Set peer node ID for PASE sessions (#13372)

Peer node ID for PASE sessions is the passcode ID with discriminant in the top bits (to discriminate it from other kinds of node ID). Also, passcode ID cannot be zero in non-default commissioning cases. Progress towards #10242
project-chip · Sep 11, 2023 · 2302258 · 2302258
1 parent 4c899f3
commit 2302258
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/src/lib/core/NodeId.h b/src/lib/core/NodeId.h
@@ -78,4 +78,9 @@ constexpr NodeId NodeIdFromGroupId(GroupId aGroupId)
     return kMinGroupNodeId | aGroupId;
 }
 
+constexpr NodeId NodeIdFromPAKEKeyId(GroupId aPAKEKeyId)
+{
+    return kMinPAKEKeyId | aPAKEKeyId;
+}
+
 } // namespace chip
diff --git a/src/protocols/secure_channel/PASESession.cpp b/src/protocols/secure_channel/PASESession.cpp
@@ -284,6 +284,8 @@ CHIP_ERROR PASESession::WaitForPairing(uint32_t mySetUpPINCode, uint32_t pbkdf2I
     mPasscodeID      = 0;
     mLocalMRPConfig  = mrpConfig;
 
+    SetPeerNodeId(NodeIdFromPAKEKeyId(mPasscodeID));
+
     ChipLogDetail(SecureChannel, "Waiting for PBKDF param request");
 
 exit:
@@ -298,12 +300,15 @@ CHIP_ERROR PASESession::WaitForPairing(const PASEVerifier & verifier, uint32_t p
                                        uint16_t passcodeID, uint16_t mySessionId, Optional<ReliableMessageProtocolConfig> mrpConfig,
                                        SessionEstablishmentDelegate * delegate)
 {
+    ReturnErrorCodeIf(passcodeID == 0, CHIP_ERROR_INVALID_ARGUMENT);
     ReturnErrorOnFailure(WaitForPairing(0, pbkdf2IterCount, salt, mySessionId, mrpConfig, delegate));
 
     memmove(&mPASEVerifier, &verifier, sizeof(verifier));
     mComputeVerifier = false;
     mPasscodeID      = passcodeID;
 
+    SetPeerNodeId(NodeIdFromPAKEKeyId(mPasscodeID));
+
     return CHIP_NO_ERROR;
 }
 
@@ -319,6 +324,7 @@ CHIP_ERROR PASESession::Pair(const Transport::PeerAddress peerAddress, uint32_t
     mExchangeCtxt->SetResponseTimeout(kSpake2p_Response_Timeout + mExchangeCtxt->GetAckTimeout());
 
     SetPeerAddress(peerAddress);
+    SetPeerNodeId(NodeIdFromPAKEKeyId(mPasscodeID));
 
     mLocalMRPConfig = mrpConfig;
 

diff --git a/src/protocols/secure_channel/PASESession.h b/src/protocols/secure_channel/PASESession.h
@@ -90,8 +90,8 @@ class DLL_EXPORT PASESession : public Messaging::ExchangeDelegate, public Pairin
 
     virtual ~PASESession();
 
-    // TODO: The SetPeerNodeId method should not be exposed; we should not need
-    // to associate a node ID with a PASE session.
+    // TODO: The SetPeerNodeId method should not be exposed; PASE sessions
+    // should not need to be told their peer node ID
     using PairingSession::SetPeerNodeId;
 
     /**