Implemented IF-M segmentation contracts
[strongswan.git] / src / libimcv / imv / imv_msg.c
1 /*
2 * Copyright (C) 2012-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_msg.h"
17
18 #include "ietf/ietf_attr.h"
19 #include "ietf/ietf_attr_assess_result.h"
20 #include "ietf/ietf_attr_remediation_instr.h"
21
22 #include <tncif_names.h>
23 #include <tncif_pa_subtypes.h>
24
25 #include <tcg/seg/tcg_seg_attr_max_size.h>
26 #include <tcg/seg/tcg_seg_attr_seg_env.h>
27
28 #include <pen/pen.h>
29 #include <collections/linked_list.h>
30 #include <utils/debug.h>
31
32 typedef struct private_imv_msg_t private_imv_msg_t;
33
34 /**
35 * Private data of a imv_msg_t object.
36 *
37 */
38 struct private_imv_msg_t {
39
40 /**
41 * Public imv_msg_t interface.
42 */
43 imv_msg_t public;
44
45 /**
46 * Connection ID
47 */
48 TNC_ConnectionID connection_id;
49
50 /**
51 * source ID
52 */
53 TNC_UInt32 src_id;
54
55 /**
56 * destination ID
57 */
58 TNC_UInt32 dst_id;
59
60 /**
61 * PA-TNC message type
62 */
63 pen_type_t msg_type;
64
65 /**
66 * List of PA-TNC attributes to be sent
67 */
68 linked_list_t *attr_list;
69
70 /**
71 * PA-TNC message
72 */
73 pa_tnc_msg_t *pa_msg;
74
75 /**
76 * Assigned IMV agent
77 */
78 imv_agent_t *agent;
79
80 /**
81 * Assigned IMV state
82 */
83 imv_state_t *state;
84 };
85
86 METHOD(imv_msg_t, get_src_id, TNC_UInt32,
87 private_imv_msg_t *this)
88 {
89 return this->src_id;
90 }
91
92 METHOD(imv_msg_t, get_dst_id, TNC_UInt32,
93 private_imv_msg_t *this)
94 {
95 return this->dst_id;
96 }
97
98 METHOD(imv_msg_t, set_msg_type, void,
99 private_imv_msg_t *this, pen_type_t msg_type)
100 {
101 if (msg_type.vendor_id != this->msg_type.vendor_id ||
102 msg_type.type != this->msg_type.type)
103 {
104 this->msg_type = msg_type;
105 this->dst_id = TNC_IMCID_ANY;
106 }
107 }
108
109 METHOD(imv_msg_t, get_msg_type, pen_type_t,
110 private_imv_msg_t *this)
111 {
112 return this->msg_type;
113 }
114
115 METHOD(imv_msg_t, add_attribute, void,
116 private_imv_msg_t *this, pa_tnc_attr_t *attr)
117 {
118 this->attr_list->insert_last(this->attr_list, attr);
119 }
120
121 METHOD(imv_msg_t, send_, TNC_Result,
122 private_imv_msg_t *this, bool excl)
123 {
124 pa_tnc_msg_t *pa_tnc_msg;
125 pa_tnc_attr_t *attr;
126 TNC_UInt32 msg_flags;
127 TNC_MessageType msg_type;
128 bool attr_added;
129 chunk_t msg;
130 enumerator_t *enumerator;
131 TNC_Result result = TNC_RESULT_SUCCESS;
132
133 while (this->attr_list->get_count(this->attr_list))
134 {
135 pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
136 attr_added = FALSE;
137
138 enumerator = this->attr_list->create_enumerator(this->attr_list);
139 while (enumerator->enumerate(enumerator, &attr))
140 {
141 if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
142 {
143 attr_added = TRUE;
144 }
145 else
146 {
147 if (attr_added)
148 {
149 break;
150 }
151 else
152 {
153 DBG1(DBG_IMV, "PA-TNC attribute too large to send, deleted");
154 attr->destroy(attr);
155 }
156 }
157 this->attr_list->remove_at(this->attr_list, enumerator);
158 }
159 enumerator->destroy(enumerator);
160
161 /* build and send the PA-TNC message via the IF-IMV interface */
162 if (!pa_tnc_msg->build(pa_tnc_msg))
163 {
164 pa_tnc_msg->destroy(pa_tnc_msg);
165 return TNC_RESULT_FATAL;
166 }
167 msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
168 DBG3(DBG_IMV, "created PA-TNC message: %B", &msg);
169
170 if (this->state->has_long(this->state) && this->agent->send_message_long)
171 {
172 excl = excl && this->state->has_excl(this->state) &&
173 this->dst_id != TNC_IMCID_ANY;
174 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
175 result = this->agent->send_message_long(this->src_id,
176 this->connection_id, msg_flags, msg.ptr, msg.len,
177 this->msg_type.vendor_id, this->msg_type.type,
178 this->dst_id);
179 }
180 else if (this->agent->send_message)
181 {
182 msg_type = (this->msg_type.vendor_id << 8) |
183 (this->msg_type.type & 0x000000ff);
184 result = this->agent->send_message(this->src_id, this->connection_id,
185 msg.ptr, msg.len, msg_type);
186 }
187
188 pa_tnc_msg->destroy(pa_tnc_msg);
189
190 if (result != TNC_RESULT_SUCCESS)
191 {
192 break;
193 }
194 }
195 return result;
196 }
197
198 METHOD(imv_msg_t, send_assessment, TNC_Result,
199 private_imv_msg_t *this)
200 {
201 TNC_IMV_Action_Recommendation rec;
202 TNC_IMV_Evaluation_Result eval;
203 pa_tnc_attr_t *attr;
204 chunk_t string = chunk_empty;
205 char *lang_code = NULL, *uri = NULL;
206 enumerator_t *e;
207
208 /* Remove any attributes that have already been constructed */
209 while (this->attr_list->remove_last(this->attr_list, (void**)&attr) == SUCCESS)
210 {
211 attr->destroy(attr);
212 }
213
214 /* Send an IETF Assessment Result attribute if enabled */
215 if (lib->settings->get_bool(lib->settings, "%s.imcv.assessment_result",
216 TRUE, lib->ns))
217 {
218 this->state->get_recommendation(this->state, &rec, &eval);
219 attr = ietf_attr_assess_result_create(eval);
220 add_attribute(this, attr);
221
222 /* Send IETF Remediation Instructions if available */
223 if (eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
224 {
225 e = this->agent->create_language_enumerator(this->agent,
226 this->state);
227 if (this->state->get_remediation_instructions(this->state,
228 e, &string, &lang_code, &uri))
229 {
230 if (string.len && lang_code)
231 {
232 attr = ietf_attr_remediation_instr_create_from_string(string,
233 chunk_create(lang_code, strlen(lang_code)));
234 add_attribute(this, attr);
235 }
236 if (uri)
237 {
238 attr = ietf_attr_remediation_instr_create_from_uri(
239 chunk_create(uri, strlen(uri)));
240 add_attribute(this, attr);
241 }
242 }
243 e->destroy(e);
244 }
245
246 /* send PA-TNC message with the excl flag set */
247 return send_(this, TRUE);
248 }
249 return TNC_RESULT_SUCCESS;
250 }
251
252 METHOD(imv_msg_t, receive, TNC_Result,
253 private_imv_msg_t *this, bool *fatal_error)
254 {
255 TNC_Result result = TNC_RESULT_SUCCESS;
256 linked_list_t *non_fatal_types;
257 enumerator_t *enumerator;
258 pa_tnc_attr_t *attr;
259 chunk_t msg;
260
261 if (this->state->has_long(this->state))
262 {
263 if (this->dst_id != TNC_IMVID_ANY)
264 {
265 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u "
266 "from IMC %u to IMV %u",
267 this->agent->get_id(this->agent),
268 this->agent->get_name(this->agent),
269 this->connection_id, this->src_id, this->dst_id);
270 }
271 else
272 {
273 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u "
274 "from IMC %u", this->agent->get_id(this->agent),
275 this->agent->get_name(this->agent),
276 this->connection_id, this->src_id);
277 }
278 }
279 else
280 {
281 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u",
282 this->agent->get_id(this->agent),
283 this->agent->get_name(this->agent),
284 this->connection_id);
285 }
286 msg = this->pa_msg->get_encoding(this->pa_msg);
287 DBG3(DBG_IMV, "%B", &msg);
288
289 switch (this->pa_msg->process(this->pa_msg))
290 {
291 case SUCCESS:
292 break;
293 case VERIFY_ERROR:
294 {
295 imv_msg_t *error_msg;
296
297 error_msg = imv_msg_create_as_reply(&this->public);
298
299 /* extract and copy by reference all error attributes */
300 enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
301 while (enumerator->enumerate(enumerator, &attr))
302 {
303 error_msg->add_attribute(error_msg, attr->get_ref(attr));
304 }
305 enumerator->destroy(enumerator);
306
307 /*
308 * send the PA-TNC message containing all error attributes
309 * with the excl flag set
310 */
311 result = error_msg->send(error_msg, TRUE);
312 error_msg->destroy(error_msg);
313 return result;
314 }
315 case FAILED:
316 default:
317 return TNC_RESULT_FATAL;
318 }
319
320 /* process any IF-M segmentation contracts */
321 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
322 while (enumerator->enumerate(enumerator, &attr))
323 {
324 uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
325 tcg_seg_attr_max_size_t *attr_cast;
326 imv_msg_t *out_msg;
327 seg_contract_t *contract;
328 seg_contract_manager_t *contracts;
329 char buf[BUF_LEN];
330 pen_type_t type;
331
332 type = attr->get_type(attr);
333
334 if (type.vendor_id != PEN_TCG)
335 {
336 continue;
337 }
338
339 if (type.type == TCG_SEG_MAX_ATTR_SIZE_REQ)
340 {
341 attr_cast = (tcg_seg_attr_max_size_t*)attr;
342 attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
343
344 contracts = this->state->get_contracts(this->state);
345 contract = contracts->get_contract(contracts, this->msg_type, FALSE);
346 if (contract)
347 {
348 contract->set_max_size(contract, max_attr_size, max_seg_size);
349 }
350 else
351 {
352 contract = seg_contract_create(this->msg_type, max_attr_size,
353 max_seg_size, FALSE, this->src_id, FALSE);
354 contracts->add_contract(contracts, contract);
355 }
356 contract->get_info_string(contract, buf, BUF_LEN);
357 DBG2(DBG_IMV, "%s", buf);
358
359 /* Determine maximum PA-TNC attribute segment size */
360 my_max_seg_size = this->state->get_max_msg_len(this->state)
361 - PA_TNC_HEADER_SIZE
362 - PA_TNC_ATTR_HEADER_SIZE
363 - TCG_SEG_ATTR_SEG_ENV_HEADER
364 - PA_TNC_ATTR_HEADER_SIZE
365 - TCG_SEG_ATTR_MAX_SIZE_SIZE;
366
367 /* If segmentation is not prohibited select lower segment size */
368 if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
369 max_seg_size > my_max_seg_size)
370 {
371 max_seg_size = my_max_seg_size;
372 contract->set_max_size(contract, max_attr_size, max_seg_size);
373 contract->get_info_string(contract, buf, BUF_LEN);
374 DBG2(DBG_IMV, " lowered maximum segment size to %u bytes",
375 max_seg_size);
376 }
377
378 /* Send Maximum Attribute Size Response */
379 out_msg = imv_msg_create_as_reply(&this->public);
380 attr = tcg_seg_attr_max_size_create(max_attr_size,
381 max_seg_size, FALSE);
382 out_msg->add_attribute(out_msg, attr);
383 result = out_msg->send(out_msg, TRUE);
384 out_msg->destroy(out_msg);
385 if (result != TNC_RESULT_SUCCESS)
386 {
387 break;
388 }
389 }
390 else if (type.type == TCG_SEG_MAX_ATTR_SIZE_RESP)
391 {
392 attr_cast = (tcg_seg_attr_max_size_t*)attr;
393 attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
394
395 contracts = this->state->get_contracts(this->state);
396 contract = contracts->get_contract(contracts, this->msg_type, TRUE);
397 if (contract)
398 {
399 contract->get_max_size(contract, &my_max_attr_size,
400 &my_max_seg_size);
401 if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
402 my_max_seg_size > max_seg_size)
403 {
404 my_max_seg_size = max_seg_size;
405 contract->set_max_size(contract, my_max_attr_size,
406 my_max_seg_size);
407 contract->get_info_string(contract, buf, BUF_LEN);
408 DBG2(DBG_IMV, "%s", buf);
409 }
410 }
411 else
412 {
413 /* TODO no request pending */
414 }
415 }
416 }
417 enumerator->destroy(enumerator);
418
419 /* preprocess any received IETF standard error attributes */
420 non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
421 *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
422 non_fatal_types);
423
424 return result;
425 }
426
427 METHOD(imv_msg_t, get_attribute_count, int,
428 private_imv_msg_t *this)
429 {
430 return this->attr_list->get_count(this->attr_list);
431 }
432
433 METHOD(imv_msg_t, create_attribute_enumerator, enumerator_t*,
434 private_imv_msg_t *this)
435 {
436 return this->pa_msg->create_attribute_enumerator(this->pa_msg);
437 }
438
439 METHOD(imv_msg_t, get_encoding, chunk_t,
440 private_imv_msg_t *this)
441 {
442 if (this->pa_msg)
443 {
444 return this->pa_msg->get_encoding(this->pa_msg);
445 }
446 return chunk_empty;
447 }
448
449 METHOD(imv_msg_t, destroy, void,
450 private_imv_msg_t *this)
451 {
452 this->attr_list->destroy_offset(this->attr_list,
453 offsetof(pa_tnc_attr_t, destroy));
454 DESTROY_IF(this->pa_msg);
455 free(this);
456 }
457
458 /**
459 * See header
460 */
461 imv_msg_t *imv_msg_create(imv_agent_t *agent, imv_state_t *state,
462 TNC_ConnectionID connection_id,
463 TNC_UInt32 src_id, TNC_UInt32 dst_id,
464 pen_type_t msg_type)
465 {
466 private_imv_msg_t *this;
467
468 INIT(this,
469 .public = {
470 .get_src_id = _get_src_id,
471 .get_dst_id = _get_dst_id,
472 .set_msg_type = _set_msg_type,
473 .get_msg_type = _get_msg_type,
474 .send = _send_,
475 .send_assessment = _send_assessment,
476 .receive = _receive,
477 .add_attribute = _add_attribute,
478 .get_attribute_count = _get_attribute_count,
479 .create_attribute_enumerator = _create_attribute_enumerator,
480 .get_encoding = _get_encoding,
481 .destroy = _destroy,
482 },
483 .connection_id = connection_id,
484 .src_id = src_id,
485 .dst_id = dst_id,
486 .msg_type = msg_type,
487 .attr_list = linked_list_create(),
488 .agent = agent,
489 .state = state,
490 );
491
492 return &this->public;
493 }
494
495 /**
496 * See header
497 */
498 imv_msg_t* imv_msg_create_as_reply(imv_msg_t *msg)
499 {
500 private_imv_msg_t *in;
501 TNC_UInt32 src_id;
502
503 in = (private_imv_msg_t*)msg;
504 src_id = (in->dst_id != TNC_IMVID_ANY) ?
505 in->dst_id : in->agent->get_id(in->agent);
506
507 return imv_msg_create(in->agent, in->state, in->connection_id, src_id,
508 in->src_id, in->msg_type);
509 }
510
511 /**
512 * See header
513 */
514 imv_msg_t *imv_msg_create_from_data(imv_agent_t *agent, imv_state_t *state,
515 TNC_ConnectionID connection_id,
516 TNC_MessageType msg_type,
517 chunk_t msg)
518 {
519 TNC_VendorID msg_vid;
520 TNC_MessageSubtype msg_subtype;
521
522 msg_vid = msg_type >> 8;
523 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
524
525 return imv_msg_create_from_long_data(agent, state, connection_id,
526 TNC_IMCID_ANY, agent->get_id(agent),
527 msg_vid, msg_subtype, msg);
528 }
529
530 /**
531 * See header
532 */
533 imv_msg_t *imv_msg_create_from_long_data(imv_agent_t *agent, imv_state_t *state,
534 TNC_ConnectionID connection_id,
535 TNC_UInt32 src_id,
536 TNC_UInt32 dst_id,
537 TNC_VendorID msg_vid,
538 TNC_MessageSubtype msg_subtype,
539 chunk_t msg)
540 {
541 private_imv_msg_t *this;
542
543 this = (private_imv_msg_t*)imv_msg_create(agent, state,
544 connection_id, src_id, dst_id,
545 pen_type_create(msg_vid, msg_subtype));
546 this->pa_msg = pa_tnc_msg_create_from_data(msg);
547
548 return &this->public;
549 }