Skip to content

Commit

Permalink
Add IPK option to CHIP framework and chip-tool-darwin. (#16907)
Browse files Browse the repository at this point in the history
  • Loading branch information
krypton36 authored and pull[bot] committed Jul 6, 2023
1 parent c036e99 commit 3068753
Show file tree
Hide file tree
Showing 5 changed files with 60 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
CHIP_ERROR CHIPCommandBridge::Run()
{
ChipLogProgress(chipTool, "Running Command");
NSData * ipk;
CHIPToolKeypair * nocSigner = [[CHIPToolKeypair alloc] init];
storage = [[CHIPToolPersistentStorageDelegate alloc] init];

Expand All @@ -42,9 +43,11 @@
[mController setListenPort:kListenPort];
[mController setKeyValueStoreManagerPath:"/tmp/chip_kvs_darwin"];

[nocSigner createOrLoadKeys:storage];
ReturnLogErrorOnFailure([nocSigner createOrLoadKeys:storage]);

if (![mController startup:storage vendorId:chip::VendorId::TestVendor1 nocSigner:nocSigner]) {
ipk = [nocSigner getIPK];

if (![mController startup:storage vendorId:chip::VendorId::TestVendor1 nocSigner:nocSigner ipk:ipk]) {
ChipLogError(chipTool, "Controller startup failure.");
return CHIP_ERROR_INTERNAL;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,6 @@
- (CHIP_ERROR)Serialize:(chip::Crypto::P256SerializedKeypair &)output;
- (CHIP_ERROR)Deserialize:(chip::Crypto::P256SerializedKeypair &)input;
- (CHIP_ERROR)createOrLoadKeys:(CHIPToolPersistentStorageDelegate *)storage;
- (NSData *)getIPK;

@end
34 changes: 33 additions & 1 deletion examples/chip-tool-darwin/commands/common/CHIPToolKeypair.mm
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@

static NSString * const kCHIPToolKeychainLabel = @"Chip Tool Keypair";
static NSString * const kOperationalCredentialsIssuerKeypairStorage = @"ChipToolOpCredsCAKey";
static NSString * const kOperationalCredentialsIPK = @"ChipToolOpCredsIPK";

std::string StringToBase64(const std::string & value)
{
Expand Down Expand Up @@ -43,6 +44,7 @@
@interface CHIPToolKeypair ()
@property (nonatomic) chip::Crypto::P256Keypair mKeyPair;
@property (nonatomic) chip::Crypto::P256Keypair mIssuer;
@property (nonatomic) NSData * ipk;
@property (atomic) uint32_t mNow;
@end

Expand Down Expand Up @@ -95,6 +97,11 @@ - (CHIP_ERROR)Serialize:(chip::Crypto::P256SerializedKeypair &)output
return _mKeyPair.Serialize(output);
}

- (NSData *)getIPK
{
return _ipk;
}

- (CHIP_ERROR)createOrLoadKeys:(CHIPToolPersistentStorageDelegate *)storage
{
chip::ASN1::ASN1UniversalTime effectiveTime;
Expand Down Expand Up @@ -126,7 +133,23 @@ - (CHIP_ERROR)createOrLoadKeys:(CHIPToolPersistentStorageDelegate *)storage
} else {
ReturnErrorOnFailure([self Deserialize:serializedKey]);
}
return err;

NSData * ipk;
value = [storage CHIPGetKeyValue:kOperationalCredentialsIPK];
err = [self decodeNSStringToNSData:value serializedKey:&ipk];
if (err != CHIP_NO_ERROR) {
uint8_t tempIPK[chip::Crypto::CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES];

ReturnLogErrorOnFailure(chip::Crypto::DRBG_get_bytes(tempIPK, sizeof(tempIPK)));

_ipk = [NSData dataWithBytes:tempIPK length:sizeof(tempIPK)];
NSString * valueString = [_ipk base64EncodedStringWithOptions:0];
[storage CHIPSetKeyValue:kOperationalCredentialsIPK value:valueString];
} else {
_ipk = ipk;
}

return CHIP_NO_ERROR;
}

- (CHIP_ERROR)decodeNSStringWithValue:(NSString *)value serializedKey:(chip::Crypto::P256SerializedKeypair &)serializedKey
Expand All @@ -146,4 +169,13 @@ - (CHIP_ERROR)decodeNSStringWithValue:(NSString *)value serializedKey:(chip::Cry
return CHIP_NO_ERROR;
}

- (CHIP_ERROR)decodeNSStringToNSData:(NSString *)value serializedKey:(NSData **)decodedData
{
if (value == nil) {
return CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND;
}

*decodedData = [[NSData alloc] initWithBase64EncodedString:value options:0];
return CHIP_NO_ERROR;
}
@end
13 changes: 13 additions & 0 deletions src/darwin/Framework/CHIP/CHIPDeviceController.h
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,19 @@ typedef void (^CHIPDeviceConnectionCallback)(CHIPDevice * _Nullable device, NSEr
vendorId:(uint16_t)vendorId
nocSigner:(nullable id<CHIPKeypair>)nocSigner;

/**
* Start the CHIP Stack. Repeated calls to startup without calls to shutdown in between are NO-OPs. Use the isRunning property to
* check if the stack needs to be started up.
*
* @param[in] storageDelegate The delegate for persistent storage
* @param[in] vendorId The vendor ID of the commissioner application
* @param[in] nocSigner The CHIPKeypair that is used to generate and sign Node Operational Credentials
* @param[in] ipk The IPK to use for Operational Credentials.
*/
- (BOOL)startup:(_Nullable id<CHIPPersistentStorageDelegate>)storageDelegate
vendorId:(uint16_t)vendorId
nocSigner:(id<CHIPKeypair>)nocSigner
ipk:(NSData * _Nullable)ipk;
/**
* Shutdown the CHIP Stack. Repeated calls to shutdown without calls to startup in between are NO-OPs.
*/
Expand Down
9 changes: 8 additions & 1 deletion src/darwin/Framework/CHIP/CHIPDeviceController.mm
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,13 @@ - (BOOL)shutdown
- (BOOL)startup:(_Nullable id<CHIPPersistentStorageDelegate>)storageDelegate
vendorId:(uint16_t)vendorId
nocSigner:(id<CHIPKeypair>)nocSigner
{
return [self startup:storageDelegate vendorId:vendorId nocSigner:nocSigner ipk:nil];
}
- (BOOL)startup:(_Nullable id<CHIPPersistentStorageDelegate>)storageDelegate
vendorId:(uint16_t)vendorId
nocSigner:(id<CHIPKeypair>)nocSigner
ipk:(NSData * _Nullable)ipk
{
if (vendorId == chip::VendorId::Common) {
// Shouldn't be using the "standard" vendor ID for actual devices.
Expand Down Expand Up @@ -214,7 +221,7 @@ - (BOOL)startup:(_Nullable id<CHIPPersistentStorageDelegate>)storageDelegate
_keypairBridge.Init(nocSigner);
nativeBridge.reset(new chip::Crypto::CHIPP256KeypairNativeBridge(_keypairBridge));
}
errorCode = _operationalCredentialsDelegate->init(_persistentStorageDelegateBridge, std::move(nativeBridge), nil);
errorCode = _operationalCredentialsDelegate->init(_persistentStorageDelegateBridge, std::move(nativeBridge), ipk);
if ([self checkForStartError:(CHIP_NO_ERROR == errorCode) logMsg:kErrorOperationalCredentialsInit]) {
return;
}
Expand Down

0 comments on commit 3068753

Please sign in to comment.