libeap/src/eap_peer/tncc.c

   1 /*
   2  * EAP-TNC - TNCC (IF-IMC and IF-TNCCS)
   3  * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #include "includes.h"
  10 #ifndef CONFIG_NATIVE_WINDOWS
  11 #include <dlfcn.h>
  12 #endif /* CONFIG_NATIVE_WINDOWS */
  13
  14 #include "common.h"
  15 #include "base64.h"
  16 #include "common/tnc.h"
  17 #include "tncc.h"
  18 #include "eap_common/eap_tlv_common.h"
  19 #include "eap_common/eap_defs.h"
  20
  21
  22 #ifdef UNICODE
  23 #define TSTR "%S"
  24 #else /* UNICODE */
  25 #define TSTR "%s"
  26 #endif /* UNICODE */
  27
  28
  29 #ifndef TNC_CONFIG_FILE
  30 #define TNC_CONFIG_FILE "/etc/tnc_config"
  31 #endif /* TNC_CONFIG_FILE */
  32 #define TNC_WINREG_PATH TEXT("SOFTWARE\\Trusted Computing Group\\TNC\\IMCs")
  33 #define IF_TNCCS_START \
  34 "<?xml version=\"1.0\"?>\n" \
  35 "<TNCCS-Batch BatchId=\"%d\" Recipient=\"TNCS\" " \
  36 "xmlns=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/IF_TNCCS#\" " \
  37 "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
  38 "xsi:schemaLocation=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/" \
  39 "IF_TNCCS# https://www.trustedcomputinggroup.org/XML/SCHEMA/TNCCS_1.0.xsd\">\n"
  40 #define IF_TNCCS_END "\n</TNCCS-Batch>"
  41
  42 /* TNC IF-IMC */
  43
  44 /* IF-TNCCS-SOH - SSoH and SSoHR Attributes */
  45 enum {
  46         SSOH_MS_MACHINE_INVENTORY = 1,
  47         SSOH_MS_QUARANTINE_STATE = 2,
  48         SSOH_MS_PACKET_INFO = 3,
  49         SSOH_MS_SYSTEMGENERATED_IDS = 4,
  50         SSOH_MS_MACHINENAME = 5,
  51         SSOH_MS_CORRELATIONID = 6,
  52         SSOH_MS_INSTALLED_SHVS = 7,
  53         SSOH_MS_MACHINE_INVENTORY_EX = 8
  54 };
  55
  56 struct tnc_if_imc {
  57         struct tnc_if_imc *next;
  58         char *name;
  59         char *path;
  60         void *dlhandle; /* from dlopen() */
  61         TNC_IMCID imcID;
  62         TNC_ConnectionID connectionID;
  63         TNC_MessageTypeList supported_types;
  64         size_t num_supported_types;
  65         u8 *imc_send;
  66         size_t imc_send_len;
  67
  68         /* Functions implemented by IMCs (with TNC_IMC_ prefix) */
  69         TNC_Result (*Initialize)(
  70                 TNC_IMCID imcID,
  71                 TNC_Version minVersion,
  72                 TNC_Version maxVersion,
  73                 TNC_Version *pOutActualVersion);
  74         TNC_Result (*NotifyConnectionChange)(
  75                 TNC_IMCID imcID,
  76                 TNC_ConnectionID connectionID,
  77                 TNC_ConnectionState newState);
  78         TNC_Result (*BeginHandshake)(
  79                 TNC_IMCID imcID,
  80                 TNC_ConnectionID connectionID);
  81         TNC_Result (*ReceiveMessage)(
  82                 TNC_IMCID imcID,
  83                 TNC_ConnectionID connectionID,
  84                 TNC_BufferReference messageBuffer,
  85                 TNC_UInt32 messageLength,
  86                 TNC_MessageType messageType);
  87         TNC_Result (*BatchEnding)(
  88                 TNC_IMCID imcID,
  89                 TNC_ConnectionID connectionID);
  90         TNC_Result (*Terminate)(TNC_IMCID imcID);
  91         TNC_Result (*ProvideBindFunction)(
  92                 TNC_IMCID imcID,
  93                 TNC_TNCC_BindFunctionPointer bindFunction);
  94 };
  95
  96 struct tncc_data {
  97         struct tnc_if_imc *imc;
  98         unsigned int last_batchid;
  99 };
 100
 101 #define TNC_MAX_IMC_ID 10
 102 static struct tnc_if_imc *tnc_imc[TNC_MAX_IMC_ID] = { NULL };
 103
 104
 105 /* TNCC functions that IMCs can call */
 106
 107 static TNC_Result TNC_TNCC_ReportMessageTypes(
 108         TNC_IMCID imcID,
 109         TNC_MessageTypeList supportedTypes,
 110         TNC_UInt32 typeCount)
 111 {
 112         TNC_UInt32 i;
 113         struct tnc_if_imc *imc;
 114
 115         wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_ReportMessageTypes(imcID=%lu "
 116                    "typeCount=%lu)",
 117                    (unsigned long) imcID, (unsigned long) typeCount);
 118
 119         for (i = 0; i < typeCount; i++) {
 120                 wpa_printf(MSG_DEBUG, "TNC: supportedTypes[%lu] = %lu",
 121                            i, supportedTypes[i]);
 122         }
 123
 124         if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
 125                 return TNC_RESULT_INVALID_PARAMETER;
 126
 127         imc = tnc_imc[imcID];
 128         os_free(imc->supported_types);
 129         imc->supported_types =
 130                 os_malloc(typeCount * sizeof(TNC_MessageType));
 131         if (imc->supported_types == NULL)
 132                 return TNC_RESULT_FATAL;
 133         os_memcpy(imc->supported_types, supportedTypes,
 134                   typeCount * sizeof(TNC_MessageType));
 135         imc->num_supported_types = typeCount;
 136
 137         return TNC_RESULT_SUCCESS;
 138 }
 139
 140
 141 static TNC_Result TNC_TNCC_SendMessage(
 142         TNC_IMCID imcID,
 143         TNC_ConnectionID connectionID,
 144         TNC_BufferReference message,
 145         TNC_UInt32 messageLength,
 146         TNC_MessageType messageType)
 147 {
 148         struct tnc_if_imc *imc;
 149         unsigned char *b64;
 150         size_t b64len;
 151
 152         wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage(imcID=%lu "
 153                    "connectionID=%lu messageType=%lu)",
 154                    imcID, connectionID, messageType);
 155         wpa_hexdump_ascii(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage",
 156                           message, messageLength);
 157
 158         if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
 159                 return TNC_RESULT_INVALID_PARAMETER;
 160
 161         b64 = base64_encode(message, messageLength, &b64len);
 162         if (b64 == NULL)
 163                 return TNC_RESULT_FATAL;
 164
 165         imc = tnc_imc[imcID];
 166         os_free(imc->imc_send);
 167         imc->imc_send_len = 0;
 168         imc->imc_send = os_zalloc(b64len + 100);
 169         if (imc->imc_send == NULL) {
 170                 os_free(b64);
 171                 return TNC_RESULT_OTHER;
 172         }
 173
 174         imc->imc_send_len =
 175                 os_snprintf((char *) imc->imc_send, b64len + 100,
 176                             "<IMC-IMV-Message><Type>%08X</Type>"
 177                             "<Base64>%s</Base64></IMC-IMV-Message>",
 178                             (unsigned int) messageType, b64);
 179
 180         os_free(b64);
 181
 182         return TNC_RESULT_SUCCESS;
 183 }
 184
 185
 186 static TNC_Result TNC_TNCC_RequestHandshakeRetry(
 187         TNC_IMCID imcID,
 188         TNC_ConnectionID connectionID,
 189         TNC_RetryReason reason)
 190 {
 191         wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_RequestHandshakeRetry");
 192
 193         if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
 194                 return TNC_RESULT_INVALID_PARAMETER;
 195
 196         /*
 197          * TODO: trigger a call to eapol_sm_request_reauth(). This would
 198          * require that the IMC continues to be loaded in memory afer
 199          * authentication..
 200          */
 201
 202         return TNC_RESULT_SUCCESS;
 203 }
 204
 205
 206 static TNC_Result TNC_9048_LogMessage(TNC_IMCID imcID, TNC_UInt32 severity,
 207                                       const char *message)
 208 {
 209         wpa_printf(MSG_DEBUG, "TNC: TNC_9048_LogMessage(imcID=%lu "
 210                    "severity==%lu message='%s')",
 211                    imcID, severity, message);
 212         return TNC_RESULT_SUCCESS;
 213 }
 214
 215
 216 static TNC_Result TNC_9048_UserMessage(TNC_IMCID imcID,
 217                                        TNC_ConnectionID connectionID,
 218                                        const char *message)
 219 {
 220         wpa_printf(MSG_DEBUG, "TNC: TNC_9048_UserMessage(imcID=%lu "
 221                    "connectionID==%lu message='%s')",
 222                    imcID, connectionID, message);
 223         return TNC_RESULT_SUCCESS;
 224 }
 225
 226
 227 static TNC_Result TNC_TNCC_BindFunction(
 228         TNC_IMCID imcID,
 229         char *functionName,
 230         void **pOutfunctionPointer)
 231 {
 232         wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_BindFunction(imcID=%lu, "
 233                    "functionName='%s')", (unsigned long) imcID, functionName);
 234
 235         if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
 236                 return TNC_RESULT_INVALID_PARAMETER;
 237
 238         if (pOutfunctionPointer == NULL)
 239                 return TNC_RESULT_INVALID_PARAMETER;
 240
 241         if (os_strcmp(functionName, "TNC_TNCC_ReportMessageTypes") == 0)
 242                 *pOutfunctionPointer = TNC_TNCC_ReportMessageTypes;
 243         else if (os_strcmp(functionName, "TNC_TNCC_SendMessage") == 0)
 244                 *pOutfunctionPointer = TNC_TNCC_SendMessage;
 245         else if (os_strcmp(functionName, "TNC_TNCC_RequestHandshakeRetry") ==
 246                  0)
 247                 *pOutfunctionPointer = TNC_TNCC_RequestHandshakeRetry;
 248         else if (os_strcmp(functionName, "TNC_9048_LogMessage") == 0)
 249                 *pOutfunctionPointer = TNC_9048_LogMessage;
 250         else if (os_strcmp(functionName, "TNC_9048_UserMessage") == 0)
 251                 *pOutfunctionPointer = TNC_9048_UserMessage;
 252         else
 253                 *pOutfunctionPointer = NULL;
 254
 255         return TNC_RESULT_SUCCESS;
 256 }
 257
 258
 259 static void * tncc_get_sym(void *handle, char *func)
 260 {
 261         void *fptr;
 262
 263 #ifdef CONFIG_NATIVE_WINDOWS
 264 #ifdef _WIN32_WCE
 265         fptr = GetProcAddressA(handle, func);
 266 #else /* _WIN32_WCE */
 267         fptr = GetProcAddress(handle, func);
 268 #endif /* _WIN32_WCE */
 269 #else /* CONFIG_NATIVE_WINDOWS */
 270         fptr = dlsym(handle, func);
 271 #endif /* CONFIG_NATIVE_WINDOWS */
 272
 273         return fptr;
 274 }
 275
 276
 277 static int tncc_imc_resolve_funcs(struct tnc_if_imc *imc)
 278 {
 279         void *handle = imc->dlhandle;
 280
 281         /* Mandatory IMC functions */
 282         imc->Initialize = tncc_get_sym(handle, "TNC_IMC_Initialize");
 283         if (imc->Initialize == NULL) {
 284                 wpa_printf(MSG_ERROR, "TNC: IMC does not export "
 285                            "TNC_IMC_Initialize");
 286                 return -1;
 287         }
 288
 289         imc->BeginHandshake = tncc_get_sym(handle, "TNC_IMC_BeginHandshake");
 290         if (imc->BeginHandshake == NULL) {
 291                 wpa_printf(MSG_ERROR, "TNC: IMC does not export "
 292                            "TNC_IMC_BeginHandshake");
 293                 return -1;
 294         }
 295
 296         imc->ProvideBindFunction =
 297                 tncc_get_sym(handle, "TNC_IMC_ProvideBindFunction");
 298         if (imc->ProvideBindFunction == NULL) {
 299                 wpa_printf(MSG_ERROR, "TNC: IMC does not export "
 300                            "TNC_IMC_ProvideBindFunction");
 301                 return -1;
 302         }
 303
 304         /* Optional IMC functions */
 305         imc->NotifyConnectionChange =
 306                 tncc_get_sym(handle, "TNC_IMC_NotifyConnectionChange");
 307         imc->ReceiveMessage = tncc_get_sym(handle, "TNC_IMC_ReceiveMessage");
 308         imc->BatchEnding = tncc_get_sym(handle, "TNC_IMC_BatchEnding");
 309         imc->Terminate = tncc_get_sym(handle, "TNC_IMC_Terminate");
 310
 311         return 0;
 312 }
 313
 314
 315 static int tncc_imc_initialize(struct tnc_if_imc *imc)
 316 {
 317         TNC_Result res;
 318         TNC_Version imc_ver;
 319
 320         wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Initialize for IMC '%s'",
 321                    imc->name);
 322         res = imc->Initialize(imc->imcID, TNC_IFIMC_VERSION_1,
 323                               TNC_IFIMC_VERSION_1, &imc_ver);
 324         wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Initialize: res=%lu imc_ver=%lu",
 325                    (unsigned long) res, (unsigned long) imc_ver);
 326
 327         return res == TNC_RESULT_SUCCESS ? 0 : -1;
 328 }
 329
 330
 331 static int tncc_imc_terminate(struct tnc_if_imc *imc)
 332 {
 333         TNC_Result res;
 334
 335         if (imc->Terminate == NULL)
 336                 return 0;
 337
 338         wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Terminate for IMC '%s'",
 339                    imc->name);
 340         res = imc->Terminate(imc->imcID);
 341         wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Terminate: %lu",
 342                    (unsigned long) res);
 343
 344         return res == TNC_RESULT_SUCCESS ? 0 : -1;
 345 }
 346
 347
 348 static int tncc_imc_provide_bind_function(struct tnc_if_imc *imc)
 349 {
 350         TNC_Result res;
 351
 352         wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_ProvideBindFunction for "
 353                    "IMC '%s'", imc->name);
 354         res = imc->ProvideBindFunction(imc->imcID, TNC_TNCC_BindFunction);
 355         wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_ProvideBindFunction: res=%lu",
 356                    (unsigned long) res);
 357
 358         return res == TNC_RESULT_SUCCESS ? 0 : -1;
 359 }
 360
 361
 362 static int tncc_imc_notify_connection_change(struct tnc_if_imc *imc,
 363                                              TNC_ConnectionState state)
 364 {
 365         TNC_Result res;
 366
 367         if (imc->NotifyConnectionChange == NULL)
 368                 return 0;
 369
 370         wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_NotifyConnectionChange(%d)"
 371                    " for IMC '%s'", (int) state, imc->name);
 372         res = imc->NotifyConnectionChange(imc->imcID, imc->connectionID,
 373                                           state);
 374         wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_NotifyConnectionChange: %lu",
 375                    (unsigned long) res);
 376
 377         return res == TNC_RESULT_SUCCESS ? 0 : -1;
 378 }
 379
 380
 381 static int tncc_imc_begin_handshake(struct tnc_if_imc *imc)
 382 {
 383         TNC_Result res;
 384
 385         wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_BeginHandshake for IMC "
 386                    "'%s'", imc->name);
 387         res = imc->BeginHandshake(imc->imcID, imc->connectionID);
 388         wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_BeginHandshake: %lu",
 389                    (unsigned long) res);
 390
 391         return res == TNC_RESULT_SUCCESS ? 0 : -1;
 392 }
 393
 394
 395 static int tncc_load_imc(struct tnc_if_imc *imc)
 396 {
 397         if (imc->path == NULL) {
 398                 wpa_printf(MSG_DEBUG, "TNC: No IMC configured");
 399                 return -1;
 400         }
 401
 402         wpa_printf(MSG_DEBUG, "TNC: Opening IMC: %s (%s)",
 403                    imc->name, imc->path);
 404 #ifdef CONFIG_NATIVE_WINDOWS
 405 #ifdef UNICODE
 406         {
 407                 TCHAR *lib = wpa_strdup_tchar(imc->path);
 408                 if (lib == NULL)
 409                         return -1;
 410                 imc->dlhandle = LoadLibrary(lib);
 411                 os_free(lib);
 412         }
 413 #else /* UNICODE */
 414         imc->dlhandle = LoadLibrary(imc->path);
 415 #endif /* UNICODE */
 416         if (imc->dlhandle == NULL) {
 417                 wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %d",
 418                            imc->name, imc->path, (int) GetLastError());
 419                 return -1;
 420         }
 421 #else /* CONFIG_NATIVE_WINDOWS */
 422         imc->dlhandle = dlopen(imc->path, RTLD_LAZY);
 423         if (imc->dlhandle == NULL) {
 424                 wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %s",
 425                            imc->name, imc->path, dlerror());
 426                 return -1;
 427         }
 428 #endif /* CONFIG_NATIVE_WINDOWS */
 429
 430         if (tncc_imc_resolve_funcs(imc) < 0) {
 431                 wpa_printf(MSG_ERROR, "TNC: Failed to resolve IMC functions");
 432                 return -1;
 433         }
 434
 435         if (tncc_imc_initialize(imc) < 0 ||
 436             tncc_imc_provide_bind_function(imc) < 0) {
 437                 wpa_printf(MSG_ERROR, "TNC: Failed to initialize IMC");
 438                 return -1;
 439         }
 440
 441         return 0;
 442 }
 443
 444
 445 static void tncc_unload_imc(struct tnc_if_imc *imc)
 446 {
 447         tncc_imc_terminate(imc);
 448         tnc_imc[imc->imcID] = NULL;
 449
 450         if (imc->dlhandle) {
 451 #ifdef CONFIG_NATIVE_WINDOWS
 452                 FreeLibrary(imc->dlhandle);
 453 #else /* CONFIG_NATIVE_WINDOWS */
 454                 dlclose(imc->dlhandle);
 455 #endif /* CONFIG_NATIVE_WINDOWS */
 456         }
 457         os_free(imc->name);
 458         os_free(imc->path);
 459         os_free(imc->supported_types);
 460         os_free(imc->imc_send);
 461 }
 462
 463
 464 static int tncc_supported_type(struct tnc_if_imc *imc, unsigned int type)
 465 {
 466         size_t i;
 467         unsigned int vendor, subtype;
 468
 469         if (imc == NULL || imc->supported_types == NULL)
 470                 return 0;
 471
 472         vendor = type >> 8;
 473         subtype = type & 0xff;
 474
 475         for (i = 0; i < imc->num_supported_types; i++) {
 476                 unsigned int svendor, ssubtype;
 477                 svendor = imc->supported_types[i] >> 8;
 478                 ssubtype = imc->supported_types[i] & 0xff;
 479                 if ((vendor == svendor || svendor == TNC_VENDORID_ANY) &&
 480                     (subtype == ssubtype || ssubtype == TNC_SUBTYPE_ANY))
 481                         return 1;
 482         }
 483
 484         return 0;
 485 }
 486
 487
 488 static void tncc_send_to_imcs(struct tncc_data *tncc, unsigned int type,
 489                               const u8 *msg, size_t len)
 490 {
 491         struct tnc_if_imc *imc;
 492         TNC_Result res;
 493
 494         wpa_hexdump_ascii(MSG_MSGDUMP, "TNC: Message to IMC(s)", msg, len);
 495
 496         for (imc = tncc->imc; imc; imc = imc->next) {
 497                 if (imc->ReceiveMessage == NULL ||
 498                     !tncc_supported_type(imc, type))
 499                         continue;
 500
 501                 wpa_printf(MSG_DEBUG, "TNC: Call ReceiveMessage for IMC '%s'",
 502                            imc->name);
 503                 res = imc->ReceiveMessage(imc->imcID, imc->connectionID,
 504                                           (TNC_BufferReference) msg, len,
 505                                           type);
 506                 wpa_printf(MSG_DEBUG, "TNC: ReceiveMessage: %lu",
 507                            (unsigned long) res);
 508         }
 509 }
 510
 511
 512 void tncc_init_connection(struct tncc_data *tncc)
 513 {
 514         struct tnc_if_imc *imc;
 515
 516         for (imc = tncc->imc; imc; imc = imc->next) {
 517                 tncc_imc_notify_connection_change(
 518                         imc, TNC_CONNECTION_STATE_CREATE);
 519                 tncc_imc_notify_connection_change(
 520                         imc, TNC_CONNECTION_STATE_HANDSHAKE);
 521
 522                 os_free(imc->imc_send);
 523                 imc->imc_send = NULL;
 524                 imc->imc_send_len = 0;
 525
 526                 tncc_imc_begin_handshake(imc);
 527         }
 528 }
 529
 530
 531 size_t tncc_total_send_len(struct tncc_data *tncc)
 532 {
 533         struct tnc_if_imc *imc;
 534
 535         size_t len = 0;
 536         for (imc = tncc->imc; imc; imc = imc->next)
 537                 len += imc->imc_send_len;
 538         return len;
 539 }
 540
 541
 542 u8 * tncc_copy_send_buf(struct tncc_data *tncc, u8 *pos)
 543 {
 544         struct tnc_if_imc *imc;
 545
 546         for (imc = tncc->imc; imc; imc = imc->next) {
 547                 if (imc->imc_send == NULL)
 548                         continue;
 549
 550                 os_memcpy(pos, imc->imc_send, imc->imc_send_len);
 551                 pos += imc->imc_send_len;
 552                 os_free(imc->imc_send);
 553                 imc->imc_send = NULL;
 554                 imc->imc_send_len = 0;
 555         }
 556
 557         return pos;
 558 }
 559
 560
 561 char * tncc_if_tnccs_start(struct tncc_data *tncc)
 562 {
 563         char *buf = os_malloc(1000);
 564         if (buf == NULL)
 565                 return NULL;
 566         tncc->last_batchid++;
 567         os_snprintf(buf, 1000, IF_TNCCS_START, tncc->last_batchid);
 568         return buf;
 569 }
 570
 571
 572 char * tncc_if_tnccs_end(void)
 573 {
 574         char *buf = os_malloc(100);
 575         if (buf == NULL)
 576                 return NULL;
 577         os_snprintf(buf, 100, IF_TNCCS_END);
 578         return buf;
 579 }
 580
 581
 582 static void tncc_notify_recommendation(struct tncc_data *tncc,
 583                                        enum tncc_process_res res)
 584 {
 585         TNC_ConnectionState state;
 586         struct tnc_if_imc *imc;
 587
 588         switch (res) {
 589         case TNCCS_RECOMMENDATION_ALLOW:
 590                 state = TNC_CONNECTION_STATE_ACCESS_ALLOWED;
 591                 break;
 592         case TNCCS_RECOMMENDATION_NONE:
 593                 state = TNC_CONNECTION_STATE_ACCESS_NONE;
 594                 break;
 595         case TNCCS_RECOMMENDATION_ISOLATE:
 596                 state = TNC_CONNECTION_STATE_ACCESS_ISOLATED;
 597                 break;
 598         default:
 599                 state = TNC_CONNECTION_STATE_ACCESS_NONE;
 600                 break;
 601         }
 602
 603         for (imc = tncc->imc; imc; imc = imc->next)
 604                 tncc_imc_notify_connection_change(imc, state);
 605 }
 606
 607
 608 static int tncc_get_type(char *start, unsigned int *type)
 609 {
 610         char *pos = os_strstr(start, "<Type>");
 611         if (pos == NULL)
 612                 return -1;
 613         pos += 6;
 614         *type = strtoul(pos, NULL, 16);
 615         return 0;
 616 }
 617
 618
 619 static unsigned char * tncc_get_base64(char *start, size_t *decoded_len)
 620 {
 621         char *pos, *pos2;
 622         unsigned char *decoded;
 623
 624         pos = os_strstr(start, "<Base64>");
 625         if (pos == NULL)
 626                 return NULL;
 627
 628         pos += 8;
 629         pos2 = os_strstr(pos, "</Base64>");
 630         if (pos2 == NULL)
 631                 return NULL;
 632         *pos2 = '\0';
 633
 634         decoded = base64_decode((unsigned char *) pos, os_strlen(pos),
 635                                 decoded_len);
 636         *pos2 = '<';
 637         if (decoded == NULL) {
 638                 wpa_printf(MSG_DEBUG, "TNC: Failed to decode Base64 data");
 639         }
 640
 641         return decoded;
 642 }
 643
 644
 645 static enum tncc_process_res tncc_get_recommendation(char *start)
 646 {
 647         char *pos, *pos2, saved;
 648         int recom;
 649
 650         pos = os_strstr(start, "<TNCCS-Recommendation ");
 651         if (pos == NULL)
 652                 return TNCCS_RECOMMENDATION_ERROR;
 653
 654         pos += 21;
 655         pos = os_strstr(pos, " type=");
 656         if (pos == NULL)
 657                 return TNCCS_RECOMMENDATION_ERROR;
 658         pos += 6;
 659
 660         if (*pos == '"')
 661                 pos++;
 662
 663         pos2 = pos;
 664         while (*pos2 != '\0' && *pos2 != '"' && *pos2 != '>')
 665                 pos2++;
 666
 667         if (*pos2 == '\0')
 668                 return TNCCS_RECOMMENDATION_ERROR;
 669
 670         saved = *pos2;
 671         *pos2 = '\0';
 672         wpa_printf(MSG_DEBUG, "TNC: TNCCS-Recommendation: '%s'", pos);
 673
 674         recom = TNCCS_RECOMMENDATION_ERROR;
 675         if (os_strcmp(pos, "allow") == 0)
 676                 recom = TNCCS_RECOMMENDATION_ALLOW;
 677         else if (os_strcmp(pos, "none") == 0)
 678                 recom = TNCCS_RECOMMENDATION_NONE;
 679         else if (os_strcmp(pos, "isolate") == 0)
 680                 recom = TNCCS_RECOMMENDATION_ISOLATE;
 681
 682         *pos2 = saved;
 683
 684         return recom;
 685 }
 686
 687
 688 enum tncc_process_res tncc_process_if_tnccs(struct tncc_data *tncc,
 689                                             const u8 *msg, size_t len)
 690 {
 691         char *buf, *start, *end, *pos, *pos2, *payload;
 692         unsigned int batch_id;
 693         unsigned char *decoded;
 694         size_t decoded_len;
 695         enum tncc_process_res res = TNCCS_PROCESS_OK_NO_RECOMMENDATION;
 696         int recommendation_msg = 0;
 697
 698         wpa_hexdump_ascii(MSG_MSGDUMP, "TNC: Received IF-TNCCS message",
 699                           msg, len);
 700         buf = dup_binstr(msg, len);
 701         if (buf == NULL)
 702                 return TNCCS_PROCESS_ERROR;
 703
 704         start = os_strstr(buf, "<TNCCS-Batch ");
 705         end = os_strstr(buf, "</TNCCS-Batch>");
 706         if (start == NULL || end == NULL || start > end) {
 707                 os_free(buf);
 708                 return TNCCS_PROCESS_ERROR;
 709         }
 710
 711         start += 13;
 712         while (*start == ' ')
 713                 start++;
 714         *end = '\0';
 715
 716         pos = os_strstr(start, "BatchId=");
 717         if (pos == NULL) {
 718                 os_free(buf);
 719                 return TNCCS_PROCESS_ERROR;
 720         }
 721
 722         pos += 8;
 723         if (*pos == '"')
 724                 pos++;
 725         batch_id = atoi(pos);
 726         wpa_printf(MSG_DEBUG, "TNC: Received IF-TNCCS BatchId=%u",
 727                    batch_id);
 728         if (batch_id != tncc->last_batchid + 1) {
 729                 wpa_printf(MSG_DEBUG, "TNC: Unexpected IF-TNCCS BatchId "
 730                            "%u (expected %u)",
 731                            batch_id, tncc->last_batchid + 1);
 732                 os_free(buf);
 733                 return TNCCS_PROCESS_ERROR;
 734         }
 735         tncc->last_batchid = batch_id;
 736
 737         while (*pos != '\0' && *pos != '>')
 738                 pos++;
 739         if (*pos == '\0') {
 740                 os_free(buf);
 741                 return TNCCS_PROCESS_ERROR;
 742         }
 743         pos++;
 744         payload = start;
 745
 746         /*
 747          * <IMC-IMV-Message>
 748          * <Type>01234567</Type>
 749          * <Base64>foo==</Base64>
 750          * </IMC-IMV-Message>
 751          */
 752
 753         while (*start) {
 754                 char *endpos;
 755                 unsigned int type;
 756
 757                 pos = os_strstr(start, "<IMC-IMV-Message>");
 758                 if (pos == NULL)
 759                         break;
 760                 start = pos + 17;
 761                 end = os_strstr(start, "</IMC-IMV-Message>");
 762                 if (end == NULL)
 763                         break;
 764                 *end = '\0';
 765                 endpos = end;
 766                 end += 18;
 767
 768                 if (tncc_get_type(start, &type) < 0) {
 769                         *endpos = '<';
 770                         start = end;
 771                         continue;
 772                 }
 773                 wpa_printf(MSG_DEBUG, "TNC: IMC-IMV-Message Type 0x%x", type);
 774
 775                 decoded = tncc_get_base64(start, &decoded_len);
 776                 if (decoded == NULL) {
 777                         *endpos = '<';
 778                         start = end;
 779                         continue;
 780                 }
 781
 782                 tncc_send_to_imcs(tncc, type, decoded, decoded_len);
 783
 784                 os_free(decoded);
 785
 786                 start = end;
 787         }
 788
 789         /*
 790          * <TNCC-TNCS-Message>
 791          * <Type>01234567</Type>
 792          * <XML><TNCCS-Foo type="foo"></TNCCS-Foo></XML>
 793          * <Base64>foo==</Base64>
 794          * </TNCC-TNCS-Message>
 795          */
 796
 797         start = payload;
 798         while (*start) {
 799                 unsigned int type;
 800                 char *xml, *xmlend, *endpos;
 801
 802                 pos = os_strstr(start, "<TNCC-TNCS-Message>");
 803                 if (pos == NULL)
 804                         break;
 805                 start = pos + 19;
 806                 end = os_strstr(start, "</TNCC-TNCS-Message>");
 807                 if (end == NULL)
 808                         break;
 809                 *end = '\0';
 810                 endpos = end;
 811                 end += 20;
 812
 813                 if (tncc_get_type(start, &type) < 0) {
 814                         *endpos = '<';
 815                         start = end;
 816                         continue;
 817                 }
 818                 wpa_printf(MSG_DEBUG, "TNC: TNCC-TNCS-Message Type 0x%x",
 819                            type);
 820
 821                 /* Base64 OR XML */
 822                 decoded = NULL;
 823                 xml = NULL;
 824                 xmlend = NULL;
 825                 pos = os_strstr(start, "<XML>");
 826                 if (pos) {
 827                         pos += 5;
 828                         pos2 = os_strstr(pos, "</XML>");
 829                         if (pos2 == NULL) {
 830                                 *endpos = '<';
 831                                 start = end;
 832                                 continue;
 833                         }
 834                         xmlend = pos2;
 835                         xml = pos;
 836                 } else {
 837                         decoded = tncc_get_base64(start, &decoded_len);
 838                         if (decoded == NULL) {
 839                                 *endpos = '<';
 840                                 start = end;
 841                                 continue;
 842                         }
 843                 }
 844
 845                 if (decoded) {
 846                         wpa_hexdump_ascii(MSG_MSGDUMP,
 847                                           "TNC: TNCC-TNCS-Message Base64",
 848                                           decoded, decoded_len);
 849                         os_free(decoded);
 850                 }
 851
 852                 if (xml) {
 853                         wpa_hexdump_ascii(MSG_MSGDUMP,
 854                                           "TNC: TNCC-TNCS-Message XML",
 855                                           (unsigned char *) xml,
 856                                           xmlend - xml);
 857                 }
 858
 859                 if (type == TNC_TNCCS_RECOMMENDATION && xml) {
 860                         /*
 861                          * <TNCCS-Recommendation type="allow">
 862                          * </TNCCS-Recommendation>
 863                          */
 864                         *xmlend = '\0';
 865                         res = tncc_get_recommendation(xml);
 866                         *xmlend = '<';
 867                         recommendation_msg = 1;
 868                 }
 869
 870                 start = end;
 871         }
 872
 873         os_free(buf);
 874
 875         if (recommendation_msg)
 876                 tncc_notify_recommendation(tncc, res);
 877
 878         return res;
 879 }
 880
 881
 882 #ifdef CONFIG_NATIVE_WINDOWS
 883 static int tncc_read_config_reg(struct tncc_data *tncc, HKEY hive)
 884 {
 885         HKEY hk, hk2;
 886         LONG ret;
 887         DWORD i;
 888         struct tnc_if_imc *imc, *last;
 889         int j;
 890
 891         last = tncc->imc;
 892         while (last && last->next)
 893                 last = last->next;
 894
 895         ret = RegOpenKeyEx(hive, TNC_WINREG_PATH, 0, KEY_ENUMERATE_SUB_KEYS,
 896                            &hk);
 897         if (ret != ERROR_SUCCESS)
 898                 return 0;
 899
 900         for (i = 0; ; i++) {
 901                 TCHAR name[255], *val;
 902                 DWORD namelen, buflen;
 903
 904                 namelen = 255;
 905                 ret = RegEnumKeyEx(hk, i, name, &namelen, NULL, NULL, NULL,
 906                                    NULL);
 907
 908                 if (ret == ERROR_NO_MORE_ITEMS)
 909                         break;
 910
 911                 if (ret != ERROR_SUCCESS) {
 912                         wpa_printf(MSG_DEBUG, "TNC: RegEnumKeyEx failed: 0x%x",
 913                                    (unsigned int) ret);
 914                         break;
 915                 }
 916
 917                 if (namelen >= 255)
 918                         namelen = 255 - 1;
 919                 name[namelen] = '\0';
 920
 921                 wpa_printf(MSG_DEBUG, "TNC: IMC '" TSTR "'", name);
 922
 923                 ret = RegOpenKeyEx(hk, name, 0, KEY_QUERY_VALUE, &hk2);
 924                 if (ret != ERROR_SUCCESS) {
 925                         wpa_printf(MSG_DEBUG, "Could not open IMC key '" TSTR
 926                                    "'", name);
 927                         continue;
 928                 }
 929
 930                 ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL, NULL,
 931                                       &buflen);
 932                 if (ret != ERROR_SUCCESS) {
 933                         wpa_printf(MSG_DEBUG, "TNC: Could not read Path from "
 934                                    "IMC key '" TSTR "'", name);
 935                         RegCloseKey(hk2);
 936                         continue;
 937                 }
 938
 939                 val = os_malloc(buflen);
 940                 if (val == NULL) {
 941                         RegCloseKey(hk2);
 942                         continue;
 943                 }
 944
 945                 ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL,
 946                                       (LPBYTE) val, &buflen);
 947                 if (ret != ERROR_SUCCESS) {
 948                         os_free(val);
 949                         RegCloseKey(hk2);
 950                         continue;
 951                 }
 952
 953                 RegCloseKey(hk2);
 954
 955                 wpa_unicode2ascii_inplace(val);
 956                 wpa_printf(MSG_DEBUG, "TNC: IMC Path '%s'", (char *) val);
 957
 958                 for (j = 0; j < TNC_MAX_IMC_ID; j++) {
 959                         if (tnc_imc[j] == NULL)
 960                                 break;
 961                 }
 962                 if (j >= TNC_MAX_IMC_ID) {
 963                         wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
 964                         os_free(val);
 965                         continue;
 966                 }
 967
 968                 imc = os_zalloc(sizeof(*imc));
 969                 if (imc == NULL) {
 970                         os_free(val);
 971                         break;
 972                 }
 973
 974                 imc->imcID = j;
 975
 976                 wpa_unicode2ascii_inplace(name);
 977                 imc->name = os_strdup((char *) name);
 978                 imc->path = os_strdup((char *) val);
 979
 980                 os_free(val);
 981
 982                 if (last == NULL)
 983                         tncc->imc = imc;
 984                 else
 985                         last->next = imc;
 986                 last = imc;
 987
 988                 tnc_imc[imc->imcID] = imc;
 989         }
 990
 991         RegCloseKey(hk);
 992
 993         return 0;
 994 }
 995
 996
 997 static int tncc_read_config(struct tncc_data *tncc)
 998 {
 999         if (tncc_read_config_reg(tncc, HKEY_LOCAL_MACHINE) < 0 ||
1000             tncc_read_config_reg(tncc, HKEY_CURRENT_USER) < 0)
1001                 return -1;
1002         return 0;
1003 }
1004
1005 #else /* CONFIG_NATIVE_WINDOWS */
1006
1007 static struct tnc_if_imc * tncc_parse_imc(char *start, char *end, int *error)
1008 {
1009         struct tnc_if_imc *imc;
1010         char *pos, *pos2;
1011         int i;
1012
1013         for (i = 0; i < TNC_MAX_IMC_ID; i++) {
1014                 if (tnc_imc[i] == NULL)
1015                         break;
1016         }
1017         if (i >= TNC_MAX_IMC_ID) {
1018                 wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
1019                 return NULL;
1020         }
1021
1022         imc = os_zalloc(sizeof(*imc));
1023         if (imc == NULL) {
1024                 *error = 1;
1025                 return NULL;
1026         }
1027
1028         imc->imcID = i;
1029
1030         pos = start;
1031         wpa_printf(MSG_DEBUG, "TNC: Configured IMC: %s", pos);
1032         if (pos + 1 >= end || *pos != '"') {
1033                 wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1034                            "(no starting quotation mark)", start);
1035                 os_free(imc);
1036                 return NULL;
1037         }
1038
1039         pos++;
1040         pos2 = pos;
1041         while (pos2 < end && *pos2 != '"')
1042                 pos2++;
1043         if (pos2 >= end) {
1044                 wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1045                            "(no ending quotation mark)", start);
1046                 os_free(imc);
1047                 return NULL;
1048         }
1049         *pos2 = '\0';
1050         wpa_printf(MSG_DEBUG, "TNC: Name: '%s'", pos);
1051         imc->name = os_strdup(pos);
1052
1053         pos = pos2 + 1;
1054         if (pos >= end || *pos != ' ') {
1055                 wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1056                            "(no space after name)", start);
1057                 os_free(imc->name);
1058                 os_free(imc);
1059                 return NULL;
1060         }
1061
1062         pos++;
1063         wpa_printf(MSG_DEBUG, "TNC: IMC file: '%s'", pos);
1064         imc->path = os_strdup(pos);
1065         tnc_imc[imc->imcID] = imc;
1066
1067         return imc;
1068 }
1069
1070
1071 static int tncc_read_config(struct tncc_data *tncc)
1072 {
1073         char *config, *end, *pos, *line_end;
1074         size_t config_len;
1075         struct tnc_if_imc *imc, *last;
1076
1077         last = NULL;
1078
1079         config = os_readfile(TNC_CONFIG_FILE, &config_len);
1080         if (config == NULL) {
1081                 wpa_printf(MSG_ERROR, "TNC: Could not open TNC configuration "
1082                            "file '%s'", TNC_CONFIG_FILE);
1083                 return -1;
1084         }
1085
1086         end = config + config_len;
1087         for (pos = config; pos < end; pos = line_end + 1) {
1088                 line_end = pos;
1089                 while (*line_end != '\n' && *line_end != '\r' &&
1090                        line_end < end)
1091                         line_end++;
1092                 *line_end = '\0';
1093
1094                 if (os_strncmp(pos, "IMC ", 4) == 0) {
1095                         int error = 0;
1096
1097                         imc = tncc_parse_imc(pos + 4, line_end, &error);
1098                         if (error) {
1099                                 os_free(config);
1100                                 return -1;
1101                         }
1102                         if (imc) {
1103                                 if (last == NULL)
1104                                         tncc->imc = imc;
1105                                 else
1106                                         last->next = imc;
1107                                 last = imc;
1108                         }
1109                 }
1110         }
1111
1112         os_free(config);
1113
1114         return 0;
1115 }
1116
1117 #endif /* CONFIG_NATIVE_WINDOWS */
1118
1119
1120 struct tncc_data * tncc_init(void)
1121 {
1122         struct tncc_data *tncc;
1123         struct tnc_if_imc *imc;
1124
1125         tncc = os_zalloc(sizeof(*tncc));
1126         if (tncc == NULL)
1127                 return NULL;
1128
1129         /* TODO:
1130          * move loading and Initialize() to a location that is not
1131          *    re-initialized for every EAP-TNC session (?)
1132          */
1133
1134         if (tncc_read_config(tncc) < 0) {
1135                 wpa_printf(MSG_ERROR, "TNC: Failed to read TNC configuration");
1136                 goto failed;
1137         }
1138
1139         for (imc = tncc->imc; imc; imc = imc->next) {
1140                 if (tncc_load_imc(imc)) {
1141                         wpa_printf(MSG_ERROR, "TNC: Failed to load IMC '%s'",
1142                                    imc->name);
1143                         goto failed;
1144                 }
1145         }
1146
1147         return tncc;
1148
1149 failed:
1150         tncc_deinit(tncc);
1151         return NULL;
1152 }
1153
1154
1155 void tncc_deinit(struct tncc_data *tncc)
1156 {
1157         struct tnc_if_imc *imc, *prev;
1158
1159         imc = tncc->imc;
1160         while (imc) {
1161                 tncc_unload_imc(imc);
1162
1163                 prev = imc;
1164                 imc = imc->next;
1165                 os_free(prev);
1166         }
1167
1168         os_free(tncc);
1169 }
1170
1171
1172 static struct wpabuf * tncc_build_soh(int ver)
1173 {
1174         struct wpabuf *buf;
1175         u8 *tlv_len, *tlv_len2, *outer_len, *inner_len, *ssoh_len, *end;
1176         u8 correlation_id[24];
1177         /* TODO: get correct name */
1178         char *machinename = "wpa_supplicant@w1.fi";
1179
1180         if (os_get_random(correlation_id, sizeof(correlation_id)))
1181                 return NULL;
1182         wpa_hexdump(MSG_DEBUG, "TNC: SoH Correlation ID",
1183                     correlation_id, sizeof(correlation_id));
1184
1185         buf = wpabuf_alloc(200);
1186         if (buf == NULL)
1187                 return NULL;
1188
1189         /* Vendor-Specific TLV (Microsoft) - SoH */
1190         wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* TLV Type */
1191         tlv_len = wpabuf_put(buf, 2); /* Length */
1192         wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* Vendor_Id */
1193         wpabuf_put_be16(buf, 0x01); /* TLV Type - SoH TLV */
1194         tlv_len2 = wpabuf_put(buf, 2); /* Length */
1195
1196         /* SoH Header */
1197         wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* Outer Type */
1198         outer_len = wpabuf_put(buf, 2);
1199         wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1200         wpabuf_put_be16(buf, ver); /* Inner Type */
1201         inner_len = wpabuf_put(buf, 2);
1202
1203         if (ver == 2) {
1204                 /* SoH Mode Sub-Header */
1205                 /* Outer Type */
1206                 wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
1207                 wpabuf_put_be16(buf, 4 + 24 + 1 + 1); /* Length */
1208                 wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1209                 /* Value: */
1210                 wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
1211                 wpabuf_put_u8(buf, 0x01); /* Intent Flag - Request */
1212                 wpabuf_put_u8(buf, 0x00); /* Content-Type Flag */
1213         }
1214
1215         /* SSoH TLV */
1216         /* System-Health-Id */
1217         wpabuf_put_be16(buf, 0x0002); /* Type */
1218         wpabuf_put_be16(buf, 4); /* Length */
1219         wpabuf_put_be32(buf, 79616);
1220         /* Vendor-Specific Attribute */
1221         wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
1222         ssoh_len = wpabuf_put(buf, 2);
1223         wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1224
1225         /* MS-Packet-Info */
1226         wpabuf_put_u8(buf, SSOH_MS_PACKET_INFO);
1227         /* Note: IF-TNCCS-SOH v1.0 r8 claims this field to be:
1228          * Reserved(4 bits) r(1 bit) Vers(3 bits), but Windows XP
1229          * SP3 seems to be sending 0x11 for SSoH, i.e., r(request/response) bit
1230          * would not be in the specified location.
1231          * [MS-SOH] 4.0.2: Reserved(3 bits) r(1 bit) Vers(4 bits)
1232          */
1233         wpabuf_put_u8(buf, 0x11); /* r=request, vers=1 */
1234
1235         /* MS-Machine-Inventory */
1236         /* TODO: get correct values; 0 = not applicable for OS */
1237         wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY);
1238         wpabuf_put_be32(buf, 0); /* osVersionMajor */
1239         wpabuf_put_be32(buf, 0); /* osVersionMinor */
1240         wpabuf_put_be32(buf, 0); /* osVersionBuild */
1241         wpabuf_put_be16(buf, 0); /* spVersionMajor */
1242         wpabuf_put_be16(buf, 0); /* spVersionMinor */
1243         wpabuf_put_be16(buf, 0); /* procArch */
1244
1245         /* MS-MachineName */
1246         wpabuf_put_u8(buf, SSOH_MS_MACHINENAME);
1247         wpabuf_put_be16(buf, os_strlen(machinename) + 1);
1248         wpabuf_put_data(buf, machinename, os_strlen(machinename) + 1);
1249
1250         /* MS-CorrelationId */
1251         wpabuf_put_u8(buf, SSOH_MS_CORRELATIONID);
1252         wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
1253
1254         /* MS-Quarantine-State */
1255         wpabuf_put_u8(buf, SSOH_MS_QUARANTINE_STATE);
1256         wpabuf_put_be16(buf, 1); /* Flags: ExtState=0, f=0, qState=1 */
1257         wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (hi) */
1258         wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (lo) */
1259         wpabuf_put_be16(buf, 1); /* urlLenInBytes */
1260         wpabuf_put_u8(buf, 0); /* null termination for the url */
1261
1262         /* MS-Machine-Inventory-Ex */
1263         wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY_EX);
1264         wpabuf_put_be32(buf, 0); /* Reserved
1265                                   * (note: Windows XP SP3 uses 0xdecafbad) */
1266         wpabuf_put_u8(buf, 1); /* ProductType: Client */
1267
1268         /* Update SSoH Length */
1269         end = wpabuf_put(buf, 0);
1270         WPA_PUT_BE16(ssoh_len, end - ssoh_len - 2);
1271
1272         /* TODO: SoHReportEntry TLV (zero or more) */
1273
1274         /* Update length fields */
1275         end = wpabuf_put(buf, 0);
1276         WPA_PUT_BE16(tlv_len, end - tlv_len - 2);
1277         WPA_PUT_BE16(tlv_len2, end - tlv_len2 - 2);
1278         WPA_PUT_BE16(outer_len, end - outer_len - 2);
1279         WPA_PUT_BE16(inner_len, end - inner_len - 2);
1280
1281         return buf;
1282 }
1283
1284
1285 struct wpabuf * tncc_process_soh_request(int ver, const u8 *data, size_t len)
1286 {
1287         const u8 *pos;
1288
1289         wpa_hexdump(MSG_DEBUG, "TNC: SoH Request", data, len);
1290
1291         if (len < 12)
1292                 return NULL;
1293
1294         /* SoH Request */
1295         pos = data;
1296
1297         /* TLV Type */
1298         if (WPA_GET_BE16(pos) != EAP_TLV_VENDOR_SPECIFIC_TLV)
1299                 return NULL;
1300         pos += 2;
1301
1302         /* Length */
1303         if (WPA_GET_BE16(pos) < 8)
1304                 return NULL;
1305         pos += 2;
1306
1307         /* Vendor_Id */
1308         if (WPA_GET_BE32(pos) != EAP_VENDOR_MICROSOFT)
1309                 return NULL;
1310         pos += 4;
1311
1312         /* TLV Type */
1313         if (WPA_GET_BE16(pos) != 0x02 /* SoH request TLV */)
1314                 return NULL;
1315
1316         wpa_printf(MSG_DEBUG, "TNC: SoH Request TLV received");
1317
1318         return tncc_build_soh(2);
1319 }