Merge pull request #1901 from ARMmbed/kmp_pae_init

Initial EAPOL changes

Author: Mika Leppänen

source/6LoWPAN/ws/ws_bootstrap.c

@@ -62,6 +62,10 @@
 #include "DHCPv6_client/dhcpv6_client_api.h"
 #include "net_rpl.h"
 #include "mac_api.h"
+#include "6LoWPAN/ws/ws_pae_controller.h"
+#include "6LoWPAN/ws/ws_eapol_pdu.h"
+#include "6LoWPAN/ws/ws_eapol_auth_relay.h"
+#include "6LoWPAN/ws/ws_eapol_relay.h"
 
 #define TRACE_GROUP "wsbs"
 
@@ -88,7 +92,11 @@ static uint16_t ws_bootstrap_routing_cost_calculate(protocol_interface_info_entr
 static uint16_t ws_bootstrap_rank_get(protocol_interface_info_entry_t *cur);
 static uint16_t ws_bootstrap_min_rank_inc_get(protocol_interface_info_entry_t *cur);
 
+static void ws_bootstrap_key_insert(protocol_interface_info_entry_t *cur, uint8_t gtk_index, uint8_t *gtk);
+static void ws_bootstrap_authentication_completed(protocol_interface_info_entry_t *cur, bool success);
+
 mac_neighbor_table_entry_t *ws_bootstrap_mac_neighbor_add(struct protocol_interface_info_entry *interface, const uint8_t *src64)
+
 {
     mac_neighbor_table_entry_t *neighbor = mac_neighbor_table_address_discover(mac_neighbor_info(interface), src64, MAC_ADDR_MODE_64_BIT);
     if (neighbor) {
@@ -667,6 +675,9 @@ static int8_t ws_bootstrap_down(protocol_interface_info_entry_t *cur)
     nd_proxy_downstream_interface_unregister(cur->id);
     ws_nud_table_reset(cur);
     dhcp_client_delete(cur->id);
+    ws_eapol_relay_delete(cur);
+    ws_eapol_auth_relay_delete(cur);
+    ws_pae_controller_stop(cur);
 
     return nwk_6lowpan_down(cur);
 }
@@ -1404,6 +1415,26 @@ int ws_bootstrap_init(int8_t interface_id, net_6lowpan_mode_e bootstrap_mode)
         goto init_fail;
     }
 
+    //Init PAE controller and set callback
+    if (ws_pae_controller_init(cur) < 0) {
+        ret_val =  -4;
+        goto init_fail;
+    }
+    if (ws_pae_controller_cb_register(cur, &ws_bootstrap_authentication_completed, &ws_bootstrap_key_insert) < 0) {
+        ret_val =  -4;
+        goto init_fail;
+    }
+
+    //Init EAPOL PDU handler and register it to MPX
+    if (ws_eapol_pdu_init(cur) < 0) {
+        ret_val =  -4;
+        goto init_fail;
+    }
+    if (ws_eapol_pdu_mpx_register(cur, mpx_api, MPX_KEY_MANAGEMENT_ENC_USER_ID != 0)) {
+        ret_val =  -4;
+        // add deallocs
+        goto init_fail;
+    }
 
     cur->if_up = ws_bootstrap_up;
     cur->if_down = ws_bootstrap_down;
@@ -1445,10 +1476,13 @@ int ws_bootstrap_init(int8_t interface_id, net_6lowpan_mode_e bootstrap_mode)
     //Error handling and free memory
 init_fail:
     lowpan_adaptation_interface_mpx_register(interface_id, NULL, 0);
+    ws_eapol_pdu_mpx_register(cur, NULL, 0);
     mac_neighbor_table_delete(mac_neighbor_info(cur));
     etx_storage_list_allocate(cur->id, 0);
     ws_neighbor_class_dealloc(&neigh_info);
     ws_llc_delete(cur);
+    ws_eapol_pdu_delete(cur);
+    ws_pae_controller_delete(cur);
     return ret_val;
 }
 
@@ -1591,6 +1625,10 @@ static void ws_bootstrap_rpl_callback(rpl_event_t event, void *handle)
         if (instance && rpl_control_read_dodag_info(instance, &dodag_info)) {
             tr_debug("Enable DHCPv6 relay");
             dhcp_relay_agent_enable(cur->id, dodag_info.dodag_id);
+
+            tr_debug("Start EAPOL relay");
+            // Set both own port and border router port to 10253
+            ws_eapol_relay_start(cur, EAPOL_RELAY_SOCKET_PORT, dodag_info.dodag_id, EAPOL_RELAY_SOCKET_PORT);
         }
 
         ws_set_fhss_hop(cur);
@@ -1750,6 +1788,40 @@ static void ws_bootstrap_start_discovery(protocol_interface_info_entry_t *cur)
     // Discovery statemachine is checkked after two trickle interval
     cur->bootsrap_state_machine_cnt = 2 * trickle_params_pan_discovery.Imin + randLIB_get_8bit() % 50;
 }
+
+// Start authentication
+static void ws_bootstrap_start_authentication(protocol_interface_info_entry_t *cur)
+{
+    tr_debug("authentication start");
+    ws_pae_controller_authenticate(cur);
+}
+
+
+static void ws_bootstrap_key_insert(protocol_interface_info_entry_t *cur, uint8_t gtk_index, uint8_t *gtk)
+{
+    // Convert GTK to Group AES Key (GAK)
+
+    // Verify HASH etc.
+
+    mac_helper_security_key_clean(cur);
+    mac_helper_default_security_level_set(cur, AES_SECURITY_LEVEL_ENC_MIC64);
+    mac_helper_default_security_key_id_mode_set(cur, MAC_KEY_ID_MODE_IDX);
+    //Set Keys
+    mac_helper_security_default_key_set(cur, gtk, gtk_index + 1, MAC_KEY_ID_MODE_IDX);
+}
+
+static void ws_bootstrap_authentication_completed(protocol_interface_info_entry_t *cur, bool success)
+{
+    if (success) {
+        tr_debug("authentication success");
+        ws_bootstrap_event_configuration_start(cur);
+    } else {
+        tr_debug("authentication failed");
+        // What else to do to start over again...
+        ws_bootstrap_event_discovery_start(cur);
+    }
+}
+
 // Start configuration learning
 static void ws_bootstrap_start_configuration_learn(protocol_interface_info_entry_t *cur)
 {
@@ -1758,6 +1830,7 @@ static void ws_bootstrap_start_configuration_learn(protocol_interface_info_entry
 
     cur->ws_info->configuration_learned = false;
     // Clear parent info
+
     memset(cur->ws_info->parent_info.addr, 0, 8);
 
     // Clear all temporary information
@@ -1968,19 +2041,6 @@ static bool ws_bootstrap_address_registration_ongoing(protocol_interface_info_en
     return false;
 }
 
-static void ws_bootstrap_set_test_key(protocol_interface_info_entry_t *cur)
-{
-    uint8_t key_material[16];
-    for (int i = 0; i < 16; i++) {
-        key_material[i] = 0xcf - i;
-    }
-    mac_helper_security_key_clean(cur);
-    mac_helper_default_security_level_set(cur, AES_SECURITY_LEVEL_ENC_MIC64);
-    mac_helper_default_security_key_id_mode_set(cur, MAC_KEY_ID_MODE_IDX);
-    //Set Keys
-    mac_helper_security_default_key_set(cur, key_material, 1, MAC_KEY_ID_MODE_IDX);
-}
-
 static void ws_bootstrap_event_handler(arm_event_s *event)
 {
     ws_bootsrap_event_type_e event_type;
@@ -2021,8 +2081,19 @@ static void ws_bootstrap_event_handler(arm_event_s *event)
                 // Set default parameters for FHSS when starting a discovery
                 ws_fhss_border_router_configure(cur);
                 ws_bootstrap_fhss_activate(cur);
-                ws_bootstrap_set_test_key(cur);
                 ws_bootstrap_event_operation_start(cur);
+
+                uint8_t ll_addr[16];
+                addr_interface_get_ll_address(cur, ll_addr, 1);
+
+                // Set EAPOL relay to port 10255 and authenticator relay to 10253 (and to own ll address)
+                ws_eapol_relay_start(cur, BR_EAPOL_RELAY_SOCKET_PORT, ll_addr, EAPOL_RELAY_SOCKET_PORT);
+
+                // Set authenticator relay to port 10253 and PAE to 10254 (and to own ll address)
+                ws_eapol_auth_relay_start(cur, EAPOL_RELAY_SOCKET_PORT, ll_addr, PAE_AUTH_SOCKET_PORT);
+
+                // Set PAE port to 10254 and authenticator relay to 10253 (and to own ll address)
+                ws_pae_controller_authenticator_start(cur, PAE_AUTH_SOCKET_PORT, ll_addr, EAPOL_RELAY_SOCKET_PORT);
                 break;
             }
             // Configure LLC for network discovery
@@ -2036,9 +2107,17 @@ static void ws_bootstrap_event_handler(arm_event_s *event)
             // only advert sol stopped as we might be doing re authentication
             cur->ws_info->trickle_pas_running = false;
             //Add Test ecurity key and security level's
-            ws_bootstrap_set_test_key(cur);
-            ws_bootstrap_event_configuration_start(cur);
+
+
+            // Advertisements stopped during the EAPOL
+            cur->ws_info->trickle_pa_running = false;
+            cur->ws_info->trickle_pc_running = false;
+            cur->ws_info->trickle_pas_running = false;
+            cur->ws_info->trickle_pcs_running = false;
+
+            ws_bootstrap_start_authentication(cur);
             break;
+
         case WS_CONFIGURATION_START:
             tr_info("Configuration start");
             // Old configuration is considered invalid stopping all
@@ -2114,8 +2193,14 @@ void ws_bootstrap_network_scan_process(protocol_interface_info_entry_t *cur)
         return;
     }
 
+    ws_neighbor_class_neighbor_unicast_time_info_update(neighbor_info.ws_neighbor, &cur->ws_info->parent_info.ws_utt, cur->ws_info->parent_info.timestamp);
+    ws_neighbor_class_neighbor_unicast_schedule_set(neighbor_info.ws_neighbor, &cur->ws_info->parent_info.ws_us);
+
+
     ws_bootstrap_network_information_learn(cur);
     ws_bootstrap_fhss_activate(cur);
+
+    ws_pae_controller_set_target(cur, cur->ws_info->parent_info.addr); // temporary!!! store since auth
     ws_bootstrap_event_authentication_start(cur);
     return;
 }
@@ -2125,7 +2210,11 @@ void ws_bootstrap_configure_process(protocol_interface_info_entry_t *cur)
 
     if (cur->ws_info->configuration_learned) {
         ws_bootstrap_network_configuration_learn(cur);
+
+
         ws_bootstrap_event_operation_start(cur);
+
+
         return;
     }
     return;

source/6LoWPAN/ws/ws_common_defines.h

@@ -227,5 +227,11 @@ typedef struct ws_bs_ie {
 #define WS_FHSS_BC_INTERVAL           1020;
 #define WS_FHSS_BC_DWELL_INTERVAL     255;
 
+/*
+ * EAPOL relay and PAE authenticator socket settings
+ */
+#define EAPOL_RELAY_SOCKET_PORT               10253
+#define BR_EAPOL_RELAY_SOCKET_PORT            10255
+#define PAE_AUTH_SOCKET_PORT                  10254
 
 #endif /* WS_COMMON_DEFINES_H_ */