projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
implemented IMC/IMV ReceiveMessageLong functions
[strongswan.git] / src / libimcv / plugins / imv_test / imv_test.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include "imv_test_state.h"
16
17 #include <imv/imv_agent.h>
18 #include <pa_tnc/pa_tnc_msg.h>
19 #include <ietf/ietf_attr.h>
20 #include <ietf/ietf_attr_pa_tnc_error.h>
21 #include <ita/ita_attr.h>
22 #include <ita/ita_attr_command.h>
23
24 #include <tncif_names.h>
25 #include <tncif_pa_subtypes.h>
26
27 #include <pen/pen.h>
28 #include <debug.h>
29
30 /* IMV definitions */
31
32 static const char imv_name[] = "Test";
33
34 #define IMV_VENDOR_ID PEN_ITA
35 #define IMV_SUBTYPE PA_SUBTYPE_ITA_TEST
36
37 static imv_agent_t *imv_test;
38
39 /**
40 * see section 3.8.1 of TCG TNC IF-IMV Specification 1.3
41 */
42 TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
43 TNC_Version min_version,
44 TNC_Version max_version,
45 TNC_Version *actual_version)
46 {
47 if (imv_test)
48 {
49 DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
50 return TNC_RESULT_ALREADY_INITIALIZED;
51 }
52 imv_test = imv_agent_create(imv_name, IMV_VENDOR_ID, IMV_SUBTYPE,
53 imv_id, actual_version);
54 if (!imv_test)
55 {
56 return TNC_RESULT_FATAL;
57 }
58 if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
59 {
60 DBG1(DBG_IMV, "no common IF-IMV version");
61 return TNC_RESULT_NO_COMMON_VERSION;
62 }
63 return TNC_RESULT_SUCCESS;
64 }
65
66 /**
67 * see section 3.8.2 of TCG TNC IF-IMV Specification 1.3
68 */
69 TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id,
70 TNC_ConnectionID connection_id,
71 TNC_ConnectionState new_state)
72 {
73 imv_state_t *state;
74 imv_test_state_t *test_state;
75 TNC_Result result;
76 int rounds;
77
78 if (!imv_test)
79 {
80 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
81 return TNC_RESULT_NOT_INITIALIZED;
82 }
83 switch (new_state)
84 {
85 case TNC_CONNECTION_STATE_CREATE:
86 state = imv_test_state_create(connection_id);
87 return imv_test->create_state(imv_test, state);
88 case TNC_CONNECTION_STATE_DELETE:
89 return imv_test->delete_state(imv_test, connection_id);
90 case TNC_CONNECTION_STATE_HANDSHAKE:
91 /* get updated IMV state */
92 result = imv_test->change_state(imv_test, connection_id,
93 new_state, &state);
94 if (result != TNC_RESULT_SUCCESS)
95 {
96 return result;
97 }
98 test_state = (imv_test_state_t*)state;
99
100 /* set the number of measurement rounds */
101 rounds = lib->settings->get_int(lib->settings,
102 "libimcv.plugins.imv-test.rounds", 0);
103 test_state->set_rounds(test_state, rounds);
104 return TNC_RESULT_SUCCESS;
105 default:
106 return imv_test->change_state(imv_test, connection_id,
107 new_state, NULL);
108 }
109 }
110
111 static TNC_Result send_message(TNC_ConnectionID connection_id)
112 {
113 pa_tnc_msg_t *msg;
114 pa_tnc_attr_t *attr;
115 TNC_Result result;
116
117 attr = ita_attr_command_create("repeat");
118 msg = pa_tnc_msg_create();
119 msg->add_attribute(msg, attr);
120 msg->build(msg);
121 result = imv_test->send_message(imv_test, connection_id, FALSE, 0,
122 TNC_IMCID_ANY, msg->get_encoding(msg));
123 msg->destroy(msg);
124
125 return result;
126 }
127
128 static TNC_Result receive_message(TNC_IMVID imv_id,
129 TNC_ConnectionID connection_id,
130 TNC_UInt32 msg_flags,
131 chunk_t msg,
132 TNC_VendorID msg_vid,
133 TNC_MessageSubtype msg_subtype,
134 TNC_UInt32 src_imc_id,
135 TNC_UInt32 dst_imv_id)
136 {
137 pa_tnc_msg_t *pa_tnc_msg;
138 pa_tnc_attr_t *attr;
139 imv_state_t *state;
140 imv_test_state_t *imv_test_state;
141 enumerator_t *enumerator;
142 TNC_Result result;
143 bool fatal_error = FALSE, retry = FALSE;
144
145 if (!imv_test)
146 {
147 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
148 return TNC_RESULT_NOT_INITIALIZED;
149 }
150
151 /* get current IMV state */
152 if (!imv_test->get_state(imv_test, connection_id, &state))
153 {
154 return TNC_RESULT_FATAL;
155 }
156
157 /* parse received PA-TNC message and automatically handle any errors */
158 result = imv_test->receive_message(imv_test, state, msg, msg_vid,
159 msg_subtype, src_imc_id, dst_imv_id, &pa_tnc_msg);
160
161 /* no parsed PA-TNC attributes available if an error occurred */
162 if (!pa_tnc_msg)
163 {
164 return result;
165 }
166
167 /* analyze PA-TNC attributes */
168 enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
169 while (enumerator->enumerate(enumerator, &attr))
170 {
171 if (attr->get_vendor_id(attr) == PEN_IETF &&
172 attr->get_type(attr) == IETF_ATTR_PA_TNC_ERROR)
173 {
174 ietf_attr_pa_tnc_error_t *error_attr;
175 pa_tnc_error_code_t error_code;
176 chunk_t msg_info, attr_info;
177 u_int32_t offset;
178
179 error_attr = (ietf_attr_pa_tnc_error_t*)attr;
180 error_code = error_attr->get_error_code(error_attr);
181 msg_info = error_attr->get_msg_info(error_attr);
182
183 DBG1(DBG_IMV, "received PA-TNC error '%N' concerning message %#B",
184 pa_tnc_error_code_names, error_code, &msg_info);
185 switch (error_code)
186 {
187 case PA_ERROR_INVALID_PARAMETER:
188 offset = error_attr->get_offset(error_attr);
189 DBG1(DBG_IMV, " occurred at offset of %u bytes", offset);
190 break;
191 case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
192 attr_info = error_attr->get_attr_info(error_attr);
193 DBG1(DBG_IMV, " unsupported attribute %#B", &attr_info);
194 break;
195 default:
196 break;
197 }
198 fatal_error = TRUE;
199 }
200 else if (attr->get_vendor_id(attr) == PEN_ITA &&
201 attr->get_type(attr) == ITA_ATTR_COMMAND)
202 {
203 ita_attr_command_t *ita_attr;
204 char *command;
205
206 ita_attr = (ita_attr_command_t*)attr;
207 command = ita_attr->get_command(ita_attr);
208
209 if (streq(command, "allow"))
210 {
211 state->set_recommendation(state,
212 TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
213 TNC_IMV_EVALUATION_RESULT_COMPLIANT);
214 }
215 else if (streq(command, "isolate"))
216 {
217 state->set_recommendation(state,
218 TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
219 TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
220 }
221 else if (streq(command, "block") || streq(command, "none"))
222 {
223 state->set_recommendation(state,
224 TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
225 TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR);
226 }
227 else if (streq(command, "retry"))
228 {
229 retry = TRUE;
230 }
231 else
232 {
233 DBG1(DBG_IMV, "unsupported ITA Command '%s'", command);
234 state->set_recommendation(state,
235 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
236 TNC_IMV_EVALUATION_RESULT_ERROR);
237 }
238 }
239 }
240 enumerator->destroy(enumerator);
241 pa_tnc_msg->destroy(pa_tnc_msg);
242
243 if (fatal_error)
244 {
245 state->set_recommendation(state,
246 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
247 TNC_IMV_EVALUATION_RESULT_ERROR);
248 return imv_test->provide_recommendation(imv_test, connection_id);
249 }
250
251 /* request a handshake retry ? */
252 if (retry)
253 {
254 return imv_test->request_handshake_retry(imv_id, connection_id,
255 TNC_RETRY_REASON_IMV_SERIOUS_EVENT);
256 }
257
258 /* repeat the measurement ? */
259 imv_test_state = (imv_test_state_t*)state;
260 if (imv_test_state->another_round(imv_test_state))
261 {
262 return send_message(connection_id);
263 }
264
265 return imv_test->provide_recommendation(imv_test, connection_id);
266 }
267
268 /**
269 * see section 3.8.4 of TCG TNC IF-IMV Specification 1.3
270 */
271 TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
272 TNC_ConnectionID connection_id,
273 TNC_BufferReference msg,
274 TNC_UInt32 msg_len,
275 TNC_MessageType msg_type)
276 {
277 TNC_VendorID msg_vid;
278 TNC_MessageSubtype msg_subtype;
279
280 msg_vid = msg_type >> 8;
281 msg_subtype = msg_type & TNC_SUBTYPE_ANY;
282
283 return receive_message(imv_id, connection_id, 0, chunk_create(msg, msg_len),
284 msg_vid, msg_subtype, 0, TNC_IMVID_ANY);
285 }
286
287 /**
288 * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
289 */
290 TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id,
291 TNC_ConnectionID connection_id,
292 TNC_UInt32 msg_flags,
293 TNC_BufferReference msg,
294 TNC_UInt32 msg_len,
295 TNC_VendorID msg_vid,
296 TNC_MessageSubtype msg_subtype,
297 TNC_UInt32 src_imc_id,
298 TNC_UInt32 dst_imv_id)
299 {
300 return receive_message(imv_id, connection_id, msg_flags,
301 chunk_create(msg, msg_len), msg_vid, msg_subtype,
302 src_imc_id, dst_imv_id);
303 }
304
305 /**
306 * see section 3.8.7 of TCG TNC IF-IMV Specification 1.3
307 */
308 TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id,
309 TNC_ConnectionID connection_id)
310 {
311 if (!imv_test)
312 {
313 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
314 return TNC_RESULT_NOT_INITIALIZED;
315 }
316 return imv_test->provide_recommendation(imv_test, connection_id);
317 }
318
319 /**
320 * see section 3.8.8 of TCG TNC IF-IMV Specification 1.3
321 */
322 TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
323 TNC_ConnectionID connection_id)
324 {
325 if (!imv_test)
326 {
327 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
328 return TNC_RESULT_NOT_INITIALIZED;
329 }
330 return TNC_RESULT_SUCCESS;
331 }
332
333 /**
334 * see section 3.8.9 of TCG TNC IF-IMV Specification 1.3
335 */
336 TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id)
337 {
338 if (!imv_test)
339 {
340 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
341 return TNC_RESULT_NOT_INITIALIZED;
342 }
343 imv_test->destroy(imv_test);
344 imv_test = NULL;
345
346 return TNC_RESULT_SUCCESS;
347 }
348
349 /**
350 * see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.3
351 */
352 TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id,
353 TNC_TNCS_BindFunctionPointer bind_function)
354 {
355 if (!imv_test)
356 {
357 DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
358 return TNC_RESULT_NOT_INITIALIZED;
359 }
360 return imv_test->bind_functions(imv_test, bind_function);
361 }
strongSwan - IPsec VPN