Skip to content

Commit

Permalink
Merge pull request project-chip#88 from ivmarkov/session-eviction
Browse files Browse the repository at this point in the history
Handle out of sessions and out of exchanges
  • Loading branch information
kedars authored Aug 31, 2023
2 parents 188fe1b + e171e33 commit 320d1ec
Show file tree
Hide file tree
Showing 8 changed files with 359 additions and 170 deletions.
6 changes: 6 additions & 0 deletions rs-matter/src/core.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@

use core::{borrow::Borrow, cell::RefCell};

use embassy_sync::{blocking_mutex::raw::NoopRawMutex, mutex::Mutex};

use crate::{
acl::AclMgr,
data_model::{
Expand Down Expand Up @@ -61,6 +63,8 @@ pub struct Matter<'a> {
dev_att: &'a dyn DevAttDataFetcher,
pub(crate) port: u16,
pub(crate) exchanges: RefCell<heapless::Vec<ExchangeCtx, MAX_EXCHANGES>>,
pub(crate) ephemeral: RefCell<Option<ExchangeCtx>>,
pub(crate) ephemeral_mutex: Mutex<NoopRawMutex, ()>,
pub session_mgr: RefCell<SessionMgr>, // Public for tests
}

Expand Down Expand Up @@ -108,6 +112,8 @@ impl<'a> Matter<'a> {
dev_att,
port,
exchanges: RefCell::new(heapless::Vec::new()),
ephemeral: RefCell::new(None),
ephemeral_mutex: Mutex::new(()),
session_mgr: RefCell::new(SessionMgr::new(epoch, rand)),
}
}
Expand Down
2 changes: 2 additions & 0 deletions rs-matter/src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ pub enum ErrorCode {
NoMemory,
NoSession,
NoSpace,
NoSpaceExchanges,
NoSpaceSessions,
NoSpaceAckTable,
NoSpaceRetransTable,
NoTagFound,
Expand Down
29 changes: 16 additions & 13 deletions rs-matter/src/secure_channel/case.rs
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ impl<'a> Case<'a> {
) -> Result<(), Error> {
rx.check_proto_opcode(OpCode::CASESigma3 as _)?;

let status = {
let result = {
let fabric_mgr = self.fabric_mgr.borrow();

let fabric = fabric_mgr.get_fabric(case_session.local_fabric_idx)?;
Expand Down Expand Up @@ -133,7 +133,7 @@ impl<'a> Case<'a> {

if let Err(e) = Case::validate_certs(fabric, &initiator_noc, initiator_icac_mut) {
error!("Certificate Chain doesn't match: {}", e);
SCStatusCodes::InvalidParameter
Err(SCStatusCodes::InvalidParameter)
} else if let Err(e) = Case::validate_sigma3_sign(
d.initiator_noc.0,
d.initiator_icac.map(|a| a.0),
Expand All @@ -142,30 +142,33 @@ impl<'a> Case<'a> {
case_session,
) {
error!("Sigma3 Signature doesn't match: {}", e);
SCStatusCodes::InvalidParameter
Err(SCStatusCodes::InvalidParameter)
} else {
// Only now do we add this message to the TT Hash
let mut peer_catids: NocCatIds = Default::default();
initiator_noc.get_cat_ids(&mut peer_catids);
case_session.tt_hash.update(rx.as_slice())?;
let clone_data = Case::get_session_clone_data(

Ok(Case::get_session_clone_data(
fabric.ipk.op_key(),
fabric.get_node_id(),
initiator_noc.get_node_id()?,
exchange.with_session(|sess| Ok(sess.get_peer_addr()))?,
case_session,
&peer_catids,
)?;

// TODO: Handle NoSpace
exchange
.with_session_mgr_mut(|sess_mgr| sess_mgr.clone_session(&clone_data))?;

SCStatusCodes::SessionEstablishmentSuccess
)?)
}
} else {
SCStatusCodes::NoSharedTrustRoots
Err(SCStatusCodes::NoSharedTrustRoots)
}
};

let status = match result {
Ok(clone_data) => {
exchange.clone_session(tx, &clone_data).await?;
SCStatusCodes::SessionEstablishmentSuccess
}
Err(status) => status,
};

complete_with_status(exchange, tx, status, None).await
Expand Down Expand Up @@ -201,7 +204,7 @@ impl<'a> Case<'a> {
return Ok(());
}

let local_sessid = exchange.with_session_mgr_mut(|mgr| Ok(mgr.get_next_sess_id()))?;
let local_sessid = exchange.get_next_sess_id();
case_session.peer_sessid = r.initiator_sessid;
case_session.local_sessid = local_sessid;
case_session.tt_hash.update(rx_buf)?;
Expand Down
4 changes: 2 additions & 2 deletions rs-matter/src/secure_channel/common.rs
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,8 @@ pub fn create_sc_status_report(
// the session will be closed soon
GeneralCode::Success
}
SCStatusCodes::Busy
| SCStatusCodes::InvalidParameter
SCStatusCodes::Busy => GeneralCode::Busy,
SCStatusCodes::InvalidParameter
| SCStatusCodes::NoSharedTrustRoots
| SCStatusCodes::SessionNotFound => GeneralCode::Failure,
};
Expand Down
28 changes: 14 additions & 14 deletions rs-matter/src/secure_channel/pake.rs
Original file line number Diff line number Diff line change
Expand Up @@ -167,9 +167,9 @@ impl<'a> Pake<'a> {
self.update_timeout(exchange, tx, true).await?;

let cA = extract_pasepake_1_or_3_params(rx.as_slice())?;
let (status_code, ke) = spake2p.handle_cA(cA);
let (status, ke) = spake2p.handle_cA(cA);

let clone_data = if status_code == SCStatusCodes::SessionEstablishmentSuccess {
let result = if status == SCStatusCodes::SessionEstablishmentSuccess {
// Get the keys
let ke = ke.ok_or(ErrorCode::Invalid)?;
let mut session_keys: [u8; 48] = [0; 48];
Expand All @@ -194,22 +194,22 @@ impl<'a> Pake<'a> {
.att_challenge
.copy_from_slice(&session_keys[32..48]);

// Queue a transport mgr request to add a new session
Some(clone_data)
Ok(clone_data)
} else {
None
Err(status)
};

if let Some(clone_data) = clone_data {
// TODO: Handle NoSpace
exchange.with_session_mgr_mut(|sess_mgr| sess_mgr.clone_session(&clone_data))?;
let status = match result {
Ok(clone_data) => {
exchange.clone_session(tx, &clone_data).await?;
self.pase.borrow_mut().disable_pase_session(mdns)?;

self.pase.borrow_mut().disable_pase_session(mdns)?;
}

complete_with_status(exchange, tx, status_code, None).await?;
SCStatusCodes::SessionEstablishmentSuccess
}
Err(status) => status,
};

Ok(())
complete_with_status(exchange, tx, status, None).await
}

#[allow(non_snake_case)]
Expand Down Expand Up @@ -273,7 +273,7 @@ impl<'a> Pake<'a> {
let mut our_random: [u8; 32] = [0; 32];
(self.pase.borrow().rand)(&mut our_random);

let local_sessid = exchange.with_session_mgr_mut(|mgr| Ok(mgr.get_next_sess_id()))?;
let local_sessid = exchange.get_next_sess_id();
let spake2p_data: u32 = ((local_sessid as u32) << 16) | a.initiator_ssid as u32;
spake2p.set_app_data(spake2p_data);

Expand Down
Loading

0 comments on commit 320d1ec

Please sign in to comment.