From 36aba3814393420ee70b89ca55ec1d754d1ed169 Mon Sep 17 00:00:00 2001 From: Mikhail Burshteyn Date: Tue, 30 Aug 2022 21:15:03 -0600 Subject: [PATCH] Expose `DeviceProxy::GetAttestationChallenge` to Obj-C. (#22111) * Expose `DeviceCommissioner::GetAttestationChallenge` to Obj-C. * Update PR based on comments from bzbarsky. * Restyled by whitespace * Restyled by clang-format * Fix typo in comment. Co-authored-by: Restyled.io Co-authored-by: Boris Zbarsky --- .../Framework/CHIP/MTRDeviceController.h | 8 ++++++ .../Framework/CHIP/MTRDeviceController.mm | 28 +++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.h b/src/darwin/Framework/CHIP/MTRDeviceController.h index e53a3a86732958..f1ca55bb9001c4 100644 --- a/src/darwin/Framework/CHIP/MTRDeviceController.h +++ b/src/darwin/Framework/CHIP/MTRDeviceController.h @@ -134,6 +134,14 @@ typedef void (^MTRDeviceConnectionCallback)(MTRBaseDevice * _Nullable device, NS */ - (void)setNocChainIssuer:(id)nocChainIssuer queue:(dispatch_queue_t)queue; +/** + * Return the attestation challenge for the secure session of the device being commissioned. + * + * Attempts to retrieve the generated attestation challenge from a commissionee with the given Device ID. + * Returns nil if given Device ID does not match an active commissionee, or if a Secure Session is not availale. + */ +- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId; + /** * Compute a PASE verifier and passcode ID for the desired setup pincode. * diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.mm b/src/darwin/Framework/CHIP/MTRDeviceController.mm index 7e4aa25ad14d79..d122d28f93e16f 100644 --- a/src/darwin/Framework/CHIP/MTRDeviceController.mm +++ b/src/darwin/Framework/CHIP/MTRDeviceController.mm @@ -71,6 +71,8 @@ static NSString * const kErrorGenerateNOC = @"Generating operational certificate failed"; static NSString * const kErrorKeyAllocation = @"Generating new operational key failed"; static NSString * const kErrorCSRValidation = @"Extracting public key from CSR failed"; +static NSString * const kErrorGetCommissionee = @"Failure obtaining device being commissioned"; +static NSString * const kErrorGetAttestationChallenge = @"Failure getting attestation challenge"; @interface MTRDeviceController () @@ -703,6 +705,32 @@ - (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode iterations:(uint return result; } +- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId +{ + VerifyOrReturnValue([self checkIsRunning], nil); + + __block NSData * attestationChallenge; + dispatch_sync(_chipWorkQueue, ^{ + VerifyOrReturn([self checkIsRunning]); + + chip::CommissioneeDeviceProxy * deviceProxy; + auto errorCode = self.cppCommissioner->GetDeviceBeingCommissioned(deviceId, &deviceProxy); + auto success = ![self checkForError:errorCode logMsg:kErrorGetCommissionee error:nil]; + VerifyOrReturn(success); + + uint8_t challengeBuffer[chip::Crypto::kAES_CCM128_Key_Length]; + chip::ByteSpan challenge(challengeBuffer); + + errorCode = deviceProxy->GetAttestationChallenge(challenge); + success = ![self checkForError:errorCode logMsg:kErrorGetAttestationChallenge error:nil]; + VerifyOrReturn(success); + + attestationChallenge = AsData(challenge); + }); + + return attestationChallenge; +} + - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg { if (condition) {