From 22fb6c30b36c125bbb0dfd76cf4fa122ac886748 Mon Sep 17 00:00:00 2001 From: Tennessee Carmel-Veilleux Date: Tue, 22 Feb 2022 16:49:16 -0500 Subject: [PATCH] Prepare for adding PAA trust store to chip-tool (#15224) * Separate DefaultDeviceAttestationVerifier from credentials - This PR is on the way to resolving #15209. - This PR does the following: - Splits DefaultDeviceAttesationVerifier from the main src/credentials target since it is an optional component that can be overridden by different commissioners - Adds the beginning of plumbing to properly select the Trust Store for the DefaultDeviceAttestationVerifier. - Moved DefaultDeviceAttestatationVerifier from credentials/examples to credentials/attestation_verifier Missing, to come in the follow-up: - The implementation of a new file-based PAA trust store configured with the path passed in the plumbing added here. Testing done: unit tests and cert tests still pass. Commissioning still works * Restyled by clang-format * Restyled by gn * Fix ESP32 Qemu test * Fix CHIPCommandBridge Co-authored-by: Restyled.io --- BUILD.gn | 1 + .../commands/common/CHIPCommandBridge.h | 3 ++- .../chip-tool/commands/common/CHIPCommand.cpp | 16 ++++++----- .../chip-tool/commands/common/CHIPCommand.h | 5 +++- .../common/CredentialIssuerCommands.h | 5 +++- .../example/ExampleCredentialIssuerCommands.h | 11 ++++---- .../common/credentials/FileBasedTrustStore.h | 0 examples/platform/linux/AppMain.cpp | 4 +-- examples/platform/linux/BUILD.gn | 1 + examples/tv-casting-app/linux/BUILD.gn | 1 + examples/tv-casting-app/linux/main.cpp | 4 +-- src/controller/CHIPDeviceController.cpp | 4 +-- src/controller/CHIPDeviceController.h | 2 +- src/controller/CHIPDeviceControllerFactory.h | 2 +- src/controller/CommissioningDelegate.h | 2 +- .../java/AndroidDeviceControllerWrapper.cpp | 4 +-- src/controller/java/BUILD.gn | 1 + src/controller/python/BUILD.gn | 1 + .../ChipDeviceController-ScriptBinding.cpp | 4 +-- src/controller/python/OpCredsBinding.cpp | 4 +-- .../python/chip/internal/CommissionerImpl.cpp | 4 +-- src/credentials/BUILD.gn | 27 +++++++++++++++---- .../DefaultDeviceAttestationVerifier.cpp | 0 .../DefaultDeviceAttestationVerifier.h | 2 +- .../DeviceAttestationVerifier.cpp | 0 .../DeviceAttestationVerifier.h | 0 src/credentials/tests/BUILD.gn | 5 ++-- .../TestDeviceAttestationCredentials.cpp | 4 +-- src/darwin/Framework/CHIP/BUILD.gn | 1 + .../Framework/CHIP/CHIPDeviceController.mm | 4 +-- src/lib/BUILD.gn | 10 +++++++ src/lib/lib.gni | 5 ++++ src/test_driver/esp32/CMakeLists.txt | 4 +-- 33 files changed, 95 insertions(+), 46 deletions(-) create mode 100644 examples/common/credentials/FileBasedTrustStore.h rename src/credentials/{examples => attestation_verifier}/DefaultDeviceAttestationVerifier.cpp (100%) rename src/credentials/{examples => attestation_verifier}/DefaultDeviceAttestationVerifier.h (96%) rename src/credentials/{ => attestation_verifier}/DeviceAttestationVerifier.cpp (100%) rename src/credentials/{ => attestation_verifier}/DeviceAttestationVerifier.h (100%) diff --git a/BUILD.gn b/BUILD.gn index 4b72ed7366bf6e..96fc8f00d73641 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -70,6 +70,7 @@ if (current_toolchain != "${dir_pw_toolchain}/default:default") { "${chip_root}/src/ble", "${chip_root}/src/controller", "${chip_root}/src/credentials", + "${chip_root}/src/credentials:default_attestation_verifier", "${chip_root}/src/crypto", "${chip_root}/src/inet", "${chip_root}/src/lib", diff --git a/examples/chip-tool-darwin/commands/common/CHIPCommandBridge.h b/examples/chip-tool-darwin/commands/common/CHIPCommandBridge.h index c4b9501343a8f0..891b733515116a 100644 --- a/examples/chip-tool-darwin/commands/common/CHIPCommandBridge.h +++ b/examples/chip-tool-darwin/commands/common/CHIPCommandBridge.h @@ -62,7 +62,8 @@ class CHIPCommandBridge : public Command CHIPDeviceController * CurrentCommissioner(); private: - CHIP_ERROR InitializeCommissioner(std::string key, chip::FabricId fabricId); + CHIP_ERROR InitializeCommissioner(std::string key, chip::FabricId fabricId, + const chip::Credentials::AttestationTrustStore * trustStore); CHIP_ERROR ShutdownCommissioner(); uint16_t CurrentCommissionerIndex(); diff --git a/examples/chip-tool/commands/common/CHIPCommand.cpp b/examples/chip-tool/commands/common/CHIPCommand.cpp index 7c074249396d60..55c778f57aa632 100644 --- a/examples/chip-tool/commands/common/CHIPCommand.cpp +++ b/examples/chip-tool/commands/common/CHIPCommand.cpp @@ -53,10 +53,13 @@ CHIP_ERROR CHIPCommand::Run() factoryInitParams.listenPort = static_cast(mDefaultStorage.GetListenPort() + CurrentCommissionerId()); ReturnLogErrorOnFailure(DeviceControllerFactory::GetInstance().Init(factoryInitParams)); - ReturnLogErrorOnFailure(InitializeCommissioner(kIdentityNull, kIdentityNullFabricId)); - ReturnLogErrorOnFailure(InitializeCommissioner(kIdentityAlpha, kIdentityAlphaFabricId)); - ReturnLogErrorOnFailure(InitializeCommissioner(kIdentityBeta, kIdentityBetaFabricId)); - ReturnLogErrorOnFailure(InitializeCommissioner(kIdentityGamma, kIdentityGammaFabricId)); + // TODO(issue #15209): Replace this trust store with file-based trust store + const chip::Credentials::AttestationTrustStore * trustStore = chip::Credentials::GetTestAttestationTrustStore(); + + ReturnLogErrorOnFailure(InitializeCommissioner(kIdentityNull, kIdentityNullFabricId, trustStore)); + ReturnLogErrorOnFailure(InitializeCommissioner(kIdentityAlpha, kIdentityAlphaFabricId, trustStore)); + ReturnLogErrorOnFailure(InitializeCommissioner(kIdentityBeta, kIdentityBetaFabricId, trustStore)); + ReturnLogErrorOnFailure(InitializeCommissioner(kIdentityGamma, kIdentityGammaFabricId, trustStore)); chip::DeviceLayer::PlatformMgr().ScheduleWork(RunQueuedCommand, reinterpret_cast(this)); ReturnLogErrorOnFailure(StartWaiting(GetWaitDuration())); @@ -169,7 +172,8 @@ CHIP_ERROR CHIPCommand::ShutdownCommissioner(std::string key) return mCommissioners[key].get()->Shutdown(); } -CHIP_ERROR CHIPCommand::InitializeCommissioner(std::string key, chip::FabricId fabricId) +CHIP_ERROR CHIPCommand::InitializeCommissioner(std::string key, chip::FabricId fabricId, + const chip::Credentials::AttestationTrustStore * trustStore) { chip::Platform::ScopedMemoryBuffer noc; chip::Platform::ScopedMemoryBuffer icac; @@ -178,7 +182,7 @@ CHIP_ERROR CHIPCommand::InitializeCommissioner(std::string key, chip::FabricId f std::unique_ptr commissioner = std::make_unique(); chip::Controller::SetupParams commissionerParams; - ReturnLogErrorOnFailure(mCredIssuerCmds->SetupDeviceAttestation(commissionerParams)); + ReturnLogErrorOnFailure(mCredIssuerCmds->SetupDeviceAttestation(commissionerParams, trustStore)); chip::Credentials::SetDeviceAttestationVerifier(commissionerParams.deviceAttestationVerifier); VerifyOrReturnError(noc.Alloc(chip::Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY); diff --git a/examples/chip-tool/commands/common/CHIPCommand.h b/examples/chip-tool/commands/common/CHIPCommand.h index 1cd1ac25aa0731..645b03cf7c9524 100644 --- a/examples/chip-tool/commands/common/CHIPCommand.h +++ b/examples/chip-tool/commands/common/CHIPCommand.h @@ -55,6 +55,7 @@ class CHIPCommand : public Command CHIPCommand(const char * commandName, CredentialIssuerCommands * credIssuerCmds) : Command(commandName), mCredIssuerCmds(credIssuerCmds) { + AddArgument("paa-trust-store-path", &mPaaTrustStorePath); AddArgument("commissioner-name", &mCommissionerName); #if CHIP_CONFIG_TRANSPORT_TRACE_ENABLED AddArgument("trace_file", &mTraceFile); @@ -102,12 +103,14 @@ class CHIPCommand : public Command ChipDeviceCommissioner & CurrentCommissioner(); private: - CHIP_ERROR InitializeCommissioner(std::string key, chip::FabricId fabricId); + CHIP_ERROR InitializeCommissioner(std::string key, chip::FabricId fabricId, + const chip::Credentials::AttestationTrustStore * trustStore); CHIP_ERROR ShutdownCommissioner(std::string key); chip::FabricId CurrentCommissionerId(); std::map> mCommissioners; chip::Optional mCommissionerName; chip::Optional mBleAdapterId; + chip::Optional mPaaTrustStorePath; static void RunQueuedCommand(intptr_t commandArg); diff --git a/examples/chip-tool/commands/common/CredentialIssuerCommands.h b/examples/chip-tool/commands/common/CredentialIssuerCommands.h index 62b5638c6ee404..45f647c317becc 100644 --- a/examples/chip-tool/commands/common/CredentialIssuerCommands.h +++ b/examples/chip-tool/commands/common/CredentialIssuerCommands.h @@ -20,6 +20,7 @@ #include #include +#include #include #include @@ -46,10 +47,12 @@ class CredentialIssuerCommands * * @param[in] setupParams A reference to the Setup/Commissioning Parameters, to be initialized with custom Device Attestation * Verifier. + * @param[in] trustStore A pointer to the PAA trust store to use to find valid PAA roots. * * @return CHIP_ERROR CHIP_NO_ERROR on success, or corresponding error code. */ - virtual CHIP_ERROR SetupDeviceAttestation(chip::Controller::SetupParams & setupParams) = 0; + virtual CHIP_ERROR SetupDeviceAttestation(chip::Controller::SetupParams & setupParams, + const chip::Credentials::AttestationTrustStore * trustStore) = 0; virtual chip::Controller::OperationalCredentialsDelegate * GetCredentialIssuer() = 0; diff --git a/examples/chip-tool/commands/example/ExampleCredentialIssuerCommands.h b/examples/chip-tool/commands/example/ExampleCredentialIssuerCommands.h index b5b65fc847f142..8d6f7deeeb30d8 100644 --- a/examples/chip-tool/commands/example/ExampleCredentialIssuerCommands.h +++ b/examples/chip-tool/commands/example/ExampleCredentialIssuerCommands.h @@ -21,8 +21,8 @@ #include #include #include -#include -#include +#include +#include #include class ExampleCredentialIssuerCommands : public CredentialIssuerCommands @@ -32,13 +32,12 @@ class ExampleCredentialIssuerCommands : public CredentialIssuerCommands { return mOpCredsIssuer.Initialize(storage); } - CHIP_ERROR SetupDeviceAttestation(chip::Controller::SetupParams & setupParams) override + CHIP_ERROR SetupDeviceAttestation(chip::Controller::SetupParams & setupParams, + const chip::Credentials::AttestationTrustStore * trustStore) override { chip::Credentials::SetDeviceAttestationCredentialsProvider(chip::Credentials::Examples::GetExampleDACProvider()); - // TODO: Replace testingRootStore with a AttestationTrustStore that has the necessary official PAA roots available - const chip::Credentials::AttestationTrustStore * testingRootStore = chip::Credentials::GetTestAttestationTrustStore(); - setupParams.deviceAttestationVerifier = chip::Credentials::GetDefaultDACVerifier(testingRootStore); + setupParams.deviceAttestationVerifier = chip::Credentials::GetDefaultDACVerifier(trustStore); return CHIP_NO_ERROR; } diff --git a/examples/common/credentials/FileBasedTrustStore.h b/examples/common/credentials/FileBasedTrustStore.h new file mode 100644 index 00000000000000..e69de29bb2d1d6 diff --git a/examples/platform/linux/AppMain.cpp b/examples/platform/linux/AppMain.cpp index 6fb052a7cc4975..c47a5b283c9a9f 100644 --- a/examples/platform/linux/AppMain.cpp +++ b/examples/platform/linux/AppMain.cpp @@ -26,8 +26,8 @@ #include #include -#include -#include +#include +#include #include #include diff --git a/examples/platform/linux/BUILD.gn b/examples/platform/linux/BUILD.gn index 3237823efce162..99175e4d2aa4cf 100644 --- a/examples/platform/linux/BUILD.gn +++ b/examples/platform/linux/BUILD.gn @@ -45,6 +45,7 @@ source_set("app-main") { public_deps = [ "${chip_root}/src/app/server", + "${chip_root}/src/credentials:default_attestation_verifier", "${chip_root}/src/lib", "${chip_root}/src/lib/shell", "${chip_root}/src/lib/shell:shell_core", diff --git a/examples/tv-casting-app/linux/BUILD.gn b/examples/tv-casting-app/linux/BUILD.gn index 061f2769f1e757..8ca2d722a329c7 100644 --- a/examples/tv-casting-app/linux/BUILD.gn +++ b/examples/tv-casting-app/linux/BUILD.gn @@ -28,6 +28,7 @@ executable("chip-tv-casting-app") { deps = [ "${chip_root}/examples/platform/linux:app-main", "${chip_root}/examples/tv-casting-app/tv-casting-common", + "${chip_root}/src/credentials:default_attestation_verifier", "${chip_root}/src/lib", "${chip_root}/third_party/inipp", ] diff --git a/examples/tv-casting-app/linux/main.cpp b/examples/tv-casting-app/linux/main.cpp index e5c7b2f6524aa1..65a2928d21b199 100644 --- a/examples/tv-casting-app/linux/main.cpp +++ b/examples/tv-casting-app/linux/main.cpp @@ -21,8 +21,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include diff --git a/src/controller/CHIPDeviceController.cpp b/src/controller/CHIPDeviceController.cpp index 72073494c5df51..01158690cba423 100644 --- a/src/controller/CHIPDeviceController.cpp +++ b/src/controller/CHIPDeviceController.cpp @@ -1112,8 +1112,8 @@ void DeviceCommissioner::OnDeviceAttestationInformationVerification(void * conte "Failed in verifying 'Attestation Information' command received from the device: err %hu. Look at " "AttestationVerificationResult enum to understand the errors", static_cast(result)); - // Go look at AttestationVerificationResult enum in src/credentials/DeviceAttestationVerifier.h to understand the - // errors. + // Go look at AttestationVerificationResult enum in src/credentials/attestation_verifier/DeviceAttestationVerifier.h to + // understand the errors. commissioner->CommissioningStageComplete(CHIP_ERROR_INTERNAL, report); return; } diff --git a/src/controller/CHIPDeviceController.h b/src/controller/CHIPDeviceController.h index 87cfeaef7e056c..1384f4a0dc4b52 100644 --- a/src/controller/CHIPDeviceController.h +++ b/src/controller/CHIPDeviceController.h @@ -41,8 +41,8 @@ #include #include #include -#include #include +#include #include #include #include diff --git a/src/controller/CHIPDeviceControllerFactory.h b/src/controller/CHIPDeviceControllerFactory.h index dd4029ad71a28b..aee4497aa3319c 100644 --- a/src/controller/CHIPDeviceControllerFactory.h +++ b/src/controller/CHIPDeviceControllerFactory.h @@ -31,7 +31,7 @@ #include #include -#include +#include namespace chip { diff --git a/src/controller/CommissioningDelegate.h b/src/controller/CommissioningDelegate.h index 62aaeb66eaa59e..e5d71e0a55968b 100644 --- a/src/controller/CommissioningDelegate.h +++ b/src/controller/CommissioningDelegate.h @@ -19,7 +19,7 @@ #pragma once #include #include -#include +#include #include namespace chip { diff --git a/src/controller/java/AndroidDeviceControllerWrapper.cpp b/src/controller/java/AndroidDeviceControllerWrapper.cpp index 7612a3cee2eff6..48901f5d210f79 100644 --- a/src/controller/java/AndroidDeviceControllerWrapper.cpp +++ b/src/controller/java/AndroidDeviceControllerWrapper.cpp @@ -25,8 +25,8 @@ #include #include -#include -#include +#include +#include #include #include #include diff --git a/src/controller/java/BUILD.gn b/src/controller/java/BUILD.gn index f986e4b56187b7..80f9e603057fd2 100644 --- a/src/controller/java/BUILD.gn +++ b/src/controller/java/BUILD.gn @@ -46,6 +46,7 @@ shared_library("jni") { deps = [ "${chip_root}/src/controller/data_model", "${chip_root}/src/controller/data_model:java-jni-sources", + "${chip_root}/src/credentials:default_attestation_verifier", "${chip_root}/src/inet", "${chip_root}/src/lib", "${chip_root}/src/platform", diff --git a/src/controller/python/BUILD.gn b/src/controller/python/BUILD.gn index 3c95a64a9a0f1c..c0f05d6c91cddb 100644 --- a/src/controller/python/BUILD.gn +++ b/src/controller/python/BUILD.gn @@ -90,6 +90,7 @@ shared_library("ChipDeviceCtrl") { public_deps = [ "${chip_root}/src/app", "${chip_root}/src/app/server", + "${chip_root}/src/credentials:default_attestation_verifier", "${chip_root}/src/lib", "${chip_root}/src/lib/core", "${chip_root}/src/lib/dnssd", diff --git a/src/controller/python/ChipDeviceController-ScriptBinding.cpp b/src/controller/python/ChipDeviceController-ScriptBinding.cpp index 09255f4679d393..dd9f45ce57c414 100644 --- a/src/controller/python/ChipDeviceController-ScriptBinding.cpp +++ b/src/controller/python/ChipDeviceController-ScriptBinding.cpp @@ -55,8 +55,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include diff --git a/src/controller/python/OpCredsBinding.cpp b/src/controller/python/OpCredsBinding.cpp index a943673780567a..d5cc06aee8e0bb 100644 --- a/src/controller/python/OpCredsBinding.cpp +++ b/src/controller/python/OpCredsBinding.cpp @@ -36,8 +36,8 @@ #include #include -#include -#include +#include +#include using namespace chip; diff --git a/src/controller/python/chip/internal/CommissionerImpl.cpp b/src/controller/python/chip/internal/CommissionerImpl.cpp index 044a66401e1ef4..b0969a16dad733 100644 --- a/src/controller/python/chip/internal/CommissionerImpl.cpp +++ b/src/controller/python/chip/internal/CommissionerImpl.cpp @@ -19,8 +19,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include diff --git a/src/credentials/BUILD.gn b/src/credentials/BUILD.gn index 4f8f695a8509ec..d715ce595d8f4e 100644 --- a/src/credentials/BUILD.gn +++ b/src/credentials/BUILD.gn @@ -32,15 +32,13 @@ static_library("credentials") { "DeviceAttestationCredsProvider.cpp", "DeviceAttestationCredsProvider.h", "DeviceAttestationVendorReserved.h", - "DeviceAttestationVerifier.cpp", - "DeviceAttestationVerifier.h", "FabricTable.cpp", "FabricTable.h", "GenerateChipX509Cert.cpp", "GroupDataProvider.h", "GroupDataProviderImpl.cpp", - "examples/DefaultDeviceAttestationVerifier.cpp", - "examples/DefaultDeviceAttestationVerifier.h", + "attestation_verifier/DeviceAttestationVerifier.cpp", + "attestation_verifier/DeviceAttestationVerifier.h", "examples/DeviceAttestationCredsExample.cpp", "examples/DeviceAttestationCredsExample.h", "examples/ExampleDACs.cpp", @@ -76,7 +74,26 @@ static_library("credentials") { "${chip_root}/src/lib/asn1", "${chip_root}/src/lib/core", "${chip_root}/src/lib/support", - "${chip_root}/src/transport/raw", + "${chip_root}/src/platform", + "${nlassert_root}:nlassert", + ] +} + +static_library("default_attestation_verifier") { + output_name = "libDefaultAttestationVerifier" + + sources = [ + "attestation_verifier/DefaultDeviceAttestationVerifier.cpp", + "attestation_verifier/DefaultDeviceAttestationVerifier.h", + ] + + if (chip_device_platform == "esp32" || chip_device_platform == "nrfconnect") { + defines = [ "CURRENT_TIME_NOT_IMPLEMENTED=1" ] + } + + public_deps = [ + ":credentials", + "${chip_root}/src/crypto", "${nlassert_root}:nlassert", ] } diff --git a/src/credentials/examples/DefaultDeviceAttestationVerifier.cpp b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp similarity index 100% rename from src/credentials/examples/DefaultDeviceAttestationVerifier.cpp rename to src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp diff --git a/src/credentials/examples/DefaultDeviceAttestationVerifier.h b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.h similarity index 96% rename from src/credentials/examples/DefaultDeviceAttestationVerifier.h rename to src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.h index 4198e1c147348b..b79c44a360d2c6 100644 --- a/src/credentials/examples/DefaultDeviceAttestationVerifier.h +++ b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.h @@ -16,7 +16,7 @@ */ #pragma once -#include +#include namespace chip { namespace Credentials { diff --git a/src/credentials/DeviceAttestationVerifier.cpp b/src/credentials/attestation_verifier/DeviceAttestationVerifier.cpp similarity index 100% rename from src/credentials/DeviceAttestationVerifier.cpp rename to src/credentials/attestation_verifier/DeviceAttestationVerifier.cpp diff --git a/src/credentials/DeviceAttestationVerifier.h b/src/credentials/attestation_verifier/DeviceAttestationVerifier.h similarity index 100% rename from src/credentials/DeviceAttestationVerifier.h rename to src/credentials/attestation_verifier/DeviceAttestationVerifier.h diff --git a/src/credentials/tests/BUILD.gn b/src/credentials/tests/BUILD.gn index ec8a3e262d4662..b47f0c16f697cd 100644 --- a/src/credentials/tests/BUILD.gn +++ b/src/credentials/tests/BUILD.gn @@ -19,7 +19,7 @@ import("//build_overrides/nlunit_test.gni") import("${chip_root}/build/chip/chip_test_suite.gni") static_library("cert_test_vectors") { - output_name = "libChipCertTestVectors" + output_name = "libCertTestVectors" output_dir = "${root_out_dir}/lib" sources = [ @@ -35,7 +35,7 @@ static_library("cert_test_vectors") { } chip_test_suite("tests") { - output_name = "libChipCredentials" + output_name = "libCredentialsTest" output_dir = "${root_out_dir}/lib" test_sources = [ @@ -52,6 +52,7 @@ chip_test_suite("tests") { public_deps = [ ":cert_test_vectors", "${chip_root}/src/credentials", + "${chip_root}/src/credentials:default_attestation_verifier", "${chip_root}/src/lib/core", "${nlunit_test_root}:nlunit-test", ] diff --git a/src/credentials/tests/TestDeviceAttestationCredentials.cpp b/src/credentials/tests/TestDeviceAttestationCredentials.cpp index b0a3285219379c..c3576d03d7ef2f 100644 --- a/src/credentials/tests/TestDeviceAttestationCredentials.cpp +++ b/src/credentials/tests/TestDeviceAttestationCredentials.cpp @@ -20,8 +20,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include diff --git a/src/darwin/Framework/CHIP/BUILD.gn b/src/darwin/Framework/CHIP/BUILD.gn index 5e4b4506316e1c..540b36129ff1ed 100644 --- a/src/darwin/Framework/CHIP/BUILD.gn +++ b/src/darwin/Framework/CHIP/BUILD.gn @@ -68,6 +68,7 @@ static_library("framework") { public_deps = [ "${chip_root}/src/controller", "${chip_root}/src/controller/data_model", + "${chip_root}/src/credentials:default_attestation_verifier", "${chip_root}/src/lib/core", "${chip_root}/src/lib/support", ] diff --git a/src/darwin/Framework/CHIP/CHIPDeviceController.mm b/src/darwin/Framework/CHIP/CHIPDeviceController.mm index e65089c9ab7056..f8ccb7bd0030f2 100644 --- a/src/darwin/Framework/CHIP/CHIPDeviceController.mm +++ b/src/darwin/Framework/CHIP/CHIPDeviceController.mm @@ -36,8 +36,8 @@ #include #include -#include -#include +#include +#include #include #include #include diff --git a/src/lib/BUILD.gn b/src/lib/BUILD.gn index d3794ae7dd46b3..e7fdd0a0717165 100644 --- a/src/lib/BUILD.gn +++ b/src/lib/BUILD.gn @@ -33,10 +33,20 @@ static_library("lib") { "${chip_root}/src/transport", ] + # Only include the shell if it is being used. The shell is + # a debug feature mostly useful for embedded examples. + # See src/lib/lib.gni for declaration of this build arg. if (chip_build_libshell) { public_deps += [ "${chip_root}/src/lib/shell" ] } + # Only include the DefaultAttestationVerifier if needed in the build. + # See src/lib/lib.gni for declaration of this build arg. + if (chip_build_default_attestation_verifier) { + public_deps += + [ "${chip_root}/src/credentials:default_attestation_verifier" ] + } + cflags = [ "-Wconversion" ] output_name = "libCHIP" diff --git a/src/lib/lib.gni b/src/lib/lib.gni index 7ced93de8138ef..c78be22c2d9196 100644 --- a/src/lib/lib.gni +++ b/src/lib/lib.gni @@ -15,4 +15,9 @@ declare_args() { # Enable libshell support. chip_build_libshell = false + + # Enable building the DefaultDeviceAttestationVerifier. When making + # a Commissioner or Administrator that employs different or more complex + # logic, this should be set to false. + chip_build_default_attestation_verifier = true } diff --git a/src/test_driver/esp32/CMakeLists.txt b/src/test_driver/esp32/CMakeLists.txt index c14242b906908b..6955354e425482 100644 --- a/src/test_driver/esp32/CMakeLists.txt +++ b/src/test_driver/esp32/CMakeLists.txt @@ -40,12 +40,12 @@ idf_build_set_property(C_COMPILE_OPTIONS "-Os;-DLWIP_IPV6_SCOPES=0" APPEND) # which have the same issue. # # libAppTests.a -lMessagingTestHelpers -lNetworkTestHelpers -# +# # TODO: ble tests do not compile using CMake (library is not auto-built) # libBleLayerTests.a esp32_unit_test(NAME testASN1 LIBRARY ASN1Tests) -esp32_unit_test(NAME testChipCrypto LIBRARY ChipCryptoTests EXTRA_LIBRARIES -lChipCertTestVectors) +esp32_unit_test(NAME testChipCrypto LIBRARY ChipCryptoTests EXTRA_LIBRARIES -lCertTestVectors) esp32_unit_test(NAME testCore LIBRARY CoreTests) esp32_unit_test(NAME testInetLayer LIBRARY InetLayerTests) esp32_unit_test(NAME testRetransmit LIBRARY RetransmitTests)