PAE supplicant and authenticator GTK update procedure

Added support for GTK key and active key set test commands.
GTK update procedure is following:
- Authenticator adds new GTK to GTK HASH and updates PAN version
- Nodes receive updated GTK HASH on PAN configuration message and detect
that new GTK is inserted
- Nodes send EAPOL-Key to request new GTK from authenticator
- Authenticator initates GTK handshakes towards nodes to update GTKs
- After the GTKs are updated, authenticator takes new key index index into
use (on sending) and updates PAN version
- Nodes receive updated key index on PAN configuration message and
take it into use
- Authenticator removes old GTK from GTK HASH

Author: Mika Leppänen

source/6LoWPAN/MAC/mac_helper.c

@@ -339,6 +339,26 @@ int8_t mac_helper_security_default_key_set(protocol_interface_info_entry_t *inte
     return 0;
 }
 
+int8_t mac_helper_security_default_recv_key_set(protocol_interface_info_entry_t *interface, const uint8_t *key, uint8_t id, uint8_t keyid_mode)
+{
+    if (id == 0 || keyid_mode > 3) {
+        return -1;
+    }
+
+    mac_helper_keytable_descriptor_set(interface->mac_api, key, id, interface->mac_parameters->mac_default_key_attribute_id);
+    return 0;
+}
+
+int8_t mac_helper_security_auto_request_key_index_set(protocol_interface_info_entry_t *interface, uint8_t id)
+{
+    if (id == 0) {
+        return -1;
+    }
+
+    mac_helper_pib_8bit_set(interface, macAutoRequestKeyIndex, id);
+    return 0;
+}
+
 
 int8_t mac_helper_security_pairwisekey_set(protocol_interface_info_entry_t *interface, const uint8_t *key, const uint8_t *mac_64, uint8_t key_attribute)
 {

source/6LoWPAN/MAC/mac_helper.h

@@ -67,6 +67,10 @@ uint8_t mac_helper_default_key_index_get(struct protocol_interface_info_entry *i
 
 int8_t mac_helper_security_default_key_set(struct protocol_interface_info_entry *interface, const uint8_t *key, uint8_t id, uint8_t keyid_mode);
 
+int8_t mac_helper_security_default_recv_key_set(struct protocol_interface_info_entry *interface, const uint8_t *key, uint8_t id, uint8_t keyid_mode);
+
+int8_t mac_helper_security_auto_request_key_index_set(struct protocol_interface_info_entry *interface, uint8_t id);
+
 int8_t mac_helper_security_next_key_set(struct protocol_interface_info_entry *interface, uint8_t *key, uint8_t id, uint8_t keyid_mode);
 
 int8_t mac_helper_security_prev_key_set(struct protocol_interface_info_entry *interface, uint8_t *key, uint8_t id, uint8_t keyid_mode);

source/6LoWPAN/ws/ws_bootstrap.c

@@ -85,8 +85,10 @@ static uint16_t ws_bootstrap_routing_cost_calculate(protocol_interface_info_entr
 static uint16_t ws_bootstrap_rank_get(protocol_interface_info_entry_t *cur);
 static uint16_t ws_bootstrap_min_rank_inc_get(protocol_interface_info_entry_t *cur);
 
-static void ws_bootstrap_key_insert(protocol_interface_info_entry_t *cur, uint8_t gtk_index, uint8_t *gtk);
+static void ws_bootstrap_nw_key_insert(protocol_interface_info_entry_t *cur, uint8_t operation, uint8_t index, uint8_t *key);
+static void ws_bootstrap_nw_key_index_set(protocol_interface_info_entry_t *cur, uint8_t index);
 static void ws_bootstrap_authentication_completed(protocol_interface_info_entry_t *cur, bool success);
+static void ws_bootstrap_pan_version_increment(protocol_interface_info_entry_t *cur);
 
 mac_neighbor_table_entry_t *ws_bootstrap_mac_neighbor_add(struct protocol_interface_info_entry *interface, const uint8_t *src64)
 
@@ -1027,7 +1029,10 @@ static void ws_bootstrap_pan_config_analyse(struct protocol_interface_info_entry
 
     cur->ws_info->pan_version_timeout_timer = PAN_VERSION_TIMEOUT;
     cur->ws_info->pan_information.pan_version = pan_version;
-    memcpy(cur->ws_info->gtkhash, gtkhash_ptr, 32);
+
+    ws_pae_controller_gtk_hash_update(cur, gtkhash_ptr);
+
+    ws_pae_controller_nw_key_index_update(cur, data->Key.KeyIndex - 1);
 
     if (!cur->ws_info->configuration_learned) {
         // Generate own hopping schedules Follow first parent broadcast and plans and also use same unicast dwell
@@ -1452,7 +1457,7 @@ int ws_bootstrap_init(int8_t interface_id, net_6lowpan_mode_e bootstrap_mode)
         ret_val =  -4;
         goto init_fail;
     }
-    if (ws_pae_controller_cb_register(cur, &ws_bootstrap_authentication_completed, &ws_bootstrap_key_insert) < 0) {
+    if (ws_pae_controller_cb_register(cur, &ws_bootstrap_authentication_completed, &ws_bootstrap_nw_key_insert, &ws_bootstrap_nw_key_index_set, &ws_bootstrap_pan_version_increment) < 0) {
         ret_val =  -4;
         goto init_fail;
     }
@@ -1619,7 +1624,8 @@ static void ws_bootstrap_network_configuration_learn(protocol_interface_info_ent
 
     // Timing information can be modified here
     ws_llc_set_pan_information_pointer(cur, &cur->ws_info->pan_information);
-    ws_llc_set_gtkhash(cur, cur->ws_info->gtkhash);
+    uint8_t *gtkhash = ws_pae_controller_gtk_hash_ptr_get(cur);
+    ws_llc_set_gtkhash(cur, gtkhash);
     // TODO update own fhss schedules we are starting to follow first parent
 
     return;
@@ -1845,6 +1851,11 @@ static void ws_bootstrap_advertise_start(protocol_interface_info_entry_t *cur)
     trickle_inconsistent_heard(&cur->ws_info->trickle_pan_config, &cur->ws_info->trickle_params_pan_discovery);
 }
 
+static void ws_bootstrap_pan_version_increment(protocol_interface_info_entry_t *cur)
+{
+    cur->ws_info->pan_version_timer = randLIB_get_random_in_range(5, 15);
+}
+
 // Start network scan
 static void ws_bootstrap_start_discovery(protocol_interface_info_entry_t *cur)
 {
@@ -1883,23 +1894,33 @@ static void ws_bootstrap_start_authentication(protocol_interface_info_entry_t *c
     ws_pae_controller_authenticate(cur);
 }
 
-
-static void ws_bootstrap_key_insert(protocol_interface_info_entry_t *cur, uint8_t gtk_index, uint8_t *gtk)
+static void ws_bootstrap_nw_key_insert(protocol_interface_info_entry_t *cur, uint8_t operation, uint8_t index, uint8_t *key)
 {
-    // Convert GTK to Group AES Key (GAK)
-
-    // Verify HASH etc.
-
-    // Check index, for now only reacts to keys of index 0
-    if (gtk_index == 0) {
-        mac_helper_security_key_clean(cur);
-        mac_helper_default_security_level_set(cur, AES_SECURITY_LEVEL_ENC_MIC64);
-        mac_helper_default_security_key_id_mode_set(cur, MAC_KEY_ID_MODE_IDX);
-        //Set Keys
-        mac_helper_security_default_key_set(cur, gtk, gtk_index + 1, MAC_KEY_ID_MODE_IDX);
+    switch (operation) {
+        case 0:
+            mac_helper_security_key_clean(cur);
+            mac_helper_default_security_level_set(cur, AES_SECURITY_LEVEL_ENC_MIC64);
+            mac_helper_default_security_key_id_mode_set(cur, MAC_KEY_ID_MODE_IDX);
+            break;
+        case 1:
+            mac_helper_security_default_recv_key_set(cur, key, index + 1, MAC_KEY_ID_MODE_IDX);
+            break;
+        case 2:
+            mac_helper_security_prev_key_set(cur, key, index + 1, MAC_KEY_ID_MODE_IDX);
+            break;
+        case 3:
+            mac_helper_security_next_key_set(cur, key, index + 1, MAC_KEY_ID_MODE_IDX);
+            break;
+        default:
+            break;
     }
 }
 
+static void ws_bootstrap_nw_key_index_set(protocol_interface_info_entry_t *cur, uint8_t index)
+{
+    mac_helper_security_auto_request_key_index_set(cur, index + 1);
+}
+
 static void ws_bootstrap_authentication_completed(protocol_interface_info_entry_t *cur, bool success)
 {
     if (success) {
@@ -2167,7 +2188,9 @@ static void ws_bootstrap_event_handler(arm_event_s *event)
                 cur->ws_info->pan_information.rpl_routing_method = true;
                 cur->ws_info->pan_information.use_parent_bs = true;
                 cur->ws_info->pan_information.version = WS_FAN_VERSION_1_0;
-                ws_llc_set_gtkhash(cur, cur->ws_info->gtkhash);
+
+                uint8_t *gtkhash = ws_pae_controller_gtk_hash_ptr_get(cur);
+                ws_llc_set_gtkhash(cur, gtkhash);
                 cur->ws_info->pan_version_timer = PAN_VERSION_LIFETIME;
 
                 // Set default parameters for FHSS when starting a discovery