Corrected initial EAPOL-key trickle retries

Mika Leppänen · Mika Leppänen · commit 73506346ca24 · 2020-01-10T11:50:10.000+02:00
Minimum interval for first retry is now always at least 5 minutes
and maximum can be 60 minutes on very slow network.

Decreased number of retries from three to two to keep the time
taken by the sequence roughly the same as before (previously
sequence took about 15 to 20 minutes).

After the last retry, the supplicant now waits for 2 to 4 minutes
for authenticator to answer and not the expiry of last interval
as before.

For default network sizes, the I interval is from 6 to 12 minutes.
There is also initial delay of 2 minutes before the first retry
to ensure that the first retry happens at minimum at 5 minutes.
This results that the first retry happens at 5 (2 + 3) to 14 (2 + 12)
minutes after the initial attempt, and the second retry at 6 to
12 minutes from the first expiry of interval. The whole sequence
(with 2 to 4 minutes wait after the last retry) takes on minimum
16 minutes and on maximum 30 minutes.

On very slow networks, the I interval is from 10 to 60 minutes. This
results that the first retry happens at 5 to 60 minutes after the
initial attempt (there is no initial delay), and the second retry
at 10 to 60 minutes from the first expiry of interval. The whole
sequence (with 2 to 4 minutes wait after the last retry) takes on
minimum 22 minutes and on maximum 124 minutes.
diff --git a/source/6LoWPAN/ws/ws_pae_supp.c b/source/6LoWPAN/ws/ws_pae_supp.c
@@ -91,13 +91,15 @@ typedef struct {
     supp_entry_t entry;                                    /**< Supplicant data */
     kmp_addr_t target_addr;                                /**< EAPOL target (parent) address */
     uint16_t initial_key_timer;                            /**< Timer to trigger initial EAPOL-Key */
+    uint16_t initial_key_retry_timer;                      /**< Timer to trigger initial EAPOL-Key 1st retry */
     trickle_t auth_trickle_timer;                          /**< Trickle timer for re-sending initial EAPOL-key or for GTK mismatch */
     trickle_params_t auth_trickle_params;                  /**< Trickle parameters for initial EAPOL-key or for GTK mismatch */
     sec_prot_gtk_keys_t gtks;                              /**< GTKs */
     uint8_t new_br_eui_64[8];                              /**< Border router EUI-64 indicated by bootstrap */
     sec_prot_keys_nw_info_t sec_keys_nw_info;              /**< Security keys network information */
     timer_settings_t *timer_settings;                      /**< Timer settings */
     uint8_t nw_keys_used_cnt;                              /**< How many times bootstrap has been tried with current keys */
+    uint8_t initial_key_retry_cnt;                         /**< initial EAPOL-Key retry counter */
     bool auth_trickle_running : 1;                         /**< Initial EAPOL-Key Trickle timer running */
     bool auth_requested : 1;                               /**< Authentication has been requested by the bootstrap */
     bool timer_running : 1;                                /**< Timer is running */
@@ -106,14 +108,30 @@ typedef struct {
     bool entry_address_active: 1;
 } pae_supp_t;
 
+// How many times sending of initial EAPOL-key is retried
+#define INITIAL_KEY_RETRY_COUNT            2
 
-#define TRICKLE_IMIN_180_SECS   180
+// How long the wait is before the first initial EAPOL-key retry
+#define DEFAULT_INITIAL_KEY_RETRY_TIMER    120
+#define NONE_INITIAL_KEY_RETRY_TIMER       0
+
+// Default trickle values for sending of initial EAPOL-key
+#define DEFAULT_TRICKLE_IMIN_SECS          360   /* 6 to 12 minutes */
+#define DEFAULT_TRICKLE_IMAX_SECS          720
+
+// Very slow network values for sending of initial EAPOL-key
+#define VERY_SLOW_NW_TRICKLE_IMIN_SECS     600   /* 10 to 60 minutes */
+#define VERY_SLOW_NW_TRICKLE_IMAX_SECS     3600
+
+// Trickle timer on how long to wait response after last retry before failing authentication
+#define LAST_INTERVAL_TRICKLE_IMIN_SECS    240   /* 4 minutes */
+#define LAST_INTERVAL_TRICKLE_IMAX_SECS    240
 
 static trickle_params_t initial_eapol_key_trickle_params = {
-    .Imin = TRICKLE_IMIN_180_SECS,          /* 180 second; ticks are 1 second */
-    .Imax = TRICKLE_IMIN_180_SECS << 1,     /* 360 second */
-                                  .k = 0,   /* infinity - no consistency checking */
-                                  .TimerExpirations = 3
+    .Imin = DEFAULT_TRICKLE_IMIN_SECS,    /* 360 second; ticks are 1 second */
+    .Imax = DEFAULT_TRICKLE_IMAX_SECS,    /* 720 second */
+    .k = 0,                               /* infinity - no consistency checking */
+    .TimerExpirations = 2
 };
 
 static void ws_pae_supp_free(pae_supp_t *pae_supp);
@@ -126,6 +144,8 @@ static int8_t ws_pae_supp_nvm_keys_write(pae_supp_t *pae_supp);
 static pae_supp_t *ws_pae_supp_get(protocol_interface_info_entry_t *interface_ptr);
 static int8_t ws_pae_supp_event_send(kmp_service_t *service, void *data);
 static void ws_pae_supp_tasklet_handler(arm_event_s *event);
+static void ws_pae_supp_initial_trickle_timer_start(pae_supp_t *pae_supp);
+static void ws_pae_supp_initial_last_interval_trickle_timer_start(pae_supp_t *pae_supp);
 static int8_t ws_pae_supp_timer_if_start(kmp_service_t *service, kmp_api_t *kmp);
 static int8_t ws_pae_supp_timer_if_stop(kmp_service_t *service, kmp_api_t *kmp);
 static int8_t ws_pae_supp_timer_start(pae_supp_t *pae_supp);
@@ -156,6 +176,7 @@ static const char *KEYS_FILE = KEYS_FILE_NAME;
 
 static int8_t tasklet_id = -1;
 static NS_LIST_DEFINE(pae_supp_list, pae_supp_t, link);
+static uint8_t timing_value = 0; // Timing value set based e.g. on network size
 
 static void ws_pae_supp_address_set(pae_supp_t *pae_supp, kmp_addr_t *address)
 {
@@ -323,14 +344,12 @@ int8_t ws_pae_supp_gtk_hash_update(protocol_interface_info_entry_t *interface_pt
             // Starts trickle
             trickle_start(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
             pae_supp->auth_trickle_running = true;
+            pae_supp->initial_key_retry_timer = 0;
 
             // Starts supplicant timer
             ws_pae_supp_timer_start(pae_supp);
 
             tr_info("GTK update start imin: %i, imax: %i, max mismatch: %i, tr time: %i", pae_supp->timer_settings->gtk_request_imin, pae_supp->timer_settings->gtk_request_imax, pae_supp->timer_settings->gtk_max_mismatch, pae_supp->auth_trickle_timer.t);
-        } else {
-            // If trickle is already running, set inconsistent heard to speed up the trickle
-            trickle_inconsistent_heard(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
         }
     }
 
@@ -597,8 +616,10 @@ int8_t ws_pae_supp_init(protocol_interface_info_entry_t *interface_ptr, const se
     pae_supp->nw_key_insert = NULL;
     pae_supp->nw_key_index_set = NULL;
     pae_supp->initial_key_timer = 0;
+    pae_supp->initial_key_retry_timer = 0;
     pae_supp->nw_keys_used_cnt = 0;
     pae_supp->timer_settings = timer_settings;
+    pae_supp->initial_key_retry_cnt = 0;
     pae_supp->auth_trickle_running = false;
     pae_supp->auth_requested = false;
     pae_supp->timer_running = false;
@@ -702,6 +723,7 @@ int8_t ws_pae_supp_delete(protocol_interface_info_entry_t *interface_ptr)
 
 int8_t ws_pae_supp_timing_adjust(uint8_t timing)
 {
+    timing_value = timing;
     supp_fwh_sec_prot_timing_adjust(timing);
     supp_eap_sec_prot_timing_adjust(timing);
     return 0;
@@ -817,14 +839,38 @@ void ws_pae_supp_slow_timer(uint16_t seconds)
 
         // Checks whether initial EAPOL-Key message needs to be re-send or new GTK request to be sent
         if (pae_supp->auth_trickle_running) {
-            if (trickle_timer(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params, seconds)) {
-                if (ws_pae_supp_initial_key_send(pae_supp) < 0) {
-                    tr_info("EAPOL-Key send failed");
+            if (pae_supp->initial_key_retry_timer > 0) {
+                if (pae_supp->initial_key_retry_timer > seconds) {
+                    pae_supp->initial_key_retry_timer -= seconds;
+                } else {
+                    pae_supp->initial_key_retry_timer = 0;
+                    tr_info("initial key retry timer expired");
+                }
+            } else {
+                // Checks if trickle timer expires
+                if (trickle_timer(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params, seconds)) {
+                    if (pae_supp->initial_key_retry_cnt < INITIAL_KEY_RETRY_COUNT) {
+                        if (ws_pae_supp_initial_key_send(pae_supp) < 0) {
+                            tr_info("EAPOL-Key send failed");
+                        }
+                    }
+                    pae_supp->initial_key_retry_cnt++;
+
+                    /* Wait time for the authenticator to answer the last re-transmit expires;
+                       fails authentication */
+                    if (pae_supp->initial_key_retry_cnt > INITIAL_KEY_RETRY_COUNT) {
+                        ws_pae_supp_authenticate_response(pae_supp, AUTH_RESULT_ERR_UNSPEC);
+                    } else if (pae_supp->initial_key_retry_cnt == INITIAL_KEY_RETRY_COUNT) {
+                        // Starts wait time for the authenticator to answer
+                        tr_info("Initial EAPOL-Key wait for last re-transmit answer");
+                        ws_pae_supp_initial_last_interval_trickle_timer_start(pae_supp);
+                    }
+                }
+
+                // Sanity check, should be running until authentication failure
+                if (!trickle_running(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params)) {
+                    ws_pae_supp_authenticate_response(pae_supp, AUTH_RESULT_ERR_UNSPEC);
                 }
-            }
-            // Maximum number of trickle expires, authentication fails
-            if (!trickle_running(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params)) {
-                ws_pae_supp_authenticate_response(pae_supp, AUTH_RESULT_ERR_UNSPEC);
             }
         }
 
@@ -846,16 +892,61 @@ void ws_pae_supp_slow_timer(uint16_t seconds)
                 if (ws_pae_supp_initial_key_send(pae_supp) < 0) {
                     tr_info("EAPOL-Key send failed");
                 }
-
-                // Starts trickle
-                pae_supp->auth_trickle_params = initial_eapol_key_trickle_params;
-                trickle_start(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
-                pae_supp->auth_trickle_running = true;
+                // Start trickle timer
+                ws_pae_supp_initial_trickle_timer_start(pae_supp);
             }
         }
     }
 }
 
+static void ws_pae_supp_initial_trickle_timer_start(pae_supp_t *pae_supp)
+{
+    pae_supp->auth_trickle_params = initial_eapol_key_trickle_params;
+
+    // Very fast, medium and slow network
+    if (timing_value < 25) {
+        /* Starts trickle for initial EAPOL-key. Sequence has fixed delay of 2 minutes,
+         * one re-transmit interval, last re-transmit interval transmit time and a wait time
+         * for the authenticator to answer the last re-transmit.
+         *
+         * Interval I [6,12] minutes. Sequence:
+         *
+         * fixed 2 minutes delay + I + last I transmit time t + wait for answer [2,4] minutes
+         *
+         * There are two retries. Minimum time that sequence takes before authentication failure
+         * is 16 minutes and maximum is 30 minutes.
+         */
+        pae_supp->initial_key_retry_timer = DEFAULT_INITIAL_KEY_RETRY_TIMER; // 2 minutes
+    } else {
+        /* Extremely slow network
+         *
+         * Starts trickle for initial EAPOL-key, Interval I [10,60] minutes. Sequence:
+         * I + last I transmit time t + wait for answer [2,4] minutes
+         * There are two retries. Minimum time that sequence takes before authentication failure
+         * is 22 minutes and maximum is 124 minutes.
+         */
+        pae_supp->auth_trickle_params.Imin = VERY_SLOW_NW_TRICKLE_IMIN_SECS;
+        pae_supp->auth_trickle_params.Imax = VERY_SLOW_NW_TRICKLE_IMAX_SECS;
+        pae_supp->initial_key_retry_timer = NONE_INITIAL_KEY_RETRY_TIMER; // 0 seconds
+    }
+    trickle_start(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
+    tr_info("Initial EAPOL-Key trickle I: [%i,%i] %i, t: %i", pae_supp->auth_trickle_params.Imin, pae_supp->auth_trickle_params.Imax, pae_supp->auth_trickle_timer.I, pae_supp->auth_trickle_timer.t);
+    pae_supp->auth_trickle_running = true;
+    pae_supp->initial_key_retry_cnt = 0;
+}
+
+static void ws_pae_supp_initial_last_interval_trickle_timer_start(pae_supp_t *pae_supp)
+{
+    // Starts trickle last to wait response after last retry before failing authentication
+    pae_supp->auth_trickle_params = initial_eapol_key_trickle_params;
+    pae_supp->auth_trickle_params.Imin = LAST_INTERVAL_TRICKLE_IMIN_SECS;
+    pae_supp->auth_trickle_params.Imax = LAST_INTERVAL_TRICKLE_IMAX_SECS;
+    pae_supp->auth_trickle_params.TimerExpirations = 1;
+    // Set I to [iMin,iMax] (4 to 4 minutes) -> t is [I/2 - I] (2 minutes to 4 minutes)
+    trickle_start(&pae_supp->auth_trickle_timer, &pae_supp->auth_trickle_params);
+    tr_info("Initial EAPOL-Key trickle I: [%i,%i] %i, t: %i", pae_supp->auth_trickle_params.Imin, pae_supp->auth_trickle_params.Imax, pae_supp->auth_trickle_timer.I, pae_supp->auth_trickle_timer.t);
+}
+
 static int8_t ws_pae_supp_timer_if_start(kmp_service_t *service, kmp_api_t *kmp)
 {
     pae_supp_t *pae_supp = ws_pae_supp_by_kmp_service_get(service);
