@matter/protocol 0.14.0-alpha.0-20250525-d6ada0d45 → 0.14.0-alpha.0-20250528-ad0054c84
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/fabric/FabricManager.d.ts.map +1 -1
- package/dist/cjs/fabric/FabricManager.js +1 -1
- package/dist/cjs/fabric/FabricManager.js.map +1 -1
- package/dist/cjs/session/case/CaseClient.d.ts.map +1 -1
- package/dist/cjs/session/case/CaseClient.js +11 -0
- package/dist/cjs/session/case/CaseClient.js.map +1 -1
- package/dist/cjs/session/case/CaseServer.d.ts +0 -1
- package/dist/cjs/session/case/CaseServer.d.ts.map +1 -1
- package/dist/cjs/session/case/CaseServer.js +205 -163
- package/dist/cjs/session/case/CaseServer.js.map +2 -2
- package/dist/esm/fabric/FabricManager.d.ts.map +1 -1
- package/dist/esm/fabric/FabricManager.js +1 -2
- package/dist/esm/fabric/FabricManager.js.map +1 -1
- package/dist/esm/session/case/CaseClient.d.ts.map +1 -1
- package/dist/esm/session/case/CaseClient.js +12 -1
- package/dist/esm/session/case/CaseClient.js.map +1 -1
- package/dist/esm/session/case/CaseServer.d.ts +0 -1
- package/dist/esm/session/case/CaseServer.d.ts.map +1 -1
- package/dist/esm/session/case/CaseServer.js +206 -164
- package/dist/esm/session/case/CaseServer.js.map +2 -2
- package/package.json +6 -6
- package/src/fabric/FabricManager.ts +1 -2
- package/src/session/case/CaseClient.ts +12 -1
- package/src/session/case/CaseServer.ts +255 -192
|
@@ -4,7 +4,8 @@
|
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
6
|
import { Bytes, Crypto, Logger, PublicKey, UnexpectedDataError } from "#general";
|
|
7
|
-
import {
|
|
7
|
+
import { ChannelStatusResponseError } from "#securechannel/index.js";
|
|
8
|
+
import { NodeId, ProtocolStatusCode } from "#types";
|
|
8
9
|
import { TlvIntermediateCertificate, TlvOperationalCertificate } from "../../certificate/CertificateManager.js";
|
|
9
10
|
import {
|
|
10
11
|
KDFSR1_KEY_INFO,
|
|
@@ -28,6 +29,16 @@ class CaseClient {
|
|
|
28
29
|
}
|
|
29
30
|
async pair(exchange, fabric, peerNodeId, expectedProcessingTimeMs) {
|
|
30
31
|
const messenger = new CaseClientMessenger(exchange, expectedProcessingTimeMs);
|
|
32
|
+
try {
|
|
33
|
+
return await this.#doPair(messenger, exchange, fabric, peerNodeId);
|
|
34
|
+
} catch (error) {
|
|
35
|
+
if (!(error instanceof ChannelStatusResponseError)) {
|
|
36
|
+
await messenger.sendError(ProtocolStatusCode.InvalidParam);
|
|
37
|
+
}
|
|
38
|
+
throw error;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
async #doPair(messenger, exchange, fabric, peerNodeId) {
|
|
31
42
|
const initiatorRandom = Crypto.getRandom();
|
|
32
43
|
const initiatorSessionId = await this.#sessions.getNextAvailableSessionId();
|
|
33
44
|
const { operationalIdentityProtectionKey, operationalCert: nodeOpCert, intermediateCACert } = fabric;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/session/case/CaseClient.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,OAAO,QAAQ,QAAQ,WAAW,2BAA2B;
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,OAAO,QAAQ,QAAQ,WAAW,2BAA2B;AACtE,SAAS,kCAAkC;AAE3C,SAAS,QAAQ,0BAA0B;AAC3C,SAAS,4BAA4B,iCAAiC;AAGtE;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP,SAAS,2BAA2B;AAEpC,MAAM,SAAS,OAAO,IAAI,YAAY;AAE/B,MAAM,WAAW;AAAA,EACpB;AAAA,EAEA,YAAY,UAA0B;AAClC,SAAK,YAAY;AAAA,EACrB;AAAA,EAEA,MAAM,KAAK,UAA2B,QAAgB,YAAoB,0BAAmC;AACzG,UAAM,YAAY,IAAI,oBAAoB,UAAU,wBAAwB;AAC5E,QAAI;AACA,aAAO,MAAM,KAAK,QAAQ,WAAW,UAAU,QAAQ,UAAU;AAAA,IACrE,SAAS,OAAO;AACZ,UAAI,EAAE,iBAAiB,6BAA6B;AAChD,cAAM,UAAU,UAAU,mBAAmB,YAAY;AAAA,MAC7D;AACA,YAAM;AAAA,IACV;AAAA,EACJ;AAAA,EAEA,MAAM,QAAQ,WAAgC,UAA2B,QAAgB,YAAoB;AAEzG,UAAM,kBAAkB,OAAO,UAAU;AACzC,UAAM,qBAAqB,MAAM,KAAK,UAAU,0BAA0B;AAC1E,UAAM,EAAE,kCAAkC,iBAAiB,YAAY,mBAAmB,IAAI;AAC9F,UAAM,EAAE,WAAW,wBAAwB,KAAK,IAAI,MAAM,OAAO,sBAAsB;AAGvF,QAAI;AACJ,QAAI,UAAU;AACd,QAAI,mBAAmB,KAAK,UAAU,8BAA8B,OAAO,UAAU,UAAU,CAAC;AAChG,QAAI,qBAAqB,QAAW;AAChC,YAAM,EAAE,cAAc,aAAa,IAAI;AACvC,YAAM,YAAY,MAAM,OAAO;AAAA,QAC3B;AAAA,QACA,MAAM,OAAO,iBAAiB,YAAY;AAAA,QAC1C;AAAA,MACJ;AACA,YAAM,qBAAqB,OAAO,QAAQ,WAAW,IAAI,WAAW,CAAC,GAAG,iBAAiB;AACzF,oBAAc,MAAM,UAAU,WAAW;AAAA,QACrC;AAAA,QACA,eAAe,MAAM,OAAO,iBAAiB,YAAY,eAAe;AAAA,QACxE;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,wBAAwB,KAAK,UAAU;AAAA,MAC3C,CAAC;AAAA,IACL,OAAO;AACH,oBAAc,MAAM,UAAU,WAAW;AAAA,QACrC;AAAA,QACA,eAAe,MAAM,OAAO,iBAAiB,YAAY,eAAe;AAAA,QACxE;AAAA,QACA;AAAA,QACA,wBAAwB,KAAK,UAAU;AAAA,MAC3C,CAAC;AAAA,IACL;AAEA,QAAI;AACJ,UAAM,EAAE,aAAa,QAAQ,aAAa,IAAI,MAAM,UAAU,WAAW;AACzE,QAAI,iBAAiB,QAAW;AAE5B,UAAI,qBAAqB,OAAW,OAAM,IAAI,oBAAoB,sCAAsC;AACxG,YAAM;AAAA,QACF;AAAA,QACA,QAAAA;AAAA,QACA,mBAAmB;AAAA,QACnB;AAAA,MACJ,IAAI;AACJ,YAAM,EAAE,oBAAoB,eAAe,cAAc,UAAU,IAAI;AAGvE,YAAM,oBAAoB;AAAA,QACtB,GAAG,SAAS,QAAQ;AAAA,QACpB,GAAI,2BAA2B,CAAC;AAAA,MACpC;AAEA,YAAM,aAAa,MAAM,OAAO,iBAAiB,YAAY;AAC7D,YAAM,YAAY,MAAM,OAAO,KAAK,cAAc,YAAY,eAAe;AAC7E,aAAO,QAAQ,WAAW,WAAW,iBAAiB;AAEtD,YAAM,oBAAoB,MAAM,OAAO,iBAAiB,iBAAiB,YAAY;AACrF,sBAAgB,MAAM,KAAK,UAAU,oBAAoB;AAAA,QACrD,WAAW;AAAA,QACX,QAAAA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM;AAAA,QACN,aAAa;AAAA,QACb,cAAc;AAAA,QACd,uBAAuB;AAAA,QACvB;AAAA,MACJ,CAAC;AACD,YAAM,UAAU,YAAY;AAC5B,aAAO;AAAA,QACH,wBAAwB,cAAc,EAAE,8BAA8B,UAAU,eAAe,CAAC,eAAe,OAAO,YAAYA,QAAO,MAAM,CAAC,WAAWA,QAAO,WAAW,kBAAkB,OAAO,YAAY,UAAU,CAAC;AAAA,QAC7N,cAAc,qBAAqB;AAAA,MACvC;AAEA,uBAAiB,eAAe;AAChC,uBAAiB,oBAAoB,cAAc;AACnD,gBAAU;AAAA,IACd,OAAO;AAEH,YAAM;AAAA,QACF,wBAAwB;AAAA,QACxB,WAAW;AAAA,QACX;AAAA,QACA,oBAAoB;AAAA,QACpB;AAAA,MACJ,IAAI;AAEJ,YAAM,oBAAoB;AAAA,QACtB,GAAG,SAAS,QAAQ;AAAA,QACpB,GAAI,0BAA0B,CAAC;AAAA,MACnC;AACA,YAAM,eAAe,MAAM,OAAO,mBAAmB,mBAAmB,IAAI;AAC5E,YAAM,aAAa,MAAM;AAAA,QACrB;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM,OAAO,KAAK,WAAW;AAAA,MACjC;AACA,YAAM,YAAY,MAAM,OAAO,KAAK,cAAc,YAAY,WAAW;AACzE,YAAM,oBAAoB,OAAO,QAAQ,WAAW,eAAe,eAAe;AAClF,YAAM;AAAA,QACF,YAAY;AAAA,QACZ,oBAAoB;AAAA,QACpB,WAAW;AAAA,QACX,cAAc;AAAA,MAClB,IAAI,uBAAuB,OAAO,iBAAiB;AACnD,YAAM,oBAAoB,cAAc,OAAO;AAAA,QAC3C,YAAY;AAAA,QACZ,oBAAoB;AAAA,QACpB,eAAe;AAAA,QACf,mBAAmB;AAAA,MACvB,CAAC;AACD,YAAM;AAAA,QACF,wBAAwB;AAAA,QACxB,SAAS,EAAE,UAAU,oBAAoB,QAAQ,iBAAiB;AAAA,MACtE,IAAI,0BAA0B,OAAO,aAAa;AAElD,YAAM,OAAO,OAAO,UAAU,aAAa,GAAG,mBAAmB,aAAa;AAE9E,UAAI,qBAAqB,YAAY;AACjC,cAAM,IAAI;AAAA,UACN,uCAAuC,gBAAgB,4CAA4C,UAAU;AAAA,QACjH;AAAA,MACJ;AACA,UAAI,uBAAuB,OAAO,UAAU;AACxC,cAAM,IAAI;AAAA,UACN,yCAAyC,kBAAkB,yCAAyC,OAAO,QAAQ;AAAA,QACvH;AAAA,MACJ;AACA,UAAI,2BAA2B,QAAW;AACtC,cAAM;AAAA,UACF,SAAS,EAAE,UAAU,oBAAoB;AAAA,QAC7C,IAAI,2BAA2B,OAAO,sBAAsB;AAE5D,YAAI,wBAAwB,UAAa,wBAAwB,OAAO,UAAU;AAC9E,gBAAM,IAAI;AAAA,YACN,yDAAyD,mBAAmB,yCAAyC,OAAO,QAAQ;AAAA,UACxI;AAAA,QACJ;AAAA,MACJ;AACA,YAAM,OAAO,kBAAkB,eAAe,sBAAsB;AAGpE,YAAM,aAAa,MAAM;AAAA,QACrB;AAAA,QACA,MAAM,OAAO,KAAK,CAAC,aAAa,WAAW,CAAC;AAAA,MAChD;AACA,YAAM,YAAY,MAAM,OAAO,KAAK,cAAc,YAAY,WAAW;AACzE,YAAM,gBAAgB,cAAc,OAAO;AAAA,QACvC;AAAA,QACA;AAAA,QACA,eAAe;AAAA,QACf;AAAA,MACJ,CAAC;AACD,YAAM,YAAY,MAAM,OAAO,KAAK,aAAa;AACjD,YAAM,gBAAgB,uBAAuB,OAAO,EAAE,YAAY,oBAAoB,UAAU,CAAC;AACjG,YAAM,YAAY,OAAO,QAAQ,WAAW,eAAe,eAAe;AAC1E,YAAM,cAAc,MAAM,UAAU,WAAW,EAAE,UAAU,CAAC;AAC5D,YAAM,UAAU,eAAe,gBAAgB;AAG/C,YAAM,EAAE,sBAAsB,IAAI,oBAAoB,CAAC;AACvD,YAAM,oBAAoB,MAAM;AAAA,QAC5B;AAAA,QACA,MAAM,OAAO,KAAK,CAAC,aAAa,aAAa,WAAW,CAAC;AAAA,MAC7D;AACA,sBAAgB,MAAM,KAAK,UAAU,oBAAoB;AAAA,QACrD,WAAW;AAAA,QACX;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,MAAM;AAAA,QACN,aAAa;AAAA,QACb,cAAc;AAAA,QACd,uBAAuB;AAAA,QACvB;AAAA,MACJ,CAAC;AACD,aAAO;AAAA,QACH,uBAAuB,cAAc,EAAE,kCAAkC,UAAU,eAAe,CAAC,eAAe,OAAO;AAAA,UACrH,OAAO;AAAA,QACX,CAAC,WAAW,OAAO,WAAW,kBAAkB,OAAO,YAAY,UAAU,CAAC;AAAA,QAC9E,cAAc,qBAAqB;AAAA,MACvC;AACA,yBAAmB;AAAA,QACf;AAAA,QACA;AAAA,QACA;AAAA,QACA,cAAc;AAAA,QACd,mBAAmB,cAAc;AAAA,QACjC;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,UAAU,MAAM;AACtB,UAAM,KAAK,UAAU,qBAAqB,gBAAgB;AAE1D,WAAO,EAAE,SAAS,eAAe,QAAQ;AAAA,EAC7C;AACJ;",
|
|
5
5
|
"names": ["fabric"]
|
|
6
6
|
}
|
|
@@ -13,7 +13,6 @@ export declare class CaseServer implements ProtocolHandler {
|
|
|
13
13
|
readonly requiresSecureSession = false;
|
|
14
14
|
constructor(sessions: SessionManager, fabrics: FabricManager);
|
|
15
15
|
onNewExchange(exchange: MessageExchange): Promise<void>;
|
|
16
|
-
private handleSigma1;
|
|
17
16
|
close(): Promise<void>;
|
|
18
17
|
}
|
|
19
18
|
//# sourceMappingURL=CaseServer.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CaseServer.d.ts","sourceRoot":"","sources":["../../../../src/session/case/CaseServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"CaseServer.d.ts","sourceRoot":"","sources":["../../../../src/session/case/CaseServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAoB,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAG9E,OAAO,EAAE,aAAa,EAAuB,MAAM,+BAA+B,CAAC;AACnF,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAoBpE,qBAAa,UAAW,YAAW,eAAe;;IAC9C,QAAQ,CAAC,EAAE,KAA8B;IACzC,QAAQ,CAAC,qBAAqB,SAAS;gBAK3B,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,aAAa;IAKtD,aAAa,CAAC,QAAQ,EAAE,eAAe;IAwPvC,KAAK;CAGd"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { Bytes, Crypto, Logger, PublicKey, UnexpectedDataError } from "#general";
|
|
6
|
+
import { Bytes, Crypto, CryptoDecryptError, Logger, PublicKey, UnexpectedDataError } from "#general";
|
|
7
7
|
import { NodeId, ProtocolStatusCode, SECURE_CHANNEL_PROTOCOL_ID } from "#types";
|
|
8
8
|
import { TlvOperationalCertificate } from "../../certificate/CertificateManager.js";
|
|
9
9
|
import { FabricNotFoundError } from "../../fabric/FabricManager.js";
|
|
@@ -35,7 +35,7 @@ class CaseServer {
|
|
|
35
35
|
async onNewExchange(exchange) {
|
|
36
36
|
const messenger = new CaseServerMessenger(exchange);
|
|
37
37
|
try {
|
|
38
|
-
await this
|
|
38
|
+
await this.#handleSigma1(messenger);
|
|
39
39
|
} catch (error) {
|
|
40
40
|
logger.error("An error occurred during the commissioning", error);
|
|
41
41
|
if (error instanceof FabricNotFoundError) {
|
|
@@ -47,179 +47,221 @@ class CaseServer {
|
|
|
47
47
|
await exchange.session.destroy();
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
|
-
async handleSigma1(messenger) {
|
|
50
|
+
async #handleSigma1(messenger) {
|
|
51
51
|
logger.info(`Received pairing request from ${messenger.getChannelName()}`);
|
|
52
|
-
const responderRandom = Crypto.getRandom();
|
|
53
52
|
const { sigma1Bytes, sigma1 } = await messenger.readSigma1();
|
|
54
|
-
const
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
caseAuthenticatedTags
|
|
108
|
-
);
|
|
109
|
-
resumptionRecord.resumptionId = resumptionId;
|
|
110
|
-
await messenger.waitForSuccess("Sigma2Resume-Success");
|
|
111
|
-
await messenger.close();
|
|
112
|
-
await this.#sessions.saveResumptionRecord(resumptionRecord);
|
|
113
|
-
} else if (peerResumptionId === void 0 && peerResumeMic === void 0 || peerResumptionId !== void 0 && peerResumeMic !== void 0 && resumptionRecord === void 0) {
|
|
114
|
-
const fabric = await this.#fabrics.findFabricFromDestinationId(destinationId, peerRandom);
|
|
115
|
-
const { operationalCert: nodeOpCert, intermediateCACert, operationalIdentityProtectionKey } = fabric;
|
|
116
|
-
const { publicKey: responderEcdhPublicKey, sharedSecret } = await Crypto.ecdhGeneratePublicKeyAndSecret(peerEcdhPublicKey);
|
|
117
|
-
const sigma2Salt = Bytes.concat(
|
|
118
|
-
operationalIdentityProtectionKey,
|
|
119
|
-
responderRandom,
|
|
120
|
-
responderEcdhPublicKey,
|
|
121
|
-
await Crypto.hash(sigma1Bytes)
|
|
122
|
-
);
|
|
123
|
-
const sigma2Key = await Crypto.hkdf(sharedSecret, sigma2Salt, KDFSR2_INFO);
|
|
124
|
-
const signatureData = TlvSignedData.encode({
|
|
125
|
-
nodeOpCert,
|
|
126
|
-
intermediateCACert,
|
|
127
|
-
ecdhPublicKey: responderEcdhPublicKey,
|
|
128
|
-
peerEcdhPublicKey
|
|
129
|
-
});
|
|
130
|
-
const signature = await fabric.sign(signatureData);
|
|
131
|
-
const encryptedData = TlvEncryptedDataSigma2.encode({
|
|
132
|
-
nodeOpCert,
|
|
133
|
-
intermediateCACert,
|
|
134
|
-
signature,
|
|
135
|
-
resumptionId
|
|
136
|
-
});
|
|
137
|
-
const encrypted = Crypto.encrypt(sigma2Key, encryptedData, TBE_DATA2_NONCE);
|
|
138
|
-
const responderSessionId = await this.#sessions.getNextAvailableSessionId();
|
|
139
|
-
const sigma2Bytes = await messenger.sendSigma2({
|
|
140
|
-
responderRandom,
|
|
53
|
+
const resumptionRecord = sigma1.resumptionId !== void 0 && sigma1.initiatorResumeMic !== void 0 ? this.#sessions.findResumptionRecordById(sigma1.resumptionId) : void 0;
|
|
54
|
+
const context = new Sigma1Context(messenger, sigma1Bytes, sigma1, resumptionRecord);
|
|
55
|
+
if (await this.#resume(context)) {
|
|
56
|
+
return;
|
|
57
|
+
}
|
|
58
|
+
if (await this.#generateSigma2(context)) {
|
|
59
|
+
return;
|
|
60
|
+
}
|
|
61
|
+
logger.info(
|
|
62
|
+
`Invalid resumption ID or resume MIC received from ${messenger.getChannelName()}`,
|
|
63
|
+
context.peerResumptionId,
|
|
64
|
+
context.peerResumeMic
|
|
65
|
+
);
|
|
66
|
+
throw new UnexpectedDataError("Invalid resumption ID or resume MIC.");
|
|
67
|
+
}
|
|
68
|
+
async #resume(cx) {
|
|
69
|
+
if (cx.peerResumptionId === void 0 || cx.peerResumeMic === void 0 || cx.resumptionRecord === void 0) {
|
|
70
|
+
return false;
|
|
71
|
+
}
|
|
72
|
+
const { sharedSecret, fabric, peerNodeId, caseAuthenticatedTags } = cx.resumptionRecord;
|
|
73
|
+
const peerResumeKey = await Crypto.hkdf(
|
|
74
|
+
sharedSecret,
|
|
75
|
+
Bytes.concat(cx.peerRandom, cx.peerResumptionId),
|
|
76
|
+
KDFSR1_KEY_INFO
|
|
77
|
+
);
|
|
78
|
+
try {
|
|
79
|
+
Crypto.decrypt(peerResumeKey, cx.peerResumeMic, RESUME1_MIC_NONCE);
|
|
80
|
+
} catch (e) {
|
|
81
|
+
CryptoDecryptError.accept(e);
|
|
82
|
+
cx.peerResumptionId = cx.peerResumeMic = void 0;
|
|
83
|
+
return false;
|
|
84
|
+
}
|
|
85
|
+
const responderSessionId = await this.#sessions.getNextAvailableSessionId();
|
|
86
|
+
const secureSessionSalt = Bytes.concat(cx.peerRandom, cx.peerResumptionId);
|
|
87
|
+
const secureSession = await this.#sessions.createSecureSession({
|
|
88
|
+
sessionId: responderSessionId,
|
|
89
|
+
fabric,
|
|
90
|
+
peerNodeId,
|
|
91
|
+
peerSessionId: cx.peerSessionId,
|
|
92
|
+
sharedSecret,
|
|
93
|
+
salt: secureSessionSalt,
|
|
94
|
+
isInitiator: false,
|
|
95
|
+
isResumption: true,
|
|
96
|
+
peerSessionParameters: cx.peerSessionParams,
|
|
97
|
+
caseAuthenticatedTags
|
|
98
|
+
});
|
|
99
|
+
const resumeSalt = Bytes.concat(cx.peerRandom, cx.localResumptionId);
|
|
100
|
+
const resumeKey = await Crypto.hkdf(sharedSecret, resumeSalt, KDFSR2_KEY_INFO);
|
|
101
|
+
const resumeMic = Crypto.encrypt(resumeKey, new Uint8Array(0), RESUME2_MIC_NONCE);
|
|
102
|
+
try {
|
|
103
|
+
await cx.messenger.sendSigma2Resume({
|
|
104
|
+
resumptionId: cx.localResumptionId,
|
|
105
|
+
resumeMic,
|
|
141
106
|
responderSessionId,
|
|
142
|
-
responderEcdhPublicKey,
|
|
143
|
-
encrypted,
|
|
144
107
|
responderSessionParams: this.#sessions.sessionParameters
|
|
145
108
|
// responder session parameters
|
|
146
109
|
});
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
} = await messenger.readSigma3();
|
|
151
|
-
const sigma3Salt = Bytes.concat(
|
|
152
|
-
operationalIdentityProtectionKey,
|
|
153
|
-
await Crypto.hash([sigma1Bytes, sigma2Bytes])
|
|
154
|
-
);
|
|
155
|
-
const sigma3Key = await Crypto.hkdf(sharedSecret, sigma3Salt, KDFSR3_INFO);
|
|
156
|
-
const peerDecryptedData = Crypto.decrypt(sigma3Key, peerEncrypted, TBE_DATA3_NONCE);
|
|
157
|
-
const {
|
|
158
|
-
nodeOpCert: peerNewOpCert,
|
|
159
|
-
intermediateCACert: peerIntermediateCACert,
|
|
160
|
-
signature: peerSignature
|
|
161
|
-
} = TlvEncryptedDataSigma3.decode(peerDecryptedData);
|
|
162
|
-
await fabric.verifyCredentials(peerNewOpCert, peerIntermediateCACert);
|
|
163
|
-
const peerSignatureData = TlvSignedData.encode({
|
|
164
|
-
nodeOpCert: peerNewOpCert,
|
|
165
|
-
intermediateCACert: peerIntermediateCACert,
|
|
166
|
-
ecdhPublicKey: peerEcdhPublicKey,
|
|
167
|
-
peerEcdhPublicKey: responderEcdhPublicKey
|
|
168
|
-
});
|
|
169
|
-
const {
|
|
170
|
-
ellipticCurvePublicKey: peerPublicKey,
|
|
171
|
-
subject: { fabricId: peerFabricId, nodeId: peerNodeId, caseAuthenticatedTags }
|
|
172
|
-
} = TlvOperationalCertificate.decode(peerNewOpCert);
|
|
173
|
-
if (fabric.fabricId !== peerFabricId) {
|
|
174
|
-
throw new UnexpectedDataError(`Fabric ID mismatch: ${fabric.fabricId} !== ${peerFabricId}`);
|
|
175
|
-
}
|
|
176
|
-
await Crypto.verify(PublicKey(peerPublicKey), peerSignatureData, peerSignature);
|
|
177
|
-
const secureSessionSalt = Bytes.concat(
|
|
178
|
-
operationalIdentityProtectionKey,
|
|
179
|
-
await Crypto.hash([sigma1Bytes, sigma2Bytes, sigma3Bytes])
|
|
180
|
-
);
|
|
181
|
-
const secureSession = await this.#sessions.createSecureSession({
|
|
182
|
-
sessionId: responderSessionId,
|
|
183
|
-
fabric,
|
|
184
|
-
peerNodeId,
|
|
185
|
-
peerSessionId,
|
|
186
|
-
sharedSecret,
|
|
187
|
-
salt: secureSessionSalt,
|
|
188
|
-
isInitiator: false,
|
|
189
|
-
isResumption: false,
|
|
190
|
-
peerSessionParameters: initiatorSessionParams,
|
|
191
|
-
caseAuthenticatedTags
|
|
192
|
-
});
|
|
193
|
-
logger.info(
|
|
194
|
-
`Session ${secureSession.id} created with ${messenger.getChannelName()} for Fabric ${NodeId.toHexString(
|
|
195
|
-
fabric.nodeId
|
|
196
|
-
)} (index ${fabric.fabricIndex}) and PeerNode ${NodeId.toHexString(peerNodeId)}`,
|
|
197
|
-
"with CATs",
|
|
198
|
-
caseAuthenticatedTags
|
|
199
|
-
);
|
|
200
|
-
await messenger.sendSuccess();
|
|
201
|
-
const resumptionRecord2 = {
|
|
202
|
-
peerNodeId,
|
|
203
|
-
fabric,
|
|
204
|
-
sharedSecret,
|
|
205
|
-
resumptionId,
|
|
206
|
-
sessionParameters: secureSession.parameters,
|
|
207
|
-
caseAuthenticatedTags
|
|
208
|
-
};
|
|
209
|
-
await messenger.close();
|
|
210
|
-
await this.#sessions.saveResumptionRecord(resumptionRecord2);
|
|
211
|
-
} else {
|
|
212
|
-
logger.info(
|
|
213
|
-
`Invalid resumption ID or resume MIC received from ${messenger.getChannelName()}`,
|
|
214
|
-
peerResumptionId,
|
|
215
|
-
peerResumeMic
|
|
216
|
-
);
|
|
217
|
-
throw new UnexpectedDataError("Invalid resumption ID or resume MIC.");
|
|
110
|
+
} catch (error) {
|
|
111
|
+
await secureSession.destroy(false);
|
|
112
|
+
throw error;
|
|
218
113
|
}
|
|
114
|
+
logger.info(
|
|
115
|
+
`Session ${secureSession.id} resumed with ${cx.messenger.getChannelName()} for Fabric ${NodeId.toHexString(
|
|
116
|
+
fabric.nodeId
|
|
117
|
+
)} (index ${fabric.fabricIndex}) and PeerNode ${NodeId.toHexString(peerNodeId)}`,
|
|
118
|
+
"with CATs",
|
|
119
|
+
caseAuthenticatedTags
|
|
120
|
+
);
|
|
121
|
+
cx.resumptionRecord.resumptionId = cx.localResumptionId;
|
|
122
|
+
await cx.messenger.waitForSuccess("Sigma2Resume-Success");
|
|
123
|
+
await cx.messenger.close();
|
|
124
|
+
await this.#sessions.saveResumptionRecord(cx.resumptionRecord);
|
|
125
|
+
return true;
|
|
126
|
+
}
|
|
127
|
+
async #generateSigma2(cx) {
|
|
128
|
+
if (
|
|
129
|
+
// No resumption attempted is OK
|
|
130
|
+
!(cx.peerResumptionId === void 0 && cx.peerResumeMic === void 0) && // Resumption attempted with no record on our side is OK
|
|
131
|
+
!(cx.peerResumptionId !== void 0 && cx.peerResumeMic !== void 0 && cx.resumptionRecord === void 0)
|
|
132
|
+
) {
|
|
133
|
+
return false;
|
|
134
|
+
}
|
|
135
|
+
const responderRandom = Crypto.getRandom();
|
|
136
|
+
const fabric = await this.#fabrics.findFabricFromDestinationId(cx.destinationId, cx.peerRandom);
|
|
137
|
+
const { operationalCert: nodeOpCert, intermediateCACert, operationalIdentityProtectionKey } = fabric;
|
|
138
|
+
const { publicKey: responderEcdhPublicKey, sharedSecret } = await Crypto.ecdhGeneratePublicKeyAndSecret(
|
|
139
|
+
cx.peerEcdhPublicKey
|
|
140
|
+
);
|
|
141
|
+
const sigma2Salt = Bytes.concat(
|
|
142
|
+
operationalIdentityProtectionKey,
|
|
143
|
+
responderRandom,
|
|
144
|
+
responderEcdhPublicKey,
|
|
145
|
+
await Crypto.hash(cx.bytes)
|
|
146
|
+
);
|
|
147
|
+
const sigma2Key = await Crypto.hkdf(sharedSecret, sigma2Salt, KDFSR2_INFO);
|
|
148
|
+
const signatureData = TlvSignedData.encode({
|
|
149
|
+
nodeOpCert,
|
|
150
|
+
intermediateCACert,
|
|
151
|
+
ecdhPublicKey: responderEcdhPublicKey,
|
|
152
|
+
peerEcdhPublicKey: cx.peerEcdhPublicKey
|
|
153
|
+
});
|
|
154
|
+
const signature = await fabric.sign(signatureData);
|
|
155
|
+
const encryptedData = TlvEncryptedDataSigma2.encode({
|
|
156
|
+
nodeOpCert,
|
|
157
|
+
intermediateCACert,
|
|
158
|
+
signature,
|
|
159
|
+
resumptionId: cx.localResumptionId
|
|
160
|
+
});
|
|
161
|
+
const encrypted = Crypto.encrypt(sigma2Key, encryptedData, TBE_DATA2_NONCE);
|
|
162
|
+
const responderSessionId = await this.#sessions.getNextAvailableSessionId();
|
|
163
|
+
const sigma2Bytes = await cx.messenger.sendSigma2({
|
|
164
|
+
responderRandom,
|
|
165
|
+
responderSessionId,
|
|
166
|
+
responderEcdhPublicKey,
|
|
167
|
+
encrypted,
|
|
168
|
+
responderSessionParams: this.#sessions.sessionParameters
|
|
169
|
+
// responder session parameters
|
|
170
|
+
});
|
|
171
|
+
const {
|
|
172
|
+
sigma3Bytes,
|
|
173
|
+
sigma3: { encrypted: peerEncrypted }
|
|
174
|
+
} = await cx.messenger.readSigma3();
|
|
175
|
+
const sigma3Salt = Bytes.concat(operationalIdentityProtectionKey, await Crypto.hash([cx.bytes, sigma2Bytes]));
|
|
176
|
+
const sigma3Key = await Crypto.hkdf(sharedSecret, sigma3Salt, KDFSR3_INFO);
|
|
177
|
+
const peerDecryptedData = Crypto.decrypt(sigma3Key, peerEncrypted, TBE_DATA3_NONCE);
|
|
178
|
+
const {
|
|
179
|
+
nodeOpCert: peerNewOpCert,
|
|
180
|
+
intermediateCACert: peerIntermediateCACert,
|
|
181
|
+
signature: peerSignature
|
|
182
|
+
} = TlvEncryptedDataSigma3.decode(peerDecryptedData);
|
|
183
|
+
await fabric.verifyCredentials(peerNewOpCert, peerIntermediateCACert);
|
|
184
|
+
const peerSignatureData = TlvSignedData.encode({
|
|
185
|
+
nodeOpCert: peerNewOpCert,
|
|
186
|
+
intermediateCACert: peerIntermediateCACert,
|
|
187
|
+
ecdhPublicKey: cx.peerEcdhPublicKey,
|
|
188
|
+
peerEcdhPublicKey: responderEcdhPublicKey
|
|
189
|
+
});
|
|
190
|
+
const {
|
|
191
|
+
ellipticCurvePublicKey: peerPublicKey,
|
|
192
|
+
subject: { fabricId: peerFabricId, nodeId: peerNodeId, caseAuthenticatedTags }
|
|
193
|
+
} = TlvOperationalCertificate.decode(peerNewOpCert);
|
|
194
|
+
if (fabric.fabricId !== peerFabricId) {
|
|
195
|
+
throw new UnexpectedDataError(`Fabric ID mismatch: ${fabric.fabricId} !== ${peerFabricId}`);
|
|
196
|
+
}
|
|
197
|
+
await Crypto.verify(PublicKey(peerPublicKey), peerSignatureData, peerSignature);
|
|
198
|
+
const secureSessionSalt = Bytes.concat(
|
|
199
|
+
operationalIdentityProtectionKey,
|
|
200
|
+
await Crypto.hash([cx.bytes, sigma2Bytes, sigma3Bytes])
|
|
201
|
+
);
|
|
202
|
+
const secureSession = await this.#sessions.createSecureSession({
|
|
203
|
+
sessionId: responderSessionId,
|
|
204
|
+
fabric,
|
|
205
|
+
peerNodeId,
|
|
206
|
+
peerSessionId: cx.peerSessionId,
|
|
207
|
+
sharedSecret,
|
|
208
|
+
salt: secureSessionSalt,
|
|
209
|
+
isInitiator: false,
|
|
210
|
+
isResumption: false,
|
|
211
|
+
peerSessionParameters: cx.peerSessionParams,
|
|
212
|
+
caseAuthenticatedTags
|
|
213
|
+
});
|
|
214
|
+
logger.info(
|
|
215
|
+
`Session ${secureSession.id} created with ${cx.messenger.getChannelName()} for Fabric ${NodeId.toHexString(
|
|
216
|
+
fabric.nodeId
|
|
217
|
+
)} (index ${fabric.fabricIndex}) and PeerNode ${NodeId.toHexString(peerNodeId)}`,
|
|
218
|
+
"with CATs",
|
|
219
|
+
caseAuthenticatedTags
|
|
220
|
+
);
|
|
221
|
+
await cx.messenger.sendSuccess();
|
|
222
|
+
const resumptionRecord = {
|
|
223
|
+
peerNodeId,
|
|
224
|
+
fabric,
|
|
225
|
+
sharedSecret,
|
|
226
|
+
resumptionId: cx.localResumptionId,
|
|
227
|
+
sessionParameters: secureSession.parameters,
|
|
228
|
+
caseAuthenticatedTags
|
|
229
|
+
};
|
|
230
|
+
await cx.messenger.close();
|
|
231
|
+
await this.#sessions.saveResumptionRecord(resumptionRecord);
|
|
232
|
+
return true;
|
|
219
233
|
}
|
|
220
234
|
async close() {
|
|
221
235
|
}
|
|
222
236
|
}
|
|
237
|
+
class Sigma1Context {
|
|
238
|
+
messenger;
|
|
239
|
+
bytes;
|
|
240
|
+
peerSessionId;
|
|
241
|
+
peerResumptionId;
|
|
242
|
+
peerResumeMic;
|
|
243
|
+
destinationId;
|
|
244
|
+
peerRandom;
|
|
245
|
+
peerEcdhPublicKey;
|
|
246
|
+
peerSessionParams;
|
|
247
|
+
resumptionRecord;
|
|
248
|
+
#localResumptionId;
|
|
249
|
+
constructor(messenger, bytes, sigma1, resumptionRecord) {
|
|
250
|
+
this.messenger = messenger;
|
|
251
|
+
this.bytes = bytes;
|
|
252
|
+
this.peerSessionId = sigma1.initiatorSessionId;
|
|
253
|
+
this.peerResumptionId = sigma1.resumptionId;
|
|
254
|
+
this.peerResumeMic = sigma1.initiatorResumeMic;
|
|
255
|
+
this.destinationId = sigma1.destinationId;
|
|
256
|
+
this.peerRandom = sigma1.initiatorRandom;
|
|
257
|
+
this.peerEcdhPublicKey = sigma1.initiatorEcdhPublicKey;
|
|
258
|
+
this.peerSessionParams = sigma1.initiatorSessionParams;
|
|
259
|
+
this.resumptionRecord = resumptionRecord;
|
|
260
|
+
}
|
|
261
|
+
get localResumptionId() {
|
|
262
|
+
return this.#localResumptionId ??= Crypto.getRandomData(16);
|
|
263
|
+
}
|
|
264
|
+
}
|
|
223
265
|
export {
|
|
224
266
|
CaseServer
|
|
225
267
|
};
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/session/case/CaseServer.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,OAAO,QAAQ,QAAQ,WAAW,2BAA2B;
|
|
5
|
-
"names": [
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,OAAO,QAAQ,oBAAoB,QAAQ,WAAW,2BAA2B;AAG1F,SAAS,QAAQ,oBAAoB,kCAAkD;AACvF,SAAS,iCAAiC;AAC1C,SAAwB,2BAA2B;AAGnD,SAAS,kCAAkC;AAC3C;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP,SAAS,2BAA2B;AAEpC,MAAM,SAAS,OAAO,IAAI,YAAY;AAE/B,MAAM,WAAsC;AAAA,EACtC,KAAK;AAAA,EACL,wBAAwB;AAAA,EAEjC;AAAA,EACA;AAAA,EAEA,YAAY,UAA0B,SAAwB;AAC1D,SAAK,YAAY;AACjB,SAAK,WAAW;AAAA,EACpB;AAAA,EAEA,MAAM,cAAc,UAA2B;AAC3C,UAAM,YAAY,IAAI,oBAAoB,QAAQ;AAClD,QAAI;AACA,YAAM,KAAK,cAAc,SAAS;AAAA,IACtC,SAAS,OAAO;AACZ,aAAO,MAAM,8CAA8C,KAAK;AAEhE,UAAI,iBAAiB,qBAAqB;AACtC,cAAM,UAAU,UAAU,mBAAmB,kBAAkB;AAAA,MACnE,WAES,EAAE,iBAAiB,6BAA6B;AACrD,cAAM,UAAU,UAAU,mBAAmB,YAAY;AAAA,MAC7D;AAAA,IACJ,UAAE;AAEE,YAAM,SAAS,QAAQ,QAAQ;AAAA,IACnC;AAAA,EACJ;AAAA,EAEA,MAAM,cAAc,WAAgC;AAChD,WAAO,KAAK,iCAAiC,UAAU,eAAe,CAAC,EAAE;AAGzE,UAAM,EAAE,aAAa,OAAO,IAAI,MAAM,UAAU,WAAW;AAC3D,UAAM,mBACF,OAAO,iBAAiB,UAAa,OAAO,uBAAuB,SAC7D,KAAK,UAAU,yBAAyB,OAAO,YAAY,IAC3D;AAEV,UAAM,UAAU,IAAI,cAAc,WAAW,aAAa,QAAQ,gBAAgB;AAGlF,QAAI,MAAM,KAAK,QAAQ,OAAO,GAAG;AAC7B;AAAA,IACJ;AAGA,QAAI,MAAM,KAAK,gBAAgB,OAAO,GAAG;AACrC;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,qDAAqD,UAAU,eAAe,CAAC;AAAA,MAC/E,QAAQ;AAAA,MACR,QAAQ;AAAA,IACZ;AAEA,UAAM,IAAI,oBAAoB,sCAAsC;AAAA,EACxE;AAAA,EAEA,MAAM,QAAQ,IAAmB;AAC7B,QAAI,GAAG,qBAAqB,UAAa,GAAG,kBAAkB,UAAa,GAAG,qBAAqB,QAAW;AAC1G,aAAO;AAAA,IACX;AAEA,UAAM,EAAE,cAAc,QAAQ,YAAY,sBAAsB,IAAI,GAAG;AACvE,UAAM,gBAAgB,MAAM,OAAO;AAAA,MAC/B;AAAA,MACA,MAAM,OAAO,GAAG,YAAY,GAAG,gBAAgB;AAAA,MAC/C;AAAA,IACJ;AAEA,QAAI;AACA,aAAO,QAAQ,eAAe,GAAG,eAAe,iBAAiB;AAAA,IACrE,SAAS,GAAG;AACR,yBAAmB,OAAO,CAAC;AAG3B,SAAG,mBAAmB,GAAG,gBAAgB;AAEzC,aAAO;AAAA,IACX;AAGA,UAAM,qBAAqB,MAAM,KAAK,UAAU,0BAA0B;AAC1E,UAAM,oBAAoB,MAAM,OAAO,GAAG,YAAY,GAAG,gBAAgB;AACzE,UAAM,gBAAgB,MAAM,KAAK,UAAU,oBAAoB;AAAA,MAC3D,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA,eAAe,GAAG;AAAA,MAClB;AAAA,MACA,MAAM;AAAA,MACN,aAAa;AAAA,MACb,cAAc;AAAA,MACd,uBAAuB,GAAG;AAAA,MAC1B;AAAA,IACJ,CAAC;AAGD,UAAM,aAAa,MAAM,OAAO,GAAG,YAAY,GAAG,iBAAiB;AACnE,UAAM,YAAY,MAAM,OAAO,KAAK,cAAc,YAAY,eAAe;AAC7E,UAAM,YAAY,OAAO,QAAQ,WAAW,IAAI,WAAW,CAAC,GAAG,iBAAiB;AAChF,QAAI;AACA,YAAM,GAAG,UAAU,iBAAiB;AAAA,QAChC,cAAc,GAAG;AAAA,QACjB;AAAA,QACA;AAAA,QACA,wBAAwB,KAAK,UAAU;AAAA;AAAA,MAC3C,CAAC;AAAA,IACL,SAAS,OAAO;AAEZ,YAAM,cAAc,QAAQ,KAAK;AACjC,YAAM;AAAA,IACV;AAEA,WAAO;AAAA,MACH,WAAW,cAAc,EAAE,iBAAiB,GAAG,UAAU,eAAe,CAAC,eAAe,OAAO;AAAA,QAC3F,OAAO;AAAA,MACX,CAAC,WAAW,OAAO,WAAW,kBAAkB,OAAO,YAAY,UAAU,CAAC;AAAA,MAC9E;AAAA,MACA;AAAA,IACJ;AACA,OAAG,iBAAiB,eAAe,GAAG;AAGtC,UAAM,GAAG,UAAU,eAAe,sBAAsB;AAExD,UAAM,GAAG,UAAU,MAAM;AACzB,UAAM,KAAK,UAAU,qBAAqB,GAAG,gBAAgB;AAE7D,WAAO;AAAA,EACX;AAAA,EAEA,MAAM,gBAAgB,IAAmB;AACrC;AAAA;AAAA,MAEI,EAAE,GAAG,qBAAqB,UAAa,GAAG,kBAAkB;AAAA,MAE5D,EAAE,GAAG,qBAAqB,UAAa,GAAG,kBAAkB,UAAa,GAAG,qBAAqB;AAAA,MACnG;AACE,aAAO;AAAA,IACX;AAGA,UAAM,kBAAkB,OAAO,UAAU;AAGzC,UAAM,SAAS,MAAM,KAAK,SAAS,4BAA4B,GAAG,eAAe,GAAG,UAAU;AAC9F,UAAM,EAAE,iBAAiB,YAAY,oBAAoB,iCAAiC,IAAI;AAC9F,UAAM,EAAE,WAAW,wBAAwB,aAAa,IAAI,MAAM,OAAO;AAAA,MACrE,GAAG;AAAA,IACP;AACA,UAAM,aAAa,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM,OAAO,KAAK,GAAG,KAAK;AAAA,IAC9B;AACA,UAAM,YAAY,MAAM,OAAO,KAAK,cAAc,YAAY,WAAW;AACzE,UAAM,gBAAgB,cAAc,OAAO;AAAA,MACvC;AAAA,MACA;AAAA,MACA,eAAe;AAAA,MACf,mBAAmB,GAAG;AAAA,IAC1B,CAAC;AACD,UAAM,YAAY,MAAM,OAAO,KAAK,aAAa;AACjD,UAAM,gBAAgB,uBAAuB,OAAO;AAAA,MAChD;AAAA,MACA;AAAA,MACA;AAAA,MACA,cAAc,GAAG;AAAA,IACrB,CAAC;AACD,UAAM,YAAY,OAAO,QAAQ,WAAW,eAAe,eAAe;AAC1E,UAAM,qBAAqB,MAAM,KAAK,UAAU,0BAA0B;AAC1E,UAAM,cAAc,MAAM,GAAG,UAAU,WAAW;AAAA,MAC9C;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,wBAAwB,KAAK,UAAU;AAAA;AAAA,IAC3C,CAAC;AAGD,UAAM;AAAA,MACF;AAAA,MACA,QAAQ,EAAE,WAAW,cAAc;AAAA,IACvC,IAAI,MAAM,GAAG,UAAU,WAAW;AAClC,UAAM,aAAa,MAAM,OAAO,kCAAkC,MAAM,OAAO,KAAK,CAAC,GAAG,OAAO,WAAW,CAAC,CAAC;AAC5G,UAAM,YAAY,MAAM,OAAO,KAAK,cAAc,YAAY,WAAW;AACzE,UAAM,oBAAoB,OAAO,QAAQ,WAAW,eAAe,eAAe;AAClF,UAAM;AAAA,MACF,YAAY;AAAA,MACZ,oBAAoB;AAAA,MACpB,WAAW;AAAA,IACf,IAAI,uBAAuB,OAAO,iBAAiB;AAEnD,UAAM,OAAO,kBAAkB,eAAe,sBAAsB;AAEpE,UAAM,oBAAoB,cAAc,OAAO;AAAA,MAC3C,YAAY;AAAA,MACZ,oBAAoB;AAAA,MACpB,eAAe,GAAG;AAAA,MAClB,mBAAmB;AAAA,IACvB,CAAC;AACD,UAAM;AAAA,MACF,wBAAwB;AAAA,MACxB,SAAS,EAAE,UAAU,cAAc,QAAQ,YAAY,sBAAsB;AAAA,IACjF,IAAI,0BAA0B,OAAO,aAAa;AAElD,QAAI,OAAO,aAAa,cAAc;AAClC,YAAM,IAAI,oBAAoB,uBAAuB,OAAO,QAAQ,QAAQ,YAAY,EAAE;AAAA,IAC9F;AAEA,UAAM,OAAO,OAAO,UAAU,aAAa,GAAG,mBAAmB,aAAa;AAG9E,UAAM,oBAAoB,MAAM;AAAA,MAC5B;AAAA,MACA,MAAM,OAAO,KAAK,CAAC,GAAG,OAAO,aAAa,WAAW,CAAC;AAAA,IAC1D;AACA,UAAM,gBAAgB,MAAM,KAAK,UAAU,oBAAoB;AAAA,MAC3D,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA,eAAe,GAAG;AAAA,MAClB;AAAA,MACA,MAAM;AAAA,MACN,aAAa;AAAA,MACb,cAAc;AAAA,MACd,uBAAuB,GAAG;AAAA,MAC1B;AAAA,IACJ,CAAC;AACD,WAAO;AAAA,MACH,WAAW,cAAc,EAAE,iBAAiB,GAAG,UAAU,eAAe,CAAC,eAAe,OAAO;AAAA,QAC3F,OAAO;AAAA,MACX,CAAC,WAAW,OAAO,WAAW,kBAAkB,OAAO,YAAY,UAAU,CAAC;AAAA,MAC9E;AAAA,MACA;AAAA,IACJ;AACA,UAAM,GAAG,UAAU,YAAY;AAE/B,UAAM,mBAAmB;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA,cAAc,GAAG;AAAA,MACjB,mBAAmB,cAAc;AAAA,MACjC;AAAA,IACJ;AAEA,UAAM,GAAG,UAAU,MAAM;AACzB,UAAM,KAAK,UAAU,qBAAqB,gBAAgB;AAE1D,WAAO;AAAA,EACX;AAAA,EAEA,MAAM,QAAQ;AAAA,EAEd;AACJ;AAEA,MAAM,cAAc;AAAA,EAChB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EAEA,YACI,WACA,OACA,QACA,kBACF;AACE,SAAK,YAAY;AACjB,SAAK,QAAQ;AACb,SAAK,gBAAgB,OAAO;AAC5B,SAAK,mBAAmB,OAAO;AAC/B,SAAK,gBAAgB,OAAO;AAC5B,SAAK,gBAAgB,OAAO;AAC5B,SAAK,aAAa,OAAO;AACzB,SAAK,oBAAoB,OAAO;AAChC,SAAK,oBAAoB,OAAO;AAChC,SAAK,mBAAmB;AAAA,EAC5B;AAAA,EAEA,IAAI,oBAAoB;AACpB,WAAQ,KAAK,uBAAuB,OAAO,cAAc,EAAE;AAAA,EAC/D;AACJ;",
|
|
5
|
+
"names": []
|
|
6
6
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@matter/protocol",
|
|
3
|
-
"version": "0.14.0-alpha.0-
|
|
3
|
+
"version": "0.14.0-alpha.0-20250528-ad0054c84",
|
|
4
4
|
"description": "Low-level APIs for Matter interaction",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"iot",
|
|
@@ -40,13 +40,13 @@
|
|
|
40
40
|
"#*": "./src/*"
|
|
41
41
|
},
|
|
42
42
|
"dependencies": {
|
|
43
|
-
"@matter/general": "0.14.0-alpha.0-
|
|
44
|
-
"@matter/model": "0.14.0-alpha.0-
|
|
45
|
-
"@matter/types": "0.14.0-alpha.0-
|
|
43
|
+
"@matter/general": "0.14.0-alpha.0-20250528-ad0054c84",
|
|
44
|
+
"@matter/model": "0.14.0-alpha.0-20250528-ad0054c84",
|
|
45
|
+
"@matter/types": "0.14.0-alpha.0-20250528-ad0054c84"
|
|
46
46
|
},
|
|
47
47
|
"devDependencies": {
|
|
48
|
-
"@matter/tools": "0.14.0-alpha.0-
|
|
49
|
-
"@matter/testing": "0.14.0-alpha.0-
|
|
48
|
+
"@matter/tools": "0.14.0-alpha.0-20250528-ad0054c84",
|
|
49
|
+
"@matter/testing": "0.14.0-alpha.0-20250528-ad0054c84"
|
|
50
50
|
},
|
|
51
51
|
"files": [
|
|
52
52
|
"dist/**/*",
|
|
@@ -10,7 +10,6 @@ import {
|
|
|
10
10
|
Environment,
|
|
11
11
|
Environmental,
|
|
12
12
|
ImplementationError,
|
|
13
|
-
InternalError,
|
|
14
13
|
Key,
|
|
15
14
|
MatterError,
|
|
16
15
|
MatterFlowError,
|
|
@@ -219,7 +218,7 @@ export class FabricManager {
|
|
|
219
218
|
return fabric;
|
|
220
219
|
}
|
|
221
220
|
|
|
222
|
-
throw new
|
|
221
|
+
throw new FabricNotFoundError();
|
|
223
222
|
}
|
|
224
223
|
|
|
225
224
|
findByKeypair(keypair: Key) {
|
|
@@ -5,8 +5,9 @@
|
|
|
5
5
|
*/
|
|
6
6
|
|
|
7
7
|
import { Bytes, Crypto, Logger, PublicKey, UnexpectedDataError } from "#general";
|
|
8
|
+
import { ChannelStatusResponseError } from "#securechannel/index.js";
|
|
8
9
|
import { SessionManager } from "#session/SessionManager.js";
|
|
9
|
-
import { NodeId } from "#types";
|
|
10
|
+
import { NodeId, ProtocolStatusCode } from "#types";
|
|
10
11
|
import { TlvIntermediateCertificate, TlvOperationalCertificate } from "../../certificate/CertificateManager.js";
|
|
11
12
|
import { Fabric } from "../../fabric/Fabric.js";
|
|
12
13
|
import { MessageExchange } from "../../protocol/MessageExchange.js";
|
|
@@ -36,7 +37,17 @@ export class CaseClient {
|
|
|
36
37
|
|
|
37
38
|
async pair(exchange: MessageExchange, fabric: Fabric, peerNodeId: NodeId, expectedProcessingTimeMs?: number) {
|
|
38
39
|
const messenger = new CaseClientMessenger(exchange, expectedProcessingTimeMs);
|
|
40
|
+
try {
|
|
41
|
+
return await this.#doPair(messenger, exchange, fabric, peerNodeId);
|
|
42
|
+
} catch (error) {
|
|
43
|
+
if (!(error instanceof ChannelStatusResponseError)) {
|
|
44
|
+
await messenger.sendError(ProtocolStatusCode.InvalidParam);
|
|
45
|
+
}
|
|
46
|
+
throw error;
|
|
47
|
+
}
|
|
48
|
+
}
|
|
39
49
|
|
|
50
|
+
async #doPair(messenger: CaseClientMessenger, exchange: MessageExchange, fabric: Fabric, peerNodeId: NodeId) {
|
|
40
51
|
// Generate pairing info
|
|
41
52
|
const initiatorRandom = Crypto.getRandom();
|
|
42
53
|
const initiatorSessionId = await this.#sessions.getNextAvailableSessionId(); // Initiator Session Id
|