Secure message framing for established Matter sessions.
Pure functional module — caller threads session state through. Wraps the message codec, AES-CCM encryption, counter management, and replay protection into two operations:
Summary
Functions
Decrypt and verify an incoming encrypted frame.
Encrypt and frame an outgoing message.
Encrypt and frame an outgoing message, returning the assigned message counter.
Functions
@spec open(MatterEx.Session.t(), binary()) :: {:ok, MatterEx.Protocol.MessageCodec.message(), MatterEx.Session.t()} | {:error, atom()}
Decrypt and verify an incoming encrypted frame.
Parses the plaintext header, verifies the session ID matches, decrypts the payload, and checks the message counter for replay.
Returns {:ok, message, updated_session} or {:error, reason}.
@spec seal(MatterEx.Session.t(), MatterEx.Protocol.MessageCodec.ProtoHeader.t()) :: {binary(), MatterEx.Session.t()}
Encrypt and frame an outgoing message.
Builds a message header with the session's local session ID, increments the message counter, constructs the nonce, and encrypts the protocol header + payload with AES-128-CCM.
Returns {frame_binary, updated_session}.
@spec seal_with_counter( MatterEx.Session.t(), MatterEx.Protocol.MessageCodec.ProtoHeader.t() ) :: {binary(), MatterEx.Session.t(), non_neg_integer()}
Encrypt and frame an outgoing message, returning the assigned message counter.