From 1310810317f38c9ddc564119e5e69613fac7a782 Mon Sep 17 00:00:00 2001
From: hnnajh <hnnajh@amazon.com>
Date: Tue, 28 Nov 2023 17:16:29 -0800
Subject: [PATCH] Fix the size limits to be per session instead of one for all
 sessions

---
 src/transport/SecureMessageCodec.cpp |  4 ++--
 src/transport/SecureMessageCodec.h   |  3 ++-
 src/transport/SessionManager.cpp     | 13 +++++++++++-
 src/transport/raw/MessageHeader.h    | 31 ++++++++++------------------
 4 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/src/transport/SecureMessageCodec.cpp b/src/transport/SecureMessageCodec.cpp
index 9c08d535ff57a3..ecf965e063f4db 100644
--- a/src/transport/SecureMessageCodec.cpp
+++ b/src/transport/SecureMessageCodec.cpp
@@ -37,11 +37,11 @@ using System::PacketBufferHandle;
 namespace SecureMessageCodec {
 
 CHIP_ERROR Encrypt(const CryptoContext & context, CryptoContext::ConstNonceView nonce, PayloadHeader & payloadHeader,
-                   PacketHeader & packetHeader, System::PacketBufferHandle & msgBuf)
+                   PacketHeader & packetHeader, System::PacketBufferHandle & msgBuf, size_t inputMaxLength)
 {
     VerifyOrReturnError(!msgBuf.IsNull(), CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(!msgBuf->HasChainedBuffer(), CHIP_ERROR_INVALID_MESSAGE_LENGTH);
-    VerifyOrReturnError(msgBuf->TotalLength() <= kMaxAppMessageLen, CHIP_ERROR_MESSAGE_TOO_LONG);
+    VerifyOrReturnError(msgBuf->TotalLength() <= inputMaxLength, CHIP_ERROR_MESSAGE_TOO_LONG);
 
     static_assert(std::is_same<decltype(msgBuf->TotalLength()), uint16_t>::value,
                   "Addition to generate payloadLength might overflow");
diff --git a/src/transport/SecureMessageCodec.h b/src/transport/SecureMessageCodec.h
index f074e792b59d21..6b82d52d0f3d5b 100644
--- a/src/transport/SecureMessageCodec.h
+++ b/src/transport/SecureMessageCodec.h
@@ -47,10 +47,11 @@ namespace SecureMessageCodec {
  * @param msgBuf        The message buffer that contains the unencrypted message. If
  *                      the operation is successful, this buffer will be mutated to contain
  *                      the encrypted message.
+ * @param inputMaxLength Max size for input
  * @return A CHIP_ERROR value consistent with the result of the encryption operation
  */
 CHIP_ERROR Encrypt(const CryptoContext & context, CryptoContext::ConstNonceView nonce, PayloadHeader & payloadHeader,
-                   PacketHeader & packetHeader, System::PacketBufferHandle & msgBuf);
+                   PacketHeader & packetHeader, System::PacketBufferHandle & msgBuf, size_t inputMaxLength);
 
 /**
  * @brief
diff --git a/src/transport/SessionManager.cpp b/src/transport/SessionManager.cpp
index 085fda948629c7..288d42e167f2f8 100644
--- a/src/transport/SessionManager.cpp
+++ b/src/transport/SessionManager.cpp
@@ -201,7 +201,18 @@ CHIP_ERROR SessionManager::PrepareMessage(const SessionHandle & sessionHandle, P
         packetHeader.SetSessionId(keyContext->GetKeyHash());
         CryptoContext::NonceStorage nonce;
         CryptoContext::BuildNonce(nonce, packetHeader.GetSecurityFlags(), packetHeader.GetMessageCounter(), sourceNodeId);
-        CHIP_ERROR err = SecureMessageCodec::Encrypt(CryptoContext(keyContext), nonce, payloadHeader, packetHeader, message);
+        CHIP_ERROR err = CHIP_NO_ERROR;
+        SecureSession * session = sessionHandle->AsSecureSession();
+        if (session == nullptr)
+        {
+            return CHIP_ERROR_NOT_CONNECTED;
+        }
+        if (session->GetPeerAddress().GetTransportType() == Transport::Type::kTcp) {
+            // support large payloads
+            err = SecureMessageCodec::Encrypt(CryptoContext(keyContext), nonce, payloadHeader, packetHeader, message, kLargePayloadMaxSizeBytes);
+        } else {
+            err = SecureMessageCodec::Encrypt(CryptoContext(keyContext), nonce, payloadHeader, packetHeader, message, kMaxAppMessageLen);
+        }
         keyContext->Release();
         ReturnErrorOnFailure(err);
 
diff --git a/src/transport/raw/MessageHeader.h b/src/transport/raw/MessageHeader.h
index 267faa110cebb3..8b4165b6bc78ac 100644
--- a/src/transport/raw/MessageHeader.h
+++ b/src/transport/raw/MessageHeader.h
@@ -42,49 +42,40 @@
 
 namespace chip {
 
-static constexpr size_t kMaxTagLen = 16;
-
 namespace detail {
 // Figure out the max size of a packet we can allocate, including all headers.
-static constexpr size_t kMaxUdpIPPacketSizeBytes       = 1280;
-static constexpr size_t kMaxTcpIPPacketSizeBytes       = 12800;
+static constexpr size_t kMaxIPPacketSizeBytes       = 1280;
 static constexpr size_t kMaxUDPAndIPHeaderSizeBytes = 48;
 
-static_assert(kMaxUdpIPPacketSizeBytes >= kMaxUDPAndIPHeaderSizeBytes + CHIP_SYSTEM_HEADER_RESERVE_SIZE,
+static_assert(kMaxIPPacketSizeBytes >= kMaxUDPAndIPHeaderSizeBytes + CHIP_SYSTEM_HEADER_RESERVE_SIZE,
               "Matter headers and IP headers must fit in an MTU.");
 
 // Max space we have for our Application Payload and MIC, per spec.
 static constexpr size_t kMaxPerSpecApplicationPayloadAndMICSizeBytes =
-    kMaxUdpIPPacketSizeBytes - kMaxUDPAndIPHeaderSizeBytes - CHIP_SYSTEM_HEADER_RESERVE_SIZE;
+    kMaxIPPacketSizeBytes - kMaxUDPAndIPHeaderSizeBytes - CHIP_SYSTEM_HEADER_RESERVE_SIZE;
 
 // Max space we have for our Application Payload and MIC in our actual packet
 // buffers.  This is the size _excluding_ the header reserve.
 static constexpr size_t kMaxPacketBufferApplicationPayloadAndMICSizeBytes = System::PacketBuffer::kMaxSize;
 
-static constexpr size_t kMaxApplicationUdpPayloadAndMICSizeBytes =
+static constexpr size_t kMaxApplicationPayloadAndMICSizeBytes =
     min(kMaxPerSpecApplicationPayloadAndMICSizeBytes, kMaxPacketBufferApplicationPayloadAndMICSizeBytes);
 
-static constexpr size_t kMaxApplicationTcpPayloadAndMICSizeBytes =
-    kMaxTcpIPPacketSizeBytes - CHIP_SYSTEM_HEADER_RESERVE_SIZE;
+} // namespace detail
 
-static_assert(detail::kMaxApplicationUdpPayloadAndMICSizeBytes > kMaxTagLen, "Need to be able to fit our tag in a message");
-static_assert(detail::kMaxApplicationTcpPayloadAndMICSizeBytes > kMaxTagLen, "Need to be able to fit our tag in a message");
+static constexpr size_t kMaxTagLen = 16;
+
+static_assert(detail::kMaxApplicationPayloadAndMICSizeBytes > kMaxTagLen, "Need to be able to fit our tag in a message");
 
 // This is somewhat of an under-estimate, because in practice any time we have a
 // tag we will not have source/destination node IDs, but above we are including
 // those in the header sizes.
-static constexpr size_t kMaxUdpAppMessageLen = kMaxApplicationUdpPayloadAndMICSizeBytes - kMaxTagLen;
-static constexpr size_t kMaxTcpAppMessageLen = kMaxApplicationTcpPayloadAndMICSizeBytes - kMaxTagLen;
-} // namespace detail
+static constexpr size_t kMaxAppMessageLen = detail::kMaxApplicationPayloadAndMICSizeBytes - kMaxTagLen;
+// large payload limit
+static constexpr size_t kLargePayloadMaxSizeBytes   = 128000;
 
 static constexpr uint16_t kMsgUnicastSessionIdUnsecured = 0x0000;
 
-#if CHIP_CONFIG_TCP_SUPPORT_SERVER || CHIP_CONFIG_TCP_SUPPORT_CLIENT
-static constexpr size_t kMaxAppMessageLen = detail::kMaxTcpAppMessageLen;
-#else
-static constexpr size_t kMaxAppMessageLen = detail::kMaxUdpAppMessageLen;
-#endif
-
 typedef int PacketHeaderFlags;
 
 namespace Header {