When network name or PAN ID is changed authenticator updates MAC keys

Mika Leppänen · Mika Leppänen · commit da732bc28e8c · 2020-04-14T11:53:58.000+03:00
diff --git a/source/6LoWPAN/ws/ws_pae_auth.c b/source/6LoWPAN/ws/ws_pae_auth.c
@@ -76,10 +76,13 @@
 
 typedef struct {
     ns_list_link_t link;                                     /**< Link */
+    uint16_t pan_id;                                         /**< PAN ID */
+    char network_name[33];                                   /**< Network name */
     kmp_service_t *kmp_service;                              /**< KMP service */
     protocol_interface_info_entry_t *interface_ptr;          /**< Interface pointer */
     ws_pae_auth_gtk_hash_set *hash_set;                      /**< GTK hash set callback */
     ws_pae_auth_nw_key_insert *nw_key_insert;                /**< Key insert callback */
+    ws_pae_auth_nw_keys_remove *nw_keys_remove;              /**< Network keys remove callback */
     ws_pae_auth_nw_key_index_set *nw_key_index_set;          /**< Key index set callback */
     supp_list_t active_supp_list;                            /**< List of active supplicants */
     supp_list_t inactive_supp_list;                          /**< List of inactive supplicants */
@@ -140,13 +143,17 @@ int8_t ws_pae_auth_init(protocol_interface_info_entry_t *interface_ptr, sec_prot
         return -1;
     }
 
+
+    memset(&pae_auth->network_name, 0, 33);
+    pae_auth->pan_id = 0xffff;
     pae_auth->interface_ptr = interface_ptr;
     ws_pae_lib_supp_list_init(&pae_auth->active_supp_list);
     ws_pae_lib_supp_list_init(&pae_auth->inactive_supp_list);
     pae_auth->timer = NULL;
 
     pae_auth->hash_set = NULL;
     pae_auth->nw_key_insert = NULL;
+    pae_auth->nw_keys_remove = NULL;
     pae_auth->nw_key_index_set = NULL;
 
     pae_auth->gtks = gtks;
@@ -254,7 +261,7 @@ int8_t ws_pae_auth_delete(protocol_interface_info_entry_t *interface_ptr)
     return 0;
 }
 
-void ws_pae_auth_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_auth_gtk_hash_set *hash_set, ws_pae_auth_nw_key_insert *nw_key_insert, ws_pae_auth_nw_key_index_set *nw_key_index_set)
+void ws_pae_auth_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_auth_gtk_hash_set *hash_set, ws_pae_auth_nw_key_insert *nw_key_insert, ws_pae_auth_nw_key_index_set *nw_key_index_set, ws_pae_auth_nw_keys_remove *nw_keys_remove)
 {
     if (!interface_ptr) {
         return;
@@ -268,6 +275,7 @@ void ws_pae_auth_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_
     pae_auth->hash_set = hash_set;
     pae_auth->nw_key_insert = nw_key_insert;
     pae_auth->nw_key_index_set = nw_key_index_set;
+    pae_auth->nw_keys_remove = nw_keys_remove;
 }
 
 void ws_pae_auth_start(protocol_interface_info_entry_t *interface_ptr)
@@ -455,6 +463,48 @@ void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr)
     ws_pae_lib_supp_list_purge(&pae_auth->active_supp_list, &pae_auth->inactive_supp_list, 0, SUPPLICANT_NUMBER_TO_PURGE);
 }
 
+int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name)
+{
+    if (!interface_ptr || !network_name) {
+        return -1;
+    }
+
+    pae_auth_t *pae_auth = ws_pae_auth_get(interface_ptr);
+    if (!pae_auth) {
+        return -1;
+    }
+
+    bool update_keys = false;
+    if (pae_auth->pan_id != 0xffff && pae_auth->pan_id != pan_id) {
+        update_keys = true;
+    }
+    pae_auth->pan_id = pan_id;
+
+    if (strlen((char *) &pae_auth->network_name) > 0 && strcmp((char *) &pae_auth->network_name, network_name) != 0) {
+        update_keys = true;
+    }
+    strcpy((char *) &pae_auth->network_name, network_name);
+
+    if (!update_keys) {
+        return 0;
+    }
+
+    if (pae_auth->nw_keys_remove) {
+        pae_auth->nw_keys_remove(pae_auth->interface_ptr);
+    }
+
+    ws_pae_auth_network_keys_from_gtks_set(pae_auth);
+
+    int8_t index = sec_prot_keys_gtk_status_active_get(pae_auth->gtks);
+    if (index >= 0) {
+        // Sets active key index
+        ws_pae_auth_network_key_index_set(pae_auth, index);
+    }
+
+    return 0;
+}
+
+
 static int8_t ws_pae_auth_network_keys_from_gtks_set(pae_auth_t *pae_auth)
 {
     // Authenticator keys are always fresh
diff --git a/source/6LoWPAN/ws/ws_pae_auth.h b/source/6LoWPAN/ws/ws_pae_auth.h
@@ -168,6 +168,16 @@ int8_t ws_pae_auth_node_limit_set(protocol_interface_info_entry_t *interface_ptr
  */
 void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr);
 
+/**
+ * ws_pae_auth_nw_info_set set network information
+ *
+ * \param interface_ptr interface
+ * \param pan_id PAD ID
+ * \param network_name network name
+ *
+ */
+int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name);
+
 /**
  * ws_pae_auth_gtk_hash_set GTK hash set callback
  *
@@ -189,6 +199,14 @@ typedef void ws_pae_auth_gtk_hash_set(protocol_interface_info_entry_t *interface
  */
 typedef int8_t ws_pae_auth_nw_key_insert(protocol_interface_info_entry_t *interface_ptr, sec_prot_gtk_keys_t *gtks);
 
+/**
+ * ws_pae_auth_nw_keys_remove remove network keys callback
+ *
+ * \param interface_ptr interface
+ *
+ */
+typedef void ws_pae_auth_nw_keys_remove(protocol_interface_info_entry_t *interface_ptr);
+
 /**
  * ws_pae_auth_nw_key_index_set network send key index set callback
  *
@@ -205,20 +223,22 @@ typedef void ws_pae_auth_nw_key_index_set(protocol_interface_info_entry_t *inter
  * \param hash_set GTK hash set callback
  * \param nw_key_insert network key index callback
  * \param nw_key_index_set network send key index callback
+ * \param nw_keys_remove network keys remove callback
  *
  */
-void ws_pae_auth_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_auth_gtk_hash_set *hash_set, ws_pae_auth_nw_key_insert *nw_key_insert, ws_pae_auth_nw_key_index_set *nw_key_index_set);
+void ws_pae_auth_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_auth_gtk_hash_set *hash_set, ws_pae_auth_nw_key_insert *nw_key_insert, ws_pae_auth_nw_key_index_set *nw_key_index_set, ws_pae_auth_nw_keys_remove *nw_keys_remove);
 
 #else
 
 #define ws_pae_auth_init(interface_ptr, gtks, next_gtks, certs, sec_timer_cfg, sec_prot_cfg) 1
 #define ws_pae_auth_timing_adjust(timing)
 #define ws_pae_auth_addresses_set(interface_ptr, local_port, remote_addr, remote_port) 1
 #define ws_pae_auth_delete NULL
-#define ws_pae_auth_cb_register(interface_ptr, hash_set, nw_key_insert, nw_key_index_set) {(void) hash_set;}
+#define ws_pae_auth_cb_register(interface_ptr, hash_set, nw_key_insert, nw_key_index_set, nw_keys_remove) {(void) hash_set;}
 #define ws_pae_auth_start(interface_ptr)
 #define ws_pae_auth_gtks_updated NULL
 #define ws_pae_auth_nw_key_index_update NULL
+#define ws_pae_auth_nw_info_set NULL
 #define ws_pae_auth_node_keys_remove(interface_ptr, eui64) -1
 #define ws_pae_auth_node_access_revoke_start(interface_ptr)
 #define ws_pae_auth_node_limit_set(interface_ptr, limit)
diff --git a/source/6LoWPAN/ws/ws_pae_controller.c b/source/6LoWPAN/ws/ws_pae_controller.c
@@ -49,6 +49,7 @@ typedef int8_t ws_pae_br_addr_read(protocol_interface_info_entry_t *interface_pt
 typedef void ws_pae_gtks_updated(protocol_interface_info_entry_t *interface_ptr);
 typedef int8_t ws_pae_gtk_hash_update(protocol_interface_info_entry_t *interface_ptr, uint8_t *gtkhash);
 typedef int8_t ws_pae_nw_key_index_update(protocol_interface_info_entry_t *interface_ptr, uint8_t index);
+typedef int8_t ws_pae_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name);
 
 typedef struct {
     uint8_t gtk[GTK_LEN];                                            /**< GTK key */
@@ -88,6 +89,7 @@ typedef struct {
     ws_pae_gtks_updated *pae_gtks_updated;                           /**< PAE GTKs updated */
     ws_pae_gtk_hash_update *pae_gtk_hash_update;                     /**< PAE GTK HASH update */
     ws_pae_nw_key_index_update *pae_nw_key_index_update;             /**< PAE NW key index update */
+    ws_pae_nw_info_set *pae_nw_info_set;                             /**< PAE security key network info set */
     nvm_tlv_entry_t *pae_nvm_buffer;                                 /**< Buffer For PAE NVM write operation*/
     bool gtks_set : 1;                                               /**< GTKs are set */
     bool gtkhash_set : 1;                                            /**< GTK hashes are set */
@@ -238,7 +240,7 @@ int8_t ws_pae_controller_authenticator_start(protocol_interface_info_entry_t *in
         ws_pae_auth_node_limit_set(controller->interface_ptr, pae_controller_config.node_limit);
     }
 
-    ws_pae_auth_cb_register(interface_ptr, ws_pae_controller_gtk_hash_set, ws_pae_controller_nw_key_check_and_insert, ws_pae_controller_nw_key_index_check_and_set);
+    ws_pae_auth_cb_register(interface_ptr, ws_pae_controller_gtk_hash_set, ws_pae_controller_nw_key_check_and_insert, ws_pae_controller_nw_key_index_check_and_set, ws_pae_controller_nw_keys_remove);
 
     ws_pae_auth_start(interface_ptr);
 
@@ -300,7 +302,11 @@ int8_t ws_pae_controller_nw_info_set(protocol_interface_info_entry_t *interface_
 
     controller->network_name = network_name;
 
-    return ws_pae_supp_nw_info_set(interface_ptr, pan_id, network_name);
+    if (controller->pae_nw_info_set) {
+        controller->pae_nw_info_set(interface_ptr, pan_id, network_name);
+    }
+
+    return 0; ;
 }
 
 int8_t ws_pae_controller_nw_key_valid(protocol_interface_info_entry_t *interface_ptr)
@@ -707,6 +713,7 @@ int8_t ws_pae_controller_supp_init(protocol_interface_info_entry_t *interface_pt
     controller->pae_br_addr_read = ws_pae_supp_border_router_addr_read;
     controller->pae_gtk_hash_update = ws_pae_supp_gtk_hash_update;
     controller->pae_nw_key_index_update = ws_pae_supp_nw_key_index_update;
+    controller->pae_nw_info_set = ws_pae_supp_nw_info_set;
 
     ws_pae_supp_cb_register(controller->interface_ptr, controller->auth_completed, ws_pae_controller_nw_key_check_and_insert, ws_pae_controller_active_nw_key_set, ws_pae_controller_gtk_hash_ptr_get);
 
@@ -731,6 +738,7 @@ int8_t ws_pae_controller_auth_init(protocol_interface_info_entry_t *interface_pt
     controller->pae_slow_timer = ws_pae_auth_slow_timer;
     controller->pae_gtks_updated = ws_pae_auth_gtks_updated;
     controller->pae_nw_key_index_update = ws_pae_auth_nw_key_index_update;
+    controller->pae_nw_info_set = ws_pae_auth_nw_info_set;
 
     ws_pae_controller_frame_counter_read(controller);
 
