class Matter::Session::Case::CaseResponder

• Matter::Session::Case::CaseResponder
• Reference
• Object

Overview

CASE session establishment (responder side - device)

Defined in:

matter/session/case/case.cr

Constant Summary

KDFSR2_INFO = "Sigma2".to_slice

Matter spec key derivation info strings

KDFSR3_INFO = "Sigma3".to_slice

Log = ::Log.for("matter.session.case.responder")

SESSION_KEYS_INFO = "SessionKeys".to_slice

TBE_DATA2_NONCE = "NCASE_Sigma2N".to_slice

TBE_DATA3_NONCE = "NCASE_Sigma3N".to_slice

Constructors

• .new(cert_chain : CertificateChain, operational_key : Crypto::Key, fabric_id : UInt64, node_id : UInt64, ipk : Bytes, crypto : Crypto::CryptoBase = Crypto::StandardCrypto.new)

Instance Method Summary

• #cert_chain : CertificateChain
• #cert_chain=(cert_chain : CertificateChain)
• #crypto : Crypto::CryptoBase
• #crypto=(crypto : Crypto::CryptoBase)
• #derive_session_keys(sigma3_bytes : Bytes) : NamedTuple(encryption: Bytes, decryption: Bytes, attestation_challenge: Bytes)

  Derive session keys after successful CASE sigma3_bytes: Raw TLV bytes of Sigma3 message

• #ephemeral_key : Crypto::Key | Nil
• #ephemeral_key=(ephemeral_key : Crypto::Key | Nil)
• #extract_node_id_from_tlv_cert(cert_tlv : Bytes) : UInt64 | Nil

  Extract node ID from Matter TLV certificate Matter TLV certificate structure: - Tag 6: Subject (contains node_id and fabric_id) - Tag 17 (0x11): Node ID - Tag 18 (0x12): Fabric ID

• #fabric_id : UInt64
• #fabric_id=(fabric_id : UInt64)
• #ipk : Bytes
• #ipk=(ipk : Bytes)
• #node_id : UInt64
• #node_id=(node_id : UInt64)
• #operational_key : Crypto::Key
• #operational_key=(operational_key : Crypto::Key)
• #our_ephemeral_public : Bytes | Nil
• #our_ephemeral_public=(our_ephemeral_public : Bytes | Nil)
• #our_random : Bytes | Nil
• #our_random=(our_random : Bytes | Nil)
• #peer_cert : Bytes | Nil
• #peer_cert=(peer_cert : Bytes | Nil)
• #peer_ephemeral_key : Bytes | Nil
• #peer_ephemeral_key=(peer_ephemeral_key : Bytes | Nil)
• #peer_node_id : UInt64 | Nil

  Peer's node ID extracted from their NOC certificate in Sigma3 This is critical for nonce construction in encrypted messages

• #peer_node_id=(peer_node_id : UInt64 | Nil)

  Peer's node ID extracted from their NOC certificate in Sigma3 This is critical for nonce construction in encrypted messages

• #process_sigma1(peer_ephemeral_public_key : Bytes, peer_random : Bytes, peer_session_id : UInt16, sigma1_bytes : Bytes) : NamedTuple(ephemeral_public_key: Bytes, random: Bytes, encrypted_cert: Bytes, session_id: UInt16, sigma2_bytes: Bytes)

  Step 1: Process Sigma1 and generate Sigma2 response sigma1_bytes: Raw TLV bytes of Sigma1 message (needed for key derivation)

• #process_sigma3(encrypted_cert : Bytes, sigma3_bytes : Bytes) : Bool

  Step 2: Process Sigma3 and verify sigma3_bytes: Raw TLV bytes of Sigma3 message (needed for session key derivation)

• #shared_secret : Bytes | Nil
• #shared_secret=(shared_secret : Bytes | Nil)
• #sigma1_bytes : Bytes | Nil
• #sigma1_bytes=(sigma1_bytes : Bytes | Nil)
• #sigma2_bytes : Bytes | Nil
• #sigma2_bytes=(sigma2_bytes : Bytes | Nil)
• #transcript_hash : OpenSSL::Digest | Nil

  Progressive hashing context - matches chip-tool's mCommissioningHash Used to accumulate message bytes: Sigma1, then Sigma2, then Sigma3

• #transcript_hash=(transcript_hash : OpenSSL::Digest | Nil)

  Progressive hashing context - matches chip-tool's mCommissioningHash Used to accumulate message bytes: Sigma1, then Sigma2, then Sigma3

• #validate_certificate_chain(trusted_roots : Array(Bytes | OpenSSL::X509::Certificate), intermediate_certs : Array(Bytes | OpenSSL::X509::Certificate) | Nil = nil) : Bool

  Validate peer certificate chain against trusted roots

Constructor Detail

Instance Method Detail