Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Check VID/PID when doing device attestation (#14551)" #14795

Merged
merged 1 commit into from
Feb 4, 2022
Merged

Revert "Check VID/PID when doing device attestation (#14551)" #14795

merged 1 commit into from
Feb 4, 2022

Conversation

andy31415
Copy link
Contributor

This reverts commit a7d7d8d.

Problem

PR was not ready to merge, breaks commissioning

Change overview

Revert

Testing

N/A

@andy31415 andy31415 added the hotfix urgent fix needed, can bypass review label Feb 4, 2022
@cecille
Copy link
Contributor

cecille commented Feb 4, 2022

Rolling this back until we can fix the generic certs for the platforms.

@andy31415 andy31415 merged commit ad28f32 into project-chip:master Feb 4, 2022
@github-actions
Copy link

github-actions bot commented Feb 4, 2022
edited
Loading

PR #14795: Size comparison from 5f7fe7f to 99f7465

Decreases (3 builds for linux)
platform target config section 5f7fe7f 99f7465 change % change
linux chip-tool debug (read only) 7298597 7296805 -1792 -0.0
.text 6518725 6516933 -1792 -0.0
chip-tool-ipv6only arm64 (read only) 7238772 7237044 -1728 -0.0
.text 6241348 6239620 -1728 -0.0
tv-app debug (read only) 2519649 2517761 -1888 -0.1
.text 2153282 2151394 -1888 -0.1
Full report (43 builds for cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, qpg, telink)
platform target config section 5f7fe7f 99f7465 change % change
cyw30739 light cyw930739m2evb_01 (read/write) 587390 587390 0 0.0
.app_xip_area 493988 493988 0 0.0
.bss 76124 76124 0 0.0
.data 624 624 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 545318 545318 0 0.0
.app_xip_area 453468 453468 0 0.0
.bss 74604 74604 0 0.0
.data 588 588 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor cyw930739m2evb_01 (read/write) 569682 569682 0 0.0
.app_xip_area 468520 468520 0 0.0
.bss 83588 83588 0 0.0
.data 532 532 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 857120 857120 0 0.0
(read/write) 125888 125888 0 0.0
.bss 123960 123960 0 0.0
.data 1924 1924 0 0.0
.text 857112 857112 0 0.0
BRD4161A+rpc (read only) 844472 844472 0 0.0
(read/write) 142544 142544 0 0.0
.bss 140520 140520 0 0.0
.data 2024 2024 0 0.0
.text 844464 844464 0 0.0
window-app BRD4161A (read only) 829356 829356 0 0.0
(read/write) 124528 124528 0 0.0
.bss 122648 122648 0 0.0
.data 1880 1880 0 0.0
.text 829348 829348 0 0.0
esp32 all-clusters-app c3devkit (read only) 936752 936752 0 0.0
(read/write) 1401186 1401186 0 0.0
.dram0.bss 70064 70064 0 0.0
.dram0.data 14276 14276 0 0.0
.flash.rodata 197944 197944 0 0.0
.flash.text 936752 936752 0 0.0
.iram0.text 62056 62056 0 0.0
m5stack (read only) 984667 984667 0 0.0
(read/write) 465536 465536 0 0.0
.dram0.bss 74816 74816 0 0.0
.dram0.data 34040 34040 0 0.0
.flash.rodata 224552 224552 0 0.0
.flash.text 979283 979283 0 0.0
.iram0.text 123399 123399 0 0.0
k32w light k32w061+release (read/write) 671900 671900 0 0.0
.bss 75832 75832 0 0.0
.data 1884 1884 0 0.0
.text 588384 588384 0 0.0
lock k32w061+release (read/write) 673480 673480 0 0.0
.bss 76160 76160 0 0.0
.data 1924 1924 0 0.0
.text 589596 589596 0 0.0
linux all-clusters-app debug (read only) 2323489 2323489 0 0.0
(read/write) 140032 140032 0 0.0
.bss 54656 54656 0 0.0
.data 1200 1200 0 0.0
.data.rel.ro 78504 78504 0 0.0
.dynamic 592 592 0 0.0
.got 4136 4136 0 0.0
.init 27 27 0 0.0
.init_array 920 920 0 0.0
.rodata 204037 204037 0 0.0
.text 1957250 1957250 0 0.0
bridge-app debug+rpc (read only) 1699621 1699621 0 0.0
(read/write) 84504 84504 0 0.0
.bss 39264 39264 0 0.0
.data 1986 1986 0 0.0
.data.rel.ro 38088 38088 0 0.0
.dynamic 592 592 0 0.0
.got 3976 3976 0 0.0
.init 27 27 0 0.0
.init_array 560 560 0 0.0
.rodata 139316 139316 0 0.0
.text 1443877 1443877 0 0.0
chip-tool debug (read only) 7298597 7296805 -1792 -0.0
(read/write) 184528 184528 0 0.0
.bss 32360 32360 0 0.0
.data 1152 1152 0 0.0
.data.rel.ro 145024 145024 0 0.0
.dynamic 608 608 0 0.0
.got 4760 4760 0 0.0
.init 27 27 0 0.0
.init_array 608 608 0 0.0
.rodata 410005 410005 0 0.0
.text 6518725 6516933 -1792 -0.0
chip-tool-ipv6only arm64 (read only) 7238772 7237044 -1728 -0.0
(read/write) 287873 287873 0 0.0
.bss 50641 50641 0 0.0
.data 1176 1176 0 0.0
.data.rel.ro 186488 186488 0 0.0
.dynamic 560 560 0 0.0
.got 45776 45776 0 0.0
.init 24 24 0 0.0
.init_array 192 192 0 0.0
.rodata 392684 392684 0 0.0
.text 6241348 6239620 -1728 -0.0
door-lock-app debug (read only) 1904009 1904009 0 0.0
(read/write) 110760 110760 0 0.0
.bss 42272 42272 0 0.0
.data 962 962 0 0.0
.data.rel.ro 62088 62088 0 0.0
.dynamic 592 592 0 0.0
.got 4112 4112 0 0.0
.init 27 27 0 0.0
.init_array 672 672 0 0.0
.rodata 171836 171836 0 0.0
.text 1583778 1583778 0 0.0
lighting-app debug+rpc (read only) 1998481 1998481 0 0.0
(read/write) 115784 115784 0 0.0
.bss 43256 43256 0 0.0
.data 1384 1384 0 0.0
.data.rel.ro 65640 65640 0 0.0
.dynamic 608 608 0 0.0
.got 4144 4144 0 0.0
.init 27 27 0 0.0
.init_array 712 712 0 0.0
.rodata 161937 161937 0 0.0
.text 1682018 1682018 0 0.0
ota-provider-app debug (read only) 1707689 1707689 0 0.0
(read/write) 81400 81400 0 0.0
.bss 41248 41248 0 0.0
.data 1096 1096 0 0.0
.data.rel.ro 33528 33528 0 0.0
.dynamic 608 608 0 0.0
.got 4248 4248 0 0.0
.init 27 27 0 0.0
.init_array 624 624 0 0.0
.rodata 149926 149926 0 0.0
.text 1439186 1439186 0 0.0
ota-requestor-app debug (read only) 1698961 1698961 0 0.0
(read/write) 83448 83448 0 0.0
.bss 42432 42432 0 0.0
.data 1128 1128 0 0.0
.data.rel.ro 34584 34584 0 0.0
.dynamic 592 592 0 0.0
.got 4040 4040 0 0.0
.init 27 27 0 0.0
.init_array 624 624 0 0.0
.rodata 144375 144375 0 0.0
.text 1437810 1437810 0 0.0
shell debug (read only) 2297545 2297545 0 0.0
(read/write) 141552 141552 0 0.0
.bss 62016 62016 0 0.0
.data 800 800 0 0.0
.data.rel.ro 73040 73040 0 0.0
.dynamic 592 592 0 0.0
.got 4168 4168 0 0.0
.init 27 27 0 0.0
.init_array 904 904 0 0.0
.rodata 204914 204914 0 0.0
.text 1936210 1936210 0 0.0
thermostat-no-ble arm64 (read only) 2125796 2125796 0 0.0
(read/write) 140705 140705 0 0.0
.bss 57745 57745 0 0.0
.data 968 968 0 0.0
.data.rel.ro 74872 74872 0 0.0
.dynamic 560 560 0 0.0
.got 4152 4152 0 0.0
.init 24 24 0 0.0
.init_array 328 328 0 0.0
.rodata 131220 131220 0 0.0
.text 1776624 1776624 0 0.0
tv-app debug (read only) 2519649 2517761 -1888 -0.1
(read/write) 139704 139704 0 0.0
.bss 57280 57280 0 0.0
.data 3168 3168 0 0.0
.data.rel.ro 73224 73224 0 0.0
.dynamic 592 592 0 0.0
.got 4528 4528 0 0.0
.init 27 27 0 0.0
.init_array 880 880 0 0.0
.rodata 193332 193332 0 0.0
.text 2153282 2151394 -1888 -0.1
mbed all-clusters-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2388696 2388696 0 0.0
.bss 188972 188972 0 0.0
.data 5296 5296 0 0.0
.text 1351296 1351296 0 0.0
lighting-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2347824 2347824 0 0.0
.bss 181072 181072 0 0.0
.data 5600 5600 0 0.0
.text 1310424 1310424 0 0.0
lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2311808 2311808 0 0.0
.bss 180960 180960 0 0.0
.data 5584 5584 0 0.0
.text 1274408 1274408 0 0.0
pigweed-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 1139712 1139712 0 0.0
.bss 11756 11756 0 0.0
.data 4368 4368 0 0.0
.text 103096 103096 0 0.0
shell CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2302084 2302084 0 0.0
.bss 178244 178244 0 0.0
.data 5400 5400 0 0.0
.text 1264656 1264656 0 0.0
nrfconnect lighting-app nrf52840dk_nrf52840 (read/write) 997847 997847 0 0.0
bss 120544 120544 0 0.0
rodata 117252 117252 0 0.0
text 681144 681144 0 0.0
nrf52840dk_nrf52840+rpc (read/write) 969203 969203 0 0.0
bss 116400 116400 0 0.0
rodata 108640 108640 0 0.0
text 665700 665700 0 0.0
nrf52840dongle_nrf52840 (read/write) 1014539 1014539 0 0.0
bss 121908 121908 0 0.0
rodata 116092 116092 0 0.0
text 686636 686636 0 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 904542 904542 0 0.0
bss 117108 117108 0 0.0
rodata 110512 110512 0 0.0
text 596156 596156 0 0.0
lock-app nrf52840dk_nrf52840 (read/write) 929991 929991 0 0.0
bss 118884 118884 0 0.0
rodata 105604 105604 0 0.0
text 627004 627004 0 0.0
nrf5340dk_nrf5340_cpuapp (read/write) 837514 837514 0 0.0
bss 115476 115476 0 0.0
rodata 98772 98772 0 0.0
text 542792 542792 0 0.0
pigweed-app nrf52840dk_nrf52840 (read/write) 541779 541779 0 0.0
bss 52588 52588 0 0.0
rodata 50048 50048 0 0.0
text 376940 376940 0 0.0
pump-app nrf52840dk_nrf52840 (read/write) 932619 932619 0 0.0
bss 118636 118636 0 0.0
rodata 106072 106072 0 0.0
text 629340 629340 0 0.0
pump-controller-app nrf52840dk_nrf52840 (read/write) 927559 927559 0 0.0
bss 118636 118636 0 0.0
rodata 105076 105076 0 0.0
text 625280 625280 0 0.0
shell nrf52840dk_nrf52840 (read/write) 802779 802779 0 0.0
bss 110968 110968 0 0.0
rodata 78480 78480 0 0.0
text 535760 535760 0 0.0
p6 all-clusters-app default (read/write) 2450072 2450072 0 0.0
.bss 117128 117128 0 0.0
.data 2584 2584 0 0.0
.text 1408336 1408336 0 0.0
light-app default (read/write) 2353360 2353360 0 0.0
.bss 106272 106272 0 0.0
.data 2432 2432 0 0.0
.text 1311624 1311624 0 0.0
lock-app default (read/write) 2318552 2318552 0 0.0
.bss 105992 105992 0 0.0
.data 2392 2392 0 0.0
.text 1276816 1276816 0 0.0
qpg lighting-app qpg6105+debug (read only) 580072 580072 0 0.0
(read/write) 146940 146940 0 0.0
.bss 88112 88112 0 0.0
.data 1088 1088 0 0.0
.text 574752 574752 0 0.0
lock-app qpg6105+debug (read only) 526152 526152 0 0.0
(read/write) 146940 146940 0 0.0
.bss 87560 87560 0 0.0
.data 1024 1024 0 0.0
.text 520832 520832 0 0.0
persistent-storage-app qpg6105+debug (read only) 107140 107140 0 0.0
(read/write) 146940 146940 0 0.0
.bss 38504 38504 0 0.0
.data 288 288 0 0.0
.text 101820 101820 0 0.0
telink lighting-app tlsr9518adk80d (read/write) 858862 858862 0 0.0
bss 88476 88476 0 0.0
noinit 37160 37160 0 0.0
text 601966 601966 0 0.0

@bzbarsky-apple
Copy link
Contributor

@andy31415 @cecille How did that pass CI?

cecille added a commit to cecille/connectedhomeip that referenced this pull request Feb 7, 2022
@cecille
Revert "Revert "Check VID/PID when doing device attestation (project-…
35b07d4 
…chip#14551)" (project-chip#14795)"

This reverts commit ad28f32.
cecille added a commit to cecille/connectedhomeip that referenced this pull request Feb 7, 2022
@cecille
Revert "Revert "Check VID/PID when doing device attestation (project-…
833edaa 
…chip#14551)" (project-chip#14795)"

This reverts commit ad28f32.
andy31415 pushed a commit that referenced this pull request Feb 9, 2022
@cecille @tcarmelveilleux
@restyled-commits @emargolis
Add DACs to support PID/VID verfification (#14845)
482e6fd 
* Add new certs for development.

We are moving to have the certificate verification check the VID and PID
between the basic cluster and the DAC/CD. Right now, none of the examples
pass prorperly because the VIDs and PIDs do not match. In order to
facilitate development while platforms are developing their own
DeviceAttestationCredentialsProvider, we have provided a new set of
development certs that can be used for development only.

This new scheme is backed by the test PAA in attestation/test/. This was
done to reduce the number of changes required to the controllers, which
already contain this PAA in their trusted certs.

The PAI has been changed to omit the PID. This means the we can use a
common PAI cert for all products. The vendor ID for the PAI is 0xFFF1,
which a known test vendor for Matter.

The DACs below are signed by the new PAI and include certs and keys
for PIDs 0x8000-0x801F.

* Use new certificates in attestation.

Test: Can commission linux lighting app using pid 0x8000

* Add new certificate declaration

This new CD will veryify against all products with VID 0xFFF1
and PIDs in the range of 0x8000-0x8063.

Test: Verified on linux lighitng app by forcing app and controller
      to use pid 0x8001

* Update example PIDs.

Please see documentation in docs/examples.

* Add explicit warning for PID/VID mismatch.

* Revert "Revert "Check VID/PID when doing device attestation (#14551)" (#14795)"

This reverts commit ad28f32.

* Fix tests

Use hard coded cert values for tests rather than going through the
example creds provider.

* Update src/controller/AutoCommissioner.cpp

Co-authored-by: Tennessee Carmel-Veilleux <[email protected]>

* Update src/controller/CHIPDeviceController.h

Co-authored-by: Tennessee Carmel-Veilleux <[email protected]>

* Restyled by clang-format

* Fix two spelling errors

* Update src/credentials/tests/TestDeviceAttestationCredentials.cpp

Co-authored-by: Evgeny Margolis <[email protected]>

* Use define for CD size.

* YOU get a bracket, YOU get a bracket...

everybody gets a bracket!

* Spelling error.

* Fix P6

Sneaky P6...got by me.

* Put function names in single quotes

I think this will appease the spell checker.

* Fine, spell checker. Here you go.

Co-authored-by: Tennessee Carmel-Veilleux <[email protected]>
Co-authored-by: Restyled.io <[email protected]>
Co-authored-by: Evgeny Margolis <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cecille cecille cecille approved these changes

Assignees
No one assigned
Labels
controller hotfix urgent fix needed, can bypass review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andy31415 @cecille @bzbarsky-apple