Line data    Source code

       1             : /*
       2             :  *
       3             :  *    Copyright (c) 2021 Project CHIP Authors
       4             :  *    All rights reserved.
       5             :  *
       6             :  *    Licensed under the Apache License, Version 2.0 (the "License");
       7             :  *    you may not use this file except in compliance with the License.
       8             :  *    You may obtain a copy of the License at
       9             :  *
      10             :  *        http://www.apache.org/licenses/LICENSE-2.0
      11             :  *
      12             :  *    Unless required by applicable law or agreed to in writing, software
      13             :  *    distributed under the License is distributed on an "AS IS" BASIS,
      14             :  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      15             :  *    See the License for the specific language governing permissions and
      16             :  *    limitations under the License.
      17             :  */
      18             : 
      19             : #pragma once
      20             : 
      21             : #include <app/util/basic-types.h>
      22             : #include <crypto/CHIPCryptoPAL.h>
      23             : #include <lib/core/CHIPCallback.h>
      24             : #include <lib/core/PeerId.h>
      25             : #include <lib/support/DLLUtil.h>
      26             : #include <lib/support/Span.h>
      27             : #include <transport/raw/MessageHeader.h>
      28             : 
      29             : namespace chip {
      30             : namespace Controller {
      31             : 
      32             : typedef void (*OnNOCChainGeneration)(void * context, CHIP_ERROR status, const ByteSpan & noc, const ByteSpan & icac,
      33             :                                      const ByteSpan & rcac, Optional<Crypto::IdentityProtectionKeySpan> ipk,
      34             :                                      Optional<NodeId> adminSubject);
      35             : 
      36             : inline constexpr uint32_t kMaxCHIPDERCertLength = 600;
      37             : inline constexpr size_t kCSRNonceLength         = 32;
      38             : 
      39             : /// Callbacks for CHIP operational credentials generation
      40             : class DLL_EXPORT OperationalCredentialsDelegate
      41             : {
      42             : public:
      43           0 :     virtual ~OperationalCredentialsDelegate() {}
      44             : 
      45             :     /**
      46             :      * @brief
      47             :      *   This function generates an operational certificate chain for a remote device that is being commissioned.
      48             :      *   The API generates the certificate in X.509 DER format.
      49             :      *
      50             :      *   The delegate is expected to use the certificate authority whose certificate
      51             :      *   is returned in `GetRootCACertificate()` API call.
      52             :      *
      53             :      *   The delegate will call `onCompletion` when the NOC certificate chain is ready.
      54             :      *
      55             :      * @param[in] csrElements          CSR elements as per specifications section 11.18.5.6. NOCSR Elements.
      56             :      * @param[in] csrNonce             CSR nonce as described in 6.4.6.1
      57             :      * @param[in] attestationSignature Attestation signature as per specifications section 11.22.7.6. CSRResponse Command.
      58             :      * @param[in] attestationChallenge Attestation challenge as per 11.18.5.7
      59             :      * @param[in] DAC                  Device attestation certificate received from the device being commissioned
      60             :      * @param[in] PAI                  Product Attestation Intermediate certificate
      61             :      * @param[in] onCompletion         Callback handler to provide generated NOC chain to the caller of GenerateNOCChain()
      62             :      *
      63             :      * @return CHIP_ERROR CHIP_NO_ERROR on success, or corresponding error code.
      64             :      */
      65             :     virtual CHIP_ERROR GenerateNOCChain(const ByteSpan & csrElements, const ByteSpan & csrNonce,
      66             :                                         const ByteSpan & attestationSignature, const ByteSpan & attestationChallenge,
      67             :                                         const ByteSpan & DAC, const ByteSpan & PAI,
      68             :                                         Callback::Callback<OnNOCChainGeneration> * onCompletion) = 0;
      69             : 
      70             :     /**
      71             :      *   This function sets the node ID for which the next NOC Chain would be requested. The node ID is
      72             :      *   provided as a hint, and the delegate implementation may chose to ignore it and pick node ID of
      73             :      *   their choice.
      74             :      */
      75           0 :     virtual void SetNodeIdForNextNOCRequest(NodeId nodeId) {}
      76             : 
      77             :     /**
      78             :      *   This function sets the fabric ID for which the next NOC Chain should be generated. This API is
      79             :      *   not required to be implemented if the delegate implementation has other mechanisms to find the
      80             :      *   fabric ID.
      81             :      */
      82           0 :     virtual void SetFabricIdForNextNOCRequest(FabricId fabricId) {}
      83             : 
      84           0 :     virtual CHIP_ERROR ObtainCsrNonce(MutableByteSpan & csrNonce)
      85             :     {
      86           0 :         VerifyOrReturnError(csrNonce.size() == kCSRNonceLength, CHIP_ERROR_INVALID_ARGUMENT);
      87           0 :         ReturnErrorOnFailure(Crypto::DRBG_get_bytes(csrNonce.data(), csrNonce.size()));
      88           0 :         return CHIP_NO_ERROR;
      89             :     }
      90             : };
      91             : 
      92             : } // namespace Controller
      93             : } // namespace chip