bc2a233f6e2d6b831b00ab820b3a38877657bea9
[strongswan.git] / src / libimcv / plugins / imc_test / imc_test.c
1 /*
2 * Copyright (C) 2011-2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_test_state.h"
17
18 #include <imc/imc_agent.h>
19 #include <pa_tnc/pa_tnc_msg.h>
20 #include <ietf/ietf_attr.h>
21 #include <ietf/ietf_attr_pa_tnc_error.h>
22 #include <ita/ita_attr.h>
23 #include <ita/ita_attr_command.h>
24 #include <ita/ita_attr_dummy.h>
25
26 #include <tncif_names.h>
27 #include <tncif_pa_subtypes.h>
28
29 #include <pen/pen.h>
30 #include <debug.h>
31
32 /* IMC definitions */
33
34 static const char imc_name[] = "Test";
35
36 #define IMC_VENDOR_ID PEN_ITA
37 #define IMC_SUBTYPE PA_SUBTYPE_ITA_TEST
38
39 static imc_agent_t *imc_test;
40
41 /**
42 * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
43 */
44 TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
45 TNC_Version min_version,
46 TNC_Version max_version,
47 TNC_Version *actual_version)
48 {
49 if (imc_test)
50 {
51 DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
52 return TNC_RESULT_ALREADY_INITIALIZED;
53 }
54 imc_test = imc_agent_create(imc_name, IMC_VENDOR_ID, IMC_SUBTYPE,
55 imc_id, actual_version);
56 if (!imc_test)
57 {
58 return TNC_RESULT_FATAL;
59 }
60 if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
61 {
62 DBG1(DBG_IMC, "no common IF-IMC version");
63 return TNC_RESULT_NO_COMMON_VERSION;
64 }
65 return TNC_RESULT_SUCCESS;
66 }
67
68 /**
69 * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
70 */
71 TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
72 TNC_ConnectionID connection_id,
73 TNC_ConnectionState new_state)
74 {
75 imc_state_t *state;
76 imc_test_state_t *test_state;
77 TNC_Result result;
78 char *command;
79 bool retry;
80 int dummy_size, additional_ids;
81
82 if (!imc_test)
83 {
84 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
85 return TNC_RESULT_NOT_INITIALIZED;
86 }
87
88 switch (new_state)
89 {
90 case TNC_CONNECTION_STATE_CREATE:
91 command = lib->settings->get_str(lib->settings,
92 "libimcv.plugins.imc-test.command", "none");
93 dummy_size = lib->settings->get_int(lib->settings,
94 "libimcv.plugins.imc-test.dummy_size", 0);
95 retry = lib->settings->get_bool(lib->settings,
96 "libimcv.plugins.imc-test.retry", FALSE);
97 state = imc_test_state_create(connection_id, command, dummy_size,
98 retry);
99
100 result = imc_test->create_state(imc_test, state);
101 if (result != TNC_RESULT_SUCCESS)
102 {
103 return result;
104 }
105
106 /* Optionally reserve additional IMC IDs */
107 additional_ids = lib->settings->get_int(lib->settings,
108 "libimcv.plugins.imc-test.additional_ids", 0);
109 imc_test->reserve_additional_ids(imc_test, additional_ids -
110 imc_test->count_additional_ids(imc_test));
111
112 return TNC_RESULT_SUCCESS;
113
114 case TNC_CONNECTION_STATE_HANDSHAKE:
115 /* get updated IMC state */
116 result = imc_test->change_state(imc_test, connection_id,
117 new_state, &state);
118 if (result != TNC_RESULT_SUCCESS)
119 {
120 return TNC_RESULT_FATAL;
121 }
122 test_state = (imc_test_state_t*)state;
123
124 /* is it the first handshake or a retry ? */
125 if (!test_state->is_first_handshake(test_state))
126 {
127 command = lib->settings->get_str(lib->settings,
128 "libimcv.plugins.imc-test.retry_command",
129 test_state->get_command(test_state));
130 test_state->set_command(test_state, command);
131 }
132 return TNC_RESULT_SUCCESS;
133
134 case TNC_CONNECTION_STATE_DELETE:
135 return imc_test->delete_state(imc_test, connection_id);
136
137 case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
138 case TNC_CONNECTION_STATE_ACCESS_NONE:
139 /* get updated IMC state */
140 result = imc_test->change_state(imc_test, connection_id,
141 new_state, &state);
142 if (result != TNC_RESULT_SUCCESS)
143 {
144 return TNC_RESULT_FATAL;
145 }
146 test_state = (imc_test_state_t*)state;
147
148 /* do a handshake retry? */
149 if (test_state->do_handshake_retry(test_state))
150 {
151 return imc_test->request_handshake_retry(imc_id, connection_id,
152 TNC_RETRY_REASON_IMC_REMEDIATION_COMPLETE);
153 }
154 return TNC_RESULT_SUCCESS;
155
156 default:
157 return imc_test->change_state(imc_test, connection_id,
158 new_state, NULL);
159 }
160 }
161
162 static TNC_Result send_message(imc_state_t *state, TNC_UInt32 src_imc_id,
163 TNC_UInt32 dst_imv_id)
164 {
165 imc_test_state_t *test_state;
166 linked_list_t *attr_list;
167 pa_tnc_attr_t *attr;
168 bool excl;
169 TNC_ConnectionID connection_id;
170 TNC_Result result;
171
172 attr_list = linked_list_create();
173 connection_id = state->get_connection_id(state);
174 test_state = (imc_test_state_t*)state;
175
176 if (test_state->get_dummy_size(test_state))
177 {
178 attr = ita_attr_dummy_create(test_state->get_dummy_size(test_state));
179 attr->set_noskip_flag(attr, TRUE);
180 attr_list->insert_last(attr_list, attr);
181 }
182 attr = ita_attr_command_create(test_state->get_command(test_state));
183 attr->set_noskip_flag(attr, TRUE);
184 attr_list->insert_last(attr_list, attr);
185
186 excl = dst_imv_id != TNC_IMVID_ANY;
187 result = imc_test->send_message(imc_test, connection_id, excl, src_imc_id,
188 dst_imv_id, attr_list);
189 attr_list->destroy(attr_list);
190
191 return result;
192 }
193
194 /**
195 * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
196 */
197 TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
198 TNC_ConnectionID connection_id)
199 {
200 imc_state_t *state;
201 enumerator_t *enumerator;
202 void *pointer;
203 TNC_UInt32 additional_id;
204 TNC_Result result;
205
206 if (!imc_test)
207 {
208 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
209 return TNC_RESULT_NOT_INITIALIZED;
210 }
211
212 /* get current IMC state */
213 if (!imc_test->get_state(imc_test, connection_id, &state))
214 {
215 return TNC_RESULT_FATAL;
216 }
217
218 /* send PA message for primary IMC ID */
219 result = send_message(state, imc_id, TNC_IMVID_ANY);
220
221 /* Exit if there are no additional IMC IDs */
222 if (!imc_test->count_additional_ids(imc_test))
223 {
224 return result;
225 }
226
227 /* Do we have support for transporting multiple IMC IDs? */
228 if (!state->has_long(state))
229 {
230 DBG1(DBG_IMC, "IMC %u \"%s\" did not detect support for transporting "
231 "multiple IMC IDs", imc_id, imc_name);
232 return result;
233 }
234
235 /* send PA messages for additional IMC IDs */
236 enumerator = imc_test->create_id_enumerator(imc_test);
237 while (result == TNC_RESULT_SUCCESS &&
238 enumerator->enumerate(enumerator, &pointer))
239 {
240 /* interpret pointer as scalar value */
241 additional_id = (TNC_UInt32)pointer;
242 result = send_message(state, additional_id, TNC_IMVID_ANY);
243 }
244 enumerator->destroy(enumerator);
245
246 return result;
247 }
248
249 static TNC_Result receive_message(TNC_IMCID imc_id,
250 TNC_ConnectionID connection_id,
251 TNC_UInt32 msg_flags,
252 chunk_t msg,
253 TNC_VendorID msg_vid,
254 TNC_MessageSubtype msg_subtype,
255 TNC_UInt32 src_imv_id,
256 TNC_UInt32 dst_imc_id)
257 {
258 pa_tnc_msg_t *pa_tnc_msg;
259 pa_tnc_attr_t *attr;
260 pen_type_t attr_type;
261 imc_state_t *state;
262 enumerator_t *enumerator;
263 TNC_Result result;
264 bool fatal_error = FALSE;
265
266 if (!imc_test)
267 {
268 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
269 return TNC_RESULT_NOT_INITIALIZED;
270 }
271
272 /* get current IMC state */
273 if (!imc_test->get_state(imc_test, connection_id, &state))
274 {
275 return TNC_RESULT_FATAL;
276 }
277
278 /* parse received PA-TNC message and automatically handle any errors */
279 result = imc_test->receive_message(imc_test, state, msg, msg_vid,
280 msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg);
281
282 /* no parsed PA-TNC attributes available if an error occurred */
283 if (!pa_tnc_msg)
284 {
285 return result;
286 }
287
288 /* preprocess any IETF standard error attributes */
289 fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg);
290
291 /* analyze PA-TNC attributes */
292 enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
293 while (enumerator->enumerate(enumerator, &attr))
294 {
295 attr_type = attr->get_type(attr);
296
297 if (attr_type.vendor_id != PEN_ITA)
298 {
299 continue;
300 }
301 if (attr_type.type == ITA_ATTR_COMMAND)
302 {
303 ita_attr_command_t *ita_attr;
304
305 ita_attr = (ita_attr_command_t*)attr;
306 DBG1(DBG_IMC, "received command '%s'",
307 ita_attr->get_command(ita_attr));
308 }
309 else if (attr_type.type == ITA_ATTR_DUMMY)
310 {
311 ita_attr_dummy_t *ita_attr;
312
313 ita_attr = (ita_attr_dummy_t*)attr;
314 DBG1(DBG_IMC, "received dummy attribute value (%d bytes)",
315 ita_attr->get_size(ita_attr));
316 }
317 }
318 enumerator->destroy(enumerator);
319 pa_tnc_msg->destroy(pa_tnc_msg);
320
321 /* if no error occurred then always return the same response */
322 return fatal_error ? TNC_RESULT_FATAL :
323 send_message(state, dst_imc_id, src_imv_id);
324 }
325
326 /**
327 * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
328 */
329 TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
330 TNC_ConnectionID connection_id,
331 TNC_BufferReference msg,
332 TNC_UInt32 msg_len,
333 TNC_MessageType msg_type)
334 {
335 TNC_VendorID msg_vid;
336 TNC_MessageSubtype msg_subtype;
337
338 msg_vid = msg_type >> 8;
339 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
340
341 return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len),
342 msg_vid, msg_subtype, 0, TNC_IMCID_ANY);
343 }
344
345 /**
346 * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
347 */
348 TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
349 TNC_ConnectionID connection_id,
350 TNC_UInt32 msg_flags,
351 TNC_BufferReference msg,
352 TNC_UInt32 msg_len,
353 TNC_VendorID msg_vid,
354 TNC_MessageSubtype msg_subtype,
355 TNC_UInt32 src_imv_id,
356 TNC_UInt32 dst_imc_id)
357 {
358 return receive_message(imc_id, connection_id, msg_flags,
359 chunk_create(msg, msg_len), msg_vid, msg_subtype,
360 src_imv_id, dst_imc_id);
361 }
362
363 /**
364 * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
365 */
366 TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
367 TNC_ConnectionID connection_id)
368 {
369 if (!imc_test)
370 {
371 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
372 return TNC_RESULT_NOT_INITIALIZED;
373 }
374 return TNC_RESULT_SUCCESS;
375 }
376
377 /**
378 * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
379 */
380 TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
381 {
382 if (!imc_test)
383 {
384 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
385 return TNC_RESULT_NOT_INITIALIZED;
386 }
387 imc_test->destroy(imc_test);
388 imc_test = NULL;
389
390 return TNC_RESULT_SUCCESS;
391 }
392
393 /**
394 * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
395 */
396 TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
397 TNC_TNCC_BindFunctionPointer bind_function)
398 {
399 if (!imc_test)
400 {
401 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
402 return TNC_RESULT_NOT_INITIALIZED;
403 }
404 return imc_test->bind_functions(imc_test, bind_function);
405 }