From 680e288bdeca47c963e5633a54c92573800e7630 Mon Sep 17 00:00:00 2001 From: Ricardo Casallas Date: Wed, 26 Jan 2022 14:57:39 -0500 Subject: [PATCH] Group Cryptography: Review comments applied. --- src/credentials/GroupDataProviderImpl.cpp | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/src/credentials/GroupDataProviderImpl.cpp b/src/credentials/GroupDataProviderImpl.cpp index d222327337dacf..88ba7f75624c6d 100644 --- a/src/credentials/GroupDataProviderImpl.cpp +++ b/src/credentials/GroupDataProviderImpl.cpp @@ -747,7 +747,8 @@ struct KeySetData : PersistentData OperationalKey * GetCurrentKey() { // An epoch key update SHALL order the keys from oldest to newest, - // the current epoch key having the second newest time + // the current epoch key having the second newest time if time + // synchronization is not achieved or guaranteed. switch (this->keys_count) { case 1: @@ -1781,14 +1782,18 @@ Crypto::SymmetricKeyContext * GroupDataProviderImpl::GetKeyContext(FabricIndex f for (uint16_t i = 0; i < fabric.map_count; ++i, mapping.id = mapping.next) { VerifyOrReturnError(CHIP_NO_ERROR == mapping.Load(mStorage), nullptr); - // Group found, get the keyset - KeySetData keyset; - VerifyOrReturnError(keyset.Find(mStorage, fabric, mapping.keyset_id), nullptr); - OperationalKey * key = keyset.GetCurrentKey(); - if (nullptr != key) + // GroupKeySetID of 0 is reserved for the Identity Protection Key (IPK) + if (mapping.keyset_id > 0 && mapping.group_id == group_id) { - return mKeyContexPool.CreateObject(*this, ByteSpan(key->value, Crypto::CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES), - key->hash); + // Group found, get the keyset + KeySetData keyset; + VerifyOrReturnError(keyset.Find(mStorage, fabric, mapping.keyset_id), nullptr); + OperationalKey * key = keyset.GetCurrentKey(); + if (nullptr != key) + { + return mKeyContexPool.CreateObject(*this, ByteSpan(key->value, Crypto::CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES), + key->hash); + } } } return nullptr;