Merge pull request #88 from ivmarkov/session-eviction

Handle out of sessions and out of exchanges

Author: kedars

rs-matter/src/core.rs

@@ -17,6 +17,8 @@
 
 use core::{borrow::Borrow, cell::RefCell};
 
+use embassy_sync::{blocking_mutex::raw::NoopRawMutex, mutex::Mutex};
+
 use crate::{
     acl::AclMgr,
     data_model::{
@@ -61,6 +63,8 @@ pub struct Matter<'a> {
     dev_att: &'a dyn DevAttDataFetcher,
     pub(crate) port: u16,
     pub(crate) exchanges: RefCell<heapless::Vec<ExchangeCtx, MAX_EXCHANGES>>,
+    pub(crate) ephemeral: RefCell<Option<ExchangeCtx>>,
+    pub(crate) ephemeral_mutex: Mutex<NoopRawMutex, ()>,
     pub session_mgr: RefCell<SessionMgr>, // Public for tests
 }
 
@@ -108,6 +112,8 @@ impl<'a> Matter<'a> {
             dev_att,
             port,
             exchanges: RefCell::new(heapless::Vec::new()),
+            ephemeral: RefCell::new(None),
+            ephemeral_mutex: Mutex::new(()),
             session_mgr: RefCell::new(SessionMgr::new(epoch, rand)),
         }
     }

rs-matter/src/error.rs

@@ -47,6 +47,8 @@ pub enum ErrorCode {
     NoMemory,
     NoSession,
     NoSpace,
+    NoSpaceExchanges,
+    NoSpaceSessions,
     NoSpaceAckTable,
     NoSpaceRetransTable,
     NoTagFound,

rs-matter/src/secure_channel/case.rs

@@ -96,7 +96,7 @@ impl<'a> Case<'a> {
     ) -> Result<(), Error> {
         rx.check_proto_opcode(OpCode::CASESigma3 as _)?;
 
-        let status = {
+        let result = {
             let fabric_mgr = self.fabric_mgr.borrow();
 
             let fabric = fabric_mgr.get_fabric(case_session.local_fabric_idx)?;
@@ -133,7 +133,7 @@ impl<'a> Case<'a> {
 
                 if let Err(e) = Case::validate_certs(fabric, &initiator_noc, initiator_icac_mut) {
                     error!("Certificate Chain doesn't match: {}", e);
-                    SCStatusCodes::InvalidParameter
+                    Err(SCStatusCodes::InvalidParameter)
                 } else if let Err(e) = Case::validate_sigma3_sign(
                     d.initiator_noc.0,
                     d.initiator_icac.map(|a| a.0),
@@ -142,30 +142,33 @@ impl<'a> Case<'a> {
                     case_session,
                 ) {
                     error!("Sigma3 Signature doesn't match: {}", e);
-                    SCStatusCodes::InvalidParameter
+                    Err(SCStatusCodes::InvalidParameter)
                 } else {
                     // Only now do we add this message to the TT Hash
                     let mut peer_catids: NocCatIds = Default::default();
                     initiator_noc.get_cat_ids(&mut peer_catids);
                     case_session.tt_hash.update(rx.as_slice())?;
-                    let clone_data = Case::get_session_clone_data(
+
+                    Ok(Case::get_session_clone_data(
                         fabric.ipk.op_key(),
                         fabric.get_node_id(),
                         initiator_noc.get_node_id()?,
                         exchange.with_session(|sess| Ok(sess.get_peer_addr()))?,
                         case_session,
                         &peer_catids,
-                    )?;
-
-                    // TODO: Handle NoSpace
-                    exchange
-                        .with_session_mgr_mut(|sess_mgr| sess_mgr.clone_session(&clone_data))?;
-
-                    SCStatusCodes::SessionEstablishmentSuccess
+                    )?)
                 }
             } else {
-                SCStatusCodes::NoSharedTrustRoots
+                Err(SCStatusCodes::NoSharedTrustRoots)
+            }
+        };
+
+        let status = match result {
+            Ok(clone_data) => {
+                exchange.clone_session(tx, &clone_data).await?;
+                SCStatusCodes::SessionEstablishmentSuccess
             }
+            Err(status) => status,
         };
 
         complete_with_status(exchange, tx, status, None).await
@@ -201,7 +204,7 @@ impl<'a> Case<'a> {
             return Ok(());
         }
 
-        let local_sessid = exchange.with_session_mgr_mut(|mgr| Ok(mgr.get_next_sess_id()))?;
+        let local_sessid = exchange.get_next_sess_id();
         case_session.peer_sessid = r.initiator_sessid;
         case_session.local_sessid = local_sessid;
         case_session.tt_hash.update(rx_buf)?;

rs-matter/src/secure_channel/common.rs

@@ -78,8 +78,8 @@ pub fn create_sc_status_report(
             // the session will be closed soon
             GeneralCode::Success
         }
-        SCStatusCodes::Busy
-        | SCStatusCodes::InvalidParameter
+        SCStatusCodes::Busy => GeneralCode::Busy,
+        SCStatusCodes::InvalidParameter
         | SCStatusCodes::NoSharedTrustRoots
         | SCStatusCodes::SessionNotFound => GeneralCode::Failure,
     };

rs-matter/src/secure_channel/pake.rs

@@ -167,9 +167,9 @@ impl<'a> Pake<'a> {
         self.update_timeout(exchange, tx, true).await?;
 
         let cA = extract_pasepake_1_or_3_params(rx.as_slice())?;
-        let (status_code, ke) = spake2p.handle_cA(cA);
+        let (status, ke) = spake2p.handle_cA(cA);
 
-        let clone_data = if status_code == SCStatusCodes::SessionEstablishmentSuccess {
+        let result = if status == SCStatusCodes::SessionEstablishmentSuccess {
             // Get the keys
             let ke = ke.ok_or(ErrorCode::Invalid)?;
             let mut session_keys: [u8; 48] = [0; 48];
@@ -194,22 +194,22 @@ impl<'a> Pake<'a> {
                 .att_challenge
                 .copy_from_slice(&session_keys[32..48]);
 
-            // Queue a transport mgr request to add a new session
-            Some(clone_data)
+            Ok(clone_data)
         } else {
-            None
+            Err(status)
         };
 
-        if let Some(clone_data) = clone_data {
-            // TODO: Handle NoSpace
-            exchange.with_session_mgr_mut(|sess_mgr| sess_mgr.clone_session(&clone_data))?;
+        let status = match result {
+            Ok(clone_data) => {
+                exchange.clone_session(tx, &clone_data).await?;
+                self.pase.borrow_mut().disable_pase_session(mdns)?;
 
-            self.pase.borrow_mut().disable_pase_session(mdns)?;
-        }
-
-        complete_with_status(exchange, tx, status_code, None).await?;
+                SCStatusCodes::SessionEstablishmentSuccess
+            }
+            Err(status) => status,
+        };
 
-        Ok(())
+        complete_with_status(exchange, tx, status, None).await
     }
 
     #[allow(non_snake_case)]
@@ -273,7 +273,7 @@ impl<'a> Pake<'a> {
             let mut our_random: [u8; 32] = [0; 32];
             (self.pase.borrow().rand)(&mut our_random);
 
-            let local_sessid = exchange.with_session_mgr_mut(|mgr| Ok(mgr.get_next_sess_id()))?;
+            let local_sessid = exchange.get_next_sess_id();
             let spake2p_data: u32 = ((local_sessid as u32) << 16) | a.initiator_ssid as u32;
             spake2p.set_app_data(spake2p_data);