-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
TC_RR_1_1: Updated Method that Was Used to Generate Large Sized Opera…
…tional Certificates. Instead of padding the subject DN this method adds size by adding Future Extension. This new approach doesen't have certain limitations compare to the previous approach and allows generation of larger certificates of approximate sizes: {RCAC, ICAC, NOC} ~ {400, 400, 350} bytes in TLV encoded form.
- Loading branch information
Showing
7 changed files
with
109 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -102,6 +102,14 @@ static const BitFlags<KeyUsageFlags> sKCandCR(sKC, sCR); | |
static const BitFlags<KeyUsageFlags> sKCandEO(sKC, sEO); | ||
static const BitFlags<KeyUsageFlags> sKCandDO(sKC, sDO); | ||
|
||
constexpr uint8_t sOID_Extension_SubjectAltName[] = { 0x55, 0x1d, 0x11 }; | ||
constexpr char kExtension_SubjectAltName[] = "[email protected]"; | ||
|
||
FutureExtension ext{ ByteSpan(sOID_Extension_SubjectAltName), | ||
ByteSpan(reinterpret_cast<uint8_t *>(const_cast<char *>(kExtension_SubjectAltName)), | ||
strlen(kExtension_SubjectAltName)) }; | ||
Optional<FutureExtension> kSubjectAltNameAsFutureExt(ext); | ||
|
||
static CHIP_ERROR LoadTestCertSet01(ChipCertificateSet & certSet) | ||
{ | ||
CHIP_ERROR err; | ||
|
@@ -1247,6 +1255,15 @@ static void TestChipCert_GenerateRootCert(nlTestSuite * inSuite, void * inContex | |
|
||
NL_TEST_ASSERT(inSuite, DecodeChipCert(outCert, certData) == CHIP_NO_ERROR); | ||
|
||
// Test with FutureExtension | ||
X509CertRequestParams root_params2 = { 1234, 631161876, 729942000, root_dn, root_dn, kSubjectAltNameAsFutureExt }; | ||
MutableByteSpan signed_cert_span2(signed_cert); | ||
NL_TEST_ASSERT(inSuite, NewRootX509Cert(root_params2, keypair, signed_cert_span2) == CHIP_NO_ERROR); | ||
outCert = MutableByteSpan(outCertBuf); | ||
|
||
NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(signed_cert_span2, outCert) == CHIP_NO_ERROR); | ||
NL_TEST_ASSERT(inSuite, DecodeChipCert(outCert, certData) == CHIP_NO_ERROR); | ||
|
||
// Test error case: root cert subject provided ICA OID Attribute. | ||
root_params.SubjectDN.Clear(); | ||
NL_TEST_ASSERT(inSuite, root_params.SubjectDN.AddAttribute_MatterICACId(0xabcdabcd) == CHIP_NO_ERROR); | ||
|
@@ -1325,6 +1342,15 @@ static void TestChipCert_GenerateICACert(nlTestSuite * inSuite, void * inContext | |
|
||
NL_TEST_ASSERT(inSuite, DecodeChipCert(outCert, certData) == CHIP_NO_ERROR); | ||
|
||
// Test with FutureExtension | ||
X509CertRequestParams ica_params2 = { 1234, 631161876, 729942000, ica_dn, issuer_dn, kSubjectAltNameAsFutureExt }; | ||
MutableByteSpan signed_cert_span2(signed_cert); | ||
NL_TEST_ASSERT(inSuite, NewICAX509Cert(ica_params2, ica_keypair.Pubkey(), keypair, signed_cert_span2) == CHIP_NO_ERROR); | ||
outCert = MutableByteSpan(outCertBuf); | ||
|
||
NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(signed_cert_span2, outCert) == CHIP_NO_ERROR); | ||
NL_TEST_ASSERT(inSuite, DecodeChipCert(outCert, certData) == CHIP_NO_ERROR); | ||
|
||
// Test error case: ICA cert subject provided a node ID attribute | ||
ica_params.SubjectDN.Clear(); | ||
NL_TEST_ASSERT(inSuite, ica_params.SubjectDN.AddAttribute_MatterNodeId(0xABCDABCDABCDABCD) == CHIP_NO_ERROR); | ||
|
@@ -1372,6 +1398,16 @@ static void TestChipCert_GenerateNOCRoot(nlTestSuite * inSuite, void * inContext | |
|
||
NL_TEST_ASSERT(inSuite, DecodeChipCert(outCert, certData) == CHIP_NO_ERROR); | ||
|
||
// Test with FutureExtension | ||
X509CertRequestParams noc_params2 = { 123456, 631161876, 729942000, noc_dn, issuer_dn, kSubjectAltNameAsFutureExt }; | ||
MutableByteSpan signed_cert_span2(signed_cert); | ||
NL_TEST_ASSERT(inSuite, | ||
NewNodeOperationalX509Cert(noc_params2, noc_keypair.Pubkey(), keypair, signed_cert_span2) == CHIP_NO_ERROR); | ||
outCert = MutableByteSpan(outCertBuf); | ||
|
||
NL_TEST_ASSERT(inSuite, ConvertX509CertToChipCert(signed_cert_span2, outCert) == CHIP_NO_ERROR); | ||
NL_TEST_ASSERT(inSuite, DecodeChipCert(outCert, certData) == CHIP_NO_ERROR); | ||
|
||
// Test error case: NOC cert subject doesn't have NodeId attribute | ||
noc_params.SubjectDN.Clear(); | ||
NL_TEST_ASSERT(inSuite, noc_params.SubjectDN.AddAttribute_MatterFabricId(0xFAB00000FAB00001) == CHIP_NO_ERROR); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters