-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[border-agent] mechanism to use ephemeral key #9435
Conversation
Size Report of OpenThread
|
f6c4de9
to
def9396
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #9435 +/- ##
==========================================
+ Coverage 72.14% 78.35% +6.21%
==========================================
Files 362 566 +204
Lines 37390 82181 +44791
==========================================
+ Hits 26975 64394 +37419
- Misses 10415 17787 +7372
|
def9396
to
075c0ae
Compare
I know this is just an initial POC but wondering if there are plans to allow the caller to specify the timeout, ideally dynamically or as a static compile time value in the build config? Having a dedicated port for this may also be beneficial assuming that does not add too much additional complexity |
075c0ae
to
0769383
Compare
We can set the timeout value in About port number, I think it may be a good idea to allow caller to set the port as well in the API call. Can add this later. |
The new push changes the API so that the input |
Agree with allowing the user to set the port. A future extension this enables would be to allow something like an optional rate limit policy on the port (enforced by the ot process) just for example. Plus other nice security auditing features and increased ability to isolate and debug problems |
2cac95e
to
5980995
Compare
In new pushed commit, added a |
5980995
to
b9dce4b
Compare
For the timeout value setting, should we apply a maximum timeout? Something in the order of 10 minutes? This is to ensure that accidentally a very long timeout is set for the ephemeral key then after some waiting time a Commissioner X is able to connect again to the BR. This Commissioner X may be using the regular PSKc saved in the app to connect. The ephemeral key in this case was maybe not captured by the user (e.g. the process failed: phone couldn't scan QR code, or user mistyped a displayed code, or user got distracted halfway through the process and did not get back to it etc.) Now the user tries to connect back using the good old Commission X which suddenly doesn't work anymore. |
Good idea. Will add 10 minute max timeout in next push. Would be good to define the max in spec as well. |
e7152ab
to
1842907
Compare
1842907
to
7a6ac26
Compare
7a6ac26
to
f9a3b6d
Compare
In latest push updated the code to ensure ephemeral key can be used once. Updated the API/CLI documentation to mention this. |
ba95ffe
to
b414f14
Compare
993f603
to
6eaced0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
This commit adds a new mechanism in `BorderAgent` to allow the use of ephemeral key. New `otBorderAgentSetEphemeralKey` API is added to allow user to set an ephemeral key. The ephemeral key is used instead of PSKc from Operation Dataset for a given timeout duration. New API `otBorderAgentClearEphemeralKey` allows users to cancel the ephemeral key before its timeout expires. While the timeout interval is in effect, the ephemeral key can be used only once by an external commissioner to connect. Once the commissioner disconnects, the ephemeral key is cleared, and Border Agent reverts to using PSKc. This commit adds a callback mechanism to signal changes related to the Border Agent's (BA) use of an ephemeral key. It is invoked when the BA starts/stops using the key, or when parameters (e.g., port number) change. This commit also adds CLI command under `ba ephemeralkey` for the new APIs along with test script validating the new APIs.
This commit adds a new mechanism in
BorderAgent
to allow the use of ephemeral key. NewotBorderAgentSetEphemeralKey
API is added to allow user to set an ephemeral key. The ephemeral key is used instead of PSKc from Operation Dataset for a given timeout duration. New APIotBorderAgentClearEphemeralKey
allows users to cancel the ephemeral key before its timeout expires. While the timeout interval is in effect, the ephemeral key can be used only once by an external commissioner to connect. Once the commissioner disconnects, the ephemeral key is cleared, and Border Agent reverts to using PSKc.This commit adds a callback mechanism to signal changes related to the Border Agent's use of an ephemeral key. It is invoked when the BA starts/stops using the key, or when parameters (e.g., port number) change.
This commit also adds CLI command under
ba ephemeralkey
for the new APIs.Related to SPEC-1216