From: Andreas Steffen Date: Tue, 5 Aug 2014 16:36:03 +0000 (+0200) Subject: Implemented IF-M segmentation contracts X-Git-Tag: 5.2.1dr1~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f50968976b4f1e3415833edb26877889fe1eeed7;p=thirdparty%2Fstrongswan.git Implemented IF-M segmentation contracts --- diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 4bed3bf03f..8b3ca5daad 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -1,6 +1,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libtncif + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libpts ipseclib_LTLIBRARIES = libimcv.la @@ -54,7 +55,9 @@ libimcv_la_SOURCES = \ os_info/os_info.h os_info/os_info.c \ pa_tnc/pa_tnc_attr.h \ pa_tnc/pa_tnc_msg.h pa_tnc/pa_tnc_msg.c \ - pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c + pa_tnc/pa_tnc_attr_manager.h pa_tnc/pa_tnc_attr_manager.c \ + seg_contract/seg_contract.h seg_contract/seg_contract.c \ + seg_contract/seg_contract_manager.h seg_contract/seg_contract_manager.c ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy Android.mk diff --git a/src/libimcv/imc/imc_msg.c b/src/libimcv/imc/imc_msg.c index 5f2772e69e..4c4455eeda 100644 --- a/src/libimcv/imc/imc_msg.c +++ b/src/libimcv/imc/imc_msg.c @@ -20,6 +20,10 @@ #include "ietf/ietf_attr_remediation_instr.h" #include +#include + +#include +#include #include #include @@ -208,7 +212,7 @@ static void print_assessment_trailer(bool first) } METHOD(imc_msg_t, receive, TNC_Result, - private_imc_msg_t *this, bool *fatal_error) + private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error) { linked_list_t *non_fatal_types; TNC_UInt32 target_imc_id; @@ -252,32 +256,110 @@ METHOD(imc_msg_t, receive, TNC_Result, break; case VERIFY_ERROR: { - imc_msg_t *error_msg; - TNC_Result result; - - error_msg = imc_msg_create_as_reply(&this->public); - /* extract and copy by reference all error attributes */ enumerator = this->pa_msg->create_error_enumerator(this->pa_msg); while (enumerator->enumerate(enumerator, &attr)) { - error_msg->add_attribute(error_msg, attr->get_ref(attr)); + out_msg->add_attribute(out_msg, attr->get_ref(attr)); } enumerator->destroy(enumerator); - - /* - * send the PA-TNC message containing all error attributes - * with the excl flag set - */ - result = error_msg->send(error_msg, TRUE); - error_msg->destroy(error_msg); - return result; + return TNC_RESULT_SUCCESS; } case FAILED: default: return TNC_RESULT_FATAL; } + /* process any IF-M segmentation contracts */ + enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + tcg_seg_attr_max_size_t *attr_cast; + uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + char buf[BUF_LEN]; + pen_type_t type; + + type = attr->get_type(attr); + + if (type.vendor_id != PEN_TCG) + { + continue; + } + + if (type.type == TCG_SEG_MAX_ATTR_SIZE_REQ) + { + attr_cast = (tcg_seg_attr_max_size_t*)attr; + attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size); + + contracts = this->state->get_contracts(this->state); + contract = contracts->get_contract(contracts, this->msg_type, FALSE); + if (contract) + { + contract->set_max_size(contract, max_attr_size, max_seg_size); + } + else + { + contract = seg_contract_create(this->msg_type, max_attr_size, + max_seg_size, FALSE, this->src_id, TRUE); + contracts->add_contract(contracts, contract); + } + contract->get_info_string(contract, buf, BUF_LEN); + DBG2(DBG_IMC, "%s", buf); + + /* Determine maximum PA-TNC attribute segment size */ + my_max_seg_size = this->state->get_max_msg_len(this->state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_MAX_SIZE_SIZE; + + /* If segmentation is not prohibited select lower segment size */ + if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION && + max_seg_size > my_max_seg_size) + { + max_seg_size = my_max_seg_size; + contract->set_max_size(contract, max_attr_size, max_seg_size); + DBG2(DBG_IMC, " lowered maximum segment size to %u bytes", + max_seg_size); + } + + /* Add Maximum Attribute Size Response attribute */ + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, FALSE); + out_msg->add_attribute(out_msg, attr); + } + else if (type.type == TCG_SEG_MAX_ATTR_SIZE_RESP) + { + attr_cast = (tcg_seg_attr_max_size_t*)attr; + attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size); + + contracts = this->state->get_contracts(this->state); + contract = contracts->get_contract(contracts, this->msg_type, TRUE); + if (contract) + { + contract->get_max_size(contract, &my_max_attr_size, + &my_max_seg_size); + if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION && + my_max_seg_size > max_seg_size) + { + my_max_seg_size = max_seg_size; + contract->set_max_size(contract, my_max_attr_size, + my_max_seg_size); + contract->get_info_string(contract, buf, BUF_LEN); + DBG2(DBG_IMC, "%s", buf); + } + } + else + { + /* TODO no request pending */ + } + } + } + enumerator->destroy(enumerator); + /* determine target IMC ID */ target_imc_id = (this->dst_id != TNC_IMCID_ANY) ? this->dst_id : this->agent->get_id(this->agent); @@ -300,16 +382,16 @@ METHOD(imc_msg_t, receive, TNC_Result, if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT) { ietf_attr_assess_result_t *attr_cast; - TNC_IMV_Evaluation_Result result; + TNC_IMV_Evaluation_Result res; attr_cast = (ietf_attr_assess_result_t*)attr; - result = attr_cast->get_result(attr_cast); - this->state->set_result(this->state, target_imc_id, result); + res = attr_cast->get_result(attr_cast); + this->state->set_result(this->state, target_imc_id, res); print_assessment_header(this->agent->get_name(this->agent), target_imc_id, this->src_id, &first); DBG1(DBG_IMC, "assessment result is '%N'", - TNC_IMV_Evaluation_Result_names, result); + TNC_IMV_Evaluation_Result_names, res); } else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS) { diff --git a/src/libimcv/imc/imc_msg.h b/src/libimcv/imc/imc_msg.h index 5a68e9ed9d..a8c4d3c02a 100644 --- a/src/libimcv/imc/imc_msg.h +++ b/src/libimcv/imc/imc_msg.h @@ -65,10 +65,12 @@ struct imc_msg_t { /** * Processes a received PA-TNC message * + * @param out_msg outgoing PA-TN message * @param fatal_error TRUE if IMV sent a fatal error message * @return TNC result code */ - TNC_Result (*receive)(imc_msg_t *this, bool *fatal_error); + TNC_Result (*receive)(imc_msg_t *this, imc_msg_t *out_msg, + bool *fatal_error); /** * Add a PA-TNC attribute to the send queue diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h index 7e763fbe16..e3e83a3b92 100644 --- a/src/libimcv/imc/imc_state.h +++ b/src/libimcv/imc/imc_state.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -22,6 +22,8 @@ #ifndef IMC_STATE_H_ #define IMC_STATE_H_ +#include "seg_contract/seg_contract_manager.h" + #include #include #include @@ -79,6 +81,13 @@ struct imc_state_t { */ u_int32_t (*get_max_msg_len)(imc_state_t *this); + /** + * Get attribute segmentation contracts associated with TNCCS Connection + * + * @return contracts associated with TNCCS Connection + */ + seg_contract_manager_t* (*get_contracts)(imc_state_t *this); + /** * Change the connection state * diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c index 35017b508a..e25857dcfb 100644 --- a/src/libimcv/imv/imv_msg.c +++ b/src/libimcv/imv/imv_msg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -20,6 +20,10 @@ #include "ietf/ietf_attr_remediation_instr.h" #include +#include + +#include +#include #include #include @@ -248,6 +252,7 @@ METHOD(imv_msg_t, send_assessment, TNC_Result, METHOD(imv_msg_t, receive, TNC_Result, private_imv_msg_t *this, bool *fatal_error) { + TNC_Result result = TNC_RESULT_SUCCESS; linked_list_t *non_fatal_types; enumerator_t *enumerator; pa_tnc_attr_t *attr; @@ -288,7 +293,6 @@ METHOD(imv_msg_t, receive, TNC_Result, case VERIFY_ERROR: { imv_msg_t *error_msg; - TNC_Result result; error_msg = imv_msg_create_as_reply(&this->public); @@ -313,12 +317,111 @@ METHOD(imv_msg_t, receive, TNC_Result, return TNC_RESULT_FATAL; } + /* process any IF-M segmentation contracts */ + enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg); + while (enumerator->enumerate(enumerator, &attr)) + { + uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size; + tcg_seg_attr_max_size_t *attr_cast; + imv_msg_t *out_msg; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + char buf[BUF_LEN]; + pen_type_t type; + + type = attr->get_type(attr); + + if (type.vendor_id != PEN_TCG) + { + continue; + } + + if (type.type == TCG_SEG_MAX_ATTR_SIZE_REQ) + { + attr_cast = (tcg_seg_attr_max_size_t*)attr; + attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size); + + contracts = this->state->get_contracts(this->state); + contract = contracts->get_contract(contracts, this->msg_type, FALSE); + if (contract) + { + contract->set_max_size(contract, max_attr_size, max_seg_size); + } + else + { + contract = seg_contract_create(this->msg_type, max_attr_size, + max_seg_size, FALSE, this->src_id, FALSE); + contracts->add_contract(contracts, contract); + } + contract->get_info_string(contract, buf, BUF_LEN); + DBG2(DBG_IMV, "%s", buf); + + /* Determine maximum PA-TNC attribute segment size */ + my_max_seg_size = this->state->get_max_msg_len(this->state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_MAX_SIZE_SIZE; + + /* If segmentation is not prohibited select lower segment size */ + if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION && + max_seg_size > my_max_seg_size) + { + max_seg_size = my_max_seg_size; + contract->set_max_size(contract, max_attr_size, max_seg_size); + contract->get_info_string(contract, buf, BUF_LEN); + DBG2(DBG_IMV, " lowered maximum segment size to %u bytes", + max_seg_size); + } + + /* Send Maximum Attribute Size Response */ + out_msg = imv_msg_create_as_reply(&this->public); + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, FALSE); + out_msg->add_attribute(out_msg, attr); + result = out_msg->send(out_msg, TRUE); + out_msg->destroy(out_msg); + if (result != TNC_RESULT_SUCCESS) + { + break; + } + } + else if (type.type == TCG_SEG_MAX_ATTR_SIZE_RESP) + { + attr_cast = (tcg_seg_attr_max_size_t*)attr; + attr_cast->get_attr_size(attr_cast, &max_attr_size, &max_seg_size); + + contracts = this->state->get_contracts(this->state); + contract = contracts->get_contract(contracts, this->msg_type, TRUE); + if (contract) + { + contract->get_max_size(contract, &my_max_attr_size, + &my_max_seg_size); + if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION && + my_max_seg_size > max_seg_size) + { + my_max_seg_size = max_seg_size; + contract->set_max_size(contract, my_max_attr_size, + my_max_seg_size); + contract->get_info_string(contract, buf, BUF_LEN); + DBG2(DBG_IMV, "%s", buf); + } + } + else + { + /* TODO no request pending */ + } + } + } + enumerator->destroy(enumerator); + /* preprocess any received IETF standard error attributes */ non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent); *fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg, non_fatal_types); - return TNC_RESULT_SUCCESS; + return result; } METHOD(imv_msg_t, get_attribute_count, int, diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h index d11d15e0df..3a93a5f95b 100644 --- a/src/libimcv/imv/imv_state.h +++ b/src/libimcv/imv/imv_state.h @@ -23,6 +23,7 @@ #define IMV_STATE_H_ #include "imv_session.h" +#include "seg_contract/seg_contract_manager.h" #include @@ -107,6 +108,13 @@ struct imv_state_t { */ imv_session_t* (*get_session)(imv_state_t *this); + /** + * Get attribute segmentation contracts associated with TNCCS Connection + * + * @return Contracts associated with TNCCS Connection + */ + seg_contract_manager_t* (*get_contracts)(imv_state_t *this); + /** * Change the connection state * diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index c624d26b1a..785280c28c 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -491,13 +491,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) TNC_Result result; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } - out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); @@ -582,6 +585,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) } else { + /* send PA-TNC message with the EXCL flag set */ result = out_msg->send(out_msg, TRUE); } out_msg->destroy(out_msg); diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c index f49959ab9a..139ab0597d 100644 --- a/src/libimcv/plugins/imc_os/imc_os_state.c +++ b/src/libimcv/plugins/imc_os/imc_os_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -60,6 +60,11 @@ struct private_imc_os_state_t { * Maximum PA-TNC message size for this TNCCS connection */ u_int32_t max_msg_len; + + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; }; METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, @@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_os_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_os_state_t *this, TNC_ConnectionState new_state) { @@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool, METHOD(imc_state_t, destroy, void, private_imc_os_state_t *this) { + this->contracts->destroy(this->contracts); free(this); } @@ -145,6 +157,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -154,6 +167,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id) .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), ); return &this->public.interface; diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index 2be6a87df1..0478841cb5 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -299,13 +299,16 @@ static TNC_Result receive_message(imc_msg_t *in_msg) TNC_Result result = TNC_RESULT_SUCCESS; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } - out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); @@ -352,6 +355,7 @@ static TNC_Result receive_message(imc_msg_t *in_msg) } else if (result == TNC_RESULT_SUCCESS) { + /* send PA-TNC message with the EXCL flag set */ result = out_msg->send(out_msg, TRUE); } out_msg->destroy(out_msg); diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c index b5a6cdd209..d357859fad 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -60,6 +60,11 @@ struct private_imc_scanner_state_t { * Maximum PA-TNC message size for this TNCCS connection */ u_int32_t max_msg_len; + + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; }; METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, @@ -99,6 +104,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_scanner_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_scanner_state_t *this, TNC_ConnectionState new_state) { @@ -126,6 +137,7 @@ METHOD(imc_state_t, get_result, bool, METHOD(imc_state_t, destroy, void, private_imc_scanner_state_t *this) { + this->contracts->destroy(this->contracts); free(this); } @@ -145,6 +157,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -154,6 +167,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id) .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), ); return &this->public.interface; diff --git a/src/libimcv/plugins/imc_test/imc_test.c b/src/libimcv/plugins/imc_test/imc_test.c index ee982d93bc..d38ace1400 100644 --- a/src/libimcv/plugins/imc_test/imc_test.c +++ b/src/libimcv/plugins/imc_test/imc_test.c @@ -181,7 +181,7 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, } } -static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg) +static void create_message(imc_state_t *state, imc_msg_t *out_msg) { imc_test_state_t *test_state; pa_tnc_attr_t *attr; @@ -196,9 +196,6 @@ static TNC_Result send_message(imc_state_t *state, imc_msg_t *out_msg) attr = ita_attr_command_create(test_state->get_command(test_state)); attr->set_noskip_flag(attr, TRUE); out_msg->add_attribute(out_msg, attr); - - /* send PA-TNC message with the excl flag set */ - return out_msg->send(out_msg, TRUE); } /** @@ -224,10 +221,11 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, return TNC_RESULT_FATAL; } - /* send PA message for primary IMC ID */ + /* send PA message for primary IMC ID with the EXCL flag set */ out_msg = imc_msg_create(imc_test, state, connection_id, imc_id, TNC_IMVID_ANY, msg_types[0]); - result = send_message(state, out_msg); + create_message(state, out_msg); + result = out_msg->send(out_msg, TRUE); out_msg->destroy(out_msg); /* Exit if there are no additional IMC IDs */ @@ -253,7 +251,8 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, additional_id = (TNC_UInt32)pointer; out_msg = imc_msg_create(imc_test, state, connection_id, additional_id, TNC_IMVID_ANY, msg_types[0]); - result = send_message(state, out_msg); + create_message(state, out_msg); + result = out_msg->send(out_msg, TRUE); out_msg->destroy(out_msg); } enumerator->destroy(enumerator); @@ -267,13 +266,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) enumerator_t *enumerator; pa_tnc_attr_t *attr; pen_type_t attr_type; - TNC_Result result; + TNC_Result result = TNC_RESULT_SUCCESS; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } @@ -308,16 +311,17 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) if (fatal_error) { - return TNC_RESULT_FATAL; + result = TNC_RESULT_FATAL; } - - /* if no assessment result is known then repeat the measurement */ - if (state->get_result(state, in_msg->get_dst_id(in_msg), NULL)) + else { - return TNC_RESULT_SUCCESS; + /* if no assessment result is known then repeat the measurement */ + if (!state->get_result(state, in_msg->get_dst_id(in_msg), NULL)) + { + create_message(state, out_msg); + } + result = out_msg->send(out_msg, TRUE); } - out_msg = imc_msg_create_as_reply(in_msg); - result = send_message(state, out_msg); out_msg->destroy(out_msg); return result; diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c index e7beca0aa8..d3f6805ad9 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.c +++ b/src/libimcv/plugins/imc_test/imc_test_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -63,6 +63,11 @@ struct private_imc_test_state_t { */ u_int32_t max_msg_len; + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + /** * Command to transmit to IMV */ @@ -130,6 +135,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_test_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_test_state_t *this, TNC_ConnectionState new_state) { @@ -195,6 +206,7 @@ METHOD(imc_state_t, destroy, void, private_imc_test_state_t *this) { this->results->destroy_function(this->results, free); + this->contracts->destroy(this->contracts); free(this->command); free(this); } @@ -261,6 +273,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id, .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -275,6 +288,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id, .state = TNC_CONNECTION_STATE_CREATE, .results = linked_list_create(), .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .command = strdup(command), .dummy_size = dummy_size, .first_handshake = TRUE, diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c index dc8474ac90..24f803d472 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.c +++ b/src/libimcv/plugins/imv_os/imv_os_state.c @@ -75,6 +75,11 @@ struct private_imv_os_state_t { */ imv_session_t *session; + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + /** * IMV action recommendation */ @@ -327,6 +332,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_os_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, get_recommendation, void, private_imv_os_state_t *this, TNC_IMV_Action_Recommendation *rec, TNC_IMV_Evaluation_Result *eval) @@ -461,6 +472,7 @@ METHOD(imv_state_t, destroy, void, DESTROY_IF(this->session); DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); + this->contracts->destroy(this->contracts); this->update_packages->destroy_function(this->update_packages, free); this->remove_packages->destroy_function(this->remove_packages, free); free(this); @@ -571,6 +583,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id) .get_action_flags = _get_action_flags, .set_session = _set_session, .get_session = _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -593,6 +606,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id) .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .update_packages = linked_list_create(), .remove_packages = linked_list_create(), ); diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 24a49a76c5..8f9593f179 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -70,6 +70,11 @@ struct private_imv_scanner_state_t { */ imv_session_t *session; + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + /** * IMV action recommendation */ @@ -211,6 +216,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_scanner_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, change_state, void, private_imv_scanner_state_t *this, TNC_ConnectionState new_state) { @@ -299,6 +310,7 @@ METHOD(imv_state_t, destroy, void, DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute); + this->contracts->destroy(this->contracts); this->violating_ports->destroy_function(this->violating_ports, free); free(this); } @@ -354,6 +366,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .get_action_flags = _get_action_flags, .set_session = _set_session, .get_session= _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -372,6 +385,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id) .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .violating_ports = linked_list_create(), ); diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c index 3564456a8d..c20d00bd10 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.c +++ b/src/libimcv/plugins/imv_test/imv_test_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2013 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -65,6 +65,11 @@ struct private_imv_test_state_t { */ imv_session_t *session; + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + /** * IMV action recommendation */ @@ -162,6 +167,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_test_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, change_state, void, private_imv_test_state_t *this, TNC_ConnectionState new_state) { @@ -220,6 +231,7 @@ METHOD(imv_state_t, destroy, void, { DESTROY_IF(this->session); DESTROY_IF(this->reason_string); + this->contracts->destroy(this->contracts); this->imcs->destroy_function(this->imcs, free); free(this); } @@ -307,6 +319,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id) .get_max_msg_len = _get_max_msg_len, .set_session = _set_session, .get_session = _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -323,6 +336,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id) .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .imcs = linked_list_create(), ); diff --git a/src/libimcv/seg_contract/seg_contract.c b/src/libimcv/seg_contract/seg_contract.c new file mode 100644 index 0000000000..729bcbc34f --- /dev/null +++ b/src/libimcv/seg_contract/seg_contract.c @@ -0,0 +1,245 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "seg_contract.h" + +#include + +#include + +typedef struct private_seg_contract_t private_seg_contract_t; + +/** + * Private data of a seg_contract_t object. + * + */ +struct private_seg_contract_t { + + /** + * Public seg_contract_t interface. + */ + seg_contract_t public; + + /** + * PA-TNC message type + */ + pen_type_t msg_type; + + /** + * Maximum PA-TNC attribute size + */ + uint32_t max_attr_size; + + /** + * Maximum PA-TNC attribute segment size + */ + uint32_t max_seg_size; + + /** + * Is this a null contract? + */ + bool is_null; + + /** + * Contract role + */ + bool is_issuer; + + /** + * Issuer ID (either IMV ID or IMC ID) + */ + TNC_UInt32 issuer_id; + + /** + * IMC/IMV role + */ + bool is_imc; + +}; + +METHOD(seg_contract_t, get_msg_type, pen_type_t, + private_seg_contract_t *this) +{ + return this->msg_type; +} + +METHOD(seg_contract_t, set_max_size, void, + private_seg_contract_t *this, uint32_t max_attr_size, uint32_t max_seg_size) +{ + this->max_attr_size = max_attr_size; + this->max_seg_size = max_seg_size; + this->is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE && + max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE; +} + +METHOD(seg_contract_t, get_max_size, void, + private_seg_contract_t *this, uint32_t *max_attr_size, uint32_t *max_seg_size) +{ + if (max_attr_size) + { + *max_attr_size = this->max_attr_size; + } + if (max_seg_size) + { + *max_seg_size = this->max_seg_size; + } +} + +METHOD(seg_contract_t, is_issuer, bool, + private_seg_contract_t *this) +{ + return this->is_issuer; +} + +METHOD(seg_contract_t, is_null, bool, + private_seg_contract_t *this) +{ + return this->is_null; +} + +METHOD(seg_contract_t, get_info_string, void, + private_seg_contract_t *this, char *buf, size_t len) +{ + enum_name_t *pa_subtype_names; + uint32_t msg_vid, msg_subtype; + char *pos = buf; + int written; + + /* nul-terminate the string buffer */ + buf[--len] = '\0'; + + if (this->is_issuer) + { + written = snprintf(pos, len, "%s %d requests", + this->is_imc ? "IMC" : "IMV", this->issuer_id); + } + else + { + written = snprintf(pos, len, "received"); + } + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + + written = snprintf(pos, len, " a %ssegmentation contract ", + this->is_null ? "null" : ""); + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + + if (!this->is_issuer && this->issuer_id != TNC_IMVID_ANY) + { + written = snprintf(pos, len, "from %s %d ", + this->is_imc ? "IMV" : "IMC", this->issuer_id); + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + } + + msg_vid = this->msg_type.vendor_id; + msg_subtype = this->msg_type.type; + pa_subtype_names = get_pa_subtype_names(msg_vid); + if (pa_subtype_names) + { + written = snprintf(pos, len, "for PA message type '%N/%N' " + "0x%06x/0x%08x", pen_names, msg_vid, + pa_subtype_names, msg_subtype, msg_vid, + msg_subtype); + } + else + { + written = snprintf(pos, len, "for PA message type '%N' " + "0x%06x/0x%08x", pen_names, msg_vid, + msg_vid, msg_subtype); + } + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + + if (!this->is_null) + { + written = snprintf(pos, len, "\n maximum attribute size of %u bytes " + "with ", this->max_attr_size); + if (written < 0 || written > len) + { + return; + } + pos += written; + len -= written; + + if (this->max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE) + { + written = snprintf(pos, len, "no segmentation"); + } + else + { + written = snprintf(pos, len, "maximum segment size of %u bytes", + this->max_seg_size); + } + } +} + +METHOD(seg_contract_t, destroy, void, + private_seg_contract_t *this) +{ + free(this); +} + +/** + * See header + */ +seg_contract_t *seg_contract_create(pen_type_t msg_type, + uint32_t max_attr_size, + uint32_t max_seg_size, + bool is_issuer, TNC_UInt32 issuer_id, + bool is_imc) +{ + private_seg_contract_t *this; + + INIT(this, + .public = { + .get_msg_type = _get_msg_type, + .set_max_size = _set_max_size, + .get_max_size = _get_max_size, + .is_issuer = _is_issuer, + .is_null = _is_null, + .get_info_string = _get_info_string, + .destroy = _destroy, + }, + .msg_type = msg_type, + .max_attr_size = max_attr_size, + .max_seg_size = max_seg_size, + .is_issuer = is_issuer, + .issuer_id = issuer_id, + .is_imc = is_imc, + .is_null = max_attr_size == SEG_CONTRACT_MAX_SIZE_VALUE && + max_seg_size == SEG_CONTRACT_MAX_SIZE_VALUE, + ); + + return &this->public; +} + diff --git a/src/libimcv/seg_contract/seg_contract.h b/src/libimcv/seg_contract/seg_contract.h new file mode 100644 index 0000000000..eaa11428be --- /dev/null +++ b/src/libimcv/seg_contract/seg_contract.h @@ -0,0 +1,110 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup seg_contract seg_contract + * @{ @ingroup libimcv + */ + +#ifndef SEG_CONTRACT_H_ +#define SEG_CONTRACT_H_ + +typedef struct seg_contract_t seg_contract_t; + +#include +#include + +#include + +#define SEG_CONTRACT_MAX_SIZE_VALUE 0xffffffff +#define SEG_CONTRACT_NO_FRAGMENTATION SEG_CONTRACT_MAX_SIZE_VALUE + +/** + * Interface for a PA-TNC attribute segmentation contract + * + */ +struct seg_contract_t { + + /** + * Get the PA-TNC message type. + * + * @return PA-TNC Message type + */ + pen_type_t (*get_msg_type)(seg_contract_t *this); + + /** + * Set maximum PA-TNC attribute and segment size in octets + * + * @param max_attr_size Maximum PA-TNC attribute size in octets + * @param max_seg_size Maximum PA-TNC attribute segment size in octets + */ + void (*set_max_size)(seg_contract_t *this, uint32_t max_attr_size, + uint32_t max_seg_size); + + /** + * Get maximum PA-TNC attribute and segment size in octets + * + * @param max_attr_size Maximum PA-TNC attribute size in octets + * @param max_seg_size Maximum PA-TNC attribute segment size in octets + */ + void (*get_max_size)(seg_contract_t *this, uint32_t *max_attr_size, + uint32_t *max_seg_size); + + /** + * Get contract role + * + * @return TRUE: contracting party (issuer), + * FALSE: contracted party + */ + bool (*is_issuer)(seg_contract_t *this); + + /** + * Is this a null contract ? + * + * @return TRUE if null contract + */ + bool (*is_null)(seg_contract_t *this); + + /** + * Get an info string about the contract + * + * @param buf String buffer of at least size len + * @param len Size of string buffer + */ + void (*get_info_string)(seg_contract_t *this, char *buf, size_t len); + + /** + * Destroys a seg_contract_t object. + */ + void (*destroy)(seg_contract_t *this); +}; + +/** + * Create a PA-TNC attribute segmentation contract + * + * @param msg_type PA-TNC message type + * @param max_attr_size Maximum PA-TNC attribute size in octets + * @param max_seg_size Maximum PA-TNC attribute segment size in octets + * @param is_issuer TRUE if issuer of the contract + * @param issuer_id IMC or IMV ID of issuer + * @param is_imc TRUE if IMC, FALSE if IMV + */ +seg_contract_t* seg_contract_create(pen_type_t msg_type, + uint32_t max_attr_size, + uint32_t max_seg_size, + bool is_issuer, TNC_UInt32 issuer_id, + bool is_imc); + +#endif /** SEG_CONTRACT_H_ @}*/ diff --git a/src/libimcv/seg_contract/seg_contract_manager.c b/src/libimcv/seg_contract/seg_contract_manager.c new file mode 100644 index 0000000000..d099436fc2 --- /dev/null +++ b/src/libimcv/seg_contract/seg_contract_manager.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "seg_contract_manager.h" + +typedef struct private_seg_contract_manager_t private_seg_contract_manager_t; + +/** + * Private data of a seg_contract_manager_t object. + * + */ +struct private_seg_contract_manager_t { + + /** + * Public seg_contract_manager_t interface. + */ + seg_contract_manager_t public; + + /** + * List of PA-TNC segmentation contracts + */ + linked_list_t *contracts; + +}; + +METHOD(seg_contract_manager_t, add_contract, void, + private_seg_contract_manager_t *this, seg_contract_t *contract) +{ + this->contracts->insert_last(this->contracts, contract); +} + +METHOD(seg_contract_manager_t, get_contract, seg_contract_t*, + private_seg_contract_manager_t *this, pen_type_t msg_type, bool is_issuer) +{ + enumerator_t *enumerator; + seg_contract_t *contract, *found = NULL; + + enumerator = this->contracts->create_enumerator(this->contracts); + while (enumerator->enumerate(enumerator, &contract)) + { + if (contract->is_issuer(contract) == is_issuer && + pen_type_equals(contract->get_msg_type(contract), msg_type)) + { + found = contract; + break; + } + } + enumerator->destroy(enumerator); + + return found; +} + +METHOD(seg_contract_manager_t, destroy, void, + private_seg_contract_manager_t *this) +{ + this->contracts->destroy_offset(this->contracts, + offsetof(seg_contract_t, destroy)); + free(this); +} + +/** + * See header + */ +seg_contract_manager_t *seg_contract_manager_create(void) +{ + private_seg_contract_manager_t *this; + + INIT(this, + .public = { + .add_contract = _add_contract, + .get_contract = _get_contract, + .destroy = _destroy, + }, + .contracts = linked_list_create(), + ); + + return &this->public; +} + diff --git a/src/libimcv/seg_contract/seg_contract_manager.h b/src/libimcv/seg_contract/seg_contract_manager.h new file mode 100644 index 0000000000..355822d996 --- /dev/null +++ b/src/libimcv/seg_contract/seg_contract_manager.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup seg_contract_manager seg_contract_manager + * @{ @ingroup libimcv + */ + +#ifndef SEG_CONTRACT_MANAGER_H_ +#define SEG_CONTRACT_MANAGER_H_ + +typedef struct seg_contract_manager_t seg_contract_manager_t; + +#include "seg_contract.h" + +/** + * Interface for a PA-TNC attribute segmentation contract manager + * + */ +struct seg_contract_manager_t { + + /** + * Add segmentation contract + * + * @param contract Segmentation contract to be added + */ + void (*add_contract)(seg_contract_manager_t *this, seg_contract_t *contract); + + /** + * Get segmentation contract + * + * @param msg_type PA-TNC message type governed by contract + * @param is_issuer If TRUE get only issuer contracts + */ + seg_contract_t* (*get_contract)(seg_contract_manager_t *this, + pen_type_t msg_type, bool is_issuer); + + /** + * Destroys a seg_contract_manager_t object. + */ + void (*destroy)(seg_contract_manager_t *this); +}; + +/** + * Create a PA-TNC attribute segmentation contract manager + */ +seg_contract_manager_t* seg_contract_manager_create(); + +#endif /** SEG_CONTRACT_MANAGER_H_ @}*/ diff --git a/src/libpts/Makefile.am b/src/libpts/Makefile.am index ea685d837d..be5c26c503 100644 --- a/src/libpts/Makefile.am +++ b/src/libpts/Makefile.am @@ -69,6 +69,8 @@ libpts_la_SOURCES = \ tcg/pts/tcg_pts_attr_file_meas.h tcg/pts/tcg_pts_attr_file_meas.c \ tcg/pts/tcg_pts_attr_req_file_meta.h tcg/pts/tcg_pts_attr_req_file_meta.c \ tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \ + tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \ + tcg/seg/tcg_seg_attr_seg_env.h \ tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \ tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \ tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libpts/plugins/imc_attestation/imc_attestation.c index 74bbc468f1..f7652f3a31 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation.c @@ -164,13 +164,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) TNC_Result result; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } - out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); @@ -217,7 +220,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) if (result == TNC_RESULT_SUCCESS) { - /* send PA-TNC message with the excl flag set */ + /* send PA-TNC message with the EXCL flag set */ result = out_msg->send(out_msg, TRUE); } out_msg->destroy(out_msg); diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_state.c b/src/libpts/plugins/imc_attestation/imc_attestation_state.c index 4fcbdfa8a7..ea6742f6ae 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation_state.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -65,6 +66,11 @@ struct private_imc_attestation_state_t { */ u_int32_t max_msg_len; + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + /** * PTS object */ @@ -119,6 +125,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_attestation_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_attestation_state_t *this, TNC_ConnectionState new_state) { @@ -151,6 +163,7 @@ METHOD(imc_state_t, destroy, void, offsetof(pts_component_t, destroy)); this->list->destroy_offset(this->list, offsetof(pts_comp_evidence_t, destroy)); + this->contracts->destroy(this->contracts); free(this); } @@ -220,6 +233,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -233,6 +247,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id) .connection_id = connection_id, .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, + .contracts = seg_contract_manager_create(), .pts = pts_create(TRUE), .components = linked_list_create(), .list = linked_list_create(), diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libpts/plugins/imc_swid/imc_swid.c index b8aa922bc5..5da367bd12 100644 --- a/src/libpts/plugins/imc_swid/imc_swid.c +++ b/src/libpts/plugins/imc_swid/imc_swid.c @@ -306,13 +306,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) TNC_Result result; bool fatal_error = FALSE; + /* generate an outgoing PA-TNC message - we might need it */ + out_msg = imc_msg_create_as_reply(in_msg); + /* parse received PA-TNC message and handle local and remote errors */ - result = in_msg->receive(in_msg, &fatal_error); + result = in_msg->receive(in_msg, out_msg, &fatal_error); if (result != TNC_RESULT_SUCCESS) { + out_msg->destroy(out_msg); return result; } - out_msg = imc_msg_create_as_reply(in_msg); /* analyze PA-TNC attributes */ enumerator = in_msg->create_attribute_enumerator(in_msg); @@ -358,6 +361,7 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) } else { + /* send PA-TNC message with the EXCL flag set */ result = out_msg->send(out_msg, TRUE); } out_msg->destroy(out_msg); diff --git a/src/libpts/plugins/imc_swid/imc_swid_state.c b/src/libpts/plugins/imc_swid/imc_swid_state.c index 11f467303a..65c279b3f3 100644 --- a/src/libpts/plugins/imc_swid/imc_swid_state.c +++ b/src/libpts/plugins/imc_swid/imc_swid_state.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -61,6 +61,11 @@ struct private_imc_swid_state_t { */ u_int32_t max_msg_len; + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + /** * Event ID Epoch */ @@ -104,6 +109,12 @@ METHOD(imc_state_t, get_max_msg_len, u_int32_t, return this->max_msg_len; } +METHOD(imc_state_t, get_contracts, seg_contract_manager_t*, + private_imc_swid_state_t *this) +{ + return this->contracts; +} + METHOD(imc_state_t, change_state, void, private_imc_swid_state_t *this, TNC_ConnectionState new_state) { @@ -131,6 +142,7 @@ METHOD(imc_state_t, get_result, bool, METHOD(imc_state_t, destroy, void, private_imc_swid_state_t *this) { + this->contracts->destroy(this->contracts); free(this); } @@ -169,6 +181,7 @@ imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id) .set_flags = _set_flags, .set_max_msg_len = _set_max_msg_len, .get_max_msg_len = _get_max_msg_len, + .get_contracts = _get_contracts, .change_state = _change_state, .set_result = _set_result, .get_result = _get_result, @@ -179,6 +192,7 @@ imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id) .state = TNC_CONNECTION_STATE_CREATE, .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .eid_epoch = eid_epoch, ); diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c index 11afbc29d3..feccb6d28f 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c @@ -75,6 +75,11 @@ struct private_imv_attestation_state_t { */ imv_session_t *session; + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + /** * IMV Attestation handshake state */ @@ -240,6 +245,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_attestation_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, change_state, void, private_imv_attestation_state_t *this, TNC_ConnectionState new_state) { @@ -335,6 +346,7 @@ METHOD(imv_state_t, destroy, void, DESTROY_IF(this->reason_string); this->components->destroy_function(this->components, (void *)free_func_comp); this->pts->destroy(this->pts); + this->contracts->destroy(this->contracts); free(this); } @@ -513,6 +525,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id) .get_action_flags = _get_action_flags, .set_session = _set_session, .get_session = _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -538,6 +551,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id) .handshake_state = IMV_ATTESTATION_STATE_INIT, .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, + .contracts = seg_contract_manager_create(), .components = linked_list_create(), .pts = pts_create(FALSE), ); diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.c b/src/libpts/plugins/imv_swid/imv_swid_agent.c index 3053b26433..b17eb4ad33 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_agent.c +++ b/src/libpts/plugins/imv_swid/imv_swid_agent.c @@ -23,6 +23,8 @@ #include "libpts.h" #include "swid/swid_error.h" #include "swid/swid_inventory.h" +#include "tcg/seg/tcg_seg_attr_max_size.h" +#include "tcg/seg/tcg_seg_attr_seg_env.h" #include "tcg/swid/tcg_swid_attr_req.h" #include "tcg/swid/tcg_swid_attr_tag_inv.h" #include "tcg/swid/tcg_swid_attr_tag_id_inv.h" @@ -43,6 +45,8 @@ typedef struct private_imv_swid_agent_t private_imv_swid_agent_t; +#define SWID_MAX_ATTR_SIZE 1000000000 + /* Subscribed PA-TNC message subtypes */ static pen_type_t msg_types[] = { { PEN_TCG, PA_SUBTYPE_TCG_SWID } @@ -411,6 +415,12 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, if (handshake_state == IMV_SWID_STATE_INIT && session->get_policy_started(session)) { + size_t max_attr_size = SWID_MAX_ATTR_SIZE; + size_t max_seg_size; + seg_contract_t *contract; + seg_contract_manager_t *contracts; + char buf[BUF_LEN]; + enumerator = session->create_workitem_enumerator(session); if (enumerator) { @@ -435,6 +445,25 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, { flags |= TCG_SWID_ATTR_REQ_FLAG_C; } + + /* Determine maximum PA-TNC attribute segment size */ + max_seg_size = state->get_max_msg_len(state) + - PA_TNC_HEADER_SIZE + - PA_TNC_ATTR_HEADER_SIZE + - TCG_SEG_ATTR_SEG_ENV_HEADER; + + /* Announce support of PA-TNC segmentation to IMC */ + contract = seg_contract_create(msg_types[0], max_attr_size, + max_seg_size, TRUE, imv_id, FALSE); + contract->get_info_string(contract, buf, BUF_LEN); + DBG2(DBG_IMV, "%s", buf); + contracts = state->get_contracts(state); + contracts->add_contract(contracts, contract); + attr = tcg_seg_attr_max_size_create(max_attr_size, + max_seg_size, TRUE); + out_msg->add_attribute(out_msg, attr); + + /* Issue a SWID request */ request_id = workitem->get_id(workitem); swid_state->set_request_id(swid_state, request_id); attr = tcg_swid_attr_req_create(flags, request_id, 0); @@ -442,7 +471,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, workitem->set_imv_id(workitem, imv_id); no_workitems = FALSE; DBG2(DBG_IMV, "IMV %d issues SWID request %d", - imv_id, request_id); + imv_id, request_id); break; } enumerator->destroy(enumerator); @@ -688,6 +717,8 @@ imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id, { return NULL; } + agent->add_non_fatal_attr_type(agent, + pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ)); INIT(this, .public = { diff --git a/src/libpts/plugins/imv_swid/imv_swid_state.c b/src/libpts/plugins/imv_swid/imv_swid_state.c index c68b57e4d7..885de62ce5 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_state.c +++ b/src/libpts/plugins/imv_swid/imv_swid_state.c @@ -68,10 +68,15 @@ struct private_imv_swid_state_t { uint32_t action_flags; /** - * IMV database session associatied with TNCCS connection + * IMV database session associated with TNCCS connection */ imv_session_t *session; + /** + * PA-TNC attribute segmentation contracts associated with TNCCS connection + */ + seg_contract_manager_t *contracts; + /** * IMV action recommendation */ @@ -190,6 +195,12 @@ METHOD(imv_state_t, get_session, imv_session_t*, return this->session; } +METHOD(imv_state_t, get_contracts, seg_contract_manager_t*, + private_imv_swid_state_t *this) +{ + return this->contracts; +} + METHOD(imv_state_t, change_state, void, private_imv_swid_state_t *this, TNC_ConnectionState new_state) { @@ -241,6 +252,7 @@ METHOD(imv_state_t, destroy, void, DESTROY_IF(this->session); DESTROY_IF(this->reason_string); DESTROY_IF(this->remediation_string); + this->contracts->destroy(this->contracts); free(this); } @@ -353,6 +365,7 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id) .get_action_flags = _get_action_flags, .set_session = _set_session, .get_session= _get_session, + .get_contracts = _get_contracts, .change_state = _change_state, .get_recommendation = _get_recommendation, .set_recommendation = _set_recommendation, @@ -376,6 +389,7 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id) .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW, .connection_id = connection_id, + .contracts = seg_contract_manager_create(), .jobj = json_object_new_object(), .jarray = json_object_new_array(), ); diff --git a/src/libpts/tcg/seg/tcg_seg_attr_max_size.c b/src/libpts/tcg/seg/tcg_seg_attr_max_size.c new file mode 100644 index 0000000000..8e82314d12 --- /dev/null +++ b/src/libpts/tcg/seg/tcg_seg_attr_max_size.c @@ -0,0 +1,233 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tcg_seg_attr_max_size.h" + +#include +#include +#include +#include + +typedef struct private_tcg_seg_attr_max_size_t private_tcg_seg_attr_max_size_t; + +/** + * Maximum Attribute Size Request/Response + * see TCG IF-M Segmentation Specification + * + * 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Max Attribute Size | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Max Segment Size | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +/** + * Private data of an tcg_seg_attr_max_size_t object. + */ +struct private_tcg_seg_attr_max_size_t { + + /** + * Public members of tcg_seg_attr_max_size_t + */ + tcg_seg_attr_max_size_t public; + + /** + * Vendor-specific attribute type + */ + pen_type_t type; + + /** + * Attribute value + */ + chunk_t value; + + /** + * Noskip flag + */ + bool noskip_flag; + + /** + * Maximum IF-M attribute size in octets + */ + uint32_t max_attr_size; + + /** + * Maximum IF-M attribute segment size in octets + */ + uint32_t max_seg_size; + + /** + * Reference count + */ + refcount_t ref; +}; + +METHOD(pa_tnc_attr_t, get_type, pen_type_t, + private_tcg_seg_attr_max_size_t *this) +{ + return this->type; +} + +METHOD(pa_tnc_attr_t, get_value, chunk_t, + private_tcg_seg_attr_max_size_t *this) +{ + return this->value; +} + +METHOD(pa_tnc_attr_t, get_noskip_flag, bool, + private_tcg_seg_attr_max_size_t *this) +{ + return this->noskip_flag; +} + +METHOD(pa_tnc_attr_t, set_noskip_flag,void, + private_tcg_seg_attr_max_size_t *this, bool noskip) +{ + this->noskip_flag = noskip; +} + +METHOD(pa_tnc_attr_t, build, void, + private_tcg_seg_attr_max_size_t *this) +{ + bio_writer_t *writer; + + if (this->value.ptr) + { + return; + } + writer = bio_writer_create(TCG_SEG_ATTR_MAX_SIZE_SIZE); + writer->write_uint32(writer, this->max_attr_size); + writer->write_uint32(writer, this->max_seg_size); + + this->value = writer->extract_buf(writer); + writer->destroy(writer); +} + +METHOD(pa_tnc_attr_t, process, status_t, + private_tcg_seg_attr_max_size_t *this, u_int32_t *offset) +{ + bio_reader_t *reader; + + if (this->value.len < TCG_SEG_ATTR_MAX_SIZE_SIZE) + { + DBG1(DBG_TNC, "insufficient data for %N", tcg_attr_names, + this->type.type); + *offset = 0; + return FAILED; + } + reader = bio_reader_create(this->value); + reader->read_uint32(reader, &this->max_attr_size); + reader->read_uint32(reader, &this->max_seg_size); + reader->destroy(reader); + + return SUCCESS; +} + +METHOD(pa_tnc_attr_t, destroy, void, + private_tcg_seg_attr_max_size_t *this) +{ + if (ref_put(&this->ref)) + { + free(this->value.ptr); + free(this); + } +} + +METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*, + private_tcg_seg_attr_max_size_t *this) +{ + ref_get(&this->ref); + return &this->public.pa_tnc_attribute; +} + +METHOD(tcg_seg_attr_max_size_t, get_attr_size, void, + private_tcg_seg_attr_max_size_t *this, uint32_t *max_attr_size, + uint32_t *max_seg_size) +{ + if (max_attr_size) + { + *max_attr_size = this->max_attr_size; + } + if (max_seg_size) + { + *max_seg_size = this->max_seg_size; + } +} + +/** + * Described in header. + */ +pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size, + uint32_t max_seg_size, + bool request) +{ + private_tcg_seg_attr_max_size_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_attr_size = _get_attr_size, + }, + .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ : + TCG_SEG_MAX_ATTR_SIZE_RESP }, + .max_attr_size = max_attr_size, + .max_seg_size = max_seg_size, + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} + +/** + * Described in header. + */ +pa_tnc_attr_t *tcg_seg_attr_max_size_create_from_data(chunk_t data, + bool request) +{ + private_tcg_seg_attr_max_size_t *this; + + INIT(this, + .public = { + .pa_tnc_attribute = { + .get_type = _get_type, + .get_value = _get_value, + .get_noskip_flag = _get_noskip_flag, + .set_noskip_flag = _set_noskip_flag, + .build = _build, + .process = _process, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_attr_size = _get_attr_size, + }, + .type = { PEN_TCG, request ? TCG_SEG_MAX_ATTR_SIZE_REQ : + TCG_SEG_MAX_ATTR_SIZE_RESP }, + .value = chunk_clone(data), + .ref = 1, + ); + + return &this->public.pa_tnc_attribute; +} diff --git a/src/libpts/tcg/seg/tcg_seg_attr_max_size.h b/src/libpts/tcg/seg/tcg_seg_attr_max_size.h new file mode 100644 index 0000000000..404e85a011 --- /dev/null +++ b/src/libpts/tcg/seg/tcg_seg_attr_max_size.h @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tcg_seg_attr_max_size tcg_seg_attr_max_size + * @{ @ingroup tcg_attr + */ + +#ifndef TCG_SEG_ATTR_MAX_SIZE_H_ +#define TCG_SEG_ATTR_MAX_SIZE_H_ + +typedef struct tcg_seg_attr_max_size_t tcg_seg_attr_max_size_t; + +#include "tcg/tcg_attr.h" + +#define TCG_SEG_ATTR_MAX_SIZE_SIZE 8 + +/** + * Class implementing the TCG Segmentation Maximum Attribute Size Attribute + */ +struct tcg_seg_attr_max_size_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + + /** + * Get maximum IF-M attribute and segment size in octets + * + * @param max_attr_size Maximum IF-M attribute size in octets + * @param max_seg_size Maximum IF-M attribute segment size in octets + */ + void (*get_attr_size)(tcg_seg_attr_max_size_t *this, + uint32_t *max_attr_size, uint32_t *max_seg_size); + +}; + +/** + * Creates an tcg_seg_attr_max_size_t object + * + * @param max_attr_size Maximum IF-M attribute size in octets + * @param max_seg_size Maximum IF-M attribute segment size in octets + * @param request TRUE for a request, FALSE for a response + */ +pa_tnc_attr_t* tcg_seg_attr_max_size_create(uint32_t max_attr_size, + uint32_t max_seg_size, + bool request); + +/** + * Creates an tcg_seg_attr_max_size_t object from received data + * + * @param value unparsed attribute value + * @param request TRUE for a request, FALSE for a response + */ +pa_tnc_attr_t* tcg_seg_attr_max_size_create_from_data(chunk_t value, + bool request); + +#endif /** TCG_SEG_ATTR_MAX_SIZE_H_ @}*/ diff --git a/src/libpts/tcg/seg/tcg_seg_attr_seg_env.h b/src/libpts/tcg/seg/tcg_seg_attr_seg_env.h new file mode 100644 index 0000000000..84cac8c36d --- /dev/null +++ b/src/libpts/tcg/seg/tcg_seg_attr_seg_env.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tcg_seg_attr_seg_env tcg_seg_attr_seg_env + * @{ @ingroup tcg_attr + */ + +#ifndef TCG_SEG_ATTR_SEG_ENV_H_ +#define TCG_SEG_ATTR_SEG_ENV_H_ + +typedef struct tcg_seg_attr_seg_env_t tcg_seg_attr_seg_env_t; + +#include "tcg/tcg_attr.h" + +#define TCG_SEG_ATTR_SEG_ENV_HEADER 4 + +/** + * Class implementing the TCG Segmentation Envelope Attribute + */ +struct tcg_seg_attr_seg_env_t { + + /** + * Public PA-TNC attribute interface + */ + pa_tnc_attr_t pa_tnc_attribute; + +}; + +/** + * Creates an tcg_seg_attr_seg_env_t object + * + * @param max_attr_size Maximum IF-M attribute size in octets + * @param max_seg_size Maximum IF-M attribute segment size in octets + * @param request TRUE for a request, FALSE for a response + */ +pa_tnc_attr_t* tcg_seg_attr_seg_env_create(chunk_t segment, uint8_t flags); + +/** + * Creates an tcg_seg_attr_seg_env_t object from received data + * + * @param value unparsed attribute value + * @param request TRUE for a request, FALSE for a response + */ +pa_tnc_attr_t* tcg_seg_attr_seg_env_create_from_data(chunk_t value); + +#endif /** TCG_SEG_ATTR_SEG_ENV_H_ @}*/ diff --git a/src/libpts/tcg/tcg_attr.c b/src/libpts/tcg/tcg_attr.c index f9c6c46cf4..064b0ebc9f 100644 --- a/src/libpts/tcg/tcg_attr.c +++ b/src/libpts/tcg/tcg_attr.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2011-2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -33,6 +34,7 @@ #include "tcg/swid/tcg_swid_attr_req.h" #include "tcg/swid/tcg_swid_attr_tag_id_inv.h" #include "tcg/swid/tcg_swid_attr_tag_inv.h" +#include "tcg/seg/tcg_seg_attr_max_size.h" ENUM_BEGIN(tcg_attr_names, TCG_SCAP_REFERENCES, TCG_SCAP_SUMMARY_RESULTS, @@ -50,9 +52,17 @@ ENUM_NEXT(tcg_attr_names, TCG_SWID_REQUEST, "SWID Tag Identifier Events", "SWID Tag Inventory", "SWID Tag Events"); +ENUM_NEXT(tcg_attr_names, TCG_SEG_MAX_ATTR_SIZE_REQ, + TCG_SEG_CANCEL_SEG_EXCH, + TCG_SWID_TAG_EVENTS, + "Max Attribute Size Request", + "Max Attribute Size Response", + "Attribute Segment Envelope", + "Next Segment Request", + "Cancel Segment Exchange"); ENUM_NEXT(tcg_attr_names, TCG_PTS_REQ_FUNC_COMP_EVID, TCG_PTS_REQ_FUNC_COMP_EVID, - TCG_SWID_TAG_EVENTS, + TCG_SEG_CANCEL_SEG_EXCH, "Request Functional Component Evidence"); ENUM_NEXT(tcg_attr_names, TCG_PTS_GEN_ATTEST_EVID, TCG_PTS_GEN_ATTEST_EVID, @@ -181,6 +191,10 @@ pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, chunk_t value) return tcg_swid_attr_tag_id_inv_create_from_data(value); case TCG_SWID_TAG_INVENTORY: return tcg_swid_attr_tag_inv_create_from_data(value); + case TCG_SEG_MAX_ATTR_SIZE_REQ: + return tcg_seg_attr_max_size_create_from_data(value, TRUE); + case TCG_SEG_MAX_ATTR_SIZE_RESP: + return tcg_seg_attr_max_size_create_from_data(value, FALSE); case TCG_PTS_REQ_PROTO_CAPS: return tcg_pts_attr_proto_caps_create_from_data(value, TRUE); case TCG_PTS_PROTO_CAPS: diff --git a/src/libpts/tcg/tcg_attr.h b/src/libpts/tcg/tcg_attr.h index 085dae650a..3964c8cabf 100644 --- a/src/libpts/tcg/tcg_attr.h +++ b/src/libpts/tcg/tcg_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -46,6 +46,13 @@ enum tcg_attr_t { TCG_SWID_TAG_INVENTORY = 0x00000014, TCG_SWID_TAG_EVENTS = 0x00000015, + /* IF-M Attribute Segmentation */ + TCG_SEG_MAX_ATTR_SIZE_REQ = 0x00000021, + TCG_SEG_MAX_ATTR_SIZE_RESP = 0x00000022, + TCG_SEG_ATTR_SEG_ENV = 0x00000023, + TCG_SEG_NEXT_SEG_REQ = 0x00000024, + TCG_SEG_CANCEL_SEG_EXCH = 0x00000025, + /* PTS Protocol Negotiations */ TCG_PTS_REQ_PROTO_CAPS = 0x01000000, TCG_PTS_PROTO_CAPS = 0x02000000,