mirror of
https://github.com/espressif/openthread.git
synced 2026-06-05 21:14:49 +00:00
Yakun Xu
06e210fe89
Retransmissions of frames containing time-dependent header Information Elements (IEs), such as CSL or Time Sync, require updates to these IEs to reflect the exact time of sending. If the frame counter is not incremented for these retransmissions, it leads to nonce reuse in AES-CCM encryption, which is a security vulnerability. This commit addresses this issue by ensuring that every transmission attempt (initial or retry) uses a fresh frame counter: - Deferred security processing from `SubMac::Send()` to `SubMac::BeginTransmit()`. - Upon retransmission in `SubMac::HandleTransmitDone()`, the frame is restored to plaintext via `TxFrame::DecryptTransmitAesCcm()` and security flags are cleared. - This allows time-dependent IEs to be updated and a new frame counter to be assigned for every attempt. Added a Nexus test case `retransmission_security` to verify that both CSL and standard MAC retransmissions use incrementing frame counters and updated CSL phases.