@matter/protocol 0.14.1-alpha.0-20250605-9fc134af0 → 0.14.1-alpha.0-20250606-a9bcd03f9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/action/server/AccessControl.d.ts +5 -7
- package/dist/cjs/action/server/AccessControl.d.ts.map +1 -1
- package/dist/cjs/action/server/AccessControl.js.map +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.js +23 -0
- package/dist/cjs/action/server/AttributeWriteResponse.js.map +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.js +24 -1
- package/dist/cjs/action/server/CommandInvokeResponse.js.map +1 -1
- package/dist/cjs/action/server/DataResponse.d.ts +1 -1
- package/dist/cjs/action/server/DataResponse.d.ts.map +1 -1
- package/dist/cjs/action/server/Subject.d.ts +25 -0
- package/dist/cjs/action/server/Subject.d.ts.map +1 -0
- package/dist/cjs/action/server/Subject.js +54 -0
- package/dist/cjs/action/server/Subject.js.map +6 -0
- package/dist/cjs/action/server/index.d.ts +1 -0
- package/dist/cjs/action/server/index.d.ts.map +1 -1
- package/dist/cjs/action/server/index.js +1 -0
- package/dist/cjs/action/server/index.js.map +1 -1
- package/dist/cjs/certificate/DeviceCertification.d.ts +2 -2
- package/dist/cjs/certificate/DeviceCertification.d.ts.map +1 -1
- package/dist/cjs/certificate/DeviceCertification.js.map +1 -1
- package/dist/cjs/cluster/client/AttributeClient.d.ts +3 -3
- package/dist/cjs/cluster/client/AttributeClient.d.ts.map +1 -1
- package/dist/cjs/cluster/client/AttributeClient.js +14 -2
- package/dist/cjs/cluster/client/AttributeClient.js.map +1 -1
- package/dist/cjs/cluster/client/ClusterClient.d.ts +3 -2
- package/dist/cjs/cluster/client/ClusterClient.d.ts.map +1 -1
- package/dist/cjs/cluster/client/ClusterClient.js +60 -1
- package/dist/cjs/cluster/client/ClusterClient.js.map +1 -1
- package/dist/cjs/cluster/client/ClusterClientTypes.d.ts +33 -8
- package/dist/cjs/cluster/client/ClusterClientTypes.d.ts.map +1 -1
- package/dist/cjs/cluster/client/EventClient.d.ts +3 -3
- package/dist/cjs/cluster/client/EventClient.d.ts.map +1 -1
- package/dist/cjs/cluster/client/EventClient.js +7 -0
- package/dist/cjs/cluster/client/EventClient.js.map +1 -1
- package/dist/cjs/codec/MessageCodec.d.ts.map +1 -1
- package/dist/cjs/codec/MessageCodec.js +31 -6
- package/dist/cjs/codec/MessageCodec.js.map +1 -1
- package/dist/cjs/fabric/Fabric.d.ts +20 -30
- package/dist/cjs/fabric/Fabric.d.ts.map +1 -1
- package/dist/cjs/fabric/Fabric.js +38 -62
- package/dist/cjs/fabric/Fabric.js.map +2 -2
- package/dist/cjs/fabric/FabricManager.d.ts.map +1 -1
- package/dist/cjs/fabric/FabricManager.js +10 -4
- package/dist/cjs/fabric/FabricManager.js.map +1 -1
- package/dist/cjs/groups/FabricGroupsManager.d.ts +46 -0
- package/dist/cjs/groups/FabricGroupsManager.d.ts.map +1 -0
- package/dist/cjs/groups/FabricGroupsManager.js +155 -0
- package/dist/cjs/groups/FabricGroupsManager.js.map +6 -0
- package/dist/cjs/groups/Groups.d.ts +34 -0
- package/dist/cjs/groups/Groups.d.ts.map +1 -0
- package/dist/cjs/groups/Groups.js +89 -0
- package/dist/cjs/groups/Groups.js.map +6 -0
- package/dist/cjs/groups/KeySets.d.ts +64 -0
- package/dist/cjs/groups/KeySets.d.ts.map +1 -0
- package/dist/cjs/groups/KeySets.js +179 -0
- package/dist/cjs/groups/KeySets.js.map +6 -0
- package/dist/cjs/groups/MessagingState.d.ts +24 -0
- package/dist/cjs/groups/MessagingState.d.ts.map +1 -0
- package/dist/cjs/groups/MessagingState.js +91 -0
- package/dist/cjs/groups/MessagingState.js.map +6 -0
- package/dist/cjs/groups/index.d.ts +8 -0
- package/dist/cjs/groups/index.d.ts.map +1 -0
- package/dist/cjs/groups/index.js +25 -0
- package/dist/cjs/groups/index.js.map +6 -0
- package/dist/cjs/index.d.ts +1 -0
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +1 -0
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/interaction/AccessControlManager.d.ts +4 -13
- package/dist/cjs/interaction/AccessControlManager.d.ts.map +1 -1
- package/dist/cjs/interaction/AccessControlManager.js +38 -47
- package/dist/cjs/interaction/AccessControlManager.js.map +1 -1
- package/dist/cjs/interaction/InteractionClient.d.ts +5 -4
- package/dist/cjs/interaction/InteractionClient.d.ts.map +1 -1
- package/dist/cjs/interaction/InteractionClient.js +53 -3
- package/dist/cjs/interaction/InteractionClient.js.map +1 -1
- package/dist/cjs/interaction/InteractionMessenger.d.ts.map +1 -1
- package/dist/cjs/interaction/InteractionMessenger.js +15 -0
- package/dist/cjs/interaction/InteractionMessenger.js.map +1 -1
- package/dist/cjs/interaction/Subscription.d.ts +3 -3
- package/dist/cjs/interaction/Subscription.d.ts.map +1 -1
- package/dist/cjs/interaction/Subscription.js.map +1 -1
- package/dist/cjs/peer/PeerAddress.d.ts +1 -0
- package/dist/cjs/peer/PeerAddress.d.ts.map +1 -1
- package/dist/cjs/peer/PeerAddress.js +5 -0
- package/dist/cjs/peer/PeerAddress.js.map +1 -1
- package/dist/cjs/peer/PeerSet.d.ts.map +1 -1
- package/dist/cjs/peer/PeerSet.js +31 -2
- package/dist/cjs/peer/PeerSet.js.map +1 -1
- package/dist/cjs/protocol/ChannelManager.d.ts.map +1 -1
- package/dist/cjs/protocol/ChannelManager.js +7 -8
- package/dist/cjs/protocol/ChannelManager.js.map +1 -1
- package/dist/cjs/protocol/ExchangeManager.d.ts.map +1 -1
- package/dist/cjs/protocol/ExchangeManager.js +39 -25
- package/dist/cjs/protocol/ExchangeManager.js.map +1 -1
- package/dist/cjs/protocol/MessageExchange.d.ts +1 -1
- package/dist/cjs/protocol/MessageExchange.d.ts.map +1 -1
- package/dist/cjs/protocol/MessageExchange.js +32 -4
- package/dist/cjs/protocol/MessageExchange.js.map +1 -1
- package/dist/cjs/protocol/MessageReceptionState.d.ts +1 -1
- package/dist/cjs/securechannel/SecureChannelProtocol.js +1 -1
- package/dist/cjs/securechannel/SecureChannelProtocol.js.map +1 -1
- package/dist/cjs/session/GroupSession.d.ts +56 -0
- package/dist/cjs/session/GroupSession.d.ts.map +1 -0
- package/dist/cjs/session/GroupSession.js +188 -0
- package/dist/cjs/session/GroupSession.js.map +6 -0
- package/dist/cjs/session/InsecureSession.d.ts +2 -1
- package/dist/cjs/session/InsecureSession.d.ts.map +1 -1
- package/dist/cjs/session/InsecureSession.js +3 -2
- package/dist/cjs/session/InsecureSession.js.map +1 -1
- package/dist/cjs/session/NodeSession.d.ts +88 -0
- package/dist/cjs/session/NodeSession.d.ts.map +1 -0
- package/dist/cjs/session/NodeSession.js +318 -0
- package/dist/cjs/session/NodeSession.js.map +6 -0
- package/dist/cjs/session/SecureSession.d.ts +10 -75
- package/dist/cjs/session/SecureSession.d.ts.map +1 -1
- package/dist/cjs/session/SecureSession.js +9 -280
- package/dist/cjs/session/SecureSession.js.map +2 -2
- package/dist/cjs/session/Session.d.ts +6 -5
- package/dist/cjs/session/Session.d.ts.map +1 -1
- package/dist/cjs/session/Session.js +11 -1
- package/dist/cjs/session/Session.js.map +1 -1
- package/dist/cjs/session/SessionManager.d.ts +27 -9
- package/dist/cjs/session/SessionManager.d.ts.map +1 -1
- package/dist/cjs/session/SessionManager.js +83 -5
- package/dist/cjs/session/SessionManager.js.map +2 -2
- package/dist/cjs/session/case/CaseClient.d.ts +1 -1
- package/dist/cjs/session/case/CaseClient.js +2 -2
- package/dist/cjs/session/case/CaseClient.js.map +1 -1
- package/dist/cjs/session/index.d.ts +2 -0
- package/dist/cjs/session/index.d.ts.map +1 -1
- package/dist/cjs/session/index.js +2 -0
- package/dist/cjs/session/index.js.map +1 -1
- package/dist/cjs/session/pase/PaseClient.d.ts +1 -1
- package/dist/esm/action/server/AccessControl.d.ts +5 -7
- package/dist/esm/action/server/AccessControl.d.ts.map +1 -1
- package/dist/esm/action/server/AccessControl.js.map +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.d.ts.map +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.js +23 -0
- package/dist/esm/action/server/AttributeWriteResponse.js.map +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.d.ts.map +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.js +24 -1
- package/dist/esm/action/server/CommandInvokeResponse.js.map +1 -1
- package/dist/esm/action/server/DataResponse.d.ts +1 -1
- package/dist/esm/action/server/DataResponse.d.ts.map +1 -1
- package/dist/esm/action/server/Subject.d.ts +25 -0
- package/dist/esm/action/server/Subject.d.ts.map +1 -0
- package/dist/esm/action/server/Subject.js +34 -0
- package/dist/esm/action/server/Subject.js.map +6 -0
- package/dist/esm/action/server/index.d.ts +1 -0
- package/dist/esm/action/server/index.d.ts.map +1 -1
- package/dist/esm/action/server/index.js +1 -0
- package/dist/esm/action/server/index.js.map +1 -1
- package/dist/esm/certificate/DeviceCertification.d.ts +2 -2
- package/dist/esm/certificate/DeviceCertification.d.ts.map +1 -1
- package/dist/esm/certificate/DeviceCertification.js.map +1 -1
- package/dist/esm/cluster/client/AttributeClient.d.ts +3 -3
- package/dist/esm/cluster/client/AttributeClient.d.ts.map +1 -1
- package/dist/esm/cluster/client/AttributeClient.js +13 -1
- package/dist/esm/cluster/client/AttributeClient.js.map +1 -1
- package/dist/esm/cluster/client/ClusterClient.d.ts +3 -2
- package/dist/esm/cluster/client/ClusterClient.d.ts.map +1 -1
- package/dist/esm/cluster/client/ClusterClient.js +61 -2
- package/dist/esm/cluster/client/ClusterClient.js.map +1 -1
- package/dist/esm/cluster/client/ClusterClientTypes.d.ts +33 -8
- package/dist/esm/cluster/client/ClusterClientTypes.d.ts.map +1 -1
- package/dist/esm/cluster/client/EventClient.d.ts +3 -3
- package/dist/esm/cluster/client/EventClient.d.ts.map +1 -1
- package/dist/esm/cluster/client/EventClient.js +7 -0
- package/dist/esm/cluster/client/EventClient.js.map +1 -1
- package/dist/esm/codec/MessageCodec.d.ts.map +1 -1
- package/dist/esm/codec/MessageCodec.js +41 -7
- package/dist/esm/codec/MessageCodec.js.map +1 -1
- package/dist/esm/fabric/Fabric.d.ts +20 -30
- package/dist/esm/fabric/Fabric.d.ts.map +1 -1
- package/dist/esm/fabric/Fabric.js +38 -62
- package/dist/esm/fabric/Fabric.js.map +2 -2
- package/dist/esm/fabric/FabricManager.d.ts.map +1 -1
- package/dist/esm/fabric/FabricManager.js +10 -4
- package/dist/esm/fabric/FabricManager.js.map +1 -1
- package/dist/esm/groups/FabricGroupsManager.d.ts +46 -0
- package/dist/esm/groups/FabricGroupsManager.d.ts.map +1 -0
- package/dist/esm/groups/FabricGroupsManager.js +135 -0
- package/dist/esm/groups/FabricGroupsManager.js.map +6 -0
- package/dist/esm/groups/Groups.d.ts +34 -0
- package/dist/esm/groups/Groups.d.ts.map +1 -0
- package/dist/esm/groups/Groups.js +69 -0
- package/dist/esm/groups/Groups.js.map +6 -0
- package/dist/esm/groups/KeySets.d.ts +64 -0
- package/dist/esm/groups/KeySets.d.ts.map +1 -0
- package/dist/esm/groups/KeySets.js +159 -0
- package/dist/esm/groups/KeySets.js.map +6 -0
- package/dist/esm/groups/MessagingState.d.ts +24 -0
- package/dist/esm/groups/MessagingState.d.ts.map +1 -0
- package/dist/esm/groups/MessagingState.js +71 -0
- package/dist/esm/groups/MessagingState.js.map +6 -0
- package/dist/esm/groups/index.d.ts +8 -0
- package/dist/esm/groups/index.d.ts.map +1 -0
- package/dist/esm/groups/index.js +8 -0
- package/dist/esm/groups/index.js.map +6 -0
- package/dist/esm/index.d.ts +1 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +1 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/interaction/AccessControlManager.d.ts +4 -13
- package/dist/esm/interaction/AccessControlManager.d.ts.map +1 -1
- package/dist/esm/interaction/AccessControlManager.js +39 -48
- package/dist/esm/interaction/AccessControlManager.js.map +1 -1
- package/dist/esm/interaction/InteractionClient.d.ts +5 -4
- package/dist/esm/interaction/InteractionClient.d.ts.map +1 -1
- package/dist/esm/interaction/InteractionClient.js +54 -4
- package/dist/esm/interaction/InteractionClient.js.map +1 -1
- package/dist/esm/interaction/InteractionMessenger.d.ts.map +1 -1
- package/dist/esm/interaction/InteractionMessenger.js +15 -0
- package/dist/esm/interaction/InteractionMessenger.js.map +1 -1
- package/dist/esm/interaction/Subscription.d.ts +3 -3
- package/dist/esm/interaction/Subscription.d.ts.map +1 -1
- package/dist/esm/interaction/Subscription.js.map +1 -1
- package/dist/esm/peer/PeerAddress.d.ts +1 -0
- package/dist/esm/peer/PeerAddress.d.ts.map +1 -1
- package/dist/esm/peer/PeerAddress.js +5 -0
- package/dist/esm/peer/PeerAddress.js.map +1 -1
- package/dist/esm/peer/PeerSet.d.ts.map +1 -1
- package/dist/esm/peer/PeerSet.js +33 -3
- package/dist/esm/peer/PeerSet.js.map +1 -1
- package/dist/esm/protocol/ChannelManager.d.ts.map +1 -1
- package/dist/esm/protocol/ChannelManager.js +7 -8
- package/dist/esm/protocol/ChannelManager.js.map +1 -1
- package/dist/esm/protocol/ExchangeManager.d.ts.map +1 -1
- package/dist/esm/protocol/ExchangeManager.js +41 -27
- package/dist/esm/protocol/ExchangeManager.js.map +1 -1
- package/dist/esm/protocol/MessageExchange.d.ts +1 -1
- package/dist/esm/protocol/MessageExchange.d.ts.map +1 -1
- package/dist/esm/protocol/MessageExchange.js +39 -5
- package/dist/esm/protocol/MessageExchange.js.map +1 -1
- package/dist/esm/protocol/MessageReceptionState.d.ts +1 -1
- package/dist/esm/securechannel/SecureChannelProtocol.js +2 -2
- package/dist/esm/securechannel/SecureChannelProtocol.js.map +1 -1
- package/dist/esm/session/GroupSession.d.ts +56 -0
- package/dist/esm/session/GroupSession.d.ts.map +1 -0
- package/dist/esm/session/GroupSession.js +177 -0
- package/dist/esm/session/GroupSession.js.map +6 -0
- package/dist/esm/session/InsecureSession.d.ts +2 -1
- package/dist/esm/session/InsecureSession.d.ts.map +1 -1
- package/dist/esm/session/InsecureSession.js +3 -2
- package/dist/esm/session/InsecureSession.js.map +1 -1
- package/dist/esm/session/NodeSession.d.ts +88 -0
- package/dist/esm/session/NodeSession.d.ts.map +1 -0
- package/dist/esm/session/NodeSession.js +298 -0
- package/dist/esm/session/NodeSession.js.map +6 -0
- package/dist/esm/session/SecureSession.d.ts +10 -75
- package/dist/esm/session/SecureSession.d.ts.map +1 -1
- package/dist/esm/session/SecureSession.js +10 -291
- package/dist/esm/session/SecureSession.js.map +2 -2
- package/dist/esm/session/Session.d.ts +6 -5
- package/dist/esm/session/Session.d.ts.map +1 -1
- package/dist/esm/session/Session.js +12 -2
- package/dist/esm/session/Session.js.map +1 -1
- package/dist/esm/session/SessionManager.d.ts +27 -9
- package/dist/esm/session/SessionManager.d.ts.map +1 -1
- package/dist/esm/session/SessionManager.js +84 -6
- package/dist/esm/session/SessionManager.js.map +1 -1
- package/dist/esm/session/case/CaseClient.d.ts +1 -1
- package/dist/esm/session/case/CaseClient.js +2 -2
- package/dist/esm/session/case/CaseClient.js.map +1 -1
- package/dist/esm/session/index.d.ts +2 -0
- package/dist/esm/session/index.d.ts.map +1 -1
- package/dist/esm/session/index.js +2 -0
- package/dist/esm/session/index.js.map +1 -1
- package/dist/esm/session/pase/PaseClient.d.ts +1 -1
- package/package.json +6 -6
- package/src/action/server/AccessControl.ts +4 -7
- package/src/action/server/AttributeWriteResponse.ts +29 -7
- package/src/action/server/CommandInvokeResponse.ts +28 -7
- package/src/action/server/DataResponse.ts +1 -1
- package/src/action/server/Subject.ts +45 -0
- package/src/action/server/index.ts +1 -0
- package/src/certificate/DeviceCertification.ts +2 -2
- package/src/cluster/client/AttributeClient.ts +15 -3
- package/src/cluster/client/ClusterClient.ts +90 -4
- package/src/cluster/client/ClusterClientTypes.ts +38 -9
- package/src/cluster/client/EventClient.ts +9 -2
- package/src/codec/MessageCodec.ts +49 -8
- package/src/fabric/Fabric.ts +51 -85
- package/src/fabric/FabricManager.ts +11 -4
- package/src/groups/FabricGroupsManager.ts +164 -0
- package/src/groups/Groups.ts +81 -0
- package/src/groups/KeySets.ts +194 -0
- package/src/groups/MessagingState.ts +76 -0
- package/src/groups/index.ts +8 -0
- package/src/index.ts +1 -0
- package/src/interaction/AccessControlManager.ts +49 -81
- package/src/interaction/InteractionClient.ts +66 -6
- package/src/interaction/InteractionMessenger.ts +15 -0
- package/src/interaction/Subscription.ts +3 -3
- package/src/peer/PeerAddress.ts +4 -0
- package/src/peer/PeerSet.ts +39 -4
- package/src/protocol/ChannelManager.ts +7 -9
- package/src/protocol/ExchangeManager.ts +51 -35
- package/src/protocol/MessageExchange.ts +42 -7
- package/src/protocol/MessageReceptionState.ts +2 -2
- package/src/securechannel/SecureChannelProtocol.ts +2 -2
- package/src/session/GroupSession.ts +223 -0
- package/src/session/InsecureSession.ts +3 -2
- package/src/session/NodeSession.ts +367 -0
- package/src/session/SecureSession.ts +14 -363
- package/src/session/Session.ts +17 -6
- package/src/session/SessionManager.ts +94 -14
- package/src/session/case/CaseClient.ts +2 -2
- package/src/session/index.ts +2 -3
|
@@ -0,0 +1,367 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @license
|
|
3
|
+
* Copyright 2022-2025 Matter.js Authors
|
|
4
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
import { Subject } from "#action/server/Subject.js";
|
|
8
|
+
import { DecodedMessage, DecodedPacket, Message, MessageCodec, Packet, SessionType } from "#codec/MessageCodec.js";
|
|
9
|
+
import { Fabric } from "#fabric/Fabric.js";
|
|
10
|
+
import { BasicSet, Bytes, CRYPTO_SYMMETRIC_KEY_LENGTH, Crypto, Diagnostic, Logger, MatterFlowError } from "#general";
|
|
11
|
+
import { Subscription } from "#interaction/Subscription.js";
|
|
12
|
+
import { PeerAddress } from "#peer/PeerAddress.js";
|
|
13
|
+
import { NoChannelError } from "#protocol/ChannelManager.js";
|
|
14
|
+
import { MessageCounter } from "#protocol/MessageCounter.js";
|
|
15
|
+
import { MessageReceptionStateEncryptedWithoutRollover } from "#protocol/MessageReceptionState.js";
|
|
16
|
+
import { CaseAuthenticatedTag, FabricIndex, NodeId, StatusCode, StatusResponseError } from "#types";
|
|
17
|
+
import { SecureSession } from "./SecureSession.js";
|
|
18
|
+
import { Session, SessionParameterOptions } from "./Session.js";
|
|
19
|
+
import { type SessionManager } from "./SessionManager.js";
|
|
20
|
+
|
|
21
|
+
const logger = Logger.get("SecureSession");
|
|
22
|
+
|
|
23
|
+
const SESSION_KEYS_INFO = Bytes.fromString("SessionKeys");
|
|
24
|
+
const SESSION_RESUMPTION_KEYS_INFO = Bytes.fromString("SessionResumptionKeys");
|
|
25
|
+
|
|
26
|
+
export class NoAssociatedFabricError extends StatusResponseError {
|
|
27
|
+
constructor(message: string) {
|
|
28
|
+
super(message, StatusCode.UnsupportedAccess);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
export class NodeSession extends SecureSession {
|
|
33
|
+
readonly #subscriptions = new BasicSet<Subscription>();
|
|
34
|
+
#closingAfterExchangeFinished = false;
|
|
35
|
+
#sendCloseMessageWhenClosing = true;
|
|
36
|
+
readonly #id: number;
|
|
37
|
+
readonly #isInitiator: boolean;
|
|
38
|
+
#fabric: Fabric | undefined;
|
|
39
|
+
readonly #peerNodeId: NodeId;
|
|
40
|
+
readonly #peerSessionId: number;
|
|
41
|
+
readonly #decryptKey: Uint8Array;
|
|
42
|
+
readonly #encryptKey: Uint8Array;
|
|
43
|
+
readonly #attestationKey: Uint8Array;
|
|
44
|
+
#caseAuthenticatedTags: CaseAuthenticatedTag[];
|
|
45
|
+
#isClosing = false;
|
|
46
|
+
readonly supportsMRP = true;
|
|
47
|
+
readonly type = SessionType.Unicast;
|
|
48
|
+
|
|
49
|
+
static async create(args: {
|
|
50
|
+
manager?: SessionManager;
|
|
51
|
+
id: number;
|
|
52
|
+
fabric: Fabric | undefined;
|
|
53
|
+
peerNodeId: NodeId;
|
|
54
|
+
peerSessionId: number;
|
|
55
|
+
sharedSecret: Uint8Array;
|
|
56
|
+
salt: Uint8Array;
|
|
57
|
+
isInitiator: boolean;
|
|
58
|
+
isResumption: boolean;
|
|
59
|
+
peerSessionParameters?: SessionParameterOptions;
|
|
60
|
+
caseAuthenticatedTags?: CaseAuthenticatedTag[];
|
|
61
|
+
}) {
|
|
62
|
+
const {
|
|
63
|
+
manager,
|
|
64
|
+
id,
|
|
65
|
+
fabric,
|
|
66
|
+
peerNodeId,
|
|
67
|
+
peerSessionId,
|
|
68
|
+
sharedSecret,
|
|
69
|
+
salt,
|
|
70
|
+
isInitiator,
|
|
71
|
+
isResumption,
|
|
72
|
+
peerSessionParameters,
|
|
73
|
+
caseAuthenticatedTags,
|
|
74
|
+
} = args;
|
|
75
|
+
const keys = await Crypto.hkdf(
|
|
76
|
+
sharedSecret,
|
|
77
|
+
salt,
|
|
78
|
+
isResumption ? SESSION_RESUMPTION_KEYS_INFO : SESSION_KEYS_INFO,
|
|
79
|
+
CRYPTO_SYMMETRIC_KEY_LENGTH * 3,
|
|
80
|
+
);
|
|
81
|
+
const decryptKey = isInitiator ? keys.slice(16, 32) : keys.slice(0, 16);
|
|
82
|
+
const encryptKey = isInitiator ? keys.slice(0, 16) : keys.slice(16, 32);
|
|
83
|
+
const attestationKey = keys.slice(32, 48);
|
|
84
|
+
return new NodeSession({
|
|
85
|
+
manager,
|
|
86
|
+
id,
|
|
87
|
+
fabric,
|
|
88
|
+
peerNodeId,
|
|
89
|
+
peerSessionId,
|
|
90
|
+
decryptKey,
|
|
91
|
+
encryptKey,
|
|
92
|
+
attestationKey,
|
|
93
|
+
sessionParameters: peerSessionParameters,
|
|
94
|
+
isInitiator,
|
|
95
|
+
caseAuthenticatedTags,
|
|
96
|
+
});
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
constructor(args: {
|
|
100
|
+
manager?: SessionManager;
|
|
101
|
+
id: number;
|
|
102
|
+
fabric: Fabric | undefined;
|
|
103
|
+
peerNodeId: NodeId;
|
|
104
|
+
peerSessionId: number;
|
|
105
|
+
decryptKey: Uint8Array;
|
|
106
|
+
encryptKey: Uint8Array;
|
|
107
|
+
attestationKey: Uint8Array;
|
|
108
|
+
sessionParameters?: SessionParameterOptions;
|
|
109
|
+
caseAuthenticatedTags?: CaseAuthenticatedTag[];
|
|
110
|
+
isInitiator: boolean;
|
|
111
|
+
}) {
|
|
112
|
+
super({
|
|
113
|
+
...args,
|
|
114
|
+
setActiveTimestamp: true, // We always set the active timestamp for Secure sessions
|
|
115
|
+
// Can be changed to a PersistedMessageCounter if we implement session storage
|
|
116
|
+
messageCounter: new MessageCounter(() => {
|
|
117
|
+
// Secure Session Message Counter
|
|
118
|
+
// Expire/End the session before the counter rolls over
|
|
119
|
+
this.end(true, true).catch(error => logger.error(`Error while closing session: ${error}`));
|
|
120
|
+
}),
|
|
121
|
+
messageReceptionState: new MessageReceptionStateEncryptedWithoutRollover(),
|
|
122
|
+
});
|
|
123
|
+
const {
|
|
124
|
+
manager,
|
|
125
|
+
id,
|
|
126
|
+
fabric,
|
|
127
|
+
peerNodeId,
|
|
128
|
+
peerSessionId,
|
|
129
|
+
decryptKey,
|
|
130
|
+
encryptKey,
|
|
131
|
+
attestationKey,
|
|
132
|
+
caseAuthenticatedTags,
|
|
133
|
+
isInitiator,
|
|
134
|
+
} = args;
|
|
135
|
+
|
|
136
|
+
this.#id = id;
|
|
137
|
+
this.#fabric = fabric;
|
|
138
|
+
this.#peerNodeId = peerNodeId;
|
|
139
|
+
this.#peerSessionId = peerSessionId;
|
|
140
|
+
this.#decryptKey = decryptKey;
|
|
141
|
+
this.#encryptKey = encryptKey;
|
|
142
|
+
this.#attestationKey = attestationKey;
|
|
143
|
+
this.#caseAuthenticatedTags = caseAuthenticatedTags ?? [];
|
|
144
|
+
this.#isInitiator = isInitiator;
|
|
145
|
+
|
|
146
|
+
manager?.sessions.add(this);
|
|
147
|
+
fabric?.addSession(this);
|
|
148
|
+
|
|
149
|
+
logger.debug(
|
|
150
|
+
`Created secure ${this.isPase ? "PASE" : "CASE"} session for fabric index ${fabric?.fabricIndex}`,
|
|
151
|
+
this.name,
|
|
152
|
+
this.parameterDiagnostics(),
|
|
153
|
+
);
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
parameterDiagnostics() {
|
|
157
|
+
return Diagnostic.dict(
|
|
158
|
+
{
|
|
159
|
+
SII: this.idleIntervalMs,
|
|
160
|
+
SAI: this.activeIntervalMs,
|
|
161
|
+
SAT: this.activeThresholdMs,
|
|
162
|
+
DMRev: this.dataModelRevision,
|
|
163
|
+
IMRev: this.interactionModelRevision,
|
|
164
|
+
spec: Diagnostic.hex(this.specificationVersion),
|
|
165
|
+
maxPaths: this.maxPathsPerInvoke,
|
|
166
|
+
CATs: this.#caseAuthenticatedTags,
|
|
167
|
+
},
|
|
168
|
+
true,
|
|
169
|
+
);
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
get caseAuthenticatedTags() {
|
|
173
|
+
return this.#caseAuthenticatedTags;
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
get closingAfterExchangeFinished() {
|
|
177
|
+
return this.#closingAfterExchangeFinished;
|
|
178
|
+
}
|
|
179
|
+
|
|
180
|
+
get sendCloseMessageWhenClosing() {
|
|
181
|
+
return this.#sendCloseMessageWhenClosing;
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
get isPase(): boolean {
|
|
185
|
+
return this.#peerNodeId === NodeId.UNSPECIFIED_NODE_ID;
|
|
186
|
+
}
|
|
187
|
+
|
|
188
|
+
get subscriptions() {
|
|
189
|
+
return this.#subscriptions;
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
get isInitiator() {
|
|
193
|
+
return this.#isInitiator;
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
get isClosing() {
|
|
197
|
+
return this.#isClosing;
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
subjectFor(_message?: Message): Subject {
|
|
201
|
+
return Subject.Node({
|
|
202
|
+
id: this.peerNodeId,
|
|
203
|
+
catSubjects: this.#caseAuthenticatedTags.map(cat => NodeId.fromCaseAuthenticatedTag(cat)),
|
|
204
|
+
});
|
|
205
|
+
}
|
|
206
|
+
|
|
207
|
+
async close(closeAfterExchangeFinished?: boolean) {
|
|
208
|
+
if (closeAfterExchangeFinished === undefined) {
|
|
209
|
+
closeAfterExchangeFinished = this.isPeerActive(); // We delay session close if the peer is actively communicating with us
|
|
210
|
+
}
|
|
211
|
+
await this.end(true, closeAfterExchangeFinished);
|
|
212
|
+
}
|
|
213
|
+
|
|
214
|
+
decode({ header, applicationPayload, messageExtension }: DecodedPacket, aad: Uint8Array): DecodedMessage {
|
|
215
|
+
if (header.hasMessageExtensions) {
|
|
216
|
+
logger.info(
|
|
217
|
+
`Message extensions are not supported. Ignoring ${messageExtension ? Bytes.toHex(messageExtension) : undefined}`,
|
|
218
|
+
);
|
|
219
|
+
}
|
|
220
|
+
const nonce = Session.generateNonce(header.securityFlags, header.messageId, this.#peerNodeId);
|
|
221
|
+
const message = MessageCodec.decodePayload({
|
|
222
|
+
header,
|
|
223
|
+
applicationPayload: Crypto.decrypt(this.#decryptKey, applicationPayload, nonce, aad),
|
|
224
|
+
});
|
|
225
|
+
|
|
226
|
+
if (message.payloadHeader.hasSecuredExtension) {
|
|
227
|
+
logger.info(
|
|
228
|
+
`Secured extensions are not supported. Ignoring ${message.securityExtension ? Bytes.toHex(message.securityExtension) : undefined}`,
|
|
229
|
+
);
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
return message;
|
|
233
|
+
}
|
|
234
|
+
|
|
235
|
+
encode(message: Message): Packet {
|
|
236
|
+
message.packetHeader.sessionId = this.#peerSessionId;
|
|
237
|
+
const { header, applicationPayload } = MessageCodec.encodePayload(message);
|
|
238
|
+
const headerBytes = MessageCodec.encodePacketHeader(message.packetHeader);
|
|
239
|
+
const securityFlags = headerBytes[3];
|
|
240
|
+
const sessionNodeId = this.isPase
|
|
241
|
+
? NodeId.UNSPECIFIED_NODE_ID
|
|
242
|
+
: (this.#fabric?.nodeId ?? NodeId.UNSPECIFIED_NODE_ID);
|
|
243
|
+
const nonce = Session.generateNonce(securityFlags, header.messageId, sessionNodeId);
|
|
244
|
+
return { header, applicationPayload: Crypto.encrypt(this.#encryptKey, applicationPayload, nonce, headerBytes) };
|
|
245
|
+
}
|
|
246
|
+
|
|
247
|
+
get attestationChallengeKey(): Uint8Array {
|
|
248
|
+
return this.#attestationKey;
|
|
249
|
+
}
|
|
250
|
+
|
|
251
|
+
get fabric() {
|
|
252
|
+
return this.#fabric;
|
|
253
|
+
}
|
|
254
|
+
|
|
255
|
+
addAssociatedFabric(fabric: Fabric) {
|
|
256
|
+
if (this.#fabric !== undefined) {
|
|
257
|
+
throw new MatterFlowError("Session already has an associated Fabric. Cannot change this.");
|
|
258
|
+
}
|
|
259
|
+
this.#fabric = fabric;
|
|
260
|
+
}
|
|
261
|
+
|
|
262
|
+
get id() {
|
|
263
|
+
return this.#id;
|
|
264
|
+
}
|
|
265
|
+
|
|
266
|
+
get name() {
|
|
267
|
+
return `secure/${this.#id}`;
|
|
268
|
+
}
|
|
269
|
+
|
|
270
|
+
get peerSessionId(): number {
|
|
271
|
+
return this.#peerSessionId;
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
get nodeId() {
|
|
275
|
+
return this.#fabric?.nodeId ?? NodeId.UNSPECIFIED_NODE_ID;
|
|
276
|
+
}
|
|
277
|
+
|
|
278
|
+
get peerNodeId() {
|
|
279
|
+
return this.#peerNodeId;
|
|
280
|
+
}
|
|
281
|
+
|
|
282
|
+
get associatedFabric(): Fabric {
|
|
283
|
+
if (this.#fabric === undefined) {
|
|
284
|
+
throw new NoAssociatedFabricError(
|
|
285
|
+
`${this.isPase ? "PASE " : ""}Session needs to have an associated Fabric for fabric sensitive data handling.`,
|
|
286
|
+
);
|
|
287
|
+
}
|
|
288
|
+
return this.#fabric;
|
|
289
|
+
}
|
|
290
|
+
|
|
291
|
+
async clearSubscriptions(flushSubscriptions = false, cancelledByPeer = false) {
|
|
292
|
+
const subscriptions = [...this.#subscriptions]; // get all values because subscriptions will remove themselves when cancelled
|
|
293
|
+
for (const subscription of subscriptions) {
|
|
294
|
+
await subscription.close(flushSubscriptions, cancelledByPeer);
|
|
295
|
+
}
|
|
296
|
+
return subscriptions.length;
|
|
297
|
+
}
|
|
298
|
+
|
|
299
|
+
/** Ends a session. Outstanding subscription data will be flushed before the session is destroyed. */
|
|
300
|
+
async end(sendClose: boolean, closeAfterExchangeFinished = false) {
|
|
301
|
+
await this.clearSubscriptions(true);
|
|
302
|
+
await this.destroy(sendClose, closeAfterExchangeFinished);
|
|
303
|
+
}
|
|
304
|
+
|
|
305
|
+
/** Destroys a session. Outstanding subscription data will be discarded. */
|
|
306
|
+
async destroy(sendClose = false, closeAfterExchangeFinished = true) {
|
|
307
|
+
await this.clearSubscriptions(false);
|
|
308
|
+
this.#fabric?.removeSession(this);
|
|
309
|
+
if (!sendClose) {
|
|
310
|
+
this.#sendCloseMessageWhenClosing = false;
|
|
311
|
+
}
|
|
312
|
+
|
|
313
|
+
if (closeAfterExchangeFinished) {
|
|
314
|
+
logger.info(`Register Session ${this.name} to close when exchange is ended.`);
|
|
315
|
+
this.#closingAfterExchangeFinished = true;
|
|
316
|
+
} else {
|
|
317
|
+
this.#isClosing = true;
|
|
318
|
+
logger.info(`End ${this.isPase ? "PASE" : "CASE"} session ${this.name}`);
|
|
319
|
+
this.manager?.sessions.delete(this);
|
|
320
|
+
|
|
321
|
+
// Wait for the exchange to finish closing, but ignore errors if channel is already closed
|
|
322
|
+
if (this.closer) {
|
|
323
|
+
try {
|
|
324
|
+
await this.closer;
|
|
325
|
+
} catch (error) {
|
|
326
|
+
NoChannelError.accept(error);
|
|
327
|
+
} finally {
|
|
328
|
+
await this.destroyed.emit();
|
|
329
|
+
}
|
|
330
|
+
return;
|
|
331
|
+
}
|
|
332
|
+
await this.destroyed.emit();
|
|
333
|
+
}
|
|
334
|
+
}
|
|
335
|
+
|
|
336
|
+
/**
|
|
337
|
+
* The peer node's address.
|
|
338
|
+
*/
|
|
339
|
+
get peerAddress() {
|
|
340
|
+
return PeerAddress({
|
|
341
|
+
fabricIndex: this.#fabric?.fabricIndex ?? FabricIndex.NO_FABRIC,
|
|
342
|
+
nodeId: this.#peerNodeId,
|
|
343
|
+
});
|
|
344
|
+
}
|
|
345
|
+
|
|
346
|
+
/**
|
|
347
|
+
* Indicates whether a peer matches a specific address.
|
|
348
|
+
*/
|
|
349
|
+
peerIs(address: PeerAddress) {
|
|
350
|
+
return (
|
|
351
|
+
(this.#fabric?.fabricIndex ?? FabricIndex.NO_FABRIC) === address.fabricIndex &&
|
|
352
|
+
this.#peerNodeId === address.nodeId
|
|
353
|
+
);
|
|
354
|
+
}
|
|
355
|
+
}
|
|
356
|
+
|
|
357
|
+
export namespace NodeSession {
|
|
358
|
+
export function assert(session?: Session, errorText?: string): asserts session is NodeSession {
|
|
359
|
+
if (!is(session)) {
|
|
360
|
+
throw new MatterFlowError(errorText ?? "Insecure session in secure context");
|
|
361
|
+
}
|
|
362
|
+
}
|
|
363
|
+
|
|
364
|
+
export function is(session?: Session): session is NodeSession {
|
|
365
|
+
return session?.type === SessionType.Unicast;
|
|
366
|
+
}
|
|
367
|
+
}
|