Support of multiple directed segmentation contracts
[strongswan.git] / src / libimcv / imv / imv_msg.c
1 /*
2 * Copyright (C) 2012-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_msg.h"
17
18 #include "ietf/ietf_attr.h"
19 #include "ietf/ietf_attr_assess_result.h"
20 #include "ietf/ietf_attr_remediation_instr.h"
21 #include "tcg/seg/tcg_seg_attr_max_size.h"
22 #include "tcg/seg/tcg_seg_attr_seg_env.h"
23 #include "tcg/seg/tcg_seg_attr_next_seg.h"
24
25 #include <tncif_names.h>
26 #include <tncif_pa_subtypes.h>
27
28 #include <pen/pen.h>
29 #include <collections/linked_list.h>
30 #include <utils/debug.h>
31
32 typedef struct private_imv_msg_t private_imv_msg_t;
33
34 /**
35 * Private data of a imv_msg_t object.
36 *
37 */
38 struct private_imv_msg_t {
39
40 /**
41 * Public imv_msg_t interface.
42 */
43 imv_msg_t public;
44
45 /**
46 * Connection ID
47 */
48 TNC_ConnectionID connection_id;
49
50 /**
51 * source ID
52 */
53 TNC_UInt32 src_id;
54
55 /**
56 * destination ID
57 */
58 TNC_UInt32 dst_id;
59
60 /**
61 * PA-TNC message type
62 */
63 pen_type_t msg_type;
64
65 /**
66 * List of PA-TNC attributes to be sent
67 */
68 linked_list_t *attr_list;
69
70 /**
71 * PA-TNC message
72 */
73 pa_tnc_msg_t *pa_msg;
74
75 /**
76 * Assigned IMV agent
77 */
78 imv_agent_t *agent;
79
80 /**
81 * Assigned IMV state
82 */
83 imv_state_t *state;
84 };
85
86 METHOD(imv_msg_t, get_src_id, TNC_UInt32,
87 private_imv_msg_t *this)
88 {
89 return this->src_id;
90 }
91
92 METHOD(imv_msg_t, get_dst_id, TNC_UInt32,
93 private_imv_msg_t *this)
94 {
95 return this->dst_id;
96 }
97
98 METHOD(imv_msg_t, set_msg_type, void,
99 private_imv_msg_t *this, pen_type_t msg_type)
100 {
101 if (msg_type.vendor_id != this->msg_type.vendor_id ||
102 msg_type.type != this->msg_type.type)
103 {
104 this->msg_type = msg_type;
105 this->dst_id = TNC_IMCID_ANY;
106 }
107 }
108
109 METHOD(imv_msg_t, get_msg_type, pen_type_t,
110 private_imv_msg_t *this)
111 {
112 return this->msg_type;
113 }
114
115 METHOD(imv_msg_t, add_attribute, void,
116 private_imv_msg_t *this, pa_tnc_attr_t *attr)
117 {
118 this->attr_list->insert_last(this->attr_list, attr);
119 }
120
121 METHOD(imv_msg_t, send_, TNC_Result,
122 private_imv_msg_t *this, bool excl)
123 {
124 pa_tnc_msg_t *pa_tnc_msg;
125 pa_tnc_attr_t *attr;
126 TNC_UInt32 msg_flags;
127 TNC_MessageType msg_type;
128 bool attr_added, oversize;
129 chunk_t msg;
130 seg_contract_t *contract;
131 seg_contract_manager_t *contracts;
132 enumerator_t *enumerator;
133 TNC_Result result = TNC_RESULT_SUCCESS;
134
135 /* Get IF-M segmentation contract for this subtype if any */
136 contracts = this->state->get_contracts(this->state);
137 contract = contracts->get_contract(contracts, this->msg_type,
138 FALSE, this->dst_id);
139
140 while (this->attr_list->get_count(this->attr_list))
141 {
142 pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
143 attr_added = FALSE;
144
145 enumerator = this->attr_list->create_enumerator(this->attr_list);
146 while (enumerator->enumerate(enumerator, &attr))
147 {
148 if (contract && contract->check_size(contract, attr, &oversize))
149 {
150 if (oversize)
151 {
152 /* TODO generate SWID error msg */
153 }
154 else
155 {
156 attr = contract->first_segment(contract, attr);
157 }
158 }
159 if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
160 {
161 attr_added = TRUE;
162 }
163 else
164 {
165 if (attr_added)
166 {
167 break;
168 }
169 else
170 {
171 DBG1(DBG_IMV, "PA-TNC attribute too large to send, deleted");
172 attr->destroy(attr);
173 }
174 }
175 this->attr_list->remove_at(this->attr_list, enumerator);
176 }
177 enumerator->destroy(enumerator);
178
179 /* build and send the PA-TNC message via the IF-IMV interface */
180 if (!pa_tnc_msg->build(pa_tnc_msg))
181 {
182 pa_tnc_msg->destroy(pa_tnc_msg);
183 return TNC_RESULT_FATAL;
184 }
185 msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
186 DBG3(DBG_IMV, "created PA-TNC message: %B", &msg);
187
188 if (this->state->has_long(this->state) && this->agent->send_message_long)
189 {
190 excl = excl && this->state->has_excl(this->state) &&
191 this->dst_id != TNC_IMCID_ANY;
192 msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0;
193 result = this->agent->send_message_long(this->src_id,
194 this->connection_id, msg_flags, msg.ptr, msg.len,
195 this->msg_type.vendor_id, this->msg_type.type,
196 this->dst_id);
197 }
198 else if (this->agent->send_message)
199 {
200 msg_type = (this->msg_type.vendor_id << 8) |
201 (this->msg_type.type & 0x000000ff);
202 result = this->agent->send_message(this->src_id, this->connection_id,
203 msg.ptr, msg.len, msg_type);
204 }
205
206 pa_tnc_msg->destroy(pa_tnc_msg);
207
208 if (result != TNC_RESULT_SUCCESS)
209 {
210 break;
211 }
212 }
213 return result;
214 }
215
216 METHOD(imv_msg_t, send_assessment, TNC_Result,
217 private_imv_msg_t *this)
218 {
219 TNC_IMV_Action_Recommendation rec;
220 TNC_IMV_Evaluation_Result eval;
221 pa_tnc_attr_t *attr;
222 chunk_t string = chunk_empty;
223 char *lang_code = NULL, *uri = NULL;
224 enumerator_t *e;
225
226 /* Remove any attributes that have already been constructed */
227 while (this->attr_list->remove_last(this->attr_list, (void**)&attr) == SUCCESS)
228 {
229 attr->destroy(attr);
230 }
231
232 /* Send an IETF Assessment Result attribute if enabled */
233 if (lib->settings->get_bool(lib->settings, "%s.imcv.assessment_result",
234 TRUE, lib->ns))
235 {
236 this->state->get_recommendation(this->state, &rec, &eval);
237 attr = ietf_attr_assess_result_create(eval);
238 add_attribute(this, attr);
239
240 /* Send IETF Remediation Instructions if available */
241 if (eval != TNC_IMV_EVALUATION_RESULT_COMPLIANT)
242 {
243 e = this->agent->create_language_enumerator(this->agent,
244 this->state);
245 if (this->state->get_remediation_instructions(this->state,
246 e, &string, &lang_code, &uri))
247 {
248 if (string.len && lang_code)
249 {
250 attr = ietf_attr_remediation_instr_create_from_string(string,
251 chunk_create(lang_code, strlen(lang_code)));
252 add_attribute(this, attr);
253 }
254 if (uri)
255 {
256 attr = ietf_attr_remediation_instr_create_from_uri(
257 chunk_create(uri, strlen(uri)));
258 add_attribute(this, attr);
259 }
260 }
261 e->destroy(e);
262 }
263
264 /* send PA-TNC message with the excl flag set */
265 return send_(this, TRUE);
266 }
267 return TNC_RESULT_SUCCESS;
268 }
269
270 METHOD(imv_msg_t, receive, TNC_Result,
271 private_imv_msg_t *this, imv_msg_t *out_msg, bool *fatal_error)
272 {
273 TNC_Result result = TNC_RESULT_SUCCESS;
274 TNC_UInt32 target_imv_id;
275 linked_list_t *non_fatal_types;
276 enumerator_t *enumerator;
277 pa_tnc_attr_t *attr;
278 chunk_t msg;
279
280 if (this->state->has_long(this->state))
281 {
282 if (this->dst_id != TNC_IMVID_ANY)
283 {
284 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u "
285 "from IMC %u to IMV %u",
286 this->agent->get_id(this->agent),
287 this->agent->get_name(this->agent),
288 this->connection_id, this->src_id, this->dst_id);
289 }
290 else
291 {
292 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u "
293 "from IMC %u", this->agent->get_id(this->agent),
294 this->agent->get_name(this->agent),
295 this->connection_id, this->src_id);
296 }
297 }
298 else
299 {
300 DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u",
301 this->agent->get_id(this->agent),
302 this->agent->get_name(this->agent),
303 this->connection_id);
304 }
305 msg = this->pa_msg->get_encoding(this->pa_msg);
306 DBG3(DBG_IMV, "%B", &msg);
307
308 switch (this->pa_msg->process(this->pa_msg))
309 {
310 case SUCCESS:
311 break;
312 case VERIFY_ERROR:
313 {
314 /* extract and copy by reference all error attributes */
315 enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
316 while (enumerator->enumerate(enumerator, &attr))
317 {
318 out_msg->add_attribute(out_msg, attr->get_ref(attr));
319 }
320 enumerator->destroy(enumerator);
321 }
322 case FAILED:
323 default:
324 return TNC_RESULT_FATAL;
325 }
326
327 /* determine target IMV ID */
328 target_imv_id = (this->dst_id != TNC_IMVID_ANY) ?
329 this->dst_id : this->agent->get_id(this->agent);
330
331 /* process IF-M segmentation attributes */
332 enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
333 while (enumerator->enumerate(enumerator, &attr))
334 {
335 uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
336 seg_contract_manager_t *contracts;
337 seg_contract_t *contract;
338 char buf[BUF_LEN];
339 pen_type_t type;
340
341 type = attr->get_type(attr);
342
343 if (type.vendor_id != PEN_TCG)
344 {
345 continue;
346 }
347
348 contracts = this->state->get_contracts(this->state);
349
350 switch (type.type)
351 {
352 case TCG_SEG_MAX_ATTR_SIZE_REQ:
353 {
354 tcg_seg_attr_max_size_t *attr_cast;
355
356 attr_cast = (tcg_seg_attr_max_size_t*)attr;
357 attr_cast->get_attr_size(attr_cast, &max_attr_size,
358 &max_seg_size);
359 contract = contracts->get_contract(contracts, this->msg_type,
360 FALSE, this->src_id);
361 if (contract)
362 {
363 contract->set_max_size(contract, max_attr_size,
364 max_seg_size);
365 }
366 else
367 {
368 contract = seg_contract_create(this->msg_type, max_attr_size,
369 max_seg_size, FALSE, this->src_id, FALSE);
370 contract->set_responder(contract, target_imv_id);
371 contracts->add_contract(contracts, contract);
372 }
373 contract->get_info_string(contract, buf, BUF_LEN, TRUE);
374 DBG2(DBG_IMV, "%s", buf);
375
376 /* Determine maximum PA-TNC attribute segment size */
377 my_max_seg_size = this->state->get_max_msg_len(this->state)
378 - PA_TNC_HEADER_SIZE
379 - PA_TNC_ATTR_HEADER_SIZE
380 - TCG_SEG_ATTR_SEG_ENV_HEADER
381 - PA_TNC_ATTR_HEADER_SIZE
382 - TCG_SEG_ATTR_MAX_SIZE_SIZE;
383
384 /* If segmentation is possible select lower segment size */
385 if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
386 max_seg_size > my_max_seg_size)
387 {
388 max_seg_size = my_max_seg_size;
389 contract->set_max_size(contract, max_attr_size,
390 max_seg_size);
391 DBG2(DBG_IMV, " lowered maximum segment size to %u bytes",
392 max_seg_size);
393 }
394
395 /* Add Maximum Attribute Size Response attribute */
396 attr = tcg_seg_attr_max_size_create(max_attr_size,
397 max_seg_size, FALSE);
398 out_msg->add_attribute(out_msg, attr);
399 break;
400 }
401 case TCG_SEG_MAX_ATTR_SIZE_RESP:
402 {
403 tcg_seg_attr_max_size_t *attr_cast;
404
405 attr_cast = (tcg_seg_attr_max_size_t*)attr;
406 attr_cast->get_attr_size(attr_cast, &max_attr_size,
407 &max_seg_size);
408 contract = contracts->get_contract(contracts, this->msg_type,
409 TRUE, this->src_id);
410 if (!contract)
411 {
412 contract = contracts->get_contract(contracts, this->msg_type,
413 TRUE, TNC_IMCID_ANY);
414 if (contract)
415 {
416 contract = contract->clone(contract);
417 contract->set_responder(contract, this->src_id);
418 contracts->add_contract(contracts, contract);
419 }
420 }
421 if (contract)
422 {
423 contract->get_max_size(contract, &my_max_attr_size,
424 &my_max_seg_size);
425 if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
426 my_max_seg_size > max_seg_size)
427 {
428 my_max_seg_size = max_seg_size;
429 contract->set_max_size(contract, my_max_attr_size,
430 my_max_seg_size);
431 }
432 contract->get_info_string(contract, buf, BUF_LEN, FALSE);
433 DBG2(DBG_IMV, "%s", buf);
434 }
435 else
436 {
437 /* TODO no request pending */
438 DBG1(DBG_IMV, "no contract for this PA message type found");
439 }
440 break;
441 }
442 case TCG_SEG_ATTR_SEG_ENV:
443 {
444 tcg_seg_attr_seg_env_t *seg_env_attr;
445 pa_tnc_attr_t *error;
446 uint32_t base_attr_id;
447 bool more;
448
449 seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
450 base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
451
452 contract = contracts->get_contract(contracts, this->msg_type,
453 TRUE, this->src_id);
454 if (!contract)
455 {
456 DBG2(DBG_IMV, "no contract for received attribute segment "
457 "with base attribute ID %u", base_attr_id);
458 continue;
459 }
460 attr = contract->add_segment(contract, attr, &error, &more);
461 if (error)
462 {
463 out_msg->add_attribute(out_msg, error);
464 }
465 if (attr)
466 {
467 this->pa_msg->add_attribute(this->pa_msg, attr);
468 }
469 if (more)
470 {
471 /* Send Next Segment Request */
472 attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE);
473 out_msg->add_attribute(out_msg, attr);
474 }
475 break;
476 }
477 case TCG_SEG_NEXT_SEG_REQ:
478 {
479 tcg_seg_attr_next_seg_t *attr_cast;
480 uint32_t base_attr_id;
481
482 attr_cast = (tcg_seg_attr_next_seg_t*)attr;
483 base_attr_id = attr_cast->get_base_attr_id(attr_cast);
484
485 contract = contracts->get_contract(contracts, this->msg_type,
486 FALSE, this->src_id);
487 if (!contract)
488 {
489 /* TODO no contract - generate error message */
490 DBG1(DBG_IMV, "no contract for received next segment "
491 "request with base attribute ID %u", base_attr_id);
492 continue;
493 }
494 attr = contract->next_segment(contract, base_attr_id);
495 if (attr)
496 {
497 out_msg->add_attribute(out_msg, attr);
498 }
499 else
500 {
501 /* TODO no more segments - generate error message */
502 DBG1(DBG_IMV, "no more segments found for "
503 "base attribute ID %u", base_attr_id);
504 }
505 break;
506 }
507 default:
508 break;
509 }
510 }
511 enumerator->destroy(enumerator);
512
513 /* preprocess any received IETF standard error attributes */
514 non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
515 *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
516 non_fatal_types);
517
518 return result;
519 }
520
521 METHOD(imv_msg_t, get_attribute_count, int,
522 private_imv_msg_t *this)
523 {
524 return this->attr_list->get_count(this->attr_list);
525 }
526
527 METHOD(imv_msg_t, create_attribute_enumerator, enumerator_t*,
528 private_imv_msg_t *this)
529 {
530 return this->pa_msg->create_attribute_enumerator(this->pa_msg);
531 }
532
533 METHOD(imv_msg_t, get_encoding, chunk_t,
534 private_imv_msg_t *this)
535 {
536 if (this->pa_msg)
537 {
538 return this->pa_msg->get_encoding(this->pa_msg);
539 }
540 return chunk_empty;
541 }
542
543 METHOD(imv_msg_t, destroy, void,
544 private_imv_msg_t *this)
545 {
546 this->attr_list->destroy_offset(this->attr_list,
547 offsetof(pa_tnc_attr_t, destroy));
548 DESTROY_IF(this->pa_msg);
549 free(this);
550 }
551
552 /**
553 * See header
554 */
555 imv_msg_t *imv_msg_create(imv_agent_t *agent, imv_state_t *state,
556 TNC_ConnectionID connection_id,
557 TNC_UInt32 src_id, TNC_UInt32 dst_id,
558 pen_type_t msg_type)
559 {
560 private_imv_msg_t *this;
561
562 INIT(this,
563 .public = {
564 .get_src_id = _get_src_id,
565 .get_dst_id = _get_dst_id,
566 .set_msg_type = _set_msg_type,
567 .get_msg_type = _get_msg_type,
568 .send = _send_,
569 .send_assessment = _send_assessment,
570 .receive = _receive,
571 .add_attribute = _add_attribute,
572 .get_attribute_count = _get_attribute_count,
573 .create_attribute_enumerator = _create_attribute_enumerator,
574 .get_encoding = _get_encoding,
575 .destroy = _destroy,
576 },
577 .connection_id = connection_id,
578 .src_id = src_id,
579 .dst_id = dst_id,
580 .msg_type = msg_type,
581 .attr_list = linked_list_create(),
582 .agent = agent,
583 .state = state,
584 );
585
586 return &this->public;
587 }
588
589 /**
590 * See header
591 */
592 imv_msg_t* imv_msg_create_as_reply(imv_msg_t *msg)
593 {
594 private_imv_msg_t *in;
595 TNC_UInt32 src_id;
596
597 in = (private_imv_msg_t*)msg;
598 src_id = (in->dst_id != TNC_IMVID_ANY) ?
599 in->dst_id : in->agent->get_id(in->agent);
600
601 return imv_msg_create(in->agent, in->state, in->connection_id, src_id,
602 in->src_id, in->msg_type);
603 }
604
605 /**
606 * See header
607 */
608 imv_msg_t *imv_msg_create_from_data(imv_agent_t *agent, imv_state_t *state,
609 TNC_ConnectionID connection_id,
610 TNC_MessageType msg_type,
611 chunk_t msg)
612 {
613 TNC_VendorID msg_vid;
614 TNC_MessageSubtype msg_subtype;
615
616 msg_vid = msg_type >> 8;
617 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
618
619 return imv_msg_create_from_long_data(agent, state, connection_id,
620 TNC_IMCID_ANY, agent->get_id(agent),
621 msg_vid, msg_subtype, msg);
622 }
623
624 /**
625 * See header
626 */
627 imv_msg_t *imv_msg_create_from_long_data(imv_agent_t *agent, imv_state_t *state,
628 TNC_ConnectionID connection_id,
629 TNC_UInt32 src_id,
630 TNC_UInt32 dst_id,
631 TNC_VendorID msg_vid,
632 TNC_MessageSubtype msg_subtype,
633 chunk_t msg)
634 {
635 private_imv_msg_t *this;
636
637 this = (private_imv_msg_t*)imv_msg_create(agent, state,
638 connection_id, src_id, dst_id,
639 pen_type_create(msg_vid, msg_subtype));
640 this->pa_msg = pa_tnc_msg_create_from_data(msg);
641
642 return &this->public;
643 }