From f944bb738ef6fcdd2e157c055211b0747c2a5adc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=20Lepp=C3=A4nen?= Date: Wed, 24 Jun 2020 11:25:10 +0300 Subject: [PATCH] Corrected network name and PAN ID change on auth start PAE supplicant did not detect correctly that network name or PAN ID was changed on authentication start. This causes the supplicant to use old keys and old BR EUI-64 during authentication, which resulted to BR EUI-64 mismatch on 4WH. --- .../source/6LoWPAN/ws/ws_pae_auth.c | 4 ++- .../source/6LoWPAN/ws/ws_pae_auth.h | 3 ++- .../source/6LoWPAN/ws/ws_pae_controller.c | 12 ++++++--- .../source/6LoWPAN/ws/ws_pae_supp.c | 25 +++++++++++++++++++ .../source/6LoWPAN/ws/ws_pae_supp.h | 14 +++++++++++ 5 files changed, 52 insertions(+), 6 deletions(-) diff --git a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.c b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.c index 077c3ae580..8db7f28fe4 100644 --- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.c +++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.c @@ -470,8 +470,10 @@ void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr) ws_pae_lib_supp_list_purge(&pae_auth->active_supp_list, 0, SUPPLICANT_NUMBER_TO_PURGE); } -int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name) +int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated) { + (void) updated; + if (!interface_ptr || !network_name) { return -1; } diff --git a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.h b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.h index db84db0656..6b2719df91 100644 --- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.h +++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.h @@ -174,12 +174,13 @@ void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr); * \param interface_ptr interface * \param pan_id PAD ID * \param network_name network name + * \param updated data has been updated * * \return < 0 failure * \return >= 0 success * */ -int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name); +int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated); /** * ws_pae_auth_gtk_hash_set GTK hash set callback diff --git a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c index 05eb06983b..f033d15792 100644 --- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c +++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_controller.c @@ -52,7 +52,7 @@ typedef int8_t ws_pae_br_addr_read(protocol_interface_info_entry_t *interface_pt typedef void ws_pae_gtks_updated(protocol_interface_info_entry_t *interface_ptr); typedef int8_t ws_pae_gtk_hash_update(protocol_interface_info_entry_t *interface_ptr, uint8_t *gtkhash); typedef int8_t ws_pae_nw_key_index_update(protocol_interface_info_entry_t *interface_ptr, uint8_t index); -typedef int8_t ws_pae_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name); +typedef int8_t ws_pae_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated); typedef struct { uint8_t gtk[GTK_LEN]; /**< GTK key */ @@ -290,20 +290,24 @@ int8_t ws_pae_controller_nw_info_set(protocol_interface_info_entry_t *interface_ return -1; } + bool updated = false; + // Network name has been modified - if (network_name && strncmp(controller->sec_keys_nw_info.network_name, network_name, 33) != 0) { + if (network_name && strcmp(controller->sec_keys_nw_info.network_name, network_name) != 0) { strncpy(controller->sec_keys_nw_info.network_name, network_name, 32); controller->sec_keys_nw_info.updated = true; + updated = true; } // PAN ID has been modified if (pan_id != 0xffff && pan_id != controller->sec_keys_nw_info.new_pan_id) { controller->sec_keys_nw_info.new_pan_id = pan_id; controller->sec_keys_nw_info.updated = true; + updated = true; } if (controller->pae_nw_info_set) { - controller->pae_nw_info_set(interface_ptr, pan_id, network_name); + controller->pae_nw_info_set(interface_ptr, pan_id, network_name, updated); } return 0; @@ -803,7 +807,7 @@ int8_t ws_pae_controller_supp_init(protocol_interface_info_entry_t *interface_pt controller->pae_br_addr_read = ws_pae_supp_border_router_addr_read; controller->pae_gtk_hash_update = ws_pae_supp_gtk_hash_update; controller->pae_nw_key_index_update = ws_pae_supp_nw_key_index_update; - controller->pae_nw_info_set = NULL; + controller->pae_nw_info_set = ws_pae_supp_nw_info_set; ws_pae_supp_cb_register(controller->interface_ptr, controller->auth_completed, controller->auth_next_target, ws_pae_controller_nw_key_check_and_insert, ws_pae_controller_active_nw_key_set, ws_pae_controller_gtk_hash_ptr_get, ws_pae_controller_nw_info_updated_check); diff --git a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.c b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.c index 7954010d50..7fecb74736 100644 --- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.c +++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.c @@ -523,6 +523,31 @@ static int8_t ws_pae_supp_nw_keys_valid_check(pae_supp_t *pae_supp, uint16_t pan } } +int8_t ws_pae_supp_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated) +{ + (void) pan_id; + (void) network_name; + + pae_supp_t *pae_supp = ws_pae_supp_get(interface_ptr); + if (!pae_supp) { + return -1; + } + + if (updated) { + tr_info("Delete old keys, new PAN ID: %i network name: %s", pan_id, network_name); + // Delete pair wise keys + sec_prot_keys_pmk_delete(&pae_supp->entry.sec_keys); + sec_prot_keys_ptk_delete(&pae_supp->entry.sec_keys); + sec_prot_keys_ptk_eui_64_delete(&pae_supp->entry.sec_keys); + // Delete GTKs + sec_prot_keys_gtks_init(pae_supp->sec_keys_nw_info->gtks); + sec_prot_keys_gtks_updated_set(pae_supp->sec_keys_nw_info->gtks); + ws_pae_supp_nvm_update(pae_supp); + } + + return 0; +} + void ws_pae_supp_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_supp_auth_completed *completed, ws_pae_supp_auth_next_target *auth_next_target, ws_pae_supp_nw_key_insert *nw_key_insert, ws_pae_supp_nw_key_index_set *nw_key_index_set, ws_pae_supp_gtk_hash_ptr_get *gtk_hash_ptr_get, ws_pae_supp_nw_info_updated *nw_info_updated) { pae_supp_t *pae_supp = ws_pae_supp_get(interface_ptr); diff --git a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.h b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.h index 7bd2017061..33174954a7 100644 --- a/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.h +++ b/features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_supp.h @@ -173,6 +173,20 @@ int8_t ws_pae_supp_gtks_set(protocol_interface_info_entry_t *interface_ptr, sec_ */ int8_t ws_pae_supp_eapol_target_remove(protocol_interface_info_entry_t *interface_ptr); +/** + * ws_pae_auth_nw_info_set set network information + * + * \param interface_ptr interface + * \param pan_id PAD ID + * \param network_name network name + * \param updated data has been updated + * + * \return < 0 failure + * \return >= 0 success + * + */ +int8_t ws_pae_supp_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated); + /** * ws_pae_supp_nw_key_index_set network send key index set callback *