From: Andreas Steffen Date: Fri, 11 Apr 2014 14:30:55 +0000 (+0200) Subject: Implemented segmented SWID tag attributes on IMV side X-Git-Tag: 5.2.0dr1~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e7044b45e65471a7f7fe7b002fdc2b10906c6c0;p=thirdparty%2Fstrongswan.git Implemented segmented SWID tag attributes on IMV side --- diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c index 9dc02441e8..d186fb9ca0 100644 --- a/src/libimcv/plugins/imv_os/imv_os_agent.c +++ b/src/libimcv/plugins/imv_os/imv_os_agent.c @@ -671,7 +671,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, int count, count_update, count_blacklist, count_ok; if (!(received & IMV_OS_ATTR_INSTALLED_PACKAGES) || - os_state->get_angel_count(os_state)) + os_state->get_angel_count(os_state) > 0) { continue; } diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libpts/plugins/imc_swid/imc_swid.c index 265f467241..4fad431c19 100644 --- a/src/libpts/plugins/imc_swid/imc_swid.c +++ b/src/libpts/plugins/imc_swid/imc_swid.c @@ -273,6 +273,16 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg, msg->add_attribute(msg, attr); swid_inventory->destroy(swid_inventory); + if (!first) + { + /** + * If we sent an ITA Start Angel attribute in the first place, + * terminate by appending a matching ITA Stop Angel attribute. + */ + attr_angel = ita_attr_angel_create(FALSE); + msg->add_attribute(msg, attr_angel); + } + return TRUE; } diff --git a/src/libpts/plugins/imv_swid/imv_swid_agent.c b/src/libpts/plugins/imv_swid/imv_swid_agent.c index 70ff80e53a..fdf1dcf25c 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_agent.c +++ b/src/libpts/plugins/imv_swid/imv_swid_agent.c @@ -44,6 +44,14 @@ static pen_type_t msg_types[] = { { PEN_TCG, PA_SUBTYPE_TCG_SWID } }; +/** + * Flag set when corresponding attribute has been received + */ +enum imv_swid_attr_t { + IMV_SWID_ATTR_TAG_INV = (1<<0), + IMV_SWID_ATTR_TAG_ID_INV = (1<<1) +}; + /** * Private data of an imv_swid_agent_t object. */ @@ -113,13 +121,11 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, enumerator = in_msg->create_attribute_enumerator(in_msg); while (enumerator->enumerate(enumerator, &attr)) { - TNC_IMV_Evaluation_Result eval; - TNC_IMV_Action_Recommendation rec; pen_type_t type; uint32_t request_id, last_eid, eid_epoch; swid_inventory_t *inventory; int tag_count; - char result_str[BUF_LEN], *tag_item; + char *tag_item; imv_workitem_t *workitem, *found = NULL; enumerator_t *et, *ew; @@ -176,12 +182,12 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, { case ITA_ATTR_START_ANGEL: swid_state->set_angel_count(swid_state, TRUE); - break; + continue; case ITA_ATTR_STOP_ANGEL: swid_state->set_angel_count(swid_state, FALSE); - break; + continue; default: - break; + continue; } } else if (type.vendor_id != PEN_TCG) @@ -197,6 +203,8 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, swid_tag_id_t *tag_id; chunk_t tag_creator, unique_sw_id; + state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV); + attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr; request_id = attr_cast->get_request_id(attr_cast); last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch); @@ -230,6 +238,8 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, swid_tag_t *tag; chunk_t tag_encoding; + state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV); + attr_cast = (tcg_swid_attr_tag_inv_t*)attr; request_id = attr_cast->get_request_id(attr_cast); last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch); @@ -257,8 +267,6 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, default: continue; } - tag_count = inventory->get_count(inventory); - swid_state->set_count(swid_state, tag_count); ew = session->create_workitem_enumerator(session); while (ew->enumerate(ew, &workitem)) @@ -269,28 +277,18 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this, break; } } - if (!found) + if (found) { - DBG1(DBG_IMV, "no workitem found for SWID %s inventory " - "with request ID %d", tag_item, request_id); - ew->destroy(ew); - continue; + /* accumulate the swid tag [ID] count */ + tag_count = inventory->get_count(inventory); + swid_state->set_count(swid_state, tag_count); } - - if (!swid_state->get_angel_count(swid_state)) + else { - swid_state->get_count(swid_state, &tag_count); - snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s", - tag_count, tag_item, (tag_count == 1) ? "" : "s"); - session->remove_workitem(session, ew); - ew->destroy(ew); - - eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; - rec = found->set_result(found, result_str, eval); - state->update_recommendation(state, rec, eval); - imcv_db->finalize_workitem(imcv_db, found); - found->destroy(found); + DBG1(DBG_IMV, "no workitem found for SWID %s inventory " + "with request ID %d", tag_item, request_id); } + ew->destroy(ew); } enumerator->destroy(enumerator); @@ -366,7 +364,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, TNC_IMVID imv_id; TNC_Result result = TNC_RESULT_SUCCESS; bool no_workitems = TRUE; - uint32_t request_id; + uint32_t request_id, received; uint8_t flags; enumerator_t *enumerator; @@ -456,6 +454,40 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, } } + received = state->get_action_flags(state); + + if (handshake_state == IMV_SWID_STATE_WORKITEMS && + (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) && + swid_state->get_angel_count(swid_state) <= 0) + { + TNC_IMV_Evaluation_Result eval; + TNC_IMV_Action_Recommendation rec; + char result_str[BUF_LEN], *tag_item; + int tag_count; + + enumerator = session->create_workitem_enumerator(session); + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS) + { + swid_state->get_count(swid_state, &tag_count); + tag_item = (received & IMV_SWID_ATTR_TAG_INV) ? "" : " ID"; + snprintf(result_str, BUF_LEN, "received inventory of %d " + "SWID tag%s%s", tag_count, tag_item, + (tag_count == 1) ? "" : "s"); + session->remove_workitem(session, enumerator); + + eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); + break; + } + } + enumerator->destroy(enumerator); + } + /* finalized all workitems ? */ if (handshake_state == IMV_SWID_STATE_WORKITEMS && session->get_workitem_count(session, imv_id) == 0) diff --git a/src/libpts/plugins/imv_swid/imv_swid_state.h b/src/libpts/plugins/imv_swid/imv_swid_state.h index 7263fe9664..8e7cd613d6 100644 --- a/src/libpts/plugins/imv_swid/imv_swid_state.h +++ b/src/libpts/plugins/imv_swid/imv_swid_state.h @@ -64,13 +64,6 @@ struct imv_swid_state_t { */ imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this); - /** - * Increase/Decrease the ITA Angel count - * - * @param start TRUE increases and FALSE decreases count by one - */ - void (*set_angel_count)(imv_swid_state_t *this, bool start); - /** * Set [or with multiple attributes increment] SWID Tag [ID] counters * @@ -85,6 +78,13 @@ struct imv_swid_state_t { */ void (*get_count)(imv_swid_state_t *this, int *count); + /** + * Increase/Decrease the ITA Angel count + * + * @param start TRUE increases and FALSE decreases count by one + */ + void (*set_angel_count)(imv_swid_state_t *this, bool start); + /** * Get the ITA Angel count * diff --git a/testing/tests/tnc/tnccs-20-pdp/description.txt b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/description.txt rename to testing/tests/tnc/tnccs-20-pdp-eap/description.txt diff --git a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/evaltest.dat rename to testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.conf similarity index 83% rename from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.conf index 6f673dcc5d..f2e6119526 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.conf @@ -1,7 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - charondebug="tnc 3, imv 3" + charondebug="tnc 2, imv 3" conn aaa leftcert=aaaCert.pem diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/certs/aaaCert.pem b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/certs/aaaCert.pem rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/certs/aaaCert.pem diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/private/aaaKey.pem b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/private/aaaKey.pem rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.d/private/aaaKey.pem diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.secrets similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql new file mode 100644 index 0000000000..60edb798d2 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/pts/data1.sql @@ -0,0 +1,61 @@ +/* Devices */ + +INSERT INTO devices ( /* 1 */ + value, product, created +) VALUES ( + 'aabbccddeeff11223344556677889900', 40, 1372330615 +); + +/* Groups Members */ + +INSERT INTO groups_members ( + group_id, device_id +) VALUES ( + 10, 1 +); + +/* Identities */ + +INSERT INTO identities ( + type, value +) VALUES ( /* dave@strongswan.org */ + 5, X'64617665' +); + +/* Sessions */ + +INSERT INTO sessions ( + time, connection, identity, device, product, rec +) VALUES ( + NOW, 1, 1, 1, 40, 0 +); + +/* Results */ + +INSERT INTO results ( + session, policy, rec, result +) VALUES ( + 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found' +); + +/* Enforcements */ + +INSERT INTO enforcements ( + policy, group_id, max_age, rec_fail, rec_noresult +) VALUES ( + 3, 10, 0, 2, 2 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 17, 2, 86400 +); + +INSERT INTO enforcements ( + policy, group_id, max_age +) VALUES ( + 18, 10, 86400 +); + +DELETE FROM enforcements WHERE id = 1; diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf similarity index 78% rename from testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf index ec4956c310..61bf86fbce 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf @@ -1,15 +1,17 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes + max_message_count = 0 } eap-tnc { protocol = tnccs-2.0 + max_message_count = 20 } tnc-pdp { server = aaa.strongswan.org @@ -22,9 +24,6 @@ charon { libimcv { debug_level = 3 - plugins { - imv-test { - rounds = 1 - } - } + database = sqlite:///etc/pts/config.db + policy_script = ipsec imv_policy_manager } diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/tnc_config rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.secrets similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf similarity index 68% rename from testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf index 808f1d11ad..be6c0ad195 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf @@ -2,17 +2,19 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + plugins { + eap-ttls { + max_message_count = 0 + } eap-tnc { protocol = tnccs-2.0 + max_message_count = 20 } - } -} - -libimcv { - plugins { - imc-test { - command = allow + tnccs-20 { + max_batch_size = 32754 + max_message_size = 32722 } } } + diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config new file mode 100644 index 0000000000..a954883a4e --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.secrets similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf similarity index 69% rename from testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf index 96ff63ab1e..c542b44cc4 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf @@ -2,20 +2,18 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + plugins { + eap-ttls { + max_message_count = 0 + } eap-tnc { protocol = tnccs-2.0 + max_message_count = 20 } - } -} - -libimcv { - plugins { - imc-test { - command = isolate - } - imc-scannner { - push_info = no + tnccs-20 { + max_batch_size = 32754 + max_message_size = 32722 } } } diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config new file mode 100644 index 0000000000..a954883a4e --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC configuration file for strongSwan client + +IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so +IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.secrets similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.secrets rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/iptables.rules similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/iptables.rules rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/iptables.rules diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf rename to testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat similarity index 87% rename from testing/tests/tnc/tnccs-20-pdp/posttest.dat rename to testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat index e7eecd5f44..916e433c05 100644 --- a/testing/tests/tnc/tnccs-20-pdp/posttest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat @@ -2,6 +2,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop alice::ipsec stop +alice::rm /etc/pts/config.db moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/tnc/tnccs-20-pdp/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat similarity index 54% rename from testing/tests/tnc/tnccs-20-pdp/pretest.dat rename to testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat index 32ed4d8547..6709b89053 100644 --- a/testing/tests/tnc/tnccs-20-pdp/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat @@ -4,6 +4,10 @@ dave::iptables-restore < /etc/iptables.rules alice::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config +carol::echo 0 > /proc/sys/net/ipv4/ip_forward +dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id +alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql +alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/pts/config.db alice::ipsec start moon::ipsec start carol::ipsec start diff --git a/testing/tests/tnc/tnccs-20-pdp/test.conf b/testing/tests/tnc/tnccs-20-pdp-eap/test.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pdp/test.conf rename to testing/tests/tnc/tnccs-20-pdp-eap/test.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/description.txt rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt diff --git a/testing/tests/tnc/tnccs-20-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/evaltest.dat rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.conf rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/certs/aaaCert.pem diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.d/private/aaaKey.pem diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.secrets similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/ipsec.secrets rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/iptables.rules rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/pts/data1.sql diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/strongswan.conf rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config new file mode 100644 index 0000000000..ebe88bc996 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config @@ -0,0 +1,4 @@ +#IMV configuration file for strongSwan client + +IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so +IMV "SWID" /usr/local/lib/ipsec/imcvs/imv-swid.so diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.secrets similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.sql similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/ipsec.sql diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/iptables.rules similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/iptables.rules rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/iptables.rules diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/pts/options similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/pts/options rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/strongswan.conf rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/tnc_config rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.secrets similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.secrets diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.sql similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/ipsec.sql diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/iptables.rules similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/iptables.rules rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/iptables.rules diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/pts/options similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/pts/options rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/strongswan.conf rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/tnc_config rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/posttest.dat rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat diff --git a/testing/tests/tnc/tnccs-20-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/pretest.dat rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat diff --git a/testing/tests/tnc/tnccs-20-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf similarity index 100% rename from testing/tests/tnc/tnccs-20-pt-tls/test.conf rename to testing/tests/tnc/tnccs-20-pdp-pt-tls/test.conf diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config deleted file mode 100644 index da732f68b0..0000000000 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMV configuration file for strongSwan client - -IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so -IMV "Scanner" /usr/local/lib/ipsec/imcvs/imv-scanner.so diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config deleted file mode 100644 index 6166552f52..0000000000 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config deleted file mode 100644 index 6166552f52..0000000000 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so