define pb_tnc_state_machine_t object
[strongswan.git] / src / libcharon / plugins / tnccs_20 / batch / pb_tnc_batch.c
1 /*
2 * Copyright (C) 2010 Sansar Choinyanbuu
3 * Copyright (C) 2010 Andreas Steffen
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "tnccs_20_types.h"
18 #include "pb_tnc_batch.h"
19 #include "messages/pb_error_message.h"
20 #include "state_machine/pb_tnc_state_machine.h"
21
22 #include <debug.h>
23 #include <utils/linked_list.h>
24 #include <tls_writer.h>
25 #include <tls_reader.h>
26 #include <tnc/tnccs/tnccs.h>
27
28 ENUM(pb_tnc_batch_type_names, PB_BATCH_CDATA, PB_BATCH_CLOSE,
29 "CDATA",
30 "SDATA",
31 "RESULT",
32 "CRETRY",
33 "SRETRY",
34 "CLOSE"
35 );
36
37 typedef struct private_pb_tnc_batch_t private_pb_tnc_batch_t;
38
39 /**
40 * PB-Batch Header (see section 4.1 of RFC 5793)
41 *
42 * 0 1 2 3
43 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
44 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
45 * | Version |D| Reserved | B-Type|
46 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
47 * | Batch Length |
48 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
49 */
50
51 #define PB_TNC_BATCH_FLAG_NONE 0x00
52 #define PB_TNC_BATCH_FLAG_D (1<<7)
53 #define PB_TNC_BATCH_HEADER_SIZE 8
54
55 /**
56 * PB-TNC Message (see section 4.2 of RFC 5793)
57 *
58 * 0 1 2 3
59 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
60 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
61 * | Flags | PB-TNC Vendor ID |
62 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
63 * | PB-TNC Message Type |
64 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
65 * | PB-TNC Message Length |
66 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
67 * | PB-TNC Message Value (Variable Length) |
68 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
69 */
70
71 #define PB_TNC_FLAG_NONE 0x00
72 #define PB_TNC_FLAG_NOSKIP (1<<7)
73 #define PB_TNC_HEADER_SIZE 12
74
75 #define PB_TNC_RESERVED_MSG_TYPE 0xffffffff
76
77 /**
78 * Private data of a pb_tnc_batch_t object.
79 *
80 */
81 struct private_pb_tnc_batch_t {
82 /**
83 * Public pb_pa_message_t interface.
84 */
85 pb_tnc_batch_t public;
86
87 /**
88 * TNCC if TRUE, TNCS if FALSE
89 */
90 bool is_server;
91
92 /**
93 * PB-TNC Batch type
94 */
95 pb_tnc_batch_type_t type;
96
97 /**
98 * linked list of PB-TNC messages
99 */
100 linked_list_t *messages;
101
102 /**
103 * linked list of PB-TNC error messages
104 */
105 linked_list_t *errors;
106
107 /**
108 * Encoded message
109 */
110 chunk_t encoding;
111
112 /**
113 * Offset into encoding (used for error reporting)
114 */
115 size_t offset;
116 };
117
118 METHOD(pb_tnc_batch_t, get_type, pb_tnc_batch_type_t,
119 private_pb_tnc_batch_t *this)
120 {
121 return this->type;
122 }
123
124 METHOD(pb_tnc_batch_t, get_encoding, chunk_t,
125 private_pb_tnc_batch_t *this)
126 {
127 return this->encoding;
128 }
129
130 METHOD(pb_tnc_batch_t, add_message, void,
131 private_pb_tnc_batch_t *this, pb_tnc_message_t* msg)
132 {
133 DBG2(DBG_TNC, " adding %N Message", pb_tnc_msg_type_names,
134 msg->get_type(msg));
135 this->messages->insert_last(this->messages, msg);
136 }
137
138 METHOD(pb_tnc_batch_t, build, void,
139 private_pb_tnc_batch_t *this)
140 {
141 u_int32_t batch_len, msg_len;
142 u_int8_t flags = PB_TNC_FLAG_NONE;
143 chunk_t msg_value;
144 enumerator_t *enumerator;
145 pb_tnc_msg_type_t msg_type;
146 pb_tnc_message_t *msg;
147 tls_writer_t *writer;
148
149 /* compute total PB-TNC batch size by summing over all messages */
150 batch_len = PB_TNC_BATCH_HEADER_SIZE;
151 enumerator = this->messages->create_enumerator(this->messages);
152 while (enumerator->enumerate(enumerator, &msg))
153 {
154 msg->build(msg);
155 msg_value = msg->get_encoding(msg);
156 batch_len += PB_TNC_HEADER_SIZE + msg_value.len;
157 }
158 enumerator->destroy(enumerator);
159
160 /* build PB-TNC batch header */
161 writer = tls_writer_create(batch_len);
162 writer->write_uint8 (writer, PB_TNC_VERSION);
163 writer->write_uint8 (writer, this->is_server ?
164 PB_TNC_BATCH_FLAG_D : PB_TNC_BATCH_FLAG_NONE);
165 writer->write_uint16(writer, this->type);
166 writer->write_uint32(writer, batch_len);
167
168 /* build PB-TNC messages */
169 enumerator = this->messages->create_enumerator(this->messages);
170 while (enumerator->enumerate(enumerator, &msg))
171 {
172 /* build PB-TNC message */
173 msg_value = msg->get_encoding(msg);
174 msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
175 msg_type = msg->get_type(msg);
176 switch (msg_type)
177 {
178 case PB_MSG_PA:
179 case PB_MSG_ASSESSMENT_RESULT:
180 case PB_MSG_ERROR:
181 flags |= PB_TNC_FLAG_NOSKIP;
182 break;
183 case PB_MSG_EXPERIMENTAL:
184 case PB_MSG_ACCESS_RECOMMENDATION:
185 case PB_MSG_REMEDIATION_PARAMETERS:
186 case PB_MSG_LANGUAGE_PREFERENCE:
187 case PB_MSG_REASON_STRING:
188 break;
189 }
190 writer->write_uint8 (writer, flags);
191 writer->write_uint24(writer, IETF_VENDOR_ID);
192 writer->write_uint32(writer, msg_type);
193 writer->write_uint32(writer, msg_len);
194 writer->write_data (writer, msg_value);
195 }
196 enumerator->destroy(enumerator);
197
198 this->encoding = chunk_clone(writer->get_buf(writer));
199 writer->destroy(writer);
200 }
201
202 static status_t process_batch_header(private_pb_tnc_batch_t *this,
203 pb_tnc_state_machine_t *state_machine)
204 {
205 tls_reader_t *reader;
206 pb_tnc_message_t *msg;
207 pb_error_message_t *err_msg;
208 u_int8_t version, flags, reserved, type;
209 u_int32_t batch_len;
210 bool directionality;
211
212 if (this->encoding.len < PB_TNC_BATCH_HEADER_SIZE)
213 {
214 DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC batch header",
215 this->encoding.len);
216 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
217 PB_ERROR_INVALID_PARAMETER);
218 err_msg = (pb_error_message_t*)msg;
219 err_msg->set_offset(err_msg, 0);
220 goto fatal;
221 }
222
223 reader = tls_reader_create(this->encoding);
224 reader->read_uint8 (reader, &version);
225 reader->read_uint8 (reader, &flags);
226 reader->read_uint8 (reader, &reserved);
227 reader->read_uint8 (reader, &type);
228 reader->read_uint32(reader, &batch_len);
229 reader->destroy(reader);
230
231 /* Version */
232 if (version != PB_TNC_VERSION)
233 {
234 DBG1(DBG_TNC, "unsupported TNCCS Batch Version 0x%01x", version);
235 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
236 PB_ERROR_VERSION_NOT_SUPPORTED);
237 err_msg = (pb_error_message_t*)msg;
238 err_msg->set_bad_version(err_msg, version);
239 goto fatal;
240 }
241
242 /* Directionality */
243 directionality = (flags & PB_TNC_BATCH_FLAG_D) != PB_TNC_BATCH_FLAG_NONE;
244 if (directionality == this->is_server)
245 {
246 DBG1(DBG_TNC, "wrong Directionality: Batch is from a PB %s",
247 directionality ? "Server" : "Client");
248 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
249 PB_ERROR_INVALID_PARAMETER);
250 err_msg = (pb_error_message_t*)msg;
251 err_msg->set_offset(err_msg, 1);
252 goto fatal;
253 }
254
255 /* Batch Type */
256 this->type = type & 0x0F;
257 if (this->type > PB_BATCH_ROOF)
258 {
259 DBG1(DBG_TNC, "unknown PB-TNC Batch Type: %d", this->type);
260 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
261 PB_ERROR_INVALID_PARAMETER);
262 err_msg = (pb_error_message_t*)msg;
263 err_msg->set_offset(err_msg, 3);
264 goto fatal;
265 }
266
267 if (!state_machine->receive_batch(state_machine, this->type))
268 {
269 DBG1(DBG_TNC, "unexpected PB-TNC Batch Type: %N",
270 pb_tnc_batch_type_names, this->type);
271 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
272 PB_ERROR_UNEXPECTED_BATCH_TYPE);
273 goto fatal;
274 }
275
276 /* Batch Length */
277 if (this->encoding.len != batch_len)
278 {
279 DBG1(DBG_TNC, "%u bytes of data is not equal to batch length of %u bytes",
280 this->encoding.len, batch_len);
281 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
282 PB_ERROR_INVALID_PARAMETER);
283 err_msg = (pb_error_message_t*)msg;
284 err_msg->set_offset(err_msg, 4);
285 goto fatal;
286 }
287
288 this->offset = PB_TNC_BATCH_HEADER_SIZE;
289 return SUCCESS;
290
291 fatal:
292 this->errors->insert_last(this->errors, msg);
293 return FAILED;
294 }
295
296 static status_t process_tnc_message(private_pb_tnc_batch_t *this)
297 {
298 tls_reader_t *reader;
299 pb_tnc_message_t *pb_tnc_msg, *msg;
300 pb_error_message_t *err_msg;
301 u_int8_t flags;
302 u_int32_t vendor_id, msg_type, msg_len;
303 chunk_t data, msg_value;
304 status_t status;
305
306 data = chunk_skip(this->encoding, this->offset);
307
308 if (data.len < PB_TNC_HEADER_SIZE)
309 {
310 DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header",
311 data.len);
312 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
313 PB_ERROR_INVALID_PARAMETER);
314 err_msg = (pb_error_message_t*)msg;
315 err_msg->set_offset(err_msg, this->offset);
316 goto fatal;
317 }
318
319 reader = tls_reader_create(data);
320 reader->read_uint8 (reader, &flags);
321 reader->read_uint24(reader, &vendor_id);
322 reader->read_uint32(reader, &msg_type);
323 reader->read_uint32(reader, &msg_len);
324 reader->destroy(reader);
325
326 if (msg_len < PB_TNC_HEADER_SIZE)
327 {
328 DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length", msg_len);
329 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
330 PB_ERROR_INVALID_PARAMETER);
331 err_msg = (pb_error_message_t*)msg;
332 err_msg->set_offset(err_msg, this->offset + 8);
333 goto fatal;
334 }
335
336 if (msg_len > data.len)
337 {
338 DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message", data.len);
339 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
340 PB_ERROR_INVALID_PARAMETER);
341 err_msg = (pb_error_message_t*)msg;
342 err_msg->set_offset(err_msg, this->offset + 8);
343 goto fatal;
344 }
345
346 if (vendor_id == RESERVED_VENDOR_ID)
347 {
348 DBG1(DBG_TNC, "Vendor ID 0x%06x is reserved", RESERVED_VENDOR_ID);
349 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
350 PB_ERROR_INVALID_PARAMETER);
351 err_msg = (pb_error_message_t*)msg;
352 err_msg->set_offset(err_msg, this->offset + 1);
353 goto fatal;
354
355 }
356
357 if (msg_type == PB_TNC_RESERVED_MSG_TYPE)
358 {
359 DBG1(DBG_TNC, "PB-TNC Message Type 0x%08x is reserved",
360 PB_TNC_RESERVED_MSG_TYPE);
361 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
362 PB_ERROR_INVALID_PARAMETER);
363 err_msg = (pb_error_message_t*)msg;
364 err_msg->set_offset(err_msg, this->offset + 4);
365 goto fatal;
366 }
367
368 if (vendor_id != IETF_VENDOR_ID || msg_type > PB_MSG_ROOF)
369 {
370 if (flags & PB_TNC_FLAG_NOSKIP)
371 {
372 DBG1(DBG_TNC, "cannot process PB-TNC Message with Vendor ID 0x%06x "
373 " and type 0x%08x", vendor_id, msg_type);
374 msg = pb_error_message_create(TRUE, IETF_VENDOR_ID,
375 PB_ERROR_UNSUPPORTED_MANDATORY_MESSAGE);
376 err_msg = (pb_error_message_t*)msg;
377 err_msg->set_offset(err_msg, this->offset);
378 goto fatal;
379 }
380 else
381 {
382 DBG1(DBG_TNC, "ignore PB-TNC Message with Vendor ID 0x%06x "
383 " and type 0x%08x", vendor_id, msg_type);
384 this->offset += msg_len;
385 return INVALID_STATE;
386 }
387 }
388
389 if ((msg_type == PB_MSG_ASSESSMENT_RESULT ||
390 msg_type == PB_MSG_ACCESS_RECOMMENDATION ||
391 msg_type == PB_MSG_REMEDIATION_PARAMETERS) &&
392 this->type != PB_BATCH_RESULT)
393 {
394 DBG1(DBG_TNC,"ignore %N Message not received within RESULT batch",
395 pb_tnc_msg_type_names, msg_type);
396 this->offset += msg_len;
397 return INVALID_STATE;
398 }
399
400 DBG2(DBG_TNC, "processing %N Message (%u bytes)", pb_tnc_msg_type_names,
401 msg_type, msg_len);
402 data.len = msg_len;
403 DBG3(DBG_TNC, "%B", &data);
404 msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE);
405 pb_tnc_msg = pb_tnc_message_create(msg_type, msg_value);
406
407 status = pb_tnc_msg->process(pb_tnc_msg);
408 if (status == FAILED)
409 {
410 pb_tnc_msg->destroy(pb_tnc_msg);
411 return FAILED;
412 }
413 this->messages->insert_last(this->messages, pb_tnc_msg);
414 this->offset += msg_len;
415 return SUCCESS;
416
417 fatal:
418 this->errors->insert_last(this->errors, msg);
419 return FAILED;
420 }
421
422 METHOD(pb_tnc_batch_t, process, status_t,
423 private_pb_tnc_batch_t *this, pb_tnc_state_machine_t *state_machine)
424 {
425 status_t status;
426
427 status = process_batch_header(this, state_machine);
428 if (status == FAILED)
429 {
430 return FAILED;
431 }
432 DBG1(DBG_TNC, "processing PB-TNC %N Batch", pb_tnc_batch_type_names,
433 this->type);
434 while (this->offset < this->encoding.len)
435 {
436 status = process_tnc_message(this);
437 if (status == FAILED)
438 {
439 return FAILED;
440 }
441 }
442 return SUCCESS;
443 }
444
445 METHOD(pb_tnc_batch_t, create_msg_enumerator, enumerator_t*,
446 private_pb_tnc_batch_t *this)
447 {
448 return this->messages->create_enumerator(this->messages);
449 }
450
451 METHOD(pb_tnc_batch_t, create_error_enumerator, enumerator_t*,
452 private_pb_tnc_batch_t *this)
453 {
454 return this->errors->create_enumerator(this->errors);
455 }
456
457 METHOD(pb_tnc_batch_t, destroy, void,
458 private_pb_tnc_batch_t *this)
459 {
460 this->messages->destroy_offset(this->messages,
461 offsetof(pb_tnc_message_t, destroy));
462 this->errors->destroy_offset(this->errors,
463 offsetof(pb_tnc_message_t, destroy));
464 free(this->encoding.ptr);
465 free(this);
466 }
467
468 /**
469 * See header
470 */
471 pb_tnc_batch_t* pb_tnc_batch_create(bool is_server, pb_tnc_batch_type_t type)
472 {
473 private_pb_tnc_batch_t *this;
474
475 INIT(this,
476 .public = {
477 .get_type = _get_type,
478 .get_encoding = _get_encoding,
479 .add_message = _add_message,
480 .build = _build,
481 .process = _process,
482 .create_msg_enumerator = _create_msg_enumerator,
483 .create_error_enumerator = _create_error_enumerator,
484 .destroy = _destroy,
485 },
486 .is_server = is_server,
487 .type = type,
488 .messages = linked_list_create(),
489 .errors = linked_list_create(),
490 );
491
492 DBG2(DBG_TNC, "creating PB-TNC %N Batch", pb_tnc_batch_type_names, type);
493
494 return &this->public;
495 }
496
497 /**
498 * See header
499 */
500 pb_tnc_batch_t* pb_tnc_batch_create_from_data(bool is_server, chunk_t data)
501 {
502 private_pb_tnc_batch_t *this;
503
504 INIT(this,
505 .public = {
506 .get_type = _get_type,
507 .get_encoding = _get_encoding,
508 .add_message = _add_message,
509 .build = _build,
510 .process = _process,
511 .create_msg_enumerator = _create_msg_enumerator,
512 .create_error_enumerator = _create_error_enumerator,
513 .destroy = _destroy,
514 },
515 .is_server = is_server,
516 .messages = linked_list_create(),
517 .errors = linked_list_create(),
518 .encoding = chunk_clone(data),
519 );
520
521 return &this->public;
522 }
523