The PSA platform now transparently handles HKDF operations when using
HMAC-SHA256 keys by exporting and re-importing them as volatile
HKDF-SHA256 keys. The export/import logic has been moved into the
platform layer. This change is required to support TREL and the PSA API
key usage restrictions.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit adds two new functions, `otPlatCryptoCAlloc` and
`otPlatCryptoFree`, which provide dynamic memory management for the
crypto subsystem. They are only enabled when
`OPENTHREAD_CONFIG_HEAP_EXTERNAL_ENABLE` is set.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit removes otPlatCryptoInit API and moves responsibility of
initializing the Crypto subsystem to the platform.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit enables PSA native ITS implementation in the build system
for simulation and test platforms.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit configures the
OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE based on the chosen
crypto library.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit adds a default implementation of the OpenThread crypto
platform API for the PSA Crypto API.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit updates the default TTL values used for mDNS records to
better align with the recommendations.
Previously, a single `kDefaultTtl` of 120 seconds was used for all
records when the registered entry did not explicitly specify the TTL
to use. This commit introduces separate default TTLs:
- `kDefaultAddrTtl` for address records (`AAAA`, `A`) is kept at
120 seconds.
- `kDefaultServiceTtl` for all service records (`PTR`, `SRV`, `TXT`)
is set to 4500 seconds.
- `kDefaultKeyTtl` is also updated to 4500 seconds for `KEY` records.
The code is updated to use the appropriate default TTL based on the
record type.
This commit implements `otPlatDnssdStartBrowser` and
`otPlatDnssdStopBrowser` to support service discovery on NCP.
The platform APIs are intended to be used by
`ServiceDiscovery::Server::DiscoveryProxy` for discovery
functionality. This commit only supports browser for now and will
suppport Srv/Txt/Address resolver in other commits to avoid this
commit from being too large.
This commit contains these changes:
* Add new spinel property for starting / stopping service browser
* Implement encoding/decoding of the new property
* Add unit test for encoding/decoding
* Implement ncp version of dnssd platform API
`otPlatDnssdStartBrowser` and `otPlatDnssdStopBrowser`
* Add property handler to get browser result on NCP side
* Add unit test to verify that the browser callback is correctly
invoked after getting browser result.
This commit introduces support for discovering NAT64 prefixes as
specified in RFC 8781.
The key changes include:
- New `Nat64PrefixInfoOption`: A new `Nat64PrefixInfoOption` class is
added to represent the PREF64 option in ND messages. This handles
parsing the prefix and its lifetime from incoming RAs.
- `RxRaTracker` Enhancement: The `RxRaTracker` is updated to process
`Nat64PrefixInfoOption` from RAs. It now maintains a list of
discovered NAT64 prefixes from routers on the infrastructure link
and determines a "favored" prefix among them.
- `RoutingManager` Update: The `Nat64PrefixManager` is enhanced to
utilize the RA-discovered prefix.
- `test_routing_manager` Update: The `TestNat64PrefixSelection` is
updated to include cases with RA-discovered prefixes.
Adds a new state, `mInitialDiscoveryFinished`, to `RxRaTracker` to
track the completion of the initial router discovery (RS transmission)
process. A new method, `IsInitialRouterDiscoveryFinished()`, exposes
this state.
This new method replaces `IsRsTxInProgress()`, which previously
checked if any RS transmission was ongoing. The new model ensures
the initial discovery is tracked only once after `RxRaTracker`
starts, rather than every time RS messages are sent (e.g., due to
stale timer expiration).
Additionally, the `RoutingManager` now checks this state and ignores
incoming RS messages until the initial router discovery is complete.
This prevents the BR from replying to its own RS messages or sending
an RA prematurely with incomplete information before all routers
are discovered and decision factors are determined.
Multicast addresses with scope larger than `RealmLocal` are no longer
subject to the standard receive filter. They are passed directly to
the host callback, allowing delivery and forwarding by the host.
This fixes a scenario where a `Thread Border Router` receives a
larger-scope multicast from a `Thread Device`. Previously, if the
Border Router was listening on the same multicast address and port,
the receive filter could drop the packet, preventing it from being
forwarded to other interfaces.
This adds support for the TMF command to enable TCAT remotely. A test
is added that uses the 'UDP send' mechanism to send the new TMF
command to a target node.
Some fixes/additions to the test framework are made to support the new
test, including a new argument for udp_send() to send a specific byte
array and udp_rx() to receive data by a UDP client on a node.
This commit introduces a direct callback mechanism from `RxRaTracker`
to `MultiAilDetector` to signal changes in decision factors. This is
in preparation of future changes allowing `MultiAilDetector` to run
independently of `RoutingManager`.
Previously, `RxRaTracker` would signal `RoutingManager`, which in turn
would call `MultiAilDetector::Evaluate()`. This commit refactors this
interaction by adding a new `HandleRxRaTrackerDecisionFactorChanged()`
method to `MultiAilDetector`.
`RxRaTracker` can run independently of `RoutingManager`. Its stale timer
callback should check its own running state (`mIsRunning`) instead of
`RoutingManager`'s state.
This commit corrects the logic in `HandleStaleTimer()` to use the local
`mIsRunning` flag.
This commit introduces the `ChildUpdateResponseInfo` struct to
encapsulate parameters for sending "Child Update Response" messages.
The new struct holds the list of TLVs to include, the received
challenge, and the destination address.
Related methods such as `SendChildUpdateResponse()` are updated to use
the new struct. This simplifies the method signatures by reducing the
number of arguments and improves code clarity by grouping related
data.
Verifies that the peer and socket addresses in `Mle::HandleUdpReceive`
are link-local. This ensures that MLE messages are only processed
from link-local addresses, which is a requirement of the Thread
specification.
The P2P peer can be woken up using the wake-up identifier. The wake-up identifier
is included in the Connection IE. This commit implements methods to the Connection IE
and Frame to process wake-up identifier.
This change modifies the handling of incoming ICMPv6 ND messages on the
infrastructure interface. `InfraIf::HandledReceived()` now inspects the
message type and calls the appropriate handler directly.
- Router Advertisement (RA) and Neighbor Advertisement (NA) messages are
now passed directly to `RxRaTracker::HandleRouterAdvertisement()` and
`RxRaTracker::HandleNeighborAdvertisement()` respectively.
- The generic `RoutingManager::HandleReceived()` method is removed.
`RoutingManager` now only handles Router Solicit (RS) messages via
`RoutingManager::HandleRouterSolicit()`.
This simplifies code and gives `RxRaTracker` direct ownership of RA
and NA processing, which aligns better with its role of tracking
information from received RAs and allowing it to run independently of
the `RoutingManager`.
This change moves the `MultiAilDetector` class from being a nested
class within `RoutingManager` to its own dedicated `.hpp` and `.cpp`
files.
An instance of `MultiAilDetector` is now owned by the top-level
`Instance` class, making it a sibling component to `RoutingManager`
and other core components.
This is purely a code organization change and introduces no functional
or logic changes. This prepares for future changes where
`MultiAilDetector` may operate independently of `RoutingManager`.
This change introduces a mechanism to control the `RxRaTracker` from
multiple sources.
A new method `RxRaTracker::SetEnabled()` is added, which accepts a
`Requester` enum. The tracker now maintains separate enable flags for
each requester (e.g., `RoutingManager`).
The `RxRaTracker` will start only when at least one requester has
enabled it AND the infrastructure interface is initialized and running.
It stops when all requesters have disabled it or when the interface
goes down.
The `Start()` and `Stop()` methods are now private, managed by a new
`UpdateState()` method to centralize the state logic. `InfraIf` is
updated to notify `RxRaTracker` of state changes.
Introduces a new private method `Mle::SendChildUpdateRejectResponse()`
to consolidate the logic for sending a reject response to a
"Child Update Request".
This new method creates a response containing the Source Address TLV,
Status TLV, and (if applicable) Response TLV.
The new method is now used in `Mle::HandleChildUpdateRequestOnChild()`
when the device is not a parent of the sender, and in
`Mle::HandleChildUpdateRequestOnParent()` when a request from an
unknown child is received. This change removes duplicated code from
both locations.
The macro MBEDTLS_SSL_EXPORT_KEYS is added to OT in PR #7025, it is used to
ensure mbedtls_ssl_key_export_type is defined. However, the macro
MBEDTLS_SSL_EXPORT_KEYS has been removed from the mbedtls since mbedtls-3.1.0.
If developers use external mbedtls repo with version 3.1.0 or higher
versions, and missed to define MBEDTLS_SSL_EXPORT_KEYS, it will cause
the KEK won't be set to the KeyManager.
This commit checks whether the mbedtls version is equal to or higher than
3.1.0 to ensure mbedtls_ssl_key_export_type is defined.
Ensure the same challenge is used for all "Child Update Request"
messages sent to the parent while trying to restore the previous
child role.
The challenge is now generated once when the child role restoration
process starts in `PrevRoleRestorer::Start`. This prevents a
situation where a new challenge from a retry could invalidate a
delayed but valid response from the parent that contained the
previous challenge.
The application of the P2P module may only record the P2P peer's
link-local address for communication. This commit adds an API to
convert the peer's link-local unicast address to the peer's extended
address for tearing down the P2P link.
This change moves the management of the infrastructure interface state
out of the `RoutingManager` and centralizes it within the `InfraIf`
class. This makes `InfraIf` a more self-contained component and
simplifies the logic in `RoutingManager`.
The `RoutingManager` now depends on an initialized `InfraIf`. Its
`Init()` method is simplified and is now called from
`InfraIf::Init()`.
The public API `otBorderRoutingInit()` now directly initializes the
`InfraIf`. The `InfraIf::Init()` method is updated to support
re-initialization, allowing to switch to a new interface. When
switching, it ensures that components on the previous interface are
stopped before restarting on the new one.
After the P2P link is established, the P2P peer's extended address is
returned as the P2P handle. This commit adds an API to convert the
peer's extended address to the peer's link-local unicast address.
This commit introduces a new feature to parse the MeshCoP service TXT
data from a Border Agent.
The new API `otBorderAgentTxtDataParse()` allows parsing the raw TXT
data into a structured `otBorderAgentTxtDataInfo` object. This can be
used by applications to inspect the capabilities and status of a
discovered Border Agent.
Config `OPENTHREAD_CONFIG_BORDER_AGENT_TXT_DATA_PARSER_ENABLE` controls
this new feature.
The existing test for the Border Agent is updated to validate the new
parser and its output.
This change refines the content of the `ChildUpdateResponse` message
to avoid sending additional TLVs when rejecting a request.
The `ChildUpdateResponse` message is now tailored based on the
triggering `ChildUpdateRequest`. Specifically:
- When rejecting a `ChildUpdateRequest` (and including a Status TLV),
the response will only include a Source Address TLV, a Status TLV,
and, if sent in response to a `ChildUpdateRequest` that contained a
Challenge TLV, a Response TLV.
- The reject response will no longer include the Leader Data, MLE
Frame Counter, and Link Frame Counter TLVs.
- Any requested TLVs (from the `TLV Request TLV` in the
`ChildUpdateRequest`) are now only included in the response when
the request is accepted.
This change updates the jitter calculation for the SRP client's retry
mechanism.
Previously, a fixed jitter value was used. This could lead to
synchronized retries from multiple clients, especially as the retry
interval grows.
The new implementation calculates the jitter as a fraction of the
current retry interval (1/5th), ensuring that the jitter scales with
the wait time. This helps to better decorrelate retries from different
clients.
A new constant `kRetryJitterDivisor` is introduced for this
calculation. The jitter is clamped to a minimum value given by
`kRetryIntervalJitter`.
This commit adds `Dns::Name::ValidateName()` and `ValidateLabel()`
helper methods to validate a DNS name or label.
These methods are used at the entry of the mDNS `Register*()` and
`Unregister*()` public APIs to validate the provided host, service,
and key names. This prevents issues with malformed names and improves
the robustness of the mDNS module.
Includes unit tests for the new validation methods.
Introduces a new method `ValidateTlvs()` on `NetworkData` to perform
structural validation of all TLVs within the network data.
This new validation is invoked from `Leader::SetNetworkData()` when
receiving new network data. If the new data fails validation, it is
rejected, and the previous network data is restored. This prevents a
device from accepting and propagating malformed network data, which
could lead to parsing errors or undefined behavior on devices.
The validation checks include:
- All TLVs and sub-TLVs are within the network data buffer bounds.
- Known TLV types like `PrefixTlv` and `ServiceTlv` are well-formed
by calling their respective `IsValid()` methods.
- Container TLVs like `BorderRouterTlv` and `HasRouteTlv` have a
length that is an exact multiple of their entry size.
This commit removes a misleading TODO comment in the NAT64 prefix
manager.
The TODO suggested changing the NAT64 prefix publisher check to use
the RLOC16 of the entry in the Network Data. However, this approach is
flawed in scenarios with multiple Border Routers.
When multiple BRs publish the same NAT64 prefix with the same
preference, `FindPreferredNat64Prefix()` may return an entry published
by a different BR. An RLOC16 check would then incorrectly cause the
current BR to believe it did not publish the prefix, potentially
leading it to withdraw its entry and cause network instability.
This commit renames NAT64 prefix discovery handler functions in
`RoutingManager` and `Nat64PrefixManager` to be more specific. This is
a non-functional refactoring that improves code clarity and
maintainability.
The new names, `HandleInfraIfDiscoverNat64PrefixDone` and
`HandleInfraIfDiscoverDone`, clarify that these handlers are for NAT64
prefixes discovered on the infrastructure interface.
This change makes the code easier to understand and prepares it for
potential future enhancements, such as discovering NAT64 prefixes from
Router Advertisements.
This commit makes the callback handlers in `InfraIf` private and
declares the C-style platform functions as friends.
This change improves encapsulation by restricting the visibility of
these internal handler methods. The public API of `InfraIf` is made
cleaner, and only the intended callers (the platform callbacks) are
granted access.
This change modifies `HandleChildUpdateRequest()` to allow a detached
child that is restoring its previous role to process a "Child Update
Request" from its former parent.
When in this state, the device will respond to the request but will
not save any of the content (TLVs) from the message, as the child has
not yet established trust with any device (including its former
parent) and therefore cannot authenticate the freshness of the
received request.
This change handles the scenario where a child and its parent may be
reset simultaneously. It allows the parent to first restore its link
with the child through a "Child Update" exchange, which can then be
followed by the child sending its own "Child Update Request" to
re-establish the link. Without this change, a communication impasse
could occur where the parent rejects the child's request (as the
child is not yet valid), and the child ignores the parent's request
(as it is not yet attached). This change prevents devices from
resorting to a full re-attachment, thereby improving network
resilience and recovery time.
A new test is added to emulate this scenario and verify that the child
restores its role correctly without performing a full attach.
Adds a destructor to the `Dns::Client` class to ensure that `Stop()`
is called when a `Client` object is destroyed (freeing all allocated
queries).
This change prevents false memory leak reports from fuzzer tests when
an `ot::Instance` is destroyed during ongoing DNS queries (retries).
This commit moves the `InfraIf` member from `RoutingManager` to be
owned directly by the `Instance`.
This change aligns the ownership of `InfraIf` with other core
components and simplifies dependencies. Decoupling `InfraIf` from
`RoutingManager` allows it to be accessed separately.
This change makes the NAT64-related method in `InfraIf`
conditionally compiled based on the configuration
`OPENTHREAD_CONFIG_NAT64_BORDER_ROUTING_ENABLE`.
The methods `DiscoverNat64Prefix()`, `DiscoverNat64PrefixDone()`,
and are now entirely excluded from the build when NAT64 border
routing is disabled.
This change introduces compile-time validation for the `kEntries`
array in `uri_paths.cpp` to ensure the array's order matches the
`Uri` enum definitions.
A new `constexpr` function, `AreConstStringsEqual()`, is added to allow
for string comparisons at compile time, which is necessary for use
within `static_assert` in C++11.
A series of `static_assert()` checks are added to `uri_paths.cpp`.
These assertions verify that each URI path string in the `kEntries`
lookup table is correctly placed at the index corresponding to its
`UriPath` enum value.
This prevents potential bugs caused by accidental reordering of either
the enum or the array, ensuring the mapping between them remains
correct. If the order is changed incorrectly, the build will now fail,
immediately alerting the developer.
`cli_coap.cpp` and `cli_coap_secure.cpp` both try to print `uint32_t`
values with `%i`, which causes build errors on some systems.
This commit uses `%lu` together with `ToUlong` to fix this and make
the code more portable.
Additionally, `%u` was used to print unsigned values instead of `%i`
This commit introduces a new `MeshCoP::BorderAgent::TxtData` class to
encapsulate the logic for preparing the Border Agent's MeshCoP
service TXT data.
The TXT data generation logic is moved from the `BorderAgent::Manager`
into the new `TxtData` class. This refactoring improves modularity
and maintainability and prepares for the future addition of a MeshCoP
TXT data parser.
This change moves the `RsSender` class from `RoutingManager` to
`RxRaTracker`.
The `RxRaTracker` is responsible for tracking received Router
Advertisements (RAs). Since sending Router Solicitations (RS) is the
mechanism to discover routers and solicit RAs, it is more appropriate
for `RxRaTracker` to own the `RsSender`.
This improves the separation of concerns by centralizing the logic for
both sending RS messages and processing the resulting RAs within the
`RxRaTracker` class. The `RoutingManager` is now decoupled from the
details of the RS transmission process.
The `IsRsTxInProgress()` method is also moved to `RxRaTracker` and its
Doxygen documentation is improved to provide more detail on the RS
transmission process.
Ashish Sharma