From 4170a8fba1577cc5101629a58cb1fa2304ee7748 Mon Sep 17 00:00:00 2001 From: ivmarkov Date: Mon, 20 Oct 2025 17:43:12 +0000 Subject: [PATCH] Use more refined array type aliases --- rs-matter/src/dm/clusters/noc.rs | 6 +- rs-matter/src/fabric.rs | 8 +- rs-matter/src/failsafe.rs | 3 +- rs-matter/src/group_keys.rs | 25 ++++-- rs-matter/src/sc.rs | 2 +- rs-matter/src/sc/case.rs | 125 ++++++++++++++++++----------- rs-matter/src/sc/pake.rs | 25 ++++-- rs-matter/src/transport/session.rs | 21 +++-- 8 files changed, 136 insertions(+), 79 deletions(-) diff --git a/rs-matter/src/dm/clusters/noc.rs b/rs-matter/src/dm/clusters/noc.rs index 23a2db0e..33045435 100644 --- a/rs-matter/src/dm/clusters/noc.rs +++ b/rs-matter/src/dm/clusters/noc.rs @@ -431,7 +431,11 @@ impl ClusterHandler for NocHandler { request.admin_vendor_id()?, icac, request.noc_value()?.0, - request.ipk_value()?.0, + request + .ipk_value()? + .0 + .try_into() + .map_err(|_| ErrorCode::ConstraintError)?, request.case_admin_subject()?, buf, &mut || ctx.exchange().matter().notify_mdns(), diff --git a/rs-matter/src/fabric.rs b/rs-matter/src/fabric.rs index cfa45d00..f4a6e393 100644 --- a/rs-matter/src/fabric.rs +++ b/rs-matter/src/fabric.rs @@ -26,7 +26,7 @@ use crate::cert::{CertRef, MAX_CERT_TLV_LEN}; use crate::crypto::{self, hkdf_sha256, HmacSha256, KeyPair}; use crate::dm::Privilege; use crate::error::{Error, ErrorCode}; -use crate::group_keys::KeySet; +use crate::group_keys::{KeySet, KeySetKey}; use crate::tlv::{FromTLV, TLVElement, TLVTag, TLVWrite, TagType, ToTLV}; use crate::utils::init::{init, Init, InitMaybeUninit, IntoFallibleInit}; use crate::utils::storage::{Vec, WriteBuf}; @@ -107,7 +107,7 @@ impl Fabric { root_ca: &[u8], noc: &[u8], icac: &[u8], - ipk: Option<&[u8]>, + ipk: Option<&KeySetKey>, vendor_id: Option, case_admin_subject: Option, mdns_notif: &mut dyn FnMut(), @@ -137,7 +137,7 @@ impl Fabric { Self::compute_compressed_fabric_id(root_ca_p.pubkey()?, self.fabric_id); if let Some(ipk) = ipk { - self.ipk = KeySet::new(ipk, &self.compressed_fabric_id.to_be_bytes())?; + self.ipk = KeySet::new(ipk, &self.compressed_fabric_id)?; } if let Some(case_admin_subject) = case_admin_subject { @@ -578,7 +578,7 @@ impl FabricMgr { root_ca: &[u8], noc: &[u8], icac: &[u8], - ipk: &[u8], + ipk: &KeySetKey, vendor_id: u16, case_admin_subject: u64, mdns_notif: &mut dyn FnMut(), diff --git a/rs-matter/src/failsafe.rs b/rs-matter/src/failsafe.rs index fe9ffbc7..f466a317 100644 --- a/rs-matter/src/failsafe.rs +++ b/rs-matter/src/failsafe.rs @@ -22,6 +22,7 @@ use crate::cert::{CertRef, MAX_CERT_TLV_LEN}; use crate::crypto::KeyPair; use crate::error::{Error, ErrorCode}; use crate::fabric::FabricMgr; +use crate::group_keys::KeySetKey; use crate::im::IMStatusCode; use crate::tlv::TLVElement; use crate::transport::session::SessionMode; @@ -279,7 +280,7 @@ impl FailSafe { vendor_id: u16, icac: Option<&[u8]>, noc: &[u8], - ipk: &[u8], + ipk: &KeySetKey, case_admin_subject: u64, buf: &mut [u8], mdns_notif: &mut dyn FnMut(), diff --git a/rs-matter/src/group_keys.rs b/rs-matter/src/group_keys.rs index 77bdaff0..70b74af1 100644 --- a/rs-matter/src/group_keys.rs +++ b/rs-matter/src/group_keys.rs @@ -22,7 +22,7 @@ use crate::{ utils::init::{init, zeroed, Init}, }; -type KeySetKey = [u8; SYMM_KEY_LEN_BYTES]; +pub type KeySetKey = [u8; SYMM_KEY_LEN_BYTES]; #[derive(Debug, Default, FromTLV, ToTLV)] #[cfg_attr(feature = "defmt", derive(defmt::Format))] @@ -46,27 +46,36 @@ impl KeySet { }) } - pub fn new(epoch_key: &[u8], compressed_id: &[u8]) -> Result { + pub fn new(epoch_key: &KeySetKey, compressed_fabric_id: &u64) -> Result { let mut ks = KeySet::default(); - KeySet::op_key_from_ipk(epoch_key, compressed_id, &mut ks.op_key)?; + Self::op_key_from_ipk(epoch_key, compressed_fabric_id, &mut ks.op_key)?; ks.epoch_key.copy_from_slice(epoch_key); Ok(ks) } - fn op_key_from_ipk(ipk: &[u8], compressed_id: &[u8], opkey: &mut [u8]) -> Result<(), Error> { + fn op_key_from_ipk( + ipk: &KeySetKey, + compressed_fabric_id: &u64, + opkey: &mut KeySetKey, + ) -> Result<(), Error> { const GRP_KEY_INFO: [u8; 13] = [ 0x47, 0x72, 0x6f, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x20, 0x76, 0x31, 0x2e, 0x30, ]; - crypto::hkdf_sha256(compressed_id, ipk, &GRP_KEY_INFO, opkey) - .map_err(|_| ErrorCode::InvalidData.into()) + crypto::hkdf_sha256( + &compressed_fabric_id.to_be_bytes(), + ipk, + &GRP_KEY_INFO, + opkey, + ) + .map_err(|_| ErrorCode::InvalidData.into()) } - pub fn op_key(&self) -> &[u8] { + pub fn op_key(&self) -> &KeySetKey { &self.op_key } - pub fn epoch_key(&self) -> &[u8] { + pub fn epoch_key(&self) -> &KeySetKey { &self.epoch_key } } diff --git a/rs-matter/src/sc.rs b/rs-matter/src/sc.rs index dc610a24..60f3cb51 100644 --- a/rs-matter/src/sc.rs +++ b/rs-matter/src/sc.rs @@ -36,7 +36,7 @@ pub mod case; pub mod crypto; pub mod pake; -/* Interaction Model ID as per the Matter Spec */ +/// Interaction Model ID as per the Matter Spec pub const PROTO_ID_SECURE_CHANNEL: u16 = 0x00; #[derive(FromPrimitive, Debug, Copy, Clone, Eq, PartialEq)] diff --git a/rs-matter/src/sc/case.rs b/rs-matter/src/sc/case.rs index 3ca106d1..993d44cb 100644 --- a/rs-matter/src/sc/case.rs +++ b/rs-matter/src/sc/case.rs @@ -22,6 +22,7 @@ use crate::cert::CertRef; use crate::crypto::{self, KeyPair, Sha256}; use crate::error::{Error, ErrorCode}; use crate::fabric::Fabric; +use crate::group_keys::KeySetKey; use crate::sc::{ check_opcode, complete_with_status, sc_write, OpCode, SCStatusCodes, SessionParameters, }; @@ -31,6 +32,19 @@ use crate::transport::session::{NocCatIds, ReservedSession, SessionMode}; use crate::utils::init::{init, zeroed, Init, InitMaybeUninit}; use crate::utils::storage::WriteBuf; +/// CASE Random array type +type Random = [u8; 32]; +/// CASE Shared Secret array type +type SharedSecret = [u8; crypto::ECDH_SHARED_SECRET_LEN_BYTES]; +/// CASE Public Key array type +type PubKey = [u8; crypto::EC_POINT_LEN_BYTES]; +/// CASE Resumption ID array type +type ResumptionId = [u8; 16]; +/// CASE Transcript Hash array type (Sha256) +type Hash = [u8; crypto::SHA256_HASH_LEN_BYTES]; +/// CASE Signature array type +type Signature = [u8; crypto::EC_SIGNATURE_LEN_BYTES]; + /// The CASE Session type used during the CASE handshake #[derive(Debug, Clone)] #[cfg_attr(feature = "defmt", derive(defmt::Format))] @@ -42,11 +56,11 @@ struct CaseSession { /// The Transcript Hash tt_hash: Option, /// The ECDH Shared Secret - shared_secret: [u8; crypto::ECDH_SHARED_SECRET_LEN_BYTES], + shared_secret: SharedSecret, /// Our ephemeral public key - our_pub_key: [u8; crypto::EC_POINT_LEN_BYTES], + our_pub_key: PubKey, /// The peer's ephemeral public key - peer_pub_key: [u8; crypto::EC_POINT_LEN_BYTES], + peer_pub_key: PubKey, /// The local fabric index for this session local_fabric_idx: u8, } @@ -96,10 +110,10 @@ impl CaseSession { fn get_sigma2_encryption( &self, fabric: &Fabric, - our_random: &[u8], - our_hash: &[u8], - signature: &[u8], - resumption_id: &[u8], + our_random: &Random, + our_hash: &Hash, + signature: &Signature, + resumption_id: &ResumptionId, out: &mut [u8], ) -> Result { let mut sigma2_key = [0_u8; crypto::SYMM_KEY_LEN_BYTES]; @@ -117,7 +131,7 @@ impl CaseSession { tw.str(&TLVTag::Context(4), resumption_id)?; tw.end_container()?; //println!("TBE is {:x?}", write_buf.as_borrow_slice()); - let nonce: [u8; crypto::AEAD_NONCE_LEN_BYTES] = [ + const NONCE: [u8; crypto::AEAD_NONCE_LEN_BYTES] = [ 0x4e, 0x43, 0x41, 0x53, 0x45, 0x5f, 0x53, 0x69, 0x67, 0x6d, 0x61, 0x32, 0x4e, ]; // let nonce = GenericArray::from_slice(&nonce); @@ -130,7 +144,7 @@ impl CaseSession { crypto::encrypt_in_place( &sigma2_key, - &nonce, + &NONCE, &[], cipher_text, cipher_text.len() - TAG_LEN, @@ -152,8 +166,8 @@ impl CaseSession { &self, fabric: &Fabric, tmp_buf: &mut [u8], - signature: &mut [u8], - ) -> Result { + signature: &mut Signature, + ) -> Result<(), Error> { let our_pub_key = &self.our_pub_key; let peer_pub_key = &self.peer_pub_key; @@ -168,7 +182,10 @@ impl CaseSession { tw.str(&TLVTag::Context(4), peer_pub_key)?; tw.end_container()?; //println!("TBS is {:x?}", write_buf.as_borrow_slice()); - fabric.sign_msg(write_buf.as_slice(), signature) + let len = fabric.sign_msg(write_buf.as_slice(), signature)?; + assert_eq!(signature.len(), len); + + Ok(()) } /// Get the Sigma2 key @@ -185,19 +202,26 @@ impl CaseSession { /// - `Err(Error)` - If an error occurred during the process fn get_sigma2_key( &self, - ipk: &[u8], - our_random: &[u8], - our_hash: &[u8], - key: &mut [u8], + ipk: &KeySetKey, + our_random: &Random, + our_hash: &Hash, + key: &mut KeySetKey, ) -> Result<(), Error> { let our_pub_key = &self.our_pub_key; let shared_secret = &self.shared_secret; const S2K_INFO: [u8; 6] = [0x53, 0x69, 0x67, 0x6d, 0x61, 0x32]; - if key.len() < 16 { - Err(ErrorCode::InvalidData)?; - } - let mut salt = heapless::Vec::::new(); + + // TODO MEDIUM BUFFER + let mut salt = heapless::Vec::< + u8, + { + core::mem::size_of::() + + core::mem::size_of::() + + core::mem::size_of::() + + core::mem::size_of::() + }, + >::new(); unwrap!(salt.extend_from_slice(ipk)); unwrap!(salt.extend_from_slice(our_random)); unwrap!(salt.extend_from_slice(our_pub_key)); @@ -294,22 +318,30 @@ impl CaseSession { /// # Returns /// - `Ok(())` - If the session keys were successfully derived /// - `Err(Error)` - If an error occurred during the process - fn get_session_keys(&self, ipk: &[u8], key: &mut [u8]) -> Result<(), Error> { + fn get_session_keys( + &self, + ipk: &KeySetKey, + key: &mut [u8; 3 * core::mem::size_of::()], + ) -> Result<(), Error> { let tt = unwrap!(self.tt_hash.as_ref()); let shared_secret = &self.shared_secret; const SEKEYS_INFO: [u8; 11] = [ 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x73, ]; - if key.len() < 48 { - Err(ErrorCode::InvalidData)?; - } - let mut salt = heapless::Vec::::new(); + + // // TODO MEDIUM BUFFER + let mut salt = heapless::Vec::< + u8, + { core::mem::size_of::() + core::mem::size_of::() }, + >::new(); + unwrap!(salt.extend_from_slice(ipk)); let tt = tt.clone(); - let mut tt_hash = [0u8; crypto::SHA256_HASH_LEN_BYTES]; - tt.finish(&mut tt_hash)?; - unwrap!(salt.extend_from_slice(&tt_hash)); + let mut tt_hash = MaybeUninit::::uninit(); // TODO MEDIUM BUFFER + let tt_hash = tt_hash.init_zeroed(); + tt.finish(tt_hash)?; + unwrap!(salt.extend_from_slice(tt_hash)); // println!("Session Key: salt: {:x?}, len: {}", salt, salt.len()); crypto::hkdf_sha256(salt.as_slice(), shared_secret, &SEKEYS_INFO, key) @@ -328,7 +360,7 @@ impl CaseSession { /// # Returns /// - `Ok(usize)` - The length of the decrypted data /// - `Err(Error)` - If an error occurred during the process - fn get_sigma3_decryption(&self, ipk: &[u8], encrypted: &mut [u8]) -> Result { + fn get_sigma3_decryption(&self, ipk: &KeySetKey, encrypted: &mut [u8]) -> Result { let mut sigma3_key = [0_u8; crypto::SYMM_KEY_LEN_BYTES]; self.get_sigma3_key(ipk, &mut sigma3_key)?; // println!("Sigma3 Key: {:x?}", sigma3_key); @@ -351,7 +383,7 @@ impl CaseSession { /// # Returns /// - `Ok(())` - If the Sigma3 key was successfully derived /// - `Err(Error)` - If an error occurred during the process - fn get_sigma3_key(&self, ipk: &[u8], key: &mut [u8]) -> Result<(), Error> { + fn get_sigma3_key(&self, ipk: &KeySetKey, key: &mut KeySetKey) -> Result<(), Error> { let tt = unwrap!(self.tt_hash.as_ref()); let shared_secret = &self.shared_secret; @@ -359,7 +391,12 @@ impl CaseSession { if key.len() < 16 { Err(ErrorCode::InvalidData)?; } - let mut salt = heapless::Vec::::new(); + + // TODO MEDIUM BUFFER + let mut salt = heapless::Vec::< + u8, + { core::mem::size_of::() + core::mem::size_of::() }, + >::new(); unwrap!(salt.extend_from_slice(ipk)); let tt = tt.clone(); @@ -492,7 +529,7 @@ impl Case { self.session.tt_hash = Some(Sha256::new()?); unwrap!(self.session.tt_hash.as_mut()).update(exchange.rx()?.payload())?; self.session.local_fabric_idx = unwrap!(local_fabric_idx).get(); - if r.peer_pub_key.0.len() != crypto::EC_POINT_LEN_BYTES { + if r.peer_pub_key.0.len() != core::mem::size_of::() { error!("Invalid public key length"); Err(ErrorCode::Invalid)?; } @@ -508,21 +545,21 @@ impl Case { // Derive the Shared Secret let len = key_pair.derive_secret(r.peer_pub_key.0, &mut self.session.shared_secret)?; - if len != 32 { + if len != core::mem::size_of::() { error!("Derived secret length incorrect"); Err(ErrorCode::Invalid)?; } // println!("Derived secret: {:x?} len: {}", secret, len); - let mut our_random = MaybeUninit::<[u8; 32]>::uninit(); // TODO MEDIUM BUFFER + let mut our_random = MaybeUninit::::uninit(); // TODO MEDIUM BUFFER let our_random = our_random.init_zeroed(); (exchange.matter().rand())(our_random); - let mut resumption_id = MaybeUninit::<[u8; 16]>::uninit(); // TODO MEDIUM BUFFER + let mut resumption_id = MaybeUninit::::uninit(); // TODO MEDIUM BUFFER let resumption_id = resumption_id.init_zeroed(); (exchange.matter().rand())(resumption_id); - let mut tt_hash = MaybeUninit::<[u8; crypto::SHA256_HASH_LEN_BYTES]>::uninit(); // TODO MEDIUM BUFFER + let mut tt_hash = MaybeUninit::::uninit(); // TODO MEDIUM BUFFER let tt_hash = tt_hash.init_zeroed(); unwrap!(self.session.tt_hash.as_ref()) .clone() @@ -540,15 +577,13 @@ impl Case { return sc_write(tw, SCStatusCodes::NoSharedTrustRoots, &[]); }; - let mut signature = MaybeUninit::<[u8; crypto::EC_SIGNATURE_LEN_BYTES]>::uninit(); // TODO MEDIUM BUFFER + let mut signature = MaybeUninit::::uninit(); // TODO MEDIUM BUFFER let signature = signature.init_zeroed(); // Use the remainder of the TX buffer as scratch space for computing the signature - let sign_buf = tw.empty_as_mut_slice(); - - let sign_len = self.session.get_sigma2_sign(fabric, sign_buf, signature)?; + let tmp_buf = tw.empty_as_mut_slice(); - let signature = &signature[..sign_len]; + self.session.get_sigma2_sign(fabric, tmp_buf, signature)?; tw.start_struct(&TLVTag::Anonymous)?; tw.str(&TLVTag::Context(1), &*our_random)?; @@ -645,7 +680,7 @@ impl Case { unwrap!(self.session.tt_hash.as_mut()).update(exchange.rx()?.payload())?; let mut session_keys = - MaybeUninit::<[u8; 3 * crypto::SYMM_KEY_LEN_BYTES]>::uninit(); // TODO MEDIM BUFFER + MaybeUninit::<[u8; 3 * core::mem::size_of::()]>::uninit(); // TODO MEDIM BUFFER let session_keys = session_keys.init_zeroed(); self.session .get_session_keys(fabric.ipk().op_key(), session_keys)?; @@ -663,9 +698,9 @@ impl Case { fab_idx: unwrap!(NonZeroU8::new(self.session.local_fabric_idx)), cat_ids: peer_catids, }, - Some(&session_keys[0..16]), - Some(&session_keys[16..32]), - Some(&session_keys[32..48]), + Some(&session_keys[0..16].try_into().unwrap()), + Some(&session_keys[16..32].try_into().unwrap()), + Some(&session_keys[32..48].try_into().unwrap()), )?; // Complete the reserved session and thus make the `Session` instance diff --git a/rs-matter/src/sc/pake.rs b/rs-matter/src/sc/pake.rs index 4853a0cd..8e66a164 100644 --- a/rs-matter/src/sc/pake.rs +++ b/rs-matter/src/sc/pake.rs @@ -15,6 +15,7 @@ * limitations under the License. */ +use core::mem::MaybeUninit; use core::num::NonZeroU8; use core::ops::Add; use core::time::Duration; @@ -22,12 +23,13 @@ use core::time::Duration; use spake2p::{Spake2P, VerifierData, MAX_SALT_SIZE_BYTES}; use crate::error::{Error, ErrorCode}; +use crate::group_keys::KeySetKey; use crate::sc::{check_opcode, complete_with_status, OpCode, SessionParameters}; use crate::tlv::{get_root_node_struct, FromTLV, OctetStr, TLVElement, TagType, ToTLV}; use crate::transport::exchange::{Exchange, ExchangeId}; use crate::transport::session::{ReservedSession, SessionMode}; use crate::utils::epoch::Epoch; -use crate::utils::init::{init, try_init, Init}; +use crate::utils::init::{init, try_init, Init, InitMaybeUninit}; use crate::utils::maybe::Maybe; use crate::utils::rand::Rand; use crate::{crypto, MatterMdnsService}; @@ -36,6 +38,9 @@ use super::SCStatusCodes; pub(crate) mod spake2p; +/// PAKE Random array type +type Random = [u8; 32]; + /// Minimal commissioning window timeout in seconds, as per the Matter Core Spec pub const MIN_COMM_WINDOW_TIMEOUT_SECS: u16 = 3 * 60; /// Maximal commissioning window timeout in seconds, as per the Matter Core Spec @@ -527,8 +532,9 @@ impl Pake { }; if has_comm_window { - let mut our_random = [0; 32]; - let mut initiator_random = [0; 32]; + // TODO MEDIUM BUFFER + let mut our_random = [0; core::mem::size_of::()]; + let mut initiator_random = [0; core::mem::size_of::()]; let resp = { let a = PBKDFParamReq::from_tlv(&TLVElement::new(rx.payload()))?; @@ -600,6 +606,7 @@ impl Pake { check_opcode(exchange, OpCode::PASEPake1)?; let pA = Self::extract_pasepake_1_or_3_params(exchange.rx()?.payload())?; + // TODO MEDIUM BUFFER let mut pB: [u8; 65] = [0; 65]; let mut cB: [u8; 32] = [0; 32]; @@ -655,8 +662,10 @@ impl Pake { let result = if status == SCStatusCodes::SessionEstablishmentSuccess { // Get the keys let ke = ke.ok_or(ErrorCode::Invalid)?; - let mut session_keys: [u8; 48] = [0; 48]; - crypto::hkdf_sha256(&[], ke, SPAKE2_SESSION_KEYS_INFO, &mut session_keys) + let mut session_keys = + MaybeUninit::<[u8; 3 * core::mem::size_of::()]>::uninit(); // TODO MEDIM BUFFER + let session_keys = session_keys.init_zeroed(); + crypto::hkdf_sha256(&[], ke, SPAKE2_SESSION_KEYS_INFO, session_keys) .map_err(|_x| ErrorCode::InvalidData)?; // Create a session @@ -672,9 +681,9 @@ impl Pake { local_sessid, peer_addr, SessionMode::Pase { fab_idx: 0 }, - Some(&session_keys[0..16]), - Some(&session_keys[16..32]), - Some(&session_keys[32..48]), + Some(&session_keys[0..16].try_into().unwrap()), + Some(&session_keys[16..32].try_into().unwrap()), + Some(&session_keys[32..48].try_into().unwrap()), )?; Ok(()) diff --git a/rs-matter/src/transport/session.rs b/rs-matter/src/transport/session.rs index a80f6158..98fd9ff4 100644 --- a/rs-matter/src/transport/session.rs +++ b/rs-matter/src/transport/session.rs @@ -22,6 +22,7 @@ use core::time::Duration; use cfg_if::cfg_if; use crate::error::*; +use crate::group_keys::KeySetKey; use crate::transport::exchange::ExchangeId; use crate::transport::mrp::ReliableMessage; use crate::utils::cell::RefCell; @@ -42,8 +43,6 @@ use super::proto_hdr::ProtoHdr; pub const MAX_CAT_IDS_PER_NOC: usize = 3; pub type NocCatIds = [u32; MAX_CAT_IDS_PER_NOC]; -const MATTER_AES128_KEY_SIZE: usize = 16; - #[derive(Debug, PartialEq, Eq, Clone, Default)] #[cfg_attr(feature = "defmt", derive(defmt::Format))] pub enum SessionMode { @@ -81,9 +80,9 @@ pub struct Session { peer_nodeid: Option, // I find the session initiator/responder role getting confused with exchange initiator/responder // So, we might keep this as enc_key and dec_key for now - dec_key: [u8; MATTER_AES128_KEY_SIZE], - enc_key: [u8; MATTER_AES128_KEY_SIZE], - att_challenge: [u8; MATTER_AES128_KEY_SIZE], + dec_key: KeySetKey, + enc_key: KeySetKey, + att_challenge: KeySetKey, local_sess_id: u16, peer_sess_id: u16, msg_ctr: u32, @@ -115,9 +114,9 @@ impl Session { peer_addr, local_nodeid: 0, peer_nodeid, - dec_key: [0; MATTER_AES128_KEY_SIZE], - enc_key: [0; MATTER_AES128_KEY_SIZE], - att_challenge: [0; MATTER_AES128_KEY_SIZE], + dec_key: KeySetKey::default(), + enc_key: KeySetKey::default(), + att_challenge: KeySetKey::default(), peer_sess_id: 0, local_sess_id: 0, msg_ctr: Self::rand_msg_ctr(rand), @@ -515,9 +514,9 @@ impl<'a> ReservedSession<'a> { local_sessid: u16, peer_addr: Address, mode: SessionMode, - dec_key: Option<&[u8]>, - enc_key: Option<&[u8]>, - att_challenge: Option<&[u8]>, + dec_key: Option<&KeySetKey>, + enc_key: Option<&KeySetKey>, + att_challenge: Option<&KeySetKey>, ) -> Result<(), Error> { let mut mgr = self.session_mgr.borrow_mut(); let session = mgr.get(self.id).ok_or(ErrorCode::NoSession)?;