summaryrefslogtreecommitdiff
path: root/cesar/bsu
diff options
context:
space:
mode:
authorYacine Belkadi2013-04-03 13:11:05 +0200
committerYacine Belkadi2013-05-23 09:07:13 +0200
commite4b7731e1827efcc1af0a721cb5415039ae6f459 (patch)
tree7fb89129008aaca5551f888a90fb10ad49f7e74c /cesar/bsu
parenta5821e5b218bb56400f0ef888a47ad9651484df2 (diff)
cesar/{bsu,cp,mac/pbproc}: change NEK management
Two slots were used to store the NEKs. One for the current NEK, the other for the next NEK. The CP could update any slot at any time, by setting the EKS to MAC_EKS_CLEAR first. One problem is that the pbproc doesn't expect someone to change a key that it is in use. If the cp sets the EKS to MAC_EKS_CLEAR for a key that is in use, may make the pbproc send data unencrypted, which is a problem. Another problem may occur during a NEK change, if the new NEK is not received via the SET_KEY_CNF. In that case, when the countdown starts, the cp sends a GET_KEY_CNF to get the new NEK. When it receives it, it puts the new key in the next slot. To identify the next slot the cp uses bsu_nek_index_next(). This is not reliable around a NEK change: - the cp receives the new NEK - the cp starts setting the new NEK - the cp is suspended - the bsu changes nek_switch - the cp is resumed and calls bsu_nek_index_next() which returns the index of the current NEK instead of the next NEK - the cp writes the new NEK in the current slot instead of the next slot - the pbproc may send packets unencrypted - the NEK change occurs - the new NEK is used in Rx (because the new NEK is in one of the two slots) but not in Tx (because it's not the in the current slot) To fix that, change the way the NEKs are managed: Use pointers and indirection to be able to atomically change a NEK transparently from the pbproc's point of view. Make the cp store the NEKs and set the current NEK, but let the bsu grab the next NEK if it's available.
Diffstat (limited to 'cesar/bsu')
-rw-r--r--cesar/bsu/bsu.h36
-rw-r--r--cesar/bsu/src/bsu.c128
-rw-r--r--cesar/bsu/stub/src/bsu.c30
-rw-r--r--cesar/bsu/test/utest/src/bsut.c338
-rw-r--r--cesar/bsu/test/utest/src/tests.c1
5 files changed, 458 insertions, 75 deletions
diff --git a/cesar/bsu/bsu.h b/cesar/bsu/bsu.h
index 8885684e62..b67d2afb95 100644
--- a/cesar/bsu/bsu.h
+++ b/cesar/bsu/bsu.h
@@ -125,20 +125,36 @@ void
bsu_activate (bsu_t *ctx, bool status);
/**
- * Get the current NEK index.
- * \param ctx the module context.
- * \return the current NEK index.
+ * Get the current NEK.
+ * \param bsu bsu context.
+ * \return The current NEK.
+ *
+ * \note If a NEK change is about to happen (i.e. A new NEK will be used
+ * starting from the next beacon period), then there is a period of time where
+ * this function returns the next NEK instead of the current one.
+ * More exactly, if the function is called after the bsu changed the
+ * ctx->nek_switch, but before the next beacon period where the new NEK will
+ * actually be used, then the returned NEK is the next one, not the current one.
+ * As this function is called by the cp, the behavior seems acceptable.
*/
-uint
-bsu_nek_index_current (bsu_t *ctx);
+mac_nek_t *
+bsu_nek_get_current (const bsu_t *bsu);
/**
- * Get the next NEK index.
- * \param ctx the module context.
- * \return the current NEK index.
+ * Use the provided NEK as both the current and the next one.
+ * \param bsu bsu context.
+ * \param nek NEK to use.
+ */
+void
+bsu_nek_use (bsu_t *bsu, mac_nek_t *nek);
+
+/**
+ * Set the NEK to use for the upcoming NEK change.
+ * \param ctx bsu context.
+ * \param nek NEK to use.
*/
-uint
-bsu_nek_index_next (bsu_t *ctx);
+void
+bsu_nek_set_next (bsu_t *ctx, mac_nek_t *nek);
/**
* Update discover info beacon entry.
diff --git a/cesar/bsu/src/bsu.c b/cesar/bsu/src/bsu.c
index 1a0bb1273a..f5449ad3aa 100644
--- a/cesar/bsu/src/bsu.c
+++ b/cesar/bsu/src/bsu.c
@@ -688,12 +688,43 @@ bsu_handle_key_change (bsu_t *ctx)
{
dbg_assert (ctx);
bsu_avln_t *avln = ctx->sta_avln;
+ mac_nek_mgr_t *nek_mgr = &ctx->mac_config->nek_mgr;
if (avln->beacon.bmis.eks.present)
{
- if ((avln->beacon.bmis.eks.kbc == BSU_BEACON_EKS_KBC_NEK)
- && (avln->beacon.bmis.eks.kccd == 1))
- ctx->nek_switch = !ctx->nek_switch;
+ if (avln->beacon.bmis.eks.kbc == BSU_BEACON_EKS_KBC_NEK)
+ {
+ /* Do we have the new NEK? */
+ if (nek_mgr->next_nek
+ && (nek_mgr->next_nek->eks == avln->beacon.bmis.eks.new_eks))
+ {
+ /* We have it. Set it as next. */
+ mac_nek_t *old_next_nek = nek_mgr->use[!ctx->nek_switch];
+ /* No need to set it, if it's already set. */
+ if (nek_mgr->next_nek != old_next_nek)
+ {
+ nek_mgr->next_nek->in_use = true;
+ arch_reorder_barrier ();
+ nek_mgr->use[!ctx->nek_switch] = nek_mgr->next_nek;
+ arch_reorder_barrier ();
+ if (old_next_nek != nek_mgr->use[ctx->nek_switch])
+ old_next_nek->in_use = false;
+ }
+ }
+ /* else:
+ * The next NEK is not available yet. So either:
+ * - we currently have the current NEK set in the next slot too.
+ * Because that's what bsu_nek_use() does.
+ * - or, we have previously set a NEK in the next slot, but in the
+ * meantime we received an MME with an EKS different from
+ * new_eks. (Seems unlikely, but...).
+ * In both cases, there will be a NEK in the next slot, so the
+ * pbproc will find a NEK to use.
+ */
+
+ if (avln->beacon.bmis.eks.kccd == 1)
+ ctx->nek_switch = !ctx->nek_switch;
+ }
/* Prepare for next beacon period, in case we don't get the beacon. */
if (avln->beacon.bmis.eks.kccd > 1)
@@ -710,10 +741,19 @@ bsu_handle_key_change (bsu_t *ctx)
/* On the previous run of this function, we changed nek_switch.
* This means that a NEK change occured at the start of the current
* beacon period. The new NEK (if we had it) should now be in use,
- * and we can remove the old NEK. */
- ctx->mac_config->nek[!ctx->nek_switch].eks = MAC_EKS_CLEAR;
-
- ctx->prev_nek_switch = ctx->nek_switch;
+ * and we can remove the old NEK.
+ * But first: did we have the new NEK? */
+ if (nek_mgr->use[ctx->nek_switch]
+ != nek_mgr->use[!ctx->nek_switch])
+ {
+ mac_nek_t *prev_nek = nek_mgr->use[!ctx->nek_switch];
+ nek_mgr->use[!ctx->nek_switch] = nek_mgr->use[ctx->nek_switch];
+ /* Use a barrier to be sure that the NEK is not used anymore by
+ * the pbproc when we mark it as not used. */
+ arch_reorder_barrier ();
+ prev_nek->in_use = false;
+ }
+ ctx->prev_nek_switch = ctx->nek_switch;
}
}
}
@@ -898,6 +938,66 @@ bsu_timer_event_process__cco (bsu_t *ctx)
}
}
+mac_nek_t *
+bsu_nek_get_current (const bsu_t *ctx)
+{
+ dbg_assert (ctx);
+ return ctx->mac_config->nek_mgr.use[ctx->nek_switch];
+}
+
+void
+bsu_nek_set_next (bsu_t *ctx, mac_nek_t *nek)
+{
+ dbg_assert (ctx);
+ dbg_assert (nek);
+ ctx->mac_config->nek_mgr.next_nek = nek;
+}
+
+void
+bsu_nek_use (bsu_t *ctx, mac_nek_t *nek)
+{
+ dbg_assert (ctx);
+ dbg_assert (nek);
+
+ /* To start using a NEK, both the next and the current NEK slots are
+ * changed. The next NEK is changed for two reasons:
+ * - In case there is a programmed NEK change, not updating the next NEK
+ * will render the call to this function useless, because the passed NEK
+ * won't be used after the NEK change.
+ * - When using one NEK, the choice has been made to put it in both slots.
+ * This way, the pbproc easily finds the NEK in Rx.
+ */
+ mac_nek_t *old_current;
+ mac_nek_t *old_next;
+ mac_nek_mgr_t *nek_mgr = &ctx->mac_config->nek_mgr;
+
+ /* Protect ourself from the bsu running in dsr context. */
+ arch_dsr_lock ();
+
+ /* Suppose that a NEK change is about to happen on the next beacon period.
+ * Let n1 be the current NEK. n2 the next NEK. n3 the NEK passed to this
+ * function.
+ * - The current NEK slot is set to n3. So the pbproc starts using it.
+ * - New beacon period, so the pbproc starts using n2.
+ * - The next NEK slot is set to n3. So the pbproc starts using n3.
+ * So, the pbproc used n3, then n2, then n3. To prevent the temporary use of
+ * n2, the next NEK slot is updated first, then the current NEK slot.
+ */
+ old_next = nek_mgr->use[!ctx->nek_switch];
+ old_current = nek_mgr->use[ctx->nek_switch];
+ nek->in_use = true;
+ arch_reorder_barrier ();
+ nek_mgr->use[!ctx->nek_switch] = nek;
+ arch_reorder_barrier ();
+ nek_mgr->use[ctx->nek_switch] = nek;
+ arch_reorder_barrier ();
+
+ arch_dsr_unlock ();
+
+ old_next->in_use = false;
+ old_current->in_use = false;
+}
+
/**
* BSU timer expires.
* \param ud the module context.
@@ -1424,20 +1524,6 @@ bsu_activate (bsu_t *ctx, bool status)
arch_dsr_unlock ();
}
-uint
-bsu_nek_index_current (bsu_t *ctx)
-{
- dbg_assert (ctx);
- return ctx->nek_switch;
-}
-
-uint
-bsu_nek_index_next (bsu_t *ctx)
-{
- dbg_assert (ctx);
- return !ctx->nek_switch;
-}
-
void
bsu_update_discover_info (
bsu_t *ctx, bsu_beacon_bmi_discover_info_t *discover)
diff --git a/cesar/bsu/stub/src/bsu.c b/cesar/bsu/stub/src/bsu.c
index c97faf9512..4e23c1d472 100644
--- a/cesar/bsu/stub/src/bsu.c
+++ b/cesar/bsu/stub/src/bsu.c
@@ -13,22 +13,30 @@
#include "common/std.h"
#include "bsu/bsu.h"
-uint
-bsu_nek_index_current (bsu_t *ctx) __attribute ((weak));
-
-uint
-bsu_nek_index_current (bsu_t *ctx)
+ __attribute__ ((weak))
+mac_nek_t *
+bsu_nek_get_current (const bsu_t *ctx)
{
- return 0;
+ static mac_nek_t nek = {
+ .eks = 5,
+ .in_use = true,
+ .nek_enc = { 0xb4096083, 0x97608f74, 0x190e6e1a, 0x75675fc2 },
+ .nek_dec = { 0x14c2a29b, 0x390cfd4d, 0x4cd3eff6, 0x5bd0c032 }
+ };
+
+ return &nek;
}
-uint
-bsu_nek_index_next (bsu_t *ctx) __attribute__ ((weak));
+__attribute__ ((weak))
+void
+bsu_nek_set_next (bsu_t *ctx, mac_nek_t *nek)
+{
+}
-uint
-bsu_nek_index_next (bsu_t *ctx)
+__attribute__ ((weak))
+void
+bsu_nek_use (bsu_t *ctx, mac_nek_t *nek)
{
- return 1;
}
void
diff --git a/cesar/bsu/test/utest/src/bsut.c b/cesar/bsu/test/utest/src/bsut.c
index 3ca968ed4c..ffd7cff5c5 100644
--- a/cesar/bsu/test/utest/src/bsut.c
+++ b/cesar/bsu/test/utest/src/bsut.c
@@ -1004,23 +1004,52 @@ test_case_bsu_persistent_schedules_update (test_t test)
}
void
-test_case_bsu_nek_index (test_t test)
+test_case_bsu_nek_use (test_t test)
{
- test_case_begin (test, "NEK index");
+ test_case_begin (test, "NEK use");
bsu_test_t t;
bsu_test_init (&t);
- test_begin (test, "Current index")
+ test_begin (test, "Use a new NEK")
{
- bsu_test_avln_create (&t, t.bsu->sta_avln);
- test_fail_unless (bsu_nek_index_current (t.bsu) ==
- t.bsu->nek_switch);
- test_fail_unless (bsu_nek_index_next (t.bsu) ==
- !t.bsu->nek_switch);
- t.bsu->nek_switch = 1;
- test_fail_unless (bsu_nek_index_current (t.bsu) ==
- t.bsu->nek_switch);
- test_fail_unless (bsu_nek_index_next (t.bsu) ==
- !t.bsu->nek_switch);
+ t.mac_config.nek_mgr.store[0].eks = 1;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 2;
+ t.mac_config.nek_mgr.store[1].in_use = false;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = true;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[2];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[2];
+
+ bsu_nek_use (t.bsu, &t.mac_config.nek_mgr.store[1]);
+
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ }
+ test_end;
+ test_begin (test, "Use a new NEK in the middle a NEK change")
+ {
+ t.mac_config.nek_mgr.store[0].eks = 1;
+ t.mac_config.nek_mgr.store[0].in_use = true;
+ t.mac_config.nek_mgr.store[1].eks = 2;
+ t.mac_config.nek_mgr.store[1].in_use = false;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = true;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[0];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[2];
+
+ bsu_nek_use (t.bsu, &t.mac_config.nek_mgr.store[1]);
+
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
}
test_end;
bsu_test_uninit (&t);
@@ -1032,12 +1061,22 @@ test_case_bsu_handle_key_change (test_t test)
test_case_begin (test, "Handle key change");
bsu_test_t t;
bsu_test_init (&t);
+
test_begin (test, "No key bentry");
{
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = false;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[1];
t.bsu->nek_switch = 0;
t.bsu->sta_avln->beacon.bmis.eks.present = false;
t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NEK;
t.bsu->sta_avln->beacon.bmis.eks.kccd = 1;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 0;
bsu_handle_key_change (t.bsu);
@@ -1046,14 +1085,30 @@ test_case_bsu_handle_key_change (test_t test)
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kbc
== BSU_BEACON_EKS_KBC_NEK);
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kccd == 1);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == false);
}
test_end;
test_begin (test, "Key bentry:Not NEK");
{
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = false;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[1];
t.bsu->nek_switch = 0;
t.bsu->sta_avln->beacon.bmis.eks.present = true;
t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NMK;
t.bsu->sta_avln->beacon.bmis.eks.kccd = 4;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 6;
bsu_handle_key_change (t.bsu);
@@ -1062,14 +1117,60 @@ test_case_bsu_handle_key_change (test_t test)
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kbc
== BSU_BEACON_EKS_KBC_NMK);
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kccd == 3);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == false);
+ }
+ test_end;
+ test_begin (test, "Key bentry:Not NEK:KCCD == 1");
+ {
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = false;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[1];
+ t.bsu->nek_switch = 0;
+ t.bsu->sta_avln->beacon.bmis.eks.present = true;
+ t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NMK;
+ t.bsu->sta_avln->beacon.bmis.eks.kccd = 1;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 7;
+
+ bsu_handle_key_change (t.bsu);
+
+ test_fail_unless (t.bsu->nek_switch == 0);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == false);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == false);
}
test_end;
- test_begin (test, "Key bentry:NEK");
+ test_begin (test, "Key bentry:NEK:New key available");
{
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = false;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.next_nek = &t.mac_config.nek_mgr.store[2];
t.bsu->nek_switch = 0;
t.bsu->sta_avln->beacon.bmis.eks.present = true;
t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NEK;
- t.bsu->sta_avln->beacon.bmis.eks.kccd = 4;
+ t.bsu->sta_avln->beacon.bmis.eks.kccd = 2;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 7;
bsu_handle_key_change (t.bsu);
@@ -1077,59 +1178,230 @@ test_case_bsu_handle_key_change (test_t test)
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == true);
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kbc
== BSU_BEACON_EKS_KBC_NEK);
- test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kccd == 3);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kccd == 1);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[2]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == true);
}
test_end;
- test_begin (test, "Key bentry:Not NEK:KCCD == 1");
+ test_begin (test, "Key bentry:NEK:New key already set as next");
{
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = true;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[2];
+ t.mac_config.nek_mgr.next_nek = &t.mac_config.nek_mgr.store[2];
t.bsu->nek_switch = 0;
t.bsu->sta_avln->beacon.bmis.eks.present = true;
- t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NMK;
- t.bsu->sta_avln->beacon.bmis.eks.kccd = 1;
+ t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NEK;
+ t.bsu->sta_avln->beacon.bmis.eks.kccd = 2;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 7;
bsu_handle_key_change (t.bsu);
test_fail_unless (t.bsu->nek_switch == 0);
- test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == false);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == true);
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kbc
- == BSU_BEACON_EKS_KBC_NMK);
+ == BSU_BEACON_EKS_KBC_NEK);
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kccd == 1);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[2]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == true);
}
test_end;
- test_begin (test, "Key bentry:NEK:KCCD == 1");
+ test_begin (test, "Key bentry:NEK:New key not available:1");
{
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = false;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.next_nek = NULL;
t.bsu->nek_switch = 0;
t.bsu->sta_avln->beacon.bmis.eks.present = true;
t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NEK;
- t.bsu->sta_avln->beacon.bmis.eks.kccd = 1;
+ t.bsu->sta_avln->beacon.bmis.eks.kccd = 2;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 7;
bsu_handle_key_change (t.bsu);
- test_fail_unless (t.bsu->nek_switch == 1);
- test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == false);
+ test_fail_unless (t.bsu->nek_switch == 0);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == true);
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kbc
== BSU_BEACON_EKS_KBC_NEK);
test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kccd == 1);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == false);
}
test_end;
- test_begin (test, "Delete previous NEK after NEK change");
+ test_begin (test, "Key bentry:New key not available:2");
{
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = false;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.next_nek = &t.mac_config.nek_mgr.store[0];
+ t.bsu->nek_switch = 0;
+ t.bsu->sta_avln->beacon.bmis.eks.present = true;
+ t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NEK;
+ t.bsu->sta_avln->beacon.bmis.eks.kccd = 2;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 7;
+
+ bsu_handle_key_change (t.bsu);
+
+ test_fail_unless (t.bsu->nek_switch == 0);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == true);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kbc
+ == BSU_BEACON_EKS_KBC_NEK);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.kccd == 1);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == false);
+ }
+ test_end;
+ test_begin (test, "Key bentry:NEK:KCCD == 1:New key available");
+ {
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = false;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.next_nek = &t.mac_config.nek_mgr.store[2];
t.bsu->nek_switch = 0;
- t.mac_config.nek[0].eks = MAC_EKS_MIN;
- t.mac_config.nek[1].eks = MAC_EKS_MAX;
t.bsu->sta_avln->beacon.bmis.eks.present = true;
t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NEK;
t.bsu->sta_avln->beacon.bmis.eks.kccd = 1;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 7;
bsu_handle_key_change (t.bsu);
- test_fail_unless (t.mac_config.nek[0].eks == MAC_EKS_MIN);
- test_fail_unless (t.mac_config.nek[1].eks == MAC_EKS_MAX);
+ test_fail_unless (t.bsu->nek_switch == 1);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == false);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[2]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == true);
+ }
+ test_end;
+ test_begin (test, "Key bentry:NEK:KCCD == 1 and after change"
+ ":New key set");
+ {
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 7;
+ t.mac_config.nek_mgr.store[2].in_use = true;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[2];
+ t.mac_config.nek_mgr.next_nek = &t.mac_config.nek_mgr.store[2];
+ t.bsu->nek_switch = 0;
+ t.bsu->sta_avln->beacon.bmis.eks.present = true;
+ t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NEK;
+ t.bsu->sta_avln->beacon.bmis.eks.kccd = 1;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 7;
bsu_handle_key_change (t.bsu);
- test_fail_unless (t.mac_config.nek[0].eks == MAC_EKS_CLEAR);
- test_fail_unless (t.mac_config.nek[1].eks == MAC_EKS_MAX);
+ test_fail_unless (t.bsu->nek_switch == 1);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == false);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[2]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == true);
+
+ bsu_handle_key_change (t.bsu);
+
+ test_fail_unless (t.bsu->nek_switch == 1);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == false);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[2]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[2]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == true);
+ }
+ test_end;
+ test_begin (test, "Key bentry:NEK:KCCD == 1 and after change"
+ ":New key not available");
+ {
+ t.mac_config.nek_mgr.store[0].eks = 5;
+ t.mac_config.nek_mgr.store[0].in_use = false;
+ t.mac_config.nek_mgr.store[1].eks = 3;
+ t.mac_config.nek_mgr.store[1].in_use = true;
+ t.mac_config.nek_mgr.store[2].eks = 2;
+ t.mac_config.nek_mgr.store[2].in_use = false;
+ t.mac_config.nek_mgr.use[0] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.use[1] = &t.mac_config.nek_mgr.store[1];
+ t.mac_config.nek_mgr.next_nek = &t.mac_config.nek_mgr.store[2];
+ t.bsu->nek_switch = 0;
+ t.bsu->sta_avln->beacon.bmis.eks.present = true;
+ t.bsu->sta_avln->beacon.bmis.eks.kbc = BSU_BEACON_EKS_KBC_NEK;
+ t.bsu->sta_avln->beacon.bmis.eks.kccd = 1;
+ t.bsu->sta_avln->beacon.bmis.eks.new_eks = 7;
+
+ bsu_handle_key_change (t.bsu);
+
+ test_fail_unless (t.bsu->nek_switch == 1);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == false);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == false);
+
+ bsu_handle_key_change (t.bsu);
+
+ test_fail_unless (t.bsu->nek_switch == 1);
+ test_fail_unless (t.bsu->sta_avln->beacon.bmis.eks.present == false);
+ test_fail_unless (t.mac_config.nek_mgr.use[0]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.use[1]
+ == &t.mac_config.nek_mgr.store[1]);
+ test_fail_unless (t.mac_config.nek_mgr.store[0].in_use == false);
+ test_fail_unless (t.mac_config.nek_mgr.store[1].in_use == true);
+ test_fail_unless (t.mac_config.nek_mgr.store[2].in_use == false);
+
}
test_end;
bsu_test_uninit (&t);
@@ -1370,7 +1642,7 @@ test_suite_bsu (test_t t)
test_case_bsu_update_nid_snid (t);
test_case_bsu_timer_event (t);
test_case_bsu_persistent_schedules_update (t);
- test_case_bsu_nek_index (t);
+ test_case_bsu_nek_use (t);
test_case_bsu_handle_key_change (t);
test_case_bsu_discover_update (t);
test_case_bsu_add_avln_array_full (t);
diff --git a/cesar/bsu/test/utest/src/tests.c b/cesar/bsu/test/utest/src/tests.c
index 376305ba57..400f85231f 100644
--- a/cesar/bsu/test/utest/src/tests.c
+++ b/cesar/bsu/test/utest/src/tests.c
@@ -64,6 +64,7 @@ bsu_test_init (bsu_test_t *ctx)
lib_stats_init ();
bsu_test_reset_phy (&phy_test_global);
ctx->phy = &phy_test_global;
+ mac_config_init (&ctx->mac_config);
ctx->mac_config.tei = 0x0;
ctx->mac_config.sta_mac_address = 0x123456789abcull;
ctx->mac_store = mac_store_init ();