@matter/protocol 0.17.4 → 0.17.5-alpha.0-20260704-9ea70abfa

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (221) hide show
  1. package/dist/cjs/action/client/ClientInteraction.d.ts.map +1 -1
  2. package/dist/cjs/action/client/ClientInteraction.js +21 -5
  3. package/dist/cjs/action/client/ClientInteraction.js.map +1 -1
  4. package/dist/cjs/action/client/InputChunk.d.ts +2 -2
  5. package/dist/cjs/action/server/AttributeReadResponse.d.ts.map +1 -1
  6. package/dist/cjs/action/server/AttributeReadResponse.js +20 -2
  7. package/dist/cjs/action/server/AttributeReadResponse.js.map +1 -1
  8. package/dist/cjs/advertisement/mdns/MdnsAdvertisement.d.ts.map +1 -1
  9. package/dist/cjs/advertisement/mdns/MdnsAdvertisement.js +1 -1
  10. package/dist/cjs/advertisement/mdns/MdnsAdvertisement.js.map +1 -1
  11. package/dist/cjs/bdx/schema/BdxAcceptMessagesSchema.d.ts +2 -2
  12. package/dist/cjs/bdx/schema/BdxAcceptMessagesSchema.d.ts.map +1 -1
  13. package/dist/cjs/bdx/schema/BdxBlockMessagesSchema.d.ts +6 -6
  14. package/dist/cjs/bdx/schema/BdxBlockMessagesSchema.d.ts.map +1 -1
  15. package/dist/cjs/bdx/schema/BdxInitMessagesSchema.d.ts +3 -3
  16. package/dist/cjs/bdx/schema/BdxInitMessagesSchema.d.ts.map +1 -1
  17. package/dist/cjs/ble/BleConsts.d.ts +1 -1
  18. package/dist/cjs/ble/BleConsts.d.ts.map +1 -1
  19. package/dist/cjs/certificate/kinds/Icac.d.ts +1 -1
  20. package/dist/cjs/certificate/kinds/Icac.js +1 -1
  21. package/dist/cjs/certificate/kinds/Noc.d.ts +1 -1
  22. package/dist/cjs/certificate/kinds/Noc.js +1 -1
  23. package/dist/cjs/certificate/kinds/OperationalBase.d.ts +1 -1
  24. package/dist/cjs/certificate/kinds/OperationalBase.js +1 -1
  25. package/dist/cjs/certificate/kinds/Rcac.d.ts +1 -1
  26. package/dist/cjs/certificate/kinds/Rcac.js +1 -1
  27. package/dist/cjs/certificate/kinds/Vvsc.d.ts +1 -1
  28. package/dist/cjs/certificate/kinds/Vvsc.js +1 -1
  29. package/dist/cjs/certificate/kinds/common.d.ts +1 -1
  30. package/dist/cjs/certificate/kinds/definitions/asn.d.ts +1 -1
  31. package/dist/cjs/certificate/kinds/definitions/operational.d.ts +1 -1
  32. package/dist/cjs/codec/MessageCodec.d.ts +20 -0
  33. package/dist/cjs/codec/MessageCodec.d.ts.map +1 -1
  34. package/dist/cjs/codec/MessageCodec.js +68 -14
  35. package/dist/cjs/codec/MessageCodec.js.map +1 -1
  36. package/dist/cjs/codec/MessagePrivacy.d.ts +2 -1
  37. package/dist/cjs/codec/MessagePrivacy.d.ts.map +1 -1
  38. package/dist/cjs/codec/MessagePrivacy.js.map +1 -1
  39. package/dist/cjs/common/OperationalCredentialsTypes.d.ts +2 -2
  40. package/dist/cjs/groups/FabricGroups.d.ts +5 -0
  41. package/dist/cjs/groups/FabricGroups.d.ts.map +1 -1
  42. package/dist/cjs/groups/FabricGroups.js +8 -0
  43. package/dist/cjs/groups/FabricGroups.js.map +1 -1
  44. package/dist/cjs/groups/Groups.d.ts +8 -0
  45. package/dist/cjs/groups/Groups.d.ts.map +1 -1
  46. package/dist/cjs/groups/Groups.js +16 -1
  47. package/dist/cjs/groups/Groups.js.map +1 -1
  48. package/dist/cjs/groups/index.d.ts +1 -0
  49. package/dist/cjs/groups/index.d.ts.map +1 -1
  50. package/dist/cjs/groups/index.js +1 -0
  51. package/dist/cjs/groups/index.js.map +1 -1
  52. package/dist/cjs/interaction/AttributeDataEncoder.d.ts +1 -0
  53. package/dist/cjs/interaction/AttributeDataEncoder.d.ts.map +1 -1
  54. package/dist/cjs/interaction/FabricAccessControl.d.ts +3 -2
  55. package/dist/cjs/interaction/FabricAccessControl.d.ts.map +1 -1
  56. package/dist/cjs/interaction/FabricAccessControl.js +7 -0
  57. package/dist/cjs/interaction/FabricAccessControl.js.map +1 -1
  58. package/dist/cjs/interaction/InteractionMessenger.d.ts +3 -0
  59. package/dist/cjs/interaction/InteractionMessenger.d.ts.map +1 -1
  60. package/dist/cjs/ota/OtaImageHeader.d.ts +1 -1
  61. package/dist/cjs/peer/ControllerCommissioningFlow.js +10 -10
  62. package/dist/cjs/peer/Peer.d.ts +4 -0
  63. package/dist/cjs/peer/Peer.d.ts.map +1 -1
  64. package/dist/cjs/peer/PeerExchangeProvider.d.ts +2 -0
  65. package/dist/cjs/peer/PeerExchangeProvider.d.ts.map +1 -1
  66. package/dist/cjs/peer/PeerExchangeProvider.js +6 -0
  67. package/dist/cjs/peer/PeerExchangeProvider.js.map +1 -1
  68. package/dist/cjs/protocol/ExchangeManager.d.ts +1 -1
  69. package/dist/cjs/protocol/ExchangeManager.d.ts.map +1 -1
  70. package/dist/cjs/protocol/ExchangeManager.js +8 -2
  71. package/dist/cjs/protocol/ExchangeManager.js.map +1 -1
  72. package/dist/cjs/protocol/ExchangeProvider.d.ts +6 -0
  73. package/dist/cjs/protocol/ExchangeProvider.d.ts.map +1 -1
  74. package/dist/cjs/protocol/ExchangeProvider.js +10 -0
  75. package/dist/cjs/protocol/ExchangeProvider.js.map +1 -1
  76. package/dist/cjs/protocol/MRP.d.ts +2 -2
  77. package/dist/cjs/protocol/MessageChannel.d.ts +1 -1
  78. package/dist/cjs/protocol/MessageChannel.js +1 -1
  79. package/dist/cjs/protocol/MessageExchange.d.ts +10 -0
  80. package/dist/cjs/protocol/MessageExchange.d.ts.map +1 -1
  81. package/dist/cjs/protocol/MessageExchange.js +24 -2
  82. package/dist/cjs/protocol/MessageExchange.js.map +1 -1
  83. package/dist/cjs/session/GroupSession.d.ts +12 -1
  84. package/dist/cjs/session/GroupSession.d.ts.map +1 -1
  85. package/dist/cjs/session/GroupSession.js +23 -3
  86. package/dist/cjs/session/GroupSession.js.map +1 -1
  87. package/dist/cjs/session/SessionManager.d.ts +29 -2
  88. package/dist/cjs/session/SessionManager.d.ts.map +1 -1
  89. package/dist/cjs/session/SessionManager.js +36 -10
  90. package/dist/cjs/session/SessionManager.js.map +1 -1
  91. package/dist/cjs/session/case/CaseMessages.d.ts +7 -7
  92. package/dist/cjs/session/pase/PaseMessages.d.ts +6 -6
  93. package/dist/esm/action/client/ClientInteraction.d.ts.map +1 -1
  94. package/dist/esm/action/client/ClientInteraction.js +21 -5
  95. package/dist/esm/action/client/ClientInteraction.js.map +1 -1
  96. package/dist/esm/action/client/InputChunk.d.ts +2 -2
  97. package/dist/esm/action/server/AttributeReadResponse.d.ts.map +1 -1
  98. package/dist/esm/action/server/AttributeReadResponse.js +20 -2
  99. package/dist/esm/action/server/AttributeReadResponse.js.map +1 -1
  100. package/dist/esm/advertisement/mdns/MdnsAdvertisement.d.ts.map +1 -1
  101. package/dist/esm/advertisement/mdns/MdnsAdvertisement.js +1 -1
  102. package/dist/esm/advertisement/mdns/MdnsAdvertisement.js.map +1 -1
  103. package/dist/esm/bdx/schema/BdxAcceptMessagesSchema.d.ts +2 -2
  104. package/dist/esm/bdx/schema/BdxAcceptMessagesSchema.d.ts.map +1 -1
  105. package/dist/esm/bdx/schema/BdxBlockMessagesSchema.d.ts +6 -6
  106. package/dist/esm/bdx/schema/BdxBlockMessagesSchema.d.ts.map +1 -1
  107. package/dist/esm/bdx/schema/BdxInitMessagesSchema.d.ts +3 -3
  108. package/dist/esm/bdx/schema/BdxInitMessagesSchema.d.ts.map +1 -1
  109. package/dist/esm/ble/BleConsts.d.ts +1 -1
  110. package/dist/esm/ble/BleConsts.d.ts.map +1 -1
  111. package/dist/esm/certificate/kinds/Icac.d.ts +1 -1
  112. package/dist/esm/certificate/kinds/Icac.js +1 -1
  113. package/dist/esm/certificate/kinds/Noc.d.ts +1 -1
  114. package/dist/esm/certificate/kinds/Noc.js +1 -1
  115. package/dist/esm/certificate/kinds/OperationalBase.d.ts +1 -1
  116. package/dist/esm/certificate/kinds/OperationalBase.js +1 -1
  117. package/dist/esm/certificate/kinds/Rcac.d.ts +1 -1
  118. package/dist/esm/certificate/kinds/Rcac.js +1 -1
  119. package/dist/esm/certificate/kinds/Vvsc.d.ts +1 -1
  120. package/dist/esm/certificate/kinds/Vvsc.js +1 -1
  121. package/dist/esm/certificate/kinds/common.d.ts +1 -1
  122. package/dist/esm/certificate/kinds/definitions/asn.d.ts +1 -1
  123. package/dist/esm/certificate/kinds/definitions/operational.d.ts +1 -1
  124. package/dist/esm/codec/MessageCodec.d.ts +20 -0
  125. package/dist/esm/codec/MessageCodec.d.ts.map +1 -1
  126. package/dist/esm/codec/MessageCodec.js +68 -14
  127. package/dist/esm/codec/MessageCodec.js.map +1 -1
  128. package/dist/esm/codec/MessagePrivacy.d.ts +2 -1
  129. package/dist/esm/codec/MessagePrivacy.d.ts.map +1 -1
  130. package/dist/esm/codec/MessagePrivacy.js.map +1 -1
  131. package/dist/esm/common/OperationalCredentialsTypes.d.ts +2 -2
  132. package/dist/esm/groups/FabricGroups.d.ts +5 -0
  133. package/dist/esm/groups/FabricGroups.d.ts.map +1 -1
  134. package/dist/esm/groups/FabricGroups.js +8 -0
  135. package/dist/esm/groups/FabricGroups.js.map +1 -1
  136. package/dist/esm/groups/Groups.d.ts +8 -0
  137. package/dist/esm/groups/Groups.d.ts.map +1 -1
  138. package/dist/esm/groups/Groups.js +16 -1
  139. package/dist/esm/groups/Groups.js.map +1 -1
  140. package/dist/esm/groups/index.d.ts +1 -0
  141. package/dist/esm/groups/index.d.ts.map +1 -1
  142. package/dist/esm/groups/index.js +1 -0
  143. package/dist/esm/groups/index.js.map +1 -1
  144. package/dist/esm/interaction/AttributeDataEncoder.d.ts +1 -0
  145. package/dist/esm/interaction/AttributeDataEncoder.d.ts.map +1 -1
  146. package/dist/esm/interaction/FabricAccessControl.d.ts +3 -2
  147. package/dist/esm/interaction/FabricAccessControl.d.ts.map +1 -1
  148. package/dist/esm/interaction/FabricAccessControl.js +8 -0
  149. package/dist/esm/interaction/FabricAccessControl.js.map +1 -1
  150. package/dist/esm/interaction/InteractionMessenger.d.ts +3 -0
  151. package/dist/esm/interaction/InteractionMessenger.d.ts.map +1 -1
  152. package/dist/esm/ota/OtaImageHeader.d.ts +1 -1
  153. package/dist/esm/peer/ControllerCommissioningFlow.js +10 -10
  154. package/dist/esm/peer/Peer.d.ts +4 -0
  155. package/dist/esm/peer/Peer.d.ts.map +1 -1
  156. package/dist/esm/peer/PeerExchangeProvider.d.ts +2 -0
  157. package/dist/esm/peer/PeerExchangeProvider.d.ts.map +1 -1
  158. package/dist/esm/peer/PeerExchangeProvider.js +6 -0
  159. package/dist/esm/peer/PeerExchangeProvider.js.map +1 -1
  160. package/dist/esm/protocol/ExchangeManager.d.ts +1 -1
  161. package/dist/esm/protocol/ExchangeManager.d.ts.map +1 -1
  162. package/dist/esm/protocol/ExchangeManager.js +9 -3
  163. package/dist/esm/protocol/ExchangeManager.js.map +1 -1
  164. package/dist/esm/protocol/ExchangeProvider.d.ts +6 -0
  165. package/dist/esm/protocol/ExchangeProvider.d.ts.map +1 -1
  166. package/dist/esm/protocol/ExchangeProvider.js +10 -0
  167. package/dist/esm/protocol/ExchangeProvider.js.map +1 -1
  168. package/dist/esm/protocol/MRP.d.ts +2 -2
  169. package/dist/esm/protocol/MessageChannel.d.ts +1 -1
  170. package/dist/esm/protocol/MessageChannel.js +1 -1
  171. package/dist/esm/protocol/MessageExchange.d.ts +10 -0
  172. package/dist/esm/protocol/MessageExchange.d.ts.map +1 -1
  173. package/dist/esm/protocol/MessageExchange.js +24 -2
  174. package/dist/esm/protocol/MessageExchange.js.map +1 -1
  175. package/dist/esm/session/GroupSession.d.ts +12 -1
  176. package/dist/esm/session/GroupSession.d.ts.map +1 -1
  177. package/dist/esm/session/GroupSession.js +23 -3
  178. package/dist/esm/session/GroupSession.js.map +1 -1
  179. package/dist/esm/session/SessionManager.d.ts +29 -2
  180. package/dist/esm/session/SessionManager.d.ts.map +1 -1
  181. package/dist/esm/session/SessionManager.js +38 -11
  182. package/dist/esm/session/SessionManager.js.map +1 -1
  183. package/dist/esm/session/case/CaseMessages.d.ts +7 -7
  184. package/dist/esm/session/pase/PaseMessages.d.ts +6 -6
  185. package/package.json +5 -5
  186. package/src/action/client/ClientInteraction.ts +27 -5
  187. package/src/action/client/InputChunk.ts +2 -2
  188. package/src/action/server/AttributeReadResponse.ts +30 -2
  189. package/src/advertisement/mdns/MdnsAdvertisement.ts +2 -1
  190. package/src/bdx/schema/BdxAcceptMessagesSchema.ts +2 -2
  191. package/src/bdx/schema/BdxBlockMessagesSchema.ts +6 -6
  192. package/src/bdx/schema/BdxInitMessagesSchema.ts +3 -3
  193. package/src/ble/BleConsts.ts +1 -1
  194. package/src/certificate/kinds/Icac.ts +1 -1
  195. package/src/certificate/kinds/Noc.ts +1 -1
  196. package/src/certificate/kinds/OperationalBase.ts +1 -1
  197. package/src/certificate/kinds/Rcac.ts +1 -1
  198. package/src/certificate/kinds/Vvsc.ts +1 -1
  199. package/src/certificate/kinds/common.ts +1 -1
  200. package/src/certificate/kinds/definitions/asn.ts +1 -1
  201. package/src/certificate/kinds/definitions/operational.ts +1 -1
  202. package/src/codec/MessageCodec.ts +88 -14
  203. package/src/codec/MessagePrivacy.ts +6 -2
  204. package/src/common/OperationalCredentialsTypes.ts +2 -2
  205. package/src/groups/FabricGroups.ts +11 -1
  206. package/src/groups/Groups.ts +24 -2
  207. package/src/groups/KeySets.ts +1 -1
  208. package/src/groups/index.ts +1 -0
  209. package/src/interaction/FabricAccessControl.ts +16 -3
  210. package/src/ota/OtaImageHeader.ts +1 -1
  211. package/src/peer/ControllerCommissioningFlow.ts +11 -11
  212. package/src/peer/PeerExchangeProvider.ts +8 -0
  213. package/src/protocol/ExchangeManager.ts +14 -3
  214. package/src/protocol/ExchangeProvider.ts +11 -0
  215. package/src/protocol/MRP.ts +2 -2
  216. package/src/protocol/MessageChannel.ts +1 -1
  217. package/src/protocol/MessageExchange.ts +28 -4
  218. package/src/session/GroupSession.ts +26 -2
  219. package/src/session/SessionManager.ts +65 -13
  220. package/src/session/case/CaseMessages.ts +7 -7
  221. package/src/session/pase/PaseMessages.ts +6 -6
@@ -130,11 +130,25 @@ export class AttributeReadResponse<
130
130
  };
131
131
  }
132
132
 
133
+ /**
134
+ * Read the node's current BasicInformation ConfigurationVersion (endpoint 0, cluster 0x28, attribute 0x18), or
135
+ * undefined when the attribute is not present.
136
+ */
137
+ #currentConfigurationVersion(): number | undefined {
138
+ const endpoint = this.node[0];
139
+ const cluster = endpoint?.[0x28];
140
+ if (cluster === undefined) {
141
+ return undefined;
142
+ }
143
+ return cluster.readState(this.session)[0x18] as number | undefined;
144
+ }
145
+
133
146
  /**
134
147
  * Validate a wildcard path and update internal state.
135
148
  */
136
149
  protected addWildcard(path: AttributePath) {
137
- const { nodeId, endpointId, clusterId, attributeId, wildcardPathFlags } = path;
150
+ const { nodeId, endpointId, clusterId, attributeId, wildcardPathFlags, wildcardFilterConfigurationVersion } =
151
+ path;
138
152
 
139
153
  if (clusterId === undefined && attributeId !== undefined && !GlobalAttrIds.has(attributeId)) {
140
154
  throw new StatusResponseError(
@@ -147,7 +161,21 @@ export class AttributeReadResponse<
147
161
  return;
148
162
  }
149
163
 
150
- const wpf = wildcardPathFlags ? WildcardPathFlagsCodec.encode(wildcardPathFlags) : 0;
164
+ let wpf = wildcardPathFlags ? WildcardPathFlagsCodec.encode(wildcardPathFlags) : 0;
165
+
166
+ // WildcardPathFlags only suppress paths while the client's WildcardFilterConfigurationVersion is current. Once
167
+ // the node's ConfigurationVersion has advanced past it the configuration changed, so the flags no longer apply
168
+ // and all paths are reported. An omitted filter (or 0xFFFFFFFF) is treated as the current version.
169
+ if (
170
+ wpf !== 0 &&
171
+ wildcardFilterConfigurationVersion !== undefined &&
172
+ wildcardFilterConfigurationVersion !== 0xffffffff
173
+ ) {
174
+ const current = this.#currentConfigurationVersion();
175
+ if (current !== undefined && wildcardFilterConfigurationVersion < current) {
176
+ wpf = 0;
177
+ }
178
+ }
151
179
 
152
180
  if (endpointId === undefined) {
153
181
  this.#addProducer(function* (this: AttributeReadResponse) {
@@ -198,7 +198,8 @@ export abstract class MdnsAdvertisement<T extends ServiceDescription = ServiceDe
198
198
 
199
199
  Object.assign(values, this.txtValues);
200
200
 
201
- if (this.description.tcp !== undefined) {
201
+ // The T (transport modes) key is only used during operational discovery, not by commissionable/commissioner nodes
202
+ if (this.description.tcp !== undefined && this.isOperational()) {
202
203
  values.T = SupportedTransportsSchema.encode(this.description.tcp); /* TCP support */
203
204
  }
204
205
 
@@ -14,7 +14,7 @@ import {
14
14
  BdxTransferControlSchema,
15
15
  } from "./BdxInitMessagesSchema.js";
16
16
 
17
- /** @see {@link MatterSpecification.v141.Core}, section 11.22.5.2 */
17
+ /** @see {@link MatterSpecification.v16.Core}, section 11.22.5.2 */
18
18
  export interface BdxSendAccept {
19
19
  /**
20
20
  * Transfer control details
@@ -37,7 +37,7 @@ export interface BdxSendAccept {
37
37
  metaData?: Bytes;
38
38
  }
39
39
 
40
- /** @see {@link MatterSpecification.v141.Core}, section 11.22.5.3 */
40
+ /** @see {@link MatterSpecification.v16.Core}, section 11.22.5.3 */
41
41
  export interface BdxReceiveAccept extends BdxSendAccept {
42
42
  /**
43
43
  * Specifies a predetermined definite length for the transfer
@@ -11,26 +11,26 @@ interface BdxCounterOnly {
11
11
  blockCounter: number;
12
12
  }
13
13
 
14
- /** @see {@link MatterSpecification.v141.Core}, section 11.22.6.2 */
14
+ /** @see {@link MatterSpecification.v16.Core}, section 11.22.6.2 */
15
15
  export interface BdxBlockQuery extends BdxCounterOnly {}
16
16
 
17
- /** @see {@link MatterSpecification.v141.Core}, section 11.22.6.6 */
17
+ /** @see {@link MatterSpecification.v16.Core}, section 11.22.6.6 */
18
18
  export interface BdxBlockAck extends BdxCounterOnly {}
19
19
 
20
- /** @see {@link MatterSpecification.v141.Core}, section 11.22.6.7 */
20
+ /** @see {@link MatterSpecification.v16.Core}, section 11.22.6.7 */
21
21
  export interface BdxBlockAckEof extends BdxCounterOnly {}
22
22
 
23
- /** @see {@link MatterSpecification.v141.Core}, section 11.22.6.3 */
23
+ /** @see {@link MatterSpecification.v16.Core}, section 11.22.6.3 */
24
24
  export interface BdxBlockQueryWithSkip extends BdxCounterOnly {
25
25
  bytesToSkip: number | bigint;
26
26
  }
27
27
 
28
- /** @see {@link MatterSpecification.v141.Core}, section 11.22.6.4 */
28
+ /** @see {@link MatterSpecification.v16.Core}, section 11.22.6.4 */
29
29
  export interface BdxBlock extends BdxCounterOnly {
30
30
  data: Bytes;
31
31
  }
32
32
 
33
- /** @see {@link MatterSpecification.v141.Core}, section 11.22.6.5 */
33
+ /** @see {@link MatterSpecification.v16.Core}, section 11.22.6.5 */
34
34
  export interface BdxBlockEof extends BdxBlock {}
35
35
 
36
36
  /** Schema for BDX messages that only contain a block counter: BlockQuery, BlockAck, BlockAckEof. */
@@ -14,7 +14,7 @@ export const BDX_VERSION = 0;
14
14
  * BDX Transfer protocol bitmap definition
15
15
  * Bit 7 is reserved for future use
16
16
  *
17
- * @see {@link MatterSpecification.v141.Core}, section 11.22.5.1
17
+ * @see {@link MatterSpecification.v16.Core}, section 11.22.5.1
18
18
  */
19
19
  export const BdxTransferControlBitmap = {
20
20
  /** Protocol Version, Only allowed version is 0.0 for now */
@@ -38,7 +38,7 @@ export const BdxTransferControlSchema = BitmapSchema(BdxTransferControlBitmap);
38
38
  * BDX Range control bitmap definition
39
39
  * Bits 2-3 and 5-7 is reserved for future use
40
40
  *
41
- * @see {@link MatterSpecification.v141.Core}, section 11.22.5.1
41
+ * @see {@link MatterSpecification.v16.Core}, section 11.22.5.1
42
42
  */
43
43
  export const BdxRangeControlBitmap = {
44
44
  /** Indicates if the transfer has a definite length */
@@ -55,7 +55,7 @@ export const BdxRangeControlBitmap = {
55
55
  };
56
56
  export const BdxRangeControlSchema = BitmapSchema(BdxRangeControlBitmap);
57
57
 
58
- /** @see {@link MatterSpecification.v141.Core}, section 11.22.5.1 */
58
+ /** @see {@link MatterSpecification.v16.Core}, section 11.22.5.1 */
59
59
  export type BdxInit = {
60
60
  /**
61
61
  * Transfer protocol details
@@ -6,7 +6,7 @@
6
6
 
7
7
  import { MAX_UDP_MESSAGE_SIZE, Millis, Seconds } from "@matter/general";
8
8
 
9
- /** @see {@link MatterSpecification.v11.Core} § 4.17.3.2 */
9
+ /** @see {@link MatterSpecification.v16.Core} § 4.19 */
10
10
  export namespace MatterBle {
11
11
  /** Short 16-bit form of the Matter BLE service UUID. */
12
12
  export const SERVICE_UUID_SHORT = "fff6";
@@ -50,7 +50,7 @@ export class Icac extends OperationalBase<OperationalCertificate.Icac> {
50
50
 
51
51
  /**
52
52
  * Verify requirements a Matter Intermediate CA certificate must fulfill.
53
- * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
53
+ * Rules for this are listed in @see {@link MatterSpecification.v16.Core} §6.5.x
54
54
  */
55
55
  async verify(crypto: Crypto, root: Rcac) {
56
56
  this.generalVerify();
@@ -51,7 +51,7 @@ export class Noc extends OperationalBase<OperationalCertificate.Noc> {
51
51
 
52
52
  /**
53
53
  * Verify requirements a Matter Node Operational certificate must fulfill.
54
- * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
54
+ * Rules for this are listed in @see {@link MatterSpecification.v16.Core} §6.5.x
55
55
  */
56
56
  async verify(crypto: Crypto, root: Rcac, ica?: Icac) {
57
57
  this.generalVerify();
@@ -39,7 +39,7 @@ export abstract class OperationalBase<CT extends MatterCertificate> extends Cert
39
39
 
40
40
  /**
41
41
  * Verifies general requirements a Matter certificate fields must fulfill.
42
- * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
42
+ * Rules for this are listed in @see {@link MatterSpecification.v16.Core} §6.5.x
43
43
  */
44
44
  generalVerify() {
45
45
  const cert = this.cert;
@@ -50,7 +50,7 @@ export class Rcac extends OperationalBase<OperationalCertificate.Rcac> {
50
50
 
51
51
  /**
52
52
  * Verify requirements a Matter Root certificate must fulfill.
53
- * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
53
+ * Rules for this are listed in @see {@link MatterSpecification.v16.Core} §6.5.x
54
54
  */
55
55
  async verify(crypto: Crypto) {
56
56
  this.generalVerify();
@@ -40,7 +40,7 @@ export class Vvsc extends OperationalBase<OperationalCertificate.Vvsc> {
40
40
 
41
41
  /**
42
42
  * Verify requirements a Matter Intermediate CA certificate must fulfill.
43
- * Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
43
+ * Rules for this are listed in @see {@link MatterSpecification.v16.Core} §6.5.x
44
44
  * // TODO ADD Verification once we know more about the chain
45
45
  */
46
46
  async verify(_crypto: Crypto) {
@@ -7,7 +7,7 @@ import { Bytes, ImplementationError } from "@matter/general";
7
7
 
8
8
  /**
9
9
  * Matter specific Certificate Sizes
10
- * @see {@link MatterSpecification.v13.Core} 6.1.3.
10
+ * @see {@link MatterSpecification.v16.Core} 6.1.3.
11
11
  */
12
12
  export const MAX_DER_CERTIFICATE_SIZE = 600;
13
13
 
@@ -44,7 +44,7 @@ function uInt16To4Chars(value: number) {
44
44
 
45
45
  /**
46
46
  * Matter specific ASN.1 OIDs
47
- * @see {@link MatterSpecification.v12.Core} Appendix E
47
+ * @see {@link MatterSpecification.v16.Core} Appendix E
48
48
  */
49
49
 
50
50
  /**
@@ -28,7 +28,7 @@ import { ExtensionKeyUsageBitmap } from "./base.js";
28
28
 
29
29
  /**
30
30
  * Matter specific Certificate Sizes
31
- * @see {@link MatterSpecification.v13.Core} 6.1.3.
31
+ * @see {@link MatterSpecification.v16.Core} 6.1.3.
32
32
  */
33
33
  export const MAX_TLV_CERTIFICATE_SIZE = 400;
34
34
 
@@ -173,7 +173,26 @@ function mapProtocolAndMessageType(protocolId: number, messageType: number): { t
173
173
  }
174
174
 
175
175
  export class MessageCodec {
176
- static decodePacket(data: Bytes): DecodedPacket {
176
+ /**
177
+ * Decode the cleartext header prefix (flags, sessionId, securityFlags) and optionally the obfuscated
178
+ * header region for privacy-enhanced packets. Returns parsed fields for cleartext portion and raw
179
+ * obfuscated region for privacy packets.
180
+ */
181
+ static decodeFixedHeader(data: Bytes): {
182
+ flags: number;
183
+ sessionType: SessionType;
184
+ hasPrivacyEnhancements: boolean;
185
+ hasMessageExtensions: boolean;
186
+ sessionId: number;
187
+ securityFlags: number;
188
+ messageId?: number;
189
+ sourceNodeId?: bigint;
190
+ destNodeId?: bigint;
191
+ destGroupId?: number;
192
+ obfuscatedRegion?: Bytes;
193
+ /** Bytes following the fixed (and, for privacy packets, obfuscated) header — the encrypted/cleartext tail. */
194
+ applicationPayload: Bytes;
195
+ } {
177
196
  const reader = new DataReader(data, Endian.Little);
178
197
 
179
198
  const flags = reader.readUInt8();
@@ -224,11 +243,63 @@ export class MessageCodec {
224
243
  `Privacy header length ${privacyHeaderLength} exceeds remaining message size ${reader.remainingBytesCount}.`,
225
244
  );
226
245
  }
227
- const privacyHeader = reader.readByteArray(privacyHeaderLength);
246
+ const obfuscatedRegion = reader.readByteArray(privacyHeaderLength);
247
+ return {
248
+ flags,
249
+ sessionType,
250
+ hasPrivacyEnhancements: true,
251
+ hasMessageExtensions: false,
252
+ sessionId,
253
+ securityFlags,
254
+ obfuscatedRegion,
255
+ applicationPayload: reader.remainingBytes,
256
+ };
257
+ }
258
+
259
+ const messageId = reader.readUInt32();
260
+ const sourceNodeId = hasSourceNodeId ? reader.readUInt64() : undefined;
261
+ const destNodeId = hasDestNodeId ? reader.readUInt64() : undefined;
262
+ const destGroupId = hasDestGroupId ? reader.readUInt16() : undefined;
263
+
264
+ return {
265
+ flags,
266
+ sessionType,
267
+ hasPrivacyEnhancements: false,
268
+ hasMessageExtensions,
269
+ sessionId,
270
+ securityFlags,
271
+ messageId,
272
+ sourceNodeId,
273
+ destNodeId,
274
+ destGroupId,
275
+ applicationPayload: reader.remainingBytes,
276
+ };
277
+ }
278
+
279
+ static decodePacket(data: Bytes): DecodedPacket {
280
+ const {
281
+ sessionType,
282
+ hasPrivacyEnhancements,
283
+ hasMessageExtensions,
284
+ sessionId,
285
+ securityFlags,
286
+ messageId,
287
+ sourceNodeId,
288
+ destNodeId,
289
+ destGroupId,
290
+ obfuscatedRegion,
291
+ applicationPayload,
292
+ } = MessageCodec.decodeFixedHeader(data);
293
+
294
+ if (hasPrivacyEnhancements) {
295
+ // decodeFixedHeader sets obfuscatedRegion whenever privacy is enabled; assert the invariant for the type.
296
+ if (obfuscatedRegion === undefined) {
297
+ throw new UnexpectedDataError("Privacy-enhanced packet is missing its obfuscated header region.");
298
+ }
228
299
  // Reject early: the privacy nonce is derived from the MIC, so a packet without a full MIC must not proceed.
229
- if (reader.remainingBytesCount < CRYPTO_AEAD_MIC_LENGTH_BYTES) {
300
+ if (applicationPayload.byteLength < CRYPTO_AEAD_MIC_LENGTH_BYTES) {
230
301
  throw new UnexpectedDataError(
231
- `Privacy-enhanced message too short to contain a MIC: ${reader.remainingBytesCount} bytes remaining.`,
302
+ `Privacy-enhanced message too short to contain a MIC: ${applicationPayload.byteLength} bytes remaining.`,
232
303
  );
233
304
  }
234
305
  return {
@@ -244,23 +315,23 @@ export class MessageCodec {
244
315
  destNodeId: undefined,
245
316
  destGroupId: undefined,
246
317
  },
247
- privacyHeader,
248
- applicationPayload: reader.remainingBytes,
318
+ privacyHeader: obfuscatedRegion,
319
+ applicationPayload,
249
320
  };
250
321
  }
251
322
 
252
- const messageId = reader.readUInt32();
253
- const sourceNodeId = hasSourceNodeId ? NodeId(reader.readUInt64()) : undefined;
254
- const destNodeId = hasDestNodeId ? NodeId(reader.readUInt64()) : undefined;
255
- const destGroupId = hasDestGroupId ? GroupId(reader.readUInt16()) : undefined;
323
+ // decodeFixedHeader always reads the counter for non-privacy packets; assert the invariant for the type.
324
+ if (messageId === undefined) {
325
+ throw new UnexpectedDataError("Message is missing its message counter.");
326
+ }
256
327
 
257
328
  const header: DecodedPacketHeader = {
258
329
  securityFlags,
259
330
  sessionId,
260
- sourceNodeId,
331
+ sourceNodeId: sourceNodeId === undefined ? undefined : NodeId(sourceNodeId),
261
332
  messageId,
262
- destGroupId,
263
- destNodeId,
333
+ destGroupId: destGroupId === undefined ? undefined : GroupId(destGroupId),
334
+ destNodeId: destNodeId === undefined ? undefined : NodeId(destNodeId),
264
335
  sessionType,
265
336
  hasPrivacyEnhancements: false,
266
337
  isControlMessage: false,
@@ -268,7 +339,9 @@ export class MessageCodec {
268
339
  };
269
340
 
270
341
  let messageExtension: Bytes | undefined = undefined;
342
+ let payload = applicationPayload;
271
343
  if (hasMessageExtensions) {
344
+ const reader = new DataReader(applicationPayload, Endian.Little);
272
345
  const extensionLength = reader.readUInt16();
273
346
  if (extensionLength > reader.remainingBytesCount) {
274
347
  throw new UnexpectedDataError(
@@ -276,12 +349,13 @@ export class MessageCodec {
276
349
  );
277
350
  }
278
351
  messageExtension = reader.readByteArray(extensionLength);
352
+ payload = reader.remainingBytes;
279
353
  }
280
354
 
281
355
  return {
282
356
  header,
283
357
  messageExtension,
284
- applicationPayload: reader.remainingBytes,
358
+ applicationPayload: payload,
285
359
  };
286
360
  }
287
361
 
@@ -14,7 +14,10 @@ import {
14
14
  MaybePromise,
15
15
  } from "@matter/general";
16
16
 
17
- /** HKDF info string for deriving a privacy key from an encryption key (Matter spec §4.9.1). */
17
+ /**
18
+ * HKDF info string for deriving a privacy key from an encryption key.
19
+ * @see {@link MatterSpecification.v16.Core} § 4.9.1
20
+ */
18
21
  const PRIVACY_KEY_INFO = Bytes.fromString("PrivacyKey");
19
22
 
20
23
  const NONCE_SESSION_ID_LENGTH = 2;
@@ -22,7 +25,8 @@ const NONCE_MIC_LENGTH = CRYPTO_PRIVACY_NONCE_LENGTH_BYTES - NONCE_SESSION_ID_LE
22
25
  const NONCE_MIC_OFFSET = CRYPTO_AEAD_MIC_LENGTH_BYTES - NONCE_MIC_LENGTH;
23
26
 
24
27
  /**
25
- * Matter message privacy (spec §4.9): obfuscation of the packet header for privacy-enhanced messages.
28
+ * Matter message privacy: obfuscation of the packet header for privacy-enhanced messages.
29
+ * @see {@link MatterSpecification.v16.Core} § 4.9
26
30
  */
27
31
  export namespace MessagePrivacy {
28
32
  /** Derive a privacy key from an encryption key: HKDF(key, salt=[], info="PrivacyKey", 16). */
@@ -6,7 +6,7 @@
6
6
 
7
7
  import { TlvByteString, TlvField, TlvObject, TlvOptionalField, TlvUInt32 } from "@matter/types";
8
8
 
9
- /** @see {@link MatterSpecification.v11.Core} § 11.17.5.4 */
9
+ /** @see {@link MatterSpecification.v16.Core} § 11.18.4.6 */
10
10
  export const TlvAttestation = TlvObject({
11
11
  declaration: TlvField(1, TlvByteString),
12
12
  attestationNonce: TlvField(2, TlvByteString.bound({ length: 32 })),
@@ -14,7 +14,7 @@ export const TlvAttestation = TlvObject({
14
14
  firmwareInfo: TlvOptionalField(4, TlvByteString),
15
15
  });
16
16
 
17
- /** @see {@link MatterSpecification.v11.Core} § 11.17.5.6 */
17
+ /** @see {@link MatterSpecification.v16.Core} § 11.18.4.8 */
18
18
  export const TlvCertSigningRequest = TlvObject({
19
19
  certSigningRequest: TlvField(1, TlvByteString),
20
20
  csrNonce: TlvField(2, TlvByteString.bound({ length: 32 })),
@@ -9,7 +9,7 @@ import { GroupKeySet, KeySets, OperationalKeySet } from "#groups/KeySets.js";
9
9
  import { MessagingState } from "#groups/MessagingState.js";
10
10
  import { BasicMap, Bytes, hex, InternalError, MatterFlowError, StorageContext } from "@matter/general";
11
11
  import { GroupId, MATTER_EPOCH_OFFSET_US } from "@matter/types";
12
- import { Groups } from "./Groups.js";
12
+ import { GroupMulticastPolicy, Groups } from "./Groups.js";
13
13
 
14
14
  export const GROUP_SECURITY_INFO = Bytes.fromString("GroupKey v1.0");
15
15
 
@@ -96,6 +96,16 @@ export class FabricGroups {
96
96
  return this.#groups.multicastAddress(groupId);
97
97
  }
98
98
 
99
+ /** Sets the multicast address policy for a specific group (Groupcast cluster, Matter 1.6). */
100
+ setGroupMulticastPolicy(groupId: GroupId, policy: GroupMulticastPolicy) {
101
+ this.#groups.setGroupMulticastPolicy(groupId, policy);
102
+ }
103
+
104
+ /** Removes the multicast address policy for a specific group. */
105
+ removeGroupMulticastPolicy(groupId: GroupId) {
106
+ this.#groups.removeGroupMulticastPolicy(groupId);
107
+ }
108
+
99
109
  /*
100
110
  TODO for Controller to generate new epochs
101
111
  addGroupEpoch(groupKeySetId: number, startTimeMs = Time.nowMs) {
@@ -10,6 +10,12 @@ import { BasicMap, DataWriter, ImplementationError, ipv6BytesToString } from "@m
10
10
  import { EndpointNumber, GroupId } from "@matter/types";
11
11
  import { KeySets, OperationalKeySet } from "./KeySets.js";
12
12
 
13
+ /** Multicast address policy for a group. IanaAddr uses the shared FF05::FA address; PerGroupId derives from GroupId. */
14
+ export type GroupMulticastPolicy = "ianaAddr" | "perGroupId";
15
+
16
+ /** IANA-assigned shared multicast address for Groupcast cluster (Matter 1.6). */
17
+ export const IANA_GROUPCAST_MULTICAST_ADDRESS = "ff05::fa";
18
+
13
19
  export class Groups {
14
20
  #fabric: Fabric;
15
21
  #keySets: KeySets<OperationalKeySet>;
@@ -20,6 +26,9 @@ export class Groups {
20
26
  /** Operational variant of the group table, maps group Ids to a list of enabled endpoints. */
21
27
  readonly endpointMap = new Map<GroupId, EndpointNumber[]>();
22
28
 
29
+ /** Per-group multicast address policy (Groupcast cluster, Matter 1.6). Defaults to PerGroupId when not set. */
30
+ readonly #groupMulticastPolicy = new Map<GroupId, GroupMulticastPolicy>();
31
+
23
32
  constructor(fabric: Fabric, keySets: KeySets<OperationalKeySet>) {
24
33
  this.#fabric = fabric;
25
34
  this.#keySets = keySets;
@@ -51,12 +60,25 @@ export class Groups {
51
60
  });
52
61
  }
53
62
 
63
+ /** Sets the multicast address policy for a specific group (Groupcast cluster, Matter 1.6). */
64
+ setGroupMulticastPolicy(groupId: GroupId, policy: GroupMulticastPolicy) {
65
+ this.#groupMulticastPolicy.set(groupId, policy);
66
+ }
67
+
68
+ /** Removes the multicast address policy for a specific group, reverting to the default (PerGroupId). */
69
+ removeGroupMulticastPolicy(groupId: GroupId) {
70
+ this.#groupMulticastPolicy.delete(groupId);
71
+ }
72
+
54
73
  /** Returns the multicast address for a given group id for this fabric. */
55
74
  multicastAddress(groupId: GroupId) {
56
75
  GroupId.assertGroupId(groupId);
57
76
 
58
- // If GroupKeyMulticastPolicy ever becomes non-provisional then we need to adjust logic here, but so far we
59
- // just use the default which is PerGroupId, which means we use the GroupId to create the multicast address.
77
+ // When the Groupcast cluster assigns IanaAddr policy, all groups in the fabric share FF05::FA.
78
+ // Legacy groups and new groups without explicit policy use PerGroupId (fabric-derived address).
79
+ if (this.#groupMulticastPolicy.get(groupId) === "ianaAddr") {
80
+ return IANA_GROUPCAST_MULTICAST_ADDRESS;
81
+ }
60
82
 
61
83
  const writer = new DataWriter();
62
84
  writer.writeUInt16(0xff35);
@@ -109,7 +109,7 @@ export class KeySets<T extends OperationalKeySet> extends BasicSet<T> {
109
109
  if (keySetId === 0) {
110
110
  // Groups: For the generation of the Destination Identifier, the originator SHALL use the operational group key with
111
111
  // the second newest EpochStartTime, if one exists, otherwise it SHALL use the single operational group key available.
112
- // @see {@link MatterSpecification.v14.Core} § 4.14.2.6.
112
+ // @see {@link MatterSpecification.v16.Core} § 4.14.2.6.
113
113
  if (operationalKeys.length > 2) {
114
114
  return operationalKeys[1];
115
115
  }
@@ -5,4 +5,5 @@
5
5
  */
6
6
 
7
7
  export * from "./FabricGroups.js";
8
+ export * from "./Groups.js";
8
9
  export * from "./KeySets.js";
@@ -62,12 +62,13 @@ export class AccessDeniedError extends StatusResponseError {
62
62
  }
63
63
 
64
64
  /**
65
- * Implements Access Control Logic For one fabric as per Matter Specification @see {@link MatterSpecification.v12.Core}
66
- * § 6.6.5.2.
65
+ * Implements Access Control Logic For one fabric as per Matter Specification @see {@link MatterSpecification.v16.Core}
66
+ * § 6.6.6.2.
67
67
  */
68
68
  export class FabricAccessControl {
69
69
  #fabricIndex: FabricIndex;
70
70
  #aclList: AclList = [];
71
+ #auxiliaryFeatureEnabled = false;
71
72
  #extensionEntryAccessCheck: (
72
73
  aclList: AclList,
73
74
  aclEntry: AclEntry,
@@ -100,6 +101,10 @@ export class FabricAccessControl {
100
101
  );
101
102
  }
102
103
 
104
+ set auxiliaryFeatureEnabled(enabled: boolean) {
105
+ this.#auxiliaryFeatureEnabled = enabled;
106
+ }
107
+
103
108
  set extensionEntryAccessCheck(
104
109
  func: (
105
110
  aclList: AclList,
@@ -252,7 +257,15 @@ export class FabricAccessControl {
252
257
 
253
258
  // Target must match, or be "wildcard"
254
259
  if (aclEntry.targets === null || aclEntry.targets.length === 0) {
255
- // Empty is wildcard, no match required
260
+ // Group subjects cannot grant access to Endpoint 0 when Auxiliary feature is enabled
261
+ if (
262
+ aclEntry.authMode === AccessControl.AccessControlEntryAuthMode.Group &&
263
+ this.#auxiliaryFeatureEnabled &&
264
+ endpointId === EndpointNumber(0)
265
+ ) {
266
+ continue;
267
+ }
268
+ // Otherwise, empty is wildcard, no match required
256
269
  } else {
257
270
  // Non-empty requires a match
258
271
  let matchedTarget = false;
@@ -19,7 +19,7 @@ import {
19
19
 
20
20
  /**
21
21
  * OTA Image TLV Header
22
- * @see {@link MatterSpecification.v142.Core} §11.21.2.4.
22
+ * @see {@link MatterSpecification.v16.Core} §11.21.2.4.
23
23
  */
24
24
  export const TlvOtaImageHeader = TlvObject({
25
25
  /**
@@ -366,7 +366,7 @@ export class ControllerCommissioningFlow {
366
366
  /**
367
367
  * Commissioner SHALL re-arm the Fail-safe timer on the Commissionee to the desired commissioning
368
368
  * timeout within 60 seconds of the completion of a PASE session establishment, using the ArmFailSafe
369
- * command (see Section 11.9.6.2, “ArmFailSafe Command”)
369
+ * command (see Section 11.10.7.2, “ArmFailSafe Command”)
370
370
  */
371
371
  const timeLeft = Timespan(Time.nowMs, this.#currentFailSafeEndTime).duration;
372
372
  if (timeLeft < this.#defaultFailSafeTime / 2) {
@@ -488,7 +488,7 @@ export class ControllerCommissioningFlow {
488
488
 
489
489
  /**
490
490
  * Initialize commissioning steps and add them in the default order as defined by
491
- * @see {@link MatterSpecification.v13.Core} § 5.5
491
+ * @see {@link MatterSpecification.v16.Core} § 5.5
492
492
  */
493
493
  #initializeCommissioningSteps() {
494
494
  this.commissioningSteps.push({
@@ -793,9 +793,9 @@ export class ControllerCommissioningFlow {
793
793
  * Step 7
794
794
  * Commissioner SHALL re-arm the Fail-safe timer on the Commissionee to the desired commissioning
795
795
  * timeout within 60 seconds of the completion of a PASE session establishment, using the
796
- * ArmFailSafe command (see Section 11.10.6.2, “ArmFailSafe Command”). A Commissioner MAY
796
+ * ArmFailSafe command (see Section 11.10.7.2, “ArmFailSafe Command”). A Commissioner MAY
797
797
  * collect device information including guidance on the fail-safe value from the Commissionee by
798
- * reading BasicCommissioningInfo attribute (see Section 11.10.5.2, “BasicCommissioningInfo
798
+ * reading BasicCommissioningInfo attribute (see Section 11.10.6.2, “BasicCommissioningInfo
799
799
  * Attribute”) before invoking the ArmFailSafe command.
800
800
  */
801
801
  async #armFailsafe(time?: Duration) {
@@ -1377,7 +1377,7 @@ export class ControllerCommissioningFlow {
1377
1377
  /**
1378
1378
  * Step 13-2 (we do as 99 at the end because)
1379
1379
  * The Administrator having established a CASE session with the Commissionee over the operational network in the
1380
- * previous steps SHALL invoke the CommissioningComplete command (see Section 11.9.6.6,
1380
+ * previous steps SHALL invoke the CommissioningComplete command (see Section 11.10.7.6,
1381
1381
  * “CommissioningComplete Command”). A success response after invocation of the CommissioningComplete command ends
1382
1382
  * the commissioning process.
1383
1383
  */
@@ -1431,14 +1431,14 @@ export class ControllerCommissioningFlow {
1431
1431
  /**
1432
1432
  * Step 16-17
1433
1433
  * 16: If the Commissionee both supports it and requires it, the Commissioner SHALL configure the operational network
1434
- * at the Commissionee using commands such as AddOrUpdateWiFiNetwork (see Section 11.8.7.3, “AddOrUpdateWiFiNetwork
1435
- * Command”) and AddOrUpdateThreadNetwork (see Section 11.8.7.4, “AddOrUpdateThreadNetwork Command”).
1434
+ * at the Commissionee using commands such as AddOrUpdateWiFiNetwork (see Section 11.9.7.3, “AddOrUpdateWiFiNetwork
1435
+ * Command”) and AddOrUpdateThreadNetwork (see Section 11.9.7.4, “AddOrUpdateThreadNetwork Command”).
1436
1436
  * A Commissionee requires network commissioning if it is not already on the desired operational network.
1437
1437
  * A Commissionee supports network commissioning if it has any NetworkCommissioning cluster instances.
1438
1438
  * A Commissioner MAY learn about the networks visible to the Commissionee using ScanNetworks command
1439
- * (see Section 11.8.7.1, “ScanNetworks Command”).
1439
+ * (see Section 11.9.7.1, “ScanNetworks Command”).
1440
1440
  * 17: The Commissioner SHALL trigger the Commissionee to connect to the operational network using ConnectNetwork
1441
- * command (see Section 11.8.7.9, “ConnectNetwork Command”) unless the Commissionee is already on the desired
1441
+ * command (see Section 11.9.7.8, “ConnectNetwork Command”) unless the Commissionee is already on the desired
1442
1442
  * operational network.
1443
1443
  */
1444
1444
  async #validateNetwork() {
@@ -1853,7 +1853,7 @@ export class ControllerCommissioningFlow {
1853
1853
  * 18: Finalization of the Commissioning process begins. An Administrator configured in the ACL of the Commissionee
1854
1854
  * by the Commissioner SHALL use Operational Discovery to discover the Commissionee. This Administrator MAY be
1855
1855
  * the Commissioner itself, or another Node to which the Commissioner has delegated the task.
1856
- * 19: The Administrator SHALL open a CASE (see Section 4.13.2, “Certificate Authenticated Session Establishment
1856
+ * 19: The Administrator SHALL open a CASE (see Section 4.14.2, “Certificate Authenticated Session Establishment
1857
1857
  * (CASE)”) session with the Commissionee over the operational network.
1858
1858
  */
1859
1859
  async #reconnectWithDevice() {
@@ -1913,7 +1913,7 @@ export class ControllerCommissioningFlow {
1913
1913
  /**
1914
1914
  * Step 20
1915
1915
  * The Administrator having established a CASE session with the Commissionee over the operational network in the
1916
- * previous steps SHALL invoke the CommissioningComplete command (see Section 11.9.6.6,
1916
+ * previous steps SHALL invoke the CommissioningComplete command (see Section 11.10.7.6,
1917
1917
  * “CommissioningComplete Command”). A success response after invocation of the CommissioningComplete command ends
1918
1918
  * the commissioning process.
1919
1919
  */