Added handling for mbed TLS configuration error

Added handling for TLS configuration error, added delete of TLS
in case of EAP-TLS error and improved EAP-TLS message handling
(fragments and empty EAP-TLS messages on authenticator).

Author: Mika Leppänen

source/Security/kmp/kmp_api.c

@@ -127,6 +127,8 @@ kmp_api_t *kmp_api_create(kmp_service_t *service, kmp_type_e type)
     kmp->service = service;
     kmp->timer_start_pending = false;
 
+    memset(&kmp->sec_prot, 0, sec_size);
+
     kmp->sec_prot.header_size = service->header_size;
     kmp->sec_prot.create_conf = kmp_api_sec_prot_create_confirm;
     kmp->sec_prot.create_ind = kmp_api_sec_prot_create_indication;

source/Security/protocols/eap_tls_sec_prot/auth_eap_tls_sec_prot.c

@@ -89,6 +89,7 @@ static int8_t auth_eap_tls_sec_prot_message_send(sec_prot_t *prot, uint8_t eap_c
 
 static void auth_eap_tls_sec_prot_timer_timeout(sec_prot_t *prot, uint16_t ticks);
 static void auth_eap_tls_sec_prot_init_tls(sec_prot_t *prot);
+static void auth_eap_tls_sec_prot_delete_tls(sec_prot_t *prot);
 
 static void auth_eap_tls_sec_prot_seq_id_update(sec_prot_t *prot);
 
@@ -202,7 +203,7 @@ static int8_t auth_eap_tls_sec_prot_message_handle(sec_prot_t *prot)
     }
 
     if (!data_ptr || length < 6) {
-        return EAP_TLS_MSG_ERROR;
+        return EAP_TLS_MSG_DECODE_ERROR;
     }
 
     length -= 5; // EAP fields: code, id, length, type
@@ -266,11 +267,18 @@ static void auth_eap_tls_sec_prot_tls_finished_indication(sec_prot_t *tls_prot,
 
     if (result == SEC_RESULT_OK) {
         data->tls_result = EAP_TLS_RESULT_HANDSHAKE_OVER;
+    } else if (result == SEC_RESULT_CONF_ERROR) {
+        data->tls_result = EAP_TLS_RESULT_HANDSHAKE_FATAL_ERROR;
     } else {
         data->tls_result = EAP_TLS_RESULT_HANDSHAKE_FAILED;
     }
 
     data->tls_ongoing = false;
+
+    if (data->tls_result == EAP_TLS_RESULT_HANDSHAKE_FATAL_ERROR) {
+        // On fatal error terminate right away
+        prot->state_machine_call(prot);
+    }
 }
 
 static int8_t auth_eap_tls_sec_prot_tls_send(sec_prot_t *tls_prot, void *pdu, uint16_t size)
@@ -318,6 +326,20 @@ static void auth_eap_tls_sec_prot_init_tls(sec_prot_t *prot)
     data->tls_ongoing = true;
 }
 
+static void auth_eap_tls_sec_prot_delete_tls(sec_prot_t *prot)
+{
+    eap_tls_sec_prot_int_t *data = eap_tls_sec_prot_get(prot);
+    // If initialized, TLS terminates on its own
+    if (data->tls_prot) {
+        return;
+    }
+
+    sec_prot_t *tls_prot = prot->type_get(prot, SEC_PROT_TYPE_TLS);
+    if (tls_prot) {
+        tls_prot->finished_send(tls_prot);
+    }
+}
+
 static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
 {
     eap_tls_sec_prot_int_t *data = eap_tls_sec_prot_get(prot);
@@ -399,7 +421,7 @@ static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
             if (data->eap_code == EAP_RESPONSE) {
                 // Handle EAP response, TLS EAP
                 result = auth_eap_tls_sec_prot_message_handle(prot);
-                if (result == EAP_TLS_MSG_ERROR) {
+                if (result == EAP_TLS_MSG_DECODE_ERROR) {
                     return;
                 }
                 if (result == EAP_TLS_MSG_IDENTITY) {
@@ -433,12 +455,18 @@ static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
                     return;
                 }
             } else {
+                // Call from TLS
+                if (data->tls_result == EAP_TLS_RESULT_HANDSHAKE_FATAL_ERROR) {
+                    // Send failure
+                    eap_tls_sec_prot_lib_message_free(&data->tls_send);
+                }
+
                 // Call from TLS
                 data->wait_tls = false;
             }
 
             // TLS EAP message to be send
-            if (data->tls_send.data) {
+            if (data->tls_send.total_len > 0 || result == EAP_TLS_MSG_MORE_FRAG) {
                 data->send_pending = false;
 
                 // Sends EAP request, TLS EAP, TLS exchange
@@ -473,6 +501,7 @@ static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
             break;
 
         case EAP_TLS_STATE_FINISHED:
+            auth_eap_tls_sec_prot_delete_tls(prot);
             prot->timer_stop(prot);
             prot->finished(prot);
             break;

source/Security/protocols/eap_tls_sec_prot/eap_tls_sec_prot_lib.c

@@ -88,7 +88,7 @@ int8_t eap_tls_sec_prot_lib_message_handle(uint8_t *data, uint16_t length, bool
         // Handles the length field
         if (data[0] & EAP_TLS_FRAGMENT_LENGTH) {
             if (length < 5) {
-                return EAP_TLS_MSG_ERROR;
+                return EAP_TLS_MSG_DECODE_ERROR;
             }
 
             uint32_t len = common_read_32_bit(&data[1]);
@@ -100,6 +100,7 @@ int8_t eap_tls_sec_prot_lib_message_handle(uint8_t *data, uint16_t length, bool
             length -= 4;
             data += 4;
         }
+        result = EAP_TLS_MSG_MORE_FRAG;
     } else if (data[0] == 0) {
         // Last (or only) fragment or fragment acknowledge. If sending data
         // updates acknowledged fragments.
@@ -115,6 +116,12 @@ int8_t eap_tls_sec_prot_lib_message_handle(uint8_t *data, uint16_t length, bool
 
     // TLS data not included
     if (length == 0) {
+        if (new_seq_id && result == EAP_TLS_MSG_CONTINUE) {
+            // If received only EAP-TLS header fails, and is not start,
+            // fragment acknowledge or last frame
+            result = EAP_TLS_MSG_FAIL;
+        }
+
         return result;
     }
 

source/Security/protocols/eap_tls_sec_prot/eap_tls_sec_prot_lib.h

@@ -34,15 +34,18 @@ typedef enum {
     EAP_TLS_MSG_START,
     EAP_TLS_MSG_CONTINUE,
     EAP_TLS_MSG_SEND_DONE,
+    EAP_TLS_MSG_MORE_FRAG,
     EAP_TLS_MSG_RECEIVE_DONE,
-    EAP_TLS_MSG_ERROR
+    EAP_TLS_MSG_DECODE_ERROR,
+    EAP_TLS_MSG_FAIL,
 } eap_tls_sec_prot_msg_e;
 
 typedef enum {
     EAP_TLS_RESULT_NONE = 0,
     EAP_TLS_RESULT_ERROR,
     EAP_TLS_RESULT_HANDSHAKE_OVER,
-    EAP_TLS_RESULT_HANDSHAKE_FAILED
+    EAP_TLS_RESULT_HANDSHAKE_FAILED,
+    EAP_TLS_RESULT_HANDSHAKE_FATAL_ERROR,
 } eap_tls_sec_prot_result_e;
 
 typedef struct {

source/Security/protocols/eap_tls_sec_prot/supp_eap_tls_sec_prot.c

@@ -88,6 +88,8 @@ static int8_t supp_eap_tls_sec_prot_message_handle(sec_prot_t *prot);
 static int8_t supp_eap_tls_sec_prot_message_send(sec_prot_t *prot, uint8_t eap_code, uint8_t eap_type, uint8_t tls_state);
 
 static void supp_eap_tls_sec_prot_timer_timeout(sec_prot_t *prot, uint16_t ticks);
+static void supp_eap_tls_sec_prot_init_tls(sec_prot_t *prot);
+static void supp_eap_tls_sec_prot_delete_tls(sec_prot_t *prot);
 
 static void supp_eap_tls_sec_prot_seq_id_update(sec_prot_t *prot);
 
@@ -198,7 +200,7 @@ static int8_t supp_eap_tls_sec_prot_message_handle(sec_prot_t *prot)
     }
 
     if (!data_ptr || length < 6) {
-        return EAP_TLS_MSG_ERROR;
+        return EAP_TLS_MSG_DECODE_ERROR;
     }
 
     length -= 5; // EAP fields: code, id, length, type
@@ -276,14 +278,17 @@ static void supp_eap_tls_sec_prot_tls_finished_indication(sec_prot_t *tls_prot,
 
     if (result == SEC_RESULT_OK) {
         data->tls_result = EAP_TLS_RESULT_HANDSHAKE_OVER;
+    } else if (result == SEC_RESULT_CONF_ERROR) {
+        data->tls_result = EAP_TLS_RESULT_HANDSHAKE_FATAL_ERROR;
     } else {
+        // On failure has sent ALERT
         data->tls_result = EAP_TLS_RESULT_HANDSHAKE_FAILED;
     }
 
     data->tls_ongoing = false;
 
-    if (result == SEC_RESULT_OK) {
-        // On failure has sent ALERT, on success calls state machine to sent empty EAP-TLS message
+    if (data->tls_result == EAP_TLS_RESULT_HANDSHAKE_OVER || data->tls_result == EAP_TLS_RESULT_HANDSHAKE_FATAL_ERROR) {
+        // On fatal error and on success calls state machine to sent empty EAP-TLS message
         prot->state_machine_call(prot);
     }
 }
@@ -333,6 +338,20 @@ static void supp_eap_tls_sec_prot_init_tls(sec_prot_t *prot)
     data->tls_ongoing = true;
 }
 
+static void supp_eap_tls_sec_prot_delete_tls(sec_prot_t *prot)
+{
+    eap_tls_sec_prot_int_t *data = eap_tls_sec_prot_get(prot);
+    // If initialized, TLS terminates on its own
+    if (data->tls_prot) {
+        return;
+    }
+
+    sec_prot_t *tls_prot = prot->type_get(prot, SEC_PROT_TYPE_TLS);
+    if (tls_prot) {
+        tls_prot->finished_send(tls_prot);
+    }
+}
+
 static void supp_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
 {
     eap_tls_sec_prot_int_t *data = eap_tls_sec_prot_get(prot);
@@ -432,7 +451,7 @@ static void supp_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
             } else if (data->eap_code == EAP_REQ) {
                 // EAP request, handle EAP request, TLS EAP
                 result = supp_eap_tls_sec_prot_message_handle(prot);
-                if (result == EAP_TLS_MSG_ERROR) {
+                if (result == EAP_TLS_MSG_DECODE_ERROR) {
                     return;
                 }
 
@@ -454,9 +473,8 @@ static void supp_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
                     return;
                 }
             } else {
-                // Call from TLS
                 data->wait_tls = false;
-                if (!data->tls_send.data) {
+                if (!data->tls_send.data || data->tls_result == EAP_TLS_RESULT_HANDSHAKE_FATAL_ERROR) {
                     // If no more data send response, TLS EAP (empty)
                     eap_tls_sec_prot_lib_message_allocate(&data->tls_send, TLS_HEAD_LEN, 0);
                 }
@@ -478,6 +496,7 @@ static void supp_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
             break;
 
         case EAP_TLS_STATE_FINISHED:
+            supp_eap_tls_sec_prot_delete_tls(prot);
             prot->timer_stop(prot);
             prot->finished(prot);
             break;

source/Security/protocols/sec_prot.h

@@ -31,7 +31,8 @@ typedef enum {
     SEC_RESULT_OK = 0,
     SEC_RESULT_ERR_NO_MEM = -1,
     SEC_RESULT_TIMEOUT = -2,
-    SEC_RESULT_ERROR = -3
+    SEC_RESULT_ERROR = -3,
+    SEC_RESULT_CONF_ERROR = -4
 } sec_prot_result_e;
 
 typedef enum {
@@ -102,6 +103,14 @@ typedef void sec_prot_finished_indication(sec_prot_t *prot, sec_prot_result_e re
  */
 typedef void sec_prot_finished(sec_prot_t *prot);
 
+/**
+ * sec_prot_finished_send Security protocol finished send
+ *
+ * \param prot protocol
+ *
+ */
+typedef void sec_prot_finished_send(sec_prot_t *prot);
+
 /**
  * sec_prot_receive receive a message
  *
@@ -207,6 +216,7 @@ struct sec_prot_s {
     sec_prot_create_indication    *create_ind;           /**< Create indication */
     sec_prot_finished_indication  *finished_ind;         /**< Finished indication */
     sec_prot_finished             *finished;             /**< Finished i.e. ready to be deleted */
+    sec_prot_finished_send        *finished_send;        /**< Send finished */
 
     sec_prot_send                 *send;                 /**< Protocol send */
     sec_prot_receive              *receive;              /**< Protocol receive */

source/Security/protocols/tls_sec_prot/tls_sec_prot.c

@@ -75,6 +75,7 @@ static void tls_sec_prot_create_request(sec_prot_t *prot, sec_prot_keys_t *sec_k
 static void tls_sec_prot_create_response(sec_prot_t *prot, sec_prot_result_e result);
 static void tls_sec_prot_delete(sec_prot_t *prot);
 static int8_t tls_sec_prot_receive(sec_prot_t *prot, void *pdu, uint16_t size);
+static void tls_sec_prot_finished_send(sec_prot_t *prot);
 
 static void client_tls_sec_prot_state_machine(sec_prot_t *prot);
 static void server_tls_sec_prot_state_machine(sec_prot_t *prot);
@@ -130,6 +131,7 @@ static int8_t client_tls_sec_prot_init(sec_prot_t *prot)
     prot->delete = tls_sec_prot_delete;
     prot->state_machine = client_tls_sec_prot_state_machine;
     prot->timer_timeout = tls_sec_prot_timer_timeout;
+    prot->finished_send = tls_sec_prot_finished_send;
 
     tls_sec_prot_int_t *data = tls_sec_prot_get(prot);
 
@@ -156,6 +158,7 @@ static int8_t server_tls_sec_prot_init(sec_prot_t *prot)
     prot->delete = tls_sec_prot_delete;
     prot->state_machine = server_tls_sec_prot_state_machine;
     prot->timer_timeout = tls_sec_prot_timer_timeout;
+    prot->finished_send = tls_sec_prot_finished_send;
 
     tls_sec_prot_int_t *data = tls_sec_prot_get(prot);
 
@@ -213,6 +216,13 @@ static int8_t tls_sec_prot_receive(sec_prot_t *prot, void *pdu, uint16_t size)
     return 0;
 }
 
+static void tls_sec_prot_finished_send(sec_prot_t *prot)
+{
+    tls_sec_prot_int_t *data = tls_sec_prot_get(prot);
+    prot->timer_start(prot);
+    sec_prot_state_set(prot, &data->common, TLS_STATE_FINISHED);
+}
+
 static void tls_sec_prot_timer_timeout(sec_prot_t *prot, uint16_t ticks)
 {
     tls_sec_prot_int_t *data = tls_sec_prot_get(prot);
@@ -264,7 +274,9 @@ static void client_tls_sec_prot_state_machine(sec_prot_t *prot)
 
         case TLS_STATE_CONFIGURE:
             if (tls_sec_prot_tls_configure_and_connect(prot, false) < 0) {
+                sec_prot_result_set(&data->common, SEC_RESULT_CONF_ERROR);
                 sec_prot_state_set(prot, &data->common, TLS_STATE_FINISH);
+                return;
             }
             sec_prot_state_set(prot, &data->common, TLS_STATE_PROCESS);
             prot->state_machine(prot);
@@ -335,7 +347,7 @@ static void server_tls_sec_prot_state_machine(sec_prot_t *prot)
         // Wait EAP request, Identity (starts handshake on supplicant)
         case TLS_STATE_CLIENT_HELLO:
 
-            tr_debug("EAP-TLS start");
+            tr_debug("TLS start");
 
             prot->timer_start(prot);
 
@@ -358,7 +370,9 @@ static void server_tls_sec_prot_state_machine(sec_prot_t *prot)
 
         case TLS_STATE_CONFIGURE:
             if (tls_sec_prot_tls_configure_and_connect(prot, true) < 0) {
+                sec_prot_result_set(&data->common, SEC_RESULT_CONF_ERROR);
                 sec_prot_state_set(prot, &data->common, TLS_STATE_FINISH);
+                return;
             }
             sec_prot_state_set(prot, &data->common, TLS_STATE_PROCESS);
             prot->state_machine(prot);