log PA-TNC attribute names
[strongswan.git] / src / libimcv / pa_tnc / pa_tnc_msg.c
index f182f92..3b84f3d 100644 (file)
  */
 
 #include "pa_tnc_msg.h"
  */
 
 #include "pa_tnc_msg.h"
+#include "ietf/ietf_attr.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
+#include "tcg/tcg_attr.h"
+#include "ita/ita_attr.h"
 
 
-#include <tls_writer.h>
-#include <tls_reader.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
 #include <utils/linked_list.h>
 #include <utils/linked_list.h>
-#include <tnc/pen/pen.h>
+#include <pen/pen.h>
 #include <debug.h>
 
 
 #include <debug.h>
 
 
@@ -38,7 +42,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
  */
 
 #define PA_TNC_HEADER_SIZE     8
  */
 
 #define PA_TNC_HEADER_SIZE     8
-#define PA_TNC_VERSION         0x01
 #define PA_TNC_RESERVED                0x000000
 
 /**
 #define PA_TNC_RESERVED                0x000000
 
 /**
@@ -60,6 +63,7 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
 #define PA_TNC_ATTR_FLAG_NONE                  0x00
 #define PA_TNC_ATTR_FLAG_NOSKIP                        (1<<7)
 #define PA_TNC_ATTR_HEADER_SIZE                        12
 #define PA_TNC_ATTR_FLAG_NONE                  0x00
 #define PA_TNC_ATTR_FLAG_NOSKIP                        (1<<7)
 #define PA_TNC_ATTR_HEADER_SIZE                        12
+#define PA_TNC_ATTR_INFO_SIZE                  8
 
 /**
  * Private data of a pa_tnc_msg_t object.
 
 /**
  * Private data of a pa_tnc_msg_t object.
@@ -78,6 +82,11 @@ struct private_pa_tnc_msg_t {
        linked_list_t *attributes;
 
        /**
        linked_list_t *attributes;
 
        /**
+        * linked list of PA-TNC error messages
+        */
+       linked_list_t *errors;
+
+       /**
         * Message identifier
         */
        u_int32_t identifier;
         * Message identifier
         */
        u_int32_t identifier;
@@ -103,9 +112,10 @@ METHOD(pa_tnc_msg_t, add_attribute, void,
 METHOD(pa_tnc_msg_t, build, void,
        private_pa_tnc_msg_t *this)
 {
 METHOD(pa_tnc_msg_t, build, void,
        private_pa_tnc_msg_t *this)
 {
-       tls_writer_t *writer;
+       bio_writer_t *writer;
        enumerator_t *enumerator;
        pa_tnc_attr_t *attr;
        enumerator_t *enumerator;
        pa_tnc_attr_t *attr;
+       enum_name_t *pa_attr_names;
        pen_t vendor_id;
        u_int32_t type;
        u_int8_t flags;
        pen_t vendor_id;
        u_int32_t type;
        u_int8_t flags;
@@ -119,7 +129,7 @@ METHOD(pa_tnc_msg_t, build, void,
        DBG2(DBG_TNC, "creating PA-TNC message with ID 0x%08x", this->identifier);
 
        /* build message header */
        DBG2(DBG_TNC, "creating PA-TNC message with ID 0x%08x", this->identifier);
 
        /* build message header */
-       writer = tls_writer_create(PA_TNC_HEADER_SIZE);
+       writer = bio_writer_create(PA_TNC_HEADER_SIZE);
        writer->write_uint8 (writer, PA_TNC_VERSION);
        writer->write_uint24(writer, PA_TNC_RESERVED);
        writer->write_uint32(writer, this->identifier);
        writer->write_uint8 (writer, PA_TNC_VERSION);
        writer->write_uint24(writer, PA_TNC_RESERVED);
        writer->write_uint32(writer, this->identifier);
@@ -134,8 +144,20 @@ METHOD(pa_tnc_msg_t, build, void,
                value = attr->get_value(attr);
                flags = attr->get_noskip_flag(attr) ? PA_TNC_ATTR_FLAG_NOSKIP :
                                                                                          PA_TNC_ATTR_FLAG_NONE;
                value = attr->get_value(attr);
                flags = attr->get_noskip_flag(attr) ? PA_TNC_ATTR_FLAG_NOSKIP :
                                                                                          PA_TNC_ATTR_FLAG_NONE;
-               DBG2(DBG_TNC, "creating PA-TNC attribute type 0x%06x(%N)/0x%08x",
-                                          vendor_id, pen_names, vendor_id, type);
+
+               pa_attr_names = get_pa_attr_names(vendor_id);
+               if (pa_attr_names)
+               {
+                       DBG2(DBG_TNC, "creating PA-TNC attribute type '%N/%N' "
+                                                 "0x%06x/0x%08x", pen_names, vendor_id,
+                                                  pa_attr_names, type, vendor_id, type);
+               }
+               else
+               {
+                       DBG2(DBG_TNC, "creating PA-TNC attribute type '%N' "
+                                                 "0x%06x/0x%08x", pen_names, vendor_id,
+                                                  vendor_id, type);
+               }
                DBG3(DBG_TNC, "%B", &value);
 
                writer->write_uint8 (writer, flags);
                DBG3(DBG_TNC, "%B", &value);
 
                writer->write_uint8 (writer, flags);
@@ -154,59 +176,84 @@ METHOD(pa_tnc_msg_t, build, void,
 METHOD(pa_tnc_msg_t, process, status_t,
        private_pa_tnc_msg_t *this)
 {
 METHOD(pa_tnc_msg_t, process, status_t,
        private_pa_tnc_msg_t *this)
 {
+       bio_reader_t *reader;
+       pa_tnc_attr_t *error;
        u_int8_t version;
        u_int8_t version;
-       u_int32_t reserved;
-       tls_reader_t *reader;
-       status_t status = FAILED;
-
-       reader = tls_reader_create(this->encoding);
+       u_int32_t reserved, offset, attr_offset;
 
        /* process message header */
 
        /* process message header */
-       if (reader->remaining(reader) < PA_TNC_HEADER_SIZE)
+       if (this->encoding.len < PA_TNC_HEADER_SIZE)
        {
                DBG1(DBG_TNC, "%u bytes insufficient to parse PA-TNC message header",
                                           this->encoding.len);
        {
                DBG1(DBG_TNC, "%u bytes insufficient to parse PA-TNC message header",
                                           this->encoding.len);
-               goto end;
+               return FAILED;
        }
        }
+       reader = bio_reader_create(this->encoding);
        reader->read_uint8 (reader, &version);
        reader->read_uint24(reader, &reserved);
        reader->read_uint32(reader, &this->identifier);
        reader->read_uint8 (reader, &version);
        reader->read_uint24(reader, &reserved);
        reader->read_uint32(reader, &this->identifier);
+       DBG2(DBG_TNC, "processing PA-TNC message with ID 0x%08x", this->identifier);
 
        if (version != PA_TNC_VERSION)
        {
                DBG1(DBG_TNC, "PA-TNC version %u not supported", version);
 
        if (version != PA_TNC_VERSION)
        {
                DBG1(DBG_TNC, "PA-TNC version %u not supported", version);
-               goto end;
+               error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+                                       PA_ERROR_VERSION_NOT_SUPPORTED, this->encoding);
+               goto err;
        }
        }
-       DBG2(DBG_TNC, "processing PA-TNC message with ID 0x%08x", this->identifier);
        
        
+       /* offset of the first PA-TNC attribute in the PA-TNC message */
+       offset = PA_TNC_HEADER_SIZE;
+
        /* pre-process PA-TNC attributes */
        while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
        {
                pen_t vendor_id;
                u_int8_t flags;
                u_int32_t type, length;
        /* pre-process PA-TNC attributes */
        while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
        {
                pen_t vendor_id;
                u_int8_t flags;
                u_int32_t type, length;
-               chunk_t value;
+               chunk_t value, attr_info;
                pa_tnc_attr_t *attr;
                pa_tnc_attr_t *attr;
+               enum_name_t *pa_attr_names;
+               ietf_attr_pa_tnc_error_t *error_attr;
 
 
+               attr_info = reader->peek(reader);
+               attr_info.len = PA_TNC_ATTR_INFO_SIZE;
                reader->read_uint8 (reader, &flags);
                reader->read_uint24(reader, &vendor_id);
                reader->read_uint32(reader, &type);
                reader->read_uint32(reader, &length);
                reader->read_uint8 (reader, &flags);
                reader->read_uint24(reader, &vendor_id);
                reader->read_uint32(reader, &type);
                reader->read_uint32(reader, &length);
-               DBG2(DBG_TNC, "processing PA-TNC attribute type 0x%06x(%N)/0x%08x",
-                                          vendor_id, pen_names, vendor_id, type);
+
+               pa_attr_names = get_pa_attr_names(vendor_id);
+               if (pa_attr_names)
+               {
+                       DBG2(DBG_TNC, "processing PA-TNC attribute type '%N/%N' "
+                                                 "0x%06x/0x%08x", pen_names, vendor_id,
+                                                  pa_attr_names, type, vendor_id, type);
+               }
+               else
+               {
+                       DBG2(DBG_TNC, "processing PA-TNC attribute type '%N' "
+                                                 "0x%06x/0x%08x", pen_names, vendor_id,
+                                                  vendor_id, type);
+               }
 
                if (length < PA_TNC_ATTR_HEADER_SIZE)
                {
                        DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
                                                   length);
 
                if (length < PA_TNC_ATTR_HEADER_SIZE)
                {
                        DBG1(DBG_TNC, "%u bytes too small for PA-TNC attribute length",
                                                   length);
-                       goto end;
+                       error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
+                                               PA_ERROR_INVALID_PARAMETER, this->encoding,
+                                               offset + PA_TNC_ATTR_INFO_SIZE);
+                       goto err;
                }
                }
-               length -= PA_TNC_ATTR_HEADER_SIZE;
 
 
-               if (!reader->read_data(reader, length , &value))
+               if (!reader->read_data(reader, length - PA_TNC_ATTR_HEADER_SIZE, &value))
                {
                        DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
                {
                        DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute value");
-                       goto end; 
+                       error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
+                                               PA_ERROR_INVALID_PARAMETER, this->encoding,
+                                               offset + PA_TNC_ATTR_INFO_SIZE);
+                       goto err; 
                } 
                DBG3(DBG_TNC, "%B", &value);
 
                } 
                DBG3(DBG_TNC, "%B", &value);
 
@@ -216,30 +263,51 @@ METHOD(pa_tnc_msg_t, process, status_t,
                        if (flags & PA_TNC_ATTR_FLAG_NOSKIP)
                        {
                                DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag");
                        if (flags & PA_TNC_ATTR_FLAG_NOSKIP)
                        {
                                DBG1(DBG_TNC, "unsupported PA-TNC attribute with NOSKIP flag");
-                               goto end;
+                               error = ietf_attr_pa_tnc_error_create(PEN_IETF,
+                                                       PA_ERROR_ATTR_TYPE_NOT_SUPPORTED, this->encoding);
+                               error_attr = (ietf_attr_pa_tnc_error_t*)error;
+                               error_attr->set_attr_info(error_attr, attr_info);
+                               goto err;
                        }
                        else
                        {
                                DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute");
                        }
                        else
                        {
                                DBG1(DBG_TNC, "skipping unsupported PA-TNC attribute");
+                               offset += length;
+                               continue;
                        }
                }
 
                        }
                }
 
-               if (attr->process(attr) != SUCCESS)
+               if (attr->process(attr, &attr_offset) != SUCCESS)
                {
                        attr->destroy(attr);
                {
                        attr->destroy(attr);
-                       goto end;
+                       if (vendor_id == PEN_IETF && type == IETF_ATTR_PA_TNC_ERROR)
+                       {
+                               /* error while processing a PA-TNC error attribute - abort */
+                               reader->destroy(reader);
+                               return FAILED;
+                       }
+                       error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
+                                               PA_ERROR_INVALID_PARAMETER, this->encoding,
+                                               offset + PA_TNC_ATTR_HEADER_SIZE + attr_offset);
+                       goto err;
                }
                add_attribute(this, attr);
                }
                add_attribute(this, attr);
+               offset += length;
        }
 
        if (reader->remaining(reader) == 0)
        {
        }
 
        if (reader->remaining(reader) == 0)
        {
-               status = SUCCESS;
+               reader->destroy(reader);
+               return SUCCESS;
        }
        }
+       DBG1(DBG_TNC, "insufficient bytes for PA-TNC attribute header");
+       error = ietf_attr_pa_tnc_error_create_with_offset(PEN_IETF,
+                               PA_ERROR_INVALID_PARAMETER, this->encoding, offset);
 
 
-end:
+err:
        reader->destroy(reader);
        reader->destroy(reader);
-       return status;
+       this->errors->insert_last(this->errors, error);
+       return VERIFY_ERROR;
 }
 
 METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
 }
 
 METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
@@ -248,16 +316,23 @@ METHOD(pa_tnc_msg_t, create_attribute_enumerator, enumerator_t*,
        return this->attributes->create_enumerator(this->attributes);
 }
 
        return this->attributes->create_enumerator(this->attributes);
 }
 
+METHOD(pa_tnc_msg_t, create_error_enumerator, enumerator_t*,
+       private_pa_tnc_msg_t *this)
+{
+       return this->errors->create_enumerator(this->errors);
+}
+
 METHOD(pa_tnc_msg_t, destroy, void,
        private_pa_tnc_msg_t *this)
 {
        this->attributes->destroy_offset(this->attributes,
                                                                         offsetof(pa_tnc_attr_t, destroy)); 
 METHOD(pa_tnc_msg_t, destroy, void,
        private_pa_tnc_msg_t *this)
 {
        this->attributes->destroy_offset(this->attributes,
                                                                         offsetof(pa_tnc_attr_t, destroy)); 
+       this->errors->destroy_offset(this->errors,
+                                                                        offsetof(pa_tnc_attr_t, destroy));
        free(this->encoding.ptr);
        free(this);
 }
 
        free(this->encoding.ptr);
        free(this);
 }
 
-
 /**
  * See header
  */
 /**
  * See header
  */
@@ -272,10 +347,12 @@ pa_tnc_msg_t *pa_tnc_msg_create_from_data(chunk_t data)
                        .build = _build,
                        .process = _process,
                        .create_attribute_enumerator = _create_attribute_enumerator,
                        .build = _build,
                        .process = _process,
                        .create_attribute_enumerator = _create_attribute_enumerator,
+                       .create_error_enumerator = _create_error_enumerator,
                        .destroy = _destroy,
                },
                .encoding = chunk_clone(data),
                .attributes = linked_list_create(),
                        .destroy = _destroy,
                },
                .encoding = chunk_clone(data),
                .attributes = linked_list_create(),
+               .errors = linked_list_create(),
        );
 
        return &this->public;
        );
 
        return &this->public;
@@ -289,4 +366,21 @@ pa_tnc_msg_t *pa_tnc_msg_create(void)
        return pa_tnc_msg_create_from_data(chunk_empty);
 }
 
        return pa_tnc_msg_create_from_data(chunk_empty);
 }
 
+/**
+ * See header
+ */
+enum_name_t* get_pa_attr_names(pen_t pen)
+{
+       switch (pen)
+       {
+               case PEN_IETF:
+                       return ietf_attr_names;
+               case PEN_TCG:
+                       return tcg_attr_names;
+               case PEN_ITA:
+                       return ita_attr_names;
+               default:
+                       return NULL;
+       }
+}