diff options
Diffstat (limited to 'src')
6 files changed, 506 insertions, 4 deletions
diff --git a/src/libcharon/plugins/tnccs_20/Makefile.am b/src/libcharon/plugins/tnccs_20/Makefile.am index 86e1e107e..1afa78759 100644 --- a/src/libcharon/plugins/tnccs_20/Makefile.am +++ b/src/libcharon/plugins/tnccs_20/Makefile.am @@ -1,7 +1,6 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ - -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls \ - `xml2-config --cflags` + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libtls AM_CFLAGS = -rdynamic @@ -14,7 +13,9 @@ endif libstrongswan_tnccs_20_la_SOURCES = \ tnccs_20_plugin.h tnccs_20_plugin.c tnccs_20.h tnccs_20.c \ - tnccs_20_types.h tnccs_20_types.c + tnccs_20_types.h tnccs_20_types.c \ + messages/pb_tnc_message.h messages/pb_tnc_message.c \ + messages/pb_pa_message.h messages/pb_pa_message.c libstrongswan_tnccs_20_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_pa_message.c b/src/libcharon/plugins/tnccs_20/messages/pb_pa_message.c new file mode 100644 index 000000000..908a64e57 --- /dev/null +++ b/src/libcharon/plugins/tnccs_20/messages/pb_pa_message.c @@ -0,0 +1,270 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pb_pa_message.h" + +#include <tls_writer.h> +#include <tls_reader.h> +#include <debug.h> + +typedef struct private_pb_pa_message_t private_pb_pa_message_t; + +/** + * PB-PA message + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Flags | PA Message Vendor ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | PA Subtype | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Posture Collector Identifier | Posture Validator Identifier | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | PA Message Body (Variable Length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +#define PA_FLAG_NONE 0x00 +#define PA_FLAG_EXCL (1<<7) + +#define PB_PA_HEADER_SIZE 12 + +/** + * Private data of a pb_pa_message_t object. + * + */ +struct private_pb_pa_message_t { + /** + * Public pb_pa_message_t interface. + */ + pb_pa_message_t public; + + /** + * PB-TNC message type + */ + pb_tnc_msg_type_t type; + + /** + * Exclusive flag + */ + bool excl; + + /** + * PA Message Vendor ID + */ + u_int32_t vendor_id; + + /** + * PA Subtype + */ + u_int32_t subtype; + + /** + * Posture Validator Identifier + */ + u_int16_t collector_id; + + /** + * Posture Validator Identifier + */ + u_int16_t validator_id; + + /** + * PA Message Body + */ + chunk_t msg_body; + + /** + * Encoded message + */ + chunk_t encoding; +}; + +METHOD(pb_tnc_message_t, get_type, pb_tnc_msg_type_t, + private_pb_pa_message_t *this) +{ + return this->type; +} + +METHOD(pb_tnc_message_t, get_encoding, chunk_t, + private_pb_pa_message_t *this) +{ + return this->encoding; +} + +METHOD(pb_tnc_message_t, build, void, + private_pb_pa_message_t *this) +{ + chunk_t msg_header; + tls_writer_t *writer; + + /* build message header */ + writer = tls_writer_create(PB_PA_HEADER_SIZE); + writer->write_uint8 (writer, this->excl ? PA_FLAG_EXCL : PA_FLAG_NONE); + writer->write_uint24(writer, this->vendor_id); + writer->write_uint32(writer, this->subtype); + writer->write_uint16(writer, this->collector_id); + writer->write_uint16(writer, this->validator_id); + msg_header = writer->get_buf(writer); + + /* create encoding by concatenating message header and message body */ + free(this->encoding.ptr); + this->encoding = chunk_cat("cc", msg_header, this->msg_body); + writer->destroy(writer); +} + +METHOD(pb_tnc_message_t, process, status_t, + private_pb_pa_message_t *this) +{ + u_int8_t flags; + size_t msg_body_len; + tls_reader_t *reader; + + if (this->encoding.len < PB_PA_HEADER_SIZE) + { + DBG1(DBG_TNC,"%N message is shorter than header size of %u bytes", + pb_tnc_msg_type_names, PB_MSG_PA, PB_PA_HEADER_SIZE); + return FAILED; + } + + /* process message header */ + reader = tls_reader_create(this->encoding); + reader->read_uint8 (reader, &flags); + reader->read_uint24(reader, &this->vendor_id); + reader->read_uint32(reader, &this->subtype); + reader->read_uint16(reader, &this->collector_id); + reader->read_uint16(reader, &this->validator_id); + this->excl = ((flags & PA_FLAG_EXCL) != PA_FLAG_NONE); + + /* process message body */ + msg_body_len = reader->remaining(reader); + if (msg_body_len) + { + reader->read_data(reader, msg_body_len, &this->msg_body); + this->msg_body = chunk_clone(this->msg_body); + } + reader->destroy(reader); + return SUCCESS; +} + +METHOD(pb_tnc_message_t, destroy, void, + private_pb_pa_message_t *this) +{ + free(this->encoding.ptr); + free(this->msg_body.ptr); + free(this); +} + +METHOD(pb_pa_message_t, get_vendor_id, u_int32_t, + private_pb_pa_message_t *this, u_int32_t *subtype) +{ + *subtype = this->subtype; + return this->vendor_id; +} + +METHOD(pb_pa_message_t, get_collector_id, u_int16_t, + private_pb_pa_message_t *this) +{ + return this->collector_id; +} + +METHOD(pb_pa_message_t, get_validator_id, u_int16_t, + private_pb_pa_message_t *this) +{ + return this->validator_id; +} + +METHOD(pb_pa_message_t, get_body, chunk_t, + private_pb_pa_message_t *this) +{ + return this->msg_body; +} + +METHOD(pb_pa_message_t, get_exclusive_flag, bool, + private_pb_pa_message_t *this) +{ + return this->excl; +} + +METHOD(pb_pa_message_t, set_exclusive_flag, void, + private_pb_pa_message_t *this, bool excl) +{ + this->excl = excl; +} + +/** + * See header + */ +pb_tnc_message_t *pb_pa_message_create_from_data(chunk_t data) +{ + private_pb_pa_message_t *this; + + INIT(this, + .public = { + .pb_interface = { + .get_type = _get_type, + .get_encoding = _get_encoding, + .process = _process, + .destroy = _destroy, + }, + .get_vendor_id = _get_vendor_id, + .get_collector_id = _get_collector_id, + .get_validator_id = _get_validator_id, + .get_body = _get_body, + .get_exclusive_flag = _get_exclusive_flag, + .set_exclusive_flag = _set_exclusive_flag, + }, + .encoding = chunk_clone(data), + ); + + return &this->public.pb_interface; +} + +/** + * See header + */ +pb_tnc_message_t *pb_pa_message_create(u_int32_t vendor_id, u_int32_t subtype, + u_int16_t collector_id, + u_int16_t validator_id, + chunk_t msg_body) +{ + private_pb_pa_message_t *this; + + INIT(this, + .public = { + .pb_interface = { + .get_type = _get_type, + .get_encoding = _get_encoding, + .build = _build, + .process = _process, + .destroy = _destroy, + }, + .get_vendor_id = _get_vendor_id, + .get_collector_id = _get_collector_id, + .get_validator_id = _get_validator_id, + .get_body = _get_body, + .get_exclusive_flag = _get_exclusive_flag, + .set_exclusive_flag = _set_exclusive_flag, + }, + .vendor_id = vendor_id, + .subtype = subtype, + .collector_id = collector_id, + .validator_id = validator_id, + .msg_body = chunk_clone(msg_body), + ); + + return &this->public.pb_interface; +} diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_pa_message.h b/src/libcharon/plugins/tnccs_20/messages/pb_pa_message.h new file mode 100644 index 000000000..c4c4bccc2 --- /dev/null +++ b/src/libcharon/plugins/tnccs_20/messages/pb_pa_message.h @@ -0,0 +1,103 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pb_pa_message pb_pa_message + * @{ @ingroup tnccs_20 + */ + +#ifndef PB_PA_MESSAGE_H_ +#define PB_PA_MESSAGE_H_ + +#include "pb_tnc_message.h" + +typedef struct pb_pa_message_t pb_pa_message_t; + +/** + * Classs representing the PB-PA message type. + */ +struct pb_pa_message_t { + + /** + * PB-TNC Message interface + */ + pb_tnc_message_t pb_interface; + + /** + * Get PA Message Vendor ID and Subtype + * + * @param subtype PA Subtype + * @return PA Message Vendor ID + */ + u_int32_t (*get_vendor_id)(pb_pa_message_t *this, u_int32_t *subtype); + + /** + * Get Posture Collector ID + * + * @return Posture Collector ID + */ + u_int16_t (*get_collector_id)(pb_pa_message_t *this); + + /** + * Get Posture Validator ID + * + * @return Posture Validator ID + */ + u_int16_t (*get_validator_id)(pb_pa_message_t *this); + + /** + * Get the PA Message Body + * + * @return PA Message Body + */ + chunk_t (*get_body)(pb_pa_message_t *this); + + /** + * Get the exclusive flag + * + * @return exclusive flag + */ + bool (*get_exclusive_flag)(pb_pa_message_t *this); + + /** + * Set the exclusive flag + * + * @param excl vexclusive flag + */ + void (*set_exclusive_flag)(pb_pa_message_t *this, bool excl); +}; + +/** + * Create a PB-PA message from parameters + * + * @param vendor_id PA Message Vendor ID + * @param subtype PA Subtype + * @param collector_id Posture Collector ID + * @param validator_id Posture Validator ID + * @param msg_body PA Message Body + */ +pb_tnc_message_t *pb_pa_message_create(u_int32_t vendor_id, u_int32_t subtype, + u_int16_t collector_id, + u_int16_t validator_id, + chunk_t msg_body); + +/** + * Create an unprocessed PB-PA message from raw data + * + * @param data PB-PA message data + */ +pb_tnc_message_t* pb_pa_message_create_from_data(chunk_t data); + +#endif /** PB_PA_MESSAGE_H_ @}*/ diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_tnc_message.c b/src/libcharon/plugins/tnccs_20/messages/pb_tnc_message.c new file mode 100644 index 000000000..30cd32dea --- /dev/null +++ b/src/libcharon/plugins/tnccs_20/messages/pb_tnc_message.c @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pb_tnc_message.h" +#include "pb_pa_message.h" + +#include <library.h> + +/** + * See header + */ +pb_tnc_message_t* pb_tnc_message_create(pb_tnc_msg_type_t type, chunk_t value) +{ + switch (type) + { + case PB_MSG_PA: + return pb_pa_message_create_from_data(value); + case PB_MSG_ERROR: + return NULL; /* TODO */ + case PB_MSG_EXPERIMENTAL: + return NULL; /* TODO */ + case PB_MSG_LANGUAGE_PREFERENCE: + return NULL; /* TODO */ + case PB_MSG_ASSESSMENT_RESULT: + return NULL; /* TODO */ + case PB_MSG_ACCESS_RECOMMENDATION: + return NULL; /* TODO */ + case PB_MSG_REMEDIATION_PARAMETERS: + return NULL; /* TODO */ + case PB_MSG_REASON_STRING: + return NULL; /* TODO */ + } + return NULL; +} + diff --git a/src/libcharon/plugins/tnccs_20/messages/pb_tnc_message.h b/src/libcharon/plugins/tnccs_20/messages/pb_tnc_message.h new file mode 100644 index 000000000..246163dfc --- /dev/null +++ b/src/libcharon/plugins/tnccs_20/messages/pb_tnc_message.h @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pb_tnc_message pb_tnc_message + * @{ @ingroup tnccs_20 + */ + +#ifndef PB_TNC_MESSAGE_H_ +#define PB_TNC_MESSAGE_H_ + +#include <library.h> +#include <tnccs_20_types.h> + +typedef struct pb_tnc_message_t pb_tnc_message_t; + +/** + * Generic interface for all PB-TNC message types. + * + * To handle all messages in a generic way, this interface + * must be implemented by each message type. + */ +struct pb_tnc_message_t { + + /** + * Get the PB-TNC Message Type + * + * @return PB-TNC Message Type + */ + pb_tnc_msg_type_t (*get_type)(pb_tnc_message_t *this); + + /** + * Get the encoding of the PB-TNC Message Value + * + * @return encoded PB-TNC Message Value + */ + chunk_t (*get_encoding)(pb_tnc_message_t *this); + + /** + * Build the PB-TNC Message Value + */ + void (*build)(pb_tnc_message_t *this); + + /** + * Process the PB-TNC Message Value + * + * @return return processing status + */ + status_t (*process)(pb_tnc_message_t *this); + + /** + * Destroys a pb_tnc_message_t object. + */ + void (*destroy)(pb_tnc_message_t *this); +}; + +/** + * Create an unprocessed PB-TNC message + * + * Useful for the parser which wants a generic constructor for all + * pb_tnc_message_t types. + * + * @param type PB-TNC message type + * @param value PB-TNC message value + */ +pb_tnc_message_t* pb_tnc_message_create(pb_tnc_msg_type_t type, chunk_t value); + +#endif /** PB_TNC_MESSAGE_H_ @}*/ diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20_types.h b/src/libcharon/plugins/tnccs_20/tnccs_20_types.h index 616b887df..f45246541 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20_types.h +++ b/src/libcharon/plugins/tnccs_20/tnccs_20_types.h @@ -57,7 +57,8 @@ enum pb_tnc_msg_type_t { PB_MSG_REMEDIATION_PARAMETERS = 4, PB_MSG_ERROR = 5, PB_MSG_LANGUAGE_PREFERENCE = 6, - PB_MSG_REASON_STRING = 7 + PB_MSG_REASON_STRING = 7, + PB_MSG_ROOF = 7 }; /** |