[thirdparty/strongswan.git] / src / libimcv / plugins / imv_test / imv_test.c

/*
 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "imv_test_state.h"

#include <imv/imv_agent.h>
#include <pa_tnc/pa_tnc_msg.h>
#include <ita/ita_attr_command.h>

#include <pen/pen.h>

#include <debug.h>

/* IMV definitions */

static const char imv_name[] = "Test";

#define IMV_VENDOR_ID	PEN_ITA
#define IMV_SUBTYPE		0x01

static imv_agent_t *imv_test;

/**
 * see section 3.7.1 of TCG TNC IF-IMV Specification 1.2
 */
TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
							  TNC_Version min_version,
							  TNC_Version max_version,
							  TNC_Version *actual_version)
{
	if (imv_test)
	{
		DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
		return TNC_RESULT_ALREADY_INITIALIZED;
	}
	if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
	{
		DBG1(DBG_IMV, "no common IF-IMV version");
		return TNC_RESULT_NO_COMMON_VERSION;
	}
	imv_test = imv_agent_create(imv_name, IMV_VENDOR_ID, IMV_SUBTYPE,
								imv_id, actual_version);
	return TNC_RESULT_SUCCESS;
}

/**
 * see section 3.7.2 of TCG TNC IF-IMV Specification 1.2
 */
TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id,
										  TNC_ConnectionID connection_id,
										  TNC_ConnectionState new_state)
{
	imv_state_t *state;
	int rounds;

	if (!imv_test)
	{
		DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
		return TNC_RESULT_NOT_INITIALIZED;
	}
	switch (new_state)
	{
		case TNC_CONNECTION_STATE_CREATE:
			rounds = lib->settings->get_int(lib->settings, "imv-test.rounds", 0);
			state = imv_test_state_create(connection_id, rounds);
			return imv_test->create_state(imv_test, state);
		case TNC_CONNECTION_STATE_DELETE:
			return imv_test->delete_state(imv_test, connection_id);
		default:
			return imv_test->change_state(imv_test, connection_id, new_state);
	}
}

static TNC_Result send_message(TNC_ConnectionID connection_id)
{
	pa_tnc_msg_t *msg;
	pa_tnc_attr_t *attr;
	TNC_Result result;

	attr = ita_attr_command_create("repeat");
	msg = pa_tnc_msg_create();
	msg->add_attribute(msg, attr);
	msg->build(msg);
	result = imv_test->send_message(imv_test, connection_id,
									msg->get_encoding(msg));	
	msg->destroy(msg);

	return result;
}

/**
 * see section 3.7.3 of TCG TNC IF-IMV Specification 1.2
 */
TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
								  TNC_ConnectionID connection_id,
								  TNC_BufferReference msg,
								  TNC_UInt32 msg_len,
								  TNC_MessageType msg_type)
{
	pa_tnc_msg_t *pa_tnc_msg;
	pa_tnc_attr_t *attr;
	imv_state_t *state;
	imv_test_state_t *imv_test_state;
	TNC_Result result = TNC_RESULT_SUCCESS;
	enumerator_t *enumerator;

	if (!imv_test)
	{
		DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
		return TNC_RESULT_NOT_INITIALIZED;
	}

	/* process received message */
	DBG2(DBG_IMV, "IMV %u \"%s\" received message type 0x%08x for Connection ID %u",
				   imv_id, imv_name, msg_type, connection_id);
	pa_tnc_msg = pa_tnc_msg_create_from_data(chunk_create(msg, msg_len));

	if (pa_tnc_msg->process(pa_tnc_msg) != SUCCESS)
	{
 		pa_tnc_msg->destroy(pa_tnc_msg);
		return TNC_RESULT_FATAL;
	}

	/* get current IMV state */
	if (!imv_test->get_state(imv_test, connection_id, &state))
	{
		pa_tnc_msg->destroy(pa_tnc_msg);
		return TNC_RESULT_FATAL;
	}

	enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
	while (enumerator->enumerate(enumerator, &attr))
	{
		if (attr->get_vendor_id(attr) == PEN_ITA &&
			attr->get_type(attr) == ITA_ATTR_COMMAND)
		{
			ita_attr_command_t *ita_attr;
			char *command;
	
			ita_attr = (ita_attr_command_t*)attr;
			command = ita_attr->get_command(ita_attr);

			if (streq(command, "allow"))
			{
				state->set_recommendation(state,
								TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
								TNC_IMV_EVALUATION_RESULT_COMPLIANT);			  
			}
			else if (streq(command, "isolate"))
			{
				state->set_recommendation(state,
								TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
								TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);			  
			}
			else if (streq(command, "none"))
			{
				state->set_recommendation(state,
								TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
								TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR);			  
			}
			else
			{
				result = TNC_RESULT_FATAL;
			}
			break;
		}		
	}
	enumerator->destroy(enumerator);
	pa_tnc_msg->destroy(pa_tnc_msg);

	if (result != TNC_RESULT_SUCCESS)
	{
		return result;
	}

	/* repeat the measurement ? */
	imv_test_state = (imv_test_state_t*)state;
	if (imv_test_state->another_round(imv_test_state))
	{
		return send_message(connection_id);
	}

	return imv_test->provide_recommendation(imv_test, connection_id);
}

/**
 * see section 3.7.4 of TCG TNC IF-IMV Specification 1.2
 */
TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id,
										 TNC_ConnectionID connection_id)
{
	if (!imv_test)
	{
		DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
		return TNC_RESULT_NOT_INITIALIZED;
	}
	return imv_test->provide_recommendation(imv_test, connection_id);
}

/**
 * see section 3.7.5 of TCG TNC IF-IMV Specification 1.2
 */
TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
							   TNC_ConnectionID connection_id)
{
	if (!imv_test)
	{
		DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
		return TNC_RESULT_NOT_INITIALIZED;
	}
	return TNC_RESULT_SUCCESS;
}

/**
 * see section 3.7.6 of TCG TNC IF-IMV Specification 1.2
 */
TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id)
{
	if (!imv_test)
	{
		DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
		return TNC_RESULT_NOT_INITIALIZED;
	}
	imv_test->destroy(imv_test);
	imv_test = NULL;

	return TNC_RESULT_SUCCESS;
}

/**
 * see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.2
 */
TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id,
									   TNC_TNCS_BindFunctionPointer bind_function)
{
	if (!imv_test)
	{
		DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
		return TNC_RESULT_NOT_INITIALIZED;
	}
	return imv_test->bind_functions(imv_test, bind_function);
}
Commit	Line	Data
510f37ab AS	1	/*
	2	* Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
	3	*
	4	* This program is free software; you can redistribute it and/or modify it
	5	* under the terms of the GNU General Public License as published by the
	6	* Free Software Foundation; either version 2 of the License, or (at your
	7	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	8	*
	9	* This program is distributed in the hope that it will be useful, but
	10	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	11	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	12	* for more details.
	13	*/
	14
	15	#include "imv_test_state.h"
	16
	17	#include <imv/imv_agent.h>
	18	#include <pa_tnc/pa_tnc_msg.h>
	19	#include <ita/ita_attr_command.h>
7c4d4d20 AS	20
	21	#include <pen/pen.h>
	22
510f37ab AS	23	#include <debug.h>
	24
	25	/* IMV definitions */
	26
	27	static const char imv_name[] = "Test";
	28
	29	#define IMV_VENDOR_ID PEN_ITA
	30	#define IMV_SUBTYPE 0x01
	31
	32	static imv_agent_t *imv_test;
	33
	34	/**
	35	* see section 3.7.1 of TCG TNC IF-IMV Specification 1.2
	36	*/
	37	TNC_Result TNC_IMV_Initialize(TNC_IMVID imv_id,
	38	TNC_Version min_version,
	39	TNC_Version max_version,
	40	TNC_Version *actual_version)
	41	{
	42	if (imv_test)
	43	{
	44	DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
	45	return TNC_RESULT_ALREADY_INITIALIZED;
	46	}
	47	if (min_version > TNC_IFIMV_VERSION_1 \|\| max_version < TNC_IFIMV_VERSION_1)
	48	{
	49	DBG1(DBG_IMV, "no common IF-IMV version");
	50	return TNC_RESULT_NO_COMMON_VERSION;
	51	}
	52	imv_test = imv_agent_create(imv_name, IMV_VENDOR_ID, IMV_SUBTYPE,
	53	imv_id, actual_version);
	54	return TNC_RESULT_SUCCESS;
	55	}
	56
	57	/**
	58	* see section 3.7.2 of TCG TNC IF-IMV Specification 1.2
	59	*/
	60	TNC_Result TNC_IMV_NotifyConnectionChange(TNC_IMVID imv_id,
	61	TNC_ConnectionID connection_id,
	62	TNC_ConnectionState new_state)
	63	{
	64	imv_state_t *state;
	65	int rounds;
	66
	67	if (!imv_test)
	68	{
	69	DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
	70	return TNC_RESULT_NOT_INITIALIZED;
	71	}
	72	switch (new_state)
	73	{
	74	case TNC_CONNECTION_STATE_CREATE:
	75	rounds = lib->settings->get_int(lib->settings, "imv-test.rounds", 0);
	76	state = imv_test_state_create(connection_id, rounds);
	77	return imv_test->create_state(imv_test, state);
	78	case TNC_CONNECTION_STATE_DELETE:
	79	return imv_test->delete_state(imv_test, connection_id);
	80	default:
	81	return imv_test->change_state(imv_test, connection_id, new_state);
	82	}
	83	}
	84
	85	static TNC_Result send_message(TNC_ConnectionID connection_id)
	86	{
87	pa_tnc_msg_t *msg;
88	pa_tnc_attr_t *attr;
89	TNC_Result result;
90
91	attr = ita_attr_command_create("repeat");
92	msg = pa_tnc_msg_create();
93	msg->add_attribute(msg, attr);
94	msg->build(msg);
95	result = imv_test->send_message(imv_test, connection_id,
96	msg->get_encoding(msg));
97	msg->destroy(msg);
98
99	return result;
100	}
101
102	/**
103	* see section 3.7.3 of TCG TNC IF-IMV Specification 1.2
104	*/
105	TNC_Result TNC_IMV_ReceiveMessage(TNC_IMVID imv_id,
106	TNC_ConnectionID connection_id,
107	TNC_BufferReference msg,
108	TNC_UInt32 msg_len,
109	TNC_MessageType msg_type)
110	{
111	pa_tnc_msg_t *pa_tnc_msg;
112	pa_tnc_attr_t *attr;
113	imv_state_t *state;
114	imv_test_state_t *imv_test_state;
115	TNC_Result result = TNC_RESULT_SUCCESS;
116	enumerator_t *enumerator;
117
118	if (!imv_test)
119	{
120	DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
121	return TNC_RESULT_NOT_INITIALIZED;
122	}
123
124	/* process received message */
125	DBG2(DBG_IMV, "IMV %u \"%s\" received message type 0x%08x for Connection ID %u",
126	imv_id, imv_name, msg_type, connection_id);
127	pa_tnc_msg = pa_tnc_msg_create_from_data(chunk_create(msg, msg_len));
128
129	if (pa_tnc_msg->process(pa_tnc_msg) != SUCCESS)
130	{
131	pa_tnc_msg->destroy(pa_tnc_msg);
132	return TNC_RESULT_FATAL;
133	}
134
135	/* get current IMV state */
136	if (!imv_test->get_state(imv_test, connection_id, &state))
137	{
138	pa_tnc_msg->destroy(pa_tnc_msg);
139	return TNC_RESULT_FATAL;
140	}
141
142	enumerator = pa_tnc_msg->create_attribute_enumerator(pa_tnc_msg);
143	while (enumerator->enumerate(enumerator, &attr))
144	{
145	if (attr->get_vendor_id(attr) == PEN_ITA &&
146	attr->get_type(attr) == ITA_ATTR_COMMAND)
147	{
148	ita_attr_command_t *ita_attr;
149	char *command;
150
151	ita_attr = (ita_attr_command_t*)attr;
152	command = ita_attr->get_command(ita_attr);
153
154	if (streq(command, "allow"))
155	{
156	state->set_recommendation(state,
157	TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
158	TNC_IMV_EVALUATION_RESULT_COMPLIANT);
159	}
160	else if (streq(command, "isolate"))
161	{
162	state->set_recommendation(state,
163	TNC_IMV_ACTION_RECOMMENDATION_ISOLATE,
164	TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR);
165	}
166	else if (streq(command, "none"))
167	{
168	state->set_recommendation(state,
169	TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
170	TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR);
171	}
172	else
173	{
174	result = TNC_RESULT_FATAL;
175	}
176	break;
177	}
178	}
179	enumerator->destroy(enumerator);
180	pa_tnc_msg->destroy(pa_tnc_msg);
181
182	if (result != TNC_RESULT_SUCCESS)
183	{
184	return result;
185	}
186
187	/* repeat the measurement ? */
188	imv_test_state = (imv_test_state_t*)state;
189	if (imv_test_state->another_round(imv_test_state))
190	{
191	return send_message(connection_id);
192	}
193
194	return imv_test->provide_recommendation(imv_test, connection_id);
195	}
196
197	/**
198	* see section 3.7.4 of TCG TNC IF-IMV Specification 1.2
199	*/
200	TNC_Result TNC_IMV_SolicitRecommendation(TNC_IMVID imv_id,
201	TNC_ConnectionID connection_id)
202	{
203	if (!imv_test)
204	{
205	DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
206	return TNC_RESULT_NOT_INITIALIZED;
207	}
208	return imv_test->provide_recommendation(imv_test, connection_id);
209	}
210
211	/**
212	* see section 3.7.5 of TCG TNC IF-IMV Specification 1.2
213	*/
214	TNC_Result TNC_IMV_BatchEnding(TNC_IMVID imv_id,
215	TNC_ConnectionID connection_id)
216	{
217	if (!imv_test)
218	{
219	DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
220	return TNC_RESULT_NOT_INITIALIZED;
221	}
222	return TNC_RESULT_SUCCESS;
223	}
224
225	/**
226	* see section 3.7.6 of TCG TNC IF-IMV Specification 1.2
227	*/
228	TNC_Result TNC_IMV_Terminate(TNC_IMVID imv_id)
229	{
230	if (!imv_test)
231	{
232	DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
233	return TNC_RESULT_NOT_INITIALIZED;
234	}
235	imv_test->destroy(imv_test);
236	imv_test = NULL;
237
238	return TNC_RESULT_SUCCESS;
239	}
240
241	/**
242	* see section 4.2.8.1 of TCG TNC IF-IMV Specification 1.2
243	*/
244	TNC_Result TNC_IMV_ProvideBindFunction(TNC_IMVID imv_id,
245	TNC_TNCS_BindFunctionPointer bind_function)
246	{
247	if (!imv_test)
248	{
249	DBG1(DBG_IMV, "IMV \"%s\" has not been initialized", imv_name);
250	return TNC_RESULT_NOT_INITIALIZED;
251	}
252	return imv_test->bind_functions(imv_test, bind_function);
253	}