Skip to content

Commit 12db354

Browse files
Fix handling of csrNonce in MTRCommissioningParameters. (project-chip#42075)
* Fix handling of csrNonce in MTRCommissioningParameters. The CSR nonce passed via CommissioningParameters was being ignored by AutoCommisssioner, because it was just fetching a random nonce from the OperationalCredentialsDelegate. This fix makes it possible for an OperationalCredentialsDelegate to indicate that the AutoCommissioner should use whatever nonce was provided via CommissioningParameters, and uses that in MTROperationalCredentialsDelegate, so we don't override the data from MTRCommissioningParameters. * Apply suggestion from code review. Co-authored-by: Karsten Sperling <[email protected]> * Address review comment. --------- Co-authored-by: Karsten Sperling <[email protected]>
1 parent 4859b93 commit 12db354

File tree

4 files changed

+31
-4
lines changed

4 files changed

+31
-4
lines changed

src/controller/AutoCommissioner.cpp

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -970,9 +970,17 @@ CHIP_ERROR AutoCommissioner::CommissioningStepFinished(CHIP_ERROR err, Commissio
970970
// reference to the operational credential delegate here
971971
if (mOperationalCredentialsDelegate != nullptr)
972972
{
973-
MutableByteSpan nonce(mCSRNonce);
974-
ReturnErrorOnFailure(mOperationalCredentialsDelegate->ObtainCsrNonce(nonce));
975-
mParams.SetCSRNonce(ByteSpan(mCSRNonce, sizeof(mCSRNonce)));
973+
uint8_t csrNonceBytes[sizeof(mCSRNonce)];
974+
MutableByteSpan nonce(csrNonceBytes);
975+
CHIP_ERROR csrError = mOperationalCredentialsDelegate->ObtainCsrNonce(nonce);
976+
if (csrError != CHIP_ERROR_NOT_IMPLEMENTED)
977+
{
978+
ReturnErrorOnFailure(csrError);
979+
980+
MutableByteSpan savedCSRNonce(mCSRNonce);
981+
ReturnErrorOnFailure(CopySpanToMutableSpan(nonce, savedCSRNonce));
982+
mParams.SetCSRNonce(savedCSRNonce);
983+
}
976984
}
977985
break;
978986
}

src/controller/OperationalCredentialsDelegate.h

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,17 @@ class DLL_EXPORT OperationalCredentialsDelegate
8181
*/
8282
virtual void SetFabricIdForNextNOCRequest(FabricId fabricId) {}
8383

84+
/**
85+
* ObtainCsrNonce can be overridden to return CHIP_ERROR_NOT_IMPLEMENTED to
86+
* indicate that whatever CSR nonce came from the CommissioningParameters
87+
* should be used, or overridden to return a specific nonce that will be
88+
* used instead of the one from CommissioningParameters, if AutoCommissioner
89+
* is used.
90+
*
91+
* The default implementation of this method generates a random nonce,
92+
* which will take precedence over the one from CommissioningParameters
93+
* if AutoCommissioner is used.
94+
*/
8495
virtual CHIP_ERROR ObtainCsrNonce(MutableByteSpan & csrNonce)
8596
{
8697
VerifyOrReturnError(csrNonce.size() == kCSRNonceLength, CHIP_ERROR_INVALID_ARGUMENT);

src/darwin/Framework/CHIP/MTROperationalCredentialsDelegate.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,8 @@ class MTROperationalCredentialsDelegate : public chip::Controller::OperationalCr
5454

5555
void SetFabricIdForNextNOCRequest(chip::FabricId fabricId) override { mNextFabricId = fabricId; }
5656

57+
CHIP_ERROR ObtainCsrNonce(chip::MutableByteSpan & csrNonce) override { return CHIP_ERROR_NOT_IMPLEMENTED; }
58+
5759
void SetDeviceID(chip::NodeId deviceId) { mDeviceBeingPaired = deviceId; }
5860
void ResetDeviceID() { mDeviceBeingPaired = chip::kUndefinedNodeId; }
5961

src/darwin/Framework/CHIPTests/MTROperationalCertificateIssuerTests.m

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
static NSString * kOnboardingPayload = @"MT:-24J0AFN00KA0648G00";
2929
static const uint16_t kLocalPort = 5541;
3030
static const uint16_t kTestVendorId = 0xFFF1u;
31+
static NSString * kCSRNonceStr = @"01234567890123456789012345678901"; // 32 chars
3132

3233
// Singleton controller we use.
3334
static MTRDeviceController * sController = nil;
@@ -53,9 +54,12 @@ - (void)controller:(MTRDeviceController *)controller commissioningSessionEstabli
5354
{
5455
XCTAssertEqual(error.code, 0);
5556

57+
__auto_type * params = [[MTRCommissioningParameters alloc] init];
58+
params.csrNonce = [kCSRNonceStr dataUsingEncoding:NSUTF8StringEncoding];
59+
5660
NSError * commissionError = nil;
5761
[sController commissionNodeWithID:@(kDeviceId)
58-
commissioningParams:[[MTRCommissioningParameters alloc] init]
62+
commissioningParams:params
5963
error:&commissionError];
6064
XCTAssertNil(commissionError);
6165

@@ -97,6 +101,8 @@ - (void)issueOperationalCertificateForRequest:(MTROperationalCSRInfo *)csrInfo
97101
XCTAssertNotNil(attestationInfo);
98102
XCTAssertEqual(controller, sController);
99103

104+
XCTAssertEqualObjects(csrInfo.csrNonce, [kCSRNonceStr dataUsingEncoding:NSUTF8StringEncoding]);
105+
100106
__auto_type * csrInfoCopy = [[MTROperationalCSRInfo alloc] initWithCSRElementsTLV:csrInfo.csrElementsTLV
101107
attestationSignature:csrInfo.attestationSignature];
102108
XCTAssertEqualObjects(csrInfoCopy.csr, csrInfo.csr);

0 commit comments

Comments
 (0)