Added support for fourth network key to MAC helper and WS bootstrap

Mika Leppänen · Mika Leppänen · commit 0aef534e1b45 · 2019-05-06T14:18:03.000+03:00
Added also clearing of MAC send frame counter when new key is activated.
diff --git a/source/6LoWPAN/MAC/mac_helper.c b/source/6LoWPAN/MAC/mac_helper.c
@@ -394,6 +394,32 @@ int8_t mac_helper_security_prev_key_set(protocol_interface_info_entry_t *interfa
 
 }
 
+int8_t mac_helper_security_key_to_descriptor_set(protocol_interface_info_entry_t *interface, const uint8_t *key, uint8_t id, uint8_t descriptor)
+{
+    if (id == 0) {
+        return -1;
+    }
+
+    mac_helper_keytable_descriptor_set(interface->mac_api, key, id, descriptor);
+    return 0;
+}
+
+int8_t mac_helper_security_key_descriptor_clear(protocol_interface_info_entry_t *interface, uint8_t descriptor)
+{
+    if (interface->mac_api) {
+        mlme_set_t set_req;
+        mlme_key_descriptor_entry_t key_description;
+        memset(&key_description, 0, sizeof(mlme_key_descriptor_entry_t));
+
+        set_req.attr = macKeyTable;
+        set_req.value_pointer = &key_description;
+        set_req.value_size = sizeof(mlme_key_descriptor_entry_t);
+        set_req.attr_index = descriptor;
+        interface->mac_api->mlme_req(interface->mac_api, MLME_SET, &set_req);
+        return 0;
+    }
+    return -1;
+}
 
 void mac_helper_security_key_swap_next_to_default(protocol_interface_info_entry_t *interface)
 {
diff --git a/source/6LoWPAN/MAC/mac_helper.h b/source/6LoWPAN/MAC/mac_helper.h
@@ -75,6 +75,10 @@ int8_t mac_helper_security_next_key_set(struct protocol_interface_info_entry *in
 
 int8_t mac_helper_security_prev_key_set(struct protocol_interface_info_entry *interface, uint8_t *key, uint8_t id, uint8_t keyid_mode);
 
+int8_t mac_helper_security_key_to_descriptor_set(struct protocol_interface_info_entry *interface, const uint8_t *key, uint8_t id, uint8_t descriptor);
+
+int8_t mac_helper_security_key_descriptor_clear(struct protocol_interface_info_entry *interface, uint8_t descriptor);
+
 void mac_helper_security_key_swap_next_to_default(struct protocol_interface_info_entry *interface);
 
 int8_t mac_helper_security_pairwisekey_set(struct protocol_interface_info_entry *interface, const uint8_t *key, const uint8_t *mac_64, uint8_t key_attribute);
diff --git a/source/6LoWPAN/ws/ws_bootstrap.c b/source/6LoWPAN/ws/ws_bootstrap.c
@@ -85,8 +85,11 @@ static uint16_t ws_bootstrap_routing_cost_calculate(protocol_interface_info_entr
 static uint16_t ws_bootstrap_rank_get(protocol_interface_info_entry_t *cur);
 static uint16_t ws_bootstrap_min_rank_inc_get(protocol_interface_info_entry_t *cur);
 
-static void ws_bootstrap_nw_key_insert(protocol_interface_info_entry_t *cur, uint8_t operation, uint8_t index, uint8_t *key);
+static void ws_bootstrap_mac_security_enable(protocol_interface_info_entry_t *cur);
+static void ws_bootstrap_nw_key_set(protocol_interface_info_entry_t *cur, uint8_t operation, uint8_t index, uint8_t *key);
+static void ws_bootstrap_nw_key_clear(protocol_interface_info_entry_t *cur, uint8_t slot);
 static void ws_bootstrap_nw_key_index_set(protocol_interface_info_entry_t *cur, uint8_t index);
+static void ws_bootstrap_nw_frame_counter_set(protocol_interface_info_entry_t *cur, uint32_t counter);
 static void ws_bootstrap_authentication_completed(protocol_interface_info_entry_t *cur, bool success);
 static void ws_bootstrap_pan_version_increment(protocol_interface_info_entry_t *cur);
 static ws_nud_table_entry_t *ws_nud_entry_discover(protocol_interface_info_entry_t *cur, void *neighbor);
@@ -1547,7 +1550,7 @@ int ws_bootstrap_init(int8_t interface_id, net_6lowpan_mode_e bootstrap_mode)
         ret_val =  -4;
         goto init_fail;
     }
-    if (ws_pae_controller_cb_register(cur, &ws_bootstrap_authentication_completed, &ws_bootstrap_nw_key_insert, &ws_bootstrap_nw_key_index_set, &ws_bootstrap_pan_version_increment) < 0) {
+    if (ws_pae_controller_cb_register(cur, &ws_bootstrap_authentication_completed, &ws_bootstrap_nw_key_set, &ws_bootstrap_nw_key_clear, &ws_bootstrap_nw_key_index_set, &ws_bootstrap_nw_frame_counter_set, &ws_bootstrap_pan_version_increment) < 0) {
         ret_val =  -4;
         goto init_fail;
     }
@@ -1692,6 +1695,7 @@ static void ws_bootstrap_fhss_activate(protocol_interface_info_entry_t *cur)
     tr_debug("MAC init");
     mac_helper_pib_boolean_set(cur, macRxOnWhenIdle, true);
     cur->lowpan_info &=  ~INTERFACE_NWK_CONF_MAC_RX_OFF_IDLE;
+    ws_bootstrap_mac_security_enable(cur);
     ws_bootstrap_mac_activate(cur, cur->ws_info->fhss_uc_fixed_channel, cur->ws_info->network_pan_id, true);
     return;
 }
@@ -1987,33 +1991,34 @@ static void ws_bootstrap_start_authentication(protocol_interface_info_entry_t *c
     ws_pae_controller_authenticate(cur);
 }
 
-static void ws_bootstrap_nw_key_insert(protocol_interface_info_entry_t *cur, uint8_t operation, uint8_t index, uint8_t *key)
+static void ws_bootstrap_mac_security_enable(protocol_interface_info_entry_t *cur)
 {
-    switch (operation) {
-        case 0:
-            mac_helper_security_key_clean(cur);
-            mac_helper_default_security_level_set(cur, AES_SECURITY_LEVEL_ENC_MIC64);
-            mac_helper_default_security_key_id_mode_set(cur, MAC_KEY_ID_MODE_IDX);
-            break;
-        case 1:
-            mac_helper_security_default_recv_key_set(cur, key, index + 1, MAC_KEY_ID_MODE_IDX);
-            break;
-        case 2:
-            mac_helper_security_prev_key_set(cur, key, index + 1, MAC_KEY_ID_MODE_IDX);
-            break;
-        case 3:
-            mac_helper_security_next_key_set(cur, key, index + 1, MAC_KEY_ID_MODE_IDX);
-            break;
-        default:
-            break;
-    }
+    mac_helper_default_security_level_set(cur, AES_SECURITY_LEVEL_ENC_MIC64);
+    mac_helper_default_security_key_id_mode_set(cur, MAC_KEY_ID_MODE_IDX);
+}
+
+static void ws_bootstrap_nw_key_set(protocol_interface_info_entry_t *cur, uint8_t slot, uint8_t index, uint8_t *key)
+{
+    mac_helper_security_key_to_descriptor_set(cur, key, index + 1, slot);
+}
+
+static void ws_bootstrap_nw_key_clear(protocol_interface_info_entry_t *cur, uint8_t slot)
+{
+    mac_helper_security_key_descriptor_clear(cur, slot);
 }
 
 static void ws_bootstrap_nw_key_index_set(protocol_interface_info_entry_t *cur, uint8_t index)
 {
+    // Set send key
     mac_helper_security_auto_request_key_index_set(cur, index + 1);
 }
 
+static void ws_bootstrap_nw_frame_counter_set(protocol_interface_info_entry_t *cur, uint32_t counter)
+{
+    // Set frame counter
+    mac_helper_link_frame_counter_set(cur->id, counter);
+}
+
 static void ws_bootstrap_authentication_completed(protocol_interface_info_entry_t *cur, bool success)
 {
     if (success) {
diff --git a/source/6LoWPAN/ws/ws_pae_auth.c b/source/6LoWPAN/ws/ws_pae_auth.c
@@ -272,6 +272,8 @@ void ws_pae_auth_start(protocol_interface_info_entry_t *interface_ptr)
         ws_pae_auth_gtk_key_insert(pae_auth);
         index = sec_prot_keys_gtk_install_order_first_index_get(pae_auth->gtks);
         ws_pae_auth_active_gtk_set(pae_auth, index);
+    } else {
+        ws_pae_auth_active_gtk_set(pae_auth, index);
     }
 
     // Inserts keys and updates GTK hash on stack
@@ -631,7 +633,7 @@ static void ws_pae_auth_gtk_key_insert(pae_auth_t *pae_auth)
     // Authenticator keys are always fresh
     sec_prot_keys_gtk_status_all_fresh_set(pae_auth->gtks);
 
-    tr_info("GTK install new index: %i, lifetime: %"PRIu32"", install_index, lifetime);
+    tr_info("GTK install new index: %i, lifetime: %"PRIu32" system time: %"PRIu32"", install_index, lifetime, protocol_core_monotonic_time / 10);
 }
 
 static int8_t ws_pae_auth_new_gtk_activate(pae_auth_t *pae_auth)
diff --git a/source/6LoWPAN/ws/ws_pae_controller.c b/source/6LoWPAN/ws/ws_pae_controller.c
diff --git a/source/6LoWPAN/ws/ws_pae_controller.h b/source/6LoWPAN/ws/ws_pae_controller.h

Original file line number	Diff line number	Diff line change
`@@ -272,6 +272,8 @@ void ws_pae_auth_start(protocol_interface_info_entry_t *interface_ptr)`
`272`	`272`	`ws_pae_auth_gtk_key_insert(pae_auth);`
`273`	`273`	`index = sec_prot_keys_gtk_install_order_first_index_get(pae_auth->gtks);`
`274`	`274`	`ws_pae_auth_active_gtk_set(pae_auth, index);`
	`275`	`+ } else {`
	`276`	`+ ws_pae_auth_active_gtk_set(pae_auth, index);`
`275`	`277`	`}`
`276`	`278`
`277`	`279`	`// Inserts keys and updates GTK hash on stack`
`@@ -631,7 +633,7 @@ static void ws_pae_auth_gtk_key_insert(pae_auth_t *pae_auth)`
`631`	`633`	`// Authenticator keys are always fresh`
`632`	`634`	`sec_prot_keys_gtk_status_all_fresh_set(pae_auth->gtks);`
`633`	`635`
`634`		`- tr_info("GTK install new index: %i, lifetime: %"PRIu32"", install_index, lifetime);`
	`636`	`+ tr_info("GTK install new index: %i, lifetime: %"PRIu32" system time: %"PRIu32"", install_index, lifetime, protocol_core_monotonic_time / 10);`
`635`	`637`	`}`
`636`	`638`
`637`	`639`	`static int8_t ws_pae_auth_new_gtk_activate(pae_auth_t *pae_auth)`