-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check VID/PID when doing device attestation #14551
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pullapprove
bot
requested review from
andy31415,
anush-apple,
austinh0,
balducci-apple,
Byungjoo-Lee,
bzbarsky-apple,
carol-apple,
chrisdecenzo,
chshu,
chulspro,
Damian-Nordic,
dhrishi,
electrocucaracha,
emargolis,
franck-apple,
gjc13,
harimau-qirex,
hawk248,
jelderton,
jepenven-silabs,
jmartinez-silabs,
LuDuda,
msandstedt,
mspang,
pan-apple,
robszewczyk,
sagar-apple,
saurabhst and
selissia
January 28, 2022 22:24
PR #14551: Size comparison from eb628d3 to e66499b Increases above 0.2%:
Increases (3 builds for linux)
Full report (25 builds for cyw30739, efr32, k32w, linux, p6, qpg, telink)
|
msandstedt
approved these changes
Jan 29, 2022
tcarmelveilleux
approved these changes
Feb 3, 2022
chrisdecenzo
approved these changes
Feb 3, 2022
msandstedt
approved these changes
Feb 3, 2022
Please do not submit until I PSA the platform devs about this change. |
PR #14551: Size comparison from 4267a9b to bcf0c71 Increases (3 builds for linux)
Full report (43 builds for cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, qpg, telink)
|
andy31415
added a commit
to andy31415/connectedhomeip
that referenced
this pull request
Feb 4, 2022
…)" This reverts commit a7d7d8d.
andy31415
added a commit
that referenced
this pull request
Feb 4, 2022
cecille
added a commit
to cecille/connectedhomeip
that referenced
this pull request
Feb 7, 2022
…chip#14551)" (project-chip#14795)" This reverts commit ad28f32.
cecille
added a commit
to cecille/connectedhomeip
that referenced
this pull request
Feb 7, 2022
…chip#14551)" (project-chip#14795)" This reverts commit ad28f32.
andy31415
pushed a commit
that referenced
this pull request
Feb 9, 2022
* Add new certs for development. We are moving to have the certificate verification check the VID and PID between the basic cluster and the DAC/CD. Right now, none of the examples pass prorperly because the VIDs and PIDs do not match. In order to facilitate development while platforms are developing their own DeviceAttestationCredentialsProvider, we have provided a new set of development certs that can be used for development only. This new scheme is backed by the test PAA in attestation/test/. This was done to reduce the number of changes required to the controllers, which already contain this PAA in their trusted certs. The PAI has been changed to omit the PID. This means the we can use a common PAI cert for all products. The vendor ID for the PAI is 0xFFF1, which a known test vendor for Matter. The DACs below are signed by the new PAI and include certs and keys for PIDs 0x8000-0x801F. * Use new certificates in attestation. Test: Can commission linux lighting app using pid 0x8000 * Add new certificate declaration This new CD will veryify against all products with VID 0xFFF1 and PIDs in the range of 0x8000-0x8063. Test: Verified on linux lighitng app by forcing app and controller to use pid 0x8001 * Update example PIDs. Please see documentation in docs/examples. * Add explicit warning for PID/VID mismatch. * Revert "Revert "Check VID/PID when doing device attestation (#14551)" (#14795)" This reverts commit ad28f32. * Fix tests Use hard coded cert values for tests rather than going through the example creds provider. * Update src/controller/AutoCommissioner.cpp Co-authored-by: Tennessee Carmel-Veilleux <[email protected]> * Update src/controller/CHIPDeviceController.h Co-authored-by: Tennessee Carmel-Veilleux <[email protected]> * Restyled by clang-format * Fix two spelling errors * Update src/credentials/tests/TestDeviceAttestationCredentials.cpp Co-authored-by: Evgeny Margolis <[email protected]> * Use define for CD size. * YOU get a bracket, YOU get a bracket... everybody gets a bracket! * Spelling error. * Fix P6 Sneaky P6...got by me. * Put function names in single quotes I think this will appease the spell checker. * Fine, spell checker. Here you go. Co-authored-by: Tennessee Carmel-Veilleux <[email protected]> Co-authored-by: Restyled.io <[email protected]> Co-authored-by: Evgeny Margolis <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
Device attestation currently uses a hardcoded vid/pid, not the one read from the basic cluster
Change overview
Testing