diff --git a/src/app/icd/server/ICDMonitoringTable.cpp b/src/app/icd/server/ICDMonitoringTable.cpp index 280984f296227d..d61779bb0c6b0d 100644 --- a/src/app/icd/server/ICDMonitoringTable.cpp +++ b/src/app/icd/server/ICDMonitoringTable.cpp @@ -140,7 +140,6 @@ CHIP_ERROR ICDMonitoringEntry::SetKey(ByteSpan keyData) Crypto::Symmetric128BitsKeyByteArray keyMaterial; memcpy(keyMaterial, keyData.data(), sizeof(Crypto::Symmetric128BitsKeyByteArray)); - // TODO - Add function to set PSA key lifetime ReturnErrorOnFailure(symmetricKeystore->CreateKey(keyMaterial, aesKeyHandle)); CHIP_ERROR error = symmetricKeystore->CreateKey(keyMaterial, hmacKeyHandle); @@ -269,16 +268,26 @@ CHIP_ERROR ICDMonitoringTable::Set(uint16_t index, const ICDMonitoringEntry & en VerifyOrReturnError(entry.keyHandleValid, CHIP_ERROR_INVALID_ARGUMENT); ICDMonitoringEntry e(this->mFabric, index); - e.checkInNodeID = entry.checkInNodeID; - e.monitoredSubject = entry.monitoredSubject; - e.clientType = entry.clientType; - e.index = index; + e.checkInNodeID = entry.checkInNodeID; + e.monitoredSubject = entry.monitoredSubject; + e.clientType = entry.clientType; + e.index = index; + e.symmetricKeystore = entry.symmetricKeystore; memcpy(e.aesKeyHandle.AsMutable(), entry.aesKeyHandle.As(), sizeof(Crypto::Symmetric128BitsKeyByteArray)); memcpy(e.hmacKeyHandle.AsMutable(), entry.hmacKeyHandle.As(), sizeof(Crypto::Symmetric128BitsKeyByteArray)); + ReturnErrorOnFailure(e.symmetricKeystore->PersistICDKey(e.aesKeyHandle)); + CHIP_ERROR error = e.symmetricKeystore->PersistICDKey(e.hmacKeyHandle); + if (error != CHIP_NO_ERROR) + { + // If setting the persistence of the HmacKeyHandle failed, we need to delete the AesKeyHandle to avoid a key leak + e.symmetricKeystore->DestroyKey(e.aesKeyHandle); + return error; + } + return e.Save(this->mStorage); }