Corrected triggering of next GTK handshake on authenticator

Mika Leppänen · Mika Leppänen · commit 34c751bb7fed · 2019-09-16T17:20:16.000+03:00
Authenticator now triggers GTK handshake for all keys in case there
are more than two GTKs. Corrected freed memory access that occurred
on GTK state machine.
diff --git a/source/6LoWPAN/ws/ws_pae_auth.c b/source/6LoWPAN/ws/ws_pae_auth.c
@@ -919,12 +919,12 @@ static void ws_pae_auth_next_kmp_trigger(pae_auth_t *pae_auth, supp_entry_t *sup
 
         kmp_api_t *api = ws_pae_lib_kmp_list_type_get(&supp_entry->kmp_list, next_type);
         if (api != NULL) {
+            /* For other types than GTK, only one ongoing negotiation at the same time,
+               for GTK there can be previous terminating and the new one for next key index */
             if (next_type != IEEE_802_11_GKH) {
                 tr_info("KMP already ongoing; ignored, eui-64: %s", trace_array(supp_entry->addr.eui_64, 8));
                 return;
             }
-            // Delete KMP
-            ws_pae_lib_kmp_list_delete(&supp_entry->kmp_list, api);
         }
     }
 
diff --git a/source/6LoWPAN/ws/ws_pae_lib.c b/source/6LoWPAN/ws/ws_pae_lib.c
@@ -77,7 +77,9 @@ int8_t ws_pae_lib_kmp_list_delete(kmp_list_t *kmp_list, kmp_api_t *kmp)
 kmp_api_t *ws_pae_lib_kmp_list_type_get(kmp_list_t *kmp_list, kmp_type_e type)
 {
     ns_list_foreach(kmp_entry_t, cur, kmp_list) {
-        if (kmp_api_type_get(cur->kmp) == type) {
+        /* If type matches and receiving of messages has not been disabled for the kmp
+           (kmp is not in terminating phase) */
+        if (kmp_api_type_get(cur->kmp) == type && !kmp_api_receive_disable(cur->kmp)) {
             return cur->kmp;
         }
     }
diff --git a/source/Security/kmp/kmp_api.c b/source/Security/kmp/kmp_api.c
@@ -314,6 +314,11 @@ kmp_type_e kmp_api_type_get(kmp_api_t *kmp)
     return kmp->type;
 }
 
+bool kmp_api_receive_disable(kmp_api_t *kmp)
+{
+    return kmp->receive_disable;
+}
+
 kmp_type_e kmp_api_type_from_id_get(uint8_t kmp_id)
 {
     switch (kmp_id) {
diff --git a/source/Security/kmp/kmp_api.h b/source/Security/kmp/kmp_api.h
@@ -152,6 +152,16 @@ void kmp_api_delete(kmp_api_t *kmp);
  */
 kmp_type_e kmp_api_type_get(kmp_api_t *kmp);
 
+/**
+ * kmp_api_type_get get receive disabled status
+ *
+ * \param kmp instance
+ *
+ * \return true/false true when receiving has been disabled
+ *
+ */
+bool kmp_api_receive_disable(kmp_api_t *kmp);
+
 /**
  * kmp_api_type_from_id_get get KMP type from KMP id
  *

Original file line number	Diff line number	Diff line change
`@@ -919,12 +919,12 @@ static void ws_pae_auth_next_kmp_trigger(pae_auth_t pae_auth, supp_entry_t sup`
`919`	`919`
`920`	`920`	`kmp_api_t *api = ws_pae_lib_kmp_list_type_get(&supp_entry->kmp_list, next_type);`
`921`	`921`	`if (api != NULL) {`
	`922`	`+ /* For other types than GTK, only one ongoing negotiation at the same time,`
	`923`	`+ for GTK there can be previous terminating and the new one for next key index */`
`922`	`924`	`if (next_type != IEEE_802_11_GKH) {`
`923`	`925`	`tr_info("KMP already ongoing; ignored, eui-64: %s", trace_array(supp_entry->addr.eui_64, 8));`
`924`	`926`	`return;`
`925`	`927`	`}`
`926`		`- // Delete KMP`
`927`		`- ws_pae_lib_kmp_list_delete(&supp_entry->kmp_list, api);`
`928`	`928`	`}`
`929`	`929`	`}`
`930`	`930`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,9 @@ int8_t ws_pae_lib_kmp_list_delete(kmp_list_t kmp_list, kmp_api_t kmp)`
`77`	`77`	`kmp_api_t ws_pae_lib_kmp_list_type_get(kmp_list_t kmp_list, kmp_type_e type)`
`78`	`78`	`{`
`79`	`79`	`ns_list_foreach(kmp_entry_t, cur, kmp_list) {`
`80`		`- if (kmp_api_type_get(cur->kmp) == type) {`
	`80`	`+ /* If type matches and receiving of messages has not been disabled for the kmp`
	`81`	`+ (kmp is not in terminating phase) */`
	`82`	`+ if (kmp_api_type_get(cur->kmp) == type && !kmp_api_receive_disable(cur->kmp)) {`
`81`	`83`	`return cur->kmp;`
`82`	`84`	`}`
`83`	`85`	`}`
Original file line number	Diff line number	Diff line change
`@@ -314,6 +314,11 @@ kmp_type_e kmp_api_type_get(kmp_api_t *kmp)`
`314`	`314`	`return kmp->type;`
`315`	`315`	`}`
`316`	`316`
	`317`	`+bool kmp_api_receive_disable(kmp_api_t *kmp)`
	`318`	`+{`
	`319`	`+ return kmp->receive_disable;`
	`320`	`+}`
	`321`	`+`
`317`	`322`	`kmp_type_e kmp_api_type_from_id_get(uint8_t kmp_id)`
`318`	`323`	`{`
`319`	`324`	`switch (kmp_id) {`