• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * EAP-TNC - TNCC (IF-IMC and IF-TNCCS)
3  * Copyright (c) 2007, Jouni Malinen <j@w1.fi>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  *
9  * Alternatively, this software may be distributed under the terms of BSD
10  * license.
11  *
12  * See README and COPYING for more details.
13  */
14 
15 #include "includes.h"
16 #ifndef CONFIG_NATIVE_WINDOWS
17 #include <dlfcn.h>
18 #endif /* CONFIG_NATIVE_WINDOWS */
19 
20 #include "common.h"
21 #include "base64.h"
22 #include "tncc.h"
23 #include "eap_common/eap_tlv_common.h"
24 #include "eap_common/eap_defs.h"
25 
26 
27 #ifdef UNICODE
28 #define TSTR "%S"
29 #else /* UNICODE */
30 #define TSTR "%s"
31 #endif /* UNICODE */
32 
33 
34 #define TNC_CONFIG_FILE "/etc/tnc_config"
35 #define TNC_WINREG_PATH TEXT("SOFTWARE\\Trusted Computing Group\\TNC\\IMCs")
36 #define IF_TNCCS_START \
37 "<?xml version=\"1.0\"?>\n" \
38 "<TNCCS-Batch BatchId=\"%d\" Recipient=\"TNCS\" " \
39 "xmlns=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/IF_TNCCS#\" " \
40 "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
41 "xsi:schemaLocation=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/" \
42 "IF_TNCCS# https://www.trustedcomputinggroup.org/XML/SCHEMA/TNCCS_1.0.xsd\">\n"
43 #define IF_TNCCS_END "\n</TNCCS-Batch>"
44 
45 /* TNC IF-IMC */
46 
47 typedef unsigned long TNC_UInt32;
48 typedef unsigned char *TNC_BufferReference;
49 
50 typedef TNC_UInt32 TNC_IMCID;
51 typedef TNC_UInt32 TNC_ConnectionID;
52 typedef TNC_UInt32 TNC_ConnectionState;
53 typedef TNC_UInt32 TNC_RetryReason;
54 typedef TNC_UInt32 TNC_MessageType;
55 typedef TNC_MessageType *TNC_MessageTypeList;
56 typedef TNC_UInt32 TNC_VendorID;
57 typedef TNC_UInt32 TNC_MessageSubtype;
58 typedef TNC_UInt32 TNC_Version;
59 typedef TNC_UInt32 TNC_Result;
60 
61 typedef TNC_Result (*TNC_TNCC_BindFunctionPointer)(
62 	TNC_IMCID imcID,
63 	char *functionName,
64 	void **pOutfunctionPointer);
65 
66 #define TNC_RESULT_SUCCESS 0
67 #define TNC_RESULT_NOT_INITIALIZED 1
68 #define TNC_RESULT_ALREADY_INITIALIZED 2
69 #define TNC_RESULT_NO_COMMON_VERSION 3
70 #define TNC_RESULT_CANT_RETRY 4
71 #define TNC_RESULT_WONT_RETRY 5
72 #define TNC_RESULT_INVALID_PARAMETER 6
73 #define TNC_RESULT_CANT_RESPOND 7
74 #define TNC_RESULT_ILLEGAL_OPERATION 8
75 #define TNC_RESULT_OTHER 9
76 #define TNC_RESULT_FATAL 10
77 
78 #define TNC_CONNECTION_STATE_CREATE 0
79 #define TNC_CONNECTION_STATE_HANDSHAKE 1
80 #define TNC_CONNECTION_STATE_ACCESS_ALLOWED 2
81 #define TNC_CONNECTION_STATE_ACCESS_ISOLATED 3
82 #define TNC_CONNECTION_STATE_ACCESS_NONE 4
83 #define TNC_CONNECTION_STATE_DELETE 5
84 
85 #define TNC_IFIMC_VERSION_1 1
86 
87 #define TNC_VENDORID_ANY ((TNC_VendorID) 0xffffff)
88 #define TNC_SUBTYPE_ANY ((TNC_MessageSubtype) 0xff)
89 
90 /* TNCC-TNCS Message Types */
91 #define TNC_TNCCS_RECOMMENDATION		0x00000001
92 #define TNC_TNCCS_ERROR				0x00000002
93 #define TNC_TNCCS_PREFERREDLANGUAGE		0x00000003
94 #define TNC_TNCCS_REASONSTRINGS			0x00000004
95 
96 
97 /* IF-TNCCS-SOH - SSoH and SSoHR Attributes */
98 enum {
99 	SSOH_MS_MACHINE_INVENTORY = 1,
100 	SSOH_MS_QUARANTINE_STATE = 2,
101 	SSOH_MS_PACKET_INFO = 3,
102 	SSOH_MS_SYSTEMGENERATED_IDS = 4,
103 	SSOH_MS_MACHINENAME = 5,
104 	SSOH_MS_CORRELATIONID = 6,
105 	SSOH_MS_INSTALLED_SHVS = 7,
106 	SSOH_MS_MACHINE_INVENTORY_EX = 8
107 };
108 
109 struct tnc_if_imc {
110 	struct tnc_if_imc *next;
111 	char *name;
112 	char *path;
113 	void *dlhandle; /* from dlopen() */
114 	TNC_IMCID imcID;
115 	TNC_ConnectionID connectionID;
116 	TNC_MessageTypeList supported_types;
117 	size_t num_supported_types;
118 	u8 *imc_send;
119 	size_t imc_send_len;
120 
121 	/* Functions implemented by IMCs (with TNC_IMC_ prefix) */
122 	TNC_Result (*Initialize)(
123 		TNC_IMCID imcID,
124 		TNC_Version minVersion,
125 		TNC_Version maxVersion,
126 		TNC_Version *pOutActualVersion);
127 	TNC_Result (*NotifyConnectionChange)(
128 		TNC_IMCID imcID,
129 		TNC_ConnectionID connectionID,
130 		TNC_ConnectionState newState);
131 	TNC_Result (*BeginHandshake)(
132 		TNC_IMCID imcID,
133 		TNC_ConnectionID connectionID);
134 	TNC_Result (*ReceiveMessage)(
135 		TNC_IMCID imcID,
136 		TNC_ConnectionID connectionID,
137 		TNC_BufferReference messageBuffer,
138 		TNC_UInt32 messageLength,
139 		TNC_MessageType messageType);
140 	TNC_Result (*BatchEnding)(
141 		TNC_IMCID imcID,
142 		TNC_ConnectionID connectionID);
143 	TNC_Result (*Terminate)(TNC_IMCID imcID);
144 	TNC_Result (*ProvideBindFunction)(
145 		TNC_IMCID imcID,
146 		TNC_TNCC_BindFunctionPointer bindFunction);
147 };
148 
149 struct tncc_data {
150 	struct tnc_if_imc *imc;
151 	unsigned int last_batchid;
152 };
153 
154 #define TNC_MAX_IMC_ID 10
155 static struct tnc_if_imc *tnc_imc[TNC_MAX_IMC_ID] = { NULL };
156 
157 
158 /* TNCC functions that IMCs can call */
159 
TNC_TNCC_ReportMessageTypes(TNC_IMCID imcID,TNC_MessageTypeList supportedTypes,TNC_UInt32 typeCount)160 TNC_Result TNC_TNCC_ReportMessageTypes(
161 	TNC_IMCID imcID,
162 	TNC_MessageTypeList supportedTypes,
163 	TNC_UInt32 typeCount)
164 {
165 	TNC_UInt32 i;
166 	struct tnc_if_imc *imc;
167 
168 	wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_ReportMessageTypes(imcID=%lu "
169 		   "typeCount=%lu)",
170 		   (unsigned long) imcID, (unsigned long) typeCount);
171 
172 	for (i = 0; i < typeCount; i++) {
173 		wpa_printf(MSG_DEBUG, "TNC: supportedTypes[%lu] = %lu",
174 			   i, supportedTypes[i]);
175 	}
176 
177 	if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
178 		return TNC_RESULT_INVALID_PARAMETER;
179 
180 	imc = tnc_imc[imcID];
181 	os_free(imc->supported_types);
182 	imc->supported_types =
183 		os_malloc(typeCount * sizeof(TNC_MessageTypeList));
184 	if (imc->supported_types == NULL)
185 		return TNC_RESULT_FATAL;
186 	os_memcpy(imc->supported_types, supportedTypes,
187 		  typeCount * sizeof(TNC_MessageTypeList));
188 	imc->num_supported_types = typeCount;
189 
190 	return TNC_RESULT_SUCCESS;
191 }
192 
193 
TNC_TNCC_SendMessage(TNC_IMCID imcID,TNC_ConnectionID connectionID,TNC_BufferReference message,TNC_UInt32 messageLength,TNC_MessageType messageType)194 TNC_Result TNC_TNCC_SendMessage(
195 	TNC_IMCID imcID,
196 	TNC_ConnectionID connectionID,
197 	TNC_BufferReference message,
198 	TNC_UInt32 messageLength,
199 	TNC_MessageType messageType)
200 {
201 	struct tnc_if_imc *imc;
202 	unsigned char *b64;
203 	size_t b64len;
204 
205 	wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage(imcID=%lu "
206 		   "connectionID=%lu messageType=%lu)",
207 		   imcID, connectionID, messageType);
208 	wpa_hexdump_ascii(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage",
209 			  message, messageLength);
210 
211 	if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
212 		return TNC_RESULT_INVALID_PARAMETER;
213 
214 	b64 = base64_encode(message, messageLength, &b64len);
215 	if (b64 == NULL)
216 		return TNC_RESULT_FATAL;
217 
218 	imc = tnc_imc[imcID];
219 	os_free(imc->imc_send);
220 	imc->imc_send_len = 0;
221 	imc->imc_send = os_zalloc(b64len + 100);
222 	if (imc->imc_send == NULL) {
223 		os_free(b64);
224 		return TNC_RESULT_OTHER;
225 	}
226 
227 	imc->imc_send_len =
228 		os_snprintf((char *) imc->imc_send, b64len + 100,
229 			    "<IMC-IMV-Message><Type>%08X</Type>"
230 			    "<Base64>%s</Base64></IMC-IMV-Message>",
231 			    (unsigned int) messageType, b64);
232 
233 	os_free(b64);
234 
235 	return TNC_RESULT_SUCCESS;
236 }
237 
238 
TNC_TNCC_RequestHandshakeRetry(TNC_IMCID imcID,TNC_ConnectionID connectionID,TNC_RetryReason reason)239 TNC_Result TNC_TNCC_RequestHandshakeRetry(
240 	TNC_IMCID imcID,
241 	TNC_ConnectionID connectionID,
242 	TNC_RetryReason reason)
243 {
244 	wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_RequestHandshakeRetry");
245 
246 	if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
247 		return TNC_RESULT_INVALID_PARAMETER;
248 
249 	/*
250 	 * TODO: trigger a call to eapol_sm_request_reauth(). This would
251 	 * require that the IMC continues to be loaded in memory afer
252 	 * authentication..
253 	 */
254 
255 	return TNC_RESULT_SUCCESS;
256 }
257 
258 
TNC_9048_LogMessage(TNC_IMCID imcID,TNC_UInt32 severity,const char * message)259 TNC_Result TNC_9048_LogMessage(TNC_IMCID imcID, TNC_UInt32 severity,
260 			       const char *message)
261 {
262 	wpa_printf(MSG_DEBUG, "TNC: TNC_9048_LogMessage(imcID=%lu "
263 		   "severity==%lu message='%s')",
264 		   imcID, severity, message);
265 	return TNC_RESULT_SUCCESS;
266 }
267 
268 
TNC_9048_UserMessage(TNC_IMCID imcID,TNC_ConnectionID connectionID,const char * message)269 TNC_Result TNC_9048_UserMessage(TNC_IMCID imcID, TNC_ConnectionID connectionID,
270 				const char *message)
271 {
272 	wpa_printf(MSG_DEBUG, "TNC: TNC_9048_UserMessage(imcID=%lu "
273 		   "connectionID==%lu message='%s')",
274 		   imcID, connectionID, message);
275 	return TNC_RESULT_SUCCESS;
276 }
277 
278 
TNC_TNCC_BindFunction(TNC_IMCID imcID,char * functionName,void ** pOutfunctionPointer)279 TNC_Result TNC_TNCC_BindFunction(
280 	TNC_IMCID imcID,
281 	char *functionName,
282 	void **pOutfunctionPointer)
283 {
284 	wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_BindFunction(imcID=%lu, "
285 		   "functionName='%s')", (unsigned long) imcID, functionName);
286 
287 	if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
288 		return TNC_RESULT_INVALID_PARAMETER;
289 
290 	if (pOutfunctionPointer == NULL)
291 		return TNC_RESULT_INVALID_PARAMETER;
292 
293 	if (os_strcmp(functionName, "TNC_TNCC_ReportMessageTypes") == 0)
294 		*pOutfunctionPointer = TNC_TNCC_ReportMessageTypes;
295 	else if (os_strcmp(functionName, "TNC_TNCC_SendMessage") == 0)
296 		*pOutfunctionPointer = TNC_TNCC_SendMessage;
297 	else if (os_strcmp(functionName, "TNC_TNCC_RequestHandshakeRetry") ==
298 		 0)
299 		*pOutfunctionPointer = TNC_TNCC_RequestHandshakeRetry;
300 	else if (os_strcmp(functionName, "TNC_9048_LogMessage") == 0)
301 		*pOutfunctionPointer = TNC_9048_LogMessage;
302 	else if (os_strcmp(functionName, "TNC_9048_UserMessage") == 0)
303 		*pOutfunctionPointer = TNC_9048_UserMessage;
304 	else
305 		*pOutfunctionPointer = NULL;
306 
307 	return TNC_RESULT_SUCCESS;
308 }
309 
310 
tncc_get_sym(void * handle,char * func)311 static void * tncc_get_sym(void *handle, char *func)
312 {
313 	void *fptr;
314 
315 #ifdef CONFIG_NATIVE_WINDOWS
316 #ifdef _WIN32_WCE
317 	fptr = GetProcAddressA(handle, func);
318 #else /* _WIN32_WCE */
319 	fptr = GetProcAddress(handle, func);
320 #endif /* _WIN32_WCE */
321 #else /* CONFIG_NATIVE_WINDOWS */
322 	fptr = dlsym(handle, func);
323 #endif /* CONFIG_NATIVE_WINDOWS */
324 
325 	return fptr;
326 }
327 
328 
tncc_imc_resolve_funcs(struct tnc_if_imc * imc)329 static int tncc_imc_resolve_funcs(struct tnc_if_imc *imc)
330 {
331 	void *handle = imc->dlhandle;
332 
333 	/* Mandatory IMC functions */
334 	imc->Initialize = tncc_get_sym(handle, "TNC_IMC_Initialize");
335 	if (imc->Initialize == NULL) {
336 		wpa_printf(MSG_ERROR, "TNC: IMC does not export "
337 			   "TNC_IMC_Initialize");
338 		return -1;
339 	}
340 
341 	imc->BeginHandshake = tncc_get_sym(handle, "TNC_IMC_BeginHandshake");
342 	if (imc->BeginHandshake == NULL) {
343 		wpa_printf(MSG_ERROR, "TNC: IMC does not export "
344 			   "TNC_IMC_BeginHandshake");
345 		return -1;
346 	}
347 
348 	imc->ProvideBindFunction =
349 		tncc_get_sym(handle, "TNC_IMC_ProvideBindFunction");
350 	if (imc->ProvideBindFunction == NULL) {
351 		wpa_printf(MSG_ERROR, "TNC: IMC does not export "
352 			   "TNC_IMC_ProvideBindFunction");
353 		return -1;
354 	}
355 
356 	/* Optional IMC functions */
357 	imc->NotifyConnectionChange =
358 		tncc_get_sym(handle, "TNC_IMC_NotifyConnectionChange");
359 	imc->ReceiveMessage = tncc_get_sym(handle, "TNC_IMC_ReceiveMessage");
360 	imc->BatchEnding = tncc_get_sym(handle, "TNC_IMC_BatchEnding");
361 	imc->Terminate = tncc_get_sym(handle, "TNC_IMC_Terminate");
362 
363 	return 0;
364 }
365 
366 
tncc_imc_initialize(struct tnc_if_imc * imc)367 static int tncc_imc_initialize(struct tnc_if_imc *imc)
368 {
369 	TNC_Result res;
370 	TNC_Version imc_ver;
371 
372 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Initialize for IMC '%s'",
373 		   imc->name);
374 	res = imc->Initialize(imc->imcID, TNC_IFIMC_VERSION_1,
375 			      TNC_IFIMC_VERSION_1, &imc_ver);
376 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Initialize: res=%lu imc_ver=%lu",
377 		   (unsigned long) res, (unsigned long) imc_ver);
378 
379 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
380 }
381 
382 
tncc_imc_terminate(struct tnc_if_imc * imc)383 static int tncc_imc_terminate(struct tnc_if_imc *imc)
384 {
385 	TNC_Result res;
386 
387 	if (imc->Terminate == NULL)
388 		return 0;
389 
390 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Terminate for IMC '%s'",
391 		   imc->name);
392 	res = imc->Terminate(imc->imcID);
393 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Terminate: %lu",
394 		   (unsigned long) res);
395 
396 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
397 }
398 
399 
tncc_imc_provide_bind_function(struct tnc_if_imc * imc)400 static int tncc_imc_provide_bind_function(struct tnc_if_imc *imc)
401 {
402 	TNC_Result res;
403 
404 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_ProvideBindFunction for "
405 		   "IMC '%s'", imc->name);
406 	res = imc->ProvideBindFunction(imc->imcID, TNC_TNCC_BindFunction);
407 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_ProvideBindFunction: res=%lu",
408 		   (unsigned long) res);
409 
410 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
411 }
412 
413 
tncc_imc_notify_connection_change(struct tnc_if_imc * imc,TNC_ConnectionState state)414 static int tncc_imc_notify_connection_change(struct tnc_if_imc *imc,
415 					     TNC_ConnectionState state)
416 {
417 	TNC_Result res;
418 
419 	if (imc->NotifyConnectionChange == NULL)
420 		return 0;
421 
422 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_NotifyConnectionChange(%d)"
423 		   " for IMC '%s'", (int) state, imc->name);
424 	res = imc->NotifyConnectionChange(imc->imcID, imc->connectionID,
425 					  state);
426 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_NotifyConnectionChange: %lu",
427 		   (unsigned long) res);
428 
429 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
430 }
431 
432 
tncc_imc_begin_handshake(struct tnc_if_imc * imc)433 static int tncc_imc_begin_handshake(struct tnc_if_imc *imc)
434 {
435 	TNC_Result res;
436 
437 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_BeginHandshake for IMC "
438 		   "'%s'", imc->name);
439 	res = imc->BeginHandshake(imc->imcID, imc->connectionID);
440 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_BeginHandshake: %lu",
441 		   (unsigned long) res);
442 
443 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
444 }
445 
446 
tncc_load_imc(struct tnc_if_imc * imc)447 static int tncc_load_imc(struct tnc_if_imc *imc)
448 {
449 	if (imc->path == NULL) {
450 		wpa_printf(MSG_DEBUG, "TNC: No IMC configured");
451 		return -1;
452 	}
453 
454 	wpa_printf(MSG_DEBUG, "TNC: Opening IMC: %s (%s)",
455 		   imc->name, imc->path);
456 #ifdef CONFIG_NATIVE_WINDOWS
457 #ifdef UNICODE
458 	{
459 		TCHAR *lib = wpa_strdup_tchar(imc->path);
460 		if (lib == NULL)
461 			return -1;
462 		imc->dlhandle = LoadLibrary(lib);
463 		os_free(lib);
464 	}
465 #else /* UNICODE */
466 	imc->dlhandle = LoadLibrary(imc->path);
467 #endif /* UNICODE */
468 	if (imc->dlhandle == NULL) {
469 		wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %d",
470 			   imc->name, imc->path, (int) GetLastError());
471 		return -1;
472 	}
473 #else /* CONFIG_NATIVE_WINDOWS */
474 	imc->dlhandle = dlopen(imc->path, RTLD_LAZY);
475 	if (imc->dlhandle == NULL) {
476 		wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %s",
477 			   imc->name, imc->path, dlerror());
478 		return -1;
479 	}
480 #endif /* CONFIG_NATIVE_WINDOWS */
481 
482 	if (tncc_imc_resolve_funcs(imc) < 0) {
483 		wpa_printf(MSG_ERROR, "TNC: Failed to resolve IMC functions");
484 		return -1;
485 	}
486 
487 	if (tncc_imc_initialize(imc) < 0 ||
488 	    tncc_imc_provide_bind_function(imc) < 0) {
489 		wpa_printf(MSG_ERROR, "TNC: Failed to initialize IMC");
490 		return -1;
491 	}
492 
493 	return 0;
494 }
495 
496 
tncc_unload_imc(struct tnc_if_imc * imc)497 static void tncc_unload_imc(struct tnc_if_imc *imc)
498 {
499 	tncc_imc_terminate(imc);
500 	tnc_imc[imc->imcID] = NULL;
501 
502 	if (imc->dlhandle) {
503 #ifdef CONFIG_NATIVE_WINDOWS
504 		FreeLibrary(imc->dlhandle);
505 #else /* CONFIG_NATIVE_WINDOWS */
506 		dlclose(imc->dlhandle);
507 #endif /* CONFIG_NATIVE_WINDOWS */
508 	}
509 	os_free(imc->name);
510 	os_free(imc->path);
511 	os_free(imc->supported_types);
512 	os_free(imc->imc_send);
513 }
514 
515 
tncc_supported_type(struct tnc_if_imc * imc,unsigned int type)516 static int tncc_supported_type(struct tnc_if_imc *imc, unsigned int type)
517 {
518 	size_t i;
519 	unsigned int vendor, subtype;
520 
521 	if (imc == NULL || imc->supported_types == NULL)
522 		return 0;
523 
524 	vendor = type >> 8;
525 	subtype = type & 0xff;
526 
527 	for (i = 0; i < imc->num_supported_types; i++) {
528 		unsigned int svendor, ssubtype;
529 		svendor = imc->supported_types[i] >> 8;
530 		ssubtype = imc->supported_types[i] & 0xff;
531 		if ((vendor == svendor || svendor == TNC_VENDORID_ANY) &&
532 		    (subtype == ssubtype || ssubtype == TNC_SUBTYPE_ANY))
533 			return 1;
534 	}
535 
536 	return 0;
537 }
538 
539 
tncc_send_to_imcs(struct tncc_data * tncc,unsigned int type,const u8 * msg,size_t len)540 static void tncc_send_to_imcs(struct tncc_data *tncc, unsigned int type,
541 			      const u8 *msg, size_t len)
542 {
543 	struct tnc_if_imc *imc;
544 	TNC_Result res;
545 
546 	wpa_hexdump_ascii(MSG_MSGDUMP, "TNC: Message to IMC(s)", msg, len);
547 
548 	for (imc = tncc->imc; imc; imc = imc->next) {
549 		if (imc->ReceiveMessage == NULL ||
550 		    !tncc_supported_type(imc, type))
551 			continue;
552 
553 		wpa_printf(MSG_DEBUG, "TNC: Call ReceiveMessage for IMC '%s'",
554 			   imc->name);
555 		res = imc->ReceiveMessage(imc->imcID, imc->connectionID,
556 					  (TNC_BufferReference) msg, len,
557 					  type);
558 		wpa_printf(MSG_DEBUG, "TNC: ReceiveMessage: %lu",
559 			   (unsigned long) res);
560 	}
561 }
562 
563 
tncc_init_connection(struct tncc_data * tncc)564 void tncc_init_connection(struct tncc_data *tncc)
565 {
566 	struct tnc_if_imc *imc;
567 
568 	for (imc = tncc->imc; imc; imc = imc->next) {
569 		tncc_imc_notify_connection_change(
570 			imc, TNC_CONNECTION_STATE_CREATE);
571 		tncc_imc_notify_connection_change(
572 			imc, TNC_CONNECTION_STATE_HANDSHAKE);
573 
574 		os_free(imc->imc_send);
575 		imc->imc_send = NULL;
576 		imc->imc_send_len = 0;
577 
578 		tncc_imc_begin_handshake(imc);
579 	}
580 }
581 
582 
tncc_total_send_len(struct tncc_data * tncc)583 size_t tncc_total_send_len(struct tncc_data *tncc)
584 {
585 	struct tnc_if_imc *imc;
586 
587 	size_t len = 0;
588 	for (imc = tncc->imc; imc; imc = imc->next)
589 		len += imc->imc_send_len;
590 	return len;
591 }
592 
593 
tncc_copy_send_buf(struct tncc_data * tncc,u8 * pos)594 u8 * tncc_copy_send_buf(struct tncc_data *tncc, u8 *pos)
595 {
596 	struct tnc_if_imc *imc;
597 
598 	for (imc = tncc->imc; imc; imc = imc->next) {
599 		if (imc->imc_send == NULL)
600 			continue;
601 
602 		os_memcpy(pos, imc->imc_send, imc->imc_send_len);
603 		pos += imc->imc_send_len;
604 		os_free(imc->imc_send);
605 		imc->imc_send = NULL;
606 		imc->imc_send_len = 0;
607 	}
608 
609 	return pos;
610 }
611 
612 
tncc_if_tnccs_start(struct tncc_data * tncc)613 char * tncc_if_tnccs_start(struct tncc_data *tncc)
614 {
615 	char *buf = os_malloc(1000);
616 	if (buf == NULL)
617 		return NULL;
618 	tncc->last_batchid++;
619 	os_snprintf(buf, 1000, IF_TNCCS_START, tncc->last_batchid);
620 	return buf;
621 }
622 
623 
tncc_if_tnccs_end(void)624 char * tncc_if_tnccs_end(void)
625 {
626 	char *buf = os_malloc(100);
627 	if (buf == NULL)
628 		return NULL;
629 	os_snprintf(buf, 100, IF_TNCCS_END);
630 	return buf;
631 }
632 
633 
tncc_notify_recommendation(struct tncc_data * tncc,enum tncc_process_res res)634 static void tncc_notify_recommendation(struct tncc_data *tncc,
635 				       enum tncc_process_res res)
636 {
637 	TNC_ConnectionState state;
638 	struct tnc_if_imc *imc;
639 
640 	switch (res) {
641 	case TNCCS_RECOMMENDATION_ALLOW:
642 		state = TNC_CONNECTION_STATE_ACCESS_ALLOWED;
643 		break;
644 	case TNCCS_RECOMMENDATION_NONE:
645 		state = TNC_CONNECTION_STATE_ACCESS_NONE;
646 		break;
647 	case TNCCS_RECOMMENDATION_ISOLATE:
648 		state = TNC_CONNECTION_STATE_ACCESS_ISOLATED;
649 		break;
650 	default:
651 		state = TNC_CONNECTION_STATE_ACCESS_NONE;
652 		break;
653 	}
654 
655 	for (imc = tncc->imc; imc; imc = imc->next)
656 		tncc_imc_notify_connection_change(imc, state);
657 }
658 
659 
tncc_get_type(char * start,unsigned int * type)660 static int tncc_get_type(char *start, unsigned int *type)
661 {
662 	char *pos = os_strstr(start, "<Type>");
663 	if (pos == NULL)
664 		return -1;
665 	pos += 6;
666 	*type = strtoul(pos, NULL, 16);
667 	return 0;
668 }
669 
670 
tncc_get_base64(char * start,size_t * decoded_len)671 static unsigned char * tncc_get_base64(char *start, size_t *decoded_len)
672 {
673 	char *pos, *pos2;
674 	unsigned char *decoded;
675 
676 	pos = os_strstr(start, "<Base64>");
677 	if (pos == NULL)
678 		return NULL;
679 
680 	pos += 8;
681 	pos2 = os_strstr(pos, "</Base64>");
682 	if (pos2 == NULL)
683 		return NULL;
684 	*pos2 = '\0';
685 
686 	decoded = base64_decode((unsigned char *) pos, os_strlen(pos),
687 				decoded_len);
688 	*pos2 = '<';
689 	if (decoded == NULL) {
690 		wpa_printf(MSG_DEBUG, "TNC: Failed to decode Base64 data");
691 	}
692 
693 	return decoded;
694 }
695 
696 
tncc_get_recommendation(char * start)697 static enum tncc_process_res tncc_get_recommendation(char *start)
698 {
699 	char *pos, *pos2, saved;
700 	int recom;
701 
702 	pos = os_strstr(start, "<TNCCS-Recommendation ");
703 	if (pos == NULL)
704 		return TNCCS_RECOMMENDATION_ERROR;
705 
706 	pos += 21;
707 	pos = os_strstr(pos, " type=");
708 	if (pos == NULL)
709 		return TNCCS_RECOMMENDATION_ERROR;
710 	pos += 6;
711 
712 	if (*pos == '"')
713 		pos++;
714 
715 	pos2 = pos;
716 	while (*pos2 != '\0' && *pos2 != '"' && *pos2 != '>')
717 		pos2++;
718 
719 	if (*pos2 == '\0')
720 		return TNCCS_RECOMMENDATION_ERROR;
721 
722 	saved = *pos2;
723 	*pos2 = '\0';
724 	wpa_printf(MSG_DEBUG, "TNC: TNCCS-Recommendation: '%s'", pos);
725 
726 	recom = TNCCS_RECOMMENDATION_ERROR;
727 	if (os_strcmp(pos, "allow") == 0)
728 		recom = TNCCS_RECOMMENDATION_ALLOW;
729 	else if (os_strcmp(pos, "none") == 0)
730 		recom = TNCCS_RECOMMENDATION_NONE;
731 	else if (os_strcmp(pos, "isolate") == 0)
732 		recom = TNCCS_RECOMMENDATION_ISOLATE;
733 
734 	*pos2 = saved;
735 
736 	return recom;
737 }
738 
739 
tncc_process_if_tnccs(struct tncc_data * tncc,const u8 * msg,size_t len)740 enum tncc_process_res tncc_process_if_tnccs(struct tncc_data *tncc,
741 					    const u8 *msg, size_t len)
742 {
743 	char *buf, *start, *end, *pos, *pos2, *payload;
744 	unsigned int batch_id;
745 	unsigned char *decoded;
746 	size_t decoded_len;
747 	enum tncc_process_res res = TNCCS_PROCESS_OK_NO_RECOMMENDATION;
748 	int recommendation_msg = 0;
749 
750 	buf = os_malloc(len + 1);
751 	if (buf == NULL)
752 		return TNCCS_PROCESS_ERROR;
753 
754 	os_memcpy(buf, msg, len);
755 	buf[len] = '\0';
756 	start = os_strstr(buf, "<TNCCS-Batch ");
757 	end = os_strstr(buf, "</TNCCS-Batch>");
758 	if (start == NULL || end == NULL || start > end) {
759 		os_free(buf);
760 		return TNCCS_PROCESS_ERROR;
761 	}
762 
763 	start += 13;
764 	while (*start == ' ')
765 		start++;
766 	*end = '\0';
767 
768 	pos = os_strstr(start, "BatchId=");
769 	if (pos == NULL) {
770 		os_free(buf);
771 		return TNCCS_PROCESS_ERROR;
772 	}
773 
774 	pos += 8;
775 	if (*pos == '"')
776 		pos++;
777 	batch_id = atoi(pos);
778 	wpa_printf(MSG_DEBUG, "TNC: Received IF-TNCCS BatchId=%u",
779 		   batch_id);
780 	if (batch_id != tncc->last_batchid + 1) {
781 		wpa_printf(MSG_DEBUG, "TNC: Unexpected IF-TNCCS BatchId "
782 			   "%u (expected %u)",
783 			   batch_id, tncc->last_batchid + 1);
784 		os_free(buf);
785 		return TNCCS_PROCESS_ERROR;
786 	}
787 	tncc->last_batchid = batch_id;
788 
789 	while (*pos != '\0' && *pos != '>')
790 		pos++;
791 	if (*pos == '\0') {
792 		os_free(buf);
793 		return TNCCS_PROCESS_ERROR;
794 	}
795 	pos++;
796 	payload = start;
797 
798 	/*
799 	 * <IMC-IMV-Message>
800 	 * <Type>01234567</Type>
801 	 * <Base64>foo==</Base64>
802 	 * </IMC-IMV-Message>
803 	 */
804 
805 	while (*start) {
806 		char *endpos;
807 		unsigned int type;
808 
809 		pos = os_strstr(start, "<IMC-IMV-Message>");
810 		if (pos == NULL)
811 			break;
812 		start = pos + 17;
813 		end = os_strstr(start, "</IMC-IMV-Message>");
814 		if (end == NULL)
815 			break;
816 		*end = '\0';
817 		endpos = end;
818 		end += 18;
819 
820 		if (tncc_get_type(start, &type) < 0) {
821 			*endpos = '<';
822 			start = end;
823 			continue;
824 		}
825 		wpa_printf(MSG_DEBUG, "TNC: IMC-IMV-Message Type 0x%x", type);
826 
827 		decoded = tncc_get_base64(start, &decoded_len);
828 		if (decoded == NULL) {
829 			*endpos = '<';
830 			start = end;
831 			continue;
832 		}
833 
834 		tncc_send_to_imcs(tncc, type, decoded, decoded_len);
835 
836 		os_free(decoded);
837 
838 		start = end;
839 	}
840 
841 	/*
842 	 * <TNCC-TNCS-Message>
843 	 * <Type>01234567</Type>
844 	 * <XML><TNCCS-Foo type="foo"></TNCCS-Foo></XML>
845 	 * <Base64>foo==</Base64>
846 	 * </TNCC-TNCS-Message>
847 	 */
848 
849 	start = payload;
850 	while (*start) {
851 		unsigned int type;
852 		char *xml, *xmlend, *endpos;
853 
854 		pos = os_strstr(start, "<TNCC-TNCS-Message>");
855 		if (pos == NULL)
856 			break;
857 		start = pos + 19;
858 		end = os_strstr(start, "</TNCC-TNCS-Message>");
859 		if (end == NULL)
860 			break;
861 		*end = '\0';
862 		endpos = end;
863 		end += 20;
864 
865 		if (tncc_get_type(start, &type) < 0) {
866 			*endpos = '<';
867 			start = end;
868 			continue;
869 		}
870 		wpa_printf(MSG_DEBUG, "TNC: TNCC-TNCS-Message Type 0x%x",
871 			   type);
872 
873 		/* Base64 OR XML */
874 		decoded = NULL;
875 		xml = NULL;
876 		xmlend = NULL;
877 		pos = os_strstr(start, "<XML>");
878 		if (pos) {
879 			pos += 5;
880 			pos2 = os_strstr(pos, "</XML>");
881 			if (pos2 == NULL) {
882 				*endpos = '<';
883 				start = end;
884 				continue;
885 			}
886 			xmlend = pos2;
887 			xml = pos;
888 		} else {
889 			decoded = tncc_get_base64(start, &decoded_len);
890 			if (decoded == NULL) {
891 				*endpos = '<';
892 				start = end;
893 				continue;
894 			}
895 		}
896 
897 		if (decoded) {
898 			wpa_hexdump_ascii(MSG_MSGDUMP,
899 					  "TNC: TNCC-TNCS-Message Base64",
900 					  decoded, decoded_len);
901 			os_free(decoded);
902 		}
903 
904 		if (xml) {
905 			wpa_hexdump_ascii(MSG_MSGDUMP,
906 					  "TNC: TNCC-TNCS-Message XML",
907 					  (unsigned char *) xml,
908 					  xmlend - xml);
909 		}
910 
911 		if (type == TNC_TNCCS_RECOMMENDATION && xml) {
912 			/*
913 			 * <TNCCS-Recommendation type="allow">
914 			 * </TNCCS-Recommendation>
915 			 */
916 			*xmlend = '\0';
917 			res = tncc_get_recommendation(xml);
918 			*xmlend = '<';
919 			recommendation_msg = 1;
920 		}
921 
922 		start = end;
923 	}
924 
925 	os_free(buf);
926 
927 	if (recommendation_msg)
928 		tncc_notify_recommendation(tncc, res);
929 
930 	return res;
931 }
932 
933 
934 #ifdef CONFIG_NATIVE_WINDOWS
tncc_read_config_reg(struct tncc_data * tncc,HKEY hive)935 static int tncc_read_config_reg(struct tncc_data *tncc, HKEY hive)
936 {
937 	HKEY hk, hk2;
938 	LONG ret;
939 	DWORD i;
940 	struct tnc_if_imc *imc, *last;
941 	int j;
942 
943 	last = tncc->imc;
944 	while (last && last->next)
945 		last = last->next;
946 
947 	ret = RegOpenKeyEx(hive, TNC_WINREG_PATH, 0, KEY_ENUMERATE_SUB_KEYS,
948 			   &hk);
949 	if (ret != ERROR_SUCCESS)
950 		return 0;
951 
952 	for (i = 0; ; i++) {
953 		TCHAR name[255], *val;
954 		DWORD namelen, buflen;
955 
956 		namelen = 255;
957 		ret = RegEnumKeyEx(hk, i, name, &namelen, NULL, NULL, NULL,
958 				   NULL);
959 
960 		if (ret == ERROR_NO_MORE_ITEMS)
961 			break;
962 
963 		if (ret != ERROR_SUCCESS) {
964 			wpa_printf(MSG_DEBUG, "TNC: RegEnumKeyEx failed: 0x%x",
965 				   (unsigned int) ret);
966 			break;
967 		}
968 
969 		if (namelen >= 255)
970 			namelen = 255 - 1;
971 		name[namelen] = '\0';
972 
973 		wpa_printf(MSG_DEBUG, "TNC: IMC '" TSTR "'", name);
974 
975 		ret = RegOpenKeyEx(hk, name, 0, KEY_QUERY_VALUE, &hk2);
976 		if (ret != ERROR_SUCCESS) {
977 			wpa_printf(MSG_DEBUG, "Could not open IMC key '" TSTR
978 				   "'", name);
979 			continue;
980 		}
981 
982 		ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL, NULL,
983 				      &buflen);
984 		if (ret != ERROR_SUCCESS) {
985 			wpa_printf(MSG_DEBUG, "TNC: Could not read Path from "
986 				   "IMC key '" TSTR "'", name);
987 			RegCloseKey(hk2);
988 			continue;
989 		}
990 
991 		val = os_malloc(buflen);
992 		if (val == NULL) {
993 			RegCloseKey(hk2);
994 			continue;
995 		}
996 
997 		ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL,
998 				      (LPBYTE) val, &buflen);
999 		if (ret != ERROR_SUCCESS) {
1000 			os_free(val);
1001 			RegCloseKey(hk2);
1002 			continue;
1003 		}
1004 
1005 		RegCloseKey(hk2);
1006 
1007 		wpa_unicode2ascii_inplace(val);
1008 		wpa_printf(MSG_DEBUG, "TNC: IMC Path '%s'", (char *) val);
1009 
1010 		for (j = 0; j < TNC_MAX_IMC_ID; j++) {
1011 			if (tnc_imc[j] == NULL)
1012 				break;
1013 		}
1014 		if (j >= TNC_MAX_IMC_ID) {
1015 			wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
1016 			os_free(val);
1017 			continue;
1018 		}
1019 
1020 		imc = os_zalloc(sizeof(*imc));
1021 		if (imc == NULL) {
1022 			os_free(val);
1023 			break;
1024 		}
1025 
1026 		imc->imcID = j;
1027 
1028 		wpa_unicode2ascii_inplace(name);
1029 		imc->name = os_strdup((char *) name);
1030 		imc->path = os_strdup((char *) val);
1031 
1032 		os_free(val);
1033 
1034 		if (last == NULL)
1035 			tncc->imc = imc;
1036 		else
1037 			last->next = imc;
1038 		last = imc;
1039 
1040 		tnc_imc[imc->imcID] = imc;
1041 	}
1042 
1043 	RegCloseKey(hk);
1044 
1045 	return 0;
1046 }
1047 
1048 
tncc_read_config(struct tncc_data * tncc)1049 static int tncc_read_config(struct tncc_data *tncc)
1050 {
1051 	if (tncc_read_config_reg(tncc, HKEY_LOCAL_MACHINE) < 0 ||
1052 	    tncc_read_config_reg(tncc, HKEY_CURRENT_USER) < 0)
1053 		return -1;
1054 	return 0;
1055 }
1056 
1057 #else /* CONFIG_NATIVE_WINDOWS */
1058 
tncc_parse_imc(char * start,char * end,int * error)1059 static struct tnc_if_imc * tncc_parse_imc(char *start, char *end, int *error)
1060 {
1061 	struct tnc_if_imc *imc;
1062 	char *pos, *pos2;
1063 	int i;
1064 
1065 	for (i = 0; i < TNC_MAX_IMC_ID; i++) {
1066 		if (tnc_imc[i] == NULL)
1067 			break;
1068 	}
1069 	if (i >= TNC_MAX_IMC_ID) {
1070 		wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
1071 		return NULL;
1072 	}
1073 
1074 	imc = os_zalloc(sizeof(*imc));
1075 	if (imc == NULL) {
1076 		*error = 1;
1077 		return NULL;
1078 	}
1079 
1080 	imc->imcID = i;
1081 
1082 	pos = start;
1083 	wpa_printf(MSG_DEBUG, "TNC: Configured IMC: %s", pos);
1084 	if (pos + 1 >= end || *pos != '"') {
1085 		wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1086 			   "(no starting quotation mark)", start);
1087 		os_free(imc);
1088 		return NULL;
1089 	}
1090 
1091 	pos++;
1092 	pos2 = pos;
1093 	while (pos2 < end && *pos2 != '"')
1094 		pos2++;
1095 	if (pos2 >= end) {
1096 		wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1097 			   "(no ending quotation mark)", start);
1098 		os_free(imc);
1099 		return NULL;
1100 	}
1101 	*pos2 = '\0';
1102 	wpa_printf(MSG_DEBUG, "TNC: Name: '%s'", pos);
1103 	imc->name = os_strdup(pos);
1104 
1105 	pos = pos2 + 1;
1106 	if (pos >= end || *pos != ' ') {
1107 		wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
1108 			   "(no space after name)", start);
1109 		os_free(imc->name);
1110 		os_free(imc);
1111 		return NULL;
1112 	}
1113 
1114 	pos++;
1115 	wpa_printf(MSG_DEBUG, "TNC: IMC file: '%s'", pos);
1116 	imc->path = os_strdup(pos);
1117 	tnc_imc[imc->imcID] = imc;
1118 
1119 	return imc;
1120 }
1121 
1122 
tncc_read_config(struct tncc_data * tncc)1123 static int tncc_read_config(struct tncc_data *tncc)
1124 {
1125 	char *config, *end, *pos, *line_end;
1126 	size_t config_len;
1127 	struct tnc_if_imc *imc, *last;
1128 
1129 	last = NULL;
1130 
1131 	config = os_readfile(TNC_CONFIG_FILE, &config_len);
1132 	if (config == NULL) {
1133 		wpa_printf(MSG_ERROR, "TNC: Could not open TNC configuration "
1134 			   "file '%s'", TNC_CONFIG_FILE);
1135 		return -1;
1136 	}
1137 
1138 	end = config + config_len;
1139 	for (pos = config; pos < end; pos = line_end + 1) {
1140 		line_end = pos;
1141 		while (*line_end != '\n' && *line_end != '\r' &&
1142 		       line_end < end)
1143 			line_end++;
1144 		*line_end = '\0';
1145 
1146 		if (os_strncmp(pos, "IMC ", 4) == 0) {
1147 			int error = 0;
1148 
1149 			imc = tncc_parse_imc(pos + 4, line_end, &error);
1150 			if (error)
1151 				return -1;
1152 			if (imc) {
1153 				if (last == NULL)
1154 					tncc->imc = imc;
1155 				else
1156 					last->next = imc;
1157 				last = imc;
1158 			}
1159 		}
1160 	}
1161 
1162 	os_free(config);
1163 
1164 	return 0;
1165 }
1166 
1167 #endif /* CONFIG_NATIVE_WINDOWS */
1168 
1169 
tncc_init(void)1170 struct tncc_data * tncc_init(void)
1171 {
1172 	struct tncc_data *tncc;
1173 	struct tnc_if_imc *imc;
1174 
1175 	tncc = os_zalloc(sizeof(*tncc));
1176 	if (tncc == NULL)
1177 		return NULL;
1178 
1179 	/* TODO:
1180 	 * move loading and Initialize() to a location that is not
1181 	 *    re-initialized for every EAP-TNC session (?)
1182 	 */
1183 
1184 	if (tncc_read_config(tncc) < 0) {
1185 		wpa_printf(MSG_ERROR, "TNC: Failed to read TNC configuration");
1186 		goto failed;
1187 	}
1188 
1189 	for (imc = tncc->imc; imc; imc = imc->next) {
1190 		if (tncc_load_imc(imc)) {
1191 			wpa_printf(MSG_ERROR, "TNC: Failed to load IMC '%s'",
1192 				   imc->name);
1193 			goto failed;
1194 		}
1195 	}
1196 
1197 	return tncc;
1198 
1199 failed:
1200 	tncc_deinit(tncc);
1201 	return NULL;
1202 }
1203 
1204 
tncc_deinit(struct tncc_data * tncc)1205 void tncc_deinit(struct tncc_data *tncc)
1206 {
1207 	struct tnc_if_imc *imc, *prev;
1208 
1209 	imc = tncc->imc;
1210 	while (imc) {
1211 		tncc_unload_imc(imc);
1212 
1213 		prev = imc;
1214 		imc = imc->next;
1215 		os_free(prev);
1216 	}
1217 
1218 	os_free(tncc);
1219 }
1220 
1221 
tncc_build_soh(int ver)1222 static struct wpabuf * tncc_build_soh(int ver)
1223 {
1224 	struct wpabuf *buf;
1225 	u8 *tlv_len, *tlv_len2, *outer_len, *inner_len, *ssoh_len, *end;
1226 	u8 correlation_id[24];
1227 	/* TODO: get correct name */
1228 	char *machinename = "wpa_supplicant@w1.fi";
1229 
1230 	if (os_get_random(correlation_id, sizeof(correlation_id)))
1231 		return NULL;
1232 	wpa_hexdump(MSG_DEBUG, "TNC: SoH Correlation ID",
1233 		    correlation_id, sizeof(correlation_id));
1234 
1235 	buf = wpabuf_alloc(200);
1236 	if (buf == NULL)
1237 		return NULL;
1238 
1239 	/* Vendor-Specific TLV (Microsoft) - SoH */
1240 	wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* TLV Type */
1241 	tlv_len = wpabuf_put(buf, 2); /* Length */
1242 	wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* Vendor_Id */
1243 	wpabuf_put_be16(buf, 0x01); /* TLV Type - SoH TLV */
1244 	tlv_len2 = wpabuf_put(buf, 2); /* Length */
1245 
1246 	/* SoH Header */
1247 	wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* Outer Type */
1248 	outer_len = wpabuf_put(buf, 2);
1249 	wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1250 	wpabuf_put_be16(buf, ver); /* Inner Type */
1251 	inner_len = wpabuf_put(buf, 2);
1252 
1253 	if (ver == 2) {
1254 		/* SoH Mode Sub-Header */
1255 		/* Outer Type */
1256 		wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
1257 		wpabuf_put_be16(buf, 4 + 24 + 1 + 1); /* Length */
1258 		wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1259 		/* Value: */
1260 		wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
1261 		wpabuf_put_u8(buf, 0x01); /* Intent Flag - Request */
1262 		wpabuf_put_u8(buf, 0x00); /* Content-Type Flag */
1263 	}
1264 
1265 	/* SSoH TLV */
1266 	/* System-Health-Id */
1267 	wpabuf_put_be16(buf, 0x0002); /* Type */
1268 	wpabuf_put_be16(buf, 4); /* Length */
1269 	wpabuf_put_be32(buf, 79616);
1270 	/* Vendor-Specific Attribute */
1271 	wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
1272 	ssoh_len = wpabuf_put(buf, 2);
1273 	wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
1274 
1275 	/* MS-Packet-Info */
1276 	wpabuf_put_u8(buf, SSOH_MS_PACKET_INFO);
1277 	/* Note: IF-TNCCS-SOH v1.0 r8 claims this field to be:
1278 	 * Reserved(4 bits) r(1 bit) Vers(3 bits), but Windows XP
1279 	 * SP3 seems to be sending 0x11 for SSoH, i.e., r(request/response) bit
1280 	 * would not be in the specified location.
1281 	 * [MS-SOH] 4.0.2: Reserved(3 bits) r(1 bit) Vers(4 bits)
1282 	 */
1283 	wpabuf_put_u8(buf, 0x11); /* r=request, vers=1 */
1284 
1285 	/* MS-Machine-Inventory */
1286 	/* TODO: get correct values; 0 = not applicable for OS */
1287 	wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY);
1288 	wpabuf_put_be32(buf, 0); /* osVersionMajor */
1289 	wpabuf_put_be32(buf, 0); /* osVersionMinor */
1290 	wpabuf_put_be32(buf, 0); /* osVersionBuild */
1291 	wpabuf_put_be16(buf, 0); /* spVersionMajor */
1292 	wpabuf_put_be16(buf, 0); /* spVersionMinor */
1293 	wpabuf_put_be16(buf, 0); /* procArch */
1294 
1295 	/* MS-MachineName */
1296 	wpabuf_put_u8(buf, SSOH_MS_MACHINENAME);
1297 	wpabuf_put_be16(buf, os_strlen(machinename) + 1);
1298 	wpabuf_put_data(buf, machinename, os_strlen(machinename) + 1);
1299 
1300 	/* MS-CorrelationId */
1301 	wpabuf_put_u8(buf, SSOH_MS_CORRELATIONID);
1302 	wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
1303 
1304 	/* MS-Quarantine-State */
1305 	wpabuf_put_u8(buf, SSOH_MS_QUARANTINE_STATE);
1306 	wpabuf_put_be16(buf, 1); /* Flags: ExtState=0, f=0, qState=1 */
1307 	wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (hi) */
1308 	wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (lo) */
1309 	wpabuf_put_be16(buf, 1); /* urlLenInBytes */
1310 	wpabuf_put_u8(buf, 0); /* null termination for the url */
1311 
1312 	/* MS-Machine-Inventory-Ex */
1313 	wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY_EX);
1314 	wpabuf_put_be32(buf, 0); /* Reserved
1315 				  * (note: Windows XP SP3 uses 0xdecafbad) */
1316 	wpabuf_put_u8(buf, 1); /* ProductType: Client */
1317 
1318 	/* Update SSoH Length */
1319 	end = wpabuf_put(buf, 0);
1320 	WPA_PUT_BE16(ssoh_len, end - ssoh_len - 2);
1321 
1322 	/* TODO: SoHReportEntry TLV (zero or more) */
1323 
1324 	/* Update length fields */
1325 	end = wpabuf_put(buf, 0);
1326 	WPA_PUT_BE16(tlv_len, end - tlv_len - 2);
1327 	WPA_PUT_BE16(tlv_len2, end - tlv_len2 - 2);
1328 	WPA_PUT_BE16(outer_len, end - outer_len - 2);
1329 	WPA_PUT_BE16(inner_len, end - inner_len - 2);
1330 
1331 	return buf;
1332 }
1333 
1334 
tncc_process_soh_request(int ver,const u8 * data,size_t len)1335 struct wpabuf * tncc_process_soh_request(int ver, const u8 *data, size_t len)
1336 {
1337 	const u8 *pos;
1338 
1339 	wpa_hexdump(MSG_DEBUG, "TNC: SoH Request", data, len);
1340 
1341 	if (len < 12)
1342 		return NULL;
1343 
1344 	/* SoH Request */
1345 	pos = data;
1346 
1347 	/* TLV Type */
1348 	if (WPA_GET_BE16(pos) != EAP_TLV_VENDOR_SPECIFIC_TLV)
1349 		return NULL;
1350 	pos += 2;
1351 
1352 	/* Length */
1353 	if (WPA_GET_BE16(pos) < 8)
1354 		return NULL;
1355 	pos += 2;
1356 
1357 	/* Vendor_Id */
1358 	if (WPA_GET_BE32(pos) != EAP_VENDOR_MICROSOFT)
1359 		return NULL;
1360 	pos += 4;
1361 
1362 	/* TLV Type */
1363 	if (WPA_GET_BE16(pos) != 0x02 /* SoH request TLV */)
1364 		return NULL;
1365 
1366 	wpa_printf(MSG_DEBUG, "TNC: SoH Request TLV received");
1367 
1368 	return tncc_build_soh(2);
1369 }
1370