Skip to content

Commit

Permalink
updates and fixes mostly for EFR32 implementation if the crypto library
Browse files Browse the repository at this point in the history
  • Loading branch information
@emargolis
emargolis committed Oct 1, 2022
1 parent 80faf24 commit 3819099
Show file tree
Hide file tree
Showing 5 changed files with 133 additions and 148 deletions.
5 changes: 1 addition & 4 deletions src/app/tests/suites/credentials/TestHarnessDACProvider.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,7 @@ bool ReadValue(Json::Value jsonValue)
{
return true;
}
else
{
return false;
}
return false;
}

// TODO: This should be moved to a method of P256Keypair
Expand Down
5 changes: 0 additions & 5 deletions src/credentials/tests/TestCommissionerDUTVectors.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,11 +157,6 @@ static void TestCommissionerDUTVectors(nlTestSuite * inSuite, void * inContext)
isSuccessCase = true;
}

if (!isSuccessCase && (attestationResult == AttestationVerificationResult::kSuccess))
{
fprintf(stderr, "DEBUG PRINT 02: %s\n", jsonFilePath.c_str());
}

if (isSuccessCase)
{
NL_TEST_ASSERT(inSuite, attestationResult == AttestationVerificationResult::kSuccess);
Expand Down
94 changes: 46 additions & 48 deletions src/crypto/CHIPCryptoPALTinyCrypt.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1155,7 +1155,7 @@ CHIP_ERROR IsCertificateValidAtIssuance(const mbedtls_x509_crt * candidateCertif
return CHIP_NO_ERROR;
}

static int CallbackForCustomValidityCheck(void * data, mbedtls_x509_crt * crt, int depth, uint32_t * flags)
int CallbackForCustomValidityCheck(void * data, mbedtls_x509_crt * crt, int depth, uint32_t * flags)
{
mbedtls_x509_crt * leafCert = reinterpret_cast<mbedtls_x509_crt *>(data);
mbedtls_x509_crt * issuerCert = crt;
Expand All @@ -1172,6 +1172,24 @@ static int CallbackForCustomValidityCheck(void * data, mbedtls_x509_crt * crt, i

return 0;
}

constexpr uint8_t sOID_AttributeType_CommonName[] = { 0x55, 0x04, 0x03 };
constexpr uint8_t sOID_AttributeType_MatterVendorId[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0xA2, 0x7C, 0x02, 0x01 };
constexpr uint8_t sOID_AttributeType_MatterProductId[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0xA2, 0x7C, 0x02, 0x02 };
constexpr uint8_t sOID_SigAlgo_ECDSAWithSHA256[] = { 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02 };
constexpr uint8_t sOID_Extension_BasicConstraints[] = { 0x55, 0x1D, 0x13 };
constexpr uint8_t sOID_Extension_KeyUsage[] = { 0x55, 0x1D, 0x0F };
constexpr uint8_t sOID_Extension_SubjectKeyIdentifier[] = { 0x55, 0x1D, 0x0E };
constexpr uint8_t sOID_Extension_AuthorityKeyIdentifier[] = { 0x55, 0x1D, 0x23 };

/**
* Compares an mbedtls_asn1_buf structure (oidBuf) to a reference OID represented as uint8_t array (oid).
*/
#define OID_CMP(oid, oidBuf) \
((MBEDTLS_ASN1_OID == (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(tag)) && \
(sizeof(oid) == (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(len)) && \
(memcmp((oid), (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(p), (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(len)) == 0))

#endif // defined(MBEDTLS_X509_CRT_PARSE_C)

} // anonymous namespace
Expand All @@ -1198,10 +1216,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
// "version" value is 1 higher than the actual encoded value.
VerifyOrExit(mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(version) - 1 == 2, error = CHIP_ERROR_INTERNAL);

// Verify signature algorithms is ECDSA_WITH_SHA256.
p = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(sig_oid).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
len = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(sig_oid).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
VerifyOrExit((strlen(MBEDTLS_OID_ECDSA_SHA256) == len) && (memcmp(MBEDTLS_OID_ECDSA_SHA256, p, len) == 0),
// Verify signature algorithms is ECDSA with SHA256.
VerifyOrExit(OID_CMP(sOID_SigAlgo_ECDSAWithSHA256, mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(sig_oid)),
error = CHIP_ERROR_INTERNAL);

// Verify public key presence and format.
Expand All @@ -1219,7 +1235,6 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
{
mbedtls_x509_buf extOID = { 0, 0, nullptr };
int extCritical = 0;
int extType = 0;

result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
Expand All @@ -1241,8 +1256,7 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);

mbedtls_oid_get_x509_ext_type(&extOID, &extType);
if (extType == MBEDTLS_X509_EXT_BASIC_CONSTRAINTS)
if (OID_CMP(sOID_Extension_BasicConstraints, extOID))
{
int isCA = 0;
int pathLen = -1;
Expand Down Expand Up @@ -1278,7 +1292,7 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
VerifyOrExit(isCA && (pathLen == -1 || pathLen == 0 || pathLen == 1), error = CHIP_ERROR_INTERNAL);
}
}
else if (extType == MBEDTLS_X509_EXT_KEY_USAGE)
else if (OID_CMP(sOID_Extension_KeyUsage, extOID))
{
mbedtls_x509_bitstring bs = { 0, 0, nullptr };
unsigned int keyUsage = 0;
Expand Down Expand Up @@ -1528,14 +1542,11 @@ namespace {
CHIP_ERROR ExtractKIDFromX509Cert(bool extractSKID, const ByteSpan & certificate, MutableByteSpan & kid)
{
#if defined(MBEDTLS_X509_CRT_PARSE_C)
CHIP_ERROR error = CHIP_NO_ERROR;
CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
mbedtls_x509_crt mbed_cert;
unsigned char * p;
const unsigned char * end;
size_t len;

constexpr uint8_t sOID_Extension_SubjectKeyIdentifier[] = { 0x55, 0x1D, 0x0E };
constexpr uint8_t sOID_Extension_AuthorityKeyIdentifier[] = { 0x55, 0x1D, 0x23 };
unsigned char * p = nullptr;
const unsigned char * end = nullptr;
size_t len = 0;

mbedtls_x509_crt_init(&mbed_cert);

Expand All @@ -1558,10 +1569,9 @@ CHIP_ERROR ExtractKIDFromX509Cert(bool extractSKID, const ByteSpan & certificate
result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);

bool extractCurrentExtSKID = extractSKID && (sizeof(sOID_Extension_SubjectKeyIdentifier) == len) &&
(memcmp(p, sOID_Extension_SubjectKeyIdentifier, len) == 0);
bool extractCurrentExtAKID = !extractSKID && (sizeof(sOID_Extension_AuthorityKeyIdentifier) == len) &&
(memcmp(p, sOID_Extension_AuthorityKeyIdentifier, len) == 0);
mbedtls_x509_buf extOID = { MBEDTLS_ASN1_OID, len, p };
bool extractCurrentExtSKID = extractSKID && OID_CMP(sOID_Extension_SubjectKeyIdentifier, extOID);
bool extractCurrentExtAKID = !extractSKID && OID_CMP(sOID_Extension_AuthorityKeyIdentifier, extOID);
p += len;

int is_critical = 0;
Expand Down Expand Up @@ -1627,10 +1637,6 @@ CHIP_ERROR ExtractAKIDFromX509Cert(const ByteSpan & certificate, MutableByteSpan
CHIP_ERROR ExtractVIDPIDFromX509Cert(const ByteSpan & certificate, AttestationCertVidPid & vidpid)
{
#if defined(MBEDTLS_X509_CRT_PARSE_C)
constexpr uint8_t sOID_AttributeType_CommonName[] = { 0x55, 0x04, 0x03 };
constexpr uint8_t sOID_AttributeType_MatterVendorId[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0xA2, 0x7C, 0x02, 0x01 };
constexpr uint8_t sOID_AttributeType_MatterProductId[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0xA2, 0x7C, 0x02, 0x02 };

CHIP_ERROR error = CHIP_NO_ERROR;
mbedtls_x509_crt mbed_cert;
mbedtls_asn1_named_data * dnIterator = nullptr;
Expand All @@ -1644,32 +1650,24 @@ CHIP_ERROR ExtractVIDPIDFromX509Cert(const ByteSpan & certificate, AttestationCe
for (dnIterator = &mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(subject); dnIterator != nullptr;
dnIterator = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(next))
{
size_t oid_len = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
uint8_t * oid_p = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
size_t val_len = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(val).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
uint8_t * val_p = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(val).CHIP_CRYPTO_PAL_PRIVATE_X509(p);

if (oid_p != nullptr && val_p != nullptr)
DNAttrType attrType = DNAttrType::kUnspecified;
if (OID_CMP(sOID_AttributeType_CommonName, dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid)))
{
DNAttrType attrType = DNAttrType::kUnspecified;
if ((oid_len == sizeof(sOID_AttributeType_CommonName)) && (memcmp(sOID_AttributeType_CommonName, oid_p, oid_len) == 0))
{
attrType = DNAttrType::kCommonName;
}
else if ((oid_len == sizeof(sOID_AttributeType_MatterVendorId)) &&
(memcmp(sOID_AttributeType_MatterVendorId, oid_p, oid_len) == 0))
{
attrType = DNAttrType::kMatterVID;
}
else if ((oid_len == sizeof(sOID_AttributeType_MatterProductId)) &&
(memcmp(sOID_AttributeType_MatterProductId, oid_p, oid_len) == 0))
{
attrType = DNAttrType::kMatterPID;
}

error = ExtractVIDPIDFromAttributeString(attrType, ByteSpan(val_p, val_len), vidpid, vidpidFromCN);
SuccessOrExit(error);
attrType = DNAttrType::kCommonName;
}
else if (OID_CMP(sOID_AttributeType_MatterVendorId, dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid)))
{
attrType = DNAttrType::kMatterVID;
}
else if (OID_CMP(sOID_AttributeType_MatterProductId, dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid)))
{
attrType = DNAttrType::kMatterPID;
}

size_t val_len = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(val).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
uint8_t * val_p = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(val).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
error = ExtractVIDPIDFromAttributeString(attrType, ByteSpan(val_p, val_len), vidpid, vidpidFromCN);
SuccessOrExit(error);
}

// If Matter Attributes were not found use values extracted from the CN Attribute,
Expand Down
86 changes: 42 additions & 44 deletions src/crypto/CHIPCryptoPALmbedTLS.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1296,7 +1296,7 @@ CHIP_ERROR IsCertificateValidAtIssuance(const mbedtls_x509_crt * candidateCertif
return CHIP_NO_ERROR;
}

static int CallbackForCustomValidityCheck(void * data, mbedtls_x509_crt * crt, int depth, uint32_t * flags)
int CallbackForCustomValidityCheck(void * data, mbedtls_x509_crt * crt, int depth, uint32_t * flags)
{
mbedtls_x509_crt * leafCert = reinterpret_cast<mbedtls_x509_crt *>(data);
mbedtls_x509_crt * issuerCert = crt;
Expand All @@ -1313,6 +1313,24 @@ static int CallbackForCustomValidityCheck(void * data, mbedtls_x509_crt * crt, i

return 0;
}

constexpr uint8_t sOID_AttributeType_CommonName[] = { 0x55, 0x04, 0x03 };
constexpr uint8_t sOID_AttributeType_MatterVendorId[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0xA2, 0x7C, 0x02, 0x01 };
constexpr uint8_t sOID_AttributeType_MatterProductId[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0xA2, 0x7C, 0x02, 0x02 };
constexpr uint8_t sOID_SigAlgo_ECDSAWithSHA256[] = { 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02 };
constexpr uint8_t sOID_Extension_BasicConstraints[] = { 0x55, 0x1D, 0x13 };
constexpr uint8_t sOID_Extension_KeyUsage[] = { 0x55, 0x1D, 0x0F };
constexpr uint8_t sOID_Extension_SubjectKeyIdentifier[] = { 0x55, 0x1D, 0x0E };
constexpr uint8_t sOID_Extension_AuthorityKeyIdentifier[] = { 0x55, 0x1D, 0x23 };

/**
* Compares an mbedtls_asn1_buf structure (oidBuf) to a reference OID represented as uint8_t array (oid).
*/
#define OID_CMP(oid, oidBuf) \
((MBEDTLS_ASN1_OID == (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(tag)) && \
(sizeof(oid) == (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(len)) && \
(memcmp((oid), (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(p), (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(len)) == 0))

#endif // defined(MBEDTLS_X509_CRT_PARSE_C)

} // anonymous namespace
Expand All @@ -1339,10 +1357,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
// "version" value is 1 higher than the actual encoded value.
VerifyOrExit(mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(version) - 1 == 2, error = CHIP_ERROR_INTERNAL);

// Verify signature algorithms is ECDSA_WITH_SHA256.
p = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(sig_oid).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
len = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(sig_oid).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
VerifyOrExit((strlen(MBEDTLS_OID_ECDSA_SHA256) == len) && (memcmp(MBEDTLS_OID_ECDSA_SHA256, p, len) == 0),
// Verify signature algorithms is ECDSA with SHA256.
VerifyOrExit(OID_CMP(sOID_SigAlgo_ECDSAWithSHA256, mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(sig_oid)),
error = CHIP_ERROR_INTERNAL);

// Verify public key presence and format.
Expand All @@ -1360,7 +1376,6 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
{
mbedtls_x509_buf extOID = { 0, 0, nullptr };
int extCritical = 0;
int extType = 0;

result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
Expand All @@ -1382,8 +1397,7 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);

mbedtls_oid_get_x509_ext_type(&extOID, &extType);
if (extType == MBEDTLS_X509_EXT_BASIC_CONSTRAINTS)
if (OID_CMP(sOID_Extension_BasicConstraints, extOID))
{
int isCA = 0;
int pathLen = -1;
Expand Down Expand Up @@ -1419,7 +1433,7 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
VerifyOrExit(isCA && (pathLen == -1 || pathLen == 0 || pathLen == 1), error = CHIP_ERROR_INTERNAL);
}
}
else if (extType == MBEDTLS_X509_EXT_KEY_USAGE)
else if (OID_CMP(sOID_Extension_KeyUsage, extOID))
{
mbedtls_x509_bitstring bs = { 0, 0, nullptr };
unsigned int keyUsage = 0;
Expand Down Expand Up @@ -1679,9 +1693,6 @@ CHIP_ERROR ExtractKIDFromX509Cert(bool extractSKID, const ByteSpan & certificate
const unsigned char * end = nullptr;
size_t len = 0;

constexpr uint8_t sOID_Extension_SubjectKeyIdentifier[] = { 0x55, 0x1D, 0x0E };
constexpr uint8_t sOID_Extension_AuthorityKeyIdentifier[] = { 0x55, 0x1D, 0x23 };

mbedtls_x509_crt_init(&mbed_cert);

int result = mbedtls_x509_crt_parse(&mbed_cert, Uint8::to_const_uchar(certificate.data()), certificate.size());
Expand All @@ -1703,10 +1714,9 @@ CHIP_ERROR ExtractKIDFromX509Cert(bool extractSKID, const ByteSpan & certificate
result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);

bool extractCurrentExtSKID = extractSKID && (sizeof(sOID_Extension_SubjectKeyIdentifier) == len) &&
(memcmp(p, sOID_Extension_SubjectKeyIdentifier, len) == 0);
bool extractCurrentExtAKID = !extractSKID && (sizeof(sOID_Extension_AuthorityKeyIdentifier) == len) &&
(memcmp(p, sOID_Extension_AuthorityKeyIdentifier, len) == 0);
mbedtls_x509_buf extOID = { MBEDTLS_ASN1_OID, len, p };
bool extractCurrentExtSKID = extractSKID && OID_CMP(sOID_Extension_SubjectKeyIdentifier, extOID);
bool extractCurrentExtAKID = !extractSKID && OID_CMP(sOID_Extension_AuthorityKeyIdentifier, extOID);
p += len;

int is_critical = 0;
Expand Down Expand Up @@ -1773,10 +1783,6 @@ CHIP_ERROR ExtractAKIDFromX509Cert(const ByteSpan & certificate, MutableByteSpan
CHIP_ERROR ExtractVIDPIDFromX509Cert(const ByteSpan & certificate, AttestationCertVidPid & vidpid)
{
#if defined(MBEDTLS_X509_CRT_PARSE_C)
constexpr uint8_t sOID_AttributeType_CommonName[] = { 0x55, 0x04, 0x03 };
constexpr uint8_t sOID_AttributeType_MatterVendorId[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0xA2, 0x7C, 0x02, 0x01 };
constexpr uint8_t sOID_AttributeType_MatterProductId[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0xA2, 0x7C, 0x02, 0x02 };

CHIP_ERROR error = CHIP_NO_ERROR;
mbedtls_x509_crt mbed_cert;
mbedtls_asn1_named_data * dnIterator = nullptr;
Expand All @@ -1790,32 +1796,24 @@ CHIP_ERROR ExtractVIDPIDFromX509Cert(const ByteSpan & certificate, AttestationCe
for (dnIterator = &mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(subject); dnIterator != nullptr;
dnIterator = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(next))
{
size_t oid_len = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
uint8_t * oid_p = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
size_t val_len = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(val).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
uint8_t * val_p = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(val).CHIP_CRYPTO_PAL_PRIVATE_X509(p);

if (oid_p != nullptr && val_p != nullptr)
DNAttrType attrType = DNAttrType::kUnspecified;
if (OID_CMP(sOID_AttributeType_CommonName, dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid)))
{
DNAttrType attrType = DNAttrType::kUnspecified;
if ((oid_len == sizeof(sOID_AttributeType_CommonName)) && (memcmp(sOID_AttributeType_CommonName, oid_p, oid_len) == 0))
{
attrType = DNAttrType::kCommonName;
}
else if ((oid_len == sizeof(sOID_AttributeType_MatterVendorId)) &&
(memcmp(sOID_AttributeType_MatterVendorId, oid_p, oid_len) == 0))
{
attrType = DNAttrType::kMatterVID;
}
else if ((oid_len == sizeof(sOID_AttributeType_MatterProductId)) &&
(memcmp(sOID_AttributeType_MatterProductId, oid_p, oid_len) == 0))
{
attrType = DNAttrType::kMatterPID;
}

error = ExtractVIDPIDFromAttributeString(attrType, ByteSpan(val_p, val_len), vidpid, vidpidFromCN);
SuccessOrExit(error);
attrType = DNAttrType::kCommonName;
}
else if (OID_CMP(sOID_AttributeType_MatterVendorId, dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid)))
{
attrType = DNAttrType::kMatterVID;
}
else if (OID_CMP(sOID_AttributeType_MatterProductId, dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(oid)))
{
attrType = DNAttrType::kMatterPID;
}

size_t val_len = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(val).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
uint8_t * val_p = dnIterator->CHIP_CRYPTO_PAL_PRIVATE_X509(val).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
error = ExtractVIDPIDFromAttributeString(attrType, ByteSpan(val_p, val_len), vidpid, vidpidFromCN);
SuccessOrExit(error);
}

// If Matter Attributes were not found use values extracted from the CN Attribute,
Expand Down
Loading

0 comments on commit 3819099

Please sign in to comment.