Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

da_revocation: user guide and dac_provider test vectors #37122

Merged
merged 6 commits into from
Jan 24, 2025
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"description": "Revoked DAC 01: use this with revocation-sets/revocation-set-for-pai.json",
shubhamdp marked this conversation as resolved.
Show resolved Hide resolved
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891",
"dac_cert": "308201e53082018ba003020102020819367d978eac533a300a06082a8648ce3d040302303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30503122302006035504030c194d61747465722044657620444143205265766f6b656420303131143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d030107034200042a3d7370f2209bb139b42ca6d95dbf2f701888b4718e32c63ae71327145e05187868b528f1a99d246f1470b0ccd855ee94383526ee090de0bb2fde038fee3e0ba360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414f58ae953a4e6cfb0cc3de4dc4c33afe097aa1182301f0603551d2304183016801463540e47f64b1c38d13884a462d16c195d8ffb3c300a06082a8648ce3d0403020348003045022018336444494d4d18c7814b6f3b0f3f7fa5dd21256515031da31fd7ff8d1b10fd022100e75cbf171a38907a932a1679e5d5b423e6a166729d823fec844f22ef398912a4",
"dac_private_key": "246eea662a44cb6de93effd614e96d3715de8cfb6d4e975644ee5e66ecb79c79",
"dac_public_key": "042a3d7370f2209bb139b42ca6d95dbf2f701888b4718e32c63ae71327145e05187868b528f1a99d246f1470b0ccd855ee94383526ee090de0bb2fde038fee3e0b"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"description": "Revoked DAC 02: use this with revocation-sets/revocation-set-for-pai.json",
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891",
"dac_cert": "308201e53082018ba00302010202082569383d24bb36ea300a06082a8648ce3d040302303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30503122302006035504030c194d61747465722044657620444143205265766f6b656420303231143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d03010703420004d9713c48a59527e93e7a3e549e8fb0e00829d4a02c8cedf28dfd74672b00198c7ee43f35e3ace1d1ab497b32dde4cdd6a8476162191c9514aef7bf115fb6c472a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414e3af9182b3340fdc85c7a58b4b3884a6554b314f301f0603551d2304183016801463540e47f64b1c38d13884a462d16c195d8ffb3c300a06082a8648ce3d0403020348003045022100afbe8ff0962e875a3054ee5a2df5c4c78c05465b40d3103f99f7e5628780f90302201a6157f0df7823223ae24aa3a8f7a6137b4914c6b6f5e40a297d7ab771e9cbc6",
"dac_private_key": "22f8d19a6b524130eccad5d187ce8eb7ea9d7ffd5868b4e0ca91bc2b6c84399c",
"dac_public_key": "04d9713c48a59527e93e7a3e549e8fb0e00829d4a02c8cedf28dfd74672b00198c7ee43f35e3ace1d1ab497b32dde4cdd6a8476162191c9514aef7bf115fb6c472"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"description": "Revoked DAC 03: use this with revocation-sets/revocation-set-for-pai.json",
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891",
"dac_cert": "308201e63082018ba00302010202080ab042494323fe54300a06082a8648ce3d040302303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30503122302006035504030c194d61747465722044657620444143205265766f6b656420303331143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d0301070342000422e57365e98990ff7506e11ebec33ff834a39999f2d9d635ef5847ebe058d87d1bfbe1e5e2411bb6dc11f3f27e842cc0ccabe02a4f269d50f5ca072a2635db04a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e041604142ad1e7d3f1480029366ee4c5f07107f24a9d9bad301f0603551d2304183016801463540e47f64b1c38d13884a462d16c195d8ffb3c300a06082a8648ce3d0403020349003046022100e66960cc3b6ea61f8830bf788830166b5c6a318e83284604a95bc2655bd874eb022100f503806797a512ab509312e8082fc828622696d3d7501f7f3e68b61abfe5bdb8",
"dac_private_key": "98c2d8b375f1d792e572c701b4740e7fb81a9e9cc936aa2a0f876ce8dae5578c",
"dac_public_key": "0422e57365e98990ff7506e11ebec33ff834a39999f2d9d635ef5847ebe058d87d1bfbe1e5e2411bb6dc11f3f27e842cc0ccabe02a4f269d50f5ca072a2635db04"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"description": "Revoked PAI: use this with revocation-sets/revocation-set-for-paa.json",
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201d43082017aa0030201020208302664392b8a3f2a300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a3046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004bd58a84f7862e0751c4e56280f149697df7c51aadc5a4fa393c96277a59079de40907ab7860d069de652ea8bc8f7053bfe7c3a8ef4700d76b9cc20db312caf91a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041491337c5cfe7bb29376fe887d3c94e7f59dd83d2f301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d04030203480030450221009c74f6a84b3acb5a369de90399114ebf0a55150babd3d52b2898708847bc9c6e0220651881c81b7a20c346b97c68313c4be1c0a88f4f3a4072ed3c7ea11dc60984fc",
"dac_cert": "308201e33082018aa00302010202087f1c17c6070c22d2300a06082a8648ce3d0403023046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30463118301606035504030c0f4d617474657220546573742044414331143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d03010703420004b0d7f20c57c8240b975456ba886d2cb09cd4f9d2f5cf1406f463c97983f34ed5a36761f696d8aff4f3e282865bc37914deb512aae88e5a15a719a4b57a26640fa360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e0416041438248c0e17b222347e42aab9af3fdc1d3d614904301f0603551d2304183016801491337c5cfe7bb29376fe887d3c94e7f59dd83d2f300a06082a8648ce3d040302034700304402202bf8b3b554efe5b53f6612891a9a9e6cb7267a55257ef3414929b259d1b7a2e102206dcfd0d84ad5a32c9bd05eec4a1b0ff7a435feed4bc540f087b81f6ec5009ba2",
"dac_private_key": "91fa91640fee5dcc5ab56decb1cb4d2e0056c16b45283104c0c849ec13dcceef",
"dac_public_key": "04b0d7f20c57c8240b975456ba886d2cb09cd4f9d2f5cf1406f463c97983f34ed5a36761f696d8aff4f3e282865bc37914deb512aae88e5a15a719a4b57a26640f"
}
52 changes: 52 additions & 0 deletions docs/guides/device-attestation-revocation-guide.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Device Attestation Revocation Testing Guide

## Overview

The device attestation revocation tests help identify the devices with revoked
DACs (Device Attestation Certificates) and PAIs (Product Attestation
Intermediates) during commissioning.

This guide demonstrates how to use a sample application and chip-tool to test
the device attestation revocation functionality.

The sample application is injected with revoked DAC and/or PAI certificates.

During commissioning, chip-tool is provided with a revocation set that is
pre-generated using the `generate_revocation_set.py` script.

## Prerequisites

- Matter application for Linux platform (e.g., examples/lighting-app/linux)
- DAC provider JSON file containing revoked DAC and/or PAI certificates
- chip-tool
- Device attestation revocation set for the respective DAC and/or PAI

## Test Setup

- Build the lighting-app/linux and chip-tool:

```
./scripts/examples/gn_build_example.sh examples/lighting-app/linux out/host
./scripts/examples/gn_build_example.sh examples/chip-tool out/host
```

- Run the lighting-app/linux:

```
./out/host/chip-lighting-app --dac_provider <json-file-with-attestation-information>
```

- Run the chip-tool with the revocation set:

```
./out/host/chip-tool pairing onnetwork 11 20202021 --dac-revocation-set-path <revocation-set-file>
```

### Test Vectors

| Description | DAC Provider | Revocation Set | Expected Result |
| --------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- |
| PAI revoked by PAA | [revoked-pai.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-pai.json) | [revocation-set-for-paa.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json) | Commissioning fails with `kPaiRevoked` (202) |
| DAC-01 revoked by PAI | [revoked-dac-01.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kPaiRevoked` (302) |
shubhamdp marked this conversation as resolved.
Show resolved Hide resolved
| DAC-02 revoked by PAI | [revoked-dac-02.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kPaiRevoked` (302) |
| DAC-03 revoked by PAI | [revoked-dac-03.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kPaiRevoked` (302) |
Loading