project-chip
diff --git a/‎rs-matter/src/dm/clusters/noc.rs‎
Lines changed: 5 additions & 1 deletion b/‎rs-matter/src/dm/clusters/noc.rs‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎rs-matter/src/fabric.rs‎
Lines changed: 4 additions & 4 deletions b/‎rs-matter/src/fabric.rs‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎rs-matter/src/failsafe.rs‎
Lines changed: 2 additions & 1 deletion b/‎rs-matter/src/failsafe.rs‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎rs-matter/src/group_keys.rs‎
Lines changed: 17 additions & 8 deletions b/‎rs-matter/src/group_keys.rs‎
Lines changed: 17 additions & 8 deletions
diff --git a/‎rs-matter/src/sc.rs‎
Lines changed: 1 addition & 1 deletion b/‎rs-matter/src/sc.rs‎
Lines changed: 1 addition & 1 deletion
@@ -431,7 +431,11 @@ impl ClusterHandler for NocHandler {
                 request.admin_vendor_id()?,
                 icac,
                 request.noc_value()?.0,
-                request.ipk_value()?.0,
+                request
+                    .ipk_value()?
+                    .0
+                    .try_into()
+                    .map_err(|_| ErrorCode::ConstraintError)?,
                 request.case_admin_subject()?,
                 buf,
                 &mut || ctx.exchange().matter().notify_mdns(),
 
@@ -26,7 +26,7 @@ use crate::cert::{CertRef, MAX_CERT_TLV_LEN};
 use crate::crypto::{self, hkdf_sha256, HmacSha256, KeyPair};
 use crate::dm::Privilege;
 use crate::error::{Error, ErrorCode};
-use crate::group_keys::KeySet;
+use crate::group_keys::{KeySet, KeySetKey};
 use crate::tlv::{FromTLV, TLVElement, TLVTag, TLVWrite, TagType, ToTLV};
 use crate::utils::init::{init, Init, InitMaybeUninit, IntoFallibleInit};
 use crate::utils::storage::{Vec, WriteBuf};
@@ -107,7 +107,7 @@ impl Fabric {
         root_ca: &[u8],
         noc: &[u8],
         icac: &[u8],
-        ipk: Option<&[u8]>,
+        ipk: Option<&KeySetKey>,
         vendor_id: Option<u16>,
         case_admin_subject: Option<u64>,
         mdns_notif: &mut dyn FnMut(),
@@ -137,7 +137,7 @@ impl Fabric {
             Self::compute_compressed_fabric_id(root_ca_p.pubkey()?, self.fabric_id);
 
         if let Some(ipk) = ipk {
-            self.ipk = KeySet::new(ipk, &self.compressed_fabric_id.to_be_bytes())?;
+            self.ipk = KeySet::new(ipk, &self.compressed_fabric_id)?;
         }
 
         if let Some(case_admin_subject) = case_admin_subject {
@@ -578,7 +578,7 @@ impl FabricMgr {
         root_ca: &[u8],
         noc: &[u8],
         icac: &[u8],
-        ipk: &[u8],
+        ipk: &KeySetKey,
         vendor_id: u16,
         case_admin_subject: u64,
         mdns_notif: &mut dyn FnMut(),
 
@@ -22,6 +22,7 @@ use crate::cert::{CertRef, MAX_CERT_TLV_LEN};
 use crate::crypto::KeyPair;
 use crate::error::{Error, ErrorCode};
 use crate::fabric::FabricMgr;
+use crate::group_keys::KeySetKey;
 use crate::im::IMStatusCode;
 use crate::tlv::TLVElement;
 use crate::transport::session::SessionMode;
@@ -279,7 +280,7 @@ impl FailSafe {
         vendor_id: u16,
         icac: Option<&[u8]>,
         noc: &[u8],
-        ipk: &[u8],
+        ipk: &KeySetKey,
         case_admin_subject: u64,
         buf: &mut [u8],
         mdns_notif: &mut dyn FnMut(),
 
@@ -22,7 +22,7 @@ use crate::{
     utils::init::{init, zeroed, Init},
 };
 
-type KeySetKey = [u8; SYMM_KEY_LEN_BYTES];
+pub type KeySetKey = [u8; SYMM_KEY_LEN_BYTES];
 
 #[derive(Debug, Default, FromTLV, ToTLV)]
 #[cfg_attr(feature = "defmt", derive(defmt::Format))]
@@ -46,27 +46,36 @@ impl KeySet {
         })
     }
 
-    pub fn new(epoch_key: &[u8], compressed_id: &[u8]) -> Result<Self, Error> {
+    pub fn new(epoch_key: &KeySetKey, compressed_fabric_id: &u64) -> Result<Self, Error> {
         let mut ks = KeySet::default();
-        KeySet::op_key_from_ipk(epoch_key, compressed_id, &mut ks.op_key)?;
+        Self::op_key_from_ipk(epoch_key, compressed_fabric_id, &mut ks.op_key)?;
         ks.epoch_key.copy_from_slice(epoch_key);
         Ok(ks)
     }
 
-    fn op_key_from_ipk(ipk: &[u8], compressed_id: &[u8], opkey: &mut [u8]) -> Result<(), Error> {
+    fn op_key_from_ipk(
+        ipk: &KeySetKey,
+        compressed_fabric_id: &u64,
+        opkey: &mut KeySetKey,
+    ) -> Result<(), Error> {
         const GRP_KEY_INFO: [u8; 13] = [
             0x47, 0x72, 0x6f, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x20, 0x76, 0x31, 0x2e, 0x30,
         ];
 
-        crypto::hkdf_sha256(compressed_id, ipk, &GRP_KEY_INFO, opkey)
-            .map_err(|_| ErrorCode::InvalidData.into())
+        crypto::hkdf_sha256(
+            &compressed_fabric_id.to_be_bytes(),
+            ipk,
+            &GRP_KEY_INFO,
+            opkey,
+        )
+        .map_err(|_| ErrorCode::InvalidData.into())
     }
 
-    pub fn op_key(&self) -> &[u8] {
+    pub fn op_key(&self) -> &KeySetKey {
         &self.op_key
     }
 
-    pub fn epoch_key(&self) -> &[u8] {
+    pub fn epoch_key(&self) -> &KeySetKey {
         &self.epoch_key
     }
 }
@@ -36,7 +36,7 @@ pub mod case;
 pub mod crypto;
 pub mod pake;
 
-/* Interaction Model ID as per the Matter Spec */
+/// Interaction Model ID as per the Matter Spec
 pub const PROTO_ID_SECURE_CHANNEL: u16 = 0x00;
 
 #[derive(FromPrimitive, Debug, Copy, Clone, Eq, PartialEq)]