1 files changed, 217 insertions, 22 deletions

diff --git a/src/libimcv/imc/imc_msg.c b/src/libimcv/imc/imc_msg.c
index 1cf81c730..83337cf7b 100644
--- a/src/libimcv/imc/imc_msg.c
+++ b/src/libimcv/imc/imc_msg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -18,8 +18,12 @@
 #include "ietf/ietf_attr.h"
 #include "ietf/ietf_attr_assess_result.h"
 #include "ietf/ietf_attr_remediation_instr.h"
+#include "tcg/seg/tcg_seg_attr_max_size.h"
+#include "tcg/seg/tcg_seg_attr_seg_env.h"
+#include "tcg/seg/tcg_seg_attr_next_seg.h"
 
 #include <tncif_names.h>
+#include <tncif_pa_subtypes.h>
 
 #include <pen/pen.h>
 #include <collections/linked_list.h>
@@ -104,11 +108,18 @@ METHOD(imc_msg_t, send_, TNC_Result,
 	pa_tnc_attr_t *attr;
 	TNC_UInt32 msg_flags;
 	TNC_MessageType msg_type;
-	bool attr_added;
+	bool attr_added, oversize;
 	chunk_t msg;
+	seg_contract_t *contract;
+	seg_contract_manager_t *contracts;
 	enumerator_t *enumerator;
 	TNC_Result result = TNC_RESULT_SUCCESS;
 
+	/* Get IF-M segmentation contract for this subtype if any */
+	contracts = this->state->get_contracts(this->state);
+	contract = contracts->get_contract(contracts, this->msg_type,
+									   FALSE, this->dst_id);
+
 	while (this->attr_list->get_count(this->attr_list))
 	{
 		pa_tnc_msg = pa_tnc_msg_create(this->state->get_max_msg_len(this->state));
@@ -117,6 +128,17 @@ METHOD(imc_msg_t, send_, TNC_Result,
 		enumerator = this->attr_list->create_enumerator(this->attr_list);
 		while (enumerator->enumerate(enumerator, &attr))
 		{
+			if (contract && contract->check_size(contract, attr, &oversize))
+			{
+				if (oversize)
+				{
+					/* TODO generate SWID error msg */
+				}
+				else
+				{
+					attr = contract->first_segment(contract, attr);
+				}
+			}
 			if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
 			{
 				attr_added = TRUE;
@@ -208,8 +230,9 @@ static void print_assessment_trailer(bool first)
 }
 
 METHOD(imc_msg_t, receive, TNC_Result,
-	private_imc_msg_t *this, bool *fatal_error)
+	private_imc_msg_t *this, imc_msg_t *out_msg, bool *fatal_error)
 {
+	linked_list_t *non_fatal_types;
 	TNC_UInt32 target_imc_id;
 	enumerator_t *enumerator;
 	pa_tnc_attr_t *attr;
@@ -251,26 +274,14 @@ METHOD(imc_msg_t, receive, TNC_Result,
 			break;
 		case VERIFY_ERROR:
 		{
-			imc_msg_t *error_msg;
-			TNC_Result result;
-
-			error_msg = imc_msg_create_as_reply(&this->public);
-
 			/* extract and copy by reference all error attributes */
 			enumerator = this->pa_msg->create_error_enumerator(this->pa_msg);
 			while (enumerator->enumerate(enumerator, &attr))
 			{
-				error_msg->add_attribute(error_msg, attr->get_ref(attr));
+				out_msg->add_attribute(out_msg, attr->get_ref(attr));
 			}
 			enumerator->destroy(enumerator);
-
-			/*
-			 * send the PA-TNC message containing all error attributes
-			 * with the excl flag set
-			 */
-			result = error_msg->send(error_msg, TRUE);
-			error_msg->destroy(error_msg);
-			return result;
+			return TNC_RESULT_SUCCESS;
 		}
 		case FAILED:
 		default:
@@ -281,8 +292,192 @@ METHOD(imc_msg_t, receive, TNC_Result,
 	target_imc_id = (this->dst_id != TNC_IMCID_ANY) ?
 					 this->dst_id : this->agent->get_id(this->agent);
 
+	/* process any IF-M segmentation contracts */
+	enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
+	while (enumerator->enumerate(enumerator, &attr))
+	{
+		uint32_t max_attr_size, max_seg_size, my_max_attr_size, my_max_seg_size;
+		seg_contract_t *contract;
+		seg_contract_manager_t *contracts;
+		char buf[BUF_LEN];
+		pen_type_t type;
+
+		type = attr->get_type(attr);
+
+		contracts = this->state->get_contracts(this->state);
+
+		if (type.vendor_id != PEN_TCG)
+		{
+			continue;
+		}
+
+		switch (type.type)
+		{
+			case TCG_SEG_MAX_ATTR_SIZE_REQ:
+			{
+				tcg_seg_attr_max_size_t *attr_cast;
+
+				attr_cast = (tcg_seg_attr_max_size_t*)attr;
+				attr_cast->get_attr_size(attr_cast, &max_attr_size,
+													&max_seg_size);
+				contract = contracts->get_contract(contracts, this->msg_type,
+												   FALSE, this->src_id);
+				if (contract)
+				{
+					contract->set_max_size(contract, max_attr_size,
+													 max_seg_size);
+				}
+				else
+				{
+					contract = seg_contract_create(this->msg_type, max_attr_size,
+									max_seg_size, FALSE, this->src_id, TRUE);
+					contract->set_responder(contract, target_imc_id);
+					contracts->add_contract(contracts, contract);
+				}
+				contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+				DBG2(DBG_IMC, "%s", buf);
+
+				/* Determine maximum PA-TNC attribute segment size */
+				my_max_seg_size = this->state->get_max_msg_len(this->state)
+									- PA_TNC_HEADER_SIZE
+									- PA_TNC_ATTR_HEADER_SIZE
+									- TCG_SEG_ATTR_SEG_ENV_HEADER
+									- PA_TNC_ATTR_HEADER_SIZE
+									- TCG_SEG_ATTR_MAX_SIZE_SIZE;
+
+				/* If segmentation is possible select lower segment size */
+				if (max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+					max_seg_size > my_max_seg_size)
+				{
+					max_seg_size = my_max_seg_size;
+					contract->set_max_size(contract, max_attr_size,
+													 max_seg_size);
+					DBG2(DBG_IMC, "  lowered maximum segment size to %u bytes",
+						 max_seg_size);
+				}
+
+				/* Add Maximum Attribute Size Response attribute */
+				attr = tcg_seg_attr_max_size_create(max_attr_size,
+													max_seg_size, FALSE);
+				out_msg->add_attribute(out_msg, attr);
+				break;
+			}
+			case TCG_SEG_MAX_ATTR_SIZE_RESP:
+			{
+				tcg_seg_attr_max_size_t *attr_cast;
+
+				attr_cast = (tcg_seg_attr_max_size_t*)attr;
+				attr_cast->get_attr_size(attr_cast, &max_attr_size,
+													&max_seg_size);
+				contract = contracts->get_contract(contracts, this->msg_type,
+												   TRUE, this->src_id);
+				if (!contract)
+				{
+					contract = contracts->get_contract(contracts, this->msg_type,
+													   TRUE, TNC_IMCID_ANY);
+					if (contract)
+					{
+						contract = contract->clone(contract);
+						contract->set_responder(contract, this->src_id);
+						contracts->add_contract(contracts, contract);
+					}
+				}
+				if (contract)
+				{
+					contract->get_max_size(contract, &my_max_attr_size,
+													 &my_max_seg_size);
+					if (my_max_seg_size != SEG_CONTRACT_NO_FRAGMENTATION &&
+						my_max_seg_size > max_seg_size)
+					{
+						my_max_seg_size = max_seg_size;
+						contract->set_max_size(contract, my_max_attr_size,
+														 my_max_seg_size);
+					}
+					contract->get_info_string(contract, buf, BUF_LEN, FALSE);
+					DBG2(DBG_IMC, "%s", buf);
+				}
+				else
+				{
+					/* TODO no request pending */
+					DBG1(DBG_IMC, "no contract for this PA message type found");
+				}
+				break;
+			}
+			case TCG_SEG_ATTR_SEG_ENV:
+			{
+				tcg_seg_attr_seg_env_t *seg_env_attr;
+				pa_tnc_attr_t *error;
+				uint32_t base_attr_id;
+				bool more;
+
+				seg_env_attr = (tcg_seg_attr_seg_env_t*)attr;
+				base_attr_id = seg_env_attr->get_base_attr_id(seg_env_attr);
+
+				contract = contracts->get_contract(contracts, this->msg_type,
+												   TRUE, this->src_id);
+				if (!contract)
+				{
+					DBG2(DBG_IMC, "no contract for received attribute segment "
+						 "with base attribute ID %u", base_attr_id);
+					continue;
+				}
+				attr = contract->add_segment(contract, attr, &error, &more);
+				if (error)
+				{
+					out_msg->add_attribute(out_msg, error);
+				}
+				if (attr)
+				{
+					this->pa_msg->add_attribute(this->pa_msg, attr);
+				}
+				if (more)
+				{
+					/* Send Next Segment Request */
+					attr = tcg_seg_attr_next_seg_create(base_attr_id, FALSE);
+					out_msg->add_attribute(out_msg, attr);
+				}
+				break;
+			}
+			case TCG_SEG_NEXT_SEG_REQ:
+			{
+				tcg_seg_attr_next_seg_t *attr_cast;
+				uint32_t base_attr_id;
+
+				attr_cast = (tcg_seg_attr_next_seg_t*)attr;
+				base_attr_id = attr_cast->get_base_attr_id(attr_cast);
+
+				contract = contracts->get_contract(contracts, this->msg_type,
+												   FALSE, this->src_id);
+				if (!contract)
+				{
+					/* TODO no contract - generate error message */
+					DBG1(DBG_IMC, "no contract for received next segment "
+						 "request with base attribute ID %u", base_attr_id);
+					continue;
+				}
+				attr = contract->next_segment(contract, base_attr_id);
+				if (attr)
+				{
+					out_msg->add_attribute(out_msg, attr);
+				}
+				else
+				{
+					/* TODO no more segments - generate error message */
+					DBG1(DBG_IMC, "no more segments found for "
+						 "base attribute ID %u", base_attr_id);
+				}
+				break;
+			}
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
 	/* preprocess any received IETF standard error attributes */
-	*fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg);
+	non_fatal_types = this->agent->get_non_fatal_attr_types(this->agent);
+	*fatal_error = this->pa_msg->process_ietf_std_errors(this->pa_msg,
+														 non_fatal_types);
 
 	/* preprocess any received IETF assessment result attribute */
 	enumerator = this->pa_msg->create_attribute_enumerator(this->pa_msg);
@@ -297,16 +492,16 @@ METHOD(imc_msg_t, receive, TNC_Result,
 		if (attr_type.type == IETF_ATTR_ASSESSMENT_RESULT)
 		{
 			ietf_attr_assess_result_t *attr_cast;
-			TNC_IMV_Evaluation_Result result;
+			TNC_IMV_Evaluation_Result res;
 
 			attr_cast = (ietf_attr_assess_result_t*)attr;
-			result =  attr_cast->get_result(attr_cast);
-			this->state->set_result(this->state, target_imc_id, result);
+			res =  attr_cast->get_result(attr_cast);
+			this->state->set_result(this->state, target_imc_id, res);
 
 			print_assessment_header(this->agent->get_name(this->agent),
 									target_imc_id, this->src_id, &first);
 			DBG1(DBG_IMC, "assessment result is '%N'",
-				 TNC_IMV_Evaluation_Result_names, result);
+				 TNC_IMV_Evaluation_Result_names, res);
 		}
 		else if (attr_type.type == IETF_ATTR_REMEDIATION_INSTRUCTIONS)
 		{