INCLUDES = \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libtls \
-I$(top_srcdir)/src/libtncif \
-I$(top_srcdir)/src/libtnccs
#include <tnc/imc/imc_manager.h>
#include <tnc/imv/imv_manager.h>
+#include <tncif_identity.h>
+
+#include <tls.h>
+
#include <utils/debug.h>
+#include <pen/pen.h>
+#include <bio/bio_writer.h>
#include <collections/linked_list.h>
#include <threading/rwlock.h>
}
}
+/**
+ * Write the value of a TNC identity list into the buffer
+ */
+static TNC_Result identity_attribute(TNC_UInt32 buffer_len,
+ TNC_BufferReference buffer,
+ TNC_UInt32 *value_len,
+ linked_list_t *list)
+{
+ bio_writer_t *writer;
+ enumerator_t *enumerator;
+ u_int32_t count;
+ chunk_t value;
+ tncif_identity_t *tnc_id;
+ TNC_Result result = TNC_RESULT_INVALID_PARAMETER;
+
+ count = list->get_count(list);
+ writer = bio_writer_create(4 + TNCIF_IDENTITY_MIN_SIZE * count);
+ writer->write_uint32(writer, count);
+
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &tnc_id))
+ {
+ tnc_id->build(tnc_id, writer);
+ }
+ enumerator->destroy(enumerator);
+
+ value = writer->get_buf(writer);
+ *value_len = value.len;
+ if (buffer && buffer_len >= value.len)
+ {
+ memcpy(buffer, value.ptr, value.len);
+ result = TNC_RESULT_SUCCESS;
+ }
+ writer->destroy(writer);
+
+ return result;
+}
+
METHOD(tnccs_manager_t, get_attribute, TNC_Result,
private_tnc_tnccs_manager_t *this, bool is_imc,
TNC_UInt32 imcv_id,
/* these attributes are supported */
case TNC_ATTRIBUTEID_PRIMARY_IMV_ID:
+ case TNC_ATTRIBUTEID_AR_IDENTITIES:
attribute_match = TRUE;
break;
"IF-T for Tunneled EAP");
case TNC_ATTRIBUTEID_IFT_VERSION:
return str_attribute(buffer_len, buffer, value_len, "1.1");
+ case TNC_ATTRIBUTEID_AR_IDENTITIES:
+ {
+ linked_list_t *list;
+ tls_t *tnccs;
+ identification_t *peer;
+ tncif_identity_t *tnc_id;
+ u_int32_t id_type, subject_type;
+ TNC_Result result;
+
+ list = linked_list_create();
+ tnccs = (tls_t*)entry->tnccs;
+ peer = tnccs->get_peer_id(tnccs);
+ if (peer)
+ {
+ switch (peer->get_type(peer))
+ {
+ case ID_IPV4_ADDR:
+ id_type = TNC_ID_IPV4_ADDR;
+ subject_type = TNC_SUBJECT_MACHINE;
+ break;
+ case ID_IPV6_ADDR:
+ id_type = TNC_ID_IPV6_ADDR;
+ subject_type = TNC_SUBJECT_MACHINE;
+ break;
+ case ID_FQDN:
+ id_type = TNC_ID_FQDN;
+ subject_type = TNC_SUBJECT_MACHINE;
+ break;
+ case ID_RFC822_ADDR:
+ id_type = TNC_ID_RFC822_ADDR;
+ subject_type = TNC_SUBJECT_USER;
+ break;
+ case ID_DER_ASN1_DN:
+ id_type = TNC_ID_DER_ASN1_DN;
+ subject_type = TNC_SUBJECT_UNKNOWN;
+ break;
+ case ID_DER_ASN1_GN:
+ id_type = TNC_ID_DER_ASN1_GN;
+ subject_type = TNC_SUBJECT_UNKNOWN;
+ break;
+ default:
+ id_type = TNC_ID_UNKNOWN;
+ subject_type = TNC_SUBJECT_UNKNOWN;
+ }
+ if (id_type != TNC_ID_UNKNOWN)
+ {
+ tnc_id = tncif_identity_create(
+ pen_type_create(PEN_TCG, id_type),
+ peer->get_encoding(peer),
+ pen_type_create(PEN_TCG, subject_type),
+ pen_type_create(PEN_TCG, TNC_AUTH_UNKNOWN));
+ list->insert_last(list, tnc_id);
+ }
+ }
+ result = identity_attribute(buffer_len, buffer, value_len, list);
+ list->destroy_offset(list, offsetof(tncif_identity_t, destroy));
+ return result;
+ }
default:
return TNC_RESULT_INVALID_PARAMETER;
}
return this->is_server;
}
+METHOD(tls_t, get_server_id, identification_t*,
+ private_tnccs_11_t *this)
+{
+ return this->server;
+}
+
+METHOD(tls_t, get_peer_id, identification_t*,
+ private_tnccs_11_t *this)
+{
+ return this->peer;
+}
+
METHOD(tls_t, get_purpose, tls_purpose_t,
private_tnccs_11_t *this)
{
.process = _process,
.build = _build,
.is_server = _is_server,
+ .get_server_id = _get_server_id,
+ .get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
.get_eap_msk = _get_eap_msk,
return this->is_server;
}
+METHOD(tls_t, get_server_id, identification_t*,
+ private_tnccs_20_t *this)
+{
+ return this->server;
+}
+
+METHOD(tls_t, get_peer_id, identification_t*,
+ private_tnccs_20_t *this)
+{
+ return this->peer;
+}
+
METHOD(tls_t, get_purpose, tls_purpose_t,
private_tnccs_20_t *this)
{
.process = _process,
.build = _build,
.is_server = _is_server,
+ .get_server_id = _get_server_id,
+ .get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
.get_eap_msk = _get_eap_msk,
return TRUE;
}
+METHOD(tls_t, get_server_id, identification_t*,
+ private_tnccs_dynamic_t *this)
+{
+ return this->server;
+}
+
+METHOD(tls_t, get_peer_id, identification_t*,
+ private_tnccs_dynamic_t *this)
+{
+ return this->peer;
+}
+
METHOD(tls_t, get_purpose, tls_purpose_t,
private_tnccs_dynamic_t *this)
{
.process = _process,
.build = _build,
.is_server = _is_server,
+ .get_server_id = _get_server_id,
+ .get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
.get_eap_msk = _get_eap_msk,
#include "ietf/ietf_attr_assess_result.h"
#include <tncif_names.h>
+#include <tncif_identity.h>
#include <utils/debug.h>
+#include <collections/linked_list.h>
+#include <bio/bio_reader.h>
#include <threading/rwlock.h>
typedef struct private_imv_agent_t private_imv_agent_t;
return 0;
}
+/**
+ * Read a TNC identity attribute
+ */
+static linked_list_t* get_identity_attribute(private_imv_agent_t *this,
+ TNC_ConnectionID id,
+ TNC_AttributeID attribute_id)
+{
+ TNC_UInt32 len;
+ char buf[2048];
+ u_int32_t count;
+ tncif_identity_t *tnc_id;
+ bio_reader_t *reader;
+ linked_list_t *list;
+
+ list = linked_list_create();
+
+ if (!this->get_attribute ||
+ this->get_attribute(this->id, id, attribute_id, sizeof(buf), buf, &len)
+ != TNC_RESULT_SUCCESS || len > sizeof(buf))
+ {
+ return list;
+ }
+
+ reader = bio_reader_create(chunk_create(buf, len));
+ if (!reader->read_uint32(reader, &count))
+ {
+ goto end;
+ }
+ while (count--)
+ {
+ tnc_id = tncif_identity_create_empty();
+ if (!tnc_id->process(tnc_id, reader))
+ {
+ tnc_id->destroy(tnc_id);
+ goto end;
+ }
+ list->insert_last(list, tnc_id);
+ }
+
+end:
+ reader->destroy(reader);
+ return list;
+ }
+
METHOD(imv_agent_t, create_state, TNC_Result,
private_imv_agent_t *this, imv_state_t *state)
{
TNC_ConnectionID conn_id;
char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL;
bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE;
+ linked_list_t *ar_identities;
+ enumerator_t *enumerator;
+ tncif_identity_t *tnc_id;
u_int32_t max_msg_len;
conn_id = state->get_connection_id(state);
t_p = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_PROTOCOL);
t_v = get_str_attribute(this, conn_id, TNC_ATTRIBUTEID_IFT_VERSION);
max_msg_len = get_uint_attribute(this, conn_id, TNC_ATTRIBUTEID_MAX_MESSAGE_SIZE);
+ ar_identities = get_identity_attribute(this, conn_id, TNC_ATTRIBUTEID_AR_IDENTITIES);
state->set_flags(state, has_long, has_excl);
state->set_max_msg_len(state, max_msg_len);
DBG2(DBG_IMV, " over %s %s with maximum PA-TNC message size of %u bytes",
t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
+ enumerator = ar_identities->create_enumerator(ar_identities);
+ while (enumerator->enumerate(enumerator, &tnc_id))
+ {
+ pen_type_t id_type, subject_type, auth_type;
+ int tcg_id_type, tcg_subject_type, tcg_auth_type;
+ chunk_t id_value;
+ id_type_t ike_type;
+ identification_t *id;
+
+ id_type = tnc_id->get_identity_type(tnc_id);
+ id_value = tnc_id->get_identity_value(tnc_id);
+ subject_type = tnc_id->get_subject_type(tnc_id);
+ auth_type = tnc_id->get_auth_type(tnc_id);
+
+ tcg_id_type = (id_type.vendor_id == PEN_TCG) ?
+ id_type.type : TNC_ID_UNKNOWN;
+ tcg_subject_type = (subject_type.vendor_id == PEN_TCG) ?
+ subject_type.type : TNC_SUBJECT_UNKNOWN;
+ tcg_auth_type = (auth_type.vendor_id == PEN_TCG) ?
+ auth_type.type : TNC_AUTH_UNKNOWN;
+
+ switch (tcg_id_type)
+ {
+ case TNC_ID_IPV4_ADDR:
+ ike_type = ID_IPV4_ADDR;
+ break;
+ case TNC_ID_IPV6_ADDR:
+ ike_type = ID_IPV6_ADDR;
+ break;
+ case TNC_ID_FQDN:
+ case TNC_ID_USER_NAME:
+ ike_type = ID_FQDN;
+ break;
+ case TNC_ID_RFC822_ADDR:
+ ike_type = ID_RFC822_ADDR;
+ break;
+ case TNC_ID_DER_ASN1_DN:
+ ike_type = ID_DER_ASN1_DN;
+ break;
+ case TNC_ID_DER_ASN1_GN:
+ ike_type = ID_IPV4_ADDR;
+ break;
+ case TNC_ID_UNKNOWN:
+ default:
+ ike_type = ID_KEY_ID;
+ break;
+ }
+
+ id = identification_create_from_encoding(ike_type, id_value);
+ DBG2(DBG_IMV, "%N identity '%Y' authenticated by %N",
+ TNC_Subject_names, tcg_subject_type, id,
+ TNC_Authentication_names, tcg_auth_type);
+ id->destroy(id);
+ }
+ enumerator->destroy(enumerator);
+
+ ar_identities->destroy_offset(ar_identities,
+ offsetof(tncif_identity_t, destroy));
free(tnccs_p);
free(tnccs_v);
free(t_p);
return this->is_server;
}
+METHOD(tls_t, get_server_id, identification_t*,
+ private_tls_t *this)
+{
+ return this->server;
+}
+
+METHOD(tls_t, get_peer_id, identification_t*,
+ private_tls_t *this)
+{
+ return this->peer;
+}
+
METHOD(tls_t, get_version, tls_version_t,
private_tls_t *this)
{
.process = _process,
.build = _build,
.is_server = _is_server,
+ .get_server_id = _get_server_id,
+ .get_peer_id = _get_peer_id,
.get_version = _get_version,
.set_version = _set_version,
.get_purpose = _get_purpose,
*/
bool (*is_server)(tls_t *this);
+ /**
+ * Return the server identity
+ *
+ * @return Server identity
+ */
+ identification_t* (*get_server_id)(tls_t *this);
+
+ /**
+ * Return the peer identity
+ *
+ * @return Peer identity
+ */
+ identification_t* (*get_peer_id)(tls_t *this);
+
/**
* Get the negotiated TLS/SSL version.
*
libtncif_la_SOURCES = \
tncif.h tncifimc.h tncifimv.h tncif_names.h tncif_names.c \
+tncif_identity.h tncif_identity.c \
tncif_pa_subtypes.h tncif_pa_subtypes.c
EXTRA_DIST = Android.mk
--- /dev/null
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tncif_identity.h"
+
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <pen/pen.h>
+#include <utils/debug.h>
+
+typedef struct private_tncif_identity_t private_tncif_identity_t;
+
+/**
+ * TNC Identity List Attribute Format (TCG TNC IF-IMV 1.4 Draft)
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Identity Count |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | RESERVED | Identity Type Vendor ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Identity Type |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Identity Value Length |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | |
+ * ~ Identity Value ~
+ * | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | RESERVED | Subject Type Vendor ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Subject Type |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | RESERVED | Authentication Method Vendor ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Authentication Method |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of a tncif_identity_t object.
+ *
+ */
+struct private_tncif_identity_t {
+
+ /**
+ * Public tncif_identity_t interface.
+ */
+ tncif_identity_t public;
+
+ /**
+ * Identity Type
+ */
+ pen_type_t identity_type;
+
+ /**
+ * Identity Value
+ */
+ chunk_t identity_value;
+
+ /**
+ * Subject Type
+ */
+ pen_type_t subject_type;
+
+ /**
+ * Authentication Type
+ */
+ pen_type_t auth_type;
+};
+
+METHOD(tncif_identity_t, get_identity_type, pen_type_t,
+ private_tncif_identity_t *this)
+{
+ return this->identity_type;
+}
+
+METHOD(tncif_identity_t, get_identity_value, chunk_t,
+ private_tncif_identity_t *this)
+{
+ return this->identity_value;
+}
+
+METHOD(tncif_identity_t, get_subject_type, pen_type_t,
+ private_tncif_identity_t *this)
+{
+ return this->subject_type;
+}
+
+METHOD(tncif_identity_t, get_auth_type, pen_type_t,
+ private_tncif_identity_t *this)
+{
+ return this->auth_type;
+}
+
+METHOD(tncif_identity_t, build, void,
+ private_tncif_identity_t *this, bio_writer_t *writer)
+{
+ writer->write_uint32(writer, this->identity_type.vendor_id);
+ writer->write_uint32(writer, this->identity_type.type);
+ writer->write_data32(writer, this->identity_value);
+ writer->write_uint32(writer, this->subject_type.vendor_id);
+ writer->write_uint32(writer, this->subject_type.type);
+ writer->write_uint32(writer, this->auth_type.vendor_id);
+ writer->write_uint32(writer, this->auth_type.type);
+}
+
+METHOD(tncif_identity_t, process, bool,
+ private_tncif_identity_t *this, bio_reader_t *reader)
+{
+ u_int8_t reserved;
+ u_int32_t vendor_id, type;
+ chunk_t identity_value;
+
+ if (reader->remaining(reader) < TNCIF_IDENTITY_MIN_SIZE)
+ {
+ return FALSE;
+ }
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint24(reader, &vendor_id);
+ reader->read_uint32(reader, &type);
+ this->identity_type = pen_type_create(vendor_id, type);
+
+ if (!reader->read_data32(reader, &identity_value) ||
+ reader->remaining(reader) < 16)
+ {
+ return FALSE;
+ }
+ this->identity_value = chunk_clone(identity_value);
+
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint24(reader, &vendor_id);
+ reader->read_uint32(reader, &type);
+ this->subject_type = pen_type_create(vendor_id, type);
+
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint24(reader, &vendor_id);
+ reader->read_uint32(reader, &type);
+ this->auth_type = pen_type_create(vendor_id, type);
+
+ return TRUE;
+}
+
+METHOD(tncif_identity_t, destroy, void,
+ private_tncif_identity_t *this)
+{
+ free(this->identity_value.ptr);
+ free(this);
+}
+
+
+/**
+ * See header
+ */
+tncif_identity_t *tncif_identity_create_empty(void)
+{
+ private_tncif_identity_t *this;
+
+ INIT(this,
+ .public = {
+ .get_identity_type = _get_identity_type,
+ .get_identity_value = _get_identity_value,
+ .get_subject_type = _get_subject_type,
+ .get_auth_type = _get_auth_type,
+ .build = _build,
+ .process = _process,
+ .destroy = _destroy,
+ },
+ );
+
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+tncif_identity_t *tncif_identity_create(pen_type_t identity_type,
+ chunk_t identity_value,
+ pen_type_t subject_type,
+ pen_type_t auth_type)
+{
+ private_tncif_identity_t *this;
+
+ this = (private_tncif_identity_t*)tncif_identity_create_empty();
+ this->identity_type = identity_type;
+ this->identity_value = chunk_clone(identity_value);
+ this->subject_type = subject_type;
+ this->auth_type = auth_type;
+
+ return &this->public;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup libtncif libtncif
+ *
+ * @addtogroup libtncif
+ * TNC interface definitions
+ *
+ * @defgroup tnc_identities tnc_identities
+ * @{ @ingroup libtncif
+ */
+
+#ifndef TNCIF_IDENTITY_H_
+#define TNCIF_IDENTITY_H_
+
+#include <library.h>
+
+#include <pen/pen.h>
+#include <bio/bio_reader.h>
+#include <bio/bio_writer.h>
+
+#define TNCIF_IDENTITY_MIN_SIZE 28
+
+typedef struct tncif_identity_t tncif_identity_t;
+
+/**
+ * Public interface of a TNC Identity object
+ */
+struct tncif_identity_t {
+
+ /**
+ * Get the TNC Identity Type
+ *
+ * @return TNC Identity Type
+ */
+ pen_type_t (*get_identity_type)(tncif_identity_t *this);
+
+ /**
+ * Get the TNC Identity Value
+ *
+ * @return TNC Identity Value
+ */
+ chunk_t (*get_identity_value)(tncif_identity_t *this);
+
+ /**
+ * Get the TNC Subject Type
+ *
+ * @return TNC Subject Type
+ */
+ pen_type_t (*get_subject_type)(tncif_identity_t *this);
+
+ /**
+ * Get the TNC Authentication Type
+ *
+ * @return TNC Authentication Type
+ */
+ pen_type_t (*get_auth_type)(tncif_identity_t *this);
+
+ /**
+ * Build the IF-IMV TNC Identity attribute encoding
+ *
+ * @param writer writer to write encoded data to
+ */
+ void (*build)(tncif_identity_t *this, bio_writer_t *writer);
+
+ /**
+ * Process the IF-IMV TNC Identity attribute encoding
+ *
+ * @param reader reader to read encoded data from
+ * @return TRUE if successful
+ */
+ bool (*process)(tncif_identity_t *this, bio_reader_t *reader);
+
+ /**
+ * Destroys a tncif_identity_t object.
+ */
+ void (*destroy)(tncif_identity_t *this);
+
+};
+
+/**
+ * Create an empty TNC Identity object
+ */
+tncif_identity_t* tncif_identity_create_empty(void);
+
+/**
+ * Create an TNC Identity object from its components
+ *
+ * @param identity_type TNC Identity Type
+ * @param identity_value TNC Identity Value
+ * @param subject_type TNC Subject Type
+ * @param auth_type TNC Authentication Type
+ */
+tncif_identity_t* tncif_identity_create(pen_type_t identity_type,
+ chunk_t identity_value,
+ pen_type_t subject_type,
+ pen_type_t auth_type);
+
+#endif /** TNCIF_IDENTITY_H_ @}*/
"error",
"don't know"
);
+
+ENUM(TNC_Subject_names,
+ TNC_SUBJECT_UNKNOWN,
+ TNC_SUBJECT_USER,
+ "unknown",
+ "machine",
+ "user"
+);
+
+ENUM(TNC_Authentication_names,
+ TNC_AUTH_UNKNOWN,
+ TNC_AUTH_SIM,
+ "unknown method",
+ "certificate",
+ "password",
+ "SIM card"
+);
extern enum_name_t *TNC_Connection_State_names;
extern enum_name_t *TNC_IMV_Action_Recommendation_names;
extern enum_name_t *TNC_IMV_Evaluation_Result_names;
+extern enum_name_t *TNC_Subject_names;
+extern enum_name_t *TNC_Authentication_names;
#endif /** TNCIF_NAME_H_ @}*/
#define TNC_ATTRIBUTEID_SOH ((TNC_AttributeID) 0x00559706)
#define TNC_ATTRIBUTEID_SSOH ((TNC_AttributeID) 0x00559707)
#define TNC_ATTRIBUTEID_PRIMARY_IMV_ID ((TNC_AttributeID) 0x00559710)
+#define TNC_ATTRIBUTEID_AR_IDENTITIES ((TNC_AttributeID) 0x00559712)
+
+/* TNC Identity Types */
+
+#define TNC_ID_UNKNOWN 0
+#define TNC_ID_IPV4_ADDR 1
+#define TNC_ID_IPV6_ADDR 2
+#define TNC_ID_FQDN 3
+#define TNC_ID_RFC822_ADDR 4
+#define TNC_ID_USER_NAME 5
+#define TNC_ID_DER_ASN1_DN 6
+#define TNC_ID_DER_ASN1_GN 7
+
+/* TNC Subject Types */
+
+#define TNC_SUBJECT_UNKNOWN 0
+#define TNC_SUBJECT_MACHINE 1
+#define TNC_SUBJECT_USER 2
+
+/* TNC Authentication Types */
+
+#define TNC_AUTH_UNKNOWN 0
+#define TNC_AUTH_CERT 1
+#define TNC_AUTH_PASSWORD 2
+#define TNC_AUTH_SIM 3
/* IMV Functions */