projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SWID IMC implements recursive tag collection in /usr/share
[strongswan.git] / src / libpts / plugins / imc_swid / imc_swid.c
1 /*
2 * Copyright (C) 2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imc_swid_state.h"
17
18 #include "libpts.h"
19 #include "swid/swid_inventory.h"
20 #include "swid/swid_error.h"
21 #include "tcg/swid/tcg_swid_attr_req.h"
22 #include "tcg/swid/tcg_swid_attr_tag_inv.h"
23 #include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
24
25 #include <imc/imc_agent.h>
26 #include <imc/imc_msg.h>
27
28 #include <tncif_pa_subtypes.h>
29
30 #include <pen/pen.h>
31 #include <utils/debug.h>
32
33
34 /* IMC definitions */
35
36 static const char imc_name[] = "SWID";
37
38 static pen_type_t msg_types[] = {
39 { PEN_TCG, PA_SUBTYPE_TCG_SWID }
40 };
41
42 static imc_agent_t *imc_swid;
43
44 /**
45 * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
46 */
47 TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
48 TNC_Version min_version,
49 TNC_Version max_version,
50 TNC_Version *actual_version)
51 {
52 if (imc_swid)
53 {
54 DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
55 return TNC_RESULT_ALREADY_INITIALIZED;
56 }
57 imc_swid = imc_agent_create(imc_name, msg_types, countof(msg_types),
58 imc_id, actual_version);
59 if (!imc_swid)
60 {
61 return TNC_RESULT_FATAL;
62 }
63
64 libpts_init();
65
66 if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
67 {
68 DBG1(DBG_IMC, "no common IF-IMC version");
69 return TNC_RESULT_NO_COMMON_VERSION;
70 }
71 return TNC_RESULT_SUCCESS;
72 }
73
74 /**
75 * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
76 */
77 TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
78 TNC_ConnectionID connection_id,
79 TNC_ConnectionState new_state)
80 {
81 imc_state_t *state;
82
83 if (!imc_swid)
84 {
85 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
86 return TNC_RESULT_NOT_INITIALIZED;
87 }
88 switch (new_state)
89 {
90 case TNC_CONNECTION_STATE_CREATE:
91 state = imc_swid_state_create(connection_id);
92 return imc_swid->create_state(imc_swid, state);
93 case TNC_CONNECTION_STATE_HANDSHAKE:
94 if (imc_swid->change_state(imc_swid, connection_id, new_state,
95 &state) != TNC_RESULT_SUCCESS)
96 {
97 return TNC_RESULT_FATAL;
98 }
99 state->set_result(state, imc_id,
100 TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
101 return TNC_RESULT_SUCCESS;
102 case TNC_CONNECTION_STATE_DELETE:
103 return imc_swid->delete_state(imc_swid, connection_id);
104 default:
105 return imc_swid->change_state(imc_swid, connection_id,
106 new_state, NULL);
107 }
108 }
109
110 /**
111 * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
112 */
113 TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
114 TNC_ConnectionID connection_id)
115 {
116 imc_state_t *state;
117
118 if (!imc_swid)
119 {
120 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
121 return TNC_RESULT_NOT_INITIALIZED;
122 }
123 if (!imc_swid->get_state(imc_swid, connection_id, &state))
124 {
125 return TNC_RESULT_FATAL;
126 }
127
128 return TNC_RESULT_SUCCESS;
129 }
130
131 static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
132 {
133 imc_msg_t *out_msg;
134 imc_swid_state_t *swid_state;
135 enumerator_t *enumerator;
136 pa_tnc_attr_t *attr;
137 pen_type_t type;
138 TNC_Result result;
139 bool fatal_error = FALSE;
140
141 /* parse received PA-TNC message and handle local and remote errors */
142 result = in_msg->receive(in_msg, &fatal_error);
143 if (result != TNC_RESULT_SUCCESS)
144 {
145 return result;
146 }
147 out_msg = imc_msg_create_as_reply(in_msg);
148 swid_state = (imc_swid_state_t*)state;
149
150 /* analyze PA-TNC attributes */
151 enumerator = in_msg->create_attribute_enumerator(in_msg);
152 while (enumerator->enumerate(enumerator, &attr))
153 {
154 tcg_swid_attr_req_t *attr_req;
155 u_int8_t flags;
156 u_int32_t request_id, eid_epoch;
157 swid_inventory_t *swid_inventory;
158 bool full_tags;
159
160 type = attr->get_type(attr);
161
162 if (type.vendor_id != PEN_TCG || type.type != TCG_SWID_REQUEST)
163 {
164 continue;
165 }
166
167 attr_req = (tcg_swid_attr_req_t*)attr;
168 flags = attr_req->get_flags(attr_req);
169 request_id = attr_req->get_request_id(attr_req);
170 eid_epoch = swid_state->get_eid_epoch(swid_state);
171
172 if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
173 {
174 attr = swid_error_create(TCG_SWID_SUBSCRIPTION_DENIED, request_id,
175 0, "no subscription available yet");
176 out_msg->add_attribute(out_msg, attr);
177 break;
178 }
179 full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
180
181 swid_inventory = swid_inventory_create(full_tags);
182 if (!swid_inventory->collect(swid_inventory))
183 {
184 swid_inventory->destroy(swid_inventory);
185 attr = swid_error_create(TCG_SWID_ERROR, request_id,
186 0, "error in SWID tag collection");
187 out_msg->add_attribute(out_msg, attr);
188 break;
189 }
190
191 if (full_tags)
192 {
193 attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1,
194 swid_inventory);
195 }
196 else
197 {
198 attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1,
199 swid_inventory);
200 }
201 out_msg->add_attribute(out_msg, attr);
202 }
203 enumerator->destroy(enumerator);
204
205 if (fatal_error)
206 {
207 result = TNC_RESULT_FATAL;
208 }
209 else
210 {
211 result = out_msg->send(out_msg, TRUE);
212 }
213 out_msg->destroy(out_msg);
214
215 return result;
216 }
217
218 /**
219 * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
220
221 */
222 TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
223 TNC_ConnectionID connection_id,
224 TNC_BufferReference msg,
225 TNC_UInt32 msg_len,
226 TNC_MessageType msg_type)
227 {
228 imc_state_t *state;
229 imc_msg_t *in_msg;
230 TNC_Result result;
231
232 if (!imc_swid)
233 {
234 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
235 return TNC_RESULT_NOT_INITIALIZED;
236 }
237 if (!imc_swid->get_state(imc_swid, connection_id, &state))
238 {
239 return TNC_RESULT_FATAL;
240 }
241 in_msg = imc_msg_create_from_data(imc_swid, state, connection_id, msg_type,
242 chunk_create(msg, msg_len));
243 result = receive_message(state, in_msg);
244 in_msg->destroy(in_msg);
245
246 return result;
247 }
248
249 /**
250 * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
251 */
252 TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
253 TNC_ConnectionID connection_id,
254 TNC_UInt32 msg_flags,
255 TNC_BufferReference msg,
256 TNC_UInt32 msg_len,
257 TNC_VendorID msg_vid,
258 TNC_MessageSubtype msg_subtype,
259 TNC_UInt32 src_imv_id,
260 TNC_UInt32 dst_imc_id)
261 {
262 imc_state_t *state;
263 imc_msg_t *in_msg;
264 TNC_Result result;
265
266 if (!imc_swid)
267 {
268 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
269 return TNC_RESULT_NOT_INITIALIZED;
270 }
271 if (!imc_swid->get_state(imc_swid, connection_id, &state))
272 {
273 return TNC_RESULT_FATAL;
274 }
275 in_msg = imc_msg_create_from_long_data(imc_swid, state, connection_id,
276 src_imv_id, dst_imc_id,msg_vid, msg_subtype,
277 chunk_create(msg, msg_len));
278 result =receive_message(state, in_msg);
279 in_msg->destroy(in_msg);
280
281 return result;
282 }
283
284 /**
285 * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
286 */
287 TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
288 TNC_ConnectionID connection_id)
289 {
290 if (!imc_swid)
291 {
292 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
293 return TNC_RESULT_NOT_INITIALIZED;
294 }
295 return TNC_RESULT_SUCCESS;
296 }
297
298 /**
299 * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
300 */
301 TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
302 {
303 if (!imc_swid)
304 {
305 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
306 return TNC_RESULT_NOT_INITIALIZED;
307 }
308
309 libpts_deinit();
310
311 imc_swid->destroy(imc_swid);
312 imc_swid = NULL;
313
314 return TNC_RESULT_SUCCESS;
315 }
316
317 /**
318 * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
319 */
320 TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
321 TNC_TNCC_BindFunctionPointer bind_function)
322 {
323 if (!imc_swid)
324 {
325 DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
326 return TNC_RESULT_NOT_INITIALIZED;
327 }
328 return imc_swid->bind_functions(imc_swid, bind_function);
329 }
strongSwan - IPsec VPN