9b9aeca23b8e6349945a8158063ff60c79036515
[strongswan.git] / src / libimcv / imc / imc_msg.c
1 /*
2 * Copyright (C) 2012-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_msg.h"
17
18 #include "ietf/ietf_attr.h"
19 #include "ietf/ietf_attr_assess_result.h"
20 #include "ietf/ietf_attr_remediation_instr.h"
21
22 #include <tncif_names.h>
23 #include <tncif_pa_subtypes.h>
24
25 #include <tcg/seg/tcg_seg_attr_max_size.h>
26 #include <tcg/seg/tcg_seg_attr_seg_env.h>
27
28 #include <pen/pen.h>
29 #include <collections/linked_list.h>
30 #include <utils/debug.h>
31
32 typedef struct private_imc_msg_t private_imc_msg_t;
33
34 /**
35 * Private data of a imc_msg_t object.
36 *
37 */
38 struct private_imc_msg_t {
39
40 /**
41 * Public imc_msg_t interface.
42 */
43 imc_msg_t public;
44
45 /**
46 * Connection ID
47 */
48 TNC_ConnectionID connection_id;
49
50 /**
51 * source ID
52 */
53 TNC_UInt32 src_id;
54
55 /**
56 * destination ID
57 */
58 TNC_UInt32 dst_id;
59
60 /**
61 * PA-TNC message type
62 */
63 pen_type_t msg_type;
64
65 /**
66 * List of PA-TNC attributes to be sent
67 */
68 linked_list_t *attr_list;
69
70 /**
71 * PA-TNC message
72 */
73 pa_tnc_msg_t *pa_msg;
74
75 /**
76 * Assigned IMC agent
77 */
78 imc_agent_t *agent;
79
80 /**
81 * Assigned IMC state
82 */
83 imc_state_t *state;
84 };
85
86 METHOD(imc_msg_t, get_src_id, TNC_UInt32,
87 private_imc_msg_t *this)
88 {
89 return this->src_id;
90 }
91
92 METHOD(imc_msg_t, get_dst_id, TNC_UInt32,
93 private_imc_msg_t *this)
94 {
95 return this->dst_id;
96 }
97
98 METHOD(imc_msg_t, get_msg_type, pen_type_t,
99 private_imc_msg_t *this)
100 {
101 return this->msg_type;
102 }
103
104 METHOD(imc_msg_t, send_, TNC_Result,
105 private_imc_msg_t *this, bool excl)
106 {
107 pa_tnc_msg_t *pa_tnc_msg;
108 pa_tnc_attr_t *attr;
109 TNC_UInt32 msg_flags;
110 TNC_MessageType msg_type;
111 bool attr_added;
112 chunk_t msg;
113 enumerator_t *enumerator;
114 TNC_Result result = TNC_RESULT_SUCCESS;
115
116 while (this->attr_list->get_count(this->attr_list))
117 {
118 pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
119 attr_added = FALSE;
120
121 enumerator = this->attr_list->create_enumerator(this->attr_list);
122 while (enumerator->enumerate(enumerator, &attr))
123 {
124 if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
125 {
126 attr_added = TRUE;
127 }
128 else
129 {
130 if (attr_added)
131 {
132 break;
133 }
134 else
135 {
136 DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted");
137 attr->destroy(attr);
138 }
139 }
140 this->attr_list->remove_at(this->attr_list, enumerator);
141 }
142 enumerator->destroy(enumerator);
143
144 /* build and send the PA-TNC message via the IF-IMC interface */
145 if (!pa_tnc_msg->build(pa_tnc_msg))
146 {
147 pa_tnc_msg->destroy(pa_tnc_msg);
148 return TNC_RESULT_FATAL;
149 }
150 msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
151 DBG3(DBG_IMC, "created PA-TNC message: %B", &msg);
152
153 if (this->state->has_long(this->state) && this->agent->send_message_long)
154 {
155 excl = excl && this->state->has_excl(this->state) &&
156 this->dst_id != TNC_IMVID_ANY;
157 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
158 result = this->agent->send_message_long(this->src_id,
159 this->connection_id, msg_flags, msg.ptr, msg.len,
160 this->msg_type.vendor_id, this->msg_type.type,
161 this->dst_id);
162 }
163 else if (this->agent->send_message)
164 {
165 msg_type = (this->msg_type.vendor_id << 8) |
166 (this->msg_type.type & 0x000000ff);
167 result = this->agent->send_message(this->src_id, this->connection_id,
168 msg.ptr, msg.len, msg_type);
169 }
170
171 pa_tnc_msg->destroy(pa_tnc_msg);
172
173 if (result != TNC_RESULT_SUCCESS)
174 {
175 break;
176 }
177 }
178 return result;
179 }
180
181 /**
182 * Print a clearly visible assessment header to the log
183 */
184 static void print_assessment_header(const char *name, TNC_UInt32 dst_id,
185 TNC_UInt32 src_id, bool *first)
186 {
187 if (*first)
188 {
189 if (src_id == TNC_IMCID_ANY)
190 {
191 DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" *****",
192 dst_id, name);
193 }
194 else
195 {
196 DBG1(DBG_IMC, "***** assessment of IMC %u \"%s\" from IMV %u *****",
197 dst_id, name, src_id);
198 }
199 *first = FALSE;
200 }
201 }
202
203 /**
204 * Print a clearly visible assessment trailer to the log
205 */
206 static void print_assessment_trailer(bool first)
207 {
208 if (!first)
209 {
210 DBG1(DBG_IMC, "***** end of assessment *****");
211 }
212 }
213
214 METHOD(imc_msg_t, receive, TNC_Result,
215 private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error)
216 {
217 linked_list_t *non_fatal_types;
218 TNC_UInt32 target_imc_id;
219 enumerator_t *enumerator;
220 pa_tnc_attr_t *attr;
221 pen_type_t attr_type;
222 chunk_t msg;
223 bool first = TRUE;
224
225 if (this->state->has_long(this->state))
226 {
227 if (this->dst_id != TNC_IMCID_ANY)
228 {
229 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
230 "from IMV %u to IMC %u",
231 this->agent->get_id(this->agent),
232 this->agent->get_name(this->agent),
233 this->connection_id, this->src_id, this->dst_id);
234 }
235 else
236 {
237 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u "
238 "from IMV %u", this->agent->get_id(this->agent),
239 this->agent->get_name(this->agent),
240 this->connection_id, this->src_id);
241 }
242 }
243 else
244 {
245 DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u",
246 this->agent->get_id(this->agent),
247 this->agent->get_name(this->agent),
248 this->connection_id);
249 }
250 msg = this->pa_msg->get_encoding(this->pa_msg);
251 DBG3(DBG_IMC, "%B", &msg);
252
253 switch (this->pa_msg->process(this->pa_msg))
254 {
255 case SUCCESS:
256 break;
257 case VERIFY_ERROR:
258 {
259 /* extract and copy by reference all error attributes */
260 enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
261 while (enumerator->enumerate(enumerator, &attr))
262 {
263 out_msg->add_attribute(out_msg, attr->get_ref(attr));
264 }
265 enumerator->destroy(enumerator);
266 return TNC_RESULT_SUCCESS;
267 }
268 case FAILED:
269 default:
270 return TNC_RESULT_FATAL;
271 }
272
273 /* process any IF-M segmentation contracts */
274 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
275 while (enumerator->enumerate(enumerator, &attr))
276 {
277 tcg_seg_attr_max_size_t *attr_cast;
278 uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
279 seg_contract_t *contract;
280 seg_contract_manager_t *contracts;
281 char buf[BUF_LEN];
282 pen_type_t type;
283
284 type = attr->get_type(attr);
285
286 if (type.vendor_id != PEN_TCG)
287 {
288 continue;
289 }
290
291 if (type.type == TCG_SEG_MAX_ATTR_SIZE_REQ)
292 {
293 attr_cast = (tcg_seg_attr_max_size_t*)attr;
294 attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
295
296 contracts = this->state->get_contracts(this->state);
297 contract = contracts->get_contract(contracts, this->msg_type, FALSE);
298 if (contract)
299 {
300 contract->set_max_size(contract, max_attr_size, max_seg_size);
301 }
302 else
303 {
304 contract = seg_contract_create(this->msg_type, max_attr_size,
305 max_seg_size, FALSE, this->src_id, TRUE);
306 contracts->add_contract(contracts, contract);
307 }
308 contract->get_info_string(contract, buf, BUF_LEN, TRUE);
309 DBG2(DBG_IMC, "%s", buf);
310
311 /* Determine maximum PA-TNC attribute segment size */
312 my_max_seg_size = this->state->get_max_msg_len(this->state)
313 - PA_TNC_HEADER_SIZE
314 - PA_TNC_ATTR_HEADER_SIZE
315 - TCG_SEG_ATTR_SEG_ENV_HEADER
316 - PA_TNC_ATTR_HEADER_SIZE
317 - TCG_SEG_ATTR_MAX_SIZE_SIZE;
318
319 /* If segmentation is not prohibited select lower segment size */
320 if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
321 max_seg_size > my_max_seg_size)
322 {
323 max_seg_size = my_max_seg_size;
324 contract->set_max_size(contract, max_attr_size, max_seg_size);
325 DBG2(DBG_IMC, " lowered maximum segment size to %u bytes",
326 max_seg_size);
327 }
328
329 /* Add Maximum Attribute Size Response attribute */
330 attr = tcg_seg_attr_max_size_create(max_attr_size,
331 max_seg_size, FALSE);
332 out_msg->add_attribute(out_msg, attr);
333 }
334 else if (type.type == TCG_SEG_MAX_ATTR_SIZE_RESP)
335 {
336 attr_cast = (tcg_seg_attr_max_size_t*)attr;
337 attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
338
339 contracts = this->state->get_contracts(this->state);
340 contract = contracts->get_contract(contracts, this->msg_type, TRUE);
341 if (contract)
342 {
343 contract->get_max_size(contract, &my_max_attr_size,
344 &my_max_seg_size);
345 if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
346 my_max_seg_size > max_seg_size)
347 {
348 my_max_seg_size = max_seg_size;
349 contract->set_max_size(contract, my_max_attr_size,
350 my_max_seg_size);
351 contract->get_info_string(contract, buf, BUF_LEN, FALSE);
352 DBG2(DBG_IMC, "%s", buf);
353 }
354 }
355 else
356 {
357 /* TODO no request pending */
358 }
359 }
360 }
361 enumerator->destroy(enumerator);
362
363 /* determine target IMC ID */
364 target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
365 this->dst_id : this->agent->get_id(this->agent);
366
367 /* preprocess any received IETF standard error attributes */
368 non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
369 *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
370 non_fatal_types);
371
372 /* preprocess any received IETF assessment result attribute */
373 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
374 while (enumerator->enumerate(enumerator, &attr))
375 {
376 attr_type = attr->get_type(attr);
377
378 if (attr_type.vendor_id != PEN_IETF)
379 {
380 continue;
381 }
382 if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
383 {
384 ietf_attr_assess_result_t *attr_cast;
385 TNC_IMV_Evaluation_Result res;
386
387 attr_cast = (ietf_attr_assess_result_t*)attr;
388 res = attr_cast->get_result(attr_cast);
389 this->state->set_result(this->state, target_imc_id, res);
390
391 print_assessment_header(this->agent->get_name(this->agent),
392 target_imc_id, this->src_id, &first);
393 DBG1(DBG_IMC, "assessment result is '%N'",
394 TNC_IMV_Evaluation_Result_names, res);
395 }
396 else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
397 {
398 ietf_attr_remediation_instr_t *attr_cast;
399 pen_type_t parameters_type;
400 chunk_t parameters, string, lang_code;
401
402 attr_cast = (ietf_attr_remediation_instr_t*)attr;
403 parameters_type = attr_cast->get_parameters_type(attr_cast);
404 parameters = attr_cast->get_parameters(attr_cast);
405
406 print_assessment_header(this->agent->get_name(this->agent),
407 target_imc_id, this->src_id, &first);
408 if (parameters_type.vendor_id == PEN_IETF)
409 {
410 switch (parameters_type.type)
411 {
412 case IETF_REMEDIATION_PARAMETERS_URI:
413 DBG1(DBG_IMC, "remediation uri: %.*s",
414 parameters.len, parameters.ptr);
415 break;
416 case IETF_REMEDIATION_PARAMETERS_STRING:
417 string = attr_cast->get_string(attr_cast, &lang_code);
418 DBG1(DBG_IMC, "remediation string: [%.*s]\n%.*s",
419 lang_code.len, lang_code.ptr,
420 string.len, string.ptr);
421 break;
422 default:
423 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
424 }
425 }
426 else
427 {
428 DBG1(DBG_IMC, "remediation parameters: %B", &parameters);
429 }
430 }
431 }
432 enumerator->destroy(enumerator);
433
434 print_assessment_trailer(first);
435
436 return TNC_RESULT_SUCCESS;
437 }
438
439 METHOD(imc_msg_t, add_attribute, void,
440 private_imc_msg_t *this, pa_tnc_attr_t *attr)
441 {
442 this->attr_list->insert_last(this->attr_list, attr);
443 }
444
445 METHOD(imc_msg_t, create_attribute_enumerator, enumerator_t*,
446 private_imc_msg_t *this)
447 {
448 return this->pa_msg->create_attribute_enumerator(this->pa_msg);
449 }
450
451 METHOD(imc_msg_t, get_encoding, chunk_t,
452 private_imc_msg_t *this)
453 {
454 if (this->pa_msg)
455 {
456 return this->pa_msg->get_encoding(this->pa_msg);
457 }
458 return chunk_empty;
459 }
460
461 METHOD(imc_msg_t, destroy, void,
462 private_imc_msg_t *this)
463 {
464 this->attr_list->destroy_offset(this->attr_list,
465 offsetof(pa_tnc_attr_t, destroy));
466 DESTROY_IF(this->pa_msg);
467 free(this);
468 }
469
470 /**
471 * See header
472 */
473 imc_msg_t *imc_msg_create(imc_agent_t *agent, imc_state_t *state,
474 TNC_ConnectionID connection_id,
475 TNC_UInt32 src_id, TNC_UInt32 dst_id,
476 pen_type_t msg_type)
477 {
478 private_imc_msg_t *this;
479
480 INIT(this,
481 .public = {
482 .get_src_id = _get_src_id,
483 .get_dst_id = _get_dst_id,
484 .get_msg_type = _get_msg_type,
485 .send = _send_,
486 .receive = _receive,
487 .add_attribute = _add_attribute,
488 .create_attribute_enumerator = _create_attribute_enumerator,
489 .get_encoding = _get_encoding,
490 .destroy = _destroy,
491 },
492 .connection_id = connection_id,
493 .src_id = src_id,
494 .dst_id = dst_id,
495 .msg_type = msg_type,
496 .attr_list = linked_list_create(),
497 .agent = agent,
498 .state = state,
499 );
500
501 return &this->public;
502 }
503
504 /**
505 * See header
506 */
507 imc_msg_t* imc_msg_create_as_reply(imc_msg_t *msg)
508 {
509 private_imc_msg_t *in;
510 TNC_UInt32 src_id;
511
512 in = (private_imc_msg_t*)msg;
513 src_id = (in->dst_id != TNC_IMCID_ANY) ?
514 in->dst_id : in->agent->get_id(in->agent);
515
516 return imc_msg_create(in->agent, in->state, in->connection_id, src_id,
517 in->src_id, in->msg_type);
518 }
519
520 /**
521 * See header
522 */
523 imc_msg_t *imc_msg_create_from_data(imc_agent_t *agent, imc_state_t *state,
524 TNC_ConnectionID connection_id,
525 TNC_MessageType msg_type,
526 chunk_t msg)
527 {
528 TNC_VendorID msg_vid;
529 TNC_MessageSubtype msg_subtype;
530
531 msg_vid = msg_type >> 8;
532 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
533
534 return imc_msg_create_from_long_data(agent, state, connection_id,
535 TNC_IMVID_ANY, agent->get_id(agent),
536 msg_vid, msg_subtype, msg);
537 }
538
539 /**
540 * See header
541 */
542 imc_msg_t *imc_msg_create_from_long_data(imc_agent_t *agent, imc_state_t *state,
543 TNC_ConnectionID connection_id,
544 TNC_UInt32 src_id,
545 TNC_UInt32 dst_id,
546 TNC_VendorID msg_vid,
547 TNC_MessageSubtype msg_subtype,
548 chunk_t msg)
549 {
550 private_imc_msg_t *this;
551
552 this = (private_imc_msg_t*)imc_msg_create(agent, state,
553 connection_id, src_id, dst_id,
554 pen_type_create(msg_vid, msg_subtype));
555 this->pa_msg = pa_tnc_msg_create_from_data(msg);
556
557 return &this->public;
558 }