Added configuration for RADIUS retry timer (ARMmbed#2438)

* Added configuration for RADIUS retry timer

Author: Mika Leppänen

nanostack/ws_bbr_api.h

@@ -62,6 +62,18 @@ typedef struct bbr_route_info {
     uint8_t parent[8];
 } bbr_route_info_t;
 
+/**
+ * \brief Struct bbr_radius_timing_t is RADIUS timing configuration structure.
+ */
+typedef struct bbr_radius_timing {
+    /** RADIUS retry timer Imin; in 100ms units; range 1-1200; default 20 (2 seconds) */
+    uint16_t radius_retry_imin;
+    /** RADIUS retry timer Imax; in 100ms units; range 1-1200; default 30 (3 seconds) */
+    uint16_t radius_retry_imax;
+    /** RADIUS retry count; default 3 */
+    uint8_t radius_retry_count;
+} bbr_radius_timing_t;
+
 /**
  * Start backbone border router service.
  *
@@ -394,7 +406,9 @@ int ws_bbr_radius_address_get(int8_t interface_id, uint8_t *address);
  *
  * Function sets RADIUS shared secret to Border Router. Shared secret may be an
  * ASCII string. Check the format and length constraints for the shared secret from
- * the documentation of RADIUS server you are connecting to.
+ * the documentation of RADIUS server you are connecting to. Nanostack will not
+ * make copy of the shared secret, therefore address and data must remain permanently
+ * valid.
  *
  * \param interface_id Network interface ID.
  * \param shared_secret_len The length of the shared secret in bytes.
@@ -409,7 +423,7 @@ int ws_bbr_radius_shared_secret_set(int8_t interface_id, const uint16_t shared_s
 /**
  * Get RADIUS shared secret
  *
- * Function gets RADIUS shared secret to Border Router.
+ * Function gets RADIUS shared secret from Border Router.
  *
  * \param interface_id Network interface ID.
  * \param shared_secret_len On function call, is the size of the shared secret write buffer in bytes, on return is the shared secret length in bytes.
@@ -421,6 +435,48 @@ int ws_bbr_radius_shared_secret_set(int8_t interface_id, const uint16_t shared_s
  */
 int ws_bbr_radius_shared_secret_get(int8_t interface_id, uint16_t *shared_secret_len, uint8_t *shared_secret);
 
+/**
+ * Set RADIUS timing information
+ *
+ * Function sets RADIUS timing information to Border Router.
+ *
+ * \param interface_id Network interface ID.
+ * \param timing Timing information
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int ws_bbr_radius_timing_set(int8_t interface_id, bbr_radius_timing_t *timing);
+
+/**
+ * Get RADIUS timing information
+ *
+ * Function sets RADIUS timing information from Border Router.
+ *
+ * \param interface_id Network interface ID.
+ * \param timing Timing information
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int ws_bbr_radius_timing_get(int8_t interface_id, bbr_radius_timing_t *timing);
+
+/**
+ * Validate RADIUS timing information
+ *
+ * Function validates RADIUS timing information.
+ *
+ * \param interface_id Network interface ID.
+ * \param timing Timing information
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int ws_bbr_radius_timing_validate(int8_t interface_id, bbr_radius_timing_t *timing);
+
 /**
  * \brief A function to set DNS query results to border router
  *

source/6LoWPAN/ws/ws_bbr_api.c

@@ -1162,6 +1162,40 @@ int ws_bbr_radius_shared_secret_get(int8_t interface_id, uint16_t *shared_secret
     return -1;
 #endif
 }
+
+int ws_bbr_radius_timing_set(int8_t interface_id, bbr_radius_timing_t *timing)
+{
+#ifdef HAVE_WS_BORDER_ROUTER
+    return ws_pae_controller_radius_timing_set(interface_id, timing);
+#else
+    (void) interface_id;
+    (void) timing;
+    return -1;
+#endif
+}
+
+int ws_bbr_radius_timing_get(int8_t interface_id, bbr_radius_timing_t *timing)
+{
+#ifdef HAVE_WS_BORDER_ROUTER
+    return ws_pae_controller_radius_timing_get(interface_id, timing);
+#else
+    (void) interface_id;
+    (void) timing;
+    return -1;
+#endif
+}
+
+int ws_bbr_radius_timing_validate(int8_t interface_id, bbr_radius_timing_t *timing)
+{
+#ifdef HAVE_WS_BORDER_ROUTER
+    return ws_pae_controller_radius_timing_validate(interface_id, timing);
+#else
+    (void) interface_id;
+    (void) timing;
+    return -1;
+#endif
+}
+
 int ws_bbr_dns_query_result_set(int8_t interface_id, const uint8_t address[16], char *domain_name_ptr)
 {
 #ifdef HAVE_WS_BORDER_ROUTER
@@ -1188,5 +1222,3 @@ int ws_bbr_dns_query_result_set(int8_t interface_id, const uint8_t address[16],
     return -1;
 #endif
 }
-
-

source/6LoWPAN/ws/ws_config.h

@@ -266,4 +266,11 @@ extern uint8_t DEVICE_MIN_SENS;
 // How many times sending of initial EAPOL-key is retried
 #define DEFAULT_INITIAL_KEY_RETRY_COUNT                2
 
+/*
+ *  RADIUS client retry timer defaults
+ */
+#define RADIUS_CLIENT_RETRY_IMIN           20       // First retry minimum 1 seconds
+#define RADIUS_CLIENT_RETRY_IMAX           30       // First retry maximum 3 seconds
+#define RADIUS_CLIENT_TIMER_EXPIRATIONS    3        // Number of retries is three
+
 #endif /* WS_CONFIG_H_ */

source/6LoWPAN/ws/ws_pae_auth.c

@@ -980,7 +980,7 @@ static kmp_api_t *ws_pae_auth_kmp_incoming_ind(kmp_service_t *service, uint8_t m
     kmp_type_e kmp_type_to_search = type;
 
     // If radius is enabled, route EAP-TLS to radius EAP-TLS
-    if (pae_auth->sec_cfg->radius_cfg.radius_addr_set && type == IEEE_802_1X_MKA) {
+    if (pae_auth->sec_cfg->radius_cfg != NULL && pae_auth->sec_cfg->radius_cfg->radius_addr_set && type == IEEE_802_1X_MKA) {
         kmp_type_to_search = RADIUS_IEEE_802_1X_MKA;
     }
 
@@ -1150,7 +1150,7 @@ static kmp_type_e ws_pae_auth_next_protocol_get(pae_auth_t *pae_auth, supp_entry
     if (sec_keys->pmk_mismatch) {
         sec_keys->ptk_mismatch = true;
         // start EAP-TLS towards supplicant
-        if (pae_auth->sec_cfg->radius_cfg.radius_addr_set) {
+        if (pae_auth->sec_cfg->radius_cfg != NULL && pae_auth->sec_cfg->radius_cfg->radius_addr_set) {
             next_type = RADIUS_IEEE_802_1X_MKA;
         } else {
             next_type = IEEE_802_1X_MKA;