SWID IMC proposes IF-M segmentation contracts
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 5 Oct 2014 10:54:43 +0000 (12:54 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 5 Oct 2014 16:43:55 +0000 (18:43 +0200)
src/libimcv/plugins/imc_swid/imc_swid.c
src/libimcv/plugins/imv_swid/imv_swid_agent.c
src/libimcv/swid/swid_inventory.h

index f4cca6a..40f352a 100644 (file)
@@ -17,6 +17,8 @@
 
 #include <imc/imc_agent.h>
 #include <imc/imc_msg.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
 #include "tcg/swid/tcg_swid_attr_req.h"
 #include "tcg/swid/tcg_swid_attr_tag_inv.h"
 #include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
@@ -110,6 +112,14 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
                                                                  TNC_ConnectionID connection_id)
 {
        imc_state_t *state;
+       imc_msg_t *out_msg;
+       pa_tnc_attr_t *attr;
+       seg_contract_t *contract;
+       seg_contract_manager_t *contracts;
+       size_t max_attr_size = SWID_MAX_ATTR_SIZE;
+       size_t max_seg_size;
+       char buf[BUF_LEN];
+       TNC_Result result = TNC_RESULT_SUCCESS;
 
        if (!imc_swid)
        {
@@ -121,7 +131,30 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
                return TNC_RESULT_FATAL;
        }
 
-       return TNC_RESULT_SUCCESS;
+       /* Determine maximum PA-TNC attribute segment size */
+       max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
+                                                                                                - PA_TNC_ATTR_HEADER_SIZE
+                                                                                                - TCG_SEG_ATTR_SEG_ENV_HEADER
+                                                                                                - PA_TNC_ATTR_HEADER_SIZE
+                                                                                                - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+       /* Announce support of PA-TNC segmentation to IMV */
+       contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
+                                                                        TRUE, imc_id, TRUE);
+       contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+       DBG2(DBG_IMC, "%s", buf);
+       contracts = state->get_contracts(state);
+       contracts->add_contract(contracts, contract);
+       attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+
+       /* send PA-TNC message with the excl flag not set */
+       out_msg = imc_msg_create(imc_swid, state, connection_id, imc_id,
+                                                        TNC_IMVID_ANY, msg_types[0]);
+       out_msg->add_attribute(out_msg, attr);
+       result = out_msg->send(out_msg, FALSE);
+       out_msg->destroy(out_msg);
+
+       return result;
 }
 
 /**
index c2da76e..5bebf32 100644 (file)
@@ -41,8 +41,6 @@
 
 typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
 
-#define SWID_MAX_ATTR_SIZE     1000000000
-
 /* Subscribed PA-TNC message subtypes */
 static pen_type_t msg_types[] = {
        { PEN_TCG, PA_SUBTYPE_TCG_SWID }
@@ -448,7 +446,9 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
                                max_seg_size = state->get_max_msg_len(state)
                                                                - PA_TNC_HEADER_SIZE 
                                                                - PA_TNC_ATTR_HEADER_SIZE
-                                                               - TCG_SEG_ATTR_SEG_ENV_HEADER;
+                                                               - TCG_SEG_ATTR_SEG_ENV_HEADER
+                                                               - PA_TNC_ATTR_HEADER_SIZE
+                                                               - TCG_SEG_ATTR_MAX_SIZE_SIZE;
 
                                /* Announce support of PA-TNC segmentation to IMC */
                                contract = seg_contract_create(msg_types[0], max_attr_size,
@@ -498,7 +498,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
                char result_str[BUF_LEN], *error_str = "", *command;
                char *target, *separator;
                int tag_id_count, tag_count, i;
-               size_t max_attr_size, attr_size, entry_size;
                chunk_t tag_creator, unique_sw_id;
                json_object *jrequest, *jresponse, *jvalue;
                tcg_swid_attr_req_t *cast_attr;
@@ -568,18 +567,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
                                        break;
                                }
 
-                               /* Compute the maximum TCG SWID Request attribute size */
-                               max_attr_size = state->get_max_msg_len(state) -
-                                                               PA_TNC_HEADER_SIZE;
-
-                               /* Create the [first] TCG SWID Request attribute */
-                               attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_REQ_MIN_SIZE;                    
+                               /* Create a TCG SWID Request attribute */
                                attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE,
                                                                swid_state->get_request_id(swid_state), 0);
-
                                tag_id_count = json_object_array_length(jresponse);
                                DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count,
                                                          (tag_id_count == 1) ? "" : "s");
+                               swid_state->set_missing(swid_state, tag_id_count);
 
                                for (i = 0; i < tag_id_count; i++)
                                {
@@ -608,18 +602,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
                                                                                                tag_creator.len - 1);
                                        tag_id = swid_tag_id_create(tag_creator, unique_sw_id,
                                                                                                chunk_empty);
-                                       entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len;
-
-                                       /* Have we reached the maximum attribute size? */
-                                       if (attr_size + entry_size > max_attr_size)
-                                       {
-                                               out_msg->add_attribute(out_msg, attr);
-                                               attr_size = PA_TNC_ATTR_HEADER_SIZE + 
-                                                                       TCG_SWID_REQ_MIN_SIZE;                  
-                                               attr = tcg_swid_attr_req_create(
-                                                                       TCG_SWID_ATTR_REQ_FLAG_NONE,
-                                                                       swid_state->get_request_id(swid_state), 0);
-                                       }
                                        cast_attr = (tcg_swid_attr_req_t*)attr;
                                        cast_attr->add_target(cast_attr, tag_id);
                                }
index 7de8bb2..52f9c66 100644 (file)
@@ -23,6 +23,9 @@
 
 #include <library.h>
 
+/* Maximum size of a SWID Tag Inventory: 100 MB */
+#define SWID_MAX_ATTR_SIZE     100000000
+
 typedef struct swid_inventory_t swid_inventory_t;
 
 /**