Home | History | Annotate | Download | only in eap_peer
      1 /*
      2  * EAP-TNC - TNCC (IF-IMC and IF-TNCCS)
      3  * Copyright (c) 2007, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 #ifndef CONFIG_NATIVE_WINDOWS
     11 #include <dlfcn.h>
     12 #endif /* CONFIG_NATIVE_WINDOWS */
     13 
     14 #include "common.h"
     15 #include "base64.h"
     16 #include "common/tnc.h"
     17 #include "tncc.h"
     18 #include "eap_common/eap_tlv_common.h"
     19 #include "eap_common/eap_defs.h"
     20 
     21 
     22 #ifdef UNICODE
     23 #define TSTR "%S"
     24 #else /* UNICODE */
     25 #define TSTR "%s"
     26 #endif /* UNICODE */
     27 
     28 
     29 #ifndef TNC_CONFIG_FILE
     30 #define TNC_CONFIG_FILE "/etc/tnc_config"
     31 #endif /* TNC_CONFIG_FILE */
     32 #define TNC_WINREG_PATH TEXT("SOFTWARE\\Trusted Computing Group\\TNC\\IMCs")
     33 #define IF_TNCCS_START \
     34 "<?xml version=\"1.0\"?>\n" \
     35 "<TNCCS-Batch BatchId=\"%d\" Recipient=\"TNCS\" " \
     36 "xmlns=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/IF_TNCCS#\" " \
     37 "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " \
     38 "xsi:schemaLocation=\"http://www.trustedcomputinggroup.org/IWG/TNC/1_0/" \
     39 "IF_TNCCS# https://www.trustedcomputinggroup.org/XML/SCHEMA/TNCCS_1.0.xsd\">\n"
     40 #define IF_TNCCS_END "\n</TNCCS-Batch>"
     41 
     42 /* TNC IF-IMC */
     43 
     44 /* IF-TNCCS-SOH - SSoH and SSoHR Attributes */
     45 enum {
     46 	SSOH_MS_MACHINE_INVENTORY = 1,
     47 	SSOH_MS_QUARANTINE_STATE = 2,
     48 	SSOH_MS_PACKET_INFO = 3,
     49 	SSOH_MS_SYSTEMGENERATED_IDS = 4,
     50 	SSOH_MS_MACHINENAME = 5,
     51 	SSOH_MS_CORRELATIONID = 6,
     52 	SSOH_MS_INSTALLED_SHVS = 7,
     53 	SSOH_MS_MACHINE_INVENTORY_EX = 8
     54 };
     55 
     56 struct tnc_if_imc {
     57 	struct tnc_if_imc *next;
     58 	char *name;
     59 	char *path;
     60 	void *dlhandle; /* from dlopen() */
     61 	TNC_IMCID imcID;
     62 	TNC_ConnectionID connectionID;
     63 	TNC_MessageTypeList supported_types;
     64 	size_t num_supported_types;
     65 	u8 *imc_send;
     66 	size_t imc_send_len;
     67 
     68 	/* Functions implemented by IMCs (with TNC_IMC_ prefix) */
     69 	TNC_Result (*Initialize)(
     70 		TNC_IMCID imcID,
     71 		TNC_Version minVersion,
     72 		TNC_Version maxVersion,
     73 		TNC_Version *pOutActualVersion);
     74 	TNC_Result (*NotifyConnectionChange)(
     75 		TNC_IMCID imcID,
     76 		TNC_ConnectionID connectionID,
     77 		TNC_ConnectionState newState);
     78 	TNC_Result (*BeginHandshake)(
     79 		TNC_IMCID imcID,
     80 		TNC_ConnectionID connectionID);
     81 	TNC_Result (*ReceiveMessage)(
     82 		TNC_IMCID imcID,
     83 		TNC_ConnectionID connectionID,
     84 		TNC_BufferReference messageBuffer,
     85 		TNC_UInt32 messageLength,
     86 		TNC_MessageType messageType);
     87 	TNC_Result (*BatchEnding)(
     88 		TNC_IMCID imcID,
     89 		TNC_ConnectionID connectionID);
     90 	TNC_Result (*Terminate)(TNC_IMCID imcID);
     91 	TNC_Result (*ProvideBindFunction)(
     92 		TNC_IMCID imcID,
     93 		TNC_TNCC_BindFunctionPointer bindFunction);
     94 };
     95 
     96 struct tncc_data {
     97 	struct tnc_if_imc *imc;
     98 	unsigned int last_batchid;
     99 };
    100 
    101 #define TNC_MAX_IMC_ID 10
    102 static struct tnc_if_imc *tnc_imc[TNC_MAX_IMC_ID] = { NULL };
    103 
    104 
    105 /* TNCC functions that IMCs can call */
    106 
    107 TNC_Result TNC_TNCC_ReportMessageTypes(
    108 	TNC_IMCID imcID,
    109 	TNC_MessageTypeList supportedTypes,
    110 	TNC_UInt32 typeCount)
    111 {
    112 	TNC_UInt32 i;
    113 	struct tnc_if_imc *imc;
    114 
    115 	wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_ReportMessageTypes(imcID=%lu "
    116 		   "typeCount=%lu)",
    117 		   (unsigned long) imcID, (unsigned long) typeCount);
    118 
    119 	for (i = 0; i < typeCount; i++) {
    120 		wpa_printf(MSG_DEBUG, "TNC: supportedTypes[%lu] = %lu",
    121 			   i, supportedTypes[i]);
    122 	}
    123 
    124 	if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
    125 		return TNC_RESULT_INVALID_PARAMETER;
    126 
    127 	imc = tnc_imc[imcID];
    128 	os_free(imc->supported_types);
    129 	imc->supported_types =
    130 		os_malloc(typeCount * sizeof(TNC_MessageType));
    131 	if (imc->supported_types == NULL)
    132 		return TNC_RESULT_FATAL;
    133 	os_memcpy(imc->supported_types, supportedTypes,
    134 		  typeCount * sizeof(TNC_MessageType));
    135 	imc->num_supported_types = typeCount;
    136 
    137 	return TNC_RESULT_SUCCESS;
    138 }
    139 
    140 
    141 TNC_Result TNC_TNCC_SendMessage(
    142 	TNC_IMCID imcID,
    143 	TNC_ConnectionID connectionID,
    144 	TNC_BufferReference message,
    145 	TNC_UInt32 messageLength,
    146 	TNC_MessageType messageType)
    147 {
    148 	struct tnc_if_imc *imc;
    149 	unsigned char *b64;
    150 	size_t b64len;
    151 
    152 	wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage(imcID=%lu "
    153 		   "connectionID=%lu messageType=%lu)",
    154 		   imcID, connectionID, messageType);
    155 	wpa_hexdump_ascii(MSG_DEBUG, "TNC: TNC_TNCC_SendMessage",
    156 			  message, messageLength);
    157 
    158 	if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
    159 		return TNC_RESULT_INVALID_PARAMETER;
    160 
    161 	b64 = base64_encode(message, messageLength, &b64len);
    162 	if (b64 == NULL)
    163 		return TNC_RESULT_FATAL;
    164 
    165 	imc = tnc_imc[imcID];
    166 	os_free(imc->imc_send);
    167 	imc->imc_send_len = 0;
    168 	imc->imc_send = os_zalloc(b64len + 100);
    169 	if (imc->imc_send == NULL) {
    170 		os_free(b64);
    171 		return TNC_RESULT_OTHER;
    172 	}
    173 
    174 	imc->imc_send_len =
    175 		os_snprintf((char *) imc->imc_send, b64len + 100,
    176 			    "<IMC-IMV-Message><Type>%08X</Type>"
    177 			    "<Base64>%s</Base64></IMC-IMV-Message>",
    178 			    (unsigned int) messageType, b64);
    179 
    180 	os_free(b64);
    181 
    182 	return TNC_RESULT_SUCCESS;
    183 }
    184 
    185 
    186 TNC_Result TNC_TNCC_RequestHandshakeRetry(
    187 	TNC_IMCID imcID,
    188 	TNC_ConnectionID connectionID,
    189 	TNC_RetryReason reason)
    190 {
    191 	wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_RequestHandshakeRetry");
    192 
    193 	if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
    194 		return TNC_RESULT_INVALID_PARAMETER;
    195 
    196 	/*
    197 	 * TODO: trigger a call to eapol_sm_request_reauth(). This would
    198 	 * require that the IMC continues to be loaded in memory afer
    199 	 * authentication..
    200 	 */
    201 
    202 	return TNC_RESULT_SUCCESS;
    203 }
    204 
    205 
    206 TNC_Result TNC_9048_LogMessage(TNC_IMCID imcID, TNC_UInt32 severity,
    207 			       const char *message)
    208 {
    209 	wpa_printf(MSG_DEBUG, "TNC: TNC_9048_LogMessage(imcID=%lu "
    210 		   "severity==%lu message='%s')",
    211 		   imcID, severity, message);
    212 	return TNC_RESULT_SUCCESS;
    213 }
    214 
    215 
    216 TNC_Result TNC_9048_UserMessage(TNC_IMCID imcID, TNC_ConnectionID connectionID,
    217 				const char *message)
    218 {
    219 	wpa_printf(MSG_DEBUG, "TNC: TNC_9048_UserMessage(imcID=%lu "
    220 		   "connectionID==%lu message='%s')",
    221 		   imcID, connectionID, message);
    222 	return TNC_RESULT_SUCCESS;
    223 }
    224 
    225 
    226 TNC_Result TNC_TNCC_BindFunction(
    227 	TNC_IMCID imcID,
    228 	char *functionName,
    229 	void **pOutfunctionPointer)
    230 {
    231 	wpa_printf(MSG_DEBUG, "TNC: TNC_TNCC_BindFunction(imcID=%lu, "
    232 		   "functionName='%s')", (unsigned long) imcID, functionName);
    233 
    234 	if (imcID >= TNC_MAX_IMC_ID || tnc_imc[imcID] == NULL)
    235 		return TNC_RESULT_INVALID_PARAMETER;
    236 
    237 	if (pOutfunctionPointer == NULL)
    238 		return TNC_RESULT_INVALID_PARAMETER;
    239 
    240 	if (os_strcmp(functionName, "TNC_TNCC_ReportMessageTypes") == 0)
    241 		*pOutfunctionPointer = TNC_TNCC_ReportMessageTypes;
    242 	else if (os_strcmp(functionName, "TNC_TNCC_SendMessage") == 0)
    243 		*pOutfunctionPointer = TNC_TNCC_SendMessage;
    244 	else if (os_strcmp(functionName, "TNC_TNCC_RequestHandshakeRetry") ==
    245 		 0)
    246 		*pOutfunctionPointer = TNC_TNCC_RequestHandshakeRetry;
    247 	else if (os_strcmp(functionName, "TNC_9048_LogMessage") == 0)
    248 		*pOutfunctionPointer = TNC_9048_LogMessage;
    249 	else if (os_strcmp(functionName, "TNC_9048_UserMessage") == 0)
    250 		*pOutfunctionPointer = TNC_9048_UserMessage;
    251 	else
    252 		*pOutfunctionPointer = NULL;
    253 
    254 	return TNC_RESULT_SUCCESS;
    255 }
    256 
    257 
    258 static void * tncc_get_sym(void *handle, char *func)
    259 {
    260 	void *fptr;
    261 
    262 #ifdef CONFIG_NATIVE_WINDOWS
    263 #ifdef _WIN32_WCE
    264 	fptr = GetProcAddressA(handle, func);
    265 #else /* _WIN32_WCE */
    266 	fptr = GetProcAddress(handle, func);
    267 #endif /* _WIN32_WCE */
    268 #else /* CONFIG_NATIVE_WINDOWS */
    269 	fptr = dlsym(handle, func);
    270 #endif /* CONFIG_NATIVE_WINDOWS */
    271 
    272 	return fptr;
    273 }
    274 
    275 
    276 static int tncc_imc_resolve_funcs(struct tnc_if_imc *imc)
    277 {
    278 	void *handle = imc->dlhandle;
    279 
    280 	/* Mandatory IMC functions */
    281 	imc->Initialize = tncc_get_sym(handle, "TNC_IMC_Initialize");
    282 	if (imc->Initialize == NULL) {
    283 		wpa_printf(MSG_ERROR, "TNC: IMC does not export "
    284 			   "TNC_IMC_Initialize");
    285 		return -1;
    286 	}
    287 
    288 	imc->BeginHandshake = tncc_get_sym(handle, "TNC_IMC_BeginHandshake");
    289 	if (imc->BeginHandshake == NULL) {
    290 		wpa_printf(MSG_ERROR, "TNC: IMC does not export "
    291 			   "TNC_IMC_BeginHandshake");
    292 		return -1;
    293 	}
    294 
    295 	imc->ProvideBindFunction =
    296 		tncc_get_sym(handle, "TNC_IMC_ProvideBindFunction");
    297 	if (imc->ProvideBindFunction == NULL) {
    298 		wpa_printf(MSG_ERROR, "TNC: IMC does not export "
    299 			   "TNC_IMC_ProvideBindFunction");
    300 		return -1;
    301 	}
    302 
    303 	/* Optional IMC functions */
    304 	imc->NotifyConnectionChange =
    305 		tncc_get_sym(handle, "TNC_IMC_NotifyConnectionChange");
    306 	imc->ReceiveMessage = tncc_get_sym(handle, "TNC_IMC_ReceiveMessage");
    307 	imc->BatchEnding = tncc_get_sym(handle, "TNC_IMC_BatchEnding");
    308 	imc->Terminate = tncc_get_sym(handle, "TNC_IMC_Terminate");
    309 
    310 	return 0;
    311 }
    312 
    313 
    314 static int tncc_imc_initialize(struct tnc_if_imc *imc)
    315 {
    316 	TNC_Result res;
    317 	TNC_Version imc_ver;
    318 
    319 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Initialize for IMC '%s'",
    320 		   imc->name);
    321 	res = imc->Initialize(imc->imcID, TNC_IFIMC_VERSION_1,
    322 			      TNC_IFIMC_VERSION_1, &imc_ver);
    323 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Initialize: res=%lu imc_ver=%lu",
    324 		   (unsigned long) res, (unsigned long) imc_ver);
    325 
    326 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
    327 }
    328 
    329 
    330 static int tncc_imc_terminate(struct tnc_if_imc *imc)
    331 {
    332 	TNC_Result res;
    333 
    334 	if (imc->Terminate == NULL)
    335 		return 0;
    336 
    337 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_Terminate for IMC '%s'",
    338 		   imc->name);
    339 	res = imc->Terminate(imc->imcID);
    340 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_Terminate: %lu",
    341 		   (unsigned long) res);
    342 
    343 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
    344 }
    345 
    346 
    347 static int tncc_imc_provide_bind_function(struct tnc_if_imc *imc)
    348 {
    349 	TNC_Result res;
    350 
    351 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_ProvideBindFunction for "
    352 		   "IMC '%s'", imc->name);
    353 	res = imc->ProvideBindFunction(imc->imcID, TNC_TNCC_BindFunction);
    354 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_ProvideBindFunction: res=%lu",
    355 		   (unsigned long) res);
    356 
    357 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
    358 }
    359 
    360 
    361 static int tncc_imc_notify_connection_change(struct tnc_if_imc *imc,
    362 					     TNC_ConnectionState state)
    363 {
    364 	TNC_Result res;
    365 
    366 	if (imc->NotifyConnectionChange == NULL)
    367 		return 0;
    368 
    369 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_NotifyConnectionChange(%d)"
    370 		   " for IMC '%s'", (int) state, imc->name);
    371 	res = imc->NotifyConnectionChange(imc->imcID, imc->connectionID,
    372 					  state);
    373 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_NotifyConnectionChange: %lu",
    374 		   (unsigned long) res);
    375 
    376 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
    377 }
    378 
    379 
    380 static int tncc_imc_begin_handshake(struct tnc_if_imc *imc)
    381 {
    382 	TNC_Result res;
    383 
    384 	wpa_printf(MSG_DEBUG, "TNC: Calling TNC_IMC_BeginHandshake for IMC "
    385 		   "'%s'", imc->name);
    386 	res = imc->BeginHandshake(imc->imcID, imc->connectionID);
    387 	wpa_printf(MSG_DEBUG, "TNC: TNC_IMC_BeginHandshake: %lu",
    388 		   (unsigned long) res);
    389 
    390 	return res == TNC_RESULT_SUCCESS ? 0 : -1;
    391 }
    392 
    393 
    394 static int tncc_load_imc(struct tnc_if_imc *imc)
    395 {
    396 	if (imc->path == NULL) {
    397 		wpa_printf(MSG_DEBUG, "TNC: No IMC configured");
    398 		return -1;
    399 	}
    400 
    401 	wpa_printf(MSG_DEBUG, "TNC: Opening IMC: %s (%s)",
    402 		   imc->name, imc->path);
    403 #ifdef CONFIG_NATIVE_WINDOWS
    404 #ifdef UNICODE
    405 	{
    406 		TCHAR *lib = wpa_strdup_tchar(imc->path);
    407 		if (lib == NULL)
    408 			return -1;
    409 		imc->dlhandle = LoadLibrary(lib);
    410 		os_free(lib);
    411 	}
    412 #else /* UNICODE */
    413 	imc->dlhandle = LoadLibrary(imc->path);
    414 #endif /* UNICODE */
    415 	if (imc->dlhandle == NULL) {
    416 		wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %d",
    417 			   imc->name, imc->path, (int) GetLastError());
    418 		return -1;
    419 	}
    420 #else /* CONFIG_NATIVE_WINDOWS */
    421 	imc->dlhandle = dlopen(imc->path, RTLD_LAZY);
    422 	if (imc->dlhandle == NULL) {
    423 		wpa_printf(MSG_ERROR, "TNC: Failed to open IMC '%s' (%s): %s",
    424 			   imc->name, imc->path, dlerror());
    425 		return -1;
    426 	}
    427 #endif /* CONFIG_NATIVE_WINDOWS */
    428 
    429 	if (tncc_imc_resolve_funcs(imc) < 0) {
    430 		wpa_printf(MSG_ERROR, "TNC: Failed to resolve IMC functions");
    431 		return -1;
    432 	}
    433 
    434 	if (tncc_imc_initialize(imc) < 0 ||
    435 	    tncc_imc_provide_bind_function(imc) < 0) {
    436 		wpa_printf(MSG_ERROR, "TNC: Failed to initialize IMC");
    437 		return -1;
    438 	}
    439 
    440 	return 0;
    441 }
    442 
    443 
    444 static void tncc_unload_imc(struct tnc_if_imc *imc)
    445 {
    446 	tncc_imc_terminate(imc);
    447 	tnc_imc[imc->imcID] = NULL;
    448 
    449 	if (imc->dlhandle) {
    450 #ifdef CONFIG_NATIVE_WINDOWS
    451 		FreeLibrary(imc->dlhandle);
    452 #else /* CONFIG_NATIVE_WINDOWS */
    453 		dlclose(imc->dlhandle);
    454 #endif /* CONFIG_NATIVE_WINDOWS */
    455 	}
    456 	os_free(imc->name);
    457 	os_free(imc->path);
    458 	os_free(imc->supported_types);
    459 	os_free(imc->imc_send);
    460 }
    461 
    462 
    463 static int tncc_supported_type(struct tnc_if_imc *imc, unsigned int type)
    464 {
    465 	size_t i;
    466 	unsigned int vendor, subtype;
    467 
    468 	if (imc == NULL || imc->supported_types == NULL)
    469 		return 0;
    470 
    471 	vendor = type >> 8;
    472 	subtype = type & 0xff;
    473 
    474 	for (i = 0; i < imc->num_supported_types; i++) {
    475 		unsigned int svendor, ssubtype;
    476 		svendor = imc->supported_types[i] >> 8;
    477 		ssubtype = imc->supported_types[i] & 0xff;
    478 		if ((vendor == svendor || svendor == TNC_VENDORID_ANY) &&
    479 		    (subtype == ssubtype || ssubtype == TNC_SUBTYPE_ANY))
    480 			return 1;
    481 	}
    482 
    483 	return 0;
    484 }
    485 
    486 
    487 static void tncc_send_to_imcs(struct tncc_data *tncc, unsigned int type,
    488 			      const u8 *msg, size_t len)
    489 {
    490 	struct tnc_if_imc *imc;
    491 	TNC_Result res;
    492 
    493 	wpa_hexdump_ascii(MSG_MSGDUMP, "TNC: Message to IMC(s)", msg, len);
    494 
    495 	for (imc = tncc->imc; imc; imc = imc->next) {
    496 		if (imc->ReceiveMessage == NULL ||
    497 		    !tncc_supported_type(imc, type))
    498 			continue;
    499 
    500 		wpa_printf(MSG_DEBUG, "TNC: Call ReceiveMessage for IMC '%s'",
    501 			   imc->name);
    502 		res = imc->ReceiveMessage(imc->imcID, imc->connectionID,
    503 					  (TNC_BufferReference) msg, len,
    504 					  type);
    505 		wpa_printf(MSG_DEBUG, "TNC: ReceiveMessage: %lu",
    506 			   (unsigned long) res);
    507 	}
    508 }
    509 
    510 
    511 void tncc_init_connection(struct tncc_data *tncc)
    512 {
    513 	struct tnc_if_imc *imc;
    514 
    515 	for (imc = tncc->imc; imc; imc = imc->next) {
    516 		tncc_imc_notify_connection_change(
    517 			imc, TNC_CONNECTION_STATE_CREATE);
    518 		tncc_imc_notify_connection_change(
    519 			imc, TNC_CONNECTION_STATE_HANDSHAKE);
    520 
    521 		os_free(imc->imc_send);
    522 		imc->imc_send = NULL;
    523 		imc->imc_send_len = 0;
    524 
    525 		tncc_imc_begin_handshake(imc);
    526 	}
    527 }
    528 
    529 
    530 size_t tncc_total_send_len(struct tncc_data *tncc)
    531 {
    532 	struct tnc_if_imc *imc;
    533 
    534 	size_t len = 0;
    535 	for (imc = tncc->imc; imc; imc = imc->next)
    536 		len += imc->imc_send_len;
    537 	return len;
    538 }
    539 
    540 
    541 u8 * tncc_copy_send_buf(struct tncc_data *tncc, u8 *pos)
    542 {
    543 	struct tnc_if_imc *imc;
    544 
    545 	for (imc = tncc->imc; imc; imc = imc->next) {
    546 		if (imc->imc_send == NULL)
    547 			continue;
    548 
    549 		os_memcpy(pos, imc->imc_send, imc->imc_send_len);
    550 		pos += imc->imc_send_len;
    551 		os_free(imc->imc_send);
    552 		imc->imc_send = NULL;
    553 		imc->imc_send_len = 0;
    554 	}
    555 
    556 	return pos;
    557 }
    558 
    559 
    560 char * tncc_if_tnccs_start(struct tncc_data *tncc)
    561 {
    562 	char *buf = os_malloc(1000);
    563 	if (buf == NULL)
    564 		return NULL;
    565 	tncc->last_batchid++;
    566 	os_snprintf(buf, 1000, IF_TNCCS_START, tncc->last_batchid);
    567 	return buf;
    568 }
    569 
    570 
    571 char * tncc_if_tnccs_end(void)
    572 {
    573 	char *buf = os_malloc(100);
    574 	if (buf == NULL)
    575 		return NULL;
    576 	os_snprintf(buf, 100, IF_TNCCS_END);
    577 	return buf;
    578 }
    579 
    580 
    581 static void tncc_notify_recommendation(struct tncc_data *tncc,
    582 				       enum tncc_process_res res)
    583 {
    584 	TNC_ConnectionState state;
    585 	struct tnc_if_imc *imc;
    586 
    587 	switch (res) {
    588 	case TNCCS_RECOMMENDATION_ALLOW:
    589 		state = TNC_CONNECTION_STATE_ACCESS_ALLOWED;
    590 		break;
    591 	case TNCCS_RECOMMENDATION_NONE:
    592 		state = TNC_CONNECTION_STATE_ACCESS_NONE;
    593 		break;
    594 	case TNCCS_RECOMMENDATION_ISOLATE:
    595 		state = TNC_CONNECTION_STATE_ACCESS_ISOLATED;
    596 		break;
    597 	default:
    598 		state = TNC_CONNECTION_STATE_ACCESS_NONE;
    599 		break;
    600 	}
    601 
    602 	for (imc = tncc->imc; imc; imc = imc->next)
    603 		tncc_imc_notify_connection_change(imc, state);
    604 }
    605 
    606 
    607 static int tncc_get_type(char *start, unsigned int *type)
    608 {
    609 	char *pos = os_strstr(start, "<Type>");
    610 	if (pos == NULL)
    611 		return -1;
    612 	pos += 6;
    613 	*type = strtoul(pos, NULL, 16);
    614 	return 0;
    615 }
    616 
    617 
    618 static unsigned char * tncc_get_base64(char *start, size_t *decoded_len)
    619 {
    620 	char *pos, *pos2;
    621 	unsigned char *decoded;
    622 
    623 	pos = os_strstr(start, "<Base64>");
    624 	if (pos == NULL)
    625 		return NULL;
    626 
    627 	pos += 8;
    628 	pos2 = os_strstr(pos, "</Base64>");
    629 	if (pos2 == NULL)
    630 		return NULL;
    631 	*pos2 = '\0';
    632 
    633 	decoded = base64_decode((unsigned char *) pos, os_strlen(pos),
    634 				decoded_len);
    635 	*pos2 = '<';
    636 	if (decoded == NULL) {
    637 		wpa_printf(MSG_DEBUG, "TNC: Failed to decode Base64 data");
    638 	}
    639 
    640 	return decoded;
    641 }
    642 
    643 
    644 static enum tncc_process_res tncc_get_recommendation(char *start)
    645 {
    646 	char *pos, *pos2, saved;
    647 	int recom;
    648 
    649 	pos = os_strstr(start, "<TNCCS-Recommendation ");
    650 	if (pos == NULL)
    651 		return TNCCS_RECOMMENDATION_ERROR;
    652 
    653 	pos += 21;
    654 	pos = os_strstr(pos, " type=");
    655 	if (pos == NULL)
    656 		return TNCCS_RECOMMENDATION_ERROR;
    657 	pos += 6;
    658 
    659 	if (*pos == '"')
    660 		pos++;
    661 
    662 	pos2 = pos;
    663 	while (*pos2 != '\0' && *pos2 != '"' && *pos2 != '>')
    664 		pos2++;
    665 
    666 	if (*pos2 == '\0')
    667 		return TNCCS_RECOMMENDATION_ERROR;
    668 
    669 	saved = *pos2;
    670 	*pos2 = '\0';
    671 	wpa_printf(MSG_DEBUG, "TNC: TNCCS-Recommendation: '%s'", pos);
    672 
    673 	recom = TNCCS_RECOMMENDATION_ERROR;
    674 	if (os_strcmp(pos, "allow") == 0)
    675 		recom = TNCCS_RECOMMENDATION_ALLOW;
    676 	else if (os_strcmp(pos, "none") == 0)
    677 		recom = TNCCS_RECOMMENDATION_NONE;
    678 	else if (os_strcmp(pos, "isolate") == 0)
    679 		recom = TNCCS_RECOMMENDATION_ISOLATE;
    680 
    681 	*pos2 = saved;
    682 
    683 	return recom;
    684 }
    685 
    686 
    687 enum tncc_process_res tncc_process_if_tnccs(struct tncc_data *tncc,
    688 					    const u8 *msg, size_t len)
    689 {
    690 	char *buf, *start, *end, *pos, *pos2, *payload;
    691 	unsigned int batch_id;
    692 	unsigned char *decoded;
    693 	size_t decoded_len;
    694 	enum tncc_process_res res = TNCCS_PROCESS_OK_NO_RECOMMENDATION;
    695 	int recommendation_msg = 0;
    696 
    697 	wpa_hexdump_ascii(MSG_MSGDUMP, "TNC: Received IF-TNCCS message",
    698 			  msg, len);
    699 	buf = dup_binstr(msg, len);
    700 	if (buf == NULL)
    701 		return TNCCS_PROCESS_ERROR;
    702 
    703 	start = os_strstr(buf, "<TNCCS-Batch ");
    704 	end = os_strstr(buf, "</TNCCS-Batch>");
    705 	if (start == NULL || end == NULL || start > end) {
    706 		os_free(buf);
    707 		return TNCCS_PROCESS_ERROR;
    708 	}
    709 
    710 	start += 13;
    711 	while (*start == ' ')
    712 		start++;
    713 	*end = '\0';
    714 
    715 	pos = os_strstr(start, "BatchId=");
    716 	if (pos == NULL) {
    717 		os_free(buf);
    718 		return TNCCS_PROCESS_ERROR;
    719 	}
    720 
    721 	pos += 8;
    722 	if (*pos == '"')
    723 		pos++;
    724 	batch_id = atoi(pos);
    725 	wpa_printf(MSG_DEBUG, "TNC: Received IF-TNCCS BatchId=%u",
    726 		   batch_id);
    727 	if (batch_id != tncc->last_batchid + 1) {
    728 		wpa_printf(MSG_DEBUG, "TNC: Unexpected IF-TNCCS BatchId "
    729 			   "%u (expected %u)",
    730 			   batch_id, tncc->last_batchid + 1);
    731 		os_free(buf);
    732 		return TNCCS_PROCESS_ERROR;
    733 	}
    734 	tncc->last_batchid = batch_id;
    735 
    736 	while (*pos != '\0' && *pos != '>')
    737 		pos++;
    738 	if (*pos == '\0') {
    739 		os_free(buf);
    740 		return TNCCS_PROCESS_ERROR;
    741 	}
    742 	pos++;
    743 	payload = start;
    744 
    745 	/*
    746 	 * <IMC-IMV-Message>
    747 	 * <Type>01234567</Type>
    748 	 * <Base64>foo==</Base64>
    749 	 * </IMC-IMV-Message>
    750 	 */
    751 
    752 	while (*start) {
    753 		char *endpos;
    754 		unsigned int type;
    755 
    756 		pos = os_strstr(start, "<IMC-IMV-Message>");
    757 		if (pos == NULL)
    758 			break;
    759 		start = pos + 17;
    760 		end = os_strstr(start, "</IMC-IMV-Message>");
    761 		if (end == NULL)
    762 			break;
    763 		*end = '\0';
    764 		endpos = end;
    765 		end += 18;
    766 
    767 		if (tncc_get_type(start, &type) < 0) {
    768 			*endpos = '<';
    769 			start = end;
    770 			continue;
    771 		}
    772 		wpa_printf(MSG_DEBUG, "TNC: IMC-IMV-Message Type 0x%x", type);
    773 
    774 		decoded = tncc_get_base64(start, &decoded_len);
    775 		if (decoded == NULL) {
    776 			*endpos = '<';
    777 			start = end;
    778 			continue;
    779 		}
    780 
    781 		tncc_send_to_imcs(tncc, type, decoded, decoded_len);
    782 
    783 		os_free(decoded);
    784 
    785 		start = end;
    786 	}
    787 
    788 	/*
    789 	 * <TNCC-TNCS-Message>
    790 	 * <Type>01234567</Type>
    791 	 * <XML><TNCCS-Foo type="foo"></TNCCS-Foo></XML>
    792 	 * <Base64>foo==</Base64>
    793 	 * </TNCC-TNCS-Message>
    794 	 */
    795 
    796 	start = payload;
    797 	while (*start) {
    798 		unsigned int type;
    799 		char *xml, *xmlend, *endpos;
    800 
    801 		pos = os_strstr(start, "<TNCC-TNCS-Message>");
    802 		if (pos == NULL)
    803 			break;
    804 		start = pos + 19;
    805 		end = os_strstr(start, "</TNCC-TNCS-Message>");
    806 		if (end == NULL)
    807 			break;
    808 		*end = '\0';
    809 		endpos = end;
    810 		end += 20;
    811 
    812 		if (tncc_get_type(start, &type) < 0) {
    813 			*endpos = '<';
    814 			start = end;
    815 			continue;
    816 		}
    817 		wpa_printf(MSG_DEBUG, "TNC: TNCC-TNCS-Message Type 0x%x",
    818 			   type);
    819 
    820 		/* Base64 OR XML */
    821 		decoded = NULL;
    822 		xml = NULL;
    823 		xmlend = NULL;
    824 		pos = os_strstr(start, "<XML>");
    825 		if (pos) {
    826 			pos += 5;
    827 			pos2 = os_strstr(pos, "</XML>");
    828 			if (pos2 == NULL) {
    829 				*endpos = '<';
    830 				start = end;
    831 				continue;
    832 			}
    833 			xmlend = pos2;
    834 			xml = pos;
    835 		} else {
    836 			decoded = tncc_get_base64(start, &decoded_len);
    837 			if (decoded == NULL) {
    838 				*endpos = '<';
    839 				start = end;
    840 				continue;
    841 			}
    842 		}
    843 
    844 		if (decoded) {
    845 			wpa_hexdump_ascii(MSG_MSGDUMP,
    846 					  "TNC: TNCC-TNCS-Message Base64",
    847 					  decoded, decoded_len);
    848 			os_free(decoded);
    849 		}
    850 
    851 		if (xml) {
    852 			wpa_hexdump_ascii(MSG_MSGDUMP,
    853 					  "TNC: TNCC-TNCS-Message XML",
    854 					  (unsigned char *) xml,
    855 					  xmlend - xml);
    856 		}
    857 
    858 		if (type == TNC_TNCCS_RECOMMENDATION && xml) {
    859 			/*
    860 			 * <TNCCS-Recommendation type="allow">
    861 			 * </TNCCS-Recommendation>
    862 			 */
    863 			*xmlend = '\0';
    864 			res = tncc_get_recommendation(xml);
    865 			*xmlend = '<';
    866 			recommendation_msg = 1;
    867 		}
    868 
    869 		start = end;
    870 	}
    871 
    872 	os_free(buf);
    873 
    874 	if (recommendation_msg)
    875 		tncc_notify_recommendation(tncc, res);
    876 
    877 	return res;
    878 }
    879 
    880 
    881 #ifdef CONFIG_NATIVE_WINDOWS
    882 static int tncc_read_config_reg(struct tncc_data *tncc, HKEY hive)
    883 {
    884 	HKEY hk, hk2;
    885 	LONG ret;
    886 	DWORD i;
    887 	struct tnc_if_imc *imc, *last;
    888 	int j;
    889 
    890 	last = tncc->imc;
    891 	while (last && last->next)
    892 		last = last->next;
    893 
    894 	ret = RegOpenKeyEx(hive, TNC_WINREG_PATH, 0, KEY_ENUMERATE_SUB_KEYS,
    895 			   &hk);
    896 	if (ret != ERROR_SUCCESS)
    897 		return 0;
    898 
    899 	for (i = 0; ; i++) {
    900 		TCHAR name[255], *val;
    901 		DWORD namelen, buflen;
    902 
    903 		namelen = 255;
    904 		ret = RegEnumKeyEx(hk, i, name, &namelen, NULL, NULL, NULL,
    905 				   NULL);
    906 
    907 		if (ret == ERROR_NO_MORE_ITEMS)
    908 			break;
    909 
    910 		if (ret != ERROR_SUCCESS) {
    911 			wpa_printf(MSG_DEBUG, "TNC: RegEnumKeyEx failed: 0x%x",
    912 				   (unsigned int) ret);
    913 			break;
    914 		}
    915 
    916 		if (namelen >= 255)
    917 			namelen = 255 - 1;
    918 		name[namelen] = '\0';
    919 
    920 		wpa_printf(MSG_DEBUG, "TNC: IMC '" TSTR "'", name);
    921 
    922 		ret = RegOpenKeyEx(hk, name, 0, KEY_QUERY_VALUE, &hk2);
    923 		if (ret != ERROR_SUCCESS) {
    924 			wpa_printf(MSG_DEBUG, "Could not open IMC key '" TSTR
    925 				   "'", name);
    926 			continue;
    927 		}
    928 
    929 		ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL, NULL,
    930 				      &buflen);
    931 		if (ret != ERROR_SUCCESS) {
    932 			wpa_printf(MSG_DEBUG, "TNC: Could not read Path from "
    933 				   "IMC key '" TSTR "'", name);
    934 			RegCloseKey(hk2);
    935 			continue;
    936 		}
    937 
    938 		val = os_malloc(buflen);
    939 		if (val == NULL) {
    940 			RegCloseKey(hk2);
    941 			continue;
    942 		}
    943 
    944 		ret = RegQueryValueEx(hk2, TEXT("Path"), NULL, NULL,
    945 				      (LPBYTE) val, &buflen);
    946 		if (ret != ERROR_SUCCESS) {
    947 			os_free(val);
    948 			RegCloseKey(hk2);
    949 			continue;
    950 		}
    951 
    952 		RegCloseKey(hk2);
    953 
    954 		wpa_unicode2ascii_inplace(val);
    955 		wpa_printf(MSG_DEBUG, "TNC: IMC Path '%s'", (char *) val);
    956 
    957 		for (j = 0; j < TNC_MAX_IMC_ID; j++) {
    958 			if (tnc_imc[j] == NULL)
    959 				break;
    960 		}
    961 		if (j >= TNC_MAX_IMC_ID) {
    962 			wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
    963 			os_free(val);
    964 			continue;
    965 		}
    966 
    967 		imc = os_zalloc(sizeof(*imc));
    968 		if (imc == NULL) {
    969 			os_free(val);
    970 			break;
    971 		}
    972 
    973 		imc->imcID = j;
    974 
    975 		wpa_unicode2ascii_inplace(name);
    976 		imc->name = os_strdup((char *) name);
    977 		imc->path = os_strdup((char *) val);
    978 
    979 		os_free(val);
    980 
    981 		if (last == NULL)
    982 			tncc->imc = imc;
    983 		else
    984 			last->next = imc;
    985 		last = imc;
    986 
    987 		tnc_imc[imc->imcID] = imc;
    988 	}
    989 
    990 	RegCloseKey(hk);
    991 
    992 	return 0;
    993 }
    994 
    995 
    996 static int tncc_read_config(struct tncc_data *tncc)
    997 {
    998 	if (tncc_read_config_reg(tncc, HKEY_LOCAL_MACHINE) < 0 ||
    999 	    tncc_read_config_reg(tncc, HKEY_CURRENT_USER) < 0)
   1000 		return -1;
   1001 	return 0;
   1002 }
   1003 
   1004 #else /* CONFIG_NATIVE_WINDOWS */
   1005 
   1006 static struct tnc_if_imc * tncc_parse_imc(char *start, char *end, int *error)
   1007 {
   1008 	struct tnc_if_imc *imc;
   1009 	char *pos, *pos2;
   1010 	int i;
   1011 
   1012 	for (i = 0; i < TNC_MAX_IMC_ID; i++) {
   1013 		if (tnc_imc[i] == NULL)
   1014 			break;
   1015 	}
   1016 	if (i >= TNC_MAX_IMC_ID) {
   1017 		wpa_printf(MSG_DEBUG, "TNC: Too many IMCs");
   1018 		return NULL;
   1019 	}
   1020 
   1021 	imc = os_zalloc(sizeof(*imc));
   1022 	if (imc == NULL) {
   1023 		*error = 1;
   1024 		return NULL;
   1025 	}
   1026 
   1027 	imc->imcID = i;
   1028 
   1029 	pos = start;
   1030 	wpa_printf(MSG_DEBUG, "TNC: Configured IMC: %s", pos);
   1031 	if (pos + 1 >= end || *pos != '"') {
   1032 		wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
   1033 			   "(no starting quotation mark)", start);
   1034 		os_free(imc);
   1035 		return NULL;
   1036 	}
   1037 
   1038 	pos++;
   1039 	pos2 = pos;
   1040 	while (pos2 < end && *pos2 != '"')
   1041 		pos2++;
   1042 	if (pos2 >= end) {
   1043 		wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
   1044 			   "(no ending quotation mark)", start);
   1045 		os_free(imc);
   1046 		return NULL;
   1047 	}
   1048 	*pos2 = '\0';
   1049 	wpa_printf(MSG_DEBUG, "TNC: Name: '%s'", pos);
   1050 	imc->name = os_strdup(pos);
   1051 
   1052 	pos = pos2 + 1;
   1053 	if (pos >= end || *pos != ' ') {
   1054 		wpa_printf(MSG_ERROR, "TNC: Ignoring invalid IMC line '%s' "
   1055 			   "(no space after name)", start);
   1056 		os_free(imc->name);
   1057 		os_free(imc);
   1058 		return NULL;
   1059 	}
   1060 
   1061 	pos++;
   1062 	wpa_printf(MSG_DEBUG, "TNC: IMC file: '%s'", pos);
   1063 	imc->path = os_strdup(pos);
   1064 	tnc_imc[imc->imcID] = imc;
   1065 
   1066 	return imc;
   1067 }
   1068 
   1069 
   1070 static int tncc_read_config(struct tncc_data *tncc)
   1071 {
   1072 	char *config, *end, *pos, *line_end;
   1073 	size_t config_len;
   1074 	struct tnc_if_imc *imc, *last;
   1075 
   1076 	last = NULL;
   1077 
   1078 	config = os_readfile(TNC_CONFIG_FILE, &config_len);
   1079 	if (config == NULL) {
   1080 		wpa_printf(MSG_ERROR, "TNC: Could not open TNC configuration "
   1081 			   "file '%s'", TNC_CONFIG_FILE);
   1082 		return -1;
   1083 	}
   1084 
   1085 	end = config + config_len;
   1086 	for (pos = config; pos < end; pos = line_end + 1) {
   1087 		line_end = pos;
   1088 		while (*line_end != '\n' && *line_end != '\r' &&
   1089 		       line_end < end)
   1090 			line_end++;
   1091 		*line_end = '\0';
   1092 
   1093 		if (os_strncmp(pos, "IMC ", 4) == 0) {
   1094 			int error = 0;
   1095 
   1096 			imc = tncc_parse_imc(pos + 4, line_end, &error);
   1097 			if (error) {
   1098 				os_free(config);
   1099 				return -1;
   1100 			}
   1101 			if (imc) {
   1102 				if (last == NULL)
   1103 					tncc->imc = imc;
   1104 				else
   1105 					last->next = imc;
   1106 				last = imc;
   1107 			}
   1108 		}
   1109 	}
   1110 
   1111 	os_free(config);
   1112 
   1113 	return 0;
   1114 }
   1115 
   1116 #endif /* CONFIG_NATIVE_WINDOWS */
   1117 
   1118 
   1119 struct tncc_data * tncc_init(void)
   1120 {
   1121 	struct tncc_data *tncc;
   1122 	struct tnc_if_imc *imc;
   1123 
   1124 	tncc = os_zalloc(sizeof(*tncc));
   1125 	if (tncc == NULL)
   1126 		return NULL;
   1127 
   1128 	/* TODO:
   1129 	 * move loading and Initialize() to a location that is not
   1130 	 *    re-initialized for every EAP-TNC session (?)
   1131 	 */
   1132 
   1133 	if (tncc_read_config(tncc) < 0) {
   1134 		wpa_printf(MSG_ERROR, "TNC: Failed to read TNC configuration");
   1135 		goto failed;
   1136 	}
   1137 
   1138 	for (imc = tncc->imc; imc; imc = imc->next) {
   1139 		if (tncc_load_imc(imc)) {
   1140 			wpa_printf(MSG_ERROR, "TNC: Failed to load IMC '%s'",
   1141 				   imc->name);
   1142 			goto failed;
   1143 		}
   1144 	}
   1145 
   1146 	return tncc;
   1147 
   1148 failed:
   1149 	tncc_deinit(tncc);
   1150 	return NULL;
   1151 }
   1152 
   1153 
   1154 void tncc_deinit(struct tncc_data *tncc)
   1155 {
   1156 	struct tnc_if_imc *imc, *prev;
   1157 
   1158 	imc = tncc->imc;
   1159 	while (imc) {
   1160 		tncc_unload_imc(imc);
   1161 
   1162 		prev = imc;
   1163 		imc = imc->next;
   1164 		os_free(prev);
   1165 	}
   1166 
   1167 	os_free(tncc);
   1168 }
   1169 
   1170 
   1171 static struct wpabuf * tncc_build_soh(int ver)
   1172 {
   1173 	struct wpabuf *buf;
   1174 	u8 *tlv_len, *tlv_len2, *outer_len, *inner_len, *ssoh_len, *end;
   1175 	u8 correlation_id[24];
   1176 	/* TODO: get correct name */
   1177 	char *machinename = "wpa_supplicant (at) w1.fi";
   1178 
   1179 	if (os_get_random(correlation_id, sizeof(correlation_id)))
   1180 		return NULL;
   1181 	wpa_hexdump(MSG_DEBUG, "TNC: SoH Correlation ID",
   1182 		    correlation_id, sizeof(correlation_id));
   1183 
   1184 	buf = wpabuf_alloc(200);
   1185 	if (buf == NULL)
   1186 		return NULL;
   1187 
   1188 	/* Vendor-Specific TLV (Microsoft) - SoH */
   1189 	wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* TLV Type */
   1190 	tlv_len = wpabuf_put(buf, 2); /* Length */
   1191 	wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* Vendor_Id */
   1192 	wpabuf_put_be16(buf, 0x01); /* TLV Type - SoH TLV */
   1193 	tlv_len2 = wpabuf_put(buf, 2); /* Length */
   1194 
   1195 	/* SoH Header */
   1196 	wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV); /* Outer Type */
   1197 	outer_len = wpabuf_put(buf, 2);
   1198 	wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
   1199 	wpabuf_put_be16(buf, ver); /* Inner Type */
   1200 	inner_len = wpabuf_put(buf, 2);
   1201 
   1202 	if (ver == 2) {
   1203 		/* SoH Mode Sub-Header */
   1204 		/* Outer Type */
   1205 		wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
   1206 		wpabuf_put_be16(buf, 4 + 24 + 1 + 1); /* Length */
   1207 		wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
   1208 		/* Value: */
   1209 		wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
   1210 		wpabuf_put_u8(buf, 0x01); /* Intent Flag - Request */
   1211 		wpabuf_put_u8(buf, 0x00); /* Content-Type Flag */
   1212 	}
   1213 
   1214 	/* SSoH TLV */
   1215 	/* System-Health-Id */
   1216 	wpabuf_put_be16(buf, 0x0002); /* Type */
   1217 	wpabuf_put_be16(buf, 4); /* Length */
   1218 	wpabuf_put_be32(buf, 79616);
   1219 	/* Vendor-Specific Attribute */
   1220 	wpabuf_put_be16(buf, EAP_TLV_VENDOR_SPECIFIC_TLV);
   1221 	ssoh_len = wpabuf_put(buf, 2);
   1222 	wpabuf_put_be32(buf, EAP_VENDOR_MICROSOFT); /* IANA SMI Code */
   1223 
   1224 	/* MS-Packet-Info */
   1225 	wpabuf_put_u8(buf, SSOH_MS_PACKET_INFO);
   1226 	/* Note: IF-TNCCS-SOH v1.0 r8 claims this field to be:
   1227 	 * Reserved(4 bits) r(1 bit) Vers(3 bits), but Windows XP
   1228 	 * SP3 seems to be sending 0x11 for SSoH, i.e., r(request/response) bit
   1229 	 * would not be in the specified location.
   1230 	 * [MS-SOH] 4.0.2: Reserved(3 bits) r(1 bit) Vers(4 bits)
   1231 	 */
   1232 	wpabuf_put_u8(buf, 0x11); /* r=request, vers=1 */
   1233 
   1234 	/* MS-Machine-Inventory */
   1235 	/* TODO: get correct values; 0 = not applicable for OS */
   1236 	wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY);
   1237 	wpabuf_put_be32(buf, 0); /* osVersionMajor */
   1238 	wpabuf_put_be32(buf, 0); /* osVersionMinor */
   1239 	wpabuf_put_be32(buf, 0); /* osVersionBuild */
   1240 	wpabuf_put_be16(buf, 0); /* spVersionMajor */
   1241 	wpabuf_put_be16(buf, 0); /* spVersionMinor */
   1242 	wpabuf_put_be16(buf, 0); /* procArch */
   1243 
   1244 	/* MS-MachineName */
   1245 	wpabuf_put_u8(buf, SSOH_MS_MACHINENAME);
   1246 	wpabuf_put_be16(buf, os_strlen(machinename) + 1);
   1247 	wpabuf_put_data(buf, machinename, os_strlen(machinename) + 1);
   1248 
   1249 	/* MS-CorrelationId */
   1250 	wpabuf_put_u8(buf, SSOH_MS_CORRELATIONID);
   1251 	wpabuf_put_data(buf, correlation_id, sizeof(correlation_id));
   1252 
   1253 	/* MS-Quarantine-State */
   1254 	wpabuf_put_u8(buf, SSOH_MS_QUARANTINE_STATE);
   1255 	wpabuf_put_be16(buf, 1); /* Flags: ExtState=0, f=0, qState=1 */
   1256 	wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (hi) */
   1257 	wpabuf_put_be32(buf, 0xffffffff); /* ProbTime (lo) */
   1258 	wpabuf_put_be16(buf, 1); /* urlLenInBytes */
   1259 	wpabuf_put_u8(buf, 0); /* null termination for the url */
   1260 
   1261 	/* MS-Machine-Inventory-Ex */
   1262 	wpabuf_put_u8(buf, SSOH_MS_MACHINE_INVENTORY_EX);
   1263 	wpabuf_put_be32(buf, 0); /* Reserved
   1264 				  * (note: Windows XP SP3 uses 0xdecafbad) */
   1265 	wpabuf_put_u8(buf, 1); /* ProductType: Client */
   1266 
   1267 	/* Update SSoH Length */
   1268 	end = wpabuf_put(buf, 0);
   1269 	WPA_PUT_BE16(ssoh_len, end - ssoh_len - 2);
   1270 
   1271 	/* TODO: SoHReportEntry TLV (zero or more) */
   1272 
   1273 	/* Update length fields */
   1274 	end = wpabuf_put(buf, 0);
   1275 	WPA_PUT_BE16(tlv_len, end - tlv_len - 2);
   1276 	WPA_PUT_BE16(tlv_len2, end - tlv_len2 - 2);
   1277 	WPA_PUT_BE16(outer_len, end - outer_len - 2);
   1278 	WPA_PUT_BE16(inner_len, end - inner_len - 2);
   1279 
   1280 	return buf;
   1281 }
   1282 
   1283 
   1284 struct wpabuf * tncc_process_soh_request(int ver, const u8 *data, size_t len)
   1285 {
   1286 	const u8 *pos;
   1287 
   1288 	wpa_hexdump(MSG_DEBUG, "TNC: SoH Request", data, len);
   1289 
   1290 	if (len < 12)
   1291 		return NULL;
   1292 
   1293 	/* SoH Request */
   1294 	pos = data;
   1295 
   1296 	/* TLV Type */
   1297 	if (WPA_GET_BE16(pos) != EAP_TLV_VENDOR_SPECIFIC_TLV)
   1298 		return NULL;
   1299 	pos += 2;
   1300 
   1301 	/* Length */
   1302 	if (WPA_GET_BE16(pos) < 8)
   1303 		return NULL;
   1304 	pos += 2;
   1305 
   1306 	/* Vendor_Id */
   1307 	if (WPA_GET_BE32(pos) != EAP_VENDOR_MICROSOFT)
   1308 		return NULL;
   1309 	pos += 4;
   1310 
   1311 	/* TLV Type */
   1312 	if (WPA_GET_BE16(pos) != 0x02 /* SoH request TLV */)
   1313 		return NULL;
   1314 
   1315 	wpa_printf(MSG_DEBUG, "TNC: SoH Request TLV received");
   1316 
   1317 	return tncc_build_soh(2);
   1318 }
   1319