From 9ec86f2409d1dcc33bbc27d9674374b82fcc5b0a Mon Sep 17 00:00:00 2001
From: Mikhail Burshteyn <michael.burshteyn@gmail.com>
Date: Tue, 23 Aug 2022 14:25:20 -0600
Subject: [PATCH] Expose `DeviceCommissioner::ComputePASEVerifier` to Obj-C.

---
 .../Framework/CHIP/MTRDeviceController.h      | 11 +++++++
 .../Framework/CHIP/MTRDeviceController.mm     | 33 +++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.h b/src/darwin/Framework/CHIP/MTRDeviceController.h
index faca45ddde863b..2a7286f5155ce1 100644
--- a/src/darwin/Framework/CHIP/MTRDeviceController.h
+++ b/src/darwin/Framework/CHIP/MTRDeviceController.h
@@ -130,6 +130,17 @@ typedef void (^MTRDeviceConnectionCallback)(MTRBaseDevice * _Nullable device, NS
  */
 - (void)setNocChainIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer queue:(dispatch_queue_t)queue;
 
+/**
+ * Compute a PASE verifier and passcode ID for the desired setup pincode.
+ *
+ * @param[in] setupPincode    The desired PIN code to use
+ * @param[in] iterations      The number of iterations to use when generating the verifier
+ * @param[in] salt            The 16-byte salt for verifier computation
+ */
+- (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode
+                              iterations:(uint32_t)iterations
+                                    salt:(NSData *)salt;
+                                    
 /**
  * Shutdown the controller. Calls to shutdown after the first one are NO-OPs.
  */
diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.mm b/src/darwin/Framework/CHIP/MTRDeviceController.mm
index b170771f77ad0b..316e7a684e59c0 100644
--- a/src/darwin/Framework/CHIP/MTRDeviceController.mm
+++ b/src/darwin/Framework/CHIP/MTRDeviceController.mm
@@ -668,6 +668,39 @@ - (void)setNocChainIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer queue:(dispatch_
     });
 }
 
+- (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode
+                              iterations:(uint32_t)iterations
+                                    salt:(NSData *)salt {
+  __block CHIP_ERROR errorCode = CHIP_ERROR_INCORRECT_STATE;
+  if (![self isRunning]) {
+    [self checkForError:errorCode logMsg:kErrorNotRunning error:nil];
+    return nil;
+  }
+
+  __block NSData *result;
+  __block chip::Spake2pVerifier paseVerifier;
+  __block uint32_t outPasscodeId = 0;
+  __block chip::ByteSpan saltByteSpan =
+      chip::ByteSpan(static_cast<const uint8_t *>(salt.bytes), salt.length);
+
+  dispatch_sync(_chipWorkQueue, ^{
+    if ([self isRunning]) {
+      errorCode = self.cppCommissioner->ComputePASEVerifier(iterations, setupPincode, saltByteSpan,
+                                                            paseVerifier);
+      MTR_LOG_ERROR("ComputePaseVerifier: %s", chip::ErrorStr(errorCode));
+
+      uint8_t serializedVerifier[sizeof(paseVerifier.mW0) + sizeof(paseVerifier.mL)];
+      memcpy(serializedVerifier, paseVerifier.mW0, chip::kSpake2p_WS_Length);
+      memcpy(&serializedVerifier[sizeof(paseVerifier.mW0)], paseVerifier.mL,
+             sizeof(paseVerifier.mL));
+
+      result = [NSData dataWithBytes:serializedVerifier length:sizeof(serializedVerifier)];
+    }
+  });
+
+  return result;
+}
+
 - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg
 {
     if (condition) {