SWID IMC proposes IF-M segmentation contracts

3 files changed, 42 insertions, 24 deletions

diff --git a/src/libimcv/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c
index f4cca6a71..40f352ad9 100644
--- a/src/libimcv/plugins/imc_swid/imc_swid.c
+++ b/src/libimcv/plugins/imc_swid/imc_swid.c
@@ -17,6 +17,8 @@
 
 #include <imc/imc_agent.h>
 #include <imc/imc_msg.h>
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
 #include "tcg/swid/tcg_swid_attr_req.h"
 #include "tcg/swid/tcg_swid_attr_tag_inv.h"
 #include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
@@ -110,6 +112,14 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
 								  TNC_ConnectionID connection_id)
 {
 	imc_state_t *state;
+	imc_msg_t *out_msg;
+	pa_tnc_attr_t *attr;
+	seg_contract_t *contract;
+	seg_contract_manager_t *contracts;
+	size_t max_attr_size = SWID_MAX_ATTR_SIZE;
+	size_t max_seg_size;
+	char buf[BUF_LEN];
+	TNC_Result result = TNC_RESULT_SUCCESS;
 
 	if (!imc_swid)
 	{
@@ -121,7 +131,30 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
 		return TNC_RESULT_FATAL;
 	}
 
-	return TNC_RESULT_SUCCESS;
+	/* Determine maximum PA-TNC attribute segment size */
+	max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
+												 - PA_TNC_ATTR_HEADER_SIZE
+												 - TCG_SEG_ATTR_SEG_ENV_HEADER
+												 - PA_TNC_ATTR_HEADER_SIZE
+												 - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+	/* Announce support of PA-TNC segmentation to IMV */
+	contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
+									 TRUE, imc_id, TRUE);
+	contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+	DBG2(DBG_IMC, "%s", buf);
+	contracts = state->get_contracts(state);
+	contracts->add_contract(contracts, contract);
+	attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+
+	/* send PA-TNC message with the excl flag not set */
+	out_msg = imc_msg_create(imc_swid, state, connection_id, imc_id,
+							 TNC_IMVID_ANY, msg_types[0]);
+	out_msg->add_attribute(out_msg, attr);
+	result = out_msg->send(out_msg, FALSE);
+	out_msg->destroy(out_msg);
+
+	return result;
 }
 
 /**
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c
index c2da76ee0..5bebf32c0 100644
--- a/src/libimcv/plugins/imv_swid/imv_swid_agent.c
+++ b/src/libimcv/plugins/imv_swid/imv_swid_agent.c
@@ -41,8 +41,6 @@
 
 typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
 
-#define SWID_MAX_ATTR_SIZE	1000000000
-
 /* Subscribed PA-TNC message subtypes */
 static pen_type_t msg_types[] = {
 	{ PEN_TCG, PA_SUBTYPE_TCG_SWID }
@@ -448,7 +446,9 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 				max_seg_size = state->get_max_msg_len(state)
 								- PA_TNC_HEADER_SIZE 
 								- PA_TNC_ATTR_HEADER_SIZE
-								- TCG_SEG_ATTR_SEG_ENV_HEADER;
+								- TCG_SEG_ATTR_SEG_ENV_HEADER
+								- PA_TNC_ATTR_HEADER_SIZE
+								- TCG_SEG_ATTR_MAX_SIZE_SIZE;
 
 				/* Announce support of PA-TNC segmentation to IMC */
 				contract = seg_contract_create(msg_types[0], max_attr_size,
@@ -498,7 +498,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 		char result_str[BUF_LEN], *error_str = "", *command;
 		char *target, *separator;
 		int tag_id_count, tag_count, i;
-		size_t max_attr_size, attr_size, entry_size;
 		chunk_t tag_creator, unique_sw_id;
 		json_object *jrequest, *jresponse, *jvalue;
 		tcg_swid_attr_req_t *cast_attr;
@@ -568,18 +567,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 					break;
 				}
 
-				/* Compute the maximum TCG SWID Request attribute size */
-				max_attr_size = state->get_max_msg_len(state) -
-								PA_TNC_HEADER_SIZE;
-
-				/* Create the [first] TCG SWID Request attribute */
-				attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_REQ_MIN_SIZE;			
+				/* Create a TCG SWID Request attribute */
 				attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE,
 								swid_state->get_request_id(swid_state), 0);
-
 				tag_id_count = json_object_array_length(jresponse);
 				DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count,
 							  (tag_id_count == 1) ? "" : "s");
+				swid_state->set_missing(swid_state, tag_id_count);
 
 				for (i = 0; i < tag_id_count; i++)
 				{
@@ -608,18 +602,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 												tag_creator.len - 1);
 					tag_id = swid_tag_id_create(tag_creator, unique_sw_id,
 												chunk_empty);
-					entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len;
-
-					/* Have we reached the maximum attribute size? */
-					if (attr_size + entry_size > max_attr_size)
-					{
-						out_msg->add_attribute(out_msg, attr);
-						attr_size = PA_TNC_ATTR_HEADER_SIZE + 
-									TCG_SWID_REQ_MIN_SIZE;			
-						attr = tcg_swid_attr_req_create(
-									TCG_SWID_ATTR_REQ_FLAG_NONE,
-									swid_state->get_request_id(swid_state), 0);
-					}
 					cast_attr = (tcg_swid_attr_req_t*)attr;
 					cast_attr->add_target(cast_attr, tag_id);
 				}
diff --git a/src/libimcv/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h
index 7de8bb221..52f9c66a8 100644
--- a/src/libimcv/swid/swid_inventory.h
+++ b/src/libimcv/swid/swid_inventory.h
@@ -23,6 +23,9 @@
 
 #include <library.h>
 
+/* Maximum size of a SWID Tag Inventory: 100 MB */
+#define SWID_MAX_ATTR_SIZE	100000000
+
 typedef struct swid_inventory_t swid_inventory_t;
 
 /**