Skip to content

Commit bff9c6e

Browse files
author
Mika Leppänen
committed
Previous BR EUI-64 is now used on second authentication attempt
If EAP-TLS is succesful and 4WH fails, the BR EUI-64 received on EAP-TLS is not used on second attempt initial EAPOL-Key PMKID generation.
1 parent a2019f4 commit bff9c6e

File tree

1 file changed

+18
-5
lines changed

1 file changed

+18
-5
lines changed

source/6LoWPAN/ws/ws_pae_supp.c

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,7 @@ typedef struct {
105105
bool auth_requested : 1; /**< Authentication has been requested */
106106
bool timer_running : 1; /**< Timer is running */
107107
bool new_br_eui_64_set : 1; /**< Border router address has been set */
108+
bool new_br_eui_64_fresh : 1; /**< Border router address is fresh (set during this authentication attempt) */
108109
} pae_supp_t;
109110

110111

@@ -179,7 +180,7 @@ int8_t ws_pae_supp_authenticate(protocol_interface_info_entry_t *interface_ptr,
179180
pae_supp->sec_keys_nw_info.key_pan_id = dest_pan_id;
180181

181182
// Prepare to receive new border router address
182-
pae_supp->new_br_eui_64_set = false;
183+
pae_supp->new_br_eui_64_fresh = false;
183184

184185
// Stores target/parent address
185186
kmp_address_init(KMP_ADDR_EUI_64, &pae_supp->target_addr, dest_eui_64);
@@ -231,6 +232,7 @@ int8_t ws_pae_supp_border_router_addr_write(protocol_interface_info_entry_t *int
231232

232233
memcpy(pae_supp->new_br_eui_64, eui_64, 8);
233234
pae_supp->new_br_eui_64_set = true;
235+
pae_supp->new_br_eui_64_fresh = true;
234236

235237
return 0;
236238
}
@@ -533,9 +535,13 @@ int8_t ws_pae_supp_init(protocol_interface_info_entry_t *interface_ptr, const se
533535
pae_supp->nw_key_insert = NULL;
534536
pae_supp->nw_key_index_set = NULL;
535537
pae_supp->initial_key_timer = 0;
536-
pae_supp->auth_trickle_running = false;
537538
pae_supp->nw_keys_used_cnt = 0;
538539
pae_supp->timer_settings = timer_settings;
540+
pae_supp->auth_trickle_running = false;
541+
pae_supp->auth_requested = false;
542+
pae_supp->timer_running = false;
543+
pae_supp->new_br_eui_64_set = false;
544+
pae_supp->new_br_eui_64_fresh = false;
539545

540546
ws_pae_lib_supp_init(&pae_supp->entry);
541547

@@ -895,15 +901,22 @@ static void ws_pae_supp_kmp_service_addr_get(kmp_service_t *service, kmp_api_t *
895901
kmp_address_eui_64_set(local_addr, mac_params.mac_long);
896902
}
897903

898-
if (pae_supp->new_br_eui_64_set) {
904+
// BR address has been received during authentication attempt
905+
if (pae_supp->new_br_eui_64_fresh) {
899906
kmp_address_eui_64_set(remote_addr, pae_supp->new_br_eui_64);
900907
} else {
901908
uint8_t *eui_64 = sec_prot_keys_ptk_eui_64_get(&pae_supp->entry.sec_keys);
909+
// BR address is set on security keys (confirmed using 4WH)
902910
if (eui_64) {
903911
kmp_address_eui_64_set(remote_addr, eui_64);
904912
} else {
905-
memset(remote_addr, 0, 8);
906-
tr_error("No border router EUI-64");
913+
// For initial EAPOL key, if BR address has been received during previous attempt, generate PMKID using it
914+
if (pae_supp->new_br_eui_64_set && kmp_api_type_get(kmp) >= IEEE_802_1X_INITIAL_KEY) {
915+
kmp_address_eui_64_set(remote_addr, pae_supp->new_br_eui_64);
916+
} else {
917+
memset(remote_addr, 0, 8);
918+
tr_error("No border router EUI-64");
919+
}
907920
}
908921
}
909922
}

0 commit comments

Comments
 (0)