@matter/protocol 0.16.0-alpha.0-20250812-285b75d83 → 0.16.0-alpha.0-20250815-ac9fd6eb0

package/src/codec/MessageCodec.ts

@@ -46,8 +46,8 @@ export interface PayloadHeader {
 
 export interface Packet {
     header: PacketHeader;
-    messageExtension?: Uint8Array;
-    applicationPayload: Uint8Array;
+    messageExtension?: Bytes;
+    applicationPayload: Bytes;
 }
 
 export interface DecodedPacket extends Packet {
@@ -56,8 +56,8 @@ export interface DecodedPacket extends Packet {
 export interface Message {
     packetHeader: PacketHeader;
     payloadHeader: PayloadHeader;
-    securityExtension?: Uint8Array;
-    payload: Uint8Array;
+    securityExtension?: Bytes;
+    payload: Bytes;
 }
 
 export interface DecodedMessage extends Message {
@@ -113,11 +113,11 @@ function mapProtocolAndMessageType(protocolId: number, messageType: number): { t
 }
 
 export class MessageCodec {
-    static decodePacket(data: Uint8Array): DecodedPacket {
+    static decodePacket(data: Bytes): DecodedPacket {
         const reader = new DataReader(data, Endian.Little);
         const header = this.decodePacketHeader(reader);
 
-        let messageExtension: Uint8Array | undefined = undefined;
+        let messageExtension: Bytes | undefined = undefined;
         if (header.hasMessageExtensions) {
             const extensionLength = reader.readUInt16();
             messageExtension = reader.readByteArray(extensionLength);
@@ -134,7 +134,7 @@ export class MessageCodec {
     static decodePayload({ header, applicationPayload }: DecodedPacket): DecodedMessage {
         const reader = new DataReader(applicationPayload, Endian.Little);
         const payloadHeader = this.decodePayloadHeader(reader);
-        let securityExtension: Uint8Array | undefined = undefined;
+        let securityExtension: Bytes | undefined = undefined;
         if (payloadHeader.hasSecuredExtension) {
             const extensionLength = reader.readUInt16();
             securityExtension = reader.readByteArray(extensionLength);
@@ -165,7 +165,7 @@ export class MessageCodec {
         };
     }
 
-    static encodePacket({ header, applicationPayload, messageExtension }: Packet): Uint8Array {
+    static encodePacket({ header, applicationPayload, messageExtension }: Packet): Bytes {
         if (messageExtension !== undefined || header.hasMessageExtensions) {
             throw new NotImplementedError(`Message extensions not supported when encoding a packet.`);
         }
@@ -316,8 +316,8 @@ export class MessageCodec {
                     reqAck: requiresAck,
                     dup: duplicate,
                 }),
-                size: payload.length ? payload.length : undefined,
-                payload: payload.length ? payload : undefined,
+                size: payload.byteLength ? payload.byteLength : undefined,
+                payload: payload.byteLength ? payload : undefined,
             },
             true,
         );

package/src/common/FailsafeContext.ts

@@ -6,6 +6,7 @@
 
 import {
     AsyncObservable,
+    Bytes,
     Construction,
     Logger,
     MatterFlowError,
@@ -193,7 +194,7 @@ export abstract class FailsafeContext {
     }
 
     /** Handles adding a trusted root certificate from Operational Credentials cluster. */
-    async setRootCert(rootCert: Uint8Array) {
+    async setRootCert(rootCert: Bytes) {
         await this.#builder.setRootCert(rootCert);
         this.#rootCertSet = true;
     }
@@ -202,7 +203,7 @@ export abstract class FailsafeContext {
      * Build a new Fabric object based on an existing fabric for the "UpdateNoc" case of the Operational Credentials
      * cluster.
      */
-    async buildUpdatedFabric(nocValue: Uint8Array, icacValue: Uint8Array | undefined) {
+    async buildUpdatedFabric(nocValue: Bytes, icacValue: Bytes | undefined) {
         if (this.associatedFabric === undefined) {
             throw new MatterFlowError("No fabric associated with failsafe context, but we prepare an Fabric update.");
         }
@@ -213,10 +214,10 @@ export abstract class FailsafeContext {
 
     /** Build a new Fabric object for a new fabric for the "AddNoc" case of the Operational Credentials cluster. */
     async buildFabric(nocData: {
-        nocValue: Uint8Array;
-        icacValue: Uint8Array | undefined;
+        nocValue: Bytes;
+        icacValue: Bytes | undefined;
         adminVendorId: VendorId;
-        ipkValue: Uint8Array;
+        ipkValue: Bytes;
         caseAdminSubject: NodeId;
     }) {
         const builder = this.#builder;

package/src/fabric/Fabric.ts

@@ -52,14 +52,14 @@ export class Fabric {
     readonly fabricId: FabricId;
     readonly nodeId: NodeId;
     readonly rootNodeId: NodeId;
-    readonly operationalId: Uint8Array;
-    readonly rootPublicKey: Uint8Array;
+    readonly operationalId: Bytes;
+    readonly rootPublicKey: Bytes;
     readonly rootVendorId: VendorId;
-    readonly rootCert: Uint8Array;
-    readonly identityProtectionKey: Uint8Array;
-    readonly operationalIdentityProtectionKey: Uint8Array;
-    readonly intermediateCACert: Uint8Array | undefined;
-    readonly operationalCert: Uint8Array;
+    readonly rootCert: Bytes;
+    readonly identityProtectionKey: Bytes;
+    readonly operationalIdentityProtectionKey: Bytes;
+    readonly intermediateCACert: Bytes | undefined;
+    readonly operationalCert: Bytes;
     readonly #keyPair: Key;
     readonly #sessions = new Set<Session>();
     readonly #groups: FabricGroups;
@@ -148,11 +148,11 @@ export class Fabric {
         return this.#keyPair.publicKey;
     }
 
-    sign(data: Uint8Array) {
+    sign(data: Bytes) {
         return this.crypto.signEcdsa(this.#keyPair, data);
     }
 
-    async verifyCredentials(operationalCert: Uint8Array, intermediateCACert?: Uint8Array) {
+    async verifyCredentials(operationalCert: Bytes, intermediateCACert?: Bytes) {
         const rootCert = Rcac.fromTlv(this.rootCert);
         const nocCert = Noc.fromTlv(operationalCert);
         const icaCert = intermediateCACert !== undefined ? Icac.fromTlv(intermediateCACert) : undefined;
@@ -164,7 +164,7 @@ export class Fabric {
         await nocCert.verify(this.#crypto, rootCert, icaCert);
     }
 
-    matchesFabricIdAndRootPublicKey(fabricId: FabricId, rootPublicKey: Uint8Array) {
+    matchesFabricIdAndRootPublicKey(fabricId: FabricId, rootPublicKey: Bytes) {
         return this.fabricId === fabricId && Bytes.areEqual(this.rootPublicKey, rootPublicKey);
     }
 
@@ -175,7 +175,7 @@ export class Fabric {
         );
     }
 
-    #generateSalt(nodeId: NodeId, random: Uint8Array) {
+    #generateSalt(nodeId: NodeId, random: Bytes) {
         const writer = new DataWriter(Endian.Little);
         writer.writeByteArray(random);
         writer.writeByteArray(this.rootPublicKey);
@@ -188,18 +188,15 @@ export class Fabric {
      * Returns the destination IDs for a given nodeId, random value and optional groupId. When groupId is provided, it
      * returns the time-wise valid operational keys for that groupId.
      */
-    async currentDestinationIdFor(nodeId: NodeId, random: Uint8Array) {
-        return await this.#crypto.signHmac(
-            this.groups.keySets.currentKeyForId(0).key,
-            this.#generateSalt(nodeId, random),
-        );
+    async currentDestinationIdFor(nodeId: NodeId, random: Bytes) {
+        return this.#crypto.signHmac(this.groups.keySets.currentKeyForId(0).key, this.#generateSalt(nodeId, random));
     }
 
     /**
      * Returns the destination IDs for a given nodeId, random value and optional groupId. When groupId is provided, it
      * returns all operational keys for that groupId.
      */
-    async destinationIdsFor(nodeId: NodeId, random: Uint8Array) {
+    async destinationIdsFor(nodeId: NodeId, random: Bytes) {
         const salt = this.#generateSalt(nodeId, random);
         // Check all keys of keyset 0 - typically it is only the IPK
         const destinationIds = this.groups.keySets.allKeysForId(0).map(({ key }) => this.#crypto.signHmac(key, salt));
@@ -277,14 +274,14 @@ export class FabricBuilder {
     #crypto: Crypto;
     #keyPair: PrivateKey;
     #rootVendorId?: VendorId;
-    #rootCert?: Uint8Array;
-    #intermediateCACert?: Uint8Array;
-    #operationalCert?: Uint8Array;
+    #rootCert?: Bytes;
+    #intermediateCACert?: Bytes;
+    #operationalCert?: Bytes;
     #fabricId?: FabricId;
     #nodeId?: NodeId;
     #rootNodeId?: NodeId;
-    #rootPublicKey?: Uint8Array;
-    #identityProtectionKey?: Uint8Array;
+    #rootPublicKey?: Bytes;
+    #identityProtectionKey?: Bytes;
     #fabricIndex?: FabricIndex;
     #label = "";
 
@@ -309,7 +306,7 @@ export class FabricBuilder {
         return X509Base.createCertificateSigningRequest(this.#crypto, this.#keyPair);
     }
 
-    async setRootCert(rootCert: Uint8Array) {
+    async setRootCert(rootCert: Bytes) {
         const root = Rcac.fromTlv(rootCert);
         await root.verify(this.#crypto);
         this.#rootCert = rootCert;
@@ -321,8 +318,8 @@ export class FabricBuilder {
         return this.#rootCert;
     }
 
-    async setOperationalCert(operationalCert: Uint8Array, intermediateCACert?: Uint8Array) {
-        if (intermediateCACert !== undefined && intermediateCACert.length === 0) {
+    async setOperationalCert(operationalCert: Bytes, intermediateCACert?: Bytes) {
+        if (intermediateCACert !== undefined && intermediateCACert.byteLength === 0) {
             intermediateCACert = undefined;
         }
         const {
@@ -371,7 +368,7 @@ export class FabricBuilder {
         return this;
     }
 
-    setIdentityProtectionKey(key: Uint8Array) {
+    setIdentityProtectionKey(key: Bytes) {
         this.#identityProtectionKey = key;
         return this;
     }
@@ -426,7 +423,7 @@ export class FabricBuilder {
         const saltWriter = new DataWriter();
         saltWriter.writeUInt64(this.#fabricId);
         const operationalId = await this.#crypto.createHkdfKey(
-            this.#rootPublicKey.slice(1),
+            Bytes.of(this.#rootPublicKey).slice(1),
             saltWriter.toByteArray(),
             COMPRESSED_FABRIC_ID_INFO,
             8,
@@ -461,15 +458,15 @@ export namespace Fabric {
         fabricId: FabricId;
         nodeId: NodeId;
         rootNodeId: NodeId;
-        operationalId: Uint8Array;
-        rootPublicKey: Uint8Array;
+        operationalId: Bytes;
+        rootPublicKey: Bytes;
         keyPair: BinaryKeyPair;
         rootVendorId: VendorId;
-        rootCert: Uint8Array;
-        identityProtectionKey: Uint8Array;
-        operationalIdentityProtectionKey: Uint8Array;
-        intermediateCACert: Uint8Array | undefined;
-        operationalCert: Uint8Array;
+        rootCert: Bytes;
+        identityProtectionKey: Bytes;
+        operationalIdentityProtectionKey: Bytes;
+        intermediateCACert: Bytes | undefined;
+        operationalCert: Bytes;
         label: string;
     };
 }

package/src/fabric/FabricManager.ts

@@ -225,7 +225,7 @@ export class FabricManager {
         return this.fabrics.map(translator);
     }
 
-    async findFabricFromDestinationId(destinationId: Uint8Array, initiatorRandom: Uint8Array) {
+    async findFabricFromDestinationId(destinationId: Bytes, initiatorRandom: Bytes) {
         this.#construction.assert();
 
         for (const fabric of this.#fabrics.values()) {

package/src/groups/KeySets.ts

@@ -11,7 +11,7 @@ export const GROUP_KEY_INFO = Bytes.fromString("GroupKeyHash");
 
 export class KeySets<T extends OperationalKeySet> extends BasicSet<T> {
     /** Operational enhanced structure for fast access based on the group session id. */
-    readonly #sessions = new Map<number, { keySetId: number; key: Uint8Array }[]>();
+    readonly #sessions = new Map<number, { keySetId: number; key: Bytes }[]>();
 
     get sessions() {
         return this.#sessions;
@@ -44,7 +44,7 @@ export class KeySets<T extends OperationalKeySet> extends BasicSet<T> {
         if (groupKeySet === undefined) {
             throw new MatterFlowError(`GroupKeySet for groupKeySet ${keySetId} not found.`);
         }
-        const operationalKeys = Array<{ key: Uint8Array; sessionId?: number; startTime: number | bigint }>();
+        const operationalKeys = Array<{ key: Bytes; sessionId?: number; startTime: number | bigint }>();
         const {
             operationalEpochKey0,
             groupSessionId0,
@@ -141,7 +141,7 @@ export class KeySets<T extends OperationalKeySet> extends BasicSet<T> {
     }
 
     /** Calculates a group session id based on the operational group key. */
-    async sessionIdFromKey(crypto: Crypto, operationalGroupKey: Uint8Array) {
+    async sessionIdFromKey(crypto: Crypto, operationalGroupKey: Bytes) {
         // GroupKeyHash is an array of 2 bytes (16 bits) per Crypto_KDF
         const groupKeyHash = await crypto.createHkdfKey(operationalGroupKey, new Uint8Array(), GROUP_KEY_INFO, 2);
 
@@ -185,10 +185,10 @@ export type GroupKeySet = GroupKeyManagement.GroupKeySet;
 
 /** Enhanced structure of GroupKeySet to include operational data for easier operational processing. */
 export type OperationalKeySet = GroupKeySet & {
-    operationalEpochKey0: Uint8Array;
+    operationalEpochKey0: Bytes;
     groupSessionId0: number | null;
-    operationalEpochKey1: Uint8Array | null;
+    operationalEpochKey1: Bytes | null;
     groupSessionId1: number | null;
-    operationalEpochKey2: Uint8Array | null;
+    operationalEpochKey2: Bytes | null;
     groupSessionId2: number | null;
 };

package/src/groups/MessagingState.ts

@@ -40,7 +40,7 @@ export class MessagingState {
     /**
      * Return the message counter for sending messages to a group with the given operational key.
      */
-    counterFor(operationalKey: Uint8Array) {
+    counterFor(operationalKey: Bytes) {
         if (!this.#storage) {
             throw new ImplementationError("Group session cannot be created without storage context.");
         }
@@ -53,7 +53,7 @@ export class MessagingState {
         return counter;
     }
 
-    async removeCounter(key: Uint8Array, forDelete = false) {
+    async removeCounter(key: Bytes, forDelete = false) {
         const operationalKeyHex = Bytes.toHex(key);
         this.#groupDataCounters.delete(operationalKeyHex);
         if (forDelete) {
@@ -65,7 +65,7 @@ export class MessagingState {
     /**
      * Returns the message reception state for a given source node id and operational key.
      */
-    receptionStateFor(sourceNodeId: NodeId, operationalKey: Uint8Array) {
+    receptionStateFor(sourceNodeId: NodeId, operationalKey: Bytes) {
         const operationalKeyHex = Bytes.toHex(operationalKey);
         let receptionState = this.#messageDataReceptionState.get(operationalKeyHex)?.get(sourceNodeId);
         if (receptionState === undefined) {

package/src/interaction/InteractionMessenger.ts

@@ -6,6 +6,7 @@
 
 import { ReadResult } from "#action/response/ReadResult.js";
 import {
+    Bytes,
     Diagnostic,
     InternalError,
     Logger,
@@ -98,7 +99,7 @@ const DATA_REPORT_MIN_AVAILABLE_BYTES_BEFORE_SENDING = 40;
 class InteractionMessenger {
     constructor(protected exchange: MessageExchange) {}
 
-    send(messageType: number, payload: Uint8Array, options?: ExchangeSendOptions) {
+    send(messageType: number, payload: Bytes, options?: ExchangeSendOptions) {
         return this.exchange.send(messageType, payload, options);
     }
 
@@ -366,12 +367,12 @@ export class InteractionServerMessenger extends InteractionMessenger {
                 // Empty the dataReport data fields for the next chunk and reset the messageSize
                 delete dataReport.attributeReports;
                 delete dataReport.eventReports;
-                messageSize = emptyDataReportBytes.length;
+                messageSize = emptyDataReportBytes.byteLength;
                 processQueueFirst = true; // After sending a message we first try to process queue
             };
 
             /** Current size of the message */
-            let messageSize = emptyDataReportBytes.length;
+            let messageSize = emptyDataReportBytes.byteLength;
 
             /** Queue of attribute reports to send */
             const attributeReportsToSend = new Array<{
@@ -608,7 +609,7 @@ export class InteractionServerMessenger extends InteractionMessenger {
                             attributeReportsToSend.push(attributeToSend);
                             continue;
                         }
-                        if (encodedSize > this.exchange.maxPayloadSize - emptyDataReportBytes.length - 3) {
+                        if (encodedSize > this.exchange.maxPayloadSize - emptyDataReportBytes.byteLength - 3) {
                             // We sent the message but the current attribute is too big for a message alone so needs to
                             // be chunked, so add it to the queue at the beginning
                             attributeReportsToSend.unshift(attributeToSend);
@@ -657,9 +658,9 @@ export class InteractionServerMessenger extends InteractionMessenger {
             suppressResponse: dataReport.moreChunkedMessages ? false : dataReport.suppressResponse, // always false when moreChunkedMessages is true
         };
         const encodedMessage = TlvDataReportForSend.encode(dataReportToSend);
-        if (encodedMessage.length > this.exchange.maxPayloadSize) {
+        if (encodedMessage.byteLength > this.exchange.maxPayloadSize) {
             throw new MatterFlowError(
-                `DataReport with ${encodedMessage.length}bytes is too long to fit in a single chunk (${this.exchange.maxPayloadSize}bytes), This should not happen! Data: ${Diagnostic.json(
+                `DataReport with ${encodedMessage.byteLength}bytes is too long to fit in a single chunk (${this.exchange.maxPayloadSize}bytes), This should not happen! Data: ${Diagnostic.json(
                     dataReportToSend,
                 )}`,
             );
@@ -915,7 +916,7 @@ export class InteractionClientMessenger extends IncomingInteractionClientMesseng
     }
 
     /** Implements a send method with an automatic reconnection mechanism */
-    override async send(messageType: number, payload: Uint8Array, options?: ExchangeSendOptions) {
+    override async send(messageType: number, payload: Bytes, options?: ExchangeSendOptions) {
         try {
             if (this.exchange.channel.closed) {
                 throw new ChannelNotConnectedError("The exchange channel is closed. Please connect the device first.");
@@ -950,7 +951,7 @@ export class InteractionClientMessenger extends IncomingInteractionClientMesseng
 
     #encodeReadingRequest<T extends TlvSchema<any>>(schema: T, request: TypeFromSchema<T>) {
         const encoded = schema.encode(request);
-        if (encoded.length <= this.exchange.maxPayloadSize) {
+        if (encoded.byteLength <= this.exchange.maxPayloadSize) {
             return encoded;
         }
 
@@ -960,7 +961,7 @@ export class InteractionClientMessenger extends IncomingInteractionClientMesseng
             ...request,
             dataVersionFilters: [],
         });
-        if (requestWithoutDataVersionFilters.length > this.exchange.maxPayloadSize) {
+        if (requestWithoutDataVersionFilters.byteLength > this.exchange.maxPayloadSize) {
             throw new MatterFlowError(
                 `Request is too long to fit in a single chunk, This should not happen! Data: ${Diagnostic.json(request)}`,
             );
@@ -970,7 +971,7 @@ export class InteractionClientMessenger extends IncomingInteractionClientMesseng
             ...request,
             dataVersionFilters: this.#shortenDataVersionFilters(
                 originalDataVersionFilters,
-                this.exchange.maxPayloadSize - requestWithoutDataVersionFilters.length,
+                this.exchange.maxPayloadSize - requestWithoutDataVersionFilters.byteLength,
             ),
         });
     }
@@ -987,7 +988,7 @@ export class InteractionClientMessenger extends IncomingInteractionClientMesseng
                 break;
             }
             const encodedDataVersionFilter = TlvDataVersionFilter.encode(dataVersionFilter);
-            const encodedDataVersionFilterLength = encodedDataVersionFilter.length;
+            const encodedDataVersionFilterLength = encodedDataVersionFilter.byteLength;
             if (encodedDataVersionFilterLength > availableBytes) {
                 originalDataVersionFilters.unshift(dataVersionFilter);
                 break;

package/src/mdns/MdnsClient.ts

@@ -104,7 +104,7 @@ export interface MdnsScannerTargetCriteria {
 
     /** List of operational targets. */
     operationalTargets: {
-        operationalId: Uint8Array;
+        operationalId: Bytes;
         nodeId?: NodeId;
     }[];
 }
@@ -470,7 +470,7 @@ export class MdnsClient implements Scanner {
         return this.#recordWaiters.has(queryId);
     }
 
-    #createOperationalMatterQName(operationalId: Uint8Array, nodeId: NodeId) {
+    #createOperationalMatterQName(operationalId: Bytes, nodeId: NodeId) {
         const operationalIdString = Bytes.toHex(operationalId).toUpperCase();
         return getOperationalDeviceQname(operationalIdString, NodeId.toHexString(nodeId));
     }

package/src/mdns/MdnsSocket.ts

@@ -6,6 +6,7 @@
 
 import {
     BasicObservable,
+    Bytes,
     Diagnostic,
     DnsCodec,
     DnsMessage,
@@ -83,13 +84,13 @@ export class MdnsSocket {
 
         // Note - for size calculations we assume queries are relatively small.  We only split answers across messages
         let encodedChunkWithoutAnswers = DnsCodec.encode(chunk);
-        let chunkSize = encodedChunkWithoutAnswers.length;
+        let chunkSize = encodedChunkWithoutAnswers.byteLength;
 
         // Add answers, splitting message as necessary
         for (const answer of message.answers ?? []) {
             const answerEncoded = DnsCodec.encodeRecord(answer);
 
-            if (chunkSize + answerEncoded.length > MAX_MDNS_MESSAGE_SIZE) {
+            if (chunkSize + answerEncoded.byteLength > MAX_MDNS_MESSAGE_SIZE) {
                 if (chunk.answers.length === 0) {
                     // The first answer is already too big, log at least a warning
                     logger.warn(
@@ -108,9 +109,9 @@ export class MdnsSocket {
                     encodedChunkWithoutAnswers = DnsCodec.encode(chunk);
                 }
                 chunk.answers.length = 0;
-                chunkSize = encodedChunkWithoutAnswers.length + answerEncoded.length;
+                chunkSize = encodedChunkWithoutAnswers.byteLength + answerEncoded.byteLength;
             } else {
-                chunkSize += answerEncoded.length;
+                chunkSize += answerEncoded.byteLength;
             }
 
             chunk.answers.push(answerEncoded);
@@ -120,7 +121,7 @@ export class MdnsSocket {
         const additionalRecords = message.additionalRecords ?? [];
         for (const additionalRecord of additionalRecords) {
             const additionalRecordEncoded = DnsCodec.encodeRecord(additionalRecord);
-            chunkSize += additionalRecordEncoded.length;
+            chunkSize += additionalRecordEncoded.byteLength;
             if (chunkSize > MAX_MDNS_MESSAGE_SIZE) {
                 break;
             }
@@ -142,7 +143,7 @@ export class MdnsSocket {
         }
     }
 
-    #handleMessage(bytes: Uint8Array, sourceIp: string, sourceIntf: string) {
+    #handleMessage(bytes: Bytes, sourceIp: string, sourceIntf: string) {
         // Ignore if closed
         if (this.#isClosed) {
             return;

package/src/peer/ControllerCommissioner.ts

@@ -9,6 +9,7 @@ import { GeneralCommissioning } from "#clusters/general-commissioning";
 import { CommissionableDevice, CommissionableDeviceIdentifiers, DiscoveryData, ScannerSet } from "#common/Scanner.js";
 import { Fabric } from "#fabric/Fabric.js";
 import {
+    Bytes,
     Channel,
     ChannelType,
     ClassExtends,
@@ -304,7 +305,7 @@ export class ControllerCommissioner {
         passcode: number,
         device?: DiscoveryData,
     ): Promise<MessageChannel> {
-        let paseChannel: Channel<Uint8Array>;
+        let paseChannel: Channel<Bytes>;
         if (device !== undefined) {
             logger.info(`Establish PASE to device`, MdnsClient.discoveryDataDiagnostics(device));
         }

package/src/peer/ControllerCommissioningFlow.ts

@@ -781,10 +781,10 @@ export class ControllerCommissioningFlow {
             );
         // TODO: validate attestationSignature using device public key
         if (
-            deviceAttestation.length === 0 ||
-            productAttestation.length === 0 ||
-            attestationElements.length === 0 ||
-            attestationSignature.length === 0
+            deviceAttestation.byteLength === 0 ||
+            productAttestation.byteLength === 0 ||
+            attestationElements.byteLength === 0 ||
+            attestationSignature.byteLength === 0
         ) {
             // TODO: validate the data really
             throw new CommissioningError("Device Attestation data missing from device");
@@ -820,7 +820,7 @@ export class ControllerCommissioningFlow {
                 { csrNonce: this.fabric.crypto.randomBytes(32) },
                 { useExtendedFailSafeMessageResponseTimeout: true },
             );
-        if (nocsrElements.length === 0 || csrSignature.length === 0) {
+        if (nocsrElements.byteLength === 0 || csrSignature.byteLength === 0) {
             // TODO: validate the data really
             throw new UnexpectedDataError("Invalid response from device");
         }

package/src/protocol/ChannelManager.ts

@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { AsyncObservable, Channel, Environment, Environmental, Logger } from "#general";
+import { AsyncObservable, Bytes, Channel, Environment, Environmental, Logger } from "#general";
 import { PeerAddress, PeerAddressMap } from "#peer/PeerAddress.js";
 import { MessageChannel } from "#protocol/MessageChannel.js";
 import { NoChannelError, NodeSession } from "#session/NodeSession.js";
@@ -124,7 +124,7 @@ export class ChannelManager {
         this.#channels.set(address, fabricChannels);
     }
 
-    private getOrCreateAsPaseChannel(byteArrayChannel: Channel<Uint8Array>, session: Session) {
+    private getOrCreateAsPaseChannel(byteArrayChannel: Channel<Bytes>, session: Session) {
         const msgChannel = new MessageChannel(
             byteArrayChannel,
             session,
@@ -138,7 +138,7 @@ export class ChannelManager {
         return msgChannel;
     }
 
-    async getOrCreateChannel(byteArrayChannel: Channel<Uint8Array>, session: Session) {
+    async getOrCreateChannel(byteArrayChannel: Channel<Bytes>, session: Session) {
         if (!NodeSession.is(session)) {
             return this.getOrCreateAsPaseChannel(byteArrayChannel, session);
         }

package/src/protocol/ExchangeManager.ts

@@ -6,6 +6,7 @@
 
 import { DecodedMessage, MessageCodec, SessionType } from "#codec/MessageCodec.js";
 import {
+    Bytes,
     Channel,
     Crypto,
     Diagnostic,
@@ -146,9 +147,10 @@ export class ExchangeManager {
         this.#exchanges.clear();
     }
 
-    private async onMessage(channel: Channel<Uint8Array>, messageBytes: Uint8Array) {
+    private async onMessage(channel: Channel<Bytes>, messageBytes: Bytes) {
         const packet = MessageCodec.decodePacket(messageBytes);
-        const aad = messageBytes.slice(0, messageBytes.length - packet.applicationPayload.length); // Header+Extensions
+        const bytes = Bytes.of(messageBytes);
+        const aad = bytes.slice(0, bytes.length - packet.applicationPayload.byteLength); // Header+Extensions
 
         const messageId = packet.header.messageId;
 
@@ -193,7 +195,7 @@ export class ExchangeManager {
                 throw new UnexpectedDataError("Group session message must include a source NodeId");
             }
 
-            let key: Uint8Array;
+            let key: Bytes;
             ({ session, message, key } = this.#sessionManager.groupSessionFromPacket(packet, aad));
 
             try {
@@ -431,9 +433,9 @@ export class ExchangeManager {
         this.#listeners.set(
             transportInterface,
             transportInterface.onData((socket, data) => {
-                if (udpInterface && data.length > socket.maxPayloadSize) {
+                if (udpInterface && data.byteLength > socket.maxPayloadSize) {
                     logger.warn(
-                        `Ignoring UDP message on channel ${socket.name} with size ${data.length} from ${socket.name}, which is larger than the maximum allowed size of ${socket.maxPayloadSize}.`,
+                        `Ignoring UDP message on channel ${socket.name} with size ${data.byteLength} from ${socket.name}, which is larger than the maximum allowed size of ${socket.maxPayloadSize}.`,
                     );
                     return;
                 }

package/src/protocol/MessageChannel.ts

@@ -5,7 +5,7 @@
  */
 
 import { Message, MessageCodec } from "#codec/MessageCodec.js";
-import { Channel, Logger, MatterError, MatterFlowError } from "#general";
+import { Bytes, Channel, Logger, MatterError, MatterFlowError } from "#general";
 import type { ExchangeLogContext } from "#protocol/MessageExchange.js";
 import { Session, SessionParameters } from "#session/Session.js";
 
@@ -55,7 +55,7 @@ export class MessageChannel implements Channel<Message> {
     // When the session is supporting MRP and the channel is not reliable, use MRP handling
 
     constructor(
-        readonly channel: Channel<Uint8Array>,
+        readonly channel: Channel<Bytes>,
         readonly session: Session,
         closeCallback?: () => Promise<void>,
     ) {
@@ -91,9 +91,9 @@ export class MessageChannel implements Channel<Message> {
         logger.debug("Message »", MessageCodec.messageDiagnostics(message, logContext));
         const packet = this.session.encode(message);
         const bytes = MessageCodec.encodePacket(packet);
-        if (bytes.length > this.maxPayloadSize) {
+        if (bytes.byteLength > this.maxPayloadSize) {
             logger.warn(
-                `Matter message to send to ${this.name} is ${bytes.length}bytes long, which is larger than the maximum allowed size of ${this.maxPayloadSize}. This only works if both nodes support it.`,
+                `Matter message to send to ${this.name} is ${bytes.byteLength}bytes long, which is larger than the maximum allowed size of ${this.maxPayloadSize}. This only works if both nodes support it.`,
             );
         }