add relative PB-TNC message offset
[strongswan.git] / src / libcharon / plugins / tnccs_20 / batch / pb_tnc_batch.c
1 /*
2 * Copyright (C) 2010 Sansar Choinyanbuu
3 * Copyright (C) 2010 Andreas Steffen
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "pb_tnc_batch.h"
18 #include "messages/pb_error_msg.h"
19 #include "state_machine/pb_tnc_state_machine.h"
20
21 #include <debug.h>
22 #include <utils/linked_list.h>
23 #include <bio/bio_writer.h>
24 #include <bio/bio_reader.h>
25 #include <tnc/tnccs/tnccs.h>
26 #include <pen/pen.h>
27
28 ENUM(pb_tnc_batch_type_names, PB_BATCH_CDATA, PB_BATCH_CLOSE,
29 "CDATA",
30 "SDATA",
31 "RESULT",
32 "CRETRY",
33 "SRETRY",
34 "CLOSE"
35 );
36
37 typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t;
38
39 /**
40 * PB-Batch Header (see section 4.1 of RFC 5793)
41 *
42 * 0 1 2 3
43 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
44 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
45 * | Version |D| Reserved | B-Type|
46 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
47 * | Batch Length |
48 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
49 */
50
51 #define PB_TNC_BATCH_FLAG_NONE 0x00
52 #define PB_TNC_BATCH_FLAG_D (1<<7)
53 #define PB_TNC_BATCH_HEADER_SIZE 8
54
55 /**
56 * PB-TNC Message (see section 4.2 of RFC 5793)
57 *
58 * 0 1 2 3
59 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
60 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
61 * | Flags | PB-TNC Vendor ID |
62 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
63 * | PB-TNC Message Type |
64 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
65 * | PB-TNC Message Length |
66 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
67 * | PB-TNC Message Value (Variable Length) |
68 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
69 */
70
71 #define PB_TNC_FLAG_NONE 0x00
72 #define PB_TNC_FLAG_NOSKIP (1<<7)
73 #define PB_TNC_HEADER_SIZE 12
74
75 #define PB_TNC_RESERVED_MSG_TYPE 0xffffffff
76
77 /**
78 * Private data of a pb_tnc_batch_t object.
79 *
80 */
81 struct private_pb_tnc_batch_t {
82 /**
83 * Public pb_pa_msg_t interface.
84 */
85 pb_tnc_batch_t public;
86
87 /**
88 * TNCC if TRUE, TNCS if FALSE
89 */
90 bool is_server;
91
92 /**
93 * PB-TNC Batch type
94 */
95 pb_tnc_batch_type_t type;
96
97 /**
98 * linked list of PB-TNC messages
99 */
100 linked_list_t *messages;
101
102 /**
103 * linked list of PB-TNC error messages
104 */
105 linked_list_t *errors;
106
107 /**
108 * Encoded message
109 */
110 chunk_t encoding;
111
112 /**
113 * Offset into encoding (used for error reporting)
114 */
115 u_int32_t offset;
116 };
117
118 METHOD(pb_tnc_batch_t, get_type, pb_tnc_batch_type_t,
119 private_pb_tnc_batch_t *this)
120 {
121 return this->type;
122 }
123
124 METHOD(pb_tnc_batch_t, get_encoding, chunk_t,
125 private_pb_tnc_batch_t *this)
126 {
127 return this->encoding;
128 }
129
130 METHOD(pb_tnc_batch_t, add_msg, void,
131 private_pb_tnc_batch_t *this, pb_tnc_msg_t* msg)
132 {
133 DBG2(DBG_TNC, "adding %N message", pb_tnc_msg_type_names,
134 msg->get_type(msg));
135 this->messages->insert_last(this->messages, msg);
136 }
137
138 METHOD(pb_tnc_batch_t, build, void,
139 private_pb_tnc_batch_t *this)
140 {
141 u_int32_t batch_len, msg_len;
142 chunk_t msg_value;
143 enumerator_t *enumerator;
144 pb_tnc_msg_type_t msg_type;
145 pb_tnc_msg_t *msg;
146 bio_writer_t *writer;
147
148 /* compute total PB-TNC batch size by summing over all messages */
149 batch_len = PB_TNC_BATCH_HEADER_SIZE;
150 enumerator = this->messages->create_enumerator(this->messages);
151 while (enumerator->enumerate(enumerator, &msg))
152 {
153 msg->build(msg);
154 msg_value = msg->get_encoding(msg);
155 batch_len += PB_TNC_HEADER_SIZE + msg_value.len;
156 }
157 enumerator->destroy(enumerator);
158
159 /* build PB-TNC batch header */
160 writer = bio_writer_create(batch_len);
161 writer->write_uint8 (writer, PB_TNC_VERSION);
162 writer->write_uint8 (writer, this->is_server ?
163 PB_TNC_BATCH_FLAG_D : PB_TNC_BATCH_FLAG_NONE);
164 writer->write_uint16(writer, this->type);
165 writer->write_uint32(writer, batch_len);
166
167 /* build PB-TNC messages */
168 enumerator = this->messages->create_enumerator(this->messages);
169 while (enumerator->enumerate(enumerator, &msg))
170 {
171 u_int8_t flags = PB_TNC_FLAG_NONE;
172
173 /* build PB-TNC message */
174 msg_value = msg->get_encoding(msg);
175 msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
176 msg_type = msg->get_type(msg);
177 if (pb_tnc_msg_infos[msg_type].has_noskip_flag)
178 {
179 flags |= PB_TNC_FLAG_NOSKIP;
180 }
181 writer->write_uint8 (writer, flags);
182 writer->write_uint24(writer, PEN_IETF);
183 writer->write_uint32(writer, msg_type);
184 writer->write_uint32(writer, msg_len);
185 writer->write_data (writer, msg_value);
186 }
187 enumerator->destroy(enumerator);
188
189 this->encoding = chunk_clone(writer->get_buf(writer));
190 writer->destroy(writer);
191 }
192
193 static status_t process_batch_header(private_pb_tnc_batch_t *this,
194 pb_tnc_state_machine_t *state_machine)
195 {
196 bio_reader_t *reader;
197 pb_tnc_msg_t *msg;
198 pb_error_msg_t *err_msg;
199 u_int8_t version, flags, reserved, type;
200 u_int32_t batch_len;
201 bool directionality;
202
203 if (this->encoding.len < PB_TNC_BATCH_HEADER_SIZE)
204 {
205 DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC batch header",
206 this->encoding.len);
207 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
208 PB_ERROR_INVALID_PARAMETER, 0);
209 goto fatal;
210 }
211
212 reader = bio_reader_create(this->encoding);
213 reader->read_uint8 (reader, &version);
214 reader->read_uint8 (reader, &flags);
215 reader->read_uint8 (reader, &reserved);
216 reader->read_uint8 (reader, &type);
217 reader->read_uint32(reader, &batch_len);
218 reader->destroy(reader);
219
220 /* Version */
221 if (version != PB_TNC_VERSION)
222 {
223 DBG1(DBG_TNC, "unsupported TNCCS batch version 0x%01x", version);
224 msg = pb_error_msg_create(TRUE, PEN_IETF,
225 PB_ERROR_VERSION_NOT_SUPPORTED);
226 err_msg = (pb_error_msg_t*)msg;
227 err_msg->set_bad_version(err_msg, version);
228 goto fatal;
229 }
230
231 /* Directionality */
232 directionality = (flags & PB_TNC_BATCH_FLAG_D) != PB_TNC_BATCH_FLAG_NONE;
233 if (directionality == this->is_server)
234 {
235 DBG1(DBG_TNC, "wrong Directionality: batch is from a PB %s",
236 directionality ? "server" : "client");
237 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
238 PB_ERROR_INVALID_PARAMETER, 1);
239 goto fatal;
240 }
241
242 /* Batch Type */
243 this->type = type & 0x0F;
244 if (this->type > PB_BATCH_ROOF)
245 {
246 DBG1(DBG_TNC, "unknown PB-TNC batch type: %d", this->type);
247 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
248 PB_ERROR_INVALID_PARAMETER, 3);
249 goto fatal;
250 }
251
252 if (!state_machine->receive_batch(state_machine, this->type))
253 {
254 DBG1(DBG_TNC, "unexpected PB-TNC batch type: %N",
255 pb_tnc_batch_type_names, this->type);
256 msg = pb_error_msg_create(TRUE, PEN_IETF,
257 PB_ERROR_UNEXPECTED_BATCH_TYPE);
258 goto fatal;
259 }
260
261 /* Batch Length */
262 if (this->encoding.len != batch_len)
263 {
264 DBG1(DBG_TNC, "%u bytes of data is not equal to batch length of %u bytes",
265 this->encoding.len, batch_len);
266 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
267 PB_ERROR_INVALID_PARAMETER, 4);
268 goto fatal;
269 }
270
271 this->offset = PB_TNC_BATCH_HEADER_SIZE;
272 return SUCCESS;
273
274 fatal:
275 this->errors->insert_last(this->errors, msg);
276 return FAILED;
277 }
278
279 static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
280 {
281 bio_reader_t *reader;
282 pb_tnc_msg_t *pb_tnc_msg, *msg;
283 u_int8_t flags;
284 u_int32_t vendor_id, msg_type, msg_len, offset;
285 chunk_t data, msg_value;
286 bool noskip_flag;
287 status_t status;
288
289 data = chunk_skip(this->encoding, this->offset);
290
291 if (data.len < PB_TNC_HEADER_SIZE)
292 {
293 DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header",
294 data.len);
295 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
296 PB_ERROR_INVALID_PARAMETER, this->offset);
297 goto fatal;
298 }
299
300 reader = bio_reader_create(data);
301 reader->read_uint8 (reader, &flags);
302 reader->read_uint24(reader, &vendor_id);
303 reader->read_uint32(reader, &msg_type);
304 reader->read_uint32(reader, &msg_len);
305 reader->destroy(reader);
306
307 noskip_flag = (flags & PB_TNC_FLAG_NOSKIP) != PB_TNC_FLAG_NONE;
308
309 if (msg_len > data.len)
310 {
311 DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message", data.len);
312 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
313 PB_ERROR_INVALID_PARAMETER, this->offset + 8);
314 goto fatal;
315 }
316
317 if (vendor_id == PEN_RESERVED)
318 {
319 DBG1(DBG_TNC, "Vendor ID 0x%06x is reserved", PEN_RESERVED);
320 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
321 PB_ERROR_INVALID_PARAMETER, this->offset + 1);
322 goto fatal;
323
324 }
325
326 if (msg_type == PB_TNC_RESERVED_MSG_TYPE)
327 {
328 DBG1(DBG_TNC, "PB-TNC message Type 0x%08x is reserved",
329 PB_TNC_RESERVED_MSG_TYPE);
330 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
331 PB_ERROR_INVALID_PARAMETER, this->offset + 4);
332 goto fatal;
333 }
334
335
336 if (vendor_id != PEN_IETF || msg_type > PB_MSG_ROOF)
337 {
338 if (msg_len < PB_TNC_HEADER_SIZE)
339 {
340 DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length",
341 msg_len);
342 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
343 PB_ERROR_INVALID_PARAMETER, this->offset + 8);
344 goto fatal;
345 }
346
347 if (noskip_flag)
348 {
349 DBG1(DBG_TNC, "reject PB-TNC message (Vendor ID 0x%06x / "
350 "Type 0x%08x)", vendor_id, msg_type);
351 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
352 PB_ERROR_UNSUPPORTED_MANDATORY_MSG, this->offset);
353 goto fatal;
354 }
355 else
356 {
357 DBG1(DBG_TNC, "ignore PB-TNC message (Vendor ID 0x%06x / "
358 "Type 0x%08x)", vendor_id, msg_type);
359 this->offset += msg_len;
360 return SUCCESS;
361 }
362 }
363 else
364 {
365 if (pb_tnc_msg_infos[msg_type].has_noskip_flag != TRUE_OR_FALSE &&
366 pb_tnc_msg_infos[msg_type].has_noskip_flag != noskip_flag)
367 {
368 DBG1(DBG_TNC, "%N message must%s have NOSKIP flag set",
369 pb_tnc_msg_type_names, msg_type,
370 pb_tnc_msg_infos[msg_type].has_noskip_flag ? "" : " not");
371 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
372 PB_ERROR_INVALID_PARAMETER, this->offset);
373 goto fatal;
374 }
375
376 if (msg_len < pb_tnc_msg_infos[msg_type].min_size ||
377 (pb_tnc_msg_infos[msg_type].exact_size &&
378 msg_len != pb_tnc_msg_infos[msg_type].min_size))
379 {
380 DBG1(DBG_TNC, "%N message length must be %s %u bytes but is %u bytes",
381 pb_tnc_msg_type_names, msg_type,
382 pb_tnc_msg_infos[msg_type].exact_size ? "exactly" : "at least",
383 pb_tnc_msg_infos[msg_type].min_size, msg_len);
384 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
385 PB_ERROR_INVALID_PARAMETER, this->offset);
386 goto fatal;
387 }
388 }
389
390 if (pb_tnc_msg_infos[msg_type].in_result_batch &&
391 this->type != PB_BATCH_RESULT)
392 {
393 if (this->is_server)
394 {
395 DBG1(DBG_TNC,"reject %N message received from a PB-TNC client",
396 pb_tnc_msg_type_names, msg_type);
397 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
398 PB_ERROR_INVALID_PARAMETER, this->offset);
399 goto fatal;
400 }
401 else
402 {
403 DBG1(DBG_TNC,"ignore %N message not received within RESULT batch",
404 pb_tnc_msg_type_names, msg_type);
405 this->offset += msg_len;
406 return SUCCESS;
407 }
408 }
409
410 DBG2(DBG_TNC, "processing %N message (%u bytes)", pb_tnc_msg_type_names,
411 msg_type, msg_len);
412 data.len = msg_len;
413 msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE);
414 pb_tnc_msg = pb_tnc_msg_create_from_data(msg_type, msg_value);
415
416 status = pb_tnc_msg->process(pb_tnc_msg, &offset);
417 if (status == FAILED || status == VERIFY_ERROR)
418 {
419 msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
420 PB_ERROR_INVALID_PARAMETER, this->offset + offset);
421 this->errors->insert_last(this->errors, msg);
422 }
423 if (status == FAILED)
424 {
425 pb_tnc_msg->destroy(pb_tnc_msg);
426 return FAILED;
427 }
428 this->messages->insert_last(this->messages, pb_tnc_msg);
429 this->offset += msg_len;
430 return status;
431
432 fatal:
433 this->errors->insert_last(this->errors, msg);
434 return FAILED;
435 }
436
437 METHOD(pb_tnc_batch_t, process, status_t,
438 private_pb_tnc_batch_t *this, pb_tnc_state_machine_t *state_machine)
439 {
440 status_t status;
441
442 status = process_batch_header(this, state_machine);
443 if (status != SUCCESS)
444 {
445 return FAILED;
446 }
447 DBG1(DBG_TNC, "processing PB-TNC %N batch", pb_tnc_batch_type_names,
448 this->type);
449 while (this->offset < this->encoding.len)
450 {
451 switch (process_tnc_msg(this))
452 {
453 case FAILED:
454 return FAILED;
455 case VERIFY_ERROR:
456 status = VERIFY_ERROR;
457 break;
458 case SUCCESS:
459 default:
460 break;
461 }
462 }
463 return status;
464 }
465
466 METHOD(pb_tnc_batch_t, create_msg_enumerator, enumerator_t*,
467 private_pb_tnc_batch_t *this)
468 {
469 return this->messages->create_enumerator(this->messages);
470 }
471
472 METHOD(pb_tnc_batch_t, create_error_enumerator, enumerator_t*,
473 private_pb_tnc_batch_t *this)
474 {
475 return this->errors->create_enumerator(this->errors);
476 }
477
478 METHOD(pb_tnc_batch_t, destroy, void,
479 private_pb_tnc_batch_t *this)
480 {
481 this->messages->destroy_offset(this->messages,
482 offsetof(pb_tnc_msg_t, destroy));
483 this->errors->destroy_offset(this->errors,
484 offsetof(pb_tnc_msg_t, destroy));
485 free(this->encoding.ptr);
486 free(this);
487 }
488
489 /**
490 * See header
491 */
492 pb_tnc_batch_t* pb_tnc_batch_create(bool is_server, pb_tnc_batch_type_t type)
493 {
494 private_pb_tnc_batch_t *this;
495
496 INIT(this,
497 .public = {
498 .get_type = _get_type,
499 .get_encoding = _get_encoding,
500 .add_msg = _add_msg,
501 .build = _build,
502 .process = _process,
503 .create_msg_enumerator = _create_msg_enumerator,
504 .create_error_enumerator = _create_error_enumerator,
505 .destroy = _destroy,
506 },
507 .is_server = is_server,
508 .type = type,
509 .messages = linked_list_create(),
510 .errors = linked_list_create(),
511 );
512
513 DBG2(DBG_TNC, "creating PB-TNC %N batch", pb_tnc_batch_type_names, type);
514
515 return &this->public;
516 }
517
518 /**
519 * See header
520 */
521 pb_tnc_batch_t* pb_tnc_batch_create_from_data(bool is_server, chunk_t data)
522 {
523 private_pb_tnc_batch_t *this;
524
525 INIT(this,
526 .public = {
527 .get_type = _get_type,
528 .get_encoding = _get_encoding,
529 .add_msg = _add_msg,
530 .build = _build,
531 .process = _process,
532 .create_msg_enumerator = _create_msg_enumerator,
533 .create_error_enumerator = _create_error_enumerator,
534 .destroy = _destroy,
535 },
536 .is_server = is_server,
537 .messages = linked_list_create(),
538 .errors = linked_list_create(),
539 .encoding = chunk_clone(data),
540 );
541
542 return &this->public;
543 }
544