da_revocation: sample revoked DACs and PAI certs for VID:0xFFF1 PID:0x8001 #36838

shubhamdp · 2024-12-13T07:43:42Z

Related to #26582.

Generated the certificates with the help of chip-cert (please check the commands used below).
Generated and updated CRL using openssl ca functionality.

Next update time is set to 99 years.

chip-cert commands used for generating DACs

cd credentials/development/attestation

chip-cert gen-att-cert -t d -c "Matter Dev DAC Revoked 01" -V 0xFFF1 -P 0x8001 --lifetime 4294967295 \
	-C Matter-Development-PAI-FFF1-noPID-Cert.pem -K Matter-Development-PAI-FFF1-noPID-Key.pem \
	-o Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.pem -O Matter-Development-DAC-FFF1-8001-Revoked-01-Key.pem

chip-cert gen-att-cert -t d -c "Matter Dev DAC Revoked 02" -V 0xFFF1 -P 0x8001 --lifetime 4294967295 \
	-C Matter-Development-PAI-FFF1-noPID-Cert.pem -K Matter-Development-PAI-FFF1-noPID-Key.pem \
	-o Matter-Development-DAC-FFF1-8001-Revoked-02-Cert.pem -O Matter-Development-DAC-FFF1-8001-Revoked-02-Key.pem

chip-cert gen-att-cert -t d -c "Matter Dev DAC Revoked 03" -V 0xFFF1 -P 0x8001 --lifetime 4294967295 \
	-C Matter-Development-PAI-FFF1-noPID-Cert.pem -K Matter-Development-PAI-FFF1-noPID-Key.pem \
	-o Matter-Development-DAC-FFF1-8001-Revoked-03-Cert.pem -O Matter-Development-DAC-FFF1-8001-Revoked-03-Key.pem

chip-cert commands used for generating PAI and DAC

cd credentials/test/attestation

chip-cert gen-att-cert -t i -c "Matter Test PAI 0xFFF1 no PID Revoked" -V 0xFFF1 --lifetime 4294967295 \
	-C Chip-Test-PAA-FFF1-Cert.pem -K Chip-Test-PAA-FFF1-Key.pem \
	-o Chip-Test-PAI-FFF1-noPID-Revoked-Cert.pem -O Chip-Test-PAI-FFF1-noPID-Revoked-Key.pem

chip-cert gen-att-cert -t d -c "Matter Test DAC" -V 0xFFF1 -P 0x8001 --lifetime 4294967295 \
	-C Chip-Test-PAI-FFF1-noPID-Revoked-Cert.pem -K Chip-Test-PAI-FFF1-noPID-Revoked-Key.pem \
	-o Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Cert.pem -O Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Key.pem

Testing

This PR is the building block for automating the DA revocation implementation.
It adds the test data for generating the device attestation revocation set.

Newly added test data is manually tested by dumping the certs/kets/crl using openssl [x509 | ec | crl] command. Also verified if both .der and .pem pairs outputs the same data.

semanticdiff-com · 2024-12-13T07:43:44Z

Review changes with

Changed Files

File	Status
credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Cert.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Cert.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Key.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Signed-By-Revoked-PAI-Key.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Chip-Test-PAA-FFF1-CRL.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Chip-Test-PAA-FFF1-CRL.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Chip-Test-PAA-FFF1-Cert.der	0% smaller
credentials/test/revoked-attestation-certificates/Chip-Test-PAA-FFF1-Cert.pem	0% smaller
credentials/test/revoked-attestation-certificates/Chip-Test-PAA-FFF1-Key.der	0% smaller
credentials/test/revoked-attestation-certificates/Chip-Test-PAA-FFF1-Key.pem	0% smaller
credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-Cert.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-Cert.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-Key.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-Key.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-01-Key.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-01-Key.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-02-Cert.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-02-Cert.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-02-Key.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-02-Key.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-03-Cert.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-03-Cert.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-03-Key.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-DAC-FFF1-8001-Revoked-03-Key.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-PAI-FFF1-noPID-CRL.der	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-PAI-FFF1-noPID-CRL.pem	Unsupported file format
credentials/test/revoked-attestation-certificates/Matter-Development-PAI-FFF1-noPID-Cert.der	0% smaller
credentials/test/revoked-attestation-certificates/Matter-Development-PAI-FFF1-noPID-Cert.pem	0% smaller
credentials/test/revoked-attestation-certificates/Matter-Development-PAI-FFF1-noPID-Key.der	0% smaller
credentials/test/revoked-attestation-certificates/Matter-Development-PAI-FFF1-noPID-Key.pem	0% smaller

github-actions · 2024-12-13T07:58:29Z

PR #36838: Size comparison from 9e203e2 to c24a766

Full report (69 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)

platform	target	config	section	`9e203e2`	`c24a766`	change	% change
bl602	lighting-app	bl602+mfd+littlefs+rpc	FLASH	1353340	1353340	0	0.0
			RAM	104112	104112	0	0.0
bl702	lighting-app	bl702+eth	FLASH	651826	651826	0	0.0
			RAM	25353	25353	0	0.0
		bl702+wifi	FLASH	829154	829154	0	0.0
			RAM	14093	14093	0	0.0
		bl706+mfd+rpc+littlefs	FLASH	1057626	1057626	0	0.0
			RAM	23933	23933	0	0.0
bl702l	lighting-app	bl702l+mfd+littlefs	FLASH	979000	979000	0	0.0
			RAM	16596	16596	0	0.0
cc13x4_26x4	lighting-app	LP_EM_CC1354P10_6	FLASH	839760	839760	0	0.0
			RAM	123664	123664	0	0.0
	lock-ftd	LP_EM_CC1354P10_6	FLASH	825308	825308	0	0.0
			RAM	125552	125552	0	0.0
	pump-app	LP_EM_CC1354P10_6	FLASH	772096	772096	0	0.0
			RAM	114020	114020	0	0.0
	pump-controller-app	LP_EM_CC1354P10_6	FLASH	756284	756284	0	0.0
			RAM	114228	114228	0	0.0
cc32xx	air-purifier	CC3235SF_LAUNCHXL	FLASH	631050	631050	0	0.0
			RAM	205824	205824	0	0.0
	lock	CC3235SF_LAUNCHXL	FLASH	669646	669646	0	0.0
			RAM	205968	205968	0	0.0
cyw30739	light	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	681505	681505	0	0.0
			RAM	78724	78724	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	701349	701349	0	0.0
			RAM	81364	81364	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	701349	701349	0	0.0
			RAM	81364	81364	0	0.0
		CYW930739M2EVB-02	unknown	2040	2040	0	0.0
			FLASH	658293	658293	0	0.0
			RAM	73792	73792	0	0.0
	light-switch	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	618065	618065	0	0.0
			RAM	71708	71708	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	637693	637693	0	0.0
			RAM	74252	74252	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	637693	637693	0	0.0
			RAM	74252	74252	0	0.0
	lock	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	637465	637465	0	0.0
			RAM	74724	74724	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	657173	657173	0	0.0
			RAM	77268	77268	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	657173	657173	0	0.0
			RAM	77268	77268	0	0.0
	thermostat	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	613925	613925	0	0.0
			RAM	68812	68812	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	633777	633777	0	0.0
			RAM	71444	71444	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	633777	633777	0	0.0
			RAM	71444	71444	0	0.0
efr32	lock-app	BRD4187C	FLASH	932340	932340	0	0.0
			RAM	160192	160192	0	0.0
		BRD4338a	FLASH	746144	746136	-8	-0.0
			RAM	233320	233320	0	0.0
	window-app	BRD4187C	FLASH	`1024784`	`1024784`	0	0.0
			RAM	128296	128296	0	0.0
esp32	all-clusters-app	c3devkit	DRAM	95360	95360	0	0.0
			FLASH	1543082	1543082	0	0.0
			IRAM	82542	82542	0	0.0
		m5stack	DRAM	116312	116312	0	0.0
			FLASH	`1549682`	`1549682`	0	0.0
			IRAM	117039	117039	0	0.0
linux	air-purifier-app	debug	unknown	4720	4720	0	0.0
			FLASH	2715063	2715063	0	0.0
			RAM	129800	129800	0	0.0
	all-clusters-app	debug	unknown	5560	5560	0	0.0
			FLASH	6007064	6007064	0	0.0
			RAM	523544	523544	0	0.0
	all-clusters-minimal-app	debug	unknown	5456	5456	0	0.0
			FLASH	5344804	5344804	0	0.0
			RAM	242600	242600	0	0.0
	bridge-app	debug	unknown	5440	5440	0	0.0
			FLASH	4684372	4684372	0	0.0
			RAM	218416	218416	0	0.0
	chip-tool	debug	unknown	5992	5992	0	0.0
			FLASH	12848744	12848744	0	0.0
			RAM	582506	582506	0	0.0
	chip-tool-ipv6only	arm64	unknown	21352	21352	0	0.0
			FLASH	10983232	10983232	0	0.0
			RAM	633424	633424	0	0.0
	fabric-admin	debug	unknown	5816	5816	0	0.0
			FLASH	11255293	11255293	0	0.0
			RAM	582850	582850	0	0.0
	fabric-bridge-app	debug	unknown	4696	4696	0	0.0
			FLASH	4509948	4509948	0	0.0
			RAM	205600	205600	0	0.0
	fabric-sync	debug	unknown	4936	4936	0	0.0
			FLASH	5610053	5610053	0	0.0
			RAM	472584	472584	0	0.0
	lighting-app	debug+rpc+ui	unknown	6104	6104	0	0.0
			FLASH	5621073	5621073	0	0.0
			RAM	228792	228792	0	0.0
	lock-app	debug	unknown	5376	5376	0	0.0
			FLASH	4733612	4733612	0	0.0
			RAM	204776	204776	0	0.0
	ota-provider-app	debug	unknown	4752	4752	0	0.0
			FLASH	4359350	4359350	0	0.0
			RAM	198448	198448	0	0.0
	ota-requestor-app	debug	unknown	4688	4688	0	0.0
			FLASH	4498342	4498342	0	0.0
			RAM	203032	203032	0	0.0
	shell	debug	unknown	4248	4248	0	0.0
			FLASH	3030077	3030077	0	0.0
			RAM	160424	160424	0	0.0
	thermostat-no-ble	arm64	unknown	9536	9536	0	0.0
			FLASH	4103472	4103472	0	0.0
			RAM	243040	243040	0	0.0
	tv-app	debug	unknown	5704	5704	0	0.0
			FLASH	5958901	5958901	0	0.0
			RAM	596016	596016	0	0.0
	tv-casting-app	debug	unknown	5288	5288	0	0.0
			FLASH	11054589	11054589	0	0.0
			RAM	692184	692184	0	0.0
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	FLASH	917616	917616	0	0.0
			RAM	143292	143292	0	0.0
		nrf7002dk_nrf5340_cpuapp	FLASH	890104	890104	0	0.0
			RAM	141487	141487	0	0.0
	all-clusters-minimal-app	nrf52840dk_nrf52840	FLASH	851760	851760	0	0.0
			RAM	142200	142200	0	0.0
nxp	contact	k32w0+release	FLASH	585440	585440	0	0.0
			RAM	71080	71080	0	0.0
		mcxw71+release	FLASH	600048	600048	0	0.0
			RAM	63176	63176	0	0.0
	light	k32w0+release	FLASH	612396	612396	0	0.0
			RAM	70472	70472	0	0.0
		k32w1+release	FLASH	686576	686576	0	0.0
			RAM	48808	48808	0	0.0
	lock	mcxw71+release	FLASH	762928	762928	0	0.0
			RAM	70844	70844	0	0.0
psoc6	all-clusters	cy8ckit_062s2_43012	FLASH	1646364	1646364	0	0.0
			RAM	212104	212104	0	0.0
	all-clusters-minimal	cy8ckit_062s2_43012	FLASH	`1554108`	`1554108`	0	0.0
			RAM	208904	208904	0	0.0
	light	cy8ckit_062s2_43012	FLASH	1469436	1469436	0	0.0
			RAM	200880	200880	0	0.0
	lock	cy8ckit_062s2_43012	FLASH	1467164	1467164	0	0.0
			RAM	225240	225240	0	0.0
qpg	lighting-app	qpg6105+debug	FLASH	664008	664008	0	0.0
			RAM	105424	105424	0	0.0
	lock-app	qpg6105+debug	FLASH	621796	621796	0	0.0
			RAM	99868	99868	0	0.0
stm32	light	STM32WB5MM-DK	FLASH	484720	484720	0	0.0
			RAM	144880	144880	0	0.0
telink	bridge-app	tlsr9258a	FLASH	682920	682920	0	0.0
			RAM	91208	91208	0	0.0
	contact-sensor-app	tlsr9528a_retention	FLASH	623350	623350	0	0.0
			RAM	31440	31440	0	0.0
	light-app-ota-compress-lzma-shell-factory-data	tl3218x	FLASH	772180	772180	0	0.0
			RAM	49300	49300	0	0.0
	light-switch-app-ota-compress-lzma-shell-factory-data	tlsr9528a	FLASH	710774	710774	0	0.0
			RAM	73504	73504	0	0.0
	lighting-app-ota-factory-data	tlsr9118bdk40d	FLASH	627794	627794	0	0.0
			RAM	142140	142140	0	0.0
	lighting-app-ota-rpc-factory-data-4mb	tlsr9518adk80d	FLASH	813808	813808	0	0.0
			RAM	99684	99684	0	0.0
tizen	all-clusters-app	arm	unknown	4988	4988	0	0.0
			FLASH	1732528	1732528	0	0.0
			RAM	90744	90744	0	0.0
	chip-tool-ubsan	arm	unknown	10804	10804	0	0.0
			FLASH	17972150	17972150	0	0.0
			RAM	7841864	7841864	0	0.0

credentials/test/attestation/Chip-Test-DAC-FFF1-8001-Singed-By-Revoked-PAI-Cert.pem

credentials/development/attestation/Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.pem

bh3000

Could you add a set of CRLs and certs for the indirect CRL signing use case as well?

For complete test/example coverage there needs to be versions that includes the CRL entry extension Certificate Issuer as well. Note that there are two approaches here that should be included, the case where each entry has the Certificate Issuer, and the case where the entry's are grouped by Certificate Issuer (multiple entries with the same Certificate Issuer where only the first in the group contain the extension). See section 6.2.4.1. Step 10.a. and RFC 5280 section 5.3.3 for detail.

Can you add those?

credentials/development/attestation/Matter-Development-PAI-FFF1-noPID-CRL.pem

bh3000 · 2024-12-13T18:05:26Z

Could you add a set of CRLs and certs for the indirect CRL signing use case as well?

For complete test/example coverage there needs to be versions that includes the CRL entry extension Certificate Issuer as well. Note that there are two approaches here that should be included, the case where each entry has the Certificate Issuer, and the case where the entry's are grouped by Certificate Issuer (multiple entries with the same Certificate Issuer where only the first in the group contain the extension). See section 6.2.4.1. Step 10.a. and RFC 5280 section 5.3.3 for detail.

Can you add those?

This can be done in a separate PR. No need to do here.

andy31415

@shubhamdp please add a Testing entry in the summary of this PR and explain how this change was tested.

Since I see no unit test changes, I assume this will be "manually tested via..." and in that case we would like to intentionally set the bar higher on manual tests (to avoid all PRs setting manual because it is easier) so please spend time to add details on how this was tested as well as a justification why it is impossible for this PR to be tested in an automated fashion.

shubhamdp · 2024-12-16T11:24:49Z

This can be done in a separate PR. No need to do here.

Added a comment on the original issue to keep track of it #26582 (comment)

github-actions · 2024-12-16T11:38:39Z

PR #36838: Size comparison from 9e203e2 to 9d32b2d

Full report (69 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)

platform	target	config	section	`9e203e2`	`9d32b2d`	change	% change
bl602	lighting-app	bl602+mfd+littlefs+rpc	FLASH	1353340	1353340	0	0.0
			RAM	104112	104112	0	0.0
bl702	lighting-app	bl702+eth	FLASH	651826	651826	0	0.0
			RAM	25353	25353	0	0.0
		bl702+wifi	FLASH	829154	829154	0	0.0
			RAM	14093	14093	0	0.0
		bl706+mfd+rpc+littlefs	FLASH	1057626	1057626	0	0.0
			RAM	23933	23933	0	0.0
bl702l	lighting-app	bl702l+mfd+littlefs	FLASH	979000	979000	0	0.0
			RAM	16596	16596	0	0.0
cc13x4_26x4	lighting-app	LP_EM_CC1354P10_6	FLASH	839760	839760	0	0.0
			RAM	123664	123664	0	0.0
	lock-ftd	LP_EM_CC1354P10_6	FLASH	825308	825308	0	0.0
			RAM	125552	125552	0	0.0
	pump-app	LP_EM_CC1354P10_6	FLASH	772096	772096	0	0.0
			RAM	114020	114020	0	0.0
	pump-controller-app	LP_EM_CC1354P10_6	FLASH	756284	756300	16	0.0
			RAM	114228	114228	0	0.0
cc32xx	air-purifier	CC3235SF_LAUNCHXL	FLASH	631050	539605	-91445	-14.5
			RAM	205824	205760	-64	-0.0
	lock	CC3235SF_LAUNCHXL	FLASH	669646	573885	-95761	-14.3
			RAM	205968	205904	-64	-0.0
cyw30739	light	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	681505	681513	8	0.0
			RAM	78724	78724	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	701349	701357	8	0.0
			RAM	81364	81364	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	701349	701357	8	0.0
			RAM	81364	81364	0	0.0
		CYW930739M2EVB-02	unknown	2040	2040	0	0.0
			FLASH	658293	658301	8	0.0
			RAM	73792	73792	0	0.0
	light-switch	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	618065	618073	8	0.0
			RAM	71708	71708	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	637693	637701	8	0.0
			RAM	74252	74252	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	637693	637701	8	0.0
			RAM	74252	74252	0	0.0
	lock	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	637465	637473	8	0.0
			RAM	74724	74724	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	657173	657181	8	0.0
			RAM	77268	77268	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	657173	657181	8	0.0
			RAM	77268	77268	0	0.0
	thermostat	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	613925	613933	8	0.0
			RAM	68812	68812	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	633777	633785	8	0.0
			RAM	71444	71444	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	633777	633785	8	0.0
			RAM	71444	71444	0	0.0
efr32	lock-app	BRD4187C	FLASH	932340	932340	0	0.0
			RAM	160192	160192	0	0.0
		BRD4338a	FLASH	746144	746248	104	0.0
			RAM	233320	233320	0	0.0
	window-app	BRD4187C	FLASH	`1024784`	1024912	128	0.0
			RAM	128296	128296	0	0.0
esp32	all-clusters-app	c3devkit	DRAM	95360	95360	0	0.0
			FLASH	1543082	`1543380`	298	0.0
			IRAM	82542	82542	0	0.0
		m5stack	DRAM	116312	116312	0	0.0
			FLASH	`1549682`	1549950	268	0.0
			IRAM	117039	117039	0	0.0
linux	air-purifier-app	debug	unknown	4720	4720	0	0.0
			FLASH	2715063	2715629	566	0.0
			RAM	129800	129800	0	0.0
	all-clusters-app	debug	unknown	5560	5560	0	0.0
			FLASH	6007064	6009314	2250	0.0
			RAM	523544	523544	0	0.0
	all-clusters-minimal-app	debug	unknown	5456	5456	0	0.0
			FLASH	5344804	5345370	566	0.0
			RAM	242600	242600	0	0.0
	bridge-app	debug	unknown	5440	5440	0	0.0
			FLASH	4684372	4684938	566	0.0
			RAM	218416	218416	0	0.0
	chip-tool	debug	unknown	5992	5992	0	0.0
			FLASH	12848744	12849310	566	0.0
			RAM	582506	582506	0	0.0
	chip-tool-ipv6only	arm64	unknown	21352	21352	0	0.0
			FLASH	10983232	10983936	704	0.0
			RAM	633424	633424	0	0.0
	fabric-admin	debug	unknown	5816	5816	0	0.0
			FLASH	11255293	11255859	566	0.0
			RAM	582850	582850	0	0.0
	fabric-bridge-app	debug	unknown	4696	4696	0	0.0
			FLASH	4509948	`4510514`	566	0.0
			RAM	205600	205600	0	0.0
	fabric-sync	debug	unknown	4936	4936	0	0.0
			FLASH	5610053	5610549	496	0.0
			RAM	472584	472584	0	0.0
	lighting-app	debug+rpc+ui	unknown	6104	6104	0	0.0
			FLASH	5621073	`5621633`	560	0.0
			RAM	228792	228792	0	0.0
	lock-app	debug	unknown	5376	5376	0	0.0
			FLASH	4733612	`4734178`	566	0.0
			RAM	204776	204776	0	0.0
	ota-provider-app	debug	unknown	4752	4752	0	0.0
			FLASH	4359350	4359916	566	0.0
			RAM	198448	198448	0	0.0
	ota-requestor-app	debug	unknown	4688	4688	0	0.0
			FLASH	4498342	4498908	566	0.0
			RAM	203032	203032	0	0.0
	shell	debug	unknown	4248	4248	0	0.0
			FLASH	3030077	3032765	2688	0.1
			RAM	160424	160424	0	0.0
	thermostat-no-ble	arm64	unknown	9536	9536	0	0.0
			FLASH	4103472	4104176	704	0.0
			RAM	243040	243040	0	0.0
	tv-app	debug	unknown	5704	5704	0	0.0
			FLASH	5958901	5959461	560	0.0
			RAM	596016	596016	0	0.0
	tv-casting-app	debug	unknown	5288	5288	0	0.0
			FLASH	11054589	11055165	576	0.0
			RAM	692184	692184	0	0.0
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	FLASH	917616	917880	264	0.0
			RAM	143292	143292	0	0.0
		nrf7002dk_nrf5340_cpuapp	FLASH	890104	890360	256	0.0
			RAM	141487	141487	0	0.0
	all-clusters-minimal-app	nrf52840dk_nrf52840	FLASH	851760	851772	12	0.0
			RAM	142200	142200	0	0.0
nxp	contact	k32w0+release	FLASH	585440	585440	0	0.0
			RAM	71080	71080	0	0.0
		mcxw71+release	FLASH	600048	600048	0	0.0
			RAM	63176	63176	0	0.0
	light	k32w0+release	FLASH	612396	612412	16	0.0
			RAM	70472	70472	0	0.0
		k32w1+release	FLASH	686576	686592	16	0.0
			RAM	48808	48808	0	0.0
	lock	mcxw71+release	FLASH	762928	762928	0	0.0
			RAM	70844	70844	0	0.0
psoc6	all-clusters	cy8ckit_062s2_43012	FLASH	1646364	`1646812`	448	0.0
			RAM	212104	212104	0	0.0
	all-clusters-minimal	cy8ckit_062s2_43012	FLASH	`1554108`	1554236	128	0.0
			RAM	208904	208904	0	0.0
	light	cy8ckit_062s2_43012	FLASH	1469436	1469564	128	0.0
			RAM	200880	200880	0	0.0
	lock	cy8ckit_062s2_43012	FLASH	1467164	1467292	128	0.0
			RAM	225240	225240	0	0.0
qpg	lighting-app	qpg6105+debug	FLASH	664008	664024	16	0.0
			RAM	105424	105424	0	0.0
	lock-app	qpg6105+debug	FLASH	621796	621812	16	0.0
			RAM	99868	99868	0	0.0
stm32	light	STM32WB5MM-DK	FLASH	484720	484728	8	0.0
			RAM	144880	144880	0	0.0
telink	bridge-app	tlsr9258a	FLASH	682920	682916	-4	-0.0
			RAM	91208	91208	0	0.0
	contact-sensor-app	tlsr9528a_retention	FLASH	623350	623346	-4	-0.0
			RAM	31440	31440	0	0.0
	light-app-ota-compress-lzma-shell-factory-data	tl3218x	FLASH	772180	772176	-4	-0.0
			RAM	49300	49300	0	0.0
	light-switch-app-ota-compress-lzma-shell-factory-data	tlsr9528a	FLASH	710774	710770	-4	-0.0
			RAM	73504	73504	0	0.0
	lighting-app-ota-factory-data	tlsr9118bdk40d	FLASH	627794	627790	-4	-0.0
			RAM	142140	142140	0	0.0
	lighting-app-ota-rpc-factory-data-4mb	tlsr9518adk80d	FLASH	813808	813804	-4	-0.0
			RAM	99684	99684	0	0.0
tizen	all-clusters-app	arm	unknown	4988	4988	0	0.0
			FLASH	1732528	1734440	1912	0.1
			RAM	90744	90744	0	0.0
	chip-tool-ubsan	arm	unknown	10804	10804	0	0.0
			FLASH	17972150	17973406	1256	0.0
			RAM	7841864	7842608	744	0.0

shubhamdp · 2024-12-16T11:44:03Z

@shubhamdp please add a Testing entry in the summary of this PR and explain how this change was tested.

Since I see no unit test changes, I assume this will be "manually tested via..." and in that case we would like to intentionally set the bar higher on manual tests (to avoid all PRs setting manual because it is easier) so please spend time to add details on how this was tested as well as a justification why it is impossible for this PR to be tested in an automated fashion.

@andy31415 Sorry, I wasn't aware about the decision in the TT call. I have updated the Testing section in the PR description.

credentials/development/attestation/Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.der

created the PAI using chip-cert by using credentials/test/attestation/Chip-Test-PAA-FFF1-{Cert,Key}.pem as the signing CA. created the DAC (vid: 0xFFF1, pid: 0x8001) using the generated PAI Revoked the PAI and created the CRL for the same.

0xFFF1 and PID 0x8001 created the DAC using chip-cert by using credentials/development/attestation/Matter-Development-PAI-FFF1-noPID-Cert.pem as the signing CA. Revoked the DAC and created CRL for the same.

…n-certificates Also, add the symbolic links to the respective PAA, and PAIs for easier aceess to them

github-actions · 2024-12-20T08:31:48Z

PR #36838: Size comparison from c1afc02 to 02aaf68

Full report (69 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)

platform	target	config	section	`c1afc02`	`02aaf68`	change	% change
bl602	lighting-app	bl602+mfd+littlefs+rpc	FLASH	1354136	1354136	0	0.0
			RAM	104160	104160	0	0.0
bl702	lighting-app	bl702+eth	FLASH	651682	651682	0	0.0
			RAM	25353	25353	0	0.0
		bl702+wifi	FLASH	829286	829286	0	0.0
			RAM	14093	14093	0	0.0
		bl706+mfd+rpc+littlefs	FLASH	1057758	1057758	0	0.0
			RAM	23933	23933	0	0.0
bl702l	lighting-app	bl702l+mfd+littlefs	FLASH	978876	978876	0	0.0
			RAM	16596	16596	0	0.0
cc13x4_26x4	lighting-app	LP_EM_CC1354P10_6	FLASH	839840	839840	0	0.0
			RAM	123696	123696	0	0.0
	lock-ftd	LP_EM_CC1354P10_6	FLASH	825380	825380	0	0.0
			RAM	125584	125584	0	0.0
	pump-app	LP_EM_CC1354P10_6	FLASH	772208	772208	0	0.0
			RAM	114060	114060	0	0.0
	pump-controller-app	LP_EM_CC1354P10_6	FLASH	756388	756388	0	0.0
			RAM	114260	114260	0	0.0
cc32xx	air-purifier	CC3235SF_LAUNCHXL	FLASH	539705	539705	0	0.0
			RAM	205800	205800	0	0.0
	lock	CC3235SF_LAUNCHXL	FLASH	573873	573873	0	0.0
			RAM	205944	205944	0	0.0
cyw30739	light	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	681401	681401	0	0.0
			RAM	78756	78756	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	701253	701253	0	0.0
			RAM	81396	81396	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	701253	701253	0	0.0
			RAM	81396	81396	0	0.0
		CYW930739M2EVB-02	unknown	2040	2040	0	0.0
			FLASH	658181	658181	0	0.0
			RAM	73824	73824	0	0.0
	light-switch	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	618025	618025	0	0.0
			RAM	71748	71748	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	637653	637653	0	0.0
			RAM	74292	74292	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	637653	637653	0	0.0
			RAM	74292	74292	0	0.0
	lock	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	637425	637425	0	0.0
			RAM	74756	74756	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	657133	657133	0	0.0
			RAM	77300	77300	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	657133	657133	0	0.0
			RAM	77300	77300	0	0.0
	thermostat	CYW30739B2-P5-EVK-01	unknown	2040	2040	0	0.0
			FLASH	614045	614045	0	0.0
			RAM	68844	68844	0	0.0
		CYW30739B2-P5-EVK-02	unknown	2040	2040	0	0.0
			FLASH	633897	633897	0	0.0
			RAM	71476	71476	0	0.0
		CYW30739B2-P5-EVK-03	unknown	2040	2040	0	0.0
			FLASH	633897	633897	0	0.0
			RAM	71476	71476	0	0.0
efr32	lock-app	BRD4187C	FLASH	932324	932324	0	0.0
			RAM	160228	160228	0	0.0
		BRD4338a	FLASH	746744	746736	-8	-0.0
			RAM	233356	233356	0	0.0
	window-app	BRD4187C	FLASH	1025176	1025176	0	0.0
			RAM	128332	128332	0	0.0
esp32	all-clusters-app	c3devkit	DRAM	95352	95352	0	0.0
			FLASH	1541440	1541440	0	0.0
			IRAM	82552	82552	0	0.0
		m5stack	DRAM	116332	116332	0	0.0
			FLASH	1547898	1547898	0	0.0
			IRAM	117039	117039	0	0.0
linux	air-purifier-app	debug	unknown	4720	4720	0	0.0
			FLASH	2716981	2716981	0	0.0
			RAM	130120	130120	0	0.0
	all-clusters-app	debug	unknown	5560	5560	0	0.0
			FLASH	6009782	6009782	0	0.0
			RAM	523816	523816	0	0.0
	all-clusters-minimal-app	debug	unknown	5456	5456	0	0.0
			FLASH	5347104	5347104	0	0.0
			RAM	242904	242904	0	0.0
	bridge-app	debug	unknown	5440	5440	0	0.0
			FLASH	4686672	4686672	0	0.0
			RAM	218752	218752	0	0.0
	chip-tool	debug	unknown	5992	5992	0	0.0
			FLASH	12846546	12846546	0	0.0
			RAM	582594	582594	0	0.0
	chip-tool-ipv6only	arm64	unknown	21360	21360	0	0.0
			FLASH	10980944	10980944	0	0.0
			RAM	633536	633536	0	0.0
	fabric-admin	debug	unknown	5816	5816	0	0.0
			FLASH	11253095	11253095	0	0.0
			RAM	582946	582946	0	0.0
	fabric-bridge-app	debug	unknown	4696	4696	0	0.0
			FLASH	4511908	4511908	0	0.0
			RAM	205920	205920	0	0.0
	fabric-sync	debug	unknown	4936	4936	0	0.0
			FLASH	`5608613`	`5608613`	0	0.0
			RAM	472888	472888	0	0.0
	lighting-app	debug+rpc+ui	unknown	6104	6104	0	0.0
			FLASH	5622513	5622513	0	0.0
			RAM	229080	229080	0	0.0
	lock-app	debug	unknown	5376	5376	0	0.0
			FLASH	4735064	4735064	0	0.0
			RAM	205064	205064	0	0.0
	ota-provider-app	debug	unknown	4752	4752	0	0.0
			FLASH	4361618	4361618	0	0.0
			RAM	198752	198752	0	0.0
	ota-requestor-app	debug	unknown	4688	4688	0	0.0
			FLASH	4500644	4500644	0	0.0
			RAM	203336	203336	0	0.0
	shell	debug	unknown	4248	4248	0	0.0
			FLASH	`3033645`	`3033645`	0	0.0
			RAM	160736	160736	0	0.0
	thermostat-no-ble	arm64	unknown	9560	9560	0	0.0
			FLASH	4105728	4105728	0	0.0
			RAM	243344	243344	0	0.0
	tv-app	debug	unknown	5704	5704	0	0.0
			FLASH	5957893	5957893	0	0.0
			RAM	596304	596304	0	0.0
	tv-casting-app	debug	unknown	5288	5288	0	0.0
			FLASH	11056637	11056637	0	0.0
			RAM	692600	692600	0	0.0
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	FLASH	917744	917744	0	0.0
			RAM	143332	143332	0	0.0
		nrf7002dk_nrf5340_cpuapp	FLASH	890452	890452	0	0.0
			RAM	141519	141519	0	0.0
	all-clusters-minimal-app	nrf52840dk_nrf52840	FLASH	851808	851808	0	0.0
			RAM	142244	142244	0	0.0
nxp	contact	k32w0+release	FLASH	585600	585600	0	0.0
			RAM	71112	71112	0	0.0
		mcxw71+release	FLASH	600136	600136	0	0.0
			RAM	63208	63208	0	0.0
	light	k32w0+release	FLASH	612348	612348	0	0.0
			RAM	70504	70504	0	0.0
		k32w1+release	FLASH	686560	686560	0	0.0
			RAM	48840	48840	0	0.0
	lock	mcxw71+release	FLASH	762880	762880	0	0.0
			RAM	70876	70876	0	0.0
psoc6	all-clusters	cy8ckit_062s2_43012	FLASH	1647068	1647068	0	0.0
			RAM	212128	212128	0	0.0
	all-clusters-minimal	cy8ckit_062s2_43012	FLASH	`1554716`	`1554716`	0	0.0
			RAM	208944	208944	0	0.0
	light	cy8ckit_062s2_43012	FLASH	1469820	1469820	0	0.0
			RAM	200912	200912	0	0.0
	lock	cy8ckit_062s2_43012	FLASH	1467540	1467540	0	0.0
			RAM	225272	225272	0	0.0
qpg	lighting-app	qpg6105+debug	FLASH	663968	663968	0	0.0
			RAM	105456	105456	0	0.0
	lock-app	qpg6105+debug	FLASH	621796	621796	0	0.0
			RAM	99908	99908	0	0.0
stm32	light	STM32WB5MM-DK	FLASH	484712	484712	0	0.0
			RAM	144912	144912	0	0.0
telink	bridge-app	tlsr9258a	FLASH	683176	683176	0	0.0
			RAM	91248	91248	0	0.0
	contact-sensor-app	tlsr9528a_retention	FLASH	623416	623416	0	0.0
			RAM	31488	31488	0	0.0
	light-app-ota-compress-lzma-shell-factory-data	tl3218x	FLASH	772328	772328	0	0.0
			RAM	49348	49348	0	0.0
	light-switch-app-ota-compress-lzma-shell-factory-data	tlsr9528a	FLASH	710858	710858	0	0.0
			RAM	73544	73544	0	0.0
	lighting-app-ota-factory-data	tlsr9118bdk40d	FLASH	627862	627862	0	0.0
			RAM	142180	142180	0	0.0
	lighting-app-ota-rpc-factory-data-4mb	tlsr9518adk80d	FLASH	813880	813880	0	0.0
			RAM	99724	99724	0	0.0
tizen	all-clusters-app	arm	unknown	5000	5000	0	0.0
			FLASH	1735204	1735204	0	0.0
			RAM	90888	90888	0	0.0
	chip-tool-ubsan	arm	unknown	10808	10808	0	0.0
			FLASH	17969006	17969006	0	0.0
			RAM	7841376	7841376	0	0.0

pullapprove bot added the review - pending label Dec 13, 2024

tcarmelveilleux reviewed Dec 13, 2024

View reviewed changes

credentials/test/attestation/Chip-Test-DAC-FFF1-8001-Singed-By-Revoked-PAI-Cert.pem Outdated Show resolved Hide resolved

tcarmelveilleux approved these changes Dec 13, 2024

View reviewed changes

tcarmelveilleux reviewed Dec 13, 2024

View reviewed changes

credentials/development/attestation/Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.pem Outdated Show resolved Hide resolved

bh3000 reviewed Dec 13, 2024

View reviewed changes

credentials/development/attestation/Matter-Development-PAI-FFF1-noPID-CRL.pem Outdated Show resolved Hide resolved

tcarmelveilleux reviewed Dec 13, 2024

View reviewed changes

credentials/development/attestation/Matter-Development-PAI-FFF1-noPID-CRL.pem Outdated Show resolved Hide resolved

andy31415 reviewed Dec 13, 2024

View reviewed changes

shubhamdp mentioned this pull request Dec 16, 2024

Generate sample revoked DACs and PAI certs for 0xFFF1 vendor ID #26582

Open

bzbarsky-apple reviewed Dec 16, 2024

View reviewed changes

credentials/development/attestation/Matter-Development-DAC-FFF1-8001-Revoked-01-Cert.der Outdated Show resolved Hide resolved

shubhamdp added 5 commits December 20, 2024 13:30

credentials: sample revoked DAC certificates, keys, and CRL for VID

6e25c22

0xFFF1 and PID 0x8001 created the DAC using chip-cert by using credentials/development/attestation/Matter-Development-PAI-FFF1-noPID-Cert.pem as the signing CA. Revoked the DAC and created CRL for the same.

fix typo Singed to Signed

16214f3

add the akid extension to the CRLs

04c625f

move the revoked DACs and PAIs to credentials/test/revoked-attestatio…

02aaf68

…n-certificates Also, add the symbolic links to the respective PAA, and PAIs for easier aceess to them

shubhamdp force-pushed the sample_revoked_certs branch from 9d32b2d to 02aaf68 Compare December 20, 2024 08:17

shubhamdp requested a review from bzbarsky-apple December 20, 2024 08:18

bzbarsky-apple approved these changes Dec 20, 2024

View reviewed changes

pullapprove bot added review - approved and removed review - pending labels Dec 20, 2024

mergify bot merged commit 4c725be into project-chip:master Dec 20, 2024
68 checks passed

shubhamdp deleted the sample_revoked_certs branch December 20, 2024 19:14

shubhamdp mentioned this pull request Dec 23, 2024

credentials: sample delegated crl signer certs and CRLs #36929

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

da_revocation: sample revoked DACs and PAI certs for VID:0xFFF1 PID:0x8001 #36838

da_revocation: sample revoked DACs and PAI certs for VID:0xFFF1 PID:0x8001 #36838

shubhamdp commented Dec 13, 2024 •

edited

Loading

semanticdiff-com bot commented Dec 13, 2024 •

edited

Loading

github-actions bot commented Dec 13, 2024 •

edited

Loading

bh3000 left a comment

bh3000 commented Dec 13, 2024

andy31415 left a comment

shubhamdp commented Dec 16, 2024

github-actions bot commented Dec 16, 2024 •

edited

Loading

shubhamdp commented Dec 16, 2024

github-actions bot commented Dec 20, 2024 •

edited

Loading

da_revocation: sample revoked DACs and PAI certs for VID:0xFFF1 PID:0x8001 #36838

da_revocation: sample revoked DACs and PAI certs for VID:0xFFF1 PID:0x8001 #36838

Conversation

shubhamdp commented Dec 13, 2024 • edited Loading

Testing

semanticdiff-com bot commented Dec 13, 2024 • edited Loading

github-actions bot commented Dec 13, 2024 • edited Loading

bh3000 left a comment

Choose a reason for hiding this comment

bh3000 commented Dec 13, 2024

andy31415 left a comment

Choose a reason for hiding this comment

shubhamdp commented Dec 16, 2024

github-actions bot commented Dec 16, 2024 • edited Loading

shubhamdp commented Dec 16, 2024

github-actions bot commented Dec 20, 2024 • edited Loading

shubhamdp commented Dec 13, 2024 •

edited

Loading

semanticdiff-com bot commented Dec 13, 2024 •

edited

Loading

github-actions bot commented Dec 13, 2024 •

edited

Loading

github-actions bot commented Dec 16, 2024 •

edited

Loading

github-actions bot commented Dec 20, 2024 •

edited

Loading