Add CD with origin VID/PID != VID/PID (#27616)

* Add CD with origin VID/PID != VID/PID

CD VID/PID == 0xFFF1/0x8000 (matches existing examples for cd)
CD origin VID/PID = 0xFFF2/0x8001
DAC/PAI VID/PID = 0xFFF2/0x8001

Tests: - src/python_testing/test_testing/test_TC_DA_1.2.py
         (cert test that checks CD cert validity)
       - credentials/tests/TestCommissionerDUTVectors.cpp
         (unit test that ensures the test_vector.json is OK)
       - commissioned all-clusters-app using --dac_provider
         with chip-tool

* Restyled by whitespace

* Restyled by prettier-json

---------

Co-authored-by: Restyled.io <[email protected]>

credentials/development/commissioner_dut/struct_cd_origin_pid_vid_correct/dac-Cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB5DCCAYqgAwIBAgIIQnRkU92joPUwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMjEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDEwIBcNMjMwNzA0MDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMEYx
+GDAWBgNVBAMMD01hdHRlciBUZXN0IERBQzEUMBIGCisGAQQBgqJ8AgEMBEZGRjIx
+FDASBgorBgEEAYKifAICDAQ4MDAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+i04n/UbQFbyOugwYJbPcRxEPRvWQJPwpjHvmI3JqYso9ISyz/LSXJ3QNIvl3t9Ag
+tsXw17bMH1B6zs6dHX0wCaNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMC
+B4AwHQYDVR0OBBYEFFUzcz8rO7UyEFl6mPUK9IEkAB+yMB8GA1UdIwQYMBaAFCQ5
+GiylqAHg0XSk/s8q5SViI6CHMAoGCCqGSM49BAMCA0gAMEUCIEfmQX7nVhBYgoeJ
+sC8b1EyEtJ0WWhDZvfKDc9wQaTU3AiEA6F7LCTx6psvb+aKl9I8hnA98/+88jvTm
+b44v4ee9HJo=
+-----END CERTIFICATE-----

credentials/development/commissioner_dut/struct_cd_origin_pid_vid_correct/dac-Key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIKjwudFL/3eYC+HY1t64HLjc/AAyc/J0CyTL6Mo0ugKLoAoGCCqGSM49
+AwEHoUQDQgAEi04n/UbQFbyOugwYJbPcRxEPRvWQJPwpjHvmI3JqYso9ISyz/LSX
+J3QNIvl3t9AgtsXw17bMH1B6zs6dHX0wCQ==
+-----END EC PRIVATE KEY-----

credentials/development/commissioner_dut/struct_cd_origin_pid_vid_correct/pai-Cert.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBvzCCAWSgAwIBAgIIVwXbuTJAkMEwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFBMCAXDTIzMDcwNDAwMDAwMFoYDzk5OTkxMjMxMjM1OTU5
+WjBGMRgwFgYDVQQDDA9NYXR0ZXIgVGVzdCBQQUkxFDASBgorBgEEAYKifAIBDARG
+RkYyMRQwEgYKKwYBBAGConwCAgwEODAwMTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABDge/ZTB1ASbzUW4A2gpRdE0ZcNUlkCUaXAlkgkGpdafI83gOvLhWcZisA40
+QsppJD9OeWP0eIW8+6cdi13E2w6jZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQkORospagB4NF0pP7PKuUlYiOghzAfBgNV
+HSMEGDAWgBR4XOcFuGuPTm/Hk6pgy0PqaWiC1TAKBggqhkjOPQQDAgNJADBGAiEA
+uxLDhQ3owmVZ8gopMaMGekcofyjciv4luAyTA5fJR7UCIQD2fHv76wj+YVSA2WRC
+U5gZvNcYNtH8DUvvnSE8Fxwmtw==
+-----END CERTIFICATE-----

credentials/development/commissioner_dut/struct_cd_origin_pid_vid_correct/pai-Key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFW0zHlTJnU1Gp1mq7I9bVCFS/IYC/nsQ8wkVyJfgAfuoAoGCCqGSM49
+AwEHoUQDQgAEOB79lMHUBJvNRbgDaClF0TRlw1SWQJRpcCWSCQal1p8jzeA68uFZ
+xmKwDjRCymkkP055Y/R4hbz7px2LXcTbDg==
+-----END EC PRIVATE KEY-----

credentials/development/commissioner_dut/struct_cd_origin_pid_vid_correct/test_case_vector.json

@@ -0,0 +1,9 @@
+{
+    "description": "CD Test Vector: Origin VID/PID different than VID/PID (correct use of origin)",
+    "is_success_case": "true",
+    "dac_cert": "308201e43082018aa003020102020842746453dda3a0f5300a06082a8648ce3d04030230463118301606035504030c0f4d617474657220546573742050414931143012060a2b0601040182a27c02010c044646463231143012060a2b0601040182a27c02020c04383030313020170d3233303730343030303030305a180f39393939313233313233353935395a30463118301606035504030c0f4d617474657220546573742044414331143012060a2b0601040182a27c02010c044646463231143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d030107034200048b4e27fd46d015bc8eba0c1825b3dc47110f46f59024fc298c7be623726a62ca3d212cb3fcb49727740d22f977b7d020b6c5f0d7b6cc1f507acece9d1d7d3009a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e041604145533733f2b3bb53210597a98f50af48124001fb2301f0603551d2304183016801424391a2ca5a801e0d174a4fecf2ae5256223a087300a06082a8648ce3d0403020348003045022047e6417ee7561058828789b02f1bd44c84b49d165a10d9bdf28373dc10693537022100e85ecb093c7aa6cbdbf9a2a5f48f219c0f7cffef3c8ef4e66f8e2fe1e7bd1c9a",
+    "pai_cert": "308201bf30820164a00302010202085705dbb9324090c1300a06082a8648ce3d040302301a3118301606035504030c0f4d61747465722054657374205041413020170d3233303730343030303030305a180f39393939313233313233353935395a30463118301606035504030c0f4d617474657220546573742050414931143012060a2b0601040182a27c02010c044646463231143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d03010703420004381efd94c1d4049bcd45b803682945d13465c354964094697025920906a5d69f23cde03af2e159c662b00e3442ca69243f4e7963f47885bcfba71d8b5dc4db0ea366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041424391a2ca5a801e0d174a4fecf2ae5256223a087301f0603551d23041830168014785ce705b86b8f4e6fc793aa60cb43ea696882d5300a06082a8648ce3d0403020349003046022100bb12c3850de8c26559f20a2931a3067a47287f28dc8afe25b80c930397c947b5022100f67c7bfbeb08fe615480d96442539819bcd71836d1fc0d4bef9d213c171c26b7",
+    "certification_declaration": "3081f006092a864886f70d010702a081e23081df020103310d300b0609608648016503040201304d06092a864886f70d010701a040043e152400012501f1ff360205008018250334122c04135a494732303134315a423333303030312d3234240500240600250776982408002509f2ff250a018018317c307a020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d040302044630440220494f87a430b234de3eaeb2dd756d49f5a952f99611b5e9049d864499670cad1c0220492f157848ef15bb597fb46ab387f639107bb53fc6d0dbe11b3fefc8e3baea8d",
+    "dac_private_key": "a8f0b9d14bff77980be1d8d6deb81cb8dcfc003273f2740b24cbe8ca34ba028b",
+    "dac_public_key": "048b4e27fd46d015bc8eba0c1825b3dc47110f46f59024fc298c7be623726a62ca3d212cb3fcb49727740d22f977b7d020b6c5f0d7b6cc1f507acece9d1d7d3009"
+}

src/tools/chip-cert/Cmd_GenCD.cpp

@@ -626,6 +626,11 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char
             gCDConfig.SetDACOriginPIDPresent();
             gCDConfig.SetDACOriginPIDWrong();
         }
+        else if (strcmp(arg, "different-origin") == 0)
+        {
+            gCDConfig.SetDACOriginVIDPresent();
+            gCDConfig.SetDACOriginPIDPresent();
+        }
         else if (strcmp(arg, "authorized-paa-list-count0") == 0)
         {
             gCDConfig.SetAuthPAAListPresent();

src/tools/chip-cert/gen_com_dut_test_vectors.py

@@ -663,6 +663,12 @@ class CertType(Enum):
         "error_flag": 'cms-sig',
         "is_success_case": 'false',
     },
+    {
+        "description": 'Origin VID/PID different than VID/PID (correct use of origin)',
+        "test_folder": "origin_pid_vid_correct",
+        "error_flag": 'different-origin',
+        "is_success_case": 'true',
+    },
 ]
 
 
@@ -813,6 +819,9 @@ def main():
                            help='output directory for all generated test vectors')
     argparser.add_argument('-p', '--paa', dest='paapath',
                            default='credentials/test/attestation/Chip-Test-PAA-FFF1-', help='PAA to use')
+    argparser.add_argument('--paa_different_origin', dest='paapath_different_origin',
+                           default='credentials/test/attestation/Chip-Test-PAA-NoVID-',
+                           help='PAA to use when signing the PAI for the origin VID/PID test case (VID=0xFFF2)')
     argparser.add_argument('-d', '--cd', dest='cdpath',
                            default='credentials/test/certification-declaration/Chip-Test-CD-Signing-',
                            help='CD Signing Key/Cert to use')
@@ -946,26 +955,43 @@ def main():
         test_case_out_dir = args.outdir + '/struct_cd_' + test_case["test_folder"]
         vid = 0xFFF1
         pid = 0x8000
+        origin_vid = None
+        origin_pid = None
+        paapath = args.paapath
+        if test_case["error_flag"] == 'different-origin':
+            # This test case mimics a device that uses a PID/VID provided by another vendor
+            # The PID/VID in the CD is set to 0xFFF1/0x8000 as in all other test cases
+            # so testers can use the same comand line invocation to start the test programs
+            # In this case, the DAC VID and PID are different.
+            origin_vid = 0xFFF2
+            origin_pid = 0x8001
+            paapath = args.paapath_different_origin
+        if test_case["error_flag"] == 'dac-origin-vid-present' or test_case["error_flag"] == 'dac-origin-vid-pid-present':
+            origin_vid = vid
+        if test_case["error_flag"] == 'dac-origin-pid-present' or test_case["error_flag"] == 'dac-origin-vid-pid-present':
+            origin_pid = pid
 
         # Generate PAI Cert/Key
-        builder = DevCertBuilder(CertType.PAI, 'no-error', args.paapath, test_case_out_dir,
-                                 chipcert, vid, pid, '', '')
+        dac_vid = origin_vid if origin_vid else vid
+        dac_pid = origin_pid if origin_pid else pid
+        builder = DevCertBuilder(CertType.PAI, 'no-error', paapath, test_case_out_dir,
+                                 chipcert, dac_vid, dac_pid, '', '')
         builder.make_certs_and_keys()
 
         # Generate DAC Cert/Key
-        builder = DevCertBuilder(CertType.DAC, 'no-error', args.paapath, test_case_out_dir,
-                                 chipcert, vid, pid, '', '')
+        builder = DevCertBuilder(CertType.DAC, 'no-error', paapath, test_case_out_dir,
+                                 chipcert, dac_vid, dac_pid, '', '')
         builder.make_certs_and_keys()
 
         # Generate Certification Declaration (CD)
         vid_flag = ' -V 0x{:X}'.format(vid)
         pid_flag = ' -p 0x{:X}'.format(pid)
 
         dac_origin_flag = ' '
-        if test_case["error_flag"] == 'dac-origin-vid-present' or test_case["error_flag"] == 'dac-origin-vid-pid-present':
-            dac_origin_flag += ' -o 0x{:X}'.format(vid)
-        if test_case["error_flag"] == 'dac-origin-pid-present' or test_case["error_flag"] == 'dac-origin-vid-pid-present':
-            dac_origin_flag += ' -r 0x{:X}'.format(pid)
+        if origin_vid:
+            dac_origin_flag += ' -o 0x{:X}'.format(origin_vid)
+        if origin_pid:
+            dac_origin_flag += ' -r 0x{:X}'.format(origin_pid)
 
         if test_case["error_flag"] == 'authorized-paa-list-count0' or test_case["error_flag"] == 'authorized-paa-list-count1-valid'\
                 or test_case["error_flag"] == 'authorized-paa-list-count2-valid'\