Skip to content

Commit

Permalink
misc fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
jdomnitz committed Jan 1, 2025
1 parent 6ac17a6 commit 623c355
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 16 deletions.
23 changes: 12 additions & 11 deletions MatterDotNet/PKI/Fabric.cs
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,15 @@ public class Fabric : OperationalCertificate

private Dictionary<ulong, OperationalCertificate> nodes = new Dictionary<ulong, OperationalCertificate>();

public Fabric(ulong rcac, ulong fabricId, byte[] ipk) : base()
public Fabric(string fabricName, ulong fabricId, byte[] ipk) : base()

Check warning on line 28 in MatterDotNet/PKI/Fabric.cs

View workflow job for this annotation

GitHub Actions / build

Non-nullable property 'CompressedFabricID' must contain a non-null value when exiting constructor. Consider adding the 'required' modifier or declaring the property as nullable.

Check warning on line 28 in MatterDotNet/PKI/Fabric.cs

View workflow job for this annotation

GitHub Actions / build

Non-nullable property 'OperationalIdentityProtectionKey' must contain a non-null value when exiting constructor. Consider adding the 'required' modifier or declaring the property as nullable.
{
if (fabricId == 0)
throw new ArgumentException("Invalid Fabric ID");
if (ipk.Length != 16)
throw new ArgumentException("Epoch Key must be 16 bytes");
this.RCAC = rcac;
this.RCAC = (ulong)Random.Shared.NextInt64();
this.FabricID = fabricId;
this.CommonName = fabricName;
EpochKey = ipk;
X500DistinguishedNameBuilder builder = new X500DistinguishedNameBuilder();
builder.Add(OID_RCAC, $"{RCAC:X16}", UniversalTagNumber.UTF8String);
Expand All @@ -45,17 +46,17 @@ public Fabric(ulong rcac, ulong fabricId, byte[] ipk) : base()
req.CertificateExtensions.Add(subjectKeyIdentifier);
req.CertificateExtensions.Add(X509AuthorityKeyIdentifierExtension.CreateFromSubjectKeyIdentifier(subjectKeyIdentifier));
this.cert = req.CreateSelfSigned(DateTime.Now.Subtract(TimeSpan.FromSeconds(30)), DateTime.Now.AddYears(10));
byte[] fabricIDBytes = new byte[8];
BinaryPrimitives.WriteUInt64BigEndian(fabricIDBytes, FabricID);
CompressedFabricID = Crypto.KDF(PublicKey.AsSpan(1), fabricIDBytes, COMPRESSED_FABRIC_INFO, 64);
OperationalIdentityProtectionKey = Crypto.KDF(EpochKey, CompressedFabricID, Encoding.ASCII.GetBytes("GroupKey v1.0"), Crypto.SYMMETRIC_KEY_LENGTH_BITS);
GenerateIDs();
}

protected Fabric(X509Certificate2 cert, byte[] ipk)
protected Fabric(X509Certificate2 cert, byte[] ipk) : base(cert)

Check warning on line 52 in MatterDotNet/PKI/Fabric.cs

View workflow job for this annotation

GitHub Actions / build

Non-nullable property 'CompressedFabricID' must contain a non-null value when exiting constructor. Consider adding the 'required' modifier or declaring the property as nullable.

Check warning on line 52 in MatterDotNet/PKI/Fabric.cs

View workflow job for this annotation

GitHub Actions / build

Non-nullable property 'OperationalIdentityProtectionKey' must contain a non-null value when exiting constructor. Consider adding the 'required' modifier or declaring the property as nullable.
{
this.cert = cert;
EpochKey = ipk;
ParseCert();
GenerateIDs();
}

private void GenerateIDs()
{
byte[] fabricIDBytes = new byte[8];
BinaryPrimitives.WriteUInt64BigEndian(fabricIDBytes, FabricID);
CompressedFabricID = Crypto.KDF(PublicKey.AsSpan(1), fabricIDBytes, COMPRESSED_FABRIC_INFO, 64);
Expand Down Expand Up @@ -179,9 +180,9 @@ public byte[] ComputeDestinationID(byte[] random, ulong nodeId)
return Crypto.HMAC(OperationalIdentityProtectionKey, message);
}

public byte[] CompressedFabricID { get; init; }
public byte[] CompressedFabricID { get; set; }
public OperationalCertificate? Commissioner { get; private set; }
public byte[] OperationalIdentityProtectionKey { get; init; }
public byte[] OperationalIdentityProtectionKey { get; set; }
public byte[] EpochKey { get; init; }
}
}
7 changes: 4 additions & 3 deletions MatterDotNet/PKI/OperationalCertificate.cs
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@

using MatterDotNet.Messages.Certificates;
using MatterDotNet.Protocol.Payloads;
using MatterDotNet.Util;
using System.Formats.Asn1;
using System.Globalization;
using System.Numerics;
Expand Down Expand Up @@ -275,8 +276,8 @@ public MatterCertificate ToMatterCertificate()
SigAlgo = 0x1,
EcPubKey = cert.GetPublicKey(),
SerialNum = cert.SerialNumberBytes.ToArray(),
NotBefore = (uint)((DateTimeOffset)cert.NotBefore - EPOCH).ToUnixTimeSeconds(),
NotAfter = (uint)((DateTimeOffset)cert.NotAfter - EPOCH).ToUnixTimeSeconds(),
NotBefore = TimeUtil.ToEpochSeconds(cert.NotBefore),
NotAfter = TimeUtil.ToEpochSeconds(cert.NotAfter),
Signature = GetSignature(),
Extensions = extensions,
Issuer = GetDNs(cert.IssuerName),
Expand Down Expand Up @@ -325,7 +326,7 @@ public bool VerifyData(byte[] message, byte[] signature)

public string IssuerName { get; private set; } = string.Empty;

public string CommonName { get; private set; } = string.Empty;
public string CommonName { get; protected set; } = string.Empty;

public ulong NodeID { get; private set; }

Expand Down
2 changes: 1 addition & 1 deletion MatterDotNet/Protocol/Connection/MRPConnection.cs
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ internal class MRPConnection : IConnection

public MRPConnection(IPEndPoint ep)
{
client = new UdpClient(AddressFamily.InterNetwork);
client = new UdpClient(ep.AddressFamily);
client.Connect(ep);
Task.Factory.StartNew(Run);
}
Expand Down
2 changes: 2 additions & 0 deletions MatterDotNet/Protocol/Sessions/SessionManager.cs
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ public static SessionContext GetUnsecureSession(IPEndPoint ep, bool initiator)

internal static SessionContext GetUnsecureSession(IConnection connection, bool initiator)
{
if (sessions.TryGetValue(0, out SessionContext? existing))
return existing;
SessionContext ctx = new SessionContext(connection, initiator, 0, 0, 0, 0, new MessageState());
sessions.TryAdd(0, ctx);
return ctx;
Expand Down
3 changes: 2 additions & 1 deletion Test/MatterCertTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -72,12 +72,13 @@ public void NOCEncoding()
tlv.Serialize(new TLVWriter(output));
Assert.That(nocTLV, Is.EqualTo(output.GetPayload().Span.ToArray()).AsCollection);
Assert.That(cert.PublicKey, Is.EqualTo(tlv.EcPubKey));
Assert.That(control.NotBefore, Is.EqualTo(tlv.NotBefore));
}

[Test]
public void NOCSigning()
{
Fabric fabric = new Fabric((ulong)Random.Shared.NextInt64(), 0x1, RandomNumberGenerator.GetBytes(16));
Fabric fabric = new Fabric("Test Fabric", 0x1, RandomNumberGenerator.GetBytes(16));
ECDsa key = ECDsa.Create();
CertificateRequest req = new CertificateRequest("CN=Test", key, HashAlgorithmName.SHA256);
OperationalCertificate noc = fabric.Sign(req);
Expand Down

0 comments on commit 623c355

Please sign in to comment.