prototype implementation using the pb_tnc_message_t class
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 23 Nov 2010 13:44:16 +0000 (14:44 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 23 Nov 2010 13:44:16 +0000 (14:44 +0100)
src/libcharon/plugins/tnccs_20/tnccs_20.c

index 8d29bfb..5672880 100644 (file)
@@ -14,6 +14,9 @@
  */
 
 #include "tnccs_20.h"
+#include "tnccs_20_types.h"
+#include "messages/pb_tnc_message.h"
+#include "messages/pb_pa_message.h"
 
 #include <debug.h>
 #include <daemon.h>
@@ -55,45 +58,185 @@ struct private_tnccs_20_t {
        mutex_t *mutex;
 
        /**
+        * Flag set by IMC/IMV RequestHandshakeRetry() function
+        */
+       bool request_handshake_retry;
+
+       /**
         * Set of IMV recommendations  (TNC Server only)
         */
        recommendations_t *recs;
 };
 
+/**
+ *   PB-TNC Message (see section 4.2 of RFC 5793)
+ *
+ *      0                   1                   2                   3
+ *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *     |     Flags     |               PB-TNC Vendor ID                |
+ *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *     |                       PB-TNC Message Type                     |
+ *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *     |                      PB-TNC Message Length                    |
+ *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *     |               PB-TNC Message Value (Variable Length)          |
+ *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PB_TNC_HEADER_SIZE             12
+#define PB_TNC_NOSKIP_FLAG             (1<<7)
+#define PB_TNC_IETF_VENDOR_ID  0x000000
+
+static chunk_t build_pb_tnc_msg(pb_tnc_msg_type_t msg_type, chunk_t msg_value)
+{
+       chunk_t msg, msg_header;
+       tls_writer_t *writer;
+       size_t msg_len;
+
+       msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
+       writer = tls_writer_create(PB_TNC_HEADER_SIZE);
+       writer->write_uint8 (writer, PB_TNC_NOSKIP_FLAG);
+       writer->write_uint24(writer, PB_TNC_IETF_VENDOR_ID);
+       writer->write_uint32(writer, msg_type);
+       writer->write_uint32(writer, msg_len);
+       msg_header = writer->get_buf(writer);
+       msg = chunk_cat("cm", msg_header, msg_value);
+       writer->destroy(writer);
+
+       DBG2(DBG_TNC, "building %N message (%u bytes)", pb_tnc_msg_type_names,
+                                                                                                       msg_type, msg_len);
+       DBG3(DBG_TNC,"%B", &msg);
+
+       return msg;
+}
+
+static status_t process_pb_tnc_msg(tls_reader_t *reader,
+                                                                  pb_tnc_message_t **pb_tnc_msg)
+{
+       u_int8_t flags;
+       u_int32_t vendor_id, msg_type;
+       size_t msg_len;
+       chunk_t msg, msg_value;
+
+       msg = reader->peek(reader);
+
+       if (msg.len < PB_TNC_HEADER_SIZE)
+       {
+               DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message header",
+                                          msg.len);
+               return FAILED;
+       }
+       reader->read_uint8 (reader, &flags);
+       reader->read_uint24(reader, &vendor_id);
+       reader->read_uint32(reader, &msg_type);
+       reader->read_uint32(reader, &msg_len);
+
+       DBG2(DBG_TNC, "processing PB-TNC message (%u bytes)", msg_len);
+
+       if (msg_len < PB_TNC_HEADER_SIZE)
+       {
+               DBG1(DBG_TNC, "%u bytes too small for PB-TNC message length", msg_len);
+               return FAILED;
+       }
+       if (msg_len > msg.len)
+       {
+               DBG1(DBG_TNC, "%u bytes insufficient to parse PB-TNC message", msg.len);
+               return FAILED;
+       }
+       msg.len = msg_len;
+       DBG3(DBG_TNC, "%B", &msg);
+       reader->read_data(reader, msg_len - PB_TNC_HEADER_SIZE, &msg_value);
+
+       if (vendor_id != PB_TNC_IETF_VENDOR_ID || msg_type > PB_MSG_ROOF)
+       {
+               if (flags & PB_TNC_NOSKIP_FLAG)
+               {
+                       DBG1(DBG_TNC, "cannot process PB-TNC message with Vendor ID 0x%06x "
+                                                 " and type 0x%08x", vendor_id, msg);
+                       return FAILED;
+               }
+               else
+               {
+                       DBG1(DBG_TNC, "ignore PB-TNC message with Vendor ID 0x%06x "
+                                                 " and type 0x%08x", vendor_id, msg);
+                       return INVALID_STATE;
+               }
+       }
+       DBG2(DBG_TNC, "processing %N message (%u bytes)", pb_tnc_msg_type_names,
+                                  msg_type, msg_value.len);
+       *pb_tnc_msg = pb_tnc_message_create(msg_type, msg_value);
+
+       return SUCCESS;
+}
+
 METHOD(tnccs_t, send_message, void,
        private_tnccs_20_t* this, TNC_IMCID imc_id, TNC_IMVID imv_id,
-                                                         TNC_BufferReference message,
-                                                         TNC_UInt32 message_len,
-                                                         TNC_MessageType message_type)
+                                                         TNC_BufferReference msg,
+                                                         TNC_UInt32 msg_len,
+                                                         TNC_MessageType msg_type)
 {
-       chunk_t msg = { message, message_len };
+       pb_tnc_message_t *pb_pa_msg;
+       chunk_t pb_tnc_msg;
+    TNC_MessageSubtype msg_sub_type;
+    TNC_VendorID       msg_vendor_id;
+
+       msg_sub_type =   msg_type       & TNC_SUBTYPE_ANY;
+       msg_vendor_id = (msg_type >> 8) & TNC_VENDORID_ANY;
+
+       pb_pa_msg = pb_pa_message_create(msg_vendor_id, msg_sub_type, imc_id, imv_id,
+                                                                        chunk_create(msg, msg_len));
+       pb_tnc_msg = build_pb_tnc_msg(PB_MSG_PA, pb_pa_msg->get_encoding(pb_pa_msg));
+       pb_pa_msg->destroy(pb_pa_msg);
 
-       DBG1(DBG_TNC, "TNCCS 2.0 send message");
        this->mutex->lock(this->mutex);
-       this->batch = chunk_cat("mc", this->batch, msg);
+       this->batch = chunk_cat("mm", this->batch, pb_tnc_msg);
        this->mutex->unlock(this->mutex);
 }
 
 METHOD(tls_t, process, status_t,
        private_tnccs_20_t *this, void *buf, size_t buflen)
 {
+       tls_reader_t *reader;
+       pb_tnc_message_t *msg = NULL;
+       status_t status;
        char *pos;
        size_t len;
 
        if (this->is_server && !this->connection_id)
        {
                this->connection_id = charon->tnccs->create_connection(charon->tnccs,
-                                                               (tnccs_t*)this, _send_message,  &this->recs);
+                                                               (tnccs_t*)this, _send_message,
+                                                               &this->request_handshake_retry, &this->recs);
                if (!this->connection_id)
                {
                        return FAILED;
                }
                charon->imvs->notify_connection_change(charon->imvs,
                                                        this->connection_id, TNC_CONNECTION_STATE_CREATE);
+
+               /* Test reason enumerator */
+               {
+                       chunk_t reason, reason_2 = { "virus alarm", 11 };
+                       chunk_t reason_lang, reason_lang_2 = { "en, ru", 6 };
+                       TNC_IMVID id;
+                       enumerator_t *enumerator;
+
+                       this->recs->set_reason_string(this->recs, 2, reason_2);
+                       this->recs->set_reason_language(this->recs, 2, reason_lang_2);
+
+                       enumerator = this->recs->create_reason_enumerator(this->recs);
+                       while (enumerator->enumerate(enumerator, &id, &reason, &reason_lang))
+                       {
+                               DBG1(DBG_TNC, "IMV %u: reason = '%.*s', lang = '%.*s'",
+                                        id, reason.len, reason.ptr, reason_lang.len, reason_lang.ptr);
+                       }
+                       enumerator->destroy(enumerator);
+               }
        }
        DBG1(DBG_TNC, "received TNCCS Batch (%u bytes) for Connection ID %u",
                                   buflen, this->connection_id);
-       DBG3(DBG_TNC, "%.*s", buflen, buf);
+
        pos = strchr(buf, '|');
        if (pos)
        {
@@ -105,19 +248,80 @@ METHOD(tls_t, process, status_t,
                pos = buf;
                len = buflen;
        }
-       DBG1(DBG_TNC, "received message '%.*s'", len, pos);
+       reader = tls_reader_create(chunk_create(pos, len));
+       while (reader->remaining(reader) > 0)
+       {
+               switch (process_pb_tnc_msg(reader, &msg))
+               {
+                       case SUCCESS:
+                               break;
+                       case INVALID_STATE:
+                               continue;
+                       default:
+                               reader->destroy(reader);
+                               return FAILED;
+               }
+
+               status = msg->process(msg);
+               if (status != SUCCESS)
+               {
+                       msg->destroy(msg);
+                       return status;
+               }
+
+               switch (msg->get_type(msg))
+               {
+                       case PB_MSG_PA:
+                       {
+                               TNC_MessageType msg_type;
+                               u_int32_t vendor_id, subtype;
+                               chunk_t msg_body;
+                               pb_pa_message_t *pb_pa_msg;
+
+                               pb_pa_msg = (pb_pa_message_t*)msg;
+                               vendor_id = pb_pa_msg->get_vendor_id(pb_pa_msg, &subtype);
+                               msg_type = (vendor_id << 8) | subtype;
+                               msg_body = pb_pa_msg->get_body(pb_pa_msg);
+
+                               if (this->is_server)
+                               {
+                                       charon->imvs->receive_message(charon->imvs,
+                                                               this->connection_id, msg_body.ptr, msg_body.len,
+                                                               msg_type);
+                               }
+                               else
+                               {
+                                       charon->imcs->receive_message(charon->imcs,
+                                                               this->connection_id, msg_body.ptr, msg_body.len,
+                                                               msg_type);
+                               }
+                               break;
+                       }
+                       case PB_MSG_ERROR:
+                               break;
+                       case PB_MSG_EXPERIMENTAL:
+                               break;
+                       case PB_MSG_LANGUAGE_PREFERENCE:
+                               break;
+                       case PB_MSG_ASSESSMENT_RESULT:
+                       case PB_MSG_ACCESS_RECOMMENDATION:
+                       case PB_MSG_REMEDIATION_PARAMETERS:
+                       case PB_MSG_REASON_STRING:
+                               break;
+               }
+               msg->destroy(msg);
+       }
+       reader->destroy(reader);
+
        if (this->is_server)
        {
-               charon->imvs->receive_message(charon->imvs, this->connection_id,
-                                                                         pos, len, 0x0080ab31);
                charon->imvs->batch_ending(charon->imvs, this->connection_id);
        }
        else
        {
-               charon->imcs->receive_message(charon->imcs, this->connection_id,
-                                                                         pos, len, 0x0080ab31);
                charon->imcs->batch_ending(charon->imcs, this->connection_id);
        }
+
        return NEED_MORE;
 }
 
@@ -134,7 +338,8 @@ METHOD(tls_t, build, status_t,
        if (!this->is_server && !this->connection_id)
        {
                this->connection_id = charon->tnccs->create_connection(charon->tnccs,
-                                                                               (tnccs_t*)this, _send_message, NULL);
+                                                                               (tnccs_t*)this, _send_message,
+                                                                               &this->request_handshake_retry, NULL);
                if (!this->connection_id)
                {
                        return FAILED;
@@ -156,7 +361,6 @@ METHOD(tls_t, build, status_t,
 
        DBG1(DBG_TNC, "sending TNCCS Batch (%d bytes) for Connection ID %u",
                                   len, this->connection_id);
-       DBG3(DBG_TNC, "%.*s", len, buf);
 
        return ALREADY_DONE;
 }