projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
no need to include pa_tnc_msg.h
[strongswan.git] / src / libimcv / plugins / imv_test / imv_test.c
1 /*
2 * Copyright (C) 2011-2012 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_test_state.h"
17
18 #include <imv/imv_agent.h>
19 #include <imv/imv_msg.h>
20 #include <ietf/ietf_attr.h>
21 #include <ietf/ietf_attr_pa_tnc_error.h>
22 #include <ita/ita_attr.h>
23 #include <ita/ita_attr_command.h>
24 #include <ita/ita_attr_dummy.h>
25
26 #include <tncif_names.h>
27 #include <tncif_pa_subtypes.h>
28
29 #include <pen/pen.h>
30 #include <debug.h>
31
32 /* IMV definitions */
33
34 static const char imv_name[] = "Test";
35
36 static pen_type_t msg_types[] = {
37 { PEN_ITA, PA_SUBTYPE_ITA_TEST }
38 };
39
40 static imv_agent_t *imv_test;
41
42 /**
43 * see section 3.8.1 of TCG TNC IF-IMV Specification 1.3
44 */
45 TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
46 TNC_Version min_version,
47 TNC_Version max_version,
48 TNC_Version *actual_version)
49 {
50 if (imv_test)
51 {
52 DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
53 return TNC_RESULT_ALREADY_INITIALIZED;
54 }
55 imv_test = imv_agent_create(imv_name, msg_types, 1, imv_id, actual_version);
56 if (!imv_test)
57 {
58 return TNC_RESULT_FATAL;
59 }
60 if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
61 {
62 DBG1(DBG_IMV, "no common IF-IMV version");
63 return TNC_RESULT_NO_COMMON_VERSION;
64 }
65 return TNC_RESULT_SUCCESS;
66 }
67
68 /**
69 * see section 3.8.2 of TCG TNC IF-IMV Specification 1.3
70 */
71 TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id,
72 TNC_ConnectionID connection_id,
73 TNC_ConnectionState new_state)
74 {
75 imv_state_t *state;
76
77 if (!imv_test)
78 {
79 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
80 return TNC_RESULT_NOT_INITIALIZED;
81 }
82 switch (new_state)
83 {
84 case TNC_CONNECTION_STATE_CREATE:
85 state = imv_test_state_create(connection_id);
86 return imv_test->create_state(imv_test, state);
87 case TNC_CONNECTION_STATE_DELETE:
88 return imv_test->delete_state(imv_test, connection_id);
89 default:
90 return imv_test->change_state(imv_test, connection_id,
91 new_state, NULL);
92 }
93 }
94
95 static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg)
96 {
97 imv_msg_t *out_msg;
98 imv_test_state_t *test_state;
99 enumerator_t *enumerator;
100 pa_tnc_attr_t *attr;
101 pen_type_t attr_type;
102 TNC_Result result;
103 int rounds;
104 bool fatal_error = FALSE, received_command = FALSE, retry = FALSE;
105
106 /* parse received PA-TNC message and handle local and remote errors */
107 result = in_msg->receive(in_msg, &fatal_error);
108 if (result != TNC_RESULT_SUCCESS)
109 {
110 return result;
111 }
112
113 /* add any new IMC and set its number of rounds */
114 rounds = lib->settings->get_int(lib->settings,
115 "libimcv.plugins.imv-test.rounds", 0);
116 test_state = (imv_test_state_t*)state;
117 test_state->add_imc(test_state, in_msg->get_src_id(in_msg), rounds);
118
119 /* analyze PA-TNC attributes */
120 enumerator = in_msg->create_attribute_enumerator(in_msg);
121 while (enumerator->enumerate(enumerator, &attr))
122 {
123 attr_type = attr->get_type(attr);
124
125 if (attr_type.vendor_id != PEN_ITA)
126 {
127 continue;
128 }
129 if (attr_type.type == ITA_ATTR_COMMAND)
130 {
131 ita_attr_command_t *ita_attr;
132 char *command;
133
134 received_command = TRUE;
135 ita_attr = (ita_attr_command_t*)attr;
136 command = ita_attr->get_command(ita_attr);
137
138 if (streq(command, "allow"))
139 {
140 state->set_recommendation(state,
141 TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
142 TNC_IMV_EVALUATION_RESULT_COMPLIANT);
143 }
144 else if (streq(command, "isolate"))
145 {
146 state->set_recommendation(state,
147 TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
148 TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
149 }
150 else if (streq(command, "block") || streq(command, "none"))
151 {
152 state->set_recommendation(state,
153 TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
154 TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR);
155 }
156 else if (streq(command, "retry"))
157 {
158 retry = TRUE;
159 }
160 else
161 {
162 DBG1(DBG_IMV, "unsupported ITA Command '%s'", command);
163 state->set_recommendation(state,
164 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
165 TNC_IMV_EVALUATION_RESULT_ERROR);
166 }
167 }
168 else if (attr_type.type == ITA_ATTR_DUMMY)
169 {
170 ita_attr_dummy_t *ita_attr;
171
172 ita_attr = (ita_attr_dummy_t*)attr;
173 DBG1(DBG_IMV, "received dummy attribute value (%d bytes)",
174 ita_attr->get_size(ita_attr));
175 }
176 }
177 enumerator->destroy(enumerator);
178
179 if (fatal_error)
180 {
181 state->set_recommendation(state,
182 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
183 TNC_IMV_EVALUATION_RESULT_ERROR);
184 out_msg = imv_msg_create_as_reply(in_msg);
185 result = out_msg->send_assessment(out_msg);
186 out_msg->destroy(out_msg);
187 if (result != TNC_RESULT_SUCCESS)
188 {
189 return result;
190 }
191 return imv_test->provide_recommendation(imv_test, state);
192 }
193
194 /* request a handshake retry ? */
195 if (retry)
196 {
197 test_state->set_rounds(test_state, rounds);
198 return imv_test->request_handshake_retry(imv_test->get_id(imv_test),
199 state->get_connection_id(state),
200 TNC_RETRY_REASON_IMV_SERIOUS_EVENT);
201 }
202
203 /* repeat the measurement ? */
204 if (test_state->another_round(test_state, in_msg->get_src_id(in_msg)))
205 {
206 out_msg = imv_msg_create_as_reply(in_msg);
207 attr = ita_attr_command_create("repeat");
208 out_msg->add_attribute(out_msg, attr);
209
210 /* send PA-TNC message with excl flag set */
211 result = out_msg->send(out_msg, TRUE);
212 out_msg->destroy(out_msg);
213
214 return result;
215 }
216
217 if (received_command)
218 {
219 out_msg = imv_msg_create_as_reply(in_msg);
220 result = out_msg->send_assessment(out_msg);
221 out_msg->destroy(out_msg);
222 if (result != TNC_RESULT_SUCCESS)
223 {
224 return result;
225 }
226 return imv_test->provide_recommendation(imv_test, state);
227 }
228 else
229 {
230 return TNC_RESULT_SUCCESS;
231 }
232 }
233
234 /**
235 * see section 3.8.4 of TCG TNC IF-IMV Specification 1.3
236 */
237 TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
238 TNC_ConnectionID connection_id,
239 TNC_BufferReference msg,
240 TNC_UInt32 msg_len,
241 TNC_MessageType msg_type)
242 {
243 imv_state_t *state;
244 imv_msg_t *in_msg;
245 TNC_Result result;
246
247 if (!imv_test)
248 {
249 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
250 return TNC_RESULT_NOT_INITIALIZED;
251 }
252 if (!imv_test->get_state(imv_test, connection_id, &state))
253 {
254 return TNC_RESULT_FATAL;
255 }
256 in_msg = imv_msg_create_from_data(imv_test, state, connection_id, msg_type,
257 chunk_create(msg, msg_len));
258 result = receive_message(state, in_msg);
259 in_msg->destroy(in_msg);
260
261 return result;
262 }
263
264 /**
265 * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
266 */
267 TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id,
268 TNC_ConnectionID connection_id,
269 TNC_UInt32 msg_flags,
270 TNC_BufferReference msg,
271 TNC_UInt32 msg_len,
272 TNC_VendorID msg_vid,
273 TNC_MessageSubtype msg_subtype,
274 TNC_UInt32 src_imc_id,
275 TNC_UInt32 dst_imv_id)
276 {
277 imv_state_t *state;
278 imv_msg_t *in_msg;
279 TNC_Result result;
280
281 if (!imv_test)
282 {
283 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
284 return TNC_RESULT_NOT_INITIALIZED;
285 }
286 if (!imv_test->get_state(imv_test, connection_id, &state))
287 {
288 return TNC_RESULT_FATAL;
289 }
290 in_msg = imv_msg_create_from_long_data(imv_test, state, connection_id,
291 src_imc_id, dst_imv_id, msg_vid, msg_subtype,
292 chunk_create(msg, msg_len));
293 result =receive_message(state, in_msg);
294 in_msg->destroy(in_msg);
295
296 return result;
297 }
298
299 /**
300 * see section 3.8.7 of TCG TNC IF-IMV Specification 1.3
301 */
302 TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id,
303 TNC_ConnectionID connection_id)
304 {
305 imv_state_t *state;
306
307 if (!imv_test)
308 {
309 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
310 return TNC_RESULT_NOT_INITIALIZED;
311 }
312 if (!imv_test->get_state(imv_test, connection_id, &state))
313 {
314 return TNC_RESULT_FATAL;
315 }
316 return imv_test->provide_recommendation(imv_test, state);
317 }
318
319 /**
320 * see section 3.8.8 of TCG TNC IF-IMV Specification 1.3
321 */
322 TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
323 TNC_ConnectionID connection_id)
324 {
325 if (!imv_test)
326 {
327 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
328 return TNC_RESULT_NOT_INITIALIZED;
329 }
330 return TNC_RESULT_SUCCESS;
331 }
332
333 /**
334 * see section 3.8.9 of TCG TNC IF-IMV Specification 1.3
335 */
336 TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id)
337 {
338 if (!imv_test)
339 {
340 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
341 return TNC_RESULT_NOT_INITIALIZED;
342 }
343 imv_test->destroy(imv_test);
344 imv_test = NULL;
345
346 return TNC_RESULT_SUCCESS;
347 }
348
349 /**
350 * see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.3
351 */
352 TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id,
353 TNC_TNCS_BindFunctionPointer bind_function)
354 {
355 if (!imv_test)
356 {
357 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
358 return TNC_RESULT_NOT_INITIALIZED;
359 }
360 return imv_test->bind_functions(imv_test, bind_function);
361 }
strongSwan - IPsec VPN