-len-invalid - Subject Key ID (SKID) extension length is 19 bytes instead of required 20.\n" " ext-extended-key-usage-missing - Certificate won't have required Extended Key Usage extension.\n" " signature - Error will be injected in one of the bytes of the signature value.\n" "\n" @@ -361,7 +365,7 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char PrintArgError("%s: Invalid value specified for chip node-id attribute: %s\n", progName, arg); return false; } - if (gCertConfig.IsSubjectNodeIdPresent()) + if (gCertConfig.IsSubjectMatterIdPresent()) { if (gCertConfig.IsSubjectNodeIdValid()) { @@ -371,7 +375,7 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char { err = gSubjectDN.AddAttribute_MatterNodeId(chip::kMaxOperationalNodeId + 10); } - if ((err == CHIP_NO_ERROR) && gCertConfig.IsSubjectNodeIdRepeatsTwice()) + if ((err == CHIP_NO_ERROR) && gCertConfig.IsSubjectMatterIdRepeatsTwice()) { err = gSubjectDN.AddAttribute_MatterNodeId(chip64bitAttr + 1); } @@ -381,10 +385,24 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char err = gSubjectDN.AddAttribute_MatterFirmwareSigningId(chip64bitAttr); break; case kCertType_ICA: - err = gSubjectDN.AddAttribute_MatterICACId(chip64bitAttr); + if (gCertConfig.IsSubjectMatterIdPresent()) + { + err = gSubjectDN.AddAttribute_MatterICACId(chip64bitAttr); + if ((err == CHIP_NO_ERROR) && gCertConfig.IsSubjectMatterIdRepeatsTwice()) + { + err = gSubjectDN.AddAttribute_MatterICACId(chip64bitAttr + 1); + } + } break; case kCertType_Root: - err = gSubjectDN.AddAttribute_MatterRCACId(chip64bitAttr); + if (gCertConfig.IsSubjectMatterIdPresent()) + { + err = gSubjectDN.AddAttribute_MatterRCACId(chip64bitAttr); + if ((err == CHIP_NO_ERROR) && gCertConfig.IsSubjectMatterIdRepeatsTwice()) + { + err = gSubjectDN.AddAttribute_MatterRCACId(chip64bitAttr + 1); + } + } break; default: PrintArgError("%s: Certificate type argument should be specified prior to subject attribute: %s\n", progName, arg); @@ -822,17 +840,17 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char { gCertConfig.SetSubjectMissing(); } - else if (strcmp(arg, "subject-node-id-missing") == 0) + else if (strcmp(arg, "subject-matter-id-missing") == 0) { - gCertConfig.SetSubjectNodeIdMissing(); + gCertConfig.SetSubjectMatterIdMissing(); } else if (strcmp(arg, "subject-node-id-invalid") == 0) { gCertConfig.SetSubjectNodeIdInvalid(); } - else if (strcmp(arg, "subject-node-id-twice") == 0) + else if (strcmp(arg, "subject-matter-id-twice") == 0) { - gCertConfig.SetSubjectNodeIdTwice(); + gCertConfig.SetSubjectMatterIdTwice(); } else if (strcmp(arg, "subject-fabric-id-missing") == 0) { @@ -854,6 +872,10 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char { gCertConfig.SetSubjectCATInvalid(); } + else if (strcmp(arg, "subject-cat-twice") == 0) + { + gCertConfig.SetSubjectCATTwice(); + } else if (strcmp(arg, "sig-curve") == 0) { gCertConfig.SetSigCurveWrong(); @@ -926,10 +948,18 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char { gCertConfig.SetExtensionAKIDMissing(); } + else if (strcmp(arg, "ext-akid-len-invalid") == 0) + { + gCertConfig.SetExtensionAKIDLengthInvalid(); + } else if (strcmp(arg, "ext-skid-missing") == 0) { gCertConfig.SetExtensionSKIDMissing(); } + else if (strcmp(arg, "ext-skid-len-invalid") == 0) + { + gCertConfig.SetExtensionSKIDLengthInvalid(); + } else if (strcmp(arg, "ext-extended-key-usage-missing") == 0) { gCertConfig.SetExtensionExtendedKeyUsageMissing(); @@ -991,7 +1021,7 @@ bool Cmd_GenCert(int argc, char * argv[]) "certificates.\n"); } - if (gSubjectDN.IsEmpty()) + if (gSubjectDN.IsEmpty() && gCertConfig.IsSubjectMatterIdPresent()) { fprintf(stderr, "Please specify the subject DN attributes.\n"); ExitNow(res = false); @@ -1012,9 +1042,15 @@ bool Cmd_GenCert(int argc, char * argv[]) } } - if (!gCertConfig.IsSubjectCATValid()) + if (!gCertConfig.IsSubjectCATValid() || gCertConfig.IsSubjectCATRepeatsTwice()) { - err = gSubjectDN.AddAttribute_MatterCASEAuthTag(0xABCD0000); + uint32_t cat = gCertConfig.IsSubjectCATValid() ? 0xABCD0010 : 0xABCD0000; + + err = gSubjectDN.AddAttribute_MatterCASEAuthTag(cat); + if ((err == CHIP_NO_ERROR) && gCertConfig.IsSubjectCATRepeatsTwice()) + { + err = gSubjectDN.AddAttribute_MatterCASEAuthTag(cat + 8); + } if (err != CHIP_NO_ERROR) { fprintf(stderr, "Failed to add Invalid CAT to the Subject DN: %s\n", chip::ErrorStr(err)); diff --git a/src/tools/chip-cert/Cmd_PrintCert.cpp b/src/tools/chip-cert/Cmd_PrintCert.cpp index 5ccc9fb536b446..76110b8dca5981 100644 --- a/src/tools/chip-cert/Cmd_PrintCert.cpp +++ b/src/tools/chip-cert/Cmd_PrintCert.cpp @@ -263,11 +263,8 @@ bool PrintCert(const char * fileName, X509 * cert) fprintf(file, "Extensions:\n"); indent += 4; - if (certData->mCertFlags.Has(CertFlags::kIsCA)) - { - Indent(file, indent); - fprintf(file, "Is CA : true\n"); - } + Indent(file, indent); + fprintf(file, "Is CA : %s\n", certData->mCertFlags.Has(CertFlags::kIsCA) ? "true" : "false"); if (certData->mCertFlags.Has(CertFlags::kPathLenConstraintPresent)) { diff --git a/src/tools/chip-cert/chip-cert.h b/src/tools/chip-cert/chip-cert.h index fe5d8e7f4d2160..28bd05a907a024 100644 --- a/src/tools/chip-cert/chip-cert.h +++ b/src/tools/chip-cert/chip-cert.h @@ -179,7 +179,9 @@ class CertStructConfig void SetExtensionKeyUsageKeyCertSignWrong() { mFlags.Set(CertErrorFlags::kExtKeyUsageKeyCertSign); } void SetExtensionKeyUsageCRLSignWrong() { mFlags.Set(CertErrorFlags::kExtKeyUsageCRLSign); } void SetExtensionAKIDMissing() { mFlags.Set(CertErrorFlags::kExtAKIDMissing); } + void SetExtensionAKIDLengthInvalid() { mFlags.Set(CertErrorFlags::kExtAKIDLenInvalid); } void SetExtensionSKIDMissing() { mFlags.Set(CertErrorFlags::kExtSKIDMissing); } + void SetExtensionSKIDLengthInvalid() { mFlags.Set(CertErrorFlags::kExtSKIDLenInvalid); } void SetExtensionExtendedKeyUsagePresent() { mFlags.Set(CertErrorFlags::kExtExtendedKeyUsage); } void SetExtensionAuthorityInfoAccessPresent() { mFlags.Set(CertErrorFlags::kExtAuthorityInfoAccess); } void SetExtensionSubjectAltNamePresent() { mFlags.Set(CertErrorFlags::kExtSubjectAltName); } @@ -192,14 +194,15 @@ class CertStructConfig void SetValidityNotAfterMissing() { mFlags.Set(CertErrorFlags::kValidityNotAfterMissing); } void SetValidityWrong() { mFlags.Set(CertErrorFlags::kValidityWrong); } void SetSubjectMissing() { mFlags.Set(CertErrorFlags::kSubjectMissing); } - void SetSubjectNodeIdMissing() { mFlags.Set(CertErrorFlags::kSubjectNodeIdMissing); } + void SetSubjectMatterIdMissing() { mFlags.Set(CertErrorFlags::kSubjectMatterIdMissing); } void SetSubjectNodeIdInvalid() { mFlags.Set(CertErrorFlags::kSubjectNodeIdInvalid); } - void SetSubjectNodeIdTwice() { mFlags.Set(CertErrorFlags::kSubjectNodeIdTwice); } + void SetSubjectMatterIdTwice() { mFlags.Set(CertErrorFlags::kSubjectMatterIdTwice); } void SetSubjectFabricIdMissing() { mFlags.Set(CertErrorFlags::kSubjectFabricIdMissing); } void SetSubjectFabricIdInvalid() { mFlags.Set(CertErrorFlags::kSubjectFabricIdInvalid); } void SetSubjectFabricIdTwice() { mFlags.Set(CertErrorFlags::kSubjectFabricIdTwice); } void SetSubjectFabricIdMismatch() { mFlags.Set(CertErrorFlags::kSubjectFabricIdMismatch); } void SetSubjectCATInvalid() { mFlags.Set(CertErrorFlags::kSubjectCATInvalid); } + void SetSubjectCATTwice() { mFlags.Set(CertErrorFlags::kSubjectCATTwice); } void SetExtensionExtendedKeyUsageMissing() { mFlags.Set(CertErrorFlags::kExtExtendedKeyUsageMissing); } bool IsErrorTestCaseEnabled() { return mEnabled; } @@ -305,7 +308,9 @@ class CertStructConfig bool IsExtensionKeyUsageKeyCertSignCorrect() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kExtKeyUsageKeyCertSign)); } bool IsExtensionKeyUsageCRLSignCorrect() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kExtKeyUsageCRLSign)); } bool IsExtensionAKIDPresent() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kExtAKIDMissing)); } + bool IsExtensionAKIDLengthValid() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kExtAKIDLenInvalid)); } bool IsExtensionSKIDPresent() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kExtSKIDMissing)); } + bool IsExtensionSKIDLengthValid() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kExtSKIDLenInvalid)); } bool IsExtensionExtendedKeyUsagePresent() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtExtendedKeyUsage)); } bool IsExtensionAuthorityInfoAccessPresent() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtAuthorityInfoAccess)); } bool IsExtensionSubjectAltNamePresent() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtSubjectAltName)); } @@ -319,14 +324,15 @@ class CertStructConfig bool IsValidityNotAfterPresent() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kValidityNotAfterMissing)); } bool IsValidityCorrect() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kValidityWrong)); } bool IsSubjectPresent() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kSubjectMissing)); } - bool IsSubjectNodeIdPresent() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kSubjectNodeIdMissing)); } + bool IsSubjectMatterIdPresent() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kSubjectMatterIdMissing)); } bool IsSubjectNodeIdValid() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kSubjectNodeIdInvalid)); } - bool IsSubjectNodeIdRepeatsTwice() { return (mEnabled && mFlags.Has(CertErrorFlags::kSubjectNodeIdTwice)); } + bool IsSubjectMatterIdRepeatsTwice() { return (mEnabled && mFlags.Has(CertErrorFlags::kSubjectMatterIdTwice)); } bool IsSubjectFabricIdPresent() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kSubjectFabricIdMissing)); } bool IsSubjectFabricIdValid() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kSubjectFabricIdInvalid)); } bool IsSubjectFabricIdRepeatsTwice() { return (mEnabled && mFlags.Has(CertErrorFlags::kSubjectFabricIdTwice)); } bool IsSubjectFabricIdMismatch() { return (mEnabled && mFlags.Has(CertErrorFlags::kSubjectFabricIdMismatch)); } bool IsSubjectCATValid() { return (!mEnabled || !mFlags.Has(CertErrorFlags::kSubjectCATInvalid)); } + bool IsSubjectCATRepeatsTwice() { return (mEnabled && mFlags.Has(CertErrorFlags::kSubjectCATTwice)); } bool IsExtensionExtendedKeyUsageMissing() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtExtendedKeyUsageMissing)); } static constexpr uint8_t kPublicKeyErrorByte = 20; @@ -356,11 +362,13 @@ class CertStructConfig kExtKeyUsageKeyCertSign = 0x0000000000080000, kExtKeyUsageCRLSign = 0x0000000000100000, kExtAKIDMissing = 0x0000000000200000, - kExtSKIDMissing = 0x0000000000400000, - kExtExtendedKeyUsage = 0x0000000000800000, // DA specific - kExtAuthorityInfoAccess = 0x0000000001000000, // DA specific - kExtSubjectAltName = 0x0000000002000000, // DA specific - kSignature = 0x0000000004000000, + kExtAKIDLenInvalid = 0x0000000000400000, + kExtSKIDMissing = 0x0000000000800000, + kExtSKIDLenInvalid = 0x0000000001000000, + kExtExtendedKeyUsage = 0x0000000002000000, // DA specific + kExtAuthorityInfoAccess = 0x0000000004000000, // DA specific + kExtSubjectAltName = 0x0000000008000000, // DA specific + kSignature = 0x0000000010000000, // Op Cert Specific Flags: kCertOversized = 0x0000000100000000, @@ -370,15 +378,16 @@ class CertStructConfig kValidityNotAfterMissing = 0x0000001000000000, kValidityWrong = 0x0000002000000000, kSubjectMissing = 0x0000004000000000, - kSubjectNodeIdMissing = 0x0000008000000000, + kSubjectMatterIdMissing = 0x0000008000000000, kSubjectNodeIdInvalid = 0x0000010000000000, - kSubjectNodeIdTwice = 0x0000020000000000, + kSubjectMatterIdTwice = 0x0000020000000000, kSubjectFabricIdMissing = 0x0000040000000000, kSubjectFabricIdInvalid = 0x0000080000000000, kSubjectFabricIdTwice = 0x0000100000000000, kSubjectFabricIdMismatch = 0x0000200000000000, kSubjectCATInvalid = 0x0000400000000000, - kExtExtendedKeyUsageMissing = 0x0000800000000000, + kSubjectCATTwice = 0x0000800000000000, + kExtExtendedKeyUsageMissing = 0x0001000000000000, }; static constexpr uint32_t kExtraBufferLengthForOvesizedCert = 300; diff --git a/src/tools/chip-cert/gen_com_dut_test_vectors.py b/src/tools/chip-cert/gen_com_dut_test_vectors.py index 3fb099d81c0052..96a8e88e6006bb 100755 --- a/src/tools/chip-cert/gen_com_dut_test_vectors.py +++ b/src/tools/chip-cert/gen_com_dut_test_vectors.py @@ -690,7 +690,7 @@ def __init__(self, cert_type: CertType, error_type: str, paa_path: str, test_cas def make_certs_and_keys(self) -> None: """Creates the PEM and DER certs and keyfiles""" - error_type_flag = ' -I -E' + self.error_type + error_type_flag = ' -I -E ' + self.error_type subject_name = self.custom_cn_attribute vid_flag = ' -V 0x{:X}'.format(self.vid) pid_flag = ' -P 0x{:X}'.format(self.pid) @@ -793,7 +793,7 @@ def main(): argparser.add_argument('-d', '--cd', dest='cdpath', default='credentials/test/certification-declaration/Chip-Test-CD-Signing-', help='CD Signing Key/Cert to use') - argparser.add_argument('-c', '--chip-cert_dir', dest='chipcertdir', + argparser.add_argument('-c', '--chip-cert-dir', dest='chipcertdir', default='out/debug/linux_x64_clang/', help='Directory where chip-cert tool is located') args = argparser.parse_args() diff --git a/src/tools/chip-cert/gen_op_cert_test_vectors.py b/src/tools/chip-cert/gen_op_cert_test_vectors.py new file mode 100755 index 00000000000000..4a737abad0dbb7 --- /dev/null +++ b/src/tools/chip-cert/gen_op_cert_test_vectors.py @@ -0,0 +1,733 @@ +#!/usr/bin/env python + +import argparse +import json +import os +import subprocess +import sys +import typing +import cryptography.x509 +import os.path +import glob +from binascii import hexlify, unhexlify +from enum import Enum +from dacs import copyrightNotice, bytes_from_hex, make_c_array, make_array_header, open_outfile + + +class CertType(Enum): + NOC = 1 + ICAC = 2 + RCAC = 3 + + +class CertFormat(Enum): + DER = 1 + CHIP = 2 + + +# +# Generate operational certificates (NOC, ICAC, RCAC) test vectors in DER format. +# All these certificates are expected to fail when converted to CHIP TLV form +# using ConvertX509CertToChipCert() function. +# +# Note that not all malformed DER certificates are expected to fail when converted +# to CHIP TLV format, however, they are expected to fail later at the validation process. +# +DER_CERT_ERROR_TEST_CASES = [ + { + "description": "Certificate size exceeds its muximum supported limit", + "test_name": 'Oversized', + "error_flag": 'cert-oversized', + }, + { + "description": 'Invalid certificate version field set to v2(1)', + "test_name": 'Cert-Version-V2', + "error_flag": 'cert-version', + }, + { + "description": 'Invalid certificate signature algorithm ECDSA_WITH_SHA1', + "test_name": 'Sig-Algo-ECDSA-With-SHA1', + "error_flag": 'sig-algo', + }, + { + "description": "Certificate doesn't include Validity not-before field", + "test_name": 'Validity-Not-Before-Missing', + "error_flag": 'validity-not-before-missing', + }, + { + "description": "Certificate doesn't include Validity not-after field", + "test_name": 'Validity-Not-After-Missing', + "error_flag": 'validity-not-after-missing', + }, + { + "description": "Certificate Validity fields are invalid (values are switched)", + "test_name": 'Validity-Wrong', + "error_flag": 'validity-wrong', + }, + { + "description": "Subject's NodeId value is invalid", + "test_name": 'Subject-NodeId-Invalid', + "error_flag": 'subject-node-id-invalid', + }, + { + "description": "Subject's FabricId value is invalid", + "test_name": 'Subject-FabricId-Invalid', + "error_flag": 'subject-fabric-id-invalid', + }, + { + "description": "Subject's CAT value is invalid", + "test_name": 'Subject-CAT-Invalid', + "error_flag": 'subject-cat-invalid', + }, + { + "description": "Invalid certificate public key curve secp256k1", + "test_name": 'Sig-Curve-Secp256k1', + "error_flag": 'sig-curve', + }, + { + "description": "Certificate Basic Constraint extension critical field is missing", + "test_name": 'Ext-Basic-Critical-Missing', + "error_flag": 'ext-basic-critical-missing', + }, + { + "description": "Certificate Basic Constraint extension critical field is set as 'non-critical'", + "test_name": 'Ext-Basic-Critical-Wrong', + "error_flag": 'ext-basic-critical-wrong', + }, + { + "description": "Certificate Basic Constraint extension CA field is missing", + "test_name": 'Ext-Basic-CA-Missing', + "error_flag": 'ext-basic-ca-missing', + }, + { + "description": "Certificate Basic Constraint extension PathLen field presence is wrong (present for NOC)", + "test_name": 'Ext-Basic-PathLen-Presence-Wrong', + "error_flag": 'ext-basic-pathlen-presence-wrong', + }, + { + "description": "Certificate Key Usage extension critical field is missing", + "test_name": 'Ext-KeyUsage-Critical-Missing', + "error_flag": 'ext-key-usage-critical-missing', + }, + { + "description": "Certificate Key Usage extension critical field is set as 'non-critical'", + "test_name": 'Ext-KeyUsage-Critical-Wrong', + "error_flag": 'ext-key-usage-critical-wrong', + }, + { + "description": "Authority Key ID (AKID) extension length is 19 bytes instead of required 20", + "test_name": 'Ext-AKID-Length-Invalid', + "error_flag": 'ext-akid-len-invalid', + }, + { + "description": "Subject Key ID (SKID) extension length is 19 bytes instead of required 20", + "test_name": 'Ext-SKID-Length-Invalid', + "error_flag": 'ext-skid-len-invalid', + }, +] + +CHIP_TLV_CERT_ERROR_TEST_CASES = [ + { + "description": "Certificate size exceeds its muximum supported limit", + "test_name": 'Oversized', + "error_flag": 'cert-oversized', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": 'Invalid certificate version field set to v2(1)', + "test_name": 'Cert-Version-V2', + "error_flag": 'cert-version', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": False, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate doesn't include Serial Number field", + "test_name": 'Serial-Number-Missing', + "error_flag": 'serial-number-missing', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": 'Invalid certificate signature algorithm ECDSA_WITH_SHA1', + "test_name": 'Sig-Algo-ECDSA-With-SHA1', + "error_flag": 'sig-algo', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate doesn't include Issuer field", + "test_name": 'Issuer-Missing', + "error_flag": 'issuer-missing', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate doesn't include Validity not-before field", + "test_name": 'Validity-Not-Before-Missing', + "error_flag": 'validity-not-before-missing', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate doesn't include Validity not-after field", + "test_name": 'Validity-Not-After-Missing', + "error_flag": 'validity-not-after-missing', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Validity fields are invalid (values are switched)", + "test_name": 'Validity-Wrong', + "error_flag": 'validity-wrong', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate doesn't include Subject field", + "test_name": 'Subject-Missing', + "error_flag": 'subject-missing', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Subject doesn't have MatterId attribute", + "test_name": 'Subject-MatterId-Missing', + "error_flag": 'subject-matter-id-missing', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": True, + }, + { + "description": "Subject's NodeId value is invalid", + "test_name": 'Subject-NodeId-Invalid', + "error_flag": 'subject-node-id-invalid', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": False, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Subject includes two MatterId attributes", + "test_name": 'Subject-MatterId-Twice', + "error_flag": 'subject-matter-id-twice', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": True, + }, + { + "description": "Subject doesn't have FabricId field", + "test_name": 'Subject-FabricId-Missing', + "error_flag": 'subject-fabric-id-missing', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": False, + "is_get_cert_type_expected_to_fail": True, + }, + { + "description": "Subject's FabricId value is invalid", + "test_name": 'Subject-FabricId-Invalid', + "error_flag": 'subject-fabric-id-invalid', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Subject includes two FabricId attributes", + "test_name": 'Subject-FabricId-Twice', + "error_flag": 'subject-fabric-id-twice', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": True, + }, + { + "description": "Subject's FabricId doesn't match Issuer's FabricId value", + "test_name": 'Subject-FabricId-Mismatch', + "error_flag": 'subject-fabric-id-mismatch', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": False, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Subject's CAT value is invalid", + "test_name": 'Subject-CAT-Invalid', + "error_flag": 'subject-cat-invalid', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Subject includes two CAT attributes with the same CAT Values but different Versions", + "test_name": 'Subject-CAT-Twice', + "error_flag": 'subject-cat-twice', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": True, + }, + { + "description": "Invalid certificate public key curve secp256k1", + "test_name": 'Sig-Curve-Secp256k1', + "error_flag": 'sig-curve', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Error injected into one of the bytes of the public key", + "test_name": 'PublicKey-Wrong', + "error_flag": 'publickey', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate doesn't include Basic Constraint extension", + "test_name": 'Ext-Basic-Missing', + "error_flag": 'ext-basic-missing', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Basic Constraint extension CA field is missing", + "test_name": 'Ext-Basic-CA-Missing', + "error_flag": 'ext-basic-ca-missing', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Basic Constraint extension CA field is wrong (TRUE for NOC and FALSE for ICAC/RCAC)", + "test_name": 'Ext-Basic-CA-Wrong', + "error_flag": 'ext-basic-ca-wrong', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Basic Constraint extension PathLen field presence is wrong (present for NOC)", + "test_name": 'Ext-Basic-PathLen-Presence-Wrong', + "error_flag": 'ext-basic-pathlen-presence-wrong', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Basic Constraint extension PathLen field set to 0", + "test_name": 'Ext-Basic-PathLen0', + "error_flag": 'ext-basic-pathlen0', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": False, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Basic Constraint extension PathLen field set to 1", + "test_name": 'Ext-Basic-PathLen1', + "error_flag": 'ext-basic-pathlen1', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": False, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Basic Constraint extension PathLen field set to 2", + "test_name": 'Ext-Basic-PathLen2', + "error_flag": 'ext-basic-pathlen2', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate doesn't include Key Usage extension", + "test_name": 'Ext-KeyUsage-Missing', + "error_flag": 'ext-key-usage-missing', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Key Usage extension diginalSignature field is wrong (not present for NOC and present for ICAC/RCAC)", + "test_name": 'Ext-KeyUsage-DigSig-Wrong', + "error_flag": 'ext-key-usage-dig-sig', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": False, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Key Usage extension keyCertSign field is wrong (present for NOC and not present for ICAC/RCAC)", + "test_name": 'Ext-KeyUsage-KeyCertSign-Wrong', + "error_flag": 'ext-key-usage-key-cert-sign', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate Key Usage extension cRLSign field is wrong (present for NOC and not present for ICAC/RCAC)", + "test_name": 'Ext-KeyUsage-CRLSign-Wrong', + "error_flag": 'ext-key-usage-crl-sign', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": False, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate doesn't include Authority Key ID (AKID) extension", + "test_name": 'Ext-AKID-Missing', + "error_flag": 'ext-akid-missing', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Authority Key ID (AKID) extension length is 19 bytes instead of required 20", + "test_name": 'Ext-AKID-Length-Invalid', + "error_flag": 'ext-akid-len-invalid', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate doesn't include Subject Key ID (SKID) extension", + "test_name": 'Ext-SKID-Missing', + "error_flag": 'ext-skid-missing', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Subject Key ID (SKID) extension length is 19 bytes instead of required 20", + "test_name": 'Ext-SKID-Length-Invalid', + "error_flag": 'ext-skid-len-invalid', + "is_chip_to_x509_expected_to_fail": True, + "is_chip_cert_load_expected_to_fail": True, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Certificate includes optional Extended Key Usage extension", + "test_name": 'Ext-ExtendedKeyUsage-Missing', + "error_flag": 'ext-extended-key-usage-missing', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": False, + "is_get_cert_type_expected_to_fail": False, + }, + { + "description": "Error injected into one of the bytes of the signature", + "test_name": 'Signature-Wrong', + "error_flag": 'signature', + "is_chip_to_x509_expected_to_fail": False, + "is_chip_cert_load_expected_to_fail": False, + "is_validate_chip_rcac_expected_to_fail": True, + "is_get_cert_type_expected_to_fail": False, + }, +] + + +def cert_type_as_str(cert_type: CertType) -> str: + type_strs = {CertType.NOC: 'NOC', + CertType.ICAC: 'ICAC', + CertType.RCAC: 'RCAC'} + return type_strs[cert_type] + + +def headers(filepath: str) -> tuple[str, str]: + """Returns strings with the headers for the output C-formated (.h and .cpp) files""" + filename = filepath.split("/")[-1] + namespaces = 'namespace chip {\nnamespace TestCerts {\n\n' + h_top = copyrightNotice + '\n#pragma once\n\n#include \n\n' + namespaces + c_top = copyrightNotice + '\n#include "' + filename + '.h"\n\n' + namespaces + return [h_top, c_top] + + +def footer() -> str: + """Returns a string with the footer for the output C-formated (.h and .cpp) files""" + return '\n} // namespace TestCerts\n} // namespace chip\n' + + +def full_cert_arrays(cert_file: str, array_name: str) -> tuple[str, str]: + """Returns the certificate byte arrays and declarations""" + with open(cert_file, "rb") as infile: + b = infile.read() + cert = make_c_array(b, array_name, 21) + header = make_array_header(b, array_name) + return [header, cert] + + +def start_test_cases_array(array_name: str, array_size: int) -> tuple[str, str]: + """Returns strings with the headers for the test cases array""" + h = 'extern const ByteSpan %s[%d];\n\n' % (array_name, array_size) + c = 'const ByteSpan %s[%d] = {\n' % (array_name, array_size) + return [h, c] + + +class Names: + def __init__(self, cert_type: CertType, cert_form: CertFormat, test_case_out_dir: str, test_name: str): + files_path_prefix = test_case_out_dir + '/Chip-Test-' + cert_type_as_str(cert_type) + '-' + test_name + cert_array_name_prefix = 'sChipTest_' + cert_type_as_str(cert_type) + '_' + test_name.replace("-", "_") + '_Cert' + + if cert_form == CertFormat.DER: + self.cert_file_name = files_path_prefix + '-Cert.der' + self.key_file_name = files_path_prefix + '-Key.der' + self.cert_array_name = cert_array_name_prefix + '_DER' + else: + self.cert_file_name = files_path_prefix + '-Cert.chip' + self.key_file_name = files_path_prefix + '-Key.chip' + self.cert_array_name = cert_array_name_prefix + '_CHIP' + + +class OpCertBuilder: + def __init__(self, cert_type: CertType, cert_form: CertFormat, signer_cert: str, signer_key: str, error_type: str, test_name: str, test_case_out_dir: str, chip_cert: str): + self.cert_type = cert_type + self.cert_form = cert_form + self.error_type = error_type + self.chipcert = chip_cert + self.signer_cert = signer_cert + self.signer_key = signer_key + self.own = Names(cert_type, cert_form, test_case_out_dir, test_name) + + def make_certs_and_keys(self) -> None: + """Creates the PEM and DER certs and keyfiles""" + error_type_flag = ' -I -E ' + self.error_type + validity_flags = ' -V "2020-10-15 14:23:43" -l 7305 ' + + if self.cert_type == CertType.NOC: + type_flag = ' -t n ' + suject_id_flags = ' -i DEDEDEDE00010001 -f FAB000000000001D ' + signer_key_and_cert = ' -K ' + self.signer_key + ' -C ' + self.signer_cert + elif self.cert_type == CertType.ICAC: + type_flag = ' -t c ' + suject_id_flags = ' -i CACACACA00000003 -f FAB000000000001D ' + signer_key_and_cert = ' -K ' + self.signer_key + ' -C ' + self.signer_cert + else: + type_flag = ' -t r ' + suject_id_flags = ' -i CACACACA00000001 ' + if self.error_type == 'subject-fabric-id-invalid' or self.error_type == 'subject-fabric-id-twice': + suject_id_flags = ' -f FAB000000000001D ' + signer_key_and_cert = ' ' + + if self.cert_form == CertFormat.DER: + format_flag = ' -F x509-der ' + else: + format_flag = ' -F chip ' + + cmd = 'echo ' + self.own.cert_file_name + subprocess.run(cmd, shell=True) + + # Generate privatkey/certificate in DER or CHIP TLV format + cmd = self.chipcert + ' gen-cert ' + type_flag + error_type_flag + suject_id_flags + signer_key_and_cert \ + + validity_flags + format_flag + ' -o ' + self.own.cert_file_name + ' -O ' + self.own.key_file_name + subprocess.run(cmd, shell=True) + + def full_arrays(self) -> tuple[str, str]: + """Returns DER and CHIP TLV certificate byte arrays and declarations""" + return full_cert_arrays(self.own.cert_file_name, self.own.cert_array_name) + + def add_cert_to_error_cases(self) -> str: + """Returns a string with the new entry to the test cases array""" + return ' ByteSpan(' + self.own.cert_array_name + '),\n' + + +def main(): + argparser = argparse.ArgumentParser() + argparser.add_argument('-t', '--test_dir', dest='testdir', + default='credentials/test/operational-certificates-error-cases', + help='Output directory for all generated test vectors') + argparser.add_argument('-o', '--out_dir', dest='outfile', + default='src/credentials/tests/CHIPCert_error_test_vectors', + help='Output file for all C-Style arrays') + argparser.add_argument('-r', '--rcac', dest='rcacpath', + default='credentials/test/operational-certificates/Chip-Test-Root01-', + help='Valid RCAC to generate invalid ICACs') + argparser.add_argument('-i', '--icac', dest='icacpath', + default='credentials/test/operational-certificates/Chip-Test-ICA02-', + help='Valid ICAC to generate invalid NOCs') + argparser.add_argument('-c', '--chip-cert-dir', dest='chipcertdir', + default='out/debug/linux_x64_clang/', help='Directory where chip-cert tool is located') + + args = argparser.parse_args() + + chipcert = args.chipcertdir + 'chip-cert' + rcac_cert = args.rcacpath + 'Cert.pem' + rcac_key = args.rcacpath + 'Key.pem' + icac_cert = args.icacpath + 'Cert.pem' + icac_key = args.icacpath + 'Key.pem' + + if not os.path.exists(args.testdir): + os.mkdir(args.testdir) + + if not os.path.exists(chipcert): + raise Exception('Path not found: %s' % chipcert) + + if not os.path.exists(rcac_cert): + raise Exception('Path not found: %s' % rcac_cert) + + if not os.path.exists(rcac_key): + raise Exception('Path not found: %s' % rcac_key) + + if not os.path.exists(icac_cert): + raise Exception('Path not found: %s' % icac_cert) + + if not os.path.exists(icac_key): + raise Exception('Path not found: %s' % icac_key) + + with open(args.outfile + '.h', "w") as hfile: + with open(args.outfile + '.cpp', "w") as cfile: + h_cert_arrays_declarations = '' + c_cert_arrays_definitions = '' + + c_x509_to_chip_error_cases = '' + x509_to_chip_error_cases_count = 0 + for test_case in DER_CERT_ERROR_TEST_CASES: + for cert_type in [CertType.NOC, CertType.ICAC, CertType.RCAC]: + # The following error cases are applicable only for NOC + if (test_case["error_flag"] == 'subject-node-id-invalid' or test_case["error_flag"] == 'ext-basic-pathlen-presence-wrong') and cert_type != CertType.NOC: + break + + if cert_type == CertType.NOC: + signer_cert = icac_cert + signer_key = icac_key + elif cert_type == CertType.ICAC: + signer_cert = rcac_cert + signer_key = rcac_key + else: + signer_cert = "" + signer_key = "" + + # Generate Cert/Key + builder = OpCertBuilder(cert_type, CertFormat.DER, signer_cert, signer_key, + test_case["error_flag"], test_case["test_name"], args.testdir, chipcert) + builder.make_certs_and_keys() + + c_x509_to_chip_error_cases += builder.add_cert_to_error_cases() + + [h, c] = builder.full_arrays() + h_cert_arrays_declarations += h + c_cert_arrays_definitions += c + x509_to_chip_error_cases_count += 1 + + c_chip_to_x509_error_cases = '' + c_chip_cert_load_error_cases = '' + c_validate_chip_rcac_error_cases = '' + c_get_cert_type_error_cases = '' + chip_to_x509_error_cases_count = 0 + chip_cert_load_error_cases_count = 0 + validate_chip_rcac_error_cases_count = 0 + get_cert_type_error_cases_count = 0 + for test_case in CHIP_TLV_CERT_ERROR_TEST_CASES: + for cert_type in [CertType.NOC, CertType.ICAC, CertType.RCAC]: + if not (test_case["is_chip_to_x509_expected_to_fail"] or + test_case["is_chip_cert_load_expected_to_fail"] or + test_case["is_validate_chip_rcac_expected_to_fail"] or + test_case["is_get_cert_type_expected_to_fail"]): + break + + # The following error cases are applicable only for NOC + if (test_case["error_flag"] == 'subject-node-id-invalid' or test_case["error_flag"] == 'subject-fabric-id-missing') and cert_type != CertType.NOC: + break + + if cert_type == CertType.NOC: + signer_cert = icac_cert + signer_key = icac_key + elif cert_type == CertType.ICAC: + signer_cert = rcac_cert + signer_key = rcac_key + else: + signer_cert = "" + signer_key = "" + + # Generate Cert/Key + builder = OpCertBuilder(cert_type, CertFormat.CHIP, signer_cert, signer_key, + test_case["error_flag"], test_case["test_name"], args.testdir, chipcert) + builder.make_certs_and_keys() + + if test_case["is_chip_to_x509_expected_to_fail"]: + c_chip_to_x509_error_cases += builder.add_cert_to_error_cases() + chip_to_x509_error_cases_count += 1 + if test_case["is_chip_cert_load_expected_to_fail"]: + c_chip_cert_load_error_cases += builder.add_cert_to_error_cases() + chip_cert_load_error_cases_count += 1 + if test_case["is_validate_chip_rcac_expected_to_fail"]: + c_validate_chip_rcac_error_cases += builder.add_cert_to_error_cases() + validate_chip_rcac_error_cases_count += 1 + if test_case["is_get_cert_type_expected_to_fail"] and not (test_case["error_flag"] == 'subject-cat-twice' and cert_type == CertType.NOC): + c_get_cert_type_error_cases += builder.add_cert_to_error_cases() + get_cert_type_error_cases_count += 1 + + [h, c] = builder.full_arrays() + h_cert_arrays_declarations += h + c_cert_arrays_definitions += c + + [h_top, c_top] = headers(args.outfile) + [h_x509_to_chip_error_cases, c_x509_to_chip_error_cases_head] = start_test_cases_array( + 'gTestCert_X509ToChip_ErrorCases', x509_to_chip_error_cases_count) + [h_chip_to_x509_error_cases, c_chip_to_x509_error_cases_head] = start_test_cases_array( + 'gTestCert_ChipToX509_ErrorCases', chip_to_x509_error_cases_count) + [h_chip_cert_load_error_cases, c_chip_cert_load_error_cases_head] = start_test_cases_array( + 'gTestCert_ChipCertLoad_ErrorCases', chip_cert_load_error_cases_count) + [h_validate_chip_rcac_error_cases, c_validate_chip_rcac_error_cases_head] = start_test_cases_array( + 'gTestCert_ValidateChipRCAC_ErrorCases', validate_chip_rcac_error_cases_count) + [h_get_cert_type_error_cases, c_get_cert_type_error_cases_head] = start_test_cases_array( + 'gTestCert_GetCertType_ErrorCases', get_cert_type_error_cases_count) + foot = footer() + + hfile.write(h_top) + hfile.write(h_x509_to_chip_error_cases) + hfile.write(h_chip_to_x509_error_cases) + hfile.write(h_chip_cert_load_error_cases) + hfile.write(h_validate_chip_rcac_error_cases) + hfile.write(h_get_cert_type_error_cases) + hfile.write(h_cert_arrays_declarations) + hfile.write(foot) + + cfile.write(c_top) + cfile.write(c_x509_to_chip_error_cases_head + c_x509_to_chip_error_cases + '};\n\n') + cfile.write(c_chip_to_x509_error_cases_head + c_chip_to_x509_error_cases + '};\n\n') + cfile.write(c_chip_cert_load_error_cases_head + c_chip_cert_load_error_cases + '};\n\n') + cfile.write(c_validate_chip_rcac_error_cases_head + c_validate_chip_rcac_error_cases + '};\n\n') + cfile.write(c_get_cert_type_error_cases_head + c_get_cert_type_error_cases + '};\n\n') + cfile.write(c_cert_arrays_definitions) + cfile.write(foot) + + +if __name__ == '__main__': + sys.exit(main())