Imported Upstream version 4.5.1

14 files changed, 2077 insertions, 0 deletions

diff --git a/src/libcharon/tnc/imc/imc.h b/src/libcharon/tnc/imc/imc.h
new file mode 100644
index 000000000..fe8f25b0f
--- /dev/null
+++ b/src/libcharon/tnc/imc/imc.h
@@ -0,0 +1,175 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imc imc
+ * @ingroup tnc
+ *
+ * @defgroup imct imc
+ * @{ @ingroup imc
+ */
+
+#ifndef IMC_H_
+#define IMC_H_
+
+#include <tnc/tncifimc.h>
+#include <library.h>
+
+typedef struct imc_t imc_t;
+
+/**
+ * Controls a single Integrity Measurement Collector (IMC)
+ */
+struct imc_t {
+
+	/**
+	 * The TNC Client calls this function to initialize the IMC and agree on
+	 * the API version number to be used. It also supplies the IMC ID, an IMC
+	 * identifier that the IMC must use when calling TNC Client callback functions.
+	 *
+	 * @param imcID				IMC ID assigned by TNCC
+	 * @param minVersion		minimum API version supported by TNCC
+	 * @param maxVersion		maximum API version supported by TNCC
+	 * @param OutActualVersion	mutually supported API version number
+	 * @return					TNC result code
+	 */
+	TNC_Result (*initialize)(TNC_IMCID imcID,
+							 TNC_Version minVersion,
+							 TNC_Version maxVersion,
+							 TNC_Version *OutActualVersion);
+
+	/**
+	 * The TNC Client calls this function to inform the IMC that the state of
+	 * the network connection identified by connectionID has changed to newState.
+	 *
+	 * @param imcID				IMC ID assigned by TNCC
+	 * @param connectionID		network connection ID assigned by TNCC
+	 * @param newState			new network connection state
+	 * @return					TNC result code
+	 */
+	TNC_Result (*notify_connection_change)(TNC_IMCID imcID,
+										   TNC_ConnectionID connectionID,
+										   TNC_ConnectionState newState);
+
+	/**
+	 * The TNC Client calls this function to indicate that an Integrity Check
+	 * Handshake is beginning and solicit messages from IMCs for the first batch.
+	 *
+	 * @param imcID				IMC ID assigned by TNCC
+	 * @param connectionID		network connection ID assigned by TNCC
+	 * @return					TNC result code
+	 */
+	TNC_Result (*begin_handshake)(TNC_IMCID imcID,
+								  TNC_ConnectionID connectionID);
+
+	/**
+	 * The TNC Client calls this function to deliver a message to the IMC.
+	 * The message is contained in the buffer referenced by message and contains
+	 * the number of octets indicated by messageLength. The type of the message
+	 * is indicated by messageType.
+	 *
+	 * @param imcID				IMC ID assigned by TNCS
+	 * @param connectionID		network connection ID assigned by TNCC
+	 * @param message			reference to buffer containing message
+	 * @param messageLength		number of octets in message
+	 * @param messageType		message type of message
+	 * @return					TNC result code
+	 */
+	TNC_Result (*receive_message)(TNC_IMCID imcID,
+								  TNC_ConnectionID connectionID,
+								  TNC_BufferReference message,
+								  TNC_UInt32 messageLength,
+								  TNC_MessageType messageType);
+
+	/**
+	 * The TNC Client calls this function to notify IMCs that all IMV messages
+	 * received in a batch have been delivered and this is the IMC’s last chance
+	 * to send a message in the batch of IMC messages currently being collected.
+	 *
+	 * @param imcID				IMC ID assigned by TNCC
+	 * @param connectionID		network connection ID assigned by TNCC
+	 * @return					TNC result code
+	 */
+	TNC_Result (*batch_ending)(TNC_IMCID imcID,
+							   TNC_ConnectionID connectionID);
+
+	/**
+	 * The TNC Client calls this function to close down the IMC when all work is
+	 * complete or the IMC reports TNC_RESULT_FATAL.
+	 *
+	 * @param imcID				IMC ID assigned by TNCC
+	 * @return					TNC result code
+	 */
+	TNC_Result (*terminate)(TNC_IMCID imcID);
+
+	/**
+	 * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+	 * define this additional function. The TNC Server MUST call the function
+	 * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+	 * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+	 * pointers to any other TNCS functions.
+	 *
+	 * @param imcID				IMC ID assigned by TNCC
+	 * @param bindFunction		pointer to TNC_TNCC_BindFunction
+	 * @return					TNC result code
+	 */
+	TNC_Result (*provide_bind_function)(TNC_IMCID imcID,
+										TNC_TNCC_BindFunctionPointer bindFunction);
+
+	/**
+	 * Sets the ID of an imc_t object.
+	 *
+	 * @param id				IMC ID to be assigned
+	 */
+	void (*set_id)(imc_t *this, TNC_IMCID id);
+
+	/**
+	 * Returns the ID of an imc_t object.
+	 *
+	 * @return					assigned IMC ID
+	 */
+	TNC_IMCID (*get_id)(imc_t *this);
+
+	/**
+	 * Returns the name of an imc_t object.
+	 *
+	 * @return					name of IMC
+	 */
+	char* (*get_name)(imc_t *this);
+
+	/**
+	 * Sets the supported message types of an imc_t object.
+	 *
+	 * @param supported_types	list of messages type supported by IMC
+	 * @param type_count		number of supported message types
+	 */
+	void (*set_message_types)(imc_t *this, TNC_MessageTypeList supported_types,
+										   TNC_UInt32 type_count);
+
+	/**
+	 * Check if the IMC supports a given message type.
+	 *
+	 * @param message_type		message type
+	 * @return					TRUE if supported
+	 */
+	bool (*type_supported)(imc_t *this, TNC_MessageType message_type);
+
+	/**
+	 * Destroys an imc_t object.
+	 */
+	void (*destroy)(imc_t *this);
+};
+
+#endif /** IMC_H_ @}*/
diff --git a/src/libcharon/tnc/imc/imc_manager.h b/src/libcharon/tnc/imc/imc_manager.h
new file mode 100644
index 000000000..634afdbe8
--- /dev/null
+++ b/src/libcharon/tnc/imc/imc_manager.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imc_manager imc_manager
+ * @{ @ingroup imc
+ */
+
+#ifndef IMC_MANAGER_H_
+#define IMC_MANAGER_H_
+
+#include "imc.h"
+
+#include <library.h>
+
+typedef struct imc_manager_t imc_manager_t;
+
+/**
+ * The IMC manager controls all IMC instances.
+ */
+struct imc_manager_t {
+
+	/**
+	 * Add an IMC instance
+	 *
+	 * @param imc				IMC instance
+	 * @return					TRUE if initialization successful
+	 */
+	 bool (*add)(imc_manager_t *this, imc_t *imc);
+
+	/**
+	 * Remove an IMC instance from the list and return it
+	 *
+	 * @param id				ID of IMC instance
+	 * @return					removed IMC instance
+	 */
+	imc_t* (*remove)(imc_manager_t *this, TNC_IMCID id);
+
+	/**
+	 * Return the preferred language for recommendations
+	 *
+	 * @return					preferred language string
+	 */
+	char* (*get_preferred_language)(imc_manager_t *this);
+
+	/**
+	 * Notify all IMC instances
+	 *
+	 * @param state			communicate the state a connection has reached
+	 */
+	void (*notify_connection_change)(imc_manager_t *this,
+									 TNC_ConnectionID id,
+									 TNC_ConnectionState state);
+
+	/**
+	 * Begin a handshake between the IMCs and a connection
+	 *
+	 * @param id				connection ID
+	 */
+	void (*begin_handshake)(imc_manager_t *this, TNC_ConnectionID id);
+
+	/**
+	 * Sets the supported message types reported by a given IMC
+	 *
+	 * @param id				ID of reporting IMC
+	 * @param supported_types	list of messages type supported by IMC
+	 * @param type_count		number of supported message types
+	 * @return					TNC result code
+	 */
+	TNC_Result (*set_message_types)(imc_manager_t *this,
+									TNC_IMCID id,
+									TNC_MessageTypeList supported_types,
+									TNC_UInt32 type_count);
+
+	/**
+	 * Delivers a message to interested IMCs.
+	 *
+	 * @param connection_id		ID of connection over which message was received
+	 * @param message			message
+	 * @param message_len		message length
+	 * @param message_type		message type
+	 */
+	void (*receive_message)(imc_manager_t *this,
+							TNC_ConnectionID connection_id,
+							TNC_BufferReference message,
+							TNC_UInt32 message_len,
+							TNC_MessageType message_type);
+
+	/**
+	 * Notify all IMCs that all IMV messages received in a batch have been
+	 * delivered and this is the IMCs last chance to send a message in the
+	 * batch of IMC messages currently being collected.
+	 *
+	 * @param id				connection ID
+	 */
+	void (*batch_ending)(imc_manager_t *this, TNC_ConnectionID id);
+
+	/**
+	 * Destroy an IMC manager and all its controlled instances.
+	 */
+	void (*destroy)(imc_manager_t *this);
+};
+
+#endif /** IMC_MANAGER_H_ @}*/
diff --git a/src/libcharon/tnc/imv/imv.h b/src/libcharon/tnc/imv/imv.h
new file mode 100644
index 000000000..26874ab0b
--- /dev/null
+++ b/src/libcharon/tnc/imv/imv.h
@@ -0,0 +1,175 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv imv
+ * @ingroup tnc
+ *
+ * @defgroup imvt imv
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_H_
+#define IMV_H_
+
+#include <tnc/tncifimv.h>
+#include <library.h>
+
+typedef struct imv_t imv_t;
+
+/**
+ * Controls a single Integrity Measurement Verifier (IMV)
+ */
+struct imv_t {
+
+	/**
+	 * The TNC Server calls this function to initialize the IMV and agree on
+	 * the API version number to be used. It also supplies the IMV ID, an IMV
+	 * identifier that the IMV must use when calling TNC Server callback functions.
+	 *
+	 * @param imvID				IMV ID assigned by TNCS
+	 * @param minVersion		minimum API version supported
+	 * @param maxVersion		maximum API version supported by TNCS
+	 * @param OutActualVersion	mutually supported API version number
+	 * @return					TNC result code
+	 */
+	TNC_Result (*initialize)(TNC_IMVID imvID,
+							 TNC_Version minVersion,
+							 TNC_Version maxVersion,
+							 TNC_Version *OutActualVersion);
+
+	/**
+	 * The TNC Server calls this function to inform the IMV that the state of
+	 * the network connection identified by connectionID has changed to newState.
+	 *
+	 * @param imvID				IMV ID assigned by TNCS
+	 * @param connectionID		network connection ID assigned by TNCS
+	 * @param newState			new network connection state
+	 * @return					TNC result code
+	 */
+	TNC_Result (*notify_connection_change)(TNC_IMVID imvID,
+										   TNC_ConnectionID connectionID,
+										   TNC_ConnectionState newState);
+
+	/**
+	 * The TNC Server calls this function at the end of an Integrity Check
+	 * Handshake (after all IMC-IMV messages have been delivered) to solicit
+	 * recommendations from IMVs that have not yet provided a recommendation.
+	 *
+	 * @param imvID				IMV ID assigned by TNCS
+	 * @param connectionID		network connection ID assigned by TNCS
+	 * @return					TNC result code
+	 */
+	TNC_Result (*solicit_recommendation)(TNC_IMVID imvID,
+										 TNC_ConnectionID connectionID);
+
+	/**
+	 * The TNC Server calls this function to deliver a message to the IMV.
+	 * The message is contained in the buffer referenced by message and contains
+	 * the number of octets indicated by messageLength. The type of the message
+	 * is indicated by messageType.
+	 *
+	 * @param imvID				IMV ID assigned by TNCS
+	 * @param connectionID		network connection ID assigned by TNCS
+	 * @param message			reference to buffer containing message
+	 * @param messageLength		number of octets in message
+	 * @param messageType		message type of message
+	 * @return					TNC result code
+	 */
+	TNC_Result (*receive_message)(TNC_IMVID imvID,
+								  TNC_ConnectionID connectionID,
+								  TNC_BufferReference message,
+								  TNC_UInt32 messageLength,
+								  TNC_MessageType messageType);
+
+	/**
+	 * The TNC Server calls this function to notify IMVs that all IMC messages
+	 * received in a batch have been delivered and this is the IMV’s last chance
+	 * to send a message in the batch of IMV messages currently being collected.
+	 *
+	 * @param imvID				IMV ID assigned by TNCS
+	 * @param connectionID		network connection ID assigned by TNCS
+	 * @return					TNC result code
+	 */
+	TNC_Result (*batch_ending)(TNC_IMVID imvID,
+							   TNC_ConnectionID connectionID);
+
+	/**
+	 * The TNC Server calls this function to close down the IMV.
+	 *
+	 * @param imvID				IMV ID assigned by TNCS
+	 * @return					TNC result code
+	 */
+	TNC_Result (*terminate)(TNC_IMVID imvID);
+
+	/**
+	 * IMVs implementing the UNIX/Linux Dynamic Linkage platform binding MUST
+	 * define this additional function. The TNC Server MUST call the function
+	 * immediately after calling TNC_IMV_Initialize to provide a pointer to the
+	 * TNCS bind function. The IMV can then use the TNCS bind function to obtain
+	 * pointers to any other TNCS functions.
+	 *
+	 * @param imvID				IMV ID assigned by TNCS
+	 * @param bindFunction		pointer to TNC_TNCS_BindFunction
+	 * @return					TNC result code
+	 */
+	TNC_Result (*provide_bind_function)(TNC_IMVID imvID,
+										TNC_TNCS_BindFunctionPointer bindFunction);
+
+	/**
+	 * Sets the ID of an imv_t object.
+	 *
+	 * @param id				IMV ID to be assigned
+	 */
+	void (*set_id)(imv_t *this, TNC_IMVID id);
+
+	/**
+	 * Returns the ID of an imv_t object.
+	 *
+	 * @return					IMV ID assigned by TNCS
+	 */
+	TNC_IMVID (*get_id)(imv_t *this);
+
+	/**
+	 * Returns the name of an imv_t object.
+	 *
+	 * @return					name of IMV
+	 */
+	char* (*get_name)(imv_t *this);
+
+	/**
+	 * Sets the supported message types of an imv_t object.
+	 *
+	 * @param supported_types	list of messages type supported by IMV
+	 * @param type_count		number of supported message types
+	 */
+	void (*set_message_types)(imv_t *this, TNC_MessageTypeList supported_types,
+										   TNC_UInt32 type_count);
+
+	/**
+	 * Check if the IMV supports a given message type.
+	 *
+	 * @param message_type		message type
+	 * @return					TRUE if supported
+	 */
+	bool (*type_supported)(imv_t *this, TNC_MessageType message_type);
+
+	/**
+	 * Destroys an imv_t object.
+	 */
+	void (*destroy)(imv_t *this);
+};
+
+#endif /** IMV_H_ @}*/
diff --git a/src/libcharon/tnc/imv/imv_manager.h b/src/libcharon/tnc/imv/imv_manager.h
new file mode 100644
index 000000000..b5c581a75
--- /dev/null
+++ b/src/libcharon/tnc/imv/imv_manager.h
@@ -0,0 +1,134 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_manager imv_manager
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_MANAGER_H_
+#define IMV_MANAGER_H_
+
+#include "imv.h"
+#include "imv_recommendations.h"
+
+#include <library.h>
+
+typedef struct imv_manager_t imv_manager_t;
+
+/**
+ * The IMV manager controls all IMV instances.
+ */
+struct imv_manager_t {
+
+	/**
+	 * Add an IMV instance
+	 *
+	 * @param imv				IMV instance
+	 * @return					TRUE if initialization successful
+	 */
+	bool (*add)(imv_manager_t *this, imv_t *imv);
+
+	/**
+	 * Remove an IMV instance from the list and return it
+	 *
+	 * @param id				ID of IMV instance
+	 * @return					removed IMC instance
+	 */
+	imv_t* (*remove)(imv_manager_t *this, TNC_IMVID id);
+
+	/**
+	 * Get the configured recommendation policy
+	 *
+	 * @return					configured recommendation policy
+	 */
+	recommendation_policy_t (*get_recommendation_policy)(imv_manager_t *this);
+
+	/**
+	 * Create an empty set of IMV recommendations and evaluations
+	 *
+	 * @return					instance of a recommendations_t list
+	 */
+	recommendations_t* (*create_recommendations)(imv_manager_t *this);
+
+	/**
+	 * Enforce the TNC recommendation on the IKE_SA by either inserting an
+	 * allow|isolate group membership rule (TRUE) or by blocking access (FALSE)
+	 *
+	 * @param void				TNC action recommendation
+	 * @return					TRUE for allow|isolate, FALSE for none
+	 */
+	bool (*enforce_recommendation)(imv_manager_t *this,
+								   TNC_IMV_Action_Recommendation rec);
+
+	/**
+	 * Notify all IMV instances
+	 *
+	 * @param state			communicate the state a connection has reached
+	 */
+	void (*notify_connection_change)(imv_manager_t *this,
+									 TNC_ConnectionID id,
+									 TNC_ConnectionState state);
+
+	/**
+	 * Sets the supported message types reported by a given IMV
+	 *
+	 * @param id				ID of reporting IMV
+	 * @param supported_types	list of messages type supported by IMV
+	 * @param type_count		number of supported message types
+	 * @return					TNC result code
+	 */
+	TNC_Result (*set_message_types)(imv_manager_t *this,
+									TNC_IMVID id,
+									TNC_MessageTypeList supported_types,
+									TNC_UInt32 type_count);
+
+	/**
+	 * Solicit recommendations from IMVs that have not yet provided one
+	 *
+	 * @param id				connection ID
+	 */
+	void (*solicit_recommendation)(imv_manager_t *this, TNC_ConnectionID id);
+
+	/**
+	 * Delivers a message to interested IMVs.
+	 *
+	 * @param connection_id		ID of connection over which message was received
+	 * @param message			message
+	 * @param message_len		message length
+	 * @param message_type		message type
+	 */
+	void (*receive_message)(imv_manager_t *this,
+							TNC_ConnectionID connection_id,
+							TNC_BufferReference message,
+							TNC_UInt32 message_len,
+							TNC_MessageType message_type);
+
+	/**
+	 * Notify all IMVs that all IMC messages received in a batch have been
+	 * delivered and this is the IMVs last chance to send a message in the
+	 * batch of IMV messages currently being collected.
+	 *
+	 * @param id				connection ID
+	 */
+	void (*batch_ending)(imv_manager_t *this, TNC_ConnectionID id);
+
+	/**
+	 * Destroy an IMV manager and all its controlled instances.
+	 */
+	void (*destroy)(imv_manager_t *this);
+};
+
+#endif /** IMV_MANAGER_H_ @}*/
diff --git a/src/libcharon/tnc/imv/imv_recommendations.c b/src/libcharon/tnc/imv/imv_recommendations.c
new file mode 100644
index 000000000..9daaca16c
--- /dev/null
+++ b/src/libcharon/tnc/imv/imv_recommendations.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "imv_recommendations.h"
+
+ENUM(recommendation_policy_names, RECOMMENDATION_POLICY_DEFAULT,
+								  RECOMMENDATION_POLICY_ALL,
+	"default",
+	"any",
+	"all"
+);
+
diff --git a/src/libcharon/tnc/imv/imv_recommendations.h b/src/libcharon/tnc/imv/imv_recommendations.h
new file mode 100644
index 000000000..3a6e25c9f
--- /dev/null
+++ b/src/libcharon/tnc/imv/imv_recommendations.h
@@ -0,0 +1,117 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup imv_recommendations imv_recommendations
+ * @{ @ingroup imv
+ */
+
+#ifndef IMV_RECOMMENDATIONS_H_
+#define IMV_RECOMMENDATIONS_H_
+
+#include <tnc/tncifimv.h>
+#include <library.h>
+
+typedef enum recommendation_policy_t recommendation_policy_t;
+
+enum recommendation_policy_t {
+	RECOMMENDATION_POLICY_DEFAULT,
+	RECOMMENDATION_POLICY_ANY,
+	RECOMMENDATION_POLICY_ALL
+};
+
+extern enum_name_t *recommendation_policy_names;
+
+
+typedef struct recommendations_t recommendations_t;
+
+/**
+ * Collection of all IMV action recommendations and evaluation results
+ */
+struct recommendations_t {
+
+	/**
+	 * Deliver an IMV action recommendation and IMV evaluation result to the TNCS
+	 *
+	 * @param imv_id		ID of the IMV providing the recommendation
+	 * @param rec			action recommendation
+	 * @param eval			evaluation result
+	 * @return				return code
+	 */
+	TNC_Result (*provide_recommendation)(recommendations_t *this,
+										 TNC_IMVID imv_id,
+										 TNC_IMV_Action_Recommendation rec,
+										 TNC_IMV_Evaluation_Result eval);
+
+	/**
+	 * If all IMVs provided a recommendation, derive a consolidated action
+	 * recommendation and evaluation result based on a configured policy
+	 *
+	 * @param rec			action recommendation
+	 * @param eval			evaluation result
+	 * @return				TRUE if all IMVs provided a recommendation
+	 */
+	bool (*have_recommendation)(recommendations_t *this,
+								TNC_IMV_Action_Recommendation *rec,
+								TNC_IMV_Evaluation_Result *eval);
+
+	/**
+	 * Get the preferred language for remediation messages
+	 *
+	 * @return				preferred language
+	 */
+	chunk_t (*get_preferred_language)(recommendations_t *this);
+
+	/**
+	 * Set the preferred language for remediation messages
+	 *
+	 * @param pref_lang		preferred language
+	 */
+	void (*set_preferred_language)(recommendations_t *this, chunk_t pref_lang);
+
+	/**
+	 * Set the reason string
+	 *
+	 * @param id			ID of IMV setting the reason string
+	 * @param reason		reason string
+	 * @result				return code
+	 */
+	TNC_Result (*set_reason_string)(recommendations_t *this, TNC_IMVID id,
+									chunk_t reason);
+
+	/**
+	 * Set the language for reason strings
+	 *
+	 * @param id			ID of IMV setting the reason language
+	 * @param reason_lang	reason language
+	 * @result				return code
+	 */
+	TNC_Result (*set_reason_language)(recommendations_t *this, TNC_IMVID id,
+									  chunk_t reason_lang);
+
+	/**
+	 * Enumerates over all IMVs sending a reason string.
+	 * Format:  TNC_IMVID *id, chunk_t *reason, chunk_t *reason_language
+	 *
+	 * @return				enumerator
+	 */
+	enumerator_t* (*create_reason_enumerator)(recommendations_t *this);
+	/**
+	 * Destroys an imv_t object.
+	 */
+	void (*destroy)(recommendations_t *this);
+};
+
+#endif /** IMV_RECOMMENDATIONS_H_ @}*/
diff --git a/src/libcharon/tnc/tnccs/tnccs.c b/src/libcharon/tnc/tnccs/tnccs.c
new file mode 100644
index 000000000..575b850f5
--- /dev/null
+++ b/src/libcharon/tnc/tnccs/tnccs.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnccs.h"
+
+ENUM(tnccs_type_names, TNCCS_UNKNOWN, TNCCS_2_0,
+	"unknown TNCCS",
+	"TNCCS 1.1",
+	"TNCCS SOH",
+	"TNCCS 2.0",
+);
diff --git a/src/libcharon/tnc/tnccs/tnccs.h b/src/libcharon/tnc/tnccs/tnccs.h
new file mode 100644
index 000000000..c5d6f5ef0
--- /dev/null
+++ b/src/libcharon/tnc/tnccs/tnccs.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs tnccs
+ * @ingroup tnc
+ *
+ * @defgroup tnccst tnccs
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNCCS_H_
+#define TNCCS_H_
+
+#include <tnc/tncif.h>
+#include <tnc/tncifimc.h>
+#include <tnc/tncifimv.h>
+#include <library.h>
+
+#define IETF_VENDOR_ID			0x000000	/*        0 */
+#define MICROSOFT_VENDOR_ID 	0x000137	/*      311 */
+#define OSC_VENDOR_ID			0x002358	/*     9048 */
+#define FHH_VENDOR_ID			0x0080ab	/*    32939 */
+#define ITA_VENDOR_ID			0x00902a	/*    36906 */
+#define RESERVED_VENDOR_ID		0xffffff	/* 16777215 */
+
+typedef enum tnccs_type_t tnccs_type_t;
+
+/**
+ * Type of TNC Client/Server protocol
+ */
+enum tnccs_type_t {
+	TNCCS_UNKNOWN,
+	TNCCS_1_1,
+	TNCCS_SOH,
+	TNCCS_2_0,
+	TNCCS_DYNAMIC
+};
+
+/**
+ * enum names for tnccs_type_t.
+ */
+extern enum_name_t *tnccs_type_names;
+
+typedef struct tnccs_t tnccs_t;
+
+/**
+ * Constructor definition for a pluggable TNCCS protocol implementation.
+ *
+ * @param is_server		TRUE if TNC Server, FALSE if TNC Client
+ * @return				implementation of the tnccs_t interface
+ */
+typedef tnccs_t* (*tnccs_constructor_t)(bool is_server);
+
+/**
+ * Callback function adding a message to a TNCCS batch
+ *
+ * @param imc_id		ID of IMC or TNC_IMCID_ANY
+ * @param imc_id		ID of IMV or TNC_IMVID_ANY
+ * @param msg			message to be added
+ * @param msg_len		message length
+ * @param msg_type		message type
+ */
+typedef void (*tnccs_send_message_t)(tnccs_t* tncss, TNC_IMCID imc_id,
+													 TNC_IMVID imv_id,
+									 				 TNC_BufferReference msg,
+													 TNC_UInt32 msg_len,
+													 TNC_MessageType msg_type);
+
+#endif /** TNCCS_H_ @}*/
diff --git a/src/libcharon/tnc/tnccs/tnccs_manager.c b/src/libcharon/tnc/tnccs/tnccs_manager.c
new file mode 100644
index 000000000..7e522b870
--- /dev/null
+++ b/src/libcharon/tnc/tnccs/tnccs_manager.c
@@ -0,0 +1,477 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tnccs_manager.h"
+
+#include <tnc/imv/imv_recommendations.h>
+
+#include <debug.h>
+#include <daemon.h>
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_tnccs_manager_t private_tnccs_manager_t;
+typedef struct tnccs_entry_t tnccs_entry_t;
+typedef struct tnccs_connection_entry_t tnccs_connection_entry_t;
+
+/**
+ * TNCCS constructor entry
+ */
+struct tnccs_entry_t {
+
+	/**
+	 * TNCCS protocol type
+	 */
+	tnccs_type_t type;
+
+	/**
+	 * constructor function to create instance
+	 */
+	tnccs_constructor_t constructor;
+};
+
+/**
+ * TNCCS connection entry
+ */
+struct tnccs_connection_entry_t {
+
+	/**
+	 * TNCCS connection ID
+	 */
+	TNC_ConnectionID id;
+
+	/**
+	 * TNCCS instance
+	 */
+	tnccs_t *tnccs;
+
+	/**
+	 * TNCCS send message function
+	 */
+	tnccs_send_message_t send_message;
+
+	/**
+	 * TNCCS request handshake retry flag
+	 */
+	bool *request_handshake_retry;
+
+	/**
+	 * collection of IMV recommendations
+	 */
+	recommendations_t *recs;
+};
+
+/**
+ * private data of tnccs_manager
+ */
+struct private_tnccs_manager_t {
+
+	/**
+	 * public functions
+	 */
+	tnccs_manager_t public;
+
+	/**
+	 * list of TNCCS protocol entries
+	 */
+	linked_list_t *protocols;
+
+	/**
+	 * rwlock to lock the TNCCS protocol entries
+	 */
+	rwlock_t *protocol_lock;
+
+	/**
+	 * connection ID counter
+	 */
+	TNC_ConnectionID connection_id;
+
+	/**
+	 * list of TNCCS connection entries
+	 */
+	linked_list_t *connections;
+
+	/**
+	 * rwlock to lock TNCCS connection entries
+	 */
+	rwlock_t *connection_lock;
+
+};
+
+METHOD(tnccs_manager_t, add_method, void,
+	private_tnccs_manager_t *this, tnccs_type_t type,
+	tnccs_constructor_t constructor)
+{
+	tnccs_entry_t *entry;
+
+	entry = malloc_thing(tnccs_entry_t);
+	entry->type = type;
+	entry->constructor = constructor;
+
+	this->protocol_lock->write_lock(this->protocol_lock);
+	this->protocols->insert_last(this->protocols, entry);
+	this->protocol_lock->unlock(this->protocol_lock);
+}
+
+METHOD(tnccs_manager_t, remove_method, void,
+	private_tnccs_manager_t *this, tnccs_constructor_t constructor)
+{
+	enumerator_t *enumerator;
+	tnccs_entry_t *entry;
+
+	this->protocol_lock->write_lock(this->protocol_lock);
+	enumerator = this->protocols->create_enumerator(this->protocols);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (constructor == entry->constructor)
+		{
+			this->protocols->remove_at(this->protocols, enumerator);
+			free(entry);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->protocol_lock->unlock(this->protocol_lock);
+}
+
+METHOD(tnccs_manager_t, create_instance, tnccs_t*,
+	private_tnccs_manager_t *this, tnccs_type_t type, bool is_server)
+{
+	enumerator_t *enumerator;
+	tnccs_entry_t *entry;
+	tnccs_t *protocol = NULL;
+
+	this->protocol_lock->read_lock(this->protocol_lock);
+	enumerator = this->protocols->create_enumerator(this->protocols);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (type == entry->type)
+		{
+			protocol = entry->constructor(is_server);
+			if (protocol)
+			{
+				break;
+			}
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->protocol_lock->unlock(this->protocol_lock);
+
+	return protocol;
+}
+
+METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID,
+	private_tnccs_manager_t *this, tnccs_t *tnccs, 
+	tnccs_send_message_t send_message, bool* request_handshake_retry,
+	recommendations_t **recs)
+{
+	tnccs_connection_entry_t *entry;
+
+	entry = malloc_thing(tnccs_connection_entry_t);
+	entry->tnccs = tnccs;
+	entry->send_message = send_message;
+	entry->request_handshake_retry = request_handshake_retry;
+	if (recs)
+	{
+		/* we assume a TNC Server needing recommendations from IMVs */
+		if (!charon->imvs)
+		{
+ 			DBG1(DBG_TNC, "no IMV manager available!");
+			free(entry);
+			return 0;
+		}
+		entry->recs = charon->imvs->create_recommendations(charon->imvs);
+		*recs = entry->recs;
+	}
+	else
+	{
+		/* we assume a TNC Client */
+		if (!charon->imcs)
+		{
+			DBG1(DBG_TNC, "no IMC manager available!");
+			free(entry);
+			return 0;
+		}
+		entry->recs = NULL;
+	}
+	this->connection_lock->write_lock(this->connection_lock);
+	entry->id = ++this->connection_id;
+	this->connections->insert_last(this->connections, entry);
+	this->connection_lock->unlock(this->connection_lock);
+
+	DBG1(DBG_TNC, "assigned TNCCS Connection ID %u", entry->id);
+	return entry->id;
+}
+
+METHOD(tnccs_manager_t, remove_connection, void,
+	private_tnccs_manager_t *this, TNC_ConnectionID id)
+{
+	enumerator_t *enumerator;
+	tnccs_connection_entry_t *entry;
+
+	this->connection_lock->write_lock(this->connection_lock);
+	enumerator = this->connections->create_enumerator(this->connections);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (id == entry->id)
+		{
+			this->connections->remove_at(this->connections, enumerator);
+			if (entry->recs)
+			{
+				entry->recs->destroy(entry->recs);
+			}
+			free(entry);
+			DBG1(DBG_TNC, "removed TNCCS Connection ID %u", id);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->connection_lock->unlock(this->connection_lock);
+}
+
+METHOD(tnccs_manager_t,	request_handshake_retry, TNC_Result,
+	private_tnccs_manager_t *this, bool is_imc, TNC_UInt32 imcv_id,
+												TNC_ConnectionID id,
+												TNC_RetryReason reason)
+{
+	enumerator_t *enumerator;
+	tnccs_connection_entry_t *entry;
+
+	if (id == TNC_CONNECTIONID_ANY)
+	{
+		DBG2(DBG_TNC, "%s %u requests handshake retry for all connections "
+					  "(reason: %u)", is_imc ? "IMC":"IMV", reason);
+	}
+	else
+	{
+		DBG2(DBG_TNC, "%s %u requests handshake retry for connection ID %u "
+					  "(reason: %u)", is_imc ? "IMC":"IMV", id, reason);
+	}
+	this->connection_lock->read_lock(this->connection_lock);
+	enumerator = this->connections->create_enumerator(this->connections);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (id == TNC_CONNECTIONID_ANY || id == entry->id)
+		{
+			*entry->request_handshake_retry = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->connection_lock->unlock(this->connection_lock);
+
+	return TNC_RESULT_SUCCESS;
+}
+
+METHOD(tnccs_manager_t, send_message, TNC_Result,
+	private_tnccs_manager_t *this, TNC_IMCID imc_id, TNC_IMVID imv_id,
+								   TNC_ConnectionID id,
+								   TNC_BufferReference msg,
+								   TNC_UInt32 msg_len,
+								   TNC_MessageType msg_type)
+{
+	enumerator_t *enumerator;
+	tnccs_connection_entry_t *entry;
+	tnccs_send_message_t send_message = NULL;
+	tnccs_t *tnccs = NULL;
+
+	this->connection_lock->read_lock(this->connection_lock);
+	enumerator = this->connections->create_enumerator(this->connections);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (id == entry->id)
+		{
+			tnccs = entry->tnccs;
+			send_message = entry->send_message;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->connection_lock->unlock(this->connection_lock);
+
+	if (tnccs && send_message)
+	{
+		send_message(tnccs, imc_id, imv_id, msg, msg_len, msg_type);
+		return TNC_RESULT_SUCCESS;
+	 }
+	return TNC_RESULT_FATAL;
+}
+
+METHOD(tnccs_manager_t, provide_recommendation, TNC_Result,
+	private_tnccs_manager_t *this, TNC_IMVID imv_id,
+								   TNC_ConnectionID id,
+								   TNC_IMV_Action_Recommendation rec,
+								   TNC_IMV_Evaluation_Result eval)
+{
+	enumerator_t *enumerator;
+	tnccs_connection_entry_t *entry;
+	recommendations_t *recs = NULL;
+
+	this->connection_lock->read_lock(this->connection_lock);
+	enumerator = this->connections->create_enumerator(this->connections);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (id == entry->id)
+		{
+			recs = entry->recs;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->connection_lock->unlock(this->connection_lock);
+
+	if (recs)
+	{
+		recs->provide_recommendation(recs, imv_id, rec, eval);
+		return TNC_RESULT_SUCCESS;
+	 }
+	return TNC_RESULT_FATAL;
+}
+
+METHOD(tnccs_manager_t, get_attribute, TNC_Result,
+	private_tnccs_manager_t *this, TNC_IMVID imv_id,
+								   TNC_ConnectionID id,
+								   TNC_AttributeID attribute_id,
+								   TNC_UInt32 buffer_len,
+								   TNC_BufferReference buffer,
+								   TNC_UInt32 *out_value_len)
+{
+	enumerator_t *enumerator;
+	tnccs_connection_entry_t *entry;
+	recommendations_t *recs = NULL;
+
+	if (id == TNC_CONNECTIONID_ANY ||
+		attribute_id != TNC_ATTRIBUTEID_PREFERRED_LANGUAGE)
+	{
+		return TNC_RESULT_INVALID_PARAMETER;
+	}
+
+	this->connection_lock->read_lock(this->connection_lock);
+	enumerator = this->connections->create_enumerator(this->connections);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (id == entry->id)
+		{
+			recs = entry->recs;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->connection_lock->unlock(this->connection_lock);
+
+	if (recs)
+	{
+		chunk_t pref_lang;
+
+		pref_lang = recs->get_preferred_language(recs);
+		if (pref_lang.len == 0)
+		{
+			return TNC_RESULT_INVALID_PARAMETER;
+		}
+		*out_value_len = pref_lang.len;
+		if (buffer && buffer_len <= pref_lang.len)
+		{
+			memcpy(buffer, pref_lang.ptr, pref_lang.len);
+		}
+		return TNC_RESULT_SUCCESS;
+	 }
+	return TNC_RESULT_INVALID_PARAMETER;
+}
+
+METHOD(tnccs_manager_t, set_attribute, TNC_Result,
+	private_tnccs_manager_t *this, TNC_IMVID imv_id,
+								   TNC_ConnectionID id,
+								   TNC_AttributeID attribute_id,
+								   TNC_UInt32 buffer_len,
+								   TNC_BufferReference buffer)
+{
+	enumerator_t *enumerator;
+	tnccs_connection_entry_t *entry;
+	recommendations_t *recs = NULL;
+
+	if (id == TNC_CONNECTIONID_ANY ||
+		(attribute_id != TNC_ATTRIBUTEID_REASON_STRING &&
+		 attribute_id != TNC_ATTRIBUTEID_REASON_LANGUAGE))
+	{
+		return TNC_RESULT_INVALID_PARAMETER;
+	}
+
+	this->connection_lock->read_lock(this->connection_lock);
+	enumerator = this->connections->create_enumerator(this->connections);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (id == entry->id)
+		{
+			recs = entry->recs;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->connection_lock->unlock(this->connection_lock);
+
+	if (recs)
+	{
+		chunk_t attribute = { buffer, buffer_len };
+
+		if (attribute_id == TNC_ATTRIBUTEID_REASON_STRING)
+		{
+			return recs->set_reason_string(recs, imv_id, attribute);
+		}
+		else
+		{
+			return recs->set_reason_language(recs, imv_id, attribute);
+		}
+	}
+	return TNC_RESULT_INVALID_PARAMETER;
+}
+
+METHOD(tnccs_manager_t, destroy, void,
+	private_tnccs_manager_t *this)
+{
+	this->protocols->destroy_function(this->protocols, free);
+	this->protocol_lock->destroy(this->protocol_lock);
+	this->connections->destroy_function(this->connections, free);
+	this->connection_lock->destroy(this->connection_lock);
+	free(this);
+}
+
+/*
+ * See header
+ */
+tnccs_manager_t *tnccs_manager_create()
+{
+	private_tnccs_manager_t *this;
+
+	INIT(this,
+			.public = {
+				.add_method = _add_method,
+				.remove_method = _remove_method,
+				.create_instance = _create_instance,
+				.create_connection = _create_connection,
+				.remove_connection = _remove_connection,
+				.request_handshake_retry = _request_handshake_retry,
+				.send_message = _send_message,
+				.provide_recommendation = _provide_recommendation,
+				.get_attribute = _get_attribute,
+				.set_attribute = _set_attribute,
+				.destroy = _destroy,
+			},
+			.protocols = linked_list_create(),
+			.connections = linked_list_create(),
+			.protocol_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+			.connection_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/tnc/tnccs/tnccs_manager.h b/src/libcharon/tnc/tnccs/tnccs_manager.h
new file mode 100644
index 000000000..c02eac03c
--- /dev/null
+++ b/src/libcharon/tnc/tnccs/tnccs_manager.h
@@ -0,0 +1,184 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tnccs_manager tnccs_manager
+ * @{ @ingroup tnccs
+ */
+
+#ifndef TNCCS_MANAGER_H_
+#define TNCCS_MANAGER_H_
+
+#include "tnccs.h"
+
+#include <tnc/imv/imv_recommendations.h>
+
+typedef struct tnccs_manager_t tnccs_manager_t;
+
+/**
+ * The TNCCS manager manages all TNCCS implementations and creates instances.
+ *
+ * A plugin registers its implemented TNCCS protocol with the manager by
+ * providing type and a constructor function. The manager then creates
+ * TNCCS protocol instances via the provided constructor.
+ */
+struct tnccs_manager_t {
+
+	/**
+	 * Register a TNCCS protocol implementation.
+	 *
+	 * @param type			TNCCS protocol type
+	 * @param constructor	constructor, returns a TNCCS protocol implementation
+	 */
+	void (*add_method)(tnccs_manager_t *this, tnccs_type_t type,
+					   tnccs_constructor_t constructor);
+
+	/**
+	 * Unregister a TNCCS protocol implementation using it's constructor.
+	 *
+	 * @param constructor	constructor function to remove, as added in add_method
+	 */
+	void (*remove_method)(tnccs_manager_t *this, tnccs_constructor_t constructor);
+
+	/**
+	 * Create a new TNCCS protocol instance.
+	 *
+	 * @param type		  type of the TNCCS protocol
+	 * @param is_server	  TRUE if TNC Server, FALSE if TNC Client
+	 * @return			  TNCCS protocol instance, NULL if no constructor found
+	 */
+	tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type,
+								bool is_server);
+
+	/**
+	 * Create a TNCCS connection and assign a unique connection ID as well a
+	 * callback function for adding a message to a TNCCS batch and create
+	 * an empty set for collecting IMV recommendations
+	 *
+	 * @param tnccs						TNCCS connection instance
+	 * @param send_message				TNCCS callback function
+	 * @param request_handshake_retry	pointer to boolean variable
+	 * @param recs						pointer to IMV recommendation set
+	 * @return							assigned connection ID
+	 */
+	TNC_ConnectionID (*create_connection)(tnccs_manager_t *this, tnccs_t *tnccs,
+										  tnccs_send_message_t send_message,
+										  bool *request_handshake_retry,
+						 				  recommendations_t **recs);
+
+	/**
+	 * Remove a TNCCS connection using its connection ID.
+	 *
+	 * @param id				ID of the connection to be removed
+	 */
+	void (*remove_connection)(tnccs_manager_t *this, TNC_ConnectionID id);
+
+	/**
+	 * Request a handshake retry
+	 *
+	 * @param is_imc			TRUE if IMC, FALSE if IMV
+	 * @param imcv_id			ID of IMC or IMV requesting the retry
+	 * @param id				ID of a specific connection or any connection
+	 * @param reason			reason for the handshake retry
+	 * @return					return code
+	 */
+	TNC_Result (*request_handshake_retry)(tnccs_manager_t *this, bool is_imc,
+										  TNC_UInt32 imcv_id,
+										  TNC_ConnectionID id,
+										  TNC_RetryReason reason);
+
+	/**
+	 * Add an IMC/IMV message to the batch of a given connection ID.
+	 *
+	 * @param imc_id			ID of IMC or TNC_IMCID_ANY
+	 * @param imv_id			ID of IMV or TNC_IMVID_ANY
+	 * @param id				ID of target connection
+	 * @param msg				message to be added
+	 * @param msg_len			message length
+	 * @param msg_type			message type
+	 * @return					return code
+	 */
+	TNC_Result (*send_message)(tnccs_manager_t *this, TNC_IMCID imc_id,
+													  TNC_IMVID imv_id,
+													  TNC_ConnectionID id,
+													  TNC_BufferReference msg,
+													  TNC_UInt32 msg_len,
+													  TNC_MessageType msg_type);
+
+	/**
+	 * Deliver an IMV Action Recommendation and IMV Evaluation Result to the TNCS
+	 *
+	 * @param imv_id			ID of the IMV providing the recommendation
+	 * @param id				ID of target connection
+	 * @param rec				action recommendation
+	 * @param eval				evaluation result
+	 * @return					return code
+	 */
+	TNC_Result (*provide_recommendation)(tnccs_manager_t *this,
+										 TNC_IMVID imv_id,
+										 TNC_ConnectionID id,
+										 TNC_IMV_Action_Recommendation rec,
+										 TNC_IMV_Evaluation_Result eval);
+
+	/**
+	 * Get the value of an attribute associated with a connection or with the
+	 * TNCS as a whole.
+	 *
+	 * @param imv_id			ID of the IMV requesting the attribute
+	 * @param id				ID of target connection
+	 * @param attribute_id		ID of the requested attribute
+	 * @param buffer_len		length of the buffer in bytes
+	 * @param buffer			pointer to the buffer
+	 * @param out_value_len		actual length of the returned attribute
+	 * @return					return code
+	 */
+	TNC_Result (*get_attribute)(tnccs_manager_t *this,
+							   TNC_IMVID imv_id,
+							   TNC_ConnectionID id,
+							   TNC_AttributeID attribute_id,
+							   TNC_UInt32 buffer_len,
+							   TNC_BufferReference buffer,
+							   TNC_UInt32 *out_value_len);
+
+	/**
+	 * Set the value of an attribute associated with a connection or with the
+	 * TNCS as a whole.
+	 *
+	 * @param imv_id			ID of the IMV setting the attribute
+	 * @param id				ID of target connection
+	 * @param attribute_id		ID of the attribute to be set
+	 * @param buffer_len		length of the buffer in bytes
+	 * @param buffer			pointer to the buffer
+	 * @return					return code
+	 */
+	TNC_Result (*set_attribute)(tnccs_manager_t *this,
+								TNC_IMVID imv_id,
+								TNC_ConnectionID id,
+								TNC_AttributeID attribute_id,
+								TNC_UInt32 buffer_len,
+								TNC_BufferReference buffer);
+
+	/**
+	 * Destroy a tnccs_manager instance.
+	 */
+	void (*destroy)(tnccs_manager_t *this);
+};
+
+/**
+ * Create a tnccs_manager instance.
+ */
+tnccs_manager_t *tnccs_manager_create();
+
+#endif /** TNCCS_MANAGER_H_ @}*/
diff --git a/src/libcharon/tnc/tncif.h b/src/libcharon/tnc/tncif.h
new file mode 100644
index 000000000..99441a9a9
--- /dev/null
+++ b/src/libcharon/tnc/tncif.h
@@ -0,0 +1,106 @@
+/* tncif.h
+ *
+ * Trusted Network Connect IF-IMV API version 1.20
+ * Microsoft Windows DLL Platform Binding C Header
+ * February 5, 2007
+ *
+ * Copyright(c) 2005-2007, Trusted Computing Group, Inc. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ * - Neither the name of the Trusted Computing Group nor the names of
+ *   its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written
+ *   permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Contact the Trusted Computing Group at
+ * admin@trustedcomputinggroup.org for information on specification
+ * licensing through membership agreements.
+ *
+ * Any marks and brands contained herein are the property of their
+ * respective owners.
+ *
+ * Trusted Network Connect IF-IMC/IF-IMV API version 1.00 Revision 3
+ * Microsoft Windows DLL Platform Binding C Header
+ * Common definitions for IF-IMC and IF-IMV
+ * extracted from tncifimc.h and tncifimv.h
+ * Feb 12, 2007
+ */
+
+/**
+ * @defgroup tnc tnc
+ * @ingroup libcharon
+ *
+ * @defgroup tncif tncif
+ * @{ @ingroup tnc
+ */
+
+#ifndef TNCIF_H_
+#define TNCIF_H_
+
+/* Basic Types */
+typedef unsigned long TNC_UInt32;
+typedef unsigned char *TNC_BufferReference;
+
+/* Derived Types */
+typedef TNC_UInt32 TNC_ConnectionID;
+typedef TNC_UInt32 TNC_ConnectionState;
+typedef TNC_UInt32 TNC_RetryReason;
+typedef TNC_UInt32 TNC_MessageType;
+typedef TNC_MessageType *TNC_MessageTypeList;
+typedef TNC_UInt32 TNC_VendorID;
+typedef TNC_UInt32 TNC_MessageSubtype;
+typedef TNC_UInt32 TNC_Version;
+typedef TNC_UInt32 TNC_Result;
+
+/* Result Codes */
+#define TNC_RESULT_SUCCESS 0
+#define TNC_RESULT_NOT_INITIALIZED 1
+#define TNC_RESULT_ALREADY_INITIALIZED 2
+#define TNC_RESULT_NO_COMMON_VERSION 3
+#define TNC_RESULT_CANT_RETRY 4
+#define TNC_RESULT_WONT_RETRY 5
+#define TNC_RESULT_INVALID_PARAMETER 6
+#define TNC_RESULT_CANT_RESPOND 7
+#define TNC_RESULT_ILLEGAL_OPERATION 8
+#define TNC_RESULT_OTHER 9
+#define TNC_RESULT_FATAL 10
+
+/* Network Connection ID Values */
+#define TNC_CONNECTIONID_ANY 0xFFFFFFFF
+/* Network Connection State Values */
+#define TNC_CONNECTION_STATE_CREATE 0
+#define TNC_CONNECTION_STATE_HANDSHAKE 1
+#define TNC_CONNECTION_STATE_ACCESS_ALLOWED 2
+#define TNC_CONNECTION_STATE_ACCESS_ISOLATED 3
+#define TNC_CONNECTION_STATE_ACCESS_NONE 4
+#define TNC_CONNECTION_STATE_DELETE 5
+
+/* Vendor ID Values */
+#define TNC_VENDORID_TCG 0
+#define TNC_VENDORID_ANY ((TNC_VendorID) 0xffffff)
+/* Message Subtype Values */
+#define TNC_SUBTYPE_ANY ((TNC_MessageSubtype) 0xff)
+
+#endif /** TNCIF_H_ @}*/
diff --git a/src/libcharon/tnc/tncifimc.h b/src/libcharon/tnc/tncifimc.h
new file mode 100644
index 000000000..c6ddabd45
--- /dev/null
+++ b/src/libcharon/tnc/tncifimc.h
@@ -0,0 +1,180 @@
+/* tncifimc.h
+ *
+ * Trusted Network Connect IF-IMC API version 1.20 Revision 8
+ * Microsoft Windows DLL Platform Binding C Header
+ * February 5, 2007
+ *
+ * Copyright(c) 2005-2007, Trusted Computing Group, Inc. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ * - Neither the name of the Trusted Computing Group nor the names of
+ *   its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written
+ *   permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Contact the Trusted Computing Group at
+ * admin@trustedcomputinggroup.org for information on specification
+ * licensing through membership agreements.
+ *
+ * Any marks and brands contained herein are the property of their
+ * respective owners.
+ *
+ */
+
+/**
+ * @defgroup tncifimc tncifimc
+ * @{ @ingroup tnc
+ */
+
+#ifndef TNCIFIMC_H_
+#define TNCIFIMC_H_
+
+#include "tncif.h"
+
+/* Derived Types */
+
+typedef TNC_UInt32 TNC_IMCID;
+
+/* Function pointers */
+
+typedef TNC_Result (*TNC_IMC_InitializePointer)(
+    TNC_IMCID imcID,
+    TNC_Version minVersion,
+    TNC_Version maxVersion,
+    TNC_Version *pOutActualVersion);
+typedef TNC_Result (*TNC_IMC_NotifyConnectionChangePointer)(
+    TNC_IMCID imcID,
+    TNC_ConnectionID connectionID,
+    TNC_ConnectionState newState);
+typedef TNC_Result (*TNC_IMC_BeginHandshakePointer)(
+    TNC_IMCID imcID,
+    TNC_ConnectionID connectionID);
+typedef TNC_Result (*TNC_IMC_ReceiveMessagePointer)(
+    TNC_IMCID imcID,
+    TNC_ConnectionID connectionID,
+    TNC_BufferReference message,
+    TNC_UInt32 messageLength,
+    TNC_MessageType messageType);
+typedef TNC_Result (*TNC_IMC_BatchEndingPointer)(
+    TNC_IMCID imcID,
+    TNC_ConnectionID connectionID);
+typedef TNC_Result (*TNC_IMC_TerminatePointer)(
+    TNC_IMCID imcID);
+typedef TNC_Result (*TNC_TNCC_ReportMessageTypesPointer)(
+    TNC_IMCID imcID,
+    TNC_MessageTypeList supportedTypes,
+    TNC_UInt32 typeCount);
+typedef TNC_Result (*TNC_TNCC_SendMessagePointer)(
+    TNC_IMCID imcID,
+    TNC_ConnectionID connectionID,
+    TNC_BufferReference message,
+    TNC_UInt32 messageLength,
+    TNC_MessageType messageType);
+typedef TNC_Result (*TNC_TNCC_RequestHandshakeRetryPointer)(
+    TNC_IMCID imcID,
+    TNC_ConnectionID connectionID,
+    TNC_RetryReason reason);
+typedef TNC_Result (*TNC_TNCC_BindFunctionPointer)(
+    TNC_IMCID imcID,
+    char *functionName,
+    void **pOutfunctionPointer);
+typedef TNC_Result (*TNC_IMC_ProvideBindFunctionPointer)(
+    TNC_IMCID imcID,
+    TNC_TNCC_BindFunctionPointer bindFunction);
+
+#define TNC_IFIMC_VERSION_1 1
+
+/* Handshake Retry Reason Values */
+
+#define TNC_RETRY_REASON_IMC_REMEDIATION_COMPLETE 0
+#define TNC_RETRY_REASON_IMC_SERIOUS_EVENT 1
+#define TNC_RETRY_REASON_IMC_INFORMATIONAL_EVENT 2
+#define TNC_RETRY_REASON_IMC_PERIODIC 3
+/* reserved for TNC_RETRY_REASON_IMV_IMPORTANT_POLICY_CHANGE: 4 */
+/* reserved for TNC_RETRY_REASON_IMV_MINOR_POLICY_CHANGE: 5 */
+/* reserved for TNC_RETRY_REASON_IMV_SERIOUS_EVENT: 6 */
+/* reserved for TNC_RETRY_REASON_IMV_MINOR_EVENT: 7 */
+/* reserved for TNC_RETRY_REASON_IMV_PERIODIC: 8 */
+
+/* IMC Functions */
+
+TNC_Result TNC_IMC_Initialize(
+/*in*/  TNC_IMCID imcID,
+/*in*/  TNC_Version minVersion,
+/*in*/  TNC_Version maxVersion,
+/*out*/ TNC_Version *pOutActualVersion);
+
+TNC_Result TNC_IMC_NotifyConnectionChange(
+/*in*/  TNC_IMCID imcID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_ConnectionState newState);
+
+TNC_Result TNC_IMC_BeginHandshake(
+/*in*/  TNC_IMCID imcID,
+/*in*/  TNC_ConnectionID connectionID);
+
+TNC_Result TNC_IMC_ReceiveMessage(
+/*in*/  TNC_IMCID imcID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_BufferReference messageBuffer,
+/*in*/  TNC_UInt32 messageLength,
+/*in*/  TNC_MessageType messageType);
+
+TNC_Result TNC_IMC_BatchEnding(
+/*in*/  TNC_IMCID imcID,
+/*in*/  TNC_ConnectionID connectionID);
+
+TNC_Result TNC_IMC_Terminate(
+/*in*/  TNC_IMCID imcID);
+
+TNC_Result TNC_IMC_ProvideBindFunction(
+/*in*/  TNC_IMCID imcID,
+/*in*/  TNC_TNCC_BindFunctionPointer bindFunction);
+
+/* TNC Client Functions */
+
+TNC_Result TNC_TNCC_ReportMessageTypes(
+/*in*/  TNC_IMCID imcID,
+/*in*/  TNC_MessageTypeList supportedTypes,
+/*in*/  TNC_UInt32 typeCount);
+
+TNC_Result TNC_TNCC_SendMessage(
+/*in*/  TNC_IMCID imcID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_BufferReference message,
+/*in*/  TNC_UInt32 messageLength,
+/*in*/  TNC_MessageType messageType);
+
+TNC_Result TNC_TNCC_RequestHandshakeRetry(
+/*in*/  TNC_IMCID imcID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_RetryReason reason);
+
+TNC_Result TNC_TNCC_BindFunction(
+/*in*/  TNC_IMCID imcID,
+/*in*/  char *functionName,
+/*out*/ void **pOutfunctionPointer);
+
+#endif /** TNCIFIMC_H_ @}*/
diff --git a/src/libcharon/tnc/tncifimv.c b/src/libcharon/tnc/tncifimv.c
new file mode 100644
index 000000000..fbfd56566
--- /dev/null
+++ b/src/libcharon/tnc/tncifimv.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "tncifimv.h"
+
+ENUM(TNC_IMV_Action_Recommendation_names,
+	TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
+	TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
+	"allow",
+	"no access",
+	"isolate",
+	"no recommendation"
+);
+
+ENUM(TNC_IMV_Evaluation_Result_names,
+	TNC_IMV_EVALUATION_RESULT_COMPLIANT,
+	TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
+	"compliant",
+	"non-compliant minor",
+	"non-compliant major",
+	"error",
+	"don't know"
+);
+
diff --git a/src/libcharon/tnc/tncifimv.h b/src/libcharon/tnc/tncifimv.h
new file mode 100644
index 000000000..4ec101337
--- /dev/null
+++ b/src/libcharon/tnc/tncifimv.h
@@ -0,0 +1,248 @@
+/* tncifimv.h
+ *
+ * Trusted Network Connect IF-IMV API version 1.20
+ * Microsoft Windows DLL Platform Binding C Header
+ * February 5, 2007
+ *
+ * Copyright(c) 2005-2007, Trusted Computing Group, Inc. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ * - Neither the name of the Trusted Computing Group nor the names of
+ *   its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written
+ *   permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Contact the Trusted Computing Group at
+ * admin@trustedcomputinggroup.org for information on specification
+ * licensing through membership agreements.
+ *
+ * Any marks and brands contained herein are the property of their
+ * respective owners.
+ */
+
+/**
+ * @defgroup tncifimv tncifimv
+ * @{ @ingroup tnc
+ */
+
+#ifndef TNCIFIMV_H_
+#define TNCIFIMV_H_
+
+#include "tncif.h"
+
+#include <library.h>
+
+typedef TNC_UInt32 TNC_IMVID;
+typedef TNC_UInt32 TNC_IMV_Action_Recommendation;
+typedef TNC_UInt32 TNC_IMV_Evaluation_Result;
+typedef TNC_UInt32 TNC_AttributeID;
+
+/* Function pointers */
+
+typedef TNC_Result (*TNC_IMV_InitializePointer)(
+	TNC_IMVID imvID,
+	TNC_Version minVersion,
+	TNC_Version maxVersion,
+	TNC_Version *pOutActualVersion);
+typedef TNC_Result (*TNC_IMV_NotifyConnectionChangePointer)(
+	TNC_IMVID imvID,
+	TNC_ConnectionID connectionID,
+	TNC_ConnectionState newState);
+typedef TNC_Result (*TNC_IMV_ReceiveMessagePointer)(
+	TNC_IMVID imvID,
+	TNC_ConnectionID connectionID,
+	TNC_BufferReference message,
+	TNC_UInt32 messageLength,
+	TNC_MessageType messageType);
+typedef TNC_Result (*TNC_IMV_SolicitRecommendationPointer)(
+	TNC_IMVID imvID,
+	TNC_ConnectionID connectionID);
+typedef TNC_Result (*TNC_IMV_BatchEndingPointer)(
+	TNC_IMVID imvID,
+	TNC_ConnectionID connectionID);
+typedef TNC_Result (*TNC_IMV_TerminatePointer)(
+	TNC_IMVID imvID);
+typedef TNC_Result (*TNC_TNCS_ReportMessageTypesPointer)(
+	TNC_IMVID imvID,
+	TNC_MessageTypeList supportedTypes,
+	TNC_UInt32 typeCount);
+typedef TNC_Result (*TNC_TNCS_SendMessagePointer)(
+	TNC_IMVID imvID,
+	TNC_ConnectionID connectionID,
+	TNC_BufferReference message,
+	TNC_UInt32 messageLength,
+	TNC_MessageType messageType);
+typedef TNC_Result (*TNC_TNCS_RequestHandshakeRetryPointer)(
+	TNC_IMVID imvID,
+	TNC_ConnectionID connectionID,
+	TNC_RetryReason reason);
+typedef TNC_Result (*TNC_TNCS_ProvideRecommendationPointer)(
+	TNC_IMVID imvID,
+	TNC_ConnectionID connectionID,
+	TNC_IMV_Action_Recommendation recommendation,
+	TNC_IMV_Evaluation_Result evaluation);
+typedef TNC_Result (*TNC_TNCS_GetAttributePointer)(
+	TNC_IMVID imvID,
+TNC_ConnectionID connectionID,
+TNC_AttributeID attributeID,
+	TNC_UInt32 bufferLength,
+	TNC_BufferReference buffer,
+	TNC_UInt32 *pOutValueLength);
+typedef TNC_Result (*TNC_TNCS_SetAttributePointer)(
+	TNC_IMVID imvID,
+	TNC_ConnectionID connectionID,
+TNC_AttributeID attributeID,
+	TNC_UInt32 bufferLength,
+	TNC_BufferReference buffer);
+typedef TNC_Result (*TNC_TNCS_BindFunctionPointer)(
+	TNC_IMVID imvID,
+	char *functionName,
+	void **pOutfunctionPointer);
+typedef TNC_Result (*TNC_IMV_ProvideBindFunctionPointer)(
+	TNC_IMVID imvID,
+	TNC_TNCS_BindFunctionPointer bindFunction);
+
+/* Version Numbers */
+
+#define TNC_IFIMV_VERSION_1 1
+
+/* Handshake Retry Reason Values */
+
+/* reserved for TNC_RETRY_REASON_IMC_REMEDIATION_COMPLETE: 0 */
+/* reserved for TNC_RETRY_REASON_IMC_SERIOUS_EVENT: 1 */
+/* reserved for TNC_RETRY_REASON_IMC_INFORMATIONAL_EVENT: 2 */
+/* reserved for TNC_RETRY_REASON_IMC_PERIODIC: 3 */
+#define TNC_RETRY_REASON_IMV_IMPORTANT_POLICY_CHANGE 4
+#define TNC_RETRY_REASON_IMV_MINOR_POLICY_CHANGE 5
+#define TNC_RETRY_REASON_IMV_SERIOUS_EVENT 6
+#define TNC_RETRY_REASON_IMV_MINOR_EVENT 7
+#define TNC_RETRY_REASON_IMV_PERIODIC 8
+
+/* IMV Action Recommendation Values */
+
+#define TNC_IMV_ACTION_RECOMMENDATION_ALLOW 0
+#define TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS 1
+#define TNC_IMV_ACTION_RECOMMENDATION_ISOLATE 2
+#define TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION 3
+
+extern enum_name_t *TNC_IMV_Action_Recommendation_names;
+
+/* IMV Evaluation Result Values */
+
+#define TNC_IMV_EVALUATION_RESULT_COMPLIANT 0
+#define TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR 1
+#define TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MAJOR 2
+#define TNC_IMV_EVALUATION_RESULT_ERROR 3
+#define TNC_IMV_EVALUATION_RESULT_DONT_KNOW 4
+
+extern enum_name_t *TNC_IMV_Evaluation_Result_names;
+
+/* Message Attribute ID Values */
+
+#define TNC_ATTRIBUTEID_PREFERRED_LANGUAGE ((TNC_AttributeID) 0x00000001)
+#define TNC_ATTRIBUTEID_REASON_STRING ((TNC_AttributeID) 0x00000002)
+#define TNC_ATTRIBUTEID_REASON_LANGUAGE ((TNC_AttributeID) 0x00000003)
+
+/* IMV Functions */
+
+TNC_Result TNC_IMV_Initialize(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_Version minVersion,
+/*in*/  TNC_Version maxVersion,
+/*in*/  TNC_Version *pOutActualVersion);
+
+TNC_Result TNC_IMV_NotifyConnectionChange(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_ConnectionState newState);
+
+TNC_Result TNC_IMV_ReceiveMessage(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_BufferReference messageBuffer,
+/*in*/  TNC_UInt32 messageLength,
+/*in*/  TNC_MessageType messageType);
+
+TNC_Result TNC_IMV_SolicitRecommendation(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_ConnectionID connectionID);
+
+TNC_Result TNC_IMV_BatchEnding(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_ConnectionID connectionID);
+
+TNC_Result TNC_IMV_Terminate(
+/*in*/  TNC_IMVID imvID);
+
+TNC_Result TNC_IMV_ProvideBindFunction(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_TNCS_BindFunctionPointer bindFunction);
+
+/* TNC Server Functions */
+
+TNC_Result TNC_TNCS_ReportMessageTypes(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_MessageTypeList supportedTypes,
+/*in*/  TNC_UInt32 typeCount);
+
+TNC_Result TNC_TNCS_SendMessage(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_BufferReference message,
+/*in*/  TNC_UInt32 messageLength,
+/*in*/  TNC_MessageType messageType);
+
+TNC_Result TNC_TNCS_RequestHandshakeRetry(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_RetryReason reason);
+
+TNC_Result TNC_TNCS_ProvideRecommendation(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_IMV_Action_Recommendation recommendation,
+/*in*/  TNC_IMV_Evaluation_Result evaluation);
+
+TNC_Result TNC_TNCS_GetAttribute(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_AttributeID attributeID,
+/*in*/  TNC_UInt32 bufferLength,
+/*out*/ TNC_BufferReference buffer,
+/*out*/ TNC_UInt32 *pOutValueLength);
+
+TNC_Result TNC_TNCS_SetAttribute(
+/*in*/  TNC_IMVID imvID,
+/*in*/  TNC_ConnectionID connectionID,
+/*in*/  TNC_AttributeID attributeID,
+/*in*/  TNC_UInt32 bufferLength,
+/*in*/  TNC_BufferReference buffer);
+
+TNC_Result TNC_TNCS_BindFunction(
+/*in*/  TNC_IMVID imvID,
+/*in*/  char *functionName,
+/*in*/  void **pOutfunctionPointer);
+
+#endif /** TNCIFIMV_H_ @}*/