project-chip · hnnajh · Nov 10, 2023 · Nov 10, 2023 · Nov 29, 2023 · Nov 29, 2023
diff --git a/src/transport/SecureMessageCodec.cpp b/src/transport/SecureMessageCodec.cpp
@@ -37,11 +37,11 @@ using System::PacketBufferHandle;
 namespace SecureMessageCodec {
 
 CHIP_ERROR Encrypt(const CryptoContext & context, CryptoContext::ConstNonceView nonce, PayloadHeader & payloadHeader,
-                   PacketHeader & packetHeader, System::PacketBufferHandle & msgBuf)
+                   PacketHeader & packetHeader, System::PacketBufferHandle & msgBuf, size_t inputMaxLength)
 {
     VerifyOrReturnError(!msgBuf.IsNull(), CHIP_ERROR_INVALID_ARGUMENT);
     VerifyOrReturnError(!msgBuf->HasChainedBuffer(), CHIP_ERROR_INVALID_MESSAGE_LENGTH);
-    VerifyOrReturnError(msgBuf->TotalLength() <= kMaxAppMessageLen, CHIP_ERROR_MESSAGE_TOO_LONG);
+    VerifyOrReturnError(msgBuf->TotalLength() <= inputMaxLength, CHIP_ERROR_MESSAGE_TOO_LONG);
 
     static_assert(std::is_same<decltype(msgBuf->TotalLength()), uint16_t>::value,
                   "Addition to generate payloadLength might overflow");

diff --git a/src/transport/SecureMessageCodec.h b/src/transport/SecureMessageCodec.h
@@ -47,10 +47,11 @@ namespace SecureMessageCodec {
  * @param msgBuf        The message buffer that contains the unencrypted message. If
  *                      the operation is successful, this buffer will be mutated to contain
  *                      the encrypted message.
+ * @param inputMaxLength Max size for input
  * @return A CHIP_ERROR value consistent with the result of the encryption operation
  */
 CHIP_ERROR Encrypt(const CryptoContext & context, CryptoContext::ConstNonceView nonce, PayloadHeader & payloadHeader,
-                   PacketHeader & packetHeader, System::PacketBufferHandle & msgBuf);
+                   PacketHeader & packetHeader, System::PacketBufferHandle & msgBuf, size_t inputMaxLength = kMaxAppMessageLen);
 
 /**
  * @brief

diff --git a/src/transport/SessionManager.cpp b/src/transport/SessionManager.cpp
@@ -201,7 +201,18 @@ CHIP_ERROR SessionManager::PrepareMessage(const SessionHandle & sessionHandle, P
         packetHeader.SetSessionId(keyContext->GetKeyHash());
         CryptoContext::NonceStorage nonce;
         CryptoContext::BuildNonce(nonce, packetHeader.GetSecurityFlags(), packetHeader.GetMessageCounter(), sourceNodeId);
-        CHIP_ERROR err = SecureMessageCodec::Encrypt(CryptoContext(keyContext), nonce, payloadHeader, packetHeader, message);
+        CHIP_ERROR err = CHIP_NO_ERROR;
+        SecureSession * session = sessionHandle->AsSecureSession();
+        if (session == nullptr)
+        {
+            return CHIP_ERROR_NOT_CONNECTED;
+        }
+        if (session->GetPeerAddress().GetTransportType() == Transport::Type::kTcp) {
+            // support large payloads
+            err = SecureMessageCodec::Encrypt(CryptoContext(keyContext), nonce, payloadHeader, packetHeader, message, kLargePayloadMaxSizeBytes);
+        } else {
+            err = SecureMessageCodec::Encrypt(CryptoContext(keyContext), nonce, payloadHeader, packetHeader, message, kMaxAppMessageLen);
+        }
         keyContext->Release();
         ReturnErrorOnFailure(err);
 

diff --git a/src/transport/raw/MessageHeader.h b/src/transport/raw/MessageHeader.h
@@ -71,6 +71,8 @@ static_assert(detail::kMaxApplicationPayloadAndMICSizeBytes > kMaxTagLen, "Need
 // tag we will not have source/destination node IDs, but above we are including
 // those in the header sizes.
 static constexpr size_t kMaxAppMessageLen = detail::kMaxApplicationPayloadAndMICSizeBytes - kMaxTagLen;
+// large payload limit
+static constexpr size_t kLargePayloadMaxSizeBytes   = 128000;
 
 static constexpr uint16_t kMsgUnicastSessionIdUnsecured = 0x0000;