log PA-TNC attribute names
[strongswan.git] / src / libimcv / pa_tnc / pa_tnc_msg.c
index eb6c648..3b84f3d 100644 (file)
  */
 
 #include "pa_tnc_msg.h"
+#include "ietf/ietf_attr.h"
 #include "ietf/ietf_attr_pa_tnc_error.h"
+#include "tcg/tcg_attr.h"
+#include "ita/ita_attr.h"
 
 #include <bio/bio_writer.h>
 #include <bio/bio_reader.h>
@@ -112,6 +115,7 @@ METHOD(pa_tnc_msg_t, build, void,
        bio_writer_t *writer;
        enumerator_t *enumerator;
        pa_tnc_attr_t *attr;
+       enum_name_t *pa_attr_names;
        pen_t vendor_id;
        u_int32_t type;
        u_int8_t flags;
@@ -140,11 +144,13 @@ METHOD(pa_tnc_msg_t, build, void,
                value = attr->get_value(attr);
                flags = attr->get_noskip_flag(attr) ? PA_TNC_ATTR_FLAG_NOSKIP :
                                                                                          PA_TNC_ATTR_FLAG_NONE;
-               if (vendor_id == PEN_IETF)
+
+               pa_attr_names = get_pa_attr_names(vendor_id);
+               if (pa_attr_names)
                {
                        DBG2(DBG_TNC, "creating PA-TNC attribute type '%N/%N' "
                                                  "0x%06x/0x%08x", pen_names, vendor_id,
-                                                 ietf_attr_names, type, vendor_id, type);
+                                                  pa_attr_names, type, vendor_id, type);
                }
                else
                {
@@ -173,7 +179,7 @@ METHOD(pa_tnc_msg_t, process, status_t,
        bio_reader_t *reader;
        pa_tnc_attr_t *error;
        u_int8_t version;
-       u_int32_t reserved;
+       u_int32_t reserved, offset, attr_offset;
 
        /* process message header */
        if (this->encoding.len < PA_TNC_HEADER_SIZE)
@@ -196,6 +202,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
                goto err;
        }
        
+       /* offset of the first PA-TNC attribute in the PA-TNC message */
+       offset = PA_TNC_HEADER_SIZE;
+
        /* pre-process PA-TNC attributes */
        while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
        {
@@ -204,6 +213,7 @@ METHOD(pa_tnc_msg_t, process, status_t,
                u_int32_t type, length;
                chunk_t value, attr_info;
                pa_tnc_attr_t *attr;
+               enum_name_t *pa_attr_names;
                ietf_attr_pa_tnc_error_t *error_attr;
 
                attr_info = reader->peek(reader);
@@ -212,11 +222,13 @@ METHOD(pa_tnc_msg_t, process, status_t,
                reader->read_uint24(reader, &vendor_id);
                reader->read_uint32(reader, &type);
                reader->read_uint32(reader, &length);
-               if (vendor_id == PEN_IETF)
+
+               pa_attr_names = get_pa_attr_names(vendor_id);
+               if (pa_attr_names)
                {
                        DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' "
                                                  "0x%06x/0x%08x", pen_names, vendor_id,
-                                                 ietf_attr_names, type, vendor_id, type);
+                                                  pa_attr_names, type, vendor_id, type);
                }
                else
                {
@@ -229,17 +241,18 @@ METHOD(pa_tnc_msg_t, process, status_t,
                {
                        DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
                                                   length);
-                       error = ietf_attr_pa_tnc_error_create(PEN_IETF,
-                                               PA_ERROR_INVALID_PARAMETER, this->encoding);
+                       error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
+                                               PA_ERROR_INVALID_PARAMETER, this->encoding,
+                                               offset + PA_TNC_ATTR_INFO_SIZE);
                        goto err;
                }
-               length -= PA_TNC_ATTR_HEADER_SIZE;
 
-               if (!reader->read_data(reader, length , &value))
+               if (!reader->read_data(reader, length - PA_TNC_ATTR_HEADER_SIZE, &value))
                {
                        DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
-                       error = ietf_attr_pa_tnc_error_create(PEN_IETF,
-                                               PA_ERROR_INVALID_PARAMETER, this->encoding);
+                       error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
+                                               PA_ERROR_INVALID_PARAMETER, this->encoding,
+                                               offset + PA_TNC_ATTR_INFO_SIZE);
                        goto err; 
                } 
                DBG3(DBG_TNC, "%B", &value);
@@ -259,17 +272,27 @@ METHOD(pa_tnc_msg_t, process, status_t,
                        else
                        {
                                DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute");
+                               offset += length;
+                               continue;
                        }
                }
 
-               if (attr->process(attr) != SUCCESS)
+               if (attr->process(attr, &attr_offset) != SUCCESS)
                {
                        attr->destroy(attr);
-                       error = ietf_attr_pa_tnc_error_create(PEN_IETF,
-                                               PA_ERROR_INVALID_PARAMETER, this->encoding);
+                       if (vendor_id == PEN_IETF && type == IETF_ATTR_PA_TNC_ERROR)
+                       {
+                               /* error while processing a PA-TNC error attribute - abort */
+                               reader->destroy(reader);
+                               return FAILED;
+                       }
+                       error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
+                                               PA_ERROR_INVALID_PARAMETER, this->encoding,
+                                               offset + PA_TNC_ATTR_HEADER_SIZE + attr_offset);
                        goto err;
                }
                add_attribute(this, attr);
+               offset += length;
        }
 
        if (reader->remaining(reader) == 0)
@@ -277,6 +300,9 @@ METHOD(pa_tnc_msg_t, process, status_t,
                reader->destroy(reader);
                return SUCCESS;
        }
+       DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header");
+       error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
+                               PA_ERROR_INVALID_PARAMETER, this->encoding, offset);
 
 err:
        reader->destroy(reader);
@@ -340,3 +366,21 @@ pa_tnc_msg_t *pa_tnc_msg_create(void)
        return pa_tnc_msg_create_from_data(chunk_empty);
 }
 
+/**
+ * See header
+ */
+enum_name_t* get_pa_attr_names(pen_t pen)
+{
+       switch (pen)
+       {
+               case PEN_IETF:
+                       return ietf_attr_names;
+               case PEN_TCG:
+                       return tcg_attr_names;
+               case PEN_ITA:
+                       return ita_attr_names;
+               default:
+                       return NULL;
+       }
+}
+