diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-07-12 20:01:32 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-07-12 21:26:18 +0200 |
| commit | 968c83cdebc9e24e75e02069feda9d745c03bf4b (patch) | |
| tree | 944297be41719208df709b97aad00be2af02d136 | |
| parent | c5d2e61802c86c8649f703ae22a2dd3c83074e49 (diff) | |
| download | strongswan-968c83cdebc9e24e75e02069feda9d745c03bf4b.tar.bz2 strongswan-968c83cdebc9e24e75e02069feda9d745c03bf4b.tar.xz | |
restrict PA-TNC messages to maximum size
| -rw-r--r-- | src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c | 18 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnccs_11/Makefile.am | 2 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnccs_11/tnccs_11.c | 17 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnccs_20/tnccs_20.c | 18 | ||||
| -rw-r--r-- | src/libimcv/imc/imc_agent.c | 41 | ||||
| -rw-r--r-- | src/libimcv/imc/imc_state.h | 14 | ||||
| -rw-r--r-- | src/libimcv/imv/imv_agent.c | 33 | ||||
| -rw-r--r-- | src/libimcv/imv/imv_state.h | 14 | ||||
| -rw-r--r-- | src/libimcv/plugins/imc_scanner/imc_scanner_state.c | 18 | ||||
| -rw-r--r-- | src/libimcv/plugins/imc_test/imc_test_state.c | 19 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_scanner/imv_scanner_state.c | 19 | ||||
| -rw-r--r-- | src/libimcv/plugins/imv_test/imv_test_state.c | 19 | ||||
| -rw-r--r-- | src/libpts/plugins/imc_attestation/imc_attestation_state.c | 19 | ||||
| -rw-r--r-- | src/libpts/plugins/imv_attestation/imv_attestation_state.c | 19 | ||||
| -rw-r--r-- | src/libtnccs/tnc/tnccs/tnccs_manager.h | 2 |
15 files changed, 243 insertions, 29 deletions
diff --git a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c index 64ed160d9..3a3a11104 100644 --- a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c +++ b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c @@ -75,6 +75,11 @@ struct tnccs_connection_entry_t { bool *request_handshake_retry; /** + * Maximum size of a PA-TNC message + */ + u_int32_t max_msg_len; + + /** * collection of IMV recommendations */ recommendations_t *recs; @@ -181,7 +186,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*, METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID, private_tnc_tnccs_manager_t *this, tnccs_type_t type, tnccs_t *tnccs, tnccs_send_message_t send_message, bool* request_handshake_retry, - recommendations_t **recs) + u_int32_t max_msg_len, recommendations_t **recs) { tnccs_connection_entry_t *entry; @@ -190,6 +195,7 @@ METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID, entry->tnccs = tnccs; entry->send_message = send_message; entry->request_handshake_retry = request_handshake_retry; + entry->max_msg_len = max_msg_len; if (recs) { /* we assume a TNC Server needing recommendations from IMVs */ @@ -564,16 +570,18 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, return TNC_RESULT_SUCCESS; } case TNC_ATTRIBUTEID_MAX_ROUND_TRIPS: - return uint_attribute(buffer_len, buffer, value_len, 0xffffffff); + return uint_attribute(buffer_len, buffer, value_len, + 0xffffffff); case TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE: - return uint_attribute(buffer_len, buffer, value_len, 0x00000000); + return uint_attribute(buffer_len, buffer, value_len, + entry->max_msg_len); case TNC_ATTRIBUTEID_HAS_LONG_TYPES: case TNC_ATTRIBUTEID_HAS_EXCLUSIVE: return bool_attribute(buffer_len, buffer, value_len, - entry->type == TNCCS_2_0); + entry->type == TNCCS_2_0); case TNC_ATTRIBUTEID_HAS_SOH: return bool_attribute(buffer_len, buffer, value_len, - entry->type == TNCCS_SOH); + entry->type == TNCCS_SOH); case TNC_ATTRIBUTEID_IFTNCCS_PROTOCOL: { char *protocol; diff --git a/src/libcharon/plugins/tnccs_11/Makefile.am b/src/libcharon/plugins/tnccs_11/Makefile.am index c205692d4..1d29460f8 100644 --- a/src/libcharon/plugins/tnccs_11/Makefile.am +++ b/src/libcharon/plugins/tnccs_11/Makefile.am @@ -1,6 +1,8 @@ INCLUDES = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libtls \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libtnccs \ diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11.c b/src/libcharon/plugins/tnccs_11/tnccs_11.c index 111cb5f1e..507f910f3 100644 --- a/src/libcharon/plugins/tnccs_11/tnccs_11.c +++ b/src/libcharon/plugins/tnccs_11/tnccs_11.c @@ -32,6 +32,7 @@ #include <tnc/tnccs/tnccs_manager.h> #include <debug.h> +#include <daemon.h> #include <threading/mutex.h> typedef struct private_tnccs_11_t private_tnccs_11_t; @@ -67,6 +68,11 @@ struct private_tnccs_11_t { tnccs_batch_t *batch; /** + * Maximum PA-TNC message size + */ + size_t max_msg_len; + + /** * Mutex locking the batch in construction */ mutex_t *mutex; @@ -289,8 +295,9 @@ METHOD(tls_t, process, status_t, if (this->is_server && !this->connection_id) { this->connection_id = tnc->tnccs->create_connection(tnc->tnccs, - TNCCS_1_1, (tnccs_t*)this, _send_msg, - &this->request_handshake_retry, &this->recs); + TNCCS_1_1, (tnccs_t*)this, _send_msg, + &this->request_handshake_retry, + this->max_msg_len, &this->recs); if (!this->connection_id) { return FAILED; @@ -416,7 +423,8 @@ METHOD(tls_t, build, status_t, this->connection_id = tnc->tnccs->create_connection(tnc->tnccs, TNCCS_1_1, (tnccs_t*)this, _send_msg, - &this->request_handshake_retry, NULL); + &this->request_handshake_retry, + this->max_msg_len, NULL); if (!this->connection_id) { return FAILED; @@ -545,6 +553,9 @@ tls_t *tnccs_11_create(bool is_server) }, .is_server = is_server, .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .max_msg_len = lib->settings->get_int(lib->settings, + "%s.plugins.tnccs-11.max_msg_size", 45000, + charon->name), ); return &this->public; diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c index c99c2d19b..68a14551e 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c @@ -78,11 +78,16 @@ struct private_tnccs_20_t { pb_tnc_batch_type_t batch_type; /** - * Maximum PA-TNC batch size + * Maximum PB-TNC batch size */ size_t max_batch_len; /** + * Maximum PA-TNC message size + */ + size_t max_msg_len; + + /** * Mutex locking the batch in construction */ mutex_t *mutex; @@ -407,8 +412,9 @@ METHOD(tls_t, process, status_t, if (this->is_server && !this->connection_id) { this->connection_id = tnc->tnccs->create_connection(tnc->tnccs, - TNCCS_2_0, (tnccs_t*)this, _send_msg, - &this->request_handshake_retry, &this->recs); + TNCCS_2_0, (tnccs_t*)this, _send_msg, + &this->request_handshake_retry, + this->max_msg_len, &this->recs); if (!this->connection_id) { return FAILED; @@ -583,7 +589,8 @@ METHOD(tls_t, build, status_t, this->connection_id = tnc->tnccs->create_connection(tnc->tnccs, TNCCS_2_0, (tnccs_t*)this, _send_msg, - &this->request_handshake_retry, NULL); + &this->request_handshake_retry, + this->max_msg_len, NULL); if (!this->connection_id) { return FAILED; @@ -797,6 +804,9 @@ tls_t *tnccs_20_create(bool is_server) .max_batch_len = lib->settings->get_int(lib->settings, "%s.plugins.tnccs-20.max_batch_size", 65522, charon->name), + .max_msg_len = lib->settings->get_int(lib->settings, + "%s.plugins.tnccs-20.max_msg_size", 65490, + charon->name), ); return &this->public; diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 2d181c3c2..b372c4c57 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -48,11 +48,6 @@ struct private_imc_agent_t { TNC_MessageSubtype subtype; /** - * Maximum PA-TNC Message size - */ - size_t max_msg_len; - - /** * ID of IMC as assigned by TNCC */ TNC_IMCID id; @@ -337,12 +332,31 @@ static char* get_str_attribute(private_imc_agent_t *this, TNC_ConnectionID id, return NULL; } +/** + * Read an UInt32 attribute + */ +static u_int32_t get_uint_attribute(private_imc_agent_t *this, TNC_ConnectionID id, + TNC_AttributeID attribute_id) +{ + TNC_UInt32 len; + char buf[4]; + + if (this->get_attribute && + this->get_attribute(this->id, id, attribute_id, 4, buf, &len) == + TNC_RESULT_SUCCESS && len == 4) + { + return untoh32(buf); + } + return 0; + } + METHOD(imc_agent_t, create_state, TNC_Result, private_imc_agent_t *this, imc_state_t *state) { TNC_ConnectionID conn_id; char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL; bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE; + u_int32_t max_msg_len; conn_id = state->get_connection_id(state); if (find_connection(this, conn_id)) @@ -361,14 +375,18 @@ METHOD(imc_agent_t, create_state, TNC_Result, tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION); t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL); t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION); + max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE); state->set_flags(state, has_long, has_excl); + state->set_max_msg_len(state, max_msg_len); + + DBG2(DBG_IMC, "IMC %u \"%s\" created a state for %s %s Connection ID %u: " + "%slong %sexcl %ssoh", this->id, this->name, + tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id, + has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-"); + DBG2(DBG_IMC, " over %s %s with maximum PA-TNC msg size of %u bytes", + t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len); - DBG2(DBG_IMC, "IMC %u \"%s\" created a state for Connection ID %u: " - "%s %s with %slong %sexcl %ssoh over %s %s", - this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?", - tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-", - has_soh ? "+":"-", t_p ? t_p:"?", t_v ? t_v :"?"); free(tnccs_p); free(tnccs_v); free(t_p); @@ -478,7 +496,7 @@ METHOD(imc_agent_t, send_message, TNC_Result, while (attr_list->get_count(attr_list)) { - pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len); + pa_tnc_msg = pa_tnc_msg_create(state->get_max_msg_len(state)); enumerator = attr_list->create_enumerator(attr_list); while (enumerator->enumerate(enumerator, &attr)) @@ -688,7 +706,6 @@ imc_agent_t *imc_agent_create(const char *name, .name = name, .vendor_id = vendor_id, .subtype = subtype, - .max_msg_len = 65490, .id = id, .additional_ids = linked_list_create(), .connections = linked_list_create(), diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h index f1b0358c9..0e46ad51a 100644 --- a/src/libimcv/imc/imc_state.h +++ b/src/libimcv/imc/imc_state.h @@ -64,6 +64,20 @@ D attached to the state void (*set_flags)(imc_state_t *this, bool has_long, bool has_excl); /** + * Set the maximum size of a PA-TNC message for this TNCCS connection + * + * @max_msg_len maximum size of a PA-TNC message + */ + void (*set_max_msg_len)(imc_state_t *this, u_int32_t max_msg_len); + + /** + * Get the maximum size of a PA-TNC message for this TNCCS connection + * + * @return maximum size of a PA-TNC message + */ + u_int32_t (*get_max_msg_len)(imc_state_t *this); + + /** * Change the connection state * * @param new_state new connection state diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index 19c2dd61b..2f1c2d3d7 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -355,12 +355,31 @@ static char* get_str_attribute(private_imv_agent_t *this, TNC_ConnectionID id, return NULL; } +/** + * Read an UInt32 attribute + */ +static u_int32_t get_uint_attribute(private_imv_agent_t *this, TNC_ConnectionID id, + TNC_AttributeID attribute_id) +{ + TNC_UInt32 len; + char buf[4]; + + if (this->get_attribute && + this->get_attribute(this->id, id, attribute_id, 4, buf, &len) == + TNC_RESULT_SUCCESS && len == 4) + { + return untoh32(buf); + } + return 0; + } + METHOD(imv_agent_t, create_state, TNC_Result, private_imv_agent_t *this, imv_state_t *state) { TNC_ConnectionID conn_id; char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL; bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE; + u_int32_t max_msg_len; conn_id = state->get_connection_id(state); if (find_connection(this, conn_id)) @@ -379,14 +398,18 @@ METHOD(imv_agent_t, create_state, TNC_Result, tnccs_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFTNCCS_VERSION); t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL); t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION); + max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE); state->set_flags(state, has_long, has_excl); + state->set_max_msg_len(state, max_msg_len); + + DBG2(DBG_IMV, "IMV %u \"%s\" created a state for %s %s Connection ID %u: " + "%slong %sexcl %ssoh", this->id, this->name, + tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id, + has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-"); + DBG2(DBG_IMV, " over %s %s with maximum PA-TNC msg size of %u bytes", + t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len); - DBG2(DBG_IMV, "IMV %u \"%s\" created a state for Connection ID %u: " - "%s %s with %slong %sexcl %ssoh over %s %s", - this->id, this->name, conn_id, tnccs_p ? tnccs_p:"?", - tnccs_v ? tnccs_v:"?", has_long ? "+":"-", has_excl ? "+":"-", - has_soh ? "+":"-", t_p ? t_p:"?", t_v ? t_v :"?"); free(tnccs_p); free(tnccs_v); free(t_p); diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h index 9e7a29a9f..574d3d7c9 100644 --- a/src/libimcv/imv/imv_state.h +++ b/src/libimcv/imv/imv_state.h @@ -63,6 +63,20 @@ struct imv_state_t { void (*set_flags)(imv_state_t *this, bool has_long, bool has_excl); /** + * Set the maximum size of a PA-TNC message for this TNCCS connection + * + * @max_msg_len maximum size of a PA-TNC message + */ + void (*set_max_msg_len)(imv_state_t *this, u_int32_t max_msg_len); + + /** + * Get the maximum size of a PA-TNC message for this TNCCS connection + * + * @return maximum size of a PA-TNC message + */ + u_int32_t (*get_max_msg_len)(imv_state_t *this); + + /** * Change the connection state * * @param new_state new connection state diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c index 563105548..9737245ad 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c @@ -48,6 +48,10 @@ struct private_imc_scanner_state_t { */ bool has_excl; + /** + * Maximum PA-TNC message size for this TNCCS connection + */ + u_int32_t max_msg_len; }; METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, @@ -75,6 +79,18 @@ METHOD(imc_state_t, set_flags, void, this->has_excl = has_excl; } +METHOD(imc_state_t, set_max_msg_len, void, + private_imc_scanner_state_t *this, u_int32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imc_state_t, get_max_msg_len, u_int32_t, + private_imc_scanner_state_t *this) +{ + return this->max_msg_len; +} + METHOD(imc_state_t, change_state, void, private_imc_scanner_state_t *this, TNC_ConnectionState new_state) { @@ -101,6 +117,8 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id) .has_long = _has_long, .has_excl = _has_excl, .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, .change_state = _change_state, .destroy = _destroy, }, diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c index 76631969d..28fd00387 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.c +++ b/src/libimcv/plugins/imc_test/imc_test_state.c @@ -50,6 +50,11 @@ struct private_imc_test_state_t { bool has_excl; /** + * Maximum PA-TNC message size for this TNCCS connection + */ + u_int32_t max_msg_len; + + /** * Command to transmit to IMV */ char *command; @@ -96,6 +101,18 @@ METHOD(imc_state_t, set_flags, void, this->has_excl = has_excl; } +METHOD(imc_state_t, set_max_msg_len, void, + private_imc_test_state_t *this, u_int32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imc_state_t, get_max_msg_len, u_int32_t, + private_imc_test_state_t *this) +{ + return this->max_msg_len; +} + METHOD(imc_state_t, change_state, void, private_imc_test_state_t *this, TNC_ConnectionState new_state) { @@ -169,6 +186,8 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id, .has_long = _has_long, .has_excl = _has_excl, .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, .change_state = _change_state, .destroy = _destroy, }, diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 422cb980d..cf92123ca 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -50,6 +50,11 @@ struct private_imv_scanner_state_t { bool has_excl; /** + * Maximum PA-TNC message size for this TNCCS connection + */ + u_int32_t max_msg_len; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -115,6 +120,18 @@ METHOD(imv_state_t, set_flags, void, this->has_excl = has_excl; } +METHOD(imv_state_t, set_max_msg_len, void, + private_imv_scanner_state_t *this, u_int32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imv_state_t, get_max_msg_len, u_int32_t, + private_imv_scanner_state_t *this) +{ + return this->max_msg_len; +} + METHOD(imv_state_t, change_state, void, private_imv_scanner_state_t *this, TNC_ConnectionState new_state) { @@ -223,6 +240,8 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .has_long = _has_long, .has_excl = _has_excl, .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c index 530090af7..f664e142a 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.c +++ b/src/libimcv/plugins/imv_test/imv_test_state.c @@ -51,6 +51,11 @@ struct private_imv_test_state_t { bool has_excl; /** + * Maximum PA-TNC message size for this TNCCS connection + */ + u_int32_t max_msg_len; + + /** * IMV action recommendation */ TNC_IMV_Action_Recommendation rec; @@ -122,6 +127,18 @@ METHOD(imv_state_t, set_flags, void, this->has_excl = has_excl; } +METHOD(imv_state_t, set_max_msg_len, void, + private_imv_test_state_t *this, u_int32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imv_state_t, get_max_msg_len, u_int32_t, + private_imv_test_state_t *this) +{ + return this->max_msg_len; +} + METHOD(imv_state_t, change_state, void, private_imv_test_state_t *this, TNC_ConnectionState new_state) { @@ -274,6 +291,8 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id) .has_long = _has_long, .has_excl = _has_excl, .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.c b/src/libpts/plugins/imc_attestation/imc_attestation_state.c index 72a55f60e..391572d0e 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation_state.c @@ -51,6 +51,11 @@ struct private_imc_attestation_state_t { bool has_excl; /** + * Maximum PA-TNC message size for this TNCCS connection + */ + u_int32_t max_msg_len; + + /** * PTS object */ pts_t *pts; @@ -87,6 +92,18 @@ METHOD(imc_state_t, set_flags, void, this->has_excl = has_excl; } +METHOD(imc_state_t, set_max_msg_len, void, + private_imc_attestation_state_t *this, u_int32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imc_state_t, get_max_msg_len, u_int32_t, + private_imc_attestation_state_t *this) +{ + return this->max_msg_len; +} + METHOD(imc_state_t, change_state, void, private_imc_attestation_state_t *this, TNC_ConnectionState new_state) { @@ -135,6 +152,8 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .has_long = _has_long, .has_excl = _has_excl, .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, .change_state = _change_state, .destroy = _destroy, }, diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c index 7041bc514..00ec14690 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c @@ -62,6 +62,11 @@ struct private_imv_attestation_state_t { bool has_excl; /** + * Maximum PA-TNC message size for this TNCCS connection + */ + u_int32_t max_msg_len; + + /** * IMV Attestation handshake state */ imv_attestation_handshake_state_t handshake_state; @@ -150,6 +155,18 @@ METHOD(imv_state_t, set_flags, void, this->has_excl = has_excl; } +METHOD(imv_state_t, set_max_msg_len, void, + private_imv_attestation_state_t *this, u_int32_t max_msg_len) +{ + this->max_msg_len = max_msg_len; +} + +METHOD(imv_state_t, get_max_msg_len, u_int32_t, + private_imv_attestation_state_t *this) +{ + return this->max_msg_len; +} + METHOD(imv_state_t, change_state, void, private_imv_attestation_state_t *this, TNC_ConnectionState new_state) { @@ -358,6 +375,8 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id) .has_long = _has_long, .has_excl = _has_excl, .set_flags = _set_flags, + .set_max_msg_len = _set_max_msg_len, + .get_max_msg_len = _get_max_msg_len, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.h b/src/libtnccs/tnc/tnccs/tnccs_manager.h index 9ca450468..cbf2dc0e9 100644 --- a/src/libtnccs/tnc/tnccs/tnccs_manager.h +++ b/src/libtnccs/tnc/tnccs/tnccs_manager.h @@ -70,6 +70,7 @@ struct tnccs_manager_t { * @param tnccs TNCCS connection instance * @param send_message TNCCS callback function * @param request_handshake_retry pointer to boolean variable + * @param max_msg_len maximum PA-TNC message size * @param recs pointer to IMV recommendation set * @return assigned connection ID */ @@ -77,6 +78,7 @@ struct tnccs_manager_t { tnccs_type_t type, tnccs_t *tnccs, tnccs_send_message_t send_message, bool *request_handshake_retry, + u_int32_t max_msg_len, recommendations_t **recs); /** |