Corrected network name and PAN ID change on auth start

PAE supplicant did not detect correctly that network name or PAN ID was changed on authentication start. This causes the supplicant to use old keys and old BR EUI-64 during authentication, which resulted to BR EUI-64 mismatch on 4WH.
2020-06-24 11:25:10 +03:00 · 2020-06-24 11:25:10 +03:00 · f944bb738e
parent c77b2f4beb
commit f944bb738e
5 changed files with 52 additions and 6 deletions
--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.c
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.c
@ -470,8 +470,10 @@ void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr)
    ws_pae_lib_supp_list_purge(&pae_auth->active_supp_list, 0, SUPPLICANT_NUMBER_TO_PURGE);
 }

-int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name)
+int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated)
 {
+    (void) updated;
+
    if (!interface_ptr || !network_name) {
        return -1;
    }
--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.h
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.h
@ -174,12 +174,13 @@ void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr);
 * \param interface_ptr interface
 * \param pan_id PAD ID
 * \param network_name network name
+ * \param updated data has been updated
 *
 * \return < 0 failure
 * \return >= 0 success
 *
 */
-int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name);
+int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated);

 /**
 * ws_pae_auth_gtk_hash_set GTK hash set callback
--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c
@ -52,7 +52,7 @@ typedef int8_t ws_pae_br_addr_read(protocol_interface_info_entry_t *interface_pt
 typedef void ws_pae_gtks_updated(protocol_interface_info_entry_t *interface_ptr);
 typedef int8_t ws_pae_gtk_hash_update(protocol_interface_info_entry_t *interface_ptr, uint8_t *gtkhash);
 typedef int8_t ws_pae_nw_key_index_update(protocol_interface_info_entry_t *interface_ptr, uint8_t index);
-typedef int8_t ws_pae_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name);
+typedef int8_t ws_pae_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated);

 typedef struct {
    uint8_t gtk[GTK_LEN];                                            /**< GTK key */
@ -290,20 +290,24 @@ int8_t ws_pae_controller_nw_info_set(protocol_interface_info_entry_t *interface_
        return -1;
    }

+    bool updated = false;
+
    // Network name has been modified
-    if (network_name && strncmp(controller->sec_keys_nw_info.network_name, network_name, 33) != 0) {
+    if (network_name && strcmp(controller->sec_keys_nw_info.network_name, network_name) != 0) {
        strncpy(controller->sec_keys_nw_info.network_name, network_name, 32);
        controller->sec_keys_nw_info.updated = true;
+        updated = true;
    }

    // PAN ID has been modified
    if (pan_id != 0xffff && pan_id != controller->sec_keys_nw_info.new_pan_id) {
        controller->sec_keys_nw_info.new_pan_id = pan_id;
        controller->sec_keys_nw_info.updated = true;
+        updated = true;
    }

    if (controller->pae_nw_info_set) {
-        controller->pae_nw_info_set(interface_ptr, pan_id, network_name);
+        controller->pae_nw_info_set(interface_ptr, pan_id, network_name, updated);
    }

    return 0;
@ -803,7 +807,7 @@ int8_t ws_pae_controller_supp_init(protocol_interface_info_entry_t *interface_pt
    controller->pae_br_addr_read = ws_pae_supp_border_router_addr_read;
    controller->pae_gtk_hash_update = ws_pae_supp_gtk_hash_update;
    controller->pae_nw_key_index_update = ws_pae_supp_nw_key_index_update;
-    controller->pae_nw_info_set = NULL;
+    controller->pae_nw_info_set = ws_pae_supp_nw_info_set;

    ws_pae_supp_cb_register(controller->interface_ptr, controller->auth_completed, controller->auth_next_target, ws_pae_controller_nw_key_check_and_insert, ws_pae_controller_active_nw_key_set, ws_pae_controller_gtk_hash_ptr_get, ws_pae_controller_nw_info_updated_check);

--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.c
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.c
@ -523,6 +523,31 @@ static int8_t ws_pae_supp_nw_keys_valid_check(pae_supp_t *pae_supp, uint16_t pan
    }
 }

+int8_t ws_pae_supp_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated)
+{
+    (void) pan_id;
+    (void) network_name;
+
+    pae_supp_t *pae_supp = ws_pae_supp_get(interface_ptr);
+    if (!pae_supp) {
+        return -1;
+    }
+
+    if (updated) {
+        tr_info("Delete old keys, new PAN ID: %i network name: %s", pan_id, network_name);
+        // Delete pair wise keys
+        sec_prot_keys_pmk_delete(&pae_supp->entry.sec_keys);
+        sec_prot_keys_ptk_delete(&pae_supp->entry.sec_keys);
+        sec_prot_keys_ptk_eui_64_delete(&pae_supp->entry.sec_keys);
+        // Delete GTKs
+        sec_prot_keys_gtks_init(pae_supp->sec_keys_nw_info->gtks);
+        sec_prot_keys_gtks_updated_set(pae_supp->sec_keys_nw_info->gtks);
+        ws_pae_supp_nvm_update(pae_supp);
+    }
+
+    return 0;
+}
+
 void ws_pae_supp_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_supp_auth_completed *completed, ws_pae_supp_auth_next_target *auth_next_target, ws_pae_supp_nw_key_insert *nw_key_insert, ws_pae_supp_nw_key_index_set *nw_key_index_set, ws_pae_supp_gtk_hash_ptr_get *gtk_hash_ptr_get, ws_pae_supp_nw_info_updated *nw_info_updated)
 {
    pae_supp_t *pae_supp = ws_pae_supp_get(interface_ptr);
--- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.h
+++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.h
@ -173,6 +173,20 @@ int8_t ws_pae_supp_gtks_set(protocol_interface_info_entry_t *interface_ptr, sec_
 */
 int8_t ws_pae_supp_eapol_target_remove(protocol_interface_info_entry_t *interface_ptr);

+/**
+ * ws_pae_auth_nw_info_set set network information
+ *
+ * \param interface_ptr interface
+ * \param pan_id PAD ID
+ * \param network_name network name
+ * \param updated data has been updated
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_pae_supp_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated);
+
 /**
 * ws_pae_supp_nw_key_index_set network send key index set callback
 *