Skip to content

Commit

Permalink
Update PR based on comments from bzbarsky.
Browse files Browse the repository at this point in the history
  • Loading branch information
mburshteyn1 committed Aug 29, 2022
1 parent f636396 commit 414ec31
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 19 deletions.
7 changes: 6 additions & 1 deletion src/darwin/Framework/CHIP/MTRDeviceController.h
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,12 @@ typedef void (^MTRDeviceConnectionCallback)(MTRBaseDevice * _Nullable device, NS
*/
- (void)setNocChainIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer queue:(dispatch_queue_t)queue;

/** Return the attestation challenge for the secure session of the device being commissioned. */
/**
* Return the attestation challenge for the secure session of the device being commissioned.
*
* Attempts to retreive the generated attestation challenge from a commissionee with the given Device ID.
* Returns nil if given Device ID does not match an active commissionee, or if a Secure Session is not availale.
*/
- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId;

/**
Expand Down
33 changes: 15 additions & 18 deletions src/darwin/Framework/CHIP/MTRDeviceController.mm
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,8 @@
static NSString * const kErrorGenerateNOC = @"Generating operational certificate failed";
static NSString * const kErrorKeyAllocation = @"Generating new operational key failed";
static NSString * const kErrorCSRValidation = @"Extracting public key from CSR failed";
static NSString * const kErrorGetCommissionee = @"Failure obtaining device being commissioned"
static NSString * const kErrorGetAttestationChallenge = @"Failure getting attestation challenge"

@interface MTRDeviceController ()

Expand Down Expand Up @@ -705,30 +707,25 @@ - (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode iterations:(uint

- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId
{
__block CHIP_ERROR errorCode = CHIP_ERROR_INCORRECT_STATE;
if (![self isRunning]) {
[self checkForError:errorCode logMsg:kErrorNotRunning error:nil];
return nil;
}
VerifyOrReturn([self checkIsRunning], nil);

__block NSData * attestationChallenge;
dispatch_sync(_chipWorkQueue, ^{
if ([self isRunning]) {
chip::CommissioneeDeviceProxy * deviceProxy;
errorCode = self.cppCommissioner->GetDeviceBeingCommissioned(deviceId, &deviceProxy);
if (errorCode != CHIP_NO_ERROR) {
[self checkForError:errorCode logMsg:@"Invalid Attestation Challenge device ID." error:nil];
return;
}
VerifyOrReturn([self checkIsRunning]);

chip::CommissioneeDeviceProxy * deviceProxy;
errorCode = self.cppCommissioner->GetDeviceBeingCommissioned(deviceId, &deviceProxy);
auto success = ![self checkForError:errorCode logMsg:kErrorGetCommissionee error:nil];
VerifyOrReturn(success);

NSMutableData * challengeBuffer = [[NSMutableData alloc] initWithLength:chip::Crypto::kAES_CCM128_Key_Length];
chip::ByteSpan challenge((uint8_t *) [challengeBuffer mutableBytes], chip::Crypto::kAES_CCM128_Key_Length);
uint8_t challengeBuffer[chip::Crypto::kAES_CCM128_Key_Length];
chip::ByteSpan challenge(challengeBuffer);

errorCode = deviceProxy->GetAttestationChallenge(challenge);
MTR_LOG_ERROR("GetAttestationChallenge: %s", chip::ErrorStr(errorCode));
errorCode = deviceProxy->GetAttestationChallenge(challenge);
success = ![self checkForError:errorCode logMsg:kErrorGetAttestationChallenge error:nil];
VerifyOrReturn(success);

attestationChallenge = [NSData dataWithBytes:challenge.data() length:challenge.size()];
}
attestationChallenge = AsData(challenge);
});

return attestationChallenge;
Expand Down

0 comments on commit 414ec31

Please sign in to comment.