support of error_offset in PA-TNC INVALID PARAMETER error messages
[strongswan.git] / src / libimcv / pa_tnc / pa_tnc_msg.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen
3 *
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "pa_tnc_msg.h"
18 #include "ietf/ietf_attr_pa_tnc_error.h"
19
20 #include <bio/bio_writer.h>
21 #include <bio/bio_reader.h>
22 #include <utils/linked_list.h>
23 #include <pen/pen.h>
24 #include <debug.h>
25
26
27 typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
28
29 /**
30 * PA-TNC message header
31 *
32 * 1 2 3
33 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
34 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
35 * | Version | Reserved |
36 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
37 * | Message Identifier |
38 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
39 */
40
41 #define PA_TNC_HEADER_SIZE 8
42 #define PA_TNC_RESERVED 0x000000
43
44 /**
45 * PA-TNC attribute
46 *
47 * 1 2 3
48 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
49 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
50 * | Flags | PA-TNC Attribute Vendor ID |
51 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
52 * | PA-TNC Attribute Type |
53 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
54 * | PA-TNC Attribute Length |
55 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
56 * | Attribute Value (Variable Length) |
57 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
58 */
59
60 #define PA_TNC_ATTR_FLAG_NONE 0x00
61 #define PA_TNC_ATTR_FLAG_NOSKIP (1<<7)
62 #define PA_TNC_ATTR_HEADER_SIZE 12
63 #define PA_TNC_ATTR_INFO_SIZE 8
64
65 /**
66 * Private data of a pa_tnc_msg_t object.
67 *
68 */
69 struct private_pa_tnc_msg_t {
70
71 /**
72 * Public pa_tnc_msg_t interface.
73 */
74 pa_tnc_msg_t public;
75
76 /**
77 * List of PA-TNC attributes
78 */
79 linked_list_t *attributes;
80
81 /**
82 * linked list of PA-TNC error messages
83 */
84 linked_list_t *errors;
85
86 /**
87 * Message identifier
88 */
89 u_int32_t identifier;
90
91 /**
92 * Encoded message
93 */
94 chunk_t encoding;
95 };
96
97 METHOD(pa_tnc_msg_t, get_encoding, chunk_t,
98 private_pa_tnc_msg_t *this)
99 {
100 return this->encoding;
101 }
102
103 METHOD(pa_tnc_msg_t, add_attribute, void,
104 private_pa_tnc_msg_t *this, pa_tnc_attr_t *attr)
105 {
106 this->attributes->insert_last(this->attributes, attr);
107 }
108
109 METHOD(pa_tnc_msg_t, build, void,
110 private_pa_tnc_msg_t *this)
111 {
112 bio_writer_t *writer;
113 enumerator_t *enumerator;
114 pa_tnc_attr_t *attr;
115 pen_t vendor_id;
116 u_int32_t type;
117 u_int8_t flags;
118 chunk_t value;
119 rng_t *rng;
120
121 /* create a random message identifier */
122 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
123 rng->get_bytes(rng, sizeof(this->identifier), (u_int8_t*)&this->identifier);
124 rng->destroy(rng);
125 DBG2(DBG_TNC, "creating PA-TNC message with ID 0x%08x", this->identifier);
126
127 /* build message header */
128 writer = bio_writer_create(PA_TNC_HEADER_SIZE);
129 writer->write_uint8 (writer, PA_TNC_VERSION);
130 writer->write_uint24(writer, PA_TNC_RESERVED);
131 writer->write_uint32(writer, this->identifier);
132
133 /* build and append encoding of PA-TNC attributes */
134 enumerator = this->attributes->create_enumerator(this->attributes);
135 while (enumerator->enumerate(enumerator, &attr))
136 {
137 attr->build(attr);
138 vendor_id = attr->get_vendor_id(attr);
139 type = attr->get_type(attr);
140 value = attr->get_value(attr);
141 flags = attr->get_noskip_flag(attr) ? PA_TNC_ATTR_FLAG_NOSKIP :
142 PA_TNC_ATTR_FLAG_NONE;
143 if (vendor_id == PEN_IETF)
144 {
145 DBG2(DBG_TNC, "creating PA-TNC attribute type '%N/%N' "
146 "0x%06x/0x%08x", pen_names, vendor_id,
147 ietf_attr_names, type, vendor_id, type);
148 }
149 else
150 {
151 DBG2(DBG_TNC, "creating PA-TNC attribute type '%N' "
152 "0x%06x/0x%08x", pen_names, vendor_id,
153 vendor_id, type);
154 }
155 DBG3(DBG_TNC, "%B", &value);
156
157 writer->write_uint8 (writer, flags);
158 writer->write_uint24(writer, vendor_id);
159 writer->write_uint32(writer, type);
160 writer->write_uint32(writer, PA_TNC_ATTR_HEADER_SIZE + value.len);
161 writer->write_data (writer, value);
162 }
163 enumerator->destroy(enumerator);
164
165 free(this->encoding.ptr);
166 this->encoding = chunk_clone(writer->get_buf(writer));
167 writer->destroy(writer);
168 }
169
170 METHOD(pa_tnc_msg_t, process, status_t,
171 private_pa_tnc_msg_t *this)
172 {
173 bio_reader_t *reader;
174 pa_tnc_attr_t *error;
175 u_int8_t version;
176 u_int32_t reserved, offset, attr_offset;
177
178 /* process message header */
179 if (this->encoding.len < PA_TNC_HEADER_SIZE)
180 {
181 DBG1(DBG_TNC, "%u bytes insufficient to parse PA-TNC message header",
182 this->encoding.len);
183 return FAILED;
184 }
185 reader = bio_reader_create(this->encoding);
186 reader->read_uint8 (reader, &version);
187 reader->read_uint24(reader, &reserved);
188 reader->read_uint32(reader, &this->identifier);
189 DBG2(DBG_TNC, "processing PA-TNC message with ID 0x%08x", this->identifier);
190
191 if (version != PA_TNC_VERSION)
192 {
193 DBG1(DBG_TNC, "PA-TNC version %u not supported", version);
194 error = ietf_attr_pa_tnc_error_create(PEN_IETF,
195 PA_ERROR_VERSION_NOT_SUPPORTED, this->encoding);
196 goto err;
197 }
198
199 /* offset of the first PA-TNC attribute in the PA-TNC message */
200 offset = PA_TNC_HEADER_SIZE;
201
202 /* pre-process PA-TNC attributes */
203 while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
204 {
205 pen_t vendor_id;
206 u_int8_t flags;
207 u_int32_t type, length;
208 chunk_t value, attr_info;
209 pa_tnc_attr_t *attr;
210 ietf_attr_pa_tnc_error_t *error_attr;
211
212 attr_info = reader->peek(reader);
213 attr_info.len = PA_TNC_ATTR_INFO_SIZE;
214 reader->read_uint8 (reader, &flags);
215 reader->read_uint24(reader, &vendor_id);
216 reader->read_uint32(reader, &type);
217 reader->read_uint32(reader, &length);
218 if (vendor_id == PEN_IETF)
219 {
220 DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' "
221 "0x%06x/0x%08x", pen_names, vendor_id,
222 ietf_attr_names, type, vendor_id, type);
223 }
224 else
225 {
226 DBG2(DBG_TNC, "processing PA-TNC attribute type '%N' "
227 "0x%06x/0x%08x", pen_names, vendor_id,
228 vendor_id, type);
229 }
230
231 if (length < PA_TNC_ATTR_HEADER_SIZE)
232 {
233 DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
234 length);
235 error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
236 PA_ERROR_INVALID_PARAMETER, this->encoding,
237 offset + PA_TNC_ATTR_INFO_SIZE);
238 goto err;
239 }
240
241 if (!reader->read_data(reader, length - PA_TNC_ATTR_HEADER_SIZE, &value))
242 {
243 DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
244 error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
245 PA_ERROR_INVALID_PARAMETER, this->encoding,
246 offset + PA_TNC_ATTR_INFO_SIZE);
247 goto err;
248 }
249 DBG3(DBG_TNC, "%B", &value);
250
251 attr = pa_tnc_attr_create_from_data(vendor_id, type, value);
252 if (!attr)
253 {
254 if (flags & PA_TNC_ATTR_FLAG_NOSKIP)
255 {
256 DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag");
257 error = ietf_attr_pa_tnc_error_create(PEN_IETF,
258 PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, this->encoding);
259 error_attr = (ietf_attr_pa_tnc_error_t*)error;
260 error_attr->set_attr_info(error_attr, attr_info);
261 goto err;
262 }
263 else
264 {
265 DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute");
266 offset += length;
267 continue;
268 }
269 }
270
271 if (attr->process(attr, &attr_offset) != SUCCESS)
272 {
273 attr->destroy(attr);
274 if (vendor_id == PEN_IETF && type == IETF_ATTR_PA_TNC_ERROR)
275 {
276 /* error while processing a PA-TNC error attribute - abort */
277 reader->destroy(reader);
278 return FAILED;
279 }
280 error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
281 PA_ERROR_INVALID_PARAMETER, this->encoding,
282 offset + PA_TNC_ATTR_HEADER_SIZE + attr_offset);
283 goto err;
284 }
285 add_attribute(this, attr);
286 offset += length;
287 }
288
289 if (reader->remaining(reader) == 0)
290 {
291 reader->destroy(reader);
292 return SUCCESS;
293 }
294 DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header");
295 error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
296 PA_ERROR_INVALID_PARAMETER, this->encoding, offset);
297
298 err:
299 reader->destroy(reader);
300 this->errors->insert_last(this->errors, error);
301 return VERIFY_ERROR;
302 }
303
304 METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
305 private_pa_tnc_msg_t *this)
306 {
307 return this->attributes->create_enumerator(this->attributes);
308 }
309
310 METHOD(pa_tnc_msg_t, create_error_enumerator, enumerator_t*,
311 private_pa_tnc_msg_t *this)
312 {
313 return this->errors->create_enumerator(this->errors);
314 }
315
316 METHOD(pa_tnc_msg_t, destroy, void,
317 private_pa_tnc_msg_t *this)
318 {
319 this->attributes->destroy_offset(this->attributes,
320 offsetof(pa_tnc_attr_t, destroy));
321 this->errors->destroy_offset(this->errors,
322 offsetof(pa_tnc_attr_t, destroy));
323 free(this->encoding.ptr);
324 free(this);
325 }
326
327 /**
328 * See header
329 */
330 pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
331 {
332 private_pa_tnc_msg_t *this;
333
334 INIT(this,
335 .public = {
336 .get_encoding = _get_encoding,
337 .add_attribute = _add_attribute,
338 .build = _build,
339 .process = _process,
340 .create_attribute_enumerator = _create_attribute_enumerator,
341 .create_error_enumerator = _create_error_enumerator,
342 .destroy = _destroy,
343 },
344 .encoding = chunk_clone(data),
345 .attributes = linked_list_create(),
346 .errors = linked_list_create(),
347 );
348
349 return &this->public;
350 }
351
352 /**
353 * See header
354 */
355 pa_tnc_msg_t *pa_tnc_msg_create(void)
356 {
357 return pa_tnc_msg_create_from_data(chunk_empty);
358 }
359