From: Andreas Steffen Date: Sat, 8 Oct 2011 13:12:37 +0000 (+0200) Subject: normalized and extended pts_meas_algo functions X-Git-Tag: 4.6.2~335 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=111ad5cc39d60799519bedccb969e26d37c1bf36;p=thirdparty%2Fstrongswan.git normalized and extended pts_meas_algo functions --- diff --git a/src/libpts/pts/pts_meas_algo.c b/src/libpts/pts/pts_meas_algo.c index 260c844d8b..040643d929 100644 --- a/src/libpts/pts/pts_meas_algo.c +++ b/src/libpts/pts/pts_meas_algo.c @@ -20,7 +20,7 @@ /** * Described in header. */ -bool pts_meas_probe_algorithms(pts_meas_algorithms_t *algorithms) +bool pts_meas_algo_probe(pts_meas_algorithms_t *algorithms) { enumerator_t *enumerator; hash_algorithm_t hash_alg; @@ -77,7 +77,57 @@ bool pts_meas_probe_algorithms(pts_meas_algorithms_t *algorithms) /** * Described in header. */ -hash_algorithm_t pts_meas_to_hash_algorithm(pts_meas_algorithms_t algorithm) +bool pts_meas_algo_update(char *hash_alg, pts_meas_algorithms_t *algorithms) +{ + if (strcaseeq(hash_alg, "sha384") || strcaseeq(hash_alg, "sha2_384")) + { + /* nothing to update, all algorithms are supported */ + return TRUE; + } + if (strcaseeq(hash_alg, "sha256") || strcaseeq(hash_alg, "sha2_256")) + { + /* remove SHA384algorithm */ + *algorithms &= ~PTS_MEAS_ALGO_SHA384; + return TRUE; + } + if (strcaseeq(hash_alg, "sha1")) + { + /* remove SHA384 and SHA256 algorithms */ + *algorithms &= ~(PTS_MEAS_ALGO_SHA384 | PTS_MEAS_ALGO_SHA256); + return TRUE; + } + DBG1(DBG_PTS, "unknown hash algorithm: %s configured", hash_alg); + return FALSE; +} + +/** + * Described in header. + */ +pts_meas_algorithms_t pts_meas_algo_select(pts_meas_algorithms_t supported_algos, + pts_meas_algorithms_t offered_algos) +{ + if ((supported_algos & PTS_MEAS_ALGO_SHA384) && + (offered_algos & PTS_MEAS_ALGO_SHA384)) + { + return PTS_MEAS_ALGO_SHA384; + } + if ((supported_algos & PTS_MEAS_ALGO_SHA256) && + (offered_algos & PTS_MEAS_ALGO_SHA256)) + { + return PTS_MEAS_ALGO_SHA256; + } + if ((supported_algos & PTS_MEAS_ALGO_SHA1) && + (offered_algos & PTS_MEAS_ALGO_SHA1)) + { + return PTS_MEAS_ALGO_SHA1; + } + return PTS_MEAS_ALGO_NONE; +} + +/** + * Described in header. + */ +hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm) { switch (algorithm) { diff --git a/src/libpts/pts/pts_meas_algo.h b/src/libpts/pts/pts_meas_algo.h index 6aa0ce6953..5935617de2 100644 --- a/src/libpts/pts/pts_meas_algo.h +++ b/src/libpts/pts/pts_meas_algo.h @@ -30,9 +30,10 @@ typedef enum pts_meas_algorithms_t pts_meas_algorithms_t; * PTS Measurement Algorithms */ enum pts_meas_algorithms_t { - PTS_MEAS_ALGO_SHA1 = (1<<15), - PTS_MEAS_ALGO_SHA256 = (1<<14), - PTS_MEAS_ALGO_SHA384 = (1<<13), + PTS_MEAS_ALGO_NONE = 0, + PTS_MEAS_ALGO_SHA1 = (1<<15), + PTS_MEAS_ALGO_SHA256 = (1<<14), + PTS_MEAS_ALGO_SHA384 = (1<<13), }; /** @@ -53,7 +54,26 @@ enum pts_meas_algorithms_t { * @param algorithms set of available algorithms * @return TRUE if mandatory algorithms are available */ -bool pts_meas_probe_algorithms(pts_meas_algorithms_t *algorithms); +bool pts_meas_algo_probe(pts_meas_algorithms_t *algorithms); + +/** + * Update supported PTS measurement algorithms according to configuration + * + * @param hash_alg configured hash algorithm + * @param algorithms returns set of available PTS measurement algorithms + */ +bool pts_meas_algo_update(char *hash_alg, pts_meas_algorithms_t *algorithms); + +/** + * Select the strongest PTS measurement algorithm + * among a set of offered PTS measurement algorithms + * + * @param supported_algos set of supported PTS measurement algorithms + * @param offered_algos set of offered PTS measurements algorithms + * @return selected algorithm + */ +pts_meas_algorithms_t pts_meas_algo_select(pts_meas_algorithms_t supported_algos, + pts_meas_algorithms_t offered_algos); /** * Convert pts_meas_algorithms_t to hash_algorithm_t @@ -61,6 +81,6 @@ bool pts_meas_probe_algorithms(pts_meas_algorithms_t *algorithms); * @param algorithm PTS measurement algorithm type * @return libstrongswan hash algorithm type */ -hash_algorithm_t pts_meas_to_hash_algorithm(pts_meas_algorithms_t algorithm); +hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm); #endif /** PTS_MEAS_ALGO_H_ @}*/