Implemented IF-M segmentation contracts
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 5 Aug 2014 16:36:03 +0000 (18:36 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 3 Oct 2014 20:25:09 +0000 (22:25 +0200)
32 files changed:
src/libimcv/Makefile.am
src/libimcv/imc/imc_msg.c
src/libimcv/imc/imc_msg.h
src/libimcv/imc/imc_state.h
src/libimcv/imv/imv_msg.c
src/libimcv/imv/imv_state.h
src/libimcv/plugins/imc_os/imc_os.c
src/libimcv/plugins/imc_os/imc_os_state.c
src/libimcv/plugins/imc_scanner/imc_scanner.c
src/libimcv/plugins/imc_scanner/imc_scanner_state.c
src/libimcv/plugins/imc_test/imc_test.c
src/libimcv/plugins/imc_test/imc_test_state.c
src/libimcv/plugins/imv_os/imv_os_state.c
src/libimcv/plugins/imv_scanner/imv_scanner_state.c
src/libimcv/plugins/imv_test/imv_test_state.c
src/libimcv/seg_contract/seg_contract.c [new file with mode: 0644]
src/libimcv/seg_contract/seg_contract.h [new file with mode: 0644]
src/libimcv/seg_contract/seg_contract_manager.c [new file with mode: 0644]
src/libimcv/seg_contract/seg_contract_manager.h [new file with mode: 0644]
src/libpts/Makefile.am
src/libpts/plugins/imc_attestation/imc_attestation.c
src/libpts/plugins/imc_attestation/imc_attestation_state.c
src/libpts/plugins/imc_swid/imc_swid.c
src/libpts/plugins/imc_swid/imc_swid_state.c
src/libpts/plugins/imv_attestation/imv_attestation_state.c
src/libpts/plugins/imv_swid/imv_swid_agent.c
src/libpts/plugins/imv_swid/imv_swid_state.c
src/libpts/tcg/seg/tcg_seg_attr_max_size.c [new file with mode: 0644]
src/libpts/tcg/seg/tcg_seg_attr_max_size.h [new file with mode: 0644]
src/libpts/tcg/seg/tcg_seg_attr_seg_env.h [new file with mode: 0644]
src/libpts/tcg/tcg_attr.c
src/libpts/tcg/tcg_attr.h

index 4bed3bf..8b3ca5d 100644 (file)
@@ -1,6 +1,7 @@
 AM_CPPFLAGS = \
        -I$(top_srcdir)/src/libstrongswan \
-       -I$(top_srcdir)/src/libtncif
+       -I$(top_srcdir)/src/libtncif \
+       -I$(top_srcdir)/src/libpts
 
 ipseclib_LTLIBRARIES = libimcv.la
 
@@ -54,7 +55,9 @@ libimcv_la_SOURCES = \
        os_info/os_info.h os_info/os_info.c \
        pa_tnc/pa_tnc_attr.h \
        pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \
-       pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c
+       pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \
+       seg_contract/seg_contract.h seg_contract/seg_contract.c \
+       seg_contract/seg_contract_manager.h seg_contract/seg_contract_manager.c
 
 ipsec_SCRIPTS = imv/_imv_policy
 EXTRA_DIST = imv/_imv_policy Android.mk
index 5f2772e..4c4455e 100644 (file)
 #include "ietf/ietf_attr_remediation_instr.h"
 
 #include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
+
+#include <tcg/seg/tcg_seg_attr_max_size.h>
+#include <tcg/seg/tcg_seg_attr_seg_env.h>
 
 #include <pen/pen.h>
 #include <collections/linked_list.h>
@@ -208,7 +212,7 @@ static void print_assessment_trailer(bool first)
 }
 
 METHOD(imc_msg_t, receive, TNC_Result,
-       private_imc_msg_t *this, bool *fatal_error)
+       private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error)
 {
        linked_list_t *non_fatal_types;
        TNC_UInt32 target_imc_id;
@@ -252,32 +256,110 @@ METHOD(imc_msg_t, receive, TNC_Result,
                        break;
                case VERIFY_ERROR:
                {
-                       imc_msg_t *error_msg;
-                       TNC_Result result;
-
-                       error_msg = imc_msg_create_as_reply(&this->public);
-
                        /* extract and copy by reference all error attributes */
                        enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
                        while (enumerator->enumerate(enumerator, &attr))
                        {
-                               error_msg->add_attribute(error_msg, attr->get_ref(attr));
+                               out_msg->add_attribute(out_msg, attr->get_ref(attr));
                        }
                        enumerator->destroy(enumerator);
-
-                       /*
-                        * send the PA-TNC message containing all error attributes
-                        * with the excl flag set
-                        */
-                       result = error_msg->send(error_msg, TRUE);
-                       error_msg->destroy(error_msg);
-                       return result;
+                       return TNC_RESULT_SUCCESS;
                }
                case FAILED:
                default:
                        return TNC_RESULT_FATAL;
        }
 
+       /* process any IF-M segmentation contracts */
+       enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
+       while (enumerator->enumerate(enumerator, &attr))
+       {
+               tcg_seg_attr_max_size_t *attr_cast;
+               uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
+               seg_contract_t *contract;
+               seg_contract_manager_t *contracts;
+               char buf[BUF_LEN];
+               pen_type_t type;
+
+               type = attr->get_type(attr);
+
+               if (type.vendor_id != PEN_TCG)
+               {
+                       continue;
+               }
+
+               if (type.type == TCG_SEG_MAX_ATTR_SIZE_REQ)
+               {
+                       attr_cast = (tcg_seg_attr_max_size_t*)attr;
+                       attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
+
+                       contracts = this->state->get_contracts(this->state);
+                       contract = contracts->get_contract(contracts, this->msg_type, FALSE);
+                       if (contract)
+                       {
+                               contract->set_max_size(contract, max_attr_size, max_seg_size);
+                       }
+                       else
+                       {
+                               contract = seg_contract_create(this->msg_type, max_attr_size,
+                                                                       max_seg_size, FALSE, this->src_id, TRUE);
+                               contracts->add_contract(contracts, contract);
+                       }
+                       contract->get_info_string(contract, buf, BUF_LEN);
+                       DBG2(DBG_IMC, "%s", buf);
+
+                       /* Determine maximum PA-TNC attribute segment size */
+                       my_max_seg_size = this->state->get_max_msg_len(this->state)
+                                                               - PA_TNC_HEADER_SIZE
+                                                               - PA_TNC_ATTR_HEADER_SIZE
+                                                               - TCG_SEG_ATTR_SEG_ENV_HEADER
+                                                               - PA_TNC_ATTR_HEADER_SIZE
+                                                               - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+                       /* If segmentation is not prohibited select lower segment size */
+                       if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+                               max_seg_size > my_max_seg_size)
+                       {
+                               max_seg_size = my_max_seg_size;
+                               contract->set_max_size(contract, max_attr_size, max_seg_size);
+                               DBG2(DBG_IMC, "  lowered maximum segment size to %u bytes",
+                                        max_seg_size);
+                       }
+
+                       /* Add Maximum Attribute Size Response attribute */
+                       attr = tcg_seg_attr_max_size_create(max_attr_size,
+                                                                                               max_seg_size, FALSE);
+                       out_msg->add_attribute(out_msg, attr);
+               }
+               else if (type.type == TCG_SEG_MAX_ATTR_SIZE_RESP)
+               {
+                       attr_cast = (tcg_seg_attr_max_size_t*)attr;
+                       attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
+
+                       contracts = this->state->get_contracts(this->state);
+                       contract = contracts->get_contract(contracts, this->msg_type, TRUE);
+                       if (contract)
+                       {
+                               contract->get_max_size(contract, &my_max_attr_size,
+                                                                                                &my_max_seg_size);
+                               if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+                                       my_max_seg_size > max_seg_size)
+                               {
+                                       my_max_seg_size = max_seg_size;
+                                       contract->set_max_size(contract, my_max_attr_size,
+                                                                                                        my_max_seg_size);
+                                       contract->get_info_string(contract, buf, BUF_LEN);
+                                       DBG2(DBG_IMC, "%s", buf);
+                               }
+                       }
+                       else
+                       {
+                               /* TODO no request pending */
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+
        /* determine target IMC ID */
        target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
                                         this->dst_id : this->agent->get_id(this->agent);
@@ -300,16 +382,16 @@ METHOD(imc_msg_t, receive, TNC_Result,
                if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
                {
                        ietf_attr_assess_result_t *attr_cast;
-                       TNC_IMV_Evaluation_Result result;
+                       TNC_IMV_Evaluation_Result res;
 
                        attr_cast = (ietf_attr_assess_result_t*)attr;
-                       result =  attr_cast->get_result(attr_cast);
-                       this->state->set_result(this->state, target_imc_id, result);
+                       res =  attr_cast->get_result(attr_cast);
+                       this->state->set_result(this->state, target_imc_id, res);
 
                        print_assessment_header(this->agent->get_name(this->agent),
                                                                        target_imc_id, this->src_id, &first);
                        DBG1(DBG_IMC, "assessment result is '%N'",
-                                TNC_IMV_Evaluation_Result_names, result);
+                                TNC_IMV_Evaluation_Result_names, res);
                }
                else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
                {
index 5a68e9e..a8c4d3c 100644 (file)
@@ -65,10 +65,12 @@ struct imc_msg_t {
        /**
         * Processes a received PA-TNC message
         *
+        * @param out_msg                       outgoing PA-TN message
         * @param fatal_error           TRUE if IMV sent a fatal error message
         * @return                                      TNC result code
         */
-       TNC_Result (*receive)(imc_msg_t *this, bool *fatal_error);
+       TNC_Result (*receive)(imc_msg_t *this, imc_msg_t *out_msg,
+                                                 bool *fatal_error);
 
        /**
         * Add a PA-TNC attribute to the send queue
index 7e763fb..e3e83a3 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -22,6 +22,8 @@
 #ifndef IMC_STATE_H_
 #define IMC_STATE_H_
 
+#include "seg_contract/seg_contract_manager.h"
+
 #include <tncif.h>
 #include <tncifimv.h>
 #include <tncifimc.h>
@@ -80,6 +82,13 @@ struct imc_state_t {
        u_int32_t (*get_max_msg_len)(imc_state_t *this);
 
        /**
+        * Get attribute segmentation contracts associated with TNCCS Connection
+        *
+        * @return                              contracts associated with TNCCS Connection
+        */
+       seg_contract_manager_t* (*get_contracts)(imc_state_t *this);
+
+       /**
         * Change the connection state
         *
         * @param new_state             new connection state
index 35017b5..e25857d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
 #include "ietf/ietf_attr_remediation_instr.h"
 
 #include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
+
+#include <tcg/seg/tcg_seg_attr_max_size.h>
+#include <tcg/seg/tcg_seg_attr_seg_env.h>
 
 #include <pen/pen.h>
 #include <collections/linked_list.h>
@@ -248,6 +252,7 @@ METHOD(imv_msg_t, send_assessment, TNC_Result,
 METHOD(imv_msg_t, receive, TNC_Result,
        private_imv_msg_t *this, bool *fatal_error)
 {
+       TNC_Result result = TNC_RESULT_SUCCESS;
        linked_list_t *non_fatal_types;
        enumerator_t *enumerator;
        pa_tnc_attr_t *attr;
@@ -288,7 +293,6 @@ METHOD(imv_msg_t, receive, TNC_Result,
                case VERIFY_ERROR:
                {
                        imv_msg_t *error_msg;
-                       TNC_Result result;
 
                        error_msg = imv_msg_create_as_reply(&this->public);
 
@@ -313,12 +317,111 @@ METHOD(imv_msg_t, receive, TNC_Result,
                        return TNC_RESULT_FATAL;
        }
 
+       /* process any IF-M segmentation contracts */
+       enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
+       while (enumerator->enumerate(enumerator, &attr))
+       {
+               uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
+               tcg_seg_attr_max_size_t *attr_cast;
+               imv_msg_t *out_msg;
+               seg_contract_t *contract;
+               seg_contract_manager_t *contracts;
+               char buf[BUF_LEN];
+               pen_type_t type;
+
+               type = attr->get_type(attr);
+
+               if (type.vendor_id != PEN_TCG)
+               {
+                       continue;
+               }
+
+               if (type.type == TCG_SEG_MAX_ATTR_SIZE_REQ)
+               {
+                       attr_cast = (tcg_seg_attr_max_size_t*)attr;
+                       attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
+
+                       contracts = this->state->get_contracts(this->state);
+                       contract = contracts->get_contract(contracts, this->msg_type, FALSE);
+                       if (contract)
+                       {
+                               contract->set_max_size(contract, max_attr_size, max_seg_size);
+                       }
+                       else
+                       {
+                               contract = seg_contract_create(this->msg_type, max_attr_size,
+                                                                       max_seg_size, FALSE, this->src_id, FALSE);
+                               contracts->add_contract(contracts, contract);
+                       }
+                       contract->get_info_string(contract, buf, BUF_LEN);
+                       DBG2(DBG_IMV, "%s", buf);
+
+                       /* Determine maximum PA-TNC attribute segment size */
+                       my_max_seg_size = this->state->get_max_msg_len(this->state)
+                                                               - PA_TNC_HEADER_SIZE
+                                                               - PA_TNC_ATTR_HEADER_SIZE
+                                                               - TCG_SEG_ATTR_SEG_ENV_HEADER
+                                                               - PA_TNC_ATTR_HEADER_SIZE
+                                                               - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+                       /* If segmentation is not prohibited select lower segment size */
+                       if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+                               max_seg_size > my_max_seg_size)
+                       {
+                               max_seg_size = my_max_seg_size;
+                               contract->set_max_size(contract, max_attr_size, max_seg_size);
+                               contract->get_info_string(contract, buf, BUF_LEN);
+                               DBG2(DBG_IMV, "  lowered maximum segment size to %u bytes",
+                                        max_seg_size);
+                       }
+
+                       /* Send Maximum Attribute Size Response */
+                       out_msg = imv_msg_create_as_reply(&this->public);
+                       attr = tcg_seg_attr_max_size_create(max_attr_size,
+                                                                                               max_seg_size, FALSE);
+                       out_msg->add_attribute(out_msg, attr);
+                       result = out_msg->send(out_msg, TRUE);
+                       out_msg->destroy(out_msg);
+                       if (result != TNC_RESULT_SUCCESS)
+                       {
+                               break;
+                       }
+               }
+               else if (type.type == TCG_SEG_MAX_ATTR_SIZE_RESP)
+               {
+                       attr_cast = (tcg_seg_attr_max_size_t*)attr;
+                       attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
+
+                       contracts = this->state->get_contracts(this->state);
+                       contract = contracts->get_contract(contracts, this->msg_type, TRUE);
+                       if (contract)
+                       {
+                               contract->get_max_size(contract, &my_max_attr_size,
+                                                                                                &my_max_seg_size);
+                               if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+                                       my_max_seg_size > max_seg_size)
+                               {
+                                       my_max_seg_size = max_seg_size;
+                                       contract->set_max_size(contract, my_max_attr_size,
+                                                                                                        my_max_seg_size);
+                                       contract->get_info_string(contract, buf, BUF_LEN);
+                                       DBG2(DBG_IMV, "%s", buf);
+                               }
+                       }
+                       else
+                       {
+                               /* TODO no request pending */
+                       }
+               }
+       }
+       enumerator->destroy(enumerator);
+
        /* preprocess any received IETF standard error attributes */
        non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
        *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
                                                                                                                 non_fatal_types);
 
-       return TNC_RESULT_SUCCESS;
+       return result;
 }
 
 METHOD(imv_msg_t, get_attribute_count, int,
index d11d15e..3a93a5f 100644 (file)
@@ -23,6 +23,7 @@
 #define IMV_STATE_H_
 
 #include "imv_session.h"
+#include "seg_contract/seg_contract_manager.h"
 
 #include <tncifimv.h>
 
@@ -108,6 +109,13 @@ struct imv_state_t {
        imv_session_t* (*get_session)(imv_state_t *this);
 
        /**
+        * Get attribute segmentation contracts associated with TNCCS Connection
+        *
+        * @return                              Contracts associated with TNCCS Connection
+        */
+       seg_contract_manager_t* (*get_contracts)(imv_state_t *this);
+
+       /**
         * Change the connection state
         *
         * @param new_state             new connection state
index c624d26..785280c 100644 (file)
@@ -491,13 +491,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
        TNC_Result result;
        bool fatal_error = FALSE;
 
+       /* generate an outgoing PA-TNC message - we might need it */
+       out_msg = imc_msg_create_as_reply(in_msg);
+
        /* parse received PA-TNC message and handle local and remote errors */
-       result = in_msg->receive(in_msg, &fatal_error);
+       result = in_msg->receive(in_msg, out_msg, &fatal_error);
        if (result != TNC_RESULT_SUCCESS)
        {
+               out_msg->destroy(out_msg);
                return result;
        }
-       out_msg = imc_msg_create_as_reply(in_msg);
 
        /* analyze PA-TNC attributes */
        enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -582,6 +585,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
        }
        else
        {
+               /* send PA-TNC message with the EXCL flag set */
                result = out_msg->send(out_msg, TRUE);
        }
        out_msg->destroy(out_msg);
index f49959a..139ab05 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -60,6 +60,11 @@ struct private_imc_os_state_t {
         * Maximum PA-TNC message size for this TNCCS connection
         */
        u_int32_t max_msg_len;
+
+       /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
 };
 
 METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
@@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
        return this->max_msg_len;
 }
 
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+       private_imc_os_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imc_state_t, change_state, void,
        private_imc_os_state_t *this, TNC_ConnectionState new_state)
 {
@@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool,
 METHOD(imc_state_t, destroy, void,
        private_imc_os_state_t *this)
 {
+       this->contracts->destroy(this->contracts);
        free(this);
 }
 
@@ -145,6 +157,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id)
                                .set_flags = _set_flags,
                                .set_max_msg_len = _set_max_msg_len,
                                .get_max_msg_len = _get_max_msg_len,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .set_result = _set_result,
                                .get_result = _get_result,
@@ -154,6 +167,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id)
                .state = TNC_CONNECTION_STATE_CREATE,
                .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
                .connection_id = connection_id,
+               .contracts = seg_contract_manager_create(),
        );
 
        return &this->public.interface;
index 2be6a87..0478841 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -299,13 +299,16 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
        TNC_Result result = TNC_RESULT_SUCCESS;
        bool fatal_error = FALSE;
 
+       /* generate an outgoing PA-TNC message - we might need it */
+       out_msg = imc_msg_create_as_reply(in_msg);
+
        /* parse received PA-TNC message and handle local and remote errors */
-       result = in_msg->receive(in_msg, &fatal_error);
+       result = in_msg->receive(in_msg, out_msg, &fatal_error);
        if (result != TNC_RESULT_SUCCESS)
        {
+               out_msg->destroy(out_msg);
                return result;
        }
-       out_msg = imc_msg_create_as_reply(in_msg);
 
        /* analyze PA-TNC attributes */
        enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -352,6 +355,7 @@ static TNC_Result receive_message(imc_msg_t *in_msg)
        }
        else if (result == TNC_RESULT_SUCCESS)
        {
+               /* send PA-TNC message with the EXCL flag set */
                result = out_msg->send(out_msg, TRUE);
        }
        out_msg->destroy(out_msg);
index b5a6cdd..d357859 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -60,6 +60,11 @@ struct private_imc_scanner_state_t {
         * Maximum PA-TNC message size for this TNCCS connection
         */
        u_int32_t max_msg_len;
+
+       /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
 };
 
 METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
@@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
        return this->max_msg_len;
 }
 
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+       private_imc_scanner_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imc_state_t, change_state, void,
        private_imc_scanner_state_t *this, TNC_ConnectionState new_state)
 {
@@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool,
 METHOD(imc_state_t, destroy, void,
        private_imc_scanner_state_t *this)
 {
+       this->contracts->destroy(this->contracts);
        free(this);
 }
 
@@ -145,6 +157,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
                                .set_flags = _set_flags,
                                .set_max_msg_len = _set_max_msg_len,
                                .get_max_msg_len = _get_max_msg_len,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .set_result = _set_result,
                                .get_result = _get_result,
@@ -154,6 +167,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
                .state = TNC_CONNECTION_STATE_CREATE,
                .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
                .connection_id = connection_id,
+               .contracts = seg_contract_manager_create(),
        );
 
        return &this->public.interface;
index ee982d9..d38ace1 100644 (file)
@@ -181,7 +181,7 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
        }
 }
 
-static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg)
+static void create_message(imc_state_t *state, imc_msg_t *out_msg)
 {
        imc_test_state_t *test_state;
        pa_tnc_attr_t *attr;
@@ -196,9 +196,6 @@ static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg)
        attr = ita_attr_command_create(test_state->get_command(test_state));
        attr->set_noskip_flag(attr, TRUE);
        out_msg->add_attribute(out_msg, attr);
-
-       /* send PA-TNC message with the excl flag set */
-       return out_msg->send(out_msg, TRUE);
 }
 
 /**
@@ -224,10 +221,11 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
                return TNC_RESULT_FATAL;
        }
 
-       /* send PA message for primary IMC ID */
+       /* send PA message for primary IMC ID with the EXCL flag set */
        out_msg = imc_msg_create(imc_test, state, connection_id, imc_id,
                                                         TNC_IMVID_ANY, msg_types[0]);
-       result = send_message(state, out_msg);
+       create_message(state, out_msg);
+       result = out_msg->send(out_msg, TRUE);
        out_msg->destroy(out_msg);
 
        /* Exit if there are no additional IMC IDs */
@@ -253,7 +251,8 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
                additional_id = (TNC_UInt32)pointer;
                out_msg = imc_msg_create(imc_test, state, connection_id, additional_id,
                                                                 TNC_IMVID_ANY, msg_types[0]);
-               result = send_message(state, out_msg);
+               create_message(state, out_msg);
+               result = out_msg->send(out_msg, TRUE);
                out_msg->destroy(out_msg);
        }
        enumerator->destroy(enumerator);
@@ -267,13 +266,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
        enumerator_t *enumerator;
        pa_tnc_attr_t *attr;
        pen_type_t attr_type;
-       TNC_Result result;
+       TNC_Result result = TNC_RESULT_SUCCESS;
        bool fatal_error = FALSE;
 
+       /* generate an outgoing PA-TNC message - we might need it */
+       out_msg = imc_msg_create_as_reply(in_msg);
+
        /* parse received PA-TNC message and handle local and remote errors */
-       result = in_msg->receive(in_msg, &fatal_error);
+       result = in_msg->receive(in_msg, out_msg, &fatal_error);
        if (result != TNC_RESULT_SUCCESS)
        {
+               out_msg->destroy(out_msg);
                return result;
        }
 
@@ -308,16 +311,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 
        if (fatal_error)
        {
-               return TNC_RESULT_FATAL;
+               result = TNC_RESULT_FATAL;
        }
-
-       /* if no assessment result is known then repeat the measurement */
-       if (state->get_result(state, in_msg->get_dst_id(in_msg), NULL))
+       else
        {
-               return TNC_RESULT_SUCCESS;
+               /* if no assessment result is known then repeat the measurement */
+               if (!state->get_result(state, in_msg->get_dst_id(in_msg), NULL))
+               {
+                       create_message(state, out_msg);
+               }
+               result = out_msg->send(out_msg, TRUE);
        }
-       out_msg = imc_msg_create_as_reply(in_msg);
-       result = send_message(state, out_msg);
        out_msg->destroy(out_msg);
 
        return result;
index e7beca0..d3f6805 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -64,6 +64,11 @@ struct private_imc_test_state_t {
        u_int32_t max_msg_len;
 
        /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
+
+       /**
         * Command to transmit to IMV
         */
        char *command;
@@ -130,6 +135,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
        return this->max_msg_len;
 }
 
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+       private_imc_test_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imc_state_t, change_state, void,
        private_imc_test_state_t *this, TNC_ConnectionState new_state)
 {
@@ -195,6 +206,7 @@ METHOD(imc_state_t, destroy, void,
        private_imc_test_state_t *this)
 {
        this->results->destroy_function(this->results, free);
+       this->contracts->destroy(this->contracts);
        free(this->command);
        free(this);
 }
@@ -261,6 +273,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
                                .set_flags = _set_flags,
                                .set_max_msg_len = _set_max_msg_len,
                                .get_max_msg_len = _get_max_msg_len,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .set_result = _set_result,
                                .get_result = _get_result,
@@ -275,6 +288,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
                .state = TNC_CONNECTION_STATE_CREATE,
                .results = linked_list_create(),
                .connection_id = connection_id,
+               .contracts = seg_contract_manager_create(),
                .command = strdup(command),
                .dummy_size = dummy_size,
                .first_handshake = TRUE,
index dc8474a..24f803d 100644 (file)
@@ -76,6 +76,11 @@ struct private_imv_os_state_t {
        imv_session_t *session;
 
        /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
+
+       /**
         * IMV action recommendation
         */
        TNC_IMV_Action_Recommendation rec;
@@ -327,6 +332,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
        return this->session;
 }
 
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+       private_imv_os_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imv_state_t, get_recommendation, void,
        private_imv_os_state_t *this, TNC_IMV_Action_Recommendation *rec,
                                                                  TNC_IMV_Evaluation_Result *eval)
@@ -461,6 +472,7 @@ METHOD(imv_state_t, destroy, void,
        DESTROY_IF(this->session);
        DESTROY_IF(this->reason_string);
        DESTROY_IF(this->remediation_string);
+       this->contracts->destroy(this->contracts);
        this->update_packages->destroy_function(this->update_packages, free);
        this->remove_packages->destroy_function(this->remove_packages, free);
        free(this);
@@ -571,6 +583,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
                                .get_action_flags = _get_action_flags,
                                .set_session = _set_session,
                                .get_session = _get_session,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .get_recommendation = _get_recommendation,
                                .set_recommendation = _set_recommendation,
@@ -593,6 +606,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
                .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
                .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
                .connection_id = connection_id,
+               .contracts = seg_contract_manager_create(),
                .update_packages = linked_list_create(),
                .remove_packages = linked_list_create(),
        );
index 24a49a7..8f9593f 100644 (file)
@@ -71,6 +71,11 @@ struct private_imv_scanner_state_t {
        imv_session_t *session;
 
        /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
+
+       /**
         * IMV action recommendation
         */
        TNC_IMV_Action_Recommendation rec;
@@ -211,6 +216,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
        return this->session;
 }
 
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+       private_imv_scanner_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imv_state_t, change_state, void,
        private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
 {
@@ -299,6 +310,7 @@ METHOD(imv_state_t, destroy, void,
        DESTROY_IF(this->reason_string);
        DESTROY_IF(this->remediation_string);
        DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+       this->contracts->destroy(this->contracts);
        this->violating_ports->destroy_function(this->violating_ports, free);
        free(this);
 }
@@ -354,6 +366,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
                                .get_action_flags = _get_action_flags,
                                .set_session = _set_session,
                                .get_session= _get_session,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .get_recommendation = _get_recommendation,
                                .set_recommendation = _set_recommendation,
@@ -372,6 +385,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
                .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
                .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
                .connection_id = connection_id,
+               .contracts = seg_contract_manager_create(),
                .violating_ports = linked_list_create(),
        );
 
index 3564456..c20d00b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2013 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -66,6 +66,11 @@ struct private_imv_test_state_t {
        imv_session_t *session;
 
        /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
+
+       /**
         * IMV action recommendation
         */
        TNC_IMV_Action_Recommendation rec;
@@ -162,6 +167,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
        return this->session;
 }
 
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+       private_imv_test_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imv_state_t, change_state, void,
        private_imv_test_state_t *this, TNC_ConnectionState new_state)
 {
@@ -220,6 +231,7 @@ METHOD(imv_state_t, destroy, void,
 {
        DESTROY_IF(this->session);
        DESTROY_IF(this->reason_string);
+       this->contracts->destroy(this->contracts);
        this->imcs->destroy_function(this->imcs, free);
        free(this);
 }
@@ -307,6 +319,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
                                .get_max_msg_len = _get_max_msg_len,
                                .set_session = _set_session,
                                .get_session = _get_session,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .get_recommendation = _get_recommendation,
                                .set_recommendation = _set_recommendation,
@@ -323,6 +336,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
                .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
                .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
                .connection_id = connection_id,
+               .contracts = seg_contract_manager_create(),
                .imcs = linked_list_create(),
        );
 
diff --git a/src/libimcv/seg_contract/seg_contract.c b/src/libimcv/seg_contract/seg_contract.c
new file mode 100644 (file)
index 0000000..729bcbc
--- /dev/null
@@ -0,0 +1,245 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_contract.h"
+
+#include <utils/debug.h>
+
+#include <tncif_pa_subtypes.h>
+
+typedef struct private_seg_contract_t private_seg_contract_t;
+
+/**
+ * Private data of a seg_contract_t object.
+ *
+ */
+struct private_seg_contract_t {
+
+       /**
+        * Public seg_contract_t interface.
+        */
+       seg_contract_t public;
+
+       /**
+        * PA-TNC message type
+        */
+       pen_type_t msg_type;
+
+       /**
+        * Maximum PA-TNC attribute size
+        */
+       uint32_t max_attr_size;
+
+       /**
+        * Maximum PA-TNC attribute segment size
+        */
+       uint32_t max_seg_size;
+
+       /**
+        * Is this a null contract?
+        */
+       bool is_null;
+
+       /**
+        * Contract role
+        */
+       bool is_issuer;
+
+       /**
+        * Issuer ID (either IMV ID or IMC ID)
+        */
+       TNC_UInt32 issuer_id;
+
+       /**
+        * IMC/IMV role
+        */
+       bool is_imc;
+
+};
+
+METHOD(seg_contract_t, get_msg_type, pen_type_t,
+       private_seg_contract_t *this)
+{
+       return this->msg_type;
+}
+
+METHOD(seg_contract_t, set_max_size, void,
+       private_seg_contract_t *this, uint32_t max_attr_size, uint32_t max_seg_size)
+{
+       this->max_attr_size = max_attr_size;
+       this->max_seg_size = max_seg_size;
+       this->is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE &&
+                                       max_seg_size  == SEG_CONTRACT_MAX_SIZE_VALUE;
+}
+
+METHOD(seg_contract_t, get_max_size, void,
+       private_seg_contract_t *this, uint32_t *max_attr_size, uint32_t *max_seg_size)
+{
+       if (max_attr_size)
+       {
+               *max_attr_size = this->max_attr_size;
+       }
+       if (max_seg_size)
+       {
+               *max_seg_size = this->max_seg_size;
+       }
+}
+
+METHOD(seg_contract_t, is_issuer, bool,
+       private_seg_contract_t *this)
+{
+       return this->is_issuer;
+}
+
+METHOD(seg_contract_t, is_null, bool,
+       private_seg_contract_t *this)
+{
+       return this->is_null;
+}
+
+METHOD(seg_contract_t, get_info_string, void,
+       private_seg_contract_t *this, char *buf, size_t len)
+{
+       enum_name_t *pa_subtype_names;
+       uint32_t msg_vid, msg_subtype;
+       char *pos = buf;
+       int written;
+
+       /* nul-terminate the string buffer */
+       buf[--len] = '\0';
+
+       if (this->is_issuer)
+       {
+               written = snprintf(pos, len, "%s %d requests",
+                                                 this->is_imc ? "IMC" : "IMV", this->issuer_id);
+       }
+       else
+       {
+               written = snprintf(pos, len, "received");
+       }
+       if (written < 0 || written > len)
+       {
+               return;
+       }
+       pos += written;
+       len -= written;
+
+       written = snprintf(pos, len, " a %ssegmentation contract ",
+                                          this->is_null ? "null" : "");
+       if (written < 0 || written > len)
+       {
+               return;
+       }
+       pos += written;
+       len -= written;
+
+       if (!this->is_issuer && this->issuer_id != TNC_IMVID_ANY)
+       {
+               written = snprintf(pos, len, "from %s %d ",
+                                                  this->is_imc ? "IMV" : "IMC", this->issuer_id);
+               if (written < 0 || written > len)
+               {
+                       return;
+               }
+               pos += written;
+               len -= written;
+       }
+
+       msg_vid     = this->msg_type.vendor_id;
+       msg_subtype = this->msg_type.type;
+       pa_subtype_names = get_pa_subtype_names(msg_vid);
+       if (pa_subtype_names)
+       {
+               written = snprintf(pos, len, "for PA message type '%N/%N' "
+                                                  "0x%06x/0x%08x", pen_names, msg_vid,
+                                                  pa_subtype_names, msg_subtype, msg_vid,
+                                                  msg_subtype);
+       }
+       else
+       {
+               written = snprintf(pos, len, "for PA message type '%N' "
+                                                  "0x%06x/0x%08x", pen_names, msg_vid,
+                                                  msg_vid, msg_subtype);
+       }
+       if (written < 0 || written > len)
+       {
+               return;
+       }
+       pos += written;
+       len -= written;
+
+       if (!this->is_null)
+       {
+               written = snprintf(pos, len, "\n  maximum attribute size of %u bytes "
+                                                  "with ", this->max_attr_size);
+               if (written < 0 || written > len)
+               {
+                       return;
+               }
+               pos += written;
+               len -= written;
+
+               if (this->max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE)
+               {
+                       written = snprintf(pos, len, "no segmentation");
+               }
+               else
+               {
+                       written = snprintf(pos, len, "maximum segment size of %u bytes",
+                                                          this->max_seg_size);
+               }
+       }
+}
+
+METHOD(seg_contract_t, destroy, void,
+       private_seg_contract_t *this)
+{
+       free(this);
+}
+
+/**
+ * See header
+ */
+seg_contract_t *seg_contract_create(pen_type_t msg_type,
+                                                                   uint32_t max_attr_size,
+                                                                       uint32_t max_seg_size,
+                                                                       bool is_issuer, TNC_UInt32 issuer_id,
+                                                                       bool is_imc)
+{
+       private_seg_contract_t *this;
+
+       INIT(this,
+               .public = {
+                       .get_msg_type = _get_msg_type,
+                       .set_max_size = _set_max_size,
+                       .get_max_size = _get_max_size,
+                       .is_issuer = _is_issuer,
+                       .is_null = _is_null,
+                       .get_info_string = _get_info_string,
+                       .destroy = _destroy,
+               },
+               .msg_type = msg_type,
+               .max_attr_size = max_attr_size,
+               .max_seg_size = max_seg_size,
+               .is_issuer = is_issuer,
+               .issuer_id = issuer_id,
+               .is_imc = is_imc,
+               .is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE &&
+                                  max_seg_size  == SEG_CONTRACT_MAX_SIZE_VALUE,
+       );
+
+       return &this->public;
+}
+
diff --git a/src/libimcv/seg_contract/seg_contract.h b/src/libimcv/seg_contract/seg_contract.h
new file mode 100644 (file)
index 0000000..eaa1142
--- /dev/null
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_contract seg_contract
+ * @{ @ingroup libimcv
+ */
+
+#ifndef SEG_CONTRACT_H_
+#define SEG_CONTRACT_H_
+
+typedef struct seg_contract_t seg_contract_t;
+
+#include <library.h>
+#include <pen/pen.h>
+
+#include <tncif.h>
+
+#define SEG_CONTRACT_MAX_SIZE_VALUE            0xffffffff
+#define SEG_CONTRACT_NO_FRAGMENTATION  SEG_CONTRACT_MAX_SIZE_VALUE
+
+/**
+ * Interface for a PA-TNC attribute segmentation contract
+ *
+ */
+struct seg_contract_t {
+
+       /**
+        * Get the PA-TNC message type.
+        *
+        * @return                                      PA-TNC Message type
+        */
+       pen_type_t (*get_msg_type)(seg_contract_t *this);
+
+       /**
+        * Set maximum PA-TNC attribute and segment size in octets
+        *
+        * @param max_attr_size         Maximum PA-TNC attribute size in octets
+        * @param max_seg_size          Maximum PA-TNC attribute segment size in octets
+        */
+       void (*set_max_size)(seg_contract_t *this, uint32_t max_attr_size,
+                                                                                          uint32_t max_seg_size);
+
+       /**
+        * Get maximum PA-TNC attribute and segment size in octets
+        *
+        * @param max_attr_size         Maximum PA-TNC attribute size in octets
+        * @param max_seg_size          Maximum PA-TNC attribute segment size in octets
+        */
+       void (*get_max_size)(seg_contract_t *this, uint32_t *max_attr_size,
+                                                                                          uint32_t *max_seg_size);
+
+       /**
+        * Get contract role
+        *
+        * @return                                      TRUE:  contracting party (issuer),
+        *                                                      FALSE: contracted party 
+        */
+       bool (*is_issuer)(seg_contract_t *this);
+
+       /**
+        * Is this a null contract ?
+        *
+        * @return                                      TRUE if null contract
+        */
+       bool (*is_null)(seg_contract_t *this);
+
+       /**
+        * Get an info string about the contract
+        *
+        * @param buf                           String buffer of at least size len
+        * @param len                           Size of string buffer
+        */
+       void (*get_info_string)(seg_contract_t *this, char *buf, size_t len);
+
+       /**
+        * Destroys a seg_contract_t object.
+        */
+       void (*destroy)(seg_contract_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segmentation contract 
+ *
+ * @param msg_type                             PA-TNC message type
+ * @param max_attr_size                Maximum PA-TNC attribute size in octets
+ * @param max_seg_size         Maximum PA-TNC attribute segment size in octets
+ * @param is_issuer                    TRUE if issuer of the contract
+ * @param issuer_id                    IMC or IMV ID of issuer
+ * @param is_imc                       TRUE if IMC, FALSE if IMV
+ */
+seg_contract_t* seg_contract_create(pen_type_t msg_type,
+                                                                       uint32_t max_attr_size,
+                                                                       uint32_t max_seg_size,
+                                                                       bool is_issuer, TNC_UInt32 issuer_id,
+                                                                       bool is_imc);
+
+#endif /** SEG_CONTRACT_H_ @}*/
diff --git a/src/libimcv/seg_contract/seg_contract_manager.c b/src/libimcv/seg_contract/seg_contract_manager.c
new file mode 100644 (file)
index 0000000..d099436
--- /dev/null
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_contract_manager.h"
+
+typedef struct private_seg_contract_manager_t private_seg_contract_manager_t;
+
+/**
+ * Private data of a seg_contract_manager_t object.
+ *
+ */
+struct private_seg_contract_manager_t {
+
+       /**
+        * Public seg_contract_manager_t interface.
+        */
+       seg_contract_manager_t public;
+
+       /**
+        * List of PA-TNC segmentation contracts
+        */
+       linked_list_t *contracts;
+
+};
+
+METHOD(seg_contract_manager_t, add_contract, void,
+       private_seg_contract_manager_t *this, seg_contract_t *contract)
+{
+       this->contracts->insert_last(this->contracts, contract);
+}
+
+METHOD(seg_contract_manager_t, get_contract, seg_contract_t*,
+       private_seg_contract_manager_t *this, pen_type_t msg_type, bool is_issuer)
+{
+       enumerator_t *enumerator;
+       seg_contract_t *contract, *found = NULL;
+
+       enumerator = this->contracts->create_enumerator(this->contracts);
+       while (enumerator->enumerate(enumerator, &contract))
+       {
+               if (contract->is_issuer(contract) == is_issuer &&
+                       pen_type_equals(contract->get_msg_type(contract), msg_type))
+               {
+                       found = contract;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+
+       return found;
+}
+
+METHOD(seg_contract_manager_t, destroy, void,
+       private_seg_contract_manager_t *this)
+{
+       this->contracts->destroy_offset(this->contracts,
+                                                                       offsetof(seg_contract_t, destroy));
+       free(this);
+}
+
+/**
+ * See header
+ */
+seg_contract_manager_t *seg_contract_manager_create(void)
+{
+       private_seg_contract_manager_t *this;
+
+       INIT(this,
+               .public = {
+                       .add_contract = _add_contract,
+                       .get_contract = _get_contract,
+                       .destroy = _destroy,
+               },
+               .contracts = linked_list_create(),
+       );
+
+       return &this->public;
+}
+
diff --git a/src/libimcv/seg_contract/seg_contract_manager.h b/src/libimcv/seg_contract/seg_contract_manager.h
new file mode 100644 (file)
index 0000000..355822d
--- /dev/null
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_contract_manager seg_contract_manager
+ * @{ @ingroup libimcv
+ */
+
+#ifndef SEG_CONTRACT_MANAGER_H_
+#define SEG_CONTRACT_MANAGER_H_
+
+typedef struct seg_contract_manager_t seg_contract_manager_t;
+
+#include "seg_contract.h"
+
+/**
+ * Interface for a PA-TNC attribute segmentation contract manager
+ *
+ */
+struct seg_contract_manager_t {
+
+       /**
+        * Add segmentation contract
+        *
+        * @param contract                      Segmentation contract to be added
+        */
+       void (*add_contract)(seg_contract_manager_t *this, seg_contract_t *contract);
+
+       /**
+        * Get segmentation contract
+        *
+        * @param msg_type                      PA-TNC message type governed by contract
+        * @param is_issuer                     If TRUE get only issuer contracts
+        */
+       seg_contract_t* (*get_contract)(seg_contract_manager_t *this,
+                                                                       pen_type_t msg_type, bool is_issuer);
+
+       /**
+        * Destroys a seg_contract_manager_t object.
+        */
+       void (*destroy)(seg_contract_manager_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segmentation contract manager
+ */
+seg_contract_manager_t* seg_contract_manager_create();
+
+#endif /** SEG_CONTRACT_MANAGER_H_ @}*/
index ea685d8..be5c26c 100644 (file)
@@ -69,6 +69,8 @@ libpts_la_SOURCES = \
        tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
        tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
        tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
+       tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
+       tcg/seg/tcg_seg_attr_seg_env.h \
        tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
        tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
        tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
index 74bbc46..f7652f3 100644 (file)
@@ -164,13 +164,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
        TNC_Result result;
        bool fatal_error = FALSE;
 
+       /* generate an outgoing PA-TNC message - we might need it */
+       out_msg = imc_msg_create_as_reply(in_msg);
+
        /* parse received PA-TNC message and handle local and remote errors */
-       result = in_msg->receive(in_msg, &fatal_error);
+       result = in_msg->receive(in_msg, out_msg, &fatal_error);
        if (result != TNC_RESULT_SUCCESS)
        {
+               out_msg->destroy(out_msg);
                return result;
        }
-       out_msg = imc_msg_create_as_reply(in_msg);
 
        /* analyze PA-TNC attributes */
        enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -217,7 +220,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 
        if (result == TNC_RESULT_SUCCESS)
        {
-               /* send PA-TNC message with the excl flag set */
+               /* send PA-TNC message with the EXCL flag set */
                result = out_msg->send(out_msg, TRUE);
        }
        out_msg->destroy(out_msg);
index 4fcbdfa..ea6742f 100644 (file)
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -66,6 +67,11 @@ struct private_imc_attestation_state_t {
        u_int32_t max_msg_len;
 
        /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
+
+       /**
         * PTS object
         */
        pts_t *pts;
@@ -119,6 +125,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
        return this->max_msg_len;
 }
 
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+       private_imc_attestation_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imc_state_t, change_state, void,
        private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
 {
@@ -151,6 +163,7 @@ METHOD(imc_state_t, destroy, void,
                                                        offsetof(pts_component_t, destroy));
        this->list->destroy_offset(this->list,
                                                        offsetof(pts_comp_evidence_t, destroy));
+       this->contracts->destroy(this->contracts);
        free(this);
 }
 
@@ -220,6 +233,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
                                .set_flags = _set_flags,
                                .set_max_msg_len = _set_max_msg_len,
                                .get_max_msg_len = _get_max_msg_len,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .set_result = _set_result,
                                .get_result = _get_result,
@@ -233,6 +247,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
                .connection_id = connection_id,
                .state = TNC_CONNECTION_STATE_CREATE,
                .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+               .contracts = seg_contract_manager_create(),
                .pts = pts_create(TRUE),
                .components = linked_list_create(),
                .list = linked_list_create(),
index b8aa922..5da367b 100644 (file)
@@ -306,13 +306,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
        TNC_Result result;
        bool fatal_error = FALSE;
 
+       /* generate an outgoing PA-TNC message - we might need it */
+       out_msg = imc_msg_create_as_reply(in_msg);
+
        /* parse received PA-TNC message and handle local and remote errors */
-       result = in_msg->receive(in_msg, &fatal_error);
+       result = in_msg->receive(in_msg, out_msg, &fatal_error);
        if (result != TNC_RESULT_SUCCESS)
        {
+               out_msg->destroy(out_msg);
                return result;
        }
-       out_msg = imc_msg_create_as_reply(in_msg);
 
        /* analyze PA-TNC attributes */
        enumerator = in_msg->create_attribute_enumerator(in_msg);
@@ -358,6 +361,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
        }
        else
        {
+               /* send PA-TNC message with the EXCL flag set */
                result = out_msg->send(out_msg, TRUE);
        }
        out_msg->destroy(out_msg);
index 11f4673..65c279b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -62,6 +62,11 @@ struct private_imc_swid_state_t {
        u_int32_t max_msg_len;
 
        /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
+
+       /**
         * Event ID Epoch
         */
        u_int32_t eid_epoch;
@@ -104,6 +109,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t,
        return this->max_msg_len;
 }
 
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+       private_imc_swid_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imc_state_t, change_state, void,
        private_imc_swid_state_t *this, TNC_ConnectionState new_state)
 {
@@ -131,6 +142,7 @@ METHOD(imc_state_t, get_result, bool,
 METHOD(imc_state_t, destroy, void,
        private_imc_swid_state_t *this)
 {
+       this->contracts->destroy(this->contracts);
        free(this);
 }
 
@@ -169,6 +181,7 @@ imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id)
                                .set_flags = _set_flags,
                                .set_max_msg_len = _set_max_msg_len,
                                .get_max_msg_len = _get_max_msg_len,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .set_result = _set_result,
                                .get_result = _get_result,
@@ -179,6 +192,7 @@ imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id)
                .state = TNC_CONNECTION_STATE_CREATE,
                .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
                .connection_id = connection_id,
+               .contracts = seg_contract_manager_create(),
                .eid_epoch = eid_epoch,
        );
 
index 11afbc2..feccb6d 100644 (file)
@@ -76,6 +76,11 @@ struct private_imv_attestation_state_t {
        imv_session_t *session;
 
        /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
+
+       /**
         * IMV Attestation handshake state
         */
        imv_attestation_handshake_state_t handshake_state;
@@ -240,6 +245,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
        return this->session;
 }
 
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+       private_imv_attestation_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imv_state_t, change_state, void,
        private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
 {
@@ -335,6 +346,7 @@ METHOD(imv_state_t, destroy, void,
        DESTROY_IF(this->reason_string);
        this->components->destroy_function(this->components, (void *)free_func_comp);
        this->pts->destroy(this->pts);
+       this->contracts->destroy(this->contracts);
        free(this);
 }
 
@@ -513,6 +525,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
                                .get_action_flags = _get_action_flags,
                                .set_session = _set_session,
                                .get_session = _get_session,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .get_recommendation = _get_recommendation,
                                .set_recommendation = _set_recommendation,
@@ -538,6 +551,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
                .handshake_state = IMV_ATTESTATION_STATE_INIT,
                .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
                .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+               .contracts = seg_contract_manager_create(),
                .components = linked_list_create(),
                .pts = pts_create(FALSE),
        );
index 3053b26..b17eb4a 100644 (file)
@@ -23,6 +23,8 @@
 #include "libpts.h"
 #include "swid/swid_error.h"
 #include "swid/swid_inventory.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
 #include "tcg/swid/tcg_swid_attr_req.h"
 #include "tcg/swid/tcg_swid_attr_tag_inv.h"
 #include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
@@ -43,6 +45,8 @@
 
 typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
 
+#define SWID_MAX_ATTR_SIZE     1000000000
+
 /* Subscribed PA-TNC message subtypes */
 static pen_type_t msg_types[] = {
        { PEN_TCG, PA_SUBTYPE_TCG_SWID }
@@ -411,6 +415,12 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
        if (handshake_state == IMV_SWID_STATE_INIT &&
                session->get_policy_started(session))
        {
+               size_t max_attr_size = SWID_MAX_ATTR_SIZE;
+               size_t max_seg_size;
+               seg_contract_t *contract;
+               seg_contract_manager_t *contracts;
+               char buf[BUF_LEN];
+
                enumerator = session->create_workitem_enumerator(session);
                if (enumerator)
                {
@@ -435,6 +445,25 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
                                {
                                        flags |= TCG_SWID_ATTR_REQ_FLAG_C;
                                }
+
+                               /* Determine maximum PA-TNC attribute segment size */
+                               max_seg_size = state->get_max_msg_len(state)
+                                                               - PA_TNC_HEADER_SIZE 
+                                                               - PA_TNC_ATTR_HEADER_SIZE
+                                                               - TCG_SEG_ATTR_SEG_ENV_HEADER;
+
+                               /* Announce support of PA-TNC segmentation to IMC */
+                               contract = seg_contract_create(msg_types[0], max_attr_size,
+                                                                       max_seg_size, TRUE, imv_id, FALSE);
+                               contract->get_info_string(contract, buf, BUF_LEN);
+                               DBG2(DBG_IMV, "%s", buf);
+                               contracts = state->get_contracts(state);
+                               contracts->add_contract(contracts, contract);
+                               attr = tcg_seg_attr_max_size_create(max_attr_size,
+                                                                                                       max_seg_size, TRUE);
+                               out_msg->add_attribute(out_msg, attr);
+
+                               /* Issue a SWID request */
                                request_id = workitem->get_id(workitem);
                                swid_state->set_request_id(swid_state, request_id);
                                attr = tcg_swid_attr_req_create(flags, request_id, 0);
@@ -442,7 +471,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
                                workitem->set_imv_id(workitem, imv_id);
                                no_workitems = FALSE;
                                DBG2(DBG_IMV, "IMV %d issues SWID request %d",
-                                                imv_id, request_id);
+                                                          imv_id, request_id);
                                break;
                        }
                        enumerator->destroy(enumerator);
@@ -688,6 +717,8 @@ imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id,
        {
                return NULL;
        }
+       agent->add_non_fatal_attr_type(agent,
+                               pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ));
 
        INIT(this,
                .public = {
index c68b57e..885de62 100644 (file)
@@ -68,11 +68,16 @@ struct private_imv_swid_state_t {
        uint32_t action_flags;
 
        /**
-        * IMV database session associatied with TNCCS connection
+        * IMV database session associated with TNCCS connection
         */
        imv_session_t *session;
 
        /**
+        * PA-TNC attribute segmentation contracts associated with TNCCS connection
+        */
+       seg_contract_manager_t *contracts;
+
+       /**
         * IMV action recommendation
         */
        TNC_IMV_Action_Recommendation rec;
@@ -190,6 +195,12 @@ METHOD(imv_state_t, get_session, imv_session_t*,
        return this->session;
 }
 
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+       private_imv_swid_state_t *this)
+{
+       return this->contracts;
+}
+
 METHOD(imv_state_t, change_state, void,
        private_imv_swid_state_t *this, TNC_ConnectionState new_state)
 {
@@ -241,6 +252,7 @@ METHOD(imv_state_t, destroy, void,
        DESTROY_IF(this->session);
        DESTROY_IF(this->reason_string);
        DESTROY_IF(this->remediation_string);
+       this->contracts->destroy(this->contracts);
        free(this);
 }
 
@@ -353,6 +365,7 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
                                .get_action_flags = _get_action_flags,
                                .set_session = _set_session,
                                .get_session= _get_session,
+                               .get_contracts = _get_contracts,
                                .change_state = _change_state,
                                .get_recommendation = _get_recommendation,
                                .set_recommendation = _set_recommendation,
@@ -376,6 +389,7 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
                .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
                .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
                .connection_id = connection_id,
+               .contracts = seg_contract_manager_create(),
                .jobj = json_object_new_object(),
                .jarray = json_object_new_array(),
        );
diff --git a/src/libpts/tcg/seg/tcg_seg_attr_max_size.c b/src/libpts/tcg/seg/tcg_seg_attr_max_size.c
new file mode 100644 (file)
index 0000000..8e82314
--- /dev/null
@@ -0,0 +1,233 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_seg_attr_max_size.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_seg_attr_max_size_t private_tcg_seg_attr_max_size_t;
+
+/**
+ * Maximum Attribute Size Request/Response
+ * see TCG IF-M Segmentation Specification
+ *
+ *                          1                   2                                   3
+ *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                       Max Attribute Size                      |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |                        Max Segment Size                       |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of an tcg_seg_attr_max_size_t object.
+ */
+struct private_tcg_seg_attr_max_size_t {
+
+       /**
+        * Public members of tcg_seg_attr_max_size_t
+        */
+       tcg_seg_attr_max_size_t public;
+
+       /**
+        * Vendor-specific attribute type
+        */
+       pen_type_t type;
+
+       /**
+        * Attribute value
+        */
+       chunk_t value;
+
+       /**
+        * Noskip flag
+        */
+       bool noskip_flag;
+
+       /**
+        * Maximum IF-M attribute size in octets
+        */
+       uint32_t max_attr_size;
+
+       /**
+        * Maximum IF-M attribute segment size in octets
+        */
+       uint32_t max_seg_size;
+
+       /**
+        * Reference count
+        */
+       refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+       private_tcg_seg_attr_max_size_t *this)
+{
+       return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+       private_tcg_seg_attr_max_size_t *this)
+{
+       return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+       private_tcg_seg_attr_max_size_t *this)
+{
+       return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+       private_tcg_seg_attr_max_size_t *this, bool noskip)
+{
+       this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+       private_tcg_seg_attr_max_size_t *this)
+{
+       bio_writer_t *writer;
+
+       if (this->value.ptr)
+       {
+               return;
+       }
+       writer = bio_writer_create(TCG_SEG_ATTR_MAX_SIZE_SIZE);
+       writer->write_uint32(writer, this->max_attr_size);
+       writer->write_uint32(writer, this->max_seg_size);
+
+       this->value = writer->extract_buf(writer);
+       writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+       private_tcg_seg_attr_max_size_t *this, u_int32_t *offset)
+{
+       bio_reader_t *reader;
+
+       if (this->value.len < TCG_SEG_ATTR_MAX_SIZE_SIZE)
+       {
+               DBG1(DBG_TNC, "insufficient data for %N", tcg_attr_names,
+                                                                                                 this->type.type);
+               *offset = 0;
+               return FAILED;
+       }
+       reader = bio_reader_create(this->value);
+       reader->read_uint32(reader, &this->max_attr_size);
+       reader->read_uint32(reader, &this->max_seg_size);
+       reader->destroy(reader);
+
+       return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+       private_tcg_seg_attr_max_size_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               free(this->value.ptr);
+               free(this);
+       }
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+       private_tcg_seg_attr_max_size_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public.pa_tnc_attribute;
+}
+
+METHOD(tcg_seg_attr_max_size_t, get_attr_size, void,
+       private_tcg_seg_attr_max_size_t *this, uint32_t *max_attr_size,
+                                                                                  uint32_t *max_seg_size)
+{
+       if (max_attr_size)
+       {
+               *max_attr_size = this->max_attr_size;
+       }
+       if (max_seg_size)
+       {
+               *max_seg_size = this->max_seg_size;
+       }
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size,
+                                                                                       uint32_t max_seg_size,
+                                                                                       bool request)
+{
+       private_tcg_seg_attr_max_size_t *this;
+
+       INIT(this,
+               .public = {
+                       .pa_tnc_attribute = {
+                               .get_type = _get_type,
+                               .get_value = _get_value,
+                               .get_noskip_flag = _get_noskip_flag,
+                               .set_noskip_flag = _set_noskip_flag,
+                               .build = _build,
+                               .process = _process,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+                       .get_attr_size = _get_attr_size,
+               },
+               .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ :
+                                                                        TCG_SEG_MAX_ATTR_SIZE_RESP },
+               .max_attr_size = max_attr_size,
+               .max_seg_size = max_seg_size,
+               .ref = 1,
+       );
+
+       return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_seg_attr_max_size_create_from_data(chunk_t data,
+                                                                                                         bool request)
+{
+       private_tcg_seg_attr_max_size_t *this;
+
+       INIT(this,
+               .public = {
+                       .pa_tnc_attribute = {
+                               .get_type = _get_type,
+                               .get_value = _get_value,
+                               .get_noskip_flag = _get_noskip_flag,
+                               .set_noskip_flag = _set_noskip_flag,
+                               .build = _build,
+                               .process = _process,
+                               .get_ref = _get_ref,
+                               .destroy = _destroy,
+                       },
+                       .get_attr_size = _get_attr_size,
+               },
+               .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ :
+                                                                        TCG_SEG_MAX_ATTR_SIZE_RESP },
+               .value = chunk_clone(data),
+               .ref = 1,
+       );
+
+       return &this->public.pa_tnc_attribute;
+}
diff --git a/src/libpts/tcg/seg/tcg_seg_attr_max_size.h b/src/libpts/tcg/seg/tcg_seg_attr_max_size.h
new file mode 100644 (file)
index 0000000..404e85a
--- /dev/null
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_max_size tcg_seg_attr_max_size
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_MAX_SIZE_H_
+#define TCG_SEG_ATTR_MAX_SIZE_H_
+
+typedef struct tcg_seg_attr_max_size_t tcg_seg_attr_max_size_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_MAX_SIZE_SIZE             8
+
+/**
+ * Class implementing the TCG Segmentation Maximum Attribute Size Attribute
+ */
+struct tcg_seg_attr_max_size_t {
+
+       /**
+        * Public PA-TNC attribute interface
+        */
+       pa_tnc_attr_t pa_tnc_attribute;
+
+       /**
+        * Get maximum IF-M attribute and segment size in octets
+        *
+        * @param max_attr_size         Maximum IF-M attribute size in octets
+        * @param max_seg_size          Maximum IF-M attribute segment size in octets
+        */
+       void (*get_attr_size)(tcg_seg_attr_max_size_t *this,
+                                                 uint32_t *max_attr_size, uint32_t *max_seg_size);
+
+};
+
+/**
+ * Creates an tcg_seg_attr_max_size_t object
+ *
+ * @param max_attr_size                Maximum IF-M attribute size in octets
+ * @param max_seg_size         Maximum IF-M attribute segment size in octets
+ * @param request                      TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size,
+                                                                                       uint32_t max_seg_size,
+                                                                                       bool request);
+
+/**
+ * Creates an tcg_seg_attr_max_size_t object from received data
+ *
+ * @param value                                unparsed attribute value
+ * @param request                      TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create_from_data(chunk_t value,
+                                                                                                         bool request);
+
+#endif /** TCG_SEG_ATTR_MAX_SIZE_H_ @}*/
diff --git a/src/libpts/tcg/seg/tcg_seg_attr_seg_env.h b/src/libpts/tcg/seg/tcg_seg_attr_seg_env.h
new file mode 100644 (file)
index 0000000..84cac8c
--- /dev/null
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_seg_env tcg_seg_attr_seg_env
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_SEG_ENV_H_
+#define TCG_SEG_ATTR_SEG_ENV_H_
+
+typedef struct tcg_seg_attr_seg_env_t tcg_seg_attr_seg_env_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_SEG_ENV_HEADER            4
+
+/**
+ * Class implementing the TCG Segmentation Envelope Attribute
+ */
+struct tcg_seg_attr_seg_env_t {
+
+       /**
+        * Public PA-TNC attribute interface
+        */
+       pa_tnc_attr_t pa_tnc_attribute;
+
+};
+
+/**
+ * Creates an tcg_seg_attr_seg_env_t object
+ *
+ * @param max_attr_size                Maximum IF-M attribute size in octets
+ * @param max_seg_size         Maximum IF-M attribute segment size in octets
+ * @param request                      TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create(chunk_t segment, uint8_t flags);
+
+/**
+ * Creates an tcg_seg_attr_seg_env_t object from received data
+ *
+ * @param value                                unparsed attribute value
+ * @param request                      TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create_from_data(chunk_t value);
+
+#endif /** TCG_SEG_ATTR_SEG_ENV_H_ @}*/
index f9c6c46..064b0eb 100644 (file)
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -33,6 +34,7 @@
 #include "tcg/swid/tcg_swid_attr_req.h"
 #include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
 #include "tcg/swid/tcg_swid_attr_tag_inv.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
 
 ENUM_BEGIN(tcg_attr_names,     TCG_SCAP_REFERENCES,
                                                        TCG_SCAP_SUMMARY_RESULTS,
@@ -50,9 +52,17 @@ ENUM_NEXT(tcg_attr_names,    TCG_SWID_REQUEST,
        "SWID Tag Identifier Events",
        "SWID Tag Inventory",
        "SWID Tag Events");
+ENUM_NEXT(tcg_attr_names,      TCG_SEG_MAX_ATTR_SIZE_REQ,
+                                                       TCG_SEG_CANCEL_SEG_EXCH,
+                                                       TCG_SWID_TAG_EVENTS,
+       "Max Attribute Size Request",
+       "Max Attribute Size Response",
+       "Attribute Segment Envelope",
+       "Next Segment Request",
+       "Cancel Segment Exchange");
 ENUM_NEXT(tcg_attr_names,      TCG_PTS_REQ_FUNC_COMP_EVID,
                                                        TCG_PTS_REQ_FUNC_COMP_EVID,
-                                                       TCG_SWID_TAG_EVENTS,
+                                                       TCG_SEG_CANCEL_SEG_EXCH,
        "Request Functional Component Evidence");
 ENUM_NEXT(tcg_attr_names,      TCG_PTS_GEN_ATTEST_EVID,
                                                        TCG_PTS_GEN_ATTEST_EVID,
@@ -181,6 +191,10 @@ pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value)
                        return tcg_swid_attr_tag_id_inv_create_from_data(value);
                case TCG_SWID_TAG_INVENTORY:
                        return tcg_swid_attr_tag_inv_create_from_data(value);
+               case TCG_SEG_MAX_ATTR_SIZE_REQ:
+                       return tcg_seg_attr_max_size_create_from_data(value, TRUE);
+               case TCG_SEG_MAX_ATTR_SIZE_RESP:
+                       return tcg_seg_attr_max_size_create_from_data(value, FALSE);
                case TCG_PTS_REQ_PROTO_CAPS:
                        return tcg_pts_attr_proto_caps_create_from_data(value, TRUE);
                case TCG_PTS_PROTO_CAPS:
index 085dae6..3964c8c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -46,6 +46,13 @@ enum tcg_attr_t {
        TCG_SWID_TAG_INVENTORY =              0x00000014,
        TCG_SWID_TAG_EVENTS =                 0x00000015,
 
+       /* IF-M Attribute Segmentation */
+       TCG_SEG_MAX_ATTR_SIZE_REQ =           0x00000021,
+       TCG_SEG_MAX_ATTR_SIZE_RESP =          0x00000022,
+       TCG_SEG_ATTR_SEG_ENV =                0x00000023,
+       TCG_SEG_NEXT_SEG_REQ =                0x00000024,
+       TCG_SEG_CANCEL_SEG_EXCH =             0x00000025,
+
        /* PTS Protocol Negotiations */
        TCG_PTS_REQ_PROTO_CAPS =              0x01000000,
        TCG_PTS_PROTO_CAPS =                  0x02000000,