Added limits to number of EAP-TLS and TLS sessions

Added limits to PAE authenticator for simultaneous ongoing EAP-TLS
and TLS sessions. For EAP-TLS the limit is three simultaneous
sessions. For TLS, the limit is one session after the Client
Hello has been received (i.e. limits EAP-TLS Client Certificate
handling).

Added random from 3 to 30 seconds to supplicant initial EAPOL-Key
sending, to spread out the requests that arrive to authenticator
from multiple supplicants.

Also added functions to EAPOL TLS library for mbed TLS platform memory
using nsdynmemlibrary. Functions are currently disabled.

Author: Mika Leppänen

source/6LoWPAN/ws/ws_pae_auth.c

@@ -56,6 +56,9 @@
 // Wait for for supplicant to indicate activity (e.g. to send a message)
 #define WAIT_FOR_AUTHENTICATION_TICKS          5 * 60 * 10  // 5 minutes
 
+// Maximum number of simultaneous EAP-TLS negotiations
+#define MAX_SIMULTANEOUS_EAP_TLS_NEGOTIATIONS  3
+
 typedef struct {
     ns_list_link_t link;                                     /**< Link */
     kmp_service_t *kmp_service;                              /**< KMP service */
@@ -849,6 +852,17 @@ static void ws_pae_auth_kmp_api_finished_indication(kmp_api_t *kmp, kmp_result_e
         return;
     }
 
+    if (next_type == IEEE_802_1X_MKA) {
+        /* For EAP-TLS, limits the number of ongoing negotiations. If limit
+           is reached, supplicant must re-send initial EAPOL-Key to try again
+           using its trickle schedule */
+        uint16_t ongoing_eap_tls_cnt = ws_pae_lib_supp_list_kmp_count(&pae_auth->active_supp_list, IEEE_802_1X_MKA);
+        if (ongoing_eap_tls_cnt >= MAX_SIMULTANEOUS_EAP_TLS_NEGOTIATIONS) {
+            tr_info("EAP-TLS max ongoing reached, count %i, ignored: eui-64: %s", ongoing_eap_tls_cnt, trace_array(kmp_address_eui_64_get(supp_entry->addr), 8));
+            return;
+        }
+    }
+
     // Create new instance
     kmp_api_t *new_kmp = ws_pae_auth_kmp_create_and_start(pae_auth->kmp_service, next_type, supp_entry);
     if (!new_kmp) {

source/6LoWPAN/ws/ws_pae_lib.c

@@ -307,4 +307,19 @@ void ws_pae_lib_supp_list_to_inactive(supp_list_t *active_supp_list, supp_list_t
     entry->addr = addr;
 }
 
+uint16_t ws_pae_lib_supp_list_kmp_count(supp_list_t *supp_list, kmp_type_e type)
+{
+    uint16_t kmp_count = 0;
+
+    ns_list_foreach(supp_entry_t, entry, supp_list) {
+        ns_list_foreach(kmp_entry_t, kmp_entry, &entry->kmp_list) {
+            if (kmp_api_type_get(kmp_entry->kmp) == type) {
+                kmp_count++;
+            }
+        }
+    }
+
+    return kmp_count;
+}
+
 #endif /* HAVE_WS */

source/6LoWPAN/ws/ws_pae_lib.h

@@ -279,4 +279,15 @@ void ws_pae_lib_supp_list_to_active(supp_list_t *active_supp_list, supp_list_t *
  */
 void ws_pae_lib_supp_list_to_inactive(supp_list_t *active_supp_list, supp_list_t *inactive_supp_list, supp_entry_t *entry);
 
+/**
+ *  ws_pae_lib_supp_list_kmp_count counts the number of KMPs of a certain type in a list of supplicants
+ *
+ * \param supp_list list of supplicants
+ * \param type KMP type
+ *
+ * \return number of KMPs in the supplicant list
+ *
+ */
+uint16_t ws_pae_lib_supp_list_kmp_count(supp_list_t *supp_list, kmp_type_e type);
+
 #endif /* WS_PAE_AUTH_H_ */

source/6LoWPAN/ws/ws_pae_supp.c

@@ -67,7 +67,11 @@
 #define WAIT_FOR_REAUTHENTICATION_TICKS        120 * 10     // 120 seconds
 
 // How many times in maximum stored keys are used for authentication
-#define STORED_KEYS_MAXIMUM_USE_COUNT           2
+#define STORED_KEYS_MAXIMUM_USE_COUNT          2
+
+// Delay for sending the initial EAPOL-Key
+#define INITIAL_KEY_TIMER_MIN                  3
+#define INITIAL_KEY_TIMER_MAX                  30
 
 const char *NW_INFO_FILE = "pae_nw_info";
 const char *KEYS_FILE = "pae_keys";
@@ -88,6 +92,7 @@ typedef struct {
     ws_pae_supp_nw_key_index_set *nw_key_index_set;        /**< Key index set callback */
     supp_entry_t entry;                                    /**< Supplicant data */
     kmp_addr_t target_addr;                                /**< EAPOL target (parent) address */
+    uint16_t initial_key_timer;                            /**< Timer to trigger initial EAPOL-Key */
     trickle_t auth_trickle_timer;                          /**< Trickle timer for re-sending initial EAPOL-key or for GTK mismatch */
     trickle_params_t auth_trickle_params;                  /**< Trickle parameters for initial EAPOL-key or for GTK mismatch */
     sec_prot_gtk_keys_t gtks;                              /**< GTKs */
@@ -102,12 +107,11 @@ typedef struct {
 } pae_supp_t;
 
 
-#define TRICKLE_IMIN_120_SECS   120
+#define TRICKLE_IMIN_180_SECS   180
 
-// Imin from 1-255 minutes and Imax 1-8 doublings
 static trickle_params_t initial_eapol_key_trickle_params = {
-    .Imin = TRICKLE_IMIN_120_SECS,          /* 120 second; ticks are 100ms */
-    .Imax = TRICKLE_IMIN_120_SECS << 1,     /* 240 second */
+    .Imin = TRICKLE_IMIN_180_SECS,          /* 180 second; ticks are 1 second */
+    .Imax = TRICKLE_IMIN_180_SECS << 1,     /* 360 second */
                                   .k = 0,   /* infinity - no consistency checking */
                                   .TimerExpirations = 3
 };
@@ -180,20 +184,13 @@ int8_t ws_pae_supp_authenticate(protocol_interface_info_entry_t *interface_ptr,
 
     pae_supp->auth_requested = true;
 
-    // Sends initial EAPOL-Key message
-    if (ws_pae_supp_initial_key_send(pae_supp) < 0) {
-        pae_supp->auth_completed(interface_ptr, false);
-    }
-
-    // Starts trickle
-    pae_supp->auth_trickle_params = initial_eapol_key_trickle_params;
-    trickle_start(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
-    pae_supp->auth_trickle_running = true;
+    // Randomizes the sending of initial EAPOL-Key messsage
+    pae_supp->initial_key_timer = randLIB_get_random_in_range(INITIAL_KEY_TIMER_MIN, INITIAL_KEY_TIMER_MAX);
 
     // Starts supplicant timer
     ws_pae_supp_timer_start(pae_supp);
 
-    tr_debug("PAE active");
+    tr_debug("PAE active, timer %i", pae_supp->initial_key_timer);
 
     return 1;
 }
@@ -523,6 +520,7 @@ int8_t ws_pae_supp_init(protocol_interface_info_entry_t *interface_ptr, const se
     pae_supp->auth_completed = NULL;
     pae_supp->nw_key_insert = NULL;
     pae_supp->nw_key_index_set = NULL;
+    pae_supp->initial_key_timer = 0;
     pae_supp->auth_trickle_running = false;
     pae_supp->nw_keys_used_cnt = 0;
     pae_supp->timer_settings = timer_settings;
@@ -715,7 +713,7 @@ void ws_pae_supp_fast_timer(uint16_t ticks)
         bool running = ws_pae_lib_supp_timer_update(&pae_supp->entry, ticks, kmp_service_timer_if_timeout);
 
         // Checks whether timer needs to be active
-        if (!pae_supp->auth_trickle_running && !running) {
+        if (!pae_supp->initial_key_timer && !pae_supp->auth_trickle_running && !running) {
 
             tr_debug("PAE idle");
             // Sets target/parent address to null
@@ -751,6 +749,23 @@ void ws_pae_supp_slow_timer(uint16_t seconds)
             }
             sec_prot_keys_gtk_lifetime_decrement(&pae_supp->gtks, i, seconds);
         }
+
+        if (pae_supp->initial_key_timer > 0) {
+            if (pae_supp->initial_key_timer > seconds) {
+                pae_supp->initial_key_timer -= seconds;
+            } else {
+                pae_supp->initial_key_timer = 0;
+
+                // Sends initial EAPOL-Key message
+                ws_pae_supp_initial_key_send(pae_supp);
+
+                // Starts trickle
+                pae_supp->auth_trickle_params = initial_eapol_key_trickle_params;
+                trickle_start(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
+                pae_supp->auth_trickle_running = true;
+            }
+
+        }
     }
 }
 

source/Security/protocols/eap_tls_sec_prot/auth_eap_tls_sec_prot.c

@@ -517,7 +517,6 @@ static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
             prot->finished_ind(prot, sec_prot_result_get(&data->common), prot->sec_keys);
 
             sec_prot_state_set(prot, &data->common, EAP_TLS_STATE_FINISHED);
-            data->common.ticks = 10 * 10;
             break;
 
         case EAP_TLS_STATE_FINISHED:

source/Security/protocols/tls_sec_prot/tls_sec_prot.c

@@ -63,13 +63,20 @@ typedef struct {
     tls_data_t                    tls_recv;          /**< TLS receive buffer */
     uint32_t                      int_timer;         /**< TLS intermediate timer timeout */
     uint32_t                      fin_timer;         /**< TLS final timer timeout */
+    bool                          fin_timer_timeout; /**< TLS final timer has timeouted */
     bool                          timer_running : 1; /**< TLS timer running */
     bool                          finished : 1;      /**< TLS finished */
     bool                          calculating : 1;   /**< TLS is calculating */
+    bool                          queued : 1;        /**< TLS is queued */
     bool                          library_init : 1;  /**< TLS library has been initialized */
     tls_sec_prot_lib_int_t        *tls_sec_inst;     /**< TLS security library storage, SHALL BE THE LAST FIELD */
 } tls_sec_prot_int_t;
 
+typedef struct {
+    ns_list_link_t link;                             /**< Link */
+    sec_prot_t *prot;                                /**< Protocol instance */
+} tls_sec_prot_queue_t;
+
 static uint16_t tls_sec_prot_size(void);
 static int8_t client_tls_sec_prot_init(sec_prot_t *prot);
 static int8_t server_tls_sec_prot_init(sec_prot_t *prot);
@@ -93,8 +100,14 @@ static int8_t tls_sec_prot_tls_get_timer(void *handle);
 
 static int8_t tls_sec_prot_tls_configure_and_connect(sec_prot_t *prot, bool is_server);
 
+static bool tls_sec_prot_queue_check(sec_prot_t *prot);
+static bool tls_sec_prot_queue_process(sec_prot_t *prot);
+static void tls_sec_prot_queue_remove(sec_prot_t *prot);
+
 #define tls_sec_prot_get(prot) (tls_sec_prot_int_t *) &prot->data
 
+static NS_LIST_DEFINE(tls_sec_prot_queue, tls_sec_prot_queue_t, link);
+
 int8_t client_tls_sec_prot_register(kmp_service_t *service)
 {
     if (!service) {
@@ -148,8 +161,10 @@ static int8_t client_tls_sec_prot_init(sec_prot_t *prot)
     eap_tls_sec_prot_lib_message_init(&data->tls_send);
     data->int_timer = 0;
     data->fin_timer = 0;
+    data->fin_timer_timeout = false;
     data->timer_running = false;
     data->calculating = false;
+    data->queued = false;
     data->library_init = false;
     return 0;
 }
@@ -176,8 +191,10 @@ static int8_t server_tls_sec_prot_init(sec_prot_t *prot)
     eap_tls_sec_prot_lib_message_init(&data->tls_send);
     data->int_timer = 0;
     data->fin_timer = 0;
+    data->fin_timer_timeout = false;
     data->timer_running = false;
     data->calculating = false;
+    data->queued = false;
     data->library_init = false;
     return 0;
 }
@@ -190,6 +207,7 @@ static void tls_sec_prot_delete(sec_prot_t *prot)
     if (data->library_init) {
         tls_sec_prot_lib_free((tls_security_t *) &data->tls_sec_inst);
     }
+    tls_sec_prot_queue_remove(prot);
 }
 
 static void tls_sec_prot_create_request(sec_prot_t *prot, sec_prot_keys_t *sec_keys)
@@ -245,13 +263,22 @@ static void tls_sec_prot_timer_timeout(sec_prot_t *prot, uint16_t ticks)
         if (data->fin_timer > ticks) {
             data->fin_timer -= ticks;
         } else {
-            data->fin_timer = 0;
-            prot->state_machine_call(prot);
+            if (data->fin_timer > 0) {
+                data->fin_timer_timeout = true;
+                data->fin_timer = 0;
+            }
         }
     }
 
-    if (data->calculating) {
-        prot->state_machine(prot);
+    /* Checks if TLS sessions queue is enabled, and if queue is enabled whether the
+       session is first in the queue i.e. allowed to process */
+    if (tls_sec_prot_queue_process(prot)) {
+        if (data->fin_timer_timeout) {
+            data->fin_timer_timeout = false;
+            prot->state_machine(prot);
+        } else if (data->calculating || data->queued) {
+            prot->state_machine(prot);
+        }
     }
 
     sec_prot_timer_timeout_handle(prot, &data->common, NULL, ticks);
@@ -350,6 +377,7 @@ static void server_tls_sec_prot_state_machine(sec_prot_t *prot)
 {
     tls_sec_prot_int_t *data = tls_sec_prot_get(prot);
     int8_t result;
+    bool client_hello = false;
 
     switch (sec_prot_state_get(&data->common)) {
         case TLS_STATE_INIT:
@@ -362,6 +390,7 @@ static void server_tls_sec_prot_state_machine(sec_prot_t *prot)
             tr_debug("TLS: start, eui-64: %s", trace_array(sec_prot_remote_eui_64_addr_get(prot), 8));
 
             prot->timer_start(prot);
+            client_hello = true;
 
             sec_prot_state_set(prot, &data->common, TLS_STATE_CREATE_RESP);
 
@@ -391,6 +420,14 @@ static void server_tls_sec_prot_state_machine(sec_prot_t *prot)
             break;
 
         case TLS_STATE_PROCESS:
+            // If not client hello, reserves slot on TLS queue
+            if (!client_hello && !tls_sec_prot_queue_check(prot)) {
+                data->queued = true;
+                return;
+            } else {
+                data->queued = false;
+            }
+
             result = tls_sec_prot_lib_process((tls_security_t *) &data->tls_sec_inst);
 
             if (result == TLS_SEC_PROT_LIB_CALCULATING) {
@@ -428,6 +465,7 @@ static void server_tls_sec_prot_state_machine(sec_prot_t *prot)
             prot->finished_ind(prot, sec_prot_result_get(&data->common), prot->sec_keys);
             sec_prot_state_set(prot, &data->common, TLS_STATE_FINISHED);
 
+            tls_sec_prot_queue_remove(prot);
             tls_sec_prot_lib_free((tls_security_t *) &data->tls_sec_inst);
             data->library_init = false;
             break;
@@ -570,4 +608,69 @@ static int8_t tls_sec_prot_tls_configure_and_connect(sec_prot_t *prot, bool is_s
     return 0;
 }
 
+static bool tls_sec_prot_queue_check(sec_prot_t *prot)
+{
+    bool queue_add = true;
+    bool queue_continue = false;
+    bool first_entry = true;
+
+    // Checks if TLS queue is empty or this instance is the first entry
+    if (ns_list_is_empty(&tls_sec_prot_queue)) {
+        queue_continue = true;
+    } else {
+
+        ns_list_foreach(tls_sec_prot_queue_t, entry, &tls_sec_prot_queue) {
+            if (entry->prot == prot) {
+                queue_add = false;
+                if (first_entry) {
+                    queue_continue = true;
+                    break;
+                } else {
+                    queue_continue = false;
+                }
+            }
+            first_entry = false;
+        }
+    }
+
+    // Adds entry to queue if not there already
+    if (queue_add) {
+        tr_debug("TLS QUEUE add%s, eui-64: %s", first_entry ? " first" : "", trace_array(sec_prot_remote_eui_64_addr_get(prot), 8));
+        tls_sec_prot_queue_t *entry = ns_dyn_mem_temporary_alloc(sizeof(tls_sec_prot_queue_t));
+        if (entry) {
+            entry->prot = prot;
+            ns_list_add_to_end(&tls_sec_prot_queue, entry);
+        }
+    }
+
+    return queue_continue;
+}
+
+static bool tls_sec_prot_queue_process(sec_prot_t *prot)
+{
+    if (ns_list_is_empty(&tls_sec_prot_queue)) {
+        return true;
+    }
+
+    ns_list_foreach(tls_sec_prot_queue_t, entry, &tls_sec_prot_queue) {
+        if (entry->prot == prot) {
+            return true;
+        }
+        return false;
+    }
+
+    return false;
+}
+
+static void tls_sec_prot_queue_remove(sec_prot_t *prot)
+{
+    ns_list_foreach_safe(tls_sec_prot_queue_t, entry, &tls_sec_prot_queue) {
+        if (entry->prot == prot) {
+            ns_list_remove(&tls_sec_prot_queue, entry);
+            ns_dyn_mem_free(entry);
+            tr_debug("TLS QUEUE remove%s, eui-64: %s", ns_list_is_empty(&tls_sec_prot_queue) ? " last" : "", trace_array(sec_prot_remote_eui_64_addr_get(prot), 8));
+        }
+    }
+}
+
 #endif /* HAVE_WS */