Updated initial key trickles

Mika Leppänen · Mika Leppänen · commit ee45f4be3240 · 2020-05-15T17:08:37.000+03:00
Set as specified in analysis. Set large and extra large network imin to
600 and not to 480 to force the first retry to at least 5 minutes after
initial attempt.
diff --git a/source/6LoWPAN/ws/ws_cfg_settings.c b/source/6LoWPAN/ws/ws_cfg_settings.c
@@ -378,8 +378,8 @@ static void ws_cfg_network_size_config_set_small(ws_cfg_nw_size_t *cfg)
     cfg->sec_prot.sec_max_ongoing_authentication = MAX_SIMULTANEOUS_SECURITY_NEGOTIATIONS_SMALL;
 
     cfg->sec_prot.initial_key_retry_delay = DEFAULT_INITIAL_KEY_RETRY_TIMER;
-    cfg->sec_prot.initial_key_imin = DEFAULT_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->sec_prot.initial_key_imax = DEFAULT_INITIAL_KEY_TRICKLE_IMAX_SECS;
+    cfg->sec_prot.initial_key_imin = SMALL_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
+    cfg->sec_prot.initial_key_imax = SMALL_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
     cfg->sec_prot.initial_key_retry_cnt = DEFAULT_INITIAL_KEY_RETRY_COUNT;
 }
 
@@ -414,8 +414,8 @@ static void ws_cfg_network_size_config_set_medium(ws_cfg_nw_size_t *cfg)
     cfg->sec_prot.sec_max_ongoing_authentication = MAX_SIMULTANEOUS_SECURITY_NEGOTIATIONS_MEDIUM;
 
     cfg->sec_prot.initial_key_retry_delay = DEFAULT_INITIAL_KEY_RETRY_TIMER;
-    cfg->sec_prot.initial_key_imin = DEFAULT_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->sec_prot.initial_key_imax = DEFAULT_INITIAL_KEY_TRICKLE_IMAX_SECS;
+    cfg->sec_prot.initial_key_imin = MEDIUM_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
+    cfg->sec_prot.initial_key_imax = MEDIUM_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
     cfg->sec_prot.initial_key_retry_cnt = DEFAULT_INITIAL_KEY_RETRY_COUNT;
 }
 
@@ -449,12 +449,12 @@ static void ws_cfg_network_size_config_set_large(ws_cfg_nw_size_t *cfg)
 
     cfg->sec_prot.sec_max_ongoing_authentication = MAX_SIMULTANEOUS_SECURITY_NEGOTIATIONS_LARGE;
 
-    if (cfg->gen.network_size > 50 && cfg->gen.network_size != NETWORK_SIZE_AUTOMATIC) {
-        // If more than 5000 devices uses very slow initial trickle timer
+    if (cfg->gen.network_size > NETWORK_SIZE_LARGE && cfg->gen.network_size != NETWORK_SIZE_AUTOMATIC) {
+        // If more than 1600 devices uses extra large initial trickle timer
         cfg->sec_prot.initial_key_retry_delay = NONE_INITIAL_KEY_RETRY_TIMER;
-        cfg->sec_prot.initial_key_imin = VERY_SLOW_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
-        cfg->sec_prot.initial_key_imax = VERY_SLOW_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
-        cfg->sec_prot.initial_key_retry_cnt = DEFAULT_INITIAL_KEY_RETRY_COUNT;
+        cfg->sec_prot.initial_key_imin = EXTRA_LARGE_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
+        cfg->sec_prot.initial_key_imax = EXTRA_LARGE_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
+        cfg->sec_prot.initial_key_retry_cnt = EXTRA_LARGE_NW_INITIAL_KEY_RETRY_COUNT;
     } else {
         cfg->sec_prot.initial_key_retry_delay = NONE_INITIAL_KEY_RETRY_TIMER;
         cfg->sec_prot.initial_key_imin = LARGE_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
@@ -494,8 +494,8 @@ static void ws_cfg_network_size_config_set_certificate(ws_cfg_nw_size_t *cfg)
     cfg->sec_prot.sec_max_ongoing_authentication = MAX_SIMULTANEOUS_SECURITY_NEGOTIATIONS_SMALL;
 
     cfg->sec_prot.initial_key_retry_delay = DEFAULT_INITIAL_KEY_RETRY_TIMER;
-    cfg->sec_prot.initial_key_imin = DEFAULT_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->sec_prot.initial_key_imax = DEFAULT_INITIAL_KEY_TRICKLE_IMAX_SECS;
+    cfg->sec_prot.initial_key_imin = SMALL_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
+    cfg->sec_prot.initial_key_imax = SMALL_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
     cfg->sec_prot.initial_key_retry_cnt = DEFAULT_INITIAL_KEY_RETRY_COUNT;
 }
 
@@ -1045,8 +1045,8 @@ static int8_t ws_cfg_sec_prot_default_set(ws_sec_prot_cfg_t *cfg)
     cfg->sec_prot_retry_timeout = SEC_PROT_RETRY_TIMEOUT_SMALL;
     cfg->sec_max_ongoing_authentication = MAX_SIMULTANEOUS_SECURITY_NEGOTIATIONS_MEDIUM;
     cfg->initial_key_retry_delay = DEFAULT_INITIAL_KEY_RETRY_TIMER;
-    cfg->initial_key_imin = DEFAULT_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->initial_key_imax = DEFAULT_INITIAL_KEY_TRICKLE_IMAX_SECS;
+    cfg->initial_key_imin = MEDIUM_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
+    cfg->initial_key_imax = MEDIUM_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
     cfg->initial_key_retry_cnt = DEFAULT_INITIAL_KEY_RETRY_COUNT;
 
     return CFG_SETTINGS_OK;
diff --git a/source/6LoWPAN/ws/ws_config.h b/source/6LoWPAN/ws/ws_config.h
@@ -234,17 +234,22 @@ extern uint8_t DEVICE_MIN_SENS;
 #define DEFAULT_INITIAL_KEY_RETRY_TIMER                120
 #define NONE_INITIAL_KEY_RETRY_TIMER                   0
 
-// Default trickle values for sending of initial EAPOL-key
-#define DEFAULT_INITIAL_KEY_TRICKLE_IMIN_SECS          360   /* 6 to 12 minutes */
-#define DEFAULT_INITIAL_KEY_TRICKLE_IMAX_SECS          720
+// Small network Default trickle values for sending of initial EAPOL-key
+#define SMALL_NW_INITIAL_KEY_TRICKLE_IMIN_SECS         360   /* 6 to 8.3 minutes */
+#define SMALL_NW_INITIAL_KEY_TRICKLE_IMAX_SECS         500
+
+// Small network Default trickle values for sending of initial EAPOL-key
+#define MEDIUM_NW_INITIAL_KEY_TRICKLE_IMIN_SECS        360   /* 6 to 12 minutes */
+#define MEDIUM_NW_INITIAL_KEY_TRICKLE_IMAX_SECS        720
 
 // Large network trickle values for sending of initial EAPOL-key
-#define LARGE_NW_INITIAL_KEY_TRICKLE_IMIN_SECS         480   /* 8 to 20 minutes */
+#define LARGE_NW_INITIAL_KEY_TRICKLE_IMIN_SECS         600   /* 10 to 20 minutes */
 #define LARGE_NW_INITIAL_KEY_TRICKLE_IMAX_SECS         1200
 
 // Very slow network values for sending of initial EAPOL-key
-#define VERY_SLOW_NW_INITIAL_KEY_TRICKLE_IMIN_SECS     600   /* 10 to 60 minutes */
-#define VERY_SLOW_NW_INITIAL_KEY_TRICKLE_IMAX_SECS     3600
+#define EXTRA_LARGE_NW_INITIAL_KEY_TRICKLE_IMIN_SECS   600   /* 10 to 20 minutes */
+#define EXTRA_LARGE_NW_INITIAL_KEY_TRICKLE_IMAX_SECS   1200
+#define EXTRA_LARGE_NW_INITIAL_KEY_RETRY_COUNT         4
 
 // How many times sending of initial EAPOL-key is retried
 #define DEFAULT_INITIAL_KEY_RETRY_COUNT                2
diff --git a/test/nanostack/unittest/6LoWPAN/ws_cfg_settings/test_ws_cfg_settings.c b/test/nanostack/unittest/6LoWPAN/ws_cfg_settings/test_ws_cfg_settings.c
@@ -178,7 +178,7 @@ static const ws_cfg_t ws_cfg_defaults_small = {
     .sec_prot.sec_max_ongoing_authentication = 3,  // network size affects
     .sec_prot.initial_key_retry_delay = 120,       // network size affects
     .sec_prot.initial_key_imin = 360,              // network size affects
-    .sec_prot.initial_key_imax = 720,              // network size affects
+    .sec_prot.initial_key_imax = 500,              // network size affects
     .sec_prot.initial_key_retry_cnt = 2,           // network size affects
 };
 
@@ -246,7 +246,7 @@ static const ws_cfg_t ws_cfg_defaults_large = {
     .sec_prot.sec_prot_trickle_timer_exp = 2,       // network size affects
     .sec_prot.sec_max_ongoing_authentication = 50,  // network size affects
     .sec_prot.initial_key_retry_delay = 0,          // network size affects
-    .sec_prot.initial_key_imin = 480,               // network size affects
+    .sec_prot.initial_key_imin = 600,               // network size affects
     .sec_prot.initial_key_imax = 1200,              // network size affects
     .sec_prot.initial_key_retry_cnt = 2,            // network size affects
 };
@@ -316,7 +316,7 @@ static const ws_cfg_t ws_cfg_defaults_certification = {
     .sec_prot.sec_max_ongoing_authentication = 3,  // network size affects
     .sec_prot.initial_key_retry_delay = 120,       // network size affects
     .sec_prot.initial_key_imin = 360,              // network size affects
-    .sec_prot.initial_key_imax = 720,              // network size affects
+    .sec_prot.initial_key_imax = 500,              // network size affects
     .sec_prot.initial_key_retry_cnt = 2,           // network size affects
 };
 
