diff --git a/src/channel/ChannelContext.cpp b/src/channel/ChannelContext.cpp index 75f9b148e3f2c1..c7f5f607fa8353 100644 --- a/src/channel/ChannelContext.cpp +++ b/src/channel/ChannelContext.cpp @@ -261,8 +261,6 @@ CHIP_ERROR ChannelContext::SendSessionEstablishmentMessage(const PacketHeader & CHIP_ERROR ChannelContext::HandlePairingMessage(const PacketHeader & packetHeader, const Transport::PeerAddress & peerAddress, System::PacketBufferHandle && msg) { - if (IsCasePairing()) - return mStateVars.mPreparing.mCasePairingSession->HandlePeerMessage(packetHeader, peerAddress, std::move(msg)); return CHIP_ERROR_INCORRECT_STATE; } @@ -270,13 +268,16 @@ void ChannelContext::EnterCasePairingState() { mStateVars.mPreparing.mState = PrepareState::kCasePairing; mStateVars.mPreparing.mCasePairingSession = Platform::New(); + + ExchangeContext * ctxt = mExchangeManager->NewContext(SecureSessionHandle(), mStateVars.mPreparing.mCasePairingSession); + VerifyOrReturn(ctxt != nullptr); + // TODO: currently only supports IP/UDP paring Transport::PeerAddress addr; addr.SetTransportType(Transport::Type::kUdp).SetIPAddress(mStateVars.mPreparing.mAddress); CHIP_ERROR err = mStateVars.mPreparing.mCasePairingSession->EstablishSession( - addr, &mStateVars.mPreparing.mBuilder.GetOperationalCredentialSet(), - Optional::Value(mExchangeManager->GetSessionMgr()->GetLocalNodeId()), - mStateVars.mPreparing.mBuilder.GetPeerNodeId(), mExchangeManager->GetNextKeyId(), this); + addr, &mStateVars.mPreparing.mBuilder.GetOperationalCredentialSet(), mStateVars.mPreparing.mBuilder.GetPeerNodeId(), + mExchangeManager->GetNextKeyId(), ctxt, this); if (err != CHIP_NO_ERROR) { ExitCasePairingState(); diff --git a/src/channel/ChannelContext.h b/src/channel/ChannelContext.h index 2ab16db785ba82..0b3420f19c24f3 100644 --- a/src/channel/ChannelContext.h +++ b/src/channel/ChannelContext.h @@ -27,7 +27,7 @@ #include #include #include -#include +#include #include #include diff --git a/src/protocols/secure_channel/BUILD.gn b/src/protocols/secure_channel/BUILD.gn index 406e1922d15ef7..1c0b89f9543861 100644 --- a/src/protocols/secure_channel/BUILD.gn +++ b/src/protocols/secure_channel/BUILD.gn @@ -4,6 +4,8 @@ static_library("secure_channel") { output_name = "libSecureChannel" sources = [ + "CASESession.cpp", + "CASESession.h", "NetworkProvisioning.cpp", "NetworkProvisioning.h", "PASESession.cpp", diff --git a/src/transport/CASESession.cpp b/src/protocols/secure_channel/CASESession.cpp similarity index 83% rename from src/transport/CASESession.cpp rename to src/protocols/secure_channel/CASESession.cpp index fbaa0e42d64b80..5f0e110cda856b 100644 --- a/src/transport/CASESession.cpp +++ b/src/protocols/secure_channel/CASESession.cpp @@ -23,7 +23,7 @@ * operational credentials. * */ -#include +#include #include #include @@ -59,6 +59,12 @@ constexpr size_t kTAGSize = 16; using namespace Crypto; using namespace Credentials; +using namespace Messaging; + +// Wait at most 30 seconds for the response from the peer. +// This timeout value assumes the underlying transport is reliable. +// The session establishment fails if the response is not received within timeout window. +static constexpr ExchangeContext::Timeout kSigma_Response_Timeout = 30000; CASESession::CASESession() { @@ -83,7 +89,6 @@ void CASESession::Clear() // It's done so that no security related information will be leaked. mNextExpectedMsg = Protocols::SecureChannel::MsgType::CASE_SigmaErr; mCommissioningHash.Clear(); - mLocalNodeId = kUndefinedNodeId; mPairingComplete = false; mConnectionState.Reset(); if (mTrustedRootId.mId != nullptr) @@ -91,6 +96,12 @@ void CASESession::Clear() chip::Platform::MemoryFree(const_cast(mTrustedRootId.mId)); mTrustedRootId.mId = nullptr; } + + if (mExchangeCtxt != nullptr) + { + mExchangeCtxt->Close(); + mExchangeCtxt = nullptr; + } } CHIP_ERROR CASESession::Serialize(CASESessionSerialized & output) @@ -138,14 +149,12 @@ CHIP_ERROR CASESession::ToSerializable(CASESessionSerializable & serializable) const NodeId peerNodeId = mConnectionState.GetPeerNodeId(); VerifyOrReturnError(CanCastTo(mSharedSecret.Length()), CHIP_ERROR_INTERNAL); VerifyOrReturnError(CanCastTo(sizeof(mMessageDigest)), CHIP_ERROR_INTERNAL); - VerifyOrReturnError(CanCastTo(mLocalNodeId), CHIP_ERROR_INTERNAL); VerifyOrReturnError(CanCastTo(peerNodeId), CHIP_ERROR_INTERNAL); memset(&serializable, 0, sizeof(serializable)); serializable.mSharedSecretLen = static_cast(mSharedSecret.Length()); serializable.mMessageDigestLen = static_cast(sizeof(mMessageDigest)); serializable.mPairingComplete = (mPairingComplete) ? 1 : 0; - serializable.mLocalNodeId = mLocalNodeId; serializable.mPeerNodeId = peerNodeId; serializable.mLocalKeyId = mConnectionState.GetLocalKeyID(); serializable.mPeerKeyId = mConnectionState.GetPeerKeyID(); @@ -167,7 +176,6 @@ CHIP_ERROR CASESession::FromSerializable(const CASESessionSerializable & seriali memcpy(mSharedSecret, serializable.mSharedSecret, mSharedSecret.Length()); memcpy(mMessageDigest, serializable.mMessageDigest, serializable.mMessageDigestLen); - mLocalNodeId = serializable.mLocalNodeId; mConnectionState.SetPeerNodeId(serializable.mPeerNodeId); mConnectionState.SetLocalKeyID(serializable.mLocalKeyId); mConnectionState.SetPeerKeyID(serializable.mPeerKeyId); @@ -175,7 +183,7 @@ CHIP_ERROR CASESession::FromSerializable(const CASESessionSerializable & seriali return CHIP_NO_ERROR; } -CHIP_ERROR CASESession::Init(OperationalCredentialSet * operationalCredentialSet, Optional myNodeId, uint16_t myKeyId, +CHIP_ERROR CASESession::Init(OperationalCredentialSet * operationalCredentialSet, uint16_t myKeyId, SessionEstablishmentDelegate * delegate) { VerifyOrReturnError(delegate != nullptr, CHIP_ERROR_INVALID_ARGUMENT); @@ -185,8 +193,7 @@ CHIP_ERROR CASESession::Init(OperationalCredentialSet * operationalCredentialSet ReturnErrorOnFailure(mCommissioningHash.Begin()); - mDelegate = delegate; - mLocalNodeId = myNodeId.ValueOr(kUndefinedNodeId); + mDelegate = delegate; mConnectionState.SetLocalKeyID(myKeyId); mOpCredSet = operationalCredentialSet; @@ -198,10 +205,10 @@ CHIP_ERROR CASESession::Init(OperationalCredentialSet * operationalCredentialSet } CHIP_ERROR -CASESession::WaitForSessionEstablishment(OperationalCredentialSet * operationalCredentialSet, Optional myNodeId, - uint16_t myKeyId, SessionEstablishmentDelegate * delegate) +CASESession::WaitForSessionEstablishment(OperationalCredentialSet * operationalCredentialSet, uint16_t myKeyId, + SessionEstablishmentDelegate * delegate) { - ReturnErrorOnFailure(Init(operationalCredentialSet, myNodeId, myKeyId, delegate)); + ReturnErrorOnFailure(Init(operationalCredentialSet, myKeyId, delegate)); mNextExpectedMsg = Protocols::SecureChannel::MsgType::CASE_SigmaR1; mPairingComplete = false; @@ -211,32 +218,22 @@ CASESession::WaitForSessionEstablishment(OperationalCredentialSet * operationalC return CHIP_NO_ERROR; } -CHIP_ERROR CASESession::AttachHeaderAndSend(Protocols::SecureChannel::MsgType msgType, System::PacketBufferHandle msgBuf) -{ - PayloadHeader payloadHeader; - - payloadHeader.SetMessageType(msgType); - - ReturnErrorOnFailure(payloadHeader.EncodeBeforeData(msgBuf)); - - ReturnErrorOnFailure(mDelegate->SendSessionEstablishmentMessage(PacketHeader() - .SetSourceNodeId(mLocalNodeId) - .SetDestinationNodeId(mConnectionState.GetPeerNodeId()) - .SetEncryptionKeyID(mConnectionState.GetLocalKeyID()), - mConnectionState.GetPeerAddress(), std::move(msgBuf))); - - return CHIP_NO_ERROR; -} - CHIP_ERROR CASESession::EstablishSession(const Transport::PeerAddress peerAddress, - OperationalCredentialSet * operationalCredentialSet, Optional myNodeId, - NodeId peerNodeId, uint16_t myKeyId, SessionEstablishmentDelegate * delegate) + OperationalCredentialSet * operationalCredentialSet, NodeId peerNodeId, uint16_t myKeyId, + ExchangeContext * exchangeCtxt, SessionEstablishmentDelegate * delegate) { CHIP_ERROR err = CHIP_NO_ERROR; - err = Init(operationalCredentialSet, myNodeId, myKeyId, delegate); + ReturnErrorCodeIf(exchangeCtxt == nullptr, CHIP_ERROR_INVALID_ARGUMENT); + + err = Init(operationalCredentialSet, myKeyId, delegate); + + // We are setting the exchange context specifically before checking for error. + // This is to make sure the exchange will get closed if Init() returned an error. + mExchangeCtxt = exchangeCtxt; SuccessOrExit(err); + mExchangeCtxt->SetResponseTimeout(kSigma_Response_Timeout); mConnectionState.SetPeerAddress(peerAddress); mConnectionState.SetPeerNodeId(peerNodeId); @@ -251,6 +248,16 @@ CHIP_ERROR CASESession::EstablishSession(const Transport::PeerAddress peerAddres return err; } +void CASESession::OnResponseTimeout(ExchangeContext * ec) +{ + VerifyOrReturn(ec != nullptr, ChipLogError(Inet, "CASESession::OnResponseTimeout was called by null exchange")); + VerifyOrReturn(mExchangeCtxt == ec, ChipLogError(Inet, "CASESession::OnResponseTimeout exchange doesn't match")); + ChipLogError(Inet, "CASESession timed out while waiting for a response from the peer. Expected message type was %d", + mNextExpectedMsg); + mDelegate->OnSessionEstablishmentError(CHIP_ERROR_TIMEOUT); + Clear(); +} + CHIP_ERROR CASESession::DeriveSecureSession(const uint8_t * info, size_t info_len, SecureSession & session) { System::PacketBufferHandle msg_salt; @@ -283,7 +290,7 @@ CHIP_ERROR CASESession::DeriveSecureSession(const uint8_t * info, size_t info_le CHIP_ERROR CASESession::SendSigmaR1() { - uint16_t data_len = static_cast(kSigmaParamRandomNumberSize + sizeof(uint16_t) + + uint16_t data_len = static_cast(kSigmaParamRandomNumberSize + sizeof(uint16_t) + sizeof(uint16_t) + mOpCredSet->GetCertCount() * kTrustedRootIdSize + kP256_PublicKey_Length); System::PacketBufferHandle msg_R1; @@ -306,6 +313,8 @@ CHIP_ERROR CASESession::SendSigmaR1() { uint16_t n_trusted_roots = mOpCredSet->GetCertCount(); Encoding::LittleEndian::BufferWriter bbuf(&msg[kSigmaParamRandomNumberSize], data_len - kSigmaParamRandomNumberSize); + // Initiator's session ID + bbuf.Put16(mConnectionState.GetLocalKeyID()); // Step 2/3 bbuf.Put16(n_trusted_roots); for (uint16_t i = 0; i < n_trusted_roots; ++i) @@ -325,28 +334,32 @@ CHIP_ERROR CASESession::SendSigmaR1() mNextExpectedMsg = Protocols::SecureChannel::MsgType::CASE_SigmaR2; // Call delegate to send the msg to peer - ReturnErrorOnFailure(AttachHeaderAndSend(Protocols::SecureChannel::MsgType::CASE_SigmaR1, std::move(msg_R1))); + ReturnErrorOnFailure(mExchangeCtxt->SendMessage(Protocols::SecureChannel::MsgType::CASE_SigmaR1, std::move(msg_R1), + SendFlags(SendMessageFlags::kExpectResponse))); ChipLogDetail(Inet, "Sent SigmaR1 msg"); return CHIP_NO_ERROR; } -CHIP_ERROR CASESession::HandleSigmaR1_and_SendSigmaR2(const PacketHeader & header, const System::PacketBufferHandle & msg) +CHIP_ERROR CASESession::HandleSigmaR1_and_SendSigmaR2(const System::PacketBufferHandle & msg) { - ReturnErrorOnFailure(HandleSigmaR1(header, msg)); + ReturnErrorOnFailure(HandleSigmaR1(msg)); ReturnErrorOnFailure(SendSigmaR2()); return CHIP_NO_ERROR; } -CHIP_ERROR CASESession::HandleSigmaR1(const PacketHeader & header, const System::PacketBufferHandle & msg) +CHIP_ERROR CASESession::HandleSigmaR1(const System::PacketBufferHandle & msg) { CHIP_ERROR err = CHIP_NO_ERROR; - const uint8_t * buf = msg->Start(); - uint16_t buflen = msg->DataLength(); - uint16_t fixed_buflen = kSigmaParamRandomNumberSize + sizeof(uint16_t) + kTrustedRootIdSize + kP256_PublicKey_Length; + uint16_t encryptionKeyId = 0; + + const uint8_t * buf = msg->Start(); + uint16_t buflen = msg->DataLength(); + uint16_t fixed_buflen = + kSigmaParamRandomNumberSize + sizeof(encryptionKeyId) + sizeof(uint16_t) + kTrustedRootIdSize + kP256_PublicKey_Length; uint32_t n_trusted_roots; Encoding::LittleEndian::BufferWriter bbuf(mRemotePubKey, mRemotePubKey.Length()); @@ -361,6 +374,8 @@ CHIP_ERROR CASESession::HandleSigmaR1(const PacketHeader & header, const System: // Let's skip the random number portion of the message buf += kSigmaParamRandomNumberSize; + + encryptionKeyId = chip::Encoding::LittleEndian::Read16(buf); n_trusted_roots = chip::Encoding::LittleEndian::Read16(buf); // Step 1/2 err = FindValidTrustedRoot(&buf, n_trusted_roots); @@ -369,12 +384,8 @@ CHIP_ERROR CASESession::HandleSigmaR1(const PacketHeader & header, const System: bbuf.Put(buf, kP256_PublicKey_Length); VerifyOrExit(bbuf.Fit(), err = CHIP_ERROR_NO_MEMORY); - if (header.GetSourceNodeId().HasValue() && mConnectionState.GetPeerNodeId() == kUndefinedNodeId) - { - mConnectionState.SetPeerNodeId(header.GetSourceNodeId().Value()); - } - - mConnectionState.SetPeerKeyID(header.GetEncryptionKeyID()); + ChipLogDetail(Inet, "Peer assigned session key ID %d", encryptionKeyId); + mConnectionState.SetPeerKeyID(encryptionKeyId); exit: @@ -495,7 +506,7 @@ CHIP_ERROR CASESession::SendSigmaR2() msg_R2_Encrypted->Start(), tag, sizeof(tag)); SuccessOrExit(err); - data_len = static_cast(kSigmaParamRandomNumberSize + kTrustedRootIdSize + kP256_PublicKey_Length + + data_len = static_cast(kSigmaParamRandomNumberSize + sizeof(uint16_t) + kTrustedRootIdSize + kP256_PublicKey_Length + msg_r2_signed_enc_len + sizeof(tag)); msg_R2 = System::PacketBufferHandle::New(data_len); @@ -507,6 +518,8 @@ CHIP_ERROR CASESession::SendSigmaR2() Encoding::LittleEndian::BufferWriter bbuf(msg_R2->Start(), data_len); bbuf.Put(msg_rand->Start(), kSigmaParamRandomNumberSize); + // Responder's session ID + bbuf.Put16(mConnectionState.GetLocalKeyID()); // Step 2 bbuf.Put(mTrustedRootId.mId, mTrustedRootId.mLen); bbuf.Put(mEphemeralKey.Pubkey(), mEphemeralKey.Pubkey().Length()); @@ -524,7 +537,8 @@ CHIP_ERROR CASESession::SendSigmaR2() mNextExpectedMsg = Protocols::SecureChannel::MsgType::CASE_SigmaR3; // Call delegate to send the msg to peer - err = AttachHeaderAndSend(Protocols::SecureChannel::MsgType::CASE_SigmaR2, std::move(msg_R2)); + err = mExchangeCtxt->SendMessage(Protocols::SecureChannel::MsgType::CASE_SigmaR2, std::move(msg_R2), + SendFlags(SendMessageFlags::kExpectResponse)); SuccessOrExit(err); ChipLogDetail(Inet, "Sent SigmaR2 msg"); @@ -538,15 +552,15 @@ CHIP_ERROR CASESession::SendSigmaR2() return err; } -CHIP_ERROR CASESession::HandleSigmaR2_and_SendSigmaR3(const PacketHeader & header, const System::PacketBufferHandle & msg) +CHIP_ERROR CASESession::HandleSigmaR2_and_SendSigmaR3(const System::PacketBufferHandle & msg) { - ReturnErrorOnFailure(HandleSigmaR2(header, msg)); + ReturnErrorOnFailure(HandleSigmaR2(msg)); ReturnErrorOnFailure(SendSigmaR3()); return CHIP_NO_ERROR; } -CHIP_ERROR CASESession::HandleSigmaR2(const PacketHeader & header, const System::PacketBufferHandle & msg) +CHIP_ERROR CASESession::HandleSigmaR2(const System::PacketBufferHandle & msg) { CHIP_ERROR err = CHIP_NO_ERROR; @@ -573,15 +587,21 @@ CHIP_ERROR CASESession::HandleSigmaR2(const PacketHeader & header, const System: const uint8_t * tag = buf + buflen - kTAGSize; + uint16_t encryptionKeyId = 0; + VerifyOrExit(buf != nullptr, err = CHIP_ERROR_MESSAGE_INCOMPLETE); ChipLogDetail(Inet, "Received SigmaR2 msg"); - mConnectionState.SetPeerKeyID(header.GetEncryptionKeyID()); - // Step 1 // skip random part buf += kSigmaParamRandomNumberSize; + + encryptionKeyId = chip::Encoding::LittleEndian::Read16(buf); + + ChipLogDetail(Inet, "Peer assigned session key ID %d", encryptionKeyId); + mConnectionState.SetPeerKeyID(encryptionKeyId); + err = FindValidTrustedRoot(&buf, 1); SuccessOrExit(err); @@ -622,8 +642,9 @@ CHIP_ERROR CASESession::HandleSigmaR2(const PacketHeader & header, const System: msg_r2_encrypted = const_cast(buf); err = AES_CCM_decrypt(msg_r2_encrypted, - buflen - kSigmaParamRandomNumberSize - kTrustedRootIdSize - kP256_PublicKey_Length - kTAGSize, nullptr, 0, - tag, kTAGSize, sr2k, kAEADKeySize, kIVSR2, kIVLength, msg_r2_encrypted); + buflen - kSigmaParamRandomNumberSize - sizeof(encryptionKeyId) - kTrustedRootIdSize - + kP256_PublicKey_Length - kTAGSize, + nullptr, 0, tag, kTAGSize, sr2k, kAEADKeySize, kIVSR2, kIVLength, msg_r2_encrypted); SuccessOrExit(err); // Step 5 @@ -639,8 +660,8 @@ CHIP_ERROR CASESession::HandleSigmaR2(const PacketHeader & header, const System: VerifyOrExit(!msg_R2_Signed.IsNull(), err = CHIP_SYSTEM_ERROR_NO_MEMORY); msg_R2_Signed->SetDataLength(msg_r2_signed_len); - sigLen = buflen - kSigmaParamRandomNumberSize - kTrustedRootIdSize - kP256_PublicKey_Length - sizeof(uint16_t) - - remoteDeviceOpCertLen - kTAGSize; + sigLen = buflen - kSigmaParamRandomNumberSize - sizeof(encryptionKeyId) - kTrustedRootIdSize - kP256_PublicKey_Length - + sizeof(uint16_t) - remoteDeviceOpCertLen - kTAGSize; err = ConstructSignedCredentials(&buf, remoteDeviceOpCert, remoteDeviceOpCertLen, msg_R2_Signed, sigmaR2SignedData, sigLen); SuccessOrExit(err); @@ -768,7 +789,8 @@ CHIP_ERROR CASESession::SendSigmaR3() SuccessOrExit(err); // Call delegate to send the Msg3 to peer - err = AttachHeaderAndSend(Protocols::SecureChannel::MsgType::CASE_SigmaR3, std::move(msg_R3)); + err = mExchangeCtxt->SendMessage(Protocols::SecureChannel::MsgType::CASE_SigmaR3, std::move(msg_R3), + SendFlags(SendMessageFlags::kNone)); SuccessOrExit(err); ChipLogDetail(Inet, "Sent SigmaR3 msg"); @@ -790,7 +812,7 @@ CHIP_ERROR CASESession::SendSigmaR3() return err; } -CHIP_ERROR CASESession::HandleSigmaR3(const PacketHeader & header, const System::PacketBufferHandle & msg) +CHIP_ERROR CASESession::HandleSigmaR3(const System::PacketBufferHandle & msg) { CHIP_ERROR err = CHIP_NO_ERROR; @@ -863,10 +885,6 @@ CHIP_ERROR CASESession::HandleSigmaR3(const PacketHeader & header, const System: err = remoteCredential.ECDSA_validate_msg_signature(msg_R3_Signed->Start(), msg_r3_signed_len, sigmaR3SignedData); SuccessOrExit(err); - VerifyOrExit(header.GetSourceNodeId().ValueOr(kUndefinedNodeId) == mConnectionState.GetPeerNodeId(), - err = CHIP_ERROR_WRONG_NODE_ID); - VerifyOrExit(header.GetEncryptionKeyID() == mConnectionState.GetPeerKeyID(), err = CHIP_ERROR_INVALID_KEY_ID); - err = mCommissioningHash.Finish(mMessageDigest); SuccessOrExit(err); @@ -903,7 +921,8 @@ void CASESession::SendErrorMsg(SigmaErrorType errorCode) msg->SetDataLength(msglen); - err = AttachHeaderAndSend(Protocols::SecureChannel::MsgType::CASE_SigmaErr, std::move(msg)); + err = mExchangeCtxt->SendMessage(Protocols::SecureChannel::MsgType::CASE_SigmaErr, std::move(msg), + SendFlags(SendMessageFlags::kNone)); SuccessOrExit(err); exit: @@ -1049,7 +1068,7 @@ CHIP_ERROR CASESession::SetEffectiveTime(void) return ASN1ToChipEpochTime(effectiveTime, mValidContext.mEffectiveTime); } -void CASESession::HandleErrorMsg(const PacketHeader & header, const System::PacketBufferHandle & msg) +void CASESession::HandleErrorMsg(const System::PacketBufferHandle & msg) { // Error message processing const uint8_t * buf = msg->Start(); @@ -1068,51 +1087,79 @@ void CASESession::HandleErrorMsg(const PacketHeader & header, const System::Pack Clear(); } -CHIP_ERROR CASESession::HandlePeerMessage(const PacketHeader & packetHeader, const Transport::PeerAddress & peerAddress, - System::PacketBufferHandle msg) +CHIP_ERROR CASESession::ValidateReceivedMessage(ExchangeContext * ec, const PacketHeader & packetHeader, + const PayloadHeader & payloadHeader, System::PacketBufferHandle & msg) { - CHIP_ERROR err = CHIP_NO_ERROR; - PayloadHeader payloadHeader; - - Protocols::SecureChannel::MsgType msgType; + VerifyOrReturnError(ec != nullptr, CHIP_ERROR_INVALID_ARGUMENT); - VerifyOrExit(!msg.IsNull(), err = CHIP_ERROR_INVALID_ARGUMENT); + // mExchangeCtxt can be nullptr if this is the first message (CASE_SigmaR1) received by CASESession + // via UnsolicitedMessageHandler. The exchange context is allocated by exchange manager and provided + // to the handler (CASESession object). + if (mExchangeCtxt != nullptr) + { + if (mExchangeCtxt != ec) + { + // Close the incoming exchange explicitly, as the cleanup code only closes mExchangeCtxt + ec->Close(); + ReturnErrorOnFailure(CHIP_ERROR_INVALID_ARGUMENT); + } + } + else + { + mExchangeCtxt = ec; + mExchangeCtxt->SetResponseTimeout(kSigma_Response_Timeout); + } - err = payloadHeader.DecodeAndConsume(msg); - SuccessOrExit(err); + VerifyOrReturnError(!msg.IsNull(), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(payloadHeader.HasMessageType(mNextExpectedMsg) || + payloadHeader.HasMessageType(Protocols::SecureChannel::MsgType::CASE_SigmaErr), + CHIP_ERROR_INVALID_MESSAGE_TYPE); - VerifyOrExit(payloadHeader.HasProtocol(Protocols::SecureChannel::Id), err = CHIP_ERROR_INVALID_MESSAGE_TYPE); + if (packetHeader.GetSourceNodeId().HasValue()) + { + if (mConnectionState.GetPeerNodeId() == kUndefinedNodeId) + { + mConnectionState.SetPeerNodeId(packetHeader.GetSourceNodeId().Value()); + } + else + { + VerifyOrReturnError(packetHeader.GetSourceNodeId().Value() == mConnectionState.GetPeerNodeId(), + CHIP_ERROR_WRONG_NODE_ID); + } + } - msgType = static_cast(payloadHeader.GetMessageType()); - VerifyOrExit(msgType == mNextExpectedMsg, err = CHIP_ERROR_INVALID_MESSAGE_TYPE); + return CHIP_NO_ERROR; +} - mConnectionState.SetPeerAddress(peerAddress); +void CASESession::OnMessageReceived(ExchangeContext * ec, const PacketHeader & packetHeader, const PayloadHeader & payloadHeader, + System::PacketBufferHandle msg) +{ + CHIP_ERROR err = ValidateReceivedMessage(ec, packetHeader, payloadHeader, msg); - if (mLocalNodeId == kUndefinedNodeId) - { - mLocalNodeId = packetHeader.GetDestinationNodeId().ValueOr(kUndefinedNodeId); - } - else if (packetHeader.GetDestinationNodeId().HasValue()) + if (err != CHIP_NO_ERROR) { - VerifyOrExit(mLocalNodeId == packetHeader.GetDestinationNodeId().Value(), err = CHIP_ERROR_WRONG_NODE_ID); + Clear(); + SuccessOrExit(err); } - switch (msgType) + mConnectionState.SetPeerAddress(mMessageDispatch.GetPeerAddress()); + + switch (static_cast(payloadHeader.GetMessageType())) { case Protocols::SecureChannel::MsgType::CASE_SigmaR1: - err = HandleSigmaR1_and_SendSigmaR2(packetHeader, msg); + err = HandleSigmaR1_and_SendSigmaR2(msg); break; case Protocols::SecureChannel::MsgType::CASE_SigmaR2: - err = HandleSigmaR2_and_SendSigmaR3(packetHeader, msg); + err = HandleSigmaR2_and_SendSigmaR3(msg); break; case Protocols::SecureChannel::MsgType::CASE_SigmaR3: - err = HandleSigmaR3(packetHeader, msg); + err = HandleSigmaR3(msg); break; case Protocols::SecureChannel::MsgType::CASE_SigmaErr: - HandleErrorMsg(packetHeader, msg); + HandleErrorMsg(msg); break; default: @@ -1128,8 +1175,6 @@ CHIP_ERROR CASESession::HandlePeerMessage(const PacketHeader & packetHeader, con { mDelegate->OnSessionEstablishmentError(err); } - - return err; } } // namespace chip diff --git a/src/transport/CASESession.h b/src/protocols/secure_channel/CASESession.h similarity index 76% rename from src/transport/CASESession.h rename to src/protocols/secure_channel/CASESession.h index db4ce0be66ebe7..2f855e805a63e4 100644 --- a/src/transport/CASESession.h +++ b/src/protocols/secure_channel/CASESession.h @@ -28,9 +28,13 @@ #include #include #include +#include +#include #include +#include #include #include +#include #include #include #include @@ -59,13 +63,12 @@ struct CASESessionSerializable uint16_t mMessageDigestLen; uint8_t mMessageDigest[kSHA256_Hash_Length]; uint8_t mPairingComplete; - NodeId mLocalNodeId; NodeId mPeerNodeId; uint16_t mLocalKeyId; uint16_t mPeerKeyId; }; -class DLL_EXPORT CASESession +class DLL_EXPORT CASESession : public Messaging::ExchangeDelegateBase, public PairingSession { public: CASESession(); @@ -82,14 +85,13 @@ class DLL_EXPORT CASESession * * @param operationalCredentialSet CHIP Certificate Set used to store the chain root of trust an validate peer node * certificates - * @param myNodeId Node id of local node * @param myKeyId Key ID to be assigned to the secure session on the peer node * @param delegate Callback object * * @return CHIP_ERROR The result of initialization */ - CHIP_ERROR WaitForSessionEstablishment(OperationalCredentialSet * operationalCredentialSet, Optional myNodeId, - uint16_t myKeyId, SessionEstablishmentDelegate * delegate); + CHIP_ERROR WaitForSessionEstablishment(OperationalCredentialSet * operationalCredentialSet, uint16_t myKeyId, + SessionEstablishmentDelegate * delegate); /** * @brief @@ -98,15 +100,15 @@ class DLL_EXPORT CASESession * @param peerAddress Address of peer with which to establish a session. * @param operationalCredentialSet CHIP Certificate Set used to store the chain root of trust an validate peer node * certificates - * @param myNodeId Node id of local node * @param peerNodeId Node id of the peer node * @param myKeyId Key ID to be assigned to the secure session on the peer node + * @param exchangeCtxt The exchange context to send and receive messages with the peer * @param delegate Callback object * * @return CHIP_ERROR The result of initialization */ CHIP_ERROR EstablishSession(const Transport::PeerAddress peerAddress, OperationalCredentialSet * operationalCredentialSet, - Optional myNodeId, NodeId peerNodeId, uint16_t myKeyId, + NodeId peerNodeId, uint16_t myKeyId, Messaging::ExchangeContext * exchangeCtxt, SessionEstablishmentDelegate * delegate); /** @@ -120,19 +122,7 @@ class DLL_EXPORT CASESession * initialized once session establishment is complete * @return CHIP_ERROR The result of session derivation */ - virtual CHIP_ERROR DeriveSecureSession(const uint8_t * info, size_t info_len, SecureSession & session); - - /** - * @brief - * Handler for peer's messages, exchanged during pairing handshake. - * - * @param packetHeader Message header for the received message - * @param peerAddress Source of the message - * @param msg Message sent by the peer - * @return CHIP_ERROR The result of message processing - */ - virtual CHIP_ERROR HandlePeerMessage(const PacketHeader & packetHeader, const Transport::PeerAddress & peerAddress, - System::PacketBufferHandle msg); + virtual CHIP_ERROR DeriveSecureSession(const uint8_t * info, size_t info_len, SecureSession & session) override; /** * @brief @@ -148,7 +138,7 @@ class DLL_EXPORT CASESession * * @return uint16_t The associated peer key id */ - uint16_t GetPeerKeyId() { return mConnectionState.GetPeerKeyID(); } + uint16_t GetPeerKeyId() override { return mConnectionState.GetPeerKeyID(); } /** * @brief @@ -156,7 +146,11 @@ class DLL_EXPORT CASESession * * @return uint16_t The assocated local key id */ - uint16_t GetLocalKeyId() { return mConnectionState.GetLocalKeyID(); } + uint16_t GetLocalKeyId() override { return mConnectionState.GetLocalKeyID(); } + + const char * GetI2RSessionInfo() const override { return "Sigma I2R Key"; } + + const char * GetR2ISessionInfo() const override { return "Sigma R2I Key"; } Transport::PeerConnectionState & PeerConnection() { return mConnectionState; } @@ -180,6 +174,18 @@ class DLL_EXPORT CASESession **/ CHIP_ERROR FromSerializable(const CASESessionSerializable & output); + SessionEstablishmentExchangeDispatch & MessageDispatch() { return mMessageDispatch; } + + //// ExchangeDelegate Implementation //// + void OnMessageReceived(Messaging::ExchangeContext * ec, const PacketHeader & packetHeader, const PayloadHeader & payloadHeader, + System::PacketBufferHandle payload) override; + void OnResponseTimeout(Messaging::ExchangeContext * ec) override; + Messaging::ExchangeMessageDispatch * GetMessageDispatch(Messaging::ReliableMessageMgr * rmMgr, + SecureSessionMgr * sessionMgr) override + { + return &mMessageDispatch; + } + private: enum SigmaErrorType : uint8_t { @@ -190,17 +196,16 @@ class DLL_EXPORT CASESession kUnexpected = 0xff, }; - CHIP_ERROR Init(OperationalCredentialSet * operationalCredentialSet, Optional myNodeId, uint16_t myKeyId, - SessionEstablishmentDelegate * delegate); + CHIP_ERROR Init(OperationalCredentialSet * operationalCredentialSet, uint16_t myKeyId, SessionEstablishmentDelegate * delegate); CHIP_ERROR SendSigmaR1(); - CHIP_ERROR HandleSigmaR1_and_SendSigmaR2(const PacketHeader & header, const System::PacketBufferHandle & msg); - CHIP_ERROR HandleSigmaR1(const PacketHeader & header, const System::PacketBufferHandle & msg); + CHIP_ERROR HandleSigmaR1_and_SendSigmaR2(const System::PacketBufferHandle & msg); + CHIP_ERROR HandleSigmaR1(const System::PacketBufferHandle & msg); CHIP_ERROR SendSigmaR2(); - CHIP_ERROR HandleSigmaR2_and_SendSigmaR3(const PacketHeader & header, const System::PacketBufferHandle & msg); - CHIP_ERROR HandleSigmaR2(const PacketHeader & header, const System::PacketBufferHandle & msg); + CHIP_ERROR HandleSigmaR2_and_SendSigmaR3(const System::PacketBufferHandle & msg); + CHIP_ERROR HandleSigmaR2(const System::PacketBufferHandle & msg); CHIP_ERROR SendSigmaR3(); - CHIP_ERROR HandleSigmaR3(const PacketHeader & header, const System::PacketBufferHandle & msg); + CHIP_ERROR HandleSigmaR3(const System::PacketBufferHandle & msg); CHIP_ERROR SendSigmaR1Resume(); CHIP_ERROR HandleSigmaR1Resume_and_SendSigmaR2Resume(const PacketHeader & header, const System::PacketBufferHandle & msg); @@ -217,7 +222,7 @@ class DLL_EXPORT CASESession CHIP_ERROR ComputeIPK(const uint16_t sessionID, uint8_t * ipk, size_t ipkLen); void SendErrorMsg(SigmaErrorType errorCode); - void HandleErrorMsg(const PacketHeader & header, const System::PacketBufferHandle & msg); + void HandleErrorMsg(const System::PacketBufferHandle & msg); // TODO: Remove this and replace with system method to retrieve current time CHIP_ERROR SetEffectiveTime(void); @@ -226,6 +231,9 @@ class DLL_EXPORT CASESession void Clear(); + CHIP_ERROR ValidateReceivedMessage(Messaging::ExchangeContext * ec, const PacketHeader & packetHeader, + const PayloadHeader & payloadHeader, System::PacketBufferHandle & msg); + SessionEstablishmentDelegate * mDelegate = nullptr; Protocols::SecureChannel::MsgType mNextExpectedMsg = Protocols::SecureChannel::MsgType::CASE_SigmaErr; @@ -242,14 +250,15 @@ class DLL_EXPORT CASESession uint8_t mIPK[kIPKSize]; uint8_t mRemoteIPK[kIPKSize]; + Messaging::ExchangeContext * mExchangeCtxt = nullptr; + SessionEstablishmentExchangeDispatch mMessageDispatch; + struct SigmaErrorMsg { SigmaErrorType error; }; protected: - NodeId mLocalNodeId = kUndefinedNodeId; - bool mPairingComplete = false; Transport::PeerConnectionState mConnectionState; diff --git a/src/protocols/secure_channel/SessionEstablishmentExchangeDispatch.cpp b/src/protocols/secure_channel/SessionEstablishmentExchangeDispatch.cpp index 05dc71ac4b7411..48ce10a777cdb7 100644 --- a/src/protocols/secure_channel/SessionEstablishmentExchangeDispatch.cpp +++ b/src/protocols/secure_channel/SessionEstablishmentExchangeDispatch.cpp @@ -32,7 +32,6 @@ CHIP_ERROR SessionEstablishmentExchangeDispatch::SendMessageImpl(SecureSessionHa System::PacketBufferHandle && message, EncryptedPacketBufferHandle * retainedMessage) { - ChipLogProgress(ExchangeManager, "SessionEstablishmentExchangeDispatch::SendMessageImpl mTransportMgr %p", mTransportMgr); ReturnErrorOnFailure(payloadHeader.EncodeBeforeData(message)); if (mTransportMgr != nullptr) { diff --git a/src/protocols/secure_channel/tests/BUILD.gn b/src/protocols/secure_channel/tests/BUILD.gn index 763b1c237ff21e..ab3447c4b1da09 100644 --- a/src/protocols/secure_channel/tests/BUILD.gn +++ b/src/protocols/secure_channel/tests/BUILD.gn @@ -9,11 +9,13 @@ chip_test_suite("tests") { output_name = "libSecureChannelTests" test_sources = [ + "TestCASESession.cpp", "TestPASESession.cpp", "TestStatusReport.cpp", ] public_deps = [ + "${chip_root}/src/credentials/tests:cert_test_vectors", "${chip_root}/src/lib/core", "${chip_root}/src/lib/support", "${chip_root}/src/messaging/tests:helpers", diff --git a/src/transport/tests/TestCASESession.cpp b/src/protocols/secure_channel/tests/TestCASESession.cpp similarity index 75% rename from src/transport/tests/TestCASESession.cpp rename to src/protocols/secure_channel/tests/TestCASESession.cpp index b2350316872ac6..ab6391c5a516c8 100644 --- a/src/transport/tests/TestCASESession.cpp +++ b/src/protocols/secure_channel/tests/TestCASESession.cpp @@ -28,11 +28,12 @@ #include #include #include +#include +#include #include #include #include #include -#include #include "credentials/tests/CHIPCert_test_vectors.h" @@ -40,6 +41,36 @@ using namespace chip; using namespace Credentials; using namespace TestCerts; +using namespace chip; +using namespace chip::Inet; +using namespace chip::Transport; +using namespace chip::Messaging; +using namespace chip::Protocols; + +using TestContext = chip::Test::MessagingContext; + +class LoopbackTransport : public Transport::Base +{ +public: + CHIP_ERROR SendMessage(const PacketHeader & header, const PeerAddress & address, System::PacketBufferHandle msgBuf) override + { + ReturnErrorOnFailure(mMessageSendError); + mSentMessageCount++; + HandleMessageReceived(header, address, std::move(msgBuf)); + + return CHIP_NO_ERROR; + } + + bool CanSendToPeer(const PeerAddress & address) override { return true; } + + uint32_t mSentMessageCount = 0; + CHIP_ERROR mMessageSendError = CHIP_NO_ERROR; +}; + +namespace { +TransportMgrBase gTransportMgr; +LoopbackTransport gLoopback; + OperationalCredentialSet commissionerDevOpCred; OperationalCredentialSet accessoryDevOpCred; @@ -51,6 +82,7 @@ P256SerializedKeypair accessoryOpKeysSerialized; P256Keypair commissionerOpKeys; P256Keypair accessoryOpKeys; +} // namespace enum { @@ -62,23 +94,12 @@ enum class TestCASESecurePairingDelegate : public SessionEstablishmentDelegate { public: - CHIP_ERROR SendSessionEstablishmentMessage(const PacketHeader & header, const Transport::PeerAddress & peerAddress, - System::PacketBufferHandle msgBuf) override - { - mNumMessageSend++; - return (peer != nullptr) ? peer->HandlePeerMessage(header, peerAddress, std::move(msgBuf)) : mMessageSendError; - } - void OnSessionEstablishmentError(CHIP_ERROR error) override { mNumPairingErrors++; } void OnSessionEstablished() override { mNumPairingComplete++; } - uint32_t mNumMessageSend = 0; uint32_t mNumPairingErrors = 0; uint32_t mNumPairingComplete = 0; - CHIP_ERROR mMessageSendError = CHIP_NO_ERROR; - - CASESession * peer = nullptr; }; void CASE_SecurePairingWaitTest(nlTestSuite * inSuite, void * inContext) @@ -87,61 +108,74 @@ void CASE_SecurePairingWaitTest(nlTestSuite * inSuite, void * inContext) TestCASESecurePairingDelegate delegate; CASESession pairing; - NL_TEST_ASSERT(inSuite, - pairing.WaitForSessionEstablishment(&accessoryDevOpCred, Optional::Value(1), 0, nullptr) == - CHIP_ERROR_INVALID_ARGUMENT); - NL_TEST_ASSERT(inSuite, - pairing.WaitForSessionEstablishment(&accessoryDevOpCred, Optional::Value(1), 0, &delegate) == - CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, pairing.WaitForSessionEstablishment(&accessoryDevOpCred, 0, nullptr) == CHIP_ERROR_INVALID_ARGUMENT); + NL_TEST_ASSERT(inSuite, pairing.WaitForSessionEstablishment(&accessoryDevOpCred, 0, &delegate) == CHIP_NO_ERROR); } void CASE_SecurePairingStartTest(nlTestSuite * inSuite, void * inContext) { + TestContext & ctx = *reinterpret_cast(inContext); + // Test all combinations of invalid parameters TestCASESecurePairingDelegate delegate; CASESession pairing; + NL_TEST_ASSERT(inSuite, pairing.MessageDispatch().Init(&gTransportMgr) == CHIP_NO_ERROR); + ExchangeContext * context = ctx.NewExchangeToLocal(&pairing); + NL_TEST_ASSERT(inSuite, - pairing.EstablishSession(Transport::PeerAddress(Transport::Type::kBle), &commissionerDevOpCred, - Optional::Value(1), 2, 0, nullptr) != CHIP_NO_ERROR); + pairing.EstablishSession(Transport::PeerAddress(Transport::Type::kBle), &commissionerDevOpCred, 2, 0, nullptr, + nullptr) != CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - pairing.EstablishSession(Transport::PeerAddress(Transport::Type::kBle), &commissionerDevOpCred, - Optional::Value(1), 2, 0, &delegate) == CHIP_NO_ERROR); + pairing.EstablishSession(Transport::PeerAddress(Transport::Type::kBle), &commissionerDevOpCred, 2, 0, context, + &delegate) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, delegate.mNumMessageSend == 1); + NL_TEST_ASSERT(inSuite, gLoopback.mSentMessageCount == 1); - delegate.mMessageSendError = CHIP_ERROR_BAD_REQUEST; + gLoopback.mMessageSendError = CHIP_ERROR_BAD_REQUEST; CASESession pairing1; + NL_TEST_ASSERT(inSuite, pairing1.MessageDispatch().Init(&gTransportMgr) == CHIP_NO_ERROR); + + gLoopback.mSentMessageCount = 0; + gLoopback.mMessageSendError = CHIP_ERROR_BAD_REQUEST; + ExchangeContext * context1 = ctx.NewExchangeToLocal(&pairing1); NL_TEST_ASSERT(inSuite, - pairing1.EstablishSession(Transport::PeerAddress(Transport::Type::kBle), &commissionerDevOpCred, - Optional::Value(1), 2, 0, &delegate) == CHIP_ERROR_BAD_REQUEST); + pairing1.EstablishSession(Transport::PeerAddress(Transport::Type::kBle), &commissionerDevOpCred, 2, 0, context1, + &delegate) == CHIP_ERROR_BAD_REQUEST); + gLoopback.mMessageSendError = CHIP_NO_ERROR; } void CASE_SecurePairingHandshakeTestCommon(nlTestSuite * inSuite, void * inContext, CASESession & pairingCommissioner, TestCASESecurePairingDelegate & delegateCommissioner) { + TestContext & ctx = *reinterpret_cast(inContext); + // Test all combinations of invalid parameters TestCASESecurePairingDelegate delegateAccessory; CASESession pairingAccessory; CASESessionSerializable serializableCommissioner; CASESessionSerializable serializableAccessory; - delegateCommissioner.peer = &pairingAccessory; - delegateAccessory.peer = &pairingCommissioner; + gLoopback.mSentMessageCount = 0; + NL_TEST_ASSERT(inSuite, pairingCommissioner.MessageDispatch().Init(&gTransportMgr) == CHIP_NO_ERROR); + NL_TEST_ASSERT(inSuite, pairingAccessory.MessageDispatch().Init(&gTransportMgr) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - pairingAccessory.WaitForSessionEstablishment(&accessoryDevOpCred, Optional::Value(1), 0, - &delegateAccessory) == CHIP_NO_ERROR); + ctx.GetExchangeManager().RegisterUnsolicitedMessageHandlerForType( + Protocols::SecureChannel::MsgType::CASE_SigmaR1, &pairingAccessory) == CHIP_NO_ERROR); + + ExchangeContext * contextCommissioner = ctx.NewExchangeToLocal(&pairingCommissioner); + + NL_TEST_ASSERT(inSuite, + pairingAccessory.WaitForSessionEstablishment(&accessoryDevOpCred, 0, &delegateAccessory) == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, - pairingCommissioner.EstablishSession(Transport::PeerAddress(Transport::Type::kBle), &commissionerDevOpCred, - Optional::Value(2), 1, 0, &delegateCommissioner) == CHIP_NO_ERROR); + pairingCommissioner.EstablishSession(Transport::PeerAddress(Transport::Type::kBle), &commissionerDevOpCred, 1, 0, + contextCommissioner, &delegateCommissioner) == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, delegateAccessory.mNumMessageSend == 1); + NL_TEST_ASSERT(inSuite, gLoopback.mSentMessageCount == 3); NL_TEST_ASSERT(inSuite, delegateAccessory.mNumPairingComplete == 1); - - NL_TEST_ASSERT(inSuite, delegateCommissioner.mNumMessageSend == 2); NL_TEST_ASSERT(inSuite, delegateCommissioner.mNumPairingComplete == 1); NL_TEST_ASSERT(inSuite, pairingCommissioner.ToSerializable(serializableCommissioner) == CHIP_NO_ERROR); @@ -229,18 +263,48 @@ static const nlTest sTests[] = NL_TEST_SENTINEL() }; // clang-format on -// + +int CASE_TestSecurePairing_Setup(void * inContext); +int CASE_TestSecurePairing_Teardown(void * inContext); + +// clang-format off +static nlTestSuite sSuite = +{ + "Test-CHIP-SecurePairing", + &sTests[0], + CASE_TestSecurePairing_Setup, + CASE_TestSecurePairing_Teardown, +}; +// clang-format on + +static TestContext sContext; + /** * Set up the test suite. */ int CASE_TestSecurePairing_Setup(void * inContext) { + TestContext & ctx = *reinterpret_cast(inContext); + CHIP_ERROR error; CertificateKeyId trustedRootId = { .mId = sTestCert_Root01_SubjectKeyId, .mLen = sTestCert_Root01_SubjectKeyId_Len }; error = chip::Platform::MemoryInit(); SuccessOrExit(error); + gTransportMgr.Init(&gLoopback); + + error = ctx.Init(&sSuite, &gTransportMgr); + SuccessOrExit(error); + + ctx.SetSourceNodeId(kAnyNodeId); + ctx.SetDestinationNodeId(kAnyNodeId); + ctx.SetLocalKeyId(0); + ctx.SetPeerKeyId(0); + ctx.SetAdminId(kUndefinedAdminId); + + gTransportMgr.SetSecureSessionMgr(&ctx.GetSecureSessionManager()); + error = commissionerOpKeysSerialized.SetLength(sTestCert_Node01_01_PublicKey_Len + sTestCert_Node01_01_PrivateKey_Len); SuccessOrExit(error); @@ -313,6 +377,7 @@ int CASE_TestSecurePairing_Setup(void * inContext) */ int CASE_TestSecurePairing_Teardown(void * inContext) { + reinterpret_cast(inContext)->Shutdown(); commissionerDevOpCred.Release(); accessoryDevOpCred.Release(); commissionerCertificateSet.Release(); @@ -321,23 +386,13 @@ int CASE_TestSecurePairing_Teardown(void * inContext) return SUCCESS; } -// clang-format off -static nlTestSuite sSuite = -{ - "Test-CHIP-SecurePairing", - &sTests[0], - CASE_TestSecurePairing_Setup, - CASE_TestSecurePairing_Teardown, -}; -// clang-format on - /** * Main */ int TestCASESession() { // Run test suit against one context - nlTestRunner(&sSuite, nullptr); + nlTestRunner(&sSuite, &sContext); return (nlTestRunnerStats(&sSuite)); } diff --git a/src/transport/BUILD.gn b/src/transport/BUILD.gn index b8553fcf800c3a..f06852cbb6ff81 100644 --- a/src/transport/BUILD.gn +++ b/src/transport/BUILD.gn @@ -22,8 +22,6 @@ static_library("transport") { sources = [ "AdminPairingTable.cpp", "AdminPairingTable.h", - "CASESession.cpp", - "CASESession.h", "PeerConnectionState.h", "PeerConnections.h", "RendezvousSessionDelegate.h", diff --git a/src/transport/tests/BUILD.gn b/src/transport/tests/BUILD.gn index e66799aa3b975f..46ae306e7b33d5 100644 --- a/src/transport/tests/BUILD.gn +++ b/src/transport/tests/BUILD.gn @@ -23,7 +23,6 @@ chip_test_suite("tests") { output_name = "libTransportLayerTests" test_sources = [ - "TestCASESession.cpp", "TestPeerConnections.cpp", "TestSecureSession.cpp", "TestSecureSessionMgr.cpp",