Allow vendor-specific PB-TNC messages

23 files changed, 583 insertions, 138 deletions

diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.am b/src/libtnccs/plugins/tnccs_20/Makefile.am
index c268f5971..f64526eda 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.am
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.am
@@ -20,14 +20,15 @@ libstrongswan_tnccs_20_la_SOURCES = \
 	tnccs_20_plugin.h tnccs_20_plugin.c tnccs_20.h tnccs_20.c \
 	batch/pb_tnc_batch.h batch/pb_tnc_batch.c \
 	messages/pb_tnc_msg.h messages/pb_tnc_msg.c \
-	messages/pb_experimental_msg.h messages/pb_experimental_msg.c \
-	messages/pb_pa_msg.h messages/pb_pa_msg.c \
-	messages/pb_assessment_result_msg.h messages/pb_assessment_result_msg.c \
-	messages/pb_access_recommendation_msg.h messages/pb_access_recommendation_msg.c \
-	messages/pb_error_msg.h messages/pb_error_msg.c \
-	messages/pb_language_preference_msg.h messages/pb_language_preference_msg.c \
-	messages/pb_reason_string_msg.h messages/pb_reason_string_msg.c \
-	messages/pb_remediation_parameters_msg.h messages/pb_remediation_parameters_msg.c \
+	messages/ietf/pb_experimental_msg.h messages/ietf/pb_experimental_msg.c \
+	messages/ietf/pb_pa_msg.h messages/ietf/pb_pa_msg.c \
+	messages/ietf/pb_assessment_result_msg.h messages/ietf/pb_assessment_result_msg.c \
+	messages/ietf/pb_access_recommendation_msg.h messages/ietf/pb_access_recommendation_msg.c \
+	messages/ietf/pb_error_msg.h messages/ietf/pb_error_msg.c \
+	messages/ietf/pb_language_preference_msg.h messages/ietf/pb_language_preference_msg.c \
+	messages/ietf/pb_reason_string_msg.h messages/ietf/pb_reason_string_msg.c \
+	messages/ietf/pb_remediation_parameters_msg.h messages/ietf/pb_remediation_parameters_msg.c \
+	messages/tcg/pb_pdp_referral_msg.h messages/tcg/pb_pdp_referral_msg.c \
 	state_machine/pb_tnc_state_machine.h state_machine/pb_tnc_state_machine.c
 
 libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version
diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
index d87e0ccea..6dacfc6af 100644
--- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
+++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c
@@ -15,7 +15,7 @@
  */
 
 #include "pb_tnc_batch.h"
-#include "messages/pb_error_msg.h"
+#include "messages/ietf/pb_error_msg.h"
 #include "state_machine/pb_tnc_state_machine.h"
 
 #include <tnc/tnccs/tnccs.h>
@@ -141,7 +141,9 @@ METHOD(pb_tnc_batch_t, get_encoding, chunk_t,
 METHOD(pb_tnc_batch_t, add_msg, bool,
 	private_pb_tnc_batch_t *this, pb_tnc_msg_t* msg)
 {
+	enum_name_t *msg_type_names;
 	chunk_t msg_value;
+	pen_type_t msg_type;
 	size_t msg_len;
 
 	msg->build(msg);
@@ -155,8 +157,19 @@ METHOD(pb_tnc_batch_t, add_msg, bool,
 	}
 	this->batch_len += msg_len;
 
-	DBG2(DBG_TNC, "adding %N message", pb_tnc_msg_type_names,
-									   msg->get_type(msg));
+	msg_type = msg->get_type(msg);
+	switch (msg_type.vendor_id)
+	{
+		default:
+		case PEN_IETF:
+			msg_type_names = pb_tnc_msg_type_names;
+			break;
+		case PEN_TCG:
+			msg_type_names = pb_tnc_tcg_msg_type_names;
+			break;
+	}
+	DBG2(DBG_TNC, "adding %N/%N message", pen_names, msg_type.vendor_id,
+										  msg_type_names, msg_type.type);
 	this->messages->insert_last(this->messages, msg);
 	return TRUE;
 }
@@ -167,8 +180,9 @@ METHOD(pb_tnc_batch_t, build, void,
 	u_int32_t msg_len;
 	chunk_t msg_value;
 	enumerator_t *enumerator;
-	pb_tnc_msg_type_t msg_type;
+	pen_type_t msg_type;
 	pb_tnc_msg_t *msg;
+	pb_tnc_msg_info_t *msg_infos;
 	bio_writer_t *writer;
 
 	/* build PB-TNC batch header */
@@ -189,13 +203,23 @@ METHOD(pb_tnc_batch_t, build, void,
 		msg_value = msg->get_encoding(msg);
 		msg_len = PB_TNC_HEADER_SIZE + msg_value.len;
 		msg_type = msg->get_type(msg);
-		if (pb_tnc_msg_infos[msg_type].has_noskip_flag)
+		switch (msg_type.vendor_id)
+		{
+			default:
+			case PEN_IETF:
+				msg_infos = pb_tnc_msg_infos;
+				break;
+			case PEN_TCG:
+				msg_infos = pb_tnc_tcg_msg_infos;
+				break;
+		}
+		if (msg_infos[msg_type.type].has_noskip_flag)
 		{
 			flags |= PB_TNC_FLAG_NOSKIP;
 		}
 		writer->write_uint8 (writer, flags);
-		writer->write_uint24(writer, PEN_IETF);
-		writer->write_uint32(writer, msg_type);
+		writer->write_uint24(writer, msg_type.vendor_id);
+		writer->write_uint32(writer, msg_type.type);
 		writer->write_uint32(writer, msg_len);
 		writer->write_data  (writer, msg_value);
 	}
@@ -304,10 +328,13 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
 {
 	bio_reader_t *reader;
 	pb_tnc_msg_t *pb_tnc_msg, *msg;
+	pb_tnc_msg_info_t *msg_infos;
 	u_int8_t flags;
 	u_int32_t vendor_id, msg_type, msg_len, offset;
 	chunk_t data, msg_value;
 	bool noskip_flag;
+	enum_name_t *msg_type_names;
+	pen_type_t msg_pen_type;
 	status_t status;
 
 	data = chunk_skip(this->encoding, this->offset);
@@ -356,8 +383,25 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
 		goto fatal;
 	}
 
-
-	if (vendor_id != PEN_IETF || msg_type > PB_MSG_ROOF)
+	if (vendor_id == PEN_IETF && msg_type <= PB_MSG_ROOF)
+	{
+		if (msg_type == PB_MSG_EXPERIMENTAL && noskip_flag)
+		{
+			DBG1(DBG_TNC, "reject IETF/PB-Experimental message with "
+						  "NOSKIP flag set");
+			msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
+							PB_ERROR_UNSUPPORTED_MANDATORY_MSG, this->offset);
+			goto fatal;
+		}
+		msg_type_names = pb_tnc_msg_type_names;
+		msg_infos = pb_tnc_msg_infos;
+	}
+	else if (vendor_id == PEN_IETF && msg_type <= PB_TCG_MSG_ROOF)
+	{
+		msg_type_names = pb_tnc_tcg_msg_type_names;
+		msg_infos = pb_tnc_tcg_msg_infos;
+	}
+	else
 	{
 		if (msg_len < PB_TNC_HEADER_SIZE)
 		{
@@ -384,65 +428,56 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
 			return SUCCESS;
 		}
 	}
-	else
+
+	if (msg_infos[msg_type].has_noskip_flag != TRUE_OR_FALSE &&
+		msg_infos[msg_type].has_noskip_flag != noskip_flag)
 	{
-		if (msg_type == PB_MSG_EXPERIMENTAL && noskip_flag)
-		{
-			DBG1(DBG_TNC, "reject PB-Experimental message with NOSKIP flag set");
-			msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
-							PB_ERROR_UNSUPPORTED_MANDATORY_MSG, this->offset);
-			goto fatal;
-		}
-		if (pb_tnc_msg_infos[msg_type].has_noskip_flag != TRUE_OR_FALSE &&
-			pb_tnc_msg_infos[msg_type].has_noskip_flag != noskip_flag)
-		{
-			DBG1(DBG_TNC, "%N message must%s have NOSKIP flag set",
-				 pb_tnc_msg_type_names, msg_type,
-				 pb_tnc_msg_infos[msg_type].has_noskip_flag ? "" : " not");
-			msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
-								PB_ERROR_INVALID_PARAMETER, this->offset);
-			goto fatal;
-		}
+		DBG1(DBG_TNC, "%N/%N message must%s have NOSKIP flag set",
+			 pen_names, vendor_id, msg_type_names, msg_type,
+			 msg_infos[msg_type].has_noskip_flag ? "" : " not");
+		msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
+							PB_ERROR_INVALID_PARAMETER, this->offset);
+		goto fatal;
+	}
 
-		if (msg_len < pb_tnc_msg_infos[msg_type].min_size ||
-		   (pb_tnc_msg_infos[msg_type].exact_size &&
-			msg_len != pb_tnc_msg_infos[msg_type].min_size))
-		{
-			DBG1(DBG_TNC, "%N message length must be %s %u bytes but is %u bytes",
-				 pb_tnc_msg_type_names, msg_type,
-				 pb_tnc_msg_infos[msg_type].exact_size ? "exactly" : "at least",
-				 pb_tnc_msg_infos[msg_type].min_size, msg_len);
-			msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
-								PB_ERROR_INVALID_PARAMETER, this->offset);
-			goto fatal;
-		}
+	if (msg_len < msg_infos[msg_type].min_size ||
+	   (msg_infos[msg_type].exact_size && 
+		msg_len != msg_infos[msg_type].min_size))
+	{
+		DBG1(DBG_TNC, "%N/%N message length must be %s %u bytes but is %u bytes",
+			 pen_names, vendor_id, msg_type_names, msg_type,
+			 msg_infos[msg_type].exact_size ? "exactly" : "at least",
+			 msg_infos[msg_type].min_size, msg_len);
+		msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
+							PB_ERROR_INVALID_PARAMETER, this->offset);
+		goto fatal;
 	}
 
-	if (pb_tnc_msg_infos[msg_type].in_result_batch &&
-		this->type != PB_BATCH_RESULT)
+	if (msg_infos[msg_type].in_result_batch && this->type != PB_BATCH_RESULT)
 	{
 		if (this->is_server)
 		{
-			DBG1(DBG_TNC,"reject %N message received from a PB-TNC client",
-						  pb_tnc_msg_type_names, msg_type);
+			DBG1(DBG_TNC,"reject %N/%N message received from a PB-TNC client",
+				 pen_names, vendor_id, msg_type_names, msg_type);
 			msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
 								PB_ERROR_INVALID_PARAMETER, this->offset);
 			goto fatal;
 		}
 		else
 		{
-			DBG1(DBG_TNC,"ignore %N message not received within RESULT batch",
-						  pb_tnc_msg_type_names, msg_type);
+			DBG1(DBG_TNC,"ignore %N/%N message not received within RESULT batch",
+				 pen_names, vendor_id, msg_type_names, msg_type);
 			this->offset += msg_len;
 			return SUCCESS;
 		}
 	}
 
-	DBG2(DBG_TNC, "processing %N message (%u bytes)", pb_tnc_msg_type_names,
-				   msg_type, msg_len);
+	DBG2(DBG_TNC, "processing %N/%N message (%u bytes)", pen_names, vendor_id,
+		 msg_type_names, msg_type, msg_len);
 	data.len = msg_len;
 	msg_value = chunk_skip(data, PB_TNC_HEADER_SIZE);
-	pb_tnc_msg = pb_tnc_msg_create_from_data(msg_type, msg_value);
+	msg_pen_type = pen_type_create(vendor_id, msg_type);
+	pb_tnc_msg = pb_tnc_msg_create_from_data(msg_pen_type, msg_value);
 
 	status = pb_tnc_msg->process(pb_tnc_msg, &offset);
 	if (status == FAILED || status == VERIFY_ERROR)
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_access_recommendation_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c
index cdd0d0d0d..5c4b5ae00 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_access_recommendation_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c
@@ -52,7 +52,7 @@ struct private_pb_access_recommendation_msg_t {
 	/**
 	 * PB-TNC message type
 	 */
-	pb_tnc_msg_type_t type;
+	pen_type_t type;
 
 	/**
 	 * Access recommendation code
@@ -65,7 +65,7 @@ struct private_pb_access_recommendation_msg_t {
 	chunk_t encoding;
 };
 
-METHOD(pb_tnc_msg_t, get_type, pb_tnc_msg_type_t,
+METHOD(pb_tnc_msg_t, get_type, pen_type_t,
 	private_pb_access_recommendation_msg_t *this)
 {
 	return this->type;
@@ -148,7 +148,7 @@ pb_tnc_msg_t *pb_access_recommendation_msg_create_from_data(chunk_t data)
 			},
 			.get_access_recommendation = _get_access_recommendation,
 		},
-		.type = PB_MSG_ACCESS_RECOMMENDATION,
+		.type = { PEN_IETF, PB_MSG_ACCESS_RECOMMENDATION },
 		.encoding = chunk_clone(data),
 	);
 
@@ -173,7 +173,7 @@ pb_tnc_msg_t *pb_access_recommendation_msg_create(u_int16_t recommendation)
 			},
 			.get_access_recommendation = _get_access_recommendation,
 		},
-		.type = PB_MSG_ACCESS_RECOMMENDATION,
+		.type = { PEN_IETF, PB_MSG_ACCESS_RECOMMENDATION },
 		.recommendation = recommendation,
 	);
 
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_access_recommendation_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h
index 01b83cfd7..d0dc6358b 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_access_recommendation_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h
@@ -24,7 +24,7 @@
 typedef enum pb_access_recommendation_code_t pb_access_recommendation_code_t;
 typedef struct pb_access_recommendation_msg_t pb_access_recommendation_msg_t;
 
-#include "pb_tnc_msg.h"
+#include "messages/pb_tnc_msg.h"
 
 /**
  * PB Access Recommendation Codes as defined in section 4.7 of RFC 5793
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_assessment_result_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c
index 4e50446be..e23493569 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_assessment_result_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c
@@ -48,7 +48,7 @@ struct private_pb_assessment_result_msg_t {
 	/**
 	 * PB-TNC message type
 	 */
-	pb_tnc_msg_type_t type;
+	pen_type_t type;
 
 	/**
 	 * Assessment result code
@@ -61,7 +61,7 @@ struct private_pb_assessment_result_msg_t {
 	chunk_t encoding;
 };
 
-METHOD(pb_tnc_msg_t, get_type, pb_tnc_msg_type_t,
+METHOD(pb_tnc_msg_t, get_type, pen_type_t,
 	private_pb_assessment_result_msg_t *this)
 {
 	return this->type;
@@ -141,7 +141,7 @@ pb_tnc_msg_t *pb_assessment_result_msg_create_from_data(chunk_t data)
 			},
 			.get_assessment_result = _get_assessment_result,
 		},
-		.type = PB_MSG_ASSESSMENT_RESULT,
+		.type = { PEN_IETF, PB_MSG_ASSESSMENT_RESULT },
 		.encoding = chunk_clone(data),
 	);
 
@@ -166,7 +166,7 @@ pb_tnc_msg_t *pb_assessment_result_msg_create(u_int32_t assessment_result)
 			},
 			.get_assessment_result = _get_assessment_result,
 		},
-		.type = PB_MSG_ASSESSMENT_RESULT,
+		.type = { PEN_IETF, PB_MSG_ASSESSMENT_RESULT },
 		.assessment_result = assessment_result,
 	);
 
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_assessment_result_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h
index d2b005114..11cfdbef2 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_assessment_result_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h
@@ -23,7 +23,7 @@
 
 typedef struct pb_assessment_result_msg_t pb_assessment_result_msg_t;
 
-#include "pb_tnc_msg.h"
+#include "messages/pb_tnc_msg.h"
 
 /**
  * Class representing the PB-Assessment-Result message type.
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_error_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c
index d048f437c..d9910f660 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_error_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c
@@ -65,7 +65,7 @@ struct private_pb_error_msg_t {
 	/**
 	 * PB-TNC message type
 	 */
-	pb_tnc_msg_type_t type;
+	pen_type_t type;
 
 	/**
 	 * Fatal flag
@@ -103,7 +103,7 @@ struct private_pb_error_msg_t {
 	refcount_t ref;
 };
 
-METHOD(pb_tnc_msg_t, get_type, pb_tnc_msg_type_t,
+METHOD(pb_tnc_msg_t, get_type, pen_type_t,
 	private_pb_error_msg_t *this)
 {
 	return this->type;
@@ -271,7 +271,7 @@ pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id,
 			.get_bad_version = _get_bad_version,
 			.set_bad_version = _set_bad_version,
 		},
-		.type = PB_MSG_ERROR,
+		.type = { PEN_IETF, PB_MSG_ERROR },
 		.ref = 1,
 		.fatal = fatal,
 		.vendor_id = vendor_id,
@@ -307,7 +307,7 @@ pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, u_int32_t vendor_id,
 			.get_bad_version = _get_bad_version,
 			.set_bad_version = _set_bad_version,
 		},
-		.type = PB_MSG_ERROR,
+		.type = { PEN_IETF, PB_MSG_ERROR },
 		.ref = 1,
 		.fatal = fatal,
 		.vendor_id = vendor_id,
@@ -342,7 +342,7 @@ pb_tnc_msg_t *pb_error_msg_create_from_data(chunk_t data)
 			.get_bad_version = _get_bad_version,
 			.set_bad_version = _set_bad_version,
 		},
-		.type = PB_MSG_ERROR,
+		.type = { PEN_IETF, PB_MSG_ERROR },
 		.ref = 1,
 		.encoding = chunk_clone(data),
 	);
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_error_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h
index 8b92742b5..9c0ad82a6 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_error_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h
@@ -24,7 +24,7 @@
 typedef enum pb_tnc_error_code_t pb_tnc_error_code_t;
 typedef struct pb_error_msg_t pb_error_msg_t;
 
-#include "pb_tnc_msg.h"
+#include "messages/pb_tnc_msg.h"
 
 /**
  * PB-TNC Error Codes as defined in section 4.9.1 of RFC 5793
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_experimental_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c
index 7dfba136f..c6290887c 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_experimental_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c
@@ -30,7 +30,7 @@ struct private_pb_experimental_msg_t {
 	/**
 	 * PB-TNC message type
 	 */
-	pb_tnc_msg_type_t type;
+	pen_type_t type;
 
 	/**
 	 * Encoded message
@@ -38,7 +38,7 @@ struct private_pb_experimental_msg_t {
 	chunk_t encoding;
 };
 
-METHOD(pb_tnc_msg_t, get_type, pb_tnc_msg_type_t,
+METHOD(pb_tnc_msg_t, get_type, pen_type_t,
 	private_pb_experimental_msg_t *this)
 {
 	return this->type;
@@ -86,7 +86,7 @@ pb_tnc_msg_t *pb_experimental_msg_create_from_data(chunk_t data)
 				.destroy = _destroy,
 			},
 		},
-		.type = PB_MSG_EXPERIMENTAL,
+		.type = { PEN_IETF, PB_MSG_EXPERIMENTAL },
 		.encoding = chunk_clone(data),
 	);
 
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_experimental_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.h
index b1cc4f46e..fb9ede1a8 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_experimental_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.h
@@ -23,7 +23,7 @@
 
 typedef struct pb_experimental_msg_t pb_experimental_msg_t;
 
-#include "pb_tnc_msg.h"
+#include "messages/pb_tnc_msg.h"
 
 /**
  * Class representing the PB-Experimental message type.
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_language_preference_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c
index 70a03cdc5..f14f28980 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_language_preference_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c
@@ -47,7 +47,7 @@ struct private_pb_language_preference_msg_t {
 	/**
 	 * PB-TNC message type
 	 */
-	pb_tnc_msg_type_t type;
+	pen_type_t type;
 
 	/**
 	 * Language preference
@@ -60,7 +60,7 @@ struct private_pb_language_preference_msg_t {
 	chunk_t encoding;
 };
 
-METHOD(pb_tnc_msg_t, get_type, pb_tnc_msg_type_t,
+METHOD(pb_tnc_msg_t, get_type, pen_type_t,
 	private_pb_language_preference_msg_t *this)
 {
 	return this->type;
@@ -146,7 +146,7 @@ pb_tnc_msg_t *pb_language_preference_msg_create_from_data(chunk_t data)
 			},
 			.get_language_preference = _get_language_preference,
 		},
-		.type = PB_MSG_LANGUAGE_PREFERENCE,
+		.type = { PEN_IETF, PB_MSG_LANGUAGE_PREFERENCE },
 		.encoding = chunk_clone(data),
 	);
 
@@ -171,7 +171,7 @@ pb_tnc_msg_t *pb_language_preference_msg_create(chunk_t language_preference)
 			},
 			.get_language_preference = _get_language_preference,
 		},
-		.type = PB_MSG_LANGUAGE_PREFERENCE,
+		.type = { PEN_IETF, PB_MSG_LANGUAGE_PREFERENCE },
 		.language_preference = chunk_clone(language_preference),
 	);
 
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_language_preference_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.h
index 17106f6fa..512cab301 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_language_preference_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.h
@@ -23,7 +23,7 @@
 
 typedef struct pb_language_preference_msg_t pb_language_preference_msg_t;
 
-#include "pb_tnc_msg.h"
+#include "messages/pb_tnc_msg.h"
 
 /**
  * Class representing the PB-Language-Preference message type.
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_pa_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c
index aa5e9c723..a9a097bd4 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_pa_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c
@@ -60,7 +60,7 @@ struct private_pb_pa_msg_t {
 	/**
 	 * PB-TNC message type
 	 */
-	pb_tnc_msg_type_t type;
+	pen_type_t type;
 
 	/**
 	 * Exclusive flag
@@ -93,7 +93,7 @@ struct private_pb_pa_msg_t {
 	chunk_t encoding;
 };
 
-METHOD(pb_tnc_msg_t, get_type, pb_tnc_msg_type_t,
+METHOD(pb_tnc_msg_t, get_type, pen_type_t,
 	private_pb_pa_msg_t *this)
 {
 	return this->type;
@@ -231,7 +231,7 @@ pb_tnc_msg_t *pb_pa_msg_create_from_data(chunk_t data)
 			.get_body = _get_body,
 			.get_exclusive_flag = _get_exclusive_flag,
 		},
-		.type = PB_MSG_PA,
+		.type = { PEN_IETF, PB_MSG_PA },
 		.encoding = chunk_clone(data),
 	);
 
@@ -262,7 +262,7 @@ pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype,
 			.get_body = _get_body,
 			.get_exclusive_flag = _get_exclusive_flag,
 		},
-		.type = PB_MSG_PA,
+		.type = { PEN_IETF, PB_MSG_PA },
 		.subtype = { vendor_id, subtype },
 		.collector_id = collector_id,
 		.validator_id = validator_id,
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_pa_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h
index 5c9b7c0bf..093bb45ae 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_pa_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h
@@ -23,7 +23,7 @@
 
 typedef struct pb_pa_msg_t pb_pa_msg_t;
 
-#include "pb_tnc_msg.h"
+#include "messages/pb_tnc_msg.h"
 
 #include <pen/pen.h>
 
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_reason_string_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c
index 935c52d7b..cafc4ec54 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_reason_string_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c
@@ -48,7 +48,7 @@ struct private_pb_reason_string_msg_t {
 	/**
 	 * PB-TNC message type
 	 */
-	pb_tnc_msg_type_t type;
+	pen_type_t type;
 
 	/**
 	 * Reason string
@@ -66,7 +66,7 @@ struct private_pb_reason_string_msg_t {
 	chunk_t encoding;
 };
 
-METHOD(pb_tnc_msg_t, get_type, pb_tnc_msg_type_t,
+METHOD(pb_tnc_msg_t, get_type, pen_type_t,
 	private_pb_reason_string_msg_t *this)
 {
 	return this->type;
@@ -181,7 +181,7 @@ pb_tnc_msg_t *pb_reason_string_msg_create_from_data(chunk_t data)
 			.get_reason_string = _get_reason_string,
 			.get_language_code = _get_language_code,
 		},
-		.type = PB_MSG_REASON_STRING,
+		.type = { PEN_IETF, PB_MSG_REASON_STRING },
 		.encoding = chunk_clone(data),
 	);
 
@@ -208,7 +208,7 @@ pb_tnc_msg_t *pb_reason_string_msg_create(chunk_t reason_string,
 			.get_reason_string = _get_reason_string,
 			.get_language_code = _get_language_code,
 		},
-		.type = PB_MSG_REASON_STRING,
+		.type = { PEN_IETF, PB_MSG_REASON_STRING },
 		.reason_string = chunk_clone(reason_string),
 		.language_code = chunk_clone(language_code),
 	);
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_reason_string_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.h
index bb296a90c..65e3e880d 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_reason_string_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.h
@@ -23,7 +23,7 @@
 
 typedef struct pb_reason_string_msg_t pb_reason_string_msg_t;
 
-#include "pb_tnc_msg.h"
+#include "messages/pb_tnc_msg.h"
 
 /**
  * Class representing the PB-Reason-String message type.
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c
index 2ef8dd6cd..8dc590657 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c
@@ -63,7 +63,7 @@ struct private_pb_remediation_parameters_msg_t {
 	/**
 	 * PB-TNC message type
 	 */
-	pb_tnc_msg_type_t type;
+	pen_type_t type;
 
 	/**
 	 * Remediation Parameters Type
@@ -91,7 +91,7 @@ struct private_pb_remediation_parameters_msg_t {
 	chunk_t encoding;
 };
 
-METHOD(pb_tnc_msg_t, get_type, pb_tnc_msg_type_t,
+METHOD(pb_tnc_msg_t, get_type, pen_type_t,
 	private_pb_remediation_parameters_msg_t *this)
 {
 	return this->type;
@@ -115,7 +115,7 @@ METHOD(pb_tnc_msg_t, build, void,
 	writer = bio_writer_create(64);
 	writer->write_uint32(writer, this->parameters_type.vendor_id);
 	writer->write_uint32(writer, this->parameters_type.type);
-	writer->write_data32(writer, this->parameters);
+	writer->write_data  (writer, this->parameters);
 
 	this->encoding = writer->get_buf(writer);
 	this->encoding = chunk_clone(this->encoding);
@@ -240,7 +240,7 @@ pb_tnc_msg_t* pb_remediation_parameters_msg_create(pen_type_t parameters_type,
 			.get_uri = _get_parameters,
 			.get_string = _get_string,
 		},
-		.type = PB_MSG_REMEDIATION_PARAMETERS,
+		.type = { PEN_IETF, PB_MSG_REMEDIATION_PARAMETERS },
 		.parameters_type = parameters_type,
 		.parameters = chunk_clone(parameters),
 	);
@@ -302,7 +302,7 @@ pb_tnc_msg_t *pb_remediation_parameters_msg_create_from_data(chunk_t data)
 			.get_uri = _get_parameters,
 			.get_string = _get_string,
 		},
-		.type = PB_MSG_REMEDIATION_PARAMETERS,
+		.type = { PEN_IETF, PB_MSG_REMEDIATION_PARAMETERS },
 		.encoding = chunk_clone(data),
 	);
 
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_remediation_parameters_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.h
index f3a1c1009..c07e52747 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_remediation_parameters_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.h
@@ -24,7 +24,7 @@
 typedef enum pb_tnc_remed_param_type_t pb_tnc_remed_param_type_t;
 typedef struct pb_remediation_parameters_msg_t pb_remediation_parameters_msg_t;
 
-#include "pb_tnc_msg.h"
+#include "messages/pb_tnc_msg.h"
 
 #include <pen/pen.h>
 
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.c b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.c
index 3565c2d84..be81ee1c1 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.c
+++ b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.c
@@ -14,14 +14,15 @@
  */
 
 #include "pb_tnc_msg.h"
-#include "pb_experimental_msg.h"
-#include "pb_pa_msg.h"
-#include "pb_error_msg.h"
-#include "pb_language_preference_msg.h"
-#include "pb_assessment_result_msg.h"
-#include "pb_access_recommendation_msg.h"
-#include "pb_remediation_parameters_msg.h"
-#include "pb_reason_string_msg.h"
+#include "ietf/pb_experimental_msg.h"
+#include "ietf/pb_pa_msg.h"
+#include "ietf/pb_error_msg.h"
+#include "ietf/pb_language_preference_msg.h"
+#include "ietf/pb_assessment_result_msg.h"
+#include "ietf/pb_access_recommendation_msg.h"
+#include "ietf/pb_remediation_parameters_msg.h"
+#include "ietf/pb_reason_string_msg.h"
+#include "tcg/pb_pdp_referral_msg.h"
 
 #include <library.h>
 
@@ -36,6 +37,10 @@ ENUM(pb_tnc_msg_type_names, PB_MSG_EXPERIMENTAL, PB_MSG_REASON_STRING,
 	"PB-Reason-String"
 );
 
+ENUM(pb_tnc_tcg_msg_type_names, PB_TCG_MSG_PDP_REFERRAL, PB_TCG_MSG_PDP_REFERRAL,
+	"PB-PDP-Referral"
+);
+
 pb_tnc_msg_info_t pb_tnc_msg_infos[] = {
 	{ 12, FALSE, FALSE, TRUE_OR_FALSE },
 	{ 24, FALSE, FALSE, TRUE  },
@@ -47,29 +52,43 @@ pb_tnc_msg_info_t pb_tnc_msg_infos[] = {
 	{ 17, FALSE, TRUE,  FALSE },
 };
 
+pb_tnc_msg_info_t pb_tnc_tcg_msg_infos[] = {
+	{ 20, FALSE, TRUE, FALSE },
+};
+
 /**
  * See header
  */
-pb_tnc_msg_t* pb_tnc_msg_create_from_data(pb_tnc_msg_type_t type, chunk_t value)
+pb_tnc_msg_t* pb_tnc_msg_create_from_data(pen_type_t msg_type, chunk_t value)
 {
-	switch (type)
+	if (msg_type.vendor_id == PEN_IETF)
+	{
+		switch (msg_type.type)
+		{
+			case PB_MSG_PA:
+				return pb_pa_msg_create_from_data(value);
+			case PB_MSG_ERROR:
+				return pb_error_msg_create_from_data(value);
+			case PB_MSG_EXPERIMENTAL:
+				return pb_experimental_msg_create_from_data(value);
+			case PB_MSG_LANGUAGE_PREFERENCE:
+				return pb_language_preference_msg_create_from_data(value);
+			case PB_MSG_ASSESSMENT_RESULT:
+				return pb_assessment_result_msg_create_from_data(value);
+			case PB_MSG_ACCESS_RECOMMENDATION:
+				return pb_access_recommendation_msg_create_from_data(value);
+			case PB_MSG_REMEDIATION_PARAMETERS:
+				return pb_remediation_parameters_msg_create_from_data(value);
+			case PB_MSG_REASON_STRING:
+				return pb_reason_string_msg_create_from_data(value);
+		}
+	}
+	else if (msg_type.vendor_id == PEN_TCG)
 	{
-		case PB_MSG_PA:
-			return pb_pa_msg_create_from_data(value);
-		case PB_MSG_ERROR:
-			return pb_error_msg_create_from_data(value);
-		case PB_MSG_EXPERIMENTAL:
-			return pb_experimental_msg_create_from_data(value);
-		case PB_MSG_LANGUAGE_PREFERENCE:
-			return pb_language_preference_msg_create_from_data(value);
-		case PB_MSG_ASSESSMENT_RESULT:
-			return pb_assessment_result_msg_create_from_data(value);
-		case PB_MSG_ACCESS_RECOMMENDATION:
-			return pb_access_recommendation_msg_create_from_data(value);
-		case PB_MSG_REMEDIATION_PARAMETERS:
-			return pb_remediation_parameters_msg_create_from_data(value);
-		case PB_MSG_REASON_STRING:
-			return pb_reason_string_msg_create_from_data(value);
+		if (msg_type.type == PB_TCG_MSG_PDP_REFERRAL)
+		{
+			return pb_pdp_referral_msg_create_from_data(value);
+		}
 	}
 	return NULL;
 }
diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h
index 97ebed27f..ace5d7837 100644
--- a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h
+++ b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Andreas Steffen
+ * Copyright (C) 2010-213 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@ typedef struct pb_tnc_msg_info_t pb_tnc_msg_info_t;
 typedef struct pb_tnc_msg_t pb_tnc_msg_t;
 
 #include <library.h>
+#include <pen/pen.h>
 
 #define PB_TNC_VERSION		2
 
@@ -50,6 +51,19 @@ enum pb_tnc_msg_type_t {
 extern enum_name_t *pb_tnc_msg_type_names;
 
 /**
+ * PB-TNC Message Type defined in the TCG namespace
+ */
+enum pb_tnc_tcg_msg_type_t {
+	PB_TCG_MSG_PDP_REFERRAL =			1,
+	PB_TCG_MSG_ROOF =					1
+};
+
+/**
+ * enum name for pb_tnc_tcg_msg_type_t.
+ */
+extern enum_name_t *pb_tnc_tcg_msg_type_names;
+
+/**
  * Information entry describing a PB-TNC Message Type
  */
 struct pb_tnc_msg_info_t {
@@ -67,6 +81,11 @@ struct pb_tnc_msg_info_t {
 extern pb_tnc_msg_info_t pb_tnc_msg_infos[];
 
 /**
+ * Information on PB-TNC TCG Message Types
+ */
+extern pb_tnc_msg_info_t pb_tnc_tcg_msg_infos[];
+
+/**
  * Generic interface for all PB-TNC message types.
  *
  * To handle all messages in a generic way, this interface
@@ -79,7 +98,7 @@ struct pb_tnc_msg_t {
 	 *
 	 * @return					 PB-TNC Message Type
 	 */
-	pb_tnc_msg_type_t (*get_type)(pb_tnc_msg_t *this);
+	pen_type_t (*get_type)(pb_tnc_msg_t *this);
 
 	/**
 	 * Get the encoding of the PB-TNC Message Value
@@ -120,9 +139,10 @@ struct pb_tnc_msg_t {
  * Useful for the parser which wants a generic constructor for all
  * pb_tnc_message_t types.
  *
- * @param type		PB-TNC message type
- * @param value		PB-TNC message value
+ * @param vendor_id			PB-TNC vendor ID
+ * @param type				PB-TNC message type
+ * @param value				PB-TNC message value
  */
-pb_tnc_msg_t* pb_tnc_msg_create_from_data(pb_tnc_msg_type_t type, chunk_t value);
+pb_tnc_msg_t* pb_tnc_msg_create_from_data(pen_type_t msg_type, chunk_t value);
 
 #endif /** PB_TNC_MSG_H_ @}*/
diff --git a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c
new file mode 100644
index 000000000..f8c78b680
--- /dev/null
+++ b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c
@@ -0,0 +1,243 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "pb_pdp_referral_msg.h"
+
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+ENUM(pb_tnc_pdp_identifier_type_names, PB_PDP_ID_FQDN, PB_PDP_ID_IPV6,
+	"PDP FQDN ID",
+	"PDP IPv4 ID",
+	"PDP IPv6 ID"
+);
+
+typedef struct private_pb_pdp_referral_msg_t private_pb_pdp_referral_msg_t;
+
+/**
+ *   PB-PDP-Referral message (see section 3.1.1.1 of
+ *   TCG TNC PDP Discovery and Validation Specification 1.0
+ *
+ *    0                   1                   2                   3
+ *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |   Reserved    |           PDP Identifier Vendor ID            |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                      PDP Identifier Type                      |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                 PDP Identifier (Variable Length)              |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ *   Section 3.1.1.2.1 FQDN Identifier
+ *
+ *    0                   1                   2                   3
+ *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |   Reserved    |   Protocol    |        Port Number            |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                     FQDN (Variable Length)                    |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ *   Section 3.1.1.2.2 IPv4 Identifier
+ *
+ *    0                   1                   2                   3
+ *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |   Reserved    |   Protocol    |        Port Number            |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                          IPv4 Address                         |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ *   Section 3.1.1.2.3 IPv6 Identifier
+ * 
+ *    0                   1                   2                   3
+ *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |   Reserved    |   Protocol    |        Port Number            |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                    IPv6 Address (octets 1-4)                  |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                    IPv6 Address (octets 5-8)                  |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                    IPv6 Address (octets 9-12)                 |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *   |                    IPv6 Address (octets 13-16)                |
+ *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+/**
+ * Private data of a pb_pdp_referral_msg_t object.
+ *
+ */
+struct private_pb_pdp_referral_msg_t {
+	/**
+	 * Public pb_pdp_referral_msg_t interface.
+	 */
+	pb_pdp_referral_msg_t public;
+
+	/**
+	 * PB-TNC message type
+	 */
+	pen_type_t type;
+
+	/**
+	 * PDP Identifier Type
+	 */
+	pen_type_t identifier_type;
+
+	/**
+	 * PDP Identifier Value
+	 */
+	chunk_t identifier;
+
+	/**
+	 * Encoded message
+	 */
+	chunk_t encoding;
+};
+
+METHOD(pb_tnc_msg_t, get_type, pen_type_t,
+	private_pb_pdp_referral_msg_t *this)
+{
+	return this->type;
+}
+
+METHOD(pb_tnc_msg_t, get_encoding, chunk_t,
+	private_pb_pdp_referral_msg_t *this)
+{
+	return this->encoding;
+}
+
+METHOD(pb_tnc_msg_t, build, void,
+	private_pb_pdp_referral_msg_t *this)
+{
+	bio_writer_t *writer;
+
+	if (this->encoding.ptr)
+	{
+		return;
+	}
+	writer = bio_writer_create(64);
+	writer->write_uint32(writer, this->identifier_type.vendor_id);
+	writer->write_uint32(writer, this->identifier_type.type);
+	writer->write_data(writer, this->identifier);
+
+	this->encoding = writer->get_buf(writer);
+	this->encoding = chunk_clone(this->encoding);
+	writer->destroy(writer);
+}
+
+METHOD(pb_tnc_msg_t, process, status_t,
+	private_pb_pdp_referral_msg_t *this, u_int32_t *offset)
+{
+	bio_reader_t *reader;
+	u_int8_t reserved;
+	status_t status = SUCCESS;
+
+	*offset = 0;
+
+	/* process message */
+	reader = bio_reader_create(this->encoding);
+	reader->read_uint8 (reader, &reserved);
+	reader->read_uint24(reader, &this->identifier_type.vendor_id);
+	reader->read_uint32(reader, &this->identifier_type.type);
+	reader->read_data  (reader, reader->remaining(reader), &this->identifier);
+
+	this->identifier = chunk_clone(this->identifier);
+	reader->destroy(reader);
+
+	if (this->identifier_type.vendor_id == PEN_TCG)
+	{
+		/* TODO parse PDP Identifier Types */
+	}
+	return status;
+}
+
+METHOD(pb_tnc_msg_t, destroy, void,
+	private_pb_pdp_referral_msg_t *this)
+{
+	free(this->encoding.ptr);
+	free(this->identifier.ptr);
+	free(this);
+}
+
+METHOD(pb_pdp_referral_msg_t, get_identifier_type, pen_type_t,
+	private_pb_pdp_referral_msg_t *this)
+{
+	return this->identifier_type;
+}
+
+METHOD(pb_pdp_referral_msg_t, get_identifier, chunk_t,
+	private_pb_pdp_referral_msg_t *this)
+{
+	return this->identifier;
+}
+
+/**
+ * See header
+ */
+pb_tnc_msg_t* pb_pdp_referral_msg_create(pen_type_t identifier_type,
+										 chunk_t identifier)
+{
+	private_pb_pdp_referral_msg_t *this;
+
+	INIT(this,
+		.public = {
+			.pb_interface = {
+				.get_type = _get_type,
+				.get_encoding = _get_encoding,
+				.build = _build,
+				.process = _process,
+				.destroy = _destroy,
+			},
+			.get_identifier_type = _get_identifier_type,
+			.get_identifier = _get_identifier,
+		},
+		.type = { PEN_TCG, PB_TCG_MSG_PDP_REFERRAL },
+		.identifier_type = identifier_type,
+		.identifier = chunk_clone(identifier),
+	);
+
+	return &this->public.pb_interface;
+}
+
+/**
+ * See header
+ */
+pb_tnc_msg_t *pb_pdp_referral_msg_create_from_data(chunk_t data)
+{
+	private_pb_pdp_referral_msg_t *this;
+
+	INIT(this,
+		.public = {
+			.pb_interface = {
+				.get_type = _get_type,
+				.get_encoding = _get_encoding,
+				.build = _build,
+				.process = _process,
+				.destroy = _destroy,
+			},
+			.get_identifier_type = _get_identifier_type,
+			.get_identifier = _get_identifier,
+		},
+		.type = { PEN_TCG, PB_TCG_MSG_PDP_REFERRAL },
+		.encoding = chunk_clone(data),
+	);
+
+	return &this->public.pb_interface;
+}
+
diff --git a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h
new file mode 100644
index 000000000..a472557ca
--- /dev/null
+++ b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pb_pdp_referral_msg pb_pdp_referral_msg
+ * @{ @ingroup tnccs_20
+ */
+
+#ifndef PB_PDP_REFERRAL_MSG_H_
+#define PB_PDP_REFERRAL_MSG_H_
+
+typedef enum pb_pdp_identifier_type_t pb_pdp_identifier_type_t;
+typedef struct pb_pdp_referral_msg_t pb_pdp_referral_msg_t;
+
+#include "messages/pb_tnc_msg.h"
+
+#include <pen/pen.h>
+
+/**
+ * PB-TNC PDP Identifier Types as defined in section 3.1.1.2 of the
+ * TCG TNC PDP Discovery and Validation Specification 1.0
+ */
+enum pb_pdp_identifier_type_t {
+	PB_PDP_ID_FQDN =	0,
+	PB_PDP_ID_IPV4 =	1,
+	PB_PDP_ID_IPV6 =	2
+};
+
+/**
+ * enum name for pb_pdp_identifier_type_t.
+ */
+extern enum_name_t *pb_pdp_identifier_type_names;
+
+/**
+ * Class representing the PB-Remediation-Parameters message type.
+ */
+struct pb_pdp_referral_msg_t {
+
+	/**
+	 * PB-TNC Message interface
+	 */
+	pb_tnc_msg_t pb_interface;
+
+	/**
+	 * Get the PDP Identifier Type (Vendor ID and Type)
+	 *
+	 * @return				PDP Identifier Type
+	 */
+	pen_type_t (*get_identifier_type)(pb_pdp_referral_msg_t *this);
+
+	/**
+	 * Get the PDP Identifier Value
+	 *
+	 * @return				PDP Identifier Value
+	 */
+	chunk_t (*get_identifier)(pb_pdp_referral_msg_t *this);
+
+};
+
+/**
+ * Create a general PB-PDP-Referral message
+ *
+ * @param identifier_type	PDP Identifier Type
+ * @param identifier		PDP Identifier
+ */
+pb_tnc_msg_t* pb_pdp_referral_msg_create(pen_type_t identifier_type,
+										 chunk_t identifier);
+
+/**
+ * Create an unprocessed PB-PDP-Referral message from raw data
+ *
+  * @param data		PB-PDP-Referral message data
+ */
+pb_tnc_msg_t* pb_pdp_referral_msg_create_from_data(chunk_t data);
+
+#endif /** PB_PA_MSG_H_ @}*/
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
index 5d2d7ee25..6759c92a3 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c
@@ -17,13 +17,13 @@
 #include "tnccs_20.h"
 #include "batch/pb_tnc_batch.h"
 #include "messages/pb_tnc_msg.h"
-#include "messages/pb_pa_msg.h"
-#include "messages/pb_error_msg.h"
-#include "messages/pb_assessment_result_msg.h"
-#include "messages/pb_access_recommendation_msg.h"
-#include "messages/pb_remediation_parameters_msg.h"
-#include "messages/pb_reason_string_msg.h"
-#include "messages/pb_language_preference_msg.h"
+#include "messages/ietf/pb_pa_msg.h"
+#include "messages/ietf/pb_error_msg.h"
+#include "messages/ietf/pb_assessment_result_msg.h"
+#include "messages/ietf/pb_access_recommendation_msg.h"
+#include "messages/ietf/pb_remediation_parameters_msg.h"
+#include "messages/ietf/pb_reason_string_msg.h"
+#include "messages/ietf/pb_language_preference_msg.h"
 #include "state_machine/pb_tnc_state_machine.h"
 
 #include <tncif_names.h>
@@ -225,11 +225,13 @@ METHOD(tnccs_t, send_msg, TNC_Result,
 }
 
 /**
- * Handle a single PB-TNC message according to its type
+ * Handle a single PB-TNC IETF standard message according to its type
  */
-static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
+static void handle_ietf_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
 {
-	switch (msg->get_type(msg))
+	pen_type_t msg_type = msg->get_type(msg);
+
+	switch (msg_type.type)
 	{
 		case PB_MSG_EXPERIMENTAL:
 			/* nothing to do */
@@ -441,6 +443,43 @@ static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
 }
 
 /**
+ * Handle a single PB-TNC TCG standard message according to its type
+ */
+static void handle_tcg_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
+{
+	pen_type_t msg_type = msg->get_type(msg);
+
+	switch (msg_type.type)
+	{
+		case PB_TCG_MSG_PDP_REFERRAL:
+			/* TODO handle PDP Referral */
+			break;
+		default:
+			break;
+	}
+}
+
+/**
+ * Handle a single PB-TNC message according to its type
+ */
+static void handle_message(private_tnccs_20_t *this, pb_tnc_msg_t *msg)
+{
+	pen_type_t msg_type = msg->get_type(msg);
+
+	switch (msg_type.vendor_id)
+	{
+		case PEN_IETF:
+			handle_ietf_message(this, msg);
+			break;
+		case PEN_TCG:
+			handle_tcg_message(this, msg);
+			break;
+		default:
+			break;
+	}
+}
+
+/**
  *  Build a CRETRY or SRETRY batch
  */
 static void build_retry_batch(private_tnccs_20_t *this)