Skip to content

Commit

Permalink
Surface an accessor for the PASE attestation challenge in Java (#14894)
Browse files Browse the repository at this point in the history
Fixes #14893

Tested:
- Ran locally against a device being commissioned, and verified a
  challenge was returned as expected.
  • Loading branch information
g-coppock authored and pull[bot] committed Sep 6, 2023
1 parent 3fc2e1e commit f127711
Show file tree
Hide file tree
Showing 4 changed files with 67 additions and 0 deletions.
13 changes: 13 additions & 0 deletions src/controller/CHIPDeviceController.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -932,6 +932,19 @@ CHIP_ERROR DeviceCommissioner::Commission(NodeId remoteDeviceId, CommissioningPa
return CHIP_NO_ERROR;
}

CHIP_ERROR DeviceCommissioner::GetAttestationChallenge(ByteSpan & attestationChallenge)
{
Optional<SessionHandle> secureSessionHandle;

VerifyOrReturnError(mDeviceBeingCommissioned != nullptr, CHIP_ERROR_INCORRECT_STATE);

secureSessionHandle = mDeviceBeingCommissioned->GetSecureSession();
VerifyOrReturnError(secureSessionHandle.HasValue(), CHIP_ERROR_INCORRECT_STATE);

attestationChallenge = secureSessionHandle.Value()->AsSecureSession()->GetCryptoContext().GetAttestationChallenge();
return CHIP_NO_ERROR;
}

CHIP_ERROR DeviceCommissioner::StopPairing(NodeId remoteDeviceId)
{
VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
Expand Down
10 changes: 10 additions & 0 deletions src/controller/CHIPDeviceController.h
Original file line number Diff line number Diff line change
Expand Up @@ -531,6 +531,16 @@ class DLL_EXPORT DeviceCommissioner : public DeviceController,
CHIP_ERROR GetConnectedDevice(NodeId deviceId, chip::Callback::Callback<OnDeviceConnected> * onConnection,
chip::Callback::Callback<OnDeviceConnectionFailure> * onFailure) override;

/**
* @brief
* This function returns the attestation challenge for the secure session of the device being commissioned.
*
* @param[out] attestationChallenge The output for the attestationChallenge
*
* @return CHIP_ERROR CHIP_NO_ERROR on success, or CHIP_ERROR_INVALID_ARGUMENT if no secure session is active
*/
CHIP_ERROR GetAttestationChallenge(ByteSpan & attestationChallenge);

/**
* @brief
* This function stops a pairing process that's in progress. It does not delete the pairing of a previously
Expand Down
31 changes: 31 additions & 0 deletions src/controller/java/CHIPDeviceController-JNI.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -572,6 +572,37 @@ JNI_METHOD(jboolean, openPairingWindowWithPIN)
return true;
}

JNI_METHOD(jbyteArray, getAttestationChallenge)
(JNIEnv * env, jobject self, jlong handle, jlong devicePtr)
{
chip::DeviceLayer::StackLock lock;
CHIP_ERROR err = CHIP_NO_ERROR;
ByteSpan attestationChallenge;
jbyteArray attestationChallengeJbytes = nullptr;

DeviceProxy * chipDevice = reinterpret_cast<DeviceProxy *>(devicePtr);
if (chipDevice == nullptr)
{
ChipLogProgress(Controller, "Could not cast device pointer to Device object");
JniReferences::GetInstance().ThrowError(env, sChipDeviceControllerExceptionCls, CHIP_ERROR_INCORRECT_STATE);
}

AndroidDeviceControllerWrapper * wrapper = AndroidDeviceControllerWrapper::FromJNIHandle(handle);
err = wrapper->Controller()->GetAttestationChallenge(attestationChallenge);
SuccessOrExit(err);

err = JniReferences::GetInstance().N2J_ByteArray(env, attestationChallenge.data(), sizeof(attestationChallenge.data()),
attestationChallengeJbytes);
SuccessOrExit(err);

exit:
if (err != CHIP_NO_ERROR)
{
JniReferences::GetInstance().ThrowError(env, sChipDeviceControllerExceptionCls, err);
}
return attestationChallengeJbytes;
}

JNI_METHOD(void, deleteDeviceController)(JNIEnv * env, jobject self, jlong handle)
{
chip::DeviceLayer::StackLock lock;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,17 @@ public void shutdownSubscriptions(long devicePtr) {
shutdownSubscriptions(deviceControllerPtr, devicePtr);
}

/**
* Returns an attestation challenge for the given device, for which there must be an existing
* secure session.
*
* @param devicePtr a pointer to the device from which to retrieve the challenge
* @throws ChipDeviceControllerException if there is no secure session for the given device
*/
public byte[] getAttestationChallenge(long devicePtr) {
return getAttestationChallenge(deviceControllerPtr, devicePtr);
}

/** Subscribe to the given attribute path. */
public void subscribeToPath(
SubscriptionEstablishedCallback subscriptionEstablishedCallback,
Expand Down Expand Up @@ -417,6 +428,8 @@ private native boolean openPairingWindowWithPIN(

private native boolean isActive(long deviceControllerPtr, long deviceId);

private native byte[] getAttestationChallenge(long deviceControllerPtr, long devicePtr);

private native void shutdownSubscriptions(long deviceControllerPtr, long devicePtr);

static {
Expand Down

0 comments on commit f127711

Please sign in to comment.