[nrf fromtree] drivers: ieee802154: support Key Identifier Mode > 1

IEEE 802.15.4-2020 defines four possible values for Key Identifier Mode
field of the Auxiliary Security Header. The current ieee802154 driver
API only supports two of them: b00 and b01. This commit adds support for
the two remaining Key Identifier Mode values. It's done by replacing a
field that can only hold Key Index into a field that can holds a pointer
to the entire Key Identifier field.

See IEEE 802.15.4-2020, sections 9.4.2.3 and 9.4.4 for further reference.

Signed-off-by: Jędrzej Ciupis <[email protected]>
(cherry picked from commit 7afeb62)

Author: Jędrzej Ciupis

drivers/ieee802154/ieee802154_nrf5.c

@@ -791,36 +791,24 @@ static void nrf5_iface_init(struct net_if *iface)
 #if defined(CONFIG_NRF_802154_ENCRYPTION)
 static void nrf5_config_mac_keys(struct ieee802154_key *mac_keys)
 {
-	static nrf_802154_key_id_t stored_key_ids[NRF_802154_SECURITY_KEY_STORAGE_SIZE];
-	static uint8_t stored_ids[NRF_802154_SECURITY_KEY_STORAGE_SIZE];
-	uint8_t i;
+	nrf_802154_security_key_remove_all();
 
-	for (i = 0; i < NRF_802154_SECURITY_KEY_STORAGE_SIZE && stored_key_ids[i].p_key_id; i++) {
-		nrf_802154_security_key_remove(&stored_key_ids[i]);
-		stored_key_ids[i].p_key_id = NULL;
-	}
-
-	i = 0;
-	for (struct ieee802154_key *keys = mac_keys; keys->key_value
-			&& i < NRF_802154_SECURITY_KEY_STORAGE_SIZE; keys++, i++) {
+	for (uint8_t i = 0; mac_keys->key_value
+			&& i < NRF_802154_SECURITY_KEY_STORAGE_SIZE; mac_keys++, i++) {
 		nrf_802154_key_t key = {
-			.value.p_cleartext_key = keys->key_value,
-			.id.mode = keys->key_id_mode,
-			.id.p_key_id = &(keys->key_index),
+			.value.p_cleartext_key = mac_keys->key_value,
+			.id.mode = mac_keys->key_id_mode,
+			.id.p_key_id = mac_keys->key_id,
 			.type = NRF_802154_KEY_CLEARTEXT,
 			.frame_counter = 0,
-			.use_global_frame_counter = !(keys->frame_counter_per_key),
+			.use_global_frame_counter = !(mac_keys->frame_counter_per_key),
 		};
 
 		__ASSERT_EVAL((void)nrf_802154_security_key_store(&key),
 			nrf_802154_security_error_t err = nrf_802154_security_key_store(&key),
 			err == NRF_802154_SECURITY_ERROR_NONE ||
 			err == NRF_802154_SECURITY_ERROR_ALREADY_PRESENT,
 			"Storing key failed, err: %d", err);
-
-		stored_ids[i] = *key.id.p_key_id;
-		stored_key_ids[i].mode = key.id.mode;
-		stored_key_ids[i].p_key_id = &stored_ids[i];
 	};
 }
 #endif /* CONFIG_NRF_802154_ENCRYPTION */

include/zephyr/net/ieee802154_radio.h

@@ -224,11 +224,16 @@ struct ieee802154_filter {
 };
 
 struct ieee802154_key {
+	/** Key material */
 	uint8_t *key_value;
+	/** Initial value of frame counter associated with the key, see section 9.4.3 */
 	uint32_t key_frame_counter;
+	/** Indicates if per-key frame counter should be used, see section 9.4.3 */
 	bool frame_counter_per_key;
+	/** Key Identifier Mode, see section 9.4.2.3, Table 9-7 */
 	uint8_t key_id_mode;
-	uint8_t key_index;
+	/** Key Identifier, see section 9.4.4 */
+	uint8_t *key_id;
 };
 
 /** IEEE802.15.4 Transmission mode. */

modules/openthread/platform/radio.c

@@ -1181,20 +1181,14 @@ void otPlatRadioSetMacKey(otInstance *aInstance, uint8_t aKeyIdMode, uint8_t aKe
 	struct ieee802154_key keys[] = {
 		{
 			.key_id_mode = key_id_mode,
-			.key_index = aKeyId == 1 ? 0x80 : aKeyId - 1,
-			.key_value = (uint8_t *)aPrevKey->mKeyMaterial.mKey.m8,
 			.frame_counter_per_key = false,
 		},
 		{
 			.key_id_mode = key_id_mode,
-			.key_index = aKeyId,
-			.key_value = (uint8_t *)aCurrKey->mKeyMaterial.mKey.m8,
 			.frame_counter_per_key = false,
 		},
 		{
 			.key_id_mode = key_id_mode,
-			.key_index = aKeyId == 0x80 ? 1 : aKeyId + 1,
-			.key_value = (uint8_t *)aNextKey->mKeyMaterial.mKey.m8,
 			.frame_counter_per_key = false,
 		},
 		{
@@ -1208,9 +1202,24 @@ void otPlatRadioSetMacKey(otInstance *aInstance, uint8_t aKeyIdMode, uint8_t aKe
 		},
 	};
 
-	/* aKeyId in range: (1, 0x80) means valid keys
-	 * aKeyId == 0 is used only to clear keys for stack reset in RCP
-	 */
+	if (key_id_mode == 1) {
+		/* aKeyId in range: (1, 0x80) means valid keys */
+		uint8_t prev_key_id = aKeyId == 1 ? 0x80 : aKeyId - 1;
+		uint8_t next_key_id = aKeyId == 0x80 ? 1 : aKeyId + 1;
+
+		keys[0].key_id = &prev_key_id;
+		keys[0].key_value = (uint8_t *)aPrevKey->mKeyMaterial.mKey.m8;
+
+		keys[1].key_id = &aKeyId;
+		keys[1].key_value = (uint8_t *)aCurrKey->mKeyMaterial.mKey.m8;
+
+		keys[2].key_id = &next_key_id;
+		keys[2].key_value = (uint8_t *)aNextKey->mKeyMaterial.mKey.m8;
+	} else {
+		/* aKeyId == 0 is used only to clear keys for stack reset in RCP */
+		__ASSERT_NO_MSG((key_id_mode == 0) && (aKeyId == 0));
+	}
+
 	struct ieee802154_config config = {
 		.mac_keys = aKeyId == 0 ? clear_keys : keys,
 	};