Nanostack patch release for mbedos 5.14.1

features/nanostack/coap-service/test/coap-service/unittest/makefile_defines.txt

@@ -33,6 +33,7 @@ INCLUDE_DIRS =\
   ../../../../../event-loop/source/ \
   ../../../../../mbedtls/include/ \
   ../../../../../mbedtls/include/mbedtls/ \
+  ../../../../../mbedtls/crypto/include/ \
   /usr/include\
   $(CPPUTEST_HOME)/include\
 

features/nanostack/sal-stack-nanostack/nanostack/dhcp_service_api.h

@@ -217,6 +217,16 @@ void dhcp_service_update_server_address(uint32_t msg_tr_id, uint8_t *server_addr
  */
 void dhcp_service_req_remove(uint32_t msg_tr_id);
 
+/**
+ * \brief Stops transactions for a messages (retransmissions).
+ *
+ * Clears off sending retransmissions for a particular message transaction by finding it via its message class pointer.
+ *
+ * \param msg_class_ptr The message class pointer.
+ *
+ */
+void dhcp_service_req_remove_all(void *msg_class_ptr);
+
 /**
  * \brief Timer tick function for retransmissions.
  *

features/nanostack/sal-stack-nanostack/nanostack/sw_mac.h

@@ -97,6 +97,14 @@ extern int ns_sw_mac_phy_statistics_start(struct mac_api_s *mac_api, struct phy_
  */
 extern uint32_t ns_sw_mac_read_current_timestamp(struct mac_api_s *mac_api);
 
+/**
+ * @brief Enable or disable Frame counter per security key. SW MAC must be create before enable this feature!
+ * @param mac_api MAC instance.
+ * @param enable_feature True will allocate frame counter table for devices / key False will clear mode and free counter table.
+ * @return 0 on success, -1 on fail.
+ */
+extern int8_t ns_sw_mac_enable_frame_counter_per_key(struct mac_api_s *mac_api, bool enable_feature);
+
 #ifdef __cplusplus
 }
 #endif

features/nanostack/sal-stack-nanostack/nanostack/ws_bbr_api.h

@@ -140,4 +140,26 @@ int ws_bbr_node_access_revoke_start(int8_t interface_id);
  */
 int ws_bbr_eapol_node_limit_set(int8_t interface_id, uint16_t limit);
 
+/**
+ * Extended certificate validation
+ */
+#define BBR_CRT_EXT_VALID_NONE    0x00 /**< Do not make extended validations */
+#define BBR_CRT_EXT_VALID_WISUN   0x01 /**< Validate Wi-SUN specific fields */
+
+/**
+ * Sets extended certificate validation setting
+ *
+ * Sets extended certificate validation setting on border router. Function can be used
+ * to set which fields on client certificate are validated.
+ *
+ * \param interface_id Network interface ID
+ * \param validation Extended Certificate validation setting
+ *          BBR_CRT_EXT_VALID_NONE   Do not make extended validations
+ *          BBR_CRT_EXT_VALID_WISUN  Validate Wi-SUN specific fields
+ *
+ * \return 0 Validation setting was set
+ * \return <0 Setting set failed
+ */
+int ws_bbr_ext_certificate_validation_set(int8_t interface_id, uint8_t validation);
+
 #endif /* WS_BBR_API_H_ */

features/nanostack/sal-stack-nanostack/source/6LoWPAN/MAC/mac_helper.c

@@ -349,12 +349,12 @@ int8_t mac_helper_security_default_recv_key_set(protocol_interface_info_entry_t
     return 0;
 }
 
-int8_t mac_helper_security_auto_request_key_index_set(protocol_interface_info_entry_t *interface, uint8_t id)
+int8_t mac_helper_security_auto_request_key_index_set(protocol_interface_info_entry_t *interface, uint8_t key_attibute_index, uint8_t id)
 {
     if (id == 0) {
         return -1;
     }
-
+    interface->mac_parameters->mac_default_key_attribute_id = key_attibute_index;
     mac_helper_pib_8bit_set(interface, macAutoRequestKeyIndex, id);
     return 0;
 }
@@ -442,13 +442,11 @@ void mac_helper_security_key_swap_next_to_default(protocol_interface_info_entry_
     interface->mac_parameters->mac_prev_key_index = interface->mac_parameters->mac_default_key_index;
     interface->mac_parameters->mac_prev_key_attribute_id = interface->mac_parameters->mac_default_key_attribute_id;
 
-    interface->mac_parameters->mac_default_key_index = interface->mac_parameters->mac_next_key_index;
-    interface->mac_parameters->mac_default_key_attribute_id = interface->mac_parameters->mac_next_key_attribute_id;
+    mac_helper_security_auto_request_key_index_set(interface, interface->mac_parameters->mac_next_key_attribute_id, interface->mac_parameters->mac_next_key_index);
+
     interface->mac_parameters->mac_next_key_index = 0;
     interface->mac_parameters->mac_next_key_attribute_id = prev_attribute;
 
-    mac_helper_pib_8bit_set(interface, macAutoRequestKeyIndex,  interface->mac_parameters->mac_default_key_index);
-
 }
 
 void mac_helper_security_key_clean(protocol_interface_info_entry_t *interface)
@@ -841,7 +839,7 @@ int8_t mac_helper_link_frame_counter_read(int8_t interface_id, uint32_t *seq_ptr
     }
     mlme_get_t get_req;
     get_req.attr = macFrameCounter;
-    get_req.attr_index = 0;
+    get_req.attr_index = cur->mac_parameters->mac_default_key_attribute_id;
     cur->mac_api->mlme_req(cur->mac_api, MLME_GET, &get_req);
     *seq_ptr = cur->mac_parameters->security_frame_counter;
 
@@ -858,7 +856,7 @@ int8_t mac_helper_link_frame_counter_set(int8_t interface_id, uint32_t seq_ptr)
     }
     mlme_set_t set_req;
     set_req.attr = macFrameCounter;
-    set_req.attr_index = 0;
+    set_req.attr_index = cur->mac_parameters->mac_default_key_attribute_id;
     set_req.value_pointer = &seq_ptr;
     set_req.value_size = 4;
     cur->mac_api->mlme_req(cur->mac_api, MLME_SET, &set_req);

features/nanostack/sal-stack-nanostack/source/6LoWPAN/MAC/mac_helper.h

@@ -69,7 +69,7 @@ int8_t mac_helper_security_default_key_set(struct protocol_interface_info_entry
 
 int8_t mac_helper_security_default_recv_key_set(struct protocol_interface_info_entry *interface, const uint8_t *key, uint8_t id, uint8_t keyid_mode);
 
-int8_t mac_helper_security_auto_request_key_index_set(struct protocol_interface_info_entry *interface, uint8_t id);
+int8_t mac_helper_security_auto_request_key_index_set(struct protocol_interface_info_entry *interface, uint8_t key_attibute_index, uint8_t id);
 
 int8_t mac_helper_security_next_key_set(struct protocol_interface_info_entry *interface, uint8_t *key, uint8_t id, uint8_t keyid_mode);
 

features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_bbr_api.c

@@ -636,3 +636,18 @@ int ws_bbr_eapol_node_limit_set(int8_t interface_id, uint16_t limit)
     return -1;
 #endif
 }
+
+int ws_bbr_ext_certificate_validation_set(int8_t interface_id, uint8_t validation)
+{
+    (void) interface_id;
+#ifdef HAVE_WS_BORDER_ROUTER
+    bool enabled = false;
+    if (validation & BBR_CRT_EXT_VALID_WISUN) {
+        enabled = true;
+    }
+    return ws_pae_controller_ext_certificate_validation_set(interface_id, enabled);
+#else
+    (void) validation;
+    return -1;
+#endif
+}

features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_bootstrap.c

@@ -1371,7 +1371,7 @@ static void ws_bootstrap_neighbor_table_clean(struct protocol_interface_info_ent
         //Read current timestamp
         uint32_t time_from_last_unicast_shedule = ws_time_from_last_unicast_traffic(current_time_stamp, ws_neighbor);
 
-        if (time_from_last_unicast_shedule > WS_NEIGHBOR_TEMPORARY_LINK_MIN_TIMEOUT || !ws_neighbor->unicast_data_rx) {
+        if (time_from_last_unicast_shedule > WS_NEIGHBOR_TEMPORARY_LINK_MIN_TIMEOUT) {
             //Accept only Enough Old Device
             if (!neighbor_entry_ptr) {
                 //Accept first compare
@@ -1581,6 +1581,10 @@ int ws_bootstrap_init(int8_t interface_id, net_6lowpan_mode_e bootstrap_mode)
         return -2;
     }
 
+    if (ns_sw_mac_enable_frame_counter_per_key(cur->mac_api, true)) {
+        return -1;
+    }
+
     if (!etx_storage_list_allocate(cur->id, buffer.device_decription_table_size)) {
         return -1;
     }
@@ -1940,6 +1944,9 @@ static void ws_dhcp_client_global_adress_cb(int8_t interface, uint8_t dhcp_addr[
         if (cur) {
             rpl_control_register_address(cur, prefix);
         }
+    } else {
+        //Delete dhcpv6 client
+        dhcp_client_global_address_delete(interface, dhcp_addr, prefix);
     }
 }
 
@@ -2055,6 +2062,9 @@ static void ws_bootstrap_rpl_activate(protocol_interface_info_entry_t *cur)
     // If i am router I Do this
     rpl_control_force_leaf(protocol_6lowpan_rpl_domain, leaf);
     rpl_control_request_parent_link_confirmation(true);
+    rpl_control_set_dio_multicast_min_config_advertisment_count(WS_MIN_DIO_MULTICAST_CONFIG_ADVERTISMENT_COUNT);
+    rpl_control_set_dao_retry_count(WS_MAX_DAO_RETRIES);
+    rpl_control_set_initial_dao_ack_wait(WS_MAX_DAO_INITIAL_TIMEOUT);
 
     cur->ws_info->rpl_state = 0xff; // Set invalid state and learn from event
 }
@@ -2107,7 +2117,9 @@ static void ws_bootstrap_start_discovery(protocol_interface_info_entry_t *cur)
     ws_bootstrap_neighbor_list_clean(cur);
 
     // Clear RPL information
-    rpl_control_remove_domain_from_interface(cur);
+    rpl_control_free_domain_instances_from_interface(cur);
+    // Clear EAPOL relay address
+    ws_eapol_relay_delete(cur);
 
     // Clear ip stack from old information
     ws_bootstrap_ip_stack_reset(cur);
@@ -2169,7 +2181,7 @@ static void ws_bootstrap_nw_key_clear(protocol_interface_info_entry_t *cur, uint
 static void ws_bootstrap_nw_key_index_set(protocol_interface_info_entry_t *cur, uint8_t index)
 {
     // Set send key
-    mac_helper_security_auto_request_key_index_set(cur, index + 1);
+    mac_helper_security_auto_request_key_index_set(cur, index, index + 1);
 }
 
 static void ws_bootstrap_nw_frame_counter_set(protocol_interface_info_entry_t *cur, uint32_t counter)

features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_common.c

@@ -31,6 +31,8 @@
 #include "Service_Libs/etx/etx.h"
 #include "Service_Libs/mac_neighbor_table/mac_neighbor_table.h"
 #include "Service_Libs/blacklist/blacklist.h"
+#include "RPL/rpl_protocol.h"
+#include "RPL/rpl_control.h"
 #include "ws_management_api.h"
 #include "mac_api.h"
 
@@ -404,6 +406,13 @@ bool ws_common_allow_child_registration(protocol_interface_info_entry_t *interfa
         return true;
     }
 
+    //Verify that we have Selected Parent
+    if (interface->bootsrap_mode != ARM_NWK_BOOTSRAP_MODE_6LoWPAN_BORDER_ROUTER && !rpl_control_parent_candidate_list_size(interface, true)) {
+        tr_info("Do not accept new ARO child: no selected parent");
+        return false;
+    }
+
+
     ns_list_foreach_safe(mac_neighbor_table_entry_t, cur, &mac_neighbor_info(interface)->neighbour_list) {
 
         if (ipv6_neighbour_has_registered_by_eui64(&interface->ipv6_neighbour_cache, cur->mac64)) {

features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_config.h

@@ -133,4 +133,12 @@ extern uint8_t DEVICE_MIN_SENS;
 #define FRAME_COUNTER_INCREMENT          1000 // How much frame counter is incremented on start up
 #define FRAME_COUNTER_STORE_THRESHOLD    800  // How much frame counter must increment before it is stored
 
+
+/*
+ *  RPL Configuration parameters
+ */
+#define WS_MAX_DAO_RETRIES 3 // With 40s, 80s, 160s, 320s, 640s
+#define WS_MAX_DAO_INITIAL_TIMEOUT 400 // With 40s initial value exponentially increasing
+#define WS_MIN_DIO_MULTICAST_CONFIG_ADVERTISMENT_COUNT 10 // Define 10 multicast advertisment when learn config or learn config update
+
 #endif /* WS_CONFIG_H_ */

features/nanostack/sal-stack-nanostack/source/6LoWPAN/ws/ws_pae_auth.c

@@ -919,12 +919,12 @@ static void ws_pae_auth_next_kmp_trigger(pae_auth_t *pae_auth, supp_entry_t *sup
 
         kmp_api_t *api = ws_pae_lib_kmp_list_type_get(&supp_entry->kmp_list, next_type);
         if (api != NULL) {
+            /* For other types than GTK, only one ongoing negotiation at the same time,
+               for GTK there can be previous terminating and the new one for next key index */
             if (next_type != IEEE_802_11_GKH) {
                 tr_info("KMP already ongoing; ignored, eui-64: %s", trace_array(supp_entry->addr.eui_64, 8));
                 return;
             }
-            // Delete KMP
-            ws_pae_lib_kmp_list_delete(&supp_entry->kmp_list, api);
         }
     }