SWID IMC implements recursive tag collection in /usr/share

9 files changed, 385 insertions, 123 deletions

diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am
index 02d564251..2c02fd18a 100644
--- a/src/libpts/Makefile.am
+++ b/src/libpts/Makefile.am
@@ -36,6 +36,7 @@ libpts_la_SOURCES = \
 	pts/components/ita/ita_comp_tgrub.h pts/components/ita/ita_comp_tgrub.c \
 	pts/components/tcg/tcg_comp_func_name.h pts/components/tcg/tcg_comp_func_name.c \
 	swid/swid_error.h swid/swid_error.c \
+	swid/swid_inventory.h swid/swid_inventory.c \
 	swid/swid_tag.h swid/swid_tag.c \
 	swid/swid_tag_id.h swid/swid_tag_id.c \
 	tcg/tcg_attr.h tcg/tcg_attr.c \
diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libpts/plugins/imc_swid/imc_swid.c
index a90e5adc3..6ad84dce6 100644
--- a/src/libpts/plugins/imc_swid/imc_swid.c
+++ b/src/libpts/plugins/imc_swid/imc_swid.c
@@ -16,8 +16,7 @@
 #include "imc_swid_state.h"
 
 #include "libpts.h"
-#include "swid/swid_tag.h"
-#include "swid/swid_tag_id.h"
+#include "swid/swid_inventory.h"
 #include "swid/swid_error.h"
 #include "tcg/swid/tcg_swid_attr_req.h"
 #include "tcg/swid/tcg_swid_attr_tag_inv.h"
@@ -31,38 +30,6 @@
 #include <pen/pen.h>
 #include <utils/debug.h>
 
-static char strongswan_tag[] =
-	"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
-	"<software_identification_tag "
-	"xmlns=\"http://standards.iso.org/iso/19770/-2/2009/schema.xsd\">\n"
-	"<entitlement_required_indicator>true</entitlement_required_indicator>\n"
-	"<product_title>strongSwan</product_title>\n"
-	"<product_version>\n"
-	"  <name>5.1.1dr1</name>\n"
-	"  <numeric>\n"
-	"    <major>5</major>\n"
-	"    <minor>1</minor>\n"
-	"    <build>1</build>\n"
-	"    <review>dr1</review>\n"
-	"  </numeric>\n"
-	"</product_version>\n"
-	"<software_creator>\n"
-	"  <name>strongSwan Project</name>\n"
-	"  <regid>regid.2004-03.org.strongswan</regid>\n"
-	"</software_creator>\n"
-	"<software_licensor>\n"
-	"  <name>strongSwan Project</name>\n"
-	"  <regid>regid.2004-03.org.strongswan</regid>\n"
-	"</software_licensor>\n"
-	"<software_id>\n"
-	"  <unique_id>strongSwan-5-1-1-dr1</unique_id>\n"
-	"  <tag_creator_regid>regid.2004-03.org.strongswan</tag_creator_regid>\n"
-	"</software_id>\n"
-	"<tag_creator>\n"
-	"  <name>strongSwan Project</name>\n"
-	"  <regid>regid.2004-03.org.strongswan</regid>\n"
-	"</tag_creator>\n"
-	"</software_identification_tag>\n";
 
 /* IMC definitions */
 
@@ -187,6 +154,8 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 		tcg_swid_attr_req_t *attr_req;
 		u_int8_t flags;
 		u_int32_t request_id, eid_epoch;
+		swid_inventory_t *swid_inventory;
+		bool full_tags;
 
 		type = attr->get_type(attr);
 
@@ -207,29 +176,27 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 			out_msg->add_attribute(out_msg, attr);
 			break;
 		}
+		full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
 
-		if (flags & TCG_SWID_ATTR_REQ_FLAG_R)
+		swid_inventory = swid_inventory_create(full_tags);
+		if (!swid_inventory->collect(swid_inventory))
 		{
-			swid_tag_id_t *tag_id;
-			tcg_swid_attr_tag_id_inv_t *attr_cast;
-
-			attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
-			attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
-			tag_id = swid_tag_id_create(
-						chunk_from_str("regid.2004-03.org.strongswan"),
-						chunk_from_str("strongSwan-5-1-1-dr1"),
-						chunk_empty);
-			attr_cast->add_tag_id(attr_cast, tag_id);
+			swid_inventory->destroy(swid_inventory);
+			attr = swid_error_create(TCG_SWID_ERROR, request_id,
+									 0, "error in SWID tag collection");
+			out_msg->add_attribute(out_msg, attr);
+			break;
+		}
+
+		if (full_tags)
+		{
+			attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1,
+												swid_inventory);
 		}
 		else
 		{
-			swid_tag_t *tag;
-			tcg_swid_attr_tag_inv_t *attr_cast;
-	
-			attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
-			attr_cast = (tcg_swid_attr_tag_inv_t*)attr;
-			tag = swid_tag_create(chunk_from_str(strongswan_tag), chunk_empty);
-			attr_cast->add_tag(attr_cast, tag);
+			attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1,
+												swid_inventory);
 		}
 		out_msg->add_attribute(out_msg, attr);
 	}
diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.c b/src/libpts/plugins/imv_swid/imv_swid_agent.c
index db1a98f58..a0326f88d 100644
--- a/src/libpts/plugins/imv_swid/imv_swid_agent.c
+++ b/src/libpts/plugins/imv_swid/imv_swid_agent.c
@@ -18,6 +18,7 @@
 
 #include "libpts.h"
 #include "swid/swid_error.h"
+#include "swid/swid_inventory.h"
 #include "tcg/swid/tcg_swid_attr_req.h"
 #include "tcg/swid/tcg_swid_attr_tag_inv.h"
 #include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
@@ -112,7 +113,8 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 		TNC_IMV_Action_Recommendation rec;
 		pen_type_t type;
 		u_int32_t request_id, last_eid, eid_epoch;
-		int tag_count = 0;
+		swid_inventory_t *inventory;
+		int tag_count;
 		char result_str[BUF_LEN], *tag_item;
 		imv_workitem_t *workitem, *found = NULL;
 		enumerator_t *et, *ew;
@@ -180,15 +182,15 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 				attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
 				request_id = attr_cast->get_request_id(attr_cast);
 				last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
+				inventory = attr_cast->get_inventory(attr_cast);
 				tag_item = "tag ID";
 				DBG2(DBG_IMV, "received SWID %s inventory for request %d "
 							  "at eid %d of epoch 0x%08x", tag_item,
 							   request_id, last_eid, eid_epoch);
 
-				et = attr_cast->create_tag_id_enumerator(attr_cast);
+				et = inventory->create_enumerator(inventory);
 				while (et->enumerate(et, &tag_id))
 				{
-					tag_count++;
 					tag_creator = tag_id->get_tag_creator(tag_id);
 					unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
 					DBG3(DBG_IMV, "  %.*s_%.*s.swidtag",
@@ -213,15 +215,15 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 				attr_cast = (tcg_swid_attr_tag_inv_t*)attr;
 				request_id = attr_cast->get_request_id(attr_cast);
 				last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
+				inventory = attr_cast->get_inventory(attr_cast);
 				tag_item = "tag";
 				DBG2(DBG_IMV, "received SWID %s inventory for request %d "
 							  "at eid %d of epoch 0x%08x", tag_item,
 							   request_id, last_eid, eid_epoch);
 
-				et = attr_cast->create_tag_enumerator(attr_cast);
+				et = inventory->create_enumerator(inventory);
 				while (et->enumerate(et, &tag))
 				{
-					tag_count++;
 					tag_encoding = tag->get_encoding(tag);
 					DBG3(DBG_IMV, "%.*s", tag_encoding.len, tag_encoding.ptr);
 				}
@@ -256,6 +258,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 		}
 
 		eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+		tag_count = inventory->get_count(inventory);
 		snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
 				 tag_count, tag_item, (tag_count == 1) ? "" : "s");
 		session->remove_workitem(session, ew);
diff --git a/src/libpts/swid/swid_inventory.c b/src/libpts/swid/swid_inventory.c
new file mode 100644
index 000000000..d9fb2b0e0
--- /dev/null
+++ b/src/libpts/swid/swid_inventory.c
@@ -0,0 +1,240 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "swid_inventory.h"
+#include "swid_tag.h"
+#include "swid_tag_id.h"
+
+#include <collections/linked_list.h>
+#include <utils/debug.h>
+
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <libgen.h>
+#include <errno.h>
+
+typedef struct private_swid_inventory_t private_swid_inventory_t;
+
+#define SWID_TAG_DIRECTORY	"/usr/share"
+
+/**
+ * Private data of a swid_inventory_t object.
+ *
+ */
+struct private_swid_inventory_t {
+
+	/**
+	 * Public swid_inventory_t interface.
+	 */
+	swid_inventory_t public;
+
+	/**
+	 * Full SWID tags or just SWID tag IDs
+	 */
+	bool full_tags;
+
+	/**
+	 * List of SWID tags or tag IDs
+	 */
+	linked_list_t *list;
+};
+
+static bool collect_tags(private_swid_inventory_t *this, char *pathname)
+{
+	char *rel_name, *abs_name;
+	struct stat st;
+	bool success = FALSE;
+	enumerator_t *enumerator;
+
+	enumerator = enumerator_create_directory(pathname);
+	if (!enumerator)
+	{
+		DBG1(DBG_IMV, "directory '%s' can not be opened, %s",
+			 pathname, strerror(errno));
+		return FALSE;
+	}
+	DBG2(DBG_IMV, "entering %s", pathname);
+	
+	while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st))
+	{
+		char * start, *stop;
+		chunk_t tag_creator;
+		chunk_t unique_sw_id = chunk_empty, unique_seq_id = chunk_empty;
+
+		if (!strstr(rel_name, "regid."))
+		{
+			continue;
+		}
+		if (S_ISDIR(st.st_mode))
+		{
+			if (!collect_tags(this, abs_name))
+			{
+				goto end;
+			}
+			continue;
+		}
+		DBG2(DBG_IMV, "  %s", rel_name);
+
+		/* parse the regid filename into its components */
+		start = rel_name;
+		stop = strchr(start, '_');
+		if (!stop)
+		{
+			DBG1(DBG_IMV, "  '_' separator not found");
+			goto end;
+		}
+		tag_creator = chunk_create(start, stop-start);
+
+		start = stop + 1;
+		stop = strchr(start, '_');
+		if (stop)
+		{
+			unique_sw_id = chunk_create(start, stop-start);
+			start = stop + 1;
+		}
+
+		stop = strstr(start, ".swidtag");
+		if (!stop)
+		{
+			DBG1(DBG_IMV, "  swidtag postfix not found");
+			goto end;
+		}
+		if (unique_sw_id.ptr)
+		{
+			unique_seq_id = chunk_create(start, stop-start);
+		}
+		else
+		{
+			unique_sw_id = chunk_create(start, stop-start);
+		}
+
+		if (this->full_tags)
+		{
+			swid_tag_t *tag;
+			chunk_t xml_tag;
+			struct stat sb;
+			void *addr;
+			int fd;
+
+			fd = open(abs_name, O_RDONLY);
+			if (fd == -1)
+			{
+				DBG1(DBG_IMV, "  opening '%s' failed: %s", abs_name,
+					 strerror(errno));
+				goto end;
+			}
+
+			if (fstat(fd, &sb) == -1)
+			{
+				DBG1(DBG_IMV, "  getting file size of '%s' failed: %s", abs_name,
+			 		 strerror(errno));
+				close(fd);
+				goto end;
+			}
+
+			addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+			if (addr == MAP_FAILED)
+			{
+				DBG1(DBG_IMV, "  mapping '%s' failed: %s", abs_name,
+					 strerror(errno));
+				close(fd);
+				goto end;
+			}
+			xml_tag = chunk_create(addr, sb.st_size);
+
+			tag = swid_tag_create(xml_tag, unique_seq_id);
+			this->list->insert_last(this->list, tag);
+		}
+		else
+		{
+			swid_tag_id_t *tag_id;
+
+			tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
+			this->list->insert_last(this->list, tag_id);
+		}
+	}
+	success = TRUE;
+
+end:
+	enumerator->destroy(enumerator);
+	DBG2(DBG_IMV, "leaving %s", pathname);
+
+	return success;
+}
+
+METHOD(swid_inventory_t, collect, bool,
+	private_swid_inventory_t *this)
+{
+	return collect_tags(this, SWID_TAG_DIRECTORY);
+}
+
+METHOD(swid_inventory_t, add, void,
+	private_swid_inventory_t *this, void *item)
+{
+	this->list->insert_last(this->list, item);
+}
+
+METHOD(swid_inventory_t, get_count, int,
+	private_swid_inventory_t *this)
+{
+	return this->list->get_count(this->list);
+}
+
+METHOD(swid_inventory_t, create_enumerator, enumerator_t*,
+	private_swid_inventory_t *this)
+{
+	return this->list->create_enumerator(this->list);
+}
+
+METHOD(swid_inventory_t, destroy, void,
+	private_swid_inventory_t *this)
+{
+	if (this->full_tags)
+	{
+		this->list->destroy_offset(this->list, offsetof(swid_tag_t, destroy));
+	}
+	else
+	{
+		this->list->destroy_offset(this->list, offsetof(swid_tag_id_t, destroy));
+	}
+	free(this);
+}
+
+/**
+ * See header
+ */
+swid_inventory_t *swid_inventory_create(bool full_tags)
+{
+	private_swid_inventory_t *this;
+
+	INIT(this,
+		.public = {
+			.collect = _collect,
+			.add = _add,
+			.get_count = _get_count,
+			.create_enumerator = _create_enumerator,
+			.destroy = _destroy,
+		},
+		.full_tags = full_tags,
+		.list = linked_list_create(),
+	);
+
+	return &this->public;
+}
+
+
diff --git a/src/libpts/swid/swid_inventory.h b/src/libpts/swid/swid_inventory.h
new file mode 100644
index 000000000..444ed5766
--- /dev/null
+++ b/src/libpts/swid/swid_inventory.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup swid_inventory swid_inventory
+ * @{ @ingroup pts
+ */
+
+#ifndef SWID_INVENTORY_H_
+#define SWID_INVENTORY_H_
+
+#include <library.h>
+
+typedef struct swid_inventory_t swid_inventory_t;
+
+/**
+ * Class managing SWID tag inventory
+ */
+struct swid_inventory_t {
+
+	/**
+	 * Collect the SWID tags stored on the endpoint
+	 *
+	 * @return				TRUE if successful
+	 */
+	bool (*collect)(swid_inventory_t *this);
+
+	/**
+	 * Collect the SWID tags stored on the endpoint
+	 *
+	 * @param item			SWID tag or tag ID to be added
+	 */
+	void (*add)(swid_inventory_t *this, void *item);
+
+	/**
+	 * Get the number of collected SWID tags
+	 *
+	 * @return				Number of collected SWID tags
+	 */
+	int (*get_count)(swid_inventory_t *this);
+
+	/**
+	  * Create a SWID tag inventory enumerator
+	  *
+	  * @return				Enumerator returning either tag ID or full tag
+	  */
+	enumerator_t* (*create_enumerator)(swid_inventory_t *this);
+
+	/**
+	 * Destroys a swid_inventory_t object.
+	 */
+	void (*destroy)(swid_inventory_t *this);
+
+};
+
+/**
+ * Creates a swid_inventory_t object
+ *
+ * @param full_tags			TRUE if full tags, FALSE if tag IDs only
+ */
+swid_inventory_t* swid_inventory_create(bool full_tags);
+
+#endif /** SWID_INVENTORY_H_ @}*/
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c b/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c
index bdb2e6ad5..429919edd 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c
+++ b/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c
@@ -90,9 +90,9 @@ struct private_tcg_swid_attr_tag_id_inv_t {
 	u_int32_t last_eid;
 
 	/**
-	 * List of Tag Identifiers
+	 * SWID Tag ID Inventory
 	 */
-	linked_list_t *tag_id_list;
+	swid_inventory_t *inventory;
 
 	/**
 	 * Reference count
@@ -139,12 +139,12 @@ METHOD(pa_tnc_attr_t, build, void,
 
 	writer = bio_writer_create(SWID_TAG_ID_INV_SIZE);
 	writer->write_uint8 (writer, SWID_TAG_ID_INV_RESERVED);
-	writer->write_uint24(writer, this->tag_id_list->get_count(this->tag_id_list));
+	writer->write_uint24(writer, this->inventory->get_count(this->inventory));
 	writer->write_uint32(writer, this->request_id);
 	writer->write_uint32(writer, this->eid_epoch);
 	writer->write_uint32(writer, this->last_eid);
 
-	enumerator = this->tag_id_list->create_enumerator(this->tag_id_list);
+	enumerator = this->inventory->create_enumerator(this->inventory);
 	while (enumerator->enumerate(enumerator, &tag_id))
 	{
 		tag_creator = tag_id->get_tag_creator(tag_id);
@@ -207,7 +207,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 		*offset += 2 + unique_seq_id.len;
 
 		tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
-		this->tag_id_list->insert_last(this->tag_id_list, tag_id);
+		this->inventory->add(this->inventory, tag_id);
 	}
 	reader->destroy(reader);
 
@@ -226,8 +226,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
 {
 	if (ref_put(&this->ref))
 	{
-		this->tag_id_list->destroy_offset(this->tag_id_list,
-										  offsetof(swid_tag_id_t, destroy));
+		this->inventory->destroy(this->inventory);
 		free(this->value.ptr);
 		free(this);
 	}
@@ -249,16 +248,10 @@ METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, u_int32_t,
 	return this->last_eid;
 }
 
-METHOD(tcg_swid_attr_tag_id_inv_t, add_tag_id, void,
-	private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id)
-{
-	this->tag_id_list->insert_last(this->tag_id_list, tag_id);
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, create_tag_id_enumerator, enumerator_t*,
+METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*,
 	private_tcg_swid_attr_tag_id_inv_t *this)
 {
-	return this->tag_id_list->create_enumerator(this->tag_id_list);
+	return this->inventory;
 }
 
 /**
@@ -266,7 +259,8 @@ METHOD(tcg_swid_attr_tag_id_inv_t, create_tag_id_enumerator, enumerator_t*,
  */
 pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
 											   u_int32_t eid_epoch,
-											   u_int32_t eid)
+											   u_int32_t eid,
+											   swid_inventory_t *inventory)
 {
 	private_tcg_swid_attr_tag_id_inv_t *this;
 
@@ -284,14 +278,13 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
 			},
 			.get_request_id = _get_request_id,
 			.get_last_eid = _get_last_eid,
-			.add_tag_id = _add_tag_id,
-			.create_tag_id_enumerator = _create_tag_id_enumerator,
+			.get_inventory = _get_inventory,
 		},
 		.type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
 		.request_id = request_id,
 		.eid_epoch = eid_epoch,
 		.last_eid = eid,
-		.tag_id_list = linked_list_create(),
+		.inventory = inventory,
 		.ref = 1,
 	);
 
@@ -320,12 +313,11 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(chunk_t data)
 			},
 			.get_request_id = _get_request_id,
 			.get_last_eid = _get_last_eid,
-			.add_tag_id = _add_tag_id,
-			.create_tag_id_enumerator = _create_tag_id_enumerator,
+			.get_inventory = _get_inventory,
 		},
 		.type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
 		.value = chunk_clone(data),
-		.tag_id_list = linked_list_create(),
+		.inventory = swid_inventory_create(FALSE),
 		.ref = 1,
 	);
 
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h b/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h
index 9719587e2..1a0cbe7d2 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h
+++ b/src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h
@@ -25,6 +25,7 @@ typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t;
 
 #include "tcg/tcg_attr.h"
 #include "swid/swid_tag_id.h"
+#include "swid/swid_inventory.h"
 
 #include <pa_tnc/pa_tnc_attr.h>
 
@@ -56,18 +57,11 @@ struct tcg_swid_attr_tag_id_inv_t {
 							  u_int32_t *eid_epoch);
 
 	/**
-	 * Add Tag ID
+	 * Get Inventory of SWID tag IDs
 	 *
-	 * @param tag_id			SWID Tag ID (is not cloned by constructor!)
+	 * @result					SWID Tag ID Inventory
 	 */
-	void (*add_tag_id)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id);
-
-	/**
-	 * Create Tag ID enumerator
-	 *
-	 * @return					Tag ID enumerator
-	 */
-	enumerator_t* (*create_tag_id_enumerator)(tcg_swid_attr_tag_id_inv_t *this);
+	swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_id_inv_t *this);
 
 };
 
@@ -77,10 +71,12 @@ struct tcg_swid_attr_tag_id_inv_t {
  * @param request_id			Copy of the Request ID
  * @param eid_epoch				Event ID Epoch
  * @param eid					Last Event ID
+ * @param inventory				SWID Tag Inventory
  */
 pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
 											   u_int32_t eid_epoch,
-											   u_int32_t eid);
+											   u_int32_t eid,
+											   swid_inventory_t *inventory);
 
 /**
  * Creates an tcg_swid_attr_tag_id_inv_t object from received data
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c b/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c
index 129d062fc..82b9ef958 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c
+++ b/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c
@@ -90,9 +90,9 @@ struct private_tcg_swid_attr_tag_inv_t {
 	u_int32_t last_eid;
 
 	/**
-	 * List of SWID Tags
+	 * SWID Tag Inventory
 	 */
-	linked_list_t *tag_list;
+	swid_inventory_t *inventory;
 
 	/**
 	 * Reference count
@@ -138,12 +138,12 @@ METHOD(pa_tnc_attr_t, build, void,
 
 	writer = bio_writer_create(SWID_TAG_INV_SIZE);
 	writer->write_uint8 (writer, SWID_TAG_INV_RESERVED);
-	writer->write_uint24(writer, this->tag_list->get_count(this->tag_list));
+	writer->write_uint24(writer, this->inventory->get_count(this->inventory));
 	writer->write_uint32(writer, this->request_id);
 	writer->write_uint32(writer, this->eid_epoch);
 	writer->write_uint32(writer, this->last_eid);
 
-	enumerator = this->tag_list->create_enumerator(this->tag_list);
+	enumerator = this->inventory->create_enumerator(this->inventory);
 	while (enumerator->enumerate(enumerator, &tag))
 	{
 		writer->write_data16(writer, tag->get_unique_seq_id(tag));
@@ -196,7 +196,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 		*offset += 4 + tag_encoding.len;
 
 		tag = swid_tag_create(tag_encoding, unique_seq_id);
-		this->tag_list->insert_last(this->tag_list, tag);
+		this->inventory->add(this->inventory, tag);
 	}
 	reader->destroy(reader);
 
@@ -215,8 +215,7 @@ METHOD(pa_tnc_attr_t, destroy, void,
 {
 	if (ref_put(&this->ref))
 	{
-		this->tag_list->destroy_offset(this->tag_list,
-									   offsetof(swid_tag_t, destroy));
+		this->inventory->destroy(this->inventory);
 		free(this->value.ptr);
 		free(this);
 	}
@@ -238,23 +237,18 @@ METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, u_int32_t,
 	return this->last_eid;
 }
 
-METHOD(tcg_swid_attr_tag_inv_t, add_tag, void,
-	private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag)
-{
-	this->tag_list->insert_last(this->tag_list, tag);
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, create_tag_enumerator, enumerator_t*,
+METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*,
 	private_tcg_swid_attr_tag_inv_t *this)
 {
-	return this->tag_list->create_enumerator(this->tag_list);
+	return this->inventory;
 }
 
 /**
  * Described in header.
  */
 pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
-											u_int32_t eid_epoch, u_int32_t eid)
+											u_int32_t eid_epoch, u_int32_t eid,
+											swid_inventory_t *inventory)
 {
 	private_tcg_swid_attr_tag_inv_t *this;
 
@@ -272,14 +266,13 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
 			},
 			.get_request_id = _get_request_id,
 			.get_last_eid = _get_last_eid,
-			.add_tag = _add_tag,
-			.create_tag_enumerator = _create_tag_enumerator,
+			.get_inventory = _get_inventory,
 		},
 		.type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
 		.request_id = request_id,
 		.eid_epoch = eid_epoch,
 		.last_eid = eid,
-		.tag_list = linked_list_create(),
+		.inventory = inventory,
 		.ref = 1,
 	);
 
@@ -308,12 +301,11 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(chunk_t data)
 			},
 			.get_request_id = _get_request_id,
 			.get_last_eid = _get_last_eid,
-			.add_tag = _add_tag,
-			.create_tag_enumerator = _create_tag_enumerator,
+			.get_inventory = _get_inventory,
 		},
 		.type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
 		.value = chunk_clone(data),
-		.tag_list = linked_list_create(),
+		.inventory = swid_inventory_create(TRUE),
 		.ref = 1,
 	);
 
diff --git a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h b/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h
index f116090b1..433f55ee0 100644
--- a/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h
+++ b/src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h
@@ -25,6 +25,7 @@ typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t;
 
 #include "tcg/tcg_attr.h"
 #include "swid/swid_tag.h"
+#include "swid/swid_inventory.h"
 
 #include <pa_tnc/pa_tnc_attr.h>
 
@@ -56,18 +57,11 @@ struct tcg_swid_attr_tag_inv_t {
 							  u_int32_t *eid_epoch);
 
 	/**
-	 * Add SWID Tag
+	 * Get Inventory of SWID tags
 	 *
-	 * @param tag				SWID Tag (is not cloned by constructor!)
+	 * @result					SWID Tag Inventory
 	 */
-	void (*add_tag)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag);
-
-	/**
-	 * Create SWID Tag enumerator
-	 *
-	 * @return					SWID Tag enumerator
-	 */
-	enumerator_t* (*create_tag_enumerator)(tcg_swid_attr_tag_inv_t *this);
+	swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_inv_t *this);
 
 };
 
@@ -77,10 +71,12 @@ struct tcg_swid_attr_tag_inv_t {
  * @param request_id			Copy of the Request ID
  * @param eid_epoch				Event ID Epoch
  * @param eid					Last Event ID
+ * @param inventory				SWID Tag Inventory
  */
 pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(u_int32_t request_id,
 											u_int32_t eid_epoch,
-											u_int32_t eid);
+											u_int32_t eid,
+											swid_inventory_t *inventory);
 
 /**
  * Creates an tcg_swid_attr_tag_inv_t object from received data