added IETF standard error handling method
[strongswan.git] / src / libimcv / plugins / imc_test / imc_test.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include "imc_test_state.h"
16
17 #include <imc/imc_agent.h>
18 #include <pa_tnc/pa_tnc_msg.h>
19 #include <ietf/ietf_attr.h>
20 #include <ietf/ietf_attr_pa_tnc_error.h>
21 #include <ita/ita_attr.h>
22 #include <ita/ita_attr_command.h>
23
24 #include <tncif_names.h>
25 #include <tncif_pa_subtypes.h>
26
27 #include <pen/pen.h>
28 #include <debug.h>
29
30 /* IMC definitions */
31
32 static const char imc_name[] = "Test";
33
34 #define IMC_VENDOR_ID PEN_ITA
35 #define IMC_SUBTYPE PA_SUBTYPE_ITA_TEST
36
37 static imc_agent_t *imc_test;
38
39 /**
40 * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
41 */
42 TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
43 TNC_Version min_version,
44 TNC_Version max_version,
45 TNC_Version *actual_version)
46 {
47 if (imc_test)
48 {
49 DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
50 return TNC_RESULT_ALREADY_INITIALIZED;
51 }
52 imc_test = imc_agent_create(imc_name, IMC_VENDOR_ID, IMC_SUBTYPE,
53 imc_id, actual_version);
54 if (!imc_test)
55 {
56 return TNC_RESULT_FATAL;
57 }
58 if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
59 {
60 DBG1(DBG_IMC, "no common IF-IMC version");
61 return TNC_RESULT_NO_COMMON_VERSION;
62 }
63 return TNC_RESULT_SUCCESS;
64 }
65
66 /**
67 * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
68 */
69 TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
70 TNC_ConnectionID connection_id,
71 TNC_ConnectionState new_state)
72 {
73 imc_state_t *state;
74 imc_test_state_t *test_state;
75 TNC_Result result;
76 TNC_UInt32 new_imc_id;
77 char *command;
78 bool retry;
79 int additional_ids;
80
81 if (!imc_test)
82 {
83 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
84 return TNC_RESULT_NOT_INITIALIZED;
85 }
86 switch (new_state)
87 {
88 case TNC_CONNECTION_STATE_CREATE:
89 command = lib->settings->get_str(lib->settings,
90 "libimcv.plugins.imc-test.command", "none");
91 retry = lib->settings->get_bool(lib->settings,
92 "libimcv.plugins.imc-test.retry", FALSE);
93 state = imc_test_state_create(connection_id, command, retry);
94
95 result = imc_test->create_state(imc_test, state);
96 if (result != TNC_RESULT_SUCCESS)
97 {
98 return result;
99 }
100
101 /* Do we want to reserve additional IMC IDs? */
102 additional_ids = lib->settings->get_int(lib->settings,
103 "libimcv.plugins.imc-test.additional_ids", 0);
104 if (additional_ids < 1)
105 {
106 return TNC_RESULT_SUCCESS;
107 }
108
109 if (!state->has_long(state))
110 {
111 DBG1(DBG_IMC, "IMC %u \"%s\" did not detect support of "
112 "multiple IMC IDs", imc_id, imc_name);
113 return TNC_RESULT_SUCCESS;
114 }
115 test_state = (imc_test_state_t*)state;
116
117 while (additional_ids-- > 0)
118 {
119 if (imc_test->reserve_additional_id(imc_test, &new_imc_id) !=
120 TNC_RESULT_SUCCESS)
121 {
122 DBG1(DBG_IMC, "IMC %u \"%s\" failed to reserve "
123 "%d additional IMC IDs",
124 imc_id, imc_name, additional_ids);
125 break;
126 }
127 DBG2(DBG_IMC, "IMC %u \"%s\" reserved additional ID %u",
128 imc_id, imc_name, new_imc_id);
129 test_state->add_id(test_state, new_imc_id);
130 }
131 return TNC_RESULT_SUCCESS;
132
133 case TNC_CONNECTION_STATE_HANDSHAKE:
134 /* get updated IMC state */
135 result = imc_test->change_state(imc_test, connection_id,
136 new_state, &state);
137 if (result != TNC_RESULT_SUCCESS)
138 {
139 return TNC_RESULT_FATAL;
140 }
141 test_state = (imc_test_state_t*)state;
142
143 /* is it the first handshake or a retry ? */
144 if (!test_state->is_first_handshake(test_state))
145 {
146 command = lib->settings->get_str(lib->settings,
147 "libimcv.plugins.imc-test.retry_command",
148 test_state->get_command(test_state));
149 test_state->set_command(test_state, command);
150 }
151 return TNC_RESULT_SUCCESS;
152
153 case TNC_CONNECTION_STATE_DELETE:
154 return imc_test->delete_state(imc_test, connection_id);
155
156 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
157 case TNC_CONNECTION_STATE_ACCESS_NONE:
158 /* get updated IMC state */
159 result = imc_test->change_state(imc_test, connection_id,
160 new_state, &state);
161 if (result != TNC_RESULT_SUCCESS)
162 {
163 return TNC_RESULT_FATAL;
164 }
165 test_state = (imc_test_state_t*)state;
166
167 /* do a handshake retry? */
168 if (test_state->do_handshake_retry(test_state))
169 {
170 return imc_test->request_handshake_retry(imc_id, connection_id,
171 TNC_RETRY_REASON_IMC_REMEDIATION_COMPLETE);
172 }
173 return TNC_RESULT_SUCCESS;
174
175 default:
176 return imc_test->change_state(imc_test, connection_id,
177 new_state, NULL);
178 }
179 }
180
181 static TNC_Result send_message(TNC_ConnectionID connection_id)
182 {
183 pa_tnc_msg_t *msg;
184 pa_tnc_attr_t *attr;
185 imc_state_t *state;
186 imc_test_state_t *test_state;
187 enumerator_t *enumerator;
188 void *pointer;
189 TNC_UInt32 imc_id;
190 TNC_Result result;
191
192 if (!imc_test->get_state(imc_test, connection_id, &state))
193 {
194 return TNC_RESULT_FATAL;
195 }
196 test_state = (imc_test_state_t*)state;
197
198 /* send PA message for primary IMC ID */
199 attr = ita_attr_command_create(test_state->get_command(test_state));
200 attr->set_noskip_flag(attr, TRUE);
201 msg = pa_tnc_msg_create();
202 msg->add_attribute(msg, attr);
203 msg->build(msg);
204 result = imc_test->send_message(imc_test, connection_id, FALSE, 0,
205 TNC_IMVID_ANY, msg->get_encoding(msg));
206 msg->destroy(msg);
207
208 /* send PA messages for additional IMC IDs */
209 enumerator = test_state->create_id_enumerator(test_state);
210 while (result == TNC_RESULT_SUCCESS &&
211 enumerator->enumerate(enumerator, &pointer))
212 {
213 /* interpret pointer as scalar value */
214 imc_id = (TNC_UInt32)pointer;
215
216 attr = ita_attr_command_create(test_state->get_command(test_state));
217 attr->set_noskip_flag(attr, TRUE);
218 msg = pa_tnc_msg_create();
219 msg->add_attribute(msg, attr);
220 msg->build(msg);
221 result = imc_test->send_message(imc_test, connection_id, FALSE, imc_id,
222 TNC_IMVID_ANY, msg->get_encoding(msg));
223 msg->destroy(msg);
224 }
225 enumerator->destroy(enumerator);
226
227 return result;
228 }
229
230 /**
231 * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
232 */
233 TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
234 TNC_ConnectionID connection_id)
235 {
236 if (!imc_test)
237 {
238 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
239 return TNC_RESULT_NOT_INITIALIZED;
240 }
241 return send_message(connection_id);
242 }
243
244 static TNC_Result receive_message(TNC_IMCID imc_id,
245 TNC_ConnectionID connection_id,
246 TNC_UInt32 msg_flags,
247 chunk_t msg,
248 TNC_VendorID msg_vid,
249 TNC_MessageSubtype msg_subtype,
250 TNC_UInt32 src_imv_id,
251 TNC_UInt32 dst_imc_id)
252 {
253 pa_tnc_msg_t *pa_tnc_msg;
254 pa_tnc_attr_t *attr;
255 imc_state_t *state;
256 enumerator_t *enumerator;
257 TNC_Result result;
258 bool fatal_error = FALSE;
259
260 if (!imc_test)
261 {
262 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
263 return TNC_RESULT_NOT_INITIALIZED;
264 }
265
266 /* get current IMC state */
267 if (!imc_test->get_state(imc_test, connection_id, &state))
268 {
269 return TNC_RESULT_FATAL;
270 }
271
272 /* parse received PA-TNC message and automatically handle any errors */
273 result = imc_test->receive_message(imc_test, state, msg, msg_vid,
274 msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg);
275
276 /* no parsed PA-TNC attributes available if an error occurred */
277 if (!pa_tnc_msg)
278 {
279 return result;
280 }
281
282 /* preprocess any IETF standard error attributes */
283 fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
284
285 /* analyze PA-TNC attributes */
286 enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
287 while (enumerator->enumerate(enumerator, &attr))
288 {
289 if (attr->get_vendor_id(attr) == PEN_ITA &&
290 attr->get_type(attr) == ITA_ATTR_COMMAND)
291 {
292 ita_attr_command_t *ita_attr;
293 char *command;
294
295 ita_attr = (ita_attr_command_t*)attr;
296 command = ita_attr->get_command(ita_attr);
297 }
298 }
299 enumerator->destroy(enumerator);
300 pa_tnc_msg->destroy(pa_tnc_msg);
301
302 /* if no error occurred then always return the same response */
303 return fatal_error ? TNC_RESULT_FATAL : send_message(connection_id);
304 }
305
306 /**
307 * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
308 */
309 TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
310 TNC_ConnectionID connection_id,
311 TNC_BufferReference msg,
312 TNC_UInt32 msg_len,
313 TNC_MessageType msg_type)
314 {
315 TNC_VendorID msg_vid;
316 TNC_MessageSubtype msg_subtype;
317
318 msg_vid = msg_type >> 8;
319 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
320
321 return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len),
322 msg_vid, msg_subtype, 0, TNC_IMCID_ANY);
323 }
324
325 /**
326 * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
327 */
328 TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
329 TNC_ConnectionID connection_id,
330 TNC_UInt32 msg_flags,
331 TNC_BufferReference msg,
332 TNC_UInt32 msg_len,
333 TNC_VendorID msg_vid,
334 TNC_MessageSubtype msg_subtype,
335 TNC_UInt32 src_imv_id,
336 TNC_UInt32 dst_imc_id)
337 {
338 return receive_message(imc_id, connection_id, msg_flags,
339 chunk_create(msg, msg_len), msg_vid, msg_subtype,
340 src_imv_id, dst_imc_id);
341 }
342
343 /**
344 * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
345 */
346 TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
347 TNC_ConnectionID connection_id)
348 {
349 if (!imc_test)
350 {
351 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
352 return TNC_RESULT_NOT_INITIALIZED;
353 }
354 return TNC_RESULT_SUCCESS;
355 }
356
357 /**
358 * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
359 */
360 TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
361 {
362 if (!imc_test)
363 {
364 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
365 return TNC_RESULT_NOT_INITIALIZED;
366 }
367 imc_test->destroy(imc_test);
368 imc_test = NULL;
369
370 return TNC_RESULT_SUCCESS;
371 }
372
373 /**
374 * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
375 */
376 TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
377 TNC_TNCC_BindFunctionPointer bind_function)
378 {
379 if (!imc_test)
380 {
381 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
382 return TNC_RESULT_NOT_INITIALIZED;
383 }
384 return imc_test->bind_functions(imc_test, bind_function);
385 }