Merge 36b5c4c into 3be848d

project-chip · Aug 30, 2022 · 1605442 · 1605442
2 parents 3be848d + 36b5c4c
commit 1605442
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.h b/src/darwin/Framework/CHIP/MTRDeviceController.h
@@ -134,6 +134,14 @@ typedef void (^MTRDeviceConnectionCallback)(MTRBaseDevice * _Nullable device, NS
  */
 - (void)setNocChainIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer queue:(dispatch_queue_t)queue;
 
+/**
+ * Return the attestation challenge for the secure session of the device being commissioned.
+ *
+ * Attempts to retrieve the generated attestation challenge from a commissionee with the given Device ID.
+ * Returns nil if given Device ID does not match an active commissionee, or if a Secure Session is not availale.
+ */
+- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId;
+
 /**
  * Compute a PASE verifier and passcode ID for the desired setup pincode.
  *

diff --git a/src/darwin/Framework/CHIP/MTRDeviceController.mm b/src/darwin/Framework/CHIP/MTRDeviceController.mm
@@ -71,6 +71,8 @@
 static NSString * const kErrorGenerateNOC = @"Generating operational certificate failed";
 static NSString * const kErrorKeyAllocation = @"Generating new operational key failed";
 static NSString * const kErrorCSRValidation = @"Extracting public key from CSR failed";
+static NSString * const kErrorGetCommissionee = @"Failure obtaining device being commissioned";
+static NSString * const kErrorGetAttestationChallenge = @"Failure getting attestation challenge";
 
 @interface MTRDeviceController ()
 
@@ -703,6 +705,32 @@ - (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode iterations:(uint
     return result;
 }
 
+- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId
+{
+    VerifyOrReturnValue([self checkIsRunning], nil);
+
+    __block NSData * attestationChallenge;
+    dispatch_sync(_chipWorkQueue, ^{
+        VerifyOrReturn([self checkIsRunning]);
+
+        chip::CommissioneeDeviceProxy * deviceProxy;
+        auto errorCode = self.cppCommissioner->GetDeviceBeingCommissioned(deviceId, &deviceProxy);
+        auto success = ![self checkForError:errorCode logMsg:kErrorGetCommissionee error:nil];
+        VerifyOrReturn(success);
+
+        uint8_t challengeBuffer[chip::Crypto::kAES_CCM128_Key_Length];
+        chip::ByteSpan challenge(challengeBuffer);
+
+        errorCode = deviceProxy->GetAttestationChallenge(challenge);
+        success = ![self checkForError:errorCode logMsg:kErrorGetAttestationChallenge error:nil];
+        VerifyOrReturn(success);
+
+        attestationChallenge = AsData(challenge);
+    });
+
+    return attestationChallenge;
+}
+
 - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg
 {
     if (condition) {