2 * EAP-TNC - TNCC (IF-IMC and IF-TNCCS)
3 * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
10 #ifndef CONFIG_NATIVE_WINDOWS
12 #endif /* CONFIG_NATIVE_WINDOWS */
17 #include "eap_common/eap_tlv_common.h"
18 #include "eap_common/eap_defs.h"
28 #define TNC_CONFIG_FILE "/etc/tnc_config"
29 #define TNC_WINREG_PATH TEXT("SOFTWARE\\Trusted Computing Group\\TNC\\IMCs")
30 #define IF_TNCCS_START \
31 "<?xml version=\"1.0\"?>\n" \
32 "<TNCCS-Batch BatchId=\"%d\" Recipient=\"TNCS\" " \
33 "xmlns=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/IF_TNCCS#\" " \
34 "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
35 "xsi:schemaLocation=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/" \
36 "IF_TNCCS# https://www.trustedcomputinggroup.org/XML/SCHEMA/TNCCS_1.0.xsd\">\n"
37 #define IF_TNCCS_END "\n</TNCCS-Batch>"
41 typedef unsigned long TNC_UInt32;
42 typedef unsigned char *TNC_BufferReference;
44 typedef TNC_UInt32 TNC_IMCID;
45 typedef TNC_UInt32 TNC_ConnectionID;
46 typedef TNC_UInt32 TNC_ConnectionState;
47 typedef TNC_UInt32 TNC_RetryReason;
48 typedef TNC_UInt32 TNC_MessageType;
49 typedef TNC_MessageType *TNC_MessageTypeList;
50 typedef TNC_UInt32 TNC_VendorID;
51 typedef TNC_UInt32 TNC_MessageSubtype;
52 typedef TNC_UInt32 TNC_Version;
53 typedef TNC_UInt32 TNC_Result;
55 typedef TNC_Result (*TNC_TNCC_BindFunctionPointer)(
58 void **pOutfunctionPointer);
60 #define TNC_RESULT_SUCCESS 0
61 #define TNC_RESULT_NOT_INITIALIZED 1
62 #define TNC_RESULT_ALREADY_INITIALIZED 2
63 #define TNC_RESULT_NO_COMMON_VERSION 3
64 #define TNC_RESULT_CANT_RETRY 4
65 #define TNC_RESULT_WONT_RETRY 5
66 #define TNC_RESULT_INVALID_PARAMETER 6
67 #define TNC_RESULT_CANT_RESPOND 7
68 #define TNC_RESULT_ILLEGAL_OPERATION 8
69 #define TNC_RESULT_OTHER 9
70 #define TNC_RESULT_FATAL 10
72 #define TNC_CONNECTION_STATE_CREATE 0
73 #define TNC_CONNECTION_STATE_HANDSHAKE 1
74 #define TNC_CONNECTION_STATE_ACCESS_ALLOWED 2
75 #define TNC_CONNECTION_STATE_ACCESS_ISOLATED 3
76 #define TNC_CONNECTION_STATE_ACCESS_NONE 4
77 #define TNC_CONNECTION_STATE_DELETE 5
79 #define TNC_IFIMC_VERSION_1 1
81 #define TNC_VENDORID_ANY ((TNC_VendorID) 0xffffff)
82 #define TNC_SUBTYPE_ANY ((TNC_MessageSubtype) 0xff)
84 /* TNCC-TNCS Message Types */
85 #define TNC_TNCCS_RECOMMENDATION 0x00000001
86 #define TNC_TNCCS_ERROR 0x00000002
87 #define TNC_TNCCS_PREFERREDLANGUAGE 0x00000003
88 #define TNC_TNCCS_REASONSTRINGS 0x00000004
91 /* IF-TNCCS-SOH - SSoH and SSoHR Attributes */
93 SSOH_MS_MACHINE_INVENTORY = 1,
94 SSOH_MS_QUARANTINE_STATE = 2,
95 SSOH_MS_PACKET_INFO = 3,
96 SSOH_MS_SYSTEMGENERATED_IDS = 4,
97 SSOH_MS_MACHINENAME = 5,
98 SSOH_MS_CORRELATIONID = 6,
99 SSOH_MS_INSTALLED_SHVS = 7,
100 SSOH_MS_MACHINE_INVENTORY_EX = 8
104 struct tnc_if_imc *next;
107 void *dlhandle; /* from dlopen() */
109 TNC_ConnectionID connectionID;
110 TNC_MessageTypeList supported_types;
111 size_t num_supported_types;
115 /* Functions implemented by IMCs (with TNC_IMC_ prefix) */
116 TNC_Result (*Initialize)(
118 TNC_Version minVersion,
119 TNC_Version maxVersion,
120 TNC_Version *pOutActualVersion);
121 TNC_Result (*NotifyConnectionChange)(
123 TNC_ConnectionID connectionID,
124 TNC_ConnectionState newState);
125 TNC_Result (*BeginHandshake)(
127 TNC_ConnectionID connectionID);
128 TNC_Result (*ReceiveMessage)(
130 TNC_ConnectionID connectionID,
131 TNC_BufferReference messageBuffer,
132 TNC_UInt32 messageLength,
133 TNC_MessageType messageType);
134 TNC_Result (*BatchEnding)(
136 TNC_ConnectionID connectionID);
137 TNC_Result (*Terminate)(TNC_IMCID imcID);
138 TNC_Result (*ProvideBindFunction)(
140 TNC_TNCC_BindFunctionPointer bindFunction);
144 struct tnc_if_imc *imc;
145 unsigned int last_batchid;
148 #define TNC_MAX_IMC_ID 10
149 static struct tnc_if_imc *tnc_imc[TNC_MAX_IMC_ID] = { NULL };
152 /* TNCC functions that IMCs can call */
154 TNC_Result TNC_TNCC_ReportMessageTypes(
156 TNC_MessageTypeList supportedTypes,
157 TNC_UInt32 typeCount)
160 struct tnc_if_imc *imc;
162 wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_ReportMessageTypes(imcID=%lu "
164 (unsigned long) imcID, (unsigned long) typeCount);
166 for (i = 0; i < typeCount; i++) {
167 wpa_printf(MSG_DEBUG, "TNC: supportedTypes[%lu] = %lu",
168 i, supportedTypes[i]);
171 if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
172 return TNC_RESULT_INVALID_PARAMETER;
174 imc = tnc_imc[imcID];
175 os_free(imc->supported_types);
176 imc->supported_types =
177 os_malloc(typeCount * sizeof(TNC_MessageType));
178 if (imc->supported_types == NULL)
179 return TNC_RESULT_FATAL;
180 os_memcpy(imc->supported_types, supportedTypes,
181 typeCount * sizeof(TNC_MessageType));
182 imc->num_supported_types = typeCount;
184 return TNC_RESULT_SUCCESS;
188 TNC_Result TNC_TNCC_SendMessage(
190 TNC_ConnectionID connectionID,
191 TNC_BufferReference message,
192 TNC_UInt32 messageLength,
193 TNC_MessageType messageType)
195 struct tnc_if_imc *imc;
199 wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage(imcID=%lu "
200 "connectionID=%lu messageType=%lu)",
201 imcID, connectionID, messageType);
202 wpa_hexdump_ascii(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage",
203 message, messageLength);
205 if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
206 return TNC_RESULT_INVALID_PARAMETER;
208 b64 = base64_encode(message, messageLength, &b64len);
210 return TNC_RESULT_FATAL;
212 imc = tnc_imc[imcID];
213 os_free(imc->imc_send);
214 imc->imc_send_len = 0;
215 imc->imc_send = os_zalloc(b64len + 100);
216 if (imc->imc_send == NULL) {
218 return TNC_RESULT_OTHER;
222 os_snprintf((char *) imc->imc_send, b64len + 100,
223 "<IMC-IMV-Message><Type>%08X</Type>"
224 "<Base64>%s</Base64></IMC-IMV-Message>",
225 (unsigned int) messageType, b64);
229 return TNC_RESULT_SUCCESS;
233 TNC_Result TNC_TNCC_RequestHandshakeRetry(
235 TNC_ConnectionID connectionID,
236 TNC_RetryReason reason)
238 wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_RequestHandshakeRetry");
240 if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
241 return TNC_RESULT_INVALID_PARAMETER;
244 * TODO: trigger a call to eapol_sm_request_reauth(). This would
245 * require that the IMC continues to be loaded in memory afer
249 return TNC_RESULT_SUCCESS;
253 TNC_Result TNC_9048_LogMessage(TNC_IMCID imcID, TNC_UInt32 severity,
256 wpa_printf(MSG_DEBUG, "TNC: TNC_9048_LogMessage(imcID=%lu "
257 "severity==%lu message='%s')",
258 imcID, severity, message);
259 return TNC_RESULT_SUCCESS;
263 TNC_Result TNC_9048_UserMessage(TNC_IMCID imcID, TNC_ConnectionID connectionID,
266 wpa_printf(MSG_DEBUG, "TNC: TNC_9048_UserMessage(imcID=%lu "
267 "connectionID==%lu message='%s')",
268 imcID, connectionID, message);
269 return TNC_RESULT_SUCCESS;
273 TNC_Result TNC_TNCC_BindFunction(
276 void **pOutfunctionPointer)
278 wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_BindFunction(imcID=%lu, "
279 "functionName='%s')", (unsigned long) imcID, functionName);
281 if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
282 return TNC_RESULT_INVALID_PARAMETER;
284 if (pOutfunctionPointer == NULL)
285 return TNC_RESULT_INVALID_PARAMETER;
287 if (os_strcmp(functionName, "TNC_TNCC_ReportMessageTypes") == 0)
288 *pOutfunctionPointer = TNC_TNCC_ReportMessageTypes;
289 else if (os_strcmp(functionName, "TNC_TNCC_SendMessage") == 0)
290 *pOutfunctionPointer = TNC_TNCC_SendMessage;
291 else if (os_strcmp(functionName, "TNC_TNCC_RequestHandshakeRetry") ==
293 *pOutfunctionPointer = TNC_TNCC_RequestHandshakeRetry;
294 else if (os_strcmp(functionName, "TNC_9048_LogMessage") == 0)
295 *pOutfunctionPointer = TNC_9048_LogMessage;
296 else if (os_strcmp(functionName, "TNC_9048_UserMessage") == 0)
297 *pOutfunctionPointer = TNC_9048_UserMessage;
299 *pOutfunctionPointer = NULL;
301 return TNC_RESULT_SUCCESS;
305 static void * tncc_get_sym(void *handle, char *func)
309 #ifdef CONFIG_NATIVE_WINDOWS
311 fptr = GetProcAddressA(handle, func);
312 #else /* _WIN32_WCE */
313 fptr = GetProcAddress(handle, func);
314 #endif /* _WIN32_WCE */
315 #else /* CONFIG_NATIVE_WINDOWS */
316 fptr = dlsym(handle, func);
317 #endif /* CONFIG_NATIVE_WINDOWS */
323 static int tncc_imc_resolve_funcs(struct tnc_if_imc *imc)
325 void *handle = imc->dlhandle;
327 /* Mandatory IMC functions */
328 imc->Initialize = tncc_get_sym(handle, "TNC_IMC_Initialize");
329 if (imc->Initialize == NULL) {
330 wpa_printf(MSG_ERROR, "TNC: IMC does not export "
331 "TNC_IMC_Initialize");
335 imc->BeginHandshake = tncc_get_sym(handle, "TNC_IMC_BeginHandshake");
336 if (imc->BeginHandshake == NULL) {
337 wpa_printf(MSG_ERROR, "TNC: IMC does not export "
338 "TNC_IMC_BeginHandshake");
342 imc->ProvideBindFunction =
343 tncc_get_sym(handle, "TNC_IMC_ProvideBindFunction");
344 if (imc->ProvideBindFunction == NULL) {
345 wpa_printf(MSG_ERROR, "TNC: IMC does not export "
346 "TNC_IMC_ProvideBindFunction");
350 /* Optional IMC functions */
351 imc->NotifyConnectionChange =
352 tncc_get_sym(handle, "TNC_IMC_NotifyConnectionChange");
353 imc->ReceiveMessage = tncc_get_sym(handle, "TNC_IMC_ReceiveMessage");
354 imc->BatchEnding = tncc_get_sym(handle, "TNC_IMC_BatchEnding");
355 imc->Terminate = tncc_get_sym(handle, "TNC_IMC_Terminate");
361 static int tncc_imc_initialize(struct tnc_if_imc *imc)
366 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Initialize for IMC '%s'",
368 res = imc->Initialize(imc->imcID, TNC_IFIMC_VERSION_1,
369 TNC_IFIMC_VERSION_1, &imc_ver);
370 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Initialize: res=%lu imc_ver=%lu",
371 (unsigned long) res, (unsigned long) imc_ver);
373 return res == TNC_RESULT_SUCCESS ? 0 : -1;
377 static int tncc_imc_terminate(struct tnc_if_imc *imc)
381 if (imc->Terminate == NULL)
384 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Terminate for IMC '%s'",
386 res = imc->Terminate(imc->imcID);
387 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Terminate: %lu",
388 (unsigned long) res);
390 return res == TNC_RESULT_SUCCESS ? 0 : -1;
394 static int tncc_imc_provide_bind_function(struct tnc_if_imc *imc)
398 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_ProvideBindFunction for "
399 "IMC '%s'", imc->name);
400 res = imc->ProvideBindFunction(imc->imcID, TNC_TNCC_BindFunction);
401 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_ProvideBindFunction: res=%lu",
402 (unsigned long) res);
404 return res == TNC_RESULT_SUCCESS ? 0 : -1;
408 static int tncc_imc_notify_connection_change(struct tnc_if_imc *imc,
409 TNC_ConnectionState state)
413 if (imc->NotifyConnectionChange == NULL)
416 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_NotifyConnectionChange(%d)"
417 " for IMC '%s'", (int) state, imc->name);
418 res = imc->NotifyConnectionChange(imc->imcID, imc->connectionID,
420 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_NotifyConnectionChange: %lu",
421 (unsigned long) res);
423 return res == TNC_RESULT_SUCCESS ? 0 : -1;
427 static int tncc_imc_begin_handshake(struct tnc_if_imc *imc)
431 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_BeginHandshake for IMC "
433 res = imc->BeginHandshake(imc->imcID, imc->connectionID);
434 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_BeginHandshake: %lu",
435 (unsigned long) res);
437 return res == TNC_RESULT_SUCCESS ? 0 : -1;
441 static int tncc_load_imc(struct tnc_if_imc *imc)
443 if (imc->path == NULL) {
444 wpa_printf(MSG_DEBUG, "TNC: No IMC configured");
448 wpa_printf(MSG_DEBUG, "TNC: Opening IMC: %s (%s)",
449 imc->name, imc->path);
450 #ifdef CONFIG_NATIVE_WINDOWS
453 TCHAR *lib = wpa_strdup_tchar(imc->path);
456 imc->dlhandle = LoadLibrary(lib);
460 imc->dlhandle = LoadLibrary(imc->path);
462 if (imc->dlhandle == NULL) {
463 wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %d",
464 imc->name, imc->path, (int) GetLastError());
467 #else /* CONFIG_NATIVE_WINDOWS */
468 imc->dlhandle = dlopen(imc->path, RTLD_LAZY);
469 if (imc->dlhandle == NULL) {
470 wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %s",
471 imc->name, imc->path, dlerror());
474 #endif /* CONFIG_NATIVE_WINDOWS */
476 if (tncc_imc_resolve_funcs(imc) < 0) {
477 wpa_printf(MSG_ERROR, "TNC: Failed to resolve IMC functions");
481 if (tncc_imc_initialize(imc) < 0 ||
482 tncc_imc_provide_bind_function(imc) < 0) {
483 wpa_printf(MSG_ERROR, "TNC: Failed to initialize IMC");
491 static void tncc_unload_imc(struct tnc_if_imc *imc)
493 tncc_imc_terminate(imc);
494 tnc_imc[imc->imcID] = NULL;
497 #ifdef CONFIG_NATIVE_WINDOWS
498 FreeLibrary(imc->dlhandle);
499 #else /* CONFIG_NATIVE_WINDOWS */
500 dlclose(imc->dlhandle);
501 #endif /* CONFIG_NATIVE_WINDOWS */
505 os_free(imc->supported_types);
506 os_free(imc->imc_send);
510 static int tncc_supported_type(struct tnc_if_imc *imc, unsigned int type)
513 unsigned int vendor, subtype;
515 if (imc == NULL || imc->supported_types == NULL)
519 subtype = type & 0xff;
521 for (i = 0; i < imc->num_supported_types; i++) {
522 unsigned int svendor, ssubtype;
523 svendor = imc->supported_types[i] >> 8;
524 ssubtype = imc->supported_types[i] & 0xff;
525 if ((vendor == svendor || svendor == TNC_VENDORID_ANY) &&
526 (subtype == ssubtype || ssubtype == TNC_SUBTYPE_ANY))
534 static void tncc_send_to_imcs(struct tncc_data *tncc, unsigned int type,
535 const u8 *msg, size_t len)
537 struct tnc_if_imc *imc;
540 wpa_hexdump_ascii(MSG_MSGDUMP, "TNC: Message to IMC(s)", msg, len);
542 for (imc = tncc->imc; imc; imc = imc->next) {
543 if (imc->ReceiveMessage == NULL ||
544 !tncc_supported_type(imc, type))
547 wpa_printf(MSG_DEBUG, "TNC: Call ReceiveMessage for IMC '%s'",
549 res = imc->ReceiveMessage(imc->imcID, imc->connectionID,
550 (TNC_BufferReference) msg, len,
552 wpa_printf(MSG_DEBUG, "TNC: ReceiveMessage: %lu",
553 (unsigned long) res);
558 void tncc_init_connection(struct tncc_data *tncc)
560 struct tnc_if_imc *imc;
562 for (imc = tncc->imc; imc; imc = imc->next) {
563 tncc_imc_notify_connection_change(
564 imc, TNC_CONNECTION_STATE_CREATE);
565 tncc_imc_notify_connection_change(
566 imc, TNC_CONNECTION_STATE_HANDSHAKE);
568 os_free(imc->imc_send);
569 imc->imc_send = NULL;
570 imc->imc_send_len = 0;
572 tncc_imc_begin_handshake(imc);
577 size_t tncc_total_send_len(struct tncc_data *tncc)
579 struct tnc_if_imc *imc;
582 for (imc = tncc->imc; imc; imc = imc->next)
583 len += imc->imc_send_len;
588 u8 * tncc_copy_send_buf(struct tncc_data *tncc, u8 *pos)
590 struct tnc_if_imc *imc;
592 for (imc = tncc->imc; imc; imc = imc->next) {
593 if (imc->imc_send == NULL)
596 os_memcpy(pos, imc->imc_send, imc->imc_send_len);
597 pos += imc->imc_send_len;
598 os_free(imc->imc_send);
599 imc->imc_send = NULL;
600 imc->imc_send_len = 0;
607 char * tncc_if_tnccs_start(struct tncc_data *tncc)
609 char *buf = os_malloc(1000);
612 tncc->last_batchid++;
613 os_snprintf(buf, 1000, IF_TNCCS_START, tncc->last_batchid);
618 char * tncc_if_tnccs_end(void)
620 char *buf = os_malloc(100);
623 os_snprintf(buf, 100, IF_TNCCS_END);
628 static void tncc_notify_recommendation(struct tncc_data *tncc,
629 enum tncc_process_res res)
631 TNC_ConnectionState state;
632 struct tnc_if_imc *imc;
635 case TNCCS_RECOMMENDATION_ALLOW:
636 state = TNC_CONNECTION_STATE_ACCESS_ALLOWED;
638 case TNCCS_RECOMMENDATION_NONE:
639 state = TNC_CONNECTION_STATE_ACCESS_NONE;
641 case TNCCS_RECOMMENDATION_ISOLATE:
642 state = TNC_CONNECTION_STATE_ACCESS_ISOLATED;
645 state = TNC_CONNECTION_STATE_ACCESS_NONE;
649 for (imc = tncc->imc; imc; imc = imc->next)
650 tncc_imc_notify_connection_change(imc, state);
654 static int tncc_get_type(char *start, unsigned int *type)
656 char *pos = os_strstr(start, "<Type>");
660 *type = strtoul(pos, NULL, 16);
665 static unsigned char * tncc_get_base64(char *start, size_t *decoded_len)
668 unsigned char *decoded;
670 pos = os_strstr(start, "<Base64>");
675 pos2 = os_strstr(pos, "</Base64>");
680 decoded = base64_decode((unsigned char *) pos, os_strlen(pos),
683 if (decoded == NULL) {
684 wpa_printf(MSG_DEBUG, "TNC: Failed to decode Base64 data");
691 static enum tncc_process_res tncc_get_recommendation(char *start)
693 char *pos, *pos2, saved;
696 pos = os_strstr(start, "<TNCCS-Recommendation ");
698 return TNCCS_RECOMMENDATION_ERROR;
701 pos = os_strstr(pos, " type=");
703 return TNCCS_RECOMMENDATION_ERROR;
710 while (*pos2 != '\0' && *pos2 != '"' && *pos2 != '>')
714 return TNCCS_RECOMMENDATION_ERROR;
718 wpa_printf(MSG_DEBUG, "TNC: TNCCS-Recommendation: '%s'", pos);
720 recom = TNCCS_RECOMMENDATION_ERROR;
721 if (os_strcmp(pos, "allow") == 0)
722 recom = TNCCS_RECOMMENDATION_ALLOW;
723 else if (os_strcmp(pos, "none") == 0)
724 recom = TNCCS_RECOMMENDATION_NONE;
725 else if (os_strcmp(pos, "isolate") == 0)
726 recom = TNCCS_RECOMMENDATION_ISOLATE;
734 enum tncc_process_res tncc_process_if_tnccs(struct tncc_data *tncc,
735 const u8 *msg, size_t len)
737 char *buf, *start, *end, *pos, *pos2, *payload;
738 unsigned int batch_id;
739 unsigned char *decoded;
741 enum tncc_process_res res = TNCCS_PROCESS_OK_NO_RECOMMENDATION;
742 int recommendation_msg = 0;
744 buf = dup_binstr(msg, len);
746 return TNCCS_PROCESS_ERROR;
748 start = os_strstr(buf, "<TNCCS-Batch ");
749 end = os_strstr(buf, "</TNCCS-Batch>");
750 if (start == NULL || end == NULL || start > end) {
752 return TNCCS_PROCESS_ERROR;
756 while (*start == ' ')
760 pos = os_strstr(start, "BatchId=");
763 return TNCCS_PROCESS_ERROR;
769 batch_id = atoi(pos);
770 wpa_printf(MSG_DEBUG, "TNC: Received IF-TNCCS BatchId=%u",
772 if (batch_id != tncc->last_batchid + 1) {
773 wpa_printf(MSG_DEBUG, "TNC: Unexpected IF-TNCCS BatchId "
775 batch_id, tncc->last_batchid + 1);
777 return TNCCS_PROCESS_ERROR;
779 tncc->last_batchid = batch_id;
781 while (*pos != '\0' && *pos != '>')
785 return TNCCS_PROCESS_ERROR;
792 * <Type>01234567</Type>
793 * <Base64>foo==</Base64>
801 pos = os_strstr(start, "<IMC-IMV-Message>");
805 end = os_strstr(start, "</IMC-IMV-Message>");
812 if (tncc_get_type(start, &type) < 0) {
817 wpa_printf(MSG_DEBUG, "TNC: IMC-IMV-Message Type 0x%x", type);
819 decoded = tncc_get_base64(start, &decoded_len);
820 if (decoded == NULL) {
826 tncc_send_to_imcs(tncc, type, decoded, decoded_len);
834 * <TNCC-TNCS-Message>
835 * <Type>01234567</Type>
836 * <XML><TNCCS-Foo type="foo"></TNCCS-Foo></XML>
837 * <Base64>foo==</Base64>
838 * </TNCC-TNCS-Message>
844 char *xml, *xmlend, *endpos;
846 pos = os_strstr(start, "<TNCC-TNCS-Message>");
850 end = os_strstr(start, "</TNCC-TNCS-Message>");
857 if (tncc_get_type(start, &type) < 0) {
862 wpa_printf(MSG_DEBUG, "TNC: TNCC-TNCS-Message Type 0x%x",
869 pos = os_strstr(start, "<XML>");
872 pos2 = os_strstr(pos, "</XML>");
881 decoded = tncc_get_base64(start, &decoded_len);
882 if (decoded == NULL) {
890 wpa_hexdump_ascii(MSG_MSGDUMP,
891 "TNC: TNCC-TNCS-Message Base64",
892 decoded, decoded_len);
897 wpa_hexdump_ascii(MSG_MSGDUMP,
898 "TNC: TNCC-TNCS-Message XML",
899 (unsigned char *) xml,
903 if (type == TNC_TNCCS_RECOMMENDATION && xml) {
905 * <TNCCS-Recommendation type="allow">
906 * </TNCCS-Recommendation>
909 res = tncc_get_recommendation(xml);
911 recommendation_msg = 1;
919 if (recommendation_msg)
920 tncc_notify_recommendation(tncc, res);
926 #ifdef CONFIG_NATIVE_WINDOWS
927 static int tncc_read_config_reg(struct tncc_data *tncc, HKEY hive)
932 struct tnc_if_imc *imc, *last;
936 while (last && last->next)
939 ret = RegOpenKeyEx(hive, TNC_WINREG_PATH, 0, KEY_ENUMERATE_SUB_KEYS,
941 if (ret != ERROR_SUCCESS)
945 TCHAR name[255], *val;
946 DWORD namelen, buflen;
949 ret = RegEnumKeyEx(hk, i, name, &namelen, NULL, NULL, NULL,
952 if (ret == ERROR_NO_MORE_ITEMS)
955 if (ret != ERROR_SUCCESS) {
956 wpa_printf(MSG_DEBUG, "TNC: RegEnumKeyEx failed: 0x%x",
963 name[namelen] = '\0';
965 wpa_printf(MSG_DEBUG, "TNC: IMC '" TSTR "'", name);
967 ret = RegOpenKeyEx(hk, name, 0, KEY_QUERY_VALUE, &hk2);
968 if (ret != ERROR_SUCCESS) {
969 wpa_printf(MSG_DEBUG, "Could not open IMC key '" TSTR
974 ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL, NULL,
976 if (ret != ERROR_SUCCESS) {
977 wpa_printf(MSG_DEBUG, "TNC: Could not read Path from "
978 "IMC key '" TSTR "'", name);
983 val = os_malloc(buflen);
989 ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL,
990 (LPBYTE) val, &buflen);
991 if (ret != ERROR_SUCCESS) {
999 wpa_unicode2ascii_inplace(val);
1000 wpa_printf(MSG_DEBUG, "TNC: IMC Path '%s'", (char *) val);
1002 for (j = 0; j < TNC_MAX_IMC_ID; j++) {
1003 if (tnc_imc[j] == NULL)
1006 if (j >= TNC_MAX_IMC_ID) {
1007 wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
1012 imc = os_zalloc(sizeof(*imc));
1020 wpa_unicode2ascii_inplace(name);
1021 imc->name = os_strdup((char *) name);
1022 imc->path = os_strdup((char *) val);
1032 tnc_imc[imc->imcID] = imc;
1041 static int tncc_read_config(struct tncc_data *tncc)
1043 if (tncc_read_config_reg(tncc, HKEY_LOCAL_MACHINE) < 0 ||
1044 tncc_read_config_reg(tncc, HKEY_CURRENT_USER) < 0)
1049 #else /* CONFIG_NATIVE_WINDOWS */
1051 static struct tnc_if_imc * tncc_parse_imc(char *start, char *end, int *error)
1053 struct tnc_if_imc *imc;
1057 for (i = 0; i < TNC_MAX_IMC_ID; i++) {
1058 if (tnc_imc[i] == NULL)
1061 if (i >= TNC_MAX_IMC_ID) {
1062 wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
1066 imc = os_zalloc(sizeof(*imc));
1075 wpa_printf(MSG_DEBUG, "TNC: Configured IMC: %s", pos);
1076 if (pos + 1 >= end || *pos != '"') {
1077 wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1078 "(no starting quotation mark)", start);
1085 while (pos2 < end && *pos2 != '"')
1088 wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1089 "(no ending quotation mark)", start);
1094 wpa_printf(MSG_DEBUG, "TNC: Name: '%s'", pos);
1095 imc->name = os_strdup(pos);
1098 if (pos >= end || *pos != ' ') {
1099 wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1100 "(no space after name)", start);
1107 wpa_printf(MSG_DEBUG, "TNC: IMC file: '%s'", pos);
1108 imc->path = os_strdup(pos);
1109 tnc_imc[imc->imcID] = imc;
1115 static int tncc_read_config(struct tncc_data *tncc)
1117 char *config, *end, *pos, *line_end;
1119 struct tnc_if_imc *imc, *last;
1123 config = os_readfile(TNC_CONFIG_FILE, &config_len);
1124 if (config == NULL) {
1125 wpa_printf(MSG_ERROR, "TNC: Could not open TNC configuration "
1126 "file '%s'", TNC_CONFIG_FILE);
1130 end = config + config_len;
1131 for (pos = config; pos < end; pos = line_end + 1) {
1133 while (*line_end != '\n' && *line_end != '\r' &&
1138 if (os_strncmp(pos, "IMC ", 4) == 0) {
1141 imc = tncc_parse_imc(pos + 4, line_end, &error);
1159 #endif /* CONFIG_NATIVE_WINDOWS */
1162 struct tncc_data * tncc_init(void)
1164 struct tncc_data *tncc;
1165 struct tnc_if_imc *imc;
1167 tncc = os_zalloc(sizeof(*tncc));
1172 * move loading and Initialize() to a location that is not
1173 * re-initialized for every EAP-TNC session (?)
1176 if (tncc_read_config(tncc) < 0) {
1177 wpa_printf(MSG_ERROR, "TNC: Failed to read TNC configuration");
1181 for (imc = tncc->imc; imc; imc = imc->next) {
1182 if (tncc_load_imc(imc)) {
1183 wpa_printf(MSG_ERROR, "TNC: Failed to load IMC '%s'",
1197 void tncc_deinit(struct tncc_data *tncc)
1199 struct tnc_if_imc *imc, *prev;
1203 tncc_unload_imc(imc);
1214 static struct wpabuf * tncc_build_soh(int ver)
1217 u8 *tlv_len, *tlv_len2, *outer_len, *inner_len, *ssoh_len, *end;
1218 u8 correlation_id[24];
1219 /* TODO: get correct name */
1220 char *machinename = "wpa_supplicant@w1.fi";
1222 if (os_get_random(correlation_id, sizeof(correlation_id)))
1224 wpa_hexdump(MSG_DEBUG, "TNC: SoH Correlation ID",
1225 correlation_id, sizeof(correlation_id));
1227 buf = wpabuf_alloc(200);
1231 /* Vendor-Specific TLV (Microsoft) - SoH */
1232 wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* TLV Type */
1233 tlv_len = wpabuf_put(buf, 2); /* Length */
1234 wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* Vendor_Id */
1235 wpabuf_put_be16(buf, 0x01); /* TLV Type - SoH TLV */
1236 tlv_len2 = wpabuf_put(buf, 2); /* Length */
1239 wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* Outer Type */
1240 outer_len = wpabuf_put(buf, 2);
1241 wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1242 wpabuf_put_be16(buf, ver); /* Inner Type */
1243 inner_len = wpabuf_put(buf, 2);
1246 /* SoH Mode Sub-Header */
1248 wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
1249 wpabuf_put_be16(buf, 4 + 24 + 1 + 1); /* Length */
1250 wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1252 wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
1253 wpabuf_put_u8(buf, 0x01); /* Intent Flag - Request */
1254 wpabuf_put_u8(buf, 0x00); /* Content-Type Flag */
1258 /* System-Health-Id */
1259 wpabuf_put_be16(buf, 0x0002); /* Type */
1260 wpabuf_put_be16(buf, 4); /* Length */
1261 wpabuf_put_be32(buf, 79616);
1262 /* Vendor-Specific Attribute */
1263 wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
1264 ssoh_len = wpabuf_put(buf, 2);
1265 wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1267 /* MS-Packet-Info */
1268 wpabuf_put_u8(buf, SSOH_MS_PACKET_INFO);
1269 /* Note: IF-TNCCS-SOH v1.0 r8 claims this field to be:
1270 * Reserved(4 bits) r(1 bit) Vers(3 bits), but Windows XP
1271 * SP3 seems to be sending 0x11 for SSoH, i.e., r(request/response) bit
1272 * would not be in the specified location.
1273 * [MS-SOH] 4.0.2: Reserved(3 bits) r(1 bit) Vers(4 bits)
1275 wpabuf_put_u8(buf, 0x11); /* r=request, vers=1 */
1277 /* MS-Machine-Inventory */
1278 /* TODO: get correct values; 0 = not applicable for OS */
1279 wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY);
1280 wpabuf_put_be32(buf, 0); /* osVersionMajor */
1281 wpabuf_put_be32(buf, 0); /* osVersionMinor */
1282 wpabuf_put_be32(buf, 0); /* osVersionBuild */
1283 wpabuf_put_be16(buf, 0); /* spVersionMajor */
1284 wpabuf_put_be16(buf, 0); /* spVersionMinor */
1285 wpabuf_put_be16(buf, 0); /* procArch */
1287 /* MS-MachineName */
1288 wpabuf_put_u8(buf, SSOH_MS_MACHINENAME);
1289 wpabuf_put_be16(buf, os_strlen(machinename) + 1);
1290 wpabuf_put_data(buf, machinename, os_strlen(machinename) + 1);
1292 /* MS-CorrelationId */
1293 wpabuf_put_u8(buf, SSOH_MS_CORRELATIONID);
1294 wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
1296 /* MS-Quarantine-State */
1297 wpabuf_put_u8(buf, SSOH_MS_QUARANTINE_STATE);
1298 wpabuf_put_be16(buf, 1); /* Flags: ExtState=0, f=0, qState=1 */
1299 wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (hi) */
1300 wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (lo) */
1301 wpabuf_put_be16(buf, 1); /* urlLenInBytes */
1302 wpabuf_put_u8(buf, 0); /* null termination for the url */
1304 /* MS-Machine-Inventory-Ex */
1305 wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY_EX);
1306 wpabuf_put_be32(buf, 0); /* Reserved
1307 * (note: Windows XP SP3 uses 0xdecafbad) */
1308 wpabuf_put_u8(buf, 1); /* ProductType: Client */
1310 /* Update SSoH Length */
1311 end = wpabuf_put(buf, 0);
1312 WPA_PUT_BE16(ssoh_len, end - ssoh_len - 2);
1314 /* TODO: SoHReportEntry TLV (zero or more) */
1316 /* Update length fields */
1317 end = wpabuf_put(buf, 0);
1318 WPA_PUT_BE16(tlv_len, end - tlv_len - 2);
1319 WPA_PUT_BE16(tlv_len2, end - tlv_len2 - 2);
1320 WPA_PUT_BE16(outer_len, end - outer_len - 2);
1321 WPA_PUT_BE16(inner_len, end - inner_len - 2);
1327 struct wpabuf * tncc_process_soh_request(int ver, const u8 *data, size_t len)
1331 wpa_hexdump(MSG_DEBUG, "TNC: SoH Request", data, len);
1340 if (WPA_GET_BE16(pos) != EAP_TLV_VENDOR_SPECIFIC_TLV)
1345 if (WPA_GET_BE16(pos) < 8)
1350 if (WPA_GET_BE32(pos) != EAP_VENDOR_MICROSOFT)
1355 if (WPA_GET_BE16(pos) != 0x02 /* SoH request TLV */)
1358 wpa_printf(MSG_DEBUG, "TNC: SoH Request TLV received");
1360 return tncc_build_soh(2);
tuxillo's projects / dragonfly.git / blob