Skip to content

Commit

Permalink
Update PASE/CASE session establishment response timeouts (#23335)
Browse files Browse the repository at this point in the history
  • Loading branch information
@vivien-apple
vivien-apple authored Oct 26, 2022
1 parent 1195310 commit dd358ef
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 12 deletions.
17 changes: 11 additions & 6 deletions src/protocols/secure_channel/CASESession.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,10 +116,15 @@ using HKDF_sha_crypto = HKDF_shaHSM;
using HKDF_sha_crypto = HKDF_sha;
#endif

// Wait at most 30 seconds for the response from the peer.
// This timeout value assumes the underlying transport is reliable.
// The session establishment fails if the response is not received within timeout window.
static constexpr ExchangeContext::Timeout kSigma_Response_Timeout = System::Clock::Seconds16(30);
// Amounts of time to allow for server-side processing of messages.
//
// These timeout values only allow for the server-side processing and assume that any transport-specific
// latency will be added to them.
//
// The session establishment fails if the response is not received within the resulting timeout window,
// which accounts for both transport latency and the server-side latency.
static constexpr ExchangeContext::Timeout kExpectedLowProcessingTime = System::Clock::Seconds16(2);
static constexpr ExchangeContext::Timeout kExpectedHighProcessingTime = System::Clock::Seconds16(30);

CASESession::~CASESession()
{
Expand Down Expand Up @@ -260,7 +265,7 @@ CHIP_ERROR CASESession::EstablishSession(SessionManager & sessionManager, Fabric
mSessionResumptionStorage = sessionResumptionStorage;
mLocalMRPConfig = mrpLocalConfig;

mExchangeCtxt->SetResponseTimeout(kSigma_Response_Timeout + mExchangeCtxt->GetSessionHandle()->GetAckTimeout());
mExchangeCtxt->UseSuggestedResponseTimeout(kExpectedLowProcessingTime);
mPeerNodeId = peerScopedNodeId.GetNodeId();
mLocalNodeId = fabricInfo->GetNodeId();

Expand Down Expand Up @@ -1723,8 +1728,8 @@ CHIP_ERROR CASESession::ValidateReceivedMessage(ExchangeContext * ec, const Payl
else
{
mExchangeCtxt = ec;
mExchangeCtxt->SetResponseTimeout(kSigma_Response_Timeout + mExchangeCtxt->GetSessionHandle()->GetAckTimeout());
}
mExchangeCtxt->UseSuggestedResponseTimeout(kExpectedHighProcessingTime);

VerifyOrReturnError(!msg.IsNull(), CHIP_ERROR_INVALID_ARGUMENT);
return CHIP_NO_ERROR;
Expand Down
17 changes: 11 additions & 6 deletions src/protocols/secure_channel/PASESession.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,15 @@ const char * kSpake2pContext = "CHIP PAKE V1 Commissioning";
const char * kSpake2pI2RSessionInfo = "Commissioning I2R Key";
const char * kSpake2pR2ISessionInfo = "Commissioning R2I Key";

// Wait at most 30 seconds for the response from the peer.
// This timeout value assumes the underlying transport is reliable.
// The session establishment fails if the response is not received with in timeout window.
static constexpr ExchangeContext::Timeout kSpake2p_Response_Timeout = System::Clock::Seconds16(30);
// Amounts of time to allow for server-side processing of messages.
//
// These timeout values only allow for the server-side processing and assume that any transport-specific
// latency will be added to them.
//
// The session establishment fails if the response is not received within the resulting timeout window,
// which accounts for both transport latency and the server-side latency.
static constexpr ExchangeContext::Timeout kExpectedLowProcessingTime = System::Clock::Seconds16(2);
static constexpr ExchangeContext::Timeout kExpectedHighProcessingTime = System::Clock::Seconds16(30);

PASESession::~PASESession()
{
Expand Down Expand Up @@ -216,7 +221,7 @@ CHIP_ERROR PASESession::Pair(SessionManager & sessionManager, uint32_t peerSetUp
// When commissioning starts, the peer is assumed to be active.
mExchangeCtxt->GetSessionHandle()->AsUnauthenticatedSession()->MarkActiveRx();

mExchangeCtxt->SetResponseTimeout(kSpake2p_Response_Timeout + mExchangeCtxt->GetSessionHandle()->GetAckTimeout());
mExchangeCtxt->UseSuggestedResponseTimeout(kExpectedLowProcessingTime);

mLocalMRPConfig = mrpLocalConfig;

Expand Down Expand Up @@ -787,8 +792,8 @@ CHIP_ERROR PASESession::ValidateReceivedMessage(ExchangeContext * exchange, cons
else
{
mExchangeCtxt = exchange;
mExchangeCtxt->SetResponseTimeout(kSpake2p_Response_Timeout + mExchangeCtxt->GetSessionHandle()->GetAckTimeout());
}
mExchangeCtxt->UseSuggestedResponseTimeout(kExpectedHighProcessingTime);

VerifyOrReturnError(!msg.IsNull(), CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError((mNextExpectedMsg.HasValue() && payloadHeader.HasMessageType(mNextExpectedMsg.Value())) ||
Expand Down

0 comments on commit dd358ef

Please sign in to comment.