misc fixes

Author: jdomnitz

MatterDotNet/PKI/Fabric.cs

@@ -25,14 +25,15 @@ public class Fabric : OperationalCertificate
 
         private Dictionary<ulong, OperationalCertificate> nodes = new Dictionary<ulong, OperationalCertificate>();
 
-        public Fabric(ulong rcac, ulong fabricId, byte[] ipk) : base()
+        public Fabric(string fabricName, ulong fabricId, byte[] ipk) : base()
         {
             if (fabricId == 0)
                 throw new ArgumentException("Invalid Fabric ID");
             if (ipk.Length != 16)
                 throw new ArgumentException("Epoch Key must be 16 bytes");
-            this.RCAC = rcac;
+            this.RCAC = (ulong)Random.Shared.NextInt64();
             this.FabricID = fabricId;
+            this.CommonName = fabricName;
             EpochKey = ipk;
             X500DistinguishedNameBuilder builder = new X500DistinguishedNameBuilder();
             builder.Add(OID_RCAC, $"{RCAC:X16}", UniversalTagNumber.UTF8String);
@@ -45,17 +46,17 @@ public Fabric(ulong rcac, ulong fabricId, byte[] ipk) : base()
             req.CertificateExtensions.Add(subjectKeyIdentifier);
             req.CertificateExtensions.Add(X509AuthorityKeyIdentifierExtension.CreateFromSubjectKeyIdentifier(subjectKeyIdentifier));
             this.cert = req.CreateSelfSigned(DateTime.Now.Subtract(TimeSpan.FromSeconds(30)), DateTime.Now.AddYears(10));
-            byte[] fabricIDBytes = new byte[8];
-            BinaryPrimitives.WriteUInt64BigEndian(fabricIDBytes, FabricID);
-            CompressedFabricID = Crypto.KDF(PublicKey.AsSpan(1), fabricIDBytes, COMPRESSED_FABRIC_INFO, 64);
-            OperationalIdentityProtectionKey = Crypto.KDF(EpochKey, CompressedFabricID, Encoding.ASCII.GetBytes("GroupKey v1.0"), Crypto.SYMMETRIC_KEY_LENGTH_BITS);
+            GenerateIDs();
         }
 
-        protected Fabric(X509Certificate2 cert, byte[] ipk)
+        protected Fabric(X509Certificate2 cert, byte[] ipk) : base(cert)
         {
-            this.cert = cert;
             EpochKey = ipk;
-            ParseCert();
+            GenerateIDs();
+        }
+
+        private void GenerateIDs()
+        {
             byte[] fabricIDBytes = new byte[8];
             BinaryPrimitives.WriteUInt64BigEndian(fabricIDBytes, FabricID);
             CompressedFabricID = Crypto.KDF(PublicKey.AsSpan(1), fabricIDBytes, COMPRESSED_FABRIC_INFO, 64);
@@ -179,9 +180,9 @@ public byte[] ComputeDestinationID(byte[] random, ulong nodeId)
             return Crypto.HMAC(OperationalIdentityProtectionKey, message);
         }
 
-        public byte[] CompressedFabricID { get; init; }
+        public byte[] CompressedFabricID { get; set; }
         public OperationalCertificate? Commissioner { get; private set; }
-        public byte[] OperationalIdentityProtectionKey { get; init; }
+        public byte[] OperationalIdentityProtectionKey { get; set; }
         public byte[] EpochKey { get; init; }
     }
 }

MatterDotNet/PKI/OperationalCertificate.cs

@@ -12,6 +12,7 @@
 
 using MatterDotNet.Messages.Certificates;
 using MatterDotNet.Protocol.Payloads;
+using MatterDotNet.Util;
 using System.Formats.Asn1;
 using System.Globalization;
 using System.Numerics;
@@ -275,8 +276,8 @@ public MatterCertificate ToMatterCertificate()
                 SigAlgo = 0x1,
                 EcPubKey = cert.GetPublicKey(),
                 SerialNum = cert.SerialNumberBytes.ToArray(),
-                NotBefore = (uint)((DateTimeOffset)cert.NotBefore - EPOCH).ToUnixTimeSeconds(),
-                NotAfter = (uint)((DateTimeOffset)cert.NotAfter - EPOCH).ToUnixTimeSeconds(),
+                NotBefore = TimeUtil.ToEpochSeconds(cert.NotBefore),
+                NotAfter = TimeUtil.ToEpochSeconds(cert.NotAfter),
                 Signature = GetSignature(),
                 Extensions = extensions,
                 Issuer = GetDNs(cert.IssuerName),
@@ -325,7 +326,7 @@ public bool VerifyData(byte[] message, byte[] signature)
 
         public string IssuerName { get; private set; } = string.Empty;
 
-        public string CommonName { get; private set; } = string.Empty;
+        public string CommonName { get; protected set; } = string.Empty;
 
         public ulong NodeID { get; private set; }
 

MatterDotNet/Protocol/Connection/MRPConnection.cs

@@ -39,7 +39,7 @@ internal class MRPConnection : IConnection
 
         public MRPConnection(IPEndPoint ep)
         {
-            client = new UdpClient(AddressFamily.InterNetwork);
+            client = new UdpClient(ep.AddressFamily);
             client.Connect(ep);
             Task.Factory.StartNew(Run);
         }

MatterDotNet/Protocol/Sessions/SessionManager.cs

@@ -33,6 +33,8 @@ public static SessionContext GetUnsecureSession(IPEndPoint ep, bool initiator)
 
         internal static SessionContext GetUnsecureSession(IConnection connection, bool initiator)
         {
+            if (sessions.TryGetValue(0, out SessionContext? existing))
+                return existing;
             SessionContext ctx = new SessionContext(connection, initiator, 0, 0, 0, 0, new MessageState());
             sessions.TryAdd(0, ctx);
             return ctx;

Test/MatterCertTests.cs

@@ -72,12 +72,13 @@ public void NOCEncoding()
             tlv.Serialize(new TLVWriter(output));
             Assert.That(nocTLV, Is.EqualTo(output.GetPayload().Span.ToArray()).AsCollection);
             Assert.That(cert.PublicKey, Is.EqualTo(tlv.EcPubKey));
+            Assert.That(control.NotBefore, Is.EqualTo(tlv.NotBefore));
         }
 
         [Test]
         public void NOCSigning()
         {
-            Fabric fabric = new Fabric((ulong)Random.Shared.NextInt64(), 0x1, RandomNumberGenerator.GetBytes(16));
+            Fabric fabric = new Fabric("Test Fabric", 0x1, RandomNumberGenerator.GetBytes(16));
             ECDsa key = ECDsa.Create();
             CertificateRequest req = new CertificateRequest("CN=Test", key, HashAlgorithmName.SHA256);
             OperationalCertificate noc = fabric.Sign(req);