diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/tnc_tnccs/Makefile.am | 1 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c | 103 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnccs_11/tnccs_11.c | 14 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnccs_20/tnccs_20.c | 14 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c | 14 | ||||
| -rw-r--r-- | src/libimcv/imv/imv_agent.c | 109 | ||||
| -rw-r--r-- | src/libtls/tls.c | 14 | ||||
| -rw-r--r-- | src/libtls/tls.h | 14 | ||||
| -rw-r--r-- | src/libtncif/Makefile.am | 1 | ||||
| -rw-r--r-- | src/libtncif/tncif_identity.c | 205 | ||||
| -rw-r--r-- | src/libtncif/tncif_identity.h | 112 | ||||
| -rw-r--r-- | src/libtncif/tncif_names.c | 17 | ||||
| -rw-r--r-- | src/libtncif/tncif_names.h | 2 | ||||
| -rw-r--r-- | src/libtncif/tncifimv.h | 25 |
14 files changed, 645 insertions, 0 deletions
diff --git a/src/libcharon/plugins/tnc_tnccs/Makefile.am b/src/libcharon/plugins/tnc_tnccs/Makefile.am index c7fc02f7c..9ee9e86ad 100644 --- a/src/libcharon/plugins/tnc_tnccs/Makefile.am +++ b/src/libcharon/plugins/tnc_tnccs/Makefile.am @@ -1,6 +1,7 @@ INCLUDES = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtls \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libtnccs diff --git a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c index 8e69476b6..8d3c8a9e1 100644 --- a/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c +++ b/src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c @@ -20,7 +20,13 @@ #include <tnc/imc/imc_manager.h> #include <tnc/imv/imv_manager.h> +#include <tncif_identity.h> + +#include <tls.h> + #include <utils/debug.h> +#include <pen/pen.h> +#include <bio/bio_writer.h> #include <collections/linked_list.h> #include <threading/rwlock.h> @@ -443,6 +449,44 @@ static TNC_Result str_attribute(TNC_UInt32 buffer_len, } } +/** + * Write the value of a TNC identity list into the buffer + */ +static TNC_Result identity_attribute(TNC_UInt32 buffer_len, + TNC_BufferReference buffer, + TNC_UInt32 *value_len, + linked_list_t *list) +{ + bio_writer_t *writer; + enumerator_t *enumerator; + u_int32_t count; + chunk_t value; + tncif_identity_t *tnc_id; + TNC_Result result = TNC_RESULT_INVALID_PARAMETER; + + count = list->get_count(list); + writer = bio_writer_create(4 + TNCIF_IDENTITY_MIN_SIZE * count); + writer->write_uint32(writer, count); + + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &tnc_id)) + { + tnc_id->build(tnc_id, writer); + } + enumerator->destroy(enumerator); + + value = writer->get_buf(writer); + *value_len = value.len; + if (buffer && buffer_len >= value.len) + { + memcpy(buffer, value.ptr, value.len); + result = TNC_RESULT_SUCCESS; + } + writer->destroy(writer); + + return result; +} + METHOD(tnccs_manager_t, get_attribute, TNC_Result, private_tnc_tnccs_manager_t *this, bool is_imc, TNC_UInt32 imcv_id, @@ -488,6 +532,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, /* these attributes are supported */ case TNC_ATTRIBUTEID_PRIMARY_IMV_ID: + case TNC_ATTRIBUTEID_AR_IDENTITIES: attribute_match = TRUE; break; @@ -626,6 +671,64 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, "IF-T for Tunneled EAP"); case TNC_ATTRIBUTEID_IFT_VERSION: return str_attribute(buffer_len, buffer, value_len, "1.1"); + case TNC_ATTRIBUTEID_AR_IDENTITIES: + { + linked_list_t *list; + tls_t *tnccs; + identification_t *peer; + tncif_identity_t *tnc_id; + u_int32_t id_type, subject_type; + TNC_Result result; + + list = linked_list_create(); + tnccs = (tls_t*)entry->tnccs; + peer = tnccs->get_peer_id(tnccs); + if (peer) + { + switch (peer->get_type(peer)) + { + case ID_IPV4_ADDR: + id_type = TNC_ID_IPV4_ADDR; + subject_type = TNC_SUBJECT_MACHINE; + break; + case ID_IPV6_ADDR: + id_type = TNC_ID_IPV6_ADDR; + subject_type = TNC_SUBJECT_MACHINE; + break; + case ID_FQDN: + id_type = TNC_ID_FQDN; + subject_type = TNC_SUBJECT_MACHINE; + break; + case ID_RFC822_ADDR: + id_type = TNC_ID_RFC822_ADDR; + subject_type = TNC_SUBJECT_USER; + break; + case ID_DER_ASN1_DN: + id_type = TNC_ID_DER_ASN1_DN; + subject_type = TNC_SUBJECT_UNKNOWN; + break; + case ID_DER_ASN1_GN: + id_type = TNC_ID_DER_ASN1_GN; + subject_type = TNC_SUBJECT_UNKNOWN; + break; + default: + id_type = TNC_ID_UNKNOWN; + subject_type = TNC_SUBJECT_UNKNOWN; + } + if (id_type != TNC_ID_UNKNOWN) + { + tnc_id = tncif_identity_create( + pen_type_create(PEN_TCG, id_type), + peer->get_encoding(peer), + pen_type_create(PEN_TCG, subject_type), + pen_type_create(PEN_TCG, TNC_AUTH_UNKNOWN)); + list->insert_last(list, tnc_id); + } + } + result = identity_attribute(buffer_len, buffer, value_len, list); + list->destroy_offset(list, offsetof(tncif_identity_t, destroy)); + return result; + } default: return TNC_RESULT_INVALID_PARAMETER; } diff --git a/src/libcharon/plugins/tnccs_11/tnccs_11.c b/src/libcharon/plugins/tnccs_11/tnccs_11.c index c1224af75..4720f797a 100644 --- a/src/libcharon/plugins/tnccs_11/tnccs_11.c +++ b/src/libcharon/plugins/tnccs_11/tnccs_11.c @@ -505,6 +505,18 @@ METHOD(tls_t, is_server, bool, return this->is_server; } +METHOD(tls_t, get_server_id, identification_t*, + private_tnccs_11_t *this) +{ + return this->server; +} + +METHOD(tls_t, get_peer_id, identification_t*, + private_tnccs_11_t *this) +{ + return this->peer; +} + METHOD(tls_t, get_purpose, tls_purpose_t, private_tnccs_11_t *this) { @@ -558,6 +570,8 @@ tls_t *tnccs_11_create(bool is_server, identification_t *server, .process = _process, .build = _build, .is_server = _is_server, + .get_server_id = _get_server_id, + .get_peer_id = _get_peer_id, .get_purpose = _get_purpose, .is_complete = _is_complete, .get_eap_msk = _get_eap_msk, diff --git a/src/libcharon/plugins/tnccs_20/tnccs_20.c b/src/libcharon/plugins/tnccs_20/tnccs_20.c index 1e06c1a47..fbbbebee6 100644 --- a/src/libcharon/plugins/tnccs_20/tnccs_20.c +++ b/src/libcharon/plugins/tnccs_20/tnccs_20.c @@ -769,6 +769,18 @@ METHOD(tls_t, is_server, bool, return this->is_server; } +METHOD(tls_t, get_server_id, identification_t*, + private_tnccs_20_t *this) +{ + return this->server; +} + +METHOD(tls_t, get_peer_id, identification_t*, + private_tnccs_20_t *this) +{ + return this->peer; +} + METHOD(tls_t, get_purpose, tls_purpose_t, private_tnccs_20_t *this) { @@ -824,6 +836,8 @@ tls_t *tnccs_20_create(bool is_server, identification_t *server, .process = _process, .build = _build, .is_server = _is_server, + .get_server_id = _get_server_id, + .get_peer_id = _get_peer_id, .get_purpose = _get_purpose, .is_complete = _is_complete, .get_eap_msk = _get_eap_msk, diff --git a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c index 0fbb2f67e..4b04d6920 100644 --- a/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c +++ b/src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c @@ -109,6 +109,18 @@ METHOD(tls_t, is_server, bool, return TRUE; } +METHOD(tls_t, get_server_id, identification_t*, + private_tnccs_dynamic_t *this) +{ + return this->server; +} + +METHOD(tls_t, get_peer_id, identification_t*, + private_tnccs_dynamic_t *this) +{ + return this->peer; +} + METHOD(tls_t, get_purpose, tls_purpose_t, private_tnccs_dynamic_t *this) { @@ -149,6 +161,8 @@ tls_t *tnccs_dynamic_create(bool is_server, identification_t *server, .process = _process, .build = _build, .is_server = _is_server, + .get_server_id = _get_server_id, + .get_peer_id = _get_peer_id, .get_purpose = _get_purpose, .is_complete = _is_complete, .get_eap_msk = _get_eap_msk, diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index 6a33e396c..99683bc72 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -18,8 +18,11 @@ #include "ietf/ietf_attr_assess_result.h" #include <tncif_names.h> +#include <tncif_identity.h> #include <utils/debug.h> +#include <collections/linked_list.h> +#include <bio/bio_reader.h> #include <threading/rwlock.h> typedef struct private_imv_agent_t private_imv_agent_t; @@ -352,12 +355,59 @@ static u_int32_t get_uint_attribute(private_imv_agent_t *this, TNC_ConnectionID return 0; } +/** + * Read a TNC identity attribute + */ +static linked_list_t* get_identity_attribute(private_imv_agent_t *this, + TNC_ConnectionID id, + TNC_AttributeID attribute_id) +{ + TNC_UInt32 len; + char buf[2048]; + u_int32_t count; + tncif_identity_t *tnc_id; + bio_reader_t *reader; + linked_list_t *list; + + list = linked_list_create(); + + if (!this->get_attribute || + this->get_attribute(this->id, id, attribute_id, sizeof(buf), buf, &len) + != TNC_RESULT_SUCCESS || len > sizeof(buf)) + { + return list; + } + + reader = bio_reader_create(chunk_create(buf, len)); + if (!reader->read_uint32(reader, &count)) + { + goto end; + } + while (count--) + { + tnc_id = tncif_identity_create_empty(); + if (!tnc_id->process(tnc_id, reader)) + { + tnc_id->destroy(tnc_id); + goto end; + } + list->insert_last(list, tnc_id); + } + +end: + reader->destroy(reader); + return list; + } + METHOD(imv_agent_t, create_state, TNC_Result, private_imv_agent_t *this, imv_state_t *state) { TNC_ConnectionID conn_id; char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL; bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE; + linked_list_t *ar_identities; + enumerator_t *enumerator; + tncif_identity_t *tnc_id; u_int32_t max_msg_len; conn_id = state->get_connection_id(state); @@ -378,6 +428,7 @@ METHOD(imv_agent_t, create_state, TNC_Result, t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL); t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION); max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE); + ar_identities = get_identity_attribute(this, conn_id, TNC_ATTRIBUTEID_AR_IDENTITIES); state->set_flags(state, has_long, has_excl); state->set_max_msg_len(state, max_msg_len); @@ -389,6 +440,64 @@ METHOD(imv_agent_t, create_state, TNC_Result, DBG2(DBG_IMV, " over %s %s with maximum PA-TNC message size of %u bytes", t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len); + enumerator = ar_identities->create_enumerator(ar_identities); + while (enumerator->enumerate(enumerator, &tnc_id)) + { + pen_type_t id_type, subject_type, auth_type; + int tcg_id_type, tcg_subject_type, tcg_auth_type; + chunk_t id_value; + id_type_t ike_type; + identification_t *id; + + id_type = tnc_id->get_identity_type(tnc_id); + id_value = tnc_id->get_identity_value(tnc_id); + subject_type = tnc_id->get_subject_type(tnc_id); + auth_type = tnc_id->get_auth_type(tnc_id); + + tcg_id_type = (id_type.vendor_id == PEN_TCG) ? + id_type.type : TNC_ID_UNKNOWN; + tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ? + subject_type.type : TNC_SUBJECT_UNKNOWN; + tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ? + auth_type.type : TNC_AUTH_UNKNOWN; + + switch (tcg_id_type) + { + case TNC_ID_IPV4_ADDR: + ike_type = ID_IPV4_ADDR; + break; + case TNC_ID_IPV6_ADDR: + ike_type = ID_IPV6_ADDR; + break; + case TNC_ID_FQDN: + case TNC_ID_USER_NAME: + ike_type = ID_FQDN; + break; + case TNC_ID_RFC822_ADDR: + ike_type = ID_RFC822_ADDR; + break; + case TNC_ID_DER_ASN1_DN: + ike_type = ID_DER_ASN1_DN; + break; + case TNC_ID_DER_ASN1_GN: + ike_type = ID_IPV4_ADDR; + break; + case TNC_ID_UNKNOWN: + default: + ike_type = ID_KEY_ID; + break; + } + + id = identification_create_from_encoding(ike_type, id_value); + DBG2(DBG_IMV, "%N identity '%Y' authenticated by %N", + TNC_Subject_names, tcg_subject_type, id, + TNC_Authentication_names, tcg_auth_type); + id->destroy(id); + } + enumerator->destroy(enumerator); + + ar_identities->destroy_offset(ar_identities, + offsetof(tncif_identity_t, destroy)); free(tnccs_p); free(tnccs_v); free(t_p); diff --git a/src/libtls/tls.c b/src/libtls/tls.c index dea08e3eb..85a05a00b 100644 --- a/src/libtls/tls.c +++ b/src/libtls/tls.c @@ -359,6 +359,18 @@ METHOD(tls_t, is_server, bool, return this->is_server; } +METHOD(tls_t, get_server_id, identification_t*, + private_tls_t *this) +{ + return this->server; +} + +METHOD(tls_t, get_peer_id, identification_t*, + private_tls_t *this) +{ + return this->peer; +} + METHOD(tls_t, get_version, tls_version_t, private_tls_t *this) { @@ -457,6 +469,8 @@ tls_t *tls_create(bool is_server, identification_t *server, .process = _process, .build = _build, .is_server = _is_server, + .get_server_id = _get_server_id, + .get_peer_id = _get_peer_id, .get_version = _get_version, .set_version = _set_version, .get_purpose = _get_purpose, diff --git a/src/libtls/tls.h b/src/libtls/tls.h index 6b4876f73..c8186b829 100644 --- a/src/libtls/tls.h +++ b/src/libtls/tls.h @@ -193,6 +193,20 @@ struct tls_t { bool (*is_server)(tls_t *this); /** + * Return the server identity + * + * @return Server identity + */ + identification_t* (*get_server_id)(tls_t *this); + + /** + * Return the peer identity + * + * @return Peer identity + */ + identification_t* (*get_peer_id)(tls_t *this); + + /** * Get the negotiated TLS/SSL version. * * @return negotiated TLS version diff --git a/src/libtncif/Makefile.am b/src/libtncif/Makefile.am index cc262ffca..6da1201f3 100644 --- a/src/libtncif/Makefile.am +++ b/src/libtncif/Makefile.am @@ -4,6 +4,7 @@ noinst_LTLIBRARIES = libtncif.la libtncif_la_SOURCES = \ tncif.h tncifimc.h tncifimv.h tncif_names.h tncif_names.c \ +tncif_identity.h tncif_identity.c \ tncif_pa_subtypes.h tncif_pa_subtypes.c EXTRA_DIST = Android.mk diff --git a/src/libtncif/tncif_identity.c b/src/libtncif/tncif_identity.c new file mode 100644 index 000000000..66de83dbd --- /dev/null +++ b/src/libtncif/tncif_identity.c @@ -0,0 +1,205 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tncif_identity.h" + +#include <bio/bio_writer.h> +#include <bio/bio_reader.h> +#include <pen/pen.h> +#include <utils/debug.h> + +typedef struct private_tncif_identity_t private_tncif_identity_t; + +/** + * TNC Identity List Attribute Format (TCG TNC IF-IMV 1.4 Draft) + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Identity Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | RESERVED | Identity Type Vendor ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Identity Type | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Identity Value Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | | + * ~ Identity Value ~ + * | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | RESERVED | Subject Type Vendor ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Subject Type | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | RESERVED | Authentication Method Vendor ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Authentication Method | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Private data of a tncif_identity_t object. + * + */ +struct private_tncif_identity_t { + + /** + * Public tncif_identity_t interface. + */ + tncif_identity_t public; + + /** + * Identity Type + */ + pen_type_t identity_type; + + /** + * Identity Value + */ + chunk_t identity_value; + + /** + * Subject Type + */ + pen_type_t subject_type; + + /** + * Authentication Type + */ + pen_type_t auth_type; +}; + +METHOD(tncif_identity_t, get_identity_type, pen_type_t, + private_tncif_identity_t *this) +{ + return this->identity_type; +} + +METHOD(tncif_identity_t, get_identity_value, chunk_t, + private_tncif_identity_t *this) +{ + return this->identity_value; +} + +METHOD(tncif_identity_t, get_subject_type, pen_type_t, + private_tncif_identity_t *this) +{ + return this->subject_type; +} + +METHOD(tncif_identity_t, get_auth_type, pen_type_t, + private_tncif_identity_t *this) +{ + return this->auth_type; +} + +METHOD(tncif_identity_t, build, void, + private_tncif_identity_t *this, bio_writer_t *writer) +{ + writer->write_uint32(writer, this->identity_type.vendor_id); + writer->write_uint32(writer, this->identity_type.type); + writer->write_data32(writer, this->identity_value); + writer->write_uint32(writer, this->subject_type.vendor_id); + writer->write_uint32(writer, this->subject_type.type); + writer->write_uint32(writer, this->auth_type.vendor_id); + writer->write_uint32(writer, this->auth_type.type); +} + +METHOD(tncif_identity_t, process, bool, + private_tncif_identity_t *this, bio_reader_t *reader) +{ + u_int8_t reserved; + u_int32_t vendor_id, type; + chunk_t identity_value; + + if (reader->remaining(reader) < TNCIF_IDENTITY_MIN_SIZE) + { + return FALSE; + } + reader->read_uint8 (reader, &reserved); + reader->read_uint24(reader, &vendor_id); + reader->read_uint32(reader, &type); + this->identity_type = pen_type_create(vendor_id, type); + + if (!reader->read_data32(reader, &identity_value) || + reader->remaining(reader) < 16) + { + return FALSE; + } + this->identity_value = chunk_clone(identity_value); + + reader->read_uint8 (reader, &reserved); + reader->read_uint24(reader, &vendor_id); + reader->read_uint32(reader, &type); + this->subject_type = pen_type_create(vendor_id, type); + + reader->read_uint8 (reader, &reserved); + reader->read_uint24(reader, &vendor_id); + reader->read_uint32(reader, &type); + this->auth_type = pen_type_create(vendor_id, type); + + return TRUE; +} + +METHOD(tncif_identity_t, destroy, void, + private_tncif_identity_t *this) +{ + free(this->identity_value.ptr); + free(this); +} + + +/** + * See header + */ +tncif_identity_t *tncif_identity_create_empty(void) +{ + private_tncif_identity_t *this; + + INIT(this, + .public = { + .get_identity_type = _get_identity_type, + .get_identity_value = _get_identity_value, + .get_subject_type = _get_subject_type, + .get_auth_type = _get_auth_type, + .build = _build, + .process = _process, + .destroy = _destroy, + }, + ); + + return &this->public; +} + +/** + * See header + */ +tncif_identity_t *tncif_identity_create(pen_type_t identity_type, + chunk_t identity_value, + pen_type_t subject_type, + pen_type_t auth_type) +{ + private_tncif_identity_t *this; + + this = (private_tncif_identity_t*)tncif_identity_create_empty(); + this->identity_type = identity_type; + this->identity_value = chunk_clone(identity_value); + this->subject_type = subject_type; + this->auth_type = auth_type; + + return &this->public; +} + diff --git a/src/libtncif/tncif_identity.h b/src/libtncif/tncif_identity.h new file mode 100644 index 000000000..3ef0dd4f0 --- /dev/null +++ b/src/libtncif/tncif_identity.h @@ -0,0 +1,112 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup libtncif libtncif + * + * @addtogroup libtncif + * TNC interface definitions + * + * @defgroup tnc_identities tnc_identities + * @{ @ingroup libtncif + */ + +#ifndef TNCIF_IDENTITY_H_ +#define TNCIF_IDENTITY_H_ + +#include <library.h> + +#include <pen/pen.h> +#include <bio/bio_reader.h> +#include <bio/bio_writer.h> + +#define TNCIF_IDENTITY_MIN_SIZE 28 + +typedef struct tncif_identity_t tncif_identity_t; + +/** + * Public interface of a TNC Identity object + */ +struct tncif_identity_t { + + /** + * Get the TNC Identity Type + * + * @return TNC Identity Type + */ + pen_type_t (*get_identity_type)(tncif_identity_t *this); + + /** + * Get the TNC Identity Value + * + * @return TNC Identity Value + */ + chunk_t (*get_identity_value)(tncif_identity_t *this); + + /** + * Get the TNC Subject Type + * + * @return TNC Subject Type + */ + pen_type_t (*get_subject_type)(tncif_identity_t *this); + + /** + * Get the TNC Authentication Type + * + * @return TNC Authentication Type + */ + pen_type_t (*get_auth_type)(tncif_identity_t *this); + + /** + * Build the IF-IMV TNC Identity attribute encoding + * + * @param writer writer to write encoded data to + */ + void (*build)(tncif_identity_t *this, bio_writer_t *writer); + + /** + * Process the IF-IMV TNC Identity attribute encoding + * + * @param reader reader to read encoded data from + * @return TRUE if successful + */ + bool (*process)(tncif_identity_t *this, bio_reader_t *reader); + + /** + * Destroys a tncif_identity_t object. + */ + void (*destroy)(tncif_identity_t *this); + +}; + +/** + * Create an empty TNC Identity object + */ +tncif_identity_t* tncif_identity_create_empty(void); + +/** + * Create an TNC Identity object from its components + * + * @param identity_type TNC Identity Type + * @param identity_value TNC Identity Value + * @param subject_type TNC Subject Type + * @param auth_type TNC Authentication Type + */ +tncif_identity_t* tncif_identity_create(pen_type_t identity_type, + chunk_t identity_value, + pen_type_t subject_type, + pen_type_t auth_type); + +#endif /** TNCIF_IDENTITY_H_ @}*/ diff --git a/src/libtncif/tncif_names.c b/src/libtncif/tncif_names.c index c108776ec..ac948c8ba 100644 --- a/src/libtncif/tncif_names.c +++ b/src/libtncif/tncif_names.c @@ -45,3 +45,20 @@ ENUM(TNC_IMV_Evaluation_Result_names, "error", "don't know" ); + +ENUM(TNC_Subject_names, + TNC_SUBJECT_UNKNOWN, + TNC_SUBJECT_USER, + "unknown", + "machine", + "user" +); + +ENUM(TNC_Authentication_names, + TNC_AUTH_UNKNOWN, + TNC_AUTH_SIM, + "unknown method", + "certificate", + "password", + "SIM card" +); diff --git a/src/libtncif/tncif_names.h b/src/libtncif/tncif_names.h index 9b50a34e9..75458f960 100644 --- a/src/libtncif/tncif_names.h +++ b/src/libtncif/tncif_names.h @@ -30,5 +30,7 @@ extern enum_name_t *TNC_Connection_State_names; extern enum_name_t *TNC_IMV_Action_Recommendation_names; extern enum_name_t *TNC_IMV_Evaluation_Result_names; +extern enum_name_t *TNC_Subject_names; +extern enum_name_t *TNC_Authentication_names; #endif /** TNCIF_NAME_H_ @}*/ diff --git a/src/libtncif/tncifimv.h b/src/libtncif/tncifimv.h index 3c9db0055..6bce8b4e4 100644 --- a/src/libtncif/tncifimv.h +++ b/src/libtncif/tncifimv.h @@ -209,6 +209,31 @@ typedef TNC_Result (*TNC_IMV_ProvideBindFunctionPointer)( #define TNC_ATTRIBUTEID_SOH ((TNC_AttributeID) 0x00559706) #define TNC_ATTRIBUTEID_SSOH ((TNC_AttributeID) 0x00559707) #define TNC_ATTRIBUTEID_PRIMARY_IMV_ID ((TNC_AttributeID) 0x00559710) +#define TNC_ATTRIBUTEID_AR_IDENTITIES ((TNC_AttributeID) 0x00559712) + +/* TNC Identity Types */ + +#define TNC_ID_UNKNOWN 0 +#define TNC_ID_IPV4_ADDR 1 +#define TNC_ID_IPV6_ADDR 2 +#define TNC_ID_FQDN 3 +#define TNC_ID_RFC822_ADDR 4 +#define TNC_ID_USER_NAME 5 +#define TNC_ID_DER_ASN1_DN 6 +#define TNC_ID_DER_ASN1_GN 7 + +/* TNC Subject Types */ + +#define TNC_SUBJECT_UNKNOWN 0 +#define TNC_SUBJECT_MACHINE 1 +#define TNC_SUBJECT_USER 2 + +/* TNC Authentication Types */ + +#define TNC_AUTH_UNKNOWN 0 +#define TNC_AUTH_CERT 1 +#define TNC_AUTH_PASSWORD 2 +#define TNC_AUTH_SIM 3 /* IMV Functions */ |