Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make script to generate a basic RevocationSet from TestNet #26432

Open
tcarmelveilleux opened this issue May 8, 2023 · 1 comment
Open

Make script to generate a basic RevocationSet from TestNet #26432

tcarmelveilleux opened this issue May 8, 2023 · 1 comment
Assignees
@vijs
Labels
attestation
Milestone
1.3 Feature Complete

Comments

@tcarmelveilleux
Copy link
Contributor

The algorithm specified in section "6.2.4.1. Conceptual algorithm for revocation set construction" should be built and usable against TestNet schema, MainNet schema, and against a file containing an array of JSON records equivalent to getting all revocation distribution points from TestNet or MainNet.

The output file should have a JSON format of:

[
  { 
    "type": "revocation_set",
    "issuer_subject_key_id": "<issuer subject key ID as uppercase hex, 20 bytes>",
    "issuer_name": "<ASN.1 SEQUENCE of Issuer of the CRL as base64>",
    "revoked_serial_numbers:
    [
      "serial1 bytes as base64",
      "serial2 bytes as base64"
    ]
  }
]

This should be built as a Python script, using dependencies in the repos. This will be usable to provide an input to device attestation revocation "basic proof of concept" implementation.

See https://github.com/project-chip/connectedhomeip/blob/master/credentials/fetch-paa-certs-from-dcl.py for an example of a script making use of DCL to download DCL schema entries.
@tcarmelveilleux tcarmelveilleux mentioned this issue May 8, 2023
Open
@woody-apple woody-apple added this to the 1.3 milestone Jul 25, 2023
@woody-apple woody-apple removed the v1.2 label Oct 24, 2023
@tcarmelveilleux
Copy link
Contributor Author

Assigning to Vijay, to determine effort. Please re-assign to me if this is too large.

vijs added a commit to vijs/connectedhomeip that referenced this issue Dec 6, 2023
@vijs
* The algorithm specified in section "6.2.4.1. Conceptual algorithm f…
4540d82 
…or revocation set construction" should be built and usable against TestNet schema or MainNet schema. Reference: Issue project-chip#26432

* Added script to generate a basic RevocationSet from TestNet or MainNet
  * how to use it? - python ./credentials/generate-revocation-set.py --help

* python ./credentials/generate-revocation-set.py --use-main-net-dcld PATH
@vijs vijs mentioned this issue Dec 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vijs vijs

Labels
attestation
Projects
[1.3] SDK Feature Complete
Status: Todo
[Feature] DA PKI Revocation
Status: Todo
[Feature] Device Attestation
Status: Todo
Milestone
1.3 Feature Complete
Development

No branches or pull requests
3 participants
@tcarmelveilleux @vijs @woody-apple