if ((supported_dh_groups & PTS_DH_GROUP_IKE20) &&
(offered_dh_groups & PTS_DH_GROUP_IKE20))
{
- pts->set_dh_group(pts, PTS_DH_GROUP_IKE20);
+ selected_dh_group = PTS_DH_GROUP_IKE20;
}
else if ((supported_dh_groups & PTS_DH_GROUP_IKE19) &&
(offered_dh_groups & PTS_DH_GROUP_IKE19))
{
- pts->set_dh_group(pts, PTS_DH_GROUP_IKE19);
+ selected_dh_group = PTS_DH_GROUP_IKE19;
}
else if ((supported_dh_groups & PTS_DH_GROUP_IKE14) &&
(offered_dh_groups & PTS_DH_GROUP_IKE14))
{
- pts->set_dh_group(pts, PTS_DH_GROUP_IKE14);
+ selected_dh_group = PTS_DH_GROUP_IKE14;
}
else if ((supported_dh_groups & PTS_DH_GROUP_IKE5) &&
(offered_dh_groups & PTS_DH_GROUP_IKE5))
{
- pts->set_dh_group(pts, PTS_DH_GROUP_IKE5);
+ selected_dh_group = PTS_DH_GROUP_IKE5;
}
else if ((supported_dh_groups & PTS_DH_GROUP_IKE2) &&
(offered_dh_groups & PTS_DH_GROUP_IKE2))
{
- pts->set_dh_group(pts, PTS_DH_GROUP_IKE2);
+ selected_dh_group = PTS_DH_GROUP_IKE2;
}
else
{
break;
}
- /* Send DH Nonce Parameters Response attribute */
- selected_dh_group = pts->get_dh_group(pts);
+ /* Create own DH factor */
if (!pts->create_dh(pts, selected_dh_group))
{
goto err;
}
- pts->get_my_pub_val(pts, &responder_pub_val);
+ pts->get_my_public_value(pts, &responder_pub_val);
+ /* Send DH Nonce Parameters Response attribute */
attr = tcg_pts_attr_dh_nonce_params_resp_create(NONCE_LEN,
selected_dh_group, supported_algorithms,
chunk_create(responder_nonce, NONCE_LEN),
DBG3(DBG_IMC, "Initiator nonce: %B", &initiator_nonce);
DBG3(DBG_IMC, "Responder nonce: %B", &responder_non);
- pts->set_other_pub_val(pts, initiator_pub_val);
+ pts->set_peer_public_value(pts, initiator_pub_val);
if (!pts->calculate_secret(pts, initiator_nonce,
responder_non, selected_algorithm))
{
}
/**
- * Specify supported PTS Diffie Hellman Groups
+ * Specify supported PTS Diffie-Hellman groups
*
- * ike2: PTS_DH_GROUP_IKE2
- * ike5: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5
- * ike14: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14
- * ike19: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE19
- * ike20: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE19 | PTS_DH_GROUP_IKE20
+ * modp1024: PTS_DH_GROUP_IKE2
+ * modp1536: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5
+ * modp2048: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14
+ * ecp256: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 |
+ * PTS_DH_GROUP_IKE19
+ * ecp384: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 |
+ * PTS_DH_GROUP_IKE19 | PTS_DH_GROUP_IKE20
*
* we expect the PTS-IMC to select the strongest supported group
*/
dh_group = lib->settings->get_str(lib->settings,
- "libimcv.plugins.imv-attestation.dh_group", "ike19");
+ "libimcv.plugins.imv-attestation.dh_group", "ecp256");
if (!pts_update_supported_dh_groups(dh_group, &supported_dh_groups))
{
return TNC_RESULT_FATAL;
/* Send DH nonce finish attribute */
selected_algorithm = pts->get_meas_algorithm(pts);
- pts->get_my_pub_val(pts, &initiator_pub_val);
+ pts->get_my_public_value(pts, &initiator_pub_val);
attr = tcg_pts_attr_dh_nonce_finish_create(NONCE_LEN,
selected_algorithm,
{
return TNC_RESULT_FATAL;
}
- pts->set_other_pub_val(pts, responder_pub_val);
+ pts->set_peer_public_value(pts, responder_pub_val);
DBG3(DBG_IMV, "Initiator nonce: %B", &initiator_non);
DBG3(DBG_IMV, "Responder nonce: %B", &responder_nonce);
return TNC_RESULT_NOT_INITIALIZED;
}
return imv_attestation->bind_functions(imv_attestation, bind_function);
-}
\ No newline at end of file
+}
pts_meas_algorithms_t algorithm;
/**
- * PTS Diffie Hellman Group
- */
- pts_dh_group_t dh_group;
-
- /**
- * Contains a Diffie Hellman object
+ * PTS Diffie Hellman Secret
*/
diffie_hellman_t *dh;
}
}
-METHOD(pts_t, get_dh_group, pts_dh_group_t,
- private_pts_t *this)
-{
- return this->dh_group;
-}
-
-METHOD(pts_t, set_dh_group, void,
- private_pts_t *this, pts_dh_group_t group)
-{
- diffie_hellman_group_t dh_group;
-
- dh_group = pts_dh_group_to_strongswan_dh_group(group);
- DBG2(DBG_PTS, "selected PTS Diffie Hellman Group is %N",
- diffie_hellman_group_names, dh_group);
- if (dh_group != MODP_NONE)
- {
- this->dh_group = group;
- }
-}
-
METHOD(pts_t, create_dh, bool,
private_pts_t *this, pts_dh_group_t group)
{
if (dh_group != MODP_NONE)
{
this->dh = lib->crypto->create_dh(lib->crypto, dh_group);
+ DBG2(DBG_PTS, "selected PTS DH group is %N",
+ diffie_hellman_group_names, dh_group);
return TRUE;
}
- DBG1(DBG_PTS, "Unable to create Diffie Hellman object with group %N",
- diffie_hellman_group_names, dh_group);
+ DBG1(DBG_PTS, "unable to create DH group %N",
+ diffie_hellman_group_names, dh_group);
+
return FALSE;
}
-METHOD(pts_t, get_my_pub_val, void,
- private_pts_t *this, chunk_t *pub_value)
+METHOD(pts_t, get_my_public_value, void,
+ private_pts_t *this, chunk_t *value)
{
- this->dh->get_my_public_value(this->dh, pub_value);
- DBG3(DBG_PTS, "My Public value:%B", pub_value);
+ this->dh->get_my_public_value(this->dh, value);
}
-METHOD(pts_t, set_other_pub_val, void,
+METHOD(pts_t, set_peer_public_value, void,
private_pts_t *this, chunk_t value)
{
- DBG3(DBG_PTS, "Partner's Public value:%B", &value);
this->dh->set_other_public_value(this->dh, value);
}
if (this->dh->get_shared_secret(this->dh, &shared_secret) != SUCCESS)
{
- DBG1(DBG_PTS, "Shared secret couldn't be calculated");
+ DBG1(DBG_PTS, "shared secret couldn't be calculated");
hasher->destroy(hasher);
return FALSE;
}
* Truncate the output to 20 bytes to fit ExternalDate argument of TPM Quote
*/
this->secret = chunk_create(output, HASH_SIZE_SHA1);
- DBG3(DBG_PTS, "Secret assessment value: %B", &this->secret);
+ DBG3(DBG_PTS, "secret assessment value: %B", &this->secret);
chunk_free(&shared_secret);
hasher->destroy(hasher);
.set_proto_caps = _set_proto_caps,
.get_meas_algorithm = _get_meas_algorithm,
.set_meas_algorithm = _set_meas_algorithm,
- .get_dh_group = _get_dh_group,
- .set_dh_group = _set_dh_group,
.create_dh = _create_dh,
- .get_my_pub_val = _get_my_pub_val,
- .set_other_pub_val = _set_other_pub_val,
+ .get_my_public_value = _get_my_public_value,
+ .set_peer_public_value = _set_peer_public_value,
.calculate_secret = _calculate_secret,
.get_secret = _get_secret,
.get_platform_info = _get_platform_info,
},
.proto_caps = PTS_PROTO_CAPS_V,
.algorithm = PTS_MEAS_ALGO_SHA256,
- .dh_group = PTS_DH_GROUP_IKE19,
);
if (is_imc)
/**
* Get PTS Protocol Capabilities
*
- * @return protocol capabilities flags
+ * @return Protocol capabilities flags
*/
pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this);
/**
* Set PTS Protocol Capabilities
*
- * @param flags protocol capabilities flags
+ * @param flags Protocol capabilities flags
*/
void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags);
/**
* Get PTS Measurement Algorithm
*
- * @return measurement algorithm
+ * @return Measurement algorithm
*/
pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this);
/**
* Set PTS Measurement Algorithm
*
- * @param algorithm measurement algorithm
+ * @param algorithm Measurement algorithm
*/
void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm);
/**
- * Get PTS Diffie Hellman Group
+ * Set PTS Diffie-Hellman object
*
- * @return DH Group
- */
- pts_dh_group_t (*get_dh_group)(pts_t *this);
-
- /**
- * Set PTS Diffie Hellman Group
- *
- * @param dh_group DH Group
- */
- void (*set_dh_group)(pts_t *this, pts_dh_group_t dh_group);
-
- /**
- * Set PTS Diffie Hellman Object
- *
- * @param dh D-H object
+ * @param dh DH object
*/
bool (*create_dh)(pts_t *this, pts_dh_group_t group);
/**
- * Gets Own Diffie Hellman Public Value
+ * Get my Diffie-Hellman public value
*
- * @param info chunk to keep own public value
+ * @param value My public DH value
*/
- void (*get_my_pub_val)(pts_t *this, chunk_t *pub_value);
+ void (*get_my_public_value)(pts_t *this, chunk_t *value);
/**
- * Sets the public value of partner.
+ * Set peer Diffie.Hellman public value
*
- * @param value public value of partner
+ * @param value Peer public DH value
*/
- void (*set_other_pub_val) (pts_t *this, chunk_t value);
+ void (*set_peer_public_value) (pts_t *this, chunk_t value);
/**
* Calculates secret assessment value to be used for TPM Quote as an external data
*
- * @param initiator_nonce Initiator nonce (IMV nonce)
- * @param responder_nonce Responder nonce (IMC nonce)
- * @param algorithm Hashing algorithm
- * @return TRUE, FALSE if not both DH public values and
- * nonces are set
+ * @param initiator_nonce Initiator nonce (IMV nonce)
+ * @param responder_nonce Responder nonce (IMC nonce)
+ * @param algorithm Hashing algorithm
+ * @return TRUE unless both DH public values
+ * and nonces are set
*/
bool (*calculate_secret) (pts_t *this, chunk_t initiator_nonce,
- chunk_t responder_nonce, pts_meas_algorithms_t algorithm);
+ chunk_t responder_nonce,
+ pts_meas_algorithms_t algorithm);
/**
* Returns secret assessment value to be used for TPM Quote as an external data
*
- * @return Secret assessment value
+ * @return Secret assessment value
*/
chunk_t (*get_secret) (pts_t *this);
/**
* Get Platform and OS Info
*
- * @return platform and OS info
+ * @return Platform and OS info
*/
char* (*get_platform_info)(pts_t *this);
/**
* Set Platform and OS Info
*
- * @param info platform and OS info
+ * @param info Platform and OS info
*/
void (*set_platform_info)(pts_t *this, char *info);
/**
* Get TPM 1.2 Version Info
*
- * @param info chunk containing a TPM_CAP_VERSION_INFO struct
- * @return TRUE if TPM Version Info available
+ * @param info chunk containing a TPM_CAP_VERSION_INFO struct
+ * @return TRUE if TPM Version Info available
*/
bool (*get_tpm_version_info)(pts_t *this, chunk_t *info);
/**
* Set TPM 1.2 Version Info
*
- * @param info chunk containing a TPM_CAP_VERSION_INFO struct
+ * @param info chunk containing a TPM_CAP_VERSION_INFO struct
*/
void (*set_tpm_version_info)(pts_t *this, chunk_t info);
/**
* Get Attestation Identity Certificate or Public Key
*
- * @return AIK Certificate or Public Key
+ * @return AIK Certificate or Public Key
*/
certificate_t* (*get_aik)(pts_t *this);
/**
* Set Attestation Identity Certificate or Public Key
*
- * @param aik AIK Certificate or Public Key
+ * @param aik AIK Certificate or Public Key
*/
void (*set_aik)(pts_t *this, certificate_t *aik);
/**
* Check whether path is valid file/directory on filesystem
*
- * @param path Absolute path
- * @param error_code Output variable for PTS error code
- * @return TRUE if path is valid or file/directory doesn't exist
- * or path is invalid
- * FALSE if local error occurred within stat function
+ * @param path Absolute path
+ * @param error_code Output variable for PTS error code
+ * @return TRUE if path is valid or file/directory
+ * doesn't exist or path is invalid
+ * FALSE if local error occured within stat function
*/
bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code);
/**
* Compute a hash over a file
- * @param hasher Hasher to be used
- * @param pathname Absolute path of a file
- * @param hash Buffer to keep hash output
- * @return TRUE if path is valid and hashing succeeded, FALSE otherwise
+ * @param hasher Hasher to be used
+ * @param pathname Absolute path of a file
+ * @param hash Buffer to keep hash output
+ * @return TRUE if path is valid and hashing succeeded
*/
bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash);
/**
* Do PTS File Measurements
*
- * @param request_id ID of PTS File Measurement Request
- * @param pathname Absolute pathname of file to be measured
- * @param is_directory if TRUE directory contents are measured
- * @return PTS File Measurements of NULL if FAILED
+ * @param request_id ID of PTS File Measurement Request
+ * @param pathname Absolute pathname of file to be measured
+ * @param is_directory TRUE if directory contents are measured
+ * @return PTS File Measurements of NULL if FAILED
*/
pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id,
char *pathname, bool is_directory);
/**
* Obtain file metadata
*
- * @param pathname Absolute pathname of file/directory
- * @param is_directory if TRUE directory contents are requested
- * @return PTS File Metadata or NULL if FAILED
+ * @param pathname Absolute pathname of file/directory
+ * @param is_directory TRUE if directory contents are requested
+ * @return PTS File Metadata or NULL if FAILED
*/
pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_directory);
* Reads given PCR value and returns it
* Expects owner secret to be WELL_KNOWN_SECRET
*
- * @param pcr_num Number of PCR to read
- * @param pcr_value Chunk to save pcr read output
- * @return NULL in case of TSS error, PCR value otherwise
+ * @param pcr_num Number of PCR to read
+ * @param pcr_value Chunk to save pcr read output
+ * @return NULL in case of TSS error, PCR value otherwise
*/
bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value);
* Extends given PCR with given value
* Expects owner secret to be WELL_KNOWN_SECRET
*
- * @param pcr_num Number of PCR to extend
- * @param input Value to extend
- * @param output Chunk to save PCR value after extension
- * @return FALSE in case of TSS error, TRUE otherwise
+ * @param pcr_num Number of PCR to extend
+ * @param input Value to extend
+ * @param output Chunk to save PCR value after extension
+ * @return FALSE in case of TSS error, TRUE otherwise
*/
bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output);
* Quote over PCR's
* Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK
*
- * @param pcrs List of PCR's to make quotation over
- * @param pcr_composite Chunk to save pcr composite structure
- * @param quote_signature Chunk to save quote operation output
- * without external data (anti-replay protection)
- * @return FALSE in case of TSS error, TRUE otherwise
+ * @param pcrs List of PCR's to make quotation over
+ * @param pcr_composite Chunk to save pcr composite structure
+ * @param quote_signature Chunk to save quote operation output
+ * without external data (anti-replay protection)
+ * @return FALSE in case of TSS error, TRUE otherwise
*/
bool (*quote_tpm)(pts_t *this, linked_list_t *pcrs,
chunk_t *pcr_composite, chunk_t *quote_signature);
*/
pts_t* pts_create(bool is_imc);
-#endif /** PTS_H_ @}*/
\ No newline at end of file
+#endif /** PTS_H_ @}*/
enumerator_t *enumerator;
diffie_hellman_group_t dh_group;
const char *plugin_name;
- char format1[] = " %s PTS Diffie Hellman Group %N[%s] available";
- char format2[] = " %s PTS Diffie Hellman Group %N not available";
+ char format1[] = " %s PTS DH group %N[%s] available";
+ char format2[] = " %s PTS DH group %N not available";
*groups = 0;
if (dh_group == MODP_1024_BIT)
{
*groups |= PTS_DH_GROUP_IKE2;
- DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group,
+ DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names, dh_group,
plugin_name);
}
else if (dh_group == MODP_1536_BIT)
{
*groups |= PTS_DH_GROUP_IKE5;
- DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group,
- plugin_name);
+ DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
+ dh_group, plugin_name);
}
else if (dh_group == MODP_2048_BIT)
{
*groups |= PTS_DH_GROUP_IKE14;
- DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group,
- plugin_name);
+ DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
+ dh_group, plugin_name);
}
else if (dh_group == ECP_256_BIT)
{
*groups |= PTS_DH_GROUP_IKE19;
- DBG2(DBG_PTS, format1, "mandatory", diffie_hellman_group_names, dh_group,
- plugin_name);
+ DBG2(DBG_PTS, format1, "mandatory", diffie_hellman_group_names,
+ dh_group, plugin_name);
}
else if (dh_group == ECP_384_BIT)
{
*groups |= PTS_DH_GROUP_IKE20;
- DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group,
- plugin_name);
+ DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names,
+ dh_group, plugin_name);
}
}
enumerator->destroy(enumerator);
}
else
{
- DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names, ECP_256_BIT);
+ DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
+ ECP_256_BIT);
}
return FALSE;
*/
bool pts_update_supported_dh_groups(char *dh_group, pts_dh_group_t *groups)
{
- if (strcaseeq(dh_group, "ike20"))
+ if (strcaseeq(dh_group, "ecp384"))
{
/* nothing to update, all groups are supported */
return TRUE;
}
- else if (strcaseeq(dh_group, "ike19"))
+ else if (strcaseeq(dh_group, "ecp256"))
{
- /* remove DH Group 20 */
- *groups = ~PTS_DH_GROUP_IKE20;
+ /* remove DH group 20 */
+ *groups &= ~PTS_DH_GROUP_IKE20;
return TRUE;
}
- else if (strcaseeq(dh_group, "ike14"))
+ else if (strcaseeq(dh_group, "modp2048"))
{
- /* remove DH Group 19 and 20 */
- *groups = ~PTS_DH_GROUP_IKE20 & ~PTS_DH_GROUP_IKE19;
+ /* remove DH groups 19 and 20 */
+ *groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19);
return TRUE;
}
- else if (strcaseeq(dh_group, "ike5"))
+ else if (strcaseeq(dh_group, "modp1536"))
{
- /* remove DH Group 14, 19 and 20 */
- *groups = ~PTS_DH_GROUP_IKE20 & ~PTS_DH_GROUP_IKE19
- & ~PTS_DH_GROUP_IKE14;
+ /* remove DH groups 14, 19 and 20 */
+ *groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
+ PTS_DH_GROUP_IKE14);
return TRUE;
}
- else if (strcaseeq(dh_group, "ike2"))
+ else if (strcaseeq(dh_group, "modp1024"))
{
- /* remove DH Group 5, 14, 19 and 20 */
- *groups = ~PTS_DH_GROUP_IKE20 & ~PTS_DH_GROUP_IKE19 &
- ~PTS_DH_GROUP_IKE14 & ~PTS_DH_GROUP_IKE5;
+ /* remove DH groups 5, 14, 19 and 20 */
+ *groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 |
+ PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE5);
return TRUE;
}
- DBG1(DBG_PTS, "Unknown DH Group: %s configured");
+ DBG1(DBG_PTS, "unknown DH group: %s configured", dh_group);
return FALSE;
}
projects / thirdparty / strongswan.git / commitdiff
