Corrected defects and coding style

Author: Mika Leppänen

source/6LoWPAN/ws/ws_pae_auth.c

@@ -554,10 +554,10 @@ static kmp_api_t *ws_pae_auth_kmp_create_and_start(kmp_service_t *service, kmp_t
     }
 
     kmp_api_cb_register(kmp,
-        ws_pae_auth_kmp_api_create_confirm,
-        ws_pae_auth_kmp_api_create_indication,
-        ws_pae_auth_kmp_api_finished_indication,
-        ws_pae_auth_kmp_api_finished);
+                        ws_pae_auth_kmp_api_create_confirm,
+                        ws_pae_auth_kmp_api_create_indication,
+                        ws_pae_auth_kmp_api_finished_indication,
+                        ws_pae_auth_kmp_api_finished);
 
     kmp_api_data_set(kmp, supp_entry);
 

source/Security/protocols/eap_tls_sec_prot/auth_eap_tls_sec_prot.c

@@ -56,16 +56,16 @@ typedef enum {
 typedef struct {
     sec_prot_common_t             common;           /**< Common data */
     sec_prot_t                    *tls_prot;        /**< TLS security protocol */
-    uint8_t                       eap_id_seq;       /**< EAP sequence */
     eapol_pdu_t                   recv_eapol_pdu;   /**< Received EAPOL PDU */
-    uint8_t                       eap_code;         /**< Received EAP code */
-    uint8_t                       eap_type;         /**< Received EAP type */
     tls_data_t                    tls_send;         /**< EAP-TLS send buffer */
     tls_data_t                    tls_recv;         /**< EAP-TLS receive buffer */
+    uint8_t                       eap_id_seq;       /**< EAP sequence */
+    uint8_t                       eap_code;         /**< Received EAP code */
+    uint8_t                       eap_type;         /**< Received EAP type */
     int8_t                        tls_result;       /**< Result of TLS operation */
-    bool                          wait_tls;         /**< Wait TLS (ECC calculation) before sending EAP-TLS message */
-    bool                          tls_ongoing;      /**< TLS handshake is ongoing */
-    bool                          send_pending;     /**< TLS data is not yet send to network */
+    bool                          wait_tls: 1;      /**< Wait TLS (ECC calculation) before sending EAP-TLS message */
+    bool                          tls_ongoing: 1;   /**< TLS handshake is ongoing */
+    bool                          send_pending: 1;  /**< TLS data is not yet send to network */
 } eap_tls_sec_prot_int_t;
 
 static const trickle_params_t eap_tls_trickle_params = {
@@ -194,8 +194,8 @@ static int8_t auth_eap_tls_sec_prot_message_handle(sec_prot_t *prot)
     }
 
     tr_debug("recv EAP %s type %s id %i flags %x len %i", eap_msg_trace[data->eap_code - 1],
-        data->eap_type == EAP_IDENTITY ? "IDENTITY" : "TLS", data->recv_eapol_pdu.msg.eap.id_seq,
-        length >= 6 ? data_ptr[0] : 0, length);
+             data->eap_type == EAP_IDENTITY ? "IDENTITY" : "TLS", data->recv_eapol_pdu.msg.eap.id_seq,
+             length >= 6 ? data_ptr[0] : 0, length);
 
     if (data->eap_type == EAP_IDENTITY) {
         return EAP_TLS_MSG_IDENTITY;
@@ -342,7 +342,7 @@ static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
             auth_eap_tls_sec_prot_seq_id_update(prot);
 
             // Sends EAP request, Identity
-            auth_eap_tls_sec_prot_message_send(prot, EAP_REQ , EAP_IDENTITY, EAP_TLS_EXCHANGE_NONE);
+            auth_eap_tls_sec_prot_message_send(prot, EAP_REQ, EAP_IDENTITY, EAP_TLS_EXCHANGE_NONE);
 
             // Start trickle timer to re-send if no response
             sec_prot_timer_trickle_start(&data->common, &eap_tls_trickle_params);
@@ -424,16 +424,16 @@ static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
                             data->wait_tls = true;
                         }
                     }
-                // All fragments send for a message, no new fragment received
                 } else if (result == EAP_TLS_MSG_SEND_DONE) {
+                    // All fragments send for a message, no new fragment received
                     eap_tls_sec_prot_lib_message_free(&data->tls_send);
                 }
                 // Wait TLS to process the received message
                 if (data->wait_tls) {
                     return;
                 }
-            // Call from TLS
             } else {
+                // Call from TLS
                 data->wait_tls = false;
             }
 
@@ -446,8 +446,8 @@ static void auth_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
 
                 // Start trickle timer to re-send if no response
                 sec_prot_timer_trickle_start(&data->common, &eap_tls_trickle_params);
-            // TLS done, indicate success to peer
             } else {
+                // TLS done, indicate success to peer
                 if (data->tls_result == EAP_TLS_RESULT_HANDSHAKE_OVER) {
                     // Sends EAP success
                     auth_eap_tls_sec_prot_message_send(prot, EAP_SUCCESS, 0, EAP_TLS_EXCHANGE_NONE);

source/Security/protocols/eap_tls_sec_prot/eap_tls_sec_prot_lib.c

@@ -21,6 +21,7 @@
 #include "ns_list.h"
 #include "ns_trace.h"
 #include "nsdynmemLIB.h"
+#include "common_functions.h"
 #include "fhss_config.h"
 #include "NWK_INTERFACE/Include/protocol.h"
 #include "6LoWPAN/ws/ws_config.h"
@@ -46,11 +47,9 @@ const uint8_t eap_msg_trace[4][10] = {"REQ", "RESPONSE", "SUCCESS", "FAILURE"};
 
 int8_t eap_tls_sec_prot_lib_message_allocate(tls_data_t *data, uint8_t head_len, uint16_t len)
 {
-    if (data->data) {
-        ns_dyn_mem_free(data->data);
-    }
+    ns_dyn_mem_free(data->data);
 
-    data->data = ns_dyn_mem_alloc(head_len + len);
+    data->data = ns_dyn_mem_temporary_alloc(head_len + len);
     if (!data->data) {
         return -1;
     }
@@ -62,9 +61,7 @@ int8_t eap_tls_sec_prot_lib_message_allocate(tls_data_t *data, uint8_t head_len,
 
 void eap_tls_sec_prot_lib_message_free(tls_data_t *data)
 {
-    if (data->data) {
-        ns_dyn_mem_free(data->data);
-    }
+    ns_dyn_mem_free(data->data);
     data->handled_len = 0;
     data->data = 0;
     data->total_len = 0;
@@ -84,26 +81,28 @@ int8_t eap_tls_sec_prot_lib_message_handle(uint8_t *data, uint16_t length, bool
     // EAP-TLS start
     if (data[0] & EAP_TLS_START) {
         result = EAP_TLS_MSG_START;
-    // More fragments
     } else if (data[0] & EAP_TLS_MORE_FRAGMENTS) {
+        // More fragments
         eap_tls_sec_prot_lib_message_allocate(tls_send, TLS_HEAD_LEN, 0);
 
         // Handles the length field
         if (data[0] & EAP_TLS_FRAGMENT_LENGTH) {
             if (length < 5) {
                 return EAP_TLS_MSG_ERROR;
             }
-            uint32_t len = (data[3] << 8) | (data[4] & 0xff);
+
+            uint32_t len = common_read_32_bit(&data[1]);
+
             //For first fragment allocates data for incoming TLS packet
             if (!tls_recv->data) {
                 eap_tls_sec_prot_lib_message_allocate(tls_recv, 0, len);
             }
             length -= 4;
             data += 4;
         }
-    // Last (or only) fragment or fragment acknowledge
     } else if (data[0] == 0) {
-        // If sending data updates acknowledged fragments
+        // Last (or only) fragment or fragment acknowledge. If sending data
+        // updates acknowledged fragments.
         if (new_seq_id && eap_tls_sec_prot_lib_ack_update(tls_send)) {
             // All send, free data
             eap_tls_sec_prot_lib_message_allocate(tls_send, TLS_HEAD_LEN, 0);
@@ -143,7 +142,7 @@ uint8_t *eap_tls_sec_prot_lib_message_build(uint8_t eap_code, uint8_t eap_type,
     }
 
     tr_debug("send EAP %s type %s id %i flags %x len %i", eap_msg_trace[eap_code - 1],
-        eap_type == EAP_IDENTITY ? "IDENTITY" : "TLS", eap_id_seq, flags, eap_len);
+             eap_type == EAP_IDENTITY ? "IDENTITY" : "TLS", eap_id_seq, flags, eap_len);
 
     eapol_pdu_t eapol_pdu;
 
@@ -166,8 +165,8 @@ static int8_t eap_tls_sec_prot_lib_ack_update(tls_data_t *tls)
     }
 
     if (tls->handled_len + TLS_FRAGMENT_LEN < tls->total_len) {
-         tls->handled_len += TLS_FRAGMENT_LEN;
-         return false;
+        tls->handled_len += TLS_FRAGMENT_LEN;
+        return false;
     }
 
     tls->handled_len = tls->total_len;
@@ -208,10 +207,7 @@ static uint8_t *eap_tls_sec_prot_lib_fragment_write(uint8_t *data, uint16_t tota
             *message_len += 4;
             *flags |= EAP_TLS_MORE_FRAGMENTS | EAP_TLS_FRAGMENT_LENGTH;
             data_begin[0] = *flags;
-            data_begin[1] = 0x00;
-            data_begin[2] = 0x00;
-            data_begin[3] = total_len >> 8;
-            data_begin[4] = total_len & 0x00FF;
+            common_write_32_bit(total_len, &data_begin[1]);
         } else {
             *flags |= EAP_TLS_MORE_FRAGMENTS;
             data_begin[0] = *flags;

source/Security/protocols/eap_tls_sec_prot/eap_tls_sec_prot_lib.h

@@ -30,12 +30,12 @@ typedef enum {
 } eap_tls_sec_prot_tls_exchange_e;
 
 typedef enum {
-     EAP_TLS_MSG_IDENTITY = 0,
-     EAP_TLS_MSG_START,
-     EAP_TLS_MSG_CONTINUE,
-     EAP_TLS_MSG_SEND_DONE,
-     EAP_TLS_MSG_RECEIVE_DONE,
-     EAP_TLS_MSG_ERROR
+    EAP_TLS_MSG_IDENTITY = 0,
+    EAP_TLS_MSG_START,
+    EAP_TLS_MSG_CONTINUE,
+    EAP_TLS_MSG_SEND_DONE,
+    EAP_TLS_MSG_RECEIVE_DONE,
+    EAP_TLS_MSG_ERROR
 } eap_tls_sec_prot_msg_e;
 
 typedef enum {

source/Security/protocols/eap_tls_sec_prot/supp_eap_tls_sec_prot.c

@@ -56,16 +56,16 @@ typedef enum {
 typedef struct {
     sec_prot_common_t             common;           /**< Common data */
     sec_prot_t                    *tls_prot;        /**< TLS security protocol */
-    uint8_t                       eap_id_seq;       /**< EAP sequence */
     eapol_pdu_t                   recv_eapol_pdu;   /**< Received EAPOL PDU */
-    uint8_t                       eap_code;         /**< Received EAP code */
-    uint8_t                       eap_type;         /**< Received EAP type */
     tls_data_t                    tls_send;         /**< EAP-TLS send buffer */
     tls_data_t                    tls_recv;         /**< EAP-TLS receive buffer */
+    uint8_t                       eap_id_seq;       /**< EAP sequence */
+    uint8_t                       eap_code;         /**< Received EAP code */
+    uint8_t                       eap_type;         /**< Received EAP type */
     int8_t                        tls_result;       /**< Result of TLS operation */
-    bool                          wait_tls;         /**< Wait TLS (ECC calculation) before sending EAP-TLS message */
-    bool                          tls_ongoing;      /**< TLS handshake is ongoing */
-    bool                          send_pending;     /**< TLS data is not yet send to network */
+    bool                          wait_tls: 1;      /**< Wait TLS (ECC calculation) before sending EAP-TLS message */
+    bool                          tls_ongoing: 1;   /**< TLS handshake is ongoing */
+    bool                          send_pending: 1;  /**< TLS data is not yet send to network */
 } eap_tls_sec_prot_int_t;
 
 static const trickle_params_t eap_tls_trickle_params = {
@@ -190,8 +190,8 @@ static int8_t supp_eap_tls_sec_prot_message_handle(sec_prot_t *prot)
     }
 
     tr_debug("recv EAP %s type %s id %i flags %x len %i", eap_msg_trace[data->eap_code - 1],
-        data->eap_type == EAP_IDENTITY ? "IDENTITY" : "TLS", data->recv_eapol_pdu.msg.eap.id_seq,
-        length >= 6 ? data_ptr[0] : 0, length);
+             data->eap_type == EAP_IDENTITY ? "IDENTITY" : "TLS", data->recv_eapol_pdu.msg.eap.id_seq,
+             length >= 6 ? data_ptr[0] : 0, length);
 
     if (data->eap_type == EAP_IDENTITY) {
         return EAP_TLS_MSG_IDENTITY;
@@ -429,9 +429,8 @@ static void supp_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
                 sec_prot_result_set(&data->common, SEC_RESULT_ERROR);
                 sec_prot_state_set(prot, &data->common, EAP_TLS_STATE_FINISH);
                 return;
-            // EAP request
             } else if (data->eap_code == EAP_REQ) {
-                // Handle EAP request, TLS EAP
+                // EAP request, handle EAP request, TLS EAP
                 result = supp_eap_tls_sec_prot_message_handle(prot);
                 if (result == EAP_TLS_MSG_ERROR) {
                     return;
@@ -454,8 +453,8 @@ static void supp_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
                 if (data->wait_tls) {
                     return;
                 }
-            // Call from TLS
             } else {
+                // Call from TLS
                 data->wait_tls = false;
                 if (!data->tls_send.data) {
                     // If no more data send response, TLS EAP (empty)

source/Security/protocols/sec_prot_keys.h

@@ -43,9 +43,9 @@
 typedef struct {
     uint8_t             key[GTK_LEN];                 /**< Group Transient Key (128 bits) */
     uint32_t            lifetime;                     /**< Lifetime is seconds */
-    bool                set;                          /**< Group Transient Key set (valid value) */
-    bool                live;                         /**< Group Transient Key live (as indicated by authenticator) */
-    bool                hash;                         /**< Group Transient Key matches to hash */
+    bool                set: 1;                       /**< Group Transient Key set (valid value) */
+    bool                live: 1;                      /**< Group Transient Key live (as indicated by authenticator) */
+    bool                hash: 1;                      /**< Group Transient Key matches to hash */
 } gtk_key_t;
 
 typedef struct {
@@ -60,7 +60,7 @@ typedef struct {
     int8_t                 gtk_set_index;             /**< Group Transient Key to insert */
     sec_prot_gtk_keys_t    *gtks;                     /**< Group Transient Keys */
     const sec_prot_certs_t *certs;                    /**< Certificates */
-    bool                   pmk_set;                   /**< Pairwise Master Key set */
+    bool                   pmk_set: 1;                /**< Pairwise Master Key set */
 } sec_prot_keys_t;
 
 /**

source/Security/protocols/tls_sec_prot/tls_sec_prot.c

@@ -528,8 +528,8 @@ static int8_t tls_sec_prot_tls_configure_and_connect(sec_prot_t *prot, bool is_s
     }
 
     tls_sec_prot_lib_set_cb_register((tls_security_t *)&data->tls_sec_inst, prot,
-        tls_sec_prot_tls_send, tls_sec_prot_tls_receive, tls_sec_prot_tls_export_keys,
-        tls_sec_prot_tls_set_timer, tls_sec_prot_tls_get_timer);
+                                     tls_sec_prot_tls_send, tls_sec_prot_tls_receive, tls_sec_prot_tls_export_keys,
+                                     tls_sec_prot_tls_set_timer, tls_sec_prot_tls_get_timer);
 
     if (tls_sec_prot_lib_connect((tls_security_t *)&data->tls_sec_inst, is_server, prot->sec_keys->certs) < 0) {
         return -1;

source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c

@@ -22,6 +22,7 @@
 #include "ns_list.h"
 #include "ns_trace.h"
 #include "nsdynmemLIB.h"
+#include "common_functions.h"
 #include "Security/protocols/sec_prot_certs.h"
 #include "Security/protocols/tls_sec_prot/tls_sec_prot_lib.h"
 #include "mbedtls/sha256.h"
@@ -74,7 +75,7 @@ static int tls_sec_lib_entropy_poll(void *data, unsigned char *output, size_t le
 static int tls_sec_prot_lib_ssl_send(void *ctx, const unsigned char *buf, size_t len);
 static int tls_sec_prot_lib_ssl_recv(void *ctx, unsigned char *buf, size_t len);
 static int tls_sec_prot_lib_ssl_export_keys(void *ctx, const unsigned char *ms,
-    const unsigned char *kb, size_t maclen, size_t keylen, size_t ivlen);
+                                            const unsigned char *kb, size_t maclen, size_t keylen, size_t ivlen);
 static void tls_sec_prot_lib_random_extract(tls_security_t *sec, const uint8_t *buf, uint16_t len);
 #ifdef TLS_SEC_PROT_LIB_TLS_DEBUG
 static void tls_sec_prot_lib_debug(void *ctx, int level, const char *file, int line, const char *string);
@@ -95,12 +96,12 @@ int8_t tls_sec_prot_lib_init(tls_security_t *sec)
     mbedtls_pk_init(&sec->pkey);
 
     if (mbedtls_entropy_add_source(&sec->entropy, tls_sec_lib_entropy_poll, NULL,
-        128, MBEDTLS_ENTROPY_SOURCE_WEAK) < 0) {
+                                   128, MBEDTLS_ENTROPY_SOURCE_WEAK) < 0) {
         return -1;
     }
 
     if ((mbedtls_ctr_drbg_seed(&sec->ctr_drbg, mbedtls_entropy_func, &sec->entropy,
-        (const unsigned char *) pers, strlen(pers))) != 0) {
+                               (const unsigned char *) pers, strlen(pers))) != 0) {
         return -1;
     }
 
@@ -113,9 +114,9 @@ uint16_t tls_sec_prot_lib_size(void)
 }
 
 void tls_sec_prot_lib_set_cb_register(tls_security_t *sec, void *handle,
-     tls_sec_prot_lib_send *send, tls_sec_prot_lib_receive *receive,
-     tls_sec_prot_lib_export_keys *export_keys, tls_sec_prot_lib_set_timer *set_timer,
-     tls_sec_prot_lib_get_timer *get_timer)
+                                      tls_sec_prot_lib_send *send, tls_sec_prot_lib_receive *receive,
+                                      tls_sec_prot_lib_export_keys *export_keys, tls_sec_prot_lib_set_timer *set_timer,
+                                      tls_sec_prot_lib_get_timer *get_timer)
 {
     if (!sec) {
         return;
@@ -159,7 +160,7 @@ static int tls_sec_prot_lib_configure_certificates(tls_security_t *sec, const se
             break;
         }
         if (mbedtls_x509_crt_parse(&sec->owncert, cert, cert_len) < 0) {
-           return -1;
+            return -1;
         }
         index++;
     }
@@ -238,8 +239,10 @@ int8_t tls_sec_prot_lib_connect(tls_security_t *sec, bool is_server, const sec_p
     // Configure random number generator
     mbedtls_ssl_conf_rng(&sec->conf, mbedtls_ctr_drbg_random, &sec->ctr_drbg);
 
+#ifdef MBEDTLS_ECP_RESTARTABLE
     // Set ECC calculation maximum operations (affects only client)
     mbedtls_ecp_set_max_ops(ECC_CALCULATION_MAX_OPS);
+#endif
 
     if ((mbedtls_ssl_setup(&sec->ssl, &sec->conf)) != 0) {
         return -1;
@@ -392,7 +395,8 @@ static void tls_sec_prot_lib_random_extract(tls_security_t *sec, const uint8_t *
 }
 
 static int tls_sec_prot_lib_ssl_export_keys(void *ctx, const unsigned char *ms,
-    const unsigned char *kb, size_t maclen, size_t keylen, size_t ivlen)
+                                            const unsigned char *kb, size_t maclen,
+                                            size_t keylen, size_t ivlen)
 {
     (void) kb;
     (void) maclen;
@@ -407,7 +411,7 @@ static int tls_sec_prot_lib_ssl_export_keys(void *ctx, const unsigned char *ms,
     memcpy(&random[32], sec->server_random, 32);
 
     sec->ssl.handshake->tls_prf(ms, 48, "client EAP encryption",
-       random, 64, eap_tls_key_material, 128);
+                                random, 64, eap_tls_key_material, 128);
 
     sec->export_keys(sec->handle, ms, eap_tls_key_material);
     return 0;

source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.h

@@ -129,9 +129,9 @@ typedef void tls_sec_prot_lib_export_keys(void *handle, const uint8_t *master_se
  *
  */
 void tls_sec_prot_lib_set_cb_register(tls_security_t *sec, void *handle,
-     tls_sec_prot_lib_send *send, tls_sec_prot_lib_receive *receive,
-     tls_sec_prot_lib_export_keys *export_keys, tls_sec_prot_lib_set_timer *set_timer,
-     tls_sec_prot_lib_get_timer *get_timer);
+                                      tls_sec_prot_lib_send *send, tls_sec_prot_lib_receive *receive,
+                                      tls_sec_prot_lib_export_keys *export_keys, tls_sec_prot_lib_set_timer *set_timer,
+                                      tls_sec_prot_lib_get_timer *get_timer);
 
 /**
  * tls_sec_prot_lib_free free security library internal data (e.g. TLS data)