BA
/
SerialCom
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
OmniWheels
by 
Gustav Atmel
Embed:
(wiki syntax)
Show/hide line numbers
security_lib.c
00001 /* 00002 * Copyright (c) 2013-2017, Arm Limited and affiliates. 00003 * SPDX-License-Identifier: Apache-2.0 00004 * 00005 * Licensed under the Apache License, Version 2.0 (the "License"); 00006 * you may not use this file except in compliance with the License. 00007 * You may obtain a copy of the License at 00008 * 00009 * http://www.apache.org/licenses/LICENSE-2.0 00010 * 00011 * Unless required by applicable law or agreed to in writing, software 00012 * distributed under the License is distributed on an "AS IS" BASIS, 00013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00014 * See the License for the specific language governing permissions and 00015 * limitations under the License. 00016 */ 00017 #include "nsconfig.h" 00018 #include "ns_types.h" 00019 #include "ns_trace.h" 00020 #include "string.h" 00021 #include "eventOS_event.h" 00022 #include "nsdynmemLIB.h" 00023 #include "Core/include/socket.h" 00024 #include "NWK_INTERFACE/Include/protocol.h" 00025 #include "shalib.h" 00026 #include "randLIB.h" 00027 #ifdef ECC 00028 #include "libX509_V3.h" 00029 #include "ecc.h" 00030 #endif 00031 #include "Security/TLS/tls_lib.h" 00032 #include "Security/TLS/tls_ccm_crypt.h" 00033 #include "Security/Common/sec_lib.h" 00034 #include "net_nvm_api.h" 00035 #include "Security/PANA/pana_nvm.h" 00036 #include "Security/PANA/pana.h" 00037 #include "Security/PANA/eap_protocol.h" 00038 #include "Security/PANA/pana_internal_api.h" 00039 #include "common_functions.h" 00040 00041 #ifdef PANA 00042 00043 #ifndef SEC_TLS_TIMEOUT 00044 #define SEC_TLS_TIMEOUT 65000 00045 #endif 00046 00047 #define TRACE_GROUP "secl" 00048 00049 NS_LARGE NS_LIST_DEFINE(sec_suite_list, sec_suite_t, link); 00050 sec_suite_t *NS_LARGE active_ecc_sec_suite = 0; 00051 00052 static void tls_MSK_calc(sec_suite_t *suite); 00053 00054 #ifdef PANA_SERVER_API 00055 #ifdef ECC 00056 static void tls_server_hash_copy(uint8_t *ptr, tls_msg_t *tmp_msg, sec_suite_t *suite); 00057 #endif 00058 #endif 00059 00060 #ifdef ECC 00061 00062 static MPint temp_key_entry; 00063 00064 static int8_t ecc_signature_calculate_hash(tls_heap_t *theap); 00065 #endif 00066 00067 static void sec_tx_done(sec_suite_t *suite); 00068 static bool sec_suite_tls_allocate(sec_suite_t *suite); 00069 00070 00071 sec_suite_t * sec_lib_security_session_allocate(bool tls_allocate) 00072 { 00073 sec_suite_t *cur = ns_dyn_mem_alloc(sizeof(sec_suite_t)); 00074 if (cur) { 00075 00076 tls_session_t *tls_session; 00077 if (tls_allocate) { 00078 tls_session = amr_tls_session_allocate(); 00079 if (!tls_session) { 00080 ns_dyn_mem_free(cur); 00081 return NULL; 00082 } 00083 } else { 00084 tls_session = NULL; 00085 } 00086 memset(cur, 0, sizeof(sec_suite_t)); 00087 cur->tls_session = tls_session; 00088 cur->psk_key_id = -1; 00089 cur->supported_chipher_suites = SEC_DEFAULT_SUPPORTED_CHIPHER_SUITES; 00090 pana_session_base_init(&cur->pana_session); 00091 ns_list_add_to_start(&sec_suite_list, cur); 00092 } 00093 return cur; 00094 } 00095 00096 00097 void sec_lib_state_machine_lock(sec_suite_t *suite, sec_state_machine_t state) 00098 { 00099 suite->state = state; 00100 suite->timer = 0; 00101 suite->retry_counter = 0; 00102 } 00103 00104 void sec_lib_state_machine_trig(sec_suite_t *suite, sec_state_machine_t state) 00105 { 00106 suite->state = state; 00107 suite->timer = 1; 00108 suite->retry_counter = 0; 00109 00110 } 00111 00112 #ifdef ECC 00113 void tls_server_hash_copy(uint8_t *ptr, tls_msg_t *tmp_msg, sec_suite_t *suite) 00114 { 00115 #ifdef PANA_SERVER_API 00116 tls_heap_t *t_heap = suite->tls_session->tls_heap; 00117 uint16_t t_length = 39; //Base and random and seq len 00118 t_length += suite->tls_session->id_length; 00119 if (t_heap->tls_chipher_mode == CHIPHER_ECC) { 00120 t_length += 11; 00121 } else { 00122 t_length += 7; 00123 } 00124 00125 tmp_msg->len = t_length; 00126 tmp_msg->len -= 4; 00127 tmp_msg->msg_ptr = ptr + 4; 00128 tls_build_server_hello_msg(ptr, suite->tls_session); 00129 tls_handshake_copy(tmp_msg, t_heap); 00130 tr_debug("Pana server S-Hello,Cert hash"); 00131 #endif 00132 } 00133 #endif 00134 00135 #ifdef PANA_SERVER_API 00136 uint8_t tls_server_certi_hash_copy(sec_suite_t *suite) 00137 { 00138 if (suite->setups & TLS_HANSHAKE_HASH) { 00139 return 1; 00140 } else { 00141 #ifdef ECC 00142 certificate_chain_internal_t *temp; 00143 uint16_t len = 0; 00144 buffer_t *buf; 00145 tls_msg_t *tmp_msg = tls_msg_ptr_get(); 00146 tls_heap_t *t_heap = suite->tls_session->tls_heap; 00147 00148 00149 temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN); 00150 00151 if (temp) { 00152 len = tls_certificate_len(temp); 00153 00154 buf = buffer_get(len); 00155 if (buf) { 00156 uint8_t *ptr; 00157 buf->interface = suite->interface; 00158 00159 ptr = buffer_data_pointer(buf); 00160 tls_server_hash_copy(ptr, tmp_msg, suite); 00161 ptr = buffer_data_pointer(buf); 00162 tmp_msg->len = len - 4; 00163 tmp_msg->msg_ptr = ptr + 4; 00164 ptr = tls_certificate_msg_set(ptr, temp); 00165 tls_handshake_copy(tmp_msg, t_heap); 00166 suite->setups |= TLS_HANSHAKE_HASH; 00167 buffer_free(buf); 00168 return 1; 00169 00170 } 00171 } 00172 #endif 00173 } 00174 return 0; 00175 } 00176 #endif 00177 00178 #ifdef ECC 00179 uint8_t tls_certi_hash_copy(sec_suite_t *suite) 00180 { 00181 if (suite->setups & TLS_HANSHAKE_HASH) { 00182 return 1; 00183 } else { 00184 #ifdef ECC 00185 certificate_chain_internal_t *temp; 00186 uint16_t len = 0; 00187 buffer_t *buf; 00188 tls_msg_t *tmp_msg = tls_msg_ptr_get(); 00189 tls_heap_t *t_heap = suite->tls_session->tls_heap; 00190 00191 00192 temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN); 00193 00194 if (temp) { 00195 len = tls_certificate_len(temp); 00196 00197 buf = buffer_get(len); 00198 if (buf) { 00199 uint8_t *ptr; 00200 00201 buf->interface = suite->interface; 00202 ptr = buffer_data_pointer(buf); 00203 ptr = buffer_data_pointer(buf); 00204 tmp_msg->len = len - 4; 00205 tmp_msg->msg_ptr = ptr + 4; 00206 ptr = tls_certificate_msg_set(ptr, temp); 00207 tls_handshake_copy(tmp_msg, t_heap); 00208 00209 ptr = buffer_data_pointer(buf); 00210 tmp_msg->len = 66; 00211 tmp_msg->msg_ptr = ptr + 4; 00212 00213 ptr = tls_client_key_exchange_msg_set(ptr, t_heap); 00214 tls_handshake_copy(tmp_msg, t_heap); 00215 00216 suite->setups |= TLS_HANSHAKE_HASH; 00217 buffer_free(buf); 00218 return 1; 00219 00220 } 00221 } 00222 #endif 00223 } 00224 return 0; 00225 } 00226 #endif 00227 00228 static void tls_MSK_calc(sec_suite_t *suite) 00229 { 00230 uint8_t *ptr; 00231 tls_heap_t *theap = 0; 00232 pana_heap_t *pheap = 0; 00233 prf_sec_param_t *prf_ptr = shalib_prf_param_get(); 00234 theap = suite->tls_session->tls_heap; 00235 pheap = suite->pana_session.pana_heap; 00236 //tr_debug("CAL MSK:"); 00237 prf_ptr->secret = suite->tls_session->master_secret; 00238 prf_ptr->sec_len = 48; 00239 prf_ptr->label = "client EAP encryption"; 00240 prf_ptr->seed = theap->temp_buf; 00241 ptr = theap->temp_buf; 00242 memcpy(ptr, (theap->tls_hello_random + CLIENT_HELLO_PTR) , 32); 00243 ptr += 32; 00244 memcpy(ptr, (theap->tls_hello_random + SERVER_HELLO_PTR) , 32); 00245 prf_ptr->seedlen = 64; 00246 shalib_prf_calc(pheap->MSK, 16); 00247 } 00248 00249 #ifdef PANA_SERVER_API 00250 static int tls_check_client_change_chiphersuite(uint8_t *verfify, sec_suite_t *suite) 00251 { 00252 tls_heap_t *tls_heap = suite->tls_session->tls_heap; 00253 int ret_val = -1; 00254 if (tls_heap == NULL) { 00255 tr_warn("TLS Heap fail 1"); 00256 return -1; 00257 } 00258 00259 if (tls_heap->client_verify_buf == NULL) { 00260 tr_warn("TLS Heap verfify ptr fail 1"); 00261 return -1; 00262 } 00263 00264 if (tls_ccm_data_decrypt(tls_heap->client_verify_buf, tls_heap->client_verify_buf_len, suite->tls_session->key_expansion, TLS_HANDSHAKE, false) != 0) { 00265 tr_warn("AUTH Mic Fail"); 00266 goto end_process; 00267 } 00268 00269 uint8_t *ptr = tls_heap->client_verify_buf + 8; 00270 00271 if (ptr[0] == TLS_FINISHED && common_read_24_bit(ptr + 1) == 12) { 00272 ptr += 4; 00273 if (memcmp(verfify, ptr, 12) == 0) { 00274 //tr_debug("Client verify OK"); 00275 ret_val = 0; 00276 tls_finnish_copy(ptr, tls_heap); 00277 tls_hanshake_hash_cal(tls_heap); 00278 sec_lib_state_machine_lock(suite, PRF_CALC2); 00279 tls_verify_calc(tls_heap->verify, 1, tls_heap, suite->tls_session->master_secret); 00280 sec_lib_state_machine_trig(suite,TLS_KEY_CHANGE); 00281 00282 } else { 00283 tr_warn("Verify Mismatch: %s != %s", trace_array(ptr, 12), trace_array(verfify, 12)); 00284 } 00285 } else { 00286 tr_debug("No Chiphertext"); 00287 } 00288 00289 end_process: 00290 //tr_debug("Free"); 00291 if (tls_heap->client_verify_buf) { 00292 ns_dyn_mem_free(tls_heap->client_verify_buf); 00293 tls_heap->client_verify_buf = NULL; 00294 } 00295 00296 return ret_val; 00297 } 00298 #endif 00299 #ifdef ECC 00300 00301 void sec_ecc_state_free(sec_suite_t *suite) 00302 { 00303 if (active_ecc_sec_suite) { 00304 tr_debug("Active ECC"); 00305 if (suite == active_ecc_sec_suite) { 00306 tr_debug("Stop ECC"); 00307 ecc_free_memory(); 00308 active_ecc_sec_suite = NULL; 00309 } 00310 } 00311 } 00312 00313 00314 void sec_ecc_state_save(sec_suite_t *suite) 00315 { 00316 if (active_ecc_sec_suite == 0 && suite) { 00317 active_ecc_sec_suite = suite; 00318 //Send ECC event callback 00319 00320 arm_event_s event = { 00321 .receiver = protocol_read_tasklet_id(), 00322 .sender = 0, 00323 .event_type = ARM_IN_SECURITY_ECC_CALLER, 00324 .data_ptr = NULL, 00325 .priority = ARM_LIB_LOW_PRIORITY_EVENT, 00326 }; 00327 if (eventOS_event_send(&event) != 0) { 00328 tr_error("sec_ecc_state_save(): event send failed"); 00329 } 00330 } 00331 } 00332 00333 00334 uint8_t tls_certificate_build(sec_suite_t *suite) 00335 { 00336 buffer_t *buf; 00337 certificate_chain_internal_t *temp; 00338 uint16_t len = 0; 00339 00340 temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN); 00341 00342 if (temp) { 00343 00344 len = tls_certificate_len(temp); 00345 len += 50; //TLS/EAP/PANA/TCP /IP 00346 00347 //Client Key Exchange 70, Certiverify max 80, Finnish 43 00348 len += (70 + 80 + 43); 00349 buf = buffer_get(len); //(690); 00350 00351 if (buf) { 00352 uint8_t *ptr; 00353 tls_msg_t *tmp_msg = tls_msg_ptr_get(); 00354 buf->interface = suite->interface; 00355 ptr = buffer_data_pointer(buf); 00356 //Leave Space for Tls Handshake Header 00357 ptr += 5; 00358 /* Set Certificate */ 00359 ptr = tls_certificate_msg_set(ptr, temp); 00360 /* Client Key Exchange */ 00361 ptr = tls_client_key_exchange_msg_set(ptr, suite->tls_session->tls_heap); 00362 00363 /* Certificate Verify */ 00364 if ((suite->setups & TLS_HANSHAKE_HASH) == 0) { 00365 uint8_t *ptr_2; 00366 ptr_2 = ptr; 00367 ptr_2 += 4; 00368 00369 tmp_msg->msg_ptr = ptr_2; 00370 ptr = tls_certificate_verify_msg_set(ptr, suite->tls_session->tls_heap); 00371 tr_debug("Set Cert Ver"); 00372 tmp_msg->len = ptr - ptr_2; 00373 tls_handshake_copy(tmp_msg, suite->tls_session->tls_heap); 00374 sec_prf_state_set(suite); 00375 00376 } else { 00377 ptr = tls_certificate_verify_msg_set(ptr, suite->tls_session->tls_heap); 00378 } 00379 00380 buffer_data_end_set(buf, ptr); 00381 00382 tls_header_set(buf); 00383 ptr = buffer_data_end(buf); 00384 if ((suite->setups & TLS_HANSHAKE_HASH) == 0) { 00385 uint8_t *ptr_2; 00386 ptr_2 = ptr; 00387 ptr_2 += 9; 00388 tmp_msg->msg_ptr = ptr; 00389 ptr = tls_build_change_chipher_suite_finnish_msg(ptr, suite->tls_session); 00390 tmp_msg->len = ptr - ptr_2; 00391 tls_handshake_copy(tmp_msg, suite->tls_session->tls_heap); 00392 suite->setups |= TLS_HANSHAKE_HASH; 00393 } else { 00394 ptr = tls_build_change_chipher_suite_finnish_msg(ptr, suite->tls_session); 00395 } 00396 buf->buf_end = ptr - buf->buf ; 00397 00398 tr_debug("TX Cer"); 00399 pana_eap_down(buf, suite); 00400 return 1; 00401 } 00402 } 00403 return 0; 00404 } 00405 #endif 00406 00407 #ifdef ECC 00408 void sec_ecc_sceduler(void) 00409 { 00410 if (ecc_run() != ECC_STATUS_IDLE) { 00411 arm_event_s event = { 00412 .receiver = protocol_read_tasklet_id(), 00413 .sender = 0, 00414 .event_type = ARM_IN_SECURITY_ECC_CALLER, 00415 .data_ptr = NULL, 00416 .priority = ARM_LIB_LOW_PRIORITY_EVENT, 00417 }; 00418 if (eventOS_event_send(&event) != 0) { 00419 tr_error("sec_ecc_sceduler(): event send failed"); 00420 } 00421 } 00422 } 00423 #ifdef PANA_SERVER_API 00424 uint8_t tls_pana_server_exchange_build(sec_suite_t *suite) 00425 { 00426 certificate_chain_internal_t *temp; 00427 buffer_t *buf; 00428 tls_heap_t *t_heap = suite->tls_session->tls_heap; 00429 uint16_t len = 39; 00430 00431 temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN); 00432 00433 if (temp) { 00434 len += suite->tls_session->id_length; 00435 if (t_heap->tls_chipher_mode == CHIPHER_ECC) { 00436 len += 11; 00437 } else { 00438 len += 7; 00439 } 00440 00441 len += tls_certificate_len(temp); //Certi Len 00442 len += 240; //server key exchange 00443 len += 16; //Cert REQ & Hello Done 00444 00445 buf = buffer_get(len); 00446 if (buf) { 00447 uint8_t *ptr, *t_ptr; 00448 tls_msg_t *tmp_msg = tls_msg_ptr_get(); 00449 buf->interface = suite->interface; 00450 ptr = buffer_data_pointer(buf); 00451 ptr += 5; 00452 00453 //Server Hello build 00454 ptr = tls_build_server_hello_msg(ptr, suite->tls_session); 00455 // Certificate(s) 00456 ptr = tls_certificate_msg_set(ptr, temp); 00457 //Server Key Exchange 00458 tmp_msg->msg_ptr = ptr + 4; 00459 t_ptr = ptr; 00460 ptr = tls_server_key_excahnge_msg_build(ptr, t_heap); 00461 tmp_msg->len = ptr - t_ptr; 00462 tmp_msg->len -= 4; 00463 if ((suite->setups & TLS_HANSHAKE_HASH) == 0) { 00464 tls_handshake_copy(tmp_msg, t_heap); 00465 } 00466 //Cert Req 00467 *ptr++ = TLS_CERTIFICATE_REQUEST; 00468 ptr = common_write_24_bit(8, ptr); 00469 00470 tmp_msg->msg_ptr = ptr; 00471 *ptr++ = 1; //Type Count 00472 *ptr++ = TLS_CERT_TYPE_ECDSA; 00473 ptr = common_write_16_bit(2, ptr); //length 00474 ptr = common_write_16_bit(TLS_SIG_HASH_ALG_SHA256_ECDSA, ptr); //SET ALGORYTH 00475 ptr = common_write_16_bit(0, ptr); 00476 00477 00478 tmp_msg->len = 8; 00479 if ((suite->setups & TLS_HANSHAKE_HASH) == 0) { 00480 tls_handshake_copy(tmp_msg, t_heap); 00481 } 00482 00483 00484 //Server Hello Done 00485 *ptr++ = TLS_SERVER_HELLO_DONE; 00486 ptr = common_write_24_bit(0, ptr); 00487 tmp_msg->msg_ptr = ptr; 00488 tmp_msg->len = 0; 00489 if ((suite->setups & TLS_HANSHAKE_HASH) == 0) { 00490 tls_handshake_copy(tmp_msg, t_heap); 00491 suite->setups |= TLS_HANSHAKE_HASH; 00492 } 00493 buffer_data_end_set(buf, ptr); 00494 tls_header_set(buf); 00495 pana_eap_down(buf, suite); 00496 return 1; 00497 } 00498 } 00499 00500 return 0; 00501 } 00502 #endif 00503 00504 static int8_t ecc_signature_calculate_hash(tls_heap_t *theap) 00505 { 00506 tr_debug("sign hash:"); 00507 if (theap->ecc_heap) { 00508 //tr_debug("Allocate SIG"); 00509 if (theap->ecc_heap->sgnt == 0) { 00510 theap->ecc_heap->sgnt = ecc_get_ecdsa_signature(); 00511 } 00512 00513 if (!theap->ecc_heap->sgnt) { 00514 tr_warn("Signature Allocate Fail"); 00515 return -1; 00516 } 00517 } else { 00518 tr_warn("Signature Allocate Fail"); 00519 return -1; 00520 } 00521 tls_ecc_server_key_signature_hash(theap); 00522 tr_debug(" done"); 00523 return 0; 00524 00525 } 00526 #endif 00527 void sec_libray_init(void) 00528 { 00529 #ifdef ECC 00530 ecc_init(); 00531 #endif 00532 } 00533 00534 00535 static bool sec_suite_tls_allocate(sec_suite_t *suite) 00536 { 00537 tls_heap_t *tls_heap; 00538 tls_heap = tls_heap_allocate(); 00539 if (!tls_heap) { 00540 return false; 00541 } 00542 00543 suite->tls_session->tls_heap = tls_heap; 00544 if (suite->setups & TLS_SERVER_MODE) { 00545 if (suite->tls_session->id_length == 0) { 00546 tls_session_id_genrate(suite->tls_session->tls_session_id, 4); 00547 suite->tls_session->id_length = 4; 00548 } 00549 memset(suite->tls_session->tls_nonce_explit, 0, 8); 00550 } 00551 return true; 00552 } 00553 00554 static bool sec_suite_pana_allocate_dynamic_ram(sec_suite_t *suite) 00555 { 00556 ns_dyn_mem_free(suite->pana_session.pana_heap); 00557 suite->pana_session.pana_heap = pana_heap_structure_allocate(); 00558 if (!suite->pana_session.pana_heap) { 00559 return false; 00560 } 00561 return true; 00562 } 00563 00564 00565 int sec_pana_protocol_init(sec_suite_t *suite) 00566 { 00567 if (suite->tls_session == NULL) { 00568 suite->tls_session = amr_tls_session_allocate(); 00569 } 00570 00571 if (!suite->tls_session) { 00572 sec_lib_state_machine_trig(suite, PANA_ERROR); 00573 return 0; 00574 } 00575 //Initialize current TLS session data 00576 sec_suite_tls_free(suite, false); 00577 00578 pana_session_state_init(&suite->pana_session); 00579 suite->pana_session.prf_algorythm = 0; 00580 suite->pana_session.integrity_algorythm = 0; 00581 suite->pana_session.session_id = 0; 00582 suite->pana_session.req_seq = randLIB_get_32bit(); 00583 suite->pana_session.res_seq = 0; 00584 00585 //Free pana heap and init eap fragmentation 00586 pana_free_dynamic_ram(suite); 00587 00588 suite->setups &= ~TLS_HANSHAKE_HASH; 00589 suite->timer = 1; 00590 if (!sec_suite_tls_allocate(suite) || !sec_suite_pana_allocate_dynamic_ram(suite)) { 00591 sec_suite_tls_free(suite, true); 00592 sec_lib_state_machine_trig(suite, PANA_ERROR); 00593 return 0; 00594 } 00595 suite->state = PANA_PCI_TX; 00596 00597 return 1; 00598 } 00599 00600 00601 void sec_suite_tls_free(sec_suite_t *suite, bool free_session) 00602 { 00603 if (suite->tls_session) { 00604 arm_tls_session_clear(suite->tls_session); 00605 if (free_session) { 00606 ns_dyn_mem_free(suite->tls_session); 00607 suite->tls_session = NULL; 00608 } 00609 } 00610 suite->setups &= ~(TLS_ECC_CERTIFICATE_REQUESTED | TLS_ECC_CERTIFICATE_RECEIVED | TLS_ECC_CERTIFICATE_VERIFY); 00611 } 00612 00613 00614 uint8_t sec_auth_re_check(sec_suite_t *suite) { 00615 if (pana_retry_check(suite->retry_counter, suite->state) == 0) { 00616 suite->retry_counter++; 00617 return 1; 00618 } else { 00619 //Init back to zero after fail 00620 suite->retry_counter = 0; 00621 } 00622 return 0; 00623 } 00624 00625 uint8_t sec_check_suite_ptrs(sec_suite_t *suite) 00626 { 00627 uint8_t ret_val = 1; 00628 if (suite->pana_session.auth_info == 0) { 00629 if (!suite->pana_session.user_server) { 00630 tr_debug("AUTH Info!"); 00631 ret_val = 0; 00632 } 00633 } 00634 if (suite->tls_session) { 00635 if (suite->tls_session->tls_heap == 0) { 00636 tr_debug("TLS Heap!"); 00637 ret_val = 0; 00638 } 00639 } else { 00640 if (suite->state != PANA_PING_REQ) { 00641 ret_val = 0; 00642 tr_debug("No TLS session allocated"); 00643 } 00644 } 00645 return ret_val; 00646 00647 } 00648 00649 00650 00651 void sec_timer_handle(void) 00652 { 00653 ns_list_foreach_safe(sec_suite_t, cur, &sec_suite_list) { 00654 uint8_t remove_cur = 0; 00655 if (cur->timer && --cur->timer == 0) { 00656 pana_common_state_machine(cur); 00657 if ((cur->state == PANA_ERROR) && (cur->timer == 0)) { 00658 if (cur->setups & TLS_SERVER_MODE) { 00659 remove_cur = 1; 00660 } 00661 } 00662 } 00663 if (remove_cur) { 00664 tr_debug("Remove Session"); 00665 sec_suite_remove(cur); 00666 } 00667 } 00668 //Here Possible to set 1 Second delay 00669 pana_key_update_delay_timer(); 00670 } 00671 00672 void sec_suite_list_clean(void) 00673 { 00674 ns_list_foreach_safe(sec_suite_t, cur, &sec_suite_list) { 00675 sec_suite_remove(cur); 00676 } 00677 00678 } 00679 00680 sec_suite_t *sec_suite_verify(sec_suite_t *session) 00681 { 00682 ns_list_foreach(sec_suite_t, cur, &sec_suite_list) { 00683 if (cur == session) { 00684 return cur; 00685 } 00686 } 00687 return NULL; 00688 } 00689 00690 sec_suite_t *sec_suite_selected_py_pan_id(uint16_t pan_id) 00691 { 00692 ns_list_foreach(sec_suite_t, cur, &sec_suite_list) { 00693 if (cur->pan_id == pan_id) { 00694 return cur; 00695 } 00696 } 00697 return NULL; 00698 } 00699 00700 sec_suite_t *sec_suite_selected_pana_session(uint32_t session_id) 00701 { 00702 ns_list_foreach(sec_suite_t, cur, &sec_suite_list) { 00703 if (cur->pana_session.session_id == session_id) { 00704 return cur; 00705 } 00706 } 00707 return NULL; 00708 } 00709 00710 sec_suite_t *sec_suite_selected_address(const uint8_t address[static 16]) 00711 { 00712 ns_list_foreach(sec_suite_t, cur, &sec_suite_list) { 00713 if (memcmp(cur->session_address, address, 16) == 0) { 00714 return cur; 00715 } 00716 } 00717 return NULL; 00718 } 00719 00720 uint16_t sec_pana_key_update_trig(uint16_t th_time) 00721 { 00722 uint32_t trig_interval = 1; 00723 uint16_t counter = 0; 00724 uint32_t threshold_change; 00725 //Convert seconds to 100ms ticks 00726 threshold_change = (th_time * 10); 00727 ns_list_foreach(sec_suite_t, cur, &sec_suite_list) { 00728 if (cur->pana_session.session_ready) { 00729 if ((cur->pana_session.address_status & 3) == 0) { // 00730 tr_debug("Trig Key Update"); 00731 cur->timer = trig_interval; 00732 trig_interval += threshold_change; 00733 cur->state = PANA_KEY_UPDATE; 00734 cur->retry_counter = 0; 00735 tr_debug("NVM SEQ Update by Key Push"); 00736 pana_session_nvm_udate(cur, PANA_SERVER_CLIENT_SESSION_UPDATE); 00737 //Clear Current value 00738 cur->retry_counter = 0; 00739 counter++; 00740 } 00741 } 00742 } 00743 return counter; 00744 } 00745 00746 int8_t sec_suite_remove(sec_suite_t *cur) { 00747 if (!cur) { 00748 return -1; 00749 } 00750 00751 pana_free_dynamic_ram(cur); 00752 00753 sec_suite_tls_free(cur, true); 00754 #ifdef ECC 00755 sec_ecc_state_free(cur); 00756 #endif 00757 ns_list_remove(&sec_suite_list, cur); 00758 ns_dyn_mem_free(cur); 00759 return 0; 00760 } 00761 00762 sec_suite_t *sec_suite_create(void) 00763 { 00764 sec_suite_t *cur = sec_lib_security_session_allocate(true); 00765 if (!cur) { 00766 return NULL; 00767 } 00768 tls_heap_t *t_heap = tls_heap_allocate(); 00769 pana_heap_t *p_heap = pana_heap_structure_allocate(); 00770 00771 if (!t_heap || !p_heap ) { 00772 ns_list_remove(&sec_suite_list, cur); 00773 ns_dyn_mem_free(t_heap); 00774 ns_dyn_mem_free(t_heap); 00775 ns_dyn_mem_free(p_heap); 00776 ns_dyn_mem_free(cur); 00777 return NULL; 00778 } 00779 00780 cur->tls_session->tls_heap = t_heap; 00781 cur->pana_session.pana_heap = p_heap; 00782 return cur; 00783 } 00784 00785 00786 00787 void sec_prf_state_set(sec_suite_t *suite) 00788 { 00789 if (suite->tls_session) { 00790 tls_heap_t *tls_heap = suite->tls_session->tls_heap; 00791 sec_lib_state_machine_lock(suite, PRF_CALC); 00792 tls_master_key_cal(tls_heap, suite); 00793 tls_key_expansion_cal(tls_heap, suite->tls_session->key_expansion, suite->tls_session->master_secret); 00794 tls_MSK_calc(suite); 00795 tls_hanshake_hash_cal(tls_heap); 00796 00797 if (suite->setups & TLS_SERVER_MODE) { 00798 #ifdef PANA_SERVER_API 00799 tls_verify_calc(tls_heap->verify, 0, tls_heap, suite->tls_session->master_secret); 00800 if (tls_check_client_change_chiphersuite(tls_heap->verify, suite) != 0) { 00801 sec_lib_state_machine_trig(suite,TLS_ALERT_DECRYPT); 00802 } 00803 #endif 00804 } else { 00805 tls_verify_calc(tls_heap->verify, 0, tls_heap, suite->tls_session->master_secret); 00806 if (tls_heap->tls_chipher_mode != CHIPHER_ECC) { 00807 sec_lib_state_machine_trig(suite,TLS_KEY_CHANGE); 00808 } else { 00809 tls_prepare_change_chipher_spec(suite); 00810 } 00811 } 00812 } 00813 } 00814 #ifdef ECC 00815 static void tls_key_set_elliptic_point(EllipticPoint *ellicpt_ptr, uint8_t *keyPtr) 00816 { 00817 tls_ecc_point_reverse_order((uint8_t *)ellicpt_ptr->x.data, keyPtr); 00818 tls_ecc_point_reverse_order((uint8_t *)ellicpt_ptr->y.data, (keyPtr + 32)); 00819 } 00820 00821 uint8_t tls_ecc_start_premaster_secret(EllipticPoint *ellicpt_ptr, sec_suite_t *suite) 00822 { 00823 uint8_t auth_setup = suite->setups; 00824 if (ellicpt_ptr == 0) { 00825 ellicpt_ptr = ecc_get_elliptic_point(); 00826 } else { 00827 memset(ellicpt_ptr, 0, sizeof(EllipticPoint)); 00828 ellicpt_ptr->finite = 1; 00829 } 00830 00831 if (ellicpt_ptr) { 00832 tls_heap_t *tls_heap = suite->tls_session->tls_heap; 00833 tr_debug("Cal ECC PSK"); 00834 if ((auth_setup & TLS_SERVER_MODE) == 0) { 00835 tls_key_set_elliptic_point(ellicpt_ptr, tls_heap->ecc_heap->server_public_key); 00836 } else { 00837 tls_key_set_elliptic_point(ellicpt_ptr, tls_heap->ecc_heap->client_public_key); 00838 } 00839 if (ecc_calculate_pre_master_secret(ellicpt_ptr, &(tls_heap->ecc_heap->private_key), &ecc_operation_done_callback) == ECC_STATUS_OK) { 00840 //tr_debug("PRE started"); 00841 sec_lib_state_machine_lock(suite,TLS_ECC_GENERATE_PREMASTER_SECRET); 00842 sec_ecc_state_save(suite); 00843 return 1; 00844 } else { 00845 tr_debug("Failed pre start"); 00846 ecc_library_free_pointer(ellicpt_ptr); 00847 } 00848 } 00849 00850 return 0; 00851 } 00852 00853 void ecc_operation_done_callback(int8_t status, void *result_ptr) 00854 { 00855 uint8_t alert = 0; 00856 sec_suite_t *suite = active_ecc_sec_suite; 00857 active_ecc_sec_suite = NULL; 00858 //tr_debug("ECC CB"); 00859 if (status != ECC_STATUS_OK) { 00860 tr_warn("ECC proces Fail: %i", status); 00861 if (result_ptr) { 00862 tr_debug("Free ECC Result"); 00863 ecc_library_free_pointer(result_ptr); 00864 } 00865 ecc_free_memory(); 00866 alert = 1; 00867 if (suite == 0) { 00868 tr_warn("NOt active ECC2!!"); 00869 return ; 00870 } 00871 } else { 00872 tls_heap_t *tls_heap = 0; 00873 if (suite == 0) { 00874 tr_warn("NOt active ECC!!"); 00875 return ; 00876 } 00877 00878 tls_heap = suite->tls_session->tls_heap; 00879 00880 switch (suite->state) { 00881 00882 00883 case TLS_ECC_CERTIFICATE_SIGNATURE_CHECK: 00884 if (tls_heap->ecc_heap->sgnt == 0) { 00885 tls_heap->ecc_heap->sgnt = ecc_get_ecdsa_signature(); 00886 } 00887 if (!tls_heap->ecc_heap->sgnt) { 00888 tr_warn("Signature Fail"); 00889 alert = 1; 00890 } else { 00891 00892 tls_certificate_signature_verify(suite); 00893 } 00894 00895 break; 00896 00897 case TLS_ECC_MESSAGE_VERIFY: 00898 if (suite->setups & TLS_SERVER_MODE) { 00899 tr_debug("Certi verify valid"); 00900 if (tls_ecc_start_premaster_secret(0, suite) == 0) { 00901 tr_debug("Pre sec start fail"); 00902 alert = 1; 00903 } 00904 } else { 00905 tr_debug("Server Key valid"); 00906 if (ecc_calculate_public_key(&(tls_heap->ecc_heap->private_key), &ecc_operation_done_callback) == ECC_STATUS_OK) { 00907 sec_lib_state_machine_lock(suite, TLS_ECC_GENERATE_PUBLIC_KEY); 00908 sec_ecc_state_save(suite); 00909 } else { 00910 alert = 2; 00911 } 00912 00913 } 00914 00915 break; 00916 case TLS_ECC_CERTIFICATE_VERIFY_SIGNATURE: 00917 if (!result_ptr) { 00918 alert = 1; 00919 } else { 00920 tls_heap->ecc_heap->sgnt = result_ptr; 00921 suite->setups &= ~TLS_HANSHAKE_HASH; 00922 sec_lib_state_machine_trig(suite, TLS_CLIENT_TX_CERTIFICATE_VERIFY); 00923 } 00924 active_ecc_sec_suite = 0; 00925 break; 00926 case TLS_ECC_GENERATE_PUBLIC_KEY: { 00927 uint8_t *temp_ptr; 00928 EllipticPoint *result; 00929 result = result_ptr; 00930 00931 //Save Result 00932 if (suite->setups & TLS_SERVER_MODE) { 00933 temp_ptr = tls_heap->ecc_heap->server_public_key; 00934 } else { 00935 temp_ptr = tls_heap->ecc_heap->client_public_key; 00936 00937 } 00938 if (result) { 00939 tls_ecc_point_reverse_order(temp_ptr, (uint8_t *)result->x.data); 00940 tls_ecc_point_reverse_order((temp_ptr + 32), (uint8_t *)result->y.data); 00941 } 00942 00943 if (suite->setups & TLS_SERVER_MODE) { 00944 if (result) { 00945 ecc_library_free_pointer(result); 00946 result = 0; 00947 } 00948 //Cal Signature 00949 if (ecc_signature_calculate_hash(tls_heap) == 0) { 00950 //SET Array to MPINT 00951 uint8_t *ptr = NULL; 00952 certificate_chain_internal_t *temp; 00953 00954 00955 temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN); 00956 00957 if (temp) { 00958 ptr = x509_get_key_from_pki((uint8_t *) temp->key_chain[(temp->chain_length - 1)], 0); 00959 } 00960 00961 if (ptr) { 00962 uint8_t i; 00963 memset(&temp_key_entry.data, 0, MPINT_DATA_SIZE); 00964 00965 //Revert bytes 00966 for (i = 0; i < 32; i++) { 00967 *(((uint8_t *)&temp_key_entry.data) + i) = ptr[31 - i]; 00968 } 00969 status = ecc_calculate_signature(tls_heap->ecc_heap->sgnt, (MPint *) &temp_key_entry, &ecc_operation_done_callback); 00970 if (status == ECC_STATUS_OK) { 00971 tls_heap->ecc_heap->sgnt = 0; 00972 sec_lib_state_machine_lock(suite, TLS_ECC_SIGNATURE_MESSAGE); 00973 sec_ecc_state_save(suite); 00974 } else { 00975 tr_warn("SigNature start Fail"); 00976 alert = 3; 00977 } 00978 } else { 00979 alert = 4; 00980 } 00981 } else { 00982 //Alert 00983 tr_debug("ECC Error"); 00984 sec_lib_state_machine_trig(suite, TLS_ALERT_INTERNAL); 00985 alert = 4; 00986 } 00987 00988 00989 } else { 00990 //Calculate PreMaster Secret 00991 if (result == NULL) { 00992 alert = 5; 00993 } else { 00994 if (tls_ecc_start_premaster_secret(result, suite) == 0) { 00995 alert = 5; 00996 result = 0; 00997 00998 } 00999 } 01000 } 01001 } 01002 01003 break; 01004 01005 case TLS_ECC_GENERATE_PREMASTER_SECRET: { 01006 EllipticPoint *result; 01007 result = result_ptr; 01008 01009 if (result) { 01010 tls_ecc_point_reverse_order(tls_heap->ecc_heap->pre_secret_mat, (uint8_t *)result->x.data); 01011 ecc_library_free_pointer(result); 01012 } 01013 active_ecc_sec_suite = 0; 01014 if ((suite->setups & TLS_SERVER_MODE) == 0) { 01015 suite->setups &= ~TLS_HANSHAKE_HASH; 01016 sec_lib_state_machine_trig(suite, TLS_UPDATE_HAS_WITH_CERTIFICATE); 01017 } else { 01018 sec_prf_state_set(suite); 01019 } 01020 } 01021 break; 01022 01023 case TLS_ECC_SIGNATURE_MESSAGE: 01024 active_ecc_sec_suite = 0; 01025 if (!result_ptr) { 01026 alert = 1; 01027 } else { 01028 tls_heap->ecc_heap->sgnt = result_ptr; 01029 01030 #ifdef PANA_SERVER_API 01031 if (suite->setups & TLS_SERVER_MODE) { 01032 suite->setups &= ~TLS_HANSHAKE_HASH; 01033 sec_lib_state_machine_trig(suite, TLS_TX_SERVER_KEY_EXCHANGE); 01034 } 01035 #endif 01036 } 01037 01038 break; 01039 default: 01040 01041 break; 01042 01043 } 01044 } 01045 if (alert) { 01046 tr_debug("State: %x, Alert: %x", suite->state, alert); 01047 if (suite->state == 0x15) { 01048 sec_lib_state_machine_trig(suite, TLS_ALERT_BAD_CERTIFICATE); 01049 } else { 01050 sec_lib_state_machine_trig(suite, TLS_ALERT_DECRYPT); 01051 } 01052 active_ecc_sec_suite = 0; 01053 } 01054 } 01055 void sec_ecc_client_signature_start(sec_suite_t *suite) 01056 { 01057 uint8_t trig_alert = 0; 01058 if (ecc_state_idle_check() == ECC_STATUS_OK) { 01059 //Signature 01060 tls_heap_t *tls_heap = suite->tls_session->tls_heap; 01061 ECDSASignature *sgnt; 01062 tr_debug("HASH Calc for Cert Verify"); 01063 tls_hanshake_hash_cal(tls_heap); 01064 01065 if (tls_heap->ecc_heap->sgnt == 0) { 01066 sgnt = ecc_get_ecdsa_signature(); 01067 } else { 01068 sgnt = tls_heap->ecc_heap->sgnt; 01069 tls_heap->ecc_heap->sgnt = 0; 01070 } 01071 01072 if (sgnt) { 01073 certificate_chain_internal_t *temp; 01074 uint8_t *ptr = 0; 01075 memset((uint8_t *) sgnt->m_m.data, 0, sizeof(MPint)); 01076 tls_ecc_point_reverse_order((uint8_t *) sgnt->m_m.data, (uint8_t *)tls_heap->hash_buf); 01077 01078 temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN); 01079 01080 01081 ptr = x509_get_key_from_pki((uint8_t *)temp->key_chain[(temp->chain_length - 1)], 0); 01082 if (ptr) { 01083 uint8_t i; 01084 memset(&temp_key_entry.data, 0, MPINT_DATA_SIZE); 01085 01086 //Revert bytes 01087 for (i = 0; i < 32; i++) { 01088 *(((uint8_t *)&temp_key_entry.data) + i) = ptr[31 - i]; 01089 } 01090 01091 if (ecc_calculate_signature(sgnt, (MPint *) &temp_key_entry, &ecc_operation_done_callback) == ECC_STATUS_OK) { 01092 tr_debug("Certi verify"); 01093 sec_lib_state_machine_lock(suite, TLS_ECC_CERTIFICATE_VERIFY_SIGNATURE); 01094 sec_ecc_state_save(suite); 01095 } else { 01096 tr_warn("Signature start Fail"); 01097 ns_dyn_mem_free(sgnt); 01098 trig_alert = 1; 01099 } 01100 } else { 01101 tr_warn("Key get Fail"); 01102 ns_dyn_mem_free(sgnt); 01103 trig_alert = 1; 01104 } 01105 } else { 01106 tr_warn("Signature Allocate Fail"); 01107 trig_alert = 1; 01108 } 01109 if (trig_alert) { 01110 sec_lib_state_machine_trig(suite, TLS_ALERT_INTERNAL); 01111 } 01112 } else { 01113 //tr_debug("ECC Busy Wait1"); 01114 sec_lib_state_machine_trig(suite, TLS_ECC_CLIENT_SIGNATURE_START); 01115 } 01116 } 01117 void sec_ecc_gen_public_key_start(sec_suite_t *suite) 01118 { 01119 tls_heap_t *tls_heap = suite->tls_session->tls_heap; 01120 01121 if (ecc_calculate_public_key(&(tls_heap->ecc_heap->private_key), &ecc_operation_done_callback) == ECC_STATUS_OK) { 01122 sec_lib_state_machine_lock(suite, TLS_ECC_GENERATE_PUBLIC_KEY); 01123 sec_ecc_state_save(suite); 01124 } else { 01125 sec_lib_state_machine_trig(suite, TLS_ECC_GENERATE_PUBLIC_KEY_START); 01126 } 01127 } 01128 #endif 01129 01130 void eap_fragmentation_init(sec_suite_t *suite) 01131 { 01132 if (suite->pana_session.eap_frag_buf) { 01133 buffer_free(suite->pana_session.eap_frag_buf); 01134 suite->pana_session.eap_frag_buf = NULL; 01135 } 01136 suite->pana_session.frag_length = 0; 01137 if (suite->pana_session.eap_assy_buf) { 01138 buffer_free(suite->pana_session.eap_assy_buf); 01139 suite->pana_session.eap_assy_buf = NULL; 01140 } 01141 suite->pana_session.assy_length = 0; 01142 } 01143 01144 #ifdef ECC 01145 static void seclib_stop_ecc(sec_suite_t *suite) 01146 { 01147 if (active_ecc_sec_suite) { 01148 if (suite == active_ecc_sec_suite) { 01149 tr_debug("Stop ECC"); 01150 ecc_free_memory(); 01151 active_ecc_sec_suite = 0; 01152 } 01153 } 01154 } 01155 #endif 01156 01157 void seclib_session_clean(sec_suite_t *suite) 01158 { 01159 suite->timer = 0; 01160 suite->pana_session.auth_info = NULL; 01161 pana_free_dynamic_ram(suite); 01162 sec_suite_tls_free(suite, true); 01163 #ifdef ECC 01164 seclib_stop_ecc(suite); 01165 #endif 01166 } 01167 01168 01169 uint8_t sec_suite_socket_event(uint8_t event_type, sec_suite_t *suite) 01170 { 01171 suite = sec_suite_verify(suite); 01172 if (!suite) { 01173 return 0; 01174 } 01175 01176 if (event_type == SOCKET_TX_DONE) { 01177 sec_tx_done(suite); 01178 } else { 01179 tr_debug("SEC Suite CB event. Event type: %x", event_type); 01180 suite->timer = 15; 01181 } 01182 return 1; 01183 } 01184 01185 void sec_set_auth_timeout(sec_suite_t *suite, sec_state_machine_t cur_state) 01186 { 01187 suite->retry_counter = pana_retry_req_max_get(); 01188 suite->timer = pana_handshake_timeout(); 01189 suite->state = cur_state; 01190 } 01191 01192 static void sec_tx_done(sec_suite_t *suite) 01193 { 01194 sec_state_machine_t cur_state = suite->state; 01195 if (suite->timer) { 01196 if (cur_state != TLS_INIT) { 01197 switch (cur_state) { 01198 #ifdef ECC 01199 #ifdef PANA_SERVER_API 01200 case TLS_TX_SERVER_KEY_EXCHANGE: 01201 pana_timeout_timer_set(suite, suite->state); 01202 break; 01203 #endif 01204 01205 case TLS_CLIENT_TX_CERTIFICATE_VERIFY: 01206 if ((suite->setups & TLS_SERVER_MODE) == 0) { 01207 sec_set_auth_timeout(suite, TLS_KEY_CHANGE); 01208 } else { 01209 sec_lib_state_machine_trig(suite, PANA_READY); 01210 } 01211 break; 01212 #endif 01213 case PANA_FAILURE: 01214 if (suite->setups & TLS_SERVER_MODE) { 01215 pana_timeout_timer_set(suite, suite->state); 01216 } else { 01217 sec_lib_state_machine_trig(suite, PANA_ERROR); 01218 } 01219 break; 01220 01221 case TLS_SERVER_TX_SERVER_HELLO: 01222 sec_set_auth_timeout(suite, TLS_SERVER_WAIT_CHANGE_CHIPHERSUITE); 01223 break; 01224 01225 case TLS_KEY_CHANGE: 01226 if ((suite->setups & TLS_SERVER_MODE) == 0) { 01227 sec_set_auth_timeout(suite, TLS_KEY_CHANGE); 01228 } else { 01229 01230 tr_debug("Wait EAP RESPONSE"); 01231 pana_timeout_timer_set(suite, suite->state); 01232 } 01233 break; 01234 case TLS_FINISH: 01235 if (suite->setups & TLS_SERVER_MODE) { 01236 pana_timeout_timer_set(suite, suite->state); 01237 } else { 01238 sec_set_auth_timeout(suite, TLS_FINISH); 01239 } 01240 break; 01241 01242 01243 case TLS_ALERT_INTERNAL: 01244 case TLS_ALERT_CHIPHER_SUITE: 01245 case TLS_ALERT_DECRYPT: 01246 case TLS_ALERT_BAD_CERTIFICATE: 01247 01248 tr_debug("Alert TX Done. cur_state: %x", cur_state); 01249 suite->state = PANA_FAILURE; 01250 suite->timer = 15; 01251 suite->retry_counter = 0; 01252 break; 01253 01254 case PANA_PCI_TX: 01255 case PANA_KEY_UPDATE: 01256 case PANA_PING_REQ: 01257 case PANA_KEY_PULL: 01258 case EAP_IDENTITY_REQ: 01259 case PANA_REQUEST_TX: 01260 case TLS_START: 01261 case TLS_EAP_END_PANA_VERIFY: 01262 pana_timeout_timer_set(suite, suite->state); 01263 break; 01264 case EAP_IDENTITY_RES: 01265 case PANA_START_RESPONSE: 01266 case PANA_READY: 01267 break; 01268 01269 default: 01270 tr_debug("unknown cur_state: %x", cur_state); 01271 suite->timer = 100; 01272 break; 01273 } 01274 } 01275 } 01276 } 01277 01278 #endif 01279 01280 01281 //************************ECC Certificates end
Generated on Fri Jul 22 2022 04:53:59 by
1.7.2