From ce955014dbf6824daa93ccb8ee46b6691cbd09d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Duda?= <lukasz.duda@nordicsemi.no>
Date: Sun, 29 Sep 2024 11:10:20 +0200
Subject: [PATCH] [crypto] PSA API: Align derivation of TREL key

---
 src/core/thread/key_manager.cpp | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/core/thread/key_manager.cpp b/src/core/thread/key_manager.cpp
index 8c83bd91be9..1a4ebcec67d 100644
--- a/src/core/thread/key_manager.cpp
+++ b/src/core/thread/key_manager.cpp
@@ -313,7 +313,18 @@ void KeyManager::ComputeTrelKey(uint32_t aKeySequence, Mac::Key &aKey) const
     Crypto::Key        cryptoKey;
 
 #if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
-    cryptoKey.SetAsKeyRef(mNetworkKeyRef);
+    Crypto::Storage::KeyRef keyRef;
+    NetworkKey              networkKey;
+
+    GetNetworkKey(networkKey);
+
+    // Create temporary key to perform derive operation. This might be improved by using key copy operation,
+    // however NetworkKey is exported for the other cases.
+    SuccessOrQuit(Crypto::Storage::ImportKey(keyRef, Crypto::Storage::kKeyTypeDerive,
+                                             Crypto::Storage::kKeyAlgorithmHkdfSha256, Crypto::Storage::kUsageDerive,
+                                             Crypto::Storage::kTypeVolatile, networkKey.m8, NetworkKey::kSize));
+
+    cryptoKey.SetAsKeyRef(keyRef);
 #else
     cryptoKey.Set(mNetworkKey.m8, NetworkKey::kSize);
 #endif
@@ -323,6 +334,10 @@ void KeyManager::ComputeTrelKey(uint32_t aKeySequence, Mac::Key &aKey) const
 
     hkdf.Extract(salt, sizeof(salt), cryptoKey);
     hkdf.Expand(kTrelInfoString, sizeof(kTrelInfoString), aKey.m8, Mac::Key::kSize);
+
+#if OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE
+    Crypto::Storage::DestroyKey(keyRef);
+#endif
 }
 #endif