From: Andreas Steffen Date: Fri, 7 Oct 2011 18:28:29 +0000 (+0200) Subject: fixed setting of PTS DH group X-Git-Tag: 4.6.2~340 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=02855188efa1bfef9ee28787745a717c6a243df7;p=thirdparty%2Fstrongswan.git fixed setting of PTS DH group --- diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c index 0ed43e8ed9..9639c263ba 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c @@ -374,27 +374,27 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, if ((supported_dh_groups & PTS_DH_GROUP_IKE20) && (offered_dh_groups & PTS_DH_GROUP_IKE20)) { - pts->set_dh_group(pts, PTS_DH_GROUP_IKE20); + selected_dh_group = PTS_DH_GROUP_IKE20; } else if ((supported_dh_groups & PTS_DH_GROUP_IKE19) && (offered_dh_groups & PTS_DH_GROUP_IKE19)) { - pts->set_dh_group(pts, PTS_DH_GROUP_IKE19); + selected_dh_group = PTS_DH_GROUP_IKE19; } else if ((supported_dh_groups & PTS_DH_GROUP_IKE14) && (offered_dh_groups & PTS_DH_GROUP_IKE14)) { - pts->set_dh_group(pts, PTS_DH_GROUP_IKE14); + selected_dh_group = PTS_DH_GROUP_IKE14; } else if ((supported_dh_groups & PTS_DH_GROUP_IKE5) && (offered_dh_groups & PTS_DH_GROUP_IKE5)) { - pts->set_dh_group(pts, PTS_DH_GROUP_IKE5); + selected_dh_group = PTS_DH_GROUP_IKE5; } else if ((supported_dh_groups & PTS_DH_GROUP_IKE2) && (offered_dh_groups & PTS_DH_GROUP_IKE2)) { - pts->set_dh_group(pts, PTS_DH_GROUP_IKE2); + selected_dh_group = PTS_DH_GROUP_IKE2; } else { @@ -405,14 +405,14 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, break; } - /* Send DH Nonce Parameters Response attribute */ - selected_dh_group = pts->get_dh_group(pts); + /* Create own DH factor */ if (!pts->create_dh(pts, selected_dh_group)) { goto err; } - pts->get_my_pub_val(pts, &responder_pub_val); + pts->get_my_public_value(pts, &responder_pub_val); + /* Send DH Nonce Parameters Response attribute */ attr = tcg_pts_attr_dh_nonce_params_resp_create(NONCE_LEN, selected_dh_group, supported_algorithms, chunk_create(responder_nonce, NONCE_LEN), @@ -446,7 +446,7 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, DBG3(DBG_IMC, "Initiator nonce: %B", &initiator_nonce); DBG3(DBG_IMC, "Responder nonce: %B", &responder_non); - pts->set_other_pub_val(pts, initiator_pub_val); + pts->set_peer_public_value(pts, initiator_pub_val); if (!pts->calculate_secret(pts, initiator_nonce, responder_non, selected_algorithm)) { diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation.c b/src/libimcv/plugins/imv_attestation/imv_attestation.c index 719f849c87..3afa795e6e 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation.c @@ -169,18 +169,20 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id, } /** - * Specify supported PTS Diffie Hellman Groups + * Specify supported PTS Diffie-Hellman groups * - * ike2: PTS_DH_GROUP_IKE2 - * ike5: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 - * ike14: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 - * ike19: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE19 - * ike20: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE19 | PTS_DH_GROUP_IKE20 + * modp1024: PTS_DH_GROUP_IKE2 + * modp1536: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 + * modp2048: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 + * ecp256: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 | + * PTS_DH_GROUP_IKE19 + * ecp384: PTS_DH_GROUP_IKE2 | PTS_DH_GROUP_IKE5 | PTS_DH_GROUP_IKE14 | + * PTS_DH_GROUP_IKE19 | PTS_DH_GROUP_IKE20 * * we expect the PTS-IMC to select the strongest supported group */ dh_group = lib->settings->get_str(lib->settings, - "libimcv.plugins.imv-attestation.dh_group", "ike19"); + "libimcv.plugins.imv-attestation.dh_group", "ecp256"); if (!pts_update_supported_dh_groups(dh_group, &supported_dh_groups)) { return TNC_RESULT_FATAL; @@ -315,7 +317,7 @@ static TNC_Result send_message(TNC_ConnectionID connection_id) /* Send DH nonce finish attribute */ selected_algorithm = pts->get_meas_algorithm(pts); - pts->get_my_pub_val(pts, &initiator_pub_val); + pts->get_my_public_value(pts, &initiator_pub_val); attr = tcg_pts_attr_dh_nonce_finish_create(NONCE_LEN, selected_algorithm, @@ -607,7 +609,7 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, { return TNC_RESULT_FATAL; } - pts->set_other_pub_val(pts, responder_pub_val); + pts->set_peer_public_value(pts, responder_pub_val); DBG3(DBG_IMV, "Initiator nonce: %B", &initiator_non); DBG3(DBG_IMV, "Responder nonce: %B", &responder_nonce); @@ -1030,4 +1032,4 @@ TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id, return TNC_RESULT_NOT_INITIALIZED; } return imv_attestation->bind_functions(imv_attestation, bind_function); -} \ No newline at end of file +} diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index 98d5d27ce3..76b8ab4845 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -51,12 +51,7 @@ struct private_pts_t { pts_meas_algorithms_t algorithm; /** - * PTS Diffie Hellman Group - */ - pts_dh_group_t dh_group; - - /** - * Contains a Diffie Hellman object + * PTS Diffie Hellman Secret */ diffie_hellman_t *dh; @@ -125,26 +120,6 @@ METHOD(pts_t, set_meas_algorithm, void, } } -METHOD(pts_t, get_dh_group, pts_dh_group_t, - private_pts_t *this) -{ - return this->dh_group; -} - -METHOD(pts_t, set_dh_group, void, - private_pts_t *this, pts_dh_group_t group) -{ - diffie_hellman_group_t dh_group; - - dh_group = pts_dh_group_to_strongswan_dh_group(group); - DBG2(DBG_PTS, "selected PTS Diffie Hellman Group is %N", - diffie_hellman_group_names, dh_group); - if (dh_group != MODP_NONE) - { - this->dh_group = group; - } -} - METHOD(pts_t, create_dh, bool, private_pts_t *this, pts_dh_group_t group) { @@ -154,24 +129,25 @@ METHOD(pts_t, create_dh, bool, if (dh_group != MODP_NONE) { this->dh = lib->crypto->create_dh(lib->crypto, dh_group); + DBG2(DBG_PTS, "selected PTS DH group is %N", + diffie_hellman_group_names, dh_group); return TRUE; } - DBG1(DBG_PTS, "Unable to create Diffie Hellman object with group %N", - diffie_hellman_group_names, dh_group); + DBG1(DBG_PTS, "unable to create DH group %N", + diffie_hellman_group_names, dh_group); + return FALSE; } -METHOD(pts_t, get_my_pub_val, void, - private_pts_t *this, chunk_t *pub_value) +METHOD(pts_t, get_my_public_value, void, + private_pts_t *this, chunk_t *value) { - this->dh->get_my_public_value(this->dh, pub_value); - DBG3(DBG_PTS, "My Public value:%B", pub_value); + this->dh->get_my_public_value(this->dh, value); } -METHOD(pts_t, set_other_pub_val, void, +METHOD(pts_t, set_peer_public_value, void, private_pts_t *this, chunk_t value) { - DBG3(DBG_PTS, "Partner's Public value:%B", &value); this->dh->set_other_public_value(this->dh, value); } @@ -195,7 +171,7 @@ METHOD(pts_t, calculate_secret, bool, if (this->dh->get_shared_secret(this->dh, &shared_secret) != SUCCESS) { - DBG1(DBG_PTS, "Shared secret couldn't be calculated"); + DBG1(DBG_PTS, "shared secret couldn't be calculated"); hasher->destroy(hasher); return FALSE; } @@ -210,7 +186,7 @@ METHOD(pts_t, calculate_secret, bool, * Truncate the output to 20 bytes to fit ExternalDate argument of TPM Quote */ this->secret = chunk_create(output, HASH_SIZE_SHA1); - DBG3(DBG_PTS, "Secret assessment value: %B", &this->secret); + DBG3(DBG_PTS, "secret assessment value: %B", &this->secret); chunk_free(&shared_secret); hasher->destroy(hasher); @@ -1080,11 +1056,9 @@ pts_t *pts_create(bool is_imc) .set_proto_caps = _set_proto_caps, .get_meas_algorithm = _get_meas_algorithm, .set_meas_algorithm = _set_meas_algorithm, - .get_dh_group = _get_dh_group, - .set_dh_group = _set_dh_group, .create_dh = _create_dh, - .get_my_pub_val = _get_my_pub_val, - .set_other_pub_val = _set_other_pub_val, + .get_my_public_value = _get_my_public_value, + .set_peer_public_value = _set_peer_public_value, .calculate_secret = _calculate_secret, .get_secret = _get_secret, .get_platform_info = _get_platform_info, @@ -1104,7 +1078,6 @@ pts_t *pts_create(bool is_imc) }, .proto_caps = PTS_PROTO_CAPS_V, .algorithm = PTS_MEAS_ALGO_SHA256, - .dh_group = PTS_DH_GROUP_IKE19, ); if (is_imc) diff --git a/src/libpts/pts/pts.h b/src/libpts/pts/pts.h index d0c03ee1dc..3f6a45653a 100644 --- a/src/libpts/pts/pts.h +++ b/src/libpts/pts/pts.h @@ -68,155 +68,142 @@ struct pts_t { /** * Get PTS Protocol Capabilities * - * @return protocol capabilities flags + * @return Protocol capabilities flags */ pts_proto_caps_flag_t (*get_proto_caps)(pts_t *this); /** * Set PTS Protocol Capabilities * - * @param flags protocol capabilities flags + * @param flags Protocol capabilities flags */ void (*set_proto_caps)(pts_t *this, pts_proto_caps_flag_t flags); /** * Get PTS Measurement Algorithm * - * @return measurement algorithm + * @return Measurement algorithm */ pts_meas_algorithms_t (*get_meas_algorithm)(pts_t *this); /** * Set PTS Measurement Algorithm * - * @param algorithm measurement algorithm + * @param algorithm Measurement algorithm */ void (*set_meas_algorithm)(pts_t *this, pts_meas_algorithms_t algorithm); /** - * Get PTS Diffie Hellman Group + * Set PTS Diffie-Hellman object * - * @return DH Group - */ - pts_dh_group_t (*get_dh_group)(pts_t *this); - - /** - * Set PTS Diffie Hellman Group - * - * @param dh_group DH Group - */ - void (*set_dh_group)(pts_t *this, pts_dh_group_t dh_group); - - /** - * Set PTS Diffie Hellman Object - * - * @param dh D-H object + * @param dh DH object */ bool (*create_dh)(pts_t *this, pts_dh_group_t group); /** - * Gets Own Diffie Hellman Public Value + * Get my Diffie-Hellman public value * - * @param info chunk to keep own public value + * @param value My public DH value */ - void (*get_my_pub_val)(pts_t *this, chunk_t *pub_value); + void (*get_my_public_value)(pts_t *this, chunk_t *value); /** - * Sets the public value of partner. + * Set peer Diffie.Hellman public value * - * @param value public value of partner + * @param value Peer public DH value */ - void (*set_other_pub_val) (pts_t *this, chunk_t value); + void (*set_peer_public_value) (pts_t *this, chunk_t value); /** * Calculates secret assessment value to be used for TPM Quote as an external data * - * @param initiator_nonce Initiator nonce (IMV nonce) - * @param responder_nonce Responder nonce (IMC nonce) - * @param algorithm Hashing algorithm - * @return TRUE, FALSE if not both DH public values and - * nonces are set + * @param initiator_nonce Initiator nonce (IMV nonce) + * @param responder_nonce Responder nonce (IMC nonce) + * @param algorithm Hashing algorithm + * @return TRUE unless both DH public values + * and nonces are set */ bool (*calculate_secret) (pts_t *this, chunk_t initiator_nonce, - chunk_t responder_nonce, pts_meas_algorithms_t algorithm); + chunk_t responder_nonce, + pts_meas_algorithms_t algorithm); /** * Returns secret assessment value to be used for TPM Quote as an external data * - * @return Secret assessment value + * @return Secret assessment value */ chunk_t (*get_secret) (pts_t *this); /** * Get Platform and OS Info * - * @return platform and OS info + * @return Platform and OS info */ char* (*get_platform_info)(pts_t *this); /** * Set Platform and OS Info * - * @param info platform and OS info + * @param info Platform and OS info */ void (*set_platform_info)(pts_t *this, char *info); /** * Get TPM 1.2 Version Info * - * @param info chunk containing a TPM_CAP_VERSION_INFO struct - * @return TRUE if TPM Version Info available + * @param info chunk containing a TPM_CAP_VERSION_INFO struct + * @return TRUE if TPM Version Info available */ bool (*get_tpm_version_info)(pts_t *this, chunk_t *info); /** * Set TPM 1.2 Version Info * - * @param info chunk containing a TPM_CAP_VERSION_INFO struct + * @param info chunk containing a TPM_CAP_VERSION_INFO struct */ void (*set_tpm_version_info)(pts_t *this, chunk_t info); /** * Get Attestation Identity Certificate or Public Key * - * @return AIK Certificate or Public Key + * @return AIK Certificate or Public Key */ certificate_t* (*get_aik)(pts_t *this); /** * Set Attestation Identity Certificate or Public Key * - * @param aik AIK Certificate or Public Key + * @param aik AIK Certificate or Public Key */ void (*set_aik)(pts_t *this, certificate_t *aik); /** * Check whether path is valid file/directory on filesystem * - * @param path Absolute path - * @param error_code Output variable for PTS error code - * @return TRUE if path is valid or file/directory doesn't exist - * or path is invalid - * FALSE if local error occurred within stat function + * @param path Absolute path + * @param error_code Output variable for PTS error code + * @return TRUE if path is valid or file/directory + * doesn't exist or path is invalid + * FALSE if local error occured within stat function */ bool (*is_path_valid)(pts_t *this, char *path, pts_error_code_t *error_code); /** * Compute a hash over a file - * @param hasher Hasher to be used - * @param pathname Absolute path of a file - * @param hash Buffer to keep hash output - * @return TRUE if path is valid and hashing succeeded, FALSE otherwise + * @param hasher Hasher to be used + * @param pathname Absolute path of a file + * @param hash Buffer to keep hash output + * @return TRUE if path is valid and hashing succeeded */ bool (*hash_file)(pts_t *this, hasher_t *hasher, char *pathname, u_char *hash); /** * Do PTS File Measurements * - * @param request_id ID of PTS File Measurement Request - * @param pathname Absolute pathname of file to be measured - * @param is_directory if TRUE directory contents are measured - * @return PTS File Measurements of NULL if FAILED + * @param request_id ID of PTS File Measurement Request + * @param pathname Absolute pathname of file to be measured + * @param is_directory TRUE if directory contents are measured + * @return PTS File Measurements of NULL if FAILED */ pts_file_meas_t* (*do_measurements)(pts_t *this, u_int16_t request_id, char *pathname, bool is_directory); @@ -224,9 +211,9 @@ struct pts_t { /** * Obtain file metadata * - * @param pathname Absolute pathname of file/directory - * @param is_directory if TRUE directory contents are requested - * @return PTS File Metadata or NULL if FAILED + * @param pathname Absolute pathname of file/directory + * @param is_directory TRUE if directory contents are requested + * @return PTS File Metadata or NULL if FAILED */ pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_directory); @@ -234,9 +221,9 @@ struct pts_t { * Reads given PCR value and returns it * Expects owner secret to be WELL_KNOWN_SECRET * - * @param pcr_num Number of PCR to read - * @param pcr_value Chunk to save pcr read output - * @return NULL in case of TSS error, PCR value otherwise + * @param pcr_num Number of PCR to read + * @param pcr_value Chunk to save pcr read output + * @return NULL in case of TSS error, PCR value otherwise */ bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value); @@ -244,10 +231,10 @@ struct pts_t { * Extends given PCR with given value * Expects owner secret to be WELL_KNOWN_SECRET * - * @param pcr_num Number of PCR to extend - * @param input Value to extend - * @param output Chunk to save PCR value after extension - * @return FALSE in case of TSS error, TRUE otherwise + * @param pcr_num Number of PCR to extend + * @param input Value to extend + * @param output Chunk to save PCR value after extension + * @return FALSE in case of TSS error, TRUE otherwise */ bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output); @@ -255,11 +242,11 @@ struct pts_t { * Quote over PCR's * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK * - * @param pcrs List of PCR's to make quotation over - * @param pcr_composite Chunk to save pcr composite structure - * @param quote_signature Chunk to save quote operation output - * without external data (anti-replay protection) - * @return FALSE in case of TSS error, TRUE otherwise + * @param pcrs List of PCR's to make quotation over + * @param pcr_composite Chunk to save pcr composite structure + * @param quote_signature Chunk to save quote operation output + * without external data (anti-replay protection) + * @return FALSE in case of TSS error, TRUE otherwise */ bool (*quote_tpm)(pts_t *this, linked_list_t *pcrs, chunk_t *pcr_composite, chunk_t *quote_signature); @@ -278,4 +265,4 @@ struct pts_t { */ pts_t* pts_create(bool is_imc); -#endif /** PTS_H_ @}*/ \ No newline at end of file +#endif /** PTS_H_ @}*/ diff --git a/src/libpts/pts/pts_dh_group.c b/src/libpts/pts/pts_dh_group.c index 0e22dfe34e..c3b7063bb9 100644 --- a/src/libpts/pts/pts_dh_group.c +++ b/src/libpts/pts/pts_dh_group.c @@ -25,8 +25,8 @@ bool pts_probe_dh_groups(pts_dh_group_t *groups) enumerator_t *enumerator; diffie_hellman_group_t dh_group; const char *plugin_name; - char format1[] = " %s PTS Diffie Hellman Group %N[%s] available"; - char format2[] = " %s PTS Diffie Hellman Group %N not available"; + char format1[] = " %s PTS DH group %N[%s] available"; + char format2[] = " %s PTS DH group %N not available"; *groups = 0; @@ -36,32 +36,32 @@ bool pts_probe_dh_groups(pts_dh_group_t *groups) if (dh_group == MODP_1024_BIT) { *groups |= PTS_DH_GROUP_IKE2; - DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group, + DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names, dh_group, plugin_name); } else if (dh_group == MODP_1536_BIT) { *groups |= PTS_DH_GROUP_IKE5; - DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group, - plugin_name); + DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names, + dh_group, plugin_name); } else if (dh_group == MODP_2048_BIT) { *groups |= PTS_DH_GROUP_IKE14; - DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group, - plugin_name); + DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names, + dh_group, plugin_name); } else if (dh_group == ECP_256_BIT) { *groups |= PTS_DH_GROUP_IKE19; - DBG2(DBG_PTS, format1, "mandatory", diffie_hellman_group_names, dh_group, - plugin_name); + DBG2(DBG_PTS, format1, "mandatory", diffie_hellman_group_names, + dh_group, plugin_name); } else if (dh_group == ECP_384_BIT) { *groups |= PTS_DH_GROUP_IKE20; - DBG2(DBG_PTS, format1, "optional", diffie_hellman_group_names, dh_group, - plugin_name); + DBG2(DBG_PTS, format1, "optional ", diffie_hellman_group_names, + dh_group, plugin_name); } } enumerator->destroy(enumerator); @@ -72,7 +72,8 @@ bool pts_probe_dh_groups(pts_dh_group_t *groups) } else { - DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names, ECP_256_BIT); + DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names, + ECP_256_BIT); } return FALSE; @@ -83,39 +84,39 @@ bool pts_probe_dh_groups(pts_dh_group_t *groups) */ bool pts_update_supported_dh_groups(char *dh_group, pts_dh_group_t *groups) { - if (strcaseeq(dh_group, "ike20")) + if (strcaseeq(dh_group, "ecp384")) { /* nothing to update, all groups are supported */ return TRUE; } - else if (strcaseeq(dh_group, "ike19")) + else if (strcaseeq(dh_group, "ecp256")) { - /* remove DH Group 20 */ - *groups = ~PTS_DH_GROUP_IKE20; + /* remove DH group 20 */ + *groups &= ~PTS_DH_GROUP_IKE20; return TRUE; } - else if (strcaseeq(dh_group, "ike14")) + else if (strcaseeq(dh_group, "modp2048")) { - /* remove DH Group 19 and 20 */ - *groups = ~PTS_DH_GROUP_IKE20 & ~PTS_DH_GROUP_IKE19; + /* remove DH groups 19 and 20 */ + *groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19); return TRUE; } - else if (strcaseeq(dh_group, "ike5")) + else if (strcaseeq(dh_group, "modp1536")) { - /* remove DH Group 14, 19 and 20 */ - *groups = ~PTS_DH_GROUP_IKE20 & ~PTS_DH_GROUP_IKE19 - & ~PTS_DH_GROUP_IKE14; + /* remove DH groups 14, 19 and 20 */ + *groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 | + PTS_DH_GROUP_IKE14); return TRUE; } - else if (strcaseeq(dh_group, "ike2")) + else if (strcaseeq(dh_group, "modp1024")) { - /* remove DH Group 5, 14, 19 and 20 */ - *groups = ~PTS_DH_GROUP_IKE20 & ~PTS_DH_GROUP_IKE19 & - ~PTS_DH_GROUP_IKE14 & ~PTS_DH_GROUP_IKE5; + /* remove DH groups 5, 14, 19 and 20 */ + *groups &= ~(PTS_DH_GROUP_IKE20 | PTS_DH_GROUP_IKE19 | + PTS_DH_GROUP_IKE14 | PTS_DH_GROUP_IKE5); return TRUE; } - DBG1(DBG_PTS, "Unknown DH Group: %s configured"); + DBG1(DBG_PTS, "unknown DH group: %s configured", dh_group); return FALSE; }