Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@woody-apple
woody-apple committed Apr 17, 2024
1 parent 80cb929 commit 1054470
Show file tree
Hide file tree
Showing 9 changed files with 68 additions and 35 deletions.
17 changes: 16 additions & 1 deletion src/darwin/Framework/CHIP/MTRCertificates.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,22 @@ + (MTRCertificateDERBytes _Nullable)createOperationalCertificate:(id<MTRKeypair>
+ (BOOL)keypair:(id<MTRKeypair>)keypair matchesCertificate:(NSData *)certificate
{
P256PublicKey keypairPubKey;
CHIP_ERROR err = MTRP256KeypairBridge::MatterPubKeyFromSecKeyRef(keypair.publicKey, &keypairPubKey);
SecKeyRef publicKey = NULL;

if ( [keypair respondsToSelector:@selector(copyPublicKey)] ) {
publicKey = [keypair copyPublicKey];
} else {
publicKey = [keypair publicKey];
CFRetain(publicKey);
}

CHIP_ERROR err = MTRP256KeypairBridge::MatterPubKeyFromSecKeyRef(publicKey, &keypairPubKey);

if ( publicKey != NULL) {
CFRelease(publicKey);
publicKey = NULL
}

if (err != CHIP_NO_ERROR) {
MTR_LOG_ERROR("Can't extract public key from keypair: %s", ErrorStr(err));
return NO;
Expand Down
17 changes: 16 additions & 1 deletion src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -766,7 +766,22 @@ - (BOOL)findMatchingFabric:(FabricTable &)fabricTable
} else {
// No root certificate means the nocSigner is using the root keys, because
// consumers must provide a root certificate whenever an ICA is used.
CHIP_ERROR err = MTRP256KeypairBridge::MatterPubKeyFromSecKeyRef(params.nocSigner.publicKey, &pubKey);
SecKeyRef publicKey = NULL;

if ( [keypair respondsToSelector:@selector(copyPublicKey)] ) {
publicKey = [keypair copyPublicKey];
} else {
publicKey = [keypair publicKey];
CFRetain(publicKey);
}

CHIP_ERROR err = MTRP256KeypairBridge::MatterPubKeyFromSecKeyRef(publicKey, &pubKey);

if ( publicKey != NULL) {
CFRelease(publicKey);
publicKey = NULL
}

if (err != CHIP_NO_ERROR) {
MTR_LOG_ERROR("Can't extract public key from MTRKeypair: %s", ErrorStr(err));
return NO;
Expand Down
5 changes: 4 additions & 1 deletion src/darwin/Framework/CHIP/MTRKeypair.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,10 @@ NS_ASSUME_NONNULL_BEGIN
/**
* @brief Return public key for the keypair.
*/
- (SecKeyRef)publicKey;
- (SecKeyRef)publicKey MTR_DEPRECATED(
"Please implement copyPublicKey", ios(16.4, 17.2), macos(13.3, 14.2), watchos(9.4, 10.2), tvos(16.4, 17.2));
;
- (SecKeyRef)copyPublicKey MTR_NEWLY_AVAILABLE;

@optional
/**
Expand Down
32 changes: 16 additions & 16 deletions src/darwin/Framework/CHIPTests/MTRCertificateTests.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ - (void)testGenerateIntermediateCert

__auto_type * intermediateCert = [MTRCertificates createIntermediateCertificate:rootKeys
rootCertificate:rootCert
intermediatePublicKey:intermediateKeys.publicKey
intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease]
issuerID:nil
fabricID:nil
error:nil];
Expand Down Expand Up @@ -161,7 +161,7 @@ - (void)testGenerateIntermediateCertWithValidityPeriod

__auto_type * intermediateCert = [MTRCertificates createIntermediateCertificate:rootKeys
rootCertificate:rootCert
intermediatePublicKey:intermediateKeys.publicKey
intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease]
issuerID:nil
fabricID:nil
validityPeriod:validityPeriod
Expand Down Expand Up @@ -198,7 +198,7 @@ - (void)testGenerateIntermediateCertWithInfiniteValidity

__auto_type * intermediateCert = [MTRCertificates createIntermediateCertificate:rootKeys
rootCertificate:rootCert
intermediatePublicKey:intermediateKeys.publicKey
intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease]
issuerID:nil
fabricID:nil
validityPeriod:validityPeriod
Expand Down Expand Up @@ -238,7 +238,7 @@ - (void)testGenerateOperationalCertNoIntermediate

__auto_type * operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@1
caseAuthenticatedTags:cats
Expand Down Expand Up @@ -277,7 +277,7 @@ - (void)testGenerateOperationalCertNoIntermediateWithValidityPeriod

__auto_type * operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@1
caseAuthenticatedTags:cats
Expand Down Expand Up @@ -321,7 +321,7 @@ - (void)testGenerateOperationalCertNoIntermediateWithInfiniteValidity

__auto_type * operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@1
caseAuthenticatedTags:cats
Expand Down Expand Up @@ -356,7 +356,7 @@ - (void)testGenerateOperationalCertWithIntermediate

__auto_type * intermediateCert = [MTRCertificates createIntermediateCertificate:rootKeys
rootCertificate:rootCert
intermediatePublicKey:intermediateKeys.publicKey
intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease]
issuerID:nil
fabricID:nil
error:nil];
Expand All @@ -367,7 +367,7 @@ - (void)testGenerateOperationalCertWithIntermediate

__auto_type * operationalCert = [MTRCertificates createOperationalCertificate:intermediateKeys
signingCertificate:intermediateCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@1
caseAuthenticatedTags:nil
Expand Down Expand Up @@ -415,7 +415,7 @@ - (void)testGenerateOperationalCertErrorCases
// Check basic case works
__auto_type * operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@1
caseAuthenticatedTags:nil
Expand All @@ -425,7 +425,7 @@ - (void)testGenerateOperationalCertErrorCases
// CATs too long
operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@1
caseAuthenticatedTags:longCats
Expand All @@ -435,7 +435,7 @@ - (void)testGenerateOperationalCertErrorCases
// Multiple CATs with the same identifier but different versions
operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@1
caseAuthenticatedTags:catsWithSameIdentifier
Expand All @@ -445,7 +445,7 @@ - (void)testGenerateOperationalCertErrorCases
// CAT with invalid version
operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@1
caseAuthenticatedTags:catsWithInvalidVersion
Expand All @@ -455,7 +455,7 @@ - (void)testGenerateOperationalCertErrorCases
// Signing key mismatch
operationalCert = [MTRCertificates createOperationalCertificate:operationalKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@1
caseAuthenticatedTags:nil
Expand All @@ -465,7 +465,7 @@ - (void)testGenerateOperationalCertErrorCases
// Invalid fabric id
operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@0
nodeID:@1
caseAuthenticatedTags:nil
Expand All @@ -475,7 +475,7 @@ - (void)testGenerateOperationalCertErrorCases
// Undefined node id
operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@0
caseAuthenticatedTags:nil
Expand All @@ -485,7 +485,7 @@ - (void)testGenerateOperationalCertErrorCases
// Non-operational node id
operationalCert = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:rootCert
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:@1
nodeID:@(0xFFFFFFFFFFFFFFFFLLU)
caseAuthenticatedTags:nil
Expand Down
2 changes: 1 addition & 1 deletion src/darwin/Framework/CHIPTests/MTRCertificateValidityTests.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,7 +260,7 @@ - (void)initStack:(MTRTestCertificateIssuer *)certificateIssuer

__auto_type * controllerOperationalCert =
[certificateIssuer issueOperationalCertificateForNode:@(kControllerId)
operationalPublicKey:controllerOperationalKeys.publicKey];
operationalPublicKey:[controllerOperationalKeys.copyPublicKey autorelease]];
XCTAssertNotNil(controllerOperationalCert);

__auto_type * params = [[MTRDeviceControllerStartupParams alloc] initWithIPK:certificateIssuer.rootKey.ipk
Expand Down
2 changes: 1 addition & 1 deletion src/darwin/Framework/CHIPTests/MTRControllerAdvertisingTests.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ - (nullable MTRDeviceController *)startControllerWithRootKeys:(MTRTestKeys *)roo

__auto_type * operational = [MTRCertificates createOperationalCertificate:rootKeys
signingCertificate:root
operationalPublicKey:operationalKeys.publicKey
operationalPublicKey:[operationalKeys.copyPublicKey autorelease]
fabricID:fabricID
nodeID:nodeID
caseAuthenticatedTags:nil
Expand Down
Loading

0 comments on commit 1054470

Please sign in to comment.