Improved initial EAPOL-key send stop logic on supplicant

Mika Leppänen · Mika Leppänen · commit 7717ef8c6060 · 2020-02-11T10:54:03.000+02:00
Previously, during bootstrap authentication and on key update, any
incoming KMP halted the supplicant from sending the initial
EAPOL-key message to authenticator.

Now the functionality is changed so that only accepted incoming KMPs
(e.g. valid EAP-TLS identity requests) halt the sending of
initial EAPOL-key messages. Ignored KMPs do not halt the sending.
diff --git a/source/6LoWPAN/ws/ws_pae_supp.c b/source/6LoWPAN/ws/ws_pae_supp.c
@@ -1175,9 +1175,6 @@ static kmp_api_t *ws_pae_supp_kmp_incoming_ind(kmp_service_t *service, kmp_type_
         return NULL;
     }
 
-    // No longer runs trickle timer for re-sending initial EAPOL-key
-    pae_supp->auth_trickle_running = false;
-
     // Updates parent address
     kmp_address_copy(&pae_supp->entry.addr, addr);
 
@@ -1271,6 +1268,15 @@ static void ws_pae_supp_kmp_api_create_indication(kmp_api_t *kmp, kmp_type_e typ
     (void) addr;
     (void) type;
 
+    kmp_service_t *service = kmp_api_service_get(kmp);
+    pae_supp_t *pae_supp = ws_pae_supp_by_kmp_service_get(service);
+    if (!pae_supp) {
+        return;
+    }
+
+    // Incoming KMP protocol has started, no longer runs trickle timer for re-sending EAPOL-key message
+    pae_supp->auth_trickle_running = false;
+
     // For now, accept every KMP-CREATE.indication
     kmp_api_create_response(kmp, KMP_RESULT_OK);
 }
