![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pts_dh_group.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts|
Return to pts_dh_group.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libimcv / pts |
1.1 misho 1: /*
2: * Copyright (C) 2011 Sansar Choinyambuu
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "pts_dh_group.h"
17:
18: #include <utils/debug.h>
19:
20: /**
21: * Described in header.
22: */
23: bool pts_dh_group_probe(pts_dh_group_t *dh_groups, bool mandatory_dh_groups)
24: {
25: enumerator_t *enumerator;
26: diffie_hellman_group_t dh_group;
27: const char *plugin_name;
28: char format1[] = " %s PTS DH group %N[%s] available";
29: char format2[] = " %s PTS DH group %N not available";
30:
31: *dh_groups = PTS_DH_GROUP_NONE;
32:
33: enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
34: while (enumerator->enumerate(enumerator, &dh_group, &plugin_name))
35: {
36: if (dh_group == MODP_1024_BIT)
37: {
38: *dh_groups |= PTS_DH_GROUP_IKE2;
39: DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
40: dh_group, plugin_name);
41: }
42: else if (dh_group == MODP_1536_BIT)
43: {
44: *dh_groups |= PTS_DH_GROUP_IKE5;
45: DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
46: dh_group, plugin_name);
47: }
48: else if (dh_group == MODP_2048_BIT)
49: {
50: *dh_groups |= PTS_DH_GROUP_IKE14;
51: DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
52: dh_group, plugin_name);
53: }
54: else if (dh_group == ECP_256_BIT)
55: {
56: *dh_groups |= PTS_DH_GROUP_IKE19;
57: DBG2(DBG_PTS, format1, "mandatory", diffie_hellman_group_names,
58: dh_group, plugin_name);
59: }
60: else if (dh_group == ECP_384_BIT)
61: {
62: *dh_groups |= PTS_DH_GROUP_IKE20;
63: DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
64: dh_group, plugin_name);
65: }
66: }
67: enumerator->destroy(enumerator);
68:
69: if (*dh_groups & PTS_DH_GROUP_IKE19)
70: {
71: /* mandatory PTS DH group is available */
72: return TRUE;
73: }
74: if (*dh_groups == PTS_DH_GROUP_NONE)
75: {
76: DBG1(DBG_PTS, "no PTS DH group available");
77: return FALSE;
78: }
79: if (mandatory_dh_groups)
80: {
81: DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
82: ECP_256_BIT);
83: return FALSE;
84: }
85:
86: /* at least one optional PTS DH group is available */
87: return TRUE;
88: }
89:
90: /**
91: * Described in header.
92: */
93: bool pts_dh_group_update(char *dh_group, pts_dh_group_t *dh_groups)
94: {
95: if (strcaseeq(dh_group, "ecp384"))
96: {
97: /* nothing to update, all groups are supported */
98: return TRUE;
99: }
100: if (strcaseeq(dh_group, "ecp256"))
101: {
102: /* remove DH group 20 */
103: *dh_groups &= ~PTS_DH_GROUP_IKE20;
104: return TRUE;
105: }
106: if (strcaseeq(dh_group, "modp2048"))
107: {
108: /* remove DH groups 19 and 20 */
109: *dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19);
110: return TRUE;
111: }
112: if (strcaseeq(dh_group, "modp1536"))
113: {
114: /* remove DH groups 14, 19 and 20 */
115: *dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
116: PTS_DH_GROUP_IKE14);
117: return TRUE;
118: }
119: if (strcaseeq(dh_group, "modp1024"))
120: {
121: /* remove DH groups 5, 14, 19 and 20 */
122: *dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
123: PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE5);
124: return TRUE;
125: }
126: DBG1(DBG_PTS, "unknown DH group '%s' configured", dh_group);
127: return FALSE;
128: }
129:
130: /**
131: * Described in header.
132: */
133: pts_dh_group_t pts_dh_group_select(pts_dh_group_t supported_dh_groups,
134: pts_dh_group_t offered_dh_groups)
135: {
136: if ((supported_dh_groups & PTS_DH_GROUP_IKE20) &&
137: (offered_dh_groups & PTS_DH_GROUP_IKE20))
138: {
139: return PTS_DH_GROUP_IKE20;
140: }
141: if ((supported_dh_groups & PTS_DH_GROUP_IKE19) &&
142: (offered_dh_groups & PTS_DH_GROUP_IKE19))
143: {
144: return PTS_DH_GROUP_IKE19;
145: }
146: if ((supported_dh_groups & PTS_DH_GROUP_IKE14) &&
147: (offered_dh_groups & PTS_DH_GROUP_IKE14))
148: {
149: return PTS_DH_GROUP_IKE14;
150: }
151: if ((supported_dh_groups & PTS_DH_GROUP_IKE5) &&
152: (offered_dh_groups & PTS_DH_GROUP_IKE5))
153: {
154: return PTS_DH_GROUP_IKE5;
155: }
156: if ((supported_dh_groups & PTS_DH_GROUP_IKE2) &&
157: (offered_dh_groups & PTS_DH_GROUP_IKE2))
158: {
159: return PTS_DH_GROUP_IKE2;
160: }
161: return PTS_DH_GROUP_NONE;
162: }
163:
164: /**
165: * Described in header.
166: */
167: diffie_hellman_group_t pts_dh_group_to_ike(pts_dh_group_t dh_group)
168: {
169: switch (dh_group)
170: {
171: case PTS_DH_GROUP_IKE2:
172: return MODP_1024_BIT;
173: case PTS_DH_GROUP_IKE5:
174: return MODP_1536_BIT;
175: case PTS_DH_GROUP_IKE14:
176: return MODP_2048_BIT;
177: case PTS_DH_GROUP_IKE19:
178: return ECP_256_BIT;
179: case PTS_DH_GROUP_IKE20:
180: return ECP_384_BIT;
181: default:
182: return MODP_NONE;
183: }
184: }