Request missing SWID tags in a directed PA-TNC message
[strongswan.git] / src / libimcv / pts / pts_dh_group.c
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pts_dh_group.h"
17
18 #include <utils/debug.h>
19
20 /**
21 * Described in header.
22 */
23 bool pts_dh_group_probe(pts_dh_group_t *dh_groups, bool mandatory_dh_groups)
24 {
25 enumerator_t *enumerator;
26 diffie_hellman_group_t dh_group;
27 const char *plugin_name;
28 char format1[] = " %s PTS DH group %N[%s] available";
29 char format2[] = " %s PTS DH group %N not available";
30
31 *dh_groups = PTS_DH_GROUP_NONE;
32
33 enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
34 while (enumerator->enumerate(enumerator, &dh_group, &plugin_name))
35 {
36 if (dh_group == MODP_1024_BIT)
37 {
38 *dh_groups |= PTS_DH_GROUP_IKE2;
39 DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
40 dh_group, plugin_name);
41 }
42 else if (dh_group == MODP_1536_BIT)
43 {
44 *dh_groups |= PTS_DH_GROUP_IKE5;
45 DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
46 dh_group, plugin_name);
47 }
48 else if (dh_group == MODP_2048_BIT)
49 {
50 *dh_groups |= PTS_DH_GROUP_IKE14;
51 DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
52 dh_group, plugin_name);
53 }
54 else if (dh_group == ECP_256_BIT)
55 {
56 *dh_groups |= PTS_DH_GROUP_IKE19;
57 DBG2(DBG_PTS, format1, "mandatory", diffie_hellman_group_names,
58 dh_group, plugin_name);
59 }
60 else if (dh_group == ECP_384_BIT)
61 {
62 *dh_groups |= PTS_DH_GROUP_IKE20;
63 DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
64 dh_group, plugin_name);
65 }
66 }
67 enumerator->destroy(enumerator);
68
69 if (*dh_groups & PTS_DH_GROUP_IKE19)
70 {
71 /* mandatory PTS DH group is available */
72 return TRUE;
73 }
74 if (*dh_groups == PTS_DH_GROUP_NONE)
75 {
76 DBG1(DBG_PTS, "no PTS DH group available");
77 return FALSE;
78 }
79 if (mandatory_dh_groups)
80 {
81 DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
82 ECP_256_BIT);
83 return FALSE;
84 }
85
86 /* at least one optional PTS DH group is available */
87 return TRUE;
88 }
89
90 /**
91 * Described in header.
92 */
93 bool pts_dh_group_update(char *dh_group, pts_dh_group_t *dh_groups)
94 {
95 if (strcaseeq(dh_group, "ecp384"))
96 {
97 /* nothing to update, all groups are supported */
98 return TRUE;
99 }
100 if (strcaseeq(dh_group, "ecp256"))
101 {
102 /* remove DH group 20 */
103 *dh_groups &= ~PTS_DH_GROUP_IKE20;
104 return TRUE;
105 }
106 if (strcaseeq(dh_group, "modp2048"))
107 {
108 /* remove DH groups 19 and 20 */
109 *dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19);
110 return TRUE;
111 }
112 if (strcaseeq(dh_group, "modp1536"))
113 {
114 /* remove DH groups 14, 19 and 20 */
115 *dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
116 PTS_DH_GROUP_IKE14);
117 return TRUE;
118 }
119 if (strcaseeq(dh_group, "modp1024"))
120 {
121 /* remove DH groups 5, 14, 19 and 20 */
122 *dh_groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
123 PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE5);
124 return TRUE;
125 }
126 DBG1(DBG_PTS, "unknown DH group '%s' configured", dh_group);
127 return FALSE;
128 }
129
130 /**
131 * Described in header.
132 */
133 pts_dh_group_t pts_dh_group_select(pts_dh_group_t supported_dh_groups,
134 pts_dh_group_t offered_dh_groups)
135 {
136 if ((supported_dh_groups & PTS_DH_GROUP_IKE20) &&
137 (offered_dh_groups & PTS_DH_GROUP_IKE20))
138 {
139 return PTS_DH_GROUP_IKE20;
140 }
141 if ((supported_dh_groups & PTS_DH_GROUP_IKE19) &&
142 (offered_dh_groups & PTS_DH_GROUP_IKE19))
143 {
144 return PTS_DH_GROUP_IKE19;
145 }
146 if ((supported_dh_groups & PTS_DH_GROUP_IKE14) &&
147 (offered_dh_groups & PTS_DH_GROUP_IKE14))
148 {
149 return PTS_DH_GROUP_IKE14;
150 }
151 if ((supported_dh_groups & PTS_DH_GROUP_IKE5) &&
152 (offered_dh_groups & PTS_DH_GROUP_IKE5))
153 {
154 return PTS_DH_GROUP_IKE5;
155 }
156 if ((supported_dh_groups & PTS_DH_GROUP_IKE2) &&
157 (offered_dh_groups & PTS_DH_GROUP_IKE2))
158 {
159 return PTS_DH_GROUP_IKE2;
160 }
161 return PTS_DH_GROUP_NONE;
162 }
163
164 /**
165 * Described in header.
166 */
167 diffie_hellman_group_t pts_dh_group_to_ike(pts_dh_group_t dh_group)
168 {
169 switch (dh_group)
170 {
171 case PTS_DH_GROUP_IKE2:
172 return MODP_1024_BIT;
173 case PTS_DH_GROUP_IKE5:
174 return MODP_1536_BIT;
175 case PTS_DH_GROUP_IKE14:
176 return MODP_2048_BIT;
177 case PTS_DH_GROUP_IKE19:
178 return ECP_256_BIT;
179 case PTS_DH_GROUP_IKE20:
180 return ECP_384_BIT;
181 default:
182 return MODP_NONE;
183 }
184 }