-
Notifications
You must be signed in to change notification settings - Fork 2.1k
/
Copy pathPairingSession.h
196 lines (164 loc) · 7.69 KB
/
PairingSession.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
/*
*
* Copyright (c) 2021 Project CHIP Authors
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file
* This file defines a common interface to access various types of secure
* pairing sessions (e.g. PASE, CASE)
*
*/
#pragma once
#include <lib/core/CHIPError.h>
#include <messaging/ExchangeContext.h>
#include <protocols/secure_channel/Constants.h>
#include <protocols/secure_channel/StatusReport.h>
#include <transport/CryptoContext.h>
namespace chip {
class DLL_EXPORT PairingSession
{
public:
PairingSession() {}
virtual ~PairingSession() {}
// TODO: the session should know which peer we are trying to connect to at start
// mPeerNodeId should be const and assigned at the construction, such that GetPeerNodeId will never return kUndefinedNodeId, and
// SetPeerNodeId is not necessary.
NodeId GetPeerNodeId() const { return mPeerNodeId; }
// TODO: the local key id should be allocateed at start
// mLocalSessionId should be const and assigned at the construction, such that GetLocalSessionId will always return a valid key
// id , and SetLocalSessionId is not necessary.
uint16_t GetLocalSessionId() const { return mLocalSessionId; }
bool IsValidLocalSessionId() const { return mLocalSessionId != kInvalidKeyId; }
uint16_t GetPeerSessionId() const
{
VerifyOrDie(mPeerSessionId.HasValue());
return mPeerSessionId.Value();
}
bool IsValidPeerSessionId() const { return mPeerSessionId.HasValue(); }
// TODO: decouple peer address into transport, such that pairing session do not need to handle peer address
const Transport::PeerAddress & GetPeerAddress() const { return mPeerAddress; }
Transport::PeerAddress & GetPeerAddress() { return mPeerAddress; }
/**
* @brief
* Derive a secure session from the paired session. The API will return error
* if called before pairing is established.
*
* @param session Referene to the secure session that will be
* initialized once pairing is complete
* @param role Role of the new session (initiator or responder)
* @return CHIP_ERROR The result of session derivation
*/
virtual CHIP_ERROR DeriveSecureSession(CryptoContext & session, CryptoContext::SessionRole role) = 0;
/**
* @brief
* Get the value of peer session counter which is synced during session establishment
*/
virtual uint32_t GetPeerCounter()
{
// TODO(#6652): This is a stub implementation, should be replaced by the real one when CASE and PASE is completed
return LocalSessionMessageCounter::kInitialValue;
}
/**
* @brief
* Get the value of peer session counter which is synced during session establishment
*/
virtual const ReliableMessageProtocolConfig & GetMRPConfig() const
{
// TODO(#6652): This is a stub implementation, should be replaced by the real one when CASE and PASE is completed
return gDefaultMRPConfig;
}
virtual const char * GetI2RSessionInfo() const = 0;
virtual const char * GetR2ISessionInfo() const = 0;
protected:
// TODO - Move EstimateTLVStructOverhead to CHIPTLV header file
static constexpr size_t EstimateTLVStructOverhead()
{
// The struct itself has a control byte and an end-of-struct marker.
return 2;
}
template <typename... FieldSizes>
static constexpr size_t EstimateTLVStructOverhead(size_t firstFieldSize, FieldSizes... otherFields)
{
// Estimate 4 bytes of overhead per field. This can happen for a large
// octet string field: 1 byte control, 1 byte context tag, 2 bytes
// length.
return firstFieldSize + 4 + EstimateTLVStructOverhead(otherFields...);
}
void SetPeerNodeId(NodeId peerNodeId) { mPeerNodeId = peerNodeId; }
void SetPeerSessionId(uint16_t id) { mPeerSessionId.SetValue(id); }
void SetLocalSessionId(uint16_t id) { mLocalSessionId = id; }
void SetPeerAddress(const Transport::PeerAddress & address) { mPeerAddress = address; }
virtual void OnSuccessStatusReport() {}
virtual CHIP_ERROR OnFailureStatusReport(Protocols::SecureChannel::GeneralStatusCode generalCode, uint16_t protocolCode)
{
return CHIP_ERROR_INTERNAL;
}
void SendStatusReport(Messaging::ExchangeContext * exchangeCtxt, uint16_t protocolCode)
{
Protocols::SecureChannel::GeneralStatusCode generalCode = (protocolCode == Protocols::SecureChannel::kProtocolCodeSuccess)
? Protocols::SecureChannel::GeneralStatusCode::kSuccess
: Protocols::SecureChannel::GeneralStatusCode::kFailure;
uint32_t protocolId = Protocols::SecureChannel::Id.ToFullyQualifiedSpecForm();
ChipLogDetail(SecureChannel, "Sending status report. Protocol code %d, exchange %d", protocolCode,
exchangeCtxt->GetExchangeId());
Protocols::SecureChannel::StatusReport statusReport(generalCode, protocolId, protocolCode);
Encoding::LittleEndian::PacketBufferWriter bbuf(System::PacketBufferHandle::New(statusReport.Size()));
statusReport.WriteToBuffer(bbuf);
System::PacketBufferHandle msg = bbuf.Finalize();
VerifyOrReturn(!msg.IsNull(), ChipLogError(SecureChannel, "Failed to allocate status report message"));
CHIP_ERROR err = exchangeCtxt->SendMessage(Protocols::SecureChannel::MsgType::StatusReport, std::move(msg));
if (err != CHIP_NO_ERROR)
{
ChipLogError(SecureChannel, "Failed to send status report message. %s", ErrorStr(err));
}
}
CHIP_ERROR HandleStatusReport(System::PacketBufferHandle && msg, bool successExpected)
{
Protocols::SecureChannel::StatusReport report;
CHIP_ERROR err = report.Parse(std::move(msg));
ReturnErrorOnFailure(err);
VerifyOrReturnError(report.GetProtocolId() == Protocols::SecureChannel::Id.ToFullyQualifiedSpecForm(),
CHIP_ERROR_INVALID_ARGUMENT);
if (report.GetGeneralCode() == Protocols::SecureChannel::GeneralStatusCode::kSuccess &&
report.GetProtocolCode() == Protocols::SecureChannel::kProtocolCodeSuccess && successExpected)
{
OnSuccessStatusReport();
}
else
{
err = OnFailureStatusReport(report.GetGeneralCode(), report.GetProtocolCode());
}
return err;
}
// TODO: remove Clear, we should create a new instance instead reset the old instance.
void Clear()
{
mPeerNodeId = kUndefinedNodeId;
mPeerAddress = Transport::PeerAddress::Uninitialized();
mPeerSessionId.ClearValue();
mLocalSessionId = kInvalidKeyId;
}
private:
NodeId mPeerNodeId = kUndefinedNodeId;
// TODO: the local key id should be allocateed at start
// then we can remove kInvalidKeyId
static constexpr uint16_t kInvalidKeyId = UINT16_MAX;
uint16_t mLocalSessionId = kInvalidKeyId;
// TODO: decouple peer address into transport, such that pairing session do not need to handle peer address
Transport::PeerAddress mPeerAddress = Transport::PeerAddress::Uninitialized();
Optional<uint16_t> mPeerSessionId;
};
} // namespace chip