diff --git a/src/protocols/secure_channel/CASESession.cpp b/src/protocols/secure_channel/CASESession.cpp index 9fe5de5a7eed7d..b9fa5ea79e109f 100644 --- a/src/protocols/secure_channel/CASESession.cpp +++ b/src/protocols/secure_channel/CASESession.cpp @@ -50,7 +50,8 @@ #include namespace { - +// TBEDataTags works for both sigma-2-tbedata and sigma-3-tbedata as they have the same tag numbers for the elements common between +// them. enum class TBEDataTags : uint8_t { kSenderNOC = 1, @@ -59,6 +60,8 @@ enum class TBEDataTags : uint8_t kResumptionID = 4, }; +// TBSDataTags works for both sigma-2-tbsdata and sigma-3-tbsdata as they have the same tag numbers for the elements common between +// them. enum class TBSDataTags : uint8_t { kSenderNOC = 1, @@ -69,30 +72,30 @@ enum class TBSDataTags : uint8_t enum class Sigma1Tags : uint8_t { - kInitiatorRandom = 1, - kInitiatorSessionId = 2, - kDestinationId = 3, - kInitiatorPubKey = 4, - kInitiatorMRPParams = 5, - kResumptionID = 6, - kResume1MIC = 7, + kInitiatorRandom = 1, + kInitiatorSessionId = 2, + kDestinationId = 3, + kInitiatorEphPubKey = 4, + kInitiatorSessionParams = 5, + kResumptionID = 6, + kResume1MIC = 7, }; enum class Sigma2Tags : uint8_t { - kResponderRandom = 1, - kResponderSessionId = 2, - kResponderEphPubKey = 3, - kEncrypted2 = 4, - kResponderMRPParams = 5, + kResponderRandom = 1, + kResponderSessionId = 2, + kResponderEphPubKey = 3, + kEncrypted2 = 4, + kResponderSessionParams = 5, }; -enum class Sigma2ResTags : uint8_t +enum class Sigma2ResumeTags : uint8_t { - kResumptionID = 1, - kSigma2ResumeMIC = 2, - kResponderSessionID = 3, - kResponderMRPParams = 4, + kResumptionID = 1, + kSigma2ResumeMIC = 2, + kResponderSessionID = 3, + kResponderSessionParams = 4, }; enum class Sigma3Tags : uint8_t @@ -104,7 +107,7 @@ enum class Sigma3Tags : uint8_t template constexpr chip::TLV::Tag AsTlvContextTag(Enum e) { - return chip::TLV::ContextTag(static_cast>(e)); + return chip::TLV::ContextTag(chip::to_underlying(e)); } } // namespace @@ -794,7 +797,6 @@ CHIP_ERROR CASESession::SendSigma1() { MATTER_TRACE_SCOPE("SendSigma1", "CASESession"); - System::PacketBufferHandle msgR1; uint8_t destinationIdentifier[kSHA256_Hash_Length] = { 0 }; // Struct that will be used as input to EncodeSigma1() method @@ -812,7 +814,7 @@ CHIP_ERROR CASESession::SendSigma1() mEphemeralKey = mFabricsTable->AllocateEphemeralKeypairForCASE(); VerifyOrReturnError(mEphemeralKey != nullptr, CHIP_ERROR_NO_MEMORY); ReturnErrorOnFailure(mEphemeralKey->Initialize(ECPKeyTarget::ECDH)); - encodeSigma1Inputs.pEphPubKey = &mEphemeralKey->Pubkey(); + encodeSigma1Inputs.initiatorEphPubKey = &mEphemeralKey->Pubkey(); // Fill in the random value ReturnErrorOnFailure(DRBG_get_bytes(mInitiatorRandom, sizeof(mInitiatorRandom))); @@ -847,7 +849,7 @@ CHIP_ERROR CASESession::SendSigma1() { // Found valid resumption state, try to resume the session. encodeSigma1Inputs.resumptionId = mResumeResumptionId; - MutableByteSpan resumeMICSpan(encodeSigma1Inputs.initiatorResume1MIC); + MutableByteSpan resumeMICSpan(encodeSigma1Inputs.initiatorResume1MICBuffer); ReturnErrorOnFailure(GenerateSigmaResumeMIC(encodeSigma1Inputs.initiatorRandom, encodeSigma1Inputs.resumptionId, ByteSpan(kKDFS1RKeyInfo), ByteSpan(kResume1MIC_Nonce), resumeMICSpan)); @@ -856,6 +858,8 @@ CHIP_ERROR CASESession::SendSigma1() } } + System::PacketBufferHandle msgR1; + // Encode Sigma1 in CHIP TLV Format ReturnErrorOnFailure(EncodeSigma1(msgR1, encodeSigma1Inputs)); @@ -893,9 +897,9 @@ CHIP_ERROR CASESession::EncodeSigma1(System::PacketBufferHandle & msg, EncodeSig { MATTER_TRACE_SCOPE("EncodeSigma1", "CASESession"); - // the PacketBufferHandler should be empty + // The API Contract requires the passed PacketBufferHandle to be empty VerifyOrReturnError(msg.IsNull(), CHIP_ERROR_INCORRECT_STATE); - VerifyOrReturnError(input.pEphPubKey != nullptr, CHIP_ERROR_INCORRECT_STATE); + VerifyOrReturnError(input.initiatorEphPubKey != nullptr, CHIP_ERROR_INVALID_ARGUMENT); size_t dataLen = EstimateStructOverhead(kSigmaParamRandomNumberSize, // initiatorRandom sizeof(uint16_t), // initiatorSessionId, @@ -910,20 +914,20 @@ CHIP_ERROR CASESession::EncodeSigma1(System::PacketBufferHandle & msg, EncodeSig VerifyOrReturnError(!msg.IsNull(), CHIP_ERROR_NO_MEMORY); System::PacketBufferTLVWriter tlvWriter; - TLVType outerContainerType = kTLVType_NotSpecified; - tlvWriter.Init(std::move(msg)); + + TLVType outerContainerType = kTLVType_NotSpecified; ReturnErrorOnFailure(tlvWriter.StartContainer(AnonymousTag(), kTLVType_Structure, outerContainerType)); ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(Sigma1Tags::kInitiatorRandom), input.initiatorRandom)); ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(Sigma1Tags::kInitiatorSessionId), input.initiatorSessionId)); ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(Sigma1Tags::kDestinationId), input.destinationId)); - ReturnErrorOnFailure(tlvWriter.PutBytes(AsTlvContextTag(Sigma1Tags::kInitiatorPubKey), *input.pEphPubKey, - static_cast(input.pEphPubKey->Length()))); + ReturnErrorOnFailure(tlvWriter.PutBytes(AsTlvContextTag(Sigma1Tags::kInitiatorEphPubKey), *input.initiatorEphPubKey, + static_cast(input.initiatorEphPubKey->Length()))); - VerifyOrReturnError(input.initiatorMrpConfig != nullptr, CHIP_ERROR_INCORRECT_STATE); + VerifyOrReturnError(input.initiatorMrpConfig != nullptr, CHIP_ERROR_INVALID_ARGUMENT); ReturnErrorOnFailure( - EncodeSessionParameters(AsTlvContextTag(Sigma1Tags::kInitiatorMRPParams), *input.initiatorMrpConfig, tlvWriter)); + EncodeSessionParameters(AsTlvContextTag(Sigma1Tags::kInitiatorSessionParams), *input.initiatorMrpConfig, tlvWriter)); if (input.sessionResumptionRequested) { @@ -942,21 +946,22 @@ CHIP_ERROR CASESession::HandleSigma1_and_SendSigma2(System::PacketBufferHandle & MATTER_TRACE_SCOPE("HandleSigma1_and_SendSigma2", "CASESession"); CHIP_ERROR err = CHIP_NO_ERROR; + Step nextStep = Step::kNone; // Parse and Validate Received Sigma1, and decide next step - SuccessOrExit(err = HandleSigma1(std::move(msg))); + SuccessOrExit(err = HandleSigma1(std::move(msg), nextStep)); - switch (mNextStep) + switch (nextStep) { case Step::kSendSigma2: { System::PacketBufferHandle msgR2; EncodeSigma2Inputs encodeSigma2; - MATTER_LOG_METRIC_BEGIN(kMetricDeviceCASESessionSigma2); - SuccessOrExit(err = PrepareSigma2(encodeSigma2)); SuccessOrExit(err = EncodeSigma2(msgR2, encodeSigma2)); + + MATTER_LOG_METRIC_BEGIN(kMetricDeviceCASESessionSigma2); SuccessOrExitAction(err = SendSigma2(std::move(msgR2)), MATTER_LOG_METRIC_END(kMetricDeviceCASESessionSigma2, err)); mDelegate->OnSessionEstablishmentStarted(); @@ -965,12 +970,12 @@ CHIP_ERROR CASESession::HandleSigma1_and_SendSigma2(System::PacketBufferHandle & case Step::kSendSigma2Resume: { System::PacketBufferHandle msgR2Resume; - EncodeSigma2ResInputs encodeSigma2Resume; - - MATTER_LOG_METRIC_BEGIN(kMetricDeviceCASESessionSigma2Resume); + EncodeSigma2ResumeInputs encodeSigma2Resume; SuccessOrExit(err = PrepareSigma2Resume(encodeSigma2Resume)); SuccessOrExit(err = EncodeSigma2Resume(msgR2Resume, encodeSigma2Resume)); + + MATTER_LOG_METRIC_BEGIN(kMetricDeviceCASESessionSigma2Resume); SuccessOrExitAction(err = SendSigma2Resume(std::move(msgR2Resume)), MATTER_LOG_METRIC_END(kMetricDeviceCASESessionSigma2Resume, err)); @@ -1077,8 +1082,7 @@ CHIP_ERROR CASESession::TryResumeSession(SessionResumptionStorage::ConstResumpti return CHIP_NO_ERROR; } - -CHIP_ERROR CASESession::HandleSigma1(System::PacketBufferHandle && msg) +CHIP_ERROR CASESession::HandleSigma1(System::PacketBufferHandle && msg, Step & nextStep) { MATTER_TRACE_SCOPE("HandleSigma1", "CASESession"); ChipLogProgress(SecureChannel, "Received Sigma1 msg"); @@ -1088,8 +1092,6 @@ CHIP_ERROR CASESession::HandleSigma1(System::PacketBufferHandle && msg) ReturnErrorOnFailure(mCommissioningHash.AddData(ByteSpan{ msg->Start(), msg->DataLength() })); - CHIP_ERROR err = CHIP_NO_ERROR; - System::PacketBufferTLVReader tlvReader; tlvReader.Init(std::move(msg)); @@ -1118,7 +1120,7 @@ CHIP_ERROR CASESession::HandleSigma1(System::PacketBufferHandle && msg) std::copy(parsedSigma1.resumptionId.begin(), parsedSigma1.resumptionId.end(), mResumeResumptionId.begin()); // Next Step is to send Sigma2Resume message to the initiator - mNextStep = Step::kSendSigma2Resume; + nextStep = Step::kSendSigma2Resume; // Early returning here, since the next Step is known to be Sigma2Resume, and no further processing is needed for the // Sigma1 message @@ -1129,6 +1131,8 @@ CHIP_ERROR CASESession::HandleSigma1(System::PacketBufferHandle && msg) // mRemotePubKey.Length() == initiatorPubKey.size() == kP256_PublicKey_Length. memcpy(mRemotePubKey.Bytes(), parsedSigma1.initiatorEphPubKey.data(), mRemotePubKey.Length()); + CHIP_ERROR err = CHIP_NO_ERROR; + // Attempt to match the initiator's desired destination based on local fabric table. err = FindLocalNodeFromDestinationId(parsedSigma1.destinationId, parsedSigma1.initiatorRandom); if (err == CHIP_NO_ERROR) @@ -1139,7 +1143,7 @@ CHIP_ERROR CASESession::HandleSigma1(System::PacketBufferHandle && msg) // Side-effect of FindLocalNodeFromDestinationId success was that mFabricIndex/mLocalNodeId are now // set to the local fabric and associated NodeId that was targeted by the initiator. - mNextStep = Step::kSendSigma2; + nextStep = Step::kSendSigma2; } else { @@ -1148,7 +1152,7 @@ CHIP_ERROR CASESession::HandleSigma1(System::PacketBufferHandle && msg) // FindLocalNodeFromDestinationId returns CHIP_ERROR_KEY_NOT_FOUND if validation of DestinationID fails, which will trigger // status Report with ProtocolCode = NoSharedTrustRoots. - mNextStep = Step::kSendStatusReport; + nextStep = Step::kSendStatusReport; return err; } @@ -1156,7 +1160,7 @@ CHIP_ERROR CASESession::HandleSigma1(System::PacketBufferHandle && msg) return CHIP_NO_ERROR; } -CHIP_ERROR CASESession::PrepareSigma2Resume(EncodeSigma2ResInputs & outSigma2ResData) +CHIP_ERROR CASESession::PrepareSigma2Resume(EncodeSigma2ResumeInputs & outSigma2ResData) { MATTER_TRACE_SCOPE("PrepareSigma2Resume", "CASESession"); @@ -1178,13 +1182,13 @@ CHIP_ERROR CASESession::PrepareSigma2Resume(EncodeSigma2ResInputs & outSigma2Res return CHIP_NO_ERROR; } -CHIP_ERROR CASESession::EncodeSigma2Resume(System::PacketBufferHandle & msgR2Resume, EncodeSigma2ResInputs & input) +CHIP_ERROR CASESession::EncodeSigma2Resume(System::PacketBufferHandle & msgR2Resume, EncodeSigma2ResumeInputs & input) { MATTER_TRACE_SCOPE("EncodeSigma2Resume", "CASESession"); - // the passed PacketBufferHandler should be empty + // The API Contract requires the passed PacketBufferHandle to be empty VerifyOrReturnError(msgR2Resume.IsNull(), CHIP_ERROR_INCORRECT_STATE); - VerifyOrReturnError(input.responderMrpConfig != nullptr, CHIP_ERROR_INCORRECT_STATE); + VerifyOrReturnError(input.responderMrpConfig != nullptr, CHIP_ERROR_INVALID_ARGUMENT); size_t maxDatalLen = EstimateStructOverhead(SessionResumptionStorage::kResumptionIdSize, // resumptionID CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, // sigma2ResumeMIC @@ -1196,17 +1200,17 @@ CHIP_ERROR CASESession::EncodeSigma2Resume(System::PacketBufferHandle & msgR2Res VerifyOrReturnError(!msgR2Resume.IsNull(), CHIP_ERROR_NO_MEMORY); System::PacketBufferTLVWriter tlvWriter; - TLVType outerContainerType = kTLVType_NotSpecified; - tlvWriter.Init(std::move(msgR2Resume)); + TLVType outerContainerType = kTLVType_NotSpecified; + ReturnErrorOnFailure(tlvWriter.StartContainer(AnonymousTag(), kTLVType_Structure, outerContainerType)); - ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(Sigma2ResTags::kResumptionID), input.resumptionId)); - ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(Sigma2ResTags::kSigma2ResumeMIC), input.resumeMICSpan)); - ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(Sigma2ResTags::kResponderSessionID), input.responderSessionId)); + ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(Sigma2ResumeTags::kResumptionID), input.resumptionId)); + ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(Sigma2ResumeTags::kSigma2ResumeMIC), input.resumeMICSpan)); + ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(Sigma2ResumeTags::kResponderSessionID), input.responderSessionId)); ReturnErrorOnFailure( - EncodeSessionParameters(AsTlvContextTag(Sigma2ResTags::kResponderMRPParams), *input.responderMrpConfig, tlvWriter)); + EncodeSessionParameters(AsTlvContextTag(Sigma2ResumeTags::kResponderSessionParams), *input.responderMrpConfig, tlvWriter)); ReturnErrorOnFailure(tlvWriter.EndContainer(outerContainerType)); ReturnErrorOnFailure(tlvWriter.Finalize(&msgR2Resume)); @@ -1257,7 +1261,7 @@ CHIP_ERROR CASESession::PrepareSigma2(EncodeSigma2Inputs & outSigma2Data) mEphemeralKey = mFabricsTable->AllocateEphemeralKeypairForCASE(); VerifyOrReturnError(mEphemeralKey != nullptr, CHIP_ERROR_NO_MEMORY); ReturnErrorOnFailure(mEphemeralKey->Initialize(ECPKeyTarget::ECDH)); - outSigma2Data.pEphPubKey = &mEphemeralKey->Pubkey(); + outSigma2Data.responderEphPubKey = &mEphemeralKey->Pubkey(); // Generate a Shared Secret ReturnErrorOnFailure(mEphemeralKey->ECDH_derive_secret(mRemotePubKey, mSharedSecret)); @@ -1301,9 +1305,10 @@ CHIP_ERROR CASESession::PrepareSigma2(EncodeSigma2Inputs & outSigma2Data) CHIP_ERROR_NO_MEMORY); TLVWriter tlvWriter; + tlvWriter.Init(outSigma2Data.msgR2Encrypted.Get(), msgR2SignedEncLen); + TLVType outerContainerType = kTLVType_NotSpecified; - tlvWriter.Init(outSigma2Data.msgR2Encrypted.Get(), msgR2SignedEncLen); ReturnErrorOnFailure(tlvWriter.StartContainer(AnonymousTag(), kTLVType_Structure, outerContainerType)); ReturnErrorOnFailure(tlvWriter.Put(AsTlvContextTag(TBEDataTags::kSenderNOC), nocCert)); if (!icaCert.empty()) @@ -1344,14 +1349,13 @@ CHIP_ERROR CASESession::PrepareSigma2(EncodeSigma2Inputs & outSigma2Data) CHIP_ERROR CASESession::EncodeSigma2(System::PacketBufferHandle & msgR2, EncodeSigma2Inputs & input) { - // the PacketBufferHandler should be empty + // The API Contract requires the passed PacketBufferHandle to be empty VerifyOrReturnError(msgR2.IsNull(), CHIP_ERROR_INCORRECT_STATE); - VerifyOrReturnError(input.pEphPubKey != nullptr, CHIP_ERROR_INCORRECT_STATE); - // Check if msgR2Encrypted is not nullptr + VerifyOrReturnError(input.responderEphPubKey != nullptr, CHIP_ERROR_INVALID_ARGUMENT); VerifyOrReturnError(input.msgR2Encrypted, CHIP_ERROR_INCORRECT_STATE); // Check if length of msgR2Encrypted is set and is at least larger than the MIC length VerifyOrReturnError(input.encrypted2Length > CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, CHIP_ERROR_INCORRECT_STATE); - VerifyOrReturnError(input.responderMrpConfig != nullptr, CHIP_ERROR_INCORRECT_STATE); + VerifyOrReturnError(input.responderMrpConfig != nullptr, CHIP_ERROR_INVALID_ARGUMENT); size_t dataLen = EstimateStructOverhead(kSigmaParamRandomNumberSize, // responderRandom sizeof(uint16_t), // responderSessionId @@ -1364,23 +1368,25 @@ CHIP_ERROR CASESession::EncodeSigma2(System::PacketBufferHandle & msgR2, EncodeS VerifyOrReturnError(!msgR2.IsNull(), CHIP_ERROR_NO_MEMORY); System::PacketBufferTLVWriter tlvWriterMsg2; + tlvWriterMsg2.Init(std::move(msgR2)); + TLVType outerContainerType = kTLVType_NotSpecified; - tlvWriterMsg2.Init(std::move(msgR2)); ReturnErrorOnFailure(tlvWriterMsg2.StartContainer(AnonymousTag(), kTLVType_Structure, outerContainerType)); ReturnErrorOnFailure(tlvWriterMsg2.PutBytes(AsTlvContextTag(Sigma2Tags::kResponderRandom), &input.responderRandom[0], sizeof(input.responderRandom))); ReturnErrorOnFailure(tlvWriterMsg2.Put(AsTlvContextTag(Sigma2Tags::kResponderSessionId), input.responderSessionId)); - ReturnErrorOnFailure(tlvWriterMsg2.PutBytes(AsTlvContextTag(Sigma2Tags::kResponderEphPubKey), *input.pEphPubKey, - static_cast(input.pEphPubKey->Length()))); + ReturnErrorOnFailure(tlvWriterMsg2.PutBytes(AsTlvContextTag(Sigma2Tags::kResponderEphPubKey), *input.responderEphPubKey, + static_cast(input.responderEphPubKey->Length()))); ReturnErrorOnFailure(tlvWriterMsg2.PutBytes(AsTlvContextTag(Sigma2Tags::kEncrypted2), input.msgR2Encrypted.Get(), static_cast(input.encrypted2Length))); + input.msgR2Encrypted.Free(); ReturnErrorOnFailure( - EncodeSessionParameters(AsTlvContextTag(Sigma2Tags::kResponderMRPParams), *input.responderMrpConfig, tlvWriterMsg2)); + EncodeSessionParameters(AsTlvContextTag(Sigma2Tags::kResponderSessionParams), *input.responderMrpConfig, tlvWriterMsg2)); ReturnErrorOnFailure(tlvWriterMsg2.EndContainer(outerContainerType)); ReturnErrorOnFailure(tlvWriterMsg2.Finalize(&msgR2)); @@ -1649,7 +1655,7 @@ CHIP_ERROR CASESession::HandleSigma2(System::PacketBufferHandle && msg) // Retrieve responderMRPParams if present if (tlvReader.Next() != CHIP_END_OF_TLV) { - SuccessOrExit(err = DecodeMRPParametersIfPresent(AsTlvContextTag(Sigma2Tags::kResponderMRPParams), tlvReader)); + SuccessOrExit(err = DecodeMRPParametersIfPresent(AsTlvContextTag(Sigma2Tags::kResponderSessionParams), tlvReader)); mExchangeCtxt.Value()->GetSessionHandle()->AsUnauthenticatedSession()->SetRemoteSessionParameters( GetRemoteSessionParameters()); } @@ -2327,15 +2333,15 @@ CHIP_ERROR CASESession::ParseSigma1(TLV::ContiguousBufferTLVReader & tlvReader, ReturnErrorOnFailure(tlvReader.GetByteView(outParsedSigma1.destinationId)); VerifyOrReturnError(outParsedSigma1.destinationId.size() == kSHA256_Hash_Length, CHIP_ERROR_INVALID_CASE_PARAMETER); - ReturnErrorOnFailure(tlvReader.Next(AsTlvContextTag(Sigma1Tags::kInitiatorPubKey))); + ReturnErrorOnFailure(tlvReader.Next(AsTlvContextTag(Sigma1Tags::kInitiatorEphPubKey))); ReturnErrorOnFailure(tlvReader.GetByteView(outParsedSigma1.initiatorEphPubKey)); VerifyOrReturnError(outParsedSigma1.initiatorEphPubKey.size() == kP256_PublicKey_Length, CHIP_ERROR_INVALID_CASE_PARAMETER); // Optional members start here. CHIP_ERROR err = tlvReader.Next(); - if (err == CHIP_NO_ERROR && tlvReader.GetTag() == AsTlvContextTag(Sigma1Tags::kInitiatorMRPParams)) + if (err == CHIP_NO_ERROR && tlvReader.GetTag() == AsTlvContextTag(Sigma1Tags::kInitiatorSessionParams)) { - ReturnErrorOnFailure(DecodeMRPParametersIfPresent(AsTlvContextTag(Sigma1Tags::kInitiatorMRPParams), tlvReader)); + ReturnErrorOnFailure(DecodeMRPParametersIfPresent(AsTlvContextTag(Sigma1Tags::kInitiatorSessionParams), tlvReader)); outParsedSigma1.initiatorMrpParamsPresent = true; err = tlvReader.Next(); diff --git a/src/protocols/secure_channel/CASESession.h b/src/protocols/secure_channel/CASESession.h index 3827410f6af590..bb87b614c5050b 100644 --- a/src/protocols/secure_channel/CASESession.h +++ b/src/protocols/secure_channel/CASESession.h @@ -191,7 +191,7 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler, bool InvokeBackgroundWorkWatchdog(); protected: - // Helper Enum for usage in HandleSigma1_and_SendSigma2 + // Helper Enum for use in HandleSigma1_and_SendSigma2 enum class Step : uint8_t { kNone, @@ -199,10 +199,7 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler, kSendSigma2Resume, kSendStatusReport }; - - Step mNextStep = Step::kNone; - - // This struct only serves as a base struct for EncodeSigma1 and ParseSigma1 + // This struct only serves as a base struct for EncodedSigma1Inputs and ParsedSigma1 struct Sigma1Param { ByteSpan initiatorRandom; @@ -215,9 +212,9 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler, struct EncodeSigma1Inputs : Sigma1Param { - const Crypto::P256PublicKey * pEphPubKey = nullptr; + const Crypto::P256PublicKey * initiatorEphPubKey = nullptr; const ReliableMessageProtocolConfig * initiatorMrpConfig = nullptr; - uint8_t initiatorResume1MIC[Crypto::CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES]; + uint8_t initiatorResume1MICBuffer[Crypto::CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES]; }; struct ParsedSigma1 : Sigma1Param @@ -230,32 +227,35 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler, { uint8_t responderRandom[kSigmaParamRandomNumberSize]; uint16_t responderSessionId; - const Crypto::P256PublicKey * pEphPubKey = nullptr; + const Crypto::P256PublicKey * responderEphPubKey = nullptr; + // ScopedMemoryBufferWithSize is not used for msgR2Encrypted since encrypted2Length might differ from the allocated buffer + // size Platform::ScopedMemoryBuffer msgR2Encrypted; size_t encrypted2Length = 0; const ReliableMessageProtocolConfig * responderMrpConfig; }; - struct EncodeSigma2ResInputs + struct EncodeSigma2ResumeInputs { ByteSpan resumptionId; - uint8_t sigma2ResumeMIC[Crypto::CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES]; - MutableByteSpan resumeMICSpan{ sigma2ResumeMIC }; + uint8_t sigma2ResumeMICBuffer[Crypto::CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES]; + MutableByteSpan resumeMICSpan{ sigma2ResumeMICBuffer }; uint16_t responderSessionId; const ReliableMessageProtocolConfig * responderMrpConfig; }; /** - * @brief Encodes a Sigma1 message into TLV format and allocates a buffer for it within the provided PacketBufferHandle. + * @brief Encodes a Sigma1 message into TLV format and allocates a buffer for it, which is owned by the PacketBufferHandle + *outparam. * * @param outMsg PacketBufferHandle passed by reference. The handle must be empty prior to calling this method, * as a new buffer will be allocated and assigned to it within the method. * * @param inParam a struct containing all the values that will be encoded into TLV format * - * @note the passed PacketBufferHandle `outMsg` must be in a null state. + * @note the passed PacketBufferHandle `outMsg` must not be holding an existing PacketBuffer. **/ - CHIP_ERROR EncodeSigma1(System::PacketBufferHandle & outMsg, EncodeSigma1Inputs & inParam); + static CHIP_ERROR EncodeSigma1(System::PacketBufferHandle & outMsg, EncodeSigma1Inputs & inParam); /** * Parse a sigma1 message. This function will return success only if the @@ -264,19 +264,21 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler, * * The required tags are present. * * The values for the tags that are present satisfy schema requirements * (e.g. constraints on octet string lengths) - * * Either resumptionID and initiatorResume1MIC are both present or both + * * Either resumptionID and initiatorResume1MICBuffer are both present or both * absent. * * On success, the members of outParam will be set to the values corresponding to the message. + * These values will be valid as long as the buffer that the passed-in tlvReader is reading from is valid. * - * On success, either the sessionResumptionRequested outParam will be set to true - * and the resumptionID and initiatorResumeMICSpan outparams will be set to - * valid values, or the sessionResumptionRequested outParam will be set to false. + * On success, either the sessionResumptionRequested field will be set to true + * and the resumptionID and initiatorResumeMICSpan fields will be set to + * valid values, or the sessionResumptionRequested field will be set to false. */ - CHIP_ERROR ParseSigma1(TLV::ContiguousBufferTLVReader & tlvReader, ParsedSigma1 & outParam); + CHIP_ERROR ParseSigma1(TLV::ContiguousBufferTLVReader & tlvReader, ParsedSigma1 & parsedMessage); /** - * @brief Encodes a Sigma2 message into TLV format and allocates a buffer for it within the provided PacketBufferHandle. + * @brief Encodes a Sigma2 message into TLV format and allocates a buffer for it, which is owned by the PacketBufferHandle + *outparam. * * @param outMsg PacketBufferHandle passed by reference. The handle must be empty prior to calling this method, * as a new buffer will be allocated and assigned to it within the method. @@ -286,10 +288,11 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler, * @note the passed PacketBufferHandle `outMsg` must be in a null state. **/ - CHIP_ERROR EncodeSigma2(System::PacketBufferHandle & outMsg, EncodeSigma2Inputs & inParam); + static CHIP_ERROR EncodeSigma2(System::PacketBufferHandle & outMsg, EncodeSigma2Inputs & inParam); /** - * @brief Encodes a Sigma2_Resume message into TLV format and allocates a buffer for it within the provided PacketBufferHandle. + * @brief Encodes a Sigma2_Resume message into TLV format and allocates a buffer for it, which is owned by the + *PacketBufferHandle outparam. * * @param outMsg PacketBufferHandle passed by reference. The handle must be empty prior to calling this method, * as a new buffer will be allocated and assigned to it within the method. @@ -298,7 +301,7 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler, * * @note the passed PacketBufferHandle `outMsg` must be in a null state. **/ - CHIP_ERROR EncodeSigma2Resume(System::PacketBufferHandle & outMsg, EncodeSigma2ResInputs & inParam); + static CHIP_ERROR EncodeSigma2Resume(System::PacketBufferHandle & outMsg, EncodeSigma2ResumeInputs & inParam); private: friend class TestCASESession; @@ -325,12 +328,12 @@ class DLL_EXPORT CASESession : public Messaging::UnsolicitedMessageHandler, CHIP_ERROR SendSigma1(); CHIP_ERROR HandleSigma1_and_SendSigma2(System::PacketBufferHandle && msg); - CHIP_ERROR HandleSigma1(System::PacketBufferHandle && msg); + CHIP_ERROR HandleSigma1(System::PacketBufferHandle && ms, Step & nextStep); CHIP_ERROR TryResumeSession(SessionResumptionStorage::ConstResumptionIdView resumptionId, ByteSpan resume1MIC, ByteSpan initiatorRandom); CHIP_ERROR PrepareSigma2(EncodeSigma2Inputs & output); - CHIP_ERROR PrepareSigma2Resume(EncodeSigma2ResInputs & output); + CHIP_ERROR PrepareSigma2Resume(EncodeSigma2ResumeInputs & output); CHIP_ERROR SendSigma2(System::PacketBufferHandle && msg_R2); CHIP_ERROR SendSigma2Resume(System::PacketBufferHandle && msg_R2_resume); diff --git a/src/protocols/secure_channel/tests/TestCASESession.cpp b/src/protocols/secure_channel/tests/TestCASESession.cpp index f2b4d084fadf26..96bf272161237f 100644 --- a/src/protocols/secure_channel/tests/TestCASESession.cpp +++ b/src/protocols/secure_channel/tests/TestCASESession.cpp @@ -59,7 +59,24 @@ using namespace chip::Crypto; namespace chip { class TestCASESecurePairingDelegate; -class TestCASESession : public Test::LoopbackMessagingContext, public CASESession +// Exposing CASESession's Protected members in order to be able to call the protected methods, and instantiate protected structures. +// Also to be able to instantiate New CASESessions repeatedly inside a single TestCase (which is not possible if we inherit +// CASESession in the Test Fixture) +class CASESessionAccess : public CASESession +{ +public: + using CASESession::EncodeSigma1Inputs; + using CASESession::EncodeSigma2Inputs; + using CASESession::EncodeSigma2ResumeInputs; + using CASESession::ParsedSigma1; + + using CASESession::EncodeSigma1; + using CASESession::EncodeSigma2; + using CASESession::EncodeSigma2Resume; + using CASESession::ParseSigma1; +}; + +class TestCASESession : public Test::LoopbackMessagingContext { public: // Performs shared setup for all tests in the test suite @@ -743,9 +760,10 @@ static CHIP_ERROR EncodeSigma1Helper(MutableByteSpan & buf) \ TLV::ContiguousBufferTLVReader reader; \ reader.Init(buf); \ - ParsedSigma1 parsedSigma1; \ + CASESessionAccess session; \ + CASESessionAccess::ParsedSigma1 parsedSigma1; \ \ - EXPECT_EQ(ParseSigma1(reader, parsedSigma1) == CHIP_NO_ERROR, params::kExpectSuccess); \ + EXPECT_EQ(session.ParseSigma1(reader, parsedSigma1) == CHIP_NO_ERROR, params::kExpectSuccess); \ if (params::kExpectSuccess) \ { \ EXPECT_EQ(parsedSigma1.sessionResumptionRequested, \ @@ -866,181 +884,192 @@ TEST_F(TestCASESession, Sigma1ParsingTest) TEST_F(TestCASESession, EncodeSigma1Test) { - CASESession::EncodeSigma1Inputs encodeParams; + CASESessionAccess::EncodeSigma1Inputs encodeParams; uint8_t random[32]; - EXPECT_EQ(chip::Crypto::DRBG_get_bytes(&random[0], 32), CHIP_NO_ERROR); + EXPECT_EQ(chip::Crypto::DRBG_get_bytes(&random[0], sizeof(random)), CHIP_NO_ERROR); encodeParams.initiatorRandom = ByteSpan(random, sizeof(random)); encodeParams.initiatorSessionId = 7315; uint8_t destinationId[32] = { 0xDE, 0xAD }; encodeParams.destinationId = ByteSpan(destinationId, sizeof(destinationId)); - ReliableMessageProtocolConfig MRPConfig = GetDefaultMRPConfig(); - encodeParams.initiatorMrpConfig = &MRPConfig; + ReliableMessageProtocolConfig mrpConfig = GetDefaultMRPConfig(); + encodeParams.initiatorMrpConfig = &mrpConfig; { System::PacketBufferHandle msg; // EncodeSigma1 should fail when there is no public key - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma1(msg, encodeParams)); + EXPECT_EQ(CHIP_ERROR_INVALID_ARGUMENT, CASESessionAccess::EncodeSigma1(msg, encodeParams)); } - Crypto::P256Keypair * EphemeralKey = gDeviceOperationalKeystore.AllocateEphemeralKeypairForCASE(); - ASSERT_NE(EphemeralKey, nullptr); - EXPECT_EQ(CHIP_NO_ERROR, EphemeralKey->Initialize(ECPKeyTarget::ECDH)); - encodeParams.pEphPubKey = &EphemeralKey->Pubkey(); + Crypto::P256Keypair * ephemeralKey = gDeviceOperationalKeystore.AllocateEphemeralKeypairForCASE(); + ASSERT_NE(ephemeralKey, nullptr); + EXPECT_EQ(CHIP_NO_ERROR, ephemeralKey->Initialize(ECPKeyTarget::ECDH)); + encodeParams.initiatorEphPubKey = &ephemeralKey->Pubkey(); { System::PacketBufferHandle msg; // EncodeSigma1 will Succeed when Public Key is provided - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma1(msg, encodeParams)); + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma1(msg, encodeParams)); } { System::PacketBufferHandle msg; // EncodeSigma1 should fail when MRP config is missing encodeParams.initiatorMrpConfig = nullptr; - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma1(msg, encodeParams)); + EXPECT_EQ(CHIP_ERROR_INVALID_ARGUMENT, CASESessionAccess::EncodeSigma1(msg, encodeParams)); } { System::PacketBufferHandle msg; // Succeed when MRP Config is provided - encodeParams.initiatorMrpConfig = &MRPConfig; - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma1(msg, encodeParams)); + encodeParams.initiatorMrpConfig = &mrpConfig; + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma1(msg, encodeParams)); } { System::PacketBufferHandle nonEmptyMsg = System::PacketBufferHandle::New(100); // EncodeSigma1 should fail when the packetBufferHandle passed to it is not empty - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma1(nonEmptyMsg, encodeParams)); + EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, CASESessionAccess::EncodeSigma1(nonEmptyMsg, encodeParams)); } { System::PacketBufferHandle msg1; - System::PacketBufferTLVReader tlvReader; - CASESession::ParsedSigma1 parseParams; // Round Trip Test: Encode Sigma1, Parse it then verify parsed values - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma1(msg1, encodeParams)); + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma1(msg1, encodeParams)); + System::PacketBufferTLVReader tlvReader; tlvReader.Init(std::move(msg1)); - EXPECT_EQ(CHIP_NO_ERROR, ParseSigma1(tlvReader, parseParams)); + + CASESessionAccess session; + CASESessionAccess::ParsedSigma1 parseParams; + + EXPECT_EQ(CHIP_NO_ERROR, session.ParseSigma1(tlvReader, parseParams)); // compare parsed values with original values EXPECT_TRUE(parseParams.initiatorRandom.data_equal(encodeParams.initiatorRandom)); EXPECT_EQ(parseParams.initiatorSessionId, encodeParams.initiatorSessionId); EXPECT_TRUE(parseParams.destinationId.data_equal(encodeParams.destinationId)); EXPECT_TRUE(parseParams.initiatorEphPubKey.data_equal( - ByteSpan(encodeParams.pEphPubKey->ConstBytes(), encodeParams.pEphPubKey->Length()))); + ByteSpan(encodeParams.initiatorEphPubKey->ConstBytes(), encodeParams.initiatorEphPubKey->Length()))); } { - System::PacketBufferHandle msg2; - System::PacketBufferTLVReader tlvReader; - CASESession::ParsedSigma1 parseParams; - // Round Trip Test: Sigma1 with Session Resumption // Encode Sigma1 with Resumption, parse it and and verify with original values chip::SessionResumptionStorage::ResumptionIdStorage resumptionId; EXPECT_EQ(chip::Crypto::DRBG_get_bytes(resumptionId.data(), resumptionId.size()), CHIP_NO_ERROR); - EXPECT_EQ(chip::Crypto::DRBG_get_bytes(&encodeParams.initiatorResume1MIC[0], sizeof(encodeParams.initiatorResume1MIC)), + EXPECT_EQ(chip::Crypto::DRBG_get_bytes(&encodeParams.initiatorResume1MICBuffer[0], + sizeof(encodeParams.initiatorResume1MICBuffer)), CHIP_NO_ERROR); encodeParams.resumptionId = ByteSpan(resumptionId.data(), resumptionId.size()); - encodeParams.initiatorResumeMICSpan = ByteSpan(encodeParams.initiatorResume1MIC); + encodeParams.initiatorResumeMICSpan = ByteSpan(encodeParams.initiatorResume1MICBuffer); encodeParams.sessionResumptionRequested = true; - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma1(msg2, encodeParams)); + System::PacketBufferHandle msg2; - // Encode and Parse Round Trip Test + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma1(msg2, encodeParams)); + + System::PacketBufferTLVReader tlvReader; tlvReader.Init(std::move(msg2)); - EXPECT_EQ(CHIP_NO_ERROR, ParseSigma1(tlvReader, parseParams)); + CASESessionAccess session; + CASESessionAccess::ParsedSigma1 parseParams; + + EXPECT_EQ(CHIP_NO_ERROR, session.ParseSigma1(tlvReader, parseParams)); // RoundTrip EXPECT_TRUE(parseParams.initiatorRandom.data_equal(encodeParams.initiatorRandom)); EXPECT_EQ(parseParams.initiatorSessionId, encodeParams.initiatorSessionId); EXPECT_TRUE(parseParams.destinationId.data_equal(encodeParams.destinationId)); EXPECT_TRUE(parseParams.initiatorEphPubKey.data_equal( - ByteSpan(encodeParams.pEphPubKey->ConstBytes(), encodeParams.pEphPubKey->Length()))); + ByteSpan(encodeParams.initiatorEphPubKey->ConstBytes(), encodeParams.initiatorEphPubKey->Length()))); EXPECT_TRUE(parseParams.resumptionId.data_equal(encodeParams.resumptionId)); EXPECT_TRUE(parseParams.initiatorResumeMICSpan.data_equal(encodeParams.initiatorResumeMICSpan)); EXPECT_TRUE(parseParams.initiatorMrpParamsPresent); } // Release EphemeralKeyPair - gDeviceOperationalKeystore.ReleaseEphemeralKeypair(EphemeralKey); + gDeviceOperationalKeystore.ReleaseEphemeralKeypair(ephemeralKey); } TEST_F(TestCASESession, EncodeSigma2Test) { - CASESession::EncodeSigma2Inputs encodeParams; + CASESessionAccess::EncodeSigma2Inputs encodeParams; constexpr uint8_t kEncrypted2datalen = 100U; EXPECT_EQ(chip::Crypto::DRBG_get_bytes(&encodeParams.responderRandom[0], sizeof(encodeParams.responderRandom)), CHIP_NO_ERROR); encodeParams.responderSessionId = 7315; // Generate Ephemeral Public Key - Crypto::P256Keypair * EphemeralKey = gDeviceOperationalKeystore.AllocateEphemeralKeypairForCASE(); - ASSERT_NE(EphemeralKey, nullptr); - EXPECT_EQ(CHIP_NO_ERROR, EphemeralKey->Initialize(ECPKeyTarget::ECDH)); - encodeParams.pEphPubKey = &EphemeralKey->Pubkey(); + Crypto::P256Keypair * ephemeralKey = gDeviceOperationalKeystore.AllocateEphemeralKeypairForCASE(); + ASSERT_NE(ephemeralKey, nullptr); + EXPECT_EQ(CHIP_NO_ERROR, ephemeralKey->Initialize(ECPKeyTarget::ECDH)); + encodeParams.responderEphPubKey = &ephemeralKey->Pubkey(); // TBEData2Encrypted encodeParams.encrypted2Length = kEncrypted2datalen + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES; encodeParams.msgR2Encrypted.Alloc(encodeParams.encrypted2Length); // responder Session Parameters - ReliableMessageProtocolConfig MRPConfig = GetDefaultMRPConfig(); - encodeParams.responderMrpConfig = &MRPConfig; + ReliableMessageProtocolConfig mrpConfig = GetDefaultMRPConfig(); + encodeParams.responderMrpConfig = &mrpConfig; { System::PacketBufferHandle msg; - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma2(msg, encodeParams)); + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma2(msg, encodeParams)); + // EncodeSigma2 frees msgR2Encrypted after encoding it + encodeParams.msgR2Encrypted.Alloc(encodeParams.encrypted2Length); } { System::PacketBufferHandle nonEmptyMsg = System::PacketBufferHandle::New(100); // EncodeSigma2 should fail when the packetBufferHandle passed to it is not empty - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma2(nonEmptyMsg, encodeParams)); + EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, CASESessionAccess::EncodeSigma2(nonEmptyMsg, encodeParams)); } { System::PacketBufferHandle msg; // EncodeSigma2 should fail when there is no public key - encodeParams.pEphPubKey = nullptr; - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma2(msg, encodeParams)); + encodeParams.responderEphPubKey = nullptr; + EXPECT_EQ(CHIP_ERROR_INVALID_ARGUMENT, CASESessionAccess::EncodeSigma2(msg, encodeParams)); } - encodeParams.pEphPubKey = &EphemeralKey->Pubkey(); + encodeParams.responderEphPubKey = &ephemeralKey->Pubkey(); { System::PacketBufferHandle msg; - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma2(msg, encodeParams)); + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma2(msg, encodeParams)); + // EncodeSigma2 frees msgR2Encrypted after encoding it + encodeParams.msgR2Encrypted.Alloc(encodeParams.encrypted2Length); } { System::PacketBufferHandle msg; // EncodeSigma2 should fail when TBEData2Encrypted is not allocated encodeParams.msgR2Encrypted.Free(); - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma2(msg, encodeParams)); + EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, CASESessionAccess::EncodeSigma2(msg, encodeParams)); } encodeParams.msgR2Encrypted.Alloc(encodeParams.encrypted2Length); { System::PacketBufferHandle msg; - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma2(msg, encodeParams)); + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma2(msg, encodeParams)); + // EncodeSigma2 frees msgR2Encrypted after encoding it + encodeParams.msgR2Encrypted.Alloc(encodeParams.encrypted2Length); } { System::PacketBufferHandle msg; // EncodeSigma2 should fail when the encrypted2Length is not set encodeParams.encrypted2Length = 0; - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma2(msg, encodeParams)); + EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, CASESessionAccess::EncodeSigma2(msg, encodeParams)); } // Set encrypted2Length again encodeParams.encrypted2Length = kEncrypted2datalen + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES; @@ -1049,53 +1078,53 @@ TEST_F(TestCASESession, EncodeSigma2Test) System::PacketBufferHandle msg; // EncodeSigma2 should fail when MRP config is missing encodeParams.responderMrpConfig = nullptr; - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma2(msg, encodeParams)); + EXPECT_EQ(CHIP_ERROR_INVALID_ARGUMENT, CASESessionAccess::EncodeSigma2(msg, encodeParams)); } { System::PacketBufferHandle msg; // Succeed when MRP Config is provided - encodeParams.responderMrpConfig = &MRPConfig; - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma2(msg, encodeParams)); + encodeParams.responderMrpConfig = &mrpConfig; + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma2(msg, encodeParams)); } // Release EphemeralKeyPair - gDeviceOperationalKeystore.ReleaseEphemeralKeypair(EphemeralKey); + gDeviceOperationalKeystore.ReleaseEphemeralKeypair(ephemeralKey); } TEST_F(TestCASESession, EncodeSigma2ResumeTest) { - CASESession::EncodeSigma2ResInputs encodeParams; + CASESessionAccess::EncodeSigma2ResumeInputs encodeParams; encodeParams.responderSessionId = 7315; // responder Session Parameters - ReliableMessageProtocolConfig MRPConfig = GetDefaultMRPConfig(); - encodeParams.responderMrpConfig = &MRPConfig; + ReliableMessageProtocolConfig mrpConfig = GetDefaultMRPConfig(); + encodeParams.responderMrpConfig = &mrpConfig; { System::PacketBufferHandle msg; - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma2Resume(msg, encodeParams)); + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma2Resume(msg, encodeParams)); } { System::PacketBufferHandle nonEmptyMsg = System::PacketBufferHandle::New(100); // EncodeSigma2Resume should fail when the packetBufferHandle passed to it is not empty - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma2Resume(nonEmptyMsg, encodeParams)); + EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, CASESessionAccess::EncodeSigma2Resume(nonEmptyMsg, encodeParams)); } { System::PacketBufferHandle msg; // EncodeSigma2Resume should fail when MRP config is missing encodeParams.responderMrpConfig = nullptr; - EXPECT_EQ(CHIP_ERROR_INCORRECT_STATE, EncodeSigma2Resume(msg, encodeParams)); + EXPECT_EQ(CHIP_ERROR_INVALID_ARGUMENT, CASESessionAccess::EncodeSigma2Resume(msg, encodeParams)); } { System::PacketBufferHandle msg; // Succeed when MRP Config is provided - encodeParams.responderMrpConfig = &MRPConfig; - EXPECT_EQ(CHIP_NO_ERROR, EncodeSigma2Resume(msg, encodeParams)); + encodeParams.responderMrpConfig = &mrpConfig; + EXPECT_EQ(CHIP_NO_ERROR, CASESessionAccess::EncodeSigma2Resume(msg, encodeParams)); } }