Created
January 3, 2024 13:46
-
-
Save oidebrett/7cb2cf0a732f005a4d54ccdf9e64834f to your computer and use it in GitHub Desktop.
This script generates self-minted DAC and PAI. The output may easily be included in your C++ source code.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # generate-embeddable-certs.sh script | |
| # —---------------------------------- | |
| # | |
| # This script generates self-minted DAC and PAI. | |
| # The output may easily be included in your C++ source code. | |
| # | |
| # Edit this information with your paths and certificates | |
| folder="credentials/test/attestation" | |
| chip_cert_tool="out/chip-cert" | |
| cert_file_der="${folder}/test-PAI-${VID}-cert.der" | |
| cert_file_pem="${folder}/test-PAI-${VID}-cert.pem" | |
| key_file_pem="${folder}/test-PAI-${VID}-key.pem" | |
| type="Pai" | |
| printf "namespace chip {\n" | |
| printf "namespace DevelopmentCerts {\n\n" | |
| printf "#if CHIP_DEVICE_CONFIG_DEVICE_VENDOR_ID == 0x${VID} && CHIP_DEVICE_CONFIG_DEVICE_PRODUCT_ID == 0x${PID}\n\n" | |
| printcert() { | |
| # convert cert to DER | |
| if [ -f "${cert_file_der}" ]; then | |
| rm "${cert_file_der}" | |
| fi | |
| "${chip_cert_tool}" convert-cert "${cert_file_pem}" "${cert_file_der}" --x509-der | |
| printf "// ------------------------------------------------------------ \n" | |
| printf "// ${type} CERTIFICATE ${cert_file_der} \n\n" | |
| printf "constexpr uint8_t ${type}_Cert_Array[] = {\n" | |
| less -f "${cert_file_der}" | od -t x1 -An | sed 's/\</0x/g' | sed 's/\>/,/g' | sed 's/^/ /g' | |
| printf "};\n\n" | |
| printf "ByteSpan k${type}Cert = ByteSpan(${type}_Cert_Array);\n\n" | |
| printf "// ${type} PUBLIC KEY FROM ${key_file_pem} \n\n" | |
| printf "constexpr uint8_t ${type}_PublicKey_Array[] = {\n" | |
| openssl ec -text -noout -in "${key_file_pem}" 2>/dev/null | sed '/ASN1 OID/d' | sed '/NIST CURVE/d' | sed -n '/pub:/,$p' | sed '/pub:/d' | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)/0x\1/g' | sed 's/:/, /g' | |
| printf "};\n\n" | |
| printf "ByteSpan k${type}PublicKey = ByteSpan(${type}_PublicKey_Array);\n\n" | |
| printf "// ${type} PRIVATE KEY FROM ${key_file_pem} \n\n" | |
| printf "constexpr uint8_t ${type}_PrivateKey_Array[] = {\n" | |
| openssl ec -text -noout -in "${key_file_pem}" 2>/dev/null | sed '/read EC key/d' | sed '/Private-Key/d' | sed '/priv:/d' | sed '/pub:/,$d' | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)/0x\1/g' | sed 's/:/, /g' | |
| printf "};\n\n" | |
| printf "ByteSpan k${type}PrivateKey = ByteSpan(${type}_PrivateKey_Array);\n\n" | |
| } | |
| # generates PAI | |
| printcert | |
| type="Dac" | |
| cert_file_der="${folder}/test-DAC-${VID}-${PID}-cert.der" | |
| cert_file_pem="${folder}/test-DAC-${VID}-${PID}-cert.pem" | |
| key_file_pem="${folder}/test-DAC-${VID}-${PID}-key.pem" | |
| # generates DAC | |
| printcert | |
| printf "#endif // CHIP_DEVICE_CONFIG_DEVICE_PRODUCT_ID\n" | |
| printf "} // namespace DevelopmentCerts\n" | |
| printf "} // namespace chip\n" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment