Squashed 'features/nanostack/sal-stack-nanostack/' changes from c473148..0824752

0824752 Merge branch 'release_internal' into release_external
f598339 Merge branch 'master' into release_internal
678e0fd Removed unicast RX flag set. it was affecting that we remove neighbor too early.
a4317fc Corrected coding style
cd2848e Added support for calculating the length of the TLS send message buffer
f255931 Removed UDP echo msg data print and added source address print.
adcca3d RPL dio config advertisment update
6db1f31 Merge pull request #2198 from ARMmbed/IOTTHD-3691
ad244d1 MAC: changed CCA and TX fail trace level to debug
496074a RPL parent select update:
32e22d3 MAC: Added trace to when CCA fails and packet TX is canceled
47b2e03 Corrected GKH initiation on supplicant
c83423a PAE controller now removes keys from MAC on stop (ifdown)
a6f98b7 Flagged extended key usage call with mbedTLS flags
0675a89 Added dynamic setting to enable certificate validation
ff531d3 Added IDevID and LDevID certificate validation
b30635f Merge pull request #2191 from ARMmbed/IOTTHD-3693
88019ec Updated message generated traces
ea15b0e Remove all instances when domain is disbaled and clear EAPOL relay.
dce25d3 Corrected security protocols init and security message routing
7b39e25 Do not trig Renew again after RPL parent registration done state.
3cad7bd DHCPv6 renew and transaction id update
c5b6df3 DHCPv6 client update
dea0d53 DHCPv6 client API update
5eaad10 Added missing address active flag init.
34c751b Corrected triggering of next GTK handshake on authenticator
4fad826 Corrected export keys callback parameters
26c10a6 SW MAC / 802.15.4 Frame counter per key support Update
b62b120 Added robustness on DAO-ACK handling
dfcebef Added support for new certificate modification functions
fd4b2e9 WS ARO handler update
e2d46b9 wi-sun neagtive ARO missing ACK update
443f03f Merge pull request #2181 from ARMmbed/IOTTHD-3530_2
f36da31 MAC: Update frame counter for asynch frames
3260fa1 Merge pull request #2177 from ARMmbed/IOTTHD-3530
f18052a MAC: Initialize frame counter with 0xffffffff
5453e5b MAC: Do not increment framecounter if security param init fails
5bd19c4 MAC: Do not update framecounter for fhss channel retry

git-subtree-dir: features/nanostack/sal-stack-nanostack
git-subtree-split: 0824752

Author: Jarkko Paso

nanostack/dhcp_service_api.h

@@ -217,6 +217,16 @@ void dhcp_service_update_server_address(uint32_t msg_tr_id, uint8_t *server_addr
  */
 void dhcp_service_req_remove(uint32_t msg_tr_id);
 
+/**
+ * \brief Stops transactions for a messages (retransmissions).
+ *
+ * Clears off sending retransmissions for a particular message transaction by finding it via its message class pointer.
+ *
+ * \param msg_class_ptr The message class pointer.
+ *
+ */
+void dhcp_service_req_remove_all(void *msg_class_ptr);
+
 /**
  * \brief Timer tick function for retransmissions.
  *

nanostack/sw_mac.h

@@ -97,6 +97,14 @@ extern int ns_sw_mac_phy_statistics_start(struct mac_api_s *mac_api, struct phy_
  */
 extern uint32_t ns_sw_mac_read_current_timestamp(struct mac_api_s *mac_api);
 
+/**
+ * @brief Enable or disable Frame counter per security key. SW MAC must be create before enable this feature!
+ * @param mac_api MAC instance.
+ * @param enable_feature True will allocate frame counter table for devices / key False will clear mode and free counter table.
+ * @return 0 on success, -1 on fail.
+ */
+extern int8_t ns_sw_mac_enable_frame_counter_per_key(struct mac_api_s *mac_api, bool enable_feature);
+
 #ifdef __cplusplus
 }
 #endif

nanostack/ws_bbr_api.h

@@ -140,4 +140,26 @@ int ws_bbr_node_access_revoke_start(int8_t interface_id);
  */
 int ws_bbr_eapol_node_limit_set(int8_t interface_id, uint16_t limit);
 
+/**
+ * Extended certificate validation
+ */
+#define BBR_CRT_EXT_VALID_NONE    0x00 /**< Do not make extended validations */
+#define BBR_CRT_EXT_VALID_WISUN   0x01 /**< Validate Wi-SUN specific fields */
+
+/**
+ * Sets extended certificate validation setting
+ *
+ * Sets extended certificate validation setting on border router. Function can be used
+ * to set which fields on client certificate are validated.
+ *
+ * \param interface_id Network interface ID
+ * \param validation Extended Certificate validation setting
+ *          BBR_CRT_EXT_VALID_NONE   Do not make extended validations
+ *          BBR_CRT_EXT_VALID_WISUN  Validate Wi-SUN specific fields
+ *
+ * \return 0 Validation setting was set
+ * \return <0 Setting set failed
+ */
+int ws_bbr_ext_certificate_validation_set(int8_t interface_id, uint8_t validation);
+
 #endif /* WS_BBR_API_H_ */

source/6LoWPAN/MAC/mac_helper.c

@@ -349,12 +349,12 @@ int8_t mac_helper_security_default_recv_key_set(protocol_interface_info_entry_t
     return 0;
 }
 
-int8_t mac_helper_security_auto_request_key_index_set(protocol_interface_info_entry_t *interface, uint8_t id)
+int8_t mac_helper_security_auto_request_key_index_set(protocol_interface_info_entry_t *interface, uint8_t key_attibute_index, uint8_t id)
 {
     if (id == 0) {
         return -1;
     }
-
+    interface->mac_parameters->mac_default_key_attribute_id = key_attibute_index;
     mac_helper_pib_8bit_set(interface, macAutoRequestKeyIndex, id);
     return 0;
 }
@@ -442,13 +442,11 @@ void mac_helper_security_key_swap_next_to_default(protocol_interface_info_entry_
     interface->mac_parameters->mac_prev_key_index = interface->mac_parameters->mac_default_key_index;
     interface->mac_parameters->mac_prev_key_attribute_id = interface->mac_parameters->mac_default_key_attribute_id;
 
-    interface->mac_parameters->mac_default_key_index = interface->mac_parameters->mac_next_key_index;
-    interface->mac_parameters->mac_default_key_attribute_id = interface->mac_parameters->mac_next_key_attribute_id;
+    mac_helper_security_auto_request_key_index_set(interface, interface->mac_parameters->mac_next_key_attribute_id, interface->mac_parameters->mac_next_key_index);
+
     interface->mac_parameters->mac_next_key_index = 0;
     interface->mac_parameters->mac_next_key_attribute_id = prev_attribute;
 
-    mac_helper_pib_8bit_set(interface, macAutoRequestKeyIndex,  interface->mac_parameters->mac_default_key_index);
-
 }
 
 void mac_helper_security_key_clean(protocol_interface_info_entry_t *interface)
@@ -841,7 +839,7 @@ int8_t mac_helper_link_frame_counter_read(int8_t interface_id, uint32_t *seq_ptr
     }
     mlme_get_t get_req;
     get_req.attr = macFrameCounter;
-    get_req.attr_index = 0;
+    get_req.attr_index = cur->mac_parameters->mac_default_key_attribute_id;
     cur->mac_api->mlme_req(cur->mac_api, MLME_GET, &get_req);
     *seq_ptr = cur->mac_parameters->security_frame_counter;
 
@@ -858,7 +856,7 @@ int8_t mac_helper_link_frame_counter_set(int8_t interface_id, uint32_t seq_ptr)
     }
     mlme_set_t set_req;
     set_req.attr = macFrameCounter;
-    set_req.attr_index = 0;
+    set_req.attr_index = cur->mac_parameters->mac_default_key_attribute_id;
     set_req.value_pointer = &seq_ptr;
     set_req.value_size = 4;
     cur->mac_api->mlme_req(cur->mac_api, MLME_SET, &set_req);

source/6LoWPAN/MAC/mac_helper.h

@@ -69,7 +69,7 @@ int8_t mac_helper_security_default_key_set(struct protocol_interface_info_entry
 
 int8_t mac_helper_security_default_recv_key_set(struct protocol_interface_info_entry *interface, const uint8_t *key, uint8_t id, uint8_t keyid_mode);
 
-int8_t mac_helper_security_auto_request_key_index_set(struct protocol_interface_info_entry *interface, uint8_t id);
+int8_t mac_helper_security_auto_request_key_index_set(struct protocol_interface_info_entry *interface, uint8_t key_attibute_index, uint8_t id);
 
 int8_t mac_helper_security_next_key_set(struct protocol_interface_info_entry *interface, uint8_t *key, uint8_t id, uint8_t keyid_mode);
 

source/6LoWPAN/ws/ws_bbr_api.c

@@ -636,3 +636,18 @@ int ws_bbr_eapol_node_limit_set(int8_t interface_id, uint16_t limit)
     return -1;
 #endif
 }
+
+int ws_bbr_ext_certificate_validation_set(int8_t interface_id, uint8_t validation)
+{
+    (void) interface_id;
+#ifdef HAVE_WS_BORDER_ROUTER
+    bool enabled = false;
+    if (validation & BBR_CRT_EXT_VALID_WISUN) {
+        enabled = true;
+    }
+    return ws_pae_controller_ext_certificate_validation_set(interface_id, enabled);
+#else
+    (void) validation;
+    return -1;
+#endif
+}

source/6LoWPAN/ws/ws_bootstrap.c

@@ -1371,7 +1371,7 @@ static void ws_bootstrap_neighbor_table_clean(struct protocol_interface_info_ent
         //Read current timestamp
         uint32_t time_from_last_unicast_shedule = ws_time_from_last_unicast_traffic(current_time_stamp, ws_neighbor);
 
-        if (time_from_last_unicast_shedule > WS_NEIGHBOR_TEMPORARY_LINK_MIN_TIMEOUT || !ws_neighbor->unicast_data_rx) {
+        if (time_from_last_unicast_shedule > WS_NEIGHBOR_TEMPORARY_LINK_MIN_TIMEOUT) {
             //Accept only Enough Old Device
             if (!neighbor_entry_ptr) {
                 //Accept first compare
@@ -1581,6 +1581,10 @@ int ws_bootstrap_init(int8_t interface_id, net_6lowpan_mode_e bootstrap_mode)
         return -2;
     }
 
+    if (ns_sw_mac_enable_frame_counter_per_key(cur->mac_api, true)) {
+        return -1;
+    }
+
     if (!etx_storage_list_allocate(cur->id, buffer.device_decription_table_size)) {
         return -1;
     }
@@ -1940,6 +1944,9 @@ static void ws_dhcp_client_global_adress_cb(int8_t interface, uint8_t dhcp_addr[
         if (cur) {
             rpl_control_register_address(cur, prefix);
         }
+    } else {
+        //Delete dhcpv6 client
+        dhcp_client_global_address_delete(interface, dhcp_addr, prefix);
     }
 }
 
@@ -2055,6 +2062,9 @@ static void ws_bootstrap_rpl_activate(protocol_interface_info_entry_t *cur)
     // If i am router I Do this
     rpl_control_force_leaf(protocol_6lowpan_rpl_domain, leaf);
     rpl_control_request_parent_link_confirmation(true);
+    rpl_control_set_dio_multicast_min_config_advertisment_count(WS_MIN_DIO_MULTICAST_CONFIG_ADVERTISMENT_COUNT);
+    rpl_control_set_dao_retry_count(WS_MAX_DAO_RETRIES);
+    rpl_control_set_initial_dao_ack_wait(WS_MAX_DAO_INITIAL_TIMEOUT);
 
     cur->ws_info->rpl_state = 0xff; // Set invalid state and learn from event
 }
@@ -2107,7 +2117,9 @@ static void ws_bootstrap_start_discovery(protocol_interface_info_entry_t *cur)
     ws_bootstrap_neighbor_list_clean(cur);
 
     // Clear RPL information
-    rpl_control_remove_domain_from_interface(cur);
+    rpl_control_free_domain_instances_from_interface(cur);
+    // Clear EAPOL relay address
+    ws_eapol_relay_delete(cur);
 
     // Clear ip stack from old information
     ws_bootstrap_ip_stack_reset(cur);
@@ -2169,7 +2181,7 @@ static void ws_bootstrap_nw_key_clear(protocol_interface_info_entry_t *cur, uint
 static void ws_bootstrap_nw_key_index_set(protocol_interface_info_entry_t *cur, uint8_t index)
 {
     // Set send key
-    mac_helper_security_auto_request_key_index_set(cur, index + 1);
+    mac_helper_security_auto_request_key_index_set(cur, index, index + 1);
 }
 
 static void ws_bootstrap_nw_frame_counter_set(protocol_interface_info_entry_t *cur, uint32_t counter)

source/6LoWPAN/ws/ws_common.c

@@ -31,6 +31,8 @@
 #include "Service_Libs/etx/etx.h"
 #include "Service_Libs/mac_neighbor_table/mac_neighbor_table.h"
 #include "Service_Libs/blacklist/blacklist.h"
+#include "RPL/rpl_protocol.h"
+#include "RPL/rpl_control.h"
 #include "ws_management_api.h"
 #include "mac_api.h"
 
@@ -404,6 +406,13 @@ bool ws_common_allow_child_registration(protocol_interface_info_entry_t *interfa
         return true;
     }
 
+    //Verify that we have Selected Parent
+    if (interface->bootsrap_mode != ARM_NWK_BOOTSRAP_MODE_6LoWPAN_BORDER_ROUTER && !rpl_control_parent_candidate_list_size(interface, true)) {
+        tr_info("Do not accept new ARO child: no selected parent");
+        return false;
+    }
+
+
     ns_list_foreach_safe(mac_neighbor_table_entry_t, cur, &mac_neighbor_info(interface)->neighbour_list) {
 
         if (ipv6_neighbour_has_registered_by_eui64(&interface->ipv6_neighbour_cache, cur->mac64)) {

source/6LoWPAN/ws/ws_config.h

@@ -133,4 +133,12 @@ extern uint8_t DEVICE_MIN_SENS;
 #define FRAME_COUNTER_INCREMENT          1000 // How much frame counter is incremented on start up
 #define FRAME_COUNTER_STORE_THRESHOLD    800  // How much frame counter must increment before it is stored
 
+
+/*
+ *  RPL Configuration parameters
+ */
+#define WS_MAX_DAO_RETRIES 3 // With 40s, 80s, 160s, 320s, 640s
+#define WS_MAX_DAO_INITIAL_TIMEOUT 400 // With 40s initial value exponentially increasing
+#define WS_MIN_DIO_MULTICAST_CONFIG_ADVERTISMENT_COUNT 10 // Define 10 multicast advertisment when learn config or learn config update
+
 #endif /* WS_CONFIG_H_ */

source/6LoWPAN/ws/ws_pae_auth.c

@@ -919,12 +919,12 @@ static void ws_pae_auth_next_kmp_trigger(pae_auth_t *pae_auth, supp_entry_t *sup
 
         kmp_api_t *api = ws_pae_lib_kmp_list_type_get(&supp_entry->kmp_list, next_type);
         if (api != NULL) {
+            /* For other types than GTK, only one ongoing negotiation at the same time,
+               for GTK there can be previous terminating and the new one for next key index */
             if (next_type != IEEE_802_11_GKH) {
                 tr_info("KMP already ongoing; ignored, eui-64: %s", trace_array(supp_entry->addr.eui_64, 8));
                 return;
             }
-            // Delete KMP
-            ws_pae_lib_kmp_list_delete(&supp_entry->kmp_list, api);
         }
     }