[TC-DA-1.4] Added Test Case Vector with Invalid (Untrusted) PAA. (#22577)

Author: emargolis

credentials/development/commissioner_dut/invalid_paa/cd.der

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBzjCCAXSgAwIBAgIIWRRjypC2cxkwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMTA2Mjgx
+NDIzNDNaGA85OTk5MTIzMTIzNTk1OVowRjEYMBYGA1UEAwwPTWF0dGVyIFRlc3Qg
+REFDMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ1lnUF27XW2SR0MYjYBm2BSgDGS3TT
+bi6A0tsHKjuB/8Y9bU3bAT5+gNnz6IIgXSt3949rRlcN4gN5Sux5Td8Fo2AwXjAM
+BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU3JVLDvstIQgd
+qOejQv2K2nz5m2IwHwYDVR0jBBgwFoAU44aqTINKlOXlPPM+5w93H6P7TAAwCgYI
+KoZIzj0EAwIDSAAwRQIhAJbqcL/1bbwLjHtzVz+BIVmUVwq7QXS7A6NsL7CgMiZy
+AiAyLK2B8V7wI2VPppLeWQuZt5Aso89n7+J/gJaIKnBKhw==
+-----END CERTIFICATE-----

credentials/development/commissioner_dut/invalid_paa/dac-Cert.der

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJbEKXtKCVCXl0KbWX+6WlxDIcxH649NH1Nm33Prxqs6oAoGCCqGSM49
+AwEHoUQDQgAENZZ1Bdu11tkkdDGI2AZtgUoAxkt0024ugNLbByo7gf/GPW1N2wE+
+foDZ8+iCIF0rd/ePa0ZXDeIDeUrseU3fBQ==
+-----END EC PRIVATE KEY-----

credentials/development/commissioner_dut/invalid_paa/dac-Cert.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB0DCCAXagAwIBAgIIOOfO8k+viIgwCgYIKoZIzj0EAwIwOTE3MDUGA1UEAwwu
+SW52YWxpZCAoTm90IFJlZ2lzdGVyZWQgaW4gdGhlIERDTCkgTWF0dGVyIFBBQTAg
+Fw0yMTA2MjgxNDIzNDNaGA85OTk5MTIzMTIzNTk1OVowOTE3MDUGA1UEAwwuSW52
+YWxpZCAoTm90IFJlZ2lzdGVyZWQgaW4gdGhlIERDTCkgTWF0dGVyIFBBQTBZMBMG
+ByqGSM49AgEGCCqGSM49AwEHA0IABPpJ2vGCmLL490OZuD1htkMjRuSOc5kCb3lx
+bFxwmk66gvXU8Yocg3BvqK+9WWC6JBlgzvviw93276bvpHGpMYajZjBkMBIGA1Ud
+EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQrDv6LP/qE
+lgvYk8SvEXFnR+BIpTAfBgNVHSMEGDAWgBQrDv6LP/qElgvYk8SvEXFnR+BIpTAK
+BggqhkjOPQQDAgNIADBFAiB/D0/Pz+Fz+SU6mNOjvPKcGlZIPe+FRDGI5uqI8rX2
+PwIhAOyShTFQMhNfy+1TnWRbwm/ShROaLr1Zcj7nLRczeGjD
+-----END CERTIFICATE-----

credentials/development/commissioner_dut/invalid_paa/dac-Key.der

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFY+k2145+Tfyl9Stq08M5H+SieAPCwwoOLg1NS8s2TqoAoGCCqGSM49
+AwEHoUQDQgAE+kna8YKYsvj3Q5m4PWG2QyNG5I5zmQJveXFsXHCaTrqC9dTxihyD
+cG+or71ZYLokGWDO++LD3fbvpu+kcakxhg==
+-----END EC PRIVATE KEY-----

credentials/development/commissioner_dut/invalid_paa/dac-Key.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIByDCCAW2gAwIBAgIIVH5lccL+7gYwCgYIKoZIzj0EAwIwOTE3MDUGA1UEAwwu
+SW52YWxpZCAoTm90IFJlZ2lzdGVyZWQgaW4gdGhlIERDTCkgTWF0dGVyIFBBQTAg
+Fw0yMTA2MjgxNDIzNDNaGA85OTk5MTIzMTIzNTk1OVowMDEYMBYGA1UEAwwPTWF0
+dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABJTSFb4sA9AkXurgPmWCT2maCtyOp8AaqS6dlms2IehJKykQ
+j8u1lC4GM1u0iYwhj820yadRtGRmww0cNgjQrQejZjBkMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjhqpMg0qU5eU88z7nD3cf
+o/tMADAfBgNVHSMEGDAWgBQrDv6LP/qElgvYk8SvEXFnR+BIpTAKBggqhkjOPQQD
+AgNJADBGAiEA4CLir/Rmk9mDUS71Jrteov7tCIT9eXrFGUTPkoW+6zcCIQDEhmKi
+4hXiW6WC8eXcUxS6kYvEoAKI+kic9A00szhNkg==
+-----END CERTIFICATE-----

credentials/development/commissioner_dut/invalid_paa/paa-Cert.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHOVwVthXM49128hkyBUFt/P5rCpOxBikVZ1HyiTyV90oAoGCCqGSM49
+AwEHoUQDQgAElNIVviwD0CRe6uA+ZYJPaZoK3I6nwBqpLp2WazYh6EkrKRCPy7WU
+LgYzW7SJjCGPzbTJp1G0ZGbDDRw2CNCtBw==
+-----END EC PRIVATE KEY-----

credentials/development/commissioner_dut/invalid_paa/paa-Key.pem

@@ -0,0 +1,9 @@
+{
+    "description": "PAI Test Vector: Invalid CMS Signature.",
+    "is_success_case": "false",
+    "dac_cert": "308201ce30820174a0030201020208591463ca90b67319300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414931143012060a2b0601040182a27c02010c04464646313020170d3231303632383134323334335a180f39393939313233313233353935395a30463118301606035504030c0f4d617474657220546573742044414331143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030303059301306072a8648ce3d020106082a8648ce3d0301070342000435967505dbb5d6d924743188d8066d814a00c64b74d36e2e80d2db072a3b81ffc63d6d4ddb013e7e80d9f3e882205d2b77f78f6b46570de203794aec794ddf05a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e04160414dc954b0efb2d21081da8e7a342fd8ada7cf99b62301f0603551d23041830168014e386aa4c834a94e5e53cf33ee70f771fa3fb4c00300a06082a8648ce3d040302034800304502210096ea70bff56dbc0b8c7b73573f81215994570abb4174bb03a36c2fb0a03226720220322cad81f15ef023654fa692de590b99b7902ca3cf67efe27f8096882a704a87",
+    "pai_cert": "308201c83082016da0030201020208547e6571c2feee06300a06082a8648ce3d04030230393137303506035504030c2e496e76616c696420284e6f74205265676973746572656420696e207468652044434c29204d6174746572205041413020170d3231303632383134323334335a180f39393939313233313233353935395a30303118301606035504030c0f4d617474657220546573742050414931143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d0301070342000494d215be2c03d0245eeae03e65824f699a0adc8ea7c01aa92e9d966b3621e8492b29108fcbb5942e06335bb4898c218fcdb4c9a751b46466c30d1c3608d0ad07a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e04160414e386aa4c834a94e5e53cf33ee70f771fa3fb4c00301f0603551d230418301680142b0efe8b3ffa84960bd893c4af11716747e048a5300a06082a8648ce3d0403020349003046022100e022e2aff46693d983512ef526bb5ea2feed0884fd797ac51944cf9285beeb37022100c48662a2e215e25ba582f1e5dc5314ba918bc4a00288fa489cf40d34b3384d92",
+    "certification_declaration": "3081e906092a864886f70d010702a081db3081d8020103310d300b0609608648016503040201304506092a864886f70d010701a0380436152400012501f1ff360205008018250334122c04135a494732303134315a423333303030312d32342405002406002507769824080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d040302044730450221009537f838ebfd9f8b1f26b4c207098ec082928254e8db72fc32f8a870ef97563a02203c59748c2c49d7222b58088c3689127a2df28aa8ae8320bd3c82fdcf01dd6044",
+    "dac_private_key": "96c4297b4a09509797429b597fba5a5c4321cc47eb8f4d1f5366df73ebc6ab3a",
+    "dac_public_key": "0435967505dbb5d6d924743188d8066d814a00c64b74d36e2e80d2db072a3b81ffc63d6d4ddb013e7e80d9f3e882205d2b77f78f6b46570de203794aec794ddf05"
+}

credentials/development/commissioner_dut/invalid_paa/pai-Cert.der

@@ -944,6 +944,41 @@ def main():
         # Generate Test Case Data Container in JSON Format
         generate_test_case_vector_json(test_case_out_dir, 'cd', test_case)
 
+    # Test case: Generate {DAC, PAI, PAA} chain with random (invalid) PAA
+    test_case_out_dir = args.outdir + '/invalid_paa'
+    paapath = test_case_out_dir + '/paa-'
+
+    if not os.path.exists(test_case_out_dir):
+        os.mkdir(test_case_out_dir)
+
+    # Generate PAA Cert/Key
+    cmd = chipcert + ' gen-att-cert -t a -c "Invalid (Not Registered in the DCL) Matter PAA" -f "' + VALID_IN_PAST + \
+        '" -l 4294967295 -o ' + paapath + 'Cert.pem -O ' + paapath + 'Key.pem'
+    subprocess.run(cmd, shell=True)
+
+    vid = 0xFFF1
+    pid = 0x8000
+
+    # Generate PAI Cert/Key
+    builder = DevCertBuilder(CertType.PAI, 'no-error', paapath, test_case_out_dir,
+                             chipcert, vid, PID_NOT_PRESENT, '', VALID_IN_PAST)
+    builder.make_certs_and_keys()
+
+    # Generate DAC Cert/Key
+    builder = DevCertBuilder(CertType.DAC, 'no-error', paapath, test_case_out_dir,
+                             chipcert, vid, pid, '', VALID_IN_PAST)
+    builder.make_certs_and_keys()
+
+    # Generate Certification Declaration (CD)
+    vid_flag = ' -V 0x{:X}'.format(vid)
+    pid_flag = ' -p 0x{:X}'.format(pid)
+    cmd = chipcert + ' gen-cd -K ' + cd_key + ' -C ' + cd_cert + ' -O ' + test_case_out_dir + '/cd.der' + \
+        ' -f 1 ' + vid_flag + pid_flag + ' -d 0x1234 -c "ZIG20141ZB330001-24" -l 0 -i 0 -n 9876 -t 0'
+    subprocess.run(cmd, shell=True)
+
+    # Generate Test Case Data Container in JSON Format
+    generate_test_case_vector_json(test_case_out_dir, test_cert, test_case)
+
 
 if __name__ == '__main__':
     sys.exit(main())