Changed initial EAPOL-key retries from trickle to exponential backup

Changed initial EAPOL-key trickle to exponential backup and adjusted the timings
according to testing.

Author: Mika Leppänen

source/6LoWPAN/ws/ws_cfg_settings.c

@@ -467,10 +467,10 @@ static void ws_cfg_network_size_config_set_small(ws_cfg_nw_size_t *cfg)
     cfg->sec_prot.sec_prot_trickle_timer_exp = SEC_PROT_TIMER_EXPIRATIONS;
     cfg->sec_prot.sec_prot_retry_timeout = SEC_PROT_RETRY_TIMEOUT_SMALL;
 
-    cfg->sec_prot.initial_key_retry_delay = DEFAULT_INITIAL_KEY_RETRY_TIMER;
-    cfg->sec_prot.initial_key_imin = SMALL_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->sec_prot.initial_key_imax = SMALL_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
-    cfg->sec_prot.initial_key_retry_cnt = DEFAULT_INITIAL_KEY_RETRY_COUNT;
+    cfg->sec_prot.initial_key_retry_min = SMALL_NW_INITIAL_KEY_RETRY_MIN_SECS;
+    cfg->sec_prot.initial_key_retry_max = SMALL_NW_INITIAL_KEY_RETRY_MAX_SECS;
+    cfg->sec_prot.initial_key_retry_max_limit = SMALL_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS;
+    cfg->sec_prot.initial_key_retry_cnt = SMALL_NW_INITIAL_KEY_RETRY_COUNT;
 
     // Multicast timing configuration
     cfg->mpl.mpl_trickle_imin = MPL_SMALL_IMIN;
@@ -510,10 +510,10 @@ static void ws_cfg_network_size_config_set_medium(ws_cfg_nw_size_t *cfg)
     cfg->sec_prot.sec_prot_trickle_timer_exp = SEC_PROT_TIMER_EXPIRATIONS;
     cfg->sec_prot.sec_prot_retry_timeout = SEC_PROT_RETRY_TIMEOUT_SMALL;
 
-    cfg->sec_prot.initial_key_retry_delay = DEFAULT_INITIAL_KEY_RETRY_TIMER;
-    cfg->sec_prot.initial_key_imin = MEDIUM_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->sec_prot.initial_key_imax = MEDIUM_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
-    cfg->sec_prot.initial_key_retry_cnt = DEFAULT_INITIAL_KEY_RETRY_COUNT;
+    cfg->sec_prot.initial_key_retry_min = MEDIUM_NW_INITIAL_KEY_RETRY_MIN_SECS;
+    cfg->sec_prot.initial_key_retry_max = MEDIUM_NW_INITIAL_KEY_RETRY_MAX_SECS;
+    cfg->sec_prot.initial_key_retry_max_limit = MEDIUM_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS;
+    cfg->sec_prot.initial_key_retry_cnt = MEDIUM_NW_INITIAL_KEY_RETRY_COUNT;
 
     // Multicast timing configuration
     cfg->mpl.mpl_trickle_imin = MPL_MEDIUM_IMIN;
@@ -552,9 +552,9 @@ static void ws_cfg_network_size_config_set_large(ws_cfg_nw_size_t *cfg)
     cfg->sec_prot.sec_prot_trickle_timer_exp = SEC_PROT_TIMER_EXPIRATIONS;
     cfg->sec_prot.sec_prot_retry_timeout = SEC_PROT_RETRY_TIMEOUT_LARGE;
 
-    cfg->sec_prot.initial_key_retry_delay = NONE_INITIAL_KEY_RETRY_TIMER;
-    cfg->sec_prot.initial_key_imin = LARGE_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->sec_prot.initial_key_imax = LARGE_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
+    cfg->sec_prot.initial_key_retry_min = LARGE_NW_INITIAL_KEY_RETRY_MIN_SECS;
+    cfg->sec_prot.initial_key_retry_max = LARGE_NW_INITIAL_KEY_RETRY_MAX_SECS;
+    cfg->sec_prot.initial_key_retry_max_limit = LARGE_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS;
     cfg->sec_prot.initial_key_retry_cnt = LARGE_NW_INITIAL_KEY_RETRY_COUNT;
 
     // Multicast timing configuration
@@ -595,9 +595,9 @@ static void ws_cfg_network_size_config_set_xlarge(ws_cfg_nw_size_t *cfg)
     cfg->sec_prot.sec_prot_trickle_timer_exp = SEC_PROT_TIMER_EXPIRATIONS;
     cfg->sec_prot.sec_prot_retry_timeout = SEC_PROT_RETRY_TIMEOUT_LARGE;
 
-    cfg->sec_prot.initial_key_retry_delay = NONE_INITIAL_KEY_RETRY_TIMER;
-    cfg->sec_prot.initial_key_imin = EXTRA_LARGE_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->sec_prot.initial_key_imax = EXTRA_LARGE_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
+    cfg->sec_prot.initial_key_retry_min = EXTRA_LARGE_NW_INITIAL_KEY_RETRY_MIN_SECS;
+    cfg->sec_prot.initial_key_retry_max = EXTRA_LARGE_NW_INITIAL_KEY_RETRY_MAX_SECS;
+    cfg->sec_prot.initial_key_retry_max_limit = EXTRA_LARGE_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS;
     cfg->sec_prot.initial_key_retry_cnt = EXTRA_LARGE_NW_INITIAL_KEY_RETRY_COUNT;
 
     // Multicast timing configuration
@@ -637,10 +637,10 @@ static void ws_cfg_network_size_config_set_certificate(ws_cfg_nw_size_t *cfg)
     cfg->sec_prot.sec_prot_trickle_timer_exp = SEC_PROT_TIMER_EXPIRATIONS;
     cfg->sec_prot.sec_prot_retry_timeout = SEC_PROT_RETRY_TIMEOUT_SMALL;
 
-    cfg->sec_prot.initial_key_retry_delay = DEFAULT_INITIAL_KEY_RETRY_TIMER;
-    cfg->sec_prot.initial_key_imin = SMALL_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->sec_prot.initial_key_imax = SMALL_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
-    cfg->sec_prot.initial_key_retry_cnt = DEFAULT_INITIAL_KEY_RETRY_COUNT;
+    cfg->sec_prot.initial_key_retry_min = SMALL_NW_INITIAL_KEY_RETRY_MIN_SECS;
+    cfg->sec_prot.initial_key_retry_max = SMALL_NW_INITIAL_KEY_RETRY_MAX_SECS;
+    cfg->sec_prot.initial_key_retry_max_limit = SMALL_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS;
+    cfg->sec_prot.initial_key_retry_cnt = SMALL_NW_INITIAL_KEY_RETRY_COUNT;
 
     // Multicast timing configuration for certification uses the LARGE values as it is the one mentioned ins specification
     cfg->mpl.mpl_trickle_imin = MPL_XLARGE_IMIN;
@@ -1241,10 +1241,10 @@ static int8_t ws_cfg_sec_prot_default_set(ws_sec_prot_cfg_t *cfg)
     cfg->sec_prot_retry_timeout = SEC_PROT_RETRY_TIMEOUT_SMALL;
     cfg->max_simult_sec_neg_tx_queue_min = MAX_SIMULTANEOUS_SECURITY_NEGOTIATIONS_TX_QUEUE_MIN;
     cfg->max_simult_sec_neg_tx_queue_max = MAX_SIMULTANEOUS_SECURITY_NEGOTIATIONS_TX_QUEUE_MAX;
-    cfg->initial_key_retry_delay = DEFAULT_INITIAL_KEY_RETRY_TIMER;
-    cfg->initial_key_imin = MEDIUM_NW_INITIAL_KEY_TRICKLE_IMIN_SECS;
-    cfg->initial_key_imax = MEDIUM_NW_INITIAL_KEY_TRICKLE_IMAX_SECS;
-    cfg->initial_key_retry_cnt = DEFAULT_INITIAL_KEY_RETRY_COUNT;
+    cfg->initial_key_retry_min = MEDIUM_NW_INITIAL_KEY_RETRY_MIN_SECS;
+    cfg->initial_key_retry_max = MEDIUM_NW_INITIAL_KEY_RETRY_MAX_SECS;
+    cfg->initial_key_retry_max_limit = MEDIUM_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS;
+    cfg->initial_key_retry_cnt = MEDIUM_NW_INITIAL_KEY_RETRY_COUNT;
 
     return CFG_SETTINGS_OK;
 }
@@ -1268,10 +1268,10 @@ int8_t ws_cfg_sec_prot_validate(ws_sec_prot_cfg_t *cfg, ws_sec_prot_cfg_t *new_c
             cfg->sec_prot_retry_timeout != new_cfg->sec_prot_retry_timeout ||
             cfg->max_simult_sec_neg_tx_queue_min != new_cfg->max_simult_sec_neg_tx_queue_min ||
             cfg->max_simult_sec_neg_tx_queue_max != new_cfg->max_simult_sec_neg_tx_queue_max ||
-            cfg->initial_key_retry_delay != new_cfg->initial_key_retry_delay ||
-            cfg->initial_key_imin != new_cfg->initial_key_retry_delay ||
-            cfg->initial_key_imax != new_cfg->initial_key_retry_delay ||
-            cfg->initial_key_retry_cnt != new_cfg->initial_key_retry_delay) {
+            cfg->initial_key_retry_min != new_cfg->initial_key_retry_min ||
+            cfg->initial_key_retry_max != new_cfg->initial_key_retry_max ||
+            cfg->initial_key_retry_max_limit != new_cfg->initial_key_retry_max_limit ||
+            cfg->initial_key_retry_cnt != new_cfg->initial_key_retry_cnt) {
 
         return CFG_SETTINGS_CHANGED;
     }

source/6LoWPAN/ws/ws_cfg_settings.h

@@ -117,10 +117,10 @@ typedef struct ws_sec_prot_cfg_s {
     uint8_t sec_prot_trickle_timer_exp;       /**< Security protocol trickle timer expirations; default 2 */
     uint16_t max_simult_sec_neg_tx_queue_min; /**< PAE authenticator max simultaneous security negotiations TX queue minimum */
     uint16_t max_simult_sec_neg_tx_queue_max; /**< PAE authenticator max simultaneous security negotiations TX queue maximum */
-    uint16_t initial_key_retry_delay;         /**< Delay before starting initial key trickle; seconds; default 120 */
-    uint16_t initial_key_imin;                /**< Initial key trickle Imin; seconds; default 360 */
-    uint16_t initial_key_imax;                /**< Initial key trickle Imax; seconds; default 720 */
-    uint8_t initial_key_retry_cnt;            /**< Number of initial key retries; default 2 */
+    uint16_t initial_key_retry_min;           /**< Initial EAPOL-Key retry exponential backoff min; seconds; default 180 */
+    uint16_t initial_key_retry_max;           /**< Initial EAPOL-Key retry exponential backoff max; seconds; default 420 */
+    uint16_t initial_key_retry_max_limit;     /**< Initial EAPOL-Key retry exponential backoff max limit; seconds; default 720 */
+    uint8_t initial_key_retry_cnt;            /**< Number of initial key retries; default 4 */
 } ws_sec_prot_cfg_t;
 
 /**

source/6LoWPAN/ws/ws_config.h

@@ -274,32 +274,51 @@ extern uint8_t DEVICE_MIN_SENS;
 
 /*
  *  Security protocol initial EAPOL-key parameters
+ *
+ * Retry time is randomized between minimum and maximum retry time: rand(min,max).
+ * For each subsequent retry the maximum retry time is doubled until the maximum
+ * limit is reached.
  */
 
-// How long the wait is before the first initial EAPOL-key retry
-#define DEFAULT_INITIAL_KEY_RETRY_TIMER                120
-#define NONE_INITIAL_KEY_RETRY_TIMER                   0
-
-// Small network Default trickle values for sending of initial EAPOL-key
-#define SMALL_NW_INITIAL_KEY_TRICKLE_IMIN_SECS         360   /* 6 to 8.3 minutes */
-#define SMALL_NW_INITIAL_KEY_TRICKLE_IMAX_SECS         500
-
-// Small network Default trickle values for sending of initial EAPOL-key
-#define MEDIUM_NW_INITIAL_KEY_TRICKLE_IMIN_SECS        360   /* 6 to 12 minutes */
-#define MEDIUM_NW_INITIAL_KEY_TRICKLE_IMAX_SECS        720
-
-// Large network trickle values for sending of initial EAPOL-key
-#define LARGE_NW_INITIAL_KEY_TRICKLE_IMIN_SECS         600   /* 10 to 20 minutes */
-#define LARGE_NW_INITIAL_KEY_TRICKLE_IMAX_SECS         1200
-#define LARGE_NW_INITIAL_KEY_RETRY_COUNT               3
-
-// Very slow network values for sending of initial EAPOL-key
-#define EXTRA_LARGE_NW_INITIAL_KEY_TRICKLE_IMIN_SECS   600   /* 10 to 20 minutes */
-#define EXTRA_LARGE_NW_INITIAL_KEY_TRICKLE_IMAX_SECS   1200
-#define EXTRA_LARGE_NW_INITIAL_KEY_RETRY_COUNT         4
-
-// How many times sending of initial EAPOL-key is retried
-#define DEFAULT_INITIAL_KEY_RETRY_COUNT                2
+/* Small network initial EAPOL-key retry exponential backoff parameters
+ *     1st backoff 3 to 7 minutes, max 7 minutes, retries 2
+ *     Minimum time for sequence is 3 + 3 = 6 minutes
+ *     Maximum time for sequence is 7 + 7 = 14 minutes
+ */
+#define SMALL_NW_INITIAL_KEY_RETRY_MIN_SECS               180     // 3
+#define SMALL_NW_INITIAL_KEY_RETRY_MAX_SECS               420     // 7
+#define SMALL_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS         420     // 7
+#define SMALL_NW_INITIAL_KEY_RETRY_COUNT                  2
+
+/* Medium network initial EAPOL-key retry exponential backoff parameters
+ *     1st backoff 3 to 7 minutes, max 12 minutes, retries 4
+ *     Minimum time for sequence is 3 + 3 + 3 + 3 = 12 minutes
+ *     Maximum time for sequence is 7 + 12 + 12 + 12 = 43 minutes
+ */
+#define MEDIUM_NW_INITIAL_KEY_RETRY_MIN_SECS              180     // 3
+#define MEDIUM_NW_INITIAL_KEY_RETRY_MAX_SECS              420     // 7
+#define MEDIUM_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS        720     // 12
+#define MEDIUM_NW_INITIAL_KEY_RETRY_COUNT                 4
+
+/* Large network initial EAPOL-key retry exponential backoff parameters
+ *     1st backoff 5 to 10 minutes, max 15 minutes, retries 4
+ *     Minimum time for sequence is 5 + 5 + 5 + 5 = 20 minutes
+ *     Maximum time for sequence is 10 + 15 + 15 + 15 = 55 minutes
+ */
+#define LARGE_NW_INITIAL_KEY_RETRY_MIN_SECS               300     // 5
+#define LARGE_NW_INITIAL_KEY_RETRY_MAX_SECS               600     // 10
+#define LARGE_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS         900     // 15
+#define LARGE_NW_INITIAL_KEY_RETRY_COUNT                  4
+
+/* Extra large network initial EAPOL-key retry exponential backoff parameters
+ *     1st backoff 5 to 10 minutes, max 20 minutes, retries 4
+ *     Minimum time for sequence is 5 + 5 + 5 + 5 = 20 minutes
+ *     Maximum time for sequence is 10 + 20 + 20 + 20 = 70 minutes
+ */
+#define EXTRA_LARGE_NW_INITIAL_KEY_RETRY_MIN_SECS         300     // 5
+#define EXTRA_LARGE_NW_INITIAL_KEY_RETRY_MAX_SECS         600     // 10
+#define EXTRA_LARGE_NW_INITIAL_KEY_RETRY_MAX_LIMIT_SECS   1200    // 20
+#define EXTRA_LARGE_NW_INITIAL_KEY_RETRY_COUNT            4
 
 /*
  *  RADIUS client retry timer defaults

source/6LoWPAN/ws/ws_pae_controller.c

@@ -721,11 +721,9 @@ int8_t ws_pae_controller_configure(protocol_interface_info_entry_t *interface_pt
         controller->sec_cfg.prot_cfg.sec_prot_trickle_params.k = 0;
         controller->sec_cfg.prot_cfg.sec_prot_trickle_params.TimerExpirations = sec_prot_cfg->sec_prot_trickle_timer_exp;
         controller->sec_cfg.prot_cfg.sec_prot_retry_timeout = sec_prot_cfg->sec_prot_retry_timeout * 10;
-        controller->sec_cfg.prot_cfg.initial_key_retry_delay = sec_prot_cfg->initial_key_retry_delay;
-        controller->sec_cfg.prot_cfg.initial_key_trickle_params.Imin = sec_prot_cfg->initial_key_imin;
-        controller->sec_cfg.prot_cfg.initial_key_trickle_params.Imax = sec_prot_cfg->initial_key_imax;
-        controller->sec_cfg.prot_cfg.initial_key_trickle_params.k = 0;
-        controller->sec_cfg.prot_cfg.initial_key_trickle_params.TimerExpirations = 2;
+        controller->sec_cfg.prot_cfg.initial_key_retry_min = sec_prot_cfg->initial_key_retry_min;
+        controller->sec_cfg.prot_cfg.initial_key_retry_max = sec_prot_cfg->initial_key_retry_max;
+        controller->sec_cfg.prot_cfg.initial_key_retry_max_limit = sec_prot_cfg->initial_key_retry_max_limit;
         controller->sec_cfg.prot_cfg.initial_key_retry_cnt = sec_prot_cfg->initial_key_retry_cnt;
     }