Expire associated secure sessions when a fabric is deleted (#9571)

* Expire associated secure sessions when a fabric is deleted

* regen zap files

* another zap regen

* address review comments

* address review comments

* updates

* update CASESession error handling

* fix build error

src/app/clusters/operational-credentials-server/operational-credentials-server.cpp

@@ -238,18 +238,58 @@ void emberAfPluginOperationalCredentialsServerInitCallback(void)
     writeFabricsIntoFabricsListAttribute();
 }
 
+namespace {
+class FabricCleanupExchangeDelegate : public Messaging::ExchangeDelegate
+{
+public:
+    CHIP_ERROR OnMessageReceived(Messaging::ExchangeContext * ec, const PayloadHeader & payloadHeader,
+                                 System::PacketBufferHandle && payload) override
+    {
+        return CHIP_NO_ERROR;
+    }
+    void OnResponseTimeout(Messaging::ExchangeContext * ec) override {}
+    void OnExchangeClosing(Messaging::ExchangeContext * ec) override
+    {
+        FabricIndex currentFabricIndex = ec->GetSecureSession().GetFabricIndex();
+        ec->GetExchangeMgr()->GetSessionMgr()->ExpireAllPairingsForFabric(currentFabricIndex);
+    }
+};
+
+FabricCleanupExchangeDelegate gFabricCleanupExchangeDelegate;
+
+} // namespace
+
 bool emberAfOperationalCredentialsClusterRemoveFabricCallback(EndpointId endpoint, app::CommandHandler * commandObj,
-                                                              FabricIndex fabricIndex)
+                                                              FabricIndex fabricBeingRemoved)
 {
     emberAfPrintln(EMBER_AF_PRINT_DEBUG, "OpCreds: RemoveFabric"); // TODO: Generate emberAfFabricClusterPrintln
 
     EmberAfStatus status = EMBER_ZCL_STATUS_SUCCESS;
-    CHIP_ERROR err       = Server::GetInstance().GetFabricTable().Delete(fabricIndex);
+    CHIP_ERROR err       = Server::GetInstance().GetFabricTable().Delete(fabricBeingRemoved);
     VerifyOrExit(err == CHIP_NO_ERROR, status = EMBER_ZCL_STATUS_FAILURE);
 
 exit:
     writeFabricsIntoFabricsListAttribute();
     emberAfSendImmediateDefaultResponse(status);
+    if (err == CHIP_NO_ERROR)
+    {
+        Messaging::ExchangeContext * ec = commandObj->GetExchangeContext();
+        FabricIndex currentFabricIndex  = ec->GetSecureSession().GetFabricIndex();
+        if (currentFabricIndex == fabricBeingRemoved)
+        {
+            // If the current fabric is being removed, expiring all the secure sessions causes crashes as
+            // the message sent by emberAfSendImmediateDefaultResponse() is still in the queue. Also, RMP
+            // retries to send the message and runs into issues.
+            // We are hijacking the exchange delegate here (as no more messages should be received on this exchange),
+            // and wait for it to close, before expiring the secure sessions for the fabric.
+            // TODO: https://github.com/project-chip/connectedhomeip/issues/9642
+            ec->SetDelegate(&gFabricCleanupExchangeDelegate);
+        }
+        else
+        {
+            ec->GetExchangeMgr()->GetSessionMgr()->ExpireAllPairingsForFabric(fabricBeingRemoved);
+        }
+    }
     return true;
 }
 

src/app/tests/suites/OperationalCredentialsCluster.yaml

@@ -34,3 +34,15 @@ tests:
           constraints:
               type: uint8
               minValue: 1
+
+    # This test is currently disabled as it breaks on Darwin.
+    # The test removes the current fabric, and Darwin test runner reuses
+    # the same pairing to run all the tests. Due to that, all subsequent
+    # tests fail.
+    - label: "Remove fabric"
+      disabled: true
+      command: "RemoveFabric"
+      arguments:
+          values:
+              - name: "FabricIndex"
+                value: 1

src/messaging/ExchangeContext.h

@@ -165,6 +165,7 @@ class DLL_EXPORT ExchangeContext : public ReliableMessageContext, public Referen
     }
 
     SessionHandle GetSecureSession() { return mSecureSession.Value(); }
+    bool HasSecureSession() const { return mSecureSession.HasValue(); }
 
     uint16_t GetExchangeId() const { return mExchangeId; }
 

src/messaging/ReliableMessageMgr.cpp

@@ -357,7 +357,7 @@ CHIP_ERROR ReliableMessageMgr::SendFromRetransTable(RetransTableEntry * entry)
     }
 
     const ExchangeMessageDispatch * dispatcher = rc->GetExchangeContext()->GetMessageDispatch();
-    if (dispatcher == nullptr)
+    if (dispatcher == nullptr || !rc->GetExchangeContext()->HasSecureSession())
     {
         // Using same error message for all errors to reduce code size.
         ChipLogError(ExchangeManager, "Crit-err %" CHIP_ERROR_FORMAT " when sending CHIP MsgId:%08" PRIX32 ", send tries: %d",

src/protocols/secure_channel/CASESession.cpp

@@ -1035,8 +1035,10 @@ void CASESession::SendErrorMsg(SigmaErrorType errorCode)
 
     msg->SetDataLength(msglen);
 
-    VerifyOrReturn(mExchangeCtxt->SendMessage(Protocols::SecureChannel::MsgType::CASE_SigmaErr, std::move(msg)) != CHIP_NO_ERROR,
-                   ChipLogError(SecureChannel, "Failed to send error message"));
+    if (mExchangeCtxt->SendMessage(Protocols::SecureChannel::MsgType::CASE_SigmaErr, std::move(msg)) != CHIP_NO_ERROR)
+    {
+        ChipLogError(SecureChannel, "Failed to send error message");
+    }
 }
 
 CHIP_ERROR CASESession::ConstructSaltSigmaR2(const ByteSpan & rand, const Crypto::P256PublicKey & pubkey, const ByteSpan & ipk,

src/transport/PeerConnections.h

@@ -316,6 +316,30 @@ class PeerConnections
         return state;
     }
 
+    /**
+     * Get the first peer connection state that matches the given fabric index.
+     *
+     * @param fabric The fabric index to match
+     *
+     * @return the state found, nullptr if not found
+     */
+    CHECK_RETURN_VALUE
+    PeerConnectionState * FindPeerConnectionStateByFabric(FabricIndex fabric)
+    {
+        for (auto & state : mStates)
+        {
+            if (!state.IsInitialized())
+            {
+                continue;
+            }
+            if (state.GetFabricIndex() == fabric)
+            {
+                return &state;
+            }
+        }
+        return nullptr;
+    }
+
     /// Convenience method to mark a peer connection state as active
     void MarkConnectionActive(PeerConnectionState * state)
     {

src/transport/SecureSessionMgr.cpp

@@ -207,6 +207,18 @@ void SecureSessionMgr::ExpireAllPairings(NodeId peerNodeId, FabricIndex fabric)
     }
 }
 
+void SecureSessionMgr::ExpireAllPairingsForFabric(FabricIndex fabric)
+{
+    ChipLogDetail(Inet, "Expiring all connections for fabric %d!!", fabric);
+    PeerConnectionState * state = mPeerConnections.FindPeerConnectionStateByFabric(fabric);
+    while (state != nullptr)
+    {
+        mPeerConnections.MarkConnectionExpired(
+            state, [this](const Transport::PeerConnectionState & state1) { HandleConnectionExpired(state1); });
+        state = mPeerConnections.FindPeerConnectionStateByFabric(fabric);
+    }
+}
+
 CHIP_ERROR SecureSessionMgr::NewPairing(const Optional<Transport::PeerAddress> & peerAddr, NodeId peerNodeId,
                                         PairingSession * pairing, SecureSession::SessionRole direction, FabricIndex fabric)
 {

src/transport/SecureSessionMgr.h

@@ -225,6 +225,7 @@ class DLL_EXPORT SecureSessionMgr : public TransportMgrDelegate
 
     void ExpirePairing(SessionHandle session);
     void ExpireAllPairings(NodeId peerNodeId, FabricIndex fabric);
+    void ExpireAllPairingsForFabric(FabricIndex fabric);
 
     /**
      * @brief