Implemented IF-M segmentation
[strongswan.git] / src / libimcv / pa_tnc / pa_tnc_msg.c
1 /*
2 * Copyright (C) 2011-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imcv.h"
17 #include "pa_tnc_msg.h"
18 #include "ietf/ietf_attr_pa_tnc_error.h"
19
20 #include <bio/bio_writer.h>
21 #include <bio/bio_reader.h>
22 #include <collections/linked_list.h>
23 #include <pen/pen.h>
24 #include <utils/debug.h>
25
26 typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
27
28 /**
29 * PA-TNC message header
30 *
31 * 1 2 3
32 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
33 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
34 * | Version | Reserved |
35 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
36 * | Message Identifier |
37 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
38 */
39
40 /**
41 * Private data of a pa_tnc_msg_t object.
42 *
43 */
44 struct private_pa_tnc_msg_t {
45
46 /**
47 * Public pa_tnc_msg_t interface.
48 */
49 pa_tnc_msg_t public;
50
51 /**
52 * List of PA-TNC attributes
53 */
54 linked_list_t *attributes;
55
56 /**
57 * linked list of PA-TNC error messages
58 */
59 linked_list_t *errors;
60
61 /**
62 * Message identifier
63 */
64 uint32_t identifier;
65
66 /**
67 * Current PA-TNC Message size
68 */
69 size_t msg_len;
70
71 /**
72 * Maximum PA-TNC Message size
73 */
74 size_t max_msg_len;
75
76 /**
77 * TRUE if attribute was extracted from data
78 */
79 bool from_data;
80
81 /**
82 * Encoded message
83 */
84 chunk_t encoding;
85 };
86
87 METHOD(pa_tnc_msg_t, get_encoding, chunk_t,
88 private_pa_tnc_msg_t *this)
89 {
90 return this->encoding;
91 }
92
93 METHOD(pa_tnc_msg_t, add_attribute, bool,
94 private_pa_tnc_msg_t *this, pa_tnc_attr_t *attr)
95 {
96 chunk_t attr_value;
97 size_t attr_len;
98
99 if (!this->from_data)
100 {
101 attr->build(attr);
102 attr_value = attr->get_value(attr);
103 attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len;
104
105 if (this->max_msg_len && this->msg_len + attr_len > this->max_msg_len)
106 {
107 /* attribute just does not fit into this message */
108 return FALSE;
109 }
110 this->msg_len += attr_len;
111 }
112 this->attributes->insert_last(this->attributes, attr);
113 return TRUE;
114 }
115
116 METHOD(pa_tnc_msg_t, build, bool,
117 private_pa_tnc_msg_t *this)
118 {
119 bio_writer_t *writer;
120 enumerator_t *enumerator;
121 pa_tnc_attr_t *attr;
122 enum_name_t *pa_attr_names;
123 pen_type_t type;
124 uint8_t flags;
125 chunk_t value;
126 nonce_gen_t *ng;
127
128 /* generate a nonce as a message identifier */
129 ng = lib->crypto->create_nonce_gen(lib->crypto);
130 if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&this->identifier))
131 {
132 DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier");
133 DESTROY_IF(ng);
134 return FALSE;
135 }
136 ng->destroy(ng);
137 DBG1(DBG_TNC, "creating PA-TNC message with ID 0x%08x", this->identifier);
138
139 /* build message header */
140 writer = bio_writer_create(this->msg_len);
141 writer->write_uint8 (writer, PA_TNC_VERSION);
142 writer->write_uint24(writer, PA_TNC_RESERVED);
143 writer->write_uint32(writer, this->identifier);
144
145 /* append encoded value of PA-TNC attributes */
146 enumerator = this->attributes->create_enumerator(this->attributes);
147 while (enumerator->enumerate(enumerator, &attr))
148 {
149 type = attr->get_type(attr);
150 value = attr->get_value(attr);
151 flags = attr->get_noskip_flag(attr) ? PA_TNC_ATTR_FLAG_NOSKIP :
152 PA_TNC_ATTR_FLAG_NONE;
153
154 pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
155 type.vendor_id);
156 if (pa_attr_names)
157 {
158 DBG2(DBG_TNC, "creating PA-TNC attribute type '%N/%N' "
159 "0x%06x/0x%08x", pen_names, type.vendor_id,
160 pa_attr_names, type.type, type.vendor_id, type.type);
161 }
162 else
163 {
164 DBG2(DBG_TNC, "creating PA-TNC attribute type '%N' "
165 "0x%06x/0x%08x", pen_names, type.vendor_id,
166 type.vendor_id, type.type);
167 }
168 DBG3(DBG_TNC, "%B", &value);
169
170 writer->write_uint8 (writer, flags);
171 writer->write_uint24(writer, type.vendor_id);
172 writer->write_uint32(writer, type.type);
173 writer->write_uint32(writer, PA_TNC_ATTR_HEADER_SIZE + value.len);
174 writer->write_data (writer, value);
175 }
176 enumerator->destroy(enumerator);
177
178 free(this->encoding.ptr);
179 this->encoding = writer->extract_buf(writer);
180 writer->destroy(writer);
181
182 return TRUE;
183 }
184
185 METHOD(pa_tnc_msg_t, process, status_t,
186 private_pa_tnc_msg_t *this)
187 {
188 bio_reader_t *reader;
189 pa_tnc_attr_t *attr, *error;
190 uint8_t version;
191 uint32_t reserved, offset;
192 pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
193
194 /* process message header */
195 if (this->encoding.len < PA_TNC_HEADER_SIZE)
196 {
197 DBG1(DBG_TNC, "%u bytes insufficient to parse PA-TNC message header",
198 this->encoding.len);
199 return FAILED;
200 }
201 reader = bio_reader_create(this->encoding);
202 reader->read_uint8 (reader, &version);
203 reader->read_uint24(reader, &reserved);
204 reader->read_uint32(reader, &this->identifier);
205 DBG1(DBG_TNC, "processing PA-TNC message with ID 0x%08x", this->identifier);
206
207 if (version != PA_TNC_VERSION)
208 {
209 DBG1(DBG_TNC, "PA-TNC version %u not supported", version);
210 error_code = pen_type_create(PEN_IETF, PA_ERROR_VERSION_NOT_SUPPORTED);
211 error = ietf_attr_pa_tnc_error_create(error_code, this->encoding);
212 goto err;
213 }
214
215 /* offset of the first PA-TNC attribute in the PA-TNC message */
216 offset = PA_TNC_HEADER_SIZE;
217
218 /* pre-process PA-TNC attributes */
219 while (reader->remaining(reader) > 0)
220 {
221 attr = imcv_pa_tnc_attributes->create(imcv_pa_tnc_attributes,
222 reader, &offset, this->encoding, &error);
223 if (error)
224 {
225 goto err;
226 }
227 if (attr)
228 {
229 this->attributes->insert_last(this->attributes, attr);
230 }
231 }
232 reader->destroy(reader);
233 return SUCCESS;
234
235 err:
236 reader->destroy(reader);
237 this->errors->insert_last(this->errors, error);
238 return VERIFY_ERROR;
239 }
240
241 METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
242 private_pa_tnc_msg_t *this, linked_list_t *non_fatal_types)
243 {
244 enumerator_t *e1, *e2;
245 enum_name_t *pa_attr_names;
246 pa_tnc_attr_t *attr;
247 pen_type_t type, unsupported_type;
248 uint8_t flags;
249 bool fatal_error = FALSE;
250
251 e1 = this->attributes->create_enumerator(this->attributes);
252 while (e1->enumerate(e1, &attr))
253 {
254 type = attr->get_type(attr);
255
256 if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
257 {
258 ietf_attr_pa_tnc_error_t *error_attr;
259 pen_type_t error_code, *non_fatal_type;
260 chunk_t msg_info;
261 uint32_t offset;
262 bool fatal_current_error = TRUE;
263
264 error_attr = (ietf_attr_pa_tnc_error_t*)attr;
265 error_code = error_attr->get_error_code(error_attr);
266 msg_info = error_attr->get_msg_info(error_attr);
267
268 /* skip errors from non-IETF namespaces */
269 if (error_code.vendor_id != PEN_IETF)
270 {
271 continue;
272 }
273 DBG1(DBG_TNC, "received PA-TNC error '%N' concerning message "
274 "0x%08x/0x%08x", pa_tnc_error_code_names, error_code.type,
275 untoh32(msg_info.ptr), untoh32(msg_info.ptr + 4));
276
277 switch (error_code.type)
278 {
279 case PA_ERROR_INVALID_PARAMETER:
280 offset = error_attr->get_offset(error_attr);
281 DBG1(DBG_TNC, " occurred at offset of %u bytes", offset);
282 break;
283 case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
284 unsupported_type =
285 error_attr->get_unsupported_attr(error_attr, &flags);
286 pa_attr_names =
287 imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
288 unsupported_type.vendor_id);
289 if (pa_attr_names)
290 {
291 DBG1(DBG_TNC, " unsupported attribute type '%N/%N' "
292 "0x%06x/0x%08x, flags 0x%02x",
293 pen_names, unsupported_type.vendor_id,
294 pa_attr_names, unsupported_type.type,
295 unsupported_type.vendor_id, unsupported_type.type,
296 flags);
297 }
298 else
299 {
300 DBG1(DBG_TNC, " unsupported attribute type '%N' "
301 "0x%06x/0x%08x, flags 0x%02x",
302 pen_names, unsupported_type.vendor_id,
303 unsupported_type.vendor_id, unsupported_type.type,
304 flags);
305 }
306 e2 = non_fatal_types->create_enumerator(non_fatal_types);
307 while (e2->enumerate(e2, &non_fatal_type))
308 {
309 if (pen_type_equals(unsupported_type, *non_fatal_type))
310 {
311 fatal_current_error = FALSE;
312 break;
313 }
314 }
315 e2->destroy(e2);
316 break;
317 default:
318 break;
319 }
320 if (fatal_current_error)
321 {
322 fatal_error = TRUE;
323 }
324 }
325 }
326 e1->destroy(e1);
327
328 return fatal_error;
329 }
330
331 METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
332 private_pa_tnc_msg_t *this)
333 {
334 return this->attributes->create_enumerator(this->attributes);
335 }
336
337 METHOD(pa_tnc_msg_t, create_error_enumerator, enumerator_t*,
338 private_pa_tnc_msg_t *this)
339 {
340 return this->errors->create_enumerator(this->errors);
341 }
342
343 METHOD(pa_tnc_msg_t, destroy, void,
344 private_pa_tnc_msg_t *this)
345 {
346 this->attributes->destroy_offset(this->attributes,
347 offsetof(pa_tnc_attr_t, destroy));
348 this->errors->destroy_offset(this->errors,
349 offsetof(pa_tnc_attr_t, destroy));
350 free(this->encoding.ptr);
351 free(this);
352 }
353
354 /**
355 * See header
356 */
357 pa_tnc_msg_t *pa_tnc_msg_create(size_t max_msg_len)
358 {
359 private_pa_tnc_msg_t *this;
360
361 INIT(this,
362 .public = {
363 .get_encoding = _get_encoding,
364 .add_attribute = _add_attribute,
365 .build = _build,
366 .process = _process,
367 .process_ietf_std_errors = _process_ietf_std_errors,
368 .create_attribute_enumerator = _create_attribute_enumerator,
369 .create_error_enumerator = _create_error_enumerator,
370 .destroy = _destroy,
371 },
372 .attributes = linked_list_create(),
373 .errors = linked_list_create(),
374 .msg_len = PA_TNC_HEADER_SIZE,
375 .max_msg_len = max_msg_len,
376 );
377
378 return &this->public;
379 }
380
381 /**
382 * See header
383 */
384 pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
385 {
386 private_pa_tnc_msg_t *this;
387
388 INIT(this,
389 .public = {
390 .get_encoding = _get_encoding,
391 .add_attribute = _add_attribute,
392 .build = _build,
393 .process = _process,
394 .process_ietf_std_errors = _process_ietf_std_errors,
395 .create_attribute_enumerator = _create_attribute_enumerator,
396 .create_error_enumerator = _create_error_enumerator,
397 .destroy = _destroy,
398 },
399 .encoding = chunk_clone(data),
400 .attributes = linked_list_create(),
401 .errors = linked_list_create(),
402 .from_data = TRUE,
403 );
404
405 return &this->public;
406 }
407