project-chip
Add Device Attestation validation to `chip-cert` tool for YAML test support
Problem
There is no "freestanding" implementation of the Device Attestation validation procedure that could be executed by implementers and by CSG test harness based on responses obtained, to ascertain the current validity of a given implementation.
Proposed Solution
In order to automate Device Attestation Procedure testing, we could have a command-line tool that can validate the AttestationResponse and and provide a result and logs, so that it can be wrapped in a delegated YAML command.
This will allow executing an instrumented view of the device attestation procedure.
The tooling could then be replaced in the future with an equivalent independent implementation.
Two commands are necessary:
- Validation of AttestationSignature on AttestationResponse
- Validation of AttestationSignature on NOCSRResponse
The common arguments for both:
- PAI cert in DER, encoded as hex
- DAC cert in DER, encoded as hex
- Attestation Challenge from secure session, encoded as hex
- Nonce (AttestationNonce, CSRNonce), encoded as hex
- AttestationSignature (from either AttestationResponse or NOCSRResponse), encoded as hex
The specific arguments are either:
- AttestationElements from AttestationResponse
- NOCSRElements from NOCSRResponse
@tcarmelveilleux This seems important - should it remain in the 1.0 list?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This stale issue has been automatically closed. Thank you for your contributions.