58 files changed, 178 insertions, 71 deletions
diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c
index 9dc02441e..d186fb9ca 100644
--- a/src/libimcv/plugins/imv_os/imv_os_agent.c
+++ b/src/libimcv/plugins/imv_os/imv_os_agent.c
@@ -671,7 +671,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 					int count, count_update, count_blacklist, count_ok;
 
 					if (!(received & IMV_OS_ATTR_INSTALLED_PACKAGES) ||
-						os_state->get_angel_count(os_state))
+						os_state->get_angel_count(os_state) > 0)
 					{
 						continue;
 					}
diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libpts/plugins/imc_swid/imc_swid.c
index 265f46724..4fad431c1 100644
--- a/src/libpts/plugins/imc_swid/imc_swid.c
+++ b/src/libpts/plugins/imc_swid/imc_swid.c
@@ -273,6 +273,16 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
 	msg->add_attribute(msg, attr);
 	swid_inventory->destroy(swid_inventory);
 
+	if (!first)
+	{
+		/**
+		 * If we sent an ITA Start Angel attribute in the first place,
+		 * terminate by appending a matching ITA Stop Angel attribute.
+		 */
+		attr_angel = ita_attr_angel_create(FALSE);
+		msg->add_attribute(msg, attr_angel);
+	}
+
 	return TRUE;
 }
 
diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.c b/src/libpts/plugins/imv_swid/imv_swid_agent.c
index 70ff80e53..fdf1dcf25 100644
--- a/src/libpts/plugins/imv_swid/imv_swid_agent.c
+++ b/src/libpts/plugins/imv_swid/imv_swid_agent.c
@@ -45,6 +45,14 @@ static pen_type_t msg_types[] = {
 };
 
 /**
+ * Flag set when corresponding attribute has been received
+ */
+enum imv_swid_attr_t {
+	IMV_SWID_ATTR_TAG_INV =    (1<<0),
+	IMV_SWID_ATTR_TAG_ID_INV = (1<<1)
+};
+
+/**
  * Private data of an imv_swid_agent_t object.
  */
 struct private_imv_swid_agent_t {
@@ -113,13 +121,11 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 	enumerator = in_msg->create_attribute_enumerator(in_msg);
 	while (enumerator->enumerate(enumerator, &attr))
 	{
-		TNC_IMV_Evaluation_Result eval;
-		TNC_IMV_Action_Recommendation rec;
 		pen_type_t type;
 		uint32_t request_id, last_eid, eid_epoch;
 		swid_inventory_t *inventory;
 		int tag_count;
-		char result_str[BUF_LEN], *tag_item;
+		char *tag_item;
 		imv_workitem_t *workitem, *found = NULL;
 		enumerator_t *et, *ew;
 		
@@ -176,12 +182,12 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 			{
 				case ITA_ATTR_START_ANGEL:
 					swid_state->set_angel_count(swid_state, TRUE);
-					break;
+					continue;
 				case ITA_ATTR_STOP_ANGEL:
 					swid_state->set_angel_count(swid_state, FALSE);
-					break;
+					continue;
 				default:
-					break;
+					continue;
 			}
 		}
 		else if (type.vendor_id != PEN_TCG)
@@ -197,6 +203,8 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 				swid_tag_id_t *tag_id;
 				chunk_t tag_creator, unique_sw_id;
 
+				state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV);
+
 				attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
 				request_id = attr_cast->get_request_id(attr_cast);
 				last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
@@ -230,6 +238,8 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 				swid_tag_t *tag;
 				chunk_t tag_encoding;
 
+				state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV);
+
 				attr_cast = (tcg_swid_attr_tag_inv_t*)attr;
 				request_id = attr_cast->get_request_id(attr_cast);
 				last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
@@ -257,8 +267,6 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 			default:
 				continue;
 		 }
-		tag_count = inventory->get_count(inventory);
-		swid_state->set_count(swid_state, tag_count);
 
 		ew = session->create_workitem_enumerator(session);
 		while (ew->enumerate(ew, &workitem))
@@ -269,28 +277,18 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 				break;
 			}
 		}
-		if (!found)
+		if (found)
 		{
-			DBG1(DBG_IMV, "no workitem found for SWID %s inventory "
-						  "with request ID %d", tag_item, request_id);
-			ew->destroy(ew);
-			continue;
+			/* accumulate the swid tag [ID] count */
+			tag_count = inventory->get_count(inventory);
+			swid_state->set_count(swid_state, tag_count);
 		}
-
-		if (!swid_state->get_angel_count(swid_state))
+		else
 		{
-			swid_state->get_count(swid_state, &tag_count);
-			snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
-					 tag_count, tag_item, (tag_count == 1) ? "" : "s");
-			session->remove_workitem(session, ew);
-			ew->destroy(ew);
-
-			eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
-			rec = found->set_result(found, result_str, eval);
-			state->update_recommendation(state, rec, eval);
-			imcv_db->finalize_workitem(imcv_db, found);
-			found->destroy(found);
+			DBG1(DBG_IMV, "no workitem found for SWID %s inventory "
+						  "with request ID %d", tag_item, request_id);
 		}
+		ew->destroy(ew);
 	}
 	enumerator->destroy(enumerator);
 
@@ -366,7 +364,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 	TNC_IMVID imv_id;
 	TNC_Result result = TNC_RESULT_SUCCESS;
 	bool no_workitems = TRUE;
-	uint32_t request_id;
+	uint32_t request_id, received;
 	uint8_t flags;
 	enumerator_t *enumerator;
 
@@ -456,6 +454,40 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 		}
 	}
 
+	received = state->get_action_flags(state);
+
+	if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
+	   (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) &&
+		swid_state->get_angel_count(swid_state) <= 0)
+	{
+		TNC_IMV_Evaluation_Result eval;
+		TNC_IMV_Action_Recommendation rec;
+		char result_str[BUF_LEN], *tag_item;
+		int tag_count;
+
+		enumerator = session->create_workitem_enumerator(session);
+		while (enumerator->enumerate(enumerator, &workitem))
+		{
+			if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
+			{
+				swid_state->get_count(swid_state, &tag_count);
+				tag_item = (received & IMV_SWID_ATTR_TAG_INV) ?	"" : " ID";
+				snprintf(result_str, BUF_LEN, "received inventory of %d "
+						"SWID tag%s%s", tag_count, tag_item,
+						(tag_count == 1) ? "" : "s");
+				session->remove_workitem(session, enumerator);
+
+				eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+				rec = workitem->set_result(workitem, result_str, eval);
+				state->update_recommendation(state, rec, eval);
+				imcv_db->finalize_workitem(imcv_db, workitem);
+				workitem->destroy(workitem);
+				break;
+			}
+		}
+		enumerator->destroy(enumerator);
+	}
+
 	/* finalized all workitems ? */
 	if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
 		session->get_workitem_count(session, imv_id) == 0)
diff --git a/src/libpts/plugins/imv_swid/imv_swid_state.h b/src/libpts/plugins/imv_swid/imv_swid_state.h
index 7263fe966..8e7cd613d 100644
--- a/src/libpts/plugins/imv_swid/imv_swid_state.h
+++ b/src/libpts/plugins/imv_swid/imv_swid_state.h
@@ -65,13 +65,6 @@ struct imv_swid_state_t {
 	imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
 
 	/**
-	 * Increase/Decrease the ITA Angel count
-	 *
-	 * @param start			TRUE increases and FALSE decreases count by one
-	 */
-	void (*set_angel_count)(imv_swid_state_t *this, bool start);
-
-	/**
 	 * Set [or with multiple attributes increment] SWID Tag [ID] counters
 	 *
 	 * @param count				Number of received SWID Tags or SWID Tag IDs
@@ -86,6 +79,13 @@ struct imv_swid_state_t {
 	void (*get_count)(imv_swid_state_t *this, int *count);
 
 	/**
+	 * Increase/Decrease the ITA Angel count
+	 *
+	 * @param start			TRUE increases and FALSE decreases count by one
+	 */
+	void (*set_angel_count)(imv_swid_state_t *this, bool start);
+
+	/**
 	 * Get the ITA Angel count
 	 *
 	 * @return				ITA Angel count
diff --git a/testing/tests/tnc/tnccs-20-pdp/description.txt b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt
index a178211e1..a178211e1 100644
--- a/testing/tests/tnc/tnccs-20-pdp/description.txt
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt
diff --git a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
index 505a4d079..505a4d079 100644
--- a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.conf
index 6f673dcc5..f2e611952 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.conf
@@ -1,7 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	charondebug="tnc 3, imv 3"
+	charondebug="tnc 2, imv 3"
 
 conn aaa
 	leftcert=aaaCert.pem
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/certs/aaaCert.pem b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
index 6aeb0c0b1..6aeb0c0b1 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/private/aaaKey.pem b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem
index da8cdb051..da8cdb051 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/private/aaaKey.pem
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.secrets
index 11d45cd14..11d45cd14 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.secrets
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql
new file mode 100644
index 000000000..60edb798d
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql
@@ -0,0 +1,61 @@
+/* Devices */
+
+INSERT INTO devices (                  /*  1 */
+  value, product, created  
+) VALUES (
+  'aabbccddeeff11223344556677889900', 40, 1372330615
+);
+
+/* Groups Members */
+
+INSERT INTO groups_members (
+  group_id, device_id
+) VALUES (
+  10, 1
+);
+
+/* Identities */
+
+INSERT INTO identities (
+  type, value
+) VALUES ( /* dave@strongswan.org */
+  5, X'64617665'
+);
+
+/* Sessions */
+
+INSERT INTO sessions (
+  time, connection, identity, device, product, rec
+) VALUES (
+  NOW, 1, 1, 1, 40, 0
+);
+
+/* Results */
+
+INSERT INTO results (
+  session, policy, rec, result
+) VALUES (
+  1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found'
+);
+
+/* Enforcements */
+
+INSERT INTO enforcements (
+  policy, group_id, max_age, rec_fail, rec_noresult
+) VALUES (
+  3, 10, 0, 2, 2
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  17, 2, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  18, 10, 86400
+);
+
+DELETE FROM enforcements WHERE id = 1;
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
index ec4956c31..61bf86fbc 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
@@ -1,15 +1,17 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
   plugins {
     eap-ttls {
       phase2_method = md5
       phase2_piggyback = yes
       phase2_tnc = yes
+      max_message_count = 0
     }
     eap-tnc {
       protocol = tnccs-2.0
+      max_message_count = 20
     }
     tnc-pdp {
       server = aaa.strongswan.org
@@ -22,9 +24,6 @@ charon {
 
 libimcv {
   debug_level = 3 
-  plugins {
-    imv-test {
-      rounds = 1 
-    }
-  }
+  database = sqlite:///etc/pts/config.db
+  policy_script = ipsec imv_policy_manager
 }
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config
index ebe88bc99..ebe88bc99 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.conf
index 59563730b..59563730b 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.secrets
index 23d79cf2e..23d79cf2e 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
index 808f1d11a..be6c0ad19 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
@@ -2,17 +2,19 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+
   plugins {
+    eap-ttls {
+      max_message_count = 0
+    }
     eap-tnc {
       protocol = tnccs-2.0
+      max_message_count = 20
     }
-  }
-}
-
-libimcv {
-  plugins {
-    imc-test {
-      command = allow
+    tnccs-20 {
+      max_batch_size = 32754
+      max_message_size = 32722
     }
   }
 }
+
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config
new file mode 100644
index 000000000..a954883a4
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client 
+
+IMC "OS"	/usr/local/lib/ipsec/imcvs/imc-os.so
+IMC "SWID"	/usr/local/lib/ipsec/imcvs/imc-swid.so
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.conf
index 8c27c78d2..8c27c78d2 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.secrets
index 02e0c9963..02e0c9963 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.secrets
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
index 96ff63ab1..c542b44cc 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
@@ -2,20 +2,18 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+
   plugins {    
+   eap-ttls {
+      max_message_count = 0
+    }
     eap-tnc {
       protocol = tnccs-2.0
+      max_message_count = 20
     }
-  }
-}
-
-libimcv {
-  plugins {
-    imc-test {
-      command = isolate
-    }
-    imc-scannner {
-      push_info = no
+    tnccs-20 {
+      max_batch_size = 32754
+      max_message_size = 32722
     }
   }
 }
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config
new file mode 100644
index 000000000..a954883a4
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client 
+
+IMC "OS"	/usr/local/lib/ipsec/imcvs/imc-os.so
+IMC "SWID"	/usr/local/lib/ipsec/imcvs/imc-swid.so
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.conf
index 02ada5665..02ada5665 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.secrets
index e86d6aa5c..e86d6aa5c 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/iptables.rules
index 1eb755354..1eb755354 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/iptables.rules
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/iptables.rules
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
index d32951866..d32951866 100644
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
diff --git a/testing/tests/tnc/tnccs-20-pdp/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat
index e7eecd5f4..916e433c0 100644
--- a/testing/tests/tnc/tnccs-20-pdp/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat
@@ -2,6 +2,7 @@ moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
 alice::ipsec stop
+alice::rm /etc/pts/config.db
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-pdp/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
index 32ed4d854..6709b8905 100644
--- a/testing/tests/tnc/tnccs-20-pdp/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
@@ -4,6 +4,10 @@ dave::iptables-restore < /etc/iptables.rules
 alice::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config
+carol::echo 0 > /proc/sys/net/ipv4/ip_forward
+dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
+alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql
+alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db
 alice::ipsec start
 moon::ipsec start
 carol::ipsec start
diff --git a/testing/tests/tnc/tnccs-20-pdp/test.conf b/testing/tests/tnc/tnccs-20-pdp-eap/test.conf
index c4ca1a19f..c4ca1a19f 100644
--- a/testing/tests/tnc/tnccs-20-pdp/test.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/test.conf
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
index 45a77e900..45a77e900 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/description.txt
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
index 3139ca082..3139ca082 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.conf
index d8b84334a..d8b84334a 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.conf
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
index 6aeb0c0b1..6aeb0c0b1 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem
index da8cdb051..da8cdb051 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.secrets
index 11d45cd14..11d45cd14 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.secrets
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules
index 5b275392b..5b275392b 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/iptables.rules
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql
index b70fb6ae5..b70fb6ae5 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
index 21961d4b1..21961d4b1 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
new file mode 100644
index 000000000..ebe88bc99
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
@@ -0,0 +1,4 @@
+#IMV configuration file for strongSwan client 
+
+IMV "OS"	/usr/local/lib/ipsec/imcvs/imv-os.so
+IMV "SWID"	/usr/local/lib/ipsec/imcvs/imv-swid.so
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.conf
index 4a41e7ed9..4a41e7ed9 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.secrets
index d2f6378b8..d2f6378b8 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.sql
index 805c8bfd9..805c8bfd9 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.sql
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/iptables.rules
index d01d0a3c9..d01d0a3c9 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/iptables.rules
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/iptables.rules
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/pts/options
index f04e9472a..f04e9472a 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/pts/options
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/pts/options
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
index 685a65250..685a65250 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
index f40174e57..f40174e57 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.conf
index 4a41e7ed9..4a41e7ed9 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.secrets
index d2f6378b8..d2f6378b8 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.secrets
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.sql
index 805c8bfd9..805c8bfd9 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.sql
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/iptables.rules
index d01d0a3c9..d01d0a3c9 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/iptables.rules
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/iptables.rules
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/pts/options
index 46821ec73..46821ec73 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/pts/options
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/pts/options
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
index 0fa2acb14..0fa2acb14 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
index f40174e57..f40174e57 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat
index c98df8671..c98df8671 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
index 97ff0c1ec..97ff0c1ec 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf
index 0887e4d09..0887e4d09 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/test.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config
deleted file mode 100644
index da732f68b..000000000
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMV configuration file for strongSwan client 
-
-IMV "Test"	/usr/local/lib/ipsec/imcvs/imv-test.so
-IMV "Scanner"	/usr/local/lib/ipsec/imcvs/imv-scanner.so
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config
deleted file mode 100644
index 6166552f5..000000000
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test"	/usr/local/lib/ipsec/imcvs/imc-test.so
-IMC "Scanner"	/usr/local/lib/ipsec/imcvs/imc-scanner.so
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config
deleted file mode 100644
index 6166552f5..000000000
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test"	/usr/local/lib/ipsec/imcvs/imc-test.so
-IMC "Scanner"	/usr/local/lib/ipsec/imcvs/imc-scanner.so