First CASE implementation (WIP)

Author: jdomnitz

MatterDotNet/PKI/Fabric.cs

@@ -16,20 +16,24 @@
 using System.Globalization;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
+using System.Text;
 
 namespace MatterDotNet.PKI
 {
     public class Fabric : OperationalCertificate
     {
         private static readonly byte[] COMPRESSED_FABRIC_INFO = new byte[] {0x43, 0x6f, 0x6d, 0x70, 0x72, 0x65, 0x73, 0x73, 0x65, 0x64, 0x46, 0x61, 0x62, 0x72, 0x69, 0x63};
-        Dictionary<ulong, OperationalCertificate> nodes = new Dictionary<ulong, OperationalCertificate>();
 
-        public Fabric(ulong rcac, ulong fabricId) : base()
+        private Dictionary<ulong, OperationalCertificate> nodes = new Dictionary<ulong, OperationalCertificate>();
+        private byte[] epochIPK;
+
+        public Fabric(ulong rcac, ulong fabricId, byte[] ipk) : base()
         {
             if (fabricId == 0)
                 throw new ArgumentException("Invalid Fabric ID");
             this.RCAC = rcac;
             this.FabricID = fabricId;
+            epochIPK = ipk;
             X500DistinguishedNameBuilder builder = new X500DistinguishedNameBuilder();
             builder.Add(OID_RCAC, $"{RCAC:X16}", UniversalTagNumber.UTF8String);
             builder.Add(OID_FabricID, $"{FabricID:X16}", UniversalTagNumber.UTF8String);
@@ -41,14 +45,16 @@ public Fabric(ulong rcac, ulong fabricId) : base()
             req.CertificateExtensions.Add(subjectKeyIdentifier);
             req.CertificateExtensions.Add(X509AuthorityKeyIdentifierExtension.CreateFromSubjectKeyIdentifier(subjectKeyIdentifier));
             this.cert = req.CreateSelfSigned(DateTime.Now.Subtract(TimeSpan.FromSeconds(30)), DateTime.Now.AddYears(10));
-            byte[] fabricBytes = new byte[8];
-            BinaryPrimitives.WriteUInt64BigEndian(fabricBytes, FabricID);
-            CompressedFabricID = Crypto.KDF(PublicKey.AsSpan(1), fabricBytes, COMPRESSED_FABRIC_INFO, 64);
+            byte[] fabricIDBytes = new byte[8];
+            BinaryPrimitives.WriteUInt64BigEndian(fabricIDBytes, FabricID);
+            CompressedFabricID = Crypto.KDF(PublicKey.AsSpan(1), fabricIDBytes, COMPRESSED_FABRIC_INFO, 64);
+            OperationalIdentityProtectionKey = Crypto.KDF(ipk, CompressedFabricID, Encoding.ASCII.GetBytes("GroupKey v1.0"), Crypto.SYMMETRIC_KEY_LENGTH_BITS);
         }
 
         protected Fabric(X509Certificate2 cert, ECDsa key)
         {
             this.cert = cert;
+            epochIPK = []; //TODO
             foreach (X500RelativeDistinguishedName dn in cert.SubjectName.EnumerateRelativeDistinguishedNames(false))
             {
                 switch (dn.GetSingleElementType().Value)
@@ -64,9 +70,9 @@ protected Fabric(X509Certificate2 cert, ECDsa key)
                 }
             }
             PrivateKey = key;
-            byte[] fabricBytes = new byte[8];
-            BinaryPrimitives.WriteUInt64BigEndian(fabricBytes, FabricID);
-            CompressedFabricID = Crypto.KDF(PublicKey.AsSpan(1), fabricBytes, COMPRESSED_FABRIC_INFO, 64);
+            byte[] fabricIDBytes = new byte[8];
+            BinaryPrimitives.WriteUInt64BigEndian(fabricIDBytes, FabricID);
+            CompressedFabricID = Crypto.KDF(PublicKey.AsSpan(1), fabricIDBytes, COMPRESSED_FABRIC_INFO, 64);
         }
 
         public OperationalCertificate Sign(CertificateRequest nocsr)
@@ -84,14 +90,14 @@ public OperationalCertificate Sign(CertificateRequest nocsr)
             signingCSR.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(collection, true));
             signingCSR.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(nocsr.PublicKey, false));
             signingCSR.CertificateExtensions.Add(X509AuthorityKeyIdentifierExtension.CreateFromCertificate(cert, true, false));
-            byte[] serial = new byte[20];
+            byte[] serial = new byte[19];
             Random.Shared.NextBytes(serial);
             OperationalCertificate ret = new OperationalCertificate(signingCSR.Create(cert, DateTime.Now.Subtract(TimeSpan.FromSeconds(30)), DateTime.Now.AddYears(1), serial));
             nodes.Add(ret.NodeID, ret);
             return ret;
         }
 
-        public OperationalCertificate Sign(byte[] publicKey, byte[] privateKey)
+        public OperationalCertificate CreateCommissioner(byte[] publicKey, byte[] privateKey)
         {
             ulong nodeId = (ulong)(0xbaddeed2 + nodes.Count);
             ECDsa key = ECDsa.Create(new ECParameters() { Curve = ECCurve.NamedCurves.nistP256, D = privateKey, Q = new BigIntegerPoint(publicKey).ToECPoint()});
@@ -109,17 +115,23 @@ public OperationalCertificate Sign(byte[] publicKey, byte[] privateKey)
             signingCSR.CertificateExtensions.Add(X509AuthorityKeyIdentifierExtension.CreateFromCertificate(cert, true, false));
             byte[] serial = new byte[20];
             Random.Shared.NextBytes(serial);
-            OperationalCertificate ret = new OperationalCertificate(signingCSR.Create(cert, DateTime.Now.Subtract(TimeSpan.FromSeconds(30)), DateTime.Now.AddYears(1), serial));
+            OperationalCertificate ret = new OperationalCertificate(signingCSR.Create(cert, DateTime.Now.Subtract(TimeSpan.FromSeconds(30)), DateTime.Now.AddYears(1), serial).CopyWithPrivateKey(key));
             nodes.Add(ret.NodeID, ret);
+            Commissioner = ret;
             return ret;
         }
 
         public X509Certificate2Collection Export()
         {
             X509Certificate2Collection collection = new X509Certificate2Collection();
             collection.Add(cert);
+            if (Commissioner != null)
+                collection.Add(Commissioner.GetRaw());
             foreach (var node in nodes)
-                collection.Add(node.Value.GetRaw());
+            {
+                if (node.Value != Commissioner)
+                    collection.Add(node.Value.GetRaw());
+            }
             return collection;
         }
 
@@ -138,15 +150,41 @@ public static Fabric Import(string certPath, string keyPath)
             ECDsa key = ECDsa.Create();
             key.ImportPkcs8PrivateKey(File.ReadAllBytes(keyPath), out _);
             Fabric fabric = new Fabric(collection[0], key);
-            for (int i = 1; i <  collection.Count; i++)
+            for (int i = 1; i < collection.Count; i++)
             {
                 OperationalCertificate noc = new OperationalCertificate(collection[i]);
+                if (i == 1)
+                    fabric.Commissioner = noc;
                 fabric.nodes.TryAdd(noc.NodeID, noc);
             }
             return fabric;
         }
 
+        public bool ContainsNOC(ulong nodeId)
+        {
+            return nodes.ContainsKey(nodeId);
+        }
+
+        public OperationalCertificate? GetNOC(ulong nodeId)
+        {
+            if (nodes.ContainsKey(nodeId))
+                return nodes[nodeId];
+            return null;
+        }
+
+        public byte[] ComputeDestinationID(byte[] random, ulong nodeId)
+        {
+            byte[] message = new byte[113];
+            Array.Copy(random, message, 32);
+            Array.Copy(PublicKey, 0, message, 32, Crypto.PUBLIC_KEY_SIZE_BYTES);
+            BinaryPrimitives.WriteUInt64LittleEndian(message.AsSpan(Crypto.PUBLIC_KEY_SIZE_BYTES + 32), FabricID);
+            BinaryPrimitives.WriteUInt64LittleEndian(message.AsSpan(Crypto.PUBLIC_KEY_SIZE_BYTES + 32 + 8), nodeId);
+            return Crypto.HMAC(OperationalIdentityProtectionKey, message);
+        }
+
         public ECDsa PrivateKey { get; init; }
         public byte[] CompressedFabricID { get; init; }
+        public OperationalCertificate? Commissioner { get; private set; }
+        public byte[] OperationalIdentityProtectionKey { get; init; }
     }
 }

MatterDotNet/PKI/OperationalCertificate.cs

@@ -11,6 +11,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 using MatterDotNet.Messages.Certificates;
+using MatterDotNet.Protocol.Payloads;
 using System.Formats.Asn1;
 using System.Globalization;
 using System.Numerics;
@@ -31,6 +32,8 @@ public class OperationalCertificate
         protected const string OID_RCAC = "1.3.6.1.4.1.37244.1.4";
         protected const string OID_FabricID = "1.3.6.1.4.1.37244.1.5";
         protected const string OID_NOCCat = "1.3.6.1.4.1.37244.1.6";
+        protected const string OID_VendorID = "1.3.6.1.4.1.37244.2.1";
+        protected const string OID_ProductID = "1.3.6.1.4.1.37244.2.2";
 
         protected OperationalCertificate() { }
 
@@ -83,11 +86,11 @@ private void ParseCert()
                         if (uint.TryParse(dn.GetSingleElementValue()!, NumberStyles.HexNumber, null, out uint noc))
                             NOCCat = noc;
                         break;
-                    case "1.3.6.1.4.1.37244.2.1":
+                    case OID_VendorID:
                         if (uint.TryParse(dn.GetSingleElementValue()!, NumberStyles.HexNumber, null, out uint vid))
                             VendorID = vid;
                         break;
-                    case "1.3.6.1.4.1.37244.2.2":
+                    case OID_ProductID:
                         if (uint.TryParse(dn.GetSingleElementValue()!, NumberStyles.HexNumber, null, out uint pid))
                             ProductID = pid;
                         break;
@@ -263,7 +266,7 @@ public MatterCertificate ToMatterCertificate()
                 PubKeyAlgo = 0x1,
                 SigAlgo = 0x1,
                 EcPubKey = cert.GetPublicKey(),
-                SerialNum = cert.GetSerialNumber().Reverse().ToArray(),
+                SerialNum = cert.SerialNumberBytes.ToArray(),
                 NotBefore = (uint)((DateTimeOffset)cert.NotBefore - EPOCH).ToUnixTimeSeconds(),
                 NotAfter = (uint)((DateTimeOffset)cert.NotAfter - EPOCH).ToUnixTimeSeconds(),
                 Signature = GetSignature(),
@@ -273,11 +276,25 @@ public MatterCertificate ToMatterCertificate()
             };
         }
 
+        public byte[] GetMatterCertBytes()
+        {
+            PayloadWriter payload = new PayloadWriter(600);
+            ToMatterCertificate().Serialize(payload);
+            return payload.GetPayload().ToArray();
+        }
+
         internal X509Certificate2 GetRaw()
         {
             return cert;
         }
 
+        public byte[]? GetPrivateKey()
+        {
+            if (!cert.HasPrivateKey)
+                return null;
+            return cert.GetECDsaPrivateKey()?.ExportParameters(true).D;
+        }
+
         public string IssuerName { get; set; } = string.Empty;
 
         public string CommonName { get; set; } = string.Empty;
@@ -297,6 +314,7 @@ internal X509Certificate2 GetRaw()
         public uint VendorID { get; set; }
 
         public uint ProductID { get; set; }
+
         public byte[] PublicKey { get { return cert.GetPublicKey(); } }
     }
 }