[WIP] key kamanager / leave and join

LuDuda · LuDuda · commit 4c303f781fd0 · 2025-02-24T00:45:20.000+01:00
diff --git a/src/core/thread/key_manager.cpp b/src/core/thread/key_manager.cpp
@@ -179,17 +179,10 @@ KeyManager::KeyManager(Instance &aInstance)
     otPlatCryptoInit();
 
 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
-    {
-        NetworkKey networkKey;
-
-        mNetworkKeyRef = Crypto::Storage::kInvalidKeyRef;
-        mPskcRef       = Crypto::Storage::kInvalidKeyRef;
-
-        IgnoreError(networkKey.GenerateRandom());
-        StoreNetworkKey(networkKey, /* aOverWriteExisting */ false);
-    }
+    mNetworkKeyRef = Crypto::Storage::kInvalidKeyRef;
+    mPskcRef       = Crypto::Storage::kInvalidKeyRef;
 #else
-    IgnoreError(mNetworkKey.GenerateRandom());
+    mNetworkKey.Clear();
     mPskc.Clear();
 #endif
 
@@ -200,6 +193,22 @@ void KeyManager::Start(void)
 {
     mKeySwitchGuardTimer = 0;
     ResetKeyRotationTimer();
+
+#if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
+    NetworkKey networkKey;
+
+    // Generate random Network Key, if there is none currently.
+    if (mNetworkKeyRef == Crypto::Storage::kInvalidKeyRef)
+    {
+        IgnoreError(networkKey.GenerateRandom());
+        SetNetworkKey(networkKey);
+    }
+#else
+    if(mNetworkKey.IsEmpty())
+    {
+        mNetworkKey.GenerateRandom();
+    }
+#endif
 }
 
 void KeyManager::Stop(void) { mKeyRotationTimer.Stop(); }
@@ -345,6 +354,12 @@ void KeyManager::UpdateKeyMaterial(void)
 {
     HashKeys hashKeys;
 
+#if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
+    VerifyOrExit(Crypto::Storage::IsKeyRefValid(mNetworkKeyRef));
+#else
+    VerifyOrExit(!mNetworkKey.IsEmpty());
+#endif
+
     ComputeKeys(mKeySequence, hashKeys);
 
     mMleKey.SetFrom(hashKeys.GetMleKey());
@@ -375,6 +390,9 @@ void KeyManager::UpdateKeyMaterial(void)
         mTrelKey.SetFrom(key);
     }
 #endif
+
+exit:
+    return;
 }
 
 void KeyManager::SetCurrentKeySequence(uint32_t aKeySequence, KeySeqUpdateFlags aFlags)
@@ -711,7 +729,13 @@ void KeyManager::DestroyTemporaryKeys(void)
     Get<Mac::Mac>().ClearMode2Key();
 }
 
-void KeyManager::DestroyPersistentKeys(void) { Get<Crypto::Storage::KeyRefManager>().DestroyPersistentKeys(); }
+void KeyManager::DestroyPersistentKeys(void)
+{
+    Get<Crypto::Storage::KeyRefManager>().DestroyPersistentKeys();
+
+    mNetworkKeyRef = Crypto::Storage::kInvalidKeyRef;
+    mPskcRef       = Crypto::Storage::kInvalidKeyRef;
+}
 
 #endif // OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
 
diff --git a/src/core/thread/key_manager.hpp b/src/core/thread/key_manager.hpp
@@ -148,6 +148,25 @@ class NetworkKey : public otNetworkKey, public Equatable<NetworkKey>, public Cle
      * @retval kErrorFailed   Failed to generate random sequence.
      */
     Error GenerateRandom(void) { return Random::Crypto::Fill(*this); }
+
+    /**
+     * Checks if the  Network Key is empty (all bytes are zero).
+     *
+     * @retval true   The key is empty.
+     * @retval false  The key is not empty.
+     */
+    bool IsEmpty(void)
+    {
+        for (uint8_t i = 0; i < kSize; i++)
+        {
+            if (m8[i] != 0)
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
 #endif
 
 } OT_TOOL_PACKED_END;
diff --git a/tests/toranj/ncp/test-002-form.py b/tests/toranj/ncp/test-002-form.py
@@ -90,13 +90,11 @@
 
 node.set(wpan.WPAN_PANID, '0x1977')
 node.set(wpan.WPAN_XPANID, '1020031510006016', binary_data=True)
-node.set(wpan.WPAN_KEY, '0123456789abcdeffecdba9876543210', binary_data=True)
 
 node.form('mazda', channel=12)
 verify(node.get(wpan.WPAN_STATE) == wpan.STATE_ASSOCIATED)
 verify(node.get(wpan.WPAN_NAME) == '"mazda"')
 verify(node.get(wpan.WPAN_CHANNEL) == '12')
-verify(node.get(wpan.WPAN_KEY) == '[0123456789ABCDEFFECDBA9876543210]')
 verify(node.get(wpan.WPAN_PANID) == '0x1977')
 verify(node.get(wpan.WPAN_XPANID) == '0x1020031510006016')
 
