Merge commit '53e16d679d1e78746dfa09b8ed5e36e280702ec9' into feature-wisun

* commit '53e16d679d1e78746dfa09b8ed5e36e280702ec9': Squashed 'features/nanostack/sal-stack-nanostack/' changes from 9a1b35398c..7e3b99c375
2020-09-15 13:19:10 +03:00 · 2020-09-15 13:19:10 +03:00 · 29fc103fdb
parent 57d32285c6 53e16d679d
commit 29fc103fdb
7 changed files with 50 additions and 30 deletions
--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.c
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.c
@ -108,7 +108,7 @@ typedef struct {
    bool gtk_new_act_time_exp: 1;                            /**< GTK new activation time expired */
 } pae_auth_t;

-static int8_t ws_pae_auth_network_keys_from_gtks_set(pae_auth_t *pae_auth);
+static int8_t ws_pae_auth_network_keys_from_gtks_set(pae_auth_t *pae_auth, bool force_install);
 static int8_t ws_pae_auth_active_gtk_set(pae_auth_t *pae_auth, uint8_t index);
 static int8_t ws_pae_auth_network_key_index_set(pae_auth_t *pae_auth, uint8_t index);
 static void ws_pae_auth_free(pae_auth_t *pae_auth);
@ -345,7 +345,7 @@ void ws_pae_auth_start(protocol_interface_info_entry_t *interface_ptr)
    pae_auth->nw_info_updated(pae_auth->interface_ptr);

    // Inserts keys and updates GTK hash on stack
-    ws_pae_auth_network_keys_from_gtks_set(pae_auth);
+    ws_pae_auth_network_keys_from_gtks_set(pae_auth, false);

    // Sets active key index
    ws_pae_auth_network_key_index_set(pae_auth, index);
@ -362,7 +362,7 @@ void ws_pae_auth_gtks_updated(protocol_interface_info_entry_t *interface_ptr)
        return;
    }

-    ws_pae_auth_network_keys_from_gtks_set(pae_auth);
+    ws_pae_auth_network_keys_from_gtks_set(pae_auth, false);
 }

 int8_t ws_pae_auth_nw_key_index_update(protocol_interface_info_entry_t *interface_ptr, uint8_t index)
@ -470,7 +470,7 @@ int8_t ws_pae_auth_node_access_revoke_start(protocol_interface_info_entry_t *int

    // Adds new GTK
    ws_pae_auth_gtk_key_insert(pae_auth);
-    ws_pae_auth_network_keys_from_gtks_set(pae_auth);
+    ws_pae_auth_network_keys_from_gtks_set(pae_auth, false);

    // Update keys to NVM as needed
    pae_auth->nw_info_updated(pae_auth->interface_ptr);
@ -535,8 +535,11 @@ int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, u
    }
    pae_auth->pan_id = pan_id;

+    bool force_install = false;
    if (strlen((char *) &pae_auth->network_name) > 0 && strcmp((char *) &pae_auth->network_name, network_name) != 0) {
        update_keys = true;
+        // Force GTK install to update the new network name to GAK
+        force_install = true;
    }
    strcpy((char *) &pae_auth->network_name, network_name);

@ -548,7 +551,7 @@ int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, u
        pae_auth->nw_keys_remove(pae_auth->interface_ptr);
    }

-    ws_pae_auth_network_keys_from_gtks_set(pae_auth);
+    ws_pae_auth_network_keys_from_gtks_set(pae_auth, force_install);

    int8_t index = sec_prot_keys_gtk_status_active_get(pae_auth->sec_keys_nw_info->gtks);
    if (index >= 0) {
@ -559,7 +562,7 @@ int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, u
    return 0;
 }

-static int8_t ws_pae_auth_network_keys_from_gtks_set(pae_auth_t *pae_auth)
+static int8_t ws_pae_auth_network_keys_from_gtks_set(pae_auth_t *pae_auth, bool force_install)
 {
    // Authenticator keys are always fresh
    sec_prot_keys_gtk_status_all_fresh_set(pae_auth->sec_keys_nw_info->gtks);
@ -571,7 +574,7 @@ static int8_t ws_pae_auth_network_keys_from_gtks_set(pae_auth_t *pae_auth)
    }

    if (pae_auth->nw_key_insert) {
-        pae_auth->nw_key_insert(pae_auth->interface_ptr, pae_auth->sec_keys_nw_info->gtks);
+        pae_auth->nw_key_insert(pae_auth->interface_ptr, pae_auth->sec_keys_nw_info->gtks, force_install);
    }

    return 0;
@ -716,7 +719,7 @@ void ws_pae_auth_slow_timer(uint16_t seconds)
                        if (second_index < 0) {
                            tr_info("GTK new install required active index: %i, time: %"PRIu32", system time: %"PRIu32"", active_index, timer_seconds, protocol_core_monotonic_time / 10);
                            ws_pae_auth_gtk_key_insert(pae_auth);
-                            ws_pae_auth_network_keys_from_gtks_set(pae_auth);
+                            ws_pae_auth_network_keys_from_gtks_set(pae_auth, false);
                            // Update keys to NVM as needed
                            pae_auth->nw_info_updated(pae_auth->interface_ptr);
                        } else {
@ -744,7 +747,7 @@ void ws_pae_auth_slow_timer(uint16_t seconds)
            if (timer_seconds == 0) {
                tr_info("GTK expired index: %i, system time: %"PRIu32"", i, protocol_core_monotonic_time / 10);
                ws_pae_auth_gtk_clear(pae_auth, i);
-                ws_pae_auth_network_keys_from_gtks_set(pae_auth);
+                ws_pae_auth_network_keys_from_gtks_set(pae_auth, false);
                // Update keys to NVM as needed
                pae_auth->nw_info_updated(pae_auth->interface_ptr);
            }
--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.h
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.h
@ -207,12 +207,13 @@ typedef void ws_pae_auth_gtk_hash_set(protocol_interface_info_entry_t *interface
 *
 * \param interface_ptr interface
 * \param gtks group keys
+ * \param force_install TRUE force install keys, FALSE install keys only if GTKs has changed
 *
 * \return < 0 failure
 * \return >= 0 success
 *
 */
-typedef int8_t ws_pae_auth_nw_key_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks);
+typedef int8_t ws_pae_auth_nw_key_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks, bool force_install);

 /**
 * ws_pae_auth_nw_keys_remove remove network keys callback
--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c
@ -126,7 +126,7 @@ static void ws_pae_controller_nvm_frame_counter_write(nvm_tlv_t *tlv_entry);
 static int8_t ws_pae_controller_nvm_frame_counter_read(uint32_t *restart_cnt, uint64_t *stored_time, uint16_t *pan_version, frame_counters_t *counters);
 static pae_controller_t *ws_pae_controller_get_or_create(int8_t interface_id);
 static void ws_pae_controller_gtk_hash_set(protocol_interface_info_entry_t *interface_ptr, uint8_t *gtkhash);
-static int8_t ws_pae_controller_nw_key_check_and_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks);
+static int8_t ws_pae_controller_nw_key_check_and_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks, bool force_install);
 static void ws_pae_controller_active_nw_key_clear(nw_key_t *nw_key);
 static void ws_pae_controller_active_nw_key_set(protocol_interface_info_entry_t *cur, uint8_t index);
 static int8_t ws_pae_controller_gak_from_gtk(uint8_t *gak, uint8_t *gtk, char *network_name);
@ -137,6 +137,7 @@ static void ws_pae_controller_nw_key_index_check_and_set(protocol_interface_info
 static void ws_pae_controller_data_init(pae_controller_t *controller);
 static int8_t ws_pae_controller_frame_counter_read(pae_controller_t *controller);
 static void ws_pae_controller_frame_counter_reset(frame_counters_t *frame_counters);
+static void ws_pae_controller_frame_counter_index_reset(frame_counters_t *frame_counters, uint8_t index);
 static int8_t ws_pae_controller_nw_info_read(pae_controller_t *controller, sec_prot_gtk_keys_t *gtks);
 static int8_t ws_pae_controller_nvm_nw_info_write(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, sec_prot_gtk_keys_t *gtks);
 static int8_t ws_pae_controller_nvm_nw_info_read(protocol_interface_info_entry_t *interface_ptr, uint16_t *pan_id, char *network_name, sec_prot_gtk_keys_t *gtks);
@ -165,7 +166,7 @@ int8_t ws_pae_controller_authenticate(protocol_interface_info_entry_t *interface
    // In case test keys are set uses those and does not initiate authentication
    if (controller->gtks_set) {
        if (sec_prot_keys_gtks_are_updated(&controller->gtks)) {
-            ws_pae_controller_nw_key_check_and_insert(controller->interface_ptr, &controller->gtks);
+            ws_pae_controller_nw_key_check_and_insert(controller->interface_ptr, &controller->gtks, false);
            sec_prot_keys_gtks_updated_reset(&controller->gtks);
            ws_pae_supp_gtks_set(controller->interface_ptr, &controller->gtks);
        }
@ -403,7 +404,7 @@ int8_t ws_pae_controller_nw_key_valid(protocol_interface_info_entry_t *interface
    return ws_pae_supp_nw_key_valid(interface_ptr, br_iid);
 }

-static int8_t ws_pae_controller_nw_key_check_and_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks)
+static int8_t ws_pae_controller_nw_key_check_and_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks, bool force_install)
 {
    pae_controller_t *controller = ws_pae_controller_get(interface_ptr);
    if (!controller) {
@ -429,6 +430,13 @@ static int8_t ws_pae_controller_nw_key_check_and_insert(protocol_interface_info_
            tr_info("NW key remove: %i", i);
        }

+        if (force_install) {
+            // Install always
+            nw_key[i].installed = false;
+            // Frame counters are fresh
+            ws_pae_controller_frame_counter_index_reset(&controller->frame_counters, i);
+        }
+
        // If GTK key is not set, continues to next GTK
        if (!gtk) {
            continue;
@ -798,13 +806,18 @@ static int8_t ws_pae_controller_frame_counter_read(pae_controller_t *controller)
 static void ws_pae_controller_frame_counter_reset(frame_counters_t *frame_counters)
 {
    for (uint8_t index = 0; index < GTK_NUM; index++) {
-        memset(frame_counters->counter[index].gtk, 0, GTK_LEN);
-        frame_counters->counter[index].frame_counter = 0;
-        frame_counters->counter[index].stored_frame_counter = 0;
-        frame_counters->counter[index].set = false;
+        ws_pae_controller_frame_counter_index_reset(frame_counters, index);
    }
 }

+static void ws_pae_controller_frame_counter_index_reset(frame_counters_t *frame_counters, uint8_t index)
+{
+    memset(frame_counters->counter[index].gtk, 0, GTK_LEN);
+    frame_counters->counter[index].frame_counter = 0;
+    frame_counters->counter[index].stored_frame_counter = 0;
+    frame_counters->counter[index].set = false;
+}
+
 static int8_t ws_pae_controller_nw_info_read(pae_controller_t *controller, sec_prot_gtk_keys_t *gtks)
 {
    if (ws_pae_controller_nvm_nw_info_read(controller->interface_ptr, &controller->sec_keys_nw_info.key_pan_id, controller->sec_keys_nw_info.network_name, gtks) < 0) {
--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.c
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.c
@ -355,7 +355,7 @@ int8_t ws_pae_supp_gtk_hash_update(protocol_interface_info_entry_t *interface_pt
    }

    // Modify keys
-    pae_supp->nw_key_insert(pae_supp->interface_ptr, pae_supp->sec_keys_nw_info->gtks);
+    pae_supp->nw_key_insert(pae_supp->interface_ptr, pae_supp->sec_keys_nw_info->gtks, false);

    return 0;
 }
@ -521,7 +521,7 @@ static int8_t ws_pae_supp_nw_keys_valid_check(pae_supp_t *pae_supp, uint16_t pan
            (sec_prot_keys_pmk_get(&pae_supp->entry.sec_keys) != NULL) &&
            (sec_prot_keys_ptk_get(&pae_supp->entry.sec_keys) != NULL)) {
        tr_debug("Existing keys used, counter %i", pae_supp->nw_keys_used_cnt);
-        if (pae_supp->nw_key_insert(pae_supp->interface_ptr, pae_supp->sec_keys_nw_info->gtks) >= 0) {
+        if (pae_supp->nw_key_insert(pae_supp->interface_ptr, pae_supp->sec_keys_nw_info->gtks, false) >= 0) {
            tr_debug("Keys inserted");
        }
        pae_supp->nw_keys_used_cnt++;
@ -1260,7 +1260,7 @@ static void ws_pae_supp_kmp_api_finished_indication(kmp_api_t *kmp, kmp_result_e
    if ((type == IEEE_802_11_4WH || type == IEEE_802_11_GKH) && result == KMP_RESULT_OK) {
        if (sec_keys) {
            sec_prot_keys_t *keys = sec_keys;
-            pae_supp->nw_key_insert(pae_supp->interface_ptr, keys->gtks);
+            pae_supp->nw_key_insert(pae_supp->interface_ptr, keys->gtks, false);
        }

        ws_pae_supp_authenticate_response(pae_supp, AUTH_RESULT_OK);
--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.h
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.h
@ -221,12 +221,13 @@ typedef const uint8_t *ws_pae_supp_auth_next_target(protocol_interface_info_entr
 *
 * \param interface_ptr interface
 * \param gtks group keys
+ * \param force_install TRUE force install keys, FALSE install keys only if GTKs has changed
 *
 * \return < 0 failure
 * \return >= 0 success
 *
 */
-typedef int8_t ws_pae_supp_nw_key_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks);
+typedef int8_t ws_pae_supp_nw_key_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks, bool force_install);

 /**
 * ws_pae_supp_gtk_hash_ptr_get get pointer to GTK hash storage callback
--- a/features/nanostack/sal-stack-nanostack/source/Security/protocols/radius_sec_prot/radius_client_sec_prot.c
+++ b/features/nanostack/sal-stack-nanostack/source/Security/protocols/radius_sec_prot/radius_client_sec_prot.c
@ -79,6 +79,8 @@ typedef enum {
 #define RADIUS_ID_RANGE_SIZE          10
 #define RADIUS_ID_RANGE_NUM           (255 / RADIUS_ID_RANGE_SIZE) - 1

+#define RADIUS_ID_TIMEOUT             60
+
 typedef struct radius_client_sec_prot_lib_int_s radius_client_sec_prot_lib_int_t;

 typedef struct {
@ -120,7 +122,6 @@ typedef struct {
 static uint16_t radius_client_sec_prot_size(void);
 static int8_t radius_client_sec_prot_init(sec_prot_t *prot);
 static int8_t radius_client_sec_prot_shared_data_timeout(uint16_t ticks);
-static void radius_identifier_timer_value_set(uint8_t conn_num, uint8_t id_range, uint8_t value);
 static int8_t radius_client_sec_prot_shared_data_delete(void);
 static void radius_identifier_timer_value_set(uint8_t conn_num, uint8_t id_range, uint8_t value);
 static void radius_client_sec_prot_create_response(sec_prot_t *prot, sec_prot_result_e result);
@ -541,17 +542,17 @@ static uint8_t radius_client_sec_prot_identifier_allocate(sec_prot_t *prot, uint
 {
    radius_client_sec_prot_int_t *data = radius_client_sec_prot_get(prot);

-    if (!data->radius_id_range_set || value >= (data->radius_id_range * RADIUS_ID_RANGE_SIZE) + RADIUS_ID_RANGE_SIZE) {
+    if (!data->radius_id_range_set || value >= (data->radius_id_range * RADIUS_ID_RANGE_SIZE) + RADIUS_ID_RANGE_SIZE - 1) {
        for (uint8_t conn_num = 0; conn_num < RADIUS_CONN_NUMBER; conn_num++) {
            for (uint8_t id_range = 0; id_range < RADIUS_ID_RANGE_NUM; id_range++) {
                if (shared_data->radius_identifier_timer[conn_num][id_range] == 0) {
                    // If range has been already reserved
                    if (data->radius_id_range_set) {
-                        // Set previous range to timeout in 5 seconds
-                        radius_identifier_timer_value_set(data->radius_id_conn_num, data->radius_id_range, 5);
+                        // Set previous range to timeout at 1/5 of identifier timeout
+                        radius_identifier_timer_value_set(data->radius_id_conn_num, data->radius_id_range, RADIUS_ID_TIMEOUT / 5);
                    }
                    // Set timeout for new range to 60 seconds
-                    radius_identifier_timer_value_set(conn_num, id_range, 60);
+                    radius_identifier_timer_value_set(conn_num, id_range, RADIUS_ID_TIMEOUT);
                    data->radius_id_conn_num = conn_num;
                    data->radius_id_range = id_range;
                    data->radius_id_range_set = true;
@ -560,7 +561,7 @@ static uint8_t radius_client_sec_prot_identifier_allocate(sec_prot_t *prot, uint
            }
        }
    } else {
-        radius_identifier_timer_value_set(data->radius_id_conn_num, data->radius_id_range, 60);
+        radius_identifier_timer_value_set(data->radius_id_conn_num, data->radius_id_range, RADIUS_ID_TIMEOUT);
        return value + 1;
    }

@ -572,7 +573,8 @@ static void radius_client_sec_prot_identifier_free(sec_prot_t *prot)
    radius_client_sec_prot_int_t *data = radius_client_sec_prot_get(prot);

    if (data->radius_id_range_set) {
-        radius_identifier_timer_value_set(data->radius_id_conn_num, data->radius_id_range, 5);
+        // Timeout at 1/5 of identifier timeout
+        radius_identifier_timer_value_set(data->radius_id_conn_num, data->radius_id_range, RADIUS_ID_TIMEOUT / 5);
    }
 }

--- a/features/nanostack/sal-stack-nanostack/source/Service_Libs/fhss/fhss_ws.c
+++ b/features/nanostack/sal-stack-nanostack/source/Service_Libs/fhss/fhss_ws.c
@ -305,12 +305,12 @@ static void fhss_broadcast_handler(const fhss_api_t *fhss_api, uint16_t delay)

        /* Start timer with random timeout to trigger broadcast TX queue poll event.
         * Min random is 1/50 of the channel dwell interval.
-         * Max random is 1/10 of the channel dwell interval.
+         * Max random is 3/4 of the channel dwell interval.
         * Event timer resolution is 50us.
         */
        uint32_t bc_dwell_us = MS_TO_US(fhss_structure->ws->fhss_configuration.fhss_bc_dwell_interval);
        uint16_t bc_min_random = (bc_dwell_us / 50) / 50;
-        uint16_t bc_max_random = (bc_dwell_us / 10) / 50;
+        uint16_t bc_max_random = (bc_dwell_us - (bc_dwell_us / 4)) / 50;
        eventOS_callback_timer_start(fhss_structure->fhss_event_timer, randLIB_get_random_in_range(bc_min_random, bc_max_random));
    } else {
        fhss_structure->ws->unicast_start_time_us = fhss_structure->callbacks.read_timestamp(fhss_structure->fhss_api);