project-chip · bzbarsky-apple · Apr 11, 2023 · Apr 10, 2023 · Apr 10, 2023 · Apr 10, 2023
@@ -17,6 +17,7 @@
 
 #import <Foundation/Foundation.h>
 
+#import <Matter/MTRCommandPayloadsObjc.h>
 #import <Matter/MTRDefines.h>
 
 NS_ASSUME_NONNULL_BEGIN
@@ -34,8 +35,7 @@ API_AVAILABLE(ios(16.4), macos(13.3), watchos(9.4), tvos(16.4))
 @property (nonatomic, copy, readonly) MTRCSRDERBytes csr;
 
 /**
- * The nonce provided in the original CSRRequest command that led to this CSR
- * being created.
+ * The nonce associated with this CSR.
  */
 @property (nonatomic, copy, readonly) NSData * csrNonce;
 
@@ -54,11 +54,44 @@ API_AVAILABLE(ios(16.4), macos(13.3), watchos(9.4), tvos(16.4))
  */
 @property (nonatomic, copy, readonly) NSData * attestationSignature;
 
+/**
+ * Initialize an MTROperationalCSRInfo by providing all the fields.  It's the
+ * caller's responsibility to ensure that csr and csrNonce match the csrElementsTLV.
+ */
 - (instancetype)initWithCSR:(MTRCSRDERBytes)csr
                    csrNonce:(NSData *)csrNonce
              csrElementsTLV:(MTRTLVBytes)csrElementsTLV
-       attestationSignature:(NSData *)attestationSignature;
+       attestationSignature:(NSData *)attestationSignature
+    MTR_NEWLY_DEPRECATED("Please use one of the initializers that validates the input");
+
+/**
+ * Initialize an MTROperationalCSRInfo by providing the csrNonce (for example,
+ * the nonce the client initially supplied), and the csrElementsTLV and
+ * attestationSignature that the server returned.  This will ensure that
+ * csrNonce matches the data in csrElementsTLV, returning nil if it does not,
+ * and extract the csr from csrElementsTLV.
+ */
+- (nullable instancetype)initWithCSRNonce:(NSData *)csrNonce
+                           csrElementsTLV:(MTRTLVBytes)csrElementsTLV
+                     attestationSignature:(NSData *)attestationSignature MTR_NEWLY_AVAILABLE;
 
+/**
+ * Initialize an MTROperationalCSRInfo by providing just the csrElementsTLV and
+ * attestationSignature (which can come from an
+ * MTROperationalCredentialsClusterCSRResponseParams).  This will extract the
+ * csr and csrNonce from the csrElementsTLV, if possible, and return nil if that
+ * fails.
+ */
+- (nullable instancetype)initWithCSRElementsTLV:(MTRTLVBytes)csrElementsTLV
+                           attestationSignature:(NSData *)attestationSignature MTR_NEWLY_AVAILABLE;
+
+/**
+ * Initialize an MTROperationalCSRInfo by providing an
+ * MTROperationalCredentialsClusterCSRResponseParams.  This will extract the
+ * relevant fields from the response data.
+ */
+- (nullable instancetype)initWithCSRResponseParams:(MTROperationalCredentialsClusterCSRResponseParams *)responseParams
+    MTR_NEWLY_AVAILABLE;
 @end
 
 MTR_DEPRECATED("Please use MTROperationalCSRInfo", ios(16.1, 16.4), macos(13.0, 13.3), watchos(9.1, 9.4), tvos(16.1, 16.4))

@@ -16,15 +16,41 @@
  */
 
 #import "MTRCSRInfo.h"
+#import "MTRFramework.h"
+#import "MTRLogging_Internal.h"
+#import "NSDataSpanConversion.h"
+
+#include <credentials/DeviceAttestationConstructor.h>
+#include <lib/core/CHIPError.h>
+#include <lib/support/CodeUtils.h>
+#include <lib/support/Span.h>
+
+static CHIP_ERROR ExtractCSRAndNonce(MTRTLVBytes csrElementsTLV, chip::ByteSpan & csr, chip::ByteSpan & nonce)
+{
+    // We don't care about vendor_reserved*.
+    chip::ByteSpan vendor_reserved1, vendor_reserved2, vendor_reserved3;
+    CHIP_ERROR err = chip::Credentials::DeconstructNOCSRElements(
+        AsByteSpan(csrElementsTLV), csr, nonce, vendor_reserved1, vendor_reserved2, vendor_reserved3);
+    if (err != CHIP_NO_ERROR) {
+        MTR_LOG_ERROR("Failed to parse csrElementsTLV %@: %" CHIP_ERROR_FORMAT, csrElementsTLV, err.Format());
+    }
+    return err;
+}
 
 NS_ASSUME_NONNULL_BEGIN
 
 @implementation MTROperationalCSRInfo : NSObject
 
-- (instancetype)initWithCSR:(MTRCSRDERBytes)csr
-                   csrNonce:(NSData *)csrNonce
-             csrElementsTLV:(MTRTLVBytes)csrElementsTLV
-       attestationSignature:(NSData *)attestationSignature;
++ (void)initialize
+{
+    // Needed for some of our init* methods.
+    MTRFrameworkInit();
+}
+
+- (instancetype)_initWithValidatedCSR:(MTRCSRDERBytes)csr
+                             csrNonce:(NSData *)csrNonce
+                       csrElementsTLV:(MTRTLVBytes)csrElementsTLV
+                 attestationSignature:(NSData *)attestationSignature;
 {
     if (self = [super init]) {
         _csr = csr;
@@ -34,6 +60,51 @@ - (instancetype)initWithCSR:(MTRCSRDERBytes)csr
     }
     return self;
 }
+
+- (instancetype)initWithCSR:(MTRCSRDERBytes)csr
+                   csrNonce:(NSData *)csrNonce
+             csrElementsTLV:(MTRTLVBytes)csrElementsTLV
+       attestationSignature:(NSData *)attestationSignature;
+{
+    return [self _initWithValidatedCSR:csr
+                              csrNonce:csrNonce
+                        csrElementsTLV:csrElementsTLV
+                  attestationSignature:attestationSignature];
+}
+
+- (nullable instancetype)initWithCSRNonce:(NSData *)csrNonce
+                           csrElementsTLV:(MTRTLVBytes)csrElementsTLV
+                     attestationSignature:(NSData *)attestationSignature
+{
+    chip::ByteSpan csr, extractedNonce;
+    VerifyOrReturnValue(ExtractCSRAndNonce(csrElementsTLV, csr, extractedNonce) == CHIP_NO_ERROR, nil);
+
+    if (!extractedNonce.data_equal(AsByteSpan(csrNonce))) {
+        MTR_LOG_ERROR("Provided CSR nonce does not match provided csrElementsTLV");
+        return nil;
+    }
+
+    return [self _initWithValidatedCSR:AsData(csr)
+                              csrNonce:csrNonce
+                        csrElementsTLV:csrElementsTLV
+                  attestationSignature:attestationSignature];
+}
+
+- (nullable instancetype)initWithCSRElementsTLV:(MTRTLVBytes)csrElementsTLV attestationSignature:(NSData *)attestationSignature
+{
+    chip::ByteSpan csr, csrNonce;
+    VerifyOrReturnValue(ExtractCSRAndNonce(csrElementsTLV, csr, csrNonce) == CHIP_NO_ERROR, nil);
+
+    return [self _initWithValidatedCSR:AsData(csr)
+                              csrNonce:AsData(csrNonce)
+                        csrElementsTLV:csrElementsTLV
+                  attestationSignature:attestationSignature];
+}
+
+- (nullable instancetype)initWithCSRResponseParams:(MTROperationalCredentialsClusterCSRResponseParams *)responseParams
+{
+    return [self initWithCSRElementsTLV:responseParams.nocsrElements attestationSignature:responseParams.attestationSignature];
+}
 @end
 
 @implementation CSRInfo : NSObject

@@ -74,6 +74,10 @@ API_AVAILABLE(ios(16.4), macos(13.3), watchos(9.4), tvos(16.4))
  *
  * This will be called on the dispatch queue passed as
  * operationalCertificateIssuerQueue in the MTRDeviceControllerFactoryParams.
+ *
+ * The csrNonce in the provided MTROperationalCSRInfo will be the nonce that was
+ * sent in the CSRRequest command, which will be guaranteed, at this point, to
+ * match the nonce in the CSRResponse command.
  */
 - (void)issueOperationalCertificateForRequest:(MTROperationalCSRInfo *)csrInfo
                               attestationInfo:(MTRDeviceAttestationInfo *)attestationInfo

@@ -145,28 +145,9 @@
 
     mOnNOCCompletionCallback = onCompletion;
 
-    TLVReader reader;
-    reader.Init(csrElements);
-
-    if (reader.GetType() == kTLVType_NotSpecified) {
-        ReturnErrorOnFailure(reader.Next());
-    }
-
-    VerifyOrReturnError(reader.GetType() == kTLVType_Structure, CHIP_ERROR_WRONG_TLV_TYPE);
-    VerifyOrReturnError(reader.GetTag() == AnonymousTag(), CHIP_ERROR_UNEXPECTED_TLV_ELEMENT);
-
-    TLVType containerType;
-    ReturnErrorOnFailure(reader.EnterContainer(containerType));
-    ReturnErrorOnFailure(reader.Next(kTLVType_ByteString, TLV::ContextTag(1)));
-
-    chip::ByteSpan csr;
-    reader.Get(csr);
-    reader.ExitContainer(containerType);
-
-    auto * csrInfo = [[MTROperationalCSRInfo alloc] initWithCSR:AsData(csr)
-                                                       csrNonce:AsData(csrNonce)
-                                                 csrElementsTLV:AsData(csrElements)
-                                           attestationSignature:AsData(csrElementsSignature)];
+    auto * csrInfo = [[MTROperationalCSRInfo alloc] initWithCSRNonce:AsData(csrNonce)
+                                                      csrElementsTLV:AsData(csrElements)
+                                                attestationSignature:AsData(csrElementsSignature)];
 
     chip::ByteSpan certificationDeclarationSpan;
     chip::ByteSpan attestationNonceSpan;

@@ -98,6 +98,13 @@ - (void)issueOperationalCertificateForRequest:(MTROperationalCSRInfo *)csrInfo
     XCTAssertNotNil(attestationInfo);
     XCTAssertEqual(controller, sController);
 
+    __auto_type * csrInfoCopy = [[MTROperationalCSRInfo alloc] initWithCSRElementsTLV:csrInfo.csrElementsTLV
+                                                                 attestationSignature:csrInfo.attestationSignature];
+    XCTAssertEqualObjects(csrInfoCopy.csr, csrInfo.csr);
+    XCTAssertEqualObjects(csrInfoCopy.csrNonce, csrInfo.csrNonce);
+    XCTAssertEqualObjects(csrInfoCopy.csrElementsTLV, csrInfo.csrElementsTLV);
+    XCTAssertEqualObjects(csrInfoCopy.attestationSignature, csrInfo.attestationSignature);
+
     completion(nil, [NSError errorWithDomain:MTRErrorDomain code:MTRErrorCodeIntegrityCheckFailed userInfo:nil]);
 }