Changed RADIUS shared secret length to 16-bit value

Added also get interface for RADIUS server IPv6 address and shared secret.
artokin · Aug 14, 2020 · fc97980 · fc97980
1 parent f827ffc
commit fc97980
Show file tree

Hide file tree

Showing 5 changed files with 136 additions and 17 deletions.
diff --git a/nanostack/ws_bbr_api.h b/nanostack/ws_bbr_api.h
@@ -322,7 +322,7 @@ int ws_bbr_pan_configuration_get(int8_t interface_id, uint16_t *pan_id);
 int ws_bbr_pan_configuration_validate(int8_t interface_id, uint16_t pan_id);
 
 /**
- * ws_bbr_key_storage_memory_set sets memory used for key storages
+ * Sets memory used for key storages
  *
  * This functions can be used to set memory used by EAPOL key storage. When memory
  * areas are set, module does not allocate memory internally from heap.
@@ -339,7 +339,7 @@ int ws_bbr_pan_configuration_validate(int8_t interface_id, uint16_t pan_id);
 int ws_bbr_key_storage_memory_set(int8_t interface_id, uint8_t key_storages_number, const uint16_t *key_storage_size, void **key_storages);
 
 /**
- * ws_bbr_key_storage_settings_set sets key storage settings
+ * Sets key storage settings
  *
  * This functions can be used to set the settings of EAPOL key storage.
  * Allocation max number and allocation size sets the settings that are used when key storage
@@ -358,7 +358,7 @@ int ws_bbr_key_storage_memory_set(int8_t interface_id, uint8_t key_storages_numb
 int ws_bbr_key_storage_settings_set(int8_t interface_id, uint8_t alloc_max_number, uint16_t alloc_size, uint16_t storing_interval);
 
 /**
- * ws_bbr_radius_address_set Set RADIUS server IPv6 address
+ * Set RADIUS server IPv6 address
  *
  * Function sets external RADIUS server IPv6 address to Border Router. Setting the
  * address enables external RADIUS server interface on Border Router. To disable external
@@ -376,20 +376,49 @@ int ws_bbr_key_storage_settings_set(int8_t interface_id, uint8_t alloc_max_numbe
 int ws_bbr_radius_address_set(int8_t interface_id, const uint8_t *address);
 
 /**
- * ws_bbr_radius_shared_secret_set set RADIUS shared secret
+ * Get RADIUS server IPv6 address
  *
- * Function sets RADIUS shared secret to Border Router. Shared secret is usually an
+ * Function gets external RADIUS server IPv6 address to Border Router.
+ *
+ * \param interface_id Network interface ID.
+ * \param address buffer where to write address, must have space at least for 39 characters and NUL terminator
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int ws_bbr_radius_address_get(int8_t interface_id, uint8_t *address);
+
+/**
+ * Set RADIUS shared secret
+ *
+ * Function sets RADIUS shared secret to Border Router. Shared secret may be an
  * ASCII string. Check the format and length constraints for the shared secret from
  * the documentation of RADIUS server you are connecting to.
  *
  * \param interface_id Network interface ID.
- * \param shared_secret_len The length of the shared secret in bytes. Maximum length is 255 bytes.
+ * \param shared_secret_len The length of the shared secret in bytes.
  * \param shared_secret Pointer to shared secret. Can be 8-bit ASCII string or byte array. Is not NUL terminated.
  *
  * \return < 0 failure
  * \return >= 0 success
  *
  */
-int ws_bbr_radius_shared_secret_set(int8_t interface_id, const uint8_t shared_secret_len, const uint8_t *shared_secret);
+int ws_bbr_radius_shared_secret_set(int8_t interface_id, const uint16_t shared_secret_len, const uint8_t *shared_secret);
+
+/**
+ * Get RADIUS shared secret
+ *
+ * Function gets RADIUS shared secret to Border Router.
+ *
+ * \param interface_id Network interface ID.
+ * \param shared_secret_len On function call, is the size of the shared secret write buffer in bytes, on return is the shared secret length in bytes.
+ * \param shared_secret Pointer to buffer where to write shared secret or NULL. At maximum, bytes set by the length parameter are written. If NULL only buffer length is returned.
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int ws_bbr_radius_shared_secret_get(int8_t interface_id, uint16_t *shared_secret_len, uint8_t *shared_secret);
 
 #endif /* WS_BBR_API_H_ */
diff --git a/source/6LoWPAN/ws/ws_bbr_api.c b/source/6LoWPAN/ws/ws_bbr_api.c
@@ -1103,7 +1103,18 @@ int ws_bbr_radius_address_set(int8_t interface_id, const uint8_t *address)
 #endif
 }
 
-int ws_bbr_radius_shared_secret_set(int8_t interface_id, const uint8_t shared_secret_len, const uint8_t *shared_secret)
+int ws_bbr_radius_address_get(int8_t interface_id, uint8_t *address)
+{
+#ifdef HAVE_WS_BORDER_ROUTER
+    return ws_pae_controller_radius_address_get(interface_id, address);
+#else
+    (void) interface_id;
+    (void) address;
+    return -1;
+#endif
+}
+
+int ws_bbr_radius_shared_secret_set(int8_t interface_id, const uint16_t shared_secret_len, const uint8_t *shared_secret)
 {
 #ifdef HAVE_WS_BORDER_ROUTER
     return ws_pae_controller_radius_shared_secret_set(interface_id, shared_secret_len, shared_secret);
@@ -1114,3 +1125,15 @@ int ws_bbr_radius_shared_secret_set(int8_t interface_id, const uint8_t shared_se
     return -1;
 #endif
 }
+
+int ws_bbr_radius_shared_secret_get(int8_t interface_id, uint16_t *shared_secret_len, uint8_t *shared_secret)
+{
+#ifdef HAVE_WS_BORDER_ROUTER
+    return ws_pae_controller_radius_shared_secret_get(interface_id, shared_secret_len, shared_secret);
+#else
+    (void) interface_id;
+    (void) shared_secret_len;
+    (void) shared_secret;
+    return -1;
+#endif
+}
diff --git a/source/6LoWPAN/ws/ws_pae_controller.c b/source/6LoWPAN/ws/ws_pae_controller.c
@@ -1171,12 +1171,12 @@ int8_t ws_pae_controller_certificate_revocation_list_remove(const arm_cert_revoc
     return ret;
 }
 
-int8_t ws_pae_controller_radius_address_set(int8_t interface_id, const uint8_t *remote_addr)
+int8_t ws_pae_controller_radius_address_set(int8_t interface_id, const uint8_t *address)
 {
     pae_controller_t *controller = ws_pae_controller_get_or_create(interface_id);
 
     // If remote address is not set, clear radius information
-    if (!remote_addr) {
+    if (!address) {
         if (pae_controller_radius_settings != NULL) {
             pae_controller_radius_settings->radius_addr_set = false;
         }
@@ -1193,7 +1193,7 @@ int8_t ws_pae_controller_radius_address_set(int8_t interface_id, const uint8_t *
         }
         memset(pae_controller_radius_settings, 0, sizeof(sec_radius_cfg_t));
     }
-    memcpy(pae_controller_radius_settings->radius_addr, remote_addr, 16);
+    memcpy(pae_controller_radius_settings->radius_addr, address, 16);
     pae_controller_radius_settings->radius_addr_set = true;
 
     if (controller) {
@@ -1206,7 +1206,23 @@ int8_t ws_pae_controller_radius_address_set(int8_t interface_id, const uint8_t *
     return 0;
 }
 
-int8_t ws_pae_controller_radius_shared_secret_set(int8_t interface_id, const uint8_t shared_secret_len, const uint8_t *shared_secret)
+int8_t ws_pae_controller_radius_address_get(int8_t interface_id, uint8_t *address)
+{
+    (void) interface_id;
+
+    if (address == NULL) {
+        return -1;
+    }
+
+    if (pae_controller_radius_settings == NULL || !pae_controller_radius_settings->radius_addr_set) {
+        return -1;
+    }
+
+    memcpy(address, pae_controller_radius_settings->radius_addr, 16);
+    return 0;
+}
+
+int8_t ws_pae_controller_radius_shared_secret_set(int8_t interface_id, const uint16_t shared_secret_len, const uint8_t *shared_secret)
 {
     pae_controller_t *controller = ws_pae_controller_get_or_create(interface_id);
 
@@ -1253,6 +1269,32 @@ int8_t ws_pae_controller_radius_shared_secret_set(int8_t interface_id, const uin
     return 0;
 }
 
+int8_t ws_pae_controller_radius_shared_secret_get(int8_t interface_id, uint16_t *shared_secret_len, uint8_t *shared_secret)
+{
+    (void) interface_id;
+
+    if (shared_secret_len == NULL) {
+        return -1;
+    }
+
+    uint16_t length = 0;
+    if (pae_controller_radius_settings != NULL) {
+        length = pae_controller_radius_settings->radius_shared_secret_len;
+        if (shared_secret != NULL) {
+            if (length > *shared_secret_len) {
+                length = *shared_secret_len;
+            }
+            if (length > 0 && pae_controller_radius_settings->radius_shared_secret != NULL) {
+                memcpy(shared_secret, pae_controller_radius_settings->radius_shared_secret, length);
+            }
+        }
+    }
+
+    *shared_secret_len = length;
+
+    return 0;
+}
+
 int8_t ws_pae_controller_border_router_addr_write(protocol_interface_info_entry_t *interface_ptr, const uint8_t *eui_64)
 {
     if (!eui_64) {

diff --git a/source/6LoWPAN/ws/ws_pae_controller.h b/source/6LoWPAN/ws/ws_pae_controller.h
@@ -236,26 +236,51 @@ int8_t ws_pae_controller_certificate_revocation_list_remove(const arm_cert_revoc
  * ws_pae_controller_radius_address_set set radius address
  *
  * \param interface_id interface identifier
- * \param remote_addr remote address
+ * \param address address
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_pae_controller_radius_address_set(int8_t interface_id, const uint8_t *address);
+
+/**
+ * ws_pae_controller_radius_address_set get radius address
+ *
+ * \param interface_id interface identifier
+ * \param address address buffer where to write address, must have space at least for 39 characters and NUL terminator
  *
  * \return < 0 failure
  * \return >= 0 success
  *
  */
-int8_t ws_pae_controller_radius_address_set(int8_t interface_id, const uint8_t *remote_addr);
+int8_t ws_pae_controller_radius_address_get(int8_t interface_id, uint8_t *address);
 
 /**
  * ws_pae_controller_radius_shared_secret_set set radius shared secret
  *
  * \param interface_id interface identifier
- * \param shared_secret_len shared secret
+ * \param shared_secret_len shared secret length
+ * \param shared_secret shared secret
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_pae_controller_radius_shared_secret_set(int8_t interface_id, const uint16_t shared_secret_len, const uint8_t *shared_secret);
+
+/**
+ * ws_pae_controller_radius_shared_secret_get get radius shared secret
+ *
+ * \param interface_id interface identifier
+ * \param shared_secret_len On call, shared secret buffer length, on return shared secret length
  * \param shared_secret shared secret
  *
  * \return < 0 failure
  * \return >= 0 success
  *
  */
-int8_t ws_pae_controller_radius_shared_secret_set(int8_t interface_id, const uint8_t shared_secret_len, const uint8_t *shared_secret);
+int8_t ws_pae_controller_radius_shared_secret_get(int8_t interface_id, uint16_t *shared_secret_len, uint8_t *shared_secret);
 
 /**
  * ws_pae_controller_nw_info_set set network information

diff --git a/source/Security/protocols/sec_prot_cfg.h b/source/Security/protocols/sec_prot_cfg.h
@@ -48,7 +48,7 @@ typedef struct sec_timer_cfg_s {
 typedef struct sec_radius_cfg_s {
     uint8_t radius_addr[16];                         /**< Radius server IPv6 address */
     uint8_t *radius_shared_secret;                   /**< Radius shared secret */
-    uint8_t radius_shared_secret_len;                /**< Radius shared secret length */
+    uint16_t radius_shared_secret_len;               /**< Radius shared secret length */
     bool radius_addr_set : 1;                        /**< Radius server address is set */
 } sec_radius_cfg_t;