Skip to content

Commit

Permalink
Further changes
Browse files Browse the repository at this point in the history
  • Loading branch information
shripad621git committed Apr 16, 2024
1 parent 47197c0 commit b934082
Show file tree
Hide file tree
Showing 2 changed files with 98 additions and 69 deletions.
52 changes: 50 additions & 2 deletions config/esp32/components/chip/factory.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,13 @@
#

function(set_default_value VAR DEFAULT_VALUE)
if (NOT DEFINED ${VAR})
get_property(VAR_CACHE_TYPE CACHE ${VAR} PROPERTY TYPE)
message(status "var cache type : ${VAR} ${VAR_CACHE_TYPE}")
if (VAR_CACHE_TYPE STREQUAL "UNINITIALIZED")
set(${VAR}_EXPLICITLY_SET TRUE CACHE BOOL "${VAR} is not explicitly set")
set(${VAR} ${DEFAULT_VALUE} CACHE STRING ${VAR})
else()
set(${VAR}_EXPLICITLY_SET FALSE CACHE BOOL "${VAR} is explicitly set.")
set(${VAR} ${DEFAULT_VALUE} CACHE STRING ${VAR})
endif()
endfunction()
Expand All @@ -29,6 +35,7 @@ function(set_values)
set_default_value(VENDOR_ID 0xFFF2)
set_default_value(PRODUCT_ID 0x8001)
set_default_value(HARDWARE_VERSION 1)
set_default_value(DISCOVERY_MODE 2)
set_default_value(HARDWARE_VERSION_STR "Devkit")
set_default_value(DAC_CERT "${CHIP_ROOT}/credentials/test/attestation/Chip-Test-DAC-FFF2-8001-0008-Cert.der")
set_default_value(DAC_KEY "${CHIP_ROOT}/credentials/test/attestation/Chip-Test-DAC-FFF2-8001-0008-Key.der")
Expand All @@ -43,6 +50,7 @@ function(generate_build_time_partition fctry_partition esp_secure_cert_partition
get_filename_component(chip_root_abs_path ${chip_root} ABSOLUTE)

set(generate_esp32_chip_factory_bin.py ${PYTHON} ${chip_root}/scripts/tools/generate_esp32_chip_factory_bin.py)
set(gen_att_certs.py ${PYTHON} ${chip_root}/scripts/tools/gen_att_certs.py)

partition_table_get_partition_info(fctry_partition_size "--partition-name ${fctry_partition}" "size")
partition_table_get_partition_info(fctry_partition_offset "--partition-name ${fctry_partition}" "offset")
Expand All @@ -56,8 +64,44 @@ function(generate_build_time_partition fctry_partition esp_secure_cert_partition
message(STATUS "secure_cert_partition_offset : ${secure_cert_partition_offset}")

if("${fctry_partition_size}" AND "${fctry_partition_offset}")

set_values()
message(STATUS "Vendor id set: ${VENDOR_ID_EXPLICITLY_SET}")
message(STATUS "Product id set: ${PRODUCT_ID_EXPLICITLY_SET}")

if ("${VENDOR_ID_EXPLICITLY_SET}" AND "${PRODUCT_ID_EXPLICITLY_SET}")
string(RANDOM LENGTH 8 ALPHABET 0123456789 OUTPUT_VARIABLE RANDOM_PASSCODE)
set(PASSCODE ${RANDOM_PASSCODE})
message(STATUS "random passcode : ${RANDOM_PASSCODE}")

math(EXPR PASSCODE_MOD "${RANDOM_PASSCODE} % 999999998")
message(STATUS "Random passcode Mod: ${PASSCODE_MOD}")
set(PASSCODE ${PASSCODE_MOD})

string(RANDOM LENGTH 4 ALPHABET 0123456789 OUTPUT_VARIABLE RANDOM_DISCRIMINATOR)
set(DISCRIMINATOR ${RANDOM_DISCRIMINATOR})
message(STATUS "random discriminator : ${RANDOM_DISCRIMINATOR}")

math(EXPR DISCRIMINATOR_MOD "${RANDOM_DISCRIMINATOR} % 4096")
message(STATUS "Random discriminator Mod: ${DISCRIMINATOR_MOD}")
set(DISCRIMINATOR ${DISCRIMINATOR_MOD})

math(EXPR VENDOR_DEC ${VENDOR_ID} OUTPUT_FORMAT DECIMAL)
math(EXPR PRODUCT_DEC ${PRODUCT_ID} OUTPUT_FORMAT DECIMAL)

message(STATUS "Vendor Decimal: ${VENDOR_DEC}")
message(STATUS "Product Decimal: ${PRODUCT_DEC}")

set(OUTDIR attestation_${VENDOR_DEC}_${PRODUCT_DEC})
message(STATUS "Outdir: ${OUTDIR}")

execute_process(COMMAND ${gen_att_certs.py} --vendor-id ${VENDOR_ID} --product-id ${PRODUCT_ID}
WORKING_DIRECTORY ${CMAKE_BINARY_DIR})

set(DAC_CERT ${CMAKE_BINARY_DIR}/certs/${OUTDIR}/DAC_cert.der)
set(DAC_KEY ${CMAKE_BINARY_DIR}/certs/${OUTDIR}/DAC_key.der)
set(PAI_CERT ${CMAKE_BINARY_DIR}/certs/${OUTDIR}/PAI_cert.der)
set(CERT_DCLRN ${CMAKE_BINARY_DIR}/certs/${OUTDIR}/CD.der)
endif()

set(PREVIOUS_VALUES_FILE "${CMAKE_BINARY_DIR}/previous_values.txt")

Expand All @@ -70,19 +114,22 @@ function(generate_build_time_partition fctry_partition esp_secure_cert_partition
set(CURRENT_VALUES_STRING
"${DEVICE_NAME}${VENDOR_NAME}${DISCRIMINATOR}${PASSCODE}${VENDOR_ID}${PRODUCT_ID}${HARDWARE_VERSION}${HARDWARE_VERSION_STR}${DAC_CERT}${DAC_KEY}${PAI_CERT}${CERT_DCLRN}")

message(STATUS "Vendor id set: ${VENDOR_ID_EXPLICITLY_SET}")
message(STATUS "Bulb Name: ${DEVICE_NAME}")
message(STATUS "Vendor Name: ${VENDOR_NAME}")
message(STATUS "Hardware Version: ${HARDWARE_VERSION}")
message(STATUS "Hardware Version String: ${HARDWARE_VERSION_STR}")
message(STATUS "Vendor ID: ${VENDOR_ID}")
message(STATUS "Product ID: ${PRODUCT_ID}")
message(STATUS "Discovery Mode : ${DISCOVERY_MODE}")
message(STATUS "DAC Cert: ${DAC_CERT}")
message(STATUS "DAC Key: ${DAC_KEY}")
message(STATUS "PAI Cert: ${PAI_CERT}")
message(STATUS "Certification Declaration: ${CERT_DCLRN}")
message(STATUS "Passcode: ${PASSCODE}")
message(STATUS "Discriminator: ${DISCRIMINATOR}")


if (NOT "${CURRENT_VALUES_STRING}" STREQUAL "${PREVIOUS_VALUES}")
message(STATUS "Values have changed. Triggering add_custom_target.")
add_custom_target(build_time_partition ALL
Expand All @@ -98,6 +145,7 @@ function(generate_build_time_partition fctry_partition esp_secure_cert_partition
--dac-key ${DAC_KEY}
--pai-cert ${PAI_CERT}
--cd ${CERT_DCLRN}
--discovery-mode ${DISCOVERY_MODE}
--dac-in-secure-cert
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
)
Expand Down
115 changes: 48 additions & 67 deletions scripts/tools/gen_att_certs.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,33 +32,10 @@
if not os.path.exists(chip_cert_exe):
print("Error: chip-cert executable not found.Please build chip-cert in connectedhomeip by ninja -C out/host")


def gen_test_certs(vendor_id: int,
product_id: int,
output: str):
"""
Generate Matter certificates according to given Vendor ID and Product ID using the chip-cert executable.
To use own Product Attestation Authority certificate provide paa_cert_path and paa_key_path arguments.
Without providing these arguments a PAA certificate will be get from /credentials/test/attestation directory
in the Matter repository.
Args:
chip_cert_exe (str): path to chip-cert executable
output (str): output path to store a newly generated certificates (CD, DAC, PAI)
vendor_id (int): an identification number specific to Vendor
product_id (int): an identification number specific to Product
device_name (str): human-readable device name
generate_cd (bool, optional): Generate Certificate Declaration and store it in thee output directory. Defaults to False.
paa_cert_path (str, optional): provide PAA certification path. Defaults to None - a path will be set to
/credentials/test/attestation directory.
paa_key_path (str, optional): provide PAA key path. Defaults to None - a path will be set to
/credentials/test/attestation directory.
generate_all_certs: Generate the new DAC and PAI certificates
Returns:
dictionary: ["PAI_CERT": (str)<path to PAI cert .der file>,
"DAC_CERT": (str)<path to DAC cert .der file>,
"DAC_KEY": (str)<path to DAC key .der file>]
"""

CD_PATH = CHIP_ROOT + "/credentials/test/certification-declaration/Chip-Test-CD-Signing-Cert.pem"
CD_KEY_PATH = CHIP_ROOT + "/credentials/test/certification-declaration/Chip-Test-CD-Signing-Key.pem"
Expand All @@ -71,70 +48,72 @@ def gen_test_certs(vendor_id: int,

# generate Certification Declaration
cmd = [chip_cert_exe, "gen-cd",
"--key", CD_KEY_PATH,
"--cert", CD_PATH,
"--out", output + "_"+ str(vendor_id) + "_"+ str(product_id) + "/CD.der",
"--format-version", "1",
"--vendor-id", hex(vendor_id),
"--product-id", hex(product_id),
"--device-type-id", "0",
"--certificate-id", "FFFFFFFFFFFFFFFFFFF",
"--security-level", "0",
"--security-info", "0",
"--certification-type", "0",
"--version-number", "0xFFFF",
]
"--key", CD_KEY_PATH,
"--cert", CD_PATH,
"--out", output + "_" + str(vendor_id) + "_" + str(product_id) + "/CD.der",
"--format-version", "1",
"--vendor-id", hex(vendor_id),
"--product-id", hex(product_id),
"--device-type-id", "0",
"--certificate-id", "FFFFFFFFFFFFFFFFFFF",
"--security-level", "0",
"--security-info", "0",
"--certification-type", "0",
"--version-number", "0xFFFF",
]
subprocess.run(cmd)

new_certificates = {"PAI_CERT": output + "_"+ str(vendor_id) + "_"+ str(product_id) + "/PAI_cert",
"PAI_KEY": output + "_"+ str(vendor_id) + "_"+ str(product_id)+"/PAI_key",
"DAC_CERT": output + "_"+ str(vendor_id) + "_"+ str(product_id) + "/DAC_cert",
"DAC_KEY": output + "_"+ str(vendor_id)+ "_"+ str(product_id) + "/DAC_key"
new_certificates = {"PAI_CERT": output + "_" + str(vendor_id) + "_" + str(product_id) + "/PAI_cert",
"PAI_KEY": output + "_" + str(vendor_id) + "_" + str(product_id)+"/PAI_key",
"DAC_CERT": output + "_" + str(vendor_id) + "_" + str(product_id) + "/DAC_cert",
"DAC_KEY": output + "_" + str(vendor_id) + "_" + str(product_id) + "/DAC_key"
}

log.info("Generating new PAI and DAC certificates using chip-cert...")

# generate PAI
cmd = [chip_cert_exe, "gen-att-cert",
"-t", "i",
"-c", "device",
"-V", hex(vendor_id),
"-C", PAA_PATH,
"-K", PAA_KEY_PATH,
"-o", new_certificates["PAI_CERT"] + ".pem",
"-O", new_certificates["PAI_KEY"] + ".pem",
"-l", str(10000),
]
"-t", "i",
"-c", "device",
"-V", hex(vendor_id),
"-C", PAA_PATH,
"-K", PAA_KEY_PATH,
"-o", new_certificates["PAI_CERT"] + ".pem",
"-O", new_certificates["PAI_KEY"] + ".pem",
"-l", str(10000),
]
subprocess.run(cmd)

# generate DAC
cmd = [chip_cert_exe, "gen-att-cert",
"-t", "d",
"-c", "device",
"-V", hex(vendor_id),
"-P", hex(product_id),
"-C", new_certificates["PAI_CERT"] + ".pem",
"-K", new_certificates["PAI_KEY"] + ".pem",
"-o", new_certificates["DAC_CERT"] + ".pem",
"-O", new_certificates["DAC_KEY"] + ".pem",
"-l", str(10000),
]
"-t", "d",
"-c", "device",
"-V", hex(vendor_id),
"-P", hex(product_id),
"-C", new_certificates["PAI_CERT"] + ".pem",
"-K", new_certificates["PAI_KEY"] + ".pem",
"-o", new_certificates["DAC_CERT"] + ".pem",
"-O", new_certificates["DAC_KEY"] + ".pem",
"-l", str(10000),
]
subprocess.run(cmd)

# convert to .der files
for cert_k, cert_v in new_certificates.items():
action_type = "convert-cert" if cert_k.find("CERT") != -1 else "convert-key"
log.info(cert_v + ".der")
cmd = [chip_cert_exe, action_type,
cert_v + ".pem",
cert_v + ".der",
"--x509-der",
]
cert_v + ".pem",
cert_v + ".der",
"--x509-der",
]
subprocess.run(cmd)

return attestation_certs(new_certificates["DAC_CERT"] + ".der",
new_certificates["DAC_KEY"] + ".der",
new_certificates["PAI_CERT"] + ".der")
new_certificates["DAC_KEY"] + ".der",
new_certificates["PAI_CERT"] + ".der")


def get_args():
def any_base_int(s): return int(s, 0)
parser = argparse.ArgumentParser(description="ESP32 Attestation generation tool")
Expand All @@ -144,14 +123,16 @@ def any_base_int(s): return int(s, 0)
parser.add_argument('--product-id', type=any_base_int, help="Product id")
return parser.parse_args()


def set_up_out_dirs(args):
os.makedirs(args.output + "_" + str(args.vendor_id) + "_" + str(args.product_id), exist_ok=True)


def main():
args = get_args()
set_up_out_dirs(args)
certs = gen_test_certs(args.vendor_id, args.product_id, args.output)


if __name__ == "__main__":
main()

0 comments on commit b934082

Please sign in to comment.