Add two additional CD checks, fix test, add comments (#28789)
diff --git a/src/credentials/CertificationDeclaration.h b/src/credentials/CertificationDeclaration.h
index 8d4b6b2..3c5fee0 100644
--- a/src/credentials/CertificationDeclaration.h
+++ b/src/credentials/CertificationDeclaration.h
@@ -93,6 +93,14 @@
char certificateId[kCertificateIdLength + 1] = { 0 };
};
+enum class CertificationType : uint8_t
+{
+ kDevelopmentAndTest,
+ kProvisional,
+ kOfficial,
+ kReserved,
+};
+
class CertificationElementsDecoder
{
public:
diff --git a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp
index 475fedd..75c2135 100644
--- a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp
+++ b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp
@@ -505,6 +505,14 @@
// TODO: validate contents based on DCL
}
+ // Verify the cd elements are as required by the spec
+ // security_level, security_information are meant to be ignored. version_number is not meant to be interpreted by the
+ // commissioners.
+ if (cdContent.formatVersion != 1 || cdContent.certificationType >= chip::to_underlying(CertificationType::kReserved))
+ {
+ return AttestationVerificationResult::kAttestationElementsMalformed;
+ }
+
// The vendor_id field in the Certification Declaration SHALL match the VendorID attribute found in the Basic Information
// cluster
VerifyOrReturnError(cdContent.vendorId == deviceInfo.vendorId,
diff --git a/src/credentials/tests/TestCommissionerDUTVectors.cpp b/src/credentials/tests/TestCommissionerDUTVectors.cpp
index 99a586d..4c7efea 100644
--- a/src/credentials/tests/TestCommissionerDUTVectors.cpp
+++ b/src/credentials/tests/TestCommissionerDUTVectors.cpp
@@ -148,10 +148,18 @@
example_dac_verifier->VerifyAttestationInformation(info, &attestationInformationVerificationCallback);
bool isSuccessCase = dacProvider.IsSuccessCase();
- // The DefaultDACVerifier doesn't currently check validity of CD elements values.
+ // The following test vectors are success conditions for an SDK commissioner for the following reasons:
+ // struct_cd_device_type_id_mismatch - requires DCL access, which the SDK does not have and is not required
+ // struct_cd_security_info_wrong - while devices are required to set this to 0, commissioners are required to ignore it
+ // (see 6.3.1)
+ // hence this is marked as a failure for devices, but should be a success case for
+ // commissioners
+ // struct_cd_security_level_wrong - as with security info, commissioners are required to ignore this value (see 6.3.1)
+ // struct_cd_version_number_wrong - this value is not meant to be interpreted by commissioners, so errors here should be
+ // ignored (6.3.1)
+ // struct_cd_cert_id_mismatch - requires DCL access, which the SDK does not have and is not required.
if (strstr(entry->d_name, "struct_cd_device_type_id_mismatch") || strstr(entry->d_name, "struct_cd_security_info_wrong") ||
- strstr(entry->d_name, "struct_cd_cert_type_wrong") || strstr(entry->d_name, "struct_cd_security_level_wrong") ||
- strstr(entry->d_name, "struct_cd_version_number_wrong") || strstr(entry->d_name, "struct_cd_format_version_2") ||
+ strstr(entry->d_name, "struct_cd_security_level_wrong") || strstr(entry->d_name, "struct_cd_version_number_wrong") ||
strstr(entry->d_name, "struct_cd_cert_id_mismatch"))
{
isSuccessCase = true;
