1 /* 2 * Copyright (c) 2016, The OpenThread Authors. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 3. Neither the name of the copyright holder nor the 13 * names of its contributors may be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /** 30 * @file 31 * This file includes definitions for Thread security material generation. 32 */ 33 34 #ifndef KEY_MANAGER_HPP_ 35 #define KEY_MANAGER_HPP_ 36 37 #include "openthread-core-config.h" 38 39 #include <stdint.h> 40 41 #include <openthread/dataset.h> 42 #include <openthread/platform/crypto.h> 43 44 #include "common/as_core_type.hpp" 45 #include "common/clearable.hpp" 46 #include "common/encoding.hpp" 47 #include "common/equatable.hpp" 48 #include "common/locator.hpp" 49 #include "common/non_copyable.hpp" 50 #include "common/random.hpp" 51 #include "common/timer.hpp" 52 #include "crypto/hmac_sha256.hpp" 53 #include "mac/mac_types.hpp" 54 #include "thread/mle_types.hpp" 55 56 namespace ot { 57 58 /** 59 * @addtogroup core-security 60 * 61 * @brief 62 * This module includes definitions for Thread security material generation. 63 * 64 * @{ 65 */ 66 67 /** 68 * Represents Security Policy Rotation and Flags. 69 * 70 */ 71 class SecurityPolicy : public otSecurityPolicy, public Equatable<SecurityPolicy> 72 { 73 public: 74 /** 75 * Offset between the Thread Version and the Version-threshold valid for Routing. 76 * 77 */ 78 static constexpr uint8_t kVersionThresholdOffsetVersion = 3; 79 80 /** 81 * Default Key Rotation Time (in unit of hours). 82 * 83 */ 84 static constexpr uint16_t kDefaultKeyRotationTime = 672; 85 86 /** 87 * Minimum Key Rotation Time (in unit of hours). 88 * 89 */ 90 static constexpr uint16_t kMinKeyRotationTime = 2; 91 92 /** 93 * Initializes the object with default Key Rotation Time 94 * and Security Policy Flags. 95 * 96 */ SecurityPolicy(void)97 SecurityPolicy(void) { SetToDefault(); } 98 99 /** 100 * Sets the Security Policy to default values. 101 * 102 */ 103 void SetToDefault(void); 104 105 /** 106 * Sets the Security Policy Flags. 107 * 108 * @param[in] aFlags The Security Policy Flags. 109 * @param[in] aFlagsLength The length of the Security Policy Flags, 1 byte for 110 * Thread 1.1 devices, and 2 bytes for Thread 1.2 or higher. 111 * 112 */ 113 void SetFlags(const uint8_t *aFlags, uint8_t aFlagsLength); 114 115 /** 116 * Returns the Security Policy Flags. 117 * 118 * @param[out] aFlags A pointer to the Security Policy Flags buffer. 119 * @param[in] aFlagsLength The length of the Security Policy Flags buffer. 120 * 121 */ 122 void GetFlags(uint8_t *aFlags, uint8_t aFlagsLength) const; 123 124 private: 125 static constexpr uint8_t kDefaultFlags = 0xff; 126 static constexpr uint8_t kObtainNetworkKeyMask = 1 << 7; 127 static constexpr uint8_t kNativeCommissioningMask = 1 << 6; 128 static constexpr uint8_t kRoutersMask = 1 << 5; 129 static constexpr uint8_t kExternalCommissioningMask = 1 << 4; 130 static constexpr uint8_t kBeaconsMask = 1 << 3; 131 static constexpr uint8_t kCommercialCommissioningMask = 1 << 2; 132 static constexpr uint8_t kAutonomousEnrollmentMask = 1 << 1; 133 static constexpr uint8_t kNetworkKeyProvisioningMask = 1 << 0; 134 static constexpr uint8_t kTobleLinkMask = 1 << 7; 135 static constexpr uint8_t kNonCcmRoutersMask = 1 << 6; 136 static constexpr uint8_t kReservedMask = 0x38; 137 static constexpr uint8_t kVersionThresholdForRoutingMask = 0x07; 138 139 void SetToDefaultFlags(void); 140 }; 141 142 /** 143 * Represents a Thread Network Key. 144 * 145 */ 146 OT_TOOL_PACKED_BEGIN 147 class NetworkKey : public otNetworkKey, public Equatable<NetworkKey>, public Clearable<NetworkKey> 148 { 149 public: 150 static constexpr uint8_t kSize = OT_NETWORK_KEY_SIZE; ///< Size of the Thread Network Key (in bytes). 151 152 #if !OPENTHREAD_RADIO 153 /** 154 * Generates a cryptographically secure random sequence to populate the Thread Network Key. 155 * 156 * @retval kErrorNone Successfully generated a random Thread Network Key. 157 * @retval kErrorFailed Failed to generate random sequence. 158 * 159 */ GenerateRandom(void)160 Error GenerateRandom(void) { return Random::Crypto::Fill(*this); } 161 #endif 162 163 } OT_TOOL_PACKED_END; 164 165 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 166 /** 167 * Provides a representation for Network Key reference. 168 * 169 */ 170 typedef otNetworkKeyRef NetworkKeyRef; 171 #endif 172 173 /** 174 * Represents a Thread Pre-Shared Key for the Commissioner (PSKc). 175 * 176 */ 177 OT_TOOL_PACKED_BEGIN 178 class Pskc : public otPskc, public Equatable<Pskc>, public Clearable<Pskc> 179 { 180 public: 181 static constexpr uint8_t kSize = OT_PSKC_MAX_SIZE; ///< Size (number of bytes) of the PSKc. 182 183 #if !OPENTHREAD_RADIO 184 /** 185 * Generates a cryptographically secure random sequence to populate the Thread PSKc. 186 * 187 * @retval kErrorNone Successfully generated a random Thread PSKc. 188 * 189 */ GenerateRandom(void)190 Error GenerateRandom(void) { return Random::Crypto::Fill(*this); } 191 #endif 192 } OT_TOOL_PACKED_END; 193 194 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 195 /** 196 * Provides a representation for Network Key reference. 197 * 198 */ 199 typedef otPskcRef PskcRef; 200 #endif 201 202 /** 203 * 204 * Represents a Key Encryption Key (KEK). 205 * 206 */ 207 typedef Mac::Key Kek; 208 209 /** 210 * 211 * Represents a Key Material for Key Encryption Key (KEK). 212 * 213 */ 214 typedef Mac::KeyMaterial KekKeyMaterial; 215 216 /** 217 * Defines Thread Key Manager. 218 * 219 */ 220 class KeyManager : public InstanceLocator, private NonCopyable 221 { 222 public: 223 /** 224 * Determines whether to apply or ignore key switch guard when updating the key sequence. 225 * 226 * Used as input by `SetCurrentKeySequence()`. 227 * 228 */ 229 enum KeySequenceUpdateMode : uint8_t 230 { 231 kApplyKeySwitchGuard, ///< Apply key switch guard check before setting the new key sequence. 232 kForceUpdate, ///< Ignore key switch guard check and forcibly update the key sequence to new value. 233 }; 234 235 /** 236 * Initializes the object. 237 * 238 * @param[in] aInstance A reference to the OpenThread instance. 239 * 240 */ 241 explicit KeyManager(Instance &aInstance); 242 243 /** 244 * Starts KeyManager rotation timer and sets guard timer to initial value. 245 * 246 */ 247 void Start(void); 248 249 /** 250 * Stops KeyManager timers. 251 * 252 */ 253 void Stop(void); 254 255 /** 256 * Gets the Thread Network Key. 257 * 258 * @param[out] aNetworkKey A reference to a `NetworkKey` to output the Thread Network Key. 259 * 260 */ 261 void GetNetworkKey(NetworkKey &aNetworkKey) const; 262 263 /** 264 * Sets the Thread Network Key. 265 * 266 * @param[in] aNetworkKey A Thread Network Key. 267 * 268 */ 269 void SetNetworkKey(const NetworkKey &aNetworkKey); 270 271 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 272 /** 273 * Returns a Key Ref to Thread Network Key. 274 * 275 * @returns A key reference to the Thread Network Key. 276 * 277 */ GetNetworkKeyRef(void) const278 NetworkKeyRef GetNetworkKeyRef(void) const { return mNetworkKeyRef; } 279 280 /** 281 * Sets the Thread Network Key using Key Reference. 282 * 283 * @param[in] aKeyRef Reference to Thread Network Key. 284 * 285 */ 286 void SetNetworkKeyRef(NetworkKeyRef aKeyRef); 287 #endif 288 289 /** 290 * Indicates whether the PSKc is configured. 291 * 292 * A value of all zeros indicates that the PSKc is not configured. 293 * 294 * @retval TRUE if the PSKc is configured. 295 * @retval FALSE if the PSKc is not not configured. 296 * 297 */ IsPskcSet(void) const298 bool IsPskcSet(void) const { return mIsPskcSet; } 299 300 /** 301 * Gets the PKSc. 302 * 303 * @param[out] aPskc A reference to a `Pskc` to return the PSKc. 304 * 305 */ 306 void GetPskc(Pskc &aPskc) const; 307 308 /** 309 * Sets the PSKc. 310 * 311 * @param[in] aPskc A reference to the PSKc. 312 * 313 */ 314 void SetPskc(const Pskc &aPskc); 315 316 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 317 /** 318 * Returns a Key Ref to PSKc. 319 * 320 * @returns A key reference to the PSKc. 321 * 322 */ GetPskcRef(void) const323 const PskcRef &GetPskcRef(void) const { return mPskcRef; } 324 325 /** 326 * Sets the PSKc as a Key reference. 327 * 328 * @param[in] aPskc A reference to the PSKc. 329 * 330 */ 331 void SetPskcRef(PskcRef aKeyRef); 332 #endif 333 334 /** 335 * Returns the current key sequence value. 336 * 337 * @returns The current key sequence value. 338 * 339 */ GetCurrentKeySequence(void) const340 uint32_t GetCurrentKeySequence(void) const { return mKeySequence; } 341 342 /** 343 * Sets the current key sequence value. 344 * 345 * If @p aMode is `kApplyKeySwitchGuard`, the current key switch guard timer is checked and only if it is zero, key 346 * sequence will be updated. 347 * 348 * @param[in] aKeySequence The key sequence value. 349 * @param[in] aUpdateMode Whether or not to apply the key switch guard. 350 * 351 */ 352 void SetCurrentKeySequence(uint32_t aKeySequence, KeySequenceUpdateMode aUpdateMode); 353 354 #if OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE 355 /** 356 * Returns the current MAC key for TREL radio link. 357 * 358 * @returns The current TREL MAC key. 359 * 360 */ GetCurrentTrelMacKey(void) const361 const Mac::KeyMaterial &GetCurrentTrelMacKey(void) const { return mTrelKey; } 362 363 /** 364 * Returns a temporary MAC key for TREL radio link computed from the given key sequence. 365 * 366 * @param[in] aKeySequence The key sequence value. 367 * 368 * @returns The temporary TREL MAC key. 369 * 370 */ 371 const Mac::KeyMaterial &GetTemporaryTrelMacKey(uint32_t aKeySequence); 372 #endif 373 374 /** 375 * Returns the current MLE key Material. 376 * 377 * @returns The current MLE key. 378 * 379 */ GetCurrentMleKey(void) const380 const Mle::KeyMaterial &GetCurrentMleKey(void) const { return mMleKey; } 381 382 /** 383 * Returns a temporary MLE key Material computed from the given key sequence. 384 * 385 * @param[in] aKeySequence The key sequence value. 386 * 387 * @returns The temporary MLE key. 388 * 389 */ 390 const Mle::KeyMaterial &GetTemporaryMleKey(uint32_t aKeySequence); 391 392 #if OPENTHREAD_CONFIG_RADIO_LINK_IEEE_802_15_4_ENABLE 393 /** 394 * Returns the current MAC Frame Counter value for 15.4 radio link. 395 * 396 * @returns The current MAC Frame Counter value. 397 * 398 */ Get154MacFrameCounter(void) const399 uint32_t Get154MacFrameCounter(void) const { return mMacFrameCounters.Get154(); } 400 #endif 401 402 #if OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE 403 /** 404 * Returns the current MAC Frame Counter value for TREL radio link. 405 * 406 * @returns The current MAC Frame Counter value for TREL radio link. 407 * 408 */ GetTrelMacFrameCounter(void) const409 uint32_t GetTrelMacFrameCounter(void) const { return mMacFrameCounters.GetTrel(); } 410 411 /** 412 * Increments the current MAC Frame Counter value for TREL radio link. 413 * 414 */ 415 void IncrementTrelMacFrameCounter(void); 416 #endif 417 418 /** 419 * Gets the maximum MAC Frame Counter among all supported radio links. 420 * 421 * @return The maximum MAC frame Counter among all supported radio links. 422 * 423 */ GetMaximumMacFrameCounter(void) const424 uint32_t GetMaximumMacFrameCounter(void) const { return mMacFrameCounters.GetMaximum(); } 425 426 /** 427 * Sets the current MAC Frame Counter value for all radio links. 428 * 429 * @param[in] aFrameCounter The MAC Frame Counter value. 430 * @param[in] aSetIfLarger If `true`, set only if the new value @p aFrameCounter is larger than current value. 431 * If `false`, set the new value independent of the current value. 432 433 */ 434 void SetAllMacFrameCounters(uint32_t aFrameCounter, bool aSetIfLarger); 435 436 /** 437 * Sets the MAC Frame Counter value which is stored in non-volatile memory. 438 * 439 * @param[in] aStoredMacFrameCounter The stored MAC Frame Counter value. 440 * 441 */ SetStoredMacFrameCounter(uint32_t aStoredMacFrameCounter)442 void SetStoredMacFrameCounter(uint32_t aStoredMacFrameCounter) { mStoredMacFrameCounter = aStoredMacFrameCounter; } 443 444 /** 445 * Returns the current MLE Frame Counter value. 446 * 447 * @returns The current MLE Frame Counter value. 448 * 449 */ GetMleFrameCounter(void) const450 uint32_t GetMleFrameCounter(void) const { return mMleFrameCounter; } 451 452 /** 453 * Sets the current MLE Frame Counter value. 454 * 455 * @param[in] aMleFrameCounter The MLE Frame Counter value. 456 * 457 */ SetMleFrameCounter(uint32_t aMleFrameCounter)458 void SetMleFrameCounter(uint32_t aMleFrameCounter) { mMleFrameCounter = aMleFrameCounter; } 459 460 /** 461 * Sets the MLE Frame Counter value which is stored in non-volatile memory. 462 * 463 * @param[in] aStoredMleFrameCounter The stored MLE Frame Counter value. 464 * 465 */ SetStoredMleFrameCounter(uint32_t aStoredMleFrameCounter)466 void SetStoredMleFrameCounter(uint32_t aStoredMleFrameCounter) { mStoredMleFrameCounter = aStoredMleFrameCounter; } 467 468 /** 469 * Increments the current MLE Frame Counter value. 470 * 471 */ 472 void IncrementMleFrameCounter(void); 473 474 /** 475 * Returns the KEK as `KekKeyMaterial` 476 * 477 * @returns The KEK as `KekKeyMaterial`. 478 * 479 */ GetKek(void) const480 const KekKeyMaterial &GetKek(void) const { return mKek; } 481 482 /** 483 * Retrieves the KEK as literal `Kek` key. 484 * 485 * @param[out] aKek A reference to a `Kek` to output the retrieved KEK. 486 * 487 */ ExtractKek(Kek & aKek)488 void ExtractKek(Kek &aKek) { mKek.ExtractKey(aKek); } 489 490 /** 491 * Sets the KEK. 492 * 493 * @param[in] aKek A KEK. 494 * 495 */ 496 void SetKek(const Kek &aKek); 497 498 /** 499 * Sets the KEK. 500 * 501 * @param[in] aKekBytes A pointer to the KEK bytes. 502 * 503 */ SetKek(const uint8_t * aKekBytes)504 void SetKek(const uint8_t *aKekBytes) { SetKek(*reinterpret_cast<const Kek *>(aKekBytes)); } 505 506 /** 507 * Returns the current KEK Frame Counter value. 508 * 509 * @returns The current KEK Frame Counter value. 510 * 511 */ GetKekFrameCounter(void) const512 uint32_t GetKekFrameCounter(void) const { return mKekFrameCounter; } 513 514 /** 515 * Increments the current KEK Frame Counter value. 516 * 517 */ IncrementKekFrameCounter(void)518 void IncrementKekFrameCounter(void) { mKekFrameCounter++; } 519 520 /** 521 * Returns the KeySwitchGuardTime. 522 * 523 * The KeySwitchGuardTime is the time interval during which key rotation procedure is prevented. 524 * 525 * @returns The KeySwitchGuardTime value in hours. 526 * 527 */ GetKeySwitchGuardTime(void) const528 uint16_t GetKeySwitchGuardTime(void) const { return mKeySwitchGuardTime; } 529 530 /** 531 * Sets the KeySwitchGuardTime. 532 * 533 * The KeySwitchGuardTime is the time interval during which key rotation procedure is prevented. 534 * 535 * Intended for testing only. Changing the guard time will render device non-compliant with the Thread spec. 536 * 537 * @param[in] aGuardTime The KeySwitchGuardTime value in hours. 538 * 539 */ SetKeySwitchGuardTime(uint16_t aGuardTime)540 void SetKeySwitchGuardTime(uint16_t aGuardTime) { mKeySwitchGuardTime = aGuardTime; } 541 542 /** 543 * Returns the Security Policy. 544 * 545 * The Security Policy specifies Key Rotation Time and network administrator preferences 546 * for which security-related operations are allowed or disallowed. 547 * 548 * @returns The SecurityPolicy. 549 * 550 */ GetSecurityPolicy(void) const551 const SecurityPolicy &GetSecurityPolicy(void) const { return mSecurityPolicy; } 552 553 /** 554 * Sets the Security Policy. 555 * 556 * The Security Policy specifies Key Rotation Time and network administrator preferences 557 * for which security-related operations are allowed or disallowed. 558 * 559 * @param[in] aSecurityPolicy The Security Policy. 560 * 561 */ 562 void SetSecurityPolicy(const SecurityPolicy &aSecurityPolicy); 563 564 /** 565 * Updates the MAC keys and MLE key. 566 * 567 */ 568 void UpdateKeyMaterial(void); 569 570 /** 571 * Handles MAC frame counter changes (callback from `SubMac` for 15.4 security frame change). 572 * 573 * This is called to indicate the @p aMacFrameCounter value is now used. 574 * 575 * @param[in] aMacFrameCounter The 15.4 link MAC frame counter value. 576 * 577 */ 578 void MacFrameCounterUsed(uint32_t aMacFrameCounter); 579 580 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 581 /** 582 * Destroys all the volatile mac keys stored in PSA ITS. 583 * 584 */ 585 void DestroyTemporaryKeys(void); 586 587 /** 588 * Destroys all the persistent keys stored in PSA ITS. 589 * 590 */ 591 void DestroyPersistentKeys(void); 592 #endif 593 594 private: 595 static constexpr uint16_t kDefaultKeySwitchGuardTime = 624; // ~ 93% of 672 (default key rotation time) 596 static constexpr uint32_t kKeySwitchGuardTimePercentage = 93; // Percentage of key rotation time. 597 static constexpr bool kExportableMacKeys = OPENTHREAD_CONFIG_PLATFORM_MAC_KEYS_EXPORTABLE_ENABLE; 598 599 static_assert(kDefaultKeySwitchGuardTime == 600 SecurityPolicy::kDefaultKeyRotationTime * kKeySwitchGuardTimePercentage / 100, 601 "Default key switch guard time value is not correct"); 602 603 OT_TOOL_PACKED_BEGIN 604 struct Keys 605 { 606 Mle::Key mMleKey; 607 Mac::Key mMacKey; 608 } OT_TOOL_PACKED_END; 609 610 union HashKeys 611 { 612 Crypto::HmacSha256::Hash mHash; 613 Keys mKeys; 614 GetMleKey(void) const615 const Mle::Key &GetMleKey(void) const { return mKeys.mMleKey; } GetMacKey(void) const616 const Mac::Key &GetMacKey(void) const { return mKeys.mMacKey; } 617 }; 618 619 void ComputeKeys(uint32_t aKeySequence, HashKeys &aHashKeys) const; 620 621 #if OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE 622 void ComputeTrelKey(uint32_t aKeySequence, Mac::Key &aKey) const; 623 #endif 624 625 void ResetKeyRotationTimer(void); 626 void HandleKeyRotationTimer(void); 627 void CheckForKeyRotation(void); 628 629 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 630 void StoreNetworkKey(const NetworkKey &aNetworkKey, bool aOverWriteExisting); 631 void StorePskc(const Pskc &aPskc); 632 #endif 633 634 void ResetFrameCounters(void); 635 636 using RotationTimer = TimerMilliIn<KeyManager, &KeyManager::HandleKeyRotationTimer>; 637 638 static const uint8_t kThreadString[]; 639 640 #if OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE 641 static const uint8_t kHkdfExtractSaltString[]; 642 static const uint8_t kTrelInfoString[]; 643 #endif 644 645 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 646 NetworkKeyRef mNetworkKeyRef; 647 #else 648 NetworkKey mNetworkKey; 649 #endif 650 651 uint32_t mKeySequence; 652 Mle::KeyMaterial mMleKey; 653 Mle::KeyMaterial mTemporaryMleKey; 654 655 #if OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE 656 Mac::KeyMaterial mTrelKey; 657 Mac::KeyMaterial mTemporaryTrelKey; 658 #endif 659 660 Mac::LinkFrameCounters mMacFrameCounters; 661 uint32_t mMleFrameCounter; 662 uint32_t mStoredMacFrameCounter; 663 uint32_t mStoredMleFrameCounter; 664 665 uint16_t mHoursSinceKeyRotation; 666 uint16_t mKeySwitchGuardTime; 667 uint16_t mKeySwitchGuardTimer; 668 RotationTimer mKeyRotationTimer; 669 670 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE 671 PskcRef mPskcRef; 672 #else 673 Pskc mPskc; 674 #endif 675 676 KekKeyMaterial mKek; 677 uint32_t mKekFrameCounter; 678 679 SecurityPolicy mSecurityPolicy; 680 bool mIsPskcSet : 1; 681 }; 682 683 /** 684 * @} 685 */ 686 687 DefineCoreType(otSecurityPolicy, SecurityPolicy); 688 DefineCoreType(otNetworkKey, NetworkKey); 689 DefineCoreType(otPskc, Pskc); 690 691 } // namespace ot 692 693 #endif // KEY_MANAGER_HPP_ 694
