Skip to content

Commit 5cd094c

Browse files
author
Mika Leppänen
committed
Corrected GTK update initial EAPOL-key trickle timer
Trickle timer on GTK update works now correctly. Initial EAPOL-key is send on maximum three times to authenticator when GTK hash mismatch is detected.
1 parent 7606ee8 commit 5cd094c

File tree

1 file changed

+31
-19
lines changed

1 file changed

+31
-19
lines changed

source/6LoWPAN/ws/ws_pae_supp.c

Lines changed: 31 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ static int8_t ws_pae_supp_event_send(kmp_service_t *service, void *data);
149149
static void ws_pae_supp_tasklet_handler(arm_event_s *event);
150150
static void ws_pae_supp_initial_trickle_timer_start(pae_supp_t *pae_supp);
151151
static void ws_pae_supp_initial_last_interval_trickle_timer_start(pae_supp_t *pae_supp);
152+
static void ws_pae_supp_initial_key_update_trickle_timer_start(pae_supp_t *pae_supp, uint8_t timer_expirations);
152153
static bool ws_pae_supp_authentication_ongoing(pae_supp_t *pae_supp);
153154
static int8_t ws_pae_supp_timer_if_start(kmp_service_t *service, kmp_api_t *kmp);
154155
static int8_t ws_pae_supp_timer_if_stop(kmp_service_t *service, kmp_api_t *kmp);
@@ -339,16 +340,8 @@ int8_t ws_pae_supp_gtk_hash_update(protocol_interface_info_entry_t *interface_pt
339340
if (mismatch == GTK_LIFETIME_MISMATCH) {
340341
timer_expirations = 1;
341342
}
342-
343-
pae_supp->auth_trickle_params.Imin = pae_supp->timer_settings->gtk_request_imin;
344-
pae_supp->auth_trickle_params.Imax = pae_supp->timer_settings->gtk_request_imax;
345-
pae_supp->auth_trickle_params.k = 0;
346-
pae_supp->auth_trickle_params.TimerExpirations = timer_expirations;
347-
348-
// Starts trickle
349-
trickle_start(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
350-
pae_supp->auth_trickle_running = true;
351-
pae_supp->initial_key_retry_timer = 0;
343+
// Start trickle timer
344+
ws_pae_supp_initial_key_update_trickle_timer_start(pae_supp, timer_expirations);
352345

353346
// Starts supplicant timer
354347
ws_pae_supp_timer_start(pae_supp);
@@ -623,7 +616,7 @@ int8_t ws_pae_supp_init(protocol_interface_info_entry_t *interface_ptr, const se
623616
pae_supp->initial_key_retry_timer = 0;
624617
pae_supp->nw_keys_used_cnt = 0;
625618
pae_supp->timer_settings = timer_settings;
626-
pae_supp->initial_key_retry_cnt = 0;
619+
pae_supp->initial_key_retry_cnt = INITIAL_KEY_RETRY_COUNT;
627620
pae_supp->auth_trickle_running = false;
628621
pae_supp->auth_requested = false;
629622
pae_supp->timer_running = false;
@@ -864,21 +857,25 @@ void ws_pae_supp_slow_timer(uint16_t seconds)
864857
} else {
865858
// Checks if trickle timer expires
866859
if (trickle_timer(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params, seconds)) {
867-
if (pae_supp->initial_key_retry_cnt < INITIAL_KEY_RETRY_COUNT) {
860+
if (pae_supp->initial_key_retry_cnt > 0) {
868861
if (ws_pae_supp_initial_key_send(pae_supp) < 0) {
869862
tr_info("EAPOL-Key send failed");
870863
}
871864
}
872-
pae_supp->initial_key_retry_cnt++;
873865

874866
/* Wait time for the authenticator to answer the last re-transmit expires;
875867
fails authentication */
876-
if (pae_supp->initial_key_retry_cnt > INITIAL_KEY_RETRY_COUNT) {
868+
if (pae_supp->initial_key_retry_cnt == 0) {
877869
ws_pae_supp_authenticate_response(pae_supp, AUTH_RESULT_ERR_UNSPEC);
878-
} else if (pae_supp->initial_key_retry_cnt == INITIAL_KEY_RETRY_COUNT) {
879-
// Starts wait time for the authenticator to answer
880-
tr_info("Initial EAPOL-Key wait for last re-transmit answer");
881-
ws_pae_supp_initial_last_interval_trickle_timer_start(pae_supp);
870+
} else {
871+
if (pae_supp->initial_key_retry_cnt > 0) {
872+
pae_supp->initial_key_retry_cnt--;
873+
}
874+
if (pae_supp->initial_key_retry_cnt == 0) {
875+
// Starts wait time for the authenticator to answer
876+
tr_info("Initial EAPOL-Key wait for last re-transmit answer");
877+
ws_pae_supp_initial_last_interval_trickle_timer_start(pae_supp);
878+
}
882879
}
883880
}
884881

@@ -947,7 +944,7 @@ static void ws_pae_supp_initial_trickle_timer_start(pae_supp_t *pae_supp)
947944
trickle_start(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
948945
tr_info("Initial EAPOL-Key trickle I: [%i,%i] %i, t: %i", pae_supp->auth_trickle_params.Imin, pae_supp->auth_trickle_params.Imax, pae_supp->auth_trickle_timer.I, pae_supp->auth_trickle_timer.t);
949946
pae_supp->auth_trickle_running = true;
950-
pae_supp->initial_key_retry_cnt = 0;
947+
pae_supp->initial_key_retry_cnt = INITIAL_KEY_RETRY_COUNT;
951948
}
952949

953950
static void ws_pae_supp_initial_last_interval_trickle_timer_start(pae_supp_t *pae_supp)
@@ -962,6 +959,21 @@ static void ws_pae_supp_initial_last_interval_trickle_timer_start(pae_supp_t *pa
962959
tr_info("Initial EAPOL-Key trickle I: [%i,%i] %i, t: %i", pae_supp->auth_trickle_params.Imin, pae_supp->auth_trickle_params.Imax, pae_supp->auth_trickle_timer.I, pae_supp->auth_trickle_timer.t);
963960
}
964961

962+
static void ws_pae_supp_initial_key_update_trickle_timer_start(pae_supp_t *pae_supp, uint8_t timer_expirations)
963+
{
964+
// Starts trickle for the key update
965+
pae_supp->auth_trickle_params.Imin = pae_supp->timer_settings->gtk_request_imin;
966+
pae_supp->auth_trickle_params.Imax = pae_supp->timer_settings->gtk_request_imax;
967+
pae_supp->auth_trickle_params.k = 0;
968+
pae_supp->auth_trickle_params.TimerExpirations = timer_expirations;
969+
970+
trickle_start(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
971+
tr_info("Initial EAPOL-Key trickle I: [%i,%i] %i, t: %i", pae_supp->auth_trickle_params.Imin, pae_supp->auth_trickle_params.Imax, pae_supp->auth_trickle_timer.I, pae_supp->auth_trickle_timer.t);
972+
pae_supp->initial_key_retry_timer = NONE_INITIAL_KEY_RETRY_TIMER; // 0 seconds
973+
pae_supp->auth_trickle_running = true;
974+
pae_supp->initial_key_retry_cnt = timer_expirations;
975+
}
976+
965977
static int8_t ws_pae_supp_timer_if_start(kmp_service_t *service, kmp_api_t *kmp)
966978
{
967979
pae_supp_t *pae_supp = ws_pae_supp_by_kmp_service_get(service);

0 commit comments

Comments
 (0)