diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-04-11 16:30:55 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-04-15 09:21:06 +0200 |
commit | 3e7044b45e65471a7f7fe7b002fdc2b10906c6c0 (patch) | |
tree | d4a222c960cc5bca68b527d611bd5e71b8eb2407 /testing/tests | |
parent | 8c40609f9640d097575d098014fd64fe478519d2 (diff) | |
download | strongswan-3e7044b45e65471a7f7fe7b002fdc2b10906c6c0.tar.bz2 strongswan-3e7044b45e65471a7f7fe7b002fdc2b10906c6c0.tar.xz |
Implemented segmented SWID tag attributes on IMV side
Diffstat (limited to 'testing/tests')
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/description.txt (renamed from testing/tests/tnc/tnccs-20-pdp/description.txt) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat (renamed from testing/tests/tnc/tnccs-20-pdp/evaltest.dat) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.conf (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf) | 2 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/certs/aaaCert.pem) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/private/aaaKey.pem) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.secrets (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql | 61 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf) | 11 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/tnc_config) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.conf (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.secrets (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf) | 16 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config | 4 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.conf (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.secrets (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf) | 18 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config | 4 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.conf (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.secrets (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.secrets) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/iptables.rules (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/iptables.rules) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf (renamed from testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat (renamed from testing/tests/tnc/tnccs-20-pdp/posttest.dat) | 1 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat (renamed from testing/tests/tnc/tnccs-20-pdp/pretest.dat) | 4 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-eap/test.conf (renamed from testing/tests/tnc/tnccs-20-pdp/test.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt (renamed from testing/tests/tnc/tnccs-20-pt-tls/description.txt) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat (renamed from testing/tests/tnc/tnccs-20-pt-tls/evaltest.dat) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.conf (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.secrets (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.secrets) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/iptables.rules) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/strongswan.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config | 4 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.conf (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.secrets (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.sql (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/iptables.rules (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/iptables.rules) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/pts/options (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/pts/options) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/strongswan.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/tnc_config) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.conf (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.secrets (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.sql (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/iptables.rules (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/iptables.rules) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/pts/options (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/pts/options) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/strongswan.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config (renamed from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/tnc_config) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat (renamed from testing/tests/tnc/tnccs-20-pt-tls/posttest.dat) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat (renamed from testing/tests/tnc/tnccs-20-pt-tls/pretest.dat) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf (renamed from testing/tests/tnc/tnccs-20-pt-tls/test.conf) | 0 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config | 4 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config | 4 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config | 4 |
54 files changed, 101 insertions, 36 deletions
diff --git a/testing/tests/tnc/tnccs-20-pdp/description.txt b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt index a178211e1..a178211e1 100644 --- a/testing/tests/tnc/tnccs-20-pdp/description.txt +++ b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt diff --git a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat index 505a4d079..505a4d079 100644 --- a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.conf index 6f673dcc5..f2e611952 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.conf @@ -1,7 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - charondebug="tnc 3, imv 3" + charondebug="tnc 2, imv 3" conn aaa leftcert=aaaCert.pem diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/certs/aaaCert.pem b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem index 6aeb0c0b1..6aeb0c0b1 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/certs/aaaCert.pem +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/private/aaaKey.pem b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem index da8cdb051..da8cdb051 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/private/aaaKey.pem +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.secrets index 11d45cd14..11d45cd14 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql new file mode 100644 index 000000000..60edb798d --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql @@ -0,0 +1,61 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) VALUES ( + 'aabbccddeeff11223344556677889900', 40, 1372330615 +); + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 10, 1 +); + +/* Identities */ + +INSERT INTO identities ( + type, value +) VALUES ( /* dave@strongswan.org */ + 5, X'64617665' +); + +/* Sessions */ + +INSERT INTO sessions ( + time, connection, identity, device, product, rec +) VALUES ( + NOW, 1, 1, 1, 40, 0 +); + +/* Results */ + +INSERT INTO results ( + session, policy, rec, result +) VALUES ( + 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' +); + +/* Enforcements */ + +INSERT INTO enforcements ( + policy, group_id, max_age, rec_fail, rec_noresult +) VALUES ( + 3, 10, 0, 2, 2 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 17, 2, 86400 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 18, 10, 86400 +); + +DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf index ec4956c31..61bf86fbc 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf @@ -1,15 +1,17 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes + max_message_count = 0 } eap-tnc { protocol = tnccs-2.0 + max_message_count = 20 } tnc-pdp { server = aaa.strongswan.org @@ -22,9 +24,6 @@ charon { libimcv { debug_level = 3 - plugins { - imv-test { - rounds = 1 - } - } + database = sqlite:///etc/pts/config.db + policy_script = ipsec imv_policy_manager } diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config index ebe88bc99..ebe88bc99 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.conf index 59563730b..59563730b 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.secrets index 23d79cf2e..23d79cf2e 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf index 808f1d11a..be6c0ad19 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf @@ -2,17 +2,19 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + plugins { + eap-ttls { + max_message_count = 0 + } eap-tnc { protocol = tnccs-2.0 + max_message_count = 20 } - } -} - -libimcv { - plugins { - imc-test { - command = allow + tnccs-20 { + max_batch_size = 32754 + max_message_size = 32722 } } } + diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..a954883a4 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.conf index 8c27c78d2..8c27c78d2 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.secrets index 02e0c9963..02e0c9963 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf index 96ff63ab1..c542b44cc 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf @@ -2,20 +2,18 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + plugins { + eap-ttls { + max_message_count = 0 + } eap-tnc { protocol = tnccs-2.0 + max_message_count = 20 } - } -} - -libimcv { - plugins { - imc-test { - command = isolate - } - imc-scannner { - push_info = no + tnccs-20 { + max_batch_size = 32754 + max_message_size = 32722 } } } diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..a954883a4 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.conf index 02ada5665..02ada5665 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.secrets index e86d6aa5c..e86d6aa5c 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/iptables.rules index 1eb755354..1eb755354 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/iptables.rules +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/iptables.rules diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf index d32951866..d32951866 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat index e7eecd5f4..916e433c0 100644 --- a/testing/tests/tnc/tnccs-20-pdp/posttest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat @@ -2,6 +2,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop alice::ipsec stop +alice::rm /etc/pts/config.db moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-pdp/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat index 32ed4d854..6709b8905 100644 --- a/testing/tests/tnc/tnccs-20-pdp/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat @@ -4,6 +4,10 @@ dave::iptables-restore < /etc/iptables.rules alice::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config +carol::echo 0 > /proc/sys/net/ipv4/ip_forward +dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id +alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql +alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db alice::ipsec start moon::ipsec start carol::ipsec start diff --git a/testing/tests/tnc/tnccs-20-pdp/test.conf b/testing/tests/tnc/tnccs-20-pdp-eap/test.conf index c4ca1a19f..c4ca1a19f 100644 --- a/testing/tests/tnc/tnccs-20-pdp/test.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/test.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt index 45a77e900..45a77e900 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/description.txt +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt diff --git a/testing/tests/tnc/tnccs-20-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat index 3139ca082..3139ca082 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.conf index d8b84334a..d8b84334a 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem index 6aeb0c0b1..6aeb0c0b1 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem index da8cdb051..da8cdb051 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.secrets index 11d45cd14..11d45cd14 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules index 5b275392b..5b275392b 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/iptables.rules +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql index b70fb6ae5..b70fb6ae5 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf index 21961d4b1..21961d4b1 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config new file mode 100644 index 000000000..ebe88bc99 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config @@ -0,0 +1,4 @@ +#IMV configuration file for strongSwan client + +IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so +IMV "SWID" /usr/local/lib/ipsec/imcvs/imv-swid.so diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.conf index 4a41e7ed9..4a41e7ed9 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.secrets index d2f6378b8..d2f6378b8 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.sql index 805c8bfd9..805c8bfd9 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.sql diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/iptables.rules index d01d0a3c9..d01d0a3c9 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/iptables.rules +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/iptables.rules diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/pts/options index f04e9472a..f04e9472a 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/pts/options +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf index 685a65250..685a65250 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config index f40174e57..f40174e57 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.conf index 4a41e7ed9..4a41e7ed9 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.secrets index d2f6378b8..d2f6378b8 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.sql index 805c8bfd9..805c8bfd9 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.sql diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/iptables.rules index d01d0a3c9..d01d0a3c9 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/iptables.rules +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/iptables.rules diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/pts/options index 46821ec73..46821ec73 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/pts/options +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf index 0fa2acb14..0fa2acb14 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config index f40174e57..f40174e57 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat index c98df8671..c98df8671 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/posttest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat diff --git a/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat index 97ff0c1ec..97ff0c1ec 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat diff --git a/testing/tests/tnc/tnccs-20-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf index 0887e4d09..0887e4d09 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/test.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config deleted file mode 100644 index da732f68b..000000000 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMV configuration file for strongSwan client - -IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so -IMV "Scanner" /usr/local/lib/ipsec/imcvs/imv-scanner.so diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config deleted file mode 100644 index 6166552f5..000000000 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config deleted file mode 100644 index 6166552f5..000000000 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so |