implemented PB-TNC message parsing checks
[strongswan.git] / src / libcharon / plugins / tnccs_20 / batch / pb_tnc_batch.c
1 /*
2 * Copyright (C) 2010 Sansar Choinyanbuu
3 * Copyright (C) 2010 Andreas Steffen
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "pb_tnc_batch.h"
18 #include "messages/pb_error_msg.h"
19 #include "state_machine/pb_tnc_state_machine.h"
20
21 #include <debug.h>
22 #include <utils/linked_list.h>
23 #include <tls_writer.h>
24 #include <tls_reader.h>
25 #include <tnc/tnccs/tnccs.h>
26
27 ENUM(pb_tnc_batch_type_names, PB_BATCH_CDATA, PB_BATCH_CLOSE,
28 "CDATA",
29 "SDATA",
30 "RESULT",
31 "CRETRY",
32 "SRETRY",
33 "CLOSE"
34 );
35
36 typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t;
37
38 /**
39 * PB-Batch Header (see section 4.1 of RFC 5793)
40 *
41 * 0 1 2 3
42 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
43 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
44 * | Version |D| Reserved | B-Type|
45 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
46 * | Batch Length |
47 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
48 */
49
50 #define PB_TNC_BATCH_FLAG_NONE 0x00
51 #define PB_TNC_BATCH_FLAG_D (1<<7)
52 #define PB_TNC_BATCH_HEADER_SIZE 8
53
54 /**
55 * PB-TNC Message (see section 4.2 of RFC 5793)
56 *
57 * 0 1 2 3
58 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60 * | Flags | PB-TNC Vendor ID |
61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
62 * | PB-TNC Message Type |
63 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
64 * | PB-TNC Message Length |
65 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
66 * | PB-TNC Message Value (Variable Length) |
67 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
68 */
69
70 #define PB_TNC_FLAG_NONE 0x00
71 #define PB_TNC_FLAG_NOSKIP (1<<7)
72 #define PB_TNC_HEADER_SIZE 12
73
74 #define PB_TNC_RESERVED_MSG_TYPE 0xffffffff
75
76 /**
77 * Private data of a pb_tnc_batch_t object.
78 *
79 */
80 struct private_pb_tnc_batch_t {
81 /**
82 * Public pb_pa_msg_t interface.
83 */
84 pb_tnc_batch_t public;
85
86 /**
87 * TNCC if TRUE, TNCS if FALSE
88 */
89 bool is_server;
90
91 /**
92 * PB-TNC Batch type
93 */
94 pb_tnc_batch_type_t type;
95
96 /**
97 * linked list of PB-TNC messages
98 */
99 linked_list_t *messages;
100
101 /**
102 * linked list of PB-TNC error messages
103 */
104 linked_list_t *errors;
105
106 /**
107 * Encoded message
108 */
109 chunk_t encoding;
110
111 /**
112 * Offset into encoding (used for error reporting)
113 */
114 u_int32_t offset;
115 };
116
117 METHOD(pb_tnc_batch_t, get_type, pb_tnc_batch_type_t,
118 private_pb_tnc_batch_t *this)
119 {
120 return this->type;
121 }
122
123 METHOD(pb_tnc_batch_t, get_encoding, chunk_t,
124 private_pb_tnc_batch_t *this)
125 {
126 return this->encoding;
127 }
128
129 METHOD(pb_tnc_batch_t, add_msg, void,
130 private_pb_tnc_batch_t *this, pb_tnc_msg_t* msg)
131 {
132 DBG2(DBG_TNC, "adding %N Message", pb_tnc_msg_type_names,
133 msg->get_type(msg));
134 this->messages->insert_last(this->messages, msg);
135 }
136
137 METHOD(pb_tnc_batch_t, build, void,
138 private_pb_tnc_batch_t *this)
139 {
140 u_int32_t batch_len, msg_len;
141 chunk_t msg_value;
142 enumerator_t *enumerator;
143 pb_tnc_msg_type_t msg_type;
144 pb_tnc_msg_t *msg;
145 tls_writer_t *writer;
146
147 /* compute total PB-TNC batch size by summing over all messages */
148 batch_len = PB_TNC_BATCH_HEADER_SIZE;
149 enumerator = this->messages->create_enumerator(this->messages);
150 while (enumerator->enumerate(enumerator, &msg))
151 {
152 msg->build(msg);
153 msg_value = msg->get_encoding(msg);
154 batch_len += PB_TNC_HEADER_SIZE + msg_value.len;
155 }
156 enumerator->destroy(enumerator);
157
158 /* build PB-TNC batch header */
159 writer = tls_writer_create(batch_len);
160 writer->write_uint8 (writer, PB_TNC_VERSION);
161 writer->write_uint8 (writer, this->is_server ?
162 PB_TNC_BATCH_FLAG_D : PB_TNC_BATCH_FLAG_NONE);
163 writer->write_uint16(writer, this->type);
164 writer->write_uint32(writer, batch_len);
165
166 /* build PB-TNC messages */
167 enumerator = this->messages->create_enumerator(this->messages);
168 while (enumerator->enumerate(enumerator, &msg))
169 {
170 u_int8_t flags = PB_TNC_FLAG_NONE;
171
172 /* build PB-TNC message */
173 msg_value = msg->get_encoding(msg);
174 msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
175 msg_type = msg->get_type(msg);
176 if (pb_tnc_msg_infos[msg_type].has_noskip_flag)
177 {
178 flags |= PB_TNC_FLAG_NOSKIP;
179 }
180 writer->write_uint8 (writer, flags);
181 writer->write_uint24(writer, IETF_VENDOR_ID);
182 writer->write_uint32(writer, msg_type);
183 writer->write_uint32(writer, msg_len);
184 writer->write_data (writer, msg_value);
185 }
186 enumerator->destroy(enumerator);
187
188 this->encoding = chunk_clone(writer->get_buf(writer));
189 writer->destroy(writer);
190 }
191
192 static status_t process_batch_header(private_pb_tnc_batch_t *this,
193 pb_tnc_state_machine_t *state_machine)
194 {
195 tls_reader_t *reader;
196 pb_tnc_msg_t *msg;
197 pb_error_msg_t *err_msg;
198 u_int8_t version, flags, reserved, type;
199 u_int32_t batch_len;
200 bool directionality;
201
202 if (this->encoding.len < PB_TNC_BATCH_HEADER_SIZE)
203 {
204 DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC batch header",
205 this->encoding.len);
206 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
207 PB_ERROR_INVALID_PARAMETER, 0);
208 goto fatal;
209 }
210
211 reader = tls_reader_create(this->encoding);
212 reader->read_uint8 (reader, &version);
213 reader->read_uint8 (reader, &flags);
214 reader->read_uint8 (reader, &reserved);
215 reader->read_uint8 (reader, &type);
216 reader->read_uint32(reader, &batch_len);
217 reader->destroy(reader);
218
219 /* Version */
220 if (version != PB_TNC_VERSION)
221 {
222 DBG1(DBG_TNC, "unsupported TNCCS Batch Version 0x%01x", version);
223 msg = pb_error_msg_create(TRUE, IETF_VENDOR_ID,
224 PB_ERROR_VERSION_NOT_SUPPORTED);
225 err_msg = (pb_error_msg_t*)msg;
226 err_msg->set_bad_version(err_msg, version);
227 goto fatal;
228 }
229
230 /* Directionality */
231 directionality = (flags & PB_TNC_BATCH_FLAG_D) != PB_TNC_BATCH_FLAG_NONE;
232 if (directionality == this->is_server)
233 {
234 DBG1(DBG_TNC, "wrong Directionality: Batch is from a PB %s",
235 directionality ? "Server" : "Client");
236 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
237 PB_ERROR_INVALID_PARAMETER, 1);
238 goto fatal;
239 }
240
241 /* Batch Type */
242 this->type = type & 0x0F;
243 if (this->type > PB_BATCH_ROOF)
244 {
245 DBG1(DBG_TNC, "unknown PB-TNC Batch Type: %d", this->type);
246 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
247 PB_ERROR_INVALID_PARAMETER, 3);
248 goto fatal;
249 }
250
251 if (!state_machine->receive_batch(state_machine, this->type))
252 {
253 DBG1(DBG_TNC, "unexpected PB-TNC Batch Type: %N",
254 pb_tnc_batch_type_names, this->type);
255 msg = pb_error_msg_create(TRUE, IETF_VENDOR_ID,
256 PB_ERROR_UNEXPECTED_BATCH_TYPE);
257 goto fatal;
258 }
259
260 /* Batch Length */
261 if (this->encoding.len != batch_len)
262 {
263 DBG1(DBG_TNC, "%u bytes of data is not equal to batch length of %u bytes",
264 this->encoding.len, batch_len);
265 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
266 PB_ERROR_INVALID_PARAMETER, 4);
267 goto fatal;
268 }
269
270 this->offset = PB_TNC_BATCH_HEADER_SIZE;
271 return SUCCESS;
272
273 fatal:
274 this->errors->insert_last(this->errors, msg);
275 return FAILED;
276 }
277
278 static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
279 {
280 tls_reader_t *reader;
281 pb_tnc_msg_t *pb_tnc_msg, *msg;
282 u_int8_t flags;
283 u_int32_t vendor_id, msg_type, msg_len, offset;
284 chunk_t data, msg_value;
285 bool noskip_flag;
286 status_t status;
287
288 data = chunk_skip(this->encoding, this->offset);
289
290 if (data.len < PB_TNC_HEADER_SIZE)
291 {
292 DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header",
293 data.len);
294 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
295 PB_ERROR_INVALID_PARAMETER, this->offset);
296 goto fatal;
297 }
298
299 reader = tls_reader_create(data);
300 reader->read_uint8 (reader, &flags);
301 reader->read_uint24(reader, &vendor_id);
302 reader->read_uint32(reader, &msg_type);
303 reader->read_uint32(reader, &msg_len);
304 reader->destroy(reader);
305
306 noskip_flag = (flags & PB_TNC_FLAG_NOSKIP) != PB_TNC_FLAG_NONE;
307
308 if (msg_len > data.len)
309 {
310 DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message", data.len);
311 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
312 PB_ERROR_INVALID_PARAMETER, this->offset + 8);
313 goto fatal;
314 }
315
316 if (vendor_id == RESERVED_VENDOR_ID)
317 {
318 DBG1(DBG_TNC, "Vendor ID 0x%06x is reserved", RESERVED_VENDOR_ID);
319 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
320 PB_ERROR_INVALID_PARAMETER, this->offset + 1);
321 goto fatal;
322
323 }
324
325 if (msg_type == PB_TNC_RESERVED_MSG_TYPE)
326 {
327 DBG1(DBG_TNC, "PB-TNC Message Type 0x%08x is reserved",
328 PB_TNC_RESERVED_MSG_TYPE);
329 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
330 PB_ERROR_INVALID_PARAMETER, this->offset + 4);
331 goto fatal;
332 }
333
334
335 if (vendor_id != IETF_VENDOR_ID || msg_type > PB_MSG_ROOF)
336 {
337 if (msg_len < PB_TNC_HEADER_SIZE)
338 {
339 DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length",
340 msg_len);
341 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
342 PB_ERROR_INVALID_PARAMETER, this->offset + 8);
343 goto fatal;
344 }
345
346 if (noskip_flag)
347 {
348 DBG1(DBG_TNC, "reject PB-TNC Message (Vendor ID 0x%06x / "
349 "Type 0x%08x)", vendor_id, msg_type);
350 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
351 PB_ERROR_UNSUPPORTED_MANDATORY_MSG, this->offset);
352 goto fatal;
353 }
354 else
355 {
356 DBG1(DBG_TNC, "ignore PB-TNC Message (Vendor ID 0x%06x / "
357 "Type 0x%08x)", vendor_id, msg_type);
358 this->offset += msg_len;
359 return SUCCESS;
360 }
361 }
362 else
363 {
364 if (pb_tnc_msg_infos[msg_type].has_noskip_flag != TRUE_OR_FALSE &&
365 pb_tnc_msg_infos[msg_type].has_noskip_flag != noskip_flag)
366 {
367 DBG1(DBG_TNC, "%N Message must%s have NOSKIP flag set",
368 pb_tnc_msg_type_names, msg_type,
369 pb_tnc_msg_infos[msg_type].has_noskip_flag ? "" : " not");
370 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
371 PB_ERROR_INVALID_PARAMETER, this->offset);
372 goto fatal;
373 }
374
375 if (msg_len < pb_tnc_msg_infos[msg_type].min_size ||
376 (pb_tnc_msg_infos[msg_type].exact_size &&
377 msg_len != pb_tnc_msg_infos[msg_type].min_size))
378 {
379 DBG1(DBG_TNC, "%N Message length must be %s %u bytes but is %u bytes",
380 pb_tnc_msg_type_names, msg_type,
381 pb_tnc_msg_infos[msg_type].exact_size ? "exactly" : "at least",
382 pb_tnc_msg_infos[msg_type].min_size, msg_len);
383 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
384 PB_ERROR_INVALID_PARAMETER, this->offset);
385 goto fatal;
386 }
387 }
388
389 if (pb_tnc_msg_infos[msg_type].in_result_batch &&
390 this->type != PB_BATCH_RESULT)
391 {
392 if (this->is_server)
393 {
394 DBG1(DBG_TNC,"reject %N Message received from a PB-TNC Client",
395 pb_tnc_msg_type_names, msg_type);
396 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
397 PB_ERROR_INVALID_PARAMETER, this->offset);
398 goto fatal;
399 }
400 else
401 {
402 DBG1(DBG_TNC,"ignore %N Message not received within RESULT batch",
403 pb_tnc_msg_type_names, msg_type);
404 this->offset += msg_len;
405 return SUCCESS;
406 }
407 }
408
409 DBG2(DBG_TNC, "processing %N Message (%u bytes)", pb_tnc_msg_type_names,
410 msg_type, msg_len);
411 data.len = msg_len;
412 DBG3(DBG_TNC, "%B", &data);
413 msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE);
414 pb_tnc_msg = pb_tnc_msg_create_from_data(msg_type, msg_value);
415
416 status = pb_tnc_msg->process(pb_tnc_msg, &offset);
417 if (status == FAILED || status == VERIFY_ERROR)
418 {
419 msg = pb_error_msg_create_with_offset(TRUE, IETF_VENDOR_ID,
420 PB_ERROR_INVALID_PARAMETER, this->offset);
421 this->errors->insert_last(this->errors, msg);
422 }
423 if (status == FAILED)
424 {
425 pb_tnc_msg->destroy(pb_tnc_msg);
426 return FAILED;
427 }
428 this->messages->insert_last(this->messages, pb_tnc_msg);
429 this->offset += msg_len;
430 return status;
431
432 fatal:
433 this->errors->insert_last(this->errors, msg);
434 return FAILED;
435 }
436
437 METHOD(pb_tnc_batch_t, process, status_t,
438 private_pb_tnc_batch_t *this, pb_tnc_state_machine_t *state_machine)
439 {
440 status_t status;
441
442 status = process_batch_header(this, state_machine);
443 if (status != SUCCESS)
444 {
445 return FAILED;
446 }
447 DBG1(DBG_TNC, "processing PB-TNC %N Batch", pb_tnc_batch_type_names,
448 this->type);
449 while (this->offset < this->encoding.len)
450 {
451 switch (process_tnc_msg(this))
452 {
453 case FAILED:
454 return FAILED;
455 case VERIFY_ERROR:
456 status = VERIFY_ERROR;
457 break;
458 case SUCCESS:
459 default:
460 break;
461 }
462 }
463 return status;
464 }
465
466 METHOD(pb_tnc_batch_t, create_msg_enumerator, enumerator_t*,
467 private_pb_tnc_batch_t *this)
468 {
469 return this->messages->create_enumerator(this->messages);
470 }
471
472 METHOD(pb_tnc_batch_t, create_error_enumerator, enumerator_t*,
473 private_pb_tnc_batch_t *this)
474 {
475 return this->errors->create_enumerator(this->errors);
476 }
477
478 METHOD(pb_tnc_batch_t, destroy, void,
479 private_pb_tnc_batch_t *this)
480 {
481 this->messages->destroy_offset(this->messages,
482 offsetof(pb_tnc_msg_t, destroy));
483 this->errors->destroy_offset(this->errors,
484 offsetof(pb_tnc_msg_t, destroy));
485 free(this->encoding.ptr);
486 free(this);
487 }
488
489 /**
490 * See header
491 */
492 pb_tnc_batch_t* pb_tnc_batch_create(bool is_server, pb_tnc_batch_type_t type)
493 {
494 private_pb_tnc_batch_t *this;
495
496 INIT(this,
497 .public = {
498 .get_type = _get_type,
499 .get_encoding = _get_encoding,
500 .add_msg = _add_msg,
501 .build = _build,
502 .process = _process,
503 .create_msg_enumerator = _create_msg_enumerator,
504 .create_error_enumerator = _create_error_enumerator,
505 .destroy = _destroy,
506 },
507 .is_server = is_server,
508 .type = type,
509 .messages = linked_list_create(),
510 .errors = linked_list_create(),
511 );
512
513 DBG2(DBG_TNC, "creating PB-TNC %N Batch", pb_tnc_batch_type_names, type);
514
515 return &this->public;
516 }
517
518 /**
519 * See header
520 */
521 pb_tnc_batch_t* pb_tnc_batch_create_from_data(bool is_server, chunk_t data)
522 {
523 private_pb_tnc_batch_t *this;
524
525 INIT(this,
526 .public = {
527 .get_type = _get_type,
528 .get_encoding = _get_encoding,
529 .add_msg = _add_msg,
530 .build = _build,
531 .process = _process,
532 .create_msg_enumerator = _create_msg_enumerator,
533 .create_error_enumerator = _create_error_enumerator,
534 .destroy = _destroy,
535 },
536 .is_server = is_server,
537 .messages = linked_list_create(),
538 .errors = linked_list_create(),
539 .encoding = chunk_clone(data),
540 );
541
542 return &this->public;
543 }
544