testing: Fix kernel download URL for kernel versions != 4.x
[strongswan.git] / src / libimcv / pa_tnc / pa_tnc_msg.c
1 /*
2 * Copyright (C) 2011-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imcv.h"
17 #include "pa_tnc_msg.h"
18 #include "ietf/ietf_attr_pa_tnc_error.h"
19
20 #include <bio/bio_writer.h>
21 #include <bio/bio_reader.h>
22 #include <collections/linked_list.h>
23 #include <pen/pen.h>
24 #include <utils/debug.h>
25
26 typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
27
28 /**
29 * PA-TNC message header
30 *
31 * 1 2 3
32 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
33 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
34 * | Version | Reserved |
35 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
36 * | Message Identifier |
37 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
38 */
39
40 #define PA_TNC_RESERVED 0x000000
41
42 /**
43 * Private data of a pa_tnc_msg_t object.
44 *
45 */
46 struct private_pa_tnc_msg_t {
47
48 /**
49 * Public pa_tnc_msg_t interface.
50 */
51 pa_tnc_msg_t public;
52
53 /**
54 * List of PA-TNC attributes
55 */
56 linked_list_t *attributes;
57
58 /**
59 * linked list of PA-TNC error messages
60 */
61 linked_list_t *errors;
62
63 /**
64 * Message identifier
65 */
66 uint32_t identifier;
67
68 /**
69 * Current PA-TNC Message size
70 */
71 size_t msg_len;
72
73 /**
74 * Maximum PA-TNC Message size
75 */
76 size_t max_msg_len;
77
78 /**
79 * TRUE if attribute was extracted from data
80 */
81 bool from_data;
82
83 /**
84 * Encoded message
85 */
86 chunk_t encoding;
87 };
88
89 METHOD(pa_tnc_msg_t, get_encoding, chunk_t,
90 private_pa_tnc_msg_t *this)
91 {
92 return this->encoding;
93 }
94
95 METHOD(pa_tnc_msg_t, add_attribute, bool,
96 private_pa_tnc_msg_t *this, pa_tnc_attr_t *attr)
97 {
98 chunk_t attr_value;
99 size_t attr_len;
100
101 if (!this->from_data)
102 {
103 attr->build(attr);
104 attr_value = attr->get_value(attr);
105 attr_len = PA_TNC_ATTR_HEADER_SIZE + attr_value.len;
106
107 if (this->max_msg_len && this->msg_len + attr_len > this->max_msg_len)
108 {
109 /* attribute just does not fit into this message */
110 return FALSE;
111 }
112 this->msg_len += attr_len;
113 }
114 this->attributes->insert_last(this->attributes, attr);
115 return TRUE;
116 }
117
118 METHOD(pa_tnc_msg_t, build, bool,
119 private_pa_tnc_msg_t *this)
120 {
121 bio_writer_t *writer;
122 enumerator_t *enumerator;
123 pa_tnc_attr_t *attr;
124 enum_name_t *pa_attr_names;
125 pen_type_t type;
126 uint8_t flags;
127 chunk_t value;
128 nonce_gen_t *ng;
129
130 /* generate a nonce as a message identifier */
131 ng = lib->crypto->create_nonce_gen(lib->crypto);
132 if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&this->identifier))
133 {
134 DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier");
135 DESTROY_IF(ng);
136 return FALSE;
137 }
138 ng->destroy(ng);
139 DBG1(DBG_TNC, "creating PA-TNC message with ID 0x%08x", this->identifier);
140
141 /* build message header */
142 writer = bio_writer_create(this->msg_len);
143 writer->write_uint8 (writer, PA_TNC_VERSION);
144 writer->write_uint24(writer, PA_TNC_RESERVED);
145 writer->write_uint32(writer, this->identifier);
146
147 /* append encoded value of PA-TNC attributes */
148 enumerator = this->attributes->create_enumerator(this->attributes);
149 while (enumerator->enumerate(enumerator, &attr))
150 {
151 type = attr->get_type(attr);
152 value = attr->get_value(attr);
153 flags = attr->get_noskip_flag(attr) ? PA_TNC_ATTR_FLAG_NOSKIP :
154 PA_TNC_ATTR_FLAG_NONE;
155
156 pa_attr_names = imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
157 type.vendor_id);
158 if (pa_attr_names)
159 {
160 DBG2(DBG_TNC, "creating PA-TNC attribute type '%N/%N' "
161 "0x%06x/0x%08x", pen_names, type.vendor_id,
162 pa_attr_names, type.type, type.vendor_id, type.type);
163 }
164 else
165 {
166 DBG2(DBG_TNC, "creating PA-TNC attribute type '%N' "
167 "0x%06x/0x%08x", pen_names, type.vendor_id,
168 type.vendor_id, type.type);
169 }
170 DBG3(DBG_TNC, "%B", &value);
171
172 writer->write_uint8 (writer, flags);
173 writer->write_uint24(writer, type.vendor_id);
174 writer->write_uint32(writer, type.type);
175 writer->write_uint32(writer, PA_TNC_ATTR_HEADER_SIZE + value.len);
176 writer->write_data (writer, value);
177 }
178 enumerator->destroy(enumerator);
179
180 free(this->encoding.ptr);
181 this->encoding = writer->extract_buf(writer);
182 writer->destroy(writer);
183
184 return TRUE;
185 }
186
187 METHOD(pa_tnc_msg_t, process, status_t,
188 private_pa_tnc_msg_t *this)
189 {
190 bio_reader_t *reader;
191 pa_tnc_attr_t *attr, *error;
192 pen_type_t attr_type;
193 chunk_t attr_value;
194 uint8_t version;
195 uint32_t reserved, offset, attr_offset;
196 pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
197
198 /* process message header */
199 if (this->encoding.len < PA_TNC_HEADER_SIZE)
200 {
201 DBG1(DBG_TNC, "%u bytes insufficient to parse PA-TNC message header",
202 this->encoding.len);
203 return FAILED;
204 }
205 reader = bio_reader_create(this->encoding);
206 reader->read_uint8 (reader, &version);
207 reader->read_uint24(reader, &reserved);
208 reader->read_uint32(reader, &this->identifier);
209 DBG1(DBG_TNC, "processing PA-TNC message with ID 0x%08x", this->identifier);
210
211 if (version != PA_TNC_VERSION)
212 {
213 DBG1(DBG_TNC, "PA-TNC version %u not supported", version);
214 error_code = pen_type_create(PEN_IETF, PA_ERROR_VERSION_NOT_SUPPORTED);
215 error = ietf_attr_pa_tnc_error_create(error_code, this->encoding);
216 goto err;
217 }
218
219 /* offset of the first PA-TNC attribute in the PA-TNC message */
220 offset = PA_TNC_HEADER_SIZE;
221
222 /* pre-process PA-TNC attributes */
223 while (reader->remaining(reader) > 0)
224 {
225 attr = imcv_pa_tnc_attributes->create(imcv_pa_tnc_attributes,
226 reader, FALSE, &offset, this->encoding, &error);
227 if (!attr)
228 {
229 goto err;
230 }
231 attr_value = attr->get_value(attr);
232 attr_type = attr->get_type(attr);
233
234 if (attr->process(attr, &attr_offset) != SUCCESS)
235 {
236 attr->destroy(attr);
237
238 if (attr_type.vendor_id == PEN_IETF &&
239 attr_type.type == IETF_ATTR_PA_TNC_ERROR)
240 {
241 /* suppress error while processing a PA-TNC error attribute */
242 offset += attr_value.len;
243 continue;
244 }
245 error_code = pen_type_create(PEN_IETF, PA_ERROR_INVALID_PARAMETER);
246 error = ietf_attr_pa_tnc_error_create_with_offset(error_code,
247 this->encoding, offset + attr_offset);
248 goto err;
249 }
250 offset += attr_value.len;
251 this->attributes->insert_last(this->attributes, attr);
252 }
253 reader->destroy(reader);
254 return SUCCESS;
255
256 err:
257 reader->destroy(reader);
258 this->errors->insert_last(this->errors, error);
259 return VERIFY_ERROR;
260 }
261
262 METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
263 private_pa_tnc_msg_t *this, linked_list_t *non_fatal_types)
264 {
265 enumerator_t *e1, *e2;
266 enum_name_t *pa_attr_names;
267 pa_tnc_attr_t *attr;
268 pen_type_t type, unsupported_type;
269 uint8_t flags;
270 bool fatal_error = FALSE;
271
272 e1 = this->attributes->create_enumerator(this->attributes);
273 while (e1->enumerate(e1, &attr))
274 {
275 type = attr->get_type(attr);
276
277 if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
278 {
279 ietf_attr_pa_tnc_error_t *error_attr;
280 pen_type_t error_code, *non_fatal_type;
281 chunk_t msg_info;
282 uint32_t offset;
283 bool fatal_current_error = TRUE;
284
285 error_attr = (ietf_attr_pa_tnc_error_t*)attr;
286 error_code = error_attr->get_error_code(error_attr);
287 msg_info = error_attr->get_msg_info(error_attr);
288
289 /* skip errors from non-IETF namespaces */
290 if (error_code.vendor_id != PEN_IETF)
291 {
292 continue;
293 }
294 DBG1(DBG_TNC, "received PA-TNC error '%N' concerning message "
295 "0x%08x/0x%08x", pa_tnc_error_code_names, error_code.type,
296 untoh32(msg_info.ptr), untoh32(msg_info.ptr + 4));
297
298 switch (error_code.type)
299 {
300 case PA_ERROR_INVALID_PARAMETER:
301 offset = error_attr->get_offset(error_attr);
302 DBG1(DBG_TNC, " occurred at offset of %u bytes", offset);
303 break;
304 case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
305 unsupported_type =
306 error_attr->get_unsupported_attr(error_attr, &flags);
307 pa_attr_names =
308 imcv_pa_tnc_attributes->get_names(imcv_pa_tnc_attributes,
309 unsupported_type.vendor_id);
310 if (pa_attr_names)
311 {
312 DBG1(DBG_TNC, " unsupported attribute type '%N/%N' "
313 "0x%06x/0x%08x, flags 0x%02x",
314 pen_names, unsupported_type.vendor_id,
315 pa_attr_names, unsupported_type.type,
316 unsupported_type.vendor_id, unsupported_type.type,
317 flags);
318 }
319 else
320 {
321 DBG1(DBG_TNC, " unsupported attribute type '%N' "
322 "0x%06x/0x%08x, flags 0x%02x",
323 pen_names, unsupported_type.vendor_id,
324 unsupported_type.vendor_id, unsupported_type.type,
325 flags);
326 }
327 e2 = non_fatal_types->create_enumerator(non_fatal_types);
328 while (e2->enumerate(e2, &non_fatal_type))
329 {
330 if (pen_type_equals(unsupported_type, *non_fatal_type))
331 {
332 fatal_current_error = FALSE;
333 break;
334 }
335 }
336 e2->destroy(e2);
337 break;
338 default:
339 break;
340 }
341 if (fatal_current_error)
342 {
343 fatal_error = TRUE;
344 }
345 }
346 }
347 e1->destroy(e1);
348
349 return fatal_error;
350 }
351
352 METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
353 private_pa_tnc_msg_t *this)
354 {
355 return this->attributes->create_enumerator(this->attributes);
356 }
357
358 METHOD(pa_tnc_msg_t, create_error_enumerator, enumerator_t*,
359 private_pa_tnc_msg_t *this)
360 {
361 return this->errors->create_enumerator(this->errors);
362 }
363
364 METHOD(pa_tnc_msg_t, destroy, void,
365 private_pa_tnc_msg_t *this)
366 {
367 this->attributes->destroy_offset(this->attributes,
368 offsetof(pa_tnc_attr_t, destroy));
369 this->errors->destroy_offset(this->errors,
370 offsetof(pa_tnc_attr_t, destroy));
371 free(this->encoding.ptr);
372 free(this);
373 }
374
375 /**
376 * See header
377 */
378 pa_tnc_msg_t *pa_tnc_msg_create(size_t max_msg_len)
379 {
380 private_pa_tnc_msg_t *this;
381
382 INIT(this,
383 .public = {
384 .get_encoding = _get_encoding,
385 .add_attribute = _add_attribute,
386 .build = _build,
387 .process = _process,
388 .process_ietf_std_errors = _process_ietf_std_errors,
389 .create_attribute_enumerator = _create_attribute_enumerator,
390 .create_error_enumerator = _create_error_enumerator,
391 .destroy = _destroy,
392 },
393 .attributes = linked_list_create(),
394 .errors = linked_list_create(),
395 .msg_len = PA_TNC_HEADER_SIZE,
396 .max_msg_len = max_msg_len,
397 );
398
399 return &this->public;
400 }
401
402 /**
403 * See header
404 */
405 pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
406 {
407 private_pa_tnc_msg_t *this;
408
409 INIT(this,
410 .public = {
411 .get_encoding = _get_encoding,
412 .add_attribute = _add_attribute,
413 .build = _build,
414 .process = _process,
415 .process_ietf_std_errors = _process_ietf_std_errors,
416 .create_attribute_enumerator = _create_attribute_enumerator,
417 .create_error_enumerator = _create_error_enumerator,
418 .destroy = _destroy,
419 },
420 .encoding = chunk_clone(data),
421 .attributes = linked_list_create(),
422 .errors = linked_list_create(),
423 .from_data = TRUE,
424 );
425
426 return &this->public;
427 }
428