Return false if mandatory DH Group IKE19 is not available
[strongswan.git] / src / libpts / pts / pts_dh_group.c
1 /*
2 * Copyright (C) 2011 Sansar Choinyambuu
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "pts_dh_group.h"
17
18 #include <debug.h>
19
20 /**
21 * Described in header.
22 */
23 bool pts_probe_dh_groups(pts_dh_group_t *groups)
24 {
25 enumerator_t *enumerator;
26 diffie_hellman_group_t dh_group;
27 const char *plugin_name;
28 char format1[] = " %s PTS Diffie Hellman Group %N[%s] available";
29 char format2[] = " %s PTS Diffie Hellman Group %N[%s] not available";
30
31 *groups = 0;
32
33 enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
34 while (enumerator->enumerate(enumerator, &dh_group, &plugin_name))
35 {
36 DBG2(DBG_PTS, format1, "Following ", diffie_hellman_group_names, dh_group,
37 plugin_name);
38
39 if (dh_group == MODP_1024_BIT)
40 {
41 *groups |= PTS_DH_GROUP_IKE2;
42 DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group,
43 plugin_name);
44 }
45 else if (dh_group == MODP_1536_BIT)
46 {
47 *groups |= PTS_DH_GROUP_IKE5;
48 DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group,
49 plugin_name);
50 }
51 else if (dh_group == MODP_2048_BIT)
52 {
53 *groups |= PTS_DH_GROUP_IKE14;
54 DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group,
55 plugin_name);
56 }
57 else if (dh_group == ECP_256_BIT)
58 {
59 *groups |= PTS_DH_GROUP_IKE19;
60 DBG2(DBG_PTS, format1, "mandatory", diffie_hellman_group_names, dh_group,
61 plugin_name);
62 }
63 else if (dh_group == ECP_384_BIT)
64 {
65 *groups |= PTS_DH_GROUP_IKE20;
66 DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group,
67 plugin_name);
68 }
69 }
70 enumerator->destroy(enumerator);
71
72 if (*groups & PTS_DH_GROUP_IKE19)
73 {
74 return TRUE;
75 }
76 else
77 {
78 DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names, ECP_256_BIT, plugin_name);
79 }
80
81 return FALSE;
82 }
83
84 /**
85 * Described in header.
86 */
87 bool pts_update_supported_dh_groups(char *dh_group, pts_dh_group_t *groups)
88 {
89 if (strcaseeq(dh_group, "ike20"))
90 {
91 /* nothing to update, all groups are supported */
92 return TRUE;
93 }
94 else if (strcaseeq(dh_group, "ike19"))
95 {
96 /* remove DH Group 20 */
97 *groups = ~PTS_DH_GROUP_IKE20;
98 return TRUE;
99 }
100 else if (strcaseeq(dh_group, "ike14"))
101 {
102 /* remove DH Group 19 and 20 */
103 *groups = ~PTS_DH_GROUP_IKE20 | ~PTS_DH_GROUP_IKE19;
104 return TRUE;
105 }
106 else if (strcaseeq(dh_group, "ike5"))
107 {
108 /* remove DH Group 14, 19 and 20 */
109 *groups = ~PTS_DH_GROUP_IKE20 | ~PTS_DH_GROUP_IKE19
110 | ~PTS_DH_GROUP_IKE14;
111 return TRUE;
112 }
113 else if (strcaseeq(dh_group, "ike2"))
114 {
115 /* remove DH Group 5, 14, 19 and 20 */
116 *groups = ~PTS_DH_GROUP_IKE20 | ~PTS_DH_GROUP_IKE19 |
117 ~PTS_DH_GROUP_IKE14 | ~PTS_DH_GROUP_IKE5;
118 return TRUE;
119 }
120
121 DBG1(DBG_PTS, "Unknown DH Group: %s configured");
122 return FALSE;
123 }
124
125 /**
126 * Described in header.
127 */
128 diffie_hellman_group_t pts_dh_group_to_strongswan_dh_group(pts_dh_group_t dh_group)
129 {
130 switch (dh_group)
131 {
132 case PTS_DH_GROUP_IKE2:
133 return MODP_1024_BIT;
134 case PTS_DH_GROUP_IKE5:
135 return MODP_1536_BIT;
136 case PTS_DH_GROUP_IKE14:
137 return MODP_2048_BIT;
138 case PTS_DH_GROUP_IKE19:
139 return ECP_256_BIT;
140 case PTS_DH_GROUP_IKE20:
141 return ECP_384_BIT;
142 default:
143 return MODP_NONE;
144 }
145 }