Border Router RADIUS client basic authentication functionality (ARMmbed#2406)

* Border Router RADIUS client basic authentication functionality

Basic RADIUS authentication functionality.

Author: Mika Leppänen

nanostack/ws_bbr_api.h

@@ -355,4 +355,39 @@ int ws_bbr_key_storage_memory_set(int8_t interface_id, uint8_t key_storages_numb
  */
 int ws_bbr_key_storage_settings_set(int8_t interface_id, uint8_t alloc_max_number, uint16_t alloc_size, uint16_t storing_interval);
 
+/**
+ * ws_bbr_radius_address_set Set RADIUS server IPv6 address
+ *
+ * Function sets external RADIUS server IPv6 address to Border Router. Setting the
+ * address enables external RADIUS server interface on Border Router. To disable external
+ * RADIUS server interface, call the function with remote address set to NULL. The RADIUS
+ * shared secret must be set before address is set using ws_bbr_radius_shared_secret_set()
+ * call.
+ *
+ * \param interface_id Network interface ID.
+ * \param address Pointer to IPv6 address or NULL to disable RADIUS. Address is in binary format (16 bytes).
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int ws_bbr_radius_address_set(int8_t interface_id, const uint8_t *address);
+
+/**
+ * ws_bbr_radius_shared_secret_set set RADIUS shared secret
+ *
+ * Function sets RADIUS shared secret to Border Router. Shared secret is usually an
+ * ASCII string. Check the format and length constraints for the shared secret from
+ * the documentation of RADIUS server you are connecting to.
+ *
+ * \param interface_id Network interface ID.
+ * \param shared_secret_len The length of the shared secret in bytes. Maximum length is 255 bytes.
+ * \param shared_secret Pointer to shared secret. Can be 8-bit ASCII string or byte array. Is not NUL terminated.
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int ws_bbr_radius_shared_secret_set(int8_t interface_id, const uint8_t shared_secret_len, const uint8_t *shared_secret);
+
 #endif /* WS_BBR_API_H_ */

source/6LoWPAN/ws/ws_bbr_api.c

@@ -156,6 +156,20 @@ void ws_bbr_dhcp_address_lifetime_set(protocol_interface_info_entry_t *cur, uint
     DHCPv6_server_service_set_address_validlifetime(cur->id, current_global_prefix, dhcp_address_lifetime);
 }
 
+bool ws_bbr_backbone_address_get(uint8_t *address)
+{
+    if (backbone_interface_id < 0) {
+        return false;
+    }
+
+    if (arm_net_address_get(backbone_interface_id, ADDR_IPV6_GP, address) != 0) {
+        // No global prefix available
+        return false;
+    }
+
+    return true;
+}
+
 static void ws_bbr_rpl_root_start(protocol_interface_info_entry_t *cur, uint8_t *dodag_id)
 {
     tr_info("RPL root start");
@@ -1072,3 +1086,26 @@ int ws_bbr_key_storage_settings_set(int8_t interface_id, uint8_t alloc_max_numbe
     return -1;
 #endif
 }
+
+int ws_bbr_radius_address_set(int8_t interface_id, const uint8_t *address)
+{
+#ifdef HAVE_WS_BORDER_ROUTER
+    return ws_pae_controller_radius_address_set(interface_id, address);
+#else
+    (void) interface_id;
+    (void) address;
+    return -1;
+#endif
+}
+
+int ws_bbr_radius_shared_secret_set(int8_t interface_id, const uint8_t shared_secret_len, const uint8_t *shared_secret)
+{
+#ifdef HAVE_WS_BORDER_ROUTER
+    return ws_pae_controller_radius_shared_secret_set(interface_id, shared_secret_len, shared_secret);
+#else
+    (void) interface_id;
+    (void) shared_secret_len;
+    (void) shared_secret;
+    return -1;
+#endif
+}

source/6LoWPAN/ws/ws_bbr_api_internal.h

@@ -35,6 +35,7 @@ void ws_bbr_dhcp_address_lifetime_set(protocol_interface_info_entry_t *cur, uint
 
 bool ws_bbr_ready_to_start(protocol_interface_info_entry_t *cur);
 
+bool ws_bbr_backbone_address_get(uint8_t *address);
 
 #else
 
@@ -44,6 +45,7 @@ bool ws_bbr_ready_to_start(protocol_interface_info_entry_t *cur);
 #define ws_bbr_rpl_config( cur, imin, doubling, redundancy, dag_max_rank_increase, min_hop_rank_increase)
 #define ws_bbr_dhcp_address_lifetime_set(cur, dhcp_address_lifetime)
 #define ws_bbr_ready_to_start(cur) true
+#define ws_bbr_backbone_address_get(address) 0
 
 #endif //HAVE_WS_BORDER_ROUTER
 

source/6LoWPAN/ws/ws_bootstrap.c

@@ -3030,6 +3030,18 @@ static void ws_bootstrap_pan_config(protocol_interface_info_entry_t *cur)
     ws_llc_asynch_request(cur, &async_req);
 }
 
+static int8_t ws_bootstrap_backbone_ip_addr_get(protocol_interface_info_entry_t *interface_ptr, uint8_t *address)
+{
+    (void) interface_ptr;
+    (void) address;
+
+    if (ws_bbr_backbone_address_get(address)) {
+        return 0;
+    }
+
+    return -1;
+}
+
 static void ws_bootstrap_event_handler(arm_event_s *event)
 {
     ws_bootsrap_event_type_e event_type;
@@ -3121,6 +3133,9 @@ static void ws_bootstrap_event_handler(arm_event_s *event)
                 // Set PAN ID and network name to controller
                 ws_pae_controller_nw_info_set(cur, cur->ws_info->network_pan_id, cur->ws_info->pan_information.pan_version, cur->ws_info->cfg->gen.network_name);
 
+                // Set backbone IP address get callback
+                ws_pae_controller_auth_cb_register(cur, ws_bootstrap_backbone_ip_addr_get);
+
                 // Set PAE port to 10254 and authenticator relay to 10253 (and to own ll address)
                 ws_pae_controller_authenticator_start(cur, PAE_AUTH_SOCKET_PORT, ll_addr, EAPOL_RELAY_SOCKET_PORT);