4 files changed, 84 insertions, 27 deletions

diff --git a/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c b/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c
index 5cc14f109..e18f1b006 100644
--- a/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c
+++ b/src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c
@@ -39,8 +39,8 @@ TNC_Result TNC_TNCC_RequestHandshakeRetry(TNC_IMCID imc_id,
 										  TNC_ConnectionID connection_id,
 										  TNC_RetryReason reason)
 {
-	DBG2(DBG_TNC,"TNCC_RequestHandshakeRetry not supported yet");
-	return TNC_RESULT_CANT_RESPOND;
+	return charon->tnccs->request_handshake_retry(charon->tnccs, TRUE, imc_id,
+												  connection_id, reason);
 }
 
 /**
diff --git a/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c b/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c
index e36997ea0..f6e9c5e32 100644
--- a/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c
+++ b/src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c
@@ -39,8 +39,8 @@ TNC_Result TNC_TNCS_RequestHandshakeRetry(TNC_IMVID imv_id,
 										  TNC_ConnectionID connection_id,
 										  TNC_RetryReason reason)
 {
-	DBG2(DBG_TNC,"TNCS_RequestHandshakeRetry not supported yet");
-	return TNC_RESULT_CANT_RESPOND;
+	return charon->tnccs->request_handshake_retry(charon->tnccs, FALSE, imv_id,
+												  connection_id, reason);
 }
 
 /**
diff --git a/src/libcharon/tnc/tnccs/tnccs_manager.c b/src/libcharon/tnc/tnccs/tnccs_manager.c
index 898c4f00a..7e522b870 100644
--- a/src/libcharon/tnc/tnccs/tnccs_manager.c
+++ b/src/libcharon/tnc/tnccs/tnccs_manager.c
@@ -63,6 +63,11 @@ struct tnccs_connection_entry_t {
 	tnccs_send_message_t send_message;
 
 	/**
+	 * TNCCS request handshake retry flag
+	 */
+	bool *request_handshake_retry;
+
+	/**
 	 * collection of IMV recommendations
 	 */
 	recommendations_t *recs;
@@ -168,13 +173,15 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*,
 
 METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
 	private_tnccs_manager_t *this, tnccs_t *tnccs, 
-	tnccs_send_message_t send_message, recommendations_t **recs)
+	tnccs_send_message_t send_message, bool* request_handshake_retry,
+	recommendations_t **recs)
 {
 	tnccs_connection_entry_t *entry;
 
 	entry = malloc_thing(tnccs_connection_entry_t);
 	entry->tnccs = tnccs;
 	entry->send_message = send_message;
+	entry->request_handshake_retry = request_handshake_retry;
 	if (recs)
 	{
 		/* we assume a TNC Server needing recommendations from IMVs */
@@ -232,6 +239,40 @@ METHOD(tnccs_manager_t, remove_connection, void,
 	this->connection_lock->unlock(this->connection_lock);
 }
 
+METHOD(tnccs_manager_t,	request_handshake_retry, TNC_Result,
+	private_tnccs_manager_t *this, bool is_imc, TNC_UInt32 imcv_id,
+												TNC_ConnectionID id,
+												TNC_RetryReason reason)
+{
+	enumerator_t *enumerator;
+	tnccs_connection_entry_t *entry;
+
+	if (id == TNC_CONNECTIONID_ANY)
+	{
+		DBG2(DBG_TNC, "%s %u requests handshake retry for all connections "
+					  "(reason: %u)", is_imc ? "IMC":"IMV", reason);
+	}
+	else
+	{
+		DBG2(DBG_TNC, "%s %u requests handshake retry for connection ID %u "
+					  "(reason: %u)", is_imc ? "IMC":"IMV", id, reason);
+	}
+	this->connection_lock->read_lock(this->connection_lock);
+	enumerator = this->connections->create_enumerator(this->connections);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (id == TNC_CONNECTIONID_ANY || id == entry->id)
+		{
+			*entry->request_handshake_retry = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->connection_lock->unlock(this->connection_lock);
+
+	return TNC_RESULT_SUCCESS;
+}
+
 METHOD(tnccs_manager_t, send_message, TNC_Result,
 	private_tnccs_manager_t *this, TNC_IMCID imc_id, TNC_IMVID imv_id,
 								   TNC_ConnectionID id,
@@ -418,6 +459,7 @@ tnccs_manager_t *tnccs_manager_create()
 				.create_instance = _create_instance,
 				.create_connection = _create_connection,
 				.remove_connection = _remove_connection,
+				.request_handshake_retry = _request_handshake_retry,
 				.send_message = _send_message,
 				.provide_recommendation = _provide_recommendation,
 				.get_attribute = _get_attribute,
diff --git a/src/libcharon/tnc/tnccs/tnccs_manager.h b/src/libcharon/tnc/tnccs/tnccs_manager.h
index 23f7a6810..c02eac03c 100644
--- a/src/libcharon/tnc/tnccs/tnccs_manager.h
+++ b/src/libcharon/tnc/tnccs/tnccs_manager.h
@@ -55,9 +55,9 @@ struct tnccs_manager_t {
 	/**
 	 * Create a new TNCCS protocol instance.
 	 *
-	 * @param type			type of the TNCCS protocol
-	 * @param is_server		TRUE if TNC Server, FALSE if TNC Client
-	 * @return				TNCCS protocol instance, NULL if no constructor found
+	 * @param type		  type of the TNCCS protocol
+	 * @param is_server	  TRUE if TNC Server, FALSE if TNC Client
+	 * @return			  TNCCS protocol instance, NULL if no constructor found
 	 */
 	tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
 								bool is_server);
@@ -67,53 +67,68 @@ struct tnccs_manager_t {
 	 * callback function for adding a message to a TNCCS batch and create
 	 * an empty set for collecting IMV recommendations
 	 *
-	 * @param tnccs				TNCCS connection instance
-	 * @param send_message		TNCCS callback function
-	 * @param recs				pointer to IMV recommendation set
-	 * @return					assigned connection ID
+	 * @param tnccs						TNCCS connection instance
+	 * @param send_message				TNCCS callback function
+	 * @param request_handshake_retry	pointer to boolean variable
+	 * @param recs						pointer to IMV recommendation set
+	 * @return							assigned connection ID
 	 */
 	TNC_ConnectionID (*create_connection)(tnccs_manager_t *this, tnccs_t *tnccs,
 										  tnccs_send_message_t send_message,
+										  bool *request_handshake_retry,
 						 				  recommendations_t **recs);
 
 	/**
 	 * Remove a TNCCS connection using its connection ID.
 	 *
-	 * @param id				connection ID of the connection to be removed
+	 * @param id				ID of the connection to be removed
 	 */
 	void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id);
 
 	/**
+	 * Request a handshake retry
+	 *
+	 * @param is_imc			TRUE if IMC, FALSE if IMV
+	 * @param imcv_id			ID of IMC or IMV requesting the retry
+	 * @param id				ID of a specific connection or any connection
+	 * @param reason			reason for the handshake retry
+	 * @return					return code
+	 */
+	TNC_Result (*request_handshake_retry)(tnccs_manager_t *this, bool is_imc,
+										  TNC_UInt32 imcv_id,
+										  TNC_ConnectionID id,
+										  TNC_RetryReason reason);
+
+	/**
 	 * Add an IMC/IMV message to the batch of a given connection ID.
 	 *
 	 * @param imc_id			ID of IMC or TNC_IMCID_ANY
 	 * @param imv_id			ID of IMV or TNC_IMVID_ANY
-	 * @param connection_id		ID of target connection
+	 * @param id				ID of target connection
 	 * @param msg				message to be added
 	 * @param msg_len			message length
 	 * @param msg_type			message type
 	 * @return					return code
 	 */
-	TNC_Result (*send_message)(tnccs_manager_t *this,
-							   TNC_IMCID imc_id,
-							   TNC_IMVID imv_id,
-							   TNC_ConnectionID connection_id,
-							   TNC_BufferReference msg,
-							   TNC_UInt32 msg_len,
-							   TNC_MessageType msg_type);
+	TNC_Result (*send_message)(tnccs_manager_t *this, TNC_IMCID imc_id,
+													  TNC_IMVID imv_id,
+													  TNC_ConnectionID id,
+													  TNC_BufferReference msg,
+													  TNC_UInt32 msg_len,
+													  TNC_MessageType msg_type);
 
 	/**
 	 * Deliver an IMV Action Recommendation and IMV Evaluation Result to the TNCS
 	 *
 	 * @param imv_id			ID of the IMV providing the recommendation
-	 * @param connection_id		ID of target connection
+	 * @param id				ID of target connection
 	 * @param rec				action recommendation
 	 * @param eval				evaluation result
 	 * @return					return code
 	 */
 	TNC_Result (*provide_recommendation)(tnccs_manager_t *this,
 										 TNC_IMVID imv_id,
-										 TNC_ConnectionID connection_id,
+										 TNC_ConnectionID id,
 										 TNC_IMV_Action_Recommendation rec,
 										 TNC_IMV_Evaluation_Result eval);
 
@@ -122,7 +137,7 @@ struct tnccs_manager_t {
 	 * TNCS as a whole.
 	 *
 	 * @param imv_id			ID of the IMV requesting the attribute
-	 * @param connection_id		ID of target connection
+	 * @param id				ID of target connection
 	 * @param attribute_id		ID of the requested attribute
 	 * @param buffer_len		length of the buffer in bytes
 	 * @param buffer			pointer to the buffer
@@ -131,7 +146,7 @@ struct tnccs_manager_t {
 	 */
 	TNC_Result (*get_attribute)(tnccs_manager_t *this,
 							   TNC_IMVID imv_id,
-							   TNC_ConnectionID connection_id,
+							   TNC_ConnectionID id,
 							   TNC_AttributeID attribute_id,
 							   TNC_UInt32 buffer_len,
 							   TNC_BufferReference buffer,
@@ -142,7 +157,7 @@ struct tnccs_manager_t {
 	 * TNCS as a whole.
 	 *
 	 * @param imv_id			ID of the IMV setting the attribute
-	 * @param connection_id		ID of target connection
+	 * @param id				ID of target connection
 	 * @param attribute_id		ID of the attribute to be set
 	 * @param buffer_len		length of the buffer in bytes
 	 * @param buffer			pointer to the buffer
@@ -150,7 +165,7 @@ struct tnccs_manager_t {
 	 */
 	TNC_Result (*set_attribute)(tnccs_manager_t *this,
 								TNC_IMVID imv_id,
-								TNC_ConnectionID connection_id,
+								TNC_ConnectionID id,
 								TNC_AttributeID attribute_id,
 								TNC_UInt32 buffer_len,
 								TNC_BufferReference buffer);