Line data Source code
1 : /*
2 : *
3 : * Copyright (c) 2021-2022 Project CHIP Authors
4 : * All rights reserved.
5 : *
6 : * Licensed under the Apache License, Version 2.0 (the "License");
7 : * you may not use this file except in compliance with the License.
8 : * You may obtain a copy of the License at
9 : *
10 : * http://www.apache.org/licenses/LICENSE-2.0
11 : *
12 : * Unless required by applicable law or agreed to in writing, software
13 : * distributed under the License is distributed on an "AS IS" BASIS,
14 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 : * See the License for the specific language governing permissions and
16 : * limitations under the License.
17 : */
18 :
19 : /**
20 : * @file
21 : * This file implements methods for generating CHIP X.509 certificate.
22 : *
23 : */
24 :
25 : #include <algorithm>
26 : #include <initializer_list>
27 : #include <inttypes.h>
28 : #include <stddef.h>
29 :
30 : #include <credentials/CHIPCert_Internal.h>
31 : #include <lib/asn1/ASN1.h>
32 : #include <lib/asn1/ASN1Macros.h>
33 : #include <lib/core/CHIPCore.h>
34 : #include <lib/core/CHIPSafeCasts.h>
35 : #include <lib/support/CodeUtils.h>
36 : #include <lib/support/DLLUtil.h>
37 : #include <protocols/Protocols.h>
38 :
39 : namespace chip {
40 : namespace Credentials {
41 :
42 : using namespace chip::ASN1;
43 : using namespace chip::Crypto;
44 : using namespace chip::Protocols;
45 :
46 : namespace {
47 :
48 : enum IsCACert
49 : {
50 : kCACert,
51 : kNotCACert,
52 : };
53 :
54 341 : CHIP_ERROR EncodeSubjectPublicKeyInfo(const Crypto::P256PublicKey & pubkey, ASN1Writer & writer)
55 : {
56 341 : CHIP_ERROR err = CHIP_NO_ERROR;
57 :
58 341 : ASN1_START_SEQUENCE
59 : {
60 341 : ASN1_START_SEQUENCE
61 : {
62 341 : ASN1_ENCODE_OBJECT_ID(kOID_PubKeyAlgo_ECPublicKey);
63 341 : ASN1_ENCODE_OBJECT_ID(kOID_EllipticCurve_prime256v1);
64 : }
65 341 : ASN1_END_SEQUENCE;
66 :
67 341 : ReturnErrorOnFailure(writer.PutBitString(0, pubkey, static_cast<uint8_t>(pubkey.Length())));
68 : }
69 341 : ASN1_END_SEQUENCE;
70 :
71 341 : exit:
72 341 : return err;
73 : }
74 :
75 334 : CHIP_ERROR EncodeAuthorityKeyIdentifierExtension(const Crypto::P256PublicKey & pubkey, ASN1Writer & writer)
76 : {
77 334 : CHIP_ERROR err = CHIP_NO_ERROR;
78 :
79 334 : ASN1_START_SEQUENCE
80 : {
81 334 : ASN1_ENCODE_OBJECT_ID(kOID_Extension_AuthorityKeyIdentifier);
82 :
83 334 : ASN1_START_OCTET_STRING_ENCAPSULATED
84 : {
85 334 : ASN1_START_SEQUENCE
86 : {
87 : uint8_t keyid[kSHA1_Hash_Length];
88 334 : ReturnErrorOnFailure(Crypto::Hash_SHA1(pubkey, pubkey.Length(), keyid));
89 :
90 334 : ReturnErrorOnFailure(
91 : writer.PutOctetString(kASN1TagClass_ContextSpecific, 0, keyid, static_cast<uint8_t>(sizeof(keyid))));
92 : }
93 334 : ASN1_END_SEQUENCE;
94 : }
95 334 : ASN1_END_ENCAPSULATED;
96 : }
97 334 : ASN1_END_SEQUENCE;
98 :
99 334 : exit:
100 334 : return err;
101 : }
102 :
103 334 : CHIP_ERROR EncodeSubjectKeyIdentifierExtension(const Crypto::P256PublicKey & pubkey, ASN1Writer & writer)
104 : {
105 334 : CHIP_ERROR err = CHIP_NO_ERROR;
106 :
107 334 : ASN1_START_SEQUENCE
108 : {
109 334 : ASN1_ENCODE_OBJECT_ID(kOID_Extension_SubjectKeyIdentifier);
110 :
111 334 : ASN1_START_OCTET_STRING_ENCAPSULATED
112 : {
113 : uint8_t keyid[kSHA1_Hash_Length];
114 334 : ReturnErrorOnFailure(Crypto::Hash_SHA1(pubkey, pubkey.Length(), keyid));
115 :
116 334 : ReturnErrorOnFailure(writer.PutOctetString(keyid, static_cast<uint8_t>(sizeof(keyid))));
117 : }
118 334 : ASN1_END_ENCAPSULATED;
119 : }
120 334 : ASN1_END_SEQUENCE;
121 :
122 334 : exit:
123 334 : return err;
124 : }
125 :
126 149 : CHIP_ERROR EncodeExtKeyUsageExtension(std::initializer_list<OID> keyPurposeOIDs, ASN1Writer & writer)
127 : {
128 149 : CHIP_ERROR err = CHIP_NO_ERROR;
129 149 : ASN1_START_SEQUENCE
130 : {
131 149 : ASN1_ENCODE_OBJECT_ID(kOID_Extension_ExtendedKeyUsage);
132 :
133 : // ExtKeyUsage extension MUST be marked as critical.
134 149 : ASN1_ENCODE_BOOLEAN(true);
135 149 : ASN1_START_OCTET_STRING_ENCAPSULATED
136 : {
137 149 : ASN1_START_SEQUENCE
138 : {
139 447 : for (auto && oid : keyPurposeOIDs)
140 : {
141 298 : ASN1_ENCODE_OBJECT_ID(oid);
142 : }
143 : }
144 149 : ASN1_END_SEQUENCE;
145 : }
146 149 : ASN1_END_ENCAPSULATED;
147 : }
148 149 : ASN1_END_SEQUENCE;
149 :
150 149 : exit:
151 149 : return err;
152 : }
153 :
154 341 : CHIP_ERROR EncodeKeyUsageExtension(BitFlags<KeyUsageFlags> keyUsageFlags, ASN1Writer & writer)
155 : {
156 341 : CHIP_ERROR err = CHIP_NO_ERROR;
157 341 : ASN1_START_SEQUENCE
158 : {
159 341 : ASN1_ENCODE_OBJECT_ID(kOID_Extension_KeyUsage);
160 :
161 : // KeyUsage extension MUST be marked as critical.
162 341 : ASN1_ENCODE_BOOLEAN(true);
163 341 : ASN1_START_OCTET_STRING_ENCAPSULATED
164 : {
165 341 : ASN1_ENCODE_BIT_STRING(keyUsageFlags.Raw());
166 : }
167 341 : ASN1_END_ENCAPSULATED;
168 : }
169 341 : ASN1_END_SEQUENCE;
170 :
171 341 : exit:
172 341 : return err;
173 : }
174 :
175 341 : CHIP_ERROR EncodeIsCAExtension(IsCACert isCA, ASN1Writer & writer)
176 : {
177 341 : CHIP_ERROR err = CHIP_NO_ERROR;
178 341 : ASN1_START_SEQUENCE
179 : {
180 341 : ASN1_ENCODE_OBJECT_ID(kOID_Extension_BasicConstraints);
181 :
182 : // BasicConstraints extension MUST be marked as critical.
183 341 : ASN1_ENCODE_BOOLEAN(true);
184 :
185 341 : ASN1_START_OCTET_STRING_ENCAPSULATED
186 : {
187 341 : ASN1_START_SEQUENCE
188 : {
189 : // cA BOOLEAN
190 341 : if (isCA == kCACert)
191 : {
192 : // Encode the boolean only if isCA is true
193 188 : ASN1_ENCODE_BOOLEAN(true);
194 : }
195 : }
196 341 : ASN1_END_SEQUENCE;
197 : }
198 341 : ASN1_END_ENCAPSULATED;
199 : }
200 341 : ASN1_END_SEQUENCE;
201 :
202 341 : exit:
203 341 : return err;
204 : }
205 :
206 188 : CHIP_ERROR EncodeCASpecificExtensions(ASN1Writer & writer)
207 : {
208 188 : ReturnErrorOnFailure(EncodeIsCAExtension(kCACert, writer));
209 188 : ReturnErrorOnFailure(
210 : EncodeKeyUsageExtension(BitFlags<KeyUsageFlags>(KeyUsageFlags::kKeyCertSign, KeyUsageFlags::kCRLSign), writer));
211 188 : return CHIP_NO_ERROR;
212 : }
213 :
214 142 : CHIP_ERROR EncodeNOCSpecificExtensions(ASN1Writer & writer)
215 : {
216 142 : ReturnErrorOnFailure(EncodeIsCAExtension(kNotCACert, writer));
217 142 : ReturnErrorOnFailure(EncodeKeyUsageExtension(KeyUsageFlags::kDigitalSignature, writer));
218 142 : ReturnErrorOnFailure(EncodeExtKeyUsageExtension({ kOID_KeyPurpose_ClientAuth, kOID_KeyPurpose_ServerAuth }, writer));
219 142 : return CHIP_NO_ERROR;
220 : }
221 :
222 4 : CHIP_ERROR EncodeVendorIdVerificationSignerSpecificExtensions(ASN1Writer & writer)
223 : {
224 4 : ReturnErrorOnFailure(EncodeIsCAExtension(kNotCACert, writer));
225 4 : ReturnErrorOnFailure(EncodeKeyUsageExtension(KeyUsageFlags::kDigitalSignature, writer));
226 4 : return CHIP_NO_ERROR;
227 : }
228 :
229 334 : CHIP_ERROR EncodeFutureExtension(const Optional<FutureExtension> & futureExt, ASN1Writer & writer)
230 : {
231 334 : CHIP_ERROR err = CHIP_NO_ERROR;
232 :
233 334 : VerifyOrReturnError(futureExt.HasValue(), CHIP_NO_ERROR);
234 :
235 14 : ASN1_START_SEQUENCE
236 : {
237 14 : ReturnErrorOnFailure(writer.PutObjectId(futureExt.Value().OID.data(), static_cast<uint16_t>(futureExt.Value().OID.size())));
238 :
239 14 : ASN1_START_OCTET_STRING_ENCAPSULATED
240 : {
241 14 : ReturnErrorOnFailure(writer.PutOctetString(futureExt.Value().Extension.data(),
242 : static_cast<uint16_t>(futureExt.Value().Extension.size())));
243 : }
244 14 : ASN1_END_ENCAPSULATED;
245 : }
246 14 : ASN1_END_SEQUENCE;
247 :
248 14 : exit:
249 14 : return err;
250 : }
251 :
252 334 : CHIP_ERROR EncodeExtensions(CertType certType, const Crypto::P256PublicKey & SKI, const Crypto::P256PublicKey & AKI,
253 : const Optional<FutureExtension> & futureExt, ASN1Writer & writer)
254 : {
255 334 : CHIP_ERROR err = CHIP_NO_ERROR;
256 :
257 334 : ASN1_START_CONSTRUCTED(kASN1TagClass_ContextSpecific, 3)
258 : {
259 334 : ASN1_START_SEQUENCE
260 : {
261 334 : switch (certType)
262 : {
263 188 : case CertType::kICA:
264 : case CertType::kRoot: {
265 188 : ReturnErrorOnFailure(EncodeCASpecificExtensions(writer));
266 188 : break;
267 : }
268 142 : case CertType::kNode: {
269 142 : ReturnErrorOnFailure(EncodeNOCSpecificExtensions(writer));
270 142 : break;
271 : }
272 4 : case CertType::kVidVerificationSigner: {
273 4 : ReturnErrorOnFailure(EncodeVendorIdVerificationSignerSpecificExtensions(writer));
274 4 : break;
275 : }
276 0 : case CertType::kFirmwareSigning:
277 : case CertType::kNetworkIdentity: {
278 : // Nothing to encode extra for those.
279 0 : break;
280 : }
281 0 : default: {
282 : // Unknown/invalid certificate type should not happen.
283 0 : return CHIP_ERROR_INVALID_ARGUMENT;
284 : }
285 : }
286 334 : ReturnErrorOnFailure(EncodeSubjectKeyIdentifierExtension(SKI, writer));
287 :
288 334 : ReturnErrorOnFailure(EncodeAuthorityKeyIdentifierExtension(AKI, writer));
289 :
290 334 : ReturnErrorOnFailure(EncodeFutureExtension(futureExt, writer));
291 : }
292 334 : ASN1_END_SEQUENCE;
293 : }
294 334 : ASN1_END_CONSTRUCTED;
295 :
296 334 : exit:
297 334 : return err;
298 : }
299 :
300 341 : CHIP_ERROR EncodeValidity(uint32_t validityStart, uint32_t validityEnd, ASN1Writer & writer)
301 : {
302 341 : CHIP_ERROR err = CHIP_NO_ERROR;
303 : ASN1UniversalTime asn1Time;
304 :
305 341 : ASN1_START_SEQUENCE
306 : {
307 341 : ReturnErrorOnFailure(ChipEpochToASN1Time(validityStart, asn1Time));
308 341 : ASN1_ENCODE_TIME(asn1Time);
309 :
310 341 : ReturnErrorOnFailure(ChipEpochToASN1Time(validityEnd, asn1Time));
311 341 : ASN1_ENCODE_TIME(asn1Time);
312 : }
313 341 : ASN1_END_SEQUENCE;
314 :
315 341 : exit:
316 341 : return err;
317 : }
318 :
319 167 : CHIP_ERROR EncodeChipECDSASignature(Crypto::P256ECDSASignature & signature, ASN1Writer & writer)
320 : {
321 167 : CHIP_ERROR err = CHIP_NO_ERROR;
322 :
323 167 : ASN1_START_BIT_STRING_ENCAPSULATED
324 : {
325 : // Convert RAW signature to DER when generating X509 certs.
326 167 : P256ECDSASignatureSpan raw_sig(signature.Bytes());
327 167 : ReturnErrorOnFailure(ConvertECDSASignatureRawToDER(raw_sig, writer));
328 : }
329 167 : ASN1_END_ENCAPSULATED;
330 :
331 167 : exit:
332 167 : return err;
333 : }
334 :
335 337 : CHIP_ERROR EncodeTBSCert(const X509CertRequestParams & requestParams, const Crypto::P256PublicKey & subjectPubkey,
336 : const Crypto::P256PublicKey & issuerPubkey, ASN1Writer & writer)
337 : {
338 337 : CHIP_ERROR err = CHIP_NO_ERROR;
339 : CertType certType;
340 :
341 337 : VerifyOrReturnError(requestParams.SerialNumber >= 0, CHIP_ERROR_INVALID_ARGUMENT);
342 334 : VerifyOrReturnError(requestParams.ValidityEnd == kNullCertTime || requestParams.ValidityEnd >= requestParams.ValidityStart,
343 : CHIP_ERROR_INVALID_ARGUMENT);
344 :
345 334 : ReturnErrorOnFailure(requestParams.SubjectDN.GetCertType(certType));
346 :
347 334 : ASN1_START_SEQUENCE
348 : {
349 : // version [0] EXPLICIT Version DEFAULT v1
350 334 : ASN1_START_CONSTRUCTED(kASN1TagClass_ContextSpecific, 0)
351 : {
352 : // Version ::= INTEGER { v1(0), v2(1), v3(2) }
353 334 : ASN1_ENCODE_INTEGER(2);
354 : }
355 334 : ASN1_END_CONSTRUCTED;
356 :
357 334 : ReturnErrorOnFailure(writer.PutInteger(requestParams.SerialNumber));
358 :
359 334 : ASN1_START_SEQUENCE
360 : {
361 334 : ASN1_ENCODE_OBJECT_ID(kOID_SigAlgo_ECDSAWithSHA256);
362 : }
363 334 : ASN1_END_SEQUENCE;
364 :
365 : // issuer Name
366 334 : ReturnErrorOnFailure(requestParams.IssuerDN.EncodeToASN1(writer));
367 :
368 : // validity Validity,
369 334 : ReturnErrorOnFailure(EncodeValidity(requestParams.ValidityStart, requestParams.ValidityEnd, writer));
370 :
371 : // subject Name
372 334 : ReturnErrorOnFailure(requestParams.SubjectDN.EncodeToASN1(writer));
373 :
374 334 : ReturnErrorOnFailure(EncodeSubjectPublicKeyInfo(subjectPubkey, writer));
375 :
376 : // certificate extensions
377 334 : ReturnErrorOnFailure(EncodeExtensions(certType, subjectPubkey, issuerPubkey, requestParams.FutureExt, writer));
378 : }
379 334 : ASN1_END_SEQUENCE;
380 :
381 334 : exit:
382 334 : return err;
383 : }
384 :
385 : } // namespace
386 :
387 7 : CHIP_ERROR EncodeNetworkIdentityTBSCert(const P256PublicKey & pubkey, ASN1Writer & writer)
388 : {
389 7 : CHIP_ERROR err = CHIP_NO_ERROR;
390 7 : ChipDN issuerAndSubject;
391 7 : InitNetworkIdentitySubject(issuerAndSubject);
392 :
393 7 : ASN1_START_SEQUENCE
394 : {
395 : // version [0] EXPLICIT Version DEFAULT v1
396 7 : ASN1_START_CONSTRUCTED(kASN1TagClass_ContextSpecific, 0)
397 : {
398 7 : ASN1_ENCODE_INTEGER(2); // Version ::= INTEGER { v1(0), v2(1), v3(2) }
399 : }
400 7 : ASN1_END_CONSTRUCTED;
401 :
402 7 : ReturnErrorOnFailure(writer.PutInteger(kNetworkIdentitySerialNumber));
403 :
404 7 : ASN1_START_SEQUENCE
405 : {
406 7 : ASN1_ENCODE_OBJECT_ID(kOID_SigAlgo_ECDSAWithSHA256);
407 : }
408 7 : ASN1_END_SEQUENCE;
409 :
410 : // issuer Name
411 7 : ReturnErrorOnFailure(issuerAndSubject.EncodeToASN1(writer));
412 :
413 : // validity Validity,
414 7 : ReturnErrorOnFailure(EncodeValidity(kNetworkIdentityNotBeforeTime, kNetworkIdentityNotAfterTime, writer));
415 :
416 : // subject Name
417 7 : ReturnErrorOnFailure(issuerAndSubject.EncodeToASN1(writer));
418 :
419 7 : ReturnErrorOnFailure(EncodeSubjectPublicKeyInfo(pubkey, writer));
420 :
421 : // certificate extensions
422 7 : ASN1_START_CONSTRUCTED(kASN1TagClass_ContextSpecific, 3)
423 : {
424 7 : ASN1_START_SEQUENCE
425 : {
426 7 : TEMPORARY_RETURN_IGNORED EncodeIsCAExtension(kNotCACert, writer);
427 7 : TEMPORARY_RETURN_IGNORED EncodeKeyUsageExtension(KeyUsageFlags::kDigitalSignature, writer);
428 7 : TEMPORARY_RETURN_IGNORED EncodeExtKeyUsageExtension({ kOID_KeyPurpose_ClientAuth, kOID_KeyPurpose_ServerAuth },
429 : writer);
430 : }
431 7 : ASN1_END_SEQUENCE;
432 : }
433 7 : ASN1_END_CONSTRUCTED;
434 : }
435 7 : ASN1_END_SEQUENCE;
436 :
437 7 : exit:
438 7 : return err;
439 7 : }
440 :
441 170 : CHIP_ERROR NewChipX509Cert(const X509CertRequestParams & requestParams, const Crypto::P256PublicKey & subjectPubkey,
442 : const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert)
443 : {
444 170 : CHIP_ERROR err = CHIP_NO_ERROR;
445 : ASN1Writer writer;
446 170 : writer.Init(x509Cert);
447 :
448 170 : ReturnErrorOnFailure(EncodeTBSCert(requestParams, subjectPubkey, issuerKeypair.Pubkey(), writer));
449 :
450 167 : Crypto::P256ECDSASignature signature;
451 167 : ReturnErrorOnFailure(issuerKeypair.ECDSA_sign_msg(x509Cert.data(), writer.GetLengthWritten(), signature));
452 :
453 167 : writer.Init(x509Cert);
454 :
455 167 : ASN1_START_SEQUENCE
456 : {
457 167 : ReturnErrorOnFailure(EncodeTBSCert(requestParams, subjectPubkey, issuerKeypair.Pubkey(), writer));
458 :
459 167 : ASN1_START_SEQUENCE
460 : {
461 167 : ASN1_ENCODE_OBJECT_ID(kOID_SigAlgo_ECDSAWithSHA256);
462 : }
463 167 : ASN1_END_SEQUENCE;
464 :
465 167 : ReturnErrorOnFailure(EncodeChipECDSASignature(signature, writer));
466 : }
467 167 : ASN1_END_SEQUENCE;
468 :
469 167 : x509Cert.reduce_size(writer.GetLengthWritten());
470 :
471 167 : exit:
472 167 : return err;
473 167 : }
474 :
475 67 : DLL_EXPORT CHIP_ERROR NewRootX509Cert(const X509CertRequestParams & requestParams, const Crypto::P256Keypair & issuerKeypair,
476 : MutableByteSpan & x509Cert)
477 : {
478 : CertType certType;
479 :
480 67 : ReturnErrorOnFailure(requestParams.SubjectDN.GetCertType(certType));
481 67 : VerifyOrReturnError(certType == CertType::kRoot, CHIP_ERROR_INVALID_ARGUMENT);
482 66 : VerifyOrReturnError(requestParams.SubjectDN.IsEqual(requestParams.IssuerDN), CHIP_ERROR_INVALID_ARGUMENT);
483 :
484 65 : return NewChipX509Cert(requestParams, issuerKeypair.Pubkey(), issuerKeypair, x509Cert);
485 : }
486 :
487 32 : DLL_EXPORT CHIP_ERROR NewICAX509Cert(const X509CertRequestParams & requestParams, const Crypto::P256PublicKey & subjectPubkey,
488 : const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert)
489 : {
490 : CertType certType;
491 :
492 32 : ReturnErrorOnFailure(requestParams.SubjectDN.GetCertType(certType));
493 32 : VerifyOrReturnError(certType == CertType::kICA, CHIP_ERROR_INVALID_ARGUMENT);
494 :
495 31 : ReturnErrorOnFailure(requestParams.IssuerDN.GetCertType(certType));
496 31 : VerifyOrReturnError(certType == CertType::kRoot, CHIP_ERROR_INVALID_ARGUMENT);
497 :
498 31 : return NewChipX509Cert(requestParams, subjectPubkey, issuerKeypair, x509Cert);
499 : }
500 :
501 5 : CHIP_ERROR NewVidVerificationSignerX509Cert(const X509CertRequestParams & requestParams,
502 : const Crypto::P256PublicKey & subjectPubkey, const Crypto::P256Keypair & issuerKeypair,
503 : MutableByteSpan & x509Cert)
504 : {
505 : CertType certType;
506 :
507 5 : ReturnErrorOnFailure(requestParams.SubjectDN.GetCertType(certType));
508 4 : VerifyOrReturnError(certType == CertType::kVidVerificationSigner, CHIP_ERROR_INVALID_ARGUMENT);
509 :
510 3 : ReturnErrorOnFailure(requestParams.IssuerDN.GetCertType(certType));
511 3 : VerifyOrReturnError((certType == CertType::kICA) || (certType == CertType::kRoot), CHIP_ERROR_INVALID_ARGUMENT);
512 :
513 3 : return NewChipX509Cert(requestParams, subjectPubkey, issuerKeypair, x509Cert);
514 : }
515 :
516 74 : DLL_EXPORT CHIP_ERROR NewNodeOperationalX509Cert(const X509CertRequestParams & requestParams,
517 : const Crypto::P256PublicKey & subjectPubkey,
518 : const Crypto::P256Keypair & issuerKeypair, MutableByteSpan & x509Cert)
519 : {
520 : CertType certType;
521 :
522 74 : ReturnErrorOnFailure(requestParams.SubjectDN.GetCertType(certType));
523 73 : VerifyOrReturnError(certType == CertType::kNode, CHIP_ERROR_INVALID_ARGUMENT);
524 :
525 72 : ReturnErrorOnFailure(requestParams.IssuerDN.GetCertType(certType));
526 72 : VerifyOrReturnError(certType == CertType::kICA || certType == CertType::kRoot, CHIP_ERROR_INVALID_ARGUMENT);
527 :
528 71 : return NewChipX509Cert(requestParams, subjectPubkey, issuerKeypair, x509Cert);
529 : }
530 :
531 : } // namespace Credentials
532 : } // namespace chip
|
