diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-06-26 09:47:03 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-06-26 09:47:03 +0200 |
commit | 75598e5053ee8a88a45dbdd9cc5760b789c28f4e (patch) | |
tree | c27cbd646fb1d863ebca14ae5e160af404acdd00 /testing/tests/tnc | |
parent | 21aebe3781493b5cb85639db83741013071c4cc6 (diff) | |
download | strongswan-75598e5053ee8a88a45dbdd9cc5760b789c28f4e.tar.bz2 strongswan-75598e5053ee8a88a45dbdd9cc5760b789c28f4e.tar.xz |
Updated description of TNC scenarios concerning RFC 7171 PT-EAP support
Diffstat (limited to 'testing/tests/tnc')
-rw-r--r-- | testing/tests/tnc/tnccs-20-os/description.txt | 13 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt | 15 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pts/description.txt | 7 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-server-retry/description.txt | 9 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-tls/description.txt | 9 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-dynamic/description.txt | 1 |
6 files changed, 30 insertions, 24 deletions
diff --git a/testing/tests/tnc/tnccs-20-os/description.txt b/testing/tests/tnc/tnccs-20-os/description.txt index 941113434..c4a2c90c4 100644 --- a/testing/tests/tnc/tnccs-20-os/description.txt +++ b/testing/tests/tnc/tnccs-20-os/description.txt @@ -1,12 +1,13 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> using EAP-TTLS authentication only with the gateway presenting a server certificate and the clients doing EAP-MD5 password-based authentication. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>TNCCS 2.0 </b> -client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC and OS IMV pair -is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b> to -exchange PA-TNC attributes. -<p> +<p/> +In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS tunnel +to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>IF-TNCCS 2.0</b> +client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS and Attestation IMCs +exchange PA-TNC attributes with the OS IMV via the <b>IF-M 1.0</b> measurement protocol +defined by <b>RFC 5792 PA-TNC</b>. +<p/> <b>carol</b> sends information on her operating system consisting of the PA-TNC attributes <em>Product Information</em>, <em>String Version</em>, <em>Numeric Version</em>, <em>Operational Status</em>, <em>Forwarding Enabled</em>, <em>Factory Default Password Enabled</em> diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt b/testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt index 29976509a..febf07401 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt @@ -1,12 +1,13 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> using EAP-TTLS authentication only with the gateway presenting a server certificate and the clients doing EAP-MD5 password-based authentication. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>TNCCS 2.0 </b> -client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC and OS IMV pair -is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b> to -exchange PA-TNC attributes. -<p> +<p/> +In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS +tunnel to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the +<b>TNCCS 2.0 </b> client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC +and OS IMV pair is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b> +to exchange PA-TNC attributes. +<p/> <b>carol</b> sends information on her operating system consisting of the PA-TNC attributes <em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so via an @@ -14,7 +15,7 @@ to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so measurement on all files in the <b>/bin</b> directory. <b>carol</b> is then prompted to measure a couple of individual files and the files in the <b>/bin</b> directory as well as to get metadata on the <b>/etc/tnc_confg</b> configuration file. -<p> +<p/> Since the Attestation IMV negotiates a Diffie-Hellman group for TPM-based measurements, the mandatory default being <b>ecp256</b>, with the strongswan.conf option <b>mandatory_dh_groups = no</b> no ECC support is required. diff --git a/testing/tests/tnc/tnccs-20-pts/description.txt b/testing/tests/tnc/tnccs-20-pts/description.txt index 0a4716ce2..e532ab2cf 100644 --- a/testing/tests/tnc/tnccs-20-pts/description.txt +++ b/testing/tests/tnc/tnccs-20-pts/description.txt @@ -1,12 +1,13 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> using EAP-TTLS authentication only with the gateway presenting a server certificate and the clients doing EAP-MD5 password-based authentication. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>TNCCS 2.0 </b> +<p/> +In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS tunnel +to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>TNCCS 2.0</b> client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS and Attestation IMCs exchange PA-TNC attributes with the OS IMV via the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b>. -<p> +<p/> <b>carol</b> sends information on her operating system consisting of the PA-TNC attributes <em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so via an diff --git a/testing/tests/tnc/tnccs-20-server-retry/description.txt b/testing/tests/tnc/tnccs-20-server-retry/description.txt index b37fbd445..f9ee7b803 100644 --- a/testing/tests/tnc/tnccs-20-server-retry/description.txt +++ b/testing/tests/tnc/tnccs-20-server-retry/description.txt @@ -1,10 +1,11 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> using EAP-TTLS authentication only with the gateway presenting a server certificate and the clients doing EAP-MD5 password-based authentication. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -health of <b>carol</b> and <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface -compliant with <b>RFC 5793 PB-TNC</b>. The IMC and IMV communicate are using the <b>IF-M</b> -protocol defined by <b>RFC 5792 PA-TNC</b>. +<p/> +In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS +tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0 </b> +client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The IMCs and IMVs exchange +messages over the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>. <p> The first time the TNC clients <b>carol</b> and <b>dave</b> send their measurements, TNC server <b>moon</b> requests a handshake retry. In the retry <b>carol</b> succeeds diff --git a/testing/tests/tnc/tnccs-20-tls/description.txt b/testing/tests/tnc/tnccs-20-tls/description.txt index a032d2d05..f193bd27b 100644 --- a/testing/tests/tnc/tnccs-20-tls/description.txt +++ b/testing/tests/tnc/tnccs-20-tls/description.txt @@ -1,9 +1,10 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>, both ends doing certificate-based EAP-TLS authentication only. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0 </b> client-server interface -compliant with <b>RFC 5793 PB-TNC</b>. The IMC and IMV communicate are using the <b>IF-M</b> -protocol defined by <b>RFC 5792 PA-TNC</b>. +<p/> +In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS +tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0 </b> +client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The IMCs and IMVs exchange +messages over the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>. <p> <b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, diff --git a/testing/tests/tnc/tnccs-dynamic/description.txt b/testing/tests/tnc/tnccs-dynamic/description.txt index 21e9bc675..86f6323c3 100644 --- a/testing/tests/tnc/tnccs-dynamic/description.txt +++ b/testing/tests/tnc/tnccs-dynamic/description.txt @@ -1,6 +1,7 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> using EAP-TTLS authentication only with the gateway presenting a server certificate and the clients doing EAP-MD5 password-based authentication. +<p/> In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the health of TNC client <b>carol</b> via the <b>TNCCS 1.1 </b> client-server interface and of TNC client <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface. TNC server |