Skip to content

Commit b934082

Browse files
shripad621gitshripad621git
committed
Further changes
1 parent 47197c0 commit b934082

File tree

2 files changed

+98
-69
lines changed

2 files changed

+98
-69
lines changed

config/esp32/components/chip/factory.cmake

+50-2
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,13 @@
1515
#
1616

1717
function(set_default_value VAR DEFAULT_VALUE)
18-
if (NOT DEFINED ${VAR})
18+
get_property(VAR_CACHE_TYPE CACHE ${VAR} PROPERTY TYPE)
19+
message(status "var cache type : ${VAR} ${VAR_CACHE_TYPE}")
20+
if (VAR_CACHE_TYPE STREQUAL "UNINITIALIZED")
21+
set(${VAR}_EXPLICITLY_SET TRUE CACHE BOOL "${VAR} is not explicitly set")
22+
set(${VAR} ${DEFAULT_VALUE} CACHE STRING ${VAR})
23+
else()
24+
set(${VAR}_EXPLICITLY_SET FALSE CACHE BOOL "${VAR} is explicitly set.")
1925
set(${VAR} ${DEFAULT_VALUE} CACHE STRING ${VAR})
2026
endif()
2127
endfunction()
@@ -29,6 +35,7 @@ function(set_values)
2935
set_default_value(VENDOR_ID 0xFFF2)
3036
set_default_value(PRODUCT_ID 0x8001)
3137
set_default_value(HARDWARE_VERSION 1)
38+
set_default_value(DISCOVERY_MODE 2)
3239
set_default_value(HARDWARE_VERSION_STR "Devkit")
3340
set_default_value(DAC_CERT "${CHIP_ROOT}/credentials/test/attestation/Chip-Test-DAC-FFF2-8001-0008-Cert.der")
3441
set_default_value(DAC_KEY "${CHIP_ROOT}/credentials/test/attestation/Chip-Test-DAC-FFF2-8001-0008-Key.der")
@@ -43,6 +50,7 @@ function(generate_build_time_partition fctry_partition esp_secure_cert_partition
4350
get_filename_component(chip_root_abs_path ${chip_root} ABSOLUTE)
4451

4552
set(generate_esp32_chip_factory_bin.py ${PYTHON} ${chip_root}/scripts/tools/generate_esp32_chip_factory_bin.py)
53+
set(gen_att_certs.py ${PYTHON} ${chip_root}/scripts/tools/gen_att_certs.py)
4654

4755
partition_table_get_partition_info(fctry_partition_size "--partition-name ${fctry_partition}" "size")
4856
partition_table_get_partition_info(fctry_partition_offset "--partition-name ${fctry_partition}" "offset")
@@ -56,8 +64,44 @@ function(generate_build_time_partition fctry_partition esp_secure_cert_partition
5664
message(STATUS "secure_cert_partition_offset : ${secure_cert_partition_offset}")
5765

5866
if("${fctry_partition_size}" AND "${fctry_partition_offset}")
59-
6067
set_values()
68+
message(STATUS "Vendor id set: ${VENDOR_ID_EXPLICITLY_SET}")
69+
message(STATUS "Product id set: ${PRODUCT_ID_EXPLICITLY_SET}")
70+
71+
if ("${VENDOR_ID_EXPLICITLY_SET}" AND "${PRODUCT_ID_EXPLICITLY_SET}")
72+
string(RANDOM LENGTH 8 ALPHABET 0123456789 OUTPUT_VARIABLE RANDOM_PASSCODE)
73+
set(PASSCODE ${RANDOM_PASSCODE})
74+
message(STATUS "random passcode : ${RANDOM_PASSCODE}")
75+
76+
math(EXPR PASSCODE_MOD "${RANDOM_PASSCODE} % 999999998")
77+
message(STATUS "Random passcode Mod: ${PASSCODE_MOD}")
78+
set(PASSCODE ${PASSCODE_MOD})
79+
80+
string(RANDOM LENGTH 4 ALPHABET 0123456789 OUTPUT_VARIABLE RANDOM_DISCRIMINATOR)
81+
set(DISCRIMINATOR ${RANDOM_DISCRIMINATOR})
82+
message(STATUS "random discriminator : ${RANDOM_DISCRIMINATOR}")
83+
84+
math(EXPR DISCRIMINATOR_MOD "${RANDOM_DISCRIMINATOR} % 4096")
85+
message(STATUS "Random discriminator Mod: ${DISCRIMINATOR_MOD}")
86+
set(DISCRIMINATOR ${DISCRIMINATOR_MOD})
87+
88+
math(EXPR VENDOR_DEC ${VENDOR_ID} OUTPUT_FORMAT DECIMAL)
89+
math(EXPR PRODUCT_DEC ${PRODUCT_ID} OUTPUT_FORMAT DECIMAL)
90+
91+
message(STATUS "Vendor Decimal: ${VENDOR_DEC}")
92+
message(STATUS "Product Decimal: ${PRODUCT_DEC}")
93+
94+
set(OUTDIR attestation_${VENDOR_DEC}_${PRODUCT_DEC})
95+
message(STATUS "Outdir: ${OUTDIR}")
96+
97+
execute_process(COMMAND ${gen_att_certs.py} --vendor-id ${VENDOR_ID} --product-id ${PRODUCT_ID}
98+
WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
99+
100+
set(DAC_CERT ${CMAKE_BINARY_DIR}/certs/${OUTDIR}/DAC_cert.der)
101+
set(DAC_KEY ${CMAKE_BINARY_DIR}/certs/${OUTDIR}/DAC_key.der)
102+
set(PAI_CERT ${CMAKE_BINARY_DIR}/certs/${OUTDIR}/PAI_cert.der)
103+
set(CERT_DCLRN ${CMAKE_BINARY_DIR}/certs/${OUTDIR}/CD.der)
104+
endif()
61105

62106
set(PREVIOUS_VALUES_FILE "${CMAKE_BINARY_DIR}/previous_values.txt")
63107

@@ -70,19 +114,22 @@ function(generate_build_time_partition fctry_partition esp_secure_cert_partition
70114
set(CURRENT_VALUES_STRING
71115
"${DEVICE_NAME}${VENDOR_NAME}${DISCRIMINATOR}${PASSCODE}${VENDOR_ID}${PRODUCT_ID}${HARDWARE_VERSION}${HARDWARE_VERSION_STR}${DAC_CERT}${DAC_KEY}${PAI_CERT}${CERT_DCLRN}")
72116

117+
message(STATUS "Vendor id set: ${VENDOR_ID_EXPLICITLY_SET}")
73118
message(STATUS "Bulb Name: ${DEVICE_NAME}")
74119
message(STATUS "Vendor Name: ${VENDOR_NAME}")
75120
message(STATUS "Hardware Version: ${HARDWARE_VERSION}")
76121
message(STATUS "Hardware Version String: ${HARDWARE_VERSION_STR}")
77122
message(STATUS "Vendor ID: ${VENDOR_ID}")
78123
message(STATUS "Product ID: ${PRODUCT_ID}")
124+
message(STATUS "Discovery Mode : ${DISCOVERY_MODE}")
79125
message(STATUS "DAC Cert: ${DAC_CERT}")
80126
message(STATUS "DAC Key: ${DAC_KEY}")
81127
message(STATUS "PAI Cert: ${PAI_CERT}")
82128
message(STATUS "Certification Declaration: ${CERT_DCLRN}")
83129
message(STATUS "Passcode: ${PASSCODE}")
84130
message(STATUS "Discriminator: ${DISCRIMINATOR}")
85131

132+
86133
if (NOT "${CURRENT_VALUES_STRING}" STREQUAL "${PREVIOUS_VALUES}")
87134
message(STATUS "Values have changed. Triggering add_custom_target.")
88135
add_custom_target(build_time_partition ALL
@@ -98,6 +145,7 @@ function(generate_build_time_partition fctry_partition esp_secure_cert_partition
98145
--dac-key ${DAC_KEY}
99146
--pai-cert ${PAI_CERT}
100147
--cd ${CERT_DCLRN}
148+
--discovery-mode ${DISCOVERY_MODE}
101149
--dac-in-secure-cert
102150
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
103151
)

scripts/tools/gen_att_certs.py

+48-67
Original file line numberDiff line numberDiff line change
@@ -32,33 +32,10 @@
3232
if not os.path.exists(chip_cert_exe):
3333
print("Error: chip-cert executable not found.Please build chip-cert in connectedhomeip by ninja -C out/host")
3434

35+
3536
def gen_test_certs(vendor_id: int,
3637
product_id: int,
3738
output: str):
38-
"""
39-
Generate Matter certificates according to given Vendor ID and Product ID using the chip-cert executable.
40-
To use own Product Attestation Authority certificate provide paa_cert_path and paa_key_path arguments.
41-
Without providing these arguments a PAA certificate will be get from /credentials/test/attestation directory
42-
in the Matter repository.
43-
44-
Args:
45-
chip_cert_exe (str): path to chip-cert executable
46-
output (str): output path to store a newly generated certificates (CD, DAC, PAI)
47-
vendor_id (int): an identification number specific to Vendor
48-
product_id (int): an identification number specific to Product
49-
device_name (str): human-readable device name
50-
generate_cd (bool, optional): Generate Certificate Declaration and store it in thee output directory. Defaults to False.
51-
paa_cert_path (str, optional): provide PAA certification path. Defaults to None - a path will be set to
52-
/credentials/test/attestation directory.
53-
paa_key_path (str, optional): provide PAA key path. Defaults to None - a path will be set to
54-
/credentials/test/attestation directory.
55-
generate_all_certs: Generate the new DAC and PAI certificates
56-
57-
Returns:
58-
dictionary: ["PAI_CERT": (str)<path to PAI cert .der file>,
59-
"DAC_CERT": (str)<path to DAC cert .der file>,
60-
"DAC_KEY": (str)<path to DAC key .der file>]
61-
"""
6239

6340
CD_PATH = CHIP_ROOT + "/credentials/test/certification-declaration/Chip-Test-CD-Signing-Cert.pem"
6441
CD_KEY_PATH = CHIP_ROOT + "/credentials/test/certification-declaration/Chip-Test-CD-Signing-Key.pem"
@@ -71,70 +48,72 @@ def gen_test_certs(vendor_id: int,
7148

7249
# generate Certification Declaration
7350
cmd = [chip_cert_exe, "gen-cd",
74-
"--key", CD_KEY_PATH,
75-
"--cert", CD_PATH,
76-
"--out", output + "_"+ str(vendor_id) + "_"+ str(product_id) + "/CD.der",
77-
"--format-version", "1",
78-
"--vendor-id", hex(vendor_id),
79-
"--product-id", hex(product_id),
80-
"--device-type-id", "0",
81-
"--certificate-id", "FFFFFFFFFFFFFFFFFFF",
82-
"--security-level", "0",
83-
"--security-info", "0",
84-
"--certification-type", "0",
85-
"--version-number", "0xFFFF",
86-
]
51+
"--key", CD_KEY_PATH,
52+
"--cert", CD_PATH,
53+
"--out", output + "_" + str(vendor_id) + "_" + str(product_id) + "/CD.der",
54+
"--format-version", "1",
55+
"--vendor-id", hex(vendor_id),
56+
"--product-id", hex(product_id),
57+
"--device-type-id", "0",
58+
"--certificate-id", "FFFFFFFFFFFFFFFFFFF",
59+
"--security-level", "0",
60+
"--security-info", "0",
61+
"--certification-type", "0",
62+
"--version-number", "0xFFFF",
63+
]
8764
subprocess.run(cmd)
8865

89-
new_certificates = {"PAI_CERT": output + "_"+ str(vendor_id) + "_"+ str(product_id) + "/PAI_cert",
90-
"PAI_KEY": output + "_"+ str(vendor_id) + "_"+ str(product_id)+"/PAI_key",
91-
"DAC_CERT": output + "_"+ str(vendor_id) + "_"+ str(product_id) + "/DAC_cert",
92-
"DAC_KEY": output + "_"+ str(vendor_id)+ "_"+ str(product_id) + "/DAC_key"
66+
new_certificates = {"PAI_CERT": output + "_" + str(vendor_id) + "_" + str(product_id) + "/PAI_cert",
67+
"PAI_KEY": output + "_" + str(vendor_id) + "_" + str(product_id)+"/PAI_key",
68+
"DAC_CERT": output + "_" + str(vendor_id) + "_" + str(product_id) + "/DAC_cert",
69+
"DAC_KEY": output + "_" + str(vendor_id) + "_" + str(product_id) + "/DAC_key"
9370
}
9471

9572
log.info("Generating new PAI and DAC certificates using chip-cert...")
9673

9774
# generate PAI
9875
cmd = [chip_cert_exe, "gen-att-cert",
99-
"-t", "i",
100-
"-c", "device",
101-
"-V", hex(vendor_id),
102-
"-C", PAA_PATH,
103-
"-K", PAA_KEY_PATH,
104-
"-o", new_certificates["PAI_CERT"] + ".pem",
105-
"-O", new_certificates["PAI_KEY"] + ".pem",
106-
"-l", str(10000),
107-
]
76+
"-t", "i",
77+
"-c", "device",
78+
"-V", hex(vendor_id),
79+
"-C", PAA_PATH,
80+
"-K", PAA_KEY_PATH,
81+
"-o", new_certificates["PAI_CERT"] + ".pem",
82+
"-O", new_certificates["PAI_KEY"] + ".pem",
83+
"-l", str(10000),
84+
]
10885
subprocess.run(cmd)
10986

11087
# generate DAC
11188
cmd = [chip_cert_exe, "gen-att-cert",
112-
"-t", "d",
113-
"-c", "device",
114-
"-V", hex(vendor_id),
115-
"-P", hex(product_id),
116-
"-C", new_certificates["PAI_CERT"] + ".pem",
117-
"-K", new_certificates["PAI_KEY"] + ".pem",
118-
"-o", new_certificates["DAC_CERT"] + ".pem",
119-
"-O", new_certificates["DAC_KEY"] + ".pem",
120-
"-l", str(10000),
121-
]
89+
"-t", "d",
90+
"-c", "device",
91+
"-V", hex(vendor_id),
92+
"-P", hex(product_id),
93+
"-C", new_certificates["PAI_CERT"] + ".pem",
94+
"-K", new_certificates["PAI_KEY"] + ".pem",
95+
"-o", new_certificates["DAC_CERT"] + ".pem",
96+
"-O", new_certificates["DAC_KEY"] + ".pem",
97+
"-l", str(10000),
98+
]
12299
subprocess.run(cmd)
123100

124101
# convert to .der files
125102
for cert_k, cert_v in new_certificates.items():
126103
action_type = "convert-cert" if cert_k.find("CERT") != -1 else "convert-key"
127104
log.info(cert_v + ".der")
128105
cmd = [chip_cert_exe, action_type,
129-
cert_v + ".pem",
130-
cert_v + ".der",
131-
"--x509-der",
132-
]
106+
cert_v + ".pem",
107+
cert_v + ".der",
108+
"--x509-der",
109+
]
133110
subprocess.run(cmd)
134111

135112
return attestation_certs(new_certificates["DAC_CERT"] + ".der",
136-
new_certificates["DAC_KEY"] + ".der",
137-
new_certificates["PAI_CERT"] + ".der")
113+
new_certificates["DAC_KEY"] + ".der",
114+
new_certificates["PAI_CERT"] + ".der")
115+
116+
138117
def get_args():
139118
def any_base_int(s): return int(s, 0)
140119
parser = argparse.ArgumentParser(description="ESP32 Attestation generation tool")
@@ -144,14 +123,16 @@ def any_base_int(s): return int(s, 0)
144123
parser.add_argument('--product-id', type=any_base_int, help="Product id")
145124
return parser.parse_args()
146125

126+
147127
def set_up_out_dirs(args):
148128
os.makedirs(args.output + "_" + str(args.vendor_id) + "_" + str(args.product_id), exist_ok=True)
149129

130+
150131
def main():
151132
args = get_args()
152133
set_up_out_dirs(args)
153134
certs = gen_test_certs(args.vendor_id, args.product_id, args.output)
154135

136+
155137
if __name__ == "__main__":
156138
main()
157-

0 commit comments

Comments
 (0)