Added add_segment() method to IETF attributes
[strongswan.git] / src / libimcv / imc / imc_msg.c
1 /*
2 * Copyright (C) 2012-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_msg.h"
17
18 #include "ietf/ietf_attr.h"
19 #include "ietf/ietf_attr_assess_result.h"
20 #include "ietf/ietf_attr_remediation_instr.h"
21 #include "tcg/seg/tcg_seg_attr_max_size.h"
22 #include "tcg/seg/tcg_seg_attr_seg_env.h"
23 #include "tcg/seg/tcg_seg_attr_next_seg.h"
24
25 #include <tncif_names.h>
26 #include <tncif_pa_subtypes.h>
27
28 #include <pen/pen.h>
29 #include <collections/linked_list.h>
30 #include <utils/debug.h>
31
32 typedef struct private_imc_msg_t private_imc_msg_t;
33
34 /**
35 * Private data of a imc_msg_t object.
36 *
37 */
38 struct private_imc_msg_t {
39
40 /**
41 * Public imc_msg_t interface.
42 */
43 imc_msg_t public;
44
45 /**
46 * Connection ID
47 */
48 TNC_ConnectionID connection_id;
49
50 /**
51 * source ID
52 */
53 TNC_UInt32 src_id;
54
55 /**
56 * destination ID
57 */
58 TNC_UInt32 dst_id;
59
60 /**
61 * PA-TNC message type
62 */
63 pen_type_t msg_type;
64
65 /**
66 * List of PA-TNC attributes to be sent
67 */
68 linked_list_t *attr_list;
69
70 /**
71 * PA-TNC message
72 */
73 pa_tnc_msg_t *pa_msg;
74
75 /**
76 * Assigned IMC agent
77 */
78 imc_agent_t *agent;
79
80 /**
81 * Assigned IMC state
82 */
83 imc_state_t *state;
84 };
85
86 METHOD(imc_msg_t, get_src_id, TNC_UInt32,
87 private_imc_msg_t *this)
88 {
89 return this->src_id;
90 }
91
92 METHOD(imc_msg_t, get_dst_id, TNC_UInt32,
93 private_imc_msg_t *this)
94 {
95 return this->dst_id;
96 }
97
98 METHOD(imc_msg_t, get_msg_type, pen_type_t,
99 private_imc_msg_t *this)
100 {
101 return this->msg_type;
102 }
103
104 METHOD(imc_msg_t, send_, TNC_Result,
105 private_imc_msg_t *this, bool excl)
106 {
107 pa_tnc_msg_t *pa_tnc_msg;
108 pa_tnc_attr_t *attr;
109 TNC_UInt32 msg_flags;
110 TNC_MessageType msg_type;
111 bool attr_added, oversize;
112 chunk_t msg;
113 seg_contract_t *contract;
114 seg_contract_manager_t *contracts;
115 enumerator_t *enumerator;
116 TNC_Result result = TNC_RESULT_SUCCESS;
117
118 /* Get IF-M segmentation contract for this subtype if any */
119 contracts = this->state->get_contracts(this->state);
120 contract = contracts->get_contract(contracts, this->msg_type, FALSE);
121
122 while (this->attr_list->get_count(this->attr_list))
123 {
124 pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
125 attr_added = FALSE;
126
127 enumerator = this->attr_list->create_enumerator(this->attr_list);
128 while (enumerator->enumerate(enumerator, &attr))
129 {
130 if (contract && contract->check_size(contract, attr, &oversize))
131 {
132 if (oversize)
133 {
134 /* TODO generate SWID error msg */
135 }
136 else
137 {
138 attr = contract->first_segment(contract, attr);
139 }
140 }
141 if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
142 {
143 attr_added = TRUE;
144 }
145 else
146 {
147 if (attr_added)
148 {
149 break;
150 }
151 else
152 {
153 DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted");
154 attr->destroy(attr);
155 }
156 }
157 this->attr_list->remove_at(this->attr_list, enumerator);
158 }
159 enumerator->destroy(enumerator);
160
161 /* build and send the PA-TNC message via the IF-IMC interface */
162 if (!pa_tnc_msg->build(pa_tnc_msg))
163 {
164 pa_tnc_msg->destroy(pa_tnc_msg);
165 return TNC_RESULT_FATAL;
166 }
167 msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
168 DBG3(DBG_IMC, "created PA-TNC message: %B", &msg);
169
170 if (this->state->has_long(this->state) && this->agent->send_message_long)
171 {
172 excl = excl && this->state->has_excl(this->state) &&
173 this->dst_id != TNC_IMVID_ANY;
174 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
175 result = this->agent->send_message_long(this->src_id,
176 this->connection_id, msg_flags, msg.ptr, msg.len,
177 this->msg_type.vendor_id, this->msg_type.type,
178 this->dst_id);
179 }
180 else if (this->agent->send_message)
181 {
182 msg_type = (this->msg_type.vendor_id << 8) |
183 (this->msg_type.type & 0x000000ff);
184 result = this->agent->send_message(this->src_id, this->connection_id,
185 msg.ptr, msg.len, msg_type);
186 }
187
188 pa_tnc_msg->destroy(pa_tnc_msg);
189
190 if (result != TNC_RESULT_SUCCESS)
191 {
192 break;
193 }
194 }
195 return result;
196 }
197
198 /**
199 * Print a clearly visible assessment header to the log
200 */
201 static void print_assessment_header(const char *name, TNC_UInt32 dst_id,
202 TNC_UInt32 src_id, bool *first)
203 {
204 if (*first)
205 {
206 if (src_id == TNC_IMCID_ANY)
207 {
208 DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" *****",
209 dst_id, name);
210 }
211 else
212 {
213 DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" from IMV %u *****",
214 dst_id, name, src_id);
215 }
216 *first = FALSE;
217 }
218 }
219
220 /**
221 * Print a clearly visible assessment trailer to the log
222 */
223 static void print_assessment_trailer(bool first)
224 {
225 if (!first)
226 {
227 DBG1(DBG_IMC, "***** end of assessment *****");
228 }
229 }
230
231 METHOD(imc_msg_t, receive, TNC_Result,
232 private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error)
233 {
234 linked_list_t *non_fatal_types;
235 TNC_UInt32 target_imc_id;
236 enumerator_t *enumerator;
237 pa_tnc_attr_t *attr;
238 pen_type_t attr_type;
239 chunk_t msg;
240 bool first = TRUE;
241
242 if (this->state->has_long(this->state))
243 {
244 if (this->dst_id != TNC_IMCID_ANY)
245 {
246 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
247 "from IMV %u to IMC %u",
248 this->agent->get_id(this->agent),
249 this->agent->get_name(this->agent),
250 this->connection_id, this->src_id, this->dst_id);
251 }
252 else
253 {
254 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
255 "from IMV %u", this->agent->get_id(this->agent),
256 this->agent->get_name(this->agent),
257 this->connection_id, this->src_id);
258 }
259 }
260 else
261 {
262 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u",
263 this->agent->get_id(this->agent),
264 this->agent->get_name(this->agent),
265 this->connection_id);
266 }
267 msg = this->pa_msg->get_encoding(this->pa_msg);
268 DBG3(DBG_IMC, "%B", &msg);
269
270 switch (this->pa_msg->process(this->pa_msg))
271 {
272 case SUCCESS:
273 break;
274 case VERIFY_ERROR:
275 {
276 /* extract and copy by reference all error attributes */
277 enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
278 while (enumerator->enumerate(enumerator, &attr))
279 {
280 out_msg->add_attribute(out_msg, attr->get_ref(attr));
281 }
282 enumerator->destroy(enumerator);
283 return TNC_RESULT_SUCCESS;
284 }
285 case FAILED:
286 default:
287 return TNC_RESULT_FATAL;
288 }
289
290 /* process any IF-M segmentation contracts */
291 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
292 while (enumerator->enumerate(enumerator, &attr))
293 {
294 uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
295 seg_contract_t *contract;
296 seg_contract_manager_t *contracts;
297 char buf[BUF_LEN];
298 pen_type_t type;
299
300 type = attr->get_type(attr);
301
302 contracts = this->state->get_contracts(this->state);
303
304 if (type.vendor_id != PEN_TCG)
305 {
306 continue;
307 }
308
309 switch (type.type)
310 {
311 case TCG_SEG_MAX_ATTR_SIZE_REQ:
312 {
313 tcg_seg_attr_max_size_t *attr_cast;
314
315 attr_cast = (tcg_seg_attr_max_size_t*)attr;
316 attr_cast->get_attr_size(attr_cast, &max_attr_size,
317 &max_seg_size);
318 contract = contracts->get_contract(contracts, this->msg_type,
319 FALSE);
320 if (contract)
321 {
322 contract->set_max_size(contract, max_attr_size,
323 max_seg_size);
324 }
325 else
326 {
327 contract = seg_contract_create(this->msg_type, max_attr_size,
328 max_seg_size, FALSE, this->src_id, TRUE);
329 contracts->add_contract(contracts, contract);
330 }
331 contract->get_info_string(contract, buf, BUF_LEN, TRUE);
332 DBG2(DBG_IMC, "%s", buf);
333
334 /* Determine maximum PA-TNC attribute segment size */
335 my_max_seg_size = this->state->get_max_msg_len(this->state)
336 - PA_TNC_HEADER_SIZE
337 - PA_TNC_ATTR_HEADER_SIZE
338 - TCG_SEG_ATTR_SEG_ENV_HEADER
339 - PA_TNC_ATTR_HEADER_SIZE
340 - TCG_SEG_ATTR_MAX_SIZE_SIZE;
341
342 /* If segmentation is possible select lower segment size */
343 if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
344 max_seg_size > my_max_seg_size)
345 {
346 max_seg_size = my_max_seg_size;
347 contract->set_max_size(contract, max_attr_size,
348 max_seg_size);
349 DBG2(DBG_IMC, " lowered maximum segment size to %u bytes",
350 max_seg_size);
351 }
352
353 /* Add Maximum Attribute Size Response attribute */
354 attr = tcg_seg_attr_max_size_create(max_attr_size,
355 max_seg_size, FALSE);
356 out_msg->add_attribute(out_msg, attr);
357 break;
358 }
359 case TCG_SEG_MAX_ATTR_SIZE_RESP:
360 {
361 tcg_seg_attr_max_size_t *attr_cast;
362
363 attr_cast = (tcg_seg_attr_max_size_t*)attr;
364 attr_cast->get_attr_size(attr_cast, &max_attr_size,
365 &max_seg_size);
366 contract = contracts->get_contract(contracts, this->msg_type,
367 TRUE);
368 if (contract)
369 {
370 contract->get_max_size(contract, &my_max_attr_size,
371 &my_max_seg_size);
372 if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
373 my_max_seg_size > max_seg_size)
374 {
375 my_max_seg_size = max_seg_size;
376 contract->set_max_size(contract, my_max_attr_size,
377 my_max_seg_size);
378 }
379 contract->get_info_string(contract, buf, BUF_LEN, FALSE);
380 DBG2(DBG_IMC, "%s", buf);
381 }
382 else
383 {
384 /* TODO no request pending */
385 DBG1(DBG_IMC, "no contract for this PA message type found");
386 }
387 break;
388 }
389 case TCG_SEG_ATTR_SEG_ENV:
390 {
391 tcg_seg_attr_seg_env_t *seg_env_attr;
392 pa_tnc_attr_t *error;
393 uint32_t base_attr_id;
394 bool more;
395
396 seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
397 base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
398
399 contract = contracts->get_contract(contracts, this->msg_type,
400 TRUE);
401 if (!contract)
402 {
403 DBG2(DBG_IMC, "no contract for received attribute segment "
404 "with base attribute ID %u", base_attr_id);
405 continue;
406 }
407 attr = contract->add_segment(contract, attr, &error, &more);
408 if (error)
409 {
410 out_msg->add_attribute(out_msg, error);
411 }
412 if (attr)
413 {
414 this->pa_msg->add_attribute(this->pa_msg, attr);
415 }
416 if (more)
417 {
418 /* Send Next Segment Request */
419 attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE);
420 out_msg->add_attribute(out_msg, attr);
421 }
422 break;
423 }
424 case TCG_SEG_NEXT_SEG_REQ:
425 {
426 tcg_seg_attr_next_seg_t *attr_cast;
427 uint32_t base_attr_id;
428
429 attr_cast = (tcg_seg_attr_next_seg_t*)attr;
430 base_attr_id = attr_cast->get_base_attr_id(attr_cast);
431
432 contract = contracts->get_contract(contracts, this->msg_type,
433 FALSE);
434 if (!contract)
435 {
436 /* TODO no contract - generate error message */
437 DBG1(DBG_IMC, "no contract for received next segment "
438 "request with base attribute ID %u", base_attr_id);
439 continue;
440 }
441 attr = contract->next_segment(contract, base_attr_id);
442 if (attr)
443 {
444 out_msg->add_attribute(out_msg, attr);
445 }
446 else
447 {
448 /* TODO no more segments - generate error message */
449 DBG1(DBG_IMC, "no more segments found for "
450 "base attribute ID %u", base_attr_id);
451 }
452 break;
453 }
454 default:
455 break;
456 }
457 }
458 enumerator->destroy(enumerator);
459
460 /* determine target IMC ID */
461 target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
462 this->dst_id : this->agent->get_id(this->agent);
463
464 /* preprocess any received IETF standard error attributes */
465 non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
466 *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
467 non_fatal_types);
468
469 /* preprocess any received IETF assessment result attribute */
470 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
471 while (enumerator->enumerate(enumerator, &attr))
472 {
473 attr_type = attr->get_type(attr);
474
475 if (attr_type.vendor_id != PEN_IETF)
476 {
477 continue;
478 }
479 if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
480 {
481 ietf_attr_assess_result_t *attr_cast;
482 TNC_IMV_Evaluation_Result res;
483
484 attr_cast = (ietf_attr_assess_result_t*)attr;
485 res = attr_cast->get_result(attr_cast);
486 this->state->set_result(this->state, target_imc_id, res);
487
488 print_assessment_header(this->agent->get_name(this->agent),
489 target_imc_id, this->src_id, &first);
490 DBG1(DBG_IMC, "assessment result is '%N'",
491 TNC_IMV_Evaluation_Result_names, res);
492 }
493 else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
494 {
495 ietf_attr_remediation_instr_t *attr_cast;
496 pen_type_t parameters_type;
497 chunk_t parameters, string, lang_code;
498
499 attr_cast = (ietf_attr_remediation_instr_t*)attr;
500 parameters_type = attr_cast->get_parameters_type(attr_cast);
501 parameters = attr_cast->get_parameters(attr_cast);
502
503 print_assessment_header(this->agent->get_name(this->agent),
504 target_imc_id, this->src_id, &first);
505 if (parameters_type.vendor_id == PEN_IETF)
506 {
507 switch (parameters_type.type)
508 {
509 case IETF_REMEDIATION_PARAMETERS_URI:
510 DBG1(DBG_IMC, "remediation uri: %.*s",
511 parameters.len, parameters.ptr);
512 break;
513 case IETF_REMEDIATION_PARAMETERS_STRING:
514 string = attr_cast->get_string(attr_cast, &lang_code);
515 DBG1(DBG_IMC, "remediation string: [%.*s]\n%.*s",
516 lang_code.len, lang_code.ptr,
517 string.len, string.ptr);
518 break;
519 default:
520 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
521 }
522 }
523 else
524 {
525 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
526 }
527 }
528 }
529 enumerator->destroy(enumerator);
530
531 print_assessment_trailer(first);
532
533 return TNC_RESULT_SUCCESS;
534 }
535
536 METHOD(imc_msg_t, add_attribute, void,
537 private_imc_msg_t *this, pa_tnc_attr_t *attr)
538 {
539 this->attr_list->insert_last(this->attr_list, attr);
540 }
541
542 METHOD(imc_msg_t, create_attribute_enumerator, enumerator_t*,
543 private_imc_msg_t *this)
544 {
545 return this->pa_msg->create_attribute_enumerator(this->pa_msg);
546 }
547
548 METHOD(imc_msg_t, get_encoding, chunk_t,
549 private_imc_msg_t *this)
550 {
551 if (this->pa_msg)
552 {
553 return this->pa_msg->get_encoding(this->pa_msg);
554 }
555 return chunk_empty;
556 }
557
558 METHOD(imc_msg_t, destroy, void,
559 private_imc_msg_t *this)
560 {
561 this->attr_list->destroy_offset(this->attr_list,
562 offsetof(pa_tnc_attr_t, destroy));
563 DESTROY_IF(this->pa_msg);
564 free(this);
565 }
566
567 /**
568 * See header
569 */
570 imc_msg_t *imc_msg_create(imc_agent_t *agent, imc_state_t *state,
571 TNC_ConnectionID connection_id,
572 TNC_UInt32 src_id, TNC_UInt32 dst_id,
573 pen_type_t msg_type)
574 {
575 private_imc_msg_t *this;
576
577 INIT(this,
578 .public = {
579 .get_src_id = _get_src_id,
580 .get_dst_id = _get_dst_id,
581 .get_msg_type = _get_msg_type,
582 .send = _send_,
583 .receive = _receive,
584 .add_attribute = _add_attribute,
585 .create_attribute_enumerator = _create_attribute_enumerator,
586 .get_encoding = _get_encoding,
587 .destroy = _destroy,
588 },
589 .connection_id = connection_id,
590 .src_id = src_id,
591 .dst_id = dst_id,
592 .msg_type = msg_type,
593 .attr_list = linked_list_create(),
594 .agent = agent,
595 .state = state,
596 );
597
598 return &this->public;
599 }
600
601 /**
602 * See header
603 */
604 imc_msg_t* imc_msg_create_as_reply(imc_msg_t *msg)
605 {
606 private_imc_msg_t *in;
607 TNC_UInt32 src_id;
608
609 in = (private_imc_msg_t*)msg;
610 src_id = (in->dst_id != TNC_IMCID_ANY) ?
611 in->dst_id : in->agent->get_id(in->agent);
612
613 return imc_msg_create(in->agent, in->state, in->connection_id, src_id,
614 in->src_id, in->msg_type);
615 }
616
617 /**
618 * See header
619 */
620 imc_msg_t *imc_msg_create_from_data(imc_agent_t *agent, imc_state_t *state,
621 TNC_ConnectionID connection_id,
622 TNC_MessageType msg_type,
623 chunk_t msg)
624 {
625 TNC_VendorID msg_vid;
626 TNC_MessageSubtype msg_subtype;
627
628 msg_vid = msg_type >> 8;
629 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
630
631 return imc_msg_create_from_long_data(agent, state, connection_id,
632 TNC_IMVID_ANY, agent->get_id(agent),
633 msg_vid, msg_subtype, msg);
634 }
635
636 /**
637 * See header
638 */
639 imc_msg_t *imc_msg_create_from_long_data(imc_agent_t *agent, imc_state_t *state,
640 TNC_ConnectionID connection_id,
641 TNC_UInt32 src_id,
642 TNC_UInt32 dst_id,
643 TNC_VendorID msg_vid,
644 TNC_MessageSubtype msg_subtype,
645 chunk_t msg)
646 {
647 private_imc_msg_t *this;
648
649 this = (private_imc_msg_t*)imc_msg_create(agent, state,
650 connection_id, src_id, dst_id,
651 pen_type_create(msg_vid, msg_subtype));
652 this->pa_msg = pa_tnc_msg_create_from_data(msg);
653
654 return &this->public;
655 }