Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SVE2] Cherry Pick Matter Official CDs and CD Trusted Storage Implementation #23239

Merged
merged 7 commits into from
Oct 20, 2022
Merged

[SVE2] Cherry Pick Matter Official CDs and CD Trusted Storage Implementation #23239

merged 7 commits into from
Oct 20, 2022

Conversation

emargolis
Copy link
Contributor

Fixes #23218

Cherry-Pick the following:
#23027
#22685
#22338
#22461
#22833

gharveymn and others added 5 commits October 17, 2022 12:22
@gharveymn @emargolis
Add missing pthread header (project-chip#22833)
b8743d1
@turon @emargolis
[build] Fix project-chip#21255 - allow circular initialization of Sim…
f71193d 
…pleStateMachine test. (project-chip#22461)

* [build] Fix project-chip#21255 - allow circular initialization of SimpleStateMachine test.

* [build] Add comment per review feedback.
@vivien-apple @tcarmelveilleux @emargolis
[Darwin][AttestationVerifier] Expose a mechanism to customise cd sign…
1c6afb0 
…ing keys and use it in darwin (project-chip#22338)

* Add AttestationTrustStore::GetCertificationDeclarationCert virtual method to allow controllers passing in some CD certs

* Add cdCerts member to MTRControllerFactoryparams and override AttestationTrustStore::GetCertificationDeclarationCert

* Implement ArrayTrustStore::GetCertificationDeclarationSigningKey and initialize the test ArrayTrustStore store with the test CD cert

* Update the FileAttestationTrustStore to read a directory with der certs for certification declaration verification

* Add credentials/development/cd-certs/ and update chip-tool to use it if desired

* Update API to match conversation
- Remove CD stuff from FileAttestationTrustStore
- Refactor FileAttestationTrustStore to allow loading
  of any X.509 cert directory
- Add a command line to chip-tool to disallow test keys
  (`only-allow-trusted-cd-keys`)
- Add plumbing to enable CD keys lookup properly without mixing-up
  with PAA semantics
- Add official CD verifying key and official SDK CD test key
  in the default CD trust store as-is

* Update src/darwin to take into account the proposed changes

* Add unit test for `CsaCdKeysTrustStore`

Co-authored-by: Tennessee Carmel-Veilleux <tennessee.carmelveilleux@gmail.com>
@emargolis
[Attestation] Updated to Use CD Signed by a Valid CSA Cert (project-c…
35d6d72 
…hip#22685)
@emargolis
Updated CSA Official CD Signing Certificates (project-chip#23027)
dbb0e60
@emargolis emargolis force-pushed the emargolis/sve-2/cherry-pick-use-official-cds branch from 2fd76f0 to 0e015bc Compare October 19, 2022 18:08
@andy31415 andy31415 merged commit 96c9357 into project-chip:sve-2 Oct 20, 2022
@emargolis emargolis mentioned this pull request Oct 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tcarmelveilleux tcarmelveilleux tcarmelveilleux approved these changes

@yufengwangca yufengwangca yufengwangca approved these changes

@andy31415 andy31415 Awaiting requested review from andy31415

@woody-apple woody-apple Awaiting requested review from woody-apple

Assignees
No one assigned
Labels
app core darwin examples integrations lib platform support tests tools
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@emargolis @tcarmelveilleux @yufengwangca @andy31415 @gharveymn @turon @vivien-apple