2 * EAP-TNC - TNCC (IF-IMC and IF-TNCCS)
3 * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
16 #ifndef CONFIG_NATIVE_WINDOWS
18 #endif /* CONFIG_NATIVE_WINDOWS */
23 #include "eap_common/eap_tlv_common.h"
24 #include "eap_common/eap_defs.h"
34 #define TNC_CONFIG_FILE "/etc/tnc_config"
35 #define TNC_WINREG_PATH TEXT("SOFTWARE\\Trusted Computing Group\\TNC\\IMCs")
36 #define IF_TNCCS_START \
37 "<?xml version=\"1.0\"?>\n" \
38 "<TNCCS-Batch BatchId=\"%d\" Recipient=\"TNCS\" " \
39 "xmlns=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/IF_TNCCS#\" " \
40 "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
41 "xsi:schemaLocation=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/" \
42 "IF_TNCCS#https://www.trustedcomputinggroup.org/XML/SCHEMA/TNCCS_1.0.xsd\">\n"
43 #define IF_TNCCS_END "\n</TNCCS-Batch>"
47 typedef unsigned long TNC_UInt32;
48 typedef unsigned char *TNC_BufferReference;
50 typedef TNC_UInt32 TNC_IMCID;
51 typedef TNC_UInt32 TNC_ConnectionID;
52 typedef TNC_UInt32 TNC_ConnectionState;
53 typedef TNC_UInt32 TNC_RetryReason;
54 typedef TNC_UInt32 TNC_MessageType;
55 typedef TNC_MessageType *TNC_MessageTypeList;
56 typedef TNC_UInt32 TNC_VendorID;
57 typedef TNC_UInt32 TNC_MessageSubtype;
58 typedef TNC_UInt32 TNC_Version;
59 typedef TNC_UInt32 TNC_Result;
61 typedef TNC_Result (*TNC_TNCC_BindFunctionPointer)(
64 void **pOutfunctionPointer);
66 #define TNC_RESULT_SUCCESS 0
67 #define TNC_RESULT_NOT_INITIALIZED 1
68 #define TNC_RESULT_ALREADY_INITIALIZED 2
69 #define TNC_RESULT_NO_COMMON_VERSION 3
70 #define TNC_RESULT_CANT_RETRY 4
71 #define TNC_RESULT_WONT_RETRY 5
72 #define TNC_RESULT_INVALID_PARAMETER 6
73 #define TNC_RESULT_CANT_RESPOND 7
74 #define TNC_RESULT_ILLEGAL_OPERATION 8
75 #define TNC_RESULT_OTHER 9
76 #define TNC_RESULT_FATAL 10
78 #define TNC_CONNECTION_STATE_CREATE 0
79 #define TNC_CONNECTION_STATE_HANDSHAKE 1
80 #define TNC_CONNECTION_STATE_ACCESS_ALLOWED 2
81 #define TNC_CONNECTION_STATE_ACCESS_ISOLATED 3
82 #define TNC_CONNECTION_STATE_ACCESS_NONE 4
83 #define TNC_CONNECTION_STATE_DELETE 5
85 #define TNC_IFIMC_VERSION_1 1
87 #define TNC_VENDORID_ANY ((TNC_VendorID) 0xffffff)
88 #define TNC_SUBTYPE_ANY ((TNC_MessageSubtype) 0xff)
90 /* TNCC-TNCS Message Types */
91 #define TNC_TNCCS_RECOMMENDATION 0x00000001
92 #define TNC_TNCCS_ERROR 0x00000002
93 #define TNC_TNCCS_PREFERREDLANGUAGE 0x00000003
94 #define TNC_TNCCS_REASONSTRINGS 0x00000004
98 struct tnc_if_imc *next;
101 void *dlhandle; /* from dlopen() */
103 TNC_ConnectionID connectionID;
104 TNC_MessageTypeList supported_types;
105 size_t num_supported_types;
109 /* Functions implemented by IMCs (with TNC_IMC_ prefix) */
110 TNC_Result (*Initialize)(
112 TNC_Version minVersion,
113 TNC_Version maxVersion,
114 TNC_Version *pOutActualVersion);
115 TNC_Result (*NotifyConnectionChange)(
117 TNC_ConnectionID connectionID,
118 TNC_ConnectionState newState);
119 TNC_Result (*BeginHandshake)(
121 TNC_ConnectionID connectionID);
122 TNC_Result (*ReceiveMessage)(
124 TNC_ConnectionID connectionID,
125 TNC_BufferReference messageBuffer,
126 TNC_UInt32 messageLength,
127 TNC_MessageType messageType);
128 TNC_Result (*BatchEnding)(
130 TNC_ConnectionID connectionID);
131 TNC_Result (*Terminate)(TNC_IMCID imcID);
132 TNC_Result (*ProvideBindFunction)(
134 TNC_TNCC_BindFunctionPointer bindFunction);
138 struct tnc_if_imc *imc;
139 unsigned int last_batchid;
142 #define TNC_MAX_IMC_ID 10
143 static struct tnc_if_imc *tnc_imc[TNC_MAX_IMC_ID] = { NULL };
146 /* TNCC functions that IMCs can call */
148 TNC_Result TNC_TNCC_ReportMessageTypes(
150 TNC_MessageTypeList supportedTypes,
151 TNC_UInt32 typeCount)
154 struct tnc_if_imc *imc;
156 wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_ReportMessageTypes(imcID=%lu "
158 (unsigned long) imcID, (unsigned long) typeCount);
160 for (i = 0; i < typeCount; i++) {
161 wpa_printf(MSG_DEBUG, "TNC: supportedTypes[%lu] = %lu",
162 i, supportedTypes[i]);
165 if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
166 return TNC_RESULT_INVALID_PARAMETER;
168 imc = tnc_imc[imcID];
169 os_free(imc->supported_types);
170 imc->supported_types =
171 os_malloc(typeCount * sizeof(TNC_MessageTypeList));
172 if (imc->supported_types == NULL)
173 return TNC_RESULT_FATAL;
174 os_memcpy(imc->supported_types, supportedTypes,
175 typeCount * sizeof(TNC_MessageTypeList));
176 imc->num_supported_types = typeCount;
178 return TNC_RESULT_SUCCESS;
182 TNC_Result TNC_TNCC_SendMessage(
184 TNC_ConnectionID connectionID,
185 TNC_BufferReference message,
186 TNC_UInt32 messageLength,
187 TNC_MessageType messageType)
189 struct tnc_if_imc *imc;
193 wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage(imcID=%lu "
194 "connectionID=%lu messageType=%lu)",
195 imcID, connectionID, messageType);
196 wpa_hexdump_ascii(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage",
197 message, messageLength);
199 if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
200 return TNC_RESULT_INVALID_PARAMETER;
202 b64 = base64_encode(message, messageLength, &b64len);
204 return TNC_RESULT_FATAL;
206 imc = tnc_imc[imcID];
207 os_free(imc->imc_send);
208 imc->imc_send_len = 0;
209 imc->imc_send = os_zalloc(b64len + 100);
210 if (imc->imc_send == NULL) {
212 return TNC_RESULT_OTHER;
216 os_snprintf((char *) imc->imc_send, b64len + 100,
217 "<IMC-IMV-Message><Type>%08X</Type>"
218 "<Base64>%s</Base64></IMC-IMV-Message>",
219 (unsigned int) messageType, b64);
223 return TNC_RESULT_SUCCESS;
227 TNC_Result TNC_TNCC_RequestHandshakeRetry(
229 TNC_ConnectionID connectionID,
230 TNC_RetryReason reason)
232 wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_RequestHandshakeRetry");
234 if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
235 return TNC_RESULT_INVALID_PARAMETER;
238 * TODO: trigger a call to eapol_sm_request_reauth(). This would
239 * require that the IMC continues to be loaded in memory afer
243 return TNC_RESULT_SUCCESS;
247 TNC_Result TNC_9048_LogMessage(TNC_IMCID imcID, TNC_UInt32 severity,
250 wpa_printf(MSG_DEBUG, "TNC: TNC_9048_LogMessage(imcID=%lu "
251 "severity==%lu message='%s')",
252 imcID, severity, message);
253 return TNC_RESULT_SUCCESS;
257 TNC_Result TNC_9048_UserMessage(TNC_IMCID imcID, TNC_ConnectionID connectionID,
260 wpa_printf(MSG_DEBUG, "TNC: TNC_9048_UserMessage(imcID=%lu "
261 "connectionID==%lu message='%s')",
262 imcID, connectionID, message);
263 return TNC_RESULT_SUCCESS;
267 TNC_Result TNC_TNCC_BindFunction(
270 void **pOutfunctionPointer)
272 wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_BindFunction(imcID=%lu, "
273 "functionName='%s')", (unsigned long) imcID, functionName);
275 if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
276 return TNC_RESULT_INVALID_PARAMETER;
278 if (pOutfunctionPointer == NULL)
279 return TNC_RESULT_INVALID_PARAMETER;
281 if (os_strcmp(functionName, "TNC_TNCC_ReportMessageTypes") == 0)
282 *pOutfunctionPointer = TNC_TNCC_ReportMessageTypes;
283 else if (os_strcmp(functionName, "TNC_TNCC_SendMessage") == 0)
284 *pOutfunctionPointer = TNC_TNCC_SendMessage;
285 else if (os_strcmp(functionName, "TNC_TNCC_RequestHandshakeRetry") ==
287 *pOutfunctionPointer = TNC_TNCC_RequestHandshakeRetry;
288 else if (os_strcmp(functionName, "TNC_9048_LogMessage") == 0)
289 *pOutfunctionPointer = TNC_9048_LogMessage;
290 else if (os_strcmp(functionName, "TNC_9048_UserMessage") == 0)
291 *pOutfunctionPointer = TNC_9048_UserMessage;
293 *pOutfunctionPointer = NULL;
295 return TNC_RESULT_SUCCESS;
299 static void * tncc_get_sym(void *handle, char *func)
303 #ifdef CONFIG_NATIVE_WINDOWS
305 fptr = GetProcAddressA(handle, func);
306 #else /* _WIN32_WCE */
307 fptr = GetProcAddress(handle, func);
308 #endif /* _WIN32_WCE */
309 #else /* CONFIG_NATIVE_WINDOWS */
310 fptr = dlsym(handle, func);
311 #endif /* CONFIG_NATIVE_WINDOWS */
317 static int tncc_imc_resolve_funcs(struct tnc_if_imc *imc)
319 void *handle = imc->dlhandle;
321 /* Mandatory IMC functions */
322 imc->Initialize = tncc_get_sym(handle, "TNC_IMC_Initialize");
323 if (imc->Initialize == NULL) {
324 wpa_printf(MSG_ERROR, "TNC: IMC does not export "
325 "TNC_IMC_Initialize");
329 imc->BeginHandshake = tncc_get_sym(handle, "TNC_IMC_BeginHandshake");
330 if (imc->BeginHandshake == NULL) {
331 wpa_printf(MSG_ERROR, "TNC: IMC does not export "
332 "TNC_IMC_BeginHandshake");
336 imc->ProvideBindFunction =
337 tncc_get_sym(handle, "TNC_IMC_ProvideBindFunction");
338 if (imc->ProvideBindFunction == NULL) {
339 wpa_printf(MSG_ERROR, "TNC: IMC does not export "
340 "TNC_IMC_ProvideBindFunction");
344 /* Optional IMC functions */
345 imc->NotifyConnectionChange =
346 tncc_get_sym(handle, "TNC_IMC_NotifyConnectionChange");
347 imc->ReceiveMessage = tncc_get_sym(handle, "TNC_IMC_ReceiveMessage");
348 imc->BatchEnding = tncc_get_sym(handle, "TNC_IMC_BatchEnding");
349 imc->Terminate = tncc_get_sym(handle, "TNC_IMC_Terminate");
355 static int tncc_imc_initialize(struct tnc_if_imc *imc)
360 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Initialize for IMC '%s'",
362 res = imc->Initialize(imc->imcID, TNC_IFIMC_VERSION_1,
363 TNC_IFIMC_VERSION_1, &imc_ver);
364 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Initialize: res=%lu imc_ver=%lu",
365 (unsigned long) res, (unsigned long) imc_ver);
367 return res == TNC_RESULT_SUCCESS ? 0 : -1;
371 static int tncc_imc_terminate(struct tnc_if_imc *imc)
375 if (imc->Terminate == NULL)
378 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Terminate for IMC '%s'",
380 res = imc->Terminate(imc->imcID);
381 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Terminate: %lu",
382 (unsigned long) res);
384 return res == TNC_RESULT_SUCCESS ? 0 : -1;
388 static int tncc_imc_provide_bind_function(struct tnc_if_imc *imc)
392 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_ProvideBindFunction for "
393 "IMC '%s'", imc->name);
394 res = imc->ProvideBindFunction(imc->imcID, TNC_TNCC_BindFunction);
395 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_ProvideBindFunction: res=%lu",
396 (unsigned long) res);
398 return res == TNC_RESULT_SUCCESS ? 0 : -1;
402 static int tncc_imc_notify_connection_change(struct tnc_if_imc *imc,
403 TNC_ConnectionState state)
407 if (imc->NotifyConnectionChange == NULL)
410 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_NotifyConnectionChange(%d)"
411 " for IMC '%s'", (int) state, imc->name);
412 res = imc->NotifyConnectionChange(imc->imcID, imc->connectionID,
414 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_NotifyConnectionChange: %lu",
415 (unsigned long) res);
417 return res == TNC_RESULT_SUCCESS ? 0 : -1;
421 static int tncc_imc_begin_handshake(struct tnc_if_imc *imc)
425 wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_BeginHandshake for IMC "
427 res = imc->BeginHandshake(imc->imcID, imc->connectionID);
428 wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_BeginHandshake: %lu",
429 (unsigned long) res);
431 return res == TNC_RESULT_SUCCESS ? 0 : -1;
435 static int tncc_load_imc(struct tnc_if_imc *imc)
437 if (imc->path == NULL) {
438 wpa_printf(MSG_DEBUG, "TNC: No IMC configured");
442 wpa_printf(MSG_DEBUG, "TNC: Opening IMC: %s (%s)",
443 imc->name, imc->path);
444 #ifdef CONFIG_NATIVE_WINDOWS
447 TCHAR *lib = wpa_strdup_tchar(imc->path);
450 imc->dlhandle = LoadLibrary(lib);
454 imc->dlhandle = LoadLibrary(imc->path);
456 if (imc->dlhandle == NULL) {
457 wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %d",
458 imc->name, imc->path, (int) GetLastError());
461 #else /* CONFIG_NATIVE_WINDOWS */
462 imc->dlhandle = dlopen(imc->path, RTLD_LAZY);
463 if (imc->dlhandle == NULL) {
464 wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %s",
465 imc->name, imc->path, dlerror());
468 #endif /* CONFIG_NATIVE_WINDOWS */
470 if (tncc_imc_resolve_funcs(imc) < 0) {
471 wpa_printf(MSG_ERROR, "TNC: Failed to resolve IMC functions");
475 if (tncc_imc_initialize(imc) < 0 ||
476 tncc_imc_provide_bind_function(imc) < 0) {
477 wpa_printf(MSG_ERROR, "TNC: Failed to initialize IMC");
485 static void tncc_unload_imc(struct tnc_if_imc *imc)
487 tncc_imc_terminate(imc);
488 tnc_imc[imc->imcID] = NULL;
491 #ifdef CONFIG_NATIVE_WINDOWS
492 FreeLibrary(imc->dlhandle);
493 #else /* CONFIG_NATIVE_WINDOWS */
494 dlclose(imc->dlhandle);
495 #endif /* CONFIG_NATIVE_WINDOWS */
499 os_free(imc->supported_types);
500 os_free(imc->imc_send);
504 static int tncc_supported_type(struct tnc_if_imc *imc, unsigned int type)
507 unsigned int vendor, subtype;
509 if (imc == NULL || imc->supported_types == NULL)
513 subtype = type & 0xff;
515 for (i = 0; i < imc->num_supported_types; i++) {
516 unsigned int svendor, ssubtype;
517 svendor = imc->supported_types[i] >> 8;
518 ssubtype = imc->supported_types[i] & 0xff;
519 if ((vendor == svendor || svendor == TNC_VENDORID_ANY) &&
520 (subtype == ssubtype || ssubtype == TNC_SUBTYPE_ANY))
528 static void tncc_send_to_imcs(struct tncc_data *tncc, unsigned int type,
529 const u8 *msg, size_t len)
531 struct tnc_if_imc *imc;
534 wpa_hexdump_ascii(MSG_MSGDUMP, "TNC: Message to IMC(s)", msg, len);
536 for (imc = tncc->imc; imc; imc = imc->next) {
537 if (imc->ReceiveMessage == NULL ||
538 !tncc_supported_type(imc, type))
541 wpa_printf(MSG_DEBUG, "TNC: Call ReceiveMessage for IMC '%s'",
543 res = imc->ReceiveMessage(imc->imcID, imc->connectionID,
544 (TNC_BufferReference) msg, len,
546 wpa_printf(MSG_DEBUG, "TNC: ReceiveMessage: %lu",
547 (unsigned long) res);
552 void tncc_init_connection(struct tncc_data *tncc)
554 struct tnc_if_imc *imc;
556 for (imc = tncc->imc; imc; imc = imc->next) {
557 tncc_imc_notify_connection_change(
558 imc, TNC_CONNECTION_STATE_CREATE);
559 tncc_imc_notify_connection_change(
560 imc, TNC_CONNECTION_STATE_HANDSHAKE);
562 os_free(imc->imc_send);
563 imc->imc_send = NULL;
564 imc->imc_send_len = 0;
566 tncc_imc_begin_handshake(imc);
571 size_t tncc_total_send_len(struct tncc_data *tncc)
573 struct tnc_if_imc *imc;
576 for (imc = tncc->imc; imc; imc = imc->next)
577 len += imc->imc_send_len;
582 u8 * tncc_copy_send_buf(struct tncc_data *tncc, u8 *pos)
584 struct tnc_if_imc *imc;
586 for (imc = tncc->imc; imc; imc = imc->next) {
587 if (imc->imc_send == NULL)
590 os_memcpy(pos, imc->imc_send, imc->imc_send_len);
591 pos += imc->imc_send_len;
592 os_free(imc->imc_send);
593 imc->imc_send = NULL;
594 imc->imc_send_len = 0;
601 char * tncc_if_tnccs_start(struct tncc_data *tncc)
603 char *buf = os_malloc(1000);
606 tncc->last_batchid++;
607 os_snprintf(buf, 1000, IF_TNCCS_START, tncc->last_batchid);
612 char * tncc_if_tnccs_end(void)
614 char *buf = os_malloc(100);
617 os_snprintf(buf, 100, IF_TNCCS_END);
622 static void tncc_notify_recommendation(struct tncc_data *tncc,
623 enum tncc_process_res res)
625 TNC_ConnectionState state;
626 struct tnc_if_imc *imc;
629 case TNCCS_RECOMMENDATION_ALLOW:
630 state = TNC_CONNECTION_STATE_ACCESS_ALLOWED;
632 case TNCCS_RECOMMENDATION_NONE:
633 state = TNC_CONNECTION_STATE_ACCESS_NONE;
635 case TNCCS_RECOMMENDATION_ISOLATE:
636 state = TNC_CONNECTION_STATE_ACCESS_ISOLATED;
639 state = TNC_CONNECTION_STATE_ACCESS_NONE;
643 for (imc = tncc->imc; imc; imc = imc->next)
644 tncc_imc_notify_connection_change(imc, state);
648 static int tncc_get_type(char *start, unsigned int *type)
650 char *pos = os_strstr(start, "<Type>");
654 *type = strtoul(pos, NULL, 16);
659 static unsigned char * tncc_get_base64(char *start, size_t *decoded_len)
662 unsigned char *decoded;
664 pos = os_strstr(start, "<Base64>");
669 pos2 = os_strstr(pos, "</Base64>");
674 decoded = base64_decode((unsigned char *) pos, os_strlen(pos),
677 if (decoded == NULL) {
678 wpa_printf(MSG_DEBUG, "TNC: Failed to decode Base64 data");
685 static enum tncc_process_res tncc_get_recommendation(char *start)
687 char *pos, *pos2, saved;
690 pos = os_strstr(start, "<TNCCS-Recommendation ");
692 return TNCCS_RECOMMENDATION_ERROR;
695 pos = os_strstr(pos, " type=");
697 return TNCCS_RECOMMENDATION_ERROR;
704 while (*pos2 != '\0' && *pos2 != '"' && *pos2 != '>')
708 return TNCCS_RECOMMENDATION_ERROR;
712 wpa_printf(MSG_DEBUG, "TNC: TNCCS-Recommendation: '%s'", pos);
714 recom = TNCCS_RECOMMENDATION_ERROR;
715 if (os_strcmp(pos, "allow") == 0)
716 recom = TNCCS_RECOMMENDATION_ALLOW;
717 else if (os_strcmp(pos, "none") == 0)
718 recom = TNCCS_RECOMMENDATION_NONE;
719 else if (os_strcmp(pos, "isolate") == 0)
720 recom = TNCCS_RECOMMENDATION_ISOLATE;
728 enum tncc_process_res tncc_process_if_tnccs(struct tncc_data *tncc,
729 const u8 *msg, size_t len)
731 char *buf, *start, *end, *pos, *pos2, *payload;
732 unsigned int batch_id;
733 unsigned char *decoded;
735 enum tncc_process_res res = TNCCS_PROCESS_OK_NO_RECOMMENDATION;
736 int recommendation_msg = 0;
738 buf = os_malloc(len + 1);
740 return TNCCS_PROCESS_ERROR;
742 os_memcpy(buf, msg, len);
744 start = os_strstr(buf, "<TNCCS-Batch ");
745 end = os_strstr(buf, "</TNCCS-Batch>");
746 if (start == NULL || end == NULL || start > end) {
748 return TNCCS_PROCESS_ERROR;
752 while (*start == ' ')
756 pos = os_strstr(start, "BatchId=");
759 return TNCCS_PROCESS_ERROR;
765 batch_id = atoi(pos);
766 wpa_printf(MSG_DEBUG, "TNC: Received IF-TNCCS BatchId=%u",
768 if (batch_id != tncc->last_batchid + 1) {
769 wpa_printf(MSG_DEBUG, "TNC: Unexpected IF-TNCCS BatchId "
771 batch_id, tncc->last_batchid + 1);
773 return TNCCS_PROCESS_ERROR;
775 tncc->last_batchid = batch_id;
777 while (*pos != '\0' && *pos != '>')
781 return TNCCS_PROCESS_ERROR;
788 * <Type>01234567</Type>
789 * <Base64>foo==</Base64>
797 pos = os_strstr(start, "<IMC-IMV-Message>");
801 end = os_strstr(start, "</IMC-IMV-Message>");
808 if (tncc_get_type(start, &type) < 0) {
813 wpa_printf(MSG_DEBUG, "TNC: IMC-IMV-Message Type 0x%x", type);
815 decoded = tncc_get_base64(start, &decoded_len);
816 if (decoded == NULL) {
822 tncc_send_to_imcs(tncc, type, decoded, decoded_len);
830 * <TNCC-TNCS-Message>
831 * <Type>01234567</Type>
832 * <XML><TNCCS-Foo type="foo"></TNCCS-Foo></XML>
833 * <Base64>foo==</Base64>
834 * </TNCC-TNCS-Message>
840 char *xml, *xmlend, *endpos;
842 pos = os_strstr(start, "<TNCC-TNCS-Message>");
846 end = os_strstr(start, "</TNCC-TNCS-Message>");
853 if (tncc_get_type(start, &type) < 0) {
858 wpa_printf(MSG_DEBUG, "TNC: TNCC-TNCS-Message Type 0x%x",
865 pos = os_strstr(start, "<XML>");
868 pos2 = os_strstr(pos, "</XML>");
877 decoded = tncc_get_base64(start, &decoded_len);
878 if (decoded == NULL) {
886 wpa_hexdump_ascii(MSG_MSGDUMP,
887 "TNC: TNCC-TNCS-Message Base64",
888 decoded, decoded_len);
893 wpa_hexdump_ascii(MSG_MSGDUMP,
894 "TNC: TNCC-TNCS-Message XML",
895 (unsigned char *) xml,
899 if (type == TNC_TNCCS_RECOMMENDATION && xml) {
901 * <TNCCS-Recommendation type="allow">
902 * </TNCCS-Recommendation>
905 res = tncc_get_recommendation(xml);
907 recommendation_msg = 1;
915 if (recommendation_msg)
916 tncc_notify_recommendation(tncc, res);
922 #ifdef CONFIG_NATIVE_WINDOWS
923 static int tncc_read_config_reg(struct tncc_data *tncc, HKEY hive)
928 struct tnc_if_imc *imc, *last;
932 while (last && last->next)
935 ret = RegOpenKeyEx(hive, TNC_WINREG_PATH, 0, KEY_ENUMERATE_SUB_KEYS,
937 if (ret != ERROR_SUCCESS)
941 TCHAR name[255], *val;
942 DWORD namelen, buflen;
945 ret = RegEnumKeyEx(hk, i, name, &namelen, NULL, NULL, NULL,
948 if (ret == ERROR_NO_MORE_ITEMS)
951 if (ret != ERROR_SUCCESS) {
952 wpa_printf(MSG_DEBUG, "TNC: RegEnumKeyEx failed: 0x%x",
959 name[namelen] = '\0';
961 wpa_printf(MSG_DEBUG, "TNC: IMC '" TSTR "'", name);
963 ret = RegOpenKeyEx(hk, name, 0, KEY_QUERY_VALUE, &hk2);
964 if (ret != ERROR_SUCCESS) {
965 wpa_printf(MSG_DEBUG, "Could not open IMC key '" TSTR
970 ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL, NULL,
972 if (ret != ERROR_SUCCESS) {
973 wpa_printf(MSG_DEBUG, "TNC: Could not read Path from "
974 "IMC key '" TSTR "'", name);
979 val = os_malloc(buflen);
985 ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL,
986 (LPBYTE) val, &buflen);
987 if (ret != ERROR_SUCCESS) {
995 wpa_unicode2ascii_inplace(val);
996 wpa_printf(MSG_DEBUG, "TNC: IMC Path '%s'", (char *) val);
998 for (j = 0; j < TNC_MAX_IMC_ID; j++) {
999 if (tnc_imc[j] == NULL)
1002 if (j >= TNC_MAX_IMC_ID) {
1003 wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
1008 imc = os_zalloc(sizeof(*imc));
1016 wpa_unicode2ascii_inplace(name);
1017 imc->name = os_strdup((char *) name);
1018 imc->path = os_strdup((char *) val);
1028 tnc_imc[imc->imcID] = imc;
1037 static int tncc_read_config(struct tncc_data *tncc)
1039 if (tncc_read_config_reg(tncc, HKEY_LOCAL_MACHINE) < 0 ||
1040 tncc_read_config_reg(tncc, HKEY_CURRENT_USER) < 0)
1045 #else /* CONFIG_NATIVE_WINDOWS */
1047 static struct tnc_if_imc * tncc_parse_imc(char *start, char *end, int *error)
1049 struct tnc_if_imc *imc;
1053 for (i = 0; i < TNC_MAX_IMC_ID; i++) {
1054 if (tnc_imc[i] == NULL)
1057 if (i >= TNC_MAX_IMC_ID) {
1058 wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
1062 imc = os_zalloc(sizeof(*imc));
1071 wpa_printf(MSG_DEBUG, "TNC: Configured IMC: %s", pos);
1072 if (pos + 1 >= end || *pos != '"') {
1073 wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1074 "(no starting quotation mark)", start);
1081 while (pos2 < end && *pos2 != '"')
1084 wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1085 "(no ending quotation mark)", start);
1090 wpa_printf(MSG_DEBUG, "TNC: Name: '%s'", pos);
1091 imc->name = os_strdup(pos);
1094 if (pos >= end || *pos != ' ') {
1095 wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1096 "(no space after name)", start);
1102 wpa_printf(MSG_DEBUG, "TNC: IMC file: '%s'", pos);
1103 imc->path = os_strdup(pos);
1104 tnc_imc[imc->imcID] = imc;
1110 static int tncc_read_config(struct tncc_data *tncc)
1112 char *config, *end, *pos, *line_end;
1114 struct tnc_if_imc *imc, *last;
1118 config = os_readfile(TNC_CONFIG_FILE, &config_len);
1119 if (config == NULL) {
1120 wpa_printf(MSG_ERROR, "TNC: Could not open TNC configuration "
1121 "file '%s'", TNC_CONFIG_FILE);
1125 end = config + config_len;
1126 for (pos = config; pos < end; pos = line_end + 1) {
1128 while (*line_end != '\n' && *line_end != '\r' &&
1133 if (os_strncmp(pos, "IMC ", 4) == 0) {
1136 imc = tncc_parse_imc(pos + 4, line_end, &error);
1154 #endif /* CONFIG_NATIVE_WINDOWS */
1157 struct tncc_data * tncc_init(void)
1159 struct tncc_data *tncc;
1160 struct tnc_if_imc *imc;
1162 tncc = os_zalloc(sizeof(*tncc));
1167 * move loading and Initialize() to a location that is not
1168 * re-initialized for every EAP-TNC session (?)
1171 if (tncc_read_config(tncc) < 0) {
1172 wpa_printf(MSG_ERROR, "TNC: Failed to read TNC configuration");
1176 for (imc = tncc->imc; imc; imc = imc->next) {
1177 if (tncc_load_imc(imc)) {
1178 wpa_printf(MSG_ERROR, "TNC: Failed to load IMC '%s'",
1192 void tncc_deinit(struct tncc_data *tncc)
1194 struct tnc_if_imc *imc, *prev;
1198 tncc_unload_imc(imc);
1209 static struct wpabuf * tncc_build_soh(void)
1212 u8 *tlv_len, *tlv_len2, *outer_len, *inner_len, *ssoh_len, *end;
1213 u8 correlation_id[24];
1216 if (os_get_random(correlation_id, sizeof(correlation_id)))
1218 wpa_hexdump(MSG_DEBUG, "TNC: SoH Correlation ID",
1219 correlation_id, sizeof(correlation_id));
1221 buf = wpabuf_alloc(200);
1225 /* Vendor-Specific TLV (Microsoft) - SoH */
1226 wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* TLV Type */
1227 tlv_len = wpabuf_put(buf, 2); /* Length */
1228 wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* Vendor_Id */
1229 wpabuf_put_be16(buf, 0x01); /* TLV Type - SoH TLV */
1230 tlv_len2 = wpabuf_put(buf, 2); /* Length */
1233 wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* Outer Type */
1234 outer_len = wpabuf_put(buf, 2);
1235 wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1236 wpabuf_put_be16(buf, ver); /* Inner Type */
1237 inner_len = wpabuf_put(buf, 2);
1240 /* SoH Mode Sub-Header */
1242 wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
1243 wpabuf_put_be16(buf, 4 + 24 + 1 + 1); /* Length */
1244 wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1246 wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
1247 wpabuf_put_u8(buf, 0x01); /* Intent Flag - Request */
1248 wpabuf_put_u8(buf, 0x00); /* Content-Type Flag */
1252 /* System-Health-Id */
1253 wpabuf_put_be16(buf, 0x0002); /* Type */
1254 wpabuf_put_be16(buf, 4); /* Length */
1255 wpabuf_put_be32(buf, 79616);
1256 /* Vendor-Specific Attribute */
1257 wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
1258 ssoh_len = wpabuf_put(buf, 2);
1259 wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1260 /* TODO: MS-Machine-Inventory */
1261 /* TODO: MS-Quarantine-State */
1262 /* MS-Packet-Info */
1263 wpabuf_put_u8(buf, 0x03);
1264 wpabuf_put_u8(buf, 0x11); /* r=request, vers=1 */
1265 /* TODO: MS-MachineName */
1266 /* MS-CorrelationId */
1267 wpabuf_put_u8(buf, 0x06);
1268 wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
1269 end = wpabuf_put(buf, 0);
1270 WPA_PUT_BE16(ssoh_len, end - ssoh_len - 2);
1272 /* TODO: SoHReportEntry TLV (zero or more) */
1274 /* Update length fields */
1275 end = wpabuf_put(buf, 0);
1276 WPA_PUT_BE16(tlv_len, end - tlv_len - 2);
1277 WPA_PUT_BE16(tlv_len2, end - tlv_len2 - 2);
1278 WPA_PUT_BE16(outer_len, end - outer_len - 2);
1279 WPA_PUT_BE16(inner_len, end - inner_len - 2);
1285 struct wpabuf * tncc_process_soh_request(const u8 *data, size_t len)
1289 wpa_hexdump(MSG_DEBUG, "TNC: SoH Request", data, len);
1298 if (WPA_GET_BE16(pos) != EAP_TLV_VENDOR_SPECIFIC_TLV)
1303 if (WPA_GET_BE16(pos) < 8)
1308 if (WPA_GET_BE32(pos) != EAP_VENDOR_MICROSOFT)
1313 if (WPA_GET_BE16(pos) != 0x02 /* SoH request TLV */)
1316 wpa_printf(MSG_DEBUG, "TNC: SoH Request TLV received");
1318 return tncc_build_soh();