Imported Upstream version 5.2.0

4 files changed, 193 insertions, 65 deletions

diff --git a/src/libpts/plugins/imc_swid/Makefile.am b/src/libpts/plugins/imc_swid/Makefile.am
index d73c6d168..ddf596465 100644
--- a/src/libpts/plugins/imc_swid/Makefile.am
+++ b/src/libpts/plugins/imc_swid/Makefile.am
@@ -25,7 +25,7 @@ AM_CPPFLAGS = \
 	-DSWID_DIRECTORY=\"${prefix}/share\"
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imc-swid.la
 
diff --git a/src/libpts/plugins/imc_swid/Makefile.in b/src/libpts/plugins/imc_swid/Makefile.in
index 58402636f..6c3923ae2 100644
--- a/src/libpts/plugins/imc_swid/Makefile.in
+++ b/src/libpts/plugins/imc_swid/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -265,6 +265,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -283,6 +284,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -310,6 +312,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -401,6 +404,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -427,7 +431,7 @@ AM_CPPFLAGS = \
 	-DSWID_DIRECTORY=\"${prefix}/share\"
 
 AM_CFLAGS = \
-	-rdynamic
+	$(PLUGIN_CFLAGS)
 
 imcv_LTLIBRARIES = imc-swid.la
 imc_swid_la_LIBADD = \
diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libpts/plugins/imc_swid/imc_swid.c
index d4aaeff4d..ef3a6a3e3 100644
--- a/src/libpts/plugins/imc_swid/imc_swid.c
+++ b/src/libpts/plugins/imc_swid/imc_swid.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -24,12 +24,15 @@
 
 #include <imc/imc_agent.h>
 #include <imc/imc_msg.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_angel.h>
 
 #include <tncif_pa_subtypes.h>
 
 #include <pen/pen.h>
 #include <utils/debug.h>
 
+#define SWID_GENERATOR	"/usr/local/bin/swid_generator"
 
 /* IMC definitions */
 
@@ -128,12 +131,177 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
 	return TNC_RESULT_SUCCESS;
 }
 
-static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
+/**
+ * Add one or multiple SWID Inventory attributes to the send queue
+ */
+static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
+							   uint32_t request_id, bool full_tags,
+							   swid_inventory_t *targets)
 {
-	imc_msg_t *out_msg;
+	pa_tnc_attr_t *attr, *attr_angel, *attr_error;
 	imc_swid_state_t *swid_state;
+	swid_inventory_t *swid_inventory;
+	char *swid_directory, *swid_generator;
+	uint32_t eid_epoch;
+	size_t max_attr_size, attr_size, entry_size;
+	bool first = TRUE, swid_pretty, swid_full;
 	enumerator_t *enumerator;
+
+	swid_directory = lib->settings->get_str(lib->settings,
+								"%s.plugins.imc-swid.swid_directory",
+								 SWID_DIRECTORY, lib->ns);
+	swid_generator = lib->settings->get_str(lib->settings,
+								"%s.plugins.imc-swid.swid_generator",
+								 SWID_GENERATOR, lib->ns);
+	swid_pretty = lib->settings->get_bool(lib->settings,
+								"%s.plugins.imc-swid.swid_pretty",
+								 FALSE, lib->ns);
+	swid_full = lib->settings->get_bool(lib->settings,
+								"%s.plugins.imc-swid.swid_full",
+								 FALSE, lib->ns);
+
+	swid_inventory = swid_inventory_create(full_tags);
+	if (!swid_inventory->collect(swid_inventory, swid_directory, swid_generator,
+								 targets, swid_pretty, swid_full))
+	{
+		swid_inventory->destroy(swid_inventory);
+		attr_error = swid_error_create(TCG_SWID_ERROR, request_id,
+								 0, "error in SWID tag collection");
+		msg->add_attribute(msg, attr_error);
+		return FALSE;
+	}
+	DBG1(DBG_IMC, "collected %d SWID tag%s%s",
+		 swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
+		 swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
+
+	swid_state = (imc_swid_state_t*)state;
+	eid_epoch = swid_state->get_eid_epoch(swid_state);
+
+	/**
+	 * Compute the maximum TCG SWID Tag [ID] Inventory attribute size
+	 * leaving space for an additional ITA Angel attribute
+	 */
+	max_attr_size = state->get_max_msg_len(state) -
+					PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
+
+	if (full_tags)
+	{
+		tcg_swid_attr_tag_inv_t *swid_attr;
+		swid_tag_t *tag;
+		chunk_t encoding, tag_file_path;
+
+		/* At least one TCG Tag Inventory attribute is sent */
+		attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE;
+		attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+
+		enumerator = swid_inventory->create_enumerator(swid_inventory);
+		while (enumerator->enumerate(enumerator, &tag))
+		{
+			tag_file_path = tag->get_tag_file_path(tag);
+			encoding = tag->get_encoding(tag);
+			entry_size = 2 + tag_file_path.len + 4 + encoding.len;
+
+			/* Check for oversize tags that cannot be transported */
+			if (PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE +
+				entry_size > max_attr_size)
+			{
+				attr_error = swid_error_create(TCG_SWID_RESPONSE_TOO_LARGE,
+											   request_id, max_attr_size,
+											   "oversize SWID tag omitted");
+				msg->add_attribute(msg, attr_error);
+				continue;
+			}
+
+			if (attr_size + entry_size > max_attr_size)
+			{
+				if (first)
+				{
+					/**
+					 * Send an ITA Start Angel attribute to the IMV signalling
+					 * that multiple TGC SWID Tag Inventory attributes follow
+					 */
+					attr_angel = ita_attr_angel_create(TRUE);
+					msg->add_attribute(msg, attr_angel);
+					first = FALSE;
+				}
+				msg->add_attribute(msg, attr);
+
+				/* create the next TCG SWID Tag Inventory attribute */
+				attr_size = PA_TNC_ATTR_HEADER_SIZE +
+							TCG_SWID_TAG_INV_MIN_SIZE;
+				attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+			}
+			swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
+			swid_attr->add(swid_attr, tag->get_ref(tag));
+			attr_size += entry_size;
+		}
+		enumerator->destroy(enumerator);
+	}
+	else
+	{
+		tcg_swid_attr_tag_id_inv_t *swid_id_attr;
+		swid_tag_id_t *tag_id;
+		chunk_t tag_creator, unique_sw_id, tag_file_path;
+
+		/* At least one TCG Tag ID Inventory attribute is sent */
+		attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_ID_INV_MIN_SIZE;
+		attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
+		swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
+
+		enumerator = swid_inventory->create_enumerator(swid_inventory);
+		while (enumerator->enumerate(enumerator, &tag_id))
+		{
+			tag_creator = tag_id->get_tag_creator(tag_id);
+			unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
+			entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len +
+						 2 + tag_file_path.len;
+
+			if (attr_size + entry_size > max_attr_size)
+			{
+				if (first)
+				{
+					/**
+					 * Send an ITA Start Angel attribute to the IMV signalling
+					 * that multiple TGC SWID Tag ID Inventory attributes follow
+					 */
+					attr_angel = ita_attr_angel_create(TRUE);
+					msg->add_attribute(msg, attr_angel);
+					first = FALSE;
+				}
+				msg->add_attribute(msg, attr);
+
+				/* create the next TCG SWID Tag ID Inventory attribute */
+				attr_size = PA_TNC_ATTR_HEADER_SIZE +
+							TCG_SWID_TAG_ID_INV_MIN_SIZE;
+				attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
+			}
+			swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
+			swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
+			attr_size += entry_size;
+		}
+		enumerator->destroy(enumerator);
+	}
+	msg->add_attribute(msg, attr);
+	swid_inventory->destroy(swid_inventory);
+
+	if (!first)
+	{
+		/**
+		 * If we sent an ITA Start Angel attribute in the first place,
+		 * terminate by appending a matching ITA Stop Angel attribute.
+		 */
+		attr_angel = ita_attr_angel_create(FALSE);
+		msg->add_attribute(msg, attr_angel);
+	}
+
+	return TRUE;
+}
+
+static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
+{
+	imc_msg_t *out_msg;
 	pa_tnc_attr_t *attr;
+	enumerator_t *enumerator;
 	pen_type_t type;
 	TNC_Result result;
 	bool fatal_error = FALSE;
@@ -145,18 +313,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 		return result;
 	}
 	out_msg = imc_msg_create_as_reply(in_msg);
-	swid_state = (imc_swid_state_t*)state;
 
 	/* analyze PA-TNC attributes */
 	enumerator = in_msg->create_attribute_enumerator(in_msg);
 	while (enumerator->enumerate(enumerator, &attr))
 	{
 		tcg_swid_attr_req_t *attr_req;
-		u_int8_t flags;
-		u_int32_t request_id, eid_epoch;
-		swid_inventory_t *swid_inventory, *targets;
-		char *swid_directory;
+		uint8_t flags;
+		uint32_t request_id;
 		bool full_tags;
+		swid_inventory_t *targets;
 
 		type = attr->get_type(attr);
 
@@ -169,7 +335,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 		flags = attr_req->get_flags(attr_req);
 		request_id = attr_req->get_request_id(attr_req);
 		targets = attr_req->get_targets(attr_req);
-		eid_epoch = swid_state->get_eid_epoch(swid_state);
 
 		if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
 		{
@@ -180,33 +345,10 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 		}
 		full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
 
-		swid_directory = lib->settings->get_str(lib->settings,
-								"%s.plugins.imc-swid.swid_directory",
-								 SWID_DIRECTORY, lib->ns);
-		swid_inventory = swid_inventory_create(full_tags);
-		if (!swid_inventory->collect(swid_inventory, swid_directory, targets))
+		if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets))
 		{
-			swid_inventory->destroy(swid_inventory);
-			attr = swid_error_create(TCG_SWID_ERROR, request_id,
-									 0, "error in SWID tag collection");
-			out_msg->add_attribute(out_msg, attr);
 			break;
 		}
-		DBG1(DBG_IMC, "collected %d SWID tag%s%s",
-			 swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
-			 swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
-
-		if (full_tags)
-		{
-			attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1,
-												swid_inventory);
-		}
-		else
-		{
-			attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1,
-												swid_inventory);
-		}
-		out_msg->add_attribute(out_msg, attr);
 	}
 	enumerator->destroy(enumerator);
 
diff --git a/src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in b/src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in
index 6945d8769..8b7b50fdf 100644
--- a/src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in
+++ b/src/libpts/plugins/imc_swid/regid.2004-03.org.strongswan_strongSwan.swidtag.in
@@ -1,30 +1,12 @@
 <?xml version="1.0" encoding="utf-8"?>
-<software_identification_tag xmlns="http://standards.iso.org/iso/19770/-2/2009/schema.xsd">
-  <entitlement_required_indicator>true</entitlement_required_indicator>
-  <product_title>strongSwan</product_title>
-  <product_version>
-    <name>@VERSION_MAJOR@.@VERSION_MINOR@.@VERSION_BUILD@@VERSION_REVIEW@</name>
-    <numeric>
-      <major>@VERSION_MAJOR@</major>
-      <minor>@VERSION_MINOR@</minor>
-      <build>@VERSION_BUILD@</build>
-      <review>@VERSION_REVIEW@</review>
-    </numeric>
-  </product_version>
-  <software_creator>
-    <name>strongSwan Project</name>
-    <regid>regid.2004-03.org.strongswan</regid>
-  </software_creator>
-  <software_licensor>
-    <name>strongSwan Project</name>
-    <regid>regid.2004-03.org.strongswan</regid>
-  </software_licensor>
-  <software_id>
-    <unique_id>strongSwan-@VERSION_MAJOR@-@VERSION_MINOR@-@VERSION_BUILD@@VERSION_REVIEW@</unique_id>
-    <tag_creator_regid>regid.2004-03.org.strongswan</tag_creator_regid>
-  </software_id>
-  <tag_creator>
-    <name>strongSwan Project</name>
-    <regid>regid.2004-03.org.strongswan</regid>
-  </tag_creator>
-</software_identification_tag>
+
+<SoftwareIdentity
+  name="strongSwan"
+  uniqueId="strongSwan-@VERSION_MAJOR@-@VERSION_MINOR@-@VERSION_BUILD@@VERSION_REVIEW@"
+  version="@VERSION_MAJOR@.@VERSION_MINOR@.@VERSION_BUILD@@VERSION_REVIEW@" versionScheme="alphanumeric"
+  xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd">
+  <Entity
+    name="strongSwan Project"
+    regid="regid.2004-03.org.strongswan"
+    role="publisher licensor tagcreator"/>
+</SoftwareIdentity>