diff options
Diffstat (limited to 'src')
28 files changed, 1890 insertions, 1230 deletions
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index a33187091..41146c9dd 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -8,7 +8,9 @@ libimcv_la_LIBADD = $(top_builddir)/src/libtncif/libtncif.la libimcv_la_SOURCES = \ imcv.h imcv.c \ imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \ + imc/imc_msg.h imc/imc_msg.c \ imv/imv_agent.h imv/imv_agent.c imv/imv_state.h \ + imv/imv_msg.h imv/imv_msg.c \ ietf/ietf_attr.h ietf/ietf_attr.c \ ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \ ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \ diff --git a/src/libimcv/ietf/ietf_attr_op_status.c b/src/libimcv/ietf/ietf_attr_op_status.c index 9f3af09a3..6c820a681 100644 --- a/src/libimcv/ietf/ietf_attr_op_status.c +++ b/src/libimcv/ietf/ietf_attr_op_status.c @@ -164,7 +164,6 @@ METHOD(pa_tnc_attr_t, process, status_t, chunk_t last_use; u_int16_t reserved; struct tm t; - int nr; *offset = 0; diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 1ba91cccd..911a5b03a 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -95,45 +95,6 @@ struct private_imc_agent_t { TNC_UInt32 type_count); /** - * Call when an IMC-IMC message is to be sent - * - * @param imc_id IMC ID assigned by TNCC - * @param connection_id network connection ID assigned by TNCC - * @param msg message to send - * @param msg_len message length in bytes - * @param msg_type message type - * @return TNC result code - */ - TNC_Result (*send_message)(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type); - - - /** - * Call when an IMC-IMC message is to be sent with long message types - * - * @param imc_id IMC ID assigned by TNCC - * @param connection_id network connection ID assigned by TNCC - * @param msg_flags message flags - * @param msg message to send - * @param msg_len message length in bytes - * @param msg_vid message vendor ID - * @param msg_subtype message subtype - * @param dst_imc_id destination IMV ID - * @return TNC result code - */ - TNC_Result (*send_message_long)(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 dst_imv_id); - - /** * Get the value of an attribute associated with a connection * or with the TNCC as a whole. * @@ -205,14 +166,14 @@ METHOD(imc_agent_t, bind_functions, TNC_Result, this->public.request_handshake_retry = NULL; } if (bind_function(this->id, "TNC_TNCC_SendMessage", - (void**)&this->send_message) != TNC_RESULT_SUCCESS) + (void**)&this->public.send_message) != TNC_RESULT_SUCCESS) { - this->send_message = NULL; + this->public.send_message = NULL; } if (bind_function(this->id, "TNC_TNCC_SendMessageLong", - (void**)&this->send_message_long) != TNC_RESULT_SUCCESS) + (void**)&this->public.send_message_long) != TNC_RESULT_SUCCESS) { - this->send_message_long = NULL; + this->public.send_message_long = NULL; } if (bind_function(this->id, "TNC_TNCC_GetAttribute", (void**)&this->get_attribute) != TNC_RESULT_SUCCESS) @@ -494,167 +455,16 @@ METHOD(imc_agent_t, get_state, bool, return TRUE; } -METHOD(imc_agent_t, send_message, TNC_Result, - private_imc_agent_t *this, TNC_ConnectionID connection_id, bool excl, - TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, linked_list_t *attr_list) +METHOD(imc_agent_t, get_name, const char*, + private_imc_agent_t *this) { - TNC_MessageType type; - TNC_UInt32 msg_flags; - TNC_Result result = TNC_RESULT_FATAL; - imc_state_t *state; - pa_tnc_attr_t *attr; - pa_tnc_msg_t *pa_tnc_msg; - chunk_t msg; - enumerator_t *enumerator; - bool attr_added; - - state = find_connection(this, connection_id); - if (!state) - { - DBG1(DBG_IMV, "IMC %u \"%s\" has no state for Connection ID %u", - this->id, this->name, connection_id); - return TNC_RESULT_FATAL; - } - - while (attr_list->get_count(attr_list)) - { - pa_tnc_msg = pa_tnc_msg_create(state->get_max_msg_len(state)); - attr_added = FALSE; - - enumerator = attr_list->create_enumerator(attr_list); - while (enumerator->enumerate(enumerator, &attr)) - { - if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) - { - attr_added = TRUE; - } - else - { - if (attr_added) - { - break; - } - else - { - DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted"); - attr->destroy(attr); - } - } - attr_list->remove_at(attr_list, enumerator); - } - enumerator->destroy(enumerator); - - /* build and send the PA-TNC message via the IF-IMC interface */ - if (!pa_tnc_msg->build(pa_tnc_msg)) - { - pa_tnc_msg->destroy(pa_tnc_msg); - return TNC_RESULT_FATAL; - } - msg = pa_tnc_msg->get_encoding(pa_tnc_msg); - - if (state->has_long(state) && this->send_message_long) - { - if (!src_imc_id) - { - src_imc_id = this->id; - } - msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0; - - result = this->send_message_long(src_imc_id, connection_id, - msg_flags, msg.ptr, msg.len, msg_vid, - msg_subtype, dst_imv_id); - } - else if (this->send_message) - { - type = msg_vid << 8 | msg_subtype; - - result = this->send_message(this->id, connection_id, msg.ptr, - msg.len, type); - } - - pa_tnc_msg->destroy(pa_tnc_msg); - - if (result != TNC_RESULT_SUCCESS) - { - break; - } - } - return result; + return this->name; } -METHOD(imc_agent_t, receive_message, TNC_Result, - private_imc_agent_t *this, imc_state_t *state, chunk_t msg, - TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id, pa_tnc_msg_t **pa_tnc_msg) +METHOD(imc_agent_t, get_id, TNC_IMCID, + private_imc_agent_t *this) { - pa_tnc_msg_t *pa_msg; - pa_tnc_attr_t *error_attr; - linked_list_t *error_attr_list; - enumerator_t *enumerator; - TNC_UInt32 src_imc_id, dst_imv_id; - TNC_ConnectionID connection_id; - TNC_Result result; - - connection_id = state->get_connection_id(state); - - if (state->has_long(state)) - { - if (dst_imc_id != TNC_IMCID_ANY) - { - DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u " - "from IMV %u to IMC %u", this->id, this->name, - connection_id, src_imv_id, dst_imc_id); - } - else - { - DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u " - "from IMV %u", this->id, this->name, connection_id, - src_imv_id); - } - } - else - { - DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u", - this->id, this->name, connection_id); - } - - *pa_tnc_msg = NULL; - pa_msg = pa_tnc_msg_create_from_data(msg); - - switch (pa_msg->process(pa_msg)) - { - case SUCCESS: - *pa_tnc_msg = pa_msg; - break; - case VERIFY_ERROR: - /* extract and copy by refence all error attributes */ - error_attr_list = linked_list_create(); - - enumerator = pa_msg->create_error_enumerator(pa_msg); - while (enumerator->enumerate(enumerator, &error_attr)) - { - error_attr_list->insert_last(error_attr_list, - error_attr->get_ref(error_attr)); - } - enumerator->destroy(enumerator); - - src_imc_id = (dst_imc_id == TNC_IMCID_ANY) ? this->id : dst_imc_id; - dst_imv_id = state->has_excl(state) ? src_imv_id : TNC_IMVID_ANY; - - result = send_message(this, connection_id, state->has_excl(state), - src_imc_id, dst_imv_id, msg_vid, msg_subtype, - error_attr_list); - - error_attr_list->destroy(error_attr_list); - pa_msg->destroy(pa_msg); - return result; - case FAILED: - default: - pa_msg->destroy(pa_msg); - return TNC_RESULT_FATAL; - } - return TNC_RESULT_SUCCESS; + return this->id; } METHOD(imc_agent_t, reserve_additional_ids, TNC_Result, @@ -737,8 +547,8 @@ imc_agent_t *imc_agent_create(const char *name, .delete_state = _delete_state, .change_state = _change_state, .get_state = _get_state, - .send_message = _send_message, - .receive_message = _receive_message, + .get_name = _get_name, + .get_id = _get_id, .reserve_additional_ids = _reserve_additional_ids, .count_additional_ids = _count_additional_ids, .create_id_enumerator = _create_id_enumerator, diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h index 4e2947d9d..7c361361f 100644 --- a/src/libimcv/imc/imc_agent.h +++ b/src/libimcv/imc/imc_agent.h @@ -51,6 +51,44 @@ struct imc_agent_t { TNC_RetryReason reason); /** + * Call when an IMC-IMC message is to be sent + * + * @param imc_id IMC ID assigned by TNCC + * @param connection_id network connection ID assigned by TNCC + * @param msg message to send + * @param msg_len message length in bytes + * @param msg_type message type + * @return TNC result code + */ + TNC_Result (*send_message)(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type); + + /** + * Call when an IMC-IMC message is to be sent with long message types + * + * @param imc_id IMC ID assigned by TNCC + * @param connection_id network connection ID assigned by TNCC + * @param msg_flags message flags + * @param msg message to send + * @param msg_len message length in bytes + * @param msg_vid message vendor ID + * @param msg_subtype message subtype + * @param dst_imc_id destination IMV ID + * @return TNC result code + */ + TNC_Result (*send_message_long)(TNC_IMCID imc_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 dst_imv_id); + + /** * Bind TNCC functions * * @param bind_function function offered by the TNCC @@ -100,43 +138,18 @@ struct imc_agent_t { TNC_ConnectionID connection_id, imc_state_t **state); /** - * Call when an PA-TNC message is to be sent + * Get IMC name * - * @param connection_id network connection ID assigned by TNCC - * @param excl exclusive flag - * @param src_imc_id IMC ID to be set as source - * @param dst_imv_id IMV ID to be set as destination - * @param msg_vid message vendor ID - * @param msg_subtype message subtype - * @param attr_list list of PA-TNC attributes to send - * @return TNC result code + * return IMC name */ - TNC_Result (*send_message)(imc_agent_t *this, - TNC_ConnectionID connection_id, bool excl, - TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - linked_list_t *attr_list); + const char* (*get_name)(imc_agent_t *this); /** - * Call when a PA-TNC message was received + * Get base IMC ID * - * @param state state for current connection - * @param msg received unparsed message - * @param msg_vid message vendorID of the received message - * @param msg_subtype message subtype of the received message - * @param src_imv_id source IMV ID - * @param dst_imc_id destination IMC ID - * @param pa_tnc_message parsed PA-TNC message or NULL if an error occurred - * @return TNC result code + * return base IMC ID */ - TNC_Result (*receive_message)(imc_agent_t *this, - imc_state_t *state, chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id, - pa_tnc_msg_t **pa_tnc_msg); + TNC_IMCID (*get_id)(imc_agent_t *this); /** * Reserve additional IMC IDs from TNCC diff --git a/src/libimcv/imc/imc_msg.c b/src/libimcv/imc/imc_msg.c new file mode 100644 index 000000000..80fc5205e --- /dev/null +++ b/src/libimcv/imc/imc_msg.c @@ -0,0 +1,392 @@ +/* + * Copyright (C) 2012 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imc_msg.h" + +#include "ietf/ietf_attr.h" +#include "ietf/ietf_attr_assess_result.h" + +#include <tncif_names.h> + +#include <pen/pen.h> +#include <utils/linked_list.h> +#include <debug.h> + +typedef struct private_imc_msg_t private_imc_msg_t; + +/** + * Private data of a imc_msg_t object. + * + */ +struct private_imc_msg_t { + + /** + * Public imc_msg_t interface. + */ + imc_msg_t public; + + /** + * Connection ID + */ + TNC_ConnectionID connection_id; + + /** + * source ID + */ + TNC_UInt32 src_id; + + /** + * destination ID + */ + TNC_UInt32 dst_id; + + /** + * PA-TNC message type + */ + pen_type_t msg_type; + + /** + * List of PA-TNC attributes to be sent + */ + linked_list_t *attr_list; + + /** + * PA-TNC message + */ + pa_tnc_msg_t *pa_msg; + + /** + * Assigned IMC agent + */ + imc_agent_t *agent; + + /** + * Assigned IMC state + */ + imc_state_t *state; +}; + +METHOD(imc_msg_t, get_src_id, TNC_UInt32, + private_imc_msg_t *this) +{ + return this->src_id; +} + +METHOD(imc_msg_t, get_dst_id, TNC_UInt32, + private_imc_msg_t *this) +{ + return this->dst_id; +} + +METHOD(imc_msg_t, send_, TNC_Result, + private_imc_msg_t *this, bool excl) +{ + pa_tnc_msg_t *pa_tnc_msg; + pa_tnc_attr_t *attr; + TNC_UInt32 msg_flags; + TNC_MessageType msg_type; + bool attr_added; + chunk_t msg; + enumerator_t *enumerator; + TNC_Result result = TNC_RESULT_SUCCESS; + + while (this->attr_list->get_count(this->attr_list)) + { + pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state)); + attr_added = FALSE; + + enumerator = this->attr_list->create_enumerator(this->attr_list); + while (enumerator->enumerate(enumerator, &attr)) + { + if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) + { + attr_added = TRUE; + } + else + { + if (attr_added) + { + break; + } + else + { + DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted"); + attr->destroy(attr); + } + } + this->attr_list->remove_at(this->attr_list, enumerator); + } + enumerator->destroy(enumerator); + + /* build and send the PA-TNC message via the IF-IMC interface */ + if (!pa_tnc_msg->build(pa_tnc_msg)) + { + pa_tnc_msg->destroy(pa_tnc_msg); + return TNC_RESULT_FATAL; + } + msg = pa_tnc_msg->get_encoding(pa_tnc_msg); + DBG3(DBG_IMC, "created PA-TNC message: %B", &msg); + + if (this->state->has_long(this->state) && this->agent->send_message_long) + { + excl = excl && this->state->has_excl(this->state) && + this->dst_id != TNC_IMVID_ANY; + msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0; + result = this->agent->send_message_long(this->src_id, + this->connection_id, msg_flags, msg.ptr, msg.len, + this->msg_type.vendor_id, this->msg_type.type, + this->dst_id); + } + else if (this->agent->send_message) + { + msg_type = (this->msg_type.vendor_id << 8) | + (this->msg_type.type & 0x000000ff); + result = this->agent->send_message(this->src_id, this->connection_id, + msg.ptr, msg.len, msg_type); + } + + pa_tnc_msg->destroy(pa_tnc_msg); + + if (result != TNC_RESULT_SUCCESS) + { + break; + } + } + return result; +} + +METHOD(imc_msg_t, receive, TNC_Result, + private_imc_msg_t *this, bool *fatal_error) +{ + enumerator_t *enumerator; + pa_tnc_attr_t *attr; + pen_type_t attr_type; + chunk_t msg; + + if (this->state->has_long(this->state)) + { + if (this->dst_id != TNC_IMCID_ANY) + { + DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u " + "from IMV %u to IMC %u", + this->agent->get_id(this->agent), + this->agent->get_name(this->agent), + this->connection_id, this->src_id, this->dst_id); + } + else + { + DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u " + "from IMV %u", this->agent->get_id(this->agent), + this->agent->get_name(this->agent), + this->connection_id, this->src_id); + } + } + else + { + DBG2(DBG_IMC, "IMC %u \"%s\" received message for Connection ID %u", + this->agent->get_id(this->agent), + this->agent->get_name(this->agent), + this->connection_id); + } + msg = this->pa_msg->get_encoding(this->pa_msg); + DBG3(DBG_IMC, "%B", &msg); + + switch (this->pa_msg->process(this->pa_msg)) + { + case SUCCESS: + break; + case VERIFY_ERROR: + { + imc_msg_t *error_msg; + TNC_Result result; + + error_msg = imc_msg_create_as_reply(&this->public); + + /* extract and copy by reference all error attributes */ + enumerator = this->pa_msg->create_error_enumerator(this->pa_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + error_msg->add_attribute(error_msg, attr->get_ref(attr)); + } + enumerator->destroy(enumerator); + + /* + * send the PA-TNC message containing all error attributes + * with the excl flag set + */ + result = error_msg->send(error_msg, TRUE); + error_msg->destroy(error_msg); + return result; + } + case FAILED: + default: + return TNC_RESULT_FATAL; + } + + /* preprocess any received IETF standard error attributes */ + *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg); + + /* preprocess any received IETF assessment result attribute */ + enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + attr_type = attr->get_type(attr); + + if (attr_type.vendor_id == PEN_IETF && + attr_type.type == IETF_ATTR_ASSESSMENT_RESULT) + { + ietf_attr_assess_result_t *attr_cast; + TNC_UInt32 target_imc_id; + TNC_IMV_Evaluation_Result result; + + attr_cast = (ietf_attr_assess_result_t*)attr; + result = attr_cast->get_result(attr_cast); + target_imc_id = (this->dst_id != TNC_IMCID_ANY) ? + this->dst_id : this->agent->get_id(this->agent); + this->state->set_result(this->state, target_imc_id, result); + + DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'", + target_imc_id, TNC_IMV_Evaluation_Result_names, result); + } + } + enumerator->destroy(enumerator); + + return TNC_RESULT_SUCCESS; +} + +METHOD(imc_msg_t, add_attribute, void, + private_imc_msg_t *this, pa_tnc_attr_t *attr) +{ + this->attr_list->insert_last(this->attr_list, attr); +} + +METHOD(imc_msg_t, create_attribute_enumerator, enumerator_t*, + private_imc_msg_t *this) +{ + return this->pa_msg->create_attribute_enumerator(this->pa_msg); +} + +METHOD(imc_msg_t, destroy, void, + private_imc_msg_t *this) +{ + this->attr_list->destroy_offset(this->attr_list, + offsetof(pa_tnc_attr_t, destroy)); + DESTROY_IF(this->pa_msg); + free(this); +} + +/** + * See header + */ +imc_msg_t *imc_msg_create(imc_agent_t *agent, imc_state_t *state, + TNC_ConnectionID connection_id, + TNC_UInt32 src_id, TNC_UInt32 dst_id, + pen_type_t msg_type) +{ + private_imc_msg_t *this; + + INIT(this, + .public = { + .get_src_id = _get_src_id, + .get_dst_id = _get_dst_id, + .send = _send_, + .receive = _receive, + .add_attribute = _add_attribute, + .create_attribute_enumerator = _create_attribute_enumerator, + .destroy = _destroy, + }, + .connection_id = connection_id, + .src_id = src_id, + .dst_id = dst_id, + .msg_type = msg_type, + .attr_list = linked_list_create(), + .agent = agent, + .state = state, + ); + + return &this->public; +} + +/** + * See header + */ +imc_msg_t* imc_msg_create_as_reply(imc_msg_t *msg) +{ + private_imc_msg_t *in; + TNC_UInt32 src_id; + + in = (private_imc_msg_t*)msg; + src_id = (in->dst_id != TNC_IMCID_ANY) ? + in->dst_id : in->agent->get_id(in->agent); + + return imc_msg_create(in->agent, in->state, in->connection_id, src_id, + in->src_id, in->msg_type); +} + +/** + * See header + */ +imc_msg_t *imc_msg_create_from_data(imc_agent_t *agent, imc_state_t *state, + TNC_ConnectionID connection_id, + TNC_MessageType msg_type, + chunk_t msg) +{ + TNC_VendorID msg_vid; + TNC_MessageSubtype msg_subtype; + + msg_vid = msg_type >> 8; + msg_subtype = msg_type & TNC_SUBTYPE_ANY; + + return imc_msg_create_from_long_data(agent, state, connection_id, + TNC_IMVID_ANY, agent->get_id(agent), + msg_vid, msg_subtype, msg); +} + +/** + * See header + */ +imc_msg_t *imc_msg_create_from_long_data(imc_agent_t *agent, imc_state_t *state, + TNC_ConnectionID connection_id, + TNC_UInt32 src_id, + TNC_UInt32 dst_id, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + chunk_t msg) +{ + private_imc_msg_t *this; + + INIT(this, + .public = { + .get_src_id = _get_src_id, + .get_dst_id = _get_dst_id, + .send = _send_, + .receive = _receive, + .add_attribute = _add_attribute, + .create_attribute_enumerator = _create_attribute_enumerator, + .destroy = _destroy, + }, + .connection_id = connection_id, + .src_id = src_id, + .dst_id = dst_id, + .msg_type = pen_type_create(msg_vid, msg_subtype), + .attr_list = linked_list_create(), + .pa_msg = pa_tnc_msg_create_from_data(msg), + .agent = agent, + .state = state, + ); + + return &this->public; +} + diff --git a/src/libimcv/imc/imc_msg.h b/src/libimcv/imc/imc_msg.h new file mode 100644 index 000000000..42cdd685b --- /dev/null +++ b/src/libimcv/imc/imc_msg.h @@ -0,0 +1,142 @@ +/* + * Copyright (C) 2012 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imc_msg imc_msg + * @{ @ingroup libimcv + */ + +#ifndef IMC_MSG_H_ +#define IMC_MSG_H_ + +#include <imc/imc_agent.h> + +typedef struct imc_msg_t imc_msg_t; + +#include <library.h> + +/** + * Interface for a PA-TNC message handled by an IMC. + * + */ +struct imc_msg_t { + + /** + * Get source ID of PA-TNC message + * + * @return src ID + */ + TNC_UInt32 (*get_src_id)(imc_msg_t *this); + + /** + * Get destination ID of PA-TNC message + * + * @return destination ID + */ + TNC_UInt32 (*get_dst_id)(imc_msg_t *this); + + /** + * Sends one or multiple PA-TNC messages + * + * @param excl set the excl message flag if supported + * @return TNC result code + */ + TNC_Result (*send)(imc_msg_t *this, bool excl); + + /** + * Processes a received PA-TNC message + * + * @param fatal_error TRUE if IMV sent a fatal error message + * @return TNC result code + */ + TNC_Result (*receive)(imc_msg_t *this, bool *fatal_error); + + /** + * Add a PA-TNC attribute to the send queue + * + * @param attr PA-TNC attribute to be added + */ + void (*add_attribute)(imc_msg_t *this, pa_tnc_attr_t *attr); + + /** + * Enumerator over PA-TNC attributes contained in the PA-TNC message + * + * @return PA-TNC attribute enumerator + */ + enumerator_t* (*create_attribute_enumerator)(imc_msg_t *this); + + /** + * Destroys a imc_msg_t object. + */ + void (*destroy)(imc_msg_t *this); +}; + +/** + * Create a wrapper for an outbound message + * + * @param agent IMC agent responsible for the message + * @param state IMC state for the given connection ID + * @param connection_id connection ID + * @param src_id source IMC ID + * @param dst_id destination IMV ID + * @param msg_type PA-TNC message type + */ +imc_msg_t* imc_msg_create(imc_agent_t *agent, imc_state_t *state, + TNC_ConnectionID connection_id, + TNC_UInt32 src_id, TNC_UInt32 dst_id, + pen_type_t msg_type); + +/** + * Create a wrapper for an outbound message based on a received message + * + * @param msg received message the reply is based on + */ +imc_msg_t* imc_msg_create_as_reply(imc_msg_t *msg); + +/** + * Create a wrapper around message data received via the legacy IF-IMC interface + * + * @param agent IMC agent responsible for the message + * @param state IMC state for the given connection ID + * @param connection_id connection ID + * @param msg_type PA-TNC message type + * @param msg received PA-TNC message blob + */ +imc_msg_t* imc_msg_create_from_data(imc_agent_t *agent, imc_state_t *state, + TNC_ConnectionID connection_id, + TNC_MessageType msg_type, + chunk_t msg); + +/** + * Create a wrapper around message data received via the long IF-IMC interface + * + * @param agent IMC agent responsible for the message + * @param state IMC state for the given connection ID + * @param connection_id connection ID + * @param src_id source IMV ID + * @param dst_id destination IMC ID + * @param msg_flags PA-TNC message flags + * @param msg_vid PA-TNC message vendor ID + * @param msg_subtype PA-TNC subtype + * @param msg received PA-TNC message blob + */ +imc_msg_t* imc_msg_create_from_long_data(imc_agent_t *agent, imc_state_t *state, + TNC_ConnectionID connection_id, + TNC_UInt32 src_id, TNC_UInt32 dst_id, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + chunk_t msg); + +#endif /** IMC_MSG_H_ @}*/ diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index f6d13da14..a21fb930e 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -96,44 +96,6 @@ struct private_imv_agent_t { TNC_UInt32 type_count); /** - * Call when an IMV-IMC message is to be sent - * - * @param imv_id IMV ID assigned by TNCS - * @param connection_id network connection ID assigned by TNCS - * @param msg message to send - * @param msg_len message length in bytes - * @param msg_type message type - * @return TNC result code - */ - TNC_Result (*send_message)(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_MessageType msg_type); - - /** - * Call when an IMV-IMC message is to be sent with long message types - * - * @param imv_id IMV ID assigned by TNCS - * @param connection_id network connection ID assigned by TNCS - * @param msg_flags message flags - * @param msg message to send - * @param msg_len message length in bytes - * @param msg_vid message vendor ID - * @param msg_subtype message subtype - * @param dst_imc_id destination IMC ID - * @return TNC result code - */ - TNC_Result (*send_message_long)(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - TNC_BufferReference msg, - TNC_UInt32 msg_len, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 dst_imc_id); - - /** * Deliver IMV Action Recommendation and IMV Evaluation Results to the TNCS * * @param imv_id IMV ID assigned by TNCS @@ -219,14 +181,14 @@ METHOD(imv_agent_t, bind_functions, TNC_Result, this->public.request_handshake_retry = NULL; } if (bind_function(this->id, "TNC_TNCS_SendMessage", - (void**)&this->send_message) != TNC_RESULT_SUCCESS) + (void**)&this->public.send_message) != TNC_RESULT_SUCCESS) { - this->send_message = NULL; + this->public.send_message = NULL; } if (bind_function(this->id, "TNC_TNCS_SendMessageLong", - (void**)&this->send_message_long) != TNC_RESULT_SUCCESS) + (void**)&this->public.send_message_long) != TNC_RESULT_SUCCESS) { - this->send_message_long = NULL; + this->public.send_message_long = NULL; } if (bind_function(this->id, "TNC_TNCS_ProvideRecommendation", (void**)&this->provide_recommendation) != TNC_RESULT_SUCCESS) @@ -512,215 +474,18 @@ METHOD(imv_agent_t, get_state, bool, return TRUE; } -METHOD(imv_agent_t, send_message, TNC_Result, - private_imv_agent_t *this, TNC_ConnectionID connection_id, bool excl, - TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id, TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, linked_list_t *attr_list) -{ - TNC_MessageType type; - TNC_UInt32 msg_flags; - TNC_Result result = TNC_RESULT_FATAL; - imv_state_t *state; - pa_tnc_attr_t *attr; - pa_tnc_msg_t *pa_tnc_msg; - chunk_t msg; - enumerator_t *enumerator; - bool attr_added; - - state = find_connection(this, connection_id); - if (!state) - { - DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u", - this->id, this->name, connection_id); - return TNC_RESULT_FATAL; - } - - while (attr_list->get_count(attr_list)) - { - pa_tnc_msg = pa_tnc_msg_create(state->get_max_msg_len(state)); - attr_added = FALSE; - - enumerator = attr_list->create_enumerator(attr_list); - while (enumerator->enumerate(enumerator, &attr)) - { - if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) - { - attr_added = TRUE; - } - else - { - if (attr_added) - { - break; - } - else - { - DBG1(DBG_IMV, "PA-TNC attribute too large to send, deleted"); - attr->destroy(attr); - } - } - attr_list->remove_at(attr_list, enumerator); - } - enumerator->destroy(enumerator); - - /* build and send the PA-TNC message via the IF-IMV interface */ - if (!pa_tnc_msg->build(pa_tnc_msg)) - { - pa_tnc_msg->destroy(pa_tnc_msg); - return TNC_RESULT_FATAL; - } - msg = pa_tnc_msg->get_encoding(pa_tnc_msg); - - if (state->has_long(state) && this->send_message_long) - { - if (!src_imv_id) - { - src_imv_id = this->id; - } - msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0; - - result = this->send_message_long(src_imv_id, connection_id, - msg_flags, msg.ptr, msg.len, msg_vid, - msg_subtype, dst_imc_id); - } - else if (this->send_message) - { - type = msg_vid << 8 | msg_subtype; - - result = this->send_message(this->id, connection_id, msg.ptr, - msg.len, type); - } - - pa_tnc_msg->destroy(pa_tnc_msg); - - if (result != TNC_RESULT_SUCCESS) - { - break; - } - } - return result; -} - -METHOD(imv_agent_t, set_recommendation, TNC_Result, - private_imv_agent_t *this, TNC_ConnectionID connection_id, - TNC_IMV_Action_Recommendation rec, - TNC_IMV_Evaluation_Result eval) -{ - imv_state_t *state; - - state = find_connection(this, connection_id); - if (!state) - { - DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u", - this->id, this->name, connection_id); - return TNC_RESULT_FATAL; - } - - state->set_recommendation(state, rec, eval); - return this->provide_recommendation(this->id, connection_id, rec, eval); -} - -METHOD(imv_agent_t, receive_message, TNC_Result, - private_imv_agent_t *this, imv_state_t *state, chunk_t msg, - TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id, pa_tnc_msg_t **pa_tnc_msg) -{ - pa_tnc_msg_t *pa_msg; - pa_tnc_attr_t *error_attr; - linked_list_t *error_attr_list; - enumerator_t *enumerator; - TNC_UInt32 src_imv_id, dst_imc_id; - TNC_ConnectionID connection_id; - TNC_Result result; - - connection_id = state->get_connection_id(state); - - if (state->has_long(state)) - { - if (dst_imv_id != TNC_IMVID_ANY) - { - DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u " - "from IMC %u to IMV %u", this->id, this->name, - connection_id, src_imc_id, dst_imv_id); - } - else - { - DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u " - "from IMC %u", this->id, this->name, connection_id, - src_imc_id); - } - } - else - { - DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u", - this->id, this->name, connection_id); - } - - *pa_tnc_msg = NULL; - pa_msg = pa_tnc_msg_create_from_data(msg); - - switch (pa_msg->process(pa_msg)) - { - case SUCCESS: - *pa_tnc_msg = pa_msg; - break; - case VERIFY_ERROR: - /* extract and copy by refence all error attributes */ - error_attr_list = linked_list_create(); - - enumerator = pa_msg->create_error_enumerator(pa_msg); - while (enumerator->enumerate(enumerator, &error_attr)) - { - error_attr_list->insert_last(error_attr_list, - error_attr->get_ref(error_attr)); - } - enumerator->destroy(enumerator); - - src_imv_id = (dst_imv_id == TNC_IMVID_ANY) ? this->id : dst_imv_id; - dst_imc_id = state->has_excl(state) ? src_imc_id : TNC_IMCID_ANY; - - result = send_message(this, connection_id, state->has_excl(state), - src_imv_id, dst_imc_id, msg_vid, msg_subtype, - error_attr_list); - - error_attr_list->destroy(error_attr_list); - pa_msg->destroy(pa_msg); - return result; - case FAILED: - default: - pa_msg->destroy(pa_msg); - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - return this->provide_recommendation(this->id, connection_id, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - } - return TNC_RESULT_SUCCESS; -} - METHOD(imv_agent_t, provide_recommendation, TNC_Result, - private_imv_agent_t *this, TNC_ConnectionID connection_id, - TNC_UInt32 dst_imc_id, TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype) + private_imv_agent_t *this, imv_state_t *state) { - imv_state_t *state; - linked_list_t *attr_list; - pa_tnc_attr_t *attr; - TNC_Result result; TNC_IMV_Action_Recommendation rec; TNC_IMV_Evaluation_Result eval; + TNC_ConnectionID connection_id; TNC_UInt32 lang_len; char buf[BUF_LEN]; chunk_t pref_lang = { buf, 0 }, reason_string, reason_lang; - state = find_connection(this, connection_id); - if (!state) - { - DBG1(DBG_IMV, "IMV %u \"%s\" has no state for Connection ID %u", - this->id, this->name, connection_id); - return TNC_RESULT_FATAL; - } state->get_recommendation(state, &rec, &eval); + connection_id = state->get_connection_id(state); /* send a reason string if action recommendation is not allow */ if (rec != TNC_IMV_ACTION_RECOMMENDATION_ALLOW) @@ -750,24 +515,21 @@ METHOD(imv_agent_t, provide_recommendation, TNC_Result, reason_lang.len, reason_lang.ptr); } } - - /* Send an IETF Assessment Result attribute if enabled */ - if (lib->settings->get_bool(lib->settings, "libimcv.assessment_result", TRUE)) - { - attr = ietf_attr_assess_result_create(eval); - attr_list = linked_list_create(); - attr_list->insert_last(attr_list, attr); - result = send_message(this, connection_id, FALSE, this->id, dst_imc_id, - msg_vid, msg_subtype, attr_list); - attr_list->destroy(attr_list); - if (result != TNC_RESULT_SUCCESS) - { - return result; - } - } return this->provide_recommendation(this->id, connection_id, rec, eval); } +METHOD(imv_agent_t, get_name, const char*, + private_imv_agent_t *this) +{ + return this->name; +} + +METHOD(imv_agent_t, get_id, TNC_IMVID, + private_imv_agent_t *this) +{ + return this->id; +} + METHOD(imv_agent_t, reserve_additional_ids, TNC_Result, private_imv_agent_t *this, int count) { @@ -849,10 +611,9 @@ imv_agent_t *imv_agent_create(const char *name, .delete_state = _delete_state, .change_state = _change_state, .get_state = _get_state, - .send_message = _send_message, - .receive_message = _receive_message, - .set_recommendation = _set_recommendation, .provide_recommendation = _provide_recommendation, + .get_name = _get_name, + .get_id = _get_id, .reserve_additional_ids = _reserve_additional_ids, .count_additional_ids = _count_additional_ids, .create_id_enumerator = _create_id_enumerator, diff --git a/src/libimcv/imv/imv_agent.h b/src/libimcv/imv/imv_agent.h index 45d0cbdb5..4a4e71858 100644 --- a/src/libimcv/imv/imv_agent.h +++ b/src/libimcv/imv/imv_agent.h @@ -51,6 +51,44 @@ struct imv_agent_t { TNC_RetryReason reason); /** + * Call when an IMV-IMC message is to be sent + * + * @param imv_id IMV ID assigned by TNCS + * @param connection_id network connection ID assigned by TNCS + * @param msg message to send + * @param msg_len message length in bytes + * @param msg_type message type + * @return TNC result code + */ + TNC_Result (*send_message)(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_MessageType msg_type); + + /** + * Call when an IMV-IMC message is to be sent with long message types + * + * @param imv_id IMV ID assigned by TNCS + * @param connection_id network connection ID assigned by TNCS + * @param msg_flags message flags + * @param msg message to send + * @param msg_len message length in bytes + * @param msg_vid message vendor ID + * @param msg_subtype message subtype + * @param dst_imc_id destination IMC ID + * @return TNC result code + */ + TNC_Result (*send_message_long)(TNC_IMVID imv_id, + TNC_ConnectionID connection_id, + TNC_UInt32 msg_flags, + TNC_BufferReference msg, + TNC_UInt32 msg_len, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + TNC_UInt32 dst_imc_id); + + /** * Bind TNCS functions * * @param bind_function function offered by the TNCS @@ -100,71 +138,26 @@ struct imv_agent_t { TNC_ConnectionID connection_id, imv_state_t **state); /** - * Call when a PA-TNC message is to be sent - * - * @param connection_id network connection ID assigned by TNCS - * @param excl exclusive flag - * @param src_imv_id IMV ID to be set as source - * @param dst_imc_id IMD ID to be set as destination - * @param msg_vid message vendor ID - * @param msg_subtype message subtype - * @param attr_list list of PA-TNC attributes to send - * @return TNC result code - */ - TNC_Result (*send_message)(imv_agent_t *this, - TNC_ConnectionID connection_id, bool excl, - TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - linked_list_t *attr_list); - - /** - * Call when a PA-TNC message was received + * Deliver IMV Action Recommendation and IMV Evaluation Result to the TNCS * - * @param state state for current connection - * @param msg received unparsed message - * @param msg_vid message vendorID of the received message - * @param msg_subtype message subtype of the received message - * @param src_imc_id source IMC ID - * @param dst_imv_id destination IMV ID - * @param pa_tnc_message parsed PA-TNC message or NULL if an error occurred + * @param state state bound to a connection ID * @return TNC result code */ - TNC_Result (*receive_message)(imv_agent_t *this, - imv_state_t *state, chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id, - pa_tnc_msg_t **pa_tnc_msg); + TNC_Result (*provide_recommendation)(imv_agent_t *this, imv_state_t* state); /** - * Set Action Recommendation and Evaluation Result in the IMV state + * Get IMV name * - * @param connection_id network connection ID assigned by TNCS - * @param rec IMV action recommendation - * @param eval IMV evaluation result - * @return TNC result code + * return IMV name */ - TNC_Result (*set_recommendation)(imv_agent_t *this, - TNC_ConnectionID connection_id, - TNC_IMV_Action_Recommendation rec, - TNC_IMV_Evaluation_Result eval); + const char* (*get_name)(imv_agent_t *this); /** - * Deliver IMV Action Recommendation and IMV Evaluation Result to the TNCS + * Get base IMV ID * - * @param connection_id network connection ID assigned by TNCS - * @param dst_imc_id IMD ID to be set as destination - * @param msg_vid message vendor ID - * @param msg_subtype message subtype - * @return TNC result code + * return base IMV ID */ - TNC_Result (*provide_recommendation)(imv_agent_t *this, - TNC_ConnectionID connection_id, - TNC_UInt32 dst_imc_id, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype); + TNC_IMVID (*get_id)(imv_agent_t *this); /** * Reserve additional IMV IDs from TNCS diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c new file mode 100644 index 000000000..9781c28bf --- /dev/null +++ b/src/libimcv/imv/imv_msg.c @@ -0,0 +1,413 @@ +/* + * Copyright (C) 2012 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "imv_msg.h" + +#include "ietf/ietf_attr.h" +#include "ietf/ietf_attr_assess_result.h" + +#include <tncif_names.h> + +#include <pen/pen.h> +#include <utils/linked_list.h> +#include <debug.h> + +typedef struct private_imv_msg_t private_imv_msg_t; + +/** + * Private data of a imv_msg_t object. + * + */ +struct private_imv_msg_t { + + /** + * Public imv_msg_t interface. + */ + imv_msg_t public; + + /** + * Connection ID + */ + TNC_ConnectionID connection_id; + + /** + * source ID + */ + TNC_UInt32 src_id; + + /** + * destination ID + */ + TNC_UInt32 dst_id; + + /** + * PA-TNC message type + */ + pen_type_t msg_type; + + /** + * List of PA-TNC attributes to be sent + */ + linked_list_t *attr_list; + + /** + * PA-TNC message + */ + pa_tnc_msg_t *pa_msg; + + /** + * Assigned IMV agent + */ + imv_agent_t *agent; + + /** + * Assigned IMV state + */ + imv_state_t *state; +}; + +METHOD(imv_msg_t, get_src_id, TNC_UInt32, + private_imv_msg_t *this) +{ + return this->src_id; +} + +METHOD(imv_msg_t, get_dst_id, TNC_UInt32, + private_imv_msg_t *this) +{ + return this->dst_id; +} + +METHOD(imv_msg_t, set_msg_type, void, + private_imv_msg_t *this, pen_type_t msg_type) +{ + if (msg_type.vendor_id != this->msg_type.vendor_id || + msg_type.type != this->msg_type.type) + { + this->msg_type = msg_type; + this->dst_id = TNC_IMCID_ANY; + } +} + +METHOD(imv_msg_t, add_attribute, void, + private_imv_msg_t *this, pa_tnc_attr_t *attr) +{ + this->attr_list->insert_last(this->attr_list, attr); +} + +METHOD(imv_msg_t, send_, TNC_Result, + private_imv_msg_t *this, bool excl) +{ + pa_tnc_msg_t *pa_tnc_msg; + pa_tnc_attr_t *attr; + TNC_UInt32 msg_flags; + TNC_MessageType msg_type; + bool attr_added; + chunk_t msg; + enumerator_t *enumerator; + TNC_Result result = TNC_RESULT_SUCCESS; + + while (this->attr_list->get_count(this->attr_list)) + { + pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state)); + attr_added = FALSE; + + enumerator = this->attr_list->create_enumerator(this->attr_list); + while (enumerator->enumerate(enumerator, &attr)) + { + if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) + { + attr_added = TRUE; + } + else + { + if (attr_added) + { + break; + } + else + { + DBG1(DBG_IMV, "PA-TNC attribute too large to send, deleted"); + attr->destroy(attr); + } + } + this->attr_list->remove_at(this->attr_list, enumerator); + } + enumerator->destroy(enumerator); + + /* build and send the PA-TNC message via the IF-IMV interface */ + if (!pa_tnc_msg->build(pa_tnc_msg)) + { + pa_tnc_msg->destroy(pa_tnc_msg); + return TNC_RESULT_FATAL; + } + msg = pa_tnc_msg->get_encoding(pa_tnc_msg); + DBG3(DBG_IMV, "created PA-TNC message: %B", &msg); + + if (this->state->has_long(this->state) && this->agent->send_message_long) + { + excl = excl && this->state->has_excl(this->state) && + this->dst_id != TNC_IMCID_ANY; + msg_flags = excl ? TNC_MESSAGE_FLAGS_EXCLUSIVE : 0; + result = this->agent->send_message_long(this->src_id, + this->connection_id, msg_flags, msg.ptr, msg.len, + this->msg_type.vendor_id, this->msg_type.type, + this->dst_id); + } + else if (this->agent->send_message) + { + msg_type = (this->msg_type.vendor_id << 8) | + (this->msg_type.type & 0x000000ff); + result = this->agent->send_message(this->src_id, this->connection_id, + msg.ptr, msg.len, msg_type); + } + + pa_tnc_msg->destroy(pa_tnc_msg); + + if (result != TNC_RESULT_SUCCESS) + { + break; + } + } + return result; +} + +METHOD(imv_msg_t, send_assessment, TNC_Result, + private_imv_msg_t *this) +{ + TNC_IMV_Action_Recommendation rec; + TNC_IMV_Evaluation_Result eval; + pa_tnc_attr_t *attr; + + /* Send an IETF Assessment Result attribute if enabled */ + if (lib->settings->get_bool(lib->settings, "libimcv.assessment_result", + TRUE)) + { + this->state->get_recommendation(this->state, &rec, &eval); + attr = ietf_attr_assess_result_create(eval); + add_attribute(this, attr); + + /* send PA-TNC message with the excl flag set */ + return send_(this, TRUE); + } + return TNC_RESULT_SUCCESS; +} + +METHOD(imv_msg_t, receive, TNC_Result, + private_imv_msg_t *this, bool *fatal_error) +{ + enumerator_t *enumerator; + pa_tnc_attr_t *attr; + chunk_t msg; + + if (this->state->has_long(this->state)) + { + if (this->dst_id != TNC_IMVID_ANY) + { + DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u " + "from IMC %u to IMV %u", + this->agent->get_id(this->agent), + this->agent->get_name(this->agent), + this->connection_id, this->src_id, this->dst_id); + } + else + { + DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u " + "from IMC %u", this->agent->get_id(this->agent), + this->agent->get_name(this->agent), + this->connection_id, this->src_id); + } + } + else + { + DBG2(DBG_IMV, "IMV %u \"%s\" received message for Connection ID %u", + this->agent->get_id(this->agent), + this->agent->get_name(this->agent), + this->connection_id); + } + msg = this->pa_msg->get_encoding(this->pa_msg); + DBG3(DBG_IMV, "%B", &msg); + + switch (this->pa_msg->process(this->pa_msg)) + { + case SUCCESS: + break; + case VERIFY_ERROR: + { + imv_msg_t *error_msg; + TNC_Result result; + + error_msg = imv_msg_create_as_reply(&this->public); + + /* extract and copy by reference all error attributes */ + enumerator = this->pa_msg->create_error_enumerator(this->pa_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + error_msg->add_attribute(error_msg, attr->get_ref(attr)); + } + enumerator->destroy(enumerator); + + /* + * send the PA-TNC message containing all error attributes + * with the excl flag set + */ + result = error_msg->send(error_msg, TRUE); + error_msg->destroy(error_msg); + return result; + } + case FAILED: + default: + return TNC_RESULT_FATAL; + } + + /* preprocess any received IETF standard error attributes */ + *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg); + + return TNC_RESULT_SUCCESS; +} + +METHOD(imv_msg_t, delete_attributes, void, + private_imv_msg_t *this) +{ + pa_tnc_attr_t *attr; + + while (this->attr_list->remove_last(this->attr_list, (void**)&attr) == SUCCESS) + { + attr->destroy(attr); + } +} + +METHOD(imv_msg_t, create_attribute_enumerator, enumerator_t*, + private_imv_msg_t *this) +{ + return this->pa_msg->create_attribute_enumerator(this->pa_msg); +} + +METHOD(imv_msg_t, destroy, void, + private_imv_msg_t *this) +{ + this->attr_list->destroy_offset(this->attr_list, + offsetof(pa_tnc_attr_t, destroy)); + DESTROY_IF(this->pa_msg); + free(this); +} + +/** + * See header + */ +imv_msg_t *imv_msg_create(imv_agent_t *agent, imv_state_t *state, + TNC_ConnectionID connection_id, + TNC_UInt32 src_id, TNC_UInt32 dst_id, + pen_type_t msg_type) +{ + private_imv_msg_t *this; + + INIT(this, + .public = { + .get_src_id = _get_src_id, + .get_dst_id = _get_dst_id, + .set_msg_type = _set_msg_type, + .send = _send_, + .send_assessment = _send_assessment, + .receive = _receive, + .add_attribute = _add_attribute, + .create_attribute_enumerator = _create_attribute_enumerator, + .destroy = _destroy, + }, + .connection_id = connection_id, + .src_id = src_id, + .dst_id = dst_id, + .msg_type = msg_type, + .attr_list = linked_list_create(), + .agent = agent, + .state = state, + ); + + return &this->public; +} + +/** + * See header + */ +imv_msg_t* imv_msg_create_as_reply(imv_msg_t *msg) +{ + private_imv_msg_t *in; + TNC_UInt32 src_id; + + in = (private_imv_msg_t*)msg; + src_id = (in->dst_id != TNC_IMVID_ANY) ? + in->dst_id : in->agent->get_id(in->agent); + + return imv_msg_create(in->agent, in->state, in->connection_id, src_id, + in->src_id, in->msg_type); +} + +/** + * See header + */ +imv_msg_t *imv_msg_create_from_data(imv_agent_t *agent, imv_state_t *state, + TNC_ConnectionID connection_id, + TNC_MessageType msg_type, + chunk_t msg) +{ + TNC_VendorID msg_vid; + TNC_MessageSubtype msg_subtype; + + msg_vid = msg_type >> 8; + msg_subtype = msg_type & TNC_SUBTYPE_ANY; + + return imv_msg_create_from_long_data(agent, state, connection_id, + TNC_IMCID_ANY, agent->get_id(agent), + msg_vid, msg_subtype, msg); +} + +/** + * See header + */ +imv_msg_t *imv_msg_create_from_long_data(imv_agent_t *agent, imv_state_t *state, + TNC_ConnectionID connection_id, + TNC_UInt32 src_id, + TNC_UInt32 dst_id, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + chunk_t msg) +{ + private_imv_msg_t *this; + + INIT(this, + .public = { + .get_src_id = _get_src_id, + .get_dst_id = _get_dst_id, + .set_msg_type = _set_msg_type, + .send = _send_, + .receive = _receive, + .add_attribute = _add_attribute, + .delete_attributes = _delete_attributes, + .create_attribute_enumerator = _create_attribute_enumerator, + .destroy = _destroy, + }, + .connection_id = connection_id, + .src_id = src_id, + .dst_id = dst_id, + .msg_type = pen_type_create(msg_vid, msg_subtype), + .attr_list = linked_list_create(), + .pa_msg = pa_tnc_msg_create_from_data(msg), + .agent = agent, + .state = state, + ); + + return &this->public; +} + diff --git a/src/libimcv/imv/imv_msg.h b/src/libimcv/imv/imv_msg.h new file mode 100644 index 000000000..43e646d2b --- /dev/null +++ b/src/libimcv/imv/imv_msg.h @@ -0,0 +1,162 @@ +/* + * Copyright (C) 2012 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup imv_msg imv_msg + * @{ @ingroup libimcv + */ + +#ifndef IMV_MSG_H_ +#define IMV_MSG_H_ + +#include <imv/imv_agent.h> + +typedef struct imv_msg_t imv_msg_t; + +#include <library.h> + +/** + * Interface for a PA-TNC message handled by an IMV. + * + */ +struct imv_msg_t { + + /** + * Get source ID of PA-TNC message + * + * @return src ID + */ + TNC_UInt32 (*get_src_id)(imv_msg_t *this); + + /** + * Get destination ID of PA-TNC message + * + * @return destination ID + */ + TNC_UInt32 (*get_dst_id)(imv_msg_t *this); + + /** + * Set the type of a PA-TNC message + * + * @param msg_type message type + */ + void (*set_msg_type)(imv_msg_t *this, pen_type_t msg_type); + + /** + * Sends one or multiple PA-TNC messages + * + * @param excl set the excl message flag if supported + * @return TNC result code + */ + TNC_Result (*send)(imv_msg_t *this, bool excl); + + /** + * Send a PA-TNC message containing an IETF Assessment Result attribute + * + * @return TNC result code + */ + TNC_Result (*send_assessment)(imv_msg_t *this); + + /** + * Processes a received PA-TNC message + * + * @param fatal_error TRUE if IMC sent a fatal error message + * @return TNC result code + */ + TNC_Result (*receive)(imv_msg_t *this, bool *fatal_error); + + /** + * Add a PA-TNC attribute to the send queue + * + * @param attr PA-TNC attribute to be added + */ + void (*add_attribute)(imv_msg_t *this, pa_tnc_attr_t *attr); + + /** + * Delete all PA-TNC attributes in the send queue + * + */ + void (*delete_attributes)(imv_msg_t *this); + + /** + * Enumerator over PA-TNC attributes contained in the PA-TNC message + * + * @return PA-TNC attribute enumerator + */ + enumerator_t* (*create_attribute_enumerator)(imv_msg_t *this); + + /** + * Destroys a imv_msg_t object. + */ + void (*destroy)(imv_msg_t *this); +}; + +/** + * Create a wrapper for an outbound message + * + * @param agent IMV agent responsible for the message + * @param state IMV state for the given connection ID + * @param connection_id connection ID + * @param src_id source IMV ID + * @param dst_id destination IMC ID + * @param msg_type PA-TNC message type + */ +imv_msg_t* imv_msg_create(imv_agent_t *agent, imv_state_t *state, + TNC_ConnectionID connection_id, + TNC_UInt32 src_id, TNC_UInt32 dst_id, + pen_type_t msg_type); + +/** + * Create a wrapper for an outbound message based on a received message + * + * @param msg received message the reply is based on + */ +imv_msg_t* imv_msg_create_as_reply(imv_msg_t *msg); + +/** + * Create a wrapper around message data received via the legacy IF-IMV interface + * + * @param agent IMV agent responsible for the message + * @param state IMV state for the given connection ID + * @param connection_id connection ID + * @param msg_type PA-TNC message type + * @param msg received PA-TNC message blob + */ +imv_msg_t* imv_msg_create_from_data(imv_agent_t *agent, imv_state_t *state, + TNC_ConnectionID connection_id, + TNC_MessageType msg_type, + chunk_t msg); + +/** + * Create a wrapper around message data received via the long IF-IMV interface + * + * @param agent IMV agent responsible for the message + * @param state IMV state for the given connection ID + * @param connection_id connection ID + * @param src_id source IMC ID + * @param dst_id destination IMV ID + * @param msg_flags PA-TNC message flags + * @param msg_vid PA-TNC message vendor ID + * @param msg_subtype PA-TNC subtype + * @param msg received PA-TNC message blob + */ +imv_msg_t* imv_msg_create_from_long_data(imv_agent_t *agent, imv_state_t *state, + TNC_ConnectionID connection_id, + TNC_UInt32 src_id, TNC_UInt32 dst_id, + TNC_VendorID msg_vid, + TNC_MessageSubtype msg_subtype, + chunk_t msg); + +#endif /** IMV_MSG_H_ @}*/ diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index d14148816..32b19905f 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -16,15 +16,13 @@ #include "imc_os_state.h" #include <imc/imc_agent.h> -#include <pa_tnc/pa_tnc_msg.h> +#include <imc/imc_msg.h> #include <ietf/ietf_attr.h> -#include <ietf/ietf_attr_assess_result.h> #include <ietf/ietf_attr_attr_request.h> #include <ietf/ietf_attr_default_pwd_enabled.h> #include <ietf/ietf_attr_fwd_enabled.h> #include <ietf/ietf_attr_installed_packages.h> #include <ietf/ietf_attr_op_status.h> -#include <ietf/ietf_attr_pa_tnc_error.h> #include <ietf/ietf_attr_product_info.h> #include <ietf/ietf_attr_string_version.h> #include <os_info/os_info.h> @@ -120,30 +118,30 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, /** * Add IETF Product Information attribute to the send queue */ -static void add_product_info(linked_list_t *attr_list) +static void add_product_info(imc_msg_t *msg) { pa_tnc_attr_t *attr; attr = ietf_attr_product_info_create(PEN_IETF, 0, os->get_name(os)); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); } /** * Add IETF String Version attribute to the send queue */ -static void add_string_version(linked_list_t *attr_list) +static void add_string_version(imc_msg_t *msg) { pa_tnc_attr_t *attr; attr = ietf_attr_string_version_create(os->get_version(os), chunk_empty, chunk_empty); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); } /** * Add IETF Operational Status attribute to the send queue */ -static void add_op_status(linked_list_t *attr_list) +static void add_op_status(imc_msg_t *msg) { pa_tnc_attr_t *attr; time_t uptime, last_boot; @@ -156,13 +154,13 @@ static void add_op_status(linked_list_t *attr_list) } attr = ietf_attr_op_status_create(OP_STATUS_OPERATIONAL, OP_RESULT_SUCCESSFUL, last_boot); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); } /** * Add IETF Forwarding Enabled attribute to the send queue */ -static void add_fwd_enabled(linked_list_t *attr_list) +static void add_fwd_enabled(imc_msg_t *msg) { pa_tnc_attr_t *attr; os_fwd_status_t fwd_status; @@ -171,25 +169,25 @@ static void add_fwd_enabled(linked_list_t *attr_list) DBG1(DBG_IMC, "IPv4 forwarding status: %N", os_fwd_status_names, fwd_status); attr = ietf_attr_fwd_enabled_create(fwd_status); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); } /** * Add IETF Factory Default Password Enabled attribute to the send queue */ -static void add_default_pwd_enabled(linked_list_t *attr_list) +static void add_default_pwd_enabled(imc_msg_t *msg) { pa_tnc_attr_t *attr; DBG1(DBG_IMC, "factory default password: disabled"); attr = ietf_attr_default_pwd_enabled_create(FALSE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); } /** * Add an IETF Installed Packages attribute to the send queue */ -static void add_installed_packages(linked_list_t *attr_list) +static void add_installed_packages(imc_msg_t *msg) { pa_tnc_attr_t *attr; ietf_attr_installed_packages_t *attr_cast; @@ -202,7 +200,7 @@ static void add_installed_packages(linked_list_t *attr_list) attr_cast = (ietf_attr_installed_packages_t*)attr; attr_cast->add(attr_cast, libc_name, libc_version); attr_cast->add(attr_cast, selinux_name, selinux_version); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); } /** @@ -211,6 +209,8 @@ static void add_installed_packages(linked_list_t *attr_list) TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, TNC_ConnectionID connection_id) { + imc_state_t *state; + imc_msg_t *out_msg; TNC_Result result = TNC_RESULT_SUCCESS; if (!imc_os) @@ -218,75 +218,48 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); return TNC_RESULT_NOT_INITIALIZED; } - + if (!imc_os->get_state(imc_os, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } if (lib->settings->get_bool(lib->settings, "libimcv.plugins.imc-os.send_info", TRUE)) { - linked_list_t *attr_list; - - attr_list = linked_list_create(); - add_product_info(attr_list); - add_string_version(attr_list); - add_op_status(attr_list); - add_fwd_enabled(attr_list); - add_default_pwd_enabled(attr_list); - result = imc_os->send_message(imc_os, connection_id, FALSE, 0, - TNC_IMVID_ANY, PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM, - attr_list); - attr_list->destroy(attr_list); + out_msg = imc_msg_create(imc_os, state, connection_id, imc_id, + TNC_IMVID_ANY, msg_types[0]); + add_product_info(out_msg); + add_string_version(out_msg); + add_op_status(out_msg); + add_fwd_enabled(out_msg); + add_default_pwd_enabled(out_msg); + + /* send PA-TNC message with the excl flag not set */ + result = out_msg->send(out_msg, FALSE); + out_msg->destroy(out_msg); } return result; } -static TNC_Result receive_message(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) +static TNC_Result receive_message(imc_msg_t *in_msg) { - pa_tnc_msg_t *pa_tnc_msg; + imc_msg_t *out_msg; + enumerator_t *enumerator; pa_tnc_attr_t *attr; pen_type_t attr_type; - linked_list_t *attr_list; - imc_state_t *state; - enumerator_t *enumerator; TNC_Result result; - TNC_UInt32 target_imc_id; - bool fatal_error; - - if (!imc_os) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - - /* get current IMC state */ - if (!imc_os->get_state(imc_os, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } + bool fatal_error = FALSE; - /* parse received PA-TNC message and automatically handle any errors */ - result = imc_os->receive_message(imc_os, state, msg, msg_vid, - msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg); - - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { return result; } - target_imc_id = (dst_imc_id == TNC_IMCID_ANY) ? imc_id : dst_imc_id; - - /* preprocess any IETF standard error attributes */ - fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg); + out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ - attr_list = linked_list_create(); - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); + enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { attr_type = attr->get_type(attr); @@ -313,22 +286,22 @@ static TNC_Result receive_message(TNC_IMCID imc_id, switch (entry->type) { case IETF_ATTR_PRODUCT_INFORMATION: - add_product_info(attr_list); + add_product_info(out_msg); break; case IETF_ATTR_STRING_VERSION: - add_string_version(attr_list); + add_string_version(out_msg); break; case IETF_ATTR_OPERATIONAL_STATUS: - add_op_status(attr_list); + add_op_status(out_msg); break; case IETF_ATTR_FORWARDING_ENABLED: - add_fwd_enabled(attr_list); + add_fwd_enabled(out_msg); break; case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED: - add_default_pwd_enabled(attr_list); + add_default_pwd_enabled(out_msg); break; case IETF_ATTR_INSTALLED_PACKAGES: - add_installed_packages(attr_list); + add_installed_packages(out_msg); break; default: break; @@ -336,35 +309,18 @@ static TNC_Result receive_message(TNC_IMCID imc_id, } e->destroy(e); } - else if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT) - { - ietf_attr_assess_result_t *attr_cast; - - attr_cast = (ietf_attr_assess_result_t*)attr; - state->set_result(state, target_imc_id, - attr_cast->get_result(attr_cast)); - } } enumerator->destroy(enumerator); - pa_tnc_msg->destroy(pa_tnc_msg); if (fatal_error) { - attr_list->destroy_offset(attr_list, offsetof(pa_tnc_attr_t, destroy)); - return TNC_RESULT_FATAL; - } - - if (attr_list->get_count(attr_list)) - { - result = imc_os->send_message(imc_os, connection_id, TRUE, imc_id, - src_imv_id, PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM, - attr_list); + result = TNC_RESULT_FATAL; } else { - result = TNC_RESULT_SUCCESS; + result = out_msg->send(out_msg, TRUE); } - attr_list->destroy(attr_list); + out_msg->destroy(out_msg); return result; } @@ -379,14 +335,25 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + if (!imc_os) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_os->get_state(imc_os, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_data(imc_os, state, connection_id, msg_type, + chunk_create(msg, msg_len)); + result = receive_message(in_msg); + in_msg->destroy(in_msg); - return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMCID_ANY); + return result; } /** @@ -402,9 +369,26 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id) { - return receive_message(imc_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imv_id, dst_imc_id); + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_os) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_os->get_state(imc_os, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_long_data(imc_os, state, connection_id, + src_imv_id, dst_imc_id,msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(in_msg); + in_msg->destroy(in_msg); + + return result; } /** diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c index 5ad73790a..859e1f87f 100644 --- a/src/libimcv/plugins/imc_os/imc_os_state.c +++ b/src/libimcv/plugins/imc_os/imc_os_state.c @@ -109,8 +109,6 @@ METHOD(imc_state_t, set_result, void, private_imc_os_state_t *this, TNC_IMCID id, TNC_IMV_Evaluation_Result result) { - DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'", - id, TNC_IMV_Evaluation_Result_names, result); this->result = result; } diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index d82d1fad4..c97dd0dea 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -16,11 +16,9 @@ #include "imc_scanner_state.h" #include <imc/imc_agent.h> -#include <pa_tnc/pa_tnc_msg.h> +#include <imc/imc_msg.h> #include <ietf/ietf_attr.h> -#include <ietf/ietf_attr_pa_tnc_error.h> #include <ietf/ietf_attr_port_filter.h> -#include <ietf/ietf_attr_assess_result.h> #include <tncif_pa_subtypes.h> @@ -229,12 +227,10 @@ end: return success; } -static TNC_Result send_message(TNC_ConnectionID connection_id) +static TNC_Result send_message(imc_msg_t *out_msg) { - linked_list_t *attr_list; pa_tnc_attr_t *attr; ietf_attr_port_filter_t *attr_port_filter; - TNC_Result result; attr = ietf_attr_port_filter_create(); attr->set_noskip_flag(attr, TRUE); @@ -244,14 +240,10 @@ static TNC_Result send_message(TNC_ConnectionID connection_id) attr->destroy(attr); return TNC_RESULT_FATAL; } - attr_list = linked_list_create(); - attr_list->insert_last(attr_list, attr); - result = imc_scanner->send_message(imc_scanner, connection_id, FALSE, 0, - TNC_IMVID_ANY, PEN_ITA, PA_SUBTYPE_ITA_SCANNER, - attr_list); - attr_list->destroy(attr_list); + out_msg->add_attribute(out_msg, attr); - return result; + /* send PA-TNC message with the excl flag not set */ + return out_msg->send(out_msg, FALSE); } /** @@ -260,85 +252,39 @@ static TNC_Result send_message(TNC_ConnectionID connection_id) TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, TNC_ConnectionID connection_id) { - if (!imc_scanner) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - return send_message(connection_id); -} - -static TNC_Result receive_message(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) -{ - pa_tnc_msg_t *pa_tnc_msg; - pa_tnc_attr_t *attr; - pen_type_t attr_type; imc_state_t *state; - enumerator_t *enumerator; + imc_msg_t *out_msg; TNC_Result result; - TNC_UInt32 target_imc_id; - bool fatal_error; if (!imc_scanner) { DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); return TNC_RESULT_NOT_INITIALIZED; } - - /* get current IMC state */ if (!imc_scanner->get_state(imc_scanner, connection_id, &state)) { return TNC_RESULT_FATAL; } + out_msg = imc_msg_create(imc_scanner, state, connection_id, imc_id, + TNC_IMVID_ANY, msg_types[0]); + result = send_message(out_msg); + out_msg->destroy(out_msg); - /* parse received PA-TNC message and automatically handle any errors */ - result = imc_scanner->receive_message(imc_scanner, state, msg, msg_vid, - msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg); - - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) - { - return result; - } - target_imc_id = (dst_imc_id == TNC_IMCID_ANY) ? imc_id : dst_imc_id; - - /* preprocess any IETF standard error attributes */ - fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg); - - /* analyze PA-TNC attributes */ - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); - while (enumerator->enumerate(enumerator, &attr)) - { - attr_type = attr->get_type(attr); - - if (attr_type.vendor_id == PEN_IETF && - attr_type.type == IETF_ATTR_ASSESSMENT_RESULT) - { - ietf_attr_assess_result_t *ietf_attr; + return result; +} - ietf_attr = (ietf_attr_assess_result_t*)attr; - state->set_result(state, target_imc_id, - ietf_attr->get_result(ietf_attr)); - } - } - enumerator->destroy(enumerator); - pa_tnc_msg->destroy(pa_tnc_msg); +static TNC_Result receive_message(imc_msg_t *in_msg) +{ + TNC_Result result; + bool fatal_error = FALSE; - if (fatal_error) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { - return TNC_RESULT_FATAL; + return result; } - - /* if no assessment result is known then repeat the measurement */ - return state->get_result(state, target_imc_id, NULL) ? - TNC_RESULT_SUCCESS : send_message(connection_id); + return fatal_error ? TNC_RESULT_FATAL : TNC_RESULT_SUCCESS; } /** @@ -351,14 +297,26 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + if (!imc_scanner) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_scanner->get_state(imc_scanner, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + + in_msg = imc_msg_create_from_data(imc_scanner, state, connection_id, + msg_type, chunk_create(msg, msg_len)); + result = receive_message(in_msg); + in_msg->destroy(in_msg); - return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMCID_ANY); + return result; } /** @@ -374,9 +332,26 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id) { - return receive_message(imc_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imv_id, dst_imc_id); + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_scanner) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_scanner->get_state(imc_scanner, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_long_data(imc_scanner, state, connection_id, + src_imv_id, dst_imc_id, msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result = receive_message(in_msg); + in_msg->destroy(in_msg); + + return result; } /** diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c index 991b24a73..d47c4ecdf 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c @@ -109,8 +109,6 @@ METHOD(imc_state_t, set_result, void, private_imc_scanner_state_t *this, TNC_IMCID id, TNC_IMV_Evaluation_Result result) { - DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'", - id, TNC_IMV_Evaluation_Result_names, result); this->result = result; } diff --git a/src/libimcv/plugins/imc_test/imc_test.c b/src/libimcv/plugins/imc_test/imc_test.c index b8ee1371b..472354edc 100644 --- a/src/libimcv/plugins/imc_test/imc_test.c +++ b/src/libimcv/plugins/imc_test/imc_test.c @@ -16,10 +16,8 @@ #include "imc_test_state.h" #include <imc/imc_agent.h> -#include <pa_tnc/pa_tnc_msg.h> +#include <imc/imc_msg.h> #include <ietf/ietf_attr.h> -#include <ietf/ietf_attr_pa_tnc_error.h> -#include <ietf/ietf_attr_assess_result.h> #include <ita/ita_attr.h> #include <ita/ita_attr_command.h> #include <ita/ita_attr_dummy.h> @@ -182,37 +180,24 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, } } -static TNC_Result send_message(imc_state_t *state, TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) +static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg) { imc_test_state_t *test_state; - linked_list_t *attr_list; pa_tnc_attr_t *attr; - bool excl; - TNC_ConnectionID connection_id; - TNC_Result result; - attr_list = linked_list_create(); - connection_id = state->get_connection_id(state); test_state = (imc_test_state_t*)state; - if (test_state->get_dummy_size(test_state)) { attr = ita_attr_dummy_create(test_state->get_dummy_size(test_state)); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); } attr = ita_attr_command_create(test_state->get_command(test_state)); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); - excl = dst_imv_id != TNC_IMVID_ANY; - result = imc_test->send_message(imc_test, connection_id, excl, src_imc_id, - dst_imv_id, PEN_ITA, PA_SUBTYPE_ITA_TEST, - attr_list); - attr_list->destroy(attr_list); - - return result; + /* send PA-TNC message with the excl flag set */ + return out_msg->send(out_msg, TRUE); } /** @@ -222,6 +207,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, TNC_ConnectionID connection_id) { imc_state_t *state; + imc_msg_t *out_msg; enumerator_t *enumerator; void *pointer; TNC_UInt32 additional_id; @@ -232,15 +218,16 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); return TNC_RESULT_NOT_INITIALIZED; } - - /* get current IMC state */ if (!imc_test->get_state(imc_test, connection_id, &state)) { return TNC_RESULT_FATAL; } /* send PA message for primary IMC ID */ - result = send_message(state, imc_id, TNC_IMVID_ANY); + out_msg = imc_msg_create(imc_test, state, connection_id, imc_id, + TNC_IMVID_ANY, msg_types[0]); + result = send_message(state, out_msg); + out_msg->destroy(out_msg); /* Exit if there are no additional IMC IDs */ if (!imc_test->count_additional_ids(imc_test)) @@ -263,93 +250,60 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, { /* interpret pointer as scalar value */ additional_id = (TNC_UInt32)pointer; - result = send_message(state, additional_id, TNC_IMVID_ANY); + out_msg = imc_msg_create(imc_test, state, connection_id, additional_id, + TNC_IMVID_ANY, msg_types[0]); + result = send_message(state, out_msg); + out_msg->destroy(out_msg); } enumerator->destroy(enumerator); return result; } -static TNC_Result receive_message(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) +static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) { - pa_tnc_msg_t *pa_tnc_msg; + imc_msg_t *out_msg; + enumerator_t *enumerator; pa_tnc_attr_t *attr; pen_type_t attr_type; - imc_state_t *state; - enumerator_t *enumerator; TNC_Result result; - TNC_UInt32 target_imc_id; bool fatal_error = FALSE; - if (!imc_test) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - - /* get current IMC state */ - if (!imc_test->get_state(imc_test, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - - /* parse received PA-TNC message and automatically handle any errors */ - result = imc_test->receive_message(imc_test, state, msg, msg_vid, - msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg); - - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { return result; } - target_imc_id = (dst_imc_id == TNC_IMCID_ANY) ? imc_id : dst_imc_id; - - /* preprocess any IETF standard error attributes */ - fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg); /* analyze PA-TNC attributes */ - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); + enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { attr_type = attr->get_type(attr); - if (attr_type.vendor_id == PEN_IETF) + if (attr_type.vendor_id != PEN_ITA) { - ietf_attr_assess_result_t *ietf_attr; - - ietf_attr = (ietf_attr_assess_result_t*)attr; - state->set_result(state, target_imc_id, - ietf_attr->get_result(ietf_attr)); + continue; } - else if (attr_type.vendor_id == PEN_ITA) + if (attr_type.type == ITA_ATTR_COMMAND) { - if (attr_type.type == ITA_ATTR_COMMAND) - { - ita_attr_command_t *ita_attr; + ita_attr_command_t *ita_attr; - ita_attr = (ita_attr_command_t*)attr; - DBG1(DBG_IMC, "received command '%s'", - ita_attr->get_command(ita_attr)); - } - else if (attr_type.type == ITA_ATTR_DUMMY) - { - ita_attr_dummy_t *ita_attr; + ita_attr = (ita_attr_command_t*)attr; + DBG1(DBG_IMC, "received command '%s'", + ita_attr->get_command(ita_attr)); + } + else if (attr_type.type == ITA_ATTR_DUMMY) + { + ita_attr_dummy_t *ita_attr; - ita_attr = (ita_attr_dummy_t*)attr; - DBG1(DBG_IMC, "received dummy attribute value (%d bytes)", - ita_attr->get_size(ita_attr)); - } + ita_attr = (ita_attr_dummy_t*)attr; + DBG1(DBG_IMC, "received dummy attribute value (%d bytes)", + ita_attr->get_size(ita_attr)); } } enumerator->destroy(enumerator); - pa_tnc_msg->destroy(pa_tnc_msg); if (fatal_error) { @@ -357,8 +311,15 @@ static TNC_Result receive_message(TNC_IMCID imc_id, } /* if no assessment result is known then repeat the measurement */ - return state->get_result(state, target_imc_id, NULL) ? - TNC_RESULT_SUCCESS : send_message(state, dst_imc_id, src_imv_id); + if (state->get_result(state, in_msg->get_dst_id(in_msg), NULL)) + { + return TNC_RESULT_SUCCESS; + } + out_msg = imc_msg_create_as_reply(in_msg); + result = send_message(state, out_msg); + out_msg->destroy(out_msg); + + return result; } /** @@ -370,14 +331,26 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_test) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_test->get_state(imc_test, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + in_msg = imc_msg_create_from_data(imc_test, state, connection_id, msg_type, + chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); - return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMCID_ANY); + return result; } /** @@ -393,9 +366,26 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id) { - return receive_message(imc_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imv_id, dst_imc_id); + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_test) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_test->get_state(imc_test, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_long_data(imc_test, state, connection_id, + src_imv_id, dst_imc_id, msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; } /** diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c index e70eb1492..7d2db7c34 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.c +++ b/src/libimcv/plugins/imc_test/imc_test_state.c @@ -144,9 +144,6 @@ METHOD(imc_state_t, set_result, void, entry_t *entry; bool found = FALSE; - DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'", - id, TNC_IMV_Evaluation_Result_names, result); - enumerator = this->results->create_enumerator(this->results); while (enumerator->enumerate(enumerator, &entry)) { diff --git a/src/libimcv/plugins/imv_os/imv_os.c b/src/libimcv/plugins/imv_os/imv_os.c index e050b6d2b..f5f7afe95 100644 --- a/src/libimcv/plugins/imv_os/imv_os.c +++ b/src/libimcv/plugins/imv_os/imv_os.c @@ -16,7 +16,7 @@ #include "imv_os_state.h" #include <imv/imv_agent.h> -#include <pa_tnc/pa_tnc_msg.h> +#include <imv/imv_msg.h> #include <ietf/ietf_attr.h> #include <ietf/ietf_attr_attr_request.h> #include <ietf/ietf_attr_default_pwd_enabled.h> @@ -99,56 +99,30 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, } } -static TNC_Result receive_message(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) +static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) { - pa_tnc_msg_t *pa_tnc_msg; - pa_tnc_attr_t *attr; - pen_type_t type; - linked_list_t *attr_list; - imv_state_t *state; + imv_msg_t *out_msg; imv_os_state_t *os_state; enumerator_t *enumerator; + pa_tnc_attr_t *attr; + pen_type_t type; TNC_Result result; chunk_t os_name = chunk_empty; chunk_t os_version = chunk_empty; - bool fatal_error, assessment = FALSE; + bool fatal_error = FALSE, assessment = FALSE; - if (!imv_os) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - /* get current IMV state */ - if (!imv_os->get_state(imv_os, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - os_state = (imv_os_state_t*)state; - - /* parse received PA-TNC message and automatically handle any errors */ - result = imv_os->receive_message(imv_os, state, msg, msg_vid, - msg_subtype, src_imc_id, dst_imv_id, &pa_tnc_msg); - - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { return result; } - /* preprocess any IETF standard error attributes */ - fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg); + out_msg = imv_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ - attr_list = linked_list_create(); - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); + enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { type = attr->get_type(attr); @@ -251,6 +225,7 @@ static TNC_Result receive_message(TNC_IMVID imv_id, { char *product_info; + os_state = (imv_os_state_t*)state; os_state->set_info(os_state, os_name, os_version); product_info = os_state->get_info(os_state); @@ -269,10 +244,9 @@ static TNC_Result receive_message(TNC_IMVID imv_id, product_info); attr = ietf_attr_attr_request_create(PEN_IETF, IETF_ATTR_INSTALLED_PACKAGES); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); } } - pa_tnc_msg->destroy(pa_tnc_msg); if (fatal_error) { @@ -284,15 +258,18 @@ static TNC_Result receive_message(TNC_IMVID imv_id, if (assessment) { - attr_list->destroy_offset(attr_list, offsetof(pa_tnc_attr_t, destroy)); - return imv_os->provide_recommendation(imv_os, connection_id, src_imc_id, - PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return imv_os->provide_recommendation(imv_os, state); } - result = imv_os->send_message(imv_os, connection_id, TRUE, imv_id, - src_imc_id, PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM, - attr_list); - attr_list->destroy(attr_list); + /* send PA-TNC message with excl flag set */ + result = out_msg->send(out_msg, TRUE); + out_msg->destroy(out_msg); return result; } @@ -306,14 +283,25 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + if (!imv_os) + { + DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imv_os->get_state(imv_os, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_data(imv_os, state, connection_id, msg_type, + chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); - return receive_message(imv_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMVID_ANY); + return result; } /** @@ -329,9 +317,26 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id) { - return receive_message(imv_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imc_id, dst_imv_id); + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!imv_os) + { + DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imv_os->get_state(imv_os, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_long_data(imv_os, state, connection_id, + src_imc_id, dst_imv_id, msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; } /** @@ -340,13 +345,18 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, TNC_ConnectionID connection_id) { + imv_state_t *state; + if (!imv_os) { DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); return TNC_RESULT_NOT_INITIALIZED; } - return imv_os->provide_recommendation(imv_os, connection_id, TNC_IMCID_ANY, - PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM); + if (!imv_os->get_state(imv_os, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + return imv_os->provide_recommendation(imv_os, state); } /** @@ -364,8 +374,6 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); return TNC_RESULT_NOT_INITIALIZED; } - - /* get current IMV state */ if (!imv_os->get_state(imv_os, connection_id, &state)) { return TNC_RESULT_FATAL; @@ -374,11 +382,12 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, if (os_state->get_info(os_state) == NULL) { + imv_msg_t *out_msg; pa_tnc_attr_t *attr; - linked_list_t *attr_list; ietf_attr_attr_request_t *attr_cast; - attr_list = linked_list_create(); + out_msg = imv_msg_create(imv_os, state, connection_id, imv_id, + TNC_IMCID_ANY, msg_types[0]); attr = ietf_attr_attr_request_create(PEN_IETF, IETF_ATTR_PRODUCT_INFORMATION); attr_cast = (ietf_attr_attr_request_t*)attr; @@ -386,11 +395,11 @@ TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_OPERATIONAL_STATUS); attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FORWARDING_ENABLED); attr_cast->add(attr_cast, PEN_IETF, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED); - attr_list->insert_last(attr_list, attr); - result = imv_os->send_message(imv_os, connection_id, FALSE, imv_id, - TNC_IMCID_ANY, PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM, - attr_list); - attr_list->destroy(attr_list); + out_msg->add_attribute(out_msg, attr); + + /* send PA-TNC message with excl flag not set */ + result = out_msg->send(out_msg, FALSE); + out_msg->destroy(out_msg); } return result; diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner.c b/src/libimcv/plugins/imv_scanner/imv_scanner.c index 5766922f2..ad7591b39 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner.c @@ -16,7 +16,7 @@ #include "imv_scanner_state.h" #include <imv/imv_agent.h> -#include <pa_tnc/pa_tnc_msg.h> +#include <imv/imv_msg.h> #include <ietf/ietf_attr.h> #include <ietf/ietf_attr_pa_tnc_error.h> #include <ietf/ietf_attr_port_filter.h> @@ -176,50 +176,24 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, } } -static TNC_Result receive_message(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) +static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) { - pa_tnc_msg_t *pa_tnc_msg; + imv_msg_t *out_msg; + enumerator_t *enumerator; pa_tnc_attr_t *attr; pen_type_t type; - imv_state_t *state; - enumerator_t *enumerator; TNC_Result result; - bool fatal_error; - - if (!imv_scanner) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - - /* get current IMV state */ - if (!imv_scanner->get_state(imv_scanner, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } + bool fatal_error = FALSE; - /* parse received PA-TNC message and automatically handle any errors */ - result = imv_scanner->receive_message(imv_scanner, state, msg, msg_vid, - msg_subtype, src_imc_id, dst_imv_id, &pa_tnc_msg); - - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { return result; } - /* preprocess any IETF standard error attributes */ - fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg); - /* analyze PA-TNC attributes */ - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); + enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { type = attr->get_type(attr); @@ -301,16 +275,22 @@ static TNC_Result receive_message(TNC_IMVID imv_id, } } enumerator->destroy(enumerator); - pa_tnc_msg->destroy(pa_tnc_msg); if (fatal_error) { state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); + TNC_IMV_EVALUATION_RESULT_ERROR); } - return imv_scanner->provide_recommendation(imv_scanner, connection_id, - src_imc_id, PEN_ITA, PA_SUBTYPE_ITA_SCANNER); + + out_msg = imv_msg_create_as_reply(in_msg); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return imv_scanner->provide_recommendation(imv_scanner, state); } /** @@ -322,14 +302,26 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + if (!imv_scanner) + { + DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imv_scanner->get_state(imv_scanner, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + + in_msg = imv_msg_create_from_data(imv_scanner, state, connection_id, msg_type, + chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); - return receive_message(imv_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMVID_ANY); + return result; } /** @@ -345,9 +337,26 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id) { - return receive_message(imv_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imc_id, dst_imv_id); + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!imv_scanner) + { + DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imv_scanner->get_state(imv_scanner, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_long_data(imv_scanner, state, connection_id, + src_imc_id, dst_imv_id, msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; } /** @@ -356,13 +365,18 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, TNC_ConnectionID connection_id) { + imv_state_t *state; + if (!imv_scanner) { DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); return TNC_RESULT_NOT_INITIALIZED; } - return imv_scanner->provide_recommendation(imv_scanner, connection_id, - TNC_IMCID_ANY, PEN_ITA, PA_SUBTYPE_ITA_SCANNER); + if (!imv_scanner->get_state(imv_scanner, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + return imv_scanner->provide_recommendation(imv_scanner, state); } /** diff --git a/src/libimcv/plugins/imv_test/imv_test.c b/src/libimcv/plugins/imv_test/imv_test.c index 171cf2529..051600d4c 100644 --- a/src/libimcv/plugins/imv_test/imv_test.c +++ b/src/libimcv/plugins/imv_test/imv_test.c @@ -16,7 +16,7 @@ #include "imv_test_state.h" #include <imv/imv_agent.h> -#include <pa_tnc/pa_tnc_msg.h> +#include <imv/imv_msg.h> #include <ietf/ietf_attr.h> #include <ietf/ietf_attr_pa_tnc_error.h> #include <ita/ita_attr.h> @@ -92,59 +92,32 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, } } -static TNC_Result receive_message(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) +static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) { - pa_tnc_msg_t *pa_tnc_msg; - pa_tnc_attr_t *attr; - pen_type_t attr_type; - linked_list_t *attr_list; - imv_state_t *state; + imv_msg_t *out_msg; imv_test_state_t *test_state; enumerator_t *enumerator; + pa_tnc_attr_t *attr; + pen_type_t attr_type; TNC_Result result; int rounds; - bool fatal_error, received_command = FALSE, retry = FALSE; - - if (!imv_test) - { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; - } - - /* get current IMV state */ - if (!imv_test->get_state(imv_test, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - test_state = (imv_test_state_t*)state; - - /* parse received PA-TNC message and automatically handle any errors */ - result = imv_test->receive_message(imv_test, state, msg, msg_vid, - msg_subtype, src_imc_id, dst_imv_id, &pa_tnc_msg); + bool fatal_error = FALSE, received_command = FALSE, retry = FALSE; - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { return result; } - /* preprocess any IETF standard error attributes */ - fatal_error = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg); - /* add any new IMC and set its number of rounds */ rounds = lib->settings->get_int(lib->settings, "libimcv.plugins.imv-test.rounds", 0); - test_state->add_imc(test_state, src_imc_id, rounds); + test_state = (imv_test_state_t*)state; + test_state->add_imc(test_state, in_msg->get_src_id(in_msg), rounds); /* analyze PA-TNC attributes */ - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); + enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { attr_type = attr->get_type(attr); @@ -202,41 +175,60 @@ static TNC_Result receive_message(TNC_IMVID imv_id, } } enumerator->destroy(enumerator); - pa_tnc_msg->destroy(pa_tnc_msg); if (fatal_error) { state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - return imv_test->provide_recommendation(imv_test, connection_id, - src_imc_id, PEN_ITA, PA_SUBTYPE_ITA_TEST); + TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, + TNC_IMV_EVALUATION_RESULT_ERROR); + out_msg = imv_msg_create_as_reply(in_msg); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return imv_test->provide_recommendation(imv_test, state); } /* request a handshake retry ? */ if (retry) { test_state->set_rounds(test_state, rounds); - return imv_test->request_handshake_retry(imv_id, connection_id, - TNC_RETRY_REASON_IMV_SERIOUS_EVENT); + return imv_test->request_handshake_retry(imv_test->get_id(imv_test), + state->get_connection_id(state), + TNC_RETRY_REASON_IMV_SERIOUS_EVENT); } /* repeat the measurement ? */ - if (test_state->another_round(test_state, src_imc_id)) + if (test_state->another_round(test_state, in_msg->get_src_id(in_msg))) { - attr_list = linked_list_create(); + out_msg = imv_msg_create_as_reply(in_msg); attr = ita_attr_command_create("repeat"); - attr_list->insert_last(attr_list, attr); - result = imv_test->send_message(imv_test, connection_id, TRUE, imv_id, - src_imc_id, PEN_ITA, PA_SUBTYPE_ITA_TEST, attr_list); - attr_list->destroy(attr_list); + out_msg->add_attribute(out_msg, attr); + + /* send PA-TNC message with excl flag set */ + result = out_msg->send(out_msg, TRUE); + out_msg->destroy(out_msg); return result; } - return received_command ? imv_test->provide_recommendation(imv_test, - connection_id, src_imc_id, PEN_ITA, PA_SUBTYPE_ITA_TEST) : - TNC_RESULT_SUCCESS; + if (received_command) + { + out_msg = imv_msg_create_as_reply(in_msg); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return imv_test->provide_recommendation(imv_test, state); + } + else + { + return TNC_RESULT_SUCCESS; + } } /** @@ -248,14 +240,25 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + if (!imv_test) + { + DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imv_test->get_state(imv_test, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_data(imv_test, state, connection_id, msg_type, + chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); - return receive_message(imv_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMVID_ANY); + return result; } /** @@ -271,9 +274,26 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id) { - return receive_message(imv_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imc_id, dst_imv_id); + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!imv_test) + { + DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imv_test->get_state(imv_test, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_long_data(imv_test, state, connection_id, + src_imc_id, dst_imv_id, msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; } /** @@ -282,13 +302,18 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, TNC_ConnectionID connection_id) { + imv_state_t *state; + if (!imv_test) { DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); return TNC_RESULT_NOT_INITIALIZED; } - return imv_test->provide_recommendation(imv_test, connection_id, - TNC_IMCID_ANY, PEN_ITA, PA_SUBTYPE_ITA_TEST); + if (!imv_test->get_state(imv_test, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + return imv_test->provide_recommendation(imv_test, state); } /** diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libpts/plugins/imc_attestation/imc_attestation.c index a2b118d23..ee3d5c82e 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation.c @@ -17,6 +17,7 @@ #include "imc_attestation_process.h" #include <imc/imc_agent.h> +#include <imc/imc_msg.h> #include <pa_tnc/pa_tnc_msg.h> #include <ietf/ietf_attr.h> #include <ietf/ietf_attr_pa_tnc_error.h> @@ -147,57 +148,26 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, return TNC_RESULT_SUCCESS; } -static TNC_Result receive_message(TNC_IMCID imc_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imv_id, - TNC_UInt32 dst_imc_id) +static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) { - pa_tnc_msg_t *pa_tnc_msg; - pa_tnc_attr_t *attr; - pen_type_t type; - linked_list_t *attr_list; - imc_state_t *state; + imc_msg_t *out_msg; imc_attestation_state_t *attestation_state; enumerator_t *enumerator; + pa_tnc_attr_t *attr; + pen_type_t type; TNC_Result result; - TNC_UInt32 target_imc_id; - - if (!imc_attestation) - { - DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); - return TNC_RESULT_NOT_INITIALIZED; - } - - /* get current IMC state */ - if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - attestation_state = (imc_attestation_state_t*)state; + bool fatal_error = FALSE; - /* parse received PA-TNC message and automatically handle any errors */ - result = imc_attestation->receive_message(imc_attestation, state, msg, - msg_vid, msg_subtype, src_imv_id, dst_imc_id, &pa_tnc_msg); - - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { return result; } - target_imc_id = (dst_imc_id == TNC_IMCID_ANY) ? imc_id : dst_imc_id; - - /* preprocess any IETF standard error attributes */ - result = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg) ? - TNC_RESULT_FATAL : TNC_RESULT_SUCCESS; - - attr_list = linked_list_create(); + out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); + enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { type = attr->get_type(attr); @@ -224,18 +194,12 @@ static TNC_Result receive_message(TNC_IMCID imc_id, result = TNC_RESULT_FATAL; } } - else if (type.type == IETF_ATTR_ASSESSMENT_RESULT) - { - ietf_attr_assess_result_t *ietf_attr; - - ietf_attr = (ietf_attr_assess_result_t*)attr; - state->set_result(state, target_imc_id, - ietf_attr->get_result(ietf_attr)); - } } else if (type.vendor_id == PEN_TCG) { - if (!imc_attestation_process(attr, attr_list, attestation_state, + attestation_state = (imc_attestation_state_t*)state; + + if (!imc_attestation_process(attr, out_msg, attestation_state, supported_algorithms, supported_dh_groups)) { result = TNC_RESULT_FATAL; @@ -244,15 +208,13 @@ static TNC_Result receive_message(TNC_IMCID imc_id, } } enumerator->destroy(enumerator); - pa_tnc_msg->destroy(pa_tnc_msg); - if (result == TNC_RESULT_SUCCESS && attr_list->get_count(attr_list)) + if (result == TNC_RESULT_SUCCESS) { - result = imc_attestation->send_message(imc_attestation, connection_id, - FALSE, 0, TNC_IMVID_ANY, PEN_TCG, PA_SUBTYPE_TCG_PTS, - attr_list); + /* send PA-TNC message with the excl flag set */ + result = out_msg->send(out_msg, TRUE); } - attr_list->destroy(attr_list); + out_msg->destroy(out_msg); return result; } @@ -266,14 +228,26 @@ TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + if (!imc_attestation) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + + in_msg = imc_msg_create_from_data(imc_attestation, state, connection_id, + msg_type, chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); - return receive_message(imc_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMCID_ANY); + return result; } /** @@ -289,9 +263,26 @@ TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id, TNC_UInt32 src_imv_id, TNC_UInt32 dst_imc_id) { - return receive_message(imc_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imv_id, dst_imc_id); + imc_state_t *state; + imc_msg_t *in_msg; + TNC_Result result; + + if (!imc_attestation) + { + DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imc_attestation->get_state(imc_attestation, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imc_msg_create_from_long_data(imc_attestation, state, connection_id, + src_imv_id, dst_imc_id, msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; } /** diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libpts/plugins/imc_attestation/imc_attestation_process.c index bd2fa649d..8ee02e467 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.c @@ -48,7 +48,7 @@ #define DEFAULT_NONCE_LEN 20 -bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, +bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, imc_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups) @@ -76,7 +76,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send PTS Protocol Capabilities attribute */ attr = tcg_pts_attr_proto_caps_create(imc_caps & imv_caps, FALSE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_MEAS_ALGO: @@ -91,14 +91,14 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (selected_algorithm == PTS_MEAS_ALGO_NONE) { attr = pts_hash_alg_error_create(supported_algorithms); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* Send Measurement Algorithm Selection attribute */ pts->set_meas_algorithm(pts, selected_algorithm); attr = tcg_pts_attr_meas_algo_create(selected_algorithm, TRUE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_DH_NONCE_PARAMS_REQ: @@ -118,7 +118,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, (min_nonce_len > 0 && nonce_len < min_nonce_len)) { attr = pts_dh_nonce_error_create(nonce_len, PTS_MAX_NONCE_LEN); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } @@ -128,7 +128,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (selected_dh_group == PTS_DH_GROUP_NONE) { attr = pts_dh_group_error_create(supported_dh_groups); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } @@ -142,7 +142,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send DH Nonce Parameters Response attribute */ attr = tcg_pts_attr_dh_nonce_params_resp_create(selected_dh_group, supported_algorithms, responder_nonce, responder_value); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_DH_NONCE_FINISH: @@ -190,13 +190,13 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { attr_info = attr->get_value(attr); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* Send TPM Version Info attribute */ attr = tcg_pts_attr_tpm_version_info_create(tpm_version_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_GET_AIK: @@ -212,7 +212,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, /* Send AIK attribute */ attr = tcg_pts_attr_aik_create(aik); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_REQ_FILE_MEAS: @@ -237,7 +237,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { error_code = pen_type_create(PEN_TCG, pts_error); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } else if (!valid_path) @@ -250,7 +250,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_INVALID_DELIMITER); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } @@ -268,7 +268,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, } attr = tcg_pts_attr_file_meas_create(measurements); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } case TCG_PTS_REQ_FILE_META: @@ -291,7 +291,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, { error_code = pen_type_create(PEN_TCG, pts_error); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } else if (!valid_path) @@ -303,7 +303,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_INVALID_DELIMITER); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* Get File Metadata and send them to PTS-IMV */ @@ -319,8 +319,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, } attr = tcg_pts_attr_unix_file_meta_create(metadata); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); - + msg->add_attribute(msg, attr); break; } case TCG_PTS_REQ_FUNC_COMP_EVID: @@ -353,7 +352,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_UNABLE_DET_TTC); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } if (flags & PTS_REQ_FUNC_COMP_EVID_VER && @@ -362,7 +361,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_UNABLE_LOCAL_VAL); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } if (flags & PTS_REQ_FUNC_COMP_EVID_CURR && @@ -371,7 +370,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_UNABLE_CUR_EVID); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } if (flags & PTS_REQ_FUNC_COMP_EVID_PCR && @@ -380,7 +379,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, error_code = pen_type_create(PEN_TCG, TCG_PTS_UNABLE_DET_PCR); attr = ietf_attr_pa_tnc_error_create(error_code, attr_info); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } if (depth > 0) @@ -425,7 +424,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, while (attestation_state->next_evidence(attestation_state, &evid)) { attr = tcg_pts_attr_simple_comp_evid_create(evid); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); } use_quote2 = lib->settings->get_bool(lib->settings, @@ -443,7 +442,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, attr = tcg_pts_attr_simple_evid_final_create(flags, comp_hash_algorithm, pcr_composite, quote_sig); - attr_list->insert_last(attr_list, attr); + msg->add_attribute(msg, attr); break; } /* TODO: Not implemented yet */ diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.h b/src/libpts/plugins/imc_attestation/imc_attestation_process.h index b6dca1f56..5ada104fa 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_process.h +++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.h @@ -26,6 +26,7 @@ #include <library.h> +#include <imc/imc_msg.h> #include <pa_tnc/pa_tnc_attr.h> #include <pts/pts_dh_group.h> @@ -35,13 +36,13 @@ * Process a TCG PTS attribute * * @param attr PA-TNC attribute to be processed - * @param attr_list list with PA-TNC error attributes + * @param msg outbound PA-TNC message to be assembled * @param attestation_state attestation state of a given connection * @param supported_algorithms supported PTS measurement algorithms * @param supported_dh_groups supported DH groups * @return TRUE if successful */ -bool imc_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, +bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, imc_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups); diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.c b/src/libpts/plugins/imc_attestation/imc_attestation_state.c index 23cbd84d8..b3d35102b 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation_state.c @@ -129,8 +129,6 @@ METHOD(imc_state_t, set_result, void, private_imc_attestation_state_t *this, TNC_IMCID id, TNC_IMV_Evaluation_Result result) { - DBG1(DBG_IMC, "set assessment result for IMC %u to '%N'", - id, TNC_IMV_Evaluation_Result_names, result); this->result = result; } diff --git a/src/libpts/plugins/imv_attestation/imv_attestation.c b/src/libpts/plugins/imv_attestation/imv_attestation.c index 23bfda4f8..a5175d96e 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation.c @@ -18,6 +18,7 @@ #include "imv_attestation_build.h" #include <imv/imv_agent.h> +#include <imv/imv_msg.h> #include <pa_tnc/pa_tnc_msg.h> #include <ietf/ietf_attr.h> #include <ietf/ietf_attr_pa_tnc_error.h> @@ -169,97 +170,55 @@ TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id, } } -static TNC_Result send_message(TNC_ConnectionID connection_id) +static TNC_Result send_message(imv_state_t *state, imv_msg_t *out_msg) { - linked_list_t *attr_list; - imv_state_t *state; imv_attestation_state_t *attestation_state; TNC_Result result; - if (!imv_attestation->get_state(imv_attestation, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } attestation_state = (imv_attestation_state_t*)state; - attr_list = linked_list_create(); - if (imv_attestation_build(attr_list, attestation_state, supported_algorithms, + if (imv_attestation_build(out_msg, attestation_state, supported_algorithms, supported_dh_groups, pts_db)) { - if (attr_list->get_count(attr_list)) - { - result = imv_attestation->send_message(imv_attestation, - connection_id, FALSE, 0, TNC_IMCID_ANY, - PEN_TCG, PA_SUBTYPE_TCG_PTS, attr_list); - } - else - { - result = TNC_RESULT_SUCCESS; - } - attr_list->destroy(attr_list); + result = out_msg->send(out_msg, TRUE); } else { - attr_list->destroy_offset(attr_list, offsetof(pa_tnc_attr_t, destroy)); + out_msg->delete_attributes(out_msg); result = TNC_RESULT_FATAL; } return result; } -static TNC_Result receive_message(TNC_IMVID imv_id, - TNC_ConnectionID connection_id, - TNC_UInt32 msg_flags, - chunk_t msg, - TNC_VendorID msg_vid, - TNC_MessageSubtype msg_subtype, - TNC_UInt32 src_imc_id, - TNC_UInt32 dst_imv_id) +static TNC_Result receive_message(imv_state_t *state, imv_msg_t *in_msg) { - pa_tnc_msg_t *pa_tnc_msg; + imv_attestation_state_t *attestation_state; + imv_msg_t *out_msg; + enumerator_t *enumerator; pa_tnc_attr_t *attr; pen_type_t type; - linked_list_t *attr_list; - imv_state_t *state; - imv_attestation_state_t *attestation_state; + TNC_Result result; pts_t *pts; chunk_t os_name = chunk_empty; chunk_t os_version = chunk_empty; - enumerator_t *enumerator; - TNC_Result result; + bool fatal_error = FALSE; - if (!imv_attestation) + /* parse received PA-TNC message and handle local and remote errors */ + result = in_msg->receive(in_msg, &fatal_error); + if (result != TNC_RESULT_SUCCESS) { - DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); - return TNC_RESULT_NOT_INITIALIZED; + return result; } - /* get current IMV state */ - if (!imv_attestation->get_state(imv_attestation, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } attestation_state = (imv_attestation_state_t*)state; pts = attestation_state->get_pts(attestation_state); - /* parse received PA-TNC message and automatically handle any errors */ - result = imv_attestation->receive_message(imv_attestation, state, msg, - msg_vid, msg_subtype, src_imc_id, dst_imv_id, &pa_tnc_msg); - - /* no parsed PA-TNC attributes available if an error occurred */ - if (!pa_tnc_msg) - { - return result; - } - - /* preprocess any IETF standard error attributes */ - result = pa_tnc_msg->process_ietf_std_errors(pa_tnc_msg) ? - TNC_RESULT_FATAL : TNC_RESULT_SUCCESS; - - attr_list = linked_list_create(); + out_msg = imv_msg_create_as_reply(in_msg); + out_msg->set_msg_type(out_msg, msg_types[0]); /* analyze PA-TNC attributes */ - enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg); + enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { type = attr->get_type(attr); @@ -311,7 +270,7 @@ static TNC_Result receive_message(TNC_IMVID imv_id, } else if (type.vendor_id == PEN_TCG) { - if (!imv_attestation_process(attr, attr_list, attestation_state, + if (!imv_attestation_process(attr, out_msg, attestation_state, supported_algorithms,supported_dh_groups, pts_db, pts_credmgr)) { result = TNC_RESULT_FATAL; @@ -325,37 +284,46 @@ static TNC_Result receive_message(TNC_IMVID imv_id, { pts->set_platform_info(pts, os_name, os_version); } - pa_tnc_msg->destroy(pa_tnc_msg); if (result != TNC_RESULT_SUCCESS) { - attr_list->destroy_offset(attr_list, offsetof(pa_tnc_attr_t, destroy)); + out_msg->delete_attributes(out_msg); state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, TNC_IMV_EVALUATION_RESULT_ERROR); - return imv_attestation->provide_recommendation(imv_attestation, - connection_id, src_imc_id, PEN_TCG, PA_SUBTYPE_TCG_PTS); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return imv_attestation->provide_recommendation(imv_attestation, state); } - if (attr_list->get_count(attr_list)) + /* send PA-TNC message with excl flag set */ + result = out_msg->send(out_msg, TRUE); + + if (result != TNC_RESULT_SUCCESS) { - result = imv_attestation->send_message(imv_attestation, connection_id, - FALSE, 0, TNC_IMCID_ANY, PEN_TCG, PA_SUBTYPE_TCG_PTS, - attr_list); - attr_list->destroy(attr_list); + out_msg->destroy(out_msg); return result; } - attr_list->destroy(attr_list); /* check the IMV state for the next PA-TNC attributes to send */ - result = send_message(connection_id); + result = send_message(state, out_msg); + if (result != TNC_RESULT_SUCCESS) { state->set_recommendation(state, TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, TNC_IMV_EVALUATION_RESULT_ERROR); - return imv_attestation->provide_recommendation(imv_attestation, - connection_id, src_imc_id, PEN_TCG, PA_SUBTYPE_TCG_PTS); + out_msg->delete_attributes(out_msg); + result = out_msg->send_assessment(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return imv_attestation->provide_recommendation(imv_attestation, state); } if (attestation_state->get_handshake_state(attestation_state) == @@ -379,9 +347,15 @@ static TNC_Result receive_message(TNC_IMVID imv_id, TNC_IMV_ACTION_RECOMMENDATION_ALLOW, TNC_IMV_EVALUATION_RESULT_COMPLIANT); } - return imv_attestation->provide_recommendation(imv_attestation, - connection_id, src_imc_id, PEN_TCG, PA_SUBTYPE_TCG_PTS); + result = out_msg->send_assessment(out_msg); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + return result; + } + return imv_attestation->provide_recommendation(imv_attestation, state); } + out_msg->destroy(out_msg); return result; } @@ -395,14 +369,25 @@ TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id, TNC_UInt32 msg_len, TNC_MessageType msg_type) { - TNC_VendorID msg_vid; - TNC_MessageSubtype msg_subtype; + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; - msg_vid = msg_type >> 8; - msg_subtype = msg_type & TNC_SUBTYPE_ANY; + if (!imv_attestation) + { + DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imv_attestation->get_state(imv_attestation, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_data(imv_attestation, state, connection_id, + msg_type, chunk_create(msg, msg_len)); + result = receive_message(state, in_msg); + in_msg->destroy(in_msg); - return receive_message(imv_id, connection_id, 0, chunk_create(msg, msg_len), - msg_vid, msg_subtype, 0, TNC_IMVID_ANY); + return result; } /** @@ -418,9 +403,26 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id) { - return receive_message(imv_id, connection_id, msg_flags, - chunk_create(msg, msg_len), msg_vid, msg_subtype, - src_imc_id, dst_imv_id); + imv_state_t *state; + imv_msg_t *in_msg; + TNC_Result result; + + if (!imv_attestation) + { + DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); + return TNC_RESULT_NOT_INITIALIZED; + } + if (!imv_attestation->get_state(imv_attestation, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + in_msg = imv_msg_create_from_long_data(imv_attestation, state, connection_id, + src_imc_id, dst_imv_id, msg_vid, msg_subtype, + chunk_create(msg, msg_len)); + result =receive_message(state, in_msg); + in_msg->destroy(in_msg); + + return result; } /** @@ -429,13 +431,18 @@ TNC_Result TNC_IMV_ReceiveMessageLong(TNC_IMVID imv_id, TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, TNC_ConnectionID connection_id) { + imv_state_t *state; + if (!imv_attestation) { DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); return TNC_RESULT_NOT_INITIALIZED; } - return imv_attestation->provide_recommendation(imv_attestation, - connection_id, TNC_IMCID_ANY, PEN_TCG, PA_SUBTYPE_TCG_PTS); + if (!imv_attestation->get_state(imv_attestation, connection_id, &state)) + { + return TNC_RESULT_FATAL; + } + return imv_attestation->provide_recommendation(imv_attestation, state); } /** @@ -444,27 +451,11 @@ TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id, TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id, TNC_ConnectionID connection_id) { - imv_state_t *state; - imv_attestation_state_t *attestation_state; - if (!imv_attestation) { DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name); return TNC_RESULT_NOT_INITIALIZED; } - /* get current IMV state */ - if (!imv_attestation->get_state(imv_attestation, connection_id, &state)) - { - return TNC_RESULT_FATAL; - } - attestation_state = (imv_attestation_state_t*)state; - - /* Check if IMV has to initiate the PA-TNC exchange */ - if (attestation_state->get_handshake_state(attestation_state) == - IMV_ATTESTATION_STATE_INIT) - { - return send_message(connection_id); - } return TNC_RESULT_SUCCESS; } diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libpts/plugins/imv_attestation/imv_attestation_build.c index 23195d6e3..2f3672445 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.c @@ -29,7 +29,7 @@ #include <debug.h> -bool imv_attestation_build(linked_list_t *attr_list, +bool imv_attestation_build(imv_msg_t *out_msg, imv_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups, @@ -76,12 +76,12 @@ bool imv_attestation_build(linked_list_t *attr_list, flags = pts->get_proto_caps(pts); attr = tcg_pts_attr_proto_caps_create(flags, TRUE); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); /* Send Measurement Algorithms attribute */ attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); attestation_state->set_handshake_state(attestation_state, IMV_ATTESTATION_STATE_NONCE_REQ); @@ -97,7 +97,7 @@ bool imv_attestation_build(linked_list_t *attr_list, attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len, supported_dh_groups); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); attestation_state->set_handshake_state(attestation_state, IMV_ATTESTATION_STATE_TPM_INIT); @@ -116,18 +116,18 @@ bool imv_attestation_build(linked_list_t *attr_list, attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm, initiator_value, initiator_nonce); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); } /* Send Get TPM Version attribute */ attr = tcg_pts_attr_get_tpm_version_info_create(); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); /* Send Get AIK attribute */ attr = tcg_pts_attr_get_aik_create(); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); attestation_state->set_handshake_state(attestation_state, IMV_ATTESTATION_STATE_MEAS); @@ -140,7 +140,7 @@ bool imv_attestation_build(linked_list_t *attr_list, char *platform_info, *pathname; u_int16_t request_id; int id, type; - bool is_dir; + bool is_dir, have_request = FALSE; attestation_state->set_handshake_state(attestation_state, IMV_ATTESTATION_STATE_COMP_EVID); @@ -173,7 +173,8 @@ bool imv_attestation_build(linked_list_t *attr_list, attr = tcg_pts_attr_req_file_meta_create(is_dir, delimiter, pathname); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); + have_request = TRUE; } enumerator->destroy(enumerator); @@ -194,12 +195,13 @@ bool imv_attestation_build(linked_list_t *attr_list, attr = tcg_pts_attr_req_file_meas_create(is_dir, request_id, delimiter, pathname); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); + have_request = TRUE; } enumerator->destroy(enumerator); /* do we have any file metadata or measurement requests? */ - if (attr_list->get_count(attr_list)) + if (have_request) { break; } @@ -282,12 +284,12 @@ bool imv_attestation_build(linked_list_t *attr_list, if (attr) { /* Send Request Functional Component Evidence attribute */ - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); /* Send Generate Attestation Evidence attribute */ attr = tcg_pts_attr_gen_attest_evid_create(); attr->set_noskip_flag(attr, TRUE); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); attestation_state->set_handshake_state(attestation_state, IMV_ATTESTATION_STATE_EVID_FINAL); diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.h b/src/libpts/plugins/imv_attestation/imv_attestation_build.h index 7f934fd09..0fc10f0ce 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_build.h +++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.h @@ -24,7 +24,7 @@ #include "imv_attestation_state.h" -#include <pa_tnc/pa_tnc_msg.h> +#include <imv/imv_msg.h> #include <library.h> #include <pts/pts_database.h> @@ -34,14 +34,14 @@ /** * Process a TCG PTS attribute * - * @param attr_list list of PA-TNC attriubutes to be built + * @param out_msg outbound PA-TNC message to be built * @param attestation_state attestation state of a given connection * @param supported_algorithms supported PTS measurement algorithms * @param supported_dh_groups supported DH groups * @param pts_db PTS configuration database * @return TRUE if successful */ -bool imv_attestation_build(linked_list_t *attr_list, +bool imv_attestation_build(imv_msg_t *out_msg, imv_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups, diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libpts/plugins/imv_attestation/imv_attestation_process.c index 37e9ac77a..39ba9f014 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_process.c @@ -34,7 +34,7 @@ #include <inttypes.h> -bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, +bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, imv_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups, @@ -96,7 +96,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, attr = pts_dh_nonce_error_create( max(PTS_MIN_NONCE_LEN, min_nonce_len), PTS_MAX_NONCE_LEN); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); break; } @@ -113,7 +113,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, if (selected_algorithm == PTS_MEAS_ALGO_NONE) { attr = pts_hash_alg_error_create(supported_algorithms); - attr_list->insert_last(attr_list, attr); + out_msg->add_attribute(out_msg, attr); break; } pts->set_dh_hash_algorithm(pts, selected_algorithm); diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.h b/src/libpts/plugins/imv_attestation/imv_attestation_process.h index 4d4eeefbb..b809ccfab 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_process.h +++ b/src/libpts/plugins/imv_attestation/imv_attestation_process.h @@ -29,6 +29,7 @@ #include <credentials/credential_manager.h> #include <crypto/hashers/hasher.h> +#include <imv/imv_msg.h> #include <pa_tnc/pa_tnc_attr.h> #include <pts/pts_database.h> @@ -39,7 +40,7 @@ * Process a TCG PTS attribute * * @param attr PA-TNC attribute to be processed - * @param attr_list list with PA-TNC error attributes + * @param out_msg PA-TNC message containing error messages * @param attestation_state attestation state of a given connection * @param supported_algorithms supported PTS measurement algorithms * @param supported_dh_groups supported DH groups @@ -47,7 +48,7 @@ * @param pts_credmgr PTS credential manager * @return TRUE if successful */ -bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list, +bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, imv_attestation_state_t *attestation_state, pts_meas_algorithms_t supported_algorithms, pts_dh_group_t supported_dh_groups, |