Added 4WH,GKH and EAP-TLS module and modified kmp service

Author: Mika Leppänen

source/6LoWPAN/ws/ws_bootstrap.c

@@ -1566,6 +1566,10 @@ static void ws_bootstrap_rpl_callback(rpl_event_t event, void *handle)
         if (instance && rpl_control_read_dodag_info(instance, &dodag_info)) {
             tr_debug("Enable DHCPv6 relay");
             dhcp_relay_agent_enable(cur->id, dodag_info.dodag_id);
+
+            tr_debug("Enable EAPOL relay");
+            ws_eapol_supp_relay_init(cur);
+            ws_eapol_supp_relay_start(dodag_info.dodag_id);
         }
 
         ws_set_fhss_hop(cur);
@@ -2087,12 +2091,6 @@ static void ws_bootstrap_event_handler(arm_event_s *event)
             cur->ws_info->trickle_pcs_running = false;
 
             ws_bootstrap_advertise_start(cur);
-
-            if (cur->bootsrap_mode != ARM_NWK_BOOTSRAP_MODE_6LoWPAN_BORDER_ROUTER) {
-                ws_eapol_supp_relay_init(cur);
-                ws_eapol_supp_relay_start();
-            }
-
             ws_bootstrap_state_change(cur, ER_BOOTSRAP_DONE);
             break;
         case WS_ADDRESS_ADDED:

source/6LoWPAN/ws/ws_eapol_auth_relay.c

@@ -121,14 +121,12 @@ static int8_t ws_eapol_auth_relay_socket_pdu_receive(const ns_address_t *src_add
 
 static int8_t ws_eapol_auth_relay_send_to_kmp(const uint8_t *eui_64, const uint8_t *ip_addr, uint16_t port, const void *data, uint16_t data_len)
 {
-
-
     ns_address_t dest_addr;
+
     if (ws_eapol_relay_kmp_ll_address_get(&dest_addr) < 0) {
         return -1;
     }
 
-
     int8_t socket_id = ws_eapol_relay_socket_id_get();
     if (socket_id >= 0) {
         uint8_t temp_array[26];
@@ -159,4 +157,3 @@ static int8_t ws_eapol_auth_relay_send_to_kmp(const uint8_t *eui_64, const uint8
 }
 
 #endif /* HAVE_WS */
-

source/6LoWPAN/ws/ws_eapol_relay.c

@@ -15,7 +15,6 @@
  * limitations under the License.
  */
 
-
 #include "nsconfig.h"
 #include <string.h>
 #include "ns_types.h"
@@ -58,11 +57,15 @@ int8_t ws_eapol_relay_init(protocol_interface_info_entry_t *interface_ptr)
        if (!eapol_relay_data) {
            return -1;
        }
+       eapol_relay_data->relay_socket_id = -1;
     }
     eapol_relay_data->interface_ptr = interface_ptr;
-    eapol_relay_data->relay_socket_id = socket_open(IPV6_NH_UDP, 10253, &ws_eapol_relay_socket_cb);
-    if (eapol_relay_data->relay_socket_id < 0) {
-        return -1;
+
+    if (eapol_relay_data->relay_socket_id  < 0) {
+        eapol_relay_data->relay_socket_id = socket_open(IPV6_NH_UDP, 10253, &ws_eapol_relay_socket_cb);
+        if (eapol_relay_data->relay_socket_id < 0) {
+            return -1;
+        }
     }
 
     return 0;
@@ -78,24 +81,6 @@ int8_t ws_eapol_relay_cb_register(ws_eapol_relay_socket_pdu_receive *sock_pdu_re
     return 0;
 }
 
-int8_t ws_eapol_relay_border_router_addr_get(uint8_t *addr)
-{
-    if (!eapol_relay_data) {
-        return -1;
-    }
-
-    rpl_dodag_info_t dodag_info;
-    struct rpl_instance *instance = rpl_control_enumerate_instances(eapol_relay_data->interface_ptr->rpl_domain, NULL);
-
-    if (instance && rpl_control_read_dodag_info(instance, &dodag_info)) {
-       // Route to border router
-       memcpy(addr, dodag_info.dodag_id, 16);
-       return 0;
-    } else {
-        return -1;
-    }
-}
-
 int8_t ws_eapol_relay_send_to_relay(const uint8_t *eui_64, const uint8_t *ip_addr, uint16_t port, const void *data, uint16_t data_len)
 {
 
@@ -128,7 +113,6 @@ int8_t ws_eapol_relay_kmp_ll_address_get(ns_address_t *addr)
     }
     addr->type = ADDRESS_IPV6;
     addr->identifier = 10254;
-
     return 0;
 }
 
@@ -138,7 +122,7 @@ int8_t ws_eapol_relay_socket_pdu_send(const ns_address_t *addr, const void *data
         return -1;
     }
 
-    if (socket_sendto(eapol_relay_data->relay_socket_id , addr, data, len) != len) {
+    if (socket_sendto(eapol_relay_data->relay_socket_id, addr, data, len) != len) {
         return -1;
     }
     return 0;

source/6LoWPAN/ws/ws_eapol_relay.h

@@ -23,7 +23,6 @@ int8_t ws_eapol_relay_init(protocol_interface_info_entry_t *interface_ptr);
 typedef int8_t ws_eapol_relay_socket_pdu_receive(const ns_address_t *src_addr, void *data, uint16_t len);
 int8_t ws_eapol_relay_cb_register(ws_eapol_relay_socket_pdu_receive *sock_pdu_recv);
 
-int8_t ws_eapol_relay_border_router_addr_get(uint8_t *addr);
 int8_t ws_eapol_relay_kmp_ll_address_get(ns_address_t *addr);
 int8_t ws_eapol_relay_socket_pdu_send(const ns_address_t *addr, const void *data, uint16_t len);
 int8_t ws_eapol_relay_socket_id_get(void);

source/6LoWPAN/ws/ws_eapol_supp_relay.c

@@ -43,7 +43,7 @@ static int8_t ws_eapol_supp_relay_eapol_pdu_address_check(const uint8_t *eui_64)
 static int8_t ws_eapol_supp_relay_eapol_pdu_receive(const uint8_t *eui_64, const void *pdu, uint16_t size);
 static int8_t ws_eapol_supp_relay_socket_pdu_receive(const ns_address_t *src_addr, void *data, uint16_t len);
 
-static ws_eapol_supp_relay_address_get *br_relay_addr_get;
+static uint8_t supp_br_addr[16];
 
 int8_t ws_eapol_supp_relay_init(protocol_interface_info_entry_t *interface_ptr)
 {
@@ -67,14 +67,9 @@ int8_t ws_eapol_supp_relay_init(protocol_interface_info_entry_t *interface_ptr)
     return 0;
 }
 
-int8_t ws_eapol_supp_relay_start(void)
+int8_t ws_eapol_supp_relay_start(uint8_t *br_addr)
 {
-    return 0;
-}
-
-int8_t ws_eapol_supp_relay_cb_register(ws_eapol_supp_relay_address_get *addr_get)
-{
-    br_relay_addr_get = addr_get;
+    memcpy(supp_br_addr, br_addr, 16);
     return 0;
 }
 
@@ -88,22 +83,7 @@ static int8_t ws_eapol_supp_relay_eapol_pdu_address_check(const uint8_t *eui_64)
 
 static int8_t ws_eapol_supp_relay_eapol_pdu_receive(const uint8_t *eui_64, const void *pdu, uint16_t size)
 {
-#if 0
-    const uint8_t *relay_addr = 0;
-    if (br_relay_addr_get) {
-        relay_addr = br_relay_addr_get();
-    } else {
-        return -1;
-    }
-#endif
-
-    uint8_t br_addr[16];
-
-    if (ws_eapol_relay_border_router_addr_get(br_addr) < 0) {
-        return -1;
-    }
-
-    ws_eapol_relay_send_to_relay(eui_64, br_addr, 10253, pdu, size);
+    ws_eapol_relay_send_to_relay(eui_64, supp_br_addr, 10253, pdu, size);
 
     return 0;
 }

source/6LoWPAN/ws/ws_eapol_supp_relay.h

@@ -19,9 +19,6 @@
 #define WS_EAPOL_SUPP_RELAY_H_
 
 int8_t ws_eapol_supp_relay_init(protocol_interface_info_entry_t *interface_ptr);
-int8_t ws_eapol_supp_relay_start(void);
-
-typedef const uint8_t *ws_eapol_supp_relay_address_get(void);
-int8_t ws_eapol_supp_relay_cb_register(ws_eapol_supp_relay_address_get *addr_get);
+int8_t ws_eapol_supp_relay_start(uint8_t *br_addr);
 
 #endif /* WS_EAPOL_SUPP_RELAY_H_ */

source/6LoWPAN/ws/ws_pae_auth.c

@@ -27,6 +27,11 @@
 #include "Security/kmp/kmp_addr.h"
 #include "Security/kmp/kmp_api.h"
 #include "Security/kmp/kmp_socket_if.h"
+#include "Security/kmp/sec_prot.h"
+#include "Security/kmp/key_sec_prot.h"
+#include "Security/kmp/eap_tls_sec_prot.h"
+#include "Security/kmp/fwh_sec_prot.h"
+#include "Security/kmp/gkh_sec_prot.h"
 #include "6LoWPAN/ws/ws_pae_controller.h"
 #include "6LoWPAN/ws/ws_pae_auth.h"
 #include "6LoWPAN/ws/ws_pae_lib.h"
@@ -36,15 +41,16 @@
 #define TRACE_GROUP "wspsu"
 
 typedef struct {
-    kmp_addr_t *addr;                  /**< Supplicant EUI-64, Relay IP address, Relay port */
     kmp_list_t kmp_list;               /**< Ongoing KMP negotations */
+    kmp_addr_t *addr;                  /**< Supplicant EUI-64, Relay IP address, Relay port */
     kmp_sec_keys_t *sec_keys;          /**< Supplicant security keys */
     ns_list_link_t link;
 } supp_entry_t;
 
 typedef NS_LIST_HEAD(supp_entry_t, link) supp_list_t;
 
 typedef struct {
+    kmp_service_t *kmp_service;                              /**< KMP service */
     protocol_interface_info_entry_t *interface_ptr;          /**< Interface pointer */
     supp_list_t supp_list;                                   /**< List of supplicants */
 } pae_auth_data_t;
@@ -56,7 +62,7 @@ static supp_entry_t *ws_pae_auth_supp_list_add(supp_list_t *supp_list, const kmp
 //static int8_t ws_pae_auth_supp_list_remove(supp_list_t *supp_list, supp_entry_t *supp);
 static supp_entry_t *ws_pae_auth_supp_list_entry_eui_64_get(const supp_list_t *supp_list, const uint8_t *eui_64);
 
-static kmp_api_t *ws_pae_auth_kmp_incoming_ind(kmp_type_e type, const kmp_addr_t *addr);
+static kmp_api_t *ws_pae_auth_kmp_incoming_ind(kmp_service_t *service, kmp_type_e type, const kmp_addr_t *addr);
 
 static void ws_pae_auth_kmp_api_create_confirm(kmp_api_t *kmp, kmp_result_e result);
 static void ws_pae_auth_kmp_api_create_indication(kmp_api_t *kmp, kmp_type_e type, kmp_addr_t *addr);
@@ -115,21 +121,54 @@ static supp_entry_t *ws_pae_auth_supp_list_entry_eui_64_get(const supp_list_t *s
     return 0;
 }
 
-void ws_pae_auth_init(protocol_interface_info_entry_t *interface_ptr)
+int8_t ws_pae_auth_init(protocol_interface_info_entry_t *interface_ptr)
 {
     if (!auth_data) {
         auth_data = ns_dyn_mem_alloc(sizeof(pae_auth_data_t));
+        if (!auth_data) {
+            return -1;
+        }
     }
     auth_data->interface_ptr = interface_ptr;
     ws_pae_auth_supp_list_init(&auth_data->supp_list);
 
-    kmp_socket_if_init(interface_ptr);
+    if (kmp_service_init() < 0) {
+        return -1;
+    }
+
+    auth_data->kmp_service = kmp_service_create(interface_ptr);
+    if (!auth_data->kmp_service) {
+        return -1;
+    }
+
+    if (kmp_service_cb_register(auth_data->kmp_service, ws_pae_auth_kmp_incoming_ind)) {
+        return -1;
+    }
+
+    if (kmp_socket_if_register(auth_data->kmp_service, interface_ptr) < 0) {
+        return -1;
+    }
+
+    if (key_sec_prot_register(auth_data->kmp_service) < 0) {
+        return -1;
+    }
+
+    if (eap_tls_sec_prot_register(auth_data->kmp_service) < 0) {
+        return -1;
+    }
+
+    if (fwh_sec_prot_register(auth_data->kmp_service) < 0) {
+        return -1;
+    }
+
+    if (gkh_sec_prot_register(auth_data->kmp_service) < 0) {
+        return -1;
+    }
 
-    kmp_service_init(interface_ptr, 27);
-    kmp_service_cb_register(ws_pae_auth_kmp_incoming_ind, kmp_socket_if_send);
+    return 0;
 }
 
-static kmp_api_t *ws_pae_auth_kmp_incoming_ind(kmp_type_e type, const kmp_addr_t *addr)
+static kmp_api_t *ws_pae_auth_kmp_incoming_ind(kmp_service_t *service, kmp_type_e type, const kmp_addr_t *addr)
 {
     // Find supplicant
     supp_entry_t *supp = ws_pae_auth_supp_list_entry_eui_64_get(&auth_data->supp_list, kmp_address_eui_64_get(addr));
@@ -142,16 +181,16 @@ static kmp_api_t *ws_pae_auth_kmp_incoming_ind(kmp_type_e type, const kmp_addr_t
         }
     }
 
-    // Get kmp for supplicant
+    // Get KMP for supplicant
     kmp_api_t *kmp = ws_pae_lib_kmp_list_type_get(&supp->kmp_list, type);
     if (kmp) {
         return kmp;
     }
 
     // For further study: make needed validations here
 
-    // Create a new kmp for initial eapol-key
-    kmp = kmp_api_create(type + IEEE_802_1X_INITIAL_KEY);
+    // Create a new KMP for initial eapol-key
+    kmp = kmp_api_create(service, type + IEEE_802_1X_INITIAL_KEY);
     kmp_api_data_set(kmp, supp);
 
     if (!kmp) {
@@ -199,22 +238,28 @@ static void ws_pae_auth_kmp_api_finished_indication(kmp_api_t *kmp, kmp_result_e
     // Gets type
     kmp_type_e type = kmp_api_type_get(kmp);
 
-    if (type < IEEE_802_1X_INITIAL_KEY) {
-        // For now, just stop for MKA, 4WH and GTK
+    if (type > IEEE_802_1X_INITIAL_KEY) {
+        // For EAPOL-key, start EAP-TLS towards supplicant
+        type = IEEE_802_1X_MKA;
+    } else if (type == IEEE_802_1X_MKA) {
+        // After EAP-TLS start 4WH towards supplicant
+        type = IEEE_802_11_4WH;
+    } else if (type == IEEE_802_11_4WH) {
+        // After 4WH start GKH towards supplicant
+        type = IEEE_802_11_GKH;
+    } else if (type == IEEE_802_11_GKH) {
+        // After GKH end
         return;
     }
 
-    // For eapol-key, start 4WH towards supplicant
-    type = IEEE_802_11_4WH;
-
     supp_entry_t *supp = kmp_api_data_get(kmp);
     if (!supp) {
         // Should not be possible
         return;
     }
 
-    // Create kmp instance for 4WH authentication
-    kmp_api_t *new_kmp = kmp_api_create(type);
+    // Create KMP instance for new authentication
+    kmp_api_t *new_kmp = kmp_api_create(auth_data->kmp_service, type);
     kmp_api_data_set(new_kmp, supp);
 
     if (!new_kmp) {
@@ -243,7 +288,7 @@ static void ws_pae_auth_kmp_api_finished(kmp_api_t *kmp)
         return;
     }
 
-    // Delete kmp
+    // Delete KMP
     ws_pae_lib_kmp_list_delete(&supp->kmp_list, kmp);
 }
 

source/6LoWPAN/ws/ws_pae_auth.h

@@ -18,6 +18,6 @@
 #ifndef WS_PAE_AUTH_H_
 #define WS_PAE_AUTH_H_
 
-void ws_pae_auth_init(protocol_interface_info_entry_t *interface_ptr);
+int8_t ws_pae_auth_init(protocol_interface_info_entry_t *interface_ptr);
 
 #endif /* WS_PAE_AUTH_H_ */