Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add details to VerifyAttestationInformation so that more AttestationVerificationResult values are reportable #11918

Closed
tcarmelveilleux opened this issue Nov 17, 2021 · 1 comment
Closed

Add details to VerifyAttestationInformation so that more AttestationVerificationResult values are reportable #11918

tcarmelveilleux opened this issue Nov 17, 2021 · 1 comment
Assignees
@vijs
Labels
attestation

Comments

@tcarmelveilleux
Copy link
Contributor

Problem

Current VerifyAttestationInformation does simplified processing that will return AttestationVerificationResult::kDacSignatureInvalid for any failure of the certificate chain validation, event if not related to DAC signature. This is because there is only a bool result used and we do not expose the internal outcome of the certificate chain validation that would expose the true error, such as validity period expiration, malformed certs, missing extensions.

Proposed Solution

  • Update ValidateCertificateChain in CHIPCryptoPal to have more details about the failures
  • Convert new ValidateCertificateChain errors into AttestationVerificationResult cases
  • Add checks to VerifyAttestationInformation to account for additional Matter-only policy regarding contents of DAC chain elements (e.g. specific requirements for extensions present, etc)
@vijs vijs self-assigned this Nov 17, 2021
@vijs vijs mentioned this issue Dec 7, 2021
Merged
@vijs
Copy link
Collaborator

vijs commented Dec 9, 2021

This issue is addressed in PR #12655

@vijs vijs closed this as completed Dec 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vijs vijs

Labels
attestation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tcarmelveilleux @vijs