From e43120d903ebc1bd3ce1240555aee754958808d3 Mon Sep 17 00:00:00 2001
From: Abtin Keshavarzian <abtink@google.com>
Date: Wed, 6 Nov 2024 00:16:02 -0800
Subject: [PATCH] [coaps] use `LinkSecurityMode` to determine layer two
 security usage (#10899)

This commit updates the `CoapSecure`, `Tmf`, and `SecureTransport`
modules to use the `LinkSecurityMode` enum and its defined constants
to indicate whether or not layer two security should be used. This
replaces the use of boolean input parameters with `kWithLinkSecurity`
or `kNoLinkSecurity` constants, improving code readability.
---
 src/core/coap/coap.cpp                |  2 +-
 src/core/coap/coap_secure.cpp         |  2 +-
 src/core/coap/coap_secure.hpp         |  2 +-
 src/core/common/message.hpp           | 18 +++++++++---------
 src/core/instance/instance.cpp        |  2 +-
 src/core/meshcop/joiner_router.cpp    |  2 +-
 src/core/meshcop/secure_transport.cpp |  2 +-
 src/core/meshcop/secure_transport.hpp |  2 +-
 src/core/net/icmp6.cpp                |  2 +-
 src/core/radio/ble_secure.cpp         |  2 +-
 src/core/thread/mle.cpp               |  2 +-
 src/core/thread/tmf.cpp               |  2 +-
 tests/unit/test_message.cpp           |  2 +-
 13 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/src/core/coap/coap.cpp b/src/core/coap/coap.cpp
index 179122397de..4fa5cc42d3b 100644
--- a/src/core/coap/coap.cpp
+++ b/src/core/coap/coap.cpp
@@ -109,7 +109,7 @@ Message *CoapBase::NewMessage(void) { return NewMessage(Message::Settings::GetDe
 
 Message *CoapBase::NewPriorityMessage(void)
 {
-    return NewMessage(Message::Settings(Message::kWithLinkSecurity, Message::kPriorityNet));
+    return NewMessage(Message::Settings(kWithLinkSecurity, Message::kPriorityNet));
 }
 
 Message *CoapBase::NewPriorityConfirmablePostMessage(Uri aUri)
diff --git a/src/core/coap/coap_secure.cpp b/src/core/coap/coap_secure.cpp
index 305cc010613..057a2ff8dea 100644
--- a/src/core/coap/coap_secure.cpp
+++ b/src/core/coap/coap_secure.cpp
@@ -42,7 +42,7 @@ namespace Coap {
 
 RegisterLogModule("CoapSecure");
 
-CoapSecure::CoapSecure(Instance &aInstance, bool aLayerTwoSecurity)
+CoapSecure::CoapSecure(Instance &aInstance, LinkSecurityMode aLayerTwoSecurity)
     : CoapBase(aInstance, &CoapSecure::Send)
     , mDtls(aInstance, aLayerTwoSecurity)
     , mTransmitTask(aInstance, CoapSecure::HandleTransmit, this)
diff --git a/src/core/coap/coap_secure.hpp b/src/core/coap/coap_secure.hpp
index 413d7976a7f..ad75d7ac4a6 100644
--- a/src/core/coap/coap_secure.hpp
+++ b/src/core/coap/coap_secure.hpp
@@ -69,7 +69,7 @@ class CoapSecure : public CoapBase
      * @param[in]  aInstance           A reference to the OpenThread instance.
      * @param[in]  aLayerTwoSecurity   Specifies whether to use layer two security or not.
      */
-    explicit CoapSecure(Instance &aInstance, bool aLayerTwoSecurity = false);
+    explicit CoapSecure(Instance &aInstance, LinkSecurityMode aLayerTwoSecurity);
 
     /**
      * Starts the secure CoAP agent.
diff --git a/src/core/common/message.hpp b/src/core/common/message.hpp
index 945d2ed4dd6..4441af5804c 100644
--- a/src/core/common/message.hpp
+++ b/src/core/common/message.hpp
@@ -147,6 +147,15 @@ class MessageQueue;
 class PriorityQueue;
 class ThreadLinkInfo;
 
+/**
+ * Represents the link security mode indicating whether to use MAC (layer two) security.
+ */
+enum LinkSecurityMode : bool
+{
+    kNoLinkSecurity   = false, ///< Link security disabled (no link security).
+    kWithLinkSecurity = true,  ///< Link security enabled.
+};
+
 /**
  * Represents a Message buffer.
  */
@@ -308,15 +317,6 @@ class Message : public otMessage, public Buffer, public GetProvider<Message>
 
     static constexpr uint8_t kNumPriorities = 4; ///< Number of priority levels.
 
-    /**
-     * Represents the link security mode (used by `Settings` constructor).
-     */
-    enum LinkSecurityMode : bool
-    {
-        kNoLinkSecurity   = false, ///< Link security disabled (no link security).
-        kWithLinkSecurity = true,  ///< Link security enabled.
-    };
-
     /**
      * Represents the message ownership model when a `Message` instance is passed to a method/function.
      */
diff --git a/src/core/instance/instance.cpp b/src/core/instance/instance.cpp
index 9b4d1ff537a..fc00ce7fe97 100644
--- a/src/core/instance/instance.cpp
+++ b/src/core/instance/instance.cpp
@@ -221,7 +221,7 @@ Instance::Instance(void)
     , mApplicationCoap(*this)
 #endif
 #if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE
-    , mApplicationCoapSecure(*this, /* aLayerTwoSecurity */ true)
+    , mApplicationCoapSecure(*this, kWithLinkSecurity)
 #endif
 #if OPENTHREAD_CONFIG_BLE_TCAT_ENABLE
     , mApplicationBleSecure(*this)
diff --git a/src/core/meshcop/joiner_router.cpp b/src/core/meshcop/joiner_router.cpp
index e7f6d2d1e17..efb466eb439 100644
--- a/src/core/meshcop/joiner_router.cpp
+++ b/src/core/meshcop/joiner_router.cpp
@@ -161,7 +161,7 @@ template <> void JoinerRouter::HandleTmf<kUriRelayTx>(Coap::Message &aMessage, c
     Kek                      kek;
     OffsetRange              offsetRange;
     Message                 *message = nullptr;
-    Message::Settings        settings(Message::kNoLinkSecurity, Message::kPriorityNet);
+    Message::Settings        settings(kNoLinkSecurity, Message::kPriorityNet);
     Ip6::MessageInfo         messageInfo;
 
     VerifyOrExit(aMessage.IsNonConfirmablePostRequest(), error = kErrorDrop);
diff --git a/src/core/meshcop/secure_transport.cpp b/src/core/meshcop/secure_transport.cpp
index 6bd96ce6a46..147a4996d52 100644
--- a/src/core/meshcop/secure_transport.cpp
+++ b/src/core/meshcop/secure_transport.cpp
@@ -61,7 +61,7 @@ const int SecureTransport::kHashes[] = {MBEDTLS_MD_SHA256, MBEDTLS_MD_NONE};
 #endif
 #endif
 
-SecureTransport::SecureTransport(Instance &aInstance, bool aLayerTwoSecurity, bool aDatagramTransport)
+SecureTransport::SecureTransport(Instance &aInstance, LinkSecurityMode aLayerTwoSecurity, bool aDatagramTransport)
     : InstanceLocator(aInstance)
     , mState(kStateClosed)
     , mPskLength(0)
diff --git a/src/core/meshcop/secure_transport.hpp b/src/core/meshcop/secure_transport.hpp
index 765b1730a04..46fa59097cd 100644
--- a/src/core/meshcop/secure_transport.hpp
+++ b/src/core/meshcop/secure_transport.hpp
@@ -139,7 +139,7 @@ class SecureTransport : public InstanceLocator
      * @param[in]  aLayerTwoSecurity    Specifies whether to use layer two security or not.
      * @param[in]  aDatagramTransport   Specifies if dtls of tls connection should be used.
      */
-    explicit SecureTransport(Instance &aInstance, bool aLayerTwoSecurity, bool aDatagramTransport = true);
+    explicit SecureTransport(Instance &aInstance, LinkSecurityMode aLayerTwoSecurity, bool aDatagramTransport = true);
 
     /**
      * Opens the socket.
diff --git a/src/core/net/icmp6.cpp b/src/core/net/icmp6.cpp
index 4bed40f9917..d5a3e2a45a0 100644
--- a/src/core/net/icmp6.cpp
+++ b/src/core/net/icmp6.cpp
@@ -92,7 +92,7 @@ Error Icmp::SendError(Header::Type aType, Header::Code aCode, const MessageInfo
     MessageInfo       messageInfoLocal;
     Message          *message = nullptr;
     Header            icmp6Header;
-    Message::Settings settings(Message::kWithLinkSecurity, Message::kPriorityNet);
+    Message::Settings settings(kWithLinkSecurity, Message::kPriorityNet);
 
     if (aHeaders.GetIpProto() == kProtoIcmp6)
     {
diff --git a/src/core/radio/ble_secure.cpp b/src/core/radio/ble_secure.cpp
index a326c3b2d8e..0604cb123b1 100644
--- a/src/core/radio/ble_secure.cpp
+++ b/src/core/radio/ble_secure.cpp
@@ -48,7 +48,7 @@ RegisterLogModule("BleSecure");
 
 BleSecure::BleSecure(Instance &aInstance)
     : InstanceLocator(aInstance)
-    , mTls(aInstance, false, false)
+    , mTls(aInstance, kNoLinkSecurity, /* aDatagramTransport */ false)
     , mTcatAgent(aInstance)
     , mTlvMode(false)
     , mReceivedMessage(nullptr)
diff --git a/src/core/thread/mle.cpp b/src/core/thread/mle.cpp
index 313599542cf..3c897314345 100644
--- a/src/core/thread/mle.cpp
+++ b/src/core/thread/mle.cpp
@@ -4531,7 +4531,7 @@ Mle::TxMessage *Mle::NewMleMessage(Command aCommand)
 {
     Error             error = kErrorNone;
     TxMessage        *message;
-    Message::Settings settings(Message::kNoLinkSecurity, Message::kPriorityNet);
+    Message::Settings settings(kNoLinkSecurity, Message::kPriorityNet);
     uint8_t           securitySuite;
 
     message = static_cast<TxMessage *>(mSocket.NewMessage(0, settings));
diff --git a/src/core/thread/tmf.cpp b/src/core/thread/tmf.cpp
index 0a868ca4931..9919dc0971c 100644
--- a/src/core/thread/tmf.cpp
+++ b/src/core/thread/tmf.cpp
@@ -273,7 +273,7 @@ Message::Priority Agent::DscpToPriority(uint8_t aDscp)
 #if OPENTHREAD_CONFIG_SECURE_TRANSPORT_ENABLE
 
 SecureAgent::SecureAgent(Instance &aInstance)
-    : Coap::CoapSecure(aInstance)
+    : Coap::CoapSecure(aInstance, kNoLinkSecurity)
 {
     SetResourceHandler(&HandleResource);
 }
diff --git a/tests/unit/test_message.cpp b/tests/unit/test_message.cpp
index fe7a62ea60f..7659a8ac025 100644
--- a/tests/unit/test_message.cpp
+++ b/tests/unit/test_message.cpp
@@ -67,7 +67,7 @@ void TestMessage(void)
     Random::NonCrypto::FillBuffer(writeBuffer, kMaxSize);
 
     VerifyOrQuit((message = messagePool->Allocate(Message::kTypeIp6)) != nullptr);
-    message->SetLinkSecurityEnabled(Message::kWithLinkSecurity);
+    message->SetLinkSecurityEnabled(kWithLinkSecurity);
     SuccessOrQuit(message->SetPriority(Message::Priority::kPriorityNet));
     message->SetType(Message::Type::kType6lowpan);
     message->SetSubType(Message::SubType::kSubTypeJoinerEntrust);