Expose DeviceProxy::GetAttestationChallenge to Obj-C. (#22111)

* Expose `DeviceCommissioner::GetAttestationChallenge` to Obj-C.

* Update PR based on comments from bzbarsky.

* Restyled by whitespace

* Restyled by clang-format

* Fix typo in comment.

Co-authored-by: Restyled.io <[email protected]>
Co-authored-by: Boris Zbarsky <[email protected]>

Author: 3 people

src/darwin/Framework/CHIP/MTRDeviceController.h

@@ -134,6 +134,14 @@ typedef void (^MTRDeviceConnectionCallback)(MTRBaseDevice * _Nullable device, NS
  */
 - (void)setNocChainIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer queue:(dispatch_queue_t)queue;
 
+/**
+ * Return the attestation challenge for the secure session of the device being commissioned.
+ *
+ * Attempts to retrieve the generated attestation challenge from a commissionee with the given Device ID.
+ * Returns nil if given Device ID does not match an active commissionee, or if a Secure Session is not availale.
+ */
+- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId;
+
 /**
  * Compute a PASE verifier and passcode ID for the desired setup pincode.
  *

src/darwin/Framework/CHIP/MTRDeviceController.mm

@@ -71,6 +71,8 @@
 static NSString * const kErrorGenerateNOC = @"Generating operational certificate failed";
 static NSString * const kErrorKeyAllocation = @"Generating new operational key failed";
 static NSString * const kErrorCSRValidation = @"Extracting public key from CSR failed";
+static NSString * const kErrorGetCommissionee = @"Failure obtaining device being commissioned";
+static NSString * const kErrorGetAttestationChallenge = @"Failure getting attestation challenge";
 
 @interface MTRDeviceController ()
 
@@ -703,6 +705,32 @@ - (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode iterations:(uint
     return result;
 }
 
+- (nullable NSData *)generateAttestationChallengeForDeviceId:(uint64_t)deviceId
+{
+    VerifyOrReturnValue([self checkIsRunning], nil);
+
+    __block NSData * attestationChallenge;
+    dispatch_sync(_chipWorkQueue, ^{
+        VerifyOrReturn([self checkIsRunning]);
+
+        chip::CommissioneeDeviceProxy * deviceProxy;
+        auto errorCode = self.cppCommissioner->GetDeviceBeingCommissioned(deviceId, &deviceProxy);
+        auto success = ![self checkForError:errorCode logMsg:kErrorGetCommissionee error:nil];
+        VerifyOrReturn(success);
+
+        uint8_t challengeBuffer[chip::Crypto::kAES_CCM128_Key_Length];
+        chip::ByteSpan challenge(challengeBuffer);
+
+        errorCode = deviceProxy->GetAttestationChallenge(challenge);
+        success = ![self checkForError:errorCode logMsg:kErrorGetAttestationChallenge error:nil];
+        VerifyOrReturn(success);
+
+        attestationChallenge = AsData(challenge);
+    });
+
+    return attestationChallenge;
+}
+
 - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg
 {
     if (condition) {