src/device-manager/cocoa/NLWeaveKeyExportSupport.mm

/*
 *
 *    Copyright (c) 2016-2017 Nest Labs, Inc.
 *    All rights reserved.
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

/**
 *    @file
 *      This file defines a Wrapper for C++ utility functions for testing key export
 *      functionality (needed for keyStore in mobileiOS tree).
 *
 */

#import "NLWeaveKeyExportSupport.h"

#include <Weave/Core/WeaveCore.h>
#include <Weave/Core/WeaveKeyIds.h>
#include <Weave/Support/CodeUtils.h>
#include <Weave/Profiles/security/WeaveKeyExportClient.h>

using namespace nl::Weave::Profiles::Security::KeyExport;

NSString * const NLWeaveKeyExportSupportErrorDomain = @"NLWeaveKeyExportSupprtErrorDomain";

@implementation NLWeaveKeyExportSupport

static UInt32 const kMaxPubKeySize = (((WEAVE_CONFIG_MAX_EC_BITS + 7) / 8) + 1) * 2;
static UInt32 const kMaxECDSASigSize = kMaxPubKeySize;

+ (nullable NSData *)simulateDeviceKeyExport:(NSData *)keyExportReq
                                  deviceCert:(NSData *)deviceCert
                               devicePrivKey:(NSData *)devicePrivKey
                               trustRootCert:(NSData *)trustRootCert
                                  isReconfig:(BOOL *)isReconfigOut
                                       error:(NSError **)errOut
{

    WEAVE_ERROR err = WEAVE_NO_ERROR;
    uint16_t exportRespLen = 0;
    bool isReconfig = false;

    if (keyExportReq == nil || deviceCert == nil || devicePrivKey == nil || trustRootCert == nil || isReconfigOut == nil) {
        if (errOut) {
            *errOut = [NSError errorWithDomain:NLWeaveKeyExportSupportErrorDomain
                                          code:NLWeaveKeyExportSupportErrorDomainInvalidArgument
                                      userInfo:nil];
        }

        return nil;
    }

    size_t exportRespBufSize = 7 // Key export response header size // TODO: adjust this
        + kMaxPubKeySize // Ephemeral public key size
        + kMaxECDSASigSize // Size of bare signature field
        + [deviceCert length] // Size equal to at least the total size of the device certificate
        + 1024; // Space for additional signature fields plus encoding overhead

    NSMutableData * exportRespBuff = [[NSMutableData alloc] initWithLength:exportRespBufSize];

    err = SimulateDeviceKeyExport((unsigned char *) [deviceCert bytes], [deviceCert length],
        (unsigned char *) [devicePrivKey bytes], [devicePrivKey length], (unsigned char *) [trustRootCert bytes],
        [trustRootCert length], (unsigned char *) [keyExportReq bytes], [keyExportReq length],
        (unsigned char *) [exportRespBuff mutableBytes], [exportRespBuff length], exportRespLen, isReconfig);

    if (err != WEAVE_NO_ERROR) {
        if (errOut) {
            NSString * failureReason =
                [NSString stringWithFormat:NSLocalizedString(@"SimulateDeviceKeyExport error: %d", @""), err];
            NSDictionary * userInfo = @{ NSLocalizedFailureReasonErrorKey : failureReason };
            *errOut = [NSError errorWithDomain:NLWeaveKeyExportSupportErrorDomain
                                          code:NLWeaveKeyExportSupportErrorDomainSimulateKeyExportFailure
                                      userInfo:userInfo];
        }

        return nil;
    }

    *isReconfigOut = isReconfig ? true : false;

    [exportRespBuff setLength:exportRespLen];
    return exportRespBuff;
}

@end