From 663cc7e1215a22a8b9500f42851bc83f1522f105 Mon Sep 17 00:00:00 2001
From: Mikhail Burshteyn <michael.burshteyn@gmail.com>
Date: Thu, 25 Aug 2022 11:43:56 -0600
Subject: [PATCH] Expose `DeviceCommissioner::ComputePASEVerifier` to Obj-C.
 (#22112)

* Expose `DeviceCommissioner::ComputePASEVerifier` to Obj-C.

* Restyled by whitespace

* Restyled by clang-format

Co-authored-by: Restyled.io <commits@restyled.io>
---
 .../Framework/CHIP/MTRDeviceController.h      |  9 ++++++
 .../Framework/CHIP/MTRDeviceController.mm     | 28 +++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.h b/src/darwin/Framework/CHIP/MTRDeviceController.h
index 6deca1706934ca..e53a3a86732958 100644
--- a/src/darwin/Framework/CHIP/MTRDeviceController.h
+++ b/src/darwin/Framework/CHIP/MTRDeviceController.h
@@ -134,6 +134,15 @@ typedef void (^MTRDeviceConnectionCallback)(MTRBaseDevice * _Nullable device, NS
  */
 - (void)setNocChainIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer queue:(dispatch_queue_t)queue;
 
+/**
+ * Compute a PASE verifier and passcode ID for the desired setup pincode.
+ *
+ * @param[in] setupPincode    The desired PIN code to use
+ * @param[in] iterations      The number of iterations to use when generating the verifier
+ * @param[in] salt            The 16-byte salt for verifier computation
+ */
+- (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode iterations:(uint32_t)iterations salt:(NSData *)salt;
+
 /**
  * Shutdown the controller. Calls to shutdown after the first one are NO-OPs.
  */
diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.mm b/src/darwin/Framework/CHIP/MTRDeviceController.mm
index 438ac2409c3ac5..7e4aa25ad14d79 100644
--- a/src/darwin/Framework/CHIP/MTRDeviceController.mm
+++ b/src/darwin/Framework/CHIP/MTRDeviceController.mm
@@ -675,6 +675,34 @@ - (void)setNocChainIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer queue:(dispatch_
     });
 }
 
+- (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode iterations:(uint32_t)iterations salt:(NSData *)salt
+{
+    __block CHIP_ERROR errorCode = CHIP_ERROR_INCORRECT_STATE;
+    if (![self isRunning]) {
+        [self checkForError:errorCode logMsg:kErrorNotRunning error:nil];
+        return nil;
+    }
+
+    __block NSData * result;
+    __block chip::Spake2pVerifier paseVerifier;
+    __block chip::ByteSpan saltByteSpan = chip::ByteSpan(static_cast<const uint8_t *>(salt.bytes), salt.length);
+
+    dispatch_sync(_chipWorkQueue, ^{
+        if ([self isRunning]) {
+            errorCode = self.cppCommissioner->ComputePASEVerifier(iterations, setupPincode, saltByteSpan, paseVerifier);
+            MTR_LOG_ERROR("ComputePaseVerifier: %s", chip::ErrorStr(errorCode));
+
+            uint8_t serializedVerifier[sizeof(paseVerifier.mW0) + sizeof(paseVerifier.mL)];
+            memcpy(serializedVerifier, paseVerifier.mW0, chip::kSpake2p_WS_Length);
+            memcpy(&serializedVerifier[sizeof(paseVerifier.mW0)], paseVerifier.mL, sizeof(paseVerifier.mL));
+
+            result = [NSData dataWithBytes:serializedVerifier length:sizeof(serializedVerifier)];
+        }
+    });
+
+    return result;
+}
+
 - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg
 {
     if (condition) {