Fix constexpr complaints on test vectors (project-chip#29462)

* Fix constexpr complaints on test vectors

* Attempt #2 - separate PAAs used in non-test

* Things work better when we add all the files

* Restyled by whitespace

* Restyled by clang-format

* add tokenizer

* add the gni

* add pigweed import

* Change filenames

* Restyled by clang-format

---------

Co-authored-by: Restyled.io <commits@restyled.io>

Author: 2 people

src/credentials/BUILD.gn

@@ -15,7 +15,9 @@
 import("//build_overrides/chip.gni")
 import("//build_overrides/nlassert.gni")
 import("${chip_root}/src/crypto/crypto.gni")
+import("${chip_root}/src/lib/core/core.gni")
 import("${chip_root}/src/platform/device.gni")
+
 declare_args() {
   chip_build_example_creds = true
 }
@@ -126,6 +128,24 @@ static_library("credentials") {
   ]
 }
 
+source_set("test_paa_store") {
+  sources = [
+    "attestation_verifier/TestPAAStore.cpp",
+    "attestation_verifier/TestPAAStore.h",
+  ]
+
+  public_deps = [
+    "${chip_root}/src/lib/core:chip_config_header",  # for lib/support/Span.h
+    "${nlassert_root}:nlassert",  # for lib/support/Span.h
+  ]
+  if (chip_pw_tokenizer_logging) {
+    import("//build_overrides/pigweed.gni")
+    public_deps += [
+      "${dir_pw_tokenizer}",  # for /lib/support/Span.h
+    ]
+  }
+}
+
 static_library("default_attestation_verifier") {
   output_name = "libDefaultAttestationVerifier"
 
@@ -144,6 +164,7 @@ static_library("default_attestation_verifier") {
 
   public_deps = [
     ":credentials",
+    ":test_paa_store",
     "${chip_root}/src/crypto",
     "${nlassert_root}:nlassert",
   ]

src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp

@@ -21,6 +21,7 @@
 #include <credentials/CertificationDeclaration.h>
 #include <credentials/DeviceAttestationConstructor.h>
 #include <credentials/DeviceAttestationVendorReserved.h>
+#include <credentials/attestation_verifier/TestPAAStore.h>
 #include <crypto/CHIPCryptoPAL.h>
 
 #include <lib/core/CHIPError.h>
@@ -29,14 +30,8 @@
 #include <lib/support/ScopedBuffer.h>
 #include <lib/support/Span.h>
 
-namespace chip {
-namespace TestCerts {
-extern const Span<const ByteSpan> kTestAttestationTrustStoreRoots;
-} // namespace TestCerts
-} // namespace chip
-
 using namespace chip::Crypto;
-using chip::TestCerts::kTestAttestationTrustStoreRoots;
+using chip::TestCerts::GetTestPaaRootStore;
 
 namespace chip {
 namespace Credentials {
@@ -274,9 +269,7 @@ constexpr std::array<MatterCDSigningKey, 6> gCdSigningKeys = { {
 
 struct TestAttestationTrustStore final : public ArrayAttestationTrustStore
 {
-    TestAttestationTrustStore() :
-        ArrayAttestationTrustStore(kTestAttestationTrustStoreRoots.data(), kTestAttestationTrustStoreRoots.size())
-    {}
+    TestAttestationTrustStore() : ArrayAttestationTrustStore(GetTestPaaRootStore().data(), GetTestPaaRootStore().size()) {}
 };
 Global<TestAttestationTrustStore> gTestAttestationTrustStore;
 

src/credentials/attestation_verifier/TestPAAStore.cpp

@@ -0,0 +1,93 @@
+/*
+ *
+ *    Copyright (c) 2023 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include <lib/support/Span.h>
+
+namespace chip {
+namespace TestCerts {
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-PAA-FFF1-Cert.pem
+
+constexpr uint8_t sTestCert_PAA_FFF1_Cert_Array[] = {
+    0x30, 0x82, 0x01, 0xbd, 0x30, 0x82, 0x01, 0x64, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x4e, 0xa8, 0xe8, 0x31, 0x82, 0xd4,
+    0x1c, 0x1c, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f, 0x39,
+    0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xb6, 0xcb, 0x63, 0x72, 0x88, 0x7f, 0x29, 0x28, 0xf5, 0xba, 0xc8, 0x1a, 0xa9, 0xd9,
+    0x3a, 0xe2, 0x43, 0x1c, 0xad, 0xa9, 0xd7, 0x9e, 0x24, 0x2f, 0x65, 0x17, 0x7e, 0xf9, 0xce, 0xd9, 0x32, 0xa2, 0x8e, 0xcd, 0x03,
+    0xba, 0xaf, 0x6a, 0x8f, 0xca, 0x18, 0x4a, 0x1a, 0x50, 0x35, 0x42, 0x96, 0x0d, 0x45, 0x3f, 0x30, 0x3f, 0x1f, 0x19, 0x42, 0x1d,
+    0x75, 0x1e, 0x8f, 0x8f, 0x1a, 0x9a, 0x9b, 0x75, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01,
+    0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff,
+    0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6a, 0xfd, 0x22, 0x77,
+    0x1f, 0x51, 0x1f, 0xec, 0xbf, 0x16, 0x41, 0x97, 0x67, 0x10, 0xdc, 0xdc, 0x31, 0xa1, 0x71, 0x7e, 0x30, 0x1f, 0x06, 0x03, 0x55,
+    0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6a, 0xfd, 0x22, 0x77, 0x1f, 0x51, 0x1f, 0xec, 0xbf, 0x16, 0x41, 0x97, 0x67,
+    0x10, 0xdc, 0xdc, 0x31, 0xa1, 0x71, 0x7e, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47,
+    0x00, 0x30, 0x44, 0x02, 0x20, 0x50, 0xaa, 0x80, 0x02, 0xf4, 0xd9, 0x32, 0xa9, 0xa0, 0x05, 0x38, 0xf6, 0x53, 0x68, 0xad, 0x0f,
+    0xff, 0xc8, 0xef, 0xbb, 0xc9, 0xbe, 0xb7, 0xda, 0x56, 0x98, 0x35, 0xcf, 0x9a, 0xa7, 0x51, 0x0e, 0x02, 0x20, 0x23, 0xba, 0xc8,
+    0xfe, 0x0f, 0x23, 0xe7, 0x54, 0x45, 0xb6, 0x53, 0x39, 0x08, 0x1a, 0x47, 0x99, 0x49, 0x29, 0xc7, 0x2a, 0xaf, 0x0a, 0x15, 0x48,
+    0xd4, 0x0d, 0x03, 0x4d, 0x51, 0x4b, 0x25, 0xde,
+};
+
+// These are used directly by the CryptoPAL test, so need to be declared extern
+extern constexpr ByteSpan sTestCert_PAA_FFF1_Cert = ByteSpan(sTestCert_PAA_FFF1_Cert_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-PAA-NoVID-Cert.pem
+
+constexpr uint8_t sTestCert_PAA_NoVID_Cert_Array[] = {
+    0x30, 0x82, 0x01, 0x91, 0x30, 0x82, 0x01, 0x37, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x07, 0x0b, 0x8f, 0xba, 0xa8, 0xdd, 0x86,
+    0xee, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x30,
+    0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f, 0x39, 0x39, 0x39,
+    0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+    0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x30, 0x59,
+    0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
+    0x03, 0x42, 0x00, 0x04, 0x10, 0xef, 0x02, 0xa8, 0x1a, 0x87, 0xb6, 0x81, 0x21, 0xfb, 0xa8, 0xd3, 0x19, 0x78, 0xf8, 0x07, 0xa3,
+    0x17, 0xe5, 0x0a, 0xa8, 0xa8, 0x28, 0x44, 0x68, 0x28, 0x91, 0x4b, 0x93, 0x3d, 0xe8, 0xed, 0xd4, 0xa5, 0xc3, 0x9c, 0x9f, 0xf7,
+    0x1a, 0x4c, 0xe3, 0x64, 0x7f, 0xd7, 0xf6, 0x26, 0x53, 0xb7, 0xd2, 0x49, 0x5f, 0xcb, 0xa4, 0xc0, 0xf4, 0x7f, 0x87, 0x68, 0x80,
+    0x03, 0x9e, 0x07, 0x20, 0x4a, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08,
+    0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
+    0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f,
+    0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, 0xea, 0x69, 0x68, 0x82, 0xd5, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
+    0x18, 0x30, 0x16, 0x80, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f, 0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, 0xea,
+    0x69, 0x68, 0x82, 0xd5, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45,
+    0x02, 0x21, 0x00, 0xb9, 0xef, 0xdb, 0x3e, 0xa0, 0x6a, 0x52, 0xec, 0x0b, 0xf0, 0x1e, 0x61, 0xda, 0xed, 0x2c, 0x2d, 0x15, 0x6d,
+    0xdb, 0x6c, 0xf0, 0x14, 0x10, 0x1d, 0xab, 0x79, 0x8f, 0xac, 0x05, 0xfa, 0x47, 0xe5, 0x02, 0x20, 0x60, 0x06, 0x1d, 0x3e, 0x35,
+    0xd6, 0x0d, 0x9d, 0x4b, 0x0d, 0x44, 0x8d, 0xad, 0x76, 0x12, 0xf7, 0xe8, 0x5c, 0x58, 0x2e, 0x3f, 0xc3, 0x12, 0xdc, 0x18, 0x79,
+    0x4d, 0xd3, 0x73, 0x71, 0x5e, 0x5d,
+};
+
+// These are used directly by the CryptoPAL test, so need to be declared extern
+extern constexpr ByteSpan sTestCert_PAA_NoVID_Cert = ByteSpan(sTestCert_PAA_NoVID_Cert_Array);
+
+const Span<const ByteSpan> kTestAttestationTrustStoreRoots((const ByteSpan[]){
+    sTestCert_PAA_FFF1_Cert,
+    sTestCert_PAA_NoVID_Cert,
+});
+
+const Span<const ByteSpan> & GetTestPaaRootStore()
+{
+    return kTestAttestationTrustStoreRoots;
+}
+
+} // namespace TestCerts
+} // namespace chip

src/credentials/attestation_verifier/TestPAAStore.h

@@ -0,0 +1,38 @@
+/*
+ *
+ *    Copyright (c) 2021-2023 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ *
+ * Storage for test attestation PAA certificates. Contains the certs for
+ * the 0xFFF1 vid PAA cert and the test PAA cert with no VID.
+ *
+ * These certs are used by the device attestation and crypto tests
+ * and by the DefaultDeviceAttestationVerifier.
+ */
+
+#pragma once
+
+#include <lib/support/Span.h>
+
+namespace chip {
+namespace TestCerts {
+
+extern const ByteSpan sTestCert_PAA_FFF1_Cert;
+extern const ByteSpan sTestCert_PAA_NoVID_Cert;
+
+const Span<const ByteSpan> & GetTestPaaRootStore();
+
+} // namespace TestCerts
+} // namespace chip

src/credentials/tests/BUILD.gn

@@ -36,7 +36,10 @@ static_library("cert_test_vectors") {
 
   cflags = [ "-Wconversion" ]
 
-  public_deps = [ "${chip_root}/src/credentials" ]
+  public_deps = [
+    "${chip_root}/src/credentials",
+    "${chip_root}/src/credentials:test_paa_store",
+  ]
 }
 
 chip_test_suite("tests") {

src/credentials/tests/CHIPAttCert_test_vectors.cpp

@@ -3347,35 +3347,6 @@ constexpr uint8_t sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PrivateKey_Array[]
 extern const ByteSpan sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PrivateKey =
     ByteSpan(sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PrivateKey_Array);
 
-// ${chip_root}/credentials/test/attestation/Chip-Test-PAA-FFF1-Cert.pem
-
-constexpr uint8_t sTestCert_PAA_FFF1_Cert_Array[] = {
-    0x30, 0x82, 0x01, 0xbd, 0x30, 0x82, 0x01, 0x64, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x4e, 0xa8, 0xe8, 0x31, 0x82, 0xd4,
-    0x1c, 0x1c, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06,
-    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41,
-    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
-    0x31, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f, 0x39,
-    0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06,
-    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41,
-    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
-    0x31, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
-    0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xb6, 0xcb, 0x63, 0x72, 0x88, 0x7f, 0x29, 0x28, 0xf5, 0xba, 0xc8, 0x1a, 0xa9, 0xd9,
-    0x3a, 0xe2, 0x43, 0x1c, 0xad, 0xa9, 0xd7, 0x9e, 0x24, 0x2f, 0x65, 0x17, 0x7e, 0xf9, 0xce, 0xd9, 0x32, 0xa2, 0x8e, 0xcd, 0x03,
-    0xba, 0xaf, 0x6a, 0x8f, 0xca, 0x18, 0x4a, 0x1a, 0x50, 0x35, 0x42, 0x96, 0x0d, 0x45, 0x3f, 0x30, 0x3f, 0x1f, 0x19, 0x42, 0x1d,
-    0x75, 0x1e, 0x8f, 0x8f, 0x1a, 0x9a, 0x9b, 0x75, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01,
-    0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff,
-    0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x6a, 0xfd, 0x22, 0x77,
-    0x1f, 0x51, 0x1f, 0xec, 0xbf, 0x16, 0x41, 0x97, 0x67, 0x10, 0xdc, 0xdc, 0x31, 0xa1, 0x71, 0x7e, 0x30, 0x1f, 0x06, 0x03, 0x55,
-    0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6a, 0xfd, 0x22, 0x77, 0x1f, 0x51, 0x1f, 0xec, 0xbf, 0x16, 0x41, 0x97, 0x67,
-    0x10, 0xdc, 0xdc, 0x31, 0xa1, 0x71, 0x7e, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47,
-    0x00, 0x30, 0x44, 0x02, 0x20, 0x50, 0xaa, 0x80, 0x02, 0xf4, 0xd9, 0x32, 0xa9, 0xa0, 0x05, 0x38, 0xf6, 0x53, 0x68, 0xad, 0x0f,
-    0xff, 0xc8, 0xef, 0xbb, 0xc9, 0xbe, 0xb7, 0xda, 0x56, 0x98, 0x35, 0xcf, 0x9a, 0xa7, 0x51, 0x0e, 0x02, 0x20, 0x23, 0xba, 0xc8,
-    0xfe, 0x0f, 0x23, 0xe7, 0x54, 0x45, 0xb6, 0x53, 0x39, 0x08, 0x1a, 0x47, 0x99, 0x49, 0x29, 0xc7, 0x2a, 0xaf, 0x0a, 0x15, 0x48,
-    0xd4, 0x0d, 0x03, 0x4d, 0x51, 0x4b, 0x25, 0xde,
-};
-
-extern const ByteSpan sTestCert_PAA_FFF1_Cert = ByteSpan(sTestCert_PAA_FFF1_Cert_Array);
-
 constexpr uint8_t sTestCert_PAA_FFF1_SKID_Array[] = {
     0x6A, 0xFD, 0x22, 0x77, 0x1F, 0x51, 0x1F, 0xEC, 0xBF, 0x16, 0x41, 0x97, 0x67, 0x10, 0xDC, 0xDC, 0x31, 0xA1, 0x71, 0x7E,
 };
@@ -3506,33 +3477,6 @@ constexpr uint8_t sTestCert_PAA_FFF2_ValInPast_PrivateKey_Array[] = {
 
 extern const ByteSpan sTestCert_PAA_FFF2_ValInPast_PrivateKey = ByteSpan(sTestCert_PAA_FFF2_ValInPast_PrivateKey_Array);
 
-// ${chip_root}/credentials/test/attestation/Chip-Test-PAA-NoVID-Cert.pem
-
-constexpr uint8_t sTestCert_PAA_NoVID_Cert_Array[] = {
-    0x30, 0x82, 0x01, 0x91, 0x30, 0x82, 0x01, 0x37, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x07, 0x0b, 0x8f, 0xba, 0xa8, 0xdd, 0x86,
-    0xee, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
-    0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x30,
-    0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f, 0x39, 0x39, 0x39,
-    0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
-    0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x30, 0x59,
-    0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
-    0x03, 0x42, 0x00, 0x04, 0x10, 0xef, 0x02, 0xa8, 0x1a, 0x87, 0xb6, 0x81, 0x21, 0xfb, 0xa8, 0xd3, 0x19, 0x78, 0xf8, 0x07, 0xa3,
-    0x17, 0xe5, 0x0a, 0xa8, 0xa8, 0x28, 0x44, 0x68, 0x28, 0x91, 0x4b, 0x93, 0x3d, 0xe8, 0xed, 0xd4, 0xa5, 0xc3, 0x9c, 0x9f, 0xf7,
-    0x1a, 0x4c, 0xe3, 0x64, 0x7f, 0xd7, 0xf6, 0x26, 0x53, 0xb7, 0xd2, 0x49, 0x5f, 0xcb, 0xa4, 0xc0, 0xf4, 0x7f, 0x87, 0x68, 0x80,
-    0x03, 0x9e, 0x07, 0x20, 0x4a, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08,
-    0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
-    0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f,
-    0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, 0xea, 0x69, 0x68, 0x82, 0xd5, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
-    0x18, 0x30, 0x16, 0x80, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f, 0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, 0xea,
-    0x69, 0x68, 0x82, 0xd5, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45,
-    0x02, 0x21, 0x00, 0xb9, 0xef, 0xdb, 0x3e, 0xa0, 0x6a, 0x52, 0xec, 0x0b, 0xf0, 0x1e, 0x61, 0xda, 0xed, 0x2c, 0x2d, 0x15, 0x6d,
-    0xdb, 0x6c, 0xf0, 0x14, 0x10, 0x1d, 0xab, 0x79, 0x8f, 0xac, 0x05, 0xfa, 0x47, 0xe5, 0x02, 0x20, 0x60, 0x06, 0x1d, 0x3e, 0x35,
-    0xd6, 0x0d, 0x9d, 0x4b, 0x0d, 0x44, 0x8d, 0xad, 0x76, 0x12, 0xf7, 0xe8, 0x5c, 0x58, 0x2e, 0x3f, 0xc3, 0x12, 0xdc, 0x18, 0x79,
-    0x4d, 0xd3, 0x73, 0x71, 0x5e, 0x5d,
-};
-
-extern const ByteSpan sTestCert_PAA_NoVID_Cert = ByteSpan(sTestCert_PAA_NoVID_Cert_Array);
-
 constexpr uint8_t sTestCert_PAA_NoVID_SKID_Array[] = {
     0x78, 0x5C, 0xE7, 0x05, 0xB8, 0x6B, 0x8F, 0x4E, 0x6F, 0xC7, 0x93, 0xAA, 0x60, 0xCB, 0x43, 0xEA, 0x69, 0x68, 0x82, 0xD5,
 };
@@ -4289,10 +4233,5 @@ constexpr uint8_t sTestCert_PAI_FFF2_NoPID_Resigned_SKID_Array[] = {
 
 extern const ByteSpan sTestCert_PAI_FFF2_NoPID_Resigned_SKID = ByteSpan(sTestCert_PAI_FFF2_NoPID_Resigned_SKID_Array);
 
-extern constexpr Span<const ByteSpan> kTestAttestationTrustStoreRoots((const ByteSpan[]){
-    sTestCert_PAA_FFF1_Cert,
-    sTestCert_PAA_NoVID_Cert,
-});
-
 } // namespace TestCerts
 } // namespace chip

src/credentials/tests/CHIPAttCert_test_vectors.h

@@ -23,9 +23,6 @@
 namespace chip {
 namespace TestCerts {
 
-// Root CA certs for chip::Credentials::GetTestAttestationTrustStore()
-extern const Span<const ByteSpan> kTestAttestationTrustStoreRoots;
-
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Cert;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_SKID;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_PublicKey;
@@ -316,7 +313,7 @@ extern const ByteSpan sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_SKID;
 extern const ByteSpan sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PublicKey;
 extern const ByteSpan sTestCert_DAC_FFF2_8006_0035_Val1SecBefore_PrivateKey;
 
-extern const ByteSpan sTestCert_PAA_FFF1_Cert;
+// Cert is provided in the PAA store file as it is used in the default verifier.
 extern const ByteSpan sTestCert_PAA_FFF1_SKID;
 extern const ByteSpan sTestCert_PAA_FFF1_PublicKey;
 extern const ByteSpan sTestCert_PAA_FFF1_PrivateKey;
@@ -331,7 +328,7 @@ extern const ByteSpan sTestCert_PAA_FFF2_ValInPast_SKID;
 extern const ByteSpan sTestCert_PAA_FFF2_ValInPast_PublicKey;
 extern const ByteSpan sTestCert_PAA_FFF2_ValInPast_PrivateKey;
 
-extern const ByteSpan sTestCert_PAA_NoVID_Cert;
+// Cert is provided in the PAA store file as it is used in the default verifier.
 extern const ByteSpan sTestCert_PAA_NoVID_SKID;
 extern const ByteSpan sTestCert_PAA_NoVID_PublicKey;
 extern const ByteSpan sTestCert_PAA_NoVID_PrivateKey;

src/credentials/tests/TestDeviceAttestationCredentials.cpp

@@ -22,6 +22,7 @@
 #include <credentials/DeviceAttestationCredsProvider.h>
 #include <credentials/attestation_verifier/DefaultDeviceAttestationVerifier.h>
 #include <credentials/attestation_verifier/DeviceAttestationVerifier.h>
+#include <credentials/attestation_verifier/TestPAAStore.h>
 #include <credentials/examples/DeviceAttestationCredsExample.h>
 #include <credentials/examples/ExampleDACs.h>
 #include <credentials/examples/ExamplePAI.h>

src/crypto/tests/BUILD.gn

@@ -64,6 +64,7 @@ chip_test_suite("tests") {
   cflags = [ "-Wconversion" ]
 
   public_deps = [
+    "${chip_root}/src/credentials:test_paa_store",
     "${chip_root}/src/credentials/tests:cert_test_vectors",
     "${chip_root}/src/crypto",
     "${chip_root}/src/lib/core",

src/crypto/tests/CHIPCryptoPALTest.cpp

@@ -57,6 +57,7 @@
 #endif
 
 #include <credentials/CHIPCert.h>
+#include <credentials/attestation_verifier/TestPAAStore.h>
 #include <credentials/tests/CHIPAttCert_test_vectors.h>
 #include <credentials/tests/CHIPCert_test_vectors.h>