Corrected network name and PAN ID change on auth start

Mika Leppänen · Mika Leppänen · commit f27fe86a2447 · 2020-06-24T10:56:17.000+03:00
PAE supplicant did not detect correctly that network name or PAN ID
was changed on authentication start. This causes the supplicant to
use old keys and old BR EUI-64 during authentication, which resulted
to BR EUI-64 mismatch on 4WH.
diff --git a/source/6LoWPAN/ws/ws_pae_auth.c b/source/6LoWPAN/ws/ws_pae_auth.c
@@ -470,8 +470,10 @@ void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr)
     ws_pae_lib_supp_list_purge(&pae_auth->active_supp_list, 0, SUPPLICANT_NUMBER_TO_PURGE);
 }
 
-int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name)
+int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated)
 {
+    (void) updated;
+
     if (!interface_ptr || !network_name) {
         return -1;
     }
diff --git a/source/6LoWPAN/ws/ws_pae_auth.h b/source/6LoWPAN/ws/ws_pae_auth.h
@@ -174,12 +174,13 @@ void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr);
  * \param interface_ptr interface
  * \param pan_id PAD ID
  * \param network_name network name
+ * \param updated data has been updated
  *
  * \return < 0 failure
  * \return >= 0 success
  *
  */
-int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name);
+int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated);
 
 /**
  * ws_pae_auth_gtk_hash_set GTK hash set callback
diff --git a/source/6LoWPAN/ws/ws_pae_controller.c b/source/6LoWPAN/ws/ws_pae_controller.c
@@ -52,7 +52,7 @@ typedef int8_t ws_pae_br_addr_read(protocol_interface_info_entry_t *interface_pt
 typedef void ws_pae_gtks_updated(protocol_interface_info_entry_t *interface_ptr);
 typedef int8_t ws_pae_gtk_hash_update(protocol_interface_info_entry_t *interface_ptr, uint8_t *gtkhash);
 typedef int8_t ws_pae_nw_key_index_update(protocol_interface_info_entry_t *interface_ptr, uint8_t index);
-typedef int8_t ws_pae_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name);
+typedef int8_t ws_pae_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated);
 
 typedef struct {
     uint8_t gtk[GTK_LEN];                                            /**< GTK key */
@@ -290,20 +290,24 @@ int8_t ws_pae_controller_nw_info_set(protocol_interface_info_entry_t *interface_
         return -1;
     }
 
+    bool updated = false;
+
     // Network name has been modified
-    if (network_name && strncmp(controller->sec_keys_nw_info.network_name, network_name, 33) != 0) {
+    if (network_name && strcmp(controller->sec_keys_nw_info.network_name, network_name) != 0) {
         strncpy(controller->sec_keys_nw_info.network_name, network_name, 32);
         controller->sec_keys_nw_info.updated = true;
+        updated = true;
     }
 
     // PAN ID has been modified
     if (pan_id != 0xffff && pan_id != controller->sec_keys_nw_info.new_pan_id) {
         controller->sec_keys_nw_info.new_pan_id = pan_id;
         controller->sec_keys_nw_info.updated = true;
+        updated = true;
     }
 
     if (controller->pae_nw_info_set) {
-        controller->pae_nw_info_set(interface_ptr, pan_id, network_name);
+        controller->pae_nw_info_set(interface_ptr, pan_id, network_name, updated);
     }
 
     return 0;
@@ -803,7 +807,7 @@ int8_t ws_pae_controller_supp_init(protocol_interface_info_entry_t *interface_pt
     controller->pae_br_addr_read = ws_pae_supp_border_router_addr_read;
     controller->pae_gtk_hash_update = ws_pae_supp_gtk_hash_update;
     controller->pae_nw_key_index_update = ws_pae_supp_nw_key_index_update;
-    controller->pae_nw_info_set = NULL;
+    controller->pae_nw_info_set = ws_pae_supp_nw_info_set;
 
     ws_pae_supp_cb_register(controller->interface_ptr, controller->auth_completed, controller->auth_next_target, ws_pae_controller_nw_key_check_and_insert, ws_pae_controller_active_nw_key_set, ws_pae_controller_gtk_hash_ptr_get, ws_pae_controller_nw_info_updated_check);
 
diff --git a/source/6LoWPAN/ws/ws_pae_supp.c b/source/6LoWPAN/ws/ws_pae_supp.c
@@ -524,6 +524,31 @@ static int8_t ws_pae_supp_nw_keys_valid_check(pae_supp_t *pae_supp, uint16_t pan
     }
 }
 
+int8_t ws_pae_supp_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated)
+{
+    (void) pan_id;
+    (void) network_name;
+
+    pae_supp_t *pae_supp = ws_pae_supp_get(interface_ptr);
+    if (!pae_supp) {
+        return -1;
+    }
+
+    if (updated) {
+        tr_info("Delete old keys, new PAN ID: %i network name: %s", pan_id, network_name);
+        // Delete pair wise keys
+        sec_prot_keys_pmk_delete(&pae_supp->entry.sec_keys);
+        sec_prot_keys_ptk_delete(&pae_supp->entry.sec_keys);
+        sec_prot_keys_ptk_eui_64_delete(&pae_supp->entry.sec_keys);
+        // Delete GTKs
+        sec_prot_keys_gtks_init(pae_supp->sec_keys_nw_info->gtks);
+        sec_prot_keys_gtks_updated_set(pae_supp->sec_keys_nw_info->gtks);
+        ws_pae_supp_nvm_update(pae_supp);
+    }
+
+    return 0;
+}
+
 void ws_pae_supp_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_pae_supp_auth_completed *completed, ws_pae_supp_auth_next_target *auth_next_target, ws_pae_supp_nw_key_insert *nw_key_insert, ws_pae_supp_nw_key_index_set *nw_key_index_set, ws_pae_supp_gtk_hash_ptr_get *gtk_hash_ptr_get, ws_pae_supp_nw_info_updated *nw_info_updated)
 {
     pae_supp_t *pae_supp = ws_pae_supp_get(interface_ptr);
diff --git a/source/6LoWPAN/ws/ws_pae_supp.h b/source/6LoWPAN/ws/ws_pae_supp.h
@@ -173,6 +173,20 @@ int8_t ws_pae_supp_gtks_set(protocol_interface_info_entry_t *interface_ptr, sec_
  */
 int8_t ws_pae_supp_eapol_target_remove(protocol_interface_info_entry_t *interface_ptr);
 
+/**
+ * ws_pae_auth_nw_info_set set network information
+ *
+ * \param interface_ptr interface
+ * \param pan_id PAD ID
+ * \param network_name network name
+ * \param updated data has been updated
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_pae_supp_nw_info_set(protocol_interface_info_entry_t *interface_ptr, uint16_t pan_id, char *network_name, bool updated);
+
 /**
  * ws_pae_supp_nw_key_index_set network send key index set callback
  *

Original file line number	Diff line number	Diff line change
`@@ -470,8 +470,10 @@ void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr)`
`470`	`470`	`ws_pae_lib_supp_list_purge(&pae_auth->active_supp_list, 0, SUPPLICANT_NUMBER_TO_PURGE);`
`471`	`471`	`}`
`472`	`472`
`473`		`-int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t interface_ptr, uint16_t pan_id, char network_name)`
	`473`	`+int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t interface_ptr, uint16_t pan_id, char network_name, bool updated)`
`474`	`474`	`{`
	`475`	`+ (void) updated;`
	`476`	`+`
`475`	`477`	`if (!interface_ptr \|\| !network_name) {`
`476`	`478`	`return -1;`
`477`	`479`	`}`
Original file line number	Diff line number	Diff line change
`@@ -174,12 +174,13 @@ void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr);`
`174`	`174`	`* \param interface_ptr interface`
`175`	`175`	`* \param pan_id PAD ID`
`176`	`176`	`* \param network_name network name`
	`177`	`+ * \param updated data has been updated`
`177`	`178`	`*`
`178`	`179`	`* \return < 0 failure`
`179`	`180`	`* \return >= 0 success`
`180`	`181`	`*`
`181`	`182`	`*/`
`182`		`-int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t interface_ptr, uint16_t pan_id, char network_name);`
	`183`	`+int8_t ws_pae_auth_nw_info_set(protocol_interface_info_entry_t interface_ptr, uint16_t pan_id, char network_name, bool updated);`
`183`	`184`
`184`	`185`	`/**`
`185`	`186`	`* ws_pae_auth_gtk_hash_set GTK hash set callback`