Support of multiple directed segmentation contracts
[strongswan.git] / src / libimcv / imc / imc_msg.c
1 /*
2 * Copyright (C) 2012-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_msg.h"
17
18 #include "ietf/ietf_attr.h"
19 #include "ietf/ietf_attr_assess_result.h"
20 #include "ietf/ietf_attr_remediation_instr.h"
21 #include "tcg/seg/tcg_seg_attr_max_size.h"
22 #include "tcg/seg/tcg_seg_attr_seg_env.h"
23 #include "tcg/seg/tcg_seg_attr_next_seg.h"
24
25 #include <tncif_names.h>
26 #include <tncif_pa_subtypes.h>
27
28 #include <pen/pen.h>
29 #include <collections/linked_list.h>
30 #include <utils/debug.h>
31
32 typedef struct private_imc_msg_t private_imc_msg_t;
33
34 /**
35 * Private data of a imc_msg_t object.
36 *
37 */
38 struct private_imc_msg_t {
39
40 /**
41 * Public imc_msg_t interface.
42 */
43 imc_msg_t public;
44
45 /**
46 * Connection ID
47 */
48 TNC_ConnectionID connection_id;
49
50 /**
51 * source ID
52 */
53 TNC_UInt32 src_id;
54
55 /**
56 * destination ID
57 */
58 TNC_UInt32 dst_id;
59
60 /**
61 * PA-TNC message type
62 */
63 pen_type_t msg_type;
64
65 /**
66 * List of PA-TNC attributes to be sent
67 */
68 linked_list_t *attr_list;
69
70 /**
71 * PA-TNC message
72 */
73 pa_tnc_msg_t *pa_msg;
74
75 /**
76 * Assigned IMC agent
77 */
78 imc_agent_t *agent;
79
80 /**
81 * Assigned IMC state
82 */
83 imc_state_t *state;
84 };
85
86 METHOD(imc_msg_t, get_src_id, TNC_UInt32,
87 private_imc_msg_t *this)
88 {
89 return this->src_id;
90 }
91
92 METHOD(imc_msg_t, get_dst_id, TNC_UInt32,
93 private_imc_msg_t *this)
94 {
95 return this->dst_id;
96 }
97
98 METHOD(imc_msg_t, get_msg_type, pen_type_t,
99 private_imc_msg_t *this)
100 {
101 return this->msg_type;
102 }
103
104 METHOD(imc_msg_t, send_, TNC_Result,
105 private_imc_msg_t *this, bool excl)
106 {
107 pa_tnc_msg_t *pa_tnc_msg;
108 pa_tnc_attr_t *attr;
109 TNC_UInt32 msg_flags;
110 TNC_MessageType msg_type;
111 bool attr_added, oversize;
112 chunk_t msg;
113 seg_contract_t *contract;
114 seg_contract_manager_t *contracts;
115 enumerator_t *enumerator;
116 TNC_Result result = TNC_RESULT_SUCCESS;
117
118 /* Get IF-M segmentation contract for this subtype if any */
119 contracts = this->state->get_contracts(this->state);
120 contract = contracts->get_contract(contracts, this->msg_type,
121 FALSE, this->dst_id);
122
123 while (this->attr_list->get_count(this->attr_list))
124 {
125 pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
126 attr_added = FALSE;
127
128 enumerator = this->attr_list->create_enumerator(this->attr_list);
129 while (enumerator->enumerate(enumerator, &attr))
130 {
131 if (contract && contract->check_size(contract, attr, &oversize))
132 {
133 if (oversize)
134 {
135 /* TODO generate SWID error msg */
136 }
137 else
138 {
139 attr = contract->first_segment(contract, attr);
140 }
141 }
142 if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
143 {
144 attr_added = TRUE;
145 }
146 else
147 {
148 if (attr_added)
149 {
150 break;
151 }
152 else
153 {
154 DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted");
155 attr->destroy(attr);
156 }
157 }
158 this->attr_list->remove_at(this->attr_list, enumerator);
159 }
160 enumerator->destroy(enumerator);
161
162 /* build and send the PA-TNC message via the IF-IMC interface */
163 if (!pa_tnc_msg->build(pa_tnc_msg))
164 {
165 pa_tnc_msg->destroy(pa_tnc_msg);
166 return TNC_RESULT_FATAL;
167 }
168 msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
169 DBG3(DBG_IMC, "created PA-TNC message: %B", &msg);
170
171 if (this->state->has_long(this->state) && this->agent->send_message_long)
172 {
173 excl = excl && this->state->has_excl(this->state) &&
174 this->dst_id != TNC_IMVID_ANY;
175 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
176 result = this->agent->send_message_long(this->src_id,
177 this->connection_id, msg_flags, msg.ptr, msg.len,
178 this->msg_type.vendor_id, this->msg_type.type,
179 this->dst_id);
180 }
181 else if (this->agent->send_message)
182 {
183 msg_type = (this->msg_type.vendor_id << 8) |
184 (this->msg_type.type & 0x000000ff);
185 result = this->agent->send_message(this->src_id, this->connection_id,
186 msg.ptr, msg.len, msg_type);
187 }
188
189 pa_tnc_msg->destroy(pa_tnc_msg);
190
191 if (result != TNC_RESULT_SUCCESS)
192 {
193 break;
194 }
195 }
196 return result;
197 }
198
199 /**
200 * Print a clearly visible assessment header to the log
201 */
202 static void print_assessment_header(const char *name, TNC_UInt32 dst_id,
203 TNC_UInt32 src_id, bool *first)
204 {
205 if (*first)
206 {
207 if (src_id == TNC_IMCID_ANY)
208 {
209 DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" *****",
210 dst_id, name);
211 }
212 else
213 {
214 DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" from IMV %u *****",
215 dst_id, name, src_id);
216 }
217 *first = FALSE;
218 }
219 }
220
221 /**
222 * Print a clearly visible assessment trailer to the log
223 */
224 static void print_assessment_trailer(bool first)
225 {
226 if (!first)
227 {
228 DBG1(DBG_IMC, "***** end of assessment *****");
229 }
230 }
231
232 METHOD(imc_msg_t, receive, TNC_Result,
233 private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error)
234 {
235 linked_list_t *non_fatal_types;
236 TNC_UInt32 target_imc_id;
237 enumerator_t *enumerator;
238 pa_tnc_attr_t *attr;
239 pen_type_t attr_type;
240 chunk_t msg;
241 bool first = TRUE;
242
243 if (this->state->has_long(this->state))
244 {
245 if (this->dst_id != TNC_IMCID_ANY)
246 {
247 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
248 "from IMV %u to IMC %u",
249 this->agent->get_id(this->agent),
250 this->agent->get_name(this->agent),
251 this->connection_id, this->src_id, this->dst_id);
252 }
253 else
254 {
255 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
256 "from IMV %u", this->agent->get_id(this->agent),
257 this->agent->get_name(this->agent),
258 this->connection_id, this->src_id);
259 }
260 }
261 else
262 {
263 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u",
264 this->agent->get_id(this->agent),
265 this->agent->get_name(this->agent),
266 this->connection_id);
267 }
268 msg = this->pa_msg->get_encoding(this->pa_msg);
269 DBG3(DBG_IMC, "%B", &msg);
270
271 switch (this->pa_msg->process(this->pa_msg))
272 {
273 case SUCCESS:
274 break;
275 case VERIFY_ERROR:
276 {
277 /* extract and copy by reference all error attributes */
278 enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
279 while (enumerator->enumerate(enumerator, &attr))
280 {
281 out_msg->add_attribute(out_msg, attr->get_ref(attr));
282 }
283 enumerator->destroy(enumerator);
284 return TNC_RESULT_SUCCESS;
285 }
286 case FAILED:
287 default:
288 return TNC_RESULT_FATAL;
289 }
290
291 /* determine target IMC ID */
292 target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
293 this->dst_id : this->agent->get_id(this->agent);
294
295 /* process any IF-M segmentation contracts */
296 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
297 while (enumerator->enumerate(enumerator, &attr))
298 {
299 uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
300 seg_contract_t *contract;
301 seg_contract_manager_t *contracts;
302 char buf[BUF_LEN];
303 pen_type_t type;
304
305 type = attr->get_type(attr);
306
307 contracts = this->state->get_contracts(this->state);
308
309 if (type.vendor_id != PEN_TCG)
310 {
311 continue;
312 }
313
314 switch (type.type)
315 {
316 case TCG_SEG_MAX_ATTR_SIZE_REQ:
317 {
318 tcg_seg_attr_max_size_t *attr_cast;
319
320 attr_cast = (tcg_seg_attr_max_size_t*)attr;
321 attr_cast->get_attr_size(attr_cast, &max_attr_size,
322 &max_seg_size);
323 contract = contracts->get_contract(contracts, this->msg_type,
324 FALSE, this->src_id);
325 if (contract)
326 {
327 contract->set_max_size(contract, max_attr_size,
328 max_seg_size);
329 }
330 else
331 {
332 contract = seg_contract_create(this->msg_type, max_attr_size,
333 max_seg_size, FALSE, this->src_id, TRUE);
334 contract->set_responder(contract, target_imc_id);
335 contracts->add_contract(contracts, contract);
336 }
337 contract->get_info_string(contract, buf, BUF_LEN, TRUE);
338 DBG2(DBG_IMC, "%s", buf);
339
340 /* Determine maximum PA-TNC attribute segment size */
341 my_max_seg_size = this->state->get_max_msg_len(this->state)
342 - PA_TNC_HEADER_SIZE
343 - PA_TNC_ATTR_HEADER_SIZE
344 - TCG_SEG_ATTR_SEG_ENV_HEADER
345 - PA_TNC_ATTR_HEADER_SIZE
346 - TCG_SEG_ATTR_MAX_SIZE_SIZE;
347
348 /* If segmentation is possible select lower segment size */
349 if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
350 max_seg_size > my_max_seg_size)
351 {
352 max_seg_size = my_max_seg_size;
353 contract->set_max_size(contract, max_attr_size,
354 max_seg_size);
355 DBG2(DBG_IMC, " lowered maximum segment size to %u bytes",
356 max_seg_size);
357 }
358
359 /* Add Maximum Attribute Size Response attribute */
360 attr = tcg_seg_attr_max_size_create(max_attr_size,
361 max_seg_size, FALSE);
362 out_msg->add_attribute(out_msg, attr);
363 break;
364 }
365 case TCG_SEG_MAX_ATTR_SIZE_RESP:
366 {
367 tcg_seg_attr_max_size_t *attr_cast;
368
369 attr_cast = (tcg_seg_attr_max_size_t*)attr;
370 attr_cast->get_attr_size(attr_cast, &max_attr_size,
371 &max_seg_size);
372 contract = contracts->get_contract(contracts, this->msg_type,
373 TRUE, this->src_id);
374 if (!contract)
375 {
376 contract = contracts->get_contract(contracts, this->msg_type,
377 TRUE, TNC_IMCID_ANY);
378 if (contract)
379 {
380 contract = contract->clone(contract);
381 contract->set_responder(contract, this->src_id);
382 contracts->add_contract(contracts, contract);
383 }
384 }
385 if (contract)
386 {
387 contract->get_max_size(contract, &my_max_attr_size,
388 &my_max_seg_size);
389 if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
390 my_max_seg_size > max_seg_size)
391 {
392 my_max_seg_size = max_seg_size;
393 contract->set_max_size(contract, my_max_attr_size,
394 my_max_seg_size);
395 }
396 contract->get_info_string(contract, buf, BUF_LEN, FALSE);
397 DBG2(DBG_IMC, "%s", buf);
398 }
399 else
400 {
401 /* TODO no request pending */
402 DBG1(DBG_IMC, "no contract for this PA message type found");
403 }
404 break;
405 }
406 case TCG_SEG_ATTR_SEG_ENV:
407 {
408 tcg_seg_attr_seg_env_t *seg_env_attr;
409 pa_tnc_attr_t *error;
410 uint32_t base_attr_id;
411 bool more;
412
413 seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
414 base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
415
416 contract = contracts->get_contract(contracts, this->msg_type,
417 TRUE, this->src_id);
418 if (!contract)
419 {
420 DBG2(DBG_IMC, "no contract for received attribute segment "
421 "with base attribute ID %u", base_attr_id);
422 continue;
423 }
424 attr = contract->add_segment(contract, attr, &error, &more);
425 if (error)
426 {
427 out_msg->add_attribute(out_msg, error);
428 }
429 if (attr)
430 {
431 this->pa_msg->add_attribute(this->pa_msg, attr);
432 }
433 if (more)
434 {
435 /* Send Next Segment Request */
436 attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE);
437 out_msg->add_attribute(out_msg, attr);
438 }
439 break;
440 }
441 case TCG_SEG_NEXT_SEG_REQ:
442 {
443 tcg_seg_attr_next_seg_t *attr_cast;
444 uint32_t base_attr_id;
445
446 attr_cast = (tcg_seg_attr_next_seg_t*)attr;
447 base_attr_id = attr_cast->get_base_attr_id(attr_cast);
448
449 contract = contracts->get_contract(contracts, this->msg_type,
450 FALSE, this->src_id);
451 if (!contract)
452 {
453 /* TODO no contract - generate error message */
454 DBG1(DBG_IMC, "no contract for received next segment "
455 "request with base attribute ID %u", base_attr_id);
456 continue;
457 }
458 attr = contract->next_segment(contract, base_attr_id);
459 if (attr)
460 {
461 out_msg->add_attribute(out_msg, attr);
462 }
463 else
464 {
465 /* TODO no more segments - generate error message */
466 DBG1(DBG_IMC, "no more segments found for "
467 "base attribute ID %u", base_attr_id);
468 }
469 break;
470 }
471 default:
472 break;
473 }
474 }
475 enumerator->destroy(enumerator);
476
477 /* preprocess any received IETF standard error attributes */
478 non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
479 *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
480 non_fatal_types);
481
482 /* preprocess any received IETF assessment result attribute */
483 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
484 while (enumerator->enumerate(enumerator, &attr))
485 {
486 attr_type = attr->get_type(attr);
487
488 if (attr_type.vendor_id != PEN_IETF)
489 {
490 continue;
491 }
492 if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
493 {
494 ietf_attr_assess_result_t *attr_cast;
495 TNC_IMV_Evaluation_Result res;
496
497 attr_cast = (ietf_attr_assess_result_t*)attr;
498 res = attr_cast->get_result(attr_cast);
499 this->state->set_result(this->state, target_imc_id, res);
500
501 print_assessment_header(this->agent->get_name(this->agent),
502 target_imc_id, this->src_id, &first);
503 DBG1(DBG_IMC, "assessment result is '%N'",
504 TNC_IMV_Evaluation_Result_names, res);
505 }
506 else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
507 {
508 ietf_attr_remediation_instr_t *attr_cast;
509 pen_type_t parameters_type;
510 chunk_t parameters, string, lang_code;
511
512 attr_cast = (ietf_attr_remediation_instr_t*)attr;
513 parameters_type = attr_cast->get_parameters_type(attr_cast);
514 parameters = attr_cast->get_parameters(attr_cast);
515
516 print_assessment_header(this->agent->get_name(this->agent),
517 target_imc_id, this->src_id, &first);
518 if (parameters_type.vendor_id == PEN_IETF)
519 {
520 switch (parameters_type.type)
521 {
522 case IETF_REMEDIATION_PARAMETERS_URI:
523 DBG1(DBG_IMC, "remediation uri: %.*s",
524 parameters.len, parameters.ptr);
525 break;
526 case IETF_REMEDIATION_PARAMETERS_STRING:
527 string = attr_cast->get_string(attr_cast, &lang_code);
528 DBG1(DBG_IMC, "remediation string: [%.*s]\n%.*s",
529 lang_code.len, lang_code.ptr,
530 string.len, string.ptr);
531 break;
532 default:
533 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
534 }
535 }
536 else
537 {
538 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
539 }
540 }
541 }
542 enumerator->destroy(enumerator);
543
544 print_assessment_trailer(first);
545
546 return TNC_RESULT_SUCCESS;
547 }
548
549 METHOD(imc_msg_t, add_attribute, void,
550 private_imc_msg_t *this, pa_tnc_attr_t *attr)
551 {
552 this->attr_list->insert_last(this->attr_list, attr);
553 }
554
555 METHOD(imc_msg_t, create_attribute_enumerator, enumerator_t*,
556 private_imc_msg_t *this)
557 {
558 return this->pa_msg->create_attribute_enumerator(this->pa_msg);
559 }
560
561 METHOD(imc_msg_t, get_encoding, chunk_t,
562 private_imc_msg_t *this)
563 {
564 if (this->pa_msg)
565 {
566 return this->pa_msg->get_encoding(this->pa_msg);
567 }
568 return chunk_empty;
569 }
570
571 METHOD(imc_msg_t, destroy, void,
572 private_imc_msg_t *this)
573 {
574 this->attr_list->destroy_offset(this->attr_list,
575 offsetof(pa_tnc_attr_t, destroy));
576 DESTROY_IF(this->pa_msg);
577 free(this);
578 }
579
580 /**
581 * See header
582 */
583 imc_msg_t *imc_msg_create(imc_agent_t *agent, imc_state_t *state,
584 TNC_ConnectionID connection_id,
585 TNC_UInt32 src_id, TNC_UInt32 dst_id,
586 pen_type_t msg_type)
587 {
588 private_imc_msg_t *this;
589
590 INIT(this,
591 .public = {
592 .get_src_id = _get_src_id,
593 .get_dst_id = _get_dst_id,
594 .get_msg_type = _get_msg_type,
595 .send = _send_,
596 .receive = _receive,
597 .add_attribute = _add_attribute,
598 .create_attribute_enumerator = _create_attribute_enumerator,
599 .get_encoding = _get_encoding,
600 .destroy = _destroy,
601 },
602 .connection_id = connection_id,
603 .src_id = src_id,
604 .dst_id = dst_id,
605 .msg_type = msg_type,
606 .attr_list = linked_list_create(),
607 .agent = agent,
608 .state = state,
609 );
610
611 return &this->public;
612 }
613
614 /**
615 * See header
616 */
617 imc_msg_t* imc_msg_create_as_reply(imc_msg_t *msg)
618 {
619 private_imc_msg_t *in;
620 TNC_UInt32 src_id;
621
622 in = (private_imc_msg_t*)msg;
623 src_id = (in->dst_id != TNC_IMCID_ANY) ?
624 in->dst_id : in->agent->get_id(in->agent);
625
626 return imc_msg_create(in->agent, in->state, in->connection_id, src_id,
627 in->src_id, in->msg_type);
628 }
629
630 /**
631 * See header
632 */
633 imc_msg_t *imc_msg_create_from_data(imc_agent_t *agent, imc_state_t *state,
634 TNC_ConnectionID connection_id,
635 TNC_MessageType msg_type,
636 chunk_t msg)
637 {
638 TNC_VendorID msg_vid;
639 TNC_MessageSubtype msg_subtype;
640
641 msg_vid = msg_type >> 8;
642 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
643
644 return imc_msg_create_from_long_data(agent, state, connection_id,
645 TNC_IMVID_ANY, agent->get_id(agent),
646 msg_vid, msg_subtype, msg);
647 }
648
649 /**
650 * See header
651 */
652 imc_msg_t *imc_msg_create_from_long_data(imc_agent_t *agent, imc_state_t *state,
653 TNC_ConnectionID connection_id,
654 TNC_UInt32 src_id,
655 TNC_UInt32 dst_id,
656 TNC_VendorID msg_vid,
657 TNC_MessageSubtype msg_subtype,
658 chunk_t msg)
659 {
660 private_imc_msg_t *this;
661
662 this = (private_imc_msg_t*)imc_msg_create(agent, state,
663 connection_id, src_id, dst_id,
664 pen_type_create(msg_vid, msg_subtype));
665 this->pa_msg = pa_tnc_msg_create_from_data(msg);
666
667 return &this->public;
668 }