Skip to content

Commit

Permalink
Add a way to extract the public key from a CSR to the Matter framewor…
Browse files Browse the repository at this point in the history
…k. (#24544)

Fixes #24536.
  • Loading branch information
bzbarsky-apple authored and pull[bot] committed Nov 14, 2023
1 parent b2ca3b5 commit 5256212
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 7 deletions.
2 changes: 0 additions & 2 deletions src/darwin/Framework/CHIP/MTRCSRInfo.h
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@

#import <Matter/MTRDefines.h>

typedef NSData * MTRCSRDERBytes;

NS_ASSUME_NONNULL_BEGIN

/**
Expand Down
16 changes: 12 additions & 4 deletions src/darwin/Framework/CHIP/MTRCertificates.h
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@

#import <Foundation/Foundation.h>

typedef NSData * MTRCertificateDERBytes;
typedef NSData * MTRCertificateTLVBytes;
#import <Matter/MTRDefines.h>

NS_ASSUME_NONNULL_BEGIN

Expand Down Expand Up @@ -128,8 +127,8 @@ NS_ASSUME_NONNULL_BEGIN
* On failure returns nil and if "error" is not null sets *error to the relevant
* error.
*/
+ (NSData * _Nullable)createCertificateSigningRequest:(id<MTRKeypair>)keypair
error:(NSError * __autoreleasing _Nullable * _Nullable)error;
+ (MTRCSRDERBytes _Nullable)createCertificateSigningRequest:(id<MTRKeypair>)keypair
error:(NSError * __autoreleasing _Nullable * _Nullable)error;

/**
* Convert the given X.509v3 DER encoded certificate to the Matter certificate
Expand All @@ -151,6 +150,15 @@ NS_ASSUME_NONNULL_BEGIN
*/
+ (MTRCertificateDERBytes _Nullable)convertMatterCertificate:(MTRCertificateTLVBytes)matterCertificate MTR_NEWLY_AVAILABLE;

/**
* Extract the public key from the given PKCS#10 certificate signing request.
* This is the public key that a certificate issued in response to the request
* would need to have.
*/
+ (NSData * _Nullable)extractPublicKeyFromCertificateSigningRequest:(MTRCSRDERBytes)certificateSigningRequest
error:(NSError * __autoreleasing _Nullable * _Nullable)error
MTR_NEWLY_AVAILABLE;

@end

@interface MTRCertificates (Deprecated)
Expand Down
18 changes: 18 additions & 0 deletions src/darwin/Framework/CHIP/MTRCertificates.mm
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,24 @@ + (MTRCertificateDERBytes _Nullable)convertMatterCertificate:(MTRCertificateTLVB
return AsData(derCertBytes);
}

+ (NSData * _Nullable)extractPublicKeyFromCertificateSigningRequest:(MTRCSRDERBytes)certificateSigningRequest
error:(NSError * __autoreleasing _Nullable * _Nullable)error
{
auto requestSpan = AsByteSpan(certificateSigningRequest);
P256PublicKey publicKey;
CHIP_ERROR err = VerifyCertificateSigningRequest(requestSpan.data(), requestSpan.size(), publicKey);
if (err != CHIP_NO_ERROR) {
MTR_LOG_ERROR("extractPublicKeyFromCertificateSigningRequest: %s", chip::ErrorStr(err));
if (error) {
*error = [MTRError errorForCHIPErrorCode:err];
}
return nil;
}

P256PublicKeySpan publicKeySpan(publicKey.ConstBytes());
return AsData(publicKeySpan);
}

@end

@implementation MTRCertificates (Deprecated)
Expand Down
3 changes: 3 additions & 0 deletions src/darwin/Framework/CHIP/MTRDefines.h
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,6 @@
#endif

typedef NSData * MTRTLVBytes;
typedef NSData * MTRCSRDERBytes;
typedef NSData * MTRCertificateDERBytes;
typedef NSData * MTRCertificateTLVBytes;
11 changes: 10 additions & 1 deletion src/darwin/Framework/CHIPTests/MTRCertificateTests.m
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,16 @@ - (void)testGenerateCSR
__auto_type * csr = [MTRCertificates createCertificateSigningRequest:testKeys error:nil];
XCTAssertNotNil(csr);

// Wish there was something we could test here about the CSR.
__auto_type * publicKey = [MTRCertificates extractPublicKeyFromCertificateSigningRequest:csr error:nil];
XCTAssertNotNil(publicKey);

SecKeyRef originalKeyRef = [testKeys publicKey];
XCTAssertTrue(originalKeyRef != NULL);

NSData * originalPublicKey = (__bridge_transfer NSData *) SecKeyCopyExternalRepresentation(originalKeyRef, nil);
XCTAssertNotNil(originalPublicKey);

XCTAssertEqualObjects(publicKey, originalPublicKey);
}

@end

0 comments on commit 5256212

Please sign in to comment.