diff --git a/components/openthread/CMakeLists.txt b/components/openthread/CMakeLists.txt index 50c3690438..f28dd01769 100644 --- a/components/openthread/CMakeLists.txt +++ b/components/openthread/CMakeLists.txt @@ -43,7 +43,11 @@ if(CONFIG_OPENTHREAD_ENABLED) set(exclude_srcs "openthread/examples/platforms/utils/logging_rtt.c" "openthread/examples/platforms/utils/soft_source_match_table.c" - "openthread/src/core/instance/extension_example.cpp") + "openthread/src/core/instance/extension_example.cpp" + "openthread/src/core/crypto/crypto_platform_mbedtls.cpp" + "openthread/src/core/api/random_crypto_api.cpp" + ) + if(CONFIG_OPENTHREAD_FTD OR CONFIG_OPENTHREAD_MTD) list(APPEND src_dirs diff --git a/components/openthread/openthread b/components/openthread/openthread index a12ff0d0f5..7d4fa4223f 160000 --- a/components/openthread/openthread +++ b/components/openthread/openthread @@ -1 +1 @@ -Subproject commit a12ff0d0f54fd41954b45047fcdd08f302731c5f +Subproject commit 7d4fa4223fbb19e610f054aabcf3ce87ae074ffe diff --git a/components/openthread/private_include/openthread-core-esp32x-ftd-config.h b/components/openthread/private_include/openthread-core-esp32x-ftd-config.h index 284c5493fe..0f776479ce 100644 --- a/components/openthread/private_include/openthread-core-esp32x-ftd-config.h +++ b/components/openthread/private_include/openthread-core-esp32x-ftd-config.h @@ -891,3 +891,7 @@ #ifndef OPENTHREAD_CONFIG_THREAD_VERSION #define OPENTHREAD_CONFIG_THREAD_VERSION OT_THREAD_VERSION_1_4 #endif + +#define OPENTHREAD_CONFIG_PLATFORM_MAC_KEYS_EXPORTABLE_ENABLE 1 + +#define OPENTHREAD_CONFIG_CRYPTO_LIB OPENTHREAD_CONFIG_CRYPTO_LIB_PSA diff --git a/components/openthread/private_include/openthread-core-esp32x-mtd-config.h b/components/openthread/private_include/openthread-core-esp32x-mtd-config.h index 045faff323..c278420b7f 100644 --- a/components/openthread/private_include/openthread-core-esp32x-mtd-config.h +++ b/components/openthread/private_include/openthread-core-esp32x-mtd-config.h @@ -493,3 +493,7 @@ #ifndef OPENTHREAD_CONFIG_PARENT_SEARCH_RSS_THRESHOLD #define OPENTHREAD_CONFIG_PARENT_SEARCH_RSS_THRESHOLD CONFIG_OPENTHREAD_PARENT_SEARCH_RSS_THRESHOLD #endif + +#define OPENTHREAD_CONFIG_PLATFORM_MAC_KEYS_EXPORTABLE_ENABLE 1 + +#define OPENTHREAD_CONFIG_CRYPTO_LIB OPENTHREAD_CONFIG_CRYPTO_LIB_PSA diff --git a/components/openthread/private_include/openthread-core-esp32x-radio-config.h b/components/openthread/private_include/openthread-core-esp32x-radio-config.h index 3df6677e2e..215d82f920 100644 --- a/components/openthread/private_include/openthread-core-esp32x-radio-config.h +++ b/components/openthread/private_include/openthread-core-esp32x-radio-config.h @@ -279,3 +279,6 @@ #ifndef OPENTHREAD_CONFIG_MAC_SOFTWARE_TX_TIMING_ENABLE #define OPENTHREAD_CONFIG_MAC_SOFTWARE_TX_TIMING_ENABLE 1 #endif + +#define OPENTHREAD_CONFIG_CRYPTO_LIB OPENTHREAD_CONFIG_CRYPTO_LIB_PSA +#define OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 0 diff --git a/components/openthread/sbom_openthread.yml b/components/openthread/sbom_openthread.yml index 8e476b6bfd..00a39997b1 100644 --- a/components/openthread/sbom_openthread.yml +++ b/components/openthread/sbom_openthread.yml @@ -5,4 +5,4 @@ supplier: 'Organization: Espressif Systems (Shanghai) CO LTD' originator: 'Organization: Google LLC' description: OpenThread released by Google is an open-source implementation of the Thread networking url: https://github.com/espressif/openthread -hash: a12ff0d0f54fd41954b45047fcdd08f302731c5f +hash: 7d4fa4223fbb19e610f054aabcf3ce87ae074ffe diff --git a/components/openthread/src/port/esp_openthread_radio.c b/components/openthread/src/port/esp_openthread_radio.c index c5d32fa09f..83e5c7aa64 100644 --- a/components/openthread/src/port/esp_openthread_radio.c +++ b/components/openthread/src/port/esp_openthread_radio.c @@ -31,6 +31,7 @@ #include "openthread/platform/time.h" #include "utils/link_metrics.h" #include "utils/mac_frame.h" +#include "psa/crypto.h" #if (CONFIG_ESP_COEX_SW_COEXIST_ENABLE || CONFIG_EXTERNAL_COEX_ENABLE) #include "esp_coex_i154.h" @@ -88,6 +89,17 @@ static uint32_t s_ack_frame_counter; static uint8_t s_ack_key_id; static uint8_t s_security_key[16]; static uint8_t s_security_addr[8]; + +static void ot_set_security_key_from_key_material(struct otMacKeyMaterial a_key_material) +{ +#if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE + size_t keyLength = 0; + psa_export_key(a_key_material.mKeyMaterial.mKeyRef, s_security_key, 16, &keyLength); +#else + memcpy(s_security_key, a_key_material.mKeyMaterial.mKey.m8, sizeof(a_key_material.mKeyMaterial.mKey.m8)); +#endif +} + #endif // OPENTHREAD_CONFIG_THREAD_VERSION >= OT_THREAD_VERSION_1_2 static esp_openthread_circular_queue_info_t s_recv_queue = {.head = 0, .tail = 0, .used = 0}; @@ -305,7 +317,7 @@ otError otPlatRadioTransmit(otInstance *aInstance, otRadioFrame *aFrame) } esp_ieee802154_get_extended_address(s_security_addr); } - memcpy(s_security_key, s_current_key.mKeyMaterial.mKey.m8, sizeof(s_current_key.mKeyMaterial.mKey.m8)); + ot_set_security_key_from_key_material(s_current_key); esp_ieee802154_set_transmit_security(&aFrame->mPsdu[-1], s_security_key, s_security_addr); } @@ -488,7 +500,11 @@ void otPlatRadioSetMacKey(otInstance *aInstance, uint8_t aKeyIdMode, uint8_t aKe { OT_UNUSED_VARIABLE(aInstance); OT_UNUSED_VARIABLE(aKeyIdMode); +#if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE + assert(aKeyType == OT_KEY_TYPE_KEY_REF); +#else assert(aKeyType == OT_KEY_TYPE_LITERAL_KEY); +#endif // OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE assert(aPrevKey != NULL && aCurrKey != NULL && aNextKey != NULL); s_key_id = aKeyId; @@ -630,7 +646,7 @@ static esp_err_t IRAM_ATTR enh_ack_set_security_addr_and_key(otRadioFrame *ack_f s_with_security_enh_ack = true; if (otMacFrameIsKeyIdMode1(ack_frame)) { esp_ieee802154_get_extended_address(s_security_addr); - memcpy(s_security_key, (*key).mKeyMaterial.mKey.m8, OT_MAC_KEY_SIZE); + ot_set_security_key_from_key_material(*key); } esp_ieee802154_set_transmit_security(&ack_frame->mPsdu[-1], s_security_key, s_security_addr);