Moved EAPOL relay port and IP address configuration to bootstrap

Modified EAPOL relay components (EAPOL relay, authenticator EAPOL relay
KMP socket if, PAE authenticator) so that ports for different
entities are configured by bootstrap. Also IP addresses for authenticator
EAPOL relay and PAE KMP socket interface are now configurable
(ready to be in different IP addresses)

Removed security key setting from boostrap also in case PAE flags
are not defined. In that case PEA controller inserts the security
keys without security negotiations.

Added and corrected comments on modules.

Author: Mika Leppänen

source/6LoWPAN/ws/ws_bootstrap.c

@@ -65,7 +65,7 @@
 #include "6LoWPAN/ws/ws_pae_controller.h"
 #include "6LoWPAN/ws/ws_eapol_pdu.h"
 #include "6LoWPAN/ws/ws_eapol_auth_relay.h"
-#include "ws_eapol_relay.h"
+#include "6LoWPAN/ws/ws_eapol_relay.h"
 
 #define TRACE_GROUP "wsbs"
 
@@ -92,13 +92,8 @@ static uint16_t ws_bootstrap_routing_cost_calculate(protocol_interface_info_entr
 static uint16_t ws_bootstrap_rank_get(protocol_interface_info_entry_t *cur);
 static uint16_t ws_bootstrap_min_rank_inc_get(protocol_interface_info_entry_t *cur);
 
-#if !defined(HAVE_PAE_SUPP) && !defined(HAVE_PAE_AUTH)
-static void ws_bootstrap_set_test_key(protocol_interface_info_entry_t *cur);
-#else
-#define ws_bootstrap_set_test_key(cur)
-#endif
-static void ws_bootstrap_key_insert(uint8_t gtk_index, uint8_t *gtk, protocol_interface_info_entry_t *cur);
-static void ws_bootstrap_authentication_completed(bool success, protocol_interface_info_entry_t *cur);
+static void ws_bootstrap_key_insert(protocol_interface_info_entry_t *cur, uint8_t gtk_index, uint8_t *gtk);
+static void ws_bootstrap_authentication_completed(protocol_interface_info_entry_t *cur, bool success);
 
 mac_neighbor_table_entry_t *ws_bootstrap_mac_neighbor_add(struct protocol_interface_info_entry *interface, const uint8_t *src64)
 
@@ -1588,7 +1583,8 @@ static void ws_bootstrap_rpl_callback(rpl_event_t event, void *handle)
             dhcp_relay_agent_enable(cur->id, dodag_info.dodag_id);
 
             tr_debug("Start EAPOL relay");
-            ws_eapol_relay_start(cur, dodag_info.dodag_id, 10253);
+            // Set both own port and border router port to 10253
+            ws_eapol_relay_start(cur, EAPOL_RELAY_SOCKET_PORT, dodag_info.dodag_id, EAPOL_RELAY_SOCKET_PORT);
         }
 
         ws_set_fhss_hop(cur);
@@ -1756,7 +1752,7 @@ static void ws_bootstrap_start_authentication(protocol_interface_info_entry_t *c
 }
 
 
-static void ws_bootstrap_key_insert(uint8_t gtk_index, uint8_t *gtk, protocol_interface_info_entry_t *cur)
+static void ws_bootstrap_key_insert(protocol_interface_info_entry_t *cur, uint8_t gtk_index, uint8_t *gtk)
 {
     // Convert GTK to Group AES Key (GAK)
 
@@ -1769,12 +1765,10 @@ static void ws_bootstrap_key_insert(uint8_t gtk_index, uint8_t *gtk, protocol_in
     mac_helper_security_default_key_set(cur, gtk, gtk_index + 1, MAC_KEY_ID_MODE_IDX);
 }
 
-static void ws_bootstrap_authentication_completed(bool success, protocol_interface_info_entry_t *cur)
+static void ws_bootstrap_authentication_completed(protocol_interface_info_entry_t *cur, bool success)
 {
     if (success) {
         tr_debug("authentication success");
-        ws_bootstrap_set_test_key(cur);
-
         ws_bootstrap_event_configuration_start(cur);
     } else {
         tr_debug("authentication failed");
@@ -2002,21 +1996,6 @@ static bool ws_bootstrap_address_registration_ongoing(protocol_interface_info_en
     return false;
 }
 
-#if !defined(HAVE_PAE_SUPP) && !defined(HAVE_PAE_AUTH)
-static void ws_bootstrap_set_test_key(protocol_interface_info_entry_t *cur)
-{
-    uint8_t key_material[16];
-    for (int i = 0; i < 16; i++) {
-        key_material[i] = 0xcf - i;
-    }
-    mac_helper_security_key_clean(cur);
-    mac_helper_default_security_level_set(cur, AES_SECURITY_LEVEL_ENC_MIC64);
-    mac_helper_default_security_key_id_mode_set(cur, MAC_KEY_ID_MODE_IDX);
-    //Set Keys
-    mac_helper_security_default_key_set(cur, key_material, 1, MAC_KEY_ID_MODE_IDX);
-}
-#endif
-
 static void ws_bootstrap_event_handler(arm_event_s *event)
 {
     ws_bootsrap_event_type_e event_type;
@@ -2057,13 +2036,19 @@ static void ws_bootstrap_event_handler(arm_event_s *event)
                 // Set default parameters for FHSS when starting a discovery
                 ws_fhss_border_router_configure(cur);
                 ws_bootstrap_fhss_activate(cur);
-                ws_bootstrap_set_test_key(cur);
                 ws_bootstrap_event_operation_start(cur);
 
-                ws_eapol_relay_start(cur, 0, 10255);
-                ws_eapol_auth_relay_start(cur);
+                uint8_t ll_addr[16];
+                addr_interface_get_ll_address(cur, ll_addr, 1);
+
+                // Set EAPOL relay to port 10255 and authenticator relay to 10253 (and to own ll address)
+                ws_eapol_relay_start(cur, BR_EAPOL_RELAY_SOCKET_PORT, ll_addr, EAPOL_RELAY_SOCKET_PORT);
+
+                // Set authenticator relay to port 10253 and PAE to 10254 (and to own ll address)
+                ws_eapol_auth_relay_start(cur, EAPOL_RELAY_SOCKET_PORT, ll_addr, PAE_AUTH_SOCKET_PORT);
 
-                ws_pae_controller_authenticator_start(cur);
+                // Set PAE port to 10254 and authenticator relay to 10253 (and to own ll address)
+                ws_pae_controller_authenticator_start(cur, PAE_AUTH_SOCKET_PORT, ll_addr, EAPOL_RELAY_SOCKET_PORT);
                 break;
             }
             // Configure LLC for network discovery

source/6LoWPAN/ws/ws_common_defines.h

@@ -227,5 +227,11 @@ typedef struct ws_bs_ie {
 #define WS_FHSS_BC_INTERVAL           1020;
 #define WS_FHSS_BC_DWELL_INTERVAL     255;
 
+/*
+ * EAPOL relay and PAE authenticator socket settings
+ */
+#define EAPOL_RELAY_SOCKET_PORT               10253
+#define BR_EAPOL_RELAY_SOCKET_PORT            10255
+#define PAE_AUTH_SOCKET_PORT                  10254
 
 #endif /* WS_COMMON_DEFINES_H_ */

source/6LoWPAN/ws/ws_eapol_auth_relay.c

@@ -38,28 +38,30 @@
 #ifdef HAVE_WS
 #ifdef HAVE_PAE_AUTH
 
-#define TRACE_GROUP "earl"
+#define TRACE_GROUP "wsar"
 
 typedef struct {
     protocol_interface_info_entry_t *interface_ptr;         /**< Interface pointer */
+    ns_address_t remote_addr;                               /**< Remote address and port */
+    ns_address_t relay_addr;                                /**< Relay address */
     int8_t socket_id;                                       /**< Socket ID for relay */
     ns_list_link_t link;                                    /**< Link */
 } eapol_auth_relay_t;
 
 static eapol_auth_relay_t *ws_eapol_auth_relay_get(protocol_interface_info_entry_t *interface_ptr);
 static void ws_eapol_auth_relay_socket_cb(void *cb);
-static int8_t ws_eapol_auth_relay_send_to_kmp(const eapol_auth_relay_t *eapol_auth_relay, const uint8_t *eui_64, const uint8_t *ip_addr, uint16_t port, const void *data, uint16_t data_len);
+static int8_t ws_eapol_auth_relay_send_to_kmp(eapol_auth_relay_t *eapol_auth_relay, const uint8_t *eui_64, const uint8_t *ip_addr, uint16_t port, const void *data, uint16_t data_len);
 
 static NS_LIST_DEFINE(eapol_auth_relay_list, eapol_auth_relay_t, link);
 
-int8_t ws_eapol_auth_relay_start(protocol_interface_info_entry_t *interface_ptr)
+int8_t ws_eapol_auth_relay_start(protocol_interface_info_entry_t *interface_ptr, uint16_t local_port, const uint8_t *remote_addr, uint16_t remote_port)
 {
-    if (!interface_ptr) {
+    if (!interface_ptr || !remote_addr) {
         return -1;
     }
 
     if (ws_eapol_auth_relay_get(interface_ptr)) {
-        return -1;
+        return 0;
     }
 
     eapol_auth_relay_t *eapol_auth_relay = ns_dyn_mem_alloc(sizeof(eapol_auth_relay_t));
@@ -68,7 +70,12 @@ int8_t ws_eapol_auth_relay_start(protocol_interface_info_entry_t *interface_ptr)
     }
 
     eapol_auth_relay->interface_ptr = interface_ptr;
-    eapol_auth_relay->socket_id = socket_open(IPV6_NH_UDP, 10253, &ws_eapol_auth_relay_socket_cb);
+
+    eapol_auth_relay->remote_addr.type = ADDRESS_IPV6;
+    memcpy(&eapol_auth_relay->relay_addr.address, remote_addr, 16);
+    eapol_auth_relay->relay_addr.identifier = remote_port;
+
+    eapol_auth_relay->socket_id = socket_open(IPV6_NH_UDP, local_port, &ws_eapol_auth_relay_socket_cb);
     if (eapol_auth_relay->socket_id < 0) {
         ns_dyn_mem_free(eapol_auth_relay);
         return -1;
@@ -143,18 +150,19 @@ static void ws_eapol_auth_relay_socket_cb(void *cb)
     }
 
     // Message from source port 10254 (KMP service) -> to IP relay on node or on authenticator
-    if (src_addr.identifier == 10254) {
+    if (src_addr.identifier == eapol_auth_relay->relay_addr.identifier) {
         uint8_t *ptr = socket_pdu;
-        uint8_t *relay_ip_addr, *eui_64;
-        uint16_t relay_port;
-        relay_ip_addr = ptr;
+        uint8_t *eui_64;
+        ns_address_t relay_ip_addr;
+        relay_ip_addr.type = ADDRESS_IPV6;
+        memcpy(relay_ip_addr.address, ptr, 16);
         ptr += 16;
-        relay_port = common_read_16_bit(ptr);
+        relay_ip_addr.identifier = common_read_16_bit(ptr);
         ptr += 2;
         eui_64 = ptr;
         ptr += 8;
         uint16_t data_len = cb_data->d_len - 26;
-        ws_eapol_relay_lib_send_to_relay(eapol_auth_relay->socket_id, eui_64, relay_ip_addr, relay_port,
+        ws_eapol_relay_lib_send_to_relay(eapol_auth_relay->socket_id, eui_64, &relay_ip_addr,
             ptr, data_len);
         ns_dyn_mem_free(socket_pdu);
     // Other source port (either 10253 or node relay source port) -> to KMP service
@@ -166,13 +174,9 @@ static void ws_eapol_auth_relay_socket_cb(void *cb)
     }
 }
 
-static int8_t ws_eapol_auth_relay_send_to_kmp(const eapol_auth_relay_t *eapol_auth_relay, const uint8_t *eui_64, const uint8_t *ip_addr, uint16_t port, const void *data, uint16_t data_len)
+static int8_t ws_eapol_auth_relay_send_to_kmp(eapol_auth_relay_t *eapol_auth_relay, const uint8_t *eui_64, const uint8_t *ip_addr, uint16_t port, const void *data, uint16_t data_len)
 {
-    ns_address_t dest_addr;
-
-    if (ws_eapol_relay_lib_ll_address_get(eapol_auth_relay->interface_ptr, &dest_addr) < 0) {
-        return -1;
-    }
+    ns_address_t dest_addr = eapol_auth_relay->relay_addr;
 
     uint8_t temp_array[26];
     ns_iovec_t msg_iov[2];

source/6LoWPAN/ws/ws_eapol_auth_relay.h

@@ -20,12 +20,43 @@
 
 #ifdef HAVE_PAE_AUTH
 
-int8_t ws_eapol_auth_relay_start(protocol_interface_info_entry_t *interface_ptr);
+/*
+ * EAPOL authenticator relay acts as a proxy between EAPOL UDP relay and
+ * authenticator PAE (KMP service). Relay is bound by default to EAPOL UDP
+ * relay port 10253 (set by local port parameter) and transfers messages
+ * to/from authenticator PAE. As default PAE is bound to UDP port 10254
+ * (set by remote address and port parameters).
+ *
+ */
+
+/**
+ * ws_eapol_auth_relay_start start authenticator relay
+ *
+ * \param interface_ptr interface
+ * \param local_port local port
+ * \param remote_addr remote address
+ * \param remote_port remote port
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_eapol_auth_relay_start(protocol_interface_info_entry_t *interface_ptr, uint16_t local_port, const uint8_t *remote_addr, uint16_t remote_port);
+
+/**
+ *  ws_eapol_auth_relay_delete delete authenticator relay
+ *
+ * \param interface_ptr interface
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
 int8_t ws_eapol_auth_relay_delete(protocol_interface_info_entry_t *interface_ptr);
 
 #else
 
-#define ws_eapol_auth_relay_start(interface_ptr)
+#define ws_eapol_auth_relay_start(interface_ptr, local_port, remote_addr, remote_port)
 #define ws_eapol_auth_relay_delete(interface_ptr)
 
 #endif

source/6LoWPAN/ws/ws_eapol_pdu.c

@@ -34,7 +34,7 @@
 
 #ifdef HAVE_WS
 
-#define TRACE_GROUP "wsepdu"
+#define TRACE_GROUP "wsep"
 
 typedef struct {
     uint8_t handle;
@@ -79,7 +79,7 @@ int8_t ws_eapol_pdu_init(protocol_interface_info_entry_t *interface_ptr)
     }
 
     if (ws_eapol_pdu_data_get(interface_ptr) != NULL) {
-        return -1;
+        return 0;
     }
 
     eapol_pdu_data_t *eapol_pdu_data = ns_dyn_mem_alloc(sizeof(eapol_pdu_data_t));
@@ -180,7 +180,7 @@ int8_t ws_eapol_pdu_cb_unregister(protocol_interface_info_entry_t *interface_ptr
     return -1;
 }
 
-int8_t ws_eapol_pdu_send_to_mpx(protocol_interface_info_entry_t *interface_ptr, const uint8_t *eui_64, void *data, uint16_t data_len, void *buffer)
+int8_t ws_eapol_pdu_send_to_mpx(protocol_interface_info_entry_t *interface_ptr, const uint8_t *eui_64, void *data, uint16_t size, void *buffer)
 {
     eapol_pdu_data_t *eapol_pdu_data = ws_eapol_pdu_data_get(interface_ptr);
 
@@ -193,7 +193,6 @@ int8_t ws_eapol_pdu_send_to_mpx(protocol_interface_info_entry_t *interface_ptr,
 
     eapol_pdu_msdu_t *msdu_entry = ns_dyn_mem_temporary_alloc(sizeof(eapol_pdu_msdu_t));
     if (!msdu_entry) {
-       ns_dyn_mem_free(buffer);
        return -1;
     }
     msdu_entry->data_ptr = data;
@@ -203,7 +202,7 @@ int8_t ws_eapol_pdu_send_to_mpx(protocol_interface_info_entry_t *interface_ptr,
 
     memcpy(data_request.DstAddr, eui_64, 8);
     data_request.msdu = data;
-    data_request.msduLength = data_len;
+    data_request.msduLength = size;
 
     eapol_pdu_data->mpx_api->mpx_data_request(eapol_pdu_data->mpx_api, &data_request, eapol_pdu_data->mpx_user_id);
     return 0;