diff --git a/credentials/development/commissioner_dut/invalid_paa/cd.der b/credentials/development/commissioner_dut/invalid_paa/cd.der new file mode 100644 index 00000000000000..3db6854627ab38 Binary files /dev/null and b/credentials/development/commissioner_dut/invalid_paa/cd.der differ diff --git a/credentials/development/commissioner_dut/invalid_paa/dac-Cert.der b/credentials/development/commissioner_dut/invalid_paa/dac-Cert.der new file mode 100644 index 00000000000000..54646763f78aa9 Binary files /dev/null and b/credentials/development/commissioner_dut/invalid_paa/dac-Cert.der differ diff --git a/credentials/development/commissioner_dut/invalid_paa/dac-Cert.pem b/credentials/development/commissioner_dut/invalid_paa/dac-Cert.pem new file mode 100644 index 00000000000000..2f20de3ef87ed0 --- /dev/null +++ b/credentials/development/commissioner_dut/invalid_paa/dac-Cert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBzjCCAXSgAwIBAgIIWRRjypC2cxkwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwP +TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMTA2Mjgx +NDIzNDNaGA85OTk5MTIzMTIzNTk1OVowRjEYMBYGA1UEAwwPTWF0dGVyIFRlc3Qg +REFDMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1lnUF27XW2SR0MYjYBm2BSgDGS3TT +bi6A0tsHKjuB/8Y9bU3bAT5+gNnz6IIgXSt3949rRlcN4gN5Sux5Td8Fo2AwXjAM +BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU3JVLDvstIQgd +qOejQv2K2nz5m2IwHwYDVR0jBBgwFoAU44aqTINKlOXlPPM+5w93H6P7TAAwCgYI +KoZIzj0EAwIDSAAwRQIhAJbqcL/1bbwLjHtzVz+BIVmUVwq7QXS7A6NsL7CgMiZy +AiAyLK2B8V7wI2VPppLeWQuZt5Aso89n7+J/gJaIKnBKhw== +-----END CERTIFICATE----- diff --git a/credentials/development/commissioner_dut/invalid_paa/dac-Key.der b/credentials/development/commissioner_dut/invalid_paa/dac-Key.der new file mode 100644 index 00000000000000..de36dd959b8fd5 Binary files /dev/null and b/credentials/development/commissioner_dut/invalid_paa/dac-Key.der differ diff --git a/credentials/development/commissioner_dut/invalid_paa/dac-Key.pem b/credentials/development/commissioner_dut/invalid_paa/dac-Key.pem new file mode 100644 index 00000000000000..49efe8fff74910 --- /dev/null +++ b/credentials/development/commissioner_dut/invalid_paa/dac-Key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJbEKXtKCVCXl0KbWX+6WlxDIcxH649NH1Nm33Prxqs6oAoGCCqGSM49 +AwEHoUQDQgAENZZ1Bdu11tkkdDGI2AZtgUoAxkt0024ugNLbByo7gf/GPW1N2wE+ +foDZ8+iCIF0rd/ePa0ZXDeIDeUrseU3fBQ== +-----END EC PRIVATE KEY----- diff --git a/credentials/development/commissioner_dut/invalid_paa/paa-Cert.pem b/credentials/development/commissioner_dut/invalid_paa/paa-Cert.pem new file mode 100644 index 00000000000000..093bb1080335bc --- /dev/null +++ b/credentials/development/commissioner_dut/invalid_paa/paa-Cert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0DCCAXagAwIBAgIIOOfO8k+viIgwCgYIKoZIzj0EAwIwOTE3MDUGA1UEAwwu +SW52YWxpZCAoTm90IFJlZ2lzdGVyZWQgaW4gdGhlIERDTCkgTWF0dGVyIFBBQTAg +Fw0yMTA2MjgxNDIzNDNaGA85OTk5MTIzMTIzNTk1OVowOTE3MDUGA1UEAwwuSW52 +YWxpZCAoTm90IFJlZ2lzdGVyZWQgaW4gdGhlIERDTCkgTWF0dGVyIFBBQTBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABPpJ2vGCmLL490OZuD1htkMjRuSOc5kCb3lx +bFxwmk66gvXU8Yocg3BvqK+9WWC6JBlgzvviw93276bvpHGpMYajZjBkMBIGA1Ud +EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQrDv6LP/qE +lgvYk8SvEXFnR+BIpTAfBgNVHSMEGDAWgBQrDv6LP/qElgvYk8SvEXFnR+BIpTAK +BggqhkjOPQQDAgNIADBFAiB/D0/Pz+Fz+SU6mNOjvPKcGlZIPe+FRDGI5uqI8rX2 +PwIhAOyShTFQMhNfy+1TnWRbwm/ShROaLr1Zcj7nLRczeGjD +-----END CERTIFICATE----- diff --git a/credentials/development/commissioner_dut/invalid_paa/paa-Key.pem b/credentials/development/commissioner_dut/invalid_paa/paa-Key.pem new file mode 100644 index 00000000000000..1f464846ea9e77 --- /dev/null +++ b/credentials/development/commissioner_dut/invalid_paa/paa-Key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIFY+k2145+Tfyl9Stq08M5H+SieAPCwwoOLg1NS8s2TqoAoGCCqGSM49 +AwEHoUQDQgAE+kna8YKYsvj3Q5m4PWG2QyNG5I5zmQJveXFsXHCaTrqC9dTxihyD +cG+or71ZYLokGWDO++LD3fbvpu+kcakxhg== +-----END EC PRIVATE KEY----- diff --git a/credentials/development/commissioner_dut/invalid_paa/pai-Cert.der b/credentials/development/commissioner_dut/invalid_paa/pai-Cert.der new file mode 100644 index 00000000000000..28fa817118a07c Binary files /dev/null and b/credentials/development/commissioner_dut/invalid_paa/pai-Cert.der differ diff --git a/credentials/development/commissioner_dut/invalid_paa/pai-Cert.pem b/credentials/development/commissioner_dut/invalid_paa/pai-Cert.pem new file mode 100644 index 00000000000000..7457aeecbade5c --- /dev/null +++ b/credentials/development/commissioner_dut/invalid_paa/pai-Cert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByDCCAW2gAwIBAgIIVH5lccL+7gYwCgYIKoZIzj0EAwIwOTE3MDUGA1UEAwwu +SW52YWxpZCAoTm90IFJlZ2lzdGVyZWQgaW4gdGhlIERDTCkgTWF0dGVyIFBBQTAg +Fw0yMTA2MjgxNDIzNDNaGA85OTk5MTIzMTIzNTk1OVowMDEYMBYGA1UEAwwPTWF0 +dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABJTSFb4sA9AkXurgPmWCT2maCtyOp8AaqS6dlms2IehJKykQ +j8u1lC4GM1u0iYwhj820yadRtGRmww0cNgjQrQejZjBkMBIGA1UdEwEB/wQIMAYB +Af8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjhqpMg0qU5eU88z7nD3cf +o/tMADAfBgNVHSMEGDAWgBQrDv6LP/qElgvYk8SvEXFnR+BIpTAKBggqhkjOPQQD +AgNJADBGAiEA4CLir/Rmk9mDUS71Jrteov7tCIT9eXrFGUTPkoW+6zcCIQDEhmKi +4hXiW6WC8eXcUxS6kYvEoAKI+kic9A00szhNkg== +-----END CERTIFICATE----- diff --git a/credentials/development/commissioner_dut/invalid_paa/pai-Key.der b/credentials/development/commissioner_dut/invalid_paa/pai-Key.der new file mode 100644 index 00000000000000..7b7536af4ab365 Binary files /dev/null and b/credentials/development/commissioner_dut/invalid_paa/pai-Key.der differ diff --git a/credentials/development/commissioner_dut/invalid_paa/pai-Key.pem b/credentials/development/commissioner_dut/invalid_paa/pai-Key.pem new file mode 100644 index 00000000000000..d689531cecacbc --- /dev/null +++ b/credentials/development/commissioner_dut/invalid_paa/pai-Key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIHOVwVthXM49128hkyBUFt/P5rCpOxBikVZ1HyiTyV90oAoGCCqGSM49 +AwEHoUQDQgAElNIVviwD0CRe6uA+ZYJPaZoK3I6nwBqpLp2WazYh6EkrKRCPy7WU +LgYzW7SJjCGPzbTJp1G0ZGbDDRw2CNCtBw== +-----END EC PRIVATE KEY----- diff --git a/credentials/development/commissioner_dut/invalid_paa/test_case_vector.json b/credentials/development/commissioner_dut/invalid_paa/test_case_vector.json new file mode 100644 index 00000000000000..74f9d24fe18c1f --- /dev/null +++ b/credentials/development/commissioner_dut/invalid_paa/test_case_vector.json @@ -0,0 +1,9 @@ +{ + "description": "PAI Test Vector: Invalid CMS Signature.", + "is_success_case": "false", + "dac_cert": "308201ce30820174a0030201020208591463ca90b67319300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414931143012060a2b0601040182a27c02010c04464646313020170d3231303632383134323334335a180f39393939313233313233353935395a30463118301606035504030c0f4d617474657220546573742044414331143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030303059301306072a8648ce3d020106082a8648ce3d0301070342000435967505dbb5d6d924743188d8066d814a00c64b74d36e2e80d2db072a3b81ffc63d6d4ddb013e7e80d9f3e882205d2b77f78f6b46570de203794aec794ddf05a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414dc954b0efb2d21081da8e7a342fd8ada7cf99b62301f0603551d23041830168014e386aa4c834a94e5e53cf33ee70f771fa3fb4c00300a06082a8648ce3d040302034800304502210096ea70bff56dbc0b8c7b73573f81215994570abb4174bb03a36c2fb0a03226720220322cad81f15ef023654fa692de590b99b7902ca3cf67efe27f8096882a704a87", + "pai_cert": "308201c83082016da0030201020208547e6571c2feee06300a06082a8648ce3d04030230393137303506035504030c2e496e76616c696420284e6f74205265676973746572656420696e207468652044434c29204d6174746572205041413020170d3231303632383134323334335a180f39393939313233313233353935395a30303118301606035504030c0f4d617474657220546573742050414931143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d0301070342000494d215be2c03d0245eeae03e65824f699a0adc8ea7c01aa92e9d966b3621e8492b29108fcbb5942e06335bb4898c218fcdb4c9a751b46466c30d1c3608d0ad07a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e04160414e386aa4c834a94e5e53cf33ee70f771fa3fb4c00301f0603551d230418301680142b0efe8b3ffa84960bd893c4af11716747e048a5300a06082a8648ce3d0403020349003046022100e022e2aff46693d983512ef526bb5ea2feed0884fd797ac51944cf9285beeb37022100c48662a2e215e25ba582f1e5dc5314ba918bc4a00288fa489cf40d34b3384d92", + "certification_declaration": "3081e906092a864886f70d010702a081db3081d8020103310d300b0609608648016503040201304506092a864886f70d010701a0380436152400012501f1ff360205008018250334122c04135a494732303134315a423333303030312d32342405002406002507769824080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d040302044730450221009537f838ebfd9f8b1f26b4c207098ec082928254e8db72fc32f8a870ef97563a02203c59748c2c49d7222b58088c3689127a2df28aa8ae8320bd3c82fdcf01dd6044", + "dac_private_key": "96c4297b4a09509797429b597fba5a5c4321cc47eb8f4d1f5366df73ebc6ab3a", + "dac_public_key": "0435967505dbb5d6d924743188d8066d814a00c64b74d36e2e80d2db072a3b81ffc63d6d4ddb013e7e80d9f3e882205d2b77f78f6b46570de203794aec794ddf05" +} diff --git a/src/tools/chip-cert/gen_com_dut_test_vectors.py b/src/tools/chip-cert/gen_com_dut_test_vectors.py index fa83d0064d5fb5..0a5449d65173df 100755 --- a/src/tools/chip-cert/gen_com_dut_test_vectors.py +++ b/src/tools/chip-cert/gen_com_dut_test_vectors.py @@ -944,6 +944,41 @@ def main(): # Generate Test Case Data Container in JSON Format generate_test_case_vector_json(test_case_out_dir, 'cd', test_case) + # Test case: Generate {DAC, PAI, PAA} chain with random (invalid) PAA + test_case_out_dir = args.outdir + '/invalid_paa' + paapath = test_case_out_dir + '/paa-' + + if not os.path.exists(test_case_out_dir): + os.mkdir(test_case_out_dir) + + # Generate PAA Cert/Key + cmd = chipcert + ' gen-att-cert -t a -c "Invalid (Not Registered in the DCL) Matter PAA" -f "' + VALID_IN_PAST + \ + '" -l 4294967295 -o ' + paapath + 'Cert.pem -O ' + paapath + 'Key.pem' + subprocess.run(cmd, shell=True) + + vid = 0xFFF1 + pid = 0x8000 + + # Generate PAI Cert/Key + builder = DevCertBuilder(CertType.PAI, 'no-error', paapath, test_case_out_dir, + chipcert, vid, PID_NOT_PRESENT, '', VALID_IN_PAST) + builder.make_certs_and_keys() + + # Generate DAC Cert/Key + builder = DevCertBuilder(CertType.DAC, 'no-error', paapath, test_case_out_dir, + chipcert, vid, pid, '', VALID_IN_PAST) + builder.make_certs_and_keys() + + # Generate Certification Declaration (CD) + vid_flag = ' -V 0x{:X}'.format(vid) + pid_flag = ' -p 0x{:X}'.format(pid) + cmd = chipcert + ' gen-cd -K ' + cd_key + ' -C ' + cd_cert + ' -O ' + test_case_out_dir + '/cd.der' + \ + ' -f 1 ' + vid_flag + pid_flag + ' -d 0x1234 -c "ZIG20141ZB330001-24" -l 0 -i 0 -n 9876 -t 0' + subprocess.run(cmd, shell=True) + + # Generate Test Case Data Container in JSON Format + generate_test_case_vector_json(test_case_out_dir, test_cert, test_case) + if __name__ == '__main__': sys.exit(main())