npm - @matter/protocol - Versions diffs - 0.14.0 → 0.14.1-alpha.0-20250606-a9bcd03f9 - Mend

@matter/protocol 0.14.0 → 0.14.1-alpha.0-20250606-a9bcd03f9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/dist/cjs/action/server/AccessControl.d.ts +5 -7
package/dist/cjs/action/server/AccessControl.d.ts.map +1 -1
package/dist/cjs/action/server/AccessControl.js.map +1 -1
package/dist/cjs/action/server/AttributeWriteResponse.d.ts.map +1 -1
package/dist/cjs/action/server/AttributeWriteResponse.js +23 -0
package/dist/cjs/action/server/AttributeWriteResponse.js.map +1 -1
package/dist/cjs/action/server/CommandInvokeResponse.d.ts.map +1 -1
package/dist/cjs/action/server/CommandInvokeResponse.js +24 -1
package/dist/cjs/action/server/CommandInvokeResponse.js.map +1 -1
package/dist/cjs/action/server/DataResponse.d.ts +1 -1
package/dist/cjs/action/server/DataResponse.d.ts.map +1 -1
package/dist/cjs/action/server/Subject.d.ts +25 -0
package/dist/cjs/action/server/Subject.d.ts.map +1 -0
package/dist/cjs/action/server/Subject.js +54 -0
package/dist/cjs/action/server/Subject.js.map +6 -0
package/dist/cjs/action/server/index.d.ts +1 -0
package/dist/cjs/action/server/index.d.ts.map +1 -1
package/dist/cjs/action/server/index.js +1 -0
package/dist/cjs/action/server/index.js.map +1 -1
package/dist/cjs/certificate/DeviceCertification.d.ts +2 -2
package/dist/cjs/certificate/DeviceCertification.d.ts.map +1 -1
package/dist/cjs/certificate/DeviceCertification.js.map +1 -1
package/dist/cjs/cluster/client/AttributeClient.d.ts +3 -3
package/dist/cjs/cluster/client/AttributeClient.d.ts.map +1 -1
package/dist/cjs/cluster/client/AttributeClient.js +14 -2
package/dist/cjs/cluster/client/AttributeClient.js.map +1 -1
package/dist/cjs/cluster/client/ClusterClient.d.ts +3 -2
package/dist/cjs/cluster/client/ClusterClient.d.ts.map +1 -1
package/dist/cjs/cluster/client/ClusterClient.js +60 -1
package/dist/cjs/cluster/client/ClusterClient.js.map +1 -1
package/dist/cjs/cluster/client/ClusterClientTypes.d.ts +33 -8
package/dist/cjs/cluster/client/ClusterClientTypes.d.ts.map +1 -1
package/dist/cjs/cluster/client/EventClient.d.ts +3 -3
package/dist/cjs/cluster/client/EventClient.d.ts.map +1 -1
package/dist/cjs/cluster/client/EventClient.js +7 -0
package/dist/cjs/cluster/client/EventClient.js.map +1 -1
package/dist/cjs/codec/MessageCodec.d.ts.map +1 -1
package/dist/cjs/codec/MessageCodec.js +31 -6
package/dist/cjs/codec/MessageCodec.js.map +1 -1
package/dist/cjs/fabric/Fabric.d.ts +20 -30
package/dist/cjs/fabric/Fabric.d.ts.map +1 -1
package/dist/cjs/fabric/Fabric.js +38 -62
package/dist/cjs/fabric/Fabric.js.map +2 -2
package/dist/cjs/fabric/FabricManager.d.ts.map +1 -1
package/dist/cjs/fabric/FabricManager.js +10 -4
package/dist/cjs/fabric/FabricManager.js.map +1 -1
package/dist/cjs/groups/FabricGroupsManager.d.ts +46 -0
package/dist/cjs/groups/FabricGroupsManager.d.ts.map +1 -0
package/dist/cjs/groups/FabricGroupsManager.js +155 -0
package/dist/cjs/groups/FabricGroupsManager.js.map +6 -0
package/dist/cjs/groups/Groups.d.ts +34 -0
package/dist/cjs/groups/Groups.d.ts.map +1 -0
package/dist/cjs/groups/Groups.js +89 -0
package/dist/cjs/groups/Groups.js.map +6 -0
package/dist/cjs/groups/KeySets.d.ts +64 -0
package/dist/cjs/groups/KeySets.d.ts.map +1 -0
package/dist/cjs/groups/KeySets.js +179 -0
package/dist/cjs/groups/KeySets.js.map +6 -0
package/dist/cjs/groups/MessagingState.d.ts +24 -0
package/dist/cjs/groups/MessagingState.d.ts.map +1 -0
package/dist/cjs/groups/MessagingState.js +91 -0
package/dist/cjs/groups/MessagingState.js.map +6 -0
package/dist/cjs/groups/index.d.ts +8 -0
package/dist/cjs/groups/index.d.ts.map +1 -0
package/dist/cjs/groups/index.js +25 -0
package/dist/cjs/groups/index.js.map +6 -0
package/dist/cjs/index.d.ts +1 -0
package/dist/cjs/index.d.ts.map +1 -1
package/dist/cjs/index.js +1 -0
package/dist/cjs/index.js.map +1 -1
package/dist/cjs/interaction/AccessControlManager.d.ts +4 -13
package/dist/cjs/interaction/AccessControlManager.d.ts.map +1 -1
package/dist/cjs/interaction/AccessControlManager.js +38 -47
package/dist/cjs/interaction/AccessControlManager.js.map +1 -1
package/dist/cjs/interaction/InteractionClient.d.ts +5 -4
package/dist/cjs/interaction/InteractionClient.d.ts.map +1 -1
package/dist/cjs/interaction/InteractionClient.js +53 -3
package/dist/cjs/interaction/InteractionClient.js.map +1 -1
package/dist/cjs/interaction/InteractionMessenger.d.ts.map +1 -1
package/dist/cjs/interaction/InteractionMessenger.js +15 -0
package/dist/cjs/interaction/InteractionMessenger.js.map +1 -1
package/dist/cjs/interaction/Subscription.d.ts +3 -3
package/dist/cjs/interaction/Subscription.d.ts.map +1 -1
package/dist/cjs/interaction/Subscription.js.map +1 -1
package/dist/cjs/peer/PeerAddress.d.ts +1 -0
package/dist/cjs/peer/PeerAddress.d.ts.map +1 -1
package/dist/cjs/peer/PeerAddress.js +5 -0
package/dist/cjs/peer/PeerAddress.js.map +1 -1
package/dist/cjs/peer/PeerSet.d.ts.map +1 -1
package/dist/cjs/peer/PeerSet.js +31 -2
package/dist/cjs/peer/PeerSet.js.map +1 -1
package/dist/cjs/protocol/ChannelManager.d.ts.map +1 -1
package/dist/cjs/protocol/ChannelManager.js +7 -8
package/dist/cjs/protocol/ChannelManager.js.map +1 -1
package/dist/cjs/protocol/ExchangeManager.d.ts.map +1 -1
package/dist/cjs/protocol/ExchangeManager.js +39 -25
package/dist/cjs/protocol/ExchangeManager.js.map +1 -1
package/dist/cjs/protocol/MessageExchange.d.ts +1 -1
package/dist/cjs/protocol/MessageExchange.d.ts.map +1 -1
package/dist/cjs/protocol/MessageExchange.js +32 -4
package/dist/cjs/protocol/MessageExchange.js.map +1 -1
package/dist/cjs/protocol/MessageReceptionState.d.ts +1 -1
package/dist/cjs/securechannel/SecureChannelProtocol.js +1 -1
package/dist/cjs/securechannel/SecureChannelProtocol.js.map +1 -1
package/dist/cjs/session/GroupSession.d.ts +56 -0
package/dist/cjs/session/GroupSession.d.ts.map +1 -0
package/dist/cjs/session/GroupSession.js +188 -0
package/dist/cjs/session/GroupSession.js.map +6 -0
package/dist/cjs/session/InsecureSession.d.ts +2 -1
package/dist/cjs/session/InsecureSession.d.ts.map +1 -1
package/dist/cjs/session/InsecureSession.js +3 -2
package/dist/cjs/session/InsecureSession.js.map +1 -1
package/dist/cjs/session/NodeSession.d.ts +88 -0
package/dist/cjs/session/NodeSession.d.ts.map +1 -0
package/dist/cjs/session/NodeSession.js +318 -0
package/dist/cjs/session/NodeSession.js.map +6 -0
package/dist/cjs/session/SecureSession.d.ts +10 -75
package/dist/cjs/session/SecureSession.d.ts.map +1 -1
package/dist/cjs/session/SecureSession.js +9 -280
package/dist/cjs/session/SecureSession.js.map +2 -2
package/dist/cjs/session/Session.d.ts +6 -5
package/dist/cjs/session/Session.d.ts.map +1 -1
package/dist/cjs/session/Session.js +11 -1
package/dist/cjs/session/Session.js.map +1 -1
package/dist/cjs/session/SessionManager.d.ts +27 -9
package/dist/cjs/session/SessionManager.d.ts.map +1 -1
package/dist/cjs/session/SessionManager.js +83 -5
package/dist/cjs/session/SessionManager.js.map +2 -2
package/dist/cjs/session/case/CaseClient.d.ts +1 -1
package/dist/cjs/session/case/CaseClient.js +2 -2
package/dist/cjs/session/case/CaseClient.js.map +1 -1
package/dist/cjs/session/index.d.ts +2 -0
package/dist/cjs/session/index.d.ts.map +1 -1
package/dist/cjs/session/index.js +2 -0
package/dist/cjs/session/index.js.map +1 -1
package/dist/cjs/session/pase/PaseClient.d.ts +1 -1
package/dist/esm/action/server/AccessControl.d.ts +5 -7
package/dist/esm/action/server/AccessControl.d.ts.map +1 -1
package/dist/esm/action/server/AccessControl.js.map +1 -1
package/dist/esm/action/server/AttributeWriteResponse.d.ts.map +1 -1
package/dist/esm/action/server/AttributeWriteResponse.js +23 -0
package/dist/esm/action/server/AttributeWriteResponse.js.map +1 -1
package/dist/esm/action/server/CommandInvokeResponse.d.ts.map +1 -1
package/dist/esm/action/server/CommandInvokeResponse.js +24 -1
package/dist/esm/action/server/CommandInvokeResponse.js.map +1 -1
package/dist/esm/action/server/DataResponse.d.ts +1 -1
package/dist/esm/action/server/DataResponse.d.ts.map +1 -1
package/dist/esm/action/server/Subject.d.ts +25 -0
package/dist/esm/action/server/Subject.d.ts.map +1 -0
package/dist/esm/action/server/Subject.js +34 -0
package/dist/esm/action/server/Subject.js.map +6 -0
package/dist/esm/action/server/index.d.ts +1 -0
package/dist/esm/action/server/index.d.ts.map +1 -1
package/dist/esm/action/server/index.js +1 -0
package/dist/esm/action/server/index.js.map +1 -1
package/dist/esm/certificate/DeviceCertification.d.ts +2 -2
package/dist/esm/certificate/DeviceCertification.d.ts.map +1 -1
package/dist/esm/certificate/DeviceCertification.js.map +1 -1
package/dist/esm/cluster/client/AttributeClient.d.ts +3 -3
package/dist/esm/cluster/client/AttributeClient.d.ts.map +1 -1
package/dist/esm/cluster/client/AttributeClient.js +13 -1
package/dist/esm/cluster/client/AttributeClient.js.map +1 -1
package/dist/esm/cluster/client/ClusterClient.d.ts +3 -2
package/dist/esm/cluster/client/ClusterClient.d.ts.map +1 -1
package/dist/esm/cluster/client/ClusterClient.js +61 -2
package/dist/esm/cluster/client/ClusterClient.js.map +1 -1
package/dist/esm/cluster/client/ClusterClientTypes.d.ts +33 -8
package/dist/esm/cluster/client/ClusterClientTypes.d.ts.map +1 -1
package/dist/esm/cluster/client/EventClient.d.ts +3 -3
package/dist/esm/cluster/client/EventClient.d.ts.map +1 -1
package/dist/esm/cluster/client/EventClient.js +7 -0
package/dist/esm/cluster/client/EventClient.js.map +1 -1
package/dist/esm/codec/MessageCodec.d.ts.map +1 -1
package/dist/esm/codec/MessageCodec.js +41 -7
package/dist/esm/codec/MessageCodec.js.map +1 -1
package/dist/esm/fabric/Fabric.d.ts +20 -30
package/dist/esm/fabric/Fabric.d.ts.map +1 -1
package/dist/esm/fabric/Fabric.js +38 -62
package/dist/esm/fabric/Fabric.js.map +2 -2
package/dist/esm/fabric/FabricManager.d.ts.map +1 -1
package/dist/esm/fabric/FabricManager.js +10 -4
package/dist/esm/fabric/FabricManager.js.map +1 -1
package/dist/esm/groups/FabricGroupsManager.d.ts +46 -0
package/dist/esm/groups/FabricGroupsManager.d.ts.map +1 -0
package/dist/esm/groups/FabricGroupsManager.js +135 -0
package/dist/esm/groups/FabricGroupsManager.js.map +6 -0
package/dist/esm/groups/Groups.d.ts +34 -0
package/dist/esm/groups/Groups.d.ts.map +1 -0
package/dist/esm/groups/Groups.js +69 -0
package/dist/esm/groups/Groups.js.map +6 -0
package/dist/esm/groups/KeySets.d.ts +64 -0
package/dist/esm/groups/KeySets.d.ts.map +1 -0
package/dist/esm/groups/KeySets.js +159 -0
package/dist/esm/groups/KeySets.js.map +6 -0
package/dist/esm/groups/MessagingState.d.ts +24 -0
package/dist/esm/groups/MessagingState.d.ts.map +1 -0
package/dist/esm/groups/MessagingState.js +71 -0
package/dist/esm/groups/MessagingState.js.map +6 -0
package/dist/esm/groups/index.d.ts +8 -0
package/dist/esm/groups/index.d.ts.map +1 -0
package/dist/esm/groups/index.js +8 -0
package/dist/esm/groups/index.js.map +6 -0
package/dist/esm/index.d.ts +1 -0
package/dist/esm/index.d.ts.map +1 -1
package/dist/esm/index.js +1 -0
package/dist/esm/index.js.map +1 -1
package/dist/esm/interaction/AccessControlManager.d.ts +4 -13
package/dist/esm/interaction/AccessControlManager.d.ts.map +1 -1
package/dist/esm/interaction/AccessControlManager.js +39 -48
package/dist/esm/interaction/AccessControlManager.js.map +1 -1
package/dist/esm/interaction/InteractionClient.d.ts +5 -4
package/dist/esm/interaction/InteractionClient.d.ts.map +1 -1
package/dist/esm/interaction/InteractionClient.js +54 -4
package/dist/esm/interaction/InteractionClient.js.map +1 -1
package/dist/esm/interaction/InteractionMessenger.d.ts.map +1 -1
package/dist/esm/interaction/InteractionMessenger.js +15 -0
package/dist/esm/interaction/InteractionMessenger.js.map +1 -1
package/dist/esm/interaction/Subscription.d.ts +3 -3
package/dist/esm/interaction/Subscription.d.ts.map +1 -1
package/dist/esm/interaction/Subscription.js.map +1 -1
package/dist/esm/peer/PeerAddress.d.ts +1 -0
package/dist/esm/peer/PeerAddress.d.ts.map +1 -1
package/dist/esm/peer/PeerAddress.js +5 -0
package/dist/esm/peer/PeerAddress.js.map +1 -1
package/dist/esm/peer/PeerSet.d.ts.map +1 -1
package/dist/esm/peer/PeerSet.js +33 -3
package/dist/esm/peer/PeerSet.js.map +1 -1
package/dist/esm/protocol/ChannelManager.d.ts.map +1 -1
package/dist/esm/protocol/ChannelManager.js +7 -8
package/dist/esm/protocol/ChannelManager.js.map +1 -1
package/dist/esm/protocol/ExchangeManager.d.ts.map +1 -1
package/dist/esm/protocol/ExchangeManager.js +41 -27
package/dist/esm/protocol/ExchangeManager.js.map +1 -1
package/dist/esm/protocol/MessageExchange.d.ts +1 -1
package/dist/esm/protocol/MessageExchange.d.ts.map +1 -1
package/dist/esm/protocol/MessageExchange.js +39 -5
package/dist/esm/protocol/MessageExchange.js.map +1 -1
package/dist/esm/protocol/MessageReceptionState.d.ts +1 -1
package/dist/esm/securechannel/SecureChannelProtocol.js +2 -2
package/dist/esm/securechannel/SecureChannelProtocol.js.map +1 -1
package/dist/esm/session/GroupSession.d.ts +56 -0
package/dist/esm/session/GroupSession.d.ts.map +1 -0
package/dist/esm/session/GroupSession.js +177 -0
package/dist/esm/session/GroupSession.js.map +6 -0
package/dist/esm/session/InsecureSession.d.ts +2 -1
package/dist/esm/session/InsecureSession.d.ts.map +1 -1
package/dist/esm/session/InsecureSession.js +3 -2
package/dist/esm/session/InsecureSession.js.map +1 -1
package/dist/esm/session/NodeSession.d.ts +88 -0
package/dist/esm/session/NodeSession.d.ts.map +1 -0
package/dist/esm/session/NodeSession.js +298 -0
package/dist/esm/session/NodeSession.js.map +6 -0
package/dist/esm/session/SecureSession.d.ts +10 -75
package/dist/esm/session/SecureSession.d.ts.map +1 -1
package/dist/esm/session/SecureSession.js +10 -291
package/dist/esm/session/SecureSession.js.map +2 -2
package/dist/esm/session/Session.d.ts +6 -5
package/dist/esm/session/Session.d.ts.map +1 -1
package/dist/esm/session/Session.js +12 -2
package/dist/esm/session/Session.js.map +1 -1
package/dist/esm/session/SessionManager.d.ts +27 -9
package/dist/esm/session/SessionManager.d.ts.map +1 -1
package/dist/esm/session/SessionManager.js +84 -6
package/dist/esm/session/SessionManager.js.map +1 -1
package/dist/esm/session/case/CaseClient.d.ts +1 -1
package/dist/esm/session/case/CaseClient.js +2 -2
package/dist/esm/session/case/CaseClient.js.map +1 -1
package/dist/esm/session/index.d.ts +2 -0
package/dist/esm/session/index.d.ts.map +1 -1
package/dist/esm/session/index.js +2 -0
package/dist/esm/session/index.js.map +1 -1
package/dist/esm/session/pase/PaseClient.d.ts +1 -1
package/package.json +6 -6
package/src/action/server/AccessControl.ts +4 -7
package/src/action/server/AttributeWriteResponse.ts +29 -7
package/src/action/server/CommandInvokeResponse.ts +28 -7
package/src/action/server/DataResponse.ts +1 -1
package/src/action/server/Subject.ts +45 -0
package/src/action/server/index.ts +1 -0
package/src/certificate/DeviceCertification.ts +2 -2
package/src/cluster/client/AttributeClient.ts +15 -3
package/src/cluster/client/ClusterClient.ts +90 -4
package/src/cluster/client/ClusterClientTypes.ts +38 -9
package/src/cluster/client/EventClient.ts +9 -2
package/src/codec/MessageCodec.ts +49 -8
package/src/fabric/Fabric.ts +51 -85
package/src/fabric/FabricManager.ts +11 -4
package/src/groups/FabricGroupsManager.ts +164 -0
package/src/groups/Groups.ts +81 -0
package/src/groups/KeySets.ts +194 -0
package/src/groups/MessagingState.ts +76 -0
package/src/groups/index.ts +8 -0
package/src/index.ts +1 -0
package/src/interaction/AccessControlManager.ts +49 -81
package/src/interaction/InteractionClient.ts +66 -6
package/src/interaction/InteractionMessenger.ts +15 -0
package/src/interaction/Subscription.ts +3 -3
package/src/peer/PeerAddress.ts +4 -0
package/src/peer/PeerSet.ts +39 -4
package/src/protocol/ChannelManager.ts +7 -9
package/src/protocol/ExchangeManager.ts +51 -35
package/src/protocol/MessageExchange.ts +42 -7
package/src/protocol/MessageReceptionState.ts +2 -2
package/src/securechannel/SecureChannelProtocol.ts +2 -2
package/src/session/GroupSession.ts +223 -0
package/src/session/InsecureSession.ts +3 -2
package/src/session/NodeSession.ts +367 -0
package/src/session/SecureSession.ts +14 -363
package/src/session/Session.ts +17 -6
package/src/session/SessionManager.ts +94 -14
package/src/session/case/CaseClient.ts +2 -2
package/src/session/index.ts +2 -3

package/src/session/SecureSession.ts CHANGED Viewed

@@ -3,371 +3,22 @@
  * Copyright 2022-2025 Matter.js Authors
  * SPDX-License-Identifier: Apache-2.0
  */
-import {
-    BasicSet,
-    Bytes,
-    CRYPTO_SYMMETRIC_KEY_LENGTH,
-    Crypto,
-    DataWriter,
-    Diagnostic,
-    Endian,
-    Logger,
-    MatterFlowError,
-} from "#general";
-import { Subscription } from "#interaction/Subscription.js";
-import { PeerAddress } from "#peer/PeerAddress.js";
-import { CaseAuthenticatedTag, FabricIndex, NodeId, StatusCode, StatusResponseError } from "#types";
-import { DecodedMessage, DecodedPacket, Message, MessageCodec, Packet } from "../codec/MessageCodec.js";
-import { Fabric } from "../fabric/Fabric.js";
-import { NoChannelError } from "../protocol/ChannelManager.js";
-import { MessageCounter } from "../protocol/MessageCounter.js";
-import { MessageReceptionStateEncryptedWithoutRollover } from "../protocol/MessageReceptionState.js";
-import { Session, SessionParameterOptions } from "./Session.js";
-import { type SessionManager } from "./SessionManager.js";
-const logger = Logger.get("SecureSession");
-const SESSION_KEYS_INFO = Bytes.fromString("SessionKeys");
-const SESSION_RESUMPTION_KEYS_INFO = Bytes.fromString("SessionResumptionKeys");
-export class NoAssociatedFabricError extends StatusResponseError {
-    constructor(message: string) {
-        super(message, StatusCode.UnsupportedAccess);
-    }
+import { Subject } from "#action/server/Subject.js";
+import { Message } from "#codec/MessageCodec.js";
+import { Fabric } from "#fabric/Fabric.js";
+import { MatterFlowError } from "#general";
+import { Session } from "./Session.js";
+export abstract class SecureSession extends Session {
+    readonly isSecure = true;
+    abstract fabric: Fabric | undefined;
+    abstract subjectFor(message?: Message): Subject;
 }
-export class SecureSession extends Session {
-    readonly #subscriptions = new BasicSet<Subscription>();
-    #closingAfterExchangeFinished = false;
-    #sendCloseMessageWhenClosing = true;
-    readonly #id: number;
-    readonly #isInitiator: boolean;
-    #fabric: Fabric | undefined;
-    readonly #peerNodeId: NodeId;
-    readonly #peerSessionId: number;
-    readonly #decryptKey: Uint8Array;
-    readonly #encryptKey: Uint8Array;
-    readonly #attestationKey: Uint8Array;
-    #caseAuthenticatedTags: CaseAuthenticatedTag[];
-    #isClosing = false;
-    readonly supportsMRP = true;
-    static async create(args: {
-        manager?: SessionManager;
-        id: number;
-        fabric: Fabric | undefined;
-        peerNodeId: NodeId;
-        peerSessionId: number;
-        sharedSecret: Uint8Array;
-        salt: Uint8Array;
-        isInitiator: boolean;
-        isResumption: boolean;
-        peerSessionParameters?: SessionParameterOptions;
-        caseAuthenticatedTags?: CaseAuthenticatedTag[];
-    }) {
-        const {
-            manager,
-            id,
-            fabric,
-            peerNodeId,
-            peerSessionId,
-            sharedSecret,
-            salt,
-            isInitiator,
-            isResumption,
-            peerSessionParameters,
-            caseAuthenticatedTags,
-        } = args;
-        const keys = await Crypto.hkdf(
-            sharedSecret,
-            salt,
-            isResumption ? SESSION_RESUMPTION_KEYS_INFO : SESSION_KEYS_INFO,
-            CRYPTO_SYMMETRIC_KEY_LENGTH * 3,
-        );
-        const decryptKey = isInitiator ? keys.slice(16, 32) : keys.slice(0, 16);
-        const encryptKey = isInitiator ? keys.slice(0, 16) : keys.slice(16, 32);
-        const attestationKey = keys.slice(32, 48);
-        return new SecureSession({
-            manager,
-            id,
-            fabric,
-            peerNodeId,
-            peerSessionId,
-            decryptKey,
-            encryptKey,
-            attestationKey,
-            sessionParameters: peerSessionParameters,
-            isInitiator,
-            caseAuthenticatedTags,
-        });
-    }
-    constructor(args: {
-        manager?: SessionManager;
-        id: number;
-        fabric: Fabric | undefined;
-        peerNodeId: NodeId;
-        peerSessionId: number;
-        decryptKey: Uint8Array;
-        encryptKey: Uint8Array;
-        attestationKey: Uint8Array;
-        sessionParameters?: SessionParameterOptions;
-        caseAuthenticatedTags?: CaseAuthenticatedTag[];
-        isInitiator: boolean;
-    }) {
-        super({
-            ...args,
-            setActiveTimestamp: true, // We always set the active timestamp for Secure sessions
-            // Can be changed to a PersistedMessageCounter if we implement session storage
-            messageCounter: new MessageCounter(() => {
-                // Secure Session Message Counter
-                // Expire/End the session before the counter rolls over
-                this.end(true, true).catch(error => logger.error(`Error while closing session: ${error}`));
-            }),
-            messageReceptionState: new MessageReceptionStateEncryptedWithoutRollover(),
-        });
-        const {
-            manager,
-            id,
-            fabric,
-            peerNodeId,
-            peerSessionId,
-            decryptKey,
-            encryptKey,
-            attestationKey,
-            caseAuthenticatedTags,
-            isInitiator,
-        } = args;
-        this.#id = id;
-        this.#fabric = fabric;
-        this.#peerNodeId = peerNodeId;
-        this.#peerSessionId = peerSessionId;
-        this.#decryptKey = decryptKey;
-        this.#encryptKey = encryptKey;
-        this.#attestationKey = attestationKey;
-        this.#caseAuthenticatedTags = caseAuthenticatedTags ?? [];
-        this.#isInitiator = isInitiator;
-        manager?.sessions.add(this);
-        fabric?.addSession(this);
-        logger.debug(
-            `Created secure ${this.isPase ? "PASE" : "CASE"} session for fabric index ${fabric?.fabricIndex}`,
-            this.name,
-            this.parameterDiagnostics(),
-        );
-    }
-    parameterDiagnostics() {
-        return Diagnostic.dict(
-            {
-                SII: this.idleIntervalMs,
-                SAI: this.activeIntervalMs,
-                SAT: this.activeThresholdMs,
-                DMRev: this.dataModelRevision,
-                IMRev: this.interactionModelRevision,
-                spec: Diagnostic.hex(this.specificationVersion),
-                maxPaths: this.maxPathsPerInvoke,
-                CATs: this.#caseAuthenticatedTags,
-            },
-            true,
-        );
-    }
-    get caseAuthenticatedTags() {
-        return this.#caseAuthenticatedTags;
-    }
-    get closingAfterExchangeFinished() {
-        return this.#closingAfterExchangeFinished;
-    }
-    get sendCloseMessageWhenClosing() {
-        return this.#sendCloseMessageWhenClosing;
-    }
-    get isSecure(): boolean {
-        return true;
-    }
-    get isPase(): boolean {
-        return this.#peerNodeId === NodeId.UNSPECIFIED_NODE_ID;
-    }
-    get subscriptions() {
-        return this.#subscriptions;
-    }
-    get isInitiator() {
-        return this.#isInitiator;
-    }
-    get isClosing() {
-        return this.#isClosing;
-    }
-    async close(closeAfterExchangeFinished?: boolean) {
-        if (closeAfterExchangeFinished === undefined) {
-            closeAfterExchangeFinished = this.isPeerActive(); // We delay session close if the peer is actively communicating with us
-        }
-        await this.end(true, closeAfterExchangeFinished);
-    }
-    decode({ header, applicationPayload, messageExtension }: DecodedPacket, aad: Uint8Array): DecodedMessage {
-        if (header.hasMessageExtensions) {
-            logger.info(
-                `Message extensions are not supported. Ignoring ${messageExtension ? Bytes.toHex(messageExtension) : undefined}`,
-            );
-        }
-        const nonce = this.generateNonce(header.securityFlags, header.messageId, this.#peerNodeId);
-        const message = MessageCodec.decodePayload({
-            header,
-            applicationPayload: Crypto.decrypt(this.#decryptKey, applicationPayload, nonce, aad),
-        });
-        if (message.payloadHeader.hasSecuredExtension) {
-            logger.info(
-                `Secured extensions are not supported. Ignoring ${message.securityExtension ? Bytes.toHex(message.securityExtension) : undefined}`,
-            );
+export namespace SecureSession {
+    export function assert(session?: Session, errorText?: string): asserts session is SecureSession {
+        if (!session?.isSecure) {
+            throw new MatterFlowError(errorText ?? "Insecure session in secure context");
         }
-        return message;
-    }
-    encode(message: Message): Packet {
-        message.packetHeader.sessionId = this.#peerSessionId;
-        const { header, applicationPayload } = MessageCodec.encodePayload(message);
-        const headerBytes = MessageCodec.encodePacketHeader(message.packetHeader);
-        const securityFlags = headerBytes[3];
-        const sessionNodeId = this.isPase
-            ? NodeId.UNSPECIFIED_NODE_ID
-            : (this.#fabric?.nodeId ?? NodeId.UNSPECIFIED_NODE_ID);
-        const nonce = this.generateNonce(securityFlags, header.messageId, sessionNodeId);
-        return { header, applicationPayload: Crypto.encrypt(this.#encryptKey, applicationPayload, nonce, headerBytes) };
-    }
-    get attestationChallengeKey(): Uint8Array {
-        return this.#attestationKey;
-    }
-    get fabric() {
-        return this.#fabric;
-    }
-    addAssociatedFabric(fabric: Fabric) {
-        if (this.#fabric !== undefined) {
-            throw new MatterFlowError("Session already has an associated Fabric. Cannot change this.");
-        }
-        this.#fabric = fabric;
-    }
-    get id() {
-        return this.#id;
-    }
-    get name() {
-        return `secure/${this.#id}`;
-    }
-    get peerSessionId(): number {
-        return this.#peerSessionId;
-    }
-    get nodeId() {
-        return this.#fabric?.nodeId ?? NodeId.UNSPECIFIED_NODE_ID;
-    }
-    get peerNodeId() {
-        return this.#peerNodeId;
-    }
-    get associatedFabric(): Fabric {
-        if (this.#fabric === undefined) {
-            throw new NoAssociatedFabricError(
-                `${this.isPase ? "PASE " : ""}Session needs to have an associated Fabric for fabric sensitive data handling.`,
-            );
-        }
-        return this.#fabric;
-    }
-    async clearSubscriptions(flushSubscriptions = false, cancelledByPeer = false) {
-        const subscriptions = [...this.#subscriptions]; // get all values because subscriptions will remove themselves when cancelled
-        for (const subscription of subscriptions) {
-            await subscription.close(flushSubscriptions, cancelledByPeer);
-        }
-        return subscriptions.length;
-    }
-    /** Ends a session. Outstanding subscription data will be flushed before the session is destroyed. */
-    async end(sendClose: boolean, closeAfterExchangeFinished = false) {
-        await this.clearSubscriptions(true);
-        await this.destroy(sendClose, closeAfterExchangeFinished);
-    }
-    /** Destroys a session. Outstanding subscription data will be discarded. */
-    async destroy(sendClose = false, closeAfterExchangeFinished = true) {
-        await this.clearSubscriptions(false);
-        this.#fabric?.removeSession(this);
-        if (!sendClose) {
-            this.#sendCloseMessageWhenClosing = false;
-        }
-        if (closeAfterExchangeFinished) {
-            logger.info(`Register Session ${this.name} to close when exchange is ended.`);
-            this.#closingAfterExchangeFinished = true;
-        } else {
-            this.#isClosing = true;
-            logger.info(`End ${this.isPase ? "PASE" : "CASE"} session ${this.name}`);
-            this.manager?.sessions.delete(this);
-            // Wait for the exchange to finish closing, but ignore errors if channel is already closed
-            if (this.closer) {
-                try {
-                    await this.closer;
-                } catch (error) {
-                    NoChannelError.accept(error);
-                } finally {
-                    await this.destroyed.emit();
-                }
-                return;
-            }
-            await this.destroyed.emit();
-        }
-    }
-    /**
-     * The peer node's address.
-     */
-    get peerAddress() {
-        return PeerAddress({
-            fabricIndex: this.#fabric?.fabricIndex ?? FabricIndex.NO_FABRIC,
-            nodeId: this.#peerNodeId,
-        });
-    }
-    /**
-     * Indicates whether a peer matches a specific address.
-     */
-    peerIs(address: PeerAddress) {
-        return (
-            (this.#fabric?.fabricIndex ?? FabricIndex.NO_FABRIC) === address.fabricIndex &&
-            this.#peerNodeId === address.nodeId
-        );
-    }
-    private generateNonce(securityFlags: number, messageId: number, nodeId: NodeId) {
-        const writer = new DataWriter(Endian.Little);
-        writer.writeUInt8(securityFlags);
-        writer.writeUInt32(messageId);
-        writer.writeUInt64(nodeId);
-        return writer.toByteArray();
-    }
-}
-export function assertSecureSession(session?: Session, errorText?: string): asserts session is SecureSession {
-    if (!session?.isSecure) {
-        throw new MatterFlowError(errorText ?? "Insecure session in secure context");
     }
 }

package/src/session/Session.ts CHANGED Viewed

@@ -4,9 +4,9 @@
  * SPDX-License-Identifier: Apache-2.0
  */
-import { AsyncObservable, Time } from "#general";
+import { AsyncObservable, DataWriter, Endian, InternalError, Time } from "#general";
 import { NodeId, TypeFromPartialBitSchema } from "#types";
-import { DecodedMessage, DecodedPacket, Message, Packet } from "../codec/MessageCodec.js";
+import { DecodedMessage, DecodedPacket, Message, Packet, SessionType } from "../codec/MessageCodec.js";
 import { SupportedTransportsBitmap } from "../common/Scanner.js";
 import { Fabric } from "../fabric/Fabric.js";
 import { MessageCounter } from "../protocol/MessageCounter.js";
@@ -103,6 +103,7 @@ export abstract class Session {
     timestamp = Time.nowMs();
     readonly createdAt = Time.nowMs();
     activeTimestamp = 0;
+    abstract type: SessionType;
     protected readonly idleIntervalMs: number;
     protected readonly activeIntervalMs: number;
     protected readonly activeThresholdMs: number;
@@ -111,7 +112,7 @@ export abstract class Session {
     protected readonly specificationVersion: number;
     protected readonly maxPathsPerInvoke: number;
     protected readonly messageCounter: MessageCounter;
-    protected readonly messageReceptionState: MessageReceptionState;
+    protected readonly messageReceptionState?: MessageReceptionState;
     protected readonly supportedTransports: TypeFromPartialBitSchema<typeof SupportedTransportsBitmap>;
     protected readonly maxTcpMessageSize: number;
@@ -126,7 +127,7 @@ export abstract class Session {
     constructor(args: {
         manager?: SessionManager;
         messageCounter: MessageCounter;
-        messageReceptionState: MessageReceptionState;
+        messageReceptionState?: MessageReceptionState;
         sessionParameters?: SessionParameterOptions;
         setActiveTimestamp: boolean;
     }) {
@@ -184,10 +185,21 @@ export abstract class Session {
         return this.messageCounter.getIncrementedCounter();
     }
-    updateMessageCounter(messageCounter: number, _sourceNodeId?: NodeId) {
+    updateMessageCounter(messageCounter: number, _sourceNodeId?: NodeId, _operationalKey?: Uint8Array) {
+        if (this.messageReceptionState === undefined) {
+            throw new InternalError("MessageReceptionState is not defined for this session");
+        }
         this.messageReceptionState.updateMessageCounter(messageCounter);
     }
+    protected static generateNonce(securityFlags: number, messageId: number, nodeId: NodeId) {
+        const writer = new DataWriter(Endian.Little);
+        writer.writeUInt8(securityFlags);
+        writer.writeUInt32(messageId);
+        writer.writeUInt64(nodeId);
+        return writer.toByteArray();
+    }
     /**
      * The peer's session parameters.
      */
@@ -217,7 +229,6 @@ export abstract class Session {
     }
     abstract isSecure: boolean;
-    abstract isPase: boolean;
     abstract id: number;
     abstract peerSessionId: number;
     abstract nodeId: NodeId | undefined;

package/src/session/SessionManager.ts CHANGED Viewed

@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
+import { DecodedPacket } from "#codec/index.js";
 import { FabricManager } from "#fabric/FabricManager.js";
 import {
     BasicSet,
@@ -25,11 +26,14 @@ import {
 import { Subscription } from "#interaction/Subscription.js";
 import { Specification } from "#model";
 import { PeerAddress, PeerAddressMap } from "#peer/PeerAddress.js";
-import { CaseAuthenticatedTag, DEFAULT_MAX_PATHS_PER_INVOKE, FabricId, FabricIndex, NodeId } from "#types";
+import { GroupSession } from "#session/GroupSession.js";
+import { CaseAuthenticatedTag, DEFAULT_MAX_PATHS_PER_INVOKE, FabricId, FabricIndex, GroupId, NodeId } from "#types";
+import { UnexpectedDataError } from "@matter/general";
 import { SupportedTransportsSchema } from "../common/Scanner.js";
 import { Fabric } from "../fabric/Fabric.js";
 import { MessageCounter } from "../protocol/MessageCounter.js";
 import { InsecureSession } from "./InsecureSession.js";
+import { NodeSession } from "./NodeSession.js";
 import { SecureSession } from "./SecureSession.js";
 import {
     FALLBACK_DATAMODEL_REVISION,
@@ -118,11 +122,12 @@ const ID_SPACE_UPPER_BOUND = 0xffff;
 export class SessionManager {
     readonly #context: SessionManagerContext;
     readonly #insecureSessions = new Map<NodeId, InsecureSession>();
-    readonly #sessions = new BasicSet<SecureSession>();
+    readonly #sessions = new BasicSet<NodeSession>();
+    readonly #groupSessions = new Map<NodeId, BasicSet<GroupSession>>();
     #nextSessionId = Crypto.getRandomUInt16();
     #resumptionRecords = new PeerAddressMap<ResumptionRecord>();
     readonly #globalUnencryptedMessageCounter = new MessageCounter();
-    readonly #subscriptionsChanged = Observable<[session: SecureSession, subscription: Subscription]>();
+    readonly #subscriptionsChanged = Observable<[session: NodeSession, subscription: Subscription]>();
     #sessionParameters: SessionParameters;
     readonly #resubmissionStarted = Observable<[session: Session]>();
     readonly #construction: Construction<SessionManager>;
@@ -278,7 +283,7 @@ export class SessionManager {
             peerSessionParameters,
             caseAuthenticatedTags,
         } = args;
-        const session = await SecureSession.create({
+        const session = await NodeSession.create({
             manager: this,
             id: sessionId,
             fabric,
@@ -347,7 +352,7 @@ export class SessionManager {
     findOldestInactiveSession() {
         this.#construction.assert();
-        let oldestSession: SecureSession | undefined = undefined;
+        let oldestSession: NodeSession | undefined = undefined;
         for (const session of this.#sessions) {
             if (!oldestSession || session.activeTimestamp < oldestSession.activeTimestamp) {
                 oldestSession = session;
@@ -389,8 +394,8 @@ export class SessionManager {
         this.#construction.assert();
         return [...this.#sessions].find(
-            session => session.isSecure && session.isPase && !session.closingAfterExchangeFinished,
-        ) as SecureSession;
+            session => NodeSession.is(session) && session.isPase && !session.closingAfterExchangeFinished,
+        ) as NodeSession;
     }
     getSessionForNode(address: PeerAddress) {
@@ -427,15 +432,85 @@ export class SessionManager {
         return this.#insecureSessions.get(sourceNodeId);
     }
-    findGroupSession(groupId: number, groupSessionId: number) {
-        this.#construction.assert();
+    /**
+     * Creates or Returns a Group Session for a Group Peer Address.
+     * This is used for sending group messages because it returns the session for the current
+     * Group Epoch key. The Source Node Id is the own Node.
+     */
+    groupSessionForAddress(address: PeerAddress) {
+        const groupId = GroupId.fromNodeId(address.nodeId);
+        GroupId.assertGroupId(groupId);
+        const fabric = this.fabricFor(address);
+        const { key, keySetId, sessionId } = fabric.groups.currentKeyForGroup(groupId);
+        if (sessionId === undefined || key === undefined) {
+            throw new UnexpectedDataError(
+                `No group session data found for group ${groupId} in fabric ${fabric.fabricId}.`,
+            );
+        }
+        let session = this.#groupSessions.get(fabric.nodeId)?.get("id", sessionId);
+        if (session === undefined) {
+            session = new GroupSession({
+                manager: this,
+                id: sessionId,
+                fabric,
+                keySetId,
+                operationalGroupKey: key,
+                peerNodeId: address.nodeId, // The peer node ID is the group node ID
+            });
+        }
+        return session;
+    }
-        // Use groupsession id to find the key ??!!
-        // The Group Session ID MAY help receiving nodes efficiently locate the Operational Group Key used to encrypt an incoming groupcast message. It SHALL NOT be used as the sole means to locate the asso ciated Operational Group Key, since it MAY collide within the fabric. Instead, the Group Session ID provides receiving nodes a means to identify Operational Group Key candidates without the need to first attempt to decrypt groupcast messages using all available keys.
-        // On receipt of a message of Group Session Type, all valid, installed, operational group key candidates referenced by the given Group Session ID SHALL be attempted until authentication is passed or there are no more operational group keys to try. This is done because the same Group Session ID might arise from different keys. The chance of a Group Session ID collision is 2-16 but the chance of both a Group Session ID collision and the message MIC matching two different operational group keys is 2-80.
+    /**
+     * Creates or Returns the Group session based on an incoming packet.
+     * The Session ID is determined by trying to decrypt te packet with possible keys.
+     */
+    groupSessionFromPacket(packet: DecodedPacket, aad: Uint8Array) {
+        const groupId = packet.header.destGroupId;
+        if (groupId === undefined) {
+            throw new UnexpectedDataError("Group ID is required for GroupSession fromPacket.");
+        }
+        GroupId.assertGroupId(GroupId(groupId));
-        // TODO
-        throw new Error(`Not implemented ${groupId} ${groupSessionId}`);
+        const { message, key, sessionId, sourceNodeId, keySetId, fabric } = GroupSession.decode(
+            this.#context.fabrics,
+            packet,
+            aad,
+        );
+        let session = this.#groupSessions.get(sourceNodeId)?.get("id", sessionId);
+        if (session === undefined) {
+            session = new GroupSession({
+                manager: this,
+                id: sessionId,
+                fabric,
+                keySetId,
+                operationalGroupKey: key,
+                peerNodeId: sourceNodeId,
+            });
+        }
+        return { session, message, key };
+    }
+    registerGroupSession(session: GroupSession) {
+        const sourceNodeId = session.peerNodeId;
+        const peerSessions = this.#groupSessions.get(sourceNodeId) ?? new BasicSet();
+        peerSessions.add(session);
+        this.#groupSessions.set(sourceNodeId, peerSessions);
+    }
+    removeGroupSession(session: GroupSession) {
+        const sourceNodeId = session.peerNodeId;
+        const peerSessions = this.#groupSessions.get(sourceNodeId);
+        if (peerSessions) {
+            peerSessions.delete(session);
+            if (peerSessions.size === 0) {
+                this.#groupSessions.delete(sourceNodeId);
+            }
+        }
     }
     findResumptionRecordById(resumptionId: Uint8Array) {
@@ -581,6 +656,11 @@ export class SessionManager {
         for (const session of this.#insecureSessions.values()) {
             closePromises.push(session?.end());
         }
+        for (const sessions of this.#groupSessions.values()) {
+            for (const session of sessions) {
+                closePromises.push(session?.end());
+            }
+        }
         await MatterAggregateError.allSettled(closePromises, "Error closing sessions").catch(error =>
             logger.error(error),
         );

package/src/session/case/CaseClient.ts CHANGED Viewed

@@ -69,7 +69,7 @@ export class CaseClient {
             const initiatorResumeMic = Crypto.encrypt(resumeKey, new Uint8Array(0), RESUME1_MIC_NONCE);
             sigma1Bytes = await messenger.sendSigma1({
                 initiatorSessionId,
-                destinationId: await fabric.getDestinationId(peerNodeId, initiatorRandom),
+                destinationId: await fabric.currentDestinationIdFor(peerNodeId, initiatorRandom),
                 initiatorEcdhPublicKey,
                 initiatorRandom,
                 resumptionId,
@@ -79,7 +79,7 @@ export class CaseClient {
         } else {
             sigma1Bytes = await messenger.sendSigma1({
                 initiatorSessionId,
-                destinationId: await fabric.getDestinationId(peerNodeId, initiatorRandom),
+                destinationId: await fabric.currentDestinationIdFor(peerNodeId, initiatorRandom),
                 initiatorEcdhPublicKey,
                 initiatorRandom,
                 initiatorSessionParams: this.#sessions.sessionParameters,

package/src/session/index.ts CHANGED Viewed

@@ -4,14 +4,13 @@
  * SPDX-License-Identifier: Apache-2.0
  */
-// Export generic Session classes
-// Export CaseSession classes
 export * from "./case/CaseClient.js";
 export * from "./case/CaseMessages.js";
 export * from "./case/CaseMessenger.js";
 export * from "./case/CaseServer.js";
-// Export PaseSession classes
+export * from "./GroupSession.js";
 export * from "./InsecureSession.js";
+export * from "./NodeSession.js";
 export * from "./pase/PaseClient.js";
 export * from "./pase/PaseMessages.js";
 export * from "./pase/PaseMessenger.js";