search

project-chip / connectedhomeip

Matter (formerly Project CHIP) creates more connections between more objects, simplifying development for manufacturers and increasing compatibility for consumers, guided by the Connectivity Standards Alliance.
https://buildwithmatter.com
Apache License 2.0
7.5k stars 2.01k forks source link

Make script to generate a basic RevocationSet from TestNet #26432

Open tcarmelveilleux opened 1 year ago

tcarmelveilleux commented 1 year ago

The algorithm specified in section "6.2.4.1. Conceptual algorithm for revocation set construction" should be built and usable against TestNet schema, MainNet schema, and against a file containing an array of JSON records equivalent to getting all revocation distribution points from TestNet or MainNet.

The output file should have a JSON format of:

[
  { 
    "type": "revocation_set",
    "issuer_subject_key_id": "<issuer subject key ID as uppercase hex, 20 bytes>",
    "issuer_name": "<ASN.1 SEQUENCE of Issuer of the CRL as base64>",
    "revoked_serial_numbers:
    [
      "serial1 bytes as base64",
      "serial2 bytes as base64"
    ]
  }
]

This should be built as a Python script, using dependencies in the repos. This will be usable to provide an input to device attestation revocation "basic proof of concept" implementation.

See https://github.com/project-chip/connectedhomeip/blob/master/credentials/fetch-paa-certs-from-dcl.py for an example of a script making use of DCL to download DCL schema entries.

tcarmelveilleux commented 11 months ago

Assigning to Vijay, to determine effort. Please re-assign to me if this is too large.