Knight KE / Mbed OS Game_Master
Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers security_lib.c Source File

security_lib.c

00001 /*
00002  * Copyright (c) 2013-2017, Arm Limited and affiliates.
00003  * SPDX-License-Identifier: Apache-2.0
00004  *
00005  * Licensed under the Apache License, Version 2.0 (the "License");
00006  * you may not use this file except in compliance with the License.
00007  * You may obtain a copy of the License at
00008  *
00009  *     http://www.apache.org/licenses/LICENSE-2.0
00010  *
00011  * Unless required by applicable law or agreed to in writing, software
00012  * distributed under the License is distributed on an "AS IS" BASIS,
00013  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00014  * See the License for the specific language governing permissions and
00015  * limitations under the License.
00016  */
00017 #include "nsconfig.h"
00018 #include "ns_types.h"
00019 #include "ns_trace.h"
00020 #include "string.h"
00021 #include "eventOS_event.h"
00022 #include "nsdynmemLIB.h"
00023 #include "Core/include/socket.h"
00024 #include "NWK_INTERFACE/Include/protocol.h"
00025 #include "shalib.h"
00026 #include "randLIB.h"
00027 #ifdef ECC
00028 #include "libX509_V3.h"
00029 #include "ecc.h"
00030 #endif
00031 #include "Security/TLS/tls_lib.h"
00032 #include "Security/TLS/tls_ccm_crypt.h"
00033 #include "Security/Common/sec_lib.h"
00034 #include "net_nvm_api.h"
00035 #include "Security/PANA/pana_nvm.h"
00036 #include "Security/PANA/pana.h"
00037 #include "Security/PANA/eap_protocol.h"
00038 #include "Security/PANA/pana_internal_api.h"
00039 #include "common_functions.h"
00040 
00041 #ifdef PANA
00042 
00043 #ifndef SEC_TLS_TIMEOUT
00044 #define SEC_TLS_TIMEOUT 65000
00045 #endif
00046 
00047 #define TRACE_GROUP "secl"
00048 
00049 NS_LARGE NS_LIST_DEFINE(sec_suite_list, sec_suite_t, link);
00050 sec_suite_t *NS_LARGE active_ecc_sec_suite = 0;
00051 
00052 static void tls_MSK_calc(sec_suite_t *suite);
00053 
00054 #ifdef PANA_SERVER_API
00055 #ifdef ECC
00056 static void tls_server_hash_copy(uint8_t *ptr, tls_msg_t *tmp_msg, sec_suite_t *suite);
00057 #endif
00058 #endif
00059 
00060 #ifdef ECC
00061 
00062 static MPint temp_key_entry;
00063 
00064 static int8_t ecc_signature_calculate_hash(tls_heap_t *theap);
00065 #endif
00066 
00067 static void sec_tx_done(sec_suite_t *suite);
00068 static bool sec_suite_tls_allocate(sec_suite_t *suite);
00069 
00070 
00071 sec_suite_t * sec_lib_security_session_allocate(bool tls_allocate)
00072 {
00073     sec_suite_t *cur = ns_dyn_mem_alloc(sizeof(sec_suite_t));
00074     if (cur) {
00075 
00076         tls_session_t *tls_session;
00077         if (tls_allocate) {
00078             tls_session = amr_tls_session_allocate();
00079             if (!tls_session) {
00080                 ns_dyn_mem_free(cur);
00081                 return NULL;
00082             }
00083         } else {
00084             tls_session = NULL;
00085         }
00086         memset(cur, 0, sizeof(sec_suite_t));
00087         cur->tls_session = tls_session;
00088         cur->psk_key_id = -1;
00089         cur->supported_chipher_suites = SEC_DEFAULT_SUPPORTED_CHIPHER_SUITES;
00090         pana_session_base_init(&cur->pana_session);
00091         ns_list_add_to_start(&sec_suite_list, cur);
00092     }
00093     return cur;
00094 }
00095 
00096 
00097 void sec_lib_state_machine_lock(sec_suite_t *suite, sec_state_machine_t state)
00098 {
00099     suite->state = state;
00100     suite->timer = 0;
00101     suite->retry_counter = 0;
00102 }
00103 
00104 void sec_lib_state_machine_trig(sec_suite_t *suite, sec_state_machine_t state)
00105 {
00106     suite->state = state;
00107     suite->timer = 1;
00108     suite->retry_counter = 0;
00109 
00110 }
00111 
00112 #ifdef ECC
00113 void tls_server_hash_copy(uint8_t *ptr, tls_msg_t *tmp_msg, sec_suite_t *suite)
00114 {
00115 #ifdef PANA_SERVER_API
00116     tls_heap_t *t_heap = suite->tls_session->tls_heap;
00117     uint16_t t_length = 39; //Base and random and seq len
00118     t_length += suite->tls_session->id_length;
00119     if (t_heap->tls_chipher_mode == CHIPHER_ECC) {
00120         t_length += 11;
00121     } else {
00122         t_length += 7;
00123     }
00124 
00125     tmp_msg->len = t_length;
00126     tmp_msg->len -= 4;
00127     tmp_msg->msg_ptr = ptr + 4;
00128     tls_build_server_hello_msg(ptr, suite->tls_session);
00129     tls_handshake_copy(tmp_msg, t_heap);
00130     tr_debug("Pana server S-Hello,Cert hash");
00131 #endif
00132 }
00133 #endif
00134 
00135 #ifdef PANA_SERVER_API
00136 uint8_t tls_server_certi_hash_copy(sec_suite_t *suite)
00137 {
00138     if (suite->setups & TLS_HANSHAKE_HASH) {
00139         return 1;
00140     } else {
00141 #ifdef ECC
00142         certificate_chain_internal_t *temp;
00143         uint16_t len = 0;
00144         buffer_t *buf;
00145         tls_msg_t *tmp_msg = tls_msg_ptr_get();
00146         tls_heap_t *t_heap = suite->tls_session->tls_heap;
00147 
00148 
00149         temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN);
00150 
00151         if (temp) {
00152             len = tls_certificate_len(temp);
00153 
00154             buf = buffer_get(len);
00155             if (buf) {
00156                 uint8_t *ptr;
00157                 buf->interface  = suite->interface;
00158 
00159                 ptr = buffer_data_pointer(buf);
00160                 tls_server_hash_copy(ptr, tmp_msg, suite);
00161                 ptr = buffer_data_pointer(buf);
00162                 tmp_msg->len = len - 4;
00163                 tmp_msg->msg_ptr = ptr + 4;
00164                 ptr = tls_certificate_msg_set(ptr, temp);
00165                 tls_handshake_copy(tmp_msg, t_heap);
00166                 suite->setups |= TLS_HANSHAKE_HASH;
00167                 buffer_free(buf);
00168                 return 1;
00169 
00170             }
00171         }
00172 #endif
00173     }
00174     return 0;
00175 }
00176 #endif
00177 
00178 #ifdef ECC
00179 uint8_t tls_certi_hash_copy(sec_suite_t *suite)
00180 {
00181     if (suite->setups & TLS_HANSHAKE_HASH) {
00182         return 1;
00183     } else {
00184 #ifdef ECC
00185         certificate_chain_internal_t *temp;
00186         uint16_t len = 0;
00187         buffer_t *buf;
00188         tls_msg_t *tmp_msg = tls_msg_ptr_get();
00189         tls_heap_t *t_heap = suite->tls_session->tls_heap;
00190 
00191 
00192         temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN);
00193 
00194         if (temp) {
00195             len = tls_certificate_len(temp);
00196 
00197             buf = buffer_get(len);
00198             if (buf) {
00199                 uint8_t *ptr;
00200 
00201                 buf->interface  = suite->interface;
00202                 ptr = buffer_data_pointer(buf);
00203                 ptr = buffer_data_pointer(buf);
00204                 tmp_msg->len = len - 4;
00205                 tmp_msg->msg_ptr = ptr + 4;
00206                 ptr = tls_certificate_msg_set(ptr, temp);
00207                 tls_handshake_copy(tmp_msg, t_heap);
00208 
00209                 ptr = buffer_data_pointer(buf);
00210                 tmp_msg->len = 66;
00211                 tmp_msg->msg_ptr = ptr + 4;
00212 
00213                 ptr = tls_client_key_exchange_msg_set(ptr, t_heap);
00214                 tls_handshake_copy(tmp_msg, t_heap);
00215 
00216                 suite->setups |= TLS_HANSHAKE_HASH;
00217                 buffer_free(buf);
00218                 return 1;
00219 
00220             }
00221         }
00222 #endif
00223     }
00224     return 0;
00225 }
00226 #endif
00227 
00228 static void tls_MSK_calc(sec_suite_t *suite)
00229 {
00230     uint8_t *ptr;
00231     tls_heap_t *theap = 0;
00232     pana_heap_t *pheap = 0;
00233     prf_sec_param_t *prf_ptr = shalib_prf_param_get();
00234     theap = suite->tls_session->tls_heap;
00235     pheap = suite->pana_session.pana_heap;
00236     //tr_debug("CAL MSK:");
00237     prf_ptr->secret = suite->tls_session->master_secret;
00238     prf_ptr->sec_len = 48;
00239     prf_ptr->label = "client EAP encryption";
00240     prf_ptr->seed = theap->temp_buf;
00241     ptr = theap->temp_buf;
00242     memcpy(ptr, (theap->tls_hello_random + CLIENT_HELLO_PTR) , 32);
00243     ptr += 32;
00244     memcpy(ptr, (theap->tls_hello_random + SERVER_HELLO_PTR) , 32);
00245     prf_ptr->seedlen = 64;
00246     shalib_prf_calc(pheap->MSK, 16);
00247 }
00248 
00249 #ifdef PANA_SERVER_API
00250 static int tls_check_client_change_chiphersuite(uint8_t *verfify, sec_suite_t *suite)
00251 {
00252     tls_heap_t *tls_heap = suite->tls_session->tls_heap;
00253     int ret_val = -1;
00254     if (tls_heap == NULL) {
00255         tr_warn("TLS Heap fail 1");
00256         return -1;
00257     }
00258 
00259     if (tls_heap->client_verify_buf == NULL) {
00260         tr_warn("TLS Heap verfify ptr fail 1");
00261         return -1;
00262     }
00263 
00264     if (tls_ccm_data_decrypt(tls_heap->client_verify_buf, tls_heap->client_verify_buf_len, suite->tls_session->key_expansion, TLS_HANDSHAKE, false) != 0) {
00265         tr_warn("AUTH Mic Fail");
00266         goto end_process;
00267     }
00268 
00269     uint8_t *ptr = tls_heap->client_verify_buf + 8;
00270 
00271     if (ptr[0] == TLS_FINISHED && common_read_24_bit(ptr + 1) == 12) {
00272         ptr += 4;
00273         if (memcmp(verfify, ptr, 12) == 0) {
00274             //tr_debug("Client verify OK");
00275             ret_val = 0;
00276             tls_finnish_copy(ptr, tls_heap);
00277             tls_hanshake_hash_cal(tls_heap);
00278             sec_lib_state_machine_lock(suite, PRF_CALC2);
00279             tls_verify_calc(tls_heap->verify, 1, tls_heap, suite->tls_session->master_secret);
00280             sec_lib_state_machine_trig(suite,TLS_KEY_CHANGE);
00281 
00282         } else {
00283             tr_warn("Verify Mismatch: %s != %s", trace_array(ptr, 12), trace_array(verfify, 12));
00284         }
00285     } else {
00286         tr_debug("No Chiphertext");
00287     }
00288 
00289     end_process:
00290     //tr_debug("Free");
00291     if (tls_heap->client_verify_buf) {
00292         ns_dyn_mem_free(tls_heap->client_verify_buf);
00293         tls_heap->client_verify_buf = NULL;
00294     }
00295 
00296     return ret_val;
00297 }
00298 #endif
00299 #ifdef ECC
00300 
00301 void sec_ecc_state_free(sec_suite_t *suite)
00302 {
00303     if (active_ecc_sec_suite) {
00304         tr_debug("Active ECC");
00305         if (suite == active_ecc_sec_suite) {
00306             tr_debug("Stop ECC");
00307             ecc_free_memory();
00308             active_ecc_sec_suite = NULL;
00309         }
00310     }
00311 }
00312 
00313 
00314 void sec_ecc_state_save(sec_suite_t *suite)
00315 {
00316     if (active_ecc_sec_suite == 0 && suite) {
00317         active_ecc_sec_suite = suite;
00318         //Send ECC event callback
00319 
00320         arm_event_s event = {
00321             .receiver = protocol_read_tasklet_id(),
00322             .sender = 0,
00323             .event_type = ARM_IN_SECURITY_ECC_CALLER,
00324             .data_ptr = NULL,
00325             .priority = ARM_LIB_LOW_PRIORITY_EVENT,
00326         };
00327         if (eventOS_event_send(&event) != 0) {
00328             tr_error("sec_ecc_state_save(): event send failed");
00329         }
00330     }
00331 }
00332 
00333 
00334 uint8_t tls_certificate_build(sec_suite_t *suite)
00335 {
00336     buffer_t *buf;
00337     certificate_chain_internal_t *temp;
00338     uint16_t len = 0;
00339 
00340     temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN);
00341 
00342     if (temp) {
00343 
00344         len = tls_certificate_len(temp);
00345         len += 50; //TLS/EAP/PANA/TCP /IP
00346 
00347         //Client Key Exchange 70, Certiverify max 80, Finnish 43
00348         len += (70 + 80 + 43);
00349         buf = buffer_get(len); //(690);
00350 
00351         if (buf) {
00352             uint8_t *ptr;
00353             tls_msg_t *tmp_msg = tls_msg_ptr_get();
00354             buf->interface  = suite->interface;
00355             ptr = buffer_data_pointer(buf);
00356             //Leave Space for Tls Handshake Header
00357             ptr += 5;
00358             /* Set Certificate */
00359             ptr = tls_certificate_msg_set(ptr, temp);
00360             /* Client Key Exchange */
00361             ptr = tls_client_key_exchange_msg_set(ptr, suite->tls_session->tls_heap);
00362 
00363             /* Certificate Verify */
00364             if ((suite->setups & TLS_HANSHAKE_HASH) == 0) {
00365                 uint8_t *ptr_2;
00366                 ptr_2 = ptr;
00367                 ptr_2 += 4;
00368 
00369                 tmp_msg->msg_ptr = ptr_2;
00370                 ptr = tls_certificate_verify_msg_set(ptr, suite->tls_session->tls_heap);
00371                 tr_debug("Set Cert Ver");
00372                 tmp_msg->len = ptr - ptr_2;
00373                 tls_handshake_copy(tmp_msg, suite->tls_session->tls_heap);
00374                 sec_prf_state_set(suite);
00375 
00376             } else {
00377                 ptr = tls_certificate_verify_msg_set(ptr, suite->tls_session->tls_heap);
00378             }
00379 
00380             buffer_data_end_set(buf, ptr);
00381 
00382             tls_header_set(buf);
00383             ptr = buffer_data_end(buf);
00384             if ((suite->setups & TLS_HANSHAKE_HASH) == 0) {
00385                 uint8_t *ptr_2;
00386                 ptr_2 = ptr;
00387                 ptr_2 += 9;
00388                 tmp_msg->msg_ptr = ptr;
00389                 ptr = tls_build_change_chipher_suite_finnish_msg(ptr, suite->tls_session);
00390                 tmp_msg->len = ptr - ptr_2;
00391                 tls_handshake_copy(tmp_msg, suite->tls_session->tls_heap);
00392                 suite->setups |= TLS_HANSHAKE_HASH;
00393             } else {
00394                 ptr = tls_build_change_chipher_suite_finnish_msg(ptr, suite->tls_session);
00395             }
00396             buf->buf_end  = ptr - buf->buf ;
00397 
00398             tr_debug("TX Cer");
00399             pana_eap_down(buf, suite);
00400             return 1;
00401         }
00402     }
00403     return 0;
00404 }
00405 #endif
00406 
00407 #ifdef ECC
00408 void sec_ecc_sceduler(void)
00409 {
00410     if (ecc_run() != ECC_STATUS_IDLE) {
00411         arm_event_s event = {
00412             .receiver = protocol_read_tasklet_id(),
00413             .sender = 0,
00414             .event_type = ARM_IN_SECURITY_ECC_CALLER,
00415             .data_ptr = NULL,
00416             .priority = ARM_LIB_LOW_PRIORITY_EVENT,
00417         };
00418         if (eventOS_event_send(&event) != 0) {
00419             tr_error("sec_ecc_sceduler(): event send failed");
00420         }
00421     }
00422 }
00423 #ifdef PANA_SERVER_API
00424 uint8_t tls_pana_server_exchange_build(sec_suite_t *suite)
00425 {
00426     certificate_chain_internal_t *temp;
00427     buffer_t *buf;
00428     tls_heap_t *t_heap = suite->tls_session->tls_heap;
00429     uint16_t len = 39;
00430 
00431     temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN);
00432 
00433     if (temp) {
00434         len += suite->tls_session->id_length;
00435         if (t_heap->tls_chipher_mode == CHIPHER_ECC) {
00436             len += 11;
00437         } else {
00438             len += 7;
00439         }
00440 
00441         len += tls_certificate_len(temp); //Certi Len
00442         len += 240; //server key exchange
00443         len += 16; //Cert REQ & Hello Done
00444 
00445         buf = buffer_get(len);
00446         if (buf) {
00447             uint8_t *ptr, *t_ptr;
00448             tls_msg_t *tmp_msg = tls_msg_ptr_get();
00449             buf->interface  = suite->interface;
00450             ptr = buffer_data_pointer(buf);
00451             ptr += 5;
00452 
00453             //Server Hello build
00454             ptr = tls_build_server_hello_msg(ptr, suite->tls_session);
00455             // Certificate(s)
00456             ptr = tls_certificate_msg_set(ptr, temp);
00457             //Server Key Exchange
00458             tmp_msg->msg_ptr = ptr + 4;
00459             t_ptr = ptr;
00460             ptr = tls_server_key_excahnge_msg_build(ptr, t_heap);
00461             tmp_msg->len = ptr - t_ptr;
00462             tmp_msg->len -= 4;
00463             if ((suite->setups & TLS_HANSHAKE_HASH) == 0) {
00464                 tls_handshake_copy(tmp_msg, t_heap);
00465             }
00466             //Cert Req
00467             *ptr++ = TLS_CERTIFICATE_REQUEST;
00468             ptr = common_write_24_bit(8, ptr);
00469 
00470             tmp_msg->msg_ptr = ptr;
00471             *ptr++ = 1; //Type Count
00472             *ptr++ = TLS_CERT_TYPE_ECDSA;
00473             ptr = common_write_16_bit(2, ptr); //length
00474             ptr = common_write_16_bit(TLS_SIG_HASH_ALG_SHA256_ECDSA, ptr); //SET ALGORYTH
00475             ptr = common_write_16_bit(0, ptr);
00476 
00477 
00478             tmp_msg->len = 8;
00479             if ((suite->setups & TLS_HANSHAKE_HASH) == 0) {
00480                 tls_handshake_copy(tmp_msg, t_heap);
00481             }
00482 
00483 
00484             //Server Hello Done
00485             *ptr++ = TLS_SERVER_HELLO_DONE;
00486             ptr = common_write_24_bit(0, ptr);
00487             tmp_msg->msg_ptr = ptr;
00488             tmp_msg->len = 0;
00489             if ((suite->setups & TLS_HANSHAKE_HASH) == 0) {
00490                 tls_handshake_copy(tmp_msg, t_heap);
00491                 suite->setups |= TLS_HANSHAKE_HASH;
00492             }
00493             buffer_data_end_set(buf, ptr);
00494             tls_header_set(buf);
00495             pana_eap_down(buf, suite);
00496             return 1;
00497         }
00498     }
00499 
00500     return 0;
00501 }
00502 #endif
00503 
00504 static int8_t ecc_signature_calculate_hash(tls_heap_t *theap)
00505 {
00506     tr_debug("sign hash:");
00507     if (theap->ecc_heap) {
00508         //tr_debug("Allocate SIG");
00509         if (theap->ecc_heap->sgnt == 0) {
00510             theap->ecc_heap->sgnt = ecc_get_ecdsa_signature();
00511         }
00512 
00513         if (!theap->ecc_heap->sgnt) {
00514             tr_warn("Signature Allocate Fail");
00515             return -1;
00516         }
00517     } else {
00518         tr_warn("Signature Allocate Fail");
00519         return -1;
00520     }
00521     tls_ecc_server_key_signature_hash(theap);
00522     tr_debug(" done");
00523     return 0;
00524 
00525 }
00526 #endif
00527 void sec_libray_init(void)
00528 {
00529 #ifdef ECC
00530     ecc_init();
00531 #endif
00532 }
00533 
00534 
00535 static bool sec_suite_tls_allocate(sec_suite_t *suite)
00536 {
00537     tls_heap_t *tls_heap;
00538     tls_heap = tls_heap_allocate();
00539     if (!tls_heap) {
00540         return false;
00541     }
00542 
00543     suite->tls_session->tls_heap = tls_heap;
00544     if (suite->setups & TLS_SERVER_MODE) {
00545         if (suite->tls_session->id_length == 0) {
00546             tls_session_id_genrate(suite->tls_session->tls_session_id, 4);
00547             suite->tls_session->id_length = 4;
00548         }
00549         memset(suite->tls_session->tls_nonce_explit, 0, 8);
00550     }
00551     return true;
00552 }
00553 
00554 static bool sec_suite_pana_allocate_dynamic_ram(sec_suite_t *suite)
00555 {
00556     ns_dyn_mem_free(suite->pana_session.pana_heap);
00557     suite->pana_session.pana_heap = pana_heap_structure_allocate();
00558     if (!suite->pana_session.pana_heap) {
00559         return false;
00560     }
00561     return true;
00562 }
00563 
00564 
00565 int sec_pana_protocol_init(sec_suite_t *suite)
00566 {
00567     if (suite->tls_session == NULL) {
00568         suite->tls_session = amr_tls_session_allocate();
00569     }
00570 
00571     if (!suite->tls_session) {
00572         sec_lib_state_machine_trig(suite, PANA_ERROR);
00573         return 0;
00574     }
00575     //Initialize current TLS session data
00576     sec_suite_tls_free(suite, false);
00577 
00578     pana_session_state_init(&suite->pana_session);
00579     suite->pana_session.prf_algorythm = 0;
00580     suite->pana_session.integrity_algorythm = 0;
00581     suite->pana_session.session_id = 0;
00582     suite->pana_session.req_seq = randLIB_get_32bit();
00583     suite->pana_session.res_seq = 0;
00584 
00585     //Free pana heap and init eap fragmentation
00586     pana_free_dynamic_ram(suite);
00587 
00588     suite->setups &= ~TLS_HANSHAKE_HASH;
00589     suite->timer = 1;
00590     if (!sec_suite_tls_allocate(suite) || !sec_suite_pana_allocate_dynamic_ram(suite)) {
00591         sec_suite_tls_free(suite, true);
00592         sec_lib_state_machine_trig(suite, PANA_ERROR);
00593          return 0;
00594     }
00595     suite->state = PANA_PCI_TX;
00596 
00597     return 1;
00598 }
00599 
00600 
00601 void sec_suite_tls_free(sec_suite_t *suite, bool free_session)
00602 {
00603     if (suite->tls_session) {
00604         arm_tls_session_clear(suite->tls_session);
00605         if (free_session) {
00606             ns_dyn_mem_free(suite->tls_session);
00607             suite->tls_session = NULL;
00608         }
00609     }
00610     suite->setups &= ~(TLS_ECC_CERTIFICATE_REQUESTED | TLS_ECC_CERTIFICATE_RECEIVED | TLS_ECC_CERTIFICATE_VERIFY);
00611 }
00612 
00613 
00614 uint8_t sec_auth_re_check(sec_suite_t *suite) {
00615     if (pana_retry_check(suite->retry_counter, suite->state) == 0) {
00616         suite->retry_counter++;
00617         return 1;
00618     } else {
00619         //Init back to zero after fail
00620         suite->retry_counter = 0;
00621     }
00622     return 0;
00623 }
00624 
00625 uint8_t sec_check_suite_ptrs(sec_suite_t *suite)
00626 {
00627     uint8_t ret_val = 1;
00628     if (suite->pana_session.auth_info == 0) {
00629         if (!suite->pana_session.user_server) {
00630             tr_debug("AUTH Info!");
00631             ret_val = 0;
00632         }
00633     }
00634     if (suite->tls_session) {
00635         if (suite->tls_session->tls_heap == 0) {
00636             tr_debug("TLS Heap!");
00637             ret_val = 0;
00638         }
00639     } else {
00640         if (suite->state != PANA_PING_REQ) {
00641             ret_val = 0;
00642             tr_debug("No TLS session allocated");
00643         }
00644     }
00645     return ret_val;
00646 
00647 }
00648 
00649 
00650 
00651 void sec_timer_handle(void)
00652 {
00653     ns_list_foreach_safe(sec_suite_t, cur, &sec_suite_list) {
00654         uint8_t remove_cur = 0;
00655         if (cur->timer && --cur->timer == 0) {
00656             pana_common_state_machine(cur);
00657             if ((cur->state == PANA_ERROR) && (cur->timer == 0)) {
00658                 if (cur->setups & TLS_SERVER_MODE) {
00659                     remove_cur = 1;
00660                 }
00661             }
00662         }
00663         if (remove_cur) {
00664             tr_debug("Remove Session");
00665             sec_suite_remove(cur);
00666         }
00667     }
00668     //Here Possible to set 1 Second delay
00669     pana_key_update_delay_timer();
00670 }
00671 
00672 void sec_suite_list_clean(void)
00673 {
00674     ns_list_foreach_safe(sec_suite_t, cur, &sec_suite_list) {
00675         sec_suite_remove(cur);
00676     }
00677 
00678 }
00679 
00680 sec_suite_t *sec_suite_verify(sec_suite_t *session)
00681 {
00682     ns_list_foreach(sec_suite_t, cur, &sec_suite_list) {
00683         if (cur == session) {
00684             return cur;
00685         }
00686     }
00687     return NULL;
00688 }
00689 
00690 sec_suite_t *sec_suite_selected_py_pan_id(uint16_t pan_id)
00691 {
00692     ns_list_foreach(sec_suite_t, cur, &sec_suite_list) {
00693         if (cur->pan_id == pan_id) {
00694             return cur;
00695         }
00696     }
00697     return NULL;
00698 }
00699 
00700 sec_suite_t *sec_suite_selected_pana_session(uint32_t session_id)
00701 {
00702     ns_list_foreach(sec_suite_t, cur, &sec_suite_list) {
00703         if (cur->pana_session.session_id == session_id) {
00704             return cur;
00705         }
00706     }
00707     return NULL;
00708 }
00709 
00710 sec_suite_t *sec_suite_selected_address(const uint8_t address[static 16])
00711 {
00712     ns_list_foreach(sec_suite_t, cur, &sec_suite_list) {
00713         if (memcmp(cur->session_address, address, 16) == 0) {
00714             return cur;
00715         }
00716     }
00717     return NULL;
00718 }
00719 
00720 uint16_t sec_pana_key_update_trig(uint16_t th_time)
00721 {
00722     uint32_t trig_interval = 1;
00723     uint16_t counter = 0;
00724     uint32_t threshold_change;
00725     //Convert seconds to 100ms ticks
00726     threshold_change = (th_time * 10);
00727     ns_list_foreach(sec_suite_t, cur, &sec_suite_list) {
00728         if (cur->pana_session.session_ready) {
00729             if ((cur->pana_session.address_status & 3) == 0) { //
00730                 tr_debug("Trig Key Update");
00731                 cur->timer = trig_interval;
00732                 trig_interval += threshold_change;
00733                 cur->state = PANA_KEY_UPDATE;
00734                 cur->retry_counter = 0;
00735                 tr_debug("NVM SEQ Update by Key Push");
00736                 pana_session_nvm_udate(cur, PANA_SERVER_CLIENT_SESSION_UPDATE);
00737                 //Clear Current value
00738                 cur->retry_counter = 0;
00739                 counter++;
00740             }
00741         }
00742     }
00743     return counter;
00744 }
00745 
00746 int8_t sec_suite_remove(sec_suite_t *cur) {
00747     if (!cur) {
00748         return -1;
00749     }
00750 
00751     pana_free_dynamic_ram(cur);
00752 
00753     sec_suite_tls_free(cur, true);
00754 #ifdef ECC
00755     sec_ecc_state_free(cur);
00756 #endif
00757     ns_list_remove(&sec_suite_list, cur);
00758     ns_dyn_mem_free(cur);
00759     return 0;
00760 }
00761 
00762 sec_suite_t *sec_suite_create(void)
00763 {
00764     sec_suite_t *cur = sec_lib_security_session_allocate(true);
00765     if (!cur) {
00766         return NULL;
00767     }
00768     tls_heap_t *t_heap = tls_heap_allocate();
00769     pana_heap_t *p_heap = pana_heap_structure_allocate();
00770 
00771     if (!t_heap || !p_heap ) {
00772         ns_list_remove(&sec_suite_list, cur);
00773         ns_dyn_mem_free(t_heap);
00774         ns_dyn_mem_free(t_heap);
00775         ns_dyn_mem_free(p_heap);
00776         ns_dyn_mem_free(cur);
00777         return NULL;
00778     }
00779 
00780     cur->tls_session->tls_heap = t_heap;
00781     cur->pana_session.pana_heap = p_heap;
00782     return cur;
00783 }
00784 
00785 
00786 
00787 void sec_prf_state_set(sec_suite_t *suite)
00788 {
00789     if (suite->tls_session) {
00790         tls_heap_t *tls_heap = suite->tls_session->tls_heap;
00791         sec_lib_state_machine_lock(suite, PRF_CALC);
00792         tls_master_key_cal(tls_heap, suite);
00793         tls_key_expansion_cal(tls_heap, suite->tls_session->key_expansion, suite->tls_session->master_secret);
00794         tls_MSK_calc(suite);
00795         tls_hanshake_hash_cal(tls_heap);
00796 
00797         if (suite->setups & TLS_SERVER_MODE) {
00798 #ifdef PANA_SERVER_API
00799             tls_verify_calc(tls_heap->verify, 0, tls_heap, suite->tls_session->master_secret);
00800             if (tls_check_client_change_chiphersuite(tls_heap->verify, suite) != 0) {
00801                 sec_lib_state_machine_trig(suite,TLS_ALERT_DECRYPT);
00802             }
00803 #endif
00804         } else {
00805             tls_verify_calc(tls_heap->verify, 0, tls_heap, suite->tls_session->master_secret);
00806             if (tls_heap->tls_chipher_mode != CHIPHER_ECC) {
00807                 sec_lib_state_machine_trig(suite,TLS_KEY_CHANGE);
00808             } else {
00809                 tls_prepare_change_chipher_spec(suite);
00810             }
00811         }
00812     }
00813 }
00814 #ifdef ECC
00815 static void tls_key_set_elliptic_point(EllipticPoint *ellicpt_ptr, uint8_t *keyPtr)
00816 {
00817     tls_ecc_point_reverse_order((uint8_t *)ellicpt_ptr->x.data, keyPtr);
00818     tls_ecc_point_reverse_order((uint8_t *)ellicpt_ptr->y.data, (keyPtr + 32));
00819 }
00820 
00821 uint8_t tls_ecc_start_premaster_secret(EllipticPoint *ellicpt_ptr, sec_suite_t *suite)
00822 {
00823     uint8_t auth_setup = suite->setups;
00824     if (ellicpt_ptr == 0) {
00825         ellicpt_ptr = ecc_get_elliptic_point();
00826     } else {
00827         memset(ellicpt_ptr, 0, sizeof(EllipticPoint));
00828         ellicpt_ptr->finite = 1;
00829     }
00830 
00831     if (ellicpt_ptr) {
00832         tls_heap_t *tls_heap = suite->tls_session->tls_heap;
00833         tr_debug("Cal ECC PSK");
00834         if ((auth_setup & TLS_SERVER_MODE) == 0) {
00835             tls_key_set_elliptic_point(ellicpt_ptr, tls_heap->ecc_heap->server_public_key);
00836         } else {
00837             tls_key_set_elliptic_point(ellicpt_ptr, tls_heap->ecc_heap->client_public_key);
00838         }
00839         if (ecc_calculate_pre_master_secret(ellicpt_ptr, &(tls_heap->ecc_heap->private_key), &ecc_operation_done_callback) == ECC_STATUS_OK) {
00840             //tr_debug("PRE started");
00841             sec_lib_state_machine_lock(suite,TLS_ECC_GENERATE_PREMASTER_SECRET);
00842             sec_ecc_state_save(suite);
00843             return 1;
00844         } else {
00845             tr_debug("Failed pre start");
00846             ecc_library_free_pointer(ellicpt_ptr);
00847         }
00848     }
00849 
00850     return 0;
00851 }
00852 
00853 void ecc_operation_done_callback(int8_t status, void *result_ptr)
00854 {
00855     uint8_t alert = 0;
00856     sec_suite_t *suite = active_ecc_sec_suite;
00857     active_ecc_sec_suite = NULL;
00858     //tr_debug("ECC CB");
00859     if (status != ECC_STATUS_OK) {
00860         tr_warn("ECC proces Fail: %i", status);
00861         if (result_ptr) {
00862             tr_debug("Free ECC Result");
00863             ecc_library_free_pointer(result_ptr);
00864         }
00865         ecc_free_memory();
00866         alert = 1;
00867         if (suite == 0) {
00868             tr_warn("NOt active ECC2!!");
00869             return ;
00870         }
00871     } else {
00872         tls_heap_t *tls_heap = 0;
00873         if (suite == 0) {
00874             tr_warn("NOt active ECC!!");
00875             return ;
00876         }
00877 
00878         tls_heap = suite->tls_session->tls_heap;
00879 
00880         switch (suite->state) {
00881 
00882 
00883             case TLS_ECC_CERTIFICATE_SIGNATURE_CHECK:
00884                 if (tls_heap->ecc_heap->sgnt == 0) {
00885                     tls_heap->ecc_heap->sgnt = ecc_get_ecdsa_signature();
00886                 }
00887                 if (!tls_heap->ecc_heap->sgnt) {
00888                     tr_warn("Signature Fail");
00889                     alert = 1;
00890                 } else {
00891 
00892                     tls_certificate_signature_verify(suite);
00893                 }
00894 
00895                 break;
00896 
00897             case TLS_ECC_MESSAGE_VERIFY:
00898                 if (suite->setups & TLS_SERVER_MODE) {
00899                     tr_debug("Certi verify valid");
00900                     if (tls_ecc_start_premaster_secret(0, suite) == 0) {
00901                         tr_debug("Pre sec start fail");
00902                         alert = 1;
00903                     }
00904                 } else {
00905                     tr_debug("Server Key valid");
00906                     if (ecc_calculate_public_key(&(tls_heap->ecc_heap->private_key), &ecc_operation_done_callback) == ECC_STATUS_OK) {
00907                         sec_lib_state_machine_lock(suite, TLS_ECC_GENERATE_PUBLIC_KEY);
00908                         sec_ecc_state_save(suite);
00909                     } else {
00910                         alert = 2;
00911                     }
00912 
00913                 }
00914 
00915                 break;
00916             case TLS_ECC_CERTIFICATE_VERIFY_SIGNATURE:
00917                 if (!result_ptr) {
00918                     alert = 1;
00919                 } else {
00920                     tls_heap->ecc_heap->sgnt = result_ptr;
00921                     suite->setups &= ~TLS_HANSHAKE_HASH;
00922                     sec_lib_state_machine_trig(suite, TLS_CLIENT_TX_CERTIFICATE_VERIFY);
00923                 }
00924                 active_ecc_sec_suite = 0;
00925                 break;
00926             case TLS_ECC_GENERATE_PUBLIC_KEY: {
00927                 uint8_t *temp_ptr;
00928                 EllipticPoint *result;
00929                 result = result_ptr;
00930 
00931                 //Save Result
00932                 if (suite->setups & TLS_SERVER_MODE) {
00933                     temp_ptr = tls_heap->ecc_heap->server_public_key;
00934                 } else {
00935                     temp_ptr = tls_heap->ecc_heap->client_public_key;
00936 
00937                 }
00938                 if (result) {
00939                     tls_ecc_point_reverse_order(temp_ptr, (uint8_t *)result->x.data);
00940                     tls_ecc_point_reverse_order((temp_ptr + 32), (uint8_t *)result->y.data);
00941                 }
00942 
00943                 if (suite->setups & TLS_SERVER_MODE) {
00944                     if (result) {
00945                         ecc_library_free_pointer(result);
00946                         result = 0;
00947                     }
00948                     //Cal Signature
00949                     if (ecc_signature_calculate_hash(tls_heap) == 0) {
00950                         //SET Array to MPINT
00951                         uint8_t *ptr = NULL;
00952                         certificate_chain_internal_t   *temp;
00953 
00954 
00955                         temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN);
00956 
00957                         if (temp) {
00958                             ptr = x509_get_key_from_pki((uint8_t *) temp->key_chain[(temp->chain_length - 1)], 0);
00959                         }
00960 
00961                         if (ptr) {
00962                             uint8_t i;
00963                             memset(&temp_key_entry.data, 0, MPINT_DATA_SIZE);
00964 
00965                             //Revert bytes
00966                             for (i = 0; i < 32; i++) {
00967                                 *(((uint8_t *)&temp_key_entry.data) + i) = ptr[31 - i];
00968                             }
00969                             status = ecc_calculate_signature(tls_heap->ecc_heap->sgnt, (MPint *) &temp_key_entry, &ecc_operation_done_callback);
00970                             if (status == ECC_STATUS_OK) {
00971                                 tls_heap->ecc_heap->sgnt = 0;
00972                                 sec_lib_state_machine_lock(suite, TLS_ECC_SIGNATURE_MESSAGE);
00973                                 sec_ecc_state_save(suite);
00974                             } else {
00975                                 tr_warn("SigNature start Fail");
00976                                 alert = 3;
00977                             }
00978                         } else {
00979                             alert = 4;
00980                         }
00981                     } else {
00982                         //Alert
00983                         tr_debug("ECC Error");
00984                         sec_lib_state_machine_trig(suite, TLS_ALERT_INTERNAL);
00985                         alert = 4;
00986                     }
00987 
00988 
00989                 } else {
00990                     //Calculate PreMaster Secret
00991                     if (result == NULL) {
00992                         alert = 5;
00993                     } else {
00994                         if (tls_ecc_start_premaster_secret(result, suite) == 0) {
00995                             alert = 5;
00996                             result = 0;
00997 
00998                         }
00999                     }
01000                 }
01001             }
01002 
01003             break;
01004 
01005             case TLS_ECC_GENERATE_PREMASTER_SECRET: {
01006                 EllipticPoint *result;
01007                 result = result_ptr;
01008 
01009                 if (result) {
01010                     tls_ecc_point_reverse_order(tls_heap->ecc_heap->pre_secret_mat, (uint8_t *)result->x.data);
01011                     ecc_library_free_pointer(result);
01012                 }
01013                 active_ecc_sec_suite = 0;
01014                 if ((suite->setups & TLS_SERVER_MODE) == 0) {
01015                     suite->setups &= ~TLS_HANSHAKE_HASH;
01016                         sec_lib_state_machine_trig(suite, TLS_UPDATE_HAS_WITH_CERTIFICATE);
01017                 } else {
01018                     sec_prf_state_set(suite);
01019                 }
01020             }
01021             break;
01022 
01023             case TLS_ECC_SIGNATURE_MESSAGE:
01024                 active_ecc_sec_suite = 0;
01025                 if (!result_ptr) {
01026                     alert = 1;
01027                 } else {
01028                     tls_heap->ecc_heap->sgnt = result_ptr;
01029 
01030 #ifdef PANA_SERVER_API
01031                     if (suite->setups & TLS_SERVER_MODE) {
01032                         suite->setups &= ~TLS_HANSHAKE_HASH;
01033                         sec_lib_state_machine_trig(suite, TLS_TX_SERVER_KEY_EXCHANGE);
01034                     }
01035 #endif
01036                 }
01037 
01038                 break;
01039             default:
01040 
01041                 break;
01042 
01043         }
01044     }
01045     if (alert) {
01046         tr_debug("State: %x, Alert: %x", suite->state, alert);
01047         if (suite->state == 0x15) {
01048             sec_lib_state_machine_trig(suite, TLS_ALERT_BAD_CERTIFICATE);
01049         } else {
01050             sec_lib_state_machine_trig(suite, TLS_ALERT_DECRYPT);
01051         }
01052         active_ecc_sec_suite = 0;
01053     }
01054 }
01055 void sec_ecc_client_signature_start(sec_suite_t *suite)
01056 {
01057     uint8_t trig_alert = 0;
01058     if (ecc_state_idle_check() == ECC_STATUS_OK) {
01059         //Signature
01060         tls_heap_t *tls_heap = suite->tls_session->tls_heap;
01061         ECDSASignature *sgnt;
01062         tr_debug("HASH Calc for Cert Verify");
01063         tls_hanshake_hash_cal(tls_heap);
01064 
01065         if (tls_heap->ecc_heap->sgnt == 0) {
01066             sgnt = ecc_get_ecdsa_signature();
01067         } else {
01068             sgnt = tls_heap->ecc_heap->sgnt;
01069             tls_heap->ecc_heap->sgnt = 0;
01070         }
01071 
01072         if (sgnt) {
01073             certificate_chain_internal_t   *temp;
01074             uint8_t *ptr = 0;
01075             memset((uint8_t *) sgnt->m_m.data, 0, sizeof(MPint));
01076             tls_ecc_point_reverse_order((uint8_t *) sgnt->m_m.data, (uint8_t *)tls_heap->hash_buf);
01077 
01078             temp = sec_cetificate_chain_get(SEC_NWK_AUTHENTICATION_CERTI_CHAIN);
01079 
01080 
01081             ptr = x509_get_key_from_pki((uint8_t *)temp->key_chain[(temp->chain_length - 1)], 0);
01082             if (ptr) {
01083                 uint8_t i;
01084                 memset(&temp_key_entry.data, 0, MPINT_DATA_SIZE);
01085 
01086                 //Revert bytes
01087                 for (i = 0; i < 32; i++) {
01088                     *(((uint8_t *)&temp_key_entry.data) + i) = ptr[31 - i];
01089                 }
01090 
01091                 if (ecc_calculate_signature(sgnt, (MPint *) &temp_key_entry, &ecc_operation_done_callback) == ECC_STATUS_OK) {
01092                     tr_debug("Certi verify");
01093                     sec_lib_state_machine_lock(suite, TLS_ECC_CERTIFICATE_VERIFY_SIGNATURE);
01094                     sec_ecc_state_save(suite);
01095                 } else {
01096                     tr_warn("Signature start Fail");
01097                     ns_dyn_mem_free(sgnt);
01098                     trig_alert = 1;
01099                 }
01100             } else {
01101                 tr_warn("Key get Fail");
01102                 ns_dyn_mem_free(sgnt);
01103                 trig_alert = 1;
01104             }
01105         } else {
01106             tr_warn("Signature Allocate Fail");
01107             trig_alert = 1;
01108         }
01109         if (trig_alert) {
01110             sec_lib_state_machine_trig(suite, TLS_ALERT_INTERNAL);
01111         }
01112     } else {
01113         //tr_debug("ECC Busy Wait1");
01114         sec_lib_state_machine_trig(suite, TLS_ECC_CLIENT_SIGNATURE_START);
01115     }
01116 }
01117 void sec_ecc_gen_public_key_start(sec_suite_t *suite)
01118 {
01119     tls_heap_t *tls_heap = suite->tls_session->tls_heap;
01120 
01121     if (ecc_calculate_public_key(&(tls_heap->ecc_heap->private_key), &ecc_operation_done_callback) == ECC_STATUS_OK) {
01122         sec_lib_state_machine_lock(suite, TLS_ECC_GENERATE_PUBLIC_KEY);
01123         sec_ecc_state_save(suite);
01124     } else {
01125         sec_lib_state_machine_trig(suite, TLS_ECC_GENERATE_PUBLIC_KEY_START);
01126     }
01127 }
01128 #endif
01129 
01130 void eap_fragmentation_init(sec_suite_t *suite)
01131 {
01132         if (suite->pana_session.eap_frag_buf) {
01133             buffer_free(suite->pana_session.eap_frag_buf);
01134             suite->pana_session.eap_frag_buf = NULL;
01135         }
01136         suite->pana_session.frag_length = 0;
01137         if (suite->pana_session.eap_assy_buf) {
01138             buffer_free(suite->pana_session.eap_assy_buf);
01139             suite->pana_session.eap_assy_buf = NULL;
01140         }
01141         suite->pana_session.assy_length = 0;
01142 }
01143 
01144 #ifdef ECC
01145 static void seclib_stop_ecc(sec_suite_t *suite)
01146 {
01147     if (active_ecc_sec_suite) {
01148         if (suite == active_ecc_sec_suite) {
01149             tr_debug("Stop ECC");
01150             ecc_free_memory();
01151             active_ecc_sec_suite = 0;
01152         }
01153     }
01154 }
01155 #endif
01156 
01157 void seclib_session_clean(sec_suite_t *suite)
01158 {
01159     suite->timer = 0;
01160     suite->pana_session.auth_info = NULL;
01161     pana_free_dynamic_ram(suite);
01162     sec_suite_tls_free(suite, true);
01163 #ifdef ECC
01164     seclib_stop_ecc(suite);
01165 #endif
01166 }
01167 
01168 
01169 uint8_t sec_suite_socket_event(uint8_t event_type, sec_suite_t *suite)
01170 {
01171     suite = sec_suite_verify(suite);
01172     if (!suite) {
01173         return 0;
01174     }
01175 
01176     if (event_type == SOCKET_TX_DONE) {
01177         sec_tx_done(suite);
01178     } else {
01179         tr_debug("SEC Suite CB event. Event type: %x", event_type);
01180         suite->timer = 15;
01181     }
01182     return 1;
01183 }
01184 
01185 void sec_set_auth_timeout(sec_suite_t *suite, sec_state_machine_t cur_state)
01186 {
01187     suite->retry_counter = pana_retry_req_max_get();
01188     suite->timer = pana_handshake_timeout();
01189     suite->state = cur_state;
01190 }
01191 
01192 static void sec_tx_done(sec_suite_t *suite)
01193 {
01194     sec_state_machine_t cur_state = suite->state;
01195     if (suite->timer) {
01196         if (cur_state != TLS_INIT) {
01197             switch (cur_state) {
01198 #ifdef ECC
01199 #ifdef PANA_SERVER_API
01200                 case TLS_TX_SERVER_KEY_EXCHANGE:
01201                     pana_timeout_timer_set(suite, suite->state);
01202                     break;
01203 #endif
01204 
01205                 case TLS_CLIENT_TX_CERTIFICATE_VERIFY:
01206                     if ((suite->setups & TLS_SERVER_MODE) == 0) {
01207                         sec_set_auth_timeout(suite, TLS_KEY_CHANGE);
01208                     } else {
01209                         sec_lib_state_machine_trig(suite, PANA_READY);
01210                     }
01211                     break;
01212 #endif
01213                 case PANA_FAILURE:
01214                     if (suite->setups & TLS_SERVER_MODE) {
01215                         pana_timeout_timer_set(suite, suite->state);
01216                     } else {
01217                         sec_lib_state_machine_trig(suite, PANA_ERROR);
01218                     }
01219                     break;
01220 
01221                 case TLS_SERVER_TX_SERVER_HELLO:
01222                     sec_set_auth_timeout(suite, TLS_SERVER_WAIT_CHANGE_CHIPHERSUITE);
01223                     break;
01224 
01225                 case TLS_KEY_CHANGE:
01226                     if ((suite->setups & TLS_SERVER_MODE) == 0) {
01227                         sec_set_auth_timeout(suite, TLS_KEY_CHANGE);
01228                     } else {
01229 
01230                         tr_debug("Wait EAP RESPONSE");
01231                         pana_timeout_timer_set(suite, suite->state);
01232                     }
01233                     break;
01234                 case TLS_FINISH:
01235                     if (suite->setups & TLS_SERVER_MODE) {
01236                         pana_timeout_timer_set(suite, suite->state);
01237                     } else {
01238                         sec_set_auth_timeout(suite, TLS_FINISH);
01239                     }
01240                     break;
01241 
01242 
01243                 case TLS_ALERT_INTERNAL:
01244                 case TLS_ALERT_CHIPHER_SUITE:
01245                 case TLS_ALERT_DECRYPT:
01246                 case TLS_ALERT_BAD_CERTIFICATE:
01247 
01248                     tr_debug("Alert TX Done. cur_state: %x", cur_state);
01249                     suite->state = PANA_FAILURE;
01250                     suite->timer = 15;
01251                     suite->retry_counter = 0;
01252                     break;
01253 
01254                 case PANA_PCI_TX:
01255                 case PANA_KEY_UPDATE:
01256                 case PANA_PING_REQ:
01257                 case PANA_KEY_PULL:
01258                 case EAP_IDENTITY_REQ:
01259                 case PANA_REQUEST_TX:
01260                 case TLS_START:
01261                 case TLS_EAP_END_PANA_VERIFY:
01262                     pana_timeout_timer_set(suite, suite->state);
01263                     break;
01264                 case EAP_IDENTITY_RES:
01265                 case PANA_START_RESPONSE:
01266                 case PANA_READY:
01267                     break;
01268 
01269                 default:
01270                     tr_debug("unknown cur_state: %x", cur_state);
01271                     suite->timer = 100;
01272                     break;
01273             }
01274         }
01275     }
01276 }
01277 
01278 #endif
01279 
01280 
01281 //************************ECC Certificates end