Annotation of embedaddon/strongswan/src/libimcv/pts/pts_meas_algo.c, revision 1.1.1.2
1.1 misho 1: /*
2: * Copyright (C) 2011-2014 Andreas Steffen
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "pts_meas_algo.h"
17:
18: #include <utils/debug.h>
19:
20: ENUM_BEGIN(pts_meas_algorithm_names, PTS_MEAS_ALGO_NONE, PTS_MEAS_ALGO_NONE,
21: "None");
1.1.1.2 ! misho 22: ENUM_NEXT(pts_meas_algorithm_names, PTS_MEAS_ALGO_SHA512, PTS_MEAS_ALGO_SHA512,
1.1 misho 23: PTS_MEAS_ALGO_NONE,
1.1.1.2 ! misho 24: "SHA512");
! 25: ENUM_NEXT(pts_meas_algorithm_names, PTS_MEAS_ALGO_SHA384, PTS_MEAS_ALGO_SHA384,
! 26: PTS_MEAS_ALGO_SHA512,
1.1 misho 27: "SHA384");
28: ENUM_NEXT(pts_meas_algorithm_names, PTS_MEAS_ALGO_SHA256, PTS_MEAS_ALGO_SHA256,
29: PTS_MEAS_ALGO_SHA384,
30: "SHA256");
31: ENUM_NEXT(pts_meas_algorithm_names, PTS_MEAS_ALGO_SHA1, PTS_MEAS_ALGO_SHA1,
32: PTS_MEAS_ALGO_SHA256,
33: "SHA1");
34: ENUM_END(pts_meas_algorithm_names, PTS_MEAS_ALGO_SHA1);
35:
36: /**
37: * Described in header.
38: */
39: bool pts_meas_algo_probe(pts_meas_algorithms_t *algorithms)
40: {
41: enumerator_t *enumerator;
42: hash_algorithm_t hash_alg;
43: const char *plugin_name;
44: char format1[] = " %s PTS measurement algorithm %N[%s] available";
45: char format2[] = " %s PTS measurement algorithm %N not available";
46:
47: *algorithms = 0;
48:
49: enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
50: while (enumerator->enumerate(enumerator, &hash_alg, &plugin_name))
51: {
52: if (hash_alg == HASH_SHA1)
53: {
54: *algorithms |= PTS_MEAS_ALGO_SHA1;
55: DBG2(DBG_PTS, format1, "mandatory", hash_algorithm_names, hash_alg,
56: plugin_name);
57: }
58: else if (hash_alg == HASH_SHA256)
59: {
60: *algorithms |= PTS_MEAS_ALGO_SHA256;
61: DBG2(DBG_PTS, format1, "mandatory", hash_algorithm_names, hash_alg,
62: plugin_name);
63: }
64: else if (hash_alg == HASH_SHA384)
65: {
66: *algorithms |= PTS_MEAS_ALGO_SHA384;
67: DBG2(DBG_PTS, format1, "optional ", hash_algorithm_names, hash_alg,
68: plugin_name);
69: }
1.1.1.2 ! misho 70: else if (hash_alg == HASH_SHA512)
! 71: {
! 72: *algorithms |= PTS_MEAS_ALGO_SHA512;
! 73: DBG2(DBG_PTS, format1, "optional ", hash_algorithm_names, hash_alg,
! 74: plugin_name);
! 75: }
1.1 misho 76: }
77: enumerator->destroy(enumerator);
78:
1.1.1.2 ! misho 79: if (!(*algorithms & PTS_MEAS_ALGO_SHA512))
! 80: {
! 81: DBG1(DBG_PTS, format2, "optional ", hash_algorithm_names, HASH_SHA512);
! 82: }
1.1 misho 83: if (!(*algorithms & PTS_MEAS_ALGO_SHA384))
84: {
85: DBG1(DBG_PTS, format2, "optional ", hash_algorithm_names, HASH_SHA384);
86: }
87: if ((*algorithms & PTS_MEAS_ALGO_SHA1) &&
88: (*algorithms & PTS_MEAS_ALGO_SHA256))
89: {
90: return TRUE;
91: }
92: if (!(*algorithms & PTS_MEAS_ALGO_SHA256))
93: {
94: DBG1(DBG_PTS, format2, "mandatory", hash_algorithm_names, HASH_SHA256);
95: }
1.1.1.2 ! misho 96: if (!(*algorithms & PTS_MEAS_ALGO_SHA1))
! 97: {
! 98: DBG1(DBG_PTS, format2, "mandatory", hash_algorithm_names, HASH_SHA1);
! 99: }
1.1 misho 100: return FALSE;
101: }
102:
103: /**
104: * Described in header.
105: */
106: bool pts_meas_algo_update(char *hash_alg, pts_meas_algorithms_t *algorithms)
107: {
1.1.1.2 ! misho 108: if (strcaseeq(hash_alg, "sha512") || strcaseeq(hash_alg, "sha2_512"))
1.1 misho 109: {
110: /* nothing to update, all algorithms are supported */
111: return TRUE;
112: }
1.1.1.2 ! misho 113: if (strcaseeq(hash_alg, "sha384") || strcaseeq(hash_alg, "sha2_384"))
! 114: {
! 115: /* remove SHA512 algorithm */
! 116: *algorithms &= ~PTS_MEAS_ALGO_SHA512;
! 117: return TRUE;
! 118: }
1.1 misho 119: if (strcaseeq(hash_alg, "sha256") || strcaseeq(hash_alg, "sha2_256"))
120: {
1.1.1.2 ! misho 121: /* remove SHA512 and SHA384 algorithms */
! 122: *algorithms &= ~(PTS_MEAS_ALGO_SHA512 | PTS_MEAS_ALGO_SHA384);
1.1 misho 123: return TRUE;
124: }
125: if (strcaseeq(hash_alg, "sha1"))
126: {
1.1.1.2 ! misho 127: /* remove SHA512, SHA384 and SHA256 algorithms */
! 128: *algorithms &= ~(PTS_MEAS_ALGO_SHA512 | PTS_MEAS_ALGO_SHA384 |
! 129: PTS_MEAS_ALGO_SHA256);
1.1 misho 130: return TRUE;
131: }
132: DBG1(DBG_PTS, "unknown hash algorithm '%s' configured", hash_alg);
133: return FALSE;
134: }
135:
136: /**
137: * Described in header.
138: */
1.1.1.2 ! misho 139: void pts_meas_algo_with_pcr(tpm_tss_t *tpm, pts_meas_algorithms_t *algorithms)
! 140: {
! 141: pts_meas_algorithms_t algo_set[] = { PTS_MEAS_ALGO_SHA1,
! 142: PTS_MEAS_ALGO_SHA256,
! 143: PTS_MEAS_ALGO_SHA384,
! 144: PTS_MEAS_ALGO_SHA512
! 145: };
! 146: int i;
! 147:
! 148: for (i = 0; i < countof(algo_set); i++)
! 149: {
! 150: if (!tpm->has_pcr_bank(tpm, pts_meas_algo_to_hash(algo_set[i])))
! 151: {
! 152: /* remove algorithm */
! 153: *algorithms &= ~algo_set[i];
! 154: }
! 155: }
! 156: }
! 157:
! 158: /**
! 159: * Described in header.
! 160: */
1.1 misho 161: pts_meas_algorithms_t pts_meas_algo_select(pts_meas_algorithms_t supported_algos,
162: pts_meas_algorithms_t offered_algos)
163: {
1.1.1.2 ! misho 164: if ((supported_algos & PTS_MEAS_ALGO_SHA512) &&
! 165: (offered_algos & PTS_MEAS_ALGO_SHA512))
! 166: {
! 167: return PTS_MEAS_ALGO_SHA512;
! 168: }
1.1 misho 169: if ((supported_algos & PTS_MEAS_ALGO_SHA384) &&
170: (offered_algos & PTS_MEAS_ALGO_SHA384))
171: {
172: return PTS_MEAS_ALGO_SHA384;
173: }
174: if ((supported_algos & PTS_MEAS_ALGO_SHA256) &&
175: (offered_algos & PTS_MEAS_ALGO_SHA256))
176: {
177: return PTS_MEAS_ALGO_SHA256;
178: }
179: if ((supported_algos & PTS_MEAS_ALGO_SHA1) &&
180: (offered_algos & PTS_MEAS_ALGO_SHA1))
181: {
182: return PTS_MEAS_ALGO_SHA1;
183: }
184: return PTS_MEAS_ALGO_NONE;
185: }
186:
187: /**
188: * Described in header.
189: */
190: hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm)
191: {
192: switch (algorithm)
193: {
194: case PTS_MEAS_ALGO_SHA1:
195: return HASH_SHA1;
196: case PTS_MEAS_ALGO_SHA256:
197: return HASH_SHA256;
198: case PTS_MEAS_ALGO_SHA384:
199: return HASH_SHA384;
1.1.1.2 ! misho 200: case PTS_MEAS_ALGO_SHA512:
! 201: return HASH_SHA512;
1.1 misho 202: default:
203: return HASH_UNKNOWN;
204: }
205: }
206:
207: /**
208: * Described in header.
209: */
210: pts_meas_algorithms_t pts_meas_algo_from_hash(hash_algorithm_t algorithm)
211: {
212: switch (algorithm)
213: {
214: case HASH_SHA1:
215: return PTS_MEAS_ALGO_SHA1;
216: case HASH_SHA256:
217: return PTS_MEAS_ALGO_SHA256;
218: case HASH_SHA384:
219: return PTS_MEAS_ALGO_SHA384;
1.1.1.2 ! misho 220: case HASH_SHA512:
! 221: return PTS_MEAS_ALGO_SHA512;
1.1 misho 222: default:
223: return PTS_MEAS_ALGO_NONE;
224: }
225: }
226:
227: /**
228: * Described in header.
229: */
230: size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm)
231: {
232: switch (algorithm)
233: {
234: case PTS_MEAS_ALGO_SHA1:
235: return HASH_SIZE_SHA1;
236: case PTS_MEAS_ALGO_SHA256:
237: return HASH_SIZE_SHA256;
238: case PTS_MEAS_ALGO_SHA384:
239: return HASH_SIZE_SHA384;
1.1.1.2 ! misho 240: case PTS_MEAS_ALGO_SHA512:
! 241: return HASH_SIZE_SHA512;
1.1 misho 242: case PTS_MEAS_ALGO_NONE:
243: default:
244: return 0;
245: }
246: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>