]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libpts/plugins/imv_swid/imv_swid_agent.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Implemented SWID prototype IMC/IMV pair
[people/ms/strongswan.git] / src / libpts / plugins / imv_swid / imv_swid_agent.c
1 /*
2 * Copyright (C) 2013 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "imv_swid_agent.h"
17 #include "imv_swid_state.h"
18
19 #include "libpts.h"
20 #include "tcg/swid/tcg_swid_attr_req.h"
21 #include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
22
23 #include <imcv.h>
24 #include <imv/imv_agent.h>
25 #include <imv/imv_msg.h>
26
27 #include <tncif_names.h>
28 #include <tncif_pa_subtypes.h>
29
30 #include <pen/pen.h>
31 #include <utils/debug.h>
32
33 typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
34
35 /* Subscribed PA-TNC message subtypes */
36 static pen_type_t msg_types[] = {
37 { PEN_TCG, PA_SUBTYPE_TCG_SWID }
38 };
39
40 /**
41 * Private data of an imv_swid_agent_t object.
42 */
43 struct private_imv_swid_agent_t {
44
45 /**
46 * Public members of imv_swid_agent_t
47 */
48 imv_agent_if_t public;
49
50 /**
51 * IMV agent responsible for generic functions
52 */
53 imv_agent_t *agent;
54
55 };
56
57 METHOD(imv_agent_if_t, bind_functions, TNC_Result,
58 private_imv_swid_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
59 {
60 return this->agent->bind_functions(this->agent, bind_function);
61 }
62
63 METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
64 private_imv_swid_agent_t *this, TNC_ConnectionID id,
65 TNC_ConnectionState new_state)
66 {
67 imv_state_t *state;
68
69 switch (new_state)
70 {
71 case TNC_CONNECTION_STATE_CREATE:
72 state = imv_swid_state_create(id);
73 return this->agent->create_state(this->agent, state);
74 case TNC_CONNECTION_STATE_DELETE:
75 return this->agent->delete_state(this->agent, id);
76 default:
77 return this->agent->change_state(this->agent, id, new_state, NULL);
78 }
79 }
80
81 /**
82 * Process a received message
83 */
84 static TNC_Result receive_msg(private_imv_swid_agent_t *this,
85 imv_state_t *state, imv_msg_t *in_msg)
86 {
87 imv_msg_t *out_msg;
88 imv_session_t *session;
89 imv_workitem_t *workitem, *found = NULL;
90 enumerator_t *enumerator;
91 pa_tnc_attr_t *attr;
92 pen_type_t type;
93 TNC_IMV_Evaluation_Result eval;
94 TNC_IMV_Action_Recommendation rec;
95 TNC_Result result;
96 char *result_str;
97 bool fatal_error = FALSE;
98
99 /* parse received PA-TNC message and handle local and remote errors */
100 result = in_msg->receive(in_msg, &fatal_error);
101 if (result != TNC_RESULT_SUCCESS)
102 {
103 return result;
104 }
105
106 session = state->get_session(state);
107
108 /* analyze PA-TNC attributes */
109 enumerator = in_msg->create_attribute_enumerator(in_msg);
110 while (enumerator->enumerate(enumerator, &attr))
111 {
112 type = attr->get_type(attr);
113
114 if (type.vendor_id != PEN_TCG)
115 {
116 continue;
117 }
118 switch (type.type)
119 {
120 case TCG_SWID_TAG_ID_INVENTORY:
121 {
122 tcg_swid_attr_tag_id_inv_t *attr_cast;
123 u_int32_t request_id;
124 swid_tag_id_t *tag_id;
125 chunk_t tag_creator, unique_sw_id;
126 enumerator_t *et, *ew;
127
128 attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
129 request_id = attr_cast->get_request_id(attr_cast);
130
131 DBG2(DBG_IMV, "received SWID tag ID inventory for request %d",
132 request_id);
133 et = attr_cast->create_tag_id_enumerator(attr_cast);
134 while (et->enumerate(et, &tag_id))
135 {
136 tag_creator = tag_id->get_tag_creator(tag_id);
137 unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
138 DBG3(DBG_IMV, " %.*s_%.*s.swidtag",
139 tag_creator.len, tag_creator.ptr,
140 unique_sw_id.len, unique_sw_id.ptr);
141 }
142 et->destroy(et);
143
144 if (request_id == 0)
145 {
146 /* TODO handle subscribed messages */
147 break;
148 }
149
150 ew = session->create_workitem_enumerator(session);
151 while (ew->enumerate(ew, &workitem))
152 {
153 if (workitem->get_id(workitem) == request_id)
154 {
155 found = workitem;
156 break;
157 }
158 }
159
160 if (!found)
161 {
162 DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory "
163 "with request ID %d", request_id);
164 ew->destroy(ew);
165 break;
166 }
167
168 eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
169 result_str = "received SWID tag ID inventory";
170 session->remove_workitem(session, ew);
171 ew->destroy(ew);
172 rec = found->set_result(found, result_str, eval);
173 state->update_recommendation(state, rec, eval);
174 imcv_db->finalize_workitem(imcv_db, found);
175 found->destroy(found);
176 break;
177 }
178 case TCG_SWID_TAG_INVENTORY:
179 break;
180 default:
181 break;
182 }
183 }
184 enumerator->destroy(enumerator);
185
186 if (fatal_error)
187 {
188 state->set_recommendation(state,
189 TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
190 TNC_IMV_EVALUATION_RESULT_ERROR);
191 out_msg = imv_msg_create_as_reply(in_msg);
192 result = out_msg->send_assessment(out_msg);
193 out_msg->destroy(out_msg);
194 if (result != TNC_RESULT_SUCCESS)
195 {
196 return result;
197 }
198 return this->agent->provide_recommendation(this->agent, state);
199 }
200
201 return TNC_RESULT_SUCCESS;
202 }
203
204 METHOD(imv_agent_if_t, receive_message, TNC_Result,
205 private_imv_swid_agent_t *this, TNC_ConnectionID id,
206 TNC_MessageType msg_type, chunk_t msg)
207 {
208 imv_state_t *state;
209 imv_msg_t *in_msg;
210 TNC_Result result;
211
212 if (!this->agent->get_state(this->agent, id, &state))
213 {
214 return TNC_RESULT_FATAL;
215 }
216 in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg);
217 result = receive_msg(this, state, in_msg);
218 in_msg->destroy(in_msg);
219
220 return result;
221 }
222
223 METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
224 private_imv_swid_agent_t *this, TNC_ConnectionID id,
225 TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id,
226 TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg)
227 {
228 imv_state_t *state;
229 imv_msg_t *in_msg;
230 TNC_Result result;
231
232 if (!this->agent->get_state(this->agent, id, &state))
233 {
234 return TNC_RESULT_FATAL;
235 }
236 in_msg = imv_msg_create_from_long_data(this->agent, state, id,
237 src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg);
238 result = receive_msg(this, state, in_msg);
239 in_msg->destroy(in_msg);
240
241 return result;
242
243 }
244
245 METHOD(imv_agent_if_t, batch_ending, TNC_Result,
246 private_imv_swid_agent_t *this, TNC_ConnectionID id)
247 {
248 imv_msg_t *out_msg;
249 imv_state_t *state;
250 imv_session_t *session;
251 imv_workitem_t *workitem;
252 imv_swid_state_t *swid_state;
253 imv_swid_handshake_state_t handshake_state;
254 pa_tnc_attr_t *attr;
255 TNC_IMVID imv_id;
256 TNC_Result result = TNC_RESULT_SUCCESS;
257 bool no_workitems = TRUE;
258 u_int32_t request_id;
259 u_int8_t flags;
260 enumerator_t *enumerator;
261
262 if (!this->agent->get_state(this->agent, id, &state))
263 {
264 return TNC_RESULT_FATAL;
265 }
266 swid_state = (imv_swid_state_t*)state;
267 handshake_state = swid_state->get_handshake_state(swid_state);
268 session = state->get_session(state);
269 imv_id = this->agent->get_id(this->agent);
270
271 if (handshake_state == IMV_SWID_STATE_END)
272 {
273 return TNC_RESULT_SUCCESS;
274 }
275
276 /* create an empty out message - we might need it */
277 out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY,
278 msg_types[0]);
279
280 if (!session)
281 {
282 DBG2(DBG_IMV, "no workitems available - no evaluation possible");
283 state->set_recommendation(state,
284 TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
285 TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
286 result = out_msg->send_assessment(out_msg);
287 out_msg->destroy(out_msg);
288 swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
289
290 if (result != TNC_RESULT_SUCCESS)
291 {
292 return result;
293 }
294 return this->agent->provide_recommendation(this->agent, state);
295 }
296
297 if (handshake_state == IMV_SWID_STATE_INIT)
298 {
299 enumerator = session->create_workitem_enumerator(session);
300 if (enumerator)
301 {
302 while (enumerator->enumerate(enumerator, &workitem))
303 {
304 if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY ||
305 workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS)
306 {
307 continue;
308 }
309
310 flags = TCG_SWID_ATTR_REQ_FLAG_NONE;
311 if (strchr(workitem->get_arg_str(workitem), 'R'))
312 {
313 flags |= TCG_SWID_ATTR_REQ_FLAG_R;
314 }
315 if (strchr(workitem->get_arg_str(workitem), 'S'))
316 {
317 flags |= TCG_SWID_ATTR_REQ_FLAG_S;
318 }
319 if (strchr(workitem->get_arg_str(workitem), 'C'))
320 {
321 flags |= TCG_SWID_ATTR_REQ_FLAG_C;
322 }
323 request_id = workitem->get_id(workitem);
324
325 DBG2(DBG_IMV, "IMV %d issues SWID tag request %d",
326 imv_id, request_id);
327 attr = tcg_swid_attr_req_create(flags, request_id, 0);
328 out_msg->add_attribute(out_msg, attr);
329 workitem->set_imv_id(workitem, imv_id);
330 no_workitems = FALSE;
331 }
332 enumerator->destroy(enumerator);
333
334 if (no_workitems)
335 {
336 DBG2(DBG_IMV, "IMV %d has no workitems - "
337 "no evaluation requested", imv_id);
338 state->set_recommendation(state,
339 TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
340 TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
341 }
342 handshake_state = IMV_SWID_STATE_WORKITEMS;
343 swid_state->set_handshake_state(swid_state, handshake_state);
344 }
345 }
346
347 /* finalized all workitems ? */
348 if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
349 session->get_workitem_count(session, imv_id) == 0)
350 {
351 result = out_msg->send_assessment(out_msg);
352 out_msg->destroy(out_msg);
353 swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
354
355 if (result != TNC_RESULT_SUCCESS)
356 {
357 return result;
358 }
359 return this->agent->provide_recommendation(this->agent, state);
360 }
361
362 /* send non-empty PA-TNC message with excl flag not set */
363 if (out_msg->get_attribute_count(out_msg))
364 {
365 result = out_msg->send(out_msg, FALSE);
366 }
367 out_msg->destroy(out_msg);
368
369 return result;
370 }
371
372 METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
373 private_imv_swid_agent_t *this, TNC_ConnectionID id)
374 {
375 imv_state_t *state;
376
377 if (!this->agent->get_state(this->agent, id, &state))
378 {
379 return TNC_RESULT_FATAL;
380 }
381 return this->agent->provide_recommendation(this->agent, state);
382 }
383
384 METHOD(imv_agent_if_t, destroy, void,
385 private_imv_swid_agent_t *this)
386 {
387 this->agent->destroy(this->agent);
388 free(this);
389 libpts_deinit();
390 }
391
392 /**
393 * Described in header.
394 */
395 imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id,
396 TNC_Version *actual_version)
397 {
398 private_imv_swid_agent_t *this;
399 imv_agent_t *agent;
400
401 agent = imv_agent_create(name, msg_types, countof(msg_types), id,
402 actual_version);
403 if (!agent)
404 {
405 return NULL;
406 }
407
408 INIT(this,
409 .public = {
410 .bind_functions = _bind_functions,
411 .notify_connection_change = _notify_connection_change,
412 .receive_message = _receive_message,
413 .receive_message_long = _receive_message_long,
414 .batch_ending = _batch_ending,
415 .solicit_recommendation = _solicit_recommendation,
416 .destroy = _destroy,
417 },
418 .agent = agent,
419 );
420
421 libpts_init();
422
423 return &this->public;
424 }
425
Michael's strongswan development tree