Skip to content

Commit 080185d

Browse files
shubhamdprestyled-commits
shubhamdp
and
restyled-commits
authored
da_revocation: user guide and dac_provider test vectors (project-chip#37122)
* da_revocation: added dac_provider test vectors These test vectors support testing with sample revocation sets. * dac_revocation: device attestation revocation user guide This document lists the process for testing device attestation revocation using the dac provider test vectors sample revocation sets. * Restyled by whitespace * Restyled by prettier-markdown * Match the enum string with correct value in the doc --------- Co-authored-by: Restyled.io <commits@restyled.io>
1 parent 7f32ff8 commit 080185d

File tree

5 files changed

+88
-0
lines changed

5 files changed

+88
-0
lines changed

credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json

+9
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
{
2+
"description": "Revoked DAC 01: use this with revocation-sets/revocation-set-for-pai.json",
3+
"basic_info_pid": 32769,
4+
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
5+
"pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891",
6+
"dac_cert": "308201e53082018ba003020102020819367d978eac533a300a06082a8648ce3d040302303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30503122302006035504030c194d61747465722044657620444143205265766f6b656420303131143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d030107034200042a3d7370f2209bb139b42ca6d95dbf2f701888b4718e32c63ae71327145e05187868b528f1a99d246f1470b0ccd855ee94383526ee090de0bb2fde038fee3e0ba360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414f58ae953a4e6cfb0cc3de4dc4c33afe097aa1182301f0603551d2304183016801463540e47f64b1c38d13884a462d16c195d8ffb3c300a06082a8648ce3d0403020348003045022018336444494d4d18c7814b6f3b0f3f7fa5dd21256515031da31fd7ff8d1b10fd022100e75cbf171a38907a932a1679e5d5b423e6a166729d823fec844f22ef398912a4",
7+
"dac_private_key": "246eea662a44cb6de93effd614e96d3715de8cfb6d4e975644ee5e66ecb79c79",
8+
"dac_public_key": "042a3d7370f2209bb139b42ca6d95dbf2f701888b4718e32c63ae71327145e05187868b528f1a99d246f1470b0ccd855ee94383526ee090de0bb2fde038fee3e0b"
9+
}

credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json

+9
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
{
2+
"description": "Revoked DAC 02: use this with revocation-sets/revocation-set-for-pai.json",
3+
"basic_info_pid": 32769,
4+
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
5+
"pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891",
6+
"dac_cert": "308201e53082018ba00302010202082569383d24bb36ea300a06082a8648ce3d040302303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30503122302006035504030c194d61747465722044657620444143205265766f6b656420303231143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d03010703420004d9713c48a59527e93e7a3e549e8fb0e00829d4a02c8cedf28dfd74672b00198c7ee43f35e3ace1d1ab497b32dde4cdd6a8476162191c9514aef7bf115fb6c472a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414e3af9182b3340fdc85c7a58b4b3884a6554b314f301f0603551d2304183016801463540e47f64b1c38d13884a462d16c195d8ffb3c300a06082a8648ce3d0403020348003045022100afbe8ff0962e875a3054ee5a2df5c4c78c05465b40d3103f99f7e5628780f90302201a6157f0df7823223ae24aa3a8f7a6137b4914c6b6f5e40a297d7ab771e9cbc6",
7+
"dac_private_key": "22f8d19a6b524130eccad5d187ce8eb7ea9d7ffd5868b4e0ca91bc2b6c84399c",
8+
"dac_public_key": "04d9713c48a59527e93e7a3e549e8fb0e00829d4a02c8cedf28dfd74672b00198c7ee43f35e3ace1d1ab497b32dde4cdd6a8476162191c9514aef7bf115fb6c472"
9+
}

credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json

+9
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
{
2+
"description": "Revoked DAC 03: use this with revocation-sets/revocation-set-for-pai.json",
3+
"basic_info_pid": 32769,
4+
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
5+
"pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891",
6+
"dac_cert": "308201e63082018ba00302010202080ab042494323fe54300a06082a8648ce3d040302303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30503122302006035504030c194d61747465722044657620444143205265766f6b656420303331143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d0301070342000422e57365e98990ff7506e11ebec33ff834a39999f2d9d635ef5847ebe058d87d1bfbe1e5e2411bb6dc11f3f27e842cc0ccabe02a4f269d50f5ca072a2635db04a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e041604142ad1e7d3f1480029366ee4c5f07107f24a9d9bad301f0603551d2304183016801463540e47f64b1c38d13884a462d16c195d8ffb3c300a06082a8648ce3d0403020349003046022100e66960cc3b6ea61f8830bf788830166b5c6a318e83284604a95bc2655bd874eb022100f503806797a512ab509312e8082fc828622696d3d7501f7f3e68b61abfe5bdb8",
7+
"dac_private_key": "98c2d8b375f1d792e572c701b4740e7fb81a9e9cc936aa2a0f876ce8dae5578c",
8+
"dac_public_key": "0422e57365e98990ff7506e11ebec33ff834a39999f2d9d635ef5847ebe058d87d1bfbe1e5e2411bb6dc11f3f27e842cc0ccabe02a4f269d50f5ca072a2635db04"
9+
}

credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-pai.json

+9
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
{
2+
"description": "Revoked PAI: use this with revocation-sets/revocation-set-for-paa.json",
3+
"basic_info_pid": 32769,
4+
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
5+
"pai_cert": "308201d43082017aa0030201020208302664392b8a3f2a300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a3046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004bd58a84f7862e0751c4e56280f149697df7c51aadc5a4fa393c96277a59079de40907ab7860d069de652ea8bc8f7053bfe7c3a8ef4700d76b9cc20db312caf91a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041491337c5cfe7bb29376fe887d3c94e7f59dd83d2f301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d04030203480030450221009c74f6a84b3acb5a369de90399114ebf0a55150babd3d52b2898708847bc9c6e0220651881c81b7a20c346b97c68313c4be1c0a88f4f3a4072ed3c7ea11dc60984fc",
6+
"dac_cert": "308201e33082018aa00302010202087f1c17c6070c22d2300a06082a8648ce3d0403023046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a30463118301606035504030c0f4d617474657220546573742044414331143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d03010703420004b0d7f20c57c8240b975456ba886d2cb09cd4f9d2f5cf1406f463c97983f34ed5a36761f696d8aff4f3e282865bc37914deb512aae88e5a15a719a4b57a26640fa360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e0416041438248c0e17b222347e42aab9af3fdc1d3d614904301f0603551d2304183016801491337c5cfe7bb29376fe887d3c94e7f59dd83d2f300a06082a8648ce3d040302034700304402202bf8b3b554efe5b53f6612891a9a9e6cb7267a55257ef3414929b259d1b7a2e102206dcfd0d84ad5a32c9bd05eec4a1b0ff7a435feed4bc540f087b81f6ec5009ba2",
7+
"dac_private_key": "91fa91640fee5dcc5ab56decb1cb4d2e0056c16b45283104c0c849ec13dcceef",
8+
"dac_public_key": "04b0d7f20c57c8240b975456ba886d2cb09cd4f9d2f5cf1406f463c97983f34ed5a36761f696d8aff4f3e282865bc37914deb512aae88e5a15a719a4b57a26640f"
9+
}

docs/guides/device-attestation-revocation-guide.md

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
# Device Attestation Revocation Testing Guide
2+
3+
## Overview
4+
5+
The device attestation revocation tests help identify the devices with revoked
6+
DACs (Device Attestation Certificates) and PAIs (Product Attestation
7+
Intermediates) during commissioning.
8+
9+
This guide demonstrates how to use a sample application and chip-tool to test
10+
the device attestation revocation functionality.
11+
12+
The sample application is injected with revoked DAC and/or PAI certificates.
13+
14+
During commissioning, chip-tool is provided with a revocation set that is
15+
pre-generated using the `generate_revocation_set.py` script.
16+
17+
## Prerequisites
18+
19+
- Matter application for Linux platform (e.g., examples/lighting-app/linux)
20+
- DAC provider JSON file containing revoked DAC and/or PAI certificates
21+
- chip-tool
22+
- Device attestation revocation set for the respective DAC and/or PAI
23+
24+
## Test Setup
25+
26+
- Build the lighting-app/linux and chip-tool:
27+
28+
```
29+
./scripts/examples/gn_build_example.sh examples/lighting-app/linux out/host
30+
./scripts/examples/gn_build_example.sh examples/chip-tool out/host
31+
```
32+
33+
- Run the lighting-app/linux:
34+
35+
```
36+
./out/host/chip-lighting-app --dac_provider <json-file-with-attestation-information>
37+
```
38+
39+
- Run the chip-tool with the revocation set:
40+
41+
```
42+
./out/host/chip-tool pairing onnetwork 11 20202021 --dac-revocation-set-path <revocation-set-file>
43+
```
44+
45+
### Test Vectors
46+
47+
| Description | DAC Provider | Revocation Set | Expected Result |
48+
| --------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- |
49+
| PAI revoked by PAA | [revoked-pai.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-pai.json) | [revocation-set-for-paa.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json) | Commissioning fails with `kPaiRevoked` (202) |
50+
| DAC-01 revoked by PAI | [revoked-dac-01.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) |
51+
| DAC-02 revoked by PAI | [revoked-dac-02.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) |
52+
| DAC-03 revoked by PAI | [revoked-dac-03.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) |

0 commit comments

Comments
 (0)