Improved EAPOL key update retry logic

Mika Leppänen · Mika Leppänen · commit 4185734223be · 2020-02-10T10:38:54.000+02:00
EAPOL key update now checks after all retries have been done, whether
GTKs are up to date (by comparing to latest GTK hash). If they are not,
it initiates a new key update rigth away. Previously EAPOL waited for
PAN version update before initiating the key update.

Also added a check that if key update procedure is on the last interval
(waiting for the authenticator to answer the last retry), and GTK hash
changes, EAPOL key update is retried rigth away.
diff --git a/source/6LoWPAN/ws/ws_pae_controller.c b/source/6LoWPAN/ws/ws_pae_controller.c
@@ -679,7 +679,7 @@ int8_t ws_pae_controller_supp_init(protocol_interface_info_entry_t *interface_pt
     controller->pae_gtk_hash_update = ws_pae_supp_gtk_hash_update;
     controller->pae_nw_key_index_update = ws_pae_supp_nw_key_index_update;
 
-    ws_pae_supp_cb_register(controller->interface_ptr, controller->auth_completed, ws_pae_controller_nw_key_check_and_insert, ws_pae_controller_active_nw_key_set);
+    ws_pae_supp_cb_register(controller->interface_ptr, controller->auth_completed, ws_pae_controller_nw_key_check_and_insert, ws_pae_controller_active_nw_key_set, ws_pae_controller_gtk_hash_ptr_get);
 
     ws_pae_controller_frame_counter_read(controller);
 
@@ -1203,7 +1203,7 @@ int8_t ws_pae_controller_gtk_hash_update(protocol_interface_info_entry_t *interf
     memcpy(controller->gtkhash, gtkhash, 32);
 
     if (controller->pae_gtk_hash_update) {
-        return controller->pae_gtk_hash_update(interface_ptr, gtkhash);
+        return controller->pae_gtk_hash_update(interface_ptr, controller->gtkhash);
     }
 
     return 0;
diff --git a/source/6LoWPAN/ws/ws_pae_supp.c b/source/6LoWPAN/ws/ws_pae_supp.c
@@ -91,6 +91,7 @@ typedef struct {
     ws_pae_supp_auth_completed *auth_completed;            /**< Authentication completed callback, continue bootstrap */
     ws_pae_supp_nw_key_insert *nw_key_insert;              /**< Key insert callback */
     ws_pae_supp_nw_key_index_set *nw_key_index_set;        /**< Key index set callback */
+    ws_pae_supp_gtk_hash_ptr_get *gtk_hash_ptr_get;        /**< Get pointer to GTK hash storage callback */
     supp_entry_t entry;                                    /**< Supplicant data */
     kmp_addr_t target_addr;                                /**< EAPOL target (parent) address */
     uint16_t initial_key_timer;                            /**< Timer to trigger initial EAPOL-Key */
@@ -114,6 +115,10 @@ typedef struct {
 // How many times sending of initial EAPOL-key is retried
 #define INITIAL_KEY_RETRY_COUNT            2
 
+// How many times sending of initial EAPOL-key is initiated on key update
+#define KEY_UPDATE_RETRY_COUNT             3
+#define LIFETIME_MISMATCH_RETRY_COUNT      1   /* No retries */
+
 // How long the wait is before the first initial EAPOL-key retry
 #define DEFAULT_INITIAL_KEY_RETRY_TIMER    120
 #define NONE_INITIAL_KEY_RETRY_TIMER       0
@@ -163,6 +168,7 @@ static kmp_api_t *ws_pae_supp_kmp_tx_status_ind(kmp_service_t *service, uint8_t
 static kmp_api_t *ws_pae_supp_kmp_create_and_start(kmp_service_t *service, kmp_type_e type, pae_supp_t *pae_supp);
 static int8_t ws_pae_supp_eapol_pdu_address_check(protocol_interface_info_entry_t *interface_ptr, const uint8_t *eui_64);
 static int8_t ws_pae_supp_parent_eui_64_get(protocol_interface_info_entry_t *interface_ptr, uint8_t *eui_64);
+static int8_t ws_pae_supp_gtk_hash_mismatch_check(pae_supp_t *pae_supp);
 
 static void ws_pae_supp_kmp_api_create_confirm(kmp_api_t *kmp, kmp_result_e result);
 static void ws_pae_supp_kmp_api_create_indication(kmp_api_t *kmp, kmp_type_e type, kmp_addr_t *addr);
@@ -317,6 +323,23 @@ int8_t ws_pae_supp_nw_key_valid(protocol_interface_info_entry_t *interface_ptr)
     return 0;
 }
 
+static int8_t ws_pae_supp_gtk_hash_mismatch_check(pae_supp_t *pae_supp)
+{
+    uint8_t *gtkhash = pae_supp->gtk_hash_ptr_get(pae_supp->interface_ptr);
+    if (!gtkhash) {
+        return -1;
+    }
+
+    // Check GTK hashes and initiate EAPOL procedure if mismatch is detected */
+    gtk_mismatch_e mismatch = sec_prot_keys_gtks_hash_update(&pae_supp->gtks, gtkhash);
+    if (mismatch != GTK_NO_MISMATCH) {
+        return -1;
+    }
+
+    tr_info("GTKs match to GTK hash");
+    return 0;
+}
+
 int8_t ws_pae_supp_gtk_hash_update(protocol_interface_info_entry_t *interface_ptr, uint8_t *gtkhash)
 {
     pae_supp_t *pae_supp = ws_pae_supp_get(interface_ptr);
@@ -333,12 +356,13 @@ int8_t ws_pae_supp_gtk_hash_update(protocol_interface_info_entry_t *interface_pt
                 trace_array(&gtkhash[16], 8),
                 trace_array(&gtkhash[24], 8));
 
-        // Mismatch, initiate EAPOL
-        if (!pae_supp->auth_trickle_running) {
-            uint8_t timer_expirations = 3;
+        /* Mismatch, initiate EAPOL (if authentication not already ongoing or if not on
+           wait time for the authenticator to answer) */
+        if (!pae_supp->auth_trickle_running || pae_supp->initial_key_retry_cnt == 0) {
+            uint8_t timer_expirations = KEY_UPDATE_RETRY_COUNT;
             // For GTK lifetime mismatch send only once
             if (mismatch == GTK_LIFETIME_MISMATCH) {
-                timer_expirations = 1;
+                timer_expirations = LIFETIME_MISMATCH_RETRY_COUNT;
             }
             // Start trickle timer
             ws_pae_supp_initial_key_update_trickle_timer_start(pae_supp, timer_expirations);
@@ -581,7 +605,7 @@ static void ws_pae_supp_keys_nw_info_init(sec_prot_keys_nw_info_t *sec_keys_nw_i
     sec_keys_nw_info->updated = false;
 }
 
-void ws_pae_supp_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_supp_auth_completed *completed, ws_pae_supp_nw_key_insert *nw_key_insert, ws_pae_supp_nw_key_index_set *nw_key_index_set)
+void ws_pae_supp_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_supp_auth_completed *completed, ws_pae_supp_nw_key_insert *nw_key_insert, ws_pae_supp_nw_key_index_set *nw_key_index_set, ws_pae_supp_gtk_hash_ptr_get *gtk_hash_ptr_get)
 {
     pae_supp_t *pae_supp = ws_pae_supp_get(interface_ptr);
     if (!pae_supp) {
@@ -591,6 +615,7 @@ void ws_pae_supp_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_
     pae_supp->auth_completed = completed;
     pae_supp->nw_key_insert = nw_key_insert;
     pae_supp->nw_key_index_set = nw_key_index_set;
+    pae_supp->gtk_hash_ptr_get = gtk_hash_ptr_get;
 }
 
 int8_t ws_pae_supp_init(protocol_interface_info_entry_t *interface_ptr, const sec_prot_certs_t *certs, timer_settings_t *timer_settings)
@@ -612,6 +637,7 @@ int8_t ws_pae_supp_init(protocol_interface_info_entry_t *interface_ptr, const se
     pae_supp->auth_completed = NULL;
     pae_supp->nw_key_insert = NULL;
     pae_supp->nw_key_index_set = NULL;
+    pae_supp->gtk_hash_ptr_get = NULL;
     pae_supp->initial_key_timer = 0;
     pae_supp->initial_key_retry_timer = 0;
     pae_supp->nw_keys_used_cnt = 0;
@@ -866,7 +892,17 @@ void ws_pae_supp_slow_timer(uint16_t seconds)
                     /* Wait time for the authenticator to answer the last re-transmit expires;
                        fails authentication */
                     if (pae_supp->initial_key_retry_cnt == 0) {
+                        bool retry = false;
+                        // If making key update and GTKs do not match to GTK hash
+                        if (!pae_supp->auth_requested && ws_pae_supp_gtk_hash_mismatch_check(pae_supp) < 0) {
+                            tr_info("GTKs do not match to GTK hash");
+                            retry = true;
+                        }
                         ws_pae_supp_authenticate_response(pae_supp, AUTH_RESULT_ERR_UNSPEC);
+                        if (retry) {
+                            // Start trickle timer to try re-authentication
+                            ws_pae_supp_initial_key_update_trickle_timer_start(pae_supp, KEY_UPDATE_RETRY_COUNT);
+                        }
                     } else {
                         if (pae_supp->initial_key_retry_cnt > 0) {
                             pae_supp->initial_key_retry_cnt--;
diff --git a/source/6LoWPAN/ws/ws_pae_supp.h b/source/6LoWPAN/ws/ws_pae_supp.h
@@ -236,6 +236,16 @@ typedef void ws_pae_supp_auth_completed(protocol_interface_info_entry_t *interfa
  */
 typedef int8_t ws_pae_supp_nw_key_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks);
 
+/**
+ * ws_pae_supp_gtk_hash_ptr_get get pointer to GTK hash storage callback
+ *
+ * \param interface_ptr interface
+ *
+ * \return pointer to GTK has storage or NULL
+ *
+ */
+typedef uint8_t *ws_pae_supp_gtk_hash_ptr_get(protocol_interface_info_entry_t *interface_ptr);
+
 /**
  * ws_pae_supp_cb_register register PEA supplicant callbacks
  *
@@ -245,7 +255,7 @@ typedef int8_t ws_pae_supp_nw_key_insert(protocol_interface_info_entry_t *interf
  * \param nw_key_index_set network send key index callback
  *
  */
-void ws_pae_supp_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_supp_auth_completed *completed, ws_pae_supp_nw_key_insert *nw_key_insert, ws_pae_supp_nw_key_index_set *nw_key_index_set);
+void ws_pae_supp_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_supp_auth_completed *completed, ws_pae_supp_nw_key_insert *nw_key_insert, ws_pae_supp_nw_key_index_set *nw_key_index_set, ws_pae_supp_gtk_hash_ptr_get *gtk_hash_ptr_get);
 
 #else
 
