Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dac revocation: Default implementation to check if DAC chain is revoked #33651

Merged
merged 22 commits into from
Jul 29, 2024
Merged

dac revocation: Default implementation to check if DAC chain is revoked #33651

merged 22 commits into from
Jul 29, 2024

Conversation

shubhamdp
Copy link
Contributor

@shubhamdp shubhamdp commented May 29, 2024
edited
Loading

Fixes #33124
Fixes #33652

Change overview

  • Impl for parsing revocation set generated using credentials/generate-revocation-set.py using jsoncpp.
  • Impl for parsing AKID, serial number, issuer name from cert in hex string, and base64 format
  • Added an option to chip-tool to take json file as an input revoked set

Testing

  • Verified commissioning with lighting-app with/without --dac-revocation-set-path option.
  • When using --dac-revocation-set-path, verified with revoked as well as not revoked test dataset.
  • Added unit tests

@shubhamdp shubhamdp mentioned this pull request May 29, 2024
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 24, 2024
edited
Loading

PR #33651: Size comparison from 8306353 to f9fad81

Increases above 0.2%:

platform target config section 8306353 f9fad81 change % change
linux chip-tool debug unknown 5784 5832 48 0.8
tizen chip-tool-ubsan arm unknown 2388 2404 16 0.7
Full report (82 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, mbed, nxp, psoc6, qpg, stm32, telink, tizen)
platform target config section 8306353 f9fad81 change % change
bl602 lighting-app bl602 FLASH 1271952 1271952 0 0.0
RAM 95384 95384 0 0.0
bl602+mfd FLASH 1286210 1286210 0 0.0
RAM 95528 95528 0 0.0
bl602+rpc FLASH 1310920 1310920 0 0.0
RAM 103808 103808 0 0.0
bl702 lighting-app bl702 FLASH 1092846 1092846 0 0.0
RAM 15245 15245 0 0.0
bl702+mfd FLASH 1103540 1103540 0 0.0
RAM 15397 15397 0 0.0
bl702+rpc FLASH 1182912 1182912 0 0.0
RAM 24245 24245 0 0.0
bl706-eth FLASH 876146 876146 0 0.0
RAM 27348 27348 0 0.0
bl706-wifi FLASH 1128328 1128328 0 0.0
RAM 14681 14681 0 0.0
bl702l lighting-app bl702l FLASH 1079744 1079744 0 0.0
RAM 21800 21800 0 0.0
bl702l+mfd FLASH 1091006 1091006 0 0.0
RAM 21960 21960 0 0.0
cc13x4_26x4 lighting-app LP_EM_CC1354P10_6 FLASH 798900 798900 0 0.0
RAM 109236 109236 0 0.0
lock-ftd LP_EM_CC1354P10_6 FLASH 816660 816660 0 0.0
RAM 117020 117020 0 0.0
lock-mtd LP_EM_CC1354P10_6 FLASH 808492 808492 0 0.0
RAM 111308 111308 0 0.0
pump-app LP_EM_CC1354P10_6 FLASH 761108 761108 0 0.0
RAM 105408 105408 0 0.0
pump-controller-app LP_EM_CC1354P10_6 FLASH 746892 746892 0 0.0
RAM 105632 105632 0 0.0
cc32xx air-purifier CC3235SF_LAUNCHXL FLASH 606670 606670 0 0.0
RAM 204564 204564 0 0.0
lock CC3235SF_LAUNCHXL FLASH 652018 652018 0 0.0
RAM 204836 204836 0 0.0
cyw30739 light CYW30739B2-P5-EVK-01 unknown 2040 2040 0 0.0
FLASH 668009 668009 0 0.0
RAM 77700 77700 0 0.0
CYW30739B2-P5-EVK-02 unknown 2040 2040 0 0.0
FLASH 687861 687861 0 0.0
RAM 80340 80340 0 0.0
CYW30739B2-P5-EVK-03 unknown 2040 2040 0 0.0
FLASH 687861 687861 0 0.0
RAM 80340 80340 0 0.0
CYW930739M2EVB-02 unknown 2040 2040 0 0.0
FLASH 644805 644805 0 0.0
RAM 72768 72768 0 0.0
light-switch CYW30739B2-P5-EVK-01 unknown 2040 2040 0 0.0
FLASH 609561 609561 0 0.0
RAM 70884 70884 0 0.0
CYW30739B2-P5-EVK-02 unknown 2040 2040 0 0.0
FLASH 629189 629189 0 0.0
RAM 73428 73428 0 0.0
CYW30739B2-P5-EVK-03 unknown 2040 2040 0 0.0
FLASH 629189 629189 0 0.0
RAM 73428 73428 0 0.0
lock CYW30739B2-P5-EVK-01 unknown 2040 2040 0 0.0
FLASH 625257 625257 0 0.0
RAM 73900 73900 0 0.0
CYW30739B2-P5-EVK-02 unknown 2040 2040 0 0.0
FLASH 644965 644965 0 0.0
RAM 76444 76444 0 0.0
CYW30739B2-P5-EVK-03 unknown 2040 2040 0 0.0
FLASH 644965 644965 0 0.0
RAM 76444 76444 0 0.0
thermostat CYW30739B2-P5-EVK-01 unknown 2040 2040 0 0.0
FLASH 593629 593629 0 0.0
RAM 67852 67852 0 0.0
CYW30739B2-P5-EVK-02 unknown 2040 2040 0 0.0
FLASH 613481 613481 0 0.0
RAM 70492 70492 0 0.0
CYW30739B2-P5-EVK-03 unknown 2040 2040 0 0.0
FLASH 613481 613481 0 0.0
RAM 70492 70492 0 0.0
efr32 lighting-app BRD4187C FLASH 926120 926120 0 0.0
RAM 134528 134528 0 0.0
lock-app BRD4338a FLASH 734508 734500 -8 -0.0
RAM 208004 208004 0 0.0
window-app BRD4187C FLASH 1014572 1014572 0 0.0
RAM 126648 126648 0 0.0
esp32 all-clusters-app c3devkit DRAM 90924 90924 0 0.0
FLASH 1471170 1471170 0 0.0
IRAM 75570 75570 0 0.0
m5stack DRAM 117404 117404 0 0.0
FLASH 1540279 1540279 0 0.0
IRAM 125403 125403 0 0.0
linux air-purifier-app debug unknown 4632 4632 0 0.0
FLASH 2707111 2707111 0 0.0
RAM 125200 125200 0 0.0
all-clusters-app debug unknown 5400 5400 0 0.0
FLASH 5835588 5835588 0 0.0
RAM 494784 494784 0 0.0
all-clusters-minimal-app debug unknown 5312 5312 0 0.0
FLASH 5295288 5295288 0 0.0
RAM 235728 235728 0 0.0
bridge-app debug unknown 5296 5296 0 0.0
FLASH 4694610 4694610 0 0.0
RAM 212992 212992 0 0.0
chip-tool debug unknown 5784 5832 48 0.8
FLASH 12297294 12306682 9388 0.1
RAM 548882 548954 72 0.0
chip-tool-ipv6only arm64 unknown 20168 20184 16 0.1
FLASH 11003212 11011628 8416 0.1
RAM 598528 598648 120 0.0
fabric-admin debug unknown 5672 5672 0 0.0
FLASH 11315133 11315229 96 0.0
RAM 545722 545754 32 0.0
fabric-bridge-app debug unknown 4568 4568 0 0.0
FLASH 4448844 4448844 0 0.0
RAM 199024 199024 0 0.0
lighting-app debug+rpc+ui unknown 5968 5968 0 0.0
FLASH 5618689 5618689 0 0.0
RAM 224272 224272 0 0.0
lock-app debug unknown 5232 5232 0 0.0
FLASH 4753062 4753062 0 0.0
RAM 200704 200704 0 0.0
ota-provider-app debug unknown 4608 4608 0 0.0
FLASH 4397556 4397556 0 0.0
RAM 194880 194880 0 0.0
ota-requestor-app debug unknown 4544 4544 0 0.0
FLASH 4535338 4535338 0 0.0
RAM 199416 199416 0 0.0
shell debug unknown 4168 4168 0 0.0
FLASH 2979805 2979805 0 0.0
RAM 153736 153736 0 0.0
thermostat-no-ble arm64 unknown 9208 9208 0 0.0
FLASH 4256996 4256996 0 0.0
RAM 236336 236336 0 0.0
tv-app debug unknown 5504 5504 0 0.0
FLASH 5970397 5970493 96 0.0
RAM 573376 573376 0 0.0
tv-casting-app debug unknown 5168 5168 0 0.0
FLASH 10509533 10509805 272 0.0
RAM 634344 634344 0 0.0
mbed lock-app-release cy8cproto_062_4343w FLASH 1503276 1503276 0 0.0
RAM 226720 226720 0 0.0
nxp contact k32w0+release FLASH 576100 576100 0 0.0
RAM 70104 70104 0 0.0
k32w1+release FLASH 591656 591656 0 0.0
RAM 74144 74144 0 0.0
light k32w0+release FLASH 610400 610400 0 0.0
RAM 69564 69564 0 0.0
k32w1+release FLASH 675192 675192 0 0.0
RAM 82872 82872 0 0.0
psoc6 all-clusters cy8ckit_062s2_43012 FLASH 1611668 1611668 0 0.0
RAM 209728 209728 0 0.0
all-clusters-minimal cy8ckit_062s2_43012 FLASH 1532020 1532020 0 0.0
RAM 206544 206544 0 0.0
light cy8ckit_062s2_43012 FLASH 1458844 1458844 0 0.0
RAM 199808 199808 0 0.0
lock cy8ckit_062s2_43012 FLASH 1459484 1459484 0 0.0
RAM 224328 224328 0 0.0
qpg lighting-app qpg6105+debug FLASH 651724 651724 0 0.0
RAM 104636 104636 0 0.0
lock-app qpg6105+debug FLASH 612120 612120 0 0.0
RAM 99320 99320 0 0.0
stm32 light STM32WB5MM-DK FLASH 474120 474120 0 0.0
RAM 144260 144260 0 0.0
telink air-quality-sensor-app tlsr9528a_retention FLASH 633086 633086 0 0.0
RAM 50576 50576 0 0.0
all-clusters-app tlsr9118bdk40d FLASH 658938 658938 0 0.0
RAM 148480 148480 0 0.0
all-clusters-minimal-app tlsr9528a FLASH 779164 779164 0 0.0
RAM 113260 113260 0 0.0
bridge-app tlsr9258a FLASH 676006 676006 0 0.0
RAM 95344 95344 0 0.0
contact-sensor-app tlsr9528a_retention FLASH 634670 634670 0 0.0
RAM 50620 50620 0 0.0
light-switch-app-ota-shell-factory-data tlsr9528a FLASH 720542 720542 0 0.0
RAM 77196 77196 0 0.0
lighting-app-ota-factory-data tlsr9118bdk40d FLASH 614040 614040 0 0.0
RAM 144684 144684 0 0.0
lighting-app-ota-rpc-factory-data-4mb tlsr9518adk80d FLASH 801844 801844 0 0.0
RAM 103088 103088 0 0.0
lock-app-dfu tlsr9528a FLASH 666498 666498 0 0.0
RAM 69900 69900 0 0.0
ota-requestor-app tlsr9258a FLASH 695368 695368 0 0.0
RAM 95068 95068 0 0.0
pump-app tlsr9518adk80d FLASH 616934 616934 0 0.0
RAM 57000 57000 0 0.0
pump-controller-app tlsr9518adk80d FLASH 607344 607344 0 0.0
RAM 56800 56800 0 0.0
shell tlsr9518adk80d FLASH 466520 466520 0 0.0
RAM 72488 72488 0 0.0
smoke_co_alarm-app tlsr9528a_retention FLASH 641288 641288 0 0.0
RAM 52248 52248 0 0.0
temperature-measurement-app-mars-ota tlsr9518adk80d FLASH 651166 651166 0 0.0
RAM 60436 60436 0 0.0
thermostat tlsr9518adk80d FLASH 626230 626230 0 0.0
RAM 57124 57124 0 0.0
window-covering tlsr9118bdk40d FLASH 519436 519436 0 0.0
RAM 97856 97856 0 0.0
tizen all-clusters-app arm unknown 1588 1588 0 0.0
FLASH 1641292 1641292 0 0.0
RAM 48708 48708 0 0.0
chip-tool-ubsan arm unknown 2388 2404 16 0.7
FLASH 16324982 16339106 14124 0.1
RAM 7168664 7174940 6276 0.1

@shubhamdp shubhamdp mentioned this pull request Jul 25, 2024
Open
@dhrishi
Copy link
Contributor

dhrishi commented Jul 25, 2024

@tcarmelveilleux @andy31415 Can you please review and approve this if it looks okay? We are hoping that this gets merged before the 1.4.TE2 deadline

This was referenced Jul 29, 2024
Open
Open
@mergify mergify bot merged commit 34662ea into project-chip:master Jul 29, 2024
69 checks passed
@shubhamdp shubhamdp deleted the dac_revoke_def_impl branch July 30, 2024 03:26
@tcarmelveilleux
Copy link
Contributor

Broke python tests on HEAD

j-ororke pushed a commit to j-ororke/connectedhomeip that referenced this pull request Jul 31, 2024
@shubhamdp @bzbarsky-apple
@restyled-commits @j-ororke
dac revocation: Default implementation to check if DAC chain is revok…
f2e74e5 
…ed (project-chip#33651)

* dac revocation: default implementation of CheckForRevokedDACChain

* option to configure the revocation set file in chip-tool

* Added few comments

* restyle

* add fstream to allow list of DefaultDeviceAttestationVerifier

* Address comments

Added an interface for device attestation revocation and the test
implementation for the same.

* error code if dac and pai both are revoked

* unit tests

* Update examples/chip-tool/commands/common/CredentialIssuerCommands.h

Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>

* Move setting of revocation delegate to default verifier

* factor out getting of revocation delegate

* Restyled by clang-format

* address reviews

* API to clear revocation set path, and minor cleanup and added a comment
to explain the usage of --dac-revocation-set-path argument

* Restyled by clang-format

* add some details about json schema

* Restyled by whitespace

* Add the help text in the argument

* Address review comments and added some TODOs

---------

Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>
Co-authored-by: Restyled.io <commits@restyled.io>
rochaferraz pushed a commit to rochaferraz/connectedhomeip that referenced this pull request Jul 31, 2024
@shubhamdp @bzbarsky-apple
@restyled-commits @rochaferraz
dac revocation: Default implementation to check if DAC chain is revok…
c951d51 
…ed (project-chip#33651)

* dac revocation: default implementation of CheckForRevokedDACChain

* option to configure the revocation set file in chip-tool

* Added few comments

* restyle

* add fstream to allow list of DefaultDeviceAttestationVerifier

* Address comments

Added an interface for device attestation revocation and the test
implementation for the same.

* error code if dac and pai both are revoked

* unit tests

* Update examples/chip-tool/commands/common/CredentialIssuerCommands.h

Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>

* Move setting of revocation delegate to default verifier

* factor out getting of revocation delegate

* Restyled by clang-format

* address reviews

* API to clear revocation set path, and minor cleanup and added a comment
to explain the usage of --dac-revocation-set-path argument

* Restyled by clang-format

* add some details about json schema

* Restyled by whitespace

* Add the help text in the argument

* Address review comments and added some TODOs

---------

Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>
Co-authored-by: Restyled.io <commits@restyled.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tcarmelveilleux tcarmelveilleux tcarmelveilleux approved these changes

@bzbarsky-apple bzbarsky-apple bzbarsky-apple approved these changes

@andy31415 andy31415 Awaiting requested review from andy31415

@andyg-apple andyg-apple Awaiting requested review from andyg-apple

@anush-apple anush-apple Awaiting requested review from anush-apple

@arkq arkq Awaiting requested review from arkq

@bauerschwan bauerschwan Awaiting requested review from bauerschwan

@carol-apple carol-apple Awaiting requested review from carol-apple

@cecille cecille Awaiting requested review from cecille

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@cliffamzn cliffamzn Awaiting requested review from cliffamzn

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@dhrishi dhrishi Awaiting requested review from dhrishi

@fessehaeve fessehaeve Awaiting requested review from fessehaeve

@harimau-qirex harimau-qirex Awaiting requested review from harimau-qirex

@harsha-rajendran harsha-rajendran Awaiting requested review from harsha-rajendran

@hawk248 hawk248 Awaiting requested review from hawk248

@hicklin hicklin Awaiting requested review from hicklin

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@jmeg-sfy jmeg-sfy Awaiting requested review from jmeg-sfy

@joonhaengHeo joonhaengHeo Awaiting requested review from joonhaengHeo

@jtung-apple jtung-apple Awaiting requested review from jtung-apple

@kiel-apple kiel-apple Awaiting requested review from kiel-apple

@kkasperczyk-no kkasperczyk-no Awaiting requested review from kkasperczyk-no

@kpschoedel kpschoedel Awaiting requested review from kpschoedel

@ksperling-apple ksperling-apple Awaiting requested review from ksperling-apple

@lazarkov lazarkov Awaiting requested review from lazarkov

@lpbeliveau-silabs lpbeliveau-silabs Awaiting requested review from lpbeliveau-silabs

@LuDuda LuDuda Awaiting requested review from LuDuda

@mhazley mhazley Awaiting requested review from mhazley

@mkardous-silabs mkardous-silabs Awaiting requested review from mkardous-silabs

@nivi-apple nivi-apple Awaiting requested review from nivi-apple

@p0fi p0fi Awaiting requested review from p0fi

@pidarped pidarped Awaiting requested review from pidarped

@plauric plauric Awaiting requested review from plauric

@rcasallas-silabs rcasallas-silabs Awaiting requested review from rcasallas-silabs

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@sharadb-amazon sharadb-amazon Awaiting requested review from sharadb-amazon

@tecimovic tecimovic Awaiting requested review from tecimovic

@tehampson tehampson Awaiting requested review from tehampson

@tima-q tima-q Awaiting requested review from tima-q

@tobiasgraf tobiasgraf Awaiting requested review from tobiasgraf

@turon turon Awaiting requested review from turon

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wiba-nordic wiba-nordic Awaiting requested review from wiba-nordic

@woody-apple woody-apple Awaiting requested review from woody-apple

@younghak-hwang younghak-hwang Awaiting requested review from younghak-hwang

@yufengwangca yufengwangca Awaiting requested review from yufengwangca

@yunhanw-google yunhanw-google Awaiting requested review from yunhanw-google

@ReneJosefsen ReneJosefsen Awaiting requested review from ReneJosefsen

@axelnxp axelnxp Awaiting requested review from axelnxp

@chapongatien chapongatien Awaiting requested review from chapongatien

@doru91 doru91 Awaiting requested review from doru91

Assignees
No one assigned
Labels
examples review - approved scripts tools
Projects
None yet
Milestone
No milestone
5 participants
@shubhamdp @dhrishi @tcarmelveilleux @bzbarsky-apple @restyled-commits