From c7b44d93dc4a4c5498f14b42d2502861498e4adc Mon Sep 17 00:00:00 2001 From: Tennessee Carmel-Veilleux Date: Wed, 24 Nov 2021 10:37:42 -0500 Subject: [PATCH] Rename ExampleDeviceAttestationVerifier (#12182) * Rename ExampleDeviceAttestationVerifier - Rename ExampleDeviceAttestationVerifier to DefaultDeviceAttestationVerifier since it is now used commonly and becoming fully spec-compliant. Fixes #11919 * Restyled by clang-format * Restyled by gn Co-authored-by: Restyled.io --- .../chip-tool/commands/common/CHIPCommand.cpp | 4 ++-- examples/platform/linux/AppMain.cpp | 4 ++-- examples/tv-casting-app/linux/main.cpp | 4 ++-- .../java/AndroidDeviceControllerWrapper.cpp | 4 ++-- .../ChipDeviceController-ScriptBinding.cpp | 4 ++-- .../python/chip/internal/CommissionerImpl.cpp | 4 ++-- src/credentials/BUILD.gn | 4 ++-- ...pp => DefaultDeviceAttestationVerifier.cpp} | 18 ++++++++---------- ...le.h => DefaultDeviceAttestationVerifier.h} | 4 +--- .../tests/TestDeviceAttestationCredentials.cpp | 6 +++--- .../Framework/CHIP/CHIPDeviceController.mm | 4 ++-- 11 files changed, 28 insertions(+), 32 deletions(-) rename src/credentials/examples/{DeviceAttestationVerifierExample.cpp => DefaultDeviceAttestationVerifier.cpp} (98%) rename src/credentials/examples/{DeviceAttestationVerifierExample.h => DefaultDeviceAttestationVerifier.h} (91%) diff --git a/examples/chip-tool/commands/common/CHIPCommand.cpp b/examples/chip-tool/commands/common/CHIPCommand.cpp index c36b7786c9cd2f..44921d77b457f9 100644 --- a/examples/chip-tool/commands/common/CHIPCommand.cpp +++ b/examples/chip-tool/commands/common/CHIPCommand.cpp @@ -21,8 +21,8 @@ #include #include #include +#include #include -#include #include #include #include @@ -45,7 +45,7 @@ CHIP_ERROR CHIPCommand::Run() chip::Platform::ScopedMemoryBuffer rcac; chip::Credentials::SetDeviceAttestationCredentialsProvider(chip::Credentials::Examples::GetExampleDACProvider()); - chip::Credentials::SetDeviceAttestationVerifier(chip::Credentials::Examples::GetExampleDACVerifier()); + chip::Credentials::SetDeviceAttestationVerifier(chip::Credentials::GetDefaultDACVerifier()); VerifyOrReturnError(noc.Alloc(chip::Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY); VerifyOrReturnError(icac.Alloc(chip::Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY); diff --git a/examples/platform/linux/AppMain.cpp b/examples/platform/linux/AppMain.cpp index b3583fd6b7c57c..5b79f089d13674 100644 --- a/examples/platform/linux/AppMain.cpp +++ b/examples/platform/linux/AppMain.cpp @@ -29,8 +29,8 @@ #include #include +#include #include -#include #include #include @@ -234,7 +234,7 @@ CHIP_ERROR InitCommissioner() ReturnErrorOnFailure(gCommissioner.SetUdcListenPort(LinuxDeviceOptions::GetInstance().unsecuredCommissionerPort)); // Initialize device attestation verifier - SetDeviceAttestationVerifier(Examples::GetExampleDACVerifier()); + SetDeviceAttestationVerifier(GetDefaultDACVerifier()); chip::Platform::ScopedMemoryBuffer noc; VerifyOrReturnError(noc.Alloc(chip::Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY); diff --git a/examples/tv-casting-app/linux/main.cpp b/examples/tv-casting-app/linux/main.cpp index 7a1e18e67e30be..e2b356db9ae093 100644 --- a/examples/tv-casting-app/linux/main.cpp +++ b/examples/tv-casting-app/linux/main.cpp @@ -21,8 +21,8 @@ #include #include #include +#include #include -#include #include #include #include @@ -196,7 +196,7 @@ int main(int argc, char * argv[]) SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider()); // Initialize device attestation verifier - SetDeviceAttestationVerifier(Examples::GetExampleDACVerifier()); + SetDeviceAttestationVerifier(GetDefaultDACVerifier()); if (!chip::ArgParser::ParseArgs(argv[0], argc, argv, allOptions)) { diff --git a/src/controller/java/AndroidDeviceControllerWrapper.cpp b/src/controller/java/AndroidDeviceControllerWrapper.cpp index 8b8ae347ce60c6..bb18387a38a488 100644 --- a/src/controller/java/AndroidDeviceControllerWrapper.cpp +++ b/src/controller/java/AndroidDeviceControllerWrapper.cpp @@ -26,7 +26,7 @@ #include #include -#include +#include #include #include #include @@ -204,7 +204,7 @@ AndroidDeviceControllerWrapper * AndroidDeviceControllerWrapper::AllocateNew(Jav wrapper->SetJavaObjectRef(vm, deviceControllerObj); // Initialize device attestation verifier - SetDeviceAttestationVerifier(Examples::GetExampleDACVerifier()); + SetDeviceAttestationVerifier(GetDefaultDACVerifier()); chip::Controller::FactoryInitParams initParams; chip::Controller::SetupParams setupParams; diff --git a/src/controller/python/ChipDeviceController-ScriptBinding.cpp b/src/controller/python/ChipDeviceController-ScriptBinding.cpp index c38373d1c5fa52..9c1b09388d0f7f 100644 --- a/src/controller/python/ChipDeviceController-ScriptBinding.cpp +++ b/src/controller/python/ChipDeviceController-ScriptBinding.cpp @@ -54,7 +54,7 @@ #include #include #include -#include +#include #include #include #include @@ -182,7 +182,7 @@ ChipError::StorageType pychip_DeviceController_NewDeviceController(chip::Control } // Initialize device attestation verifier - SetDeviceAttestationVerifier(Examples::GetExampleDACVerifier()); + SetDeviceAttestationVerifier(GetDefaultDACVerifier()); CHIP_ERROR err = sOperationalCredentialsIssuer.Initialize(sStorageDelegate); VerifyOrReturnError(err == CHIP_NO_ERROR, err.AsInteger()); diff --git a/src/controller/python/chip/internal/CommissionerImpl.cpp b/src/controller/python/chip/internal/CommissionerImpl.cpp index 1f718adbdf0270..4386fc16ab549b 100644 --- a/src/controller/python/chip/internal/CommissionerImpl.cpp +++ b/src/controller/python/chip/internal/CommissionerImpl.cpp @@ -20,7 +20,7 @@ #include #include #include -#include +#include #include #include #include @@ -117,7 +117,7 @@ extern "C" chip::Controller::DeviceCommissioner * pychip_internal_Commissioner_N commissionerParams.storageDelegate = &gServerStorage; // Initialize device attestation verifier - chip::Credentials::SetDeviceAttestationVerifier(chip::Credentials::Examples::GetExampleDACVerifier()); + chip::Credentials::SetDeviceAttestationVerifier(chip::Credentials::GetDefaultDACVerifier()); err = ephemeralKey.Initialize(); SuccessOrExit(err); diff --git a/src/credentials/BUILD.gn b/src/credentials/BUILD.gn index 206fe89fd92dd3..32364b9c1c24f4 100644 --- a/src/credentials/BUILD.gn +++ b/src/credentials/BUILD.gn @@ -36,10 +36,10 @@ static_library("credentials") { "FabricTable.h", "GenerateChipX509Cert.cpp", "GroupDataProvider.h", + "examples/DefaultDeviceAttestationVerifier.cpp", + "examples/DefaultDeviceAttestationVerifier.h", "examples/DeviceAttestationCredsExample.cpp", "examples/DeviceAttestationCredsExample.h", - "examples/DeviceAttestationVerifierExample.cpp", - "examples/DeviceAttestationVerifierExample.h", "examples/GroupDataProviderExample.cpp", ] diff --git a/src/credentials/examples/DeviceAttestationVerifierExample.cpp b/src/credentials/examples/DefaultDeviceAttestationVerifier.cpp similarity index 98% rename from src/credentials/examples/DeviceAttestationVerifierExample.cpp rename to src/credentials/examples/DefaultDeviceAttestationVerifier.cpp index 11f34289435d0e..b6cf795092fd47 100644 --- a/src/credentials/examples/DeviceAttestationVerifierExample.cpp +++ b/src/credentials/examples/DefaultDeviceAttestationVerifier.cpp @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "DeviceAttestationVerifierExample.h" +#include "DefaultDeviceAttestationVerifier.h" #include #include @@ -31,7 +31,6 @@ using namespace chip::Crypto; namespace chip { namespace Credentials { -namespace Examples { namespace { @@ -189,7 +188,7 @@ CHIP_ERROR GetCertificationDeclarationCertificate(const ByteSpan & skid, Mutable return CopySpanToMutableSpan(ByteSpan{ sCertChainLookupTable[certChainLookupTableIdx].mCertificate }, outCertificate); } -class ExampleDACVerifier : public DeviceAttestationVerifier +class DefaultDACVerifier : public DeviceAttestationVerifier { public: AttestationVerificationResult VerifyAttestationInformation(const ByteSpan & attestationInfoBuffer, @@ -206,7 +205,7 @@ class ExampleDACVerifier : public DeviceAttestationVerifier const DeviceInfoForAttestation & deviceInfo) override; }; -AttestationVerificationResult ExampleDACVerifier::VerifyAttestationInformation(const ByteSpan & attestationInfoBuffer, +AttestationVerificationResult DefaultDACVerifier::VerifyAttestationInformation(const ByteSpan & attestationInfoBuffer, const ByteSpan & attestationChallengeBuffer, const ByteSpan & attestationSignatureBuffer, const ByteSpan & paiCertDerBuffer, @@ -310,7 +309,7 @@ AttestationVerificationResult ExampleDACVerifier::VerifyAttestationInformation(c return ValidateCertificateDeclarationPayload(certificationDeclarationPayload, firmwareInfoSpan, deviceInfo); } -AttestationVerificationResult ExampleDACVerifier::ValidateCertificationDeclarationSignature(const ByteSpan & cmsEnvelopeBuffer, +AttestationVerificationResult DefaultDACVerifier::ValidateCertificationDeclarationSignature(const ByteSpan & cmsEnvelopeBuffer, ByteSpan & certDeclBuffer) { uint8_t certificate[Credentials::kMaxDERCertLength]; @@ -329,7 +328,7 @@ AttestationVerificationResult ExampleDACVerifier::ValidateCertificationDeclarati return AttestationVerificationResult::kSuccess; } -AttestationVerificationResult ExampleDACVerifier::ValidateCertificateDeclarationPayload(const ByteSpan & certDeclBuffer, +AttestationVerificationResult DefaultDACVerifier::ValidateCertificateDeclarationPayload(const ByteSpan & certDeclBuffer, const ByteSpan & firmwareInfo, const DeviceInfoForAttestation & deviceInfo) { @@ -398,13 +397,12 @@ AttestationVerificationResult ExampleDACVerifier::ValidateCertificateDeclaration } // namespace -DeviceAttestationVerifier * GetExampleDACVerifier() +DeviceAttestationVerifier * GetDefaultDACVerifier() { - static ExampleDACVerifier exampleDacVerifier; + static DefaultDACVerifier defaultDACVerifier; - return &exampleDacVerifier; + return &defaultDACVerifier; } -} // namespace Examples } // namespace Credentials } // namespace chip diff --git a/src/credentials/examples/DeviceAttestationVerifierExample.h b/src/credentials/examples/DefaultDeviceAttestationVerifier.h similarity index 91% rename from src/credentials/examples/DeviceAttestationVerifierExample.h rename to src/credentials/examples/DefaultDeviceAttestationVerifier.h index 3ab4984422704c..aad200fdd3e434 100644 --- a/src/credentials/examples/DeviceAttestationVerifierExample.h +++ b/src/credentials/examples/DefaultDeviceAttestationVerifier.h @@ -20,7 +20,6 @@ namespace chip { namespace Credentials { -namespace Examples { /** * @brief Get implementation of a sample DAC verifier to validate device @@ -29,8 +28,7 @@ namespace Examples { * @returns a singleton DeviceAttestationVerifier that relies on no * storage abstractions. */ -DeviceAttestationVerifier * GetExampleDACVerifier(); +DeviceAttestationVerifier * GetDefaultDACVerifier(); -} // namespace Examples } // namespace Credentials } // namespace chip diff --git a/src/credentials/tests/TestDeviceAttestationCredentials.cpp b/src/credentials/tests/TestDeviceAttestationCredentials.cpp index 1d92c0cf8dc672..f706582ddc087e 100644 --- a/src/credentials/tests/TestDeviceAttestationCredentials.cpp +++ b/src/credentials/tests/TestDeviceAttestationCredentials.cpp @@ -21,8 +21,8 @@ #include #include #include +#include #include -#include #include #include @@ -196,7 +196,7 @@ static void TestDACVerifierExample_AttestationInfoVerification(nlTestSuite * inS NL_TEST_ASSERT(inSuite, attestation_result == AttestationVerificationResult::kNotImplemented); // Replace default verifier with example verifier - DeviceAttestationVerifier * example_dac_verifier = Examples::GetExampleDACVerifier(); + DeviceAttestationVerifier * example_dac_verifier = GetDefaultDACVerifier(); NL_TEST_ASSERT(inSuite, example_dac_verifier != nullptr); NL_TEST_ASSERT(inSuite, default_verifier != example_dac_verifier); @@ -252,7 +252,7 @@ static void TestDACVerifierExample_CertDeclarationVerification(nlTestSuite * inS CHIP_ERROR err = CHIP_NO_ERROR; // Replace default verifier with example verifier - DeviceAttestationVerifier * example_dac_verifier = Examples::GetExampleDACVerifier(); + DeviceAttestationVerifier * example_dac_verifier = GetDefaultDACVerifier(); NL_TEST_ASSERT(inSuite, example_dac_verifier != nullptr); SetDeviceAttestationVerifier(example_dac_verifier); diff --git a/src/darwin/Framework/CHIP/CHIPDeviceController.mm b/src/darwin/Framework/CHIP/CHIPDeviceController.mm index 213b605c951a43..794d6ed7ccd24f 100644 --- a/src/darwin/Framework/CHIP/CHIPDeviceController.mm +++ b/src/darwin/Framework/CHIP/CHIPDeviceController.mm @@ -36,7 +36,7 @@ #include #include #include -#include +#include #include #include #include @@ -190,7 +190,7 @@ - (BOOL)startup:(_Nullable id)storageDelegate } // Initialize device attestation verifier - chip::Credentials::SetDeviceAttestationVerifier(chip::Credentials::Examples::GetExampleDACVerifier()); + chip::Credentials::SetDeviceAttestationVerifier(chip::Credentials::GetDefaultDACVerifier()); params.fabricStorage = _fabricStorage; commissionerParams.storageDelegate = _persistentStorageDelegateBridge;