From f9ac954217dd41375f0455d3034e1a323dfb9dfa Mon Sep 17 00:00:00 2001
From: yunhanw-google <yunhanw@google.com>
Date: Fri, 26 Apr 2024 17:34:20 -0700
Subject: [PATCH] Add OnCreateRefreshKey (#33202)

* Add OnCreateRefreshKey

* Update src/app/icd/client/DefaultCheckInDelegate.h

Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>

* Update src/app/icd/client/DefaultCheckInDelegate.h

Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>

* Update src/app/icd/client/DefaultCheckInDelegate.h

Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>

* Update DefaultCheckInDelegate.cpp

* Restyled by whitespace

---------

Co-authored-by: Boris Zbarsky <bzbarsky@apple.com>
Co-authored-by: Restyled.io <commits@restyled.io>
---
 src/app/icd/client/DefaultCheckInDelegate.cpp |  9 ++++++---
 src/app/icd/client/DefaultCheckInDelegate.h   | 12 ++++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/app/icd/client/DefaultCheckInDelegate.cpp b/src/app/icd/client/DefaultCheckInDelegate.cpp
index e967138310c0f4..2d4624b7837470 100644
--- a/src/app/icd/client/DefaultCheckInDelegate.cpp
+++ b/src/app/icd/client/DefaultCheckInDelegate.cpp
@@ -16,7 +16,6 @@
  */
 
 #include <app/icd/client/DefaultCheckInDelegate.h>
-#include <app/icd/client/RefreshKeySender.h>
 #include <crypto/CHIPCryptoPAL.h>
 #include <lib/support/CodeUtils.h>
 #include <lib/support/logging/CHIPLogging.h>
@@ -40,12 +39,16 @@ void DefaultCheckInDelegate::OnCheckInComplete(const ICDClientInfo & clientInfo)
         clientInfo.start_icd_counter, clientInfo.offset, ChipLogValueScopedNodeId(clientInfo.peer_node));
 }
 
+CHIP_ERROR DefaultCheckInDelegate::GenerateRefreshKey(RefreshKeySender::RefreshKeyBuffer & newKey)
+{
+    return Crypto::DRBG_get_bytes(newKey.Bytes(), newKey.Capacity());
+}
+
 RefreshKeySender * DefaultCheckInDelegate::OnKeyRefreshNeeded(ICDClientInfo & clientInfo, ICDClientStorage * clientStorage)
 {
     CHIP_ERROR err = CHIP_NO_ERROR;
     RefreshKeySender::RefreshKeyBuffer newKey;
-
-    err = Crypto::DRBG_get_bytes(newKey.Bytes(), newKey.Capacity());
+    err = GenerateRefreshKey(newKey);
     if (err != CHIP_NO_ERROR)
     {
         ChipLogError(ICD, "Generation of new key failed: %" CHIP_ERROR_FORMAT, err.Format());
diff --git a/src/app/icd/client/DefaultCheckInDelegate.h b/src/app/icd/client/DefaultCheckInDelegate.h
index 355259f561ea40..52941817bd3f9f 100644
--- a/src/app/icd/client/DefaultCheckInDelegate.h
+++ b/src/app/icd/client/DefaultCheckInDelegate.h
@@ -20,6 +20,7 @@
 
 #include <app/icd/client/CheckInDelegate.h>
 #include <app/icd/client/ICDClientStorage.h>
+#include <app/icd/client/RefreshKeySender.h>
 
 namespace chip {
 namespace app {
@@ -33,6 +34,17 @@ class DefaultCheckInDelegate : public CheckInDelegate
     virtual ~DefaultCheckInDelegate() {}
     CHIP_ERROR Init(ICDClientStorage * storage, InteractionModelEngine * engine);
     void OnCheckInComplete(const ICDClientInfo & clientInfo) override;
+
+    /**
+     * @brief Callback used to let the application generate the new ICD symmetric key
+     *
+     * If this calback is not overridden, Crypto::DRBG_get_bytes will be used to generated the key.
+     *
+     * @param[inout] newKey sensitive data buffer with type Crypto::SensitiveDataBuffer<Crypto::kAES_CCM128_Key_Length>
+     * @param[out] CHIP_ERROR CHIP_ERROR_INVALID_ARGUMENT
+     *                        CHIP_ERROR_INTERNAL
+     */
+    virtual CHIP_ERROR GenerateRefreshKey(RefreshKeySender::RefreshKeyBuffer & newKey);
     RefreshKeySender * OnKeyRefreshNeeded(ICDClientInfo & clientInfo, ICDClientStorage * clientStorage) override;
     void OnKeyRefreshDone(RefreshKeySender * refreshKeySender, CHIP_ERROR error) override;