From 573dfda79a83ea94eb5f74c83bb4a207b387c7f6 Mon Sep 17 00:00:00 2001 From: Zang MingJie Date: Wed, 5 Jan 2022 22:36:10 +0800 Subject: [PATCH] Do not allow creating secure session handle on the fly (#13313) --- src/app/tests/TestReportingEngine.cpp | 6 +- src/app/util/chip-message-send.cpp | 2 +- src/transport/SessionHandle.h | 7 +- src/transport/SessionManager.cpp | 12 ++-- src/transport/SessionManager.h | 2 +- src/transport/tests/BUILD.gn | 1 - src/transport/tests/TestSessionHandle.cpp | 84 ----------------------- 7 files changed, 13 insertions(+), 101 deletions(-) delete mode 100644 src/transport/tests/TestSessionHandle.cpp diff --git a/src/app/tests/TestReportingEngine.cpp b/src/app/tests/TestReportingEngine.cpp index 6e72217447e329..2cc46f2a8baf6c 100644 --- a/src/app/tests/TestReportingEngine.cpp +++ b/src/app/tests/TestReportingEngine.cpp @@ -76,9 +76,8 @@ void TestReportingEngine::TestBuildAndSendSingleReportData(nlTestSuite * apSuite err = InteractionModelEngine::GetInstance()->Init(&ctx.GetExchangeManager(), nullptr); NL_TEST_ASSERT(apSuite, err == CHIP_NO_ERROR); - Messaging::ExchangeContext * exchangeCtx = ctx.GetExchangeManager().NewContext(SessionHandle(0, 0, 0, 0), nullptr); TestExchangeDelegate delegate; - exchangeCtx->SetDelegate(&delegate); + Messaging::ExchangeContext * exchangeCtx = ctx.NewExchangeToAlice(&delegate); writer.Init(std::move(readRequestbuf)); err = readRequestBuilder.Init(&writer); @@ -104,7 +103,8 @@ void TestReportingEngine::TestBuildAndSendSingleReportData(nlTestSuite * apSuite readHandler.Init(&ctx.GetExchangeManager(), nullptr, exchangeCtx, chip::app::ReadHandler::InteractionType::Read); readHandler.OnReadInitialRequest(std::move(readRequestbuf)); err = InteractionModelEngine::GetInstance()->GetReportingEngine().BuildAndSendSingleReportData(&readHandler); - NL_TEST_ASSERT(apSuite, err == CHIP_ERROR_NOT_CONNECTED); + NL_TEST_ASSERT(apSuite, err == CHIP_NO_ERROR); + readHandler.Shutdown(app::ReadHandler::ShutdownOptions::AbortCurrentExchange); } } // namespace reporting diff --git a/src/app/util/chip-message-send.cpp b/src/app/util/chip-message-send.cpp index ea3eafb506e3d3..84d84b4fbe48fa 100644 --- a/src/app/util/chip-message-send.cpp +++ b/src/app/util/chip-message-send.cpp @@ -110,7 +110,7 @@ EmberStatus chipSendUnicast(NodeId destination, EmberApsFrame * apsFrame, uint16 } Messaging::ExchangeContext * exchange = - exchangeMgr->NewContext(SessionHandle(destination, 0, Transport::kAnyKeyId, 0), nullptr); + exchangeMgr->NewContext(exchangeMgr->GetSessionManager()->FindSecureSessionForNode(destination), nullptr); if (exchange == nullptr) { return EMBER_DELIVERY_FAILED; diff --git a/src/transport/SessionHandle.h b/src/transport/SessionHandle.h index caaafef5cb657b..fb9dc31d21ebe4 100644 --- a/src/transport/SessionHandle.h +++ b/src/transport/SessionHandle.h @@ -39,11 +39,10 @@ class SessionHandle mPeerNodeId(kPlaceholderNodeId), mFabric(kUndefinedFabricIndex), mUnauthenticatedSessionHandle(session) {} - SessionHandle(NodeId peerNodeId, uint16_t localSessionId, uint16_t peerSessionId, FabricIndex fabric) : - mPeerNodeId(peerNodeId), mFabric(fabric) + SessionHandle(Transport::SecureSession & session) : mPeerNodeId(session.GetPeerNodeId()), mFabric(session.GetFabricIndex()) { - mLocalSessionId.SetValue(localSessionId); - mPeerSessionId.SetValue(peerSessionId); + mLocalSessionId.SetValue(session.GetLocalSessionId()); + mPeerSessionId.SetValue(session.GetPeerSessionId()); } SessionHandle(NodeId peerNodeId, GroupId groupId, FabricIndex fabric) : mPeerNodeId(peerNodeId), mFabric(fabric) diff --git a/src/transport/SessionManager.cpp b/src/transport/SessionManager.cpp index cee779e8c09860..0e6452efe755ff 100644 --- a/src/transport/SessionManager.cpp +++ b/src/transport/SessionManager.cpp @@ -340,7 +340,7 @@ CHIP_ERROR SessionManager::NewPairing(SessionHolder & sessionHolder, const Optio ReturnErrorOnFailure(pairing->DeriveSecureSession(session->GetCryptoContext(), direction)); session->GetSessionMessageCounter().GetPeerMessageCounter().SetCounter(pairing->GetPeerCounter()); - sessionHolder.Grab(SessionHandle(session->GetPeerNodeId(), session->GetLocalSessionId(), session->GetPeerSessionId(), fabric)); + sessionHolder.Grab(SessionHandle(*session)); return CHIP_NO_ERROR; } @@ -530,8 +530,7 @@ void SessionManager::SecureUnicastMessageDispatch(const PacketHeader & packetHea if (mCB != nullptr) { - SessionHandle sessionHandle(session->GetPeerNodeId(), session->GetLocalSessionId(), session->GetPeerSessionId(), - session->GetFabricIndex()); + SessionHandle sessionHandle(*session); mCB->OnMessageReceived(packetHeader, payloadHeader, sessionHandle, peerAddress, isDuplicate, std::move(msg)); } } @@ -606,13 +605,12 @@ void SessionManager::SecureGroupMessageDispatch(const PacketHeader & packetHeade } } -void SessionManager::HandleConnectionExpired(const Transport::SecureSession & session) +void SessionManager::HandleConnectionExpired(Transport::SecureSession & session) { ChipLogDetail(Inet, "Marking old secure session for device 0x" ChipLogFormatX64 " as expired", ChipLogValueX64(session.GetPeerNodeId())); - SessionHandle sessionHandle(session.GetPeerNodeId(), session.GetLocalSessionId(), session.GetPeerSessionId(), - session.GetFabricIndex()); + SessionHandle sessionHandle(session); mSessionReleaseDelegates.ForEachActiveObject([&](std::reference_wrapper * cb) { cb->get().OnSessionReleased(sessionHandle); return Loop::Continue; @@ -659,7 +657,7 @@ SessionHandle SessionManager::FindSecureSessionForNode(NodeId peerNodeId) }); VerifyOrDie(found != nullptr); - return SessionHandle(found->GetPeerNodeId(), found->GetLocalSessionId(), found->GetPeerSessionId(), found->GetFabricIndex()); + return SessionHandle(*found); } } // namespace chip diff --git a/src/transport/SessionManager.h b/src/transport/SessionManager.h index 5dd8d0c9e58faa..70add956a8178f 100644 --- a/src/transport/SessionManager.h +++ b/src/transport/SessionManager.h @@ -294,7 +294,7 @@ class DLL_EXPORT SessionManager : public TransportMgrDelegate /** * Called when a specific connection expires. */ - void HandleConnectionExpired(const Transport::SecureSession & state); + void HandleConnectionExpired(Transport::SecureSession & state); /** * Callback for timer expiry check diff --git a/src/transport/tests/BUILD.gn b/src/transport/tests/BUILD.gn index 69be6a5a1a1ecc..532c701fe34e5a 100644 --- a/src/transport/tests/BUILD.gn +++ b/src/transport/tests/BUILD.gn @@ -26,7 +26,6 @@ chip_test_suite("tests") { "TestPairingSession.cpp", "TestPeerConnections.cpp", "TestSecureSession.cpp", - "TestSessionHandle.cpp", "TestSessionManager.cpp", ] diff --git a/src/transport/tests/TestSessionHandle.cpp b/src/transport/tests/TestSessionHandle.cpp deleted file mode 100644 index 2e680c53012397..00000000000000 --- a/src/transport/tests/TestSessionHandle.cpp +++ /dev/null @@ -1,84 +0,0 @@ -/* - * - * Copyright (c) 2021 Project CHIP Authors - * All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file - * This file implements unit tests for the CryptoContext implementation. - */ - -#include -#include - -#include - -#include -#include -#include - -#include -#include -#include - -using namespace chip; - -void TestMatchSession(nlTestSuite * inSuite, void * inContext) -{ - SessionHandle session2(chip::kTestDeviceNodeId, 1, 1, 0); - SessionHandle session3(chip::kTestDeviceNodeId, 1, 1, 0); - SessionHandle session4(chip::kTestDeviceNodeId, 1, 2, 0); - SessionHandle session5(chip::kTestDeviceNodeId, 2, 2, 0); - NL_TEST_ASSERT(inSuite, session2 == session3); - NL_TEST_ASSERT(inSuite, session2 == session4); - NL_TEST_ASSERT(inSuite, !(session2 == session5)); -} - -// Test Suite - -/** - * Test Suite that lists all the test functions. - */ -// clang-format off -static const nlTest sTests[] = -{ - NL_TEST_DEF("MatchSession", TestMatchSession), - NL_TEST_SENTINEL() -}; -// clang-format on - -// clang-format off -static nlTestSuite sSuite = -{ - "Test-CHIP-SessionHandle", - &sTests[0], - nullptr, - nullptr -}; -// clang-format on - -/** - * Main - */ -int TestSessionHandle() -{ - // Run test suit against one context - nlTestRunner(&sSuite, nullptr); - - return (nlTestRunnerStats(&sSuite)); -} - -CHIP_REGISTER_TEST_SUITE(TestSessionHandle)