AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libpts
ipseclib_LTLIBRARIES = libimcv.la
os_info/os_info.h os_info/os_info.c \
pa_tnc/pa_tnc_attr.h \
pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \
- pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c
+ pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \
+ seg_contract/seg_contract.h seg_contract/seg_contract.c \
+ seg_contract/seg_contract_manager.h seg_contract/seg_contract_manager.c
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy Android.mk
#include "ietf/ietf_attr_remediation_instr.h"
#include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
+
+#include <tcg/seg/tcg_seg_attr_max_size.h>
+#include <tcg/seg/tcg_seg_attr_seg_env.h>
#include <pen/pen.h>
#include <collections/linked_list.h>
}
METHOD(imc_msg_t, receive, TNC_Result,
- private_imc_msg_t *this, bool *fatal_error)
+ private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error)
{
linked_list_t *non_fatal_types;
TNC_UInt32 target_imc_id;
break;
case VERIFY_ERROR:
{
- imc_msg_t *error_msg;
- TNC_Result result;
-
- error_msg = imc_msg_create_as_reply(&this->public);
-
/* extract and copy by reference all error attributes */
enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
while (enumerator->enumerate(enumerator, &attr))
{
- error_msg->add_attribute(error_msg, attr->get_ref(attr));
+ out_msg->add_attribute(out_msg, attr->get_ref(attr));
}
enumerator->destroy(enumerator);
-
- /*
- * send the PA-TNC message containing all error attributes
- * with the excl flag set
- */
- result = error_msg->send(error_msg, TRUE);
- error_msg->destroy(error_msg);
- return result;
+ return TNC_RESULT_SUCCESS;
}
case FAILED:
default:
return TNC_RESULT_FATAL;
}
+ /* process any IF-M segmentation contracts */
+ enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ tcg_seg_attr_max_size_t *attr_cast;
+ uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ char buf[BUF_LEN];
+ pen_type_t type;
+
+ type = attr->get_type(attr);
+
+ if (type.vendor_id != PEN_TCG)
+ {
+ continue;
+ }
+
+ if (type.type == TCG_SEG_MAX_ATTR_SIZE_REQ)
+ {
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
+
+ contracts = this->state->get_contracts(this->state);
+ contract = contracts->get_contract(contracts, this->msg_type, FALSE);
+ if (contract)
+ {
+ contract->set_max_size(contract, max_attr_size, max_seg_size);
+ }
+ else
+ {
+ contract = seg_contract_create(this->msg_type, max_attr_size,
+ max_seg_size, FALSE, this->src_id, TRUE);
+ contracts->add_contract(contracts, contract);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN);
+ DBG2(DBG_IMC, "%s", buf);
+
+ /* Determine maximum PA-TNC attribute segment size */
+ my_max_seg_size = this->state->get_max_msg_len(this->state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* If segmentation is not prohibited select lower segment size */
+ if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ max_seg_size > my_max_seg_size)
+ {
+ max_seg_size = my_max_seg_size;
+ contract->set_max_size(contract, max_attr_size, max_seg_size);
+ DBG2(DBG_IMC, " lowered maximum segment size to %u bytes",
+ max_seg_size);
+ }
+
+ /* Add Maximum Attribute Size Response attribute */
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ }
+ else if (type.type == TCG_SEG_MAX_ATTR_SIZE_RESP)
+ {
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
+
+ contracts = this->state->get_contracts(this->state);
+ contract = contracts->get_contract(contracts, this->msg_type, TRUE);
+ if (contract)
+ {
+ contract->get_max_size(contract, &my_max_attr_size,
+ &my_max_seg_size);
+ if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ my_max_seg_size > max_seg_size)
+ {
+ my_max_seg_size = max_seg_size;
+ contract->set_max_size(contract, my_max_attr_size,
+ my_max_seg_size);
+ contract->get_info_string(contract, buf, BUF_LEN);
+ DBG2(DBG_IMC, "%s", buf);
+ }
+ }
+ else
+ {
+ /* TODO no request pending */
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+
/* determine target IMC ID */
target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
this->dst_id : this->agent->get_id(this->agent);
if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
{
ietf_attr_assess_result_t *attr_cast;
- TNC_IMV_Evaluation_Result result;
+ TNC_IMV_Evaluation_Result res;
attr_cast = (ietf_attr_assess_result_t*)attr;
- result = attr_cast->get_result(attr_cast);
- this->state->set_result(this->state, target_imc_id, result);
+ res = attr_cast->get_result(attr_cast);
+ this->state->set_result(this->state, target_imc_id, res);
print_assessment_header(this->agent->get_name(this->agent),
target_imc_id, this->src_id, &first);
DBG1(DBG_IMC, "assessment result is '%N'",
- TNC_IMV_Evaluation_Result_names, result);
+ TNC_IMV_Evaluation_Result_names, res);
}
else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
{
/**
* Processes a received PA-TNC message
*
+ * @param out_msg outgoing PA-TN message
* @param fatal_error TRUE if IMV sent a fatal error message
* @return TNC result code
*/
- TNC_Result (*receive)(imc_msg_t *this, bool *fatal_error);
+ TNC_Result (*receive)(imc_msg_t *this, imc_msg_t *out_msg,
+ bool *fatal_error);
/**
* Add a PA-TNC attribute to the send queue
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#ifndef IMC_STATE_H_
#define IMC_STATE_H_
+#include "seg_contract/seg_contract_manager.h"
+
#include <tncif.h>
#include <tncifimv.h>
#include <tncifimc.h>
*/
u_int32_t (*get_max_msg_len)(imc_state_t *this);
+ /**
+ * Get attribute segmentation contracts associated with TNCCS Connection
+ *
+ * @return contracts associated with TNCCS Connection
+ */
+ seg_contract_manager_t* (*get_contracts)(imc_state_t *this);
+
/**
* Change the connection state
*
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include "ietf/ietf_attr_remediation_instr.h"
#include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
+
+#include <tcg/seg/tcg_seg_attr_max_size.h>
+#include <tcg/seg/tcg_seg_attr_seg_env.h>
#include <pen/pen.h>
#include <collections/linked_list.h>
METHOD(imv_msg_t, receive, TNC_Result,
private_imv_msg_t *this, bool *fatal_error)
{
+ TNC_Result result = TNC_RESULT_SUCCESS;
linked_list_t *non_fatal_types;
enumerator_t *enumerator;
pa_tnc_attr_t *attr;
case VERIFY_ERROR:
{
imv_msg_t *error_msg;
- TNC_Result result;
error_msg = imv_msg_create_as_reply(&this->public);
return TNC_RESULT_FATAL;
}
+ /* process any IF-M segmentation contracts */
+ enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
+ while (enumerator->enumerate(enumerator, &attr))
+ {
+ uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
+ tcg_seg_attr_max_size_t *attr_cast;
+ imv_msg_t *out_msg;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ char buf[BUF_LEN];
+ pen_type_t type;
+
+ type = attr->get_type(attr);
+
+ if (type.vendor_id != PEN_TCG)
+ {
+ continue;
+ }
+
+ if (type.type == TCG_SEG_MAX_ATTR_SIZE_REQ)
+ {
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
+
+ contracts = this->state->get_contracts(this->state);
+ contract = contracts->get_contract(contracts, this->msg_type, FALSE);
+ if (contract)
+ {
+ contract->set_max_size(contract, max_attr_size, max_seg_size);
+ }
+ else
+ {
+ contract = seg_contract_create(this->msg_type, max_attr_size,
+ max_seg_size, FALSE, this->src_id, FALSE);
+ contracts->add_contract(contracts, contract);
+ }
+ contract->get_info_string(contract, buf, BUF_LEN);
+ DBG2(DBG_IMV, "%s", buf);
+
+ /* Determine maximum PA-TNC attribute segment size */
+ my_max_seg_size = this->state->get_max_msg_len(this->state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+ /* If segmentation is not prohibited select lower segment size */
+ if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ max_seg_size > my_max_seg_size)
+ {
+ max_seg_size = my_max_seg_size;
+ contract->set_max_size(contract, max_attr_size, max_seg_size);
+ contract->get_info_string(contract, buf, BUF_LEN);
+ DBG2(DBG_IMV, " lowered maximum segment size to %u bytes",
+ max_seg_size);
+ }
+
+ /* Send Maximum Attribute Size Response */
+ out_msg = imv_msg_create_as_reply(&this->public);
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, FALSE);
+ out_msg->add_attribute(out_msg, attr);
+ result = out_msg->send(out_msg, TRUE);
+ out_msg->destroy(out_msg);
+ if (result != TNC_RESULT_SUCCESS)
+ {
+ break;
+ }
+ }
+ else if (type.type == TCG_SEG_MAX_ATTR_SIZE_RESP)
+ {
+ attr_cast = (tcg_seg_attr_max_size_t*)attr;
+ attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size);
+
+ contracts = this->state->get_contracts(this->state);
+ contract = contracts->get_contract(contracts, this->msg_type, TRUE);
+ if (contract)
+ {
+ contract->get_max_size(contract, &my_max_attr_size,
+ &my_max_seg_size);
+ if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+ my_max_seg_size > max_seg_size)
+ {
+ my_max_seg_size = max_seg_size;
+ contract->set_max_size(contract, my_max_attr_size,
+ my_max_seg_size);
+ contract->get_info_string(contract, buf, BUF_LEN);
+ DBG2(DBG_IMV, "%s", buf);
+ }
+ }
+ else
+ {
+ /* TODO no request pending */
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+
/* preprocess any received IETF standard error attributes */
non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
*fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
non_fatal_types);
- return TNC_RESULT_SUCCESS;
+ return result;
}
METHOD(imv_msg_t, get_attribute_count, int,
#define IMV_STATE_H_
#include "imv_session.h"
+#include "seg_contract/seg_contract_manager.h"
#include <tncifimv.h>
*/
imv_session_t* (*get_session)(imv_state_t *this);
+ /**
+ * Get attribute segmentation contracts associated with TNCCS Connection
+ *
+ * @return Contracts associated with TNCCS Connection
+ */
+ seg_contract_manager_t* (*get_contracts)(imv_state_t *this);
+
/**
* Change the connection state
*
TNC_Result result;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
}
else
{
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* Maximum PA-TNC message size for this TNCCS connection
*/
u_int32_t max_msg_len;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_os_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_os_state_t *this, TNC_ConnectionState new_state)
{
METHOD(imc_state_t, destroy, void,
private_imc_os_state_t *this)
{
+ this->contracts->destroy(this->contracts);
free(this);
}
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
);
return &this->public.interface;
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
TNC_Result result = TNC_RESULT_SUCCESS;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
}
else if (result == TNC_RESULT_SUCCESS)
{
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* Maximum PA-TNC message size for this TNCCS connection
*/
u_int32_t max_msg_len;
+
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
};
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_scanner_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_scanner_state_t *this, TNC_ConnectionState new_state)
{
METHOD(imc_state_t, destroy, void,
private_imc_scanner_state_t *this)
{
+ this->contracts->destroy(this->contracts);
free(this);
}
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
);
return &this->public.interface;
}
}
-static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg)
+static void create_message(imc_state_t *state, imc_msg_t *out_msg)
{
imc_test_state_t *test_state;
pa_tnc_attr_t *attr;
attr = ita_attr_command_create(test_state->get_command(test_state));
attr->set_noskip_flag(attr, TRUE);
out_msg->add_attribute(out_msg, attr);
-
- /* send PA-TNC message with the excl flag set */
- return out_msg->send(out_msg, TRUE);
}
/**
return TNC_RESULT_FATAL;
}
- /* send PA message for primary IMC ID */
+ /* send PA message for primary IMC ID with the EXCL flag set */
out_msg = imc_msg_create(imc_test, state, connection_id, imc_id,
TNC_IMVID_ANY, msg_types[0]);
- result = send_message(state, out_msg);
+ create_message(state, out_msg);
+ result = out_msg->send(out_msg, TRUE);
out_msg->destroy(out_msg);
/* Exit if there are no additional IMC IDs */
additional_id = (TNC_UInt32)pointer;
out_msg = imc_msg_create(imc_test, state, connection_id, additional_id,
TNC_IMVID_ANY, msg_types[0]);
- result = send_message(state, out_msg);
+ create_message(state, out_msg);
+ result = out_msg->send(out_msg, TRUE);
out_msg->destroy(out_msg);
}
enumerator->destroy(enumerator);
enumerator_t *enumerator;
pa_tnc_attr_t *attr;
pen_type_t attr_type;
- TNC_Result result;
+ TNC_Result result = TNC_RESULT_SUCCESS;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
if (fatal_error)
{
- return TNC_RESULT_FATAL;
+ result = TNC_RESULT_FATAL;
}
-
- /* if no assessment result is known then repeat the measurement */
- if (state->get_result(state, in_msg->get_dst_id(in_msg), NULL))
+ else
{
- return TNC_RESULT_SUCCESS;
+ /* if no assessment result is known then repeat the measurement */
+ if (!state->get_result(state, in_msg->get_dst_id(in_msg), NULL))
+ {
+ create_message(state, out_msg);
+ }
+ result = out_msg->send(out_msg, TRUE);
}
- out_msg = imc_msg_create_as_reply(in_msg);
- result = send_message(state, out_msg);
out_msg->destroy(out_msg);
return result;
/*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
*/
u_int32_t max_msg_len;
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
/**
* Command to transmit to IMV
*/
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_test_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_test_state_t *this, TNC_ConnectionState new_state)
{
private_imc_test_state_t *this)
{
this->results->destroy_function(this->results, free);
+ this->contracts->destroy(this->contracts);
free(this->command);
free(this);
}
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
.state = TNC_CONNECTION_STATE_CREATE,
.results = linked_list_create(),
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.command = strdup(command),
.dummy_size = dummy_size,
.first_handshake = TRUE,
*/
imv_session_t *session;
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
/**
* IMV action recommendation
*/
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_os_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, get_recommendation, void,
private_imv_os_state_t *this, TNC_IMV_Action_Recommendation *rec,
TNC_IMV_Evaluation_Result *eval)
DESTROY_IF(this->session);
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
+ this->contracts->destroy(this->contracts);
this->update_packages->destroy_function(this->update_packages, free);
this->remove_packages->destroy_function(this->remove_packages, free);
free(this);
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session = _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.update_packages = linked_list_create(),
.remove_packages = linked_list_create(),
);
*/
imv_session_t *session;
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
/**
* IMV action recommendation
*/
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_scanner_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
{
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+ this->contracts->destroy(this->contracts);
this->violating_ports->destroy_function(this->violating_ports, free);
free(this);
}
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session= _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.violating_ports = linked_list_create(),
);
/*
- * Copyright (C) 2011-2013 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
*/
imv_session_t *session;
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
/**
* IMV action recommendation
*/
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_test_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_test_state_t *this, TNC_ConnectionState new_state)
{
{
DESTROY_IF(this->session);
DESTROY_IF(this->reason_string);
+ this->contracts->destroy(this->contracts);
this->imcs->destroy_function(this->imcs, free);
free(this);
}
.get_max_msg_len = _get_max_msg_len,
.set_session = _set_session,
.get_session = _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.imcs = linked_list_create(),
);
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_contract.h"
+
+#include <utils/debug.h>
+
+#include <tncif_pa_subtypes.h>
+
+typedef struct private_seg_contract_t private_seg_contract_t;
+
+/**
+ * Private data of a seg_contract_t object.
+ *
+ */
+struct private_seg_contract_t {
+
+ /**
+ * Public seg_contract_t interface.
+ */
+ seg_contract_t public;
+
+ /**
+ * PA-TNC message type
+ */
+ pen_type_t msg_type;
+
+ /**
+ * Maximum PA-TNC attribute size
+ */
+ uint32_t max_attr_size;
+
+ /**
+ * Maximum PA-TNC attribute segment size
+ */
+ uint32_t max_seg_size;
+
+ /**
+ * Is this a null contract?
+ */
+ bool is_null;
+
+ /**
+ * Contract role
+ */
+ bool is_issuer;
+
+ /**
+ * Issuer ID (either IMV ID or IMC ID)
+ */
+ TNC_UInt32 issuer_id;
+
+ /**
+ * IMC/IMV role
+ */
+ bool is_imc;
+
+};
+
+METHOD(seg_contract_t, get_msg_type, pen_type_t,
+ private_seg_contract_t *this)
+{
+ return this->msg_type;
+}
+
+METHOD(seg_contract_t, set_max_size, void,
+ private_seg_contract_t *this, uint32_t max_attr_size, uint32_t max_seg_size)
+{
+ this->max_attr_size = max_attr_size;
+ this->max_seg_size = max_seg_size;
+ this->is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE &&
+ max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE;
+}
+
+METHOD(seg_contract_t, get_max_size, void,
+ private_seg_contract_t *this, uint32_t *max_attr_size, uint32_t *max_seg_size)
+{
+ if (max_attr_size)
+ {
+ *max_attr_size = this->max_attr_size;
+ }
+ if (max_seg_size)
+ {
+ *max_seg_size = this->max_seg_size;
+ }
+}
+
+METHOD(seg_contract_t, is_issuer, bool,
+ private_seg_contract_t *this)
+{
+ return this->is_issuer;
+}
+
+METHOD(seg_contract_t, is_null, bool,
+ private_seg_contract_t *this)
+{
+ return this->is_null;
+}
+
+METHOD(seg_contract_t, get_info_string, void,
+ private_seg_contract_t *this, char *buf, size_t len)
+{
+ enum_name_t *pa_subtype_names;
+ uint32_t msg_vid, msg_subtype;
+ char *pos = buf;
+ int written;
+
+ /* nul-terminate the string buffer */
+ buf[--len] = '\0';
+
+ if (this->is_issuer)
+ {
+ written = snprintf(pos, len, "%s %d requests",
+ this->is_imc ? "IMC" : "IMV", this->issuer_id);
+ }
+ else
+ {
+ written = snprintf(pos, len, "received");
+ }
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ written = snprintf(pos, len, " a %ssegmentation contract ",
+ this->is_null ? "null" : "");
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ if (!this->is_issuer && this->issuer_id != TNC_IMVID_ANY)
+ {
+ written = snprintf(pos, len, "from %s %d ",
+ this->is_imc ? "IMV" : "IMC", this->issuer_id);
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+ }
+
+ msg_vid = this->msg_type.vendor_id;
+ msg_subtype = this->msg_type.type;
+ pa_subtype_names = get_pa_subtype_names(msg_vid);
+ if (pa_subtype_names)
+ {
+ written = snprintf(pos, len, "for PA message type '%N/%N' "
+ "0x%06x/0x%08x", pen_names, msg_vid,
+ pa_subtype_names, msg_subtype, msg_vid,
+ msg_subtype);
+ }
+ else
+ {
+ written = snprintf(pos, len, "for PA message type '%N' "
+ "0x%06x/0x%08x", pen_names, msg_vid,
+ msg_vid, msg_subtype);
+ }
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ if (!this->is_null)
+ {
+ written = snprintf(pos, len, "\n maximum attribute size of %u bytes "
+ "with ", this->max_attr_size);
+ if (written < 0 || written > len)
+ {
+ return;
+ }
+ pos += written;
+ len -= written;
+
+ if (this->max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE)
+ {
+ written = snprintf(pos, len, "no segmentation");
+ }
+ else
+ {
+ written = snprintf(pos, len, "maximum segment size of %u bytes",
+ this->max_seg_size);
+ }
+ }
+}
+
+METHOD(seg_contract_t, destroy, void,
+ private_seg_contract_t *this)
+{
+ free(this);
+}
+
+/**
+ * See header
+ */
+seg_contract_t *seg_contract_create(pen_type_t msg_type,
+ uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool is_issuer, TNC_UInt32 issuer_id,
+ bool is_imc)
+{
+ private_seg_contract_t *this;
+
+ INIT(this,
+ .public = {
+ .get_msg_type = _get_msg_type,
+ .set_max_size = _set_max_size,
+ .get_max_size = _get_max_size,
+ .is_issuer = _is_issuer,
+ .is_null = _is_null,
+ .get_info_string = _get_info_string,
+ .destroy = _destroy,
+ },
+ .msg_type = msg_type,
+ .max_attr_size = max_attr_size,
+ .max_seg_size = max_seg_size,
+ .is_issuer = is_issuer,
+ .issuer_id = issuer_id,
+ .is_imc = is_imc,
+ .is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE &&
+ max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE,
+ );
+
+ return &this->public;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_contract seg_contract
+ * @{ @ingroup libimcv
+ */
+
+#ifndef SEG_CONTRACT_H_
+#define SEG_CONTRACT_H_
+
+typedef struct seg_contract_t seg_contract_t;
+
+#include <library.h>
+#include <pen/pen.h>
+
+#include <tncif.h>
+
+#define SEG_CONTRACT_MAX_SIZE_VALUE 0xffffffff
+#define SEG_CONTRACT_NO_FRAGMENTATION SEG_CONTRACT_MAX_SIZE_VALUE
+
+/**
+ * Interface for a PA-TNC attribute segmentation contract
+ *
+ */
+struct seg_contract_t {
+
+ /**
+ * Get the PA-TNC message type.
+ *
+ * @return PA-TNC Message type
+ */
+ pen_type_t (*get_msg_type)(seg_contract_t *this);
+
+ /**
+ * Set maximum PA-TNC attribute and segment size in octets
+ *
+ * @param max_attr_size Maximum PA-TNC attribute size in octets
+ * @param max_seg_size Maximum PA-TNC attribute segment size in octets
+ */
+ void (*set_max_size)(seg_contract_t *this, uint32_t max_attr_size,
+ uint32_t max_seg_size);
+
+ /**
+ * Get maximum PA-TNC attribute and segment size in octets
+ *
+ * @param max_attr_size Maximum PA-TNC attribute size in octets
+ * @param max_seg_size Maximum PA-TNC attribute segment size in octets
+ */
+ void (*get_max_size)(seg_contract_t *this, uint32_t *max_attr_size,
+ uint32_t *max_seg_size);
+
+ /**
+ * Get contract role
+ *
+ * @return TRUE: contracting party (issuer),
+ * FALSE: contracted party
+ */
+ bool (*is_issuer)(seg_contract_t *this);
+
+ /**
+ * Is this a null contract ?
+ *
+ * @return TRUE if null contract
+ */
+ bool (*is_null)(seg_contract_t *this);
+
+ /**
+ * Get an info string about the contract
+ *
+ * @param buf String buffer of at least size len
+ * @param len Size of string buffer
+ */
+ void (*get_info_string)(seg_contract_t *this, char *buf, size_t len);
+
+ /**
+ * Destroys a seg_contract_t object.
+ */
+ void (*destroy)(seg_contract_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segmentation contract
+ *
+ * @param msg_type PA-TNC message type
+ * @param max_attr_size Maximum PA-TNC attribute size in octets
+ * @param max_seg_size Maximum PA-TNC attribute segment size in octets
+ * @param is_issuer TRUE if issuer of the contract
+ * @param issuer_id IMC or IMV ID of issuer
+ * @param is_imc TRUE if IMC, FALSE if IMV
+ */
+seg_contract_t* seg_contract_create(pen_type_t msg_type,
+ uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool is_issuer, TNC_UInt32 issuer_id,
+ bool is_imc);
+
+#endif /** SEG_CONTRACT_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "seg_contract_manager.h"
+
+typedef struct private_seg_contract_manager_t private_seg_contract_manager_t;
+
+/**
+ * Private data of a seg_contract_manager_t object.
+ *
+ */
+struct private_seg_contract_manager_t {
+
+ /**
+ * Public seg_contract_manager_t interface.
+ */
+ seg_contract_manager_t public;
+
+ /**
+ * List of PA-TNC segmentation contracts
+ */
+ linked_list_t *contracts;
+
+};
+
+METHOD(seg_contract_manager_t, add_contract, void,
+ private_seg_contract_manager_t *this, seg_contract_t *contract)
+{
+ this->contracts->insert_last(this->contracts, contract);
+}
+
+METHOD(seg_contract_manager_t, get_contract, seg_contract_t*,
+ private_seg_contract_manager_t *this, pen_type_t msg_type, bool is_issuer)
+{
+ enumerator_t *enumerator;
+ seg_contract_t *contract, *found = NULL;
+
+ enumerator = this->contracts->create_enumerator(this->contracts);
+ while (enumerator->enumerate(enumerator, &contract))
+ {
+ if (contract->is_issuer(contract) == is_issuer &&
+ pen_type_equals(contract->get_msg_type(contract), msg_type))
+ {
+ found = contract;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ return found;
+}
+
+METHOD(seg_contract_manager_t, destroy, void,
+ private_seg_contract_manager_t *this)
+{
+ this->contracts->destroy_offset(this->contracts,
+ offsetof(seg_contract_t, destroy));
+ free(this);
+}
+
+/**
+ * See header
+ */
+seg_contract_manager_t *seg_contract_manager_create(void)
+{
+ private_seg_contract_manager_t *this;
+
+ INIT(this,
+ .public = {
+ .add_contract = _add_contract,
+ .get_contract = _get_contract,
+ .destroy = _destroy,
+ },
+ .contracts = linked_list_create(),
+ );
+
+ return &this->public;
+}
+
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup seg_contract_manager seg_contract_manager
+ * @{ @ingroup libimcv
+ */
+
+#ifndef SEG_CONTRACT_MANAGER_H_
+#define SEG_CONTRACT_MANAGER_H_
+
+typedef struct seg_contract_manager_t seg_contract_manager_t;
+
+#include "seg_contract.h"
+
+/**
+ * Interface for a PA-TNC attribute segmentation contract manager
+ *
+ */
+struct seg_contract_manager_t {
+
+ /**
+ * Add segmentation contract
+ *
+ * @param contract Segmentation contract to be added
+ */
+ void (*add_contract)(seg_contract_manager_t *this, seg_contract_t *contract);
+
+ /**
+ * Get segmentation contract
+ *
+ * @param msg_type PA-TNC message type governed by contract
+ * @param is_issuer If TRUE get only issuer contracts
+ */
+ seg_contract_t* (*get_contract)(seg_contract_manager_t *this,
+ pen_type_t msg_type, bool is_issuer);
+
+ /**
+ * Destroys a seg_contract_manager_t object.
+ */
+ void (*destroy)(seg_contract_manager_t *this);
+};
+
+/**
+ * Create a PA-TNC attribute segmentation contract manager
+ */
+seg_contract_manager_t* seg_contract_manager_create();
+
+#endif /** SEG_CONTRACT_MANAGER_H_ @}*/
tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \
tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \
tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
+ tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
+ tcg/seg/tcg_seg_attr_seg_env.h \
tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
TNC_Result result;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
if (result == TNC_RESULT_SUCCESS)
{
- /* send PA-TNC message with the excl flag set */
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
/*
- * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen
+ * Copyright (C) 2011-2012 Sansar Choinyambuu
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
*/
u_int32_t max_msg_len;
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
/**
* PTS object
*/
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_attestation_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
{
offsetof(pts_component_t, destroy));
this->list->destroy_offset(this->list,
offsetof(pts_comp_evidence_t, destroy));
+ this->contracts->destroy(this->contracts);
free(this);
}
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
.connection_id = connection_id,
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+ .contracts = seg_contract_manager_create(),
.pts = pts_create(TRUE),
.components = linked_list_create(),
.list = linked_list_create(),
TNC_Result result;
bool fatal_error = FALSE;
+ /* generate an outgoing PA-TNC message - we might need it */
+ out_msg = imc_msg_create_as_reply(in_msg);
+
/* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, &fatal_error);
+ result = in_msg->receive(in_msg, out_msg, &fatal_error);
if (result != TNC_RESULT_SUCCESS)
{
+ out_msg->destroy(out_msg);
return result;
}
- out_msg = imc_msg_create_as_reply(in_msg);
/* analyze PA-TNC attributes */
enumerator = in_msg->create_attribute_enumerator(in_msg);
}
else
{
+ /* send PA-TNC message with the EXCL flag set */
result = out_msg->send(out_msg, TRUE);
}
out_msg->destroy(out_msg);
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
*/
u_int32_t max_msg_len;
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
/**
* Event ID Epoch
*/
return this->max_msg_len;
}
+METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
+ private_imc_swid_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imc_state_t, change_state, void,
private_imc_swid_state_t *this, TNC_ConnectionState new_state)
{
METHOD(imc_state_t, destroy, void,
private_imc_swid_state_t *this)
{
+ this->contracts->destroy(this->contracts);
free(this);
}
.set_flags = _set_flags,
.set_max_msg_len = _set_max_msg_len,
.get_max_msg_len = _get_max_msg_len,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.eid_epoch = eid_epoch,
);
*/
imv_session_t *session;
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
/**
* IMV Attestation handshake state
*/
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_attestation_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
{
DESTROY_IF(this->reason_string);
this->components->destroy_function(this->components, (void *)free_func_comp);
this->pts->destroy(this->pts);
+ this->contracts->destroy(this->contracts);
free(this);
}
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session = _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
.handshake_state = IMV_ATTESTATION_STATE_INIT,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+ .contracts = seg_contract_manager_create(),
.components = linked_list_create(),
.pts = pts_create(FALSE),
);
#include "libpts.h"
#include "swid/swid_error.h"
#include "swid/swid_inventory.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
#include "tcg/swid/tcg_swid_attr_req.h"
#include "tcg/swid/tcg_swid_attr_tag_inv.h"
#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
+#define SWID_MAX_ATTR_SIZE 1000000000
+
/* Subscribed PA-TNC message subtypes */
static pen_type_t msg_types[] = {
{ PEN_TCG, PA_SUBTYPE_TCG_SWID }
if (handshake_state == IMV_SWID_STATE_INIT &&
session->get_policy_started(session))
{
+ size_t max_attr_size = SWID_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ char buf[BUF_LEN];
+
enumerator = session->create_workitem_enumerator(session);
if (enumerator)
{
{
flags |= TCG_SWID_ATTR_REQ_FLAG_C;
}
+
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER;
+
+ /* Announce support of PA-TNC segmentation to IMC */
+ contract = seg_contract_create(msg_types[0], max_attr_size,
+ max_seg_size, TRUE, imv_id, FALSE);
+ contract->get_info_string(contract, buf, BUF_LEN);
+ DBG2(DBG_IMV, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+
+ /* Issue a SWID request */
request_id = workitem->get_id(workitem);
swid_state->set_request_id(swid_state, request_id);
attr = tcg_swid_attr_req_create(flags, request_id, 0);
workitem->set_imv_id(workitem, imv_id);
no_workitems = FALSE;
DBG2(DBG_IMV, "IMV %d issues SWID request %d",
- imv_id, request_id);
+ imv_id, request_id);
break;
}
enumerator->destroy(enumerator);
{
return NULL;
}
+ agent->add_non_fatal_attr_type(agent,
+ pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ));
INIT(this,
.public = {
uint32_t action_flags;
/**
- * IMV database session associatied with TNCCS connection
+ * IMV database session associated with TNCCS connection
*/
imv_session_t *session;
+ /**
+ * PA-TNC attribute segmentation contracts associated with TNCCS connection
+ */
+ seg_contract_manager_t *contracts;
+
/**
* IMV action recommendation
*/
return this->session;
}
+METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
+ private_imv_swid_state_t *this)
+{
+ return this->contracts;
+}
+
METHOD(imv_state_t, change_state, void,
private_imv_swid_state_t *this, TNC_ConnectionState new_state)
{
DESTROY_IF(this->session);
DESTROY_IF(this->reason_string);
DESTROY_IF(this->remediation_string);
+ this->contracts->destroy(this->contracts);
free(this);
}
.get_action_flags = _get_action_flags,
.set_session = _set_session,
.get_session= _get_session,
+ .get_contracts = _get_contracts,
.change_state = _change_state,
.get_recommendation = _get_recommendation,
.set_recommendation = _set_recommendation,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
.eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
+ .contracts = seg_contract_manager_create(),
.jobj = json_object_new_object(),
.jarray = json_object_new_array(),
);
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tcg_seg_attr_max_size.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/debug.h>
+
+typedef struct private_tcg_seg_attr_max_size_t private_tcg_seg_attr_max_size_t;
+
+/**
+ * Maximum Attribute Size Request/Response
+ * see TCG IF-M Segmentation Specification
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Max Attribute Size |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Max Segment Size |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * Private data of an tcg_seg_attr_max_size_t object.
+ */
+struct private_tcg_seg_attr_max_size_t {
+
+ /**
+ * Public members of tcg_seg_attr_max_size_t
+ */
+ tcg_seg_attr_max_size_t public;
+
+ /**
+ * Vendor-specific attribute type
+ */
+ pen_type_t type;
+
+ /**
+ * Attribute value
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Maximum IF-M attribute size in octets
+ */
+ uint32_t max_attr_size;
+
+ /**
+ * Maximum IF-M attribute segment size in octets
+ */
+ uint32_t max_seg_size;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_type, pen_type_t,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_tcg_seg_attr_max_size_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ bio_writer_t *writer;
+
+ if (this->value.ptr)
+ {
+ return;
+ }
+ writer = bio_writer_create(TCG_SEG_ATTR_MAX_SIZE_SIZE);
+ writer->write_uint32(writer, this->max_attr_size);
+ writer->write_uint32(writer, this->max_seg_size);
+
+ this->value = writer->extract_buf(writer);
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_tcg_seg_attr_max_size_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+
+ if (this->value.len < TCG_SEG_ATTR_MAX_SIZE_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for %N", tcg_attr_names,
+ this->type.type);
+ *offset = 0;
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint32(reader, &this->max_attr_size);
+ reader->read_uint32(reader, &this->max_seg_size);
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_tcg_seg_attr_max_size_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(tcg_seg_attr_max_size_t, get_attr_size, void,
+ private_tcg_seg_attr_max_size_t *this, uint32_t *max_attr_size,
+ uint32_t *max_seg_size)
+{
+ if (max_attr_size)
+ {
+ *max_attr_size = this->max_attr_size;
+ }
+ if (max_seg_size)
+ {
+ *max_seg_size = this->max_seg_size;
+ }
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool request)
+{
+ private_tcg_seg_attr_max_size_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_attr_size = _get_attr_size,
+ },
+ .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ :
+ TCG_SEG_MAX_ATTR_SIZE_RESP },
+ .max_attr_size = max_attr_size,
+ .max_seg_size = max_seg_size,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *tcg_seg_attr_max_size_create_from_data(chunk_t data,
+ bool request)
+{
+ private_tcg_seg_attr_max_size_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_attr_size = _get_attr_size,
+ },
+ .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ :
+ TCG_SEG_MAX_ATTR_SIZE_RESP },
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_max_size tcg_seg_attr_max_size
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_MAX_SIZE_H_
+#define TCG_SEG_ATTR_MAX_SIZE_H_
+
+typedef struct tcg_seg_attr_max_size_t tcg_seg_attr_max_size_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_MAX_SIZE_SIZE 8
+
+/**
+ * Class implementing the TCG Segmentation Maximum Attribute Size Attribute
+ */
+struct tcg_seg_attr_max_size_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get maximum IF-M attribute and segment size in octets
+ *
+ * @param max_attr_size Maximum IF-M attribute size in octets
+ * @param max_seg_size Maximum IF-M attribute segment size in octets
+ */
+ void (*get_attr_size)(tcg_seg_attr_max_size_t *this,
+ uint32_t *max_attr_size, uint32_t *max_seg_size);
+
+};
+
+/**
+ * Creates an tcg_seg_attr_max_size_t object
+ *
+ * @param max_attr_size Maximum IF-M attribute size in octets
+ * @param max_seg_size Maximum IF-M attribute segment size in octets
+ * @param request TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size,
+ uint32_t max_seg_size,
+ bool request);
+
+/**
+ * Creates an tcg_seg_attr_max_size_t object from received data
+ *
+ * @param value unparsed attribute value
+ * @param request TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_max_size_create_from_data(chunk_t value,
+ bool request);
+
+#endif /** TCG_SEG_ATTR_MAX_SIZE_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tcg_seg_attr_seg_env tcg_seg_attr_seg_env
+ * @{ @ingroup tcg_attr
+ */
+
+#ifndef TCG_SEG_ATTR_SEG_ENV_H_
+#define TCG_SEG_ATTR_SEG_ENV_H_
+
+typedef struct tcg_seg_attr_seg_env_t tcg_seg_attr_seg_env_t;
+
+#include "tcg/tcg_attr.h"
+
+#define TCG_SEG_ATTR_SEG_ENV_HEADER 4
+
+/**
+ * Class implementing the TCG Segmentation Envelope Attribute
+ */
+struct tcg_seg_attr_seg_env_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+};
+
+/**
+ * Creates an tcg_seg_attr_seg_env_t object
+ *
+ * @param max_attr_size Maximum IF-M attribute size in octets
+ * @param max_seg_size Maximum IF-M attribute segment size in octets
+ * @param request TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create(chunk_t segment, uint8_t flags);
+
+/**
+ * Creates an tcg_seg_attr_seg_env_t object from received data
+ *
+ * @param value unparsed attribute value
+ * @param request TRUE for a request, FALSE for a response
+ */
+pa_tnc_attr_t* tcg_seg_attr_seg_env_create_from_data(chunk_t value);
+
+#endif /** TCG_SEG_ATTR_SEG_ENV_H_ @}*/
/*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
#include "tcg/swid/tcg_swid_attr_req.h"
#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
#include "tcg/swid/tcg_swid_attr_tag_inv.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
ENUM_BEGIN(tcg_attr_names, TCG_SCAP_REFERENCES,
TCG_SCAP_SUMMARY_RESULTS,
"SWID Tag Identifier Events",
"SWID Tag Inventory",
"SWID Tag Events");
+ENUM_NEXT(tcg_attr_names, TCG_SEG_MAX_ATTR_SIZE_REQ,
+ TCG_SEG_CANCEL_SEG_EXCH,
+ TCG_SWID_TAG_EVENTS,
+ "Max Attribute Size Request",
+ "Max Attribute Size Response",
+ "Attribute Segment Envelope",
+ "Next Segment Request",
+ "Cancel Segment Exchange");
ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FUNC_COMP_EVID,
TCG_PTS_REQ_FUNC_COMP_EVID,
- TCG_SWID_TAG_EVENTS,
+ TCG_SEG_CANCEL_SEG_EXCH,
"Request Functional Component Evidence");
ENUM_NEXT(tcg_attr_names, TCG_PTS_GEN_ATTEST_EVID,
TCG_PTS_GEN_ATTEST_EVID,
return tcg_swid_attr_tag_id_inv_create_from_data(value);
case TCG_SWID_TAG_INVENTORY:
return tcg_swid_attr_tag_inv_create_from_data(value);
+ case TCG_SEG_MAX_ATTR_SIZE_REQ:
+ return tcg_seg_attr_max_size_create_from_data(value, TRUE);
+ case TCG_SEG_MAX_ATTR_SIZE_RESP:
+ return tcg_seg_attr_max_size_create_from_data(value, FALSE);
case TCG_PTS_REQ_PROTO_CAPS:
return tcg_pts_attr_proto_caps_create_from_data(value, TRUE);
case TCG_PTS_PROTO_CAPS:
/*
- * Copyright (C) 2011 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
TCG_SWID_TAG_INVENTORY = 0x00000014,
TCG_SWID_TAG_EVENTS = 0x00000015,
+ /* IF-M Attribute Segmentation */
+ TCG_SEG_MAX_ATTR_SIZE_REQ = 0x00000021,
+ TCG_SEG_MAX_ATTR_SIZE_RESP = 0x00000022,
+ TCG_SEG_ATTR_SEG_ENV = 0x00000023,
+ TCG_SEG_NEXT_SEG_REQ = 0x00000024,
+ TCG_SEG_CANCEL_SEG_EXCH = 0x00000025,
+
/* PTS Protocol Negotiations */
TCG_PTS_REQ_PROTO_CAPS = 0x01000000,
TCG_PTS_PROTO_CAPS = 0x02000000,
projects / thirdparty / strongswan.git / commitdiff
