From: Andreas Steffen Date: Sun, 11 May 2014 18:49:21 +0000 (+0200) Subject: Implemented PT-EAP protocol (RFC 7171) X-Git-Tag: 5.2.0dr3~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d59090349cb95e624c134533283a68ae95b8476;p=thirdparty%2Fstrongswan.git Implemented PT-EAP protocol (RFC 7171) --- diff --git a/conf/plugins/eap-tnc.opt b/conf/plugins/eap-tnc.opt index 8e060cedaa..5593152409 100644 --- a/conf/plugins/eap-tnc.opt +++ b/conf/plugins/eap-tnc.opt @@ -1,6 +1,6 @@ charon.plugins.eap-tnc.max_message_count = 10 Maximum number of processed EAP-TNC packets (0 = no limit). -charon.plugins.eap-tnc.protocol = tnccs-1.1 +charon.plugins.eap-tnc.protocol = tnccs-2.0 IF-TNCCS protocol version to be used (_tnccs-1.1_, _tnccs-2.0_, _tnccs-dynamic_). diff --git a/conf/plugins/eap-ttls.opt b/conf/plugins/eap-ttls.opt index 21a6cb6746..7dcee82b2f 100644 --- a/conf/plugins/eap-ttls.opt +++ b/conf/plugins/eap-ttls.opt @@ -16,5 +16,8 @@ charon.plugins.eap-ttls.phase2_piggyback = no charon.plugins.eap-ttls.phase2_tnc = no Start phase2 EAP TNC protocol after successful client authentication. +charon.plugins.eap-ttls.phase2_tnc_method = pt + Phase2 EAP TNC transport protocol (_pt_ as IETF standard or legacy _tnc_) + charon.plugins.eap-ttls.request_peer_auth = no Request peer authentication based on a client certificate. diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c index 2147c04829..62d23d0647 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c @@ -46,6 +46,11 @@ struct private_eap_tnc_t { */ eap_tnc_t public; + /** + * Inner EAP authentication type + */ + eap_type_t type; + /** * Outer EAP authentication type */ @@ -124,7 +129,7 @@ METHOD(eap_method_t, initiate, status_t, private_eap_tnc_t *this, eap_payload_t **out) { chunk_t data; - u_int32_t auth_type; + uint32_t auth_type; /* Determine TNC Client Authentication Type */ switch (this->auth_type) @@ -175,10 +180,10 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_tnc_t *this, u_int32_t *vendor) + private_eap_tnc_t *this, uint32_t *vendor) { *vendor = 0; - return EAP_TNC; + return this->type; } METHOD(eap_method_t, get_msk, status_t, @@ -192,14 +197,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_tnc_t *this) { return this->tls_eap->get_identifier(this->tls_eap); } METHOD(eap_method_t, set_identifier, void, - private_eap_tnc_t *this, u_int8_t identifier) + private_eap_tnc_t *this, uint8_t identifier) { this->tls_eap->set_identifier(this->tls_eap, identifier); } @@ -214,7 +219,7 @@ METHOD(eap_method_t, destroy, void, private_eap_tnc_t *this) { chunk_t pdp_server; - u_int16_t pdp_port; + uint16_t pdp_port; tls_t *tls; pdp_server = this->tnccs->get_pdp_server(this->tnccs, &pdp_port); @@ -245,13 +250,14 @@ METHOD(eap_inner_method_t, set_auth_type, void, * Generic private constructor */ static eap_tnc_t *eap_tnc_create(identification_t *server, - identification_t *peer, bool is_server) + identification_t *peer, bool is_server, + eap_type_t type) { private_eap_tnc_t *this; int max_msg_count; char* protocol; tnccs_t *tnccs; - tnccs_type_t type; + tnccs_type_t tnccs_type; INIT(this, .public = { @@ -270,24 +276,25 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, .set_auth_type = _set_auth_type, }, }, + .type = type, ); max_msg_count = lib->settings->get_int(lib->settings, "%s.plugins.eap-tnc.max_message_count", EAP_TNC_MAX_MESSAGE_COUNT, lib->ns); protocol = lib->settings->get_str(lib->settings, - "%s.plugins.eap-tnc.protocol", "tnccs-1.1", lib->ns); + "%s.plugins.eap-tnc.protocol", "tnccs-2.0", lib->ns); if (strcaseeq(protocol, "tnccs-2.0")) { - type = TNCCS_2_0; + tnccs_type = TNCCS_2_0; } else if (strcaseeq(protocol, "tnccs-1.1")) { - type = TNCCS_1_1; + tnccs_type = TNCCS_1_1; } else if (strcaseeq(protocol, "tnccs-dynamic") && is_server) { - type = TNCCS_DYNAMIC; + tnccs_type = TNCCS_DYNAMIC; } else { @@ -295,8 +302,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, free(this); return NULL; } - tnccs = tnc->tnccs->create_instance(tnc->tnccs, type, - is_server, server, peer, TNC_IFT_EAP_1_1, + tnccs = tnc->tnccs->create_instance(tnc->tnccs, tnccs_type, + is_server, server, peer, + (type == EAP_TNC) ? TNC_IFT_EAP_1_1 : TNC_IFT_EAP_2_0, is_server ? enforce_recommendation : NULL); if (!tnccs) { @@ -305,7 +313,7 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, return NULL; } this->tnccs = tnccs->get_ref(tnccs); - this->tls_eap = tls_eap_create(EAP_TNC, &tnccs->tls, + this->tls_eap = tls_eap_create(type, &tnccs->tls, EAP_TNC_MAX_MESSAGE_LEN, max_msg_count, FALSE); if (!this->tls_eap) @@ -319,11 +327,23 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *peer) { - return eap_tnc_create(server, peer, TRUE); + return eap_tnc_create(server, peer, TRUE, EAP_TNC); } eap_tnc_t *eap_tnc_create_peer(identification_t *server, identification_t *peer) { - return eap_tnc_create(server, peer, FALSE); + return eap_tnc_create(server, peer, FALSE, EAP_TNC); +} + +eap_tnc_t *eap_tnc_pt_create_server(identification_t *server, + identification_t *peer) +{ + return eap_tnc_create(server, peer, TRUE, EAP_PT_EAP); +} + +eap_tnc_t *eap_tnc_pt_create_peer(identification_t *server, + identification_t *peer) +{ + return eap_tnc_create(server, peer, FALSE, EAP_PT_EAP); } diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.h b/src/libcharon/plugins/eap_tnc/eap_tnc.h index 8c881f6cf6..d7ea9f4bb6 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.h +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.h @@ -26,7 +26,7 @@ typedef struct eap_tnc_t eap_tnc_t; #include /** - * Implementation of the eap_method_t interface using EAP-TNC. + * Implementation of the eap_method_t interface using EAP-TNC or PT-EAP. */ struct eap_tnc_t { @@ -43,7 +43,8 @@ struct eap_tnc_t { * @param peer ID of the EAP client * @return eap_tnc_t object */ -eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *peer); +eap_tnc_t *eap_tnc_create_server(identification_t *server, + identification_t *peer); /** * Creates the EAP method EAP-TNC acting as peer. @@ -52,6 +53,27 @@ eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *pee * @param peer ID of the EAP client * @return eap_tnc_t object */ -eap_tnc_t *eap_tnc_create_peer(identification_t *server, identification_t *peer); +eap_tnc_t *eap_tnc_create_peer(identification_t *server, + identification_t *peer); + +/** + * Creates the EAP method PT-EAP acting as server. + * + * @param server ID of the EAP server + * @param peer ID of the EAP client + * @return eap_tnc_t object + */ +eap_tnc_t *eap_tnc_pt_create_server(identification_t *server, + identification_t *peer); + +/** + * Creates the EAP method PT-EAP acting as peer. + * + * @param server ID of the EAP server + * @param peer ID of the EAP client + * @return eap_tnc_t object + */ +eap_tnc_t *eap_tnc_pt_create_peer(identification_t *server, + identification_t *peer); #endif /** EAP_TNC_H_ @}*/ diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c index 813a75f487..d0f79fa433 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c @@ -36,6 +36,14 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(EAP_PEER, EAP_TNC), PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS), PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"), + PLUGIN_CALLBACK(eap_method_register, eap_tnc_pt_create_server), + PLUGIN_PROVIDE(EAP_SERVER, EAP_PT_EAP), + PLUGIN_DEPENDS(EAP_SERVER, EAP_TTLS), + PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"), + PLUGIN_CALLBACK(eap_method_register, eap_tnc_pt_create_peer), + PLUGIN_PROVIDE(EAP_PEER, EAP_PT_EAP), + PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS), + PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"), }; *features = f; return countof(f); diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c index 88c2b88c6d..9d145ea911 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2010 Andreas Steffen - * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil + * Copyright (C) 2010-2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -107,22 +107,34 @@ static status_t start_phase2_auth(private_eap_ttls_server_t *this) } /** - * If configured, start EAP-TNC protocol + * If configured, start PT-EAP or legacy EAP-TNC protocol */ static status_t start_phase2_tnc(private_eap_ttls_server_t *this, eap_type_t auth_type) { eap_inner_method_t *inner_method; + eap_type_t type; + char *eap_type_str; if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings, "%s.plugins.eap-ttls.phase2_tnc", FALSE, lib->ns)) { - DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC); - this->method = charon->eap->create_instance(charon->eap, EAP_TNC, + eap_type_str = lib->settings->get_str(lib->settings, + "%s.plugins.eap-ttls.phase2_tnc_method", "pt", + lib->ns); + type = eap_type_from_string(eap_type_str); + if (type == 0) + { + DBG1(DBG_IKE, "unrecognized phase2 EAP TNC method \"%s\"", + eap_type_str); + return FAILED; + } + DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, type); + this->method = charon->eap->create_instance(charon->eap, type, 0, EAP_SERVER, this->server, this->peer); if (this->method == NULL) { - DBG1(DBG_IKE, "%N method not available", eap_type_names, EAP_TNC); + DBG1(DBG_IKE, "%N method not available", eap_type_names, type); return FAILED; } inner_method = (eap_inner_method_t *)this->method; @@ -135,7 +147,7 @@ static status_t start_phase2_tnc(private_eap_ttls_server_t *this, } else { - DBG1(DBG_IKE, "%N method failed", eap_type_names, EAP_TNC); + DBG1(DBG_IKE, "%N method failed", eap_type_names, type); return FAILED; } } @@ -151,7 +163,7 @@ METHOD(tls_application_t, process, status_t, eap_payload_t *in; eap_code_t code; eap_type_t type = EAP_NAK, received_type; - u_int32_t vendor, received_vendor; + uint32_t vendor, received_vendor; status = this->avp->process(this->avp, reader, &data); switch (status) @@ -297,7 +309,7 @@ METHOD(tls_application_t, build, status_t, chunk_t data; eap_code_t code; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; if (this->method == NULL && this->start_phase2 && lib->settings->get_bool(lib->settings, diff --git a/src/libstrongswan/eap/eap.c b/src/libstrongswan/eap/eap.c index c181c5de7d..64b5dbe51d 100644 --- a/src/libstrongswan/eap/eap.c +++ b/src/libstrongswan/eap/eap.c @@ -57,7 +57,9 @@ ENUM_NEXT(eap_type_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2, "EAP_MSTLV"); ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSTLV, "EAP_TNC"); -ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_TNC, +ENUM_NEXT(eap_type_names, EAP_PT_EAP, EAP_PT_EAP, EAP_TNC, + "EAP_PT_EAP"); +ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_PT_EAP, "EAP_EXPANDED", "EAP_EXPERIMENTAL", "EAP_RADIUS", @@ -86,7 +88,9 @@ ENUM_NEXT(eap_type_short_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2, "MSTLV"); ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSTLV, "TNC"); -ENUM_NEXT(eap_type_short_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_TNC, +ENUM_NEXT(eap_type_short_names, EAP_PT_EAP, EAP_PT_EAP, EAP_TNC, + "PT"); +ENUM_NEXT(eap_type_short_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_PT_EAP, "EXP", "XP", "RAD", @@ -114,6 +118,7 @@ eap_type_t eap_type_from_string(char *name) {"peap", EAP_PEAP}, {"mschapv2", EAP_MSCHAPV2}, {"tnc", EAP_TNC}, + {"pt", EAP_PT_EAP}, {"dynamic", EAP_DYNAMIC}, {"radius", EAP_RADIUS}, }; @@ -136,7 +141,7 @@ eap_vendor_type_t *eap_vendor_type_from_string(char *str) enumerator_t *enumerator; eap_vendor_type_t *result = NULL; eap_type_t type = 0; - u_int32_t vendor = 0; + uint32_t vendor = 0; char *part, *end; /* parse EAP method string of the form: [eap-]type[-vendor] */ diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h index 0e144b1236..08d88ba882 100644 --- a/src/libstrongswan/eap/eap.h +++ b/src/libstrongswan/eap/eap.h @@ -67,6 +67,7 @@ enum eap_type_t { EAP_MSCHAPV2 = 26, EAP_MSTLV = 33, EAP_TNC = 38, + EAP_PT_EAP = 54, EAP_EXPANDED = 254, EAP_EXPERIMENTAL = 255, /** not a method, but an implementation providing different methods */ diff --git a/src/libtls/tls_eap.c b/src/libtls/tls_eap.c index 68cebb9941..ebe5bc3a82 100644 --- a/src/libtls/tls_eap.c +++ b/src/libtls/tls_eap.c @@ -47,7 +47,7 @@ struct private_tls_eap_t { /** * Current value of EAP identifier */ - u_int8_t identifier; + uint8_t identifier; /** * TLS stack @@ -59,6 +59,11 @@ struct private_tls_eap_t { */ bool is_server; + /** + * Supported version of the EAP tunnel protocol + */ + uint8_t supported_version; + /** * If FALSE include the total length of an EAP message * in the first fragment of fragmented messages only. @@ -94,22 +99,24 @@ typedef enum { EAP_TLS_LENGTH = (1<<7), /* shared with EAP-TTLS/TNC/PEAP */ EAP_TLS_MORE_FRAGS = (1<<6), /* shared with EAP-TTLS/TNC/PEAP */ EAP_TLS_START = (1<<5), /* shared with EAP-TTLS/TNC/PEAP */ - EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC/PEAP */ + EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC/PEAP/PT-EAP */ + EAP_PT_START = (1<<7) /* PT-EAP only */ } eap_tls_flags_t; -#define EAP_TTLS_SUPPORTED_VERSION 0 -#define EAP_TNC_SUPPORTED_VERSION 1 -#define EAP_PEAP_SUPPORTED_VERSION 0 +#define EAP_TTLS_SUPPORTED_VERSION 0 +#define EAP_TNC_SUPPORTED_VERSION 1 +#define EAP_PEAP_SUPPORTED_VERSION 0 +#define EAP_PT_EAP_SUPPORTED_VERSION 1 /** * EAP-TLS/TTLS packet format */ typedef struct __attribute__((packed)) { - u_int8_t code; - u_int8_t identifier; - u_int16_t length; - u_int8_t type; - u_int8_t flags; + uint8_t code; + uint8_t identifier; + uint16_t length; + uint8_t type; + uint8_t flags; } eap_tls_packet_t; METHOD(tls_eap_t, initiate, status_t, @@ -120,18 +127,18 @@ METHOD(tls_eap_t, initiate, status_t, eap_tls_packet_t pkt = { .type = this->type, .code = EAP_REQUEST, - .flags = EAP_TLS_START, + .flags = this->supported_version }; switch (this->type) { + case EAP_TLS: case EAP_TTLS: - pkt.flags |= EAP_TTLS_SUPPORTED_VERSION; - break; case EAP_TNC: - pkt.flags |= EAP_TNC_SUPPORTED_VERSION; - break; case EAP_PEAP: - pkt.flags |= EAP_PEAP_SUPPORTED_VERSION; + pkt.flags |= EAP_TLS_START; + break; + case EAP_PT_EAP: + pkt.flags |= EAP_PT_START; break; default: break; @@ -153,13 +160,25 @@ METHOD(tls_eap_t, initiate, status_t, */ static status_t process_pkt(private_tls_eap_t *this, eap_tls_packet_t *pkt) { - u_int16_t pkt_len; - u_int32_t msg_len; + uint8_t version; + uint16_t pkt_len; + uint32_t msg_len; size_t msg_len_offset = 0; + /* EAP-TLS doesn't have a version field */ + if (this->type != EAP_TLS) + { + version = pkt->flags & EAP_TTLS_VERSION; + if (version != this->supported_version) + { + DBG1(DBG_TLS, "received %N packet with unsupported version v%u", + eap_type_names, this->type, version); + return FAILED; + } + } pkt_len = untoh16(&pkt->length); - if (pkt->flags & EAP_TLS_LENGTH) + if (this->type != EAP_PT_EAP && (pkt->flags & EAP_TLS_LENGTH)) { if (pkt_len < sizeof(eap_tls_packet_t) + sizeof(msg_len)) { @@ -200,27 +219,12 @@ static status_t build_pkt(private_tls_eap_t *this, chunk_t *out) pkt->code = this->is_server ? EAP_REQUEST : EAP_RESPONSE; pkt->identifier = this->identifier; pkt->type = this->type; - pkt->flags = 0; - - switch (this->type) - { - case EAP_TTLS: - pkt->flags |= EAP_TTLS_SUPPORTED_VERSION; - break; - case EAP_TNC: - pkt->flags |= EAP_TNC_SUPPORTED_VERSION; - break; - case EAP_PEAP: - pkt->flags |= EAP_PEAP_SUPPORTED_VERSION; - break; - default: - break; - } + pkt->flags = this->supported_version; if (this->first_fragment) { - len = sizeof(buf) - sizeof(eap_tls_packet_t) - sizeof(u_int32_t); - msg_len_offset = sizeof(u_int32_t); + len = sizeof(buf) - sizeof(eap_tls_packet_t) - sizeof(uint32_t); + msg_len_offset = sizeof(uint32_t); } else { @@ -251,7 +255,7 @@ static status_t build_pkt(private_tls_eap_t *this, chunk_t *out) } kind = "packet"; } - else if (this->type != EAP_TNC) + else if (this->type != EAP_TNC && this->type != EAP_PT_EAP) { this->first_fragment = TRUE; kind = "final fragment"; @@ -269,14 +273,14 @@ static status_t build_pkt(private_tls_eap_t *this, chunk_t *out) if (pkt->flags & EAP_TLS_LENGTH) { htoun32(pkt + 1, reclen); - len += sizeof(u_int32_t); + len += sizeof(uint32_t); pkt->flags |= EAP_TLS_LENGTH; } else { /* get rid of the reserved length field */ memmove(buf + sizeof(eap_tls_packet_t), - buf + sizeof(eap_tls_packet_t) + sizeof(u_int32_t), len); + buf + sizeof(eap_tls_packet_t) + sizeof(uint32_t), len); } } len += sizeof(eap_tls_packet_t); @@ -352,10 +356,11 @@ METHOD(tls_eap_t, process, status_t, } DBG3(DBG_TLS, "%N payload %B", eap_type_names, this->type, &in); - if (pkt->flags & EAP_TLS_START) + if ((this->type == EAP_PT_EAP && (pkt->flags & EAP_PT_START)) || + (pkt->flags & EAP_TLS_START)) { if (this->type == EAP_TTLS || this->type == EAP_TNC || - this->type == EAP_PEAP) + this->type == EAP_PEAP || this->type == EAP_PT_EAP) { DBG1(DBG_TLS, "%N version is v%u", eap_type_names, this->type, pkt->flags & EAP_TTLS_VERSION); @@ -409,14 +414,14 @@ METHOD(tls_eap_t, get_msk, chunk_t, return this->tls->get_eap_msk(this->tls); } -METHOD(tls_eap_t, get_identifier, u_int8_t, +METHOD(tls_eap_t, get_identifier, uint8_t, private_tls_eap_t *this) { return this->identifier; } METHOD(tls_eap_t, set_identifier, void, - private_tls_eap_t *this, u_int8_t identifier) + private_tls_eap_t *this, uint8_t identifier) { this->identifier = identifier; } @@ -452,13 +457,31 @@ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, }, .type = type, .is_server = tls->is_server(tls), - .first_fragment = (type != EAP_TNC), + .first_fragment = (type != EAP_TNC && type != EAP_PT_EAP), .frag_size = frag_size, .max_msg_count = max_msg_count, .include_length = include_length, .tls = tls, ); + switch (type) + { + case EAP_TTLS: + this->supported_version = EAP_TTLS_SUPPORTED_VERSION; + break; + case EAP_TNC: + this->supported_version = EAP_TNC_SUPPORTED_VERSION; + break; + case EAP_PEAP: + this->supported_version = EAP_PEAP_SUPPORTED_VERSION; + break; + case EAP_PT_EAP: + this->supported_version = EAP_PT_EAP_SUPPORTED_VERSION; + break; + default: + break; + } + if (this->is_server) { do diff --git a/src/libtls/tls_eap.h b/src/libtls/tls_eap.h index c7da832cbb..f3fbba078c 100644 --- a/src/libtls/tls_eap.h +++ b/src/libtls/tls_eap.h @@ -66,7 +66,7 @@ struct tls_eap_t { * * @return identifier */ - u_int8_t (*get_identifier)(tls_eap_t *this); + uint8_t (*get_identifier)(tls_eap_t *this); /** * Set the EAP identifier to a deterministic value, overwriting @@ -74,7 +74,7 @@ struct tls_eap_t { * * @param identifier EAP identifier */ - void (*set_identifier) (tls_eap_t *this, u_int8_t identifier); + void (*set_identifier) (tls_eap_t *this, uint8_t identifier); /** * Destroy a tls_eap_t. diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf index 73646f8dbe..2f104f53a0 100644 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf @@ -2,5 +2,12 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf index 73646f8dbe..2f104f53a0 100644 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf @@ -2,5 +2,12 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf index 3975f09a9d..51425ac98c 100644 --- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf @@ -2,12 +2,18 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes + phase2_tnc_method = tnc + } + eap-tnc { + protocol = tnccs-1.1 } } } diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf index 4cc205cf7b..4c770388d8 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf @@ -2,7 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } libimcv { diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf index ac469590c9..df385d55b1 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf @@ -2,7 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } libimcv { diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf index 56c6b9f575..4eeff496c7 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf @@ -2,7 +2,14 @@ charon { load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } libimcv { diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf index 145ad9d2dd..7c27dbd712 100644 --- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf @@ -2,7 +2,14 @@ charon { load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } libimcv { diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf index 4cc205cf7b..4c770388d8 100644 --- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf @@ -2,7 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } libimcv { diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf index 5dbee558f9..5424f4ca21 100644 --- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf @@ -2,7 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } libimcv { diff --git a/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf index 4cc205cf7b..4c770388d8 100644 --- a/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf @@ -2,7 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } libimcv { diff --git a/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf index 5dbee558f9..5424f4ca21 100644 --- a/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf @@ -2,7 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + + plugins { + eap-tnc { + protocol = tnccs-1.1 + } + } } libimcv { diff --git a/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf index 2fe4cf0010..3037d00827 100644 --- a/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf @@ -2,12 +2,18 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes + phase2_tnc_method = tnc + } + eap-tnc { + protocol = tnccs-1.1 } } } diff --git a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf index ced332cc4c..20c0928b9a 100644 --- a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no + plugins { - eap-tnc { - protocol = tnccs-2.0 - } tnc-imc { preferred_language = de, en } diff --git a/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf index 70a1b07e6f..64a25b405d 100644 --- a/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + multiple_authentication=no + plugins { - eap-tnc { - protocol = tnccs-2.0 - } tnc-imc { preferred_language = ru, fr, en } diff --git a/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf index 59dce18741..7ee2ead8c1 100644 --- a/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf @@ -2,16 +2,15 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } tnc-imv { recommendation_policy = all } diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf index f202bbfa85..c0e5e94769 100644 --- a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf @@ -2,12 +2,8 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } libimcv { diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf index 996169add1..4c31a78f66 100644 --- a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no + plugins { - eap-tnc { - protocol = tnccs-2.0 - } tnc-imc { preferred_language = ru , de, en } diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf index 3e6bc65a67..46c7367005 100644 --- a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf @@ -2,16 +2,15 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } } } diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf index 18e7157850..d71893aadd 100644 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf @@ -2,10 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf index 18e7157850..d71893aadd 100644 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf @@ -2,10 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf index 602979cf6b..768138888f 100644 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf @@ -2,15 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } } } diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf index e6046833cb..f64fe6a0c7 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf @@ -2,12 +2,8 @@ charon { load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } libimcv { diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf index 3236a18fad..075919aec2 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no + plugins { - eap-tnc { - protocol = tnccs-2.0 - } tnc-imc { preferred_language = de } diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf index 0298a51516..e81908f31d 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf @@ -2,16 +2,15 @@ charon { load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } } } diff --git a/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf index 34941e52c6..4f5993e07e 100644 --- a/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf @@ -2,12 +2,8 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } libimcv { diff --git a/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf index 49f778f5b2..4ed358deee 100644 --- a/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no + plugins { - eap-tnc { - protocol = tnccs-2.0 - } tnc-imc { preferred_language = de } diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf index 3e017e9052..ed81c1778a 100644 --- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf @@ -2,16 +2,15 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } } } diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf index 61bf86fbce..1237d233b4 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf @@ -2,6 +2,7 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite + plugins { eap-ttls { phase2_method = md5 @@ -10,7 +11,6 @@ charon { max_message_count = 0 } eap-tnc { - protocol = tnccs-2.0 max_message_count = 20 } tnc-pdp { diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf index be6c0ad195..eeb8e42abe 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf @@ -8,7 +8,6 @@ charon { max_message_count = 0 } eap-tnc { - protocol = tnccs-2.0 max_message_count = 20 } tnccs-20 { diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf index aefbfde95b..c9cbad966e 100644 --- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf @@ -8,7 +8,6 @@ charon { max_message_count = 0 } eap-tnc { - protocol = tnccs-2.0 max_message_count = 20 } tnccs-20 { diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf index 72bf2c7c9b..53bb9dfaa6 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf @@ -2,12 +2,8 @@ charon { load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } libimcv { diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf index 6f71994aea..25c27be8b0 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no + plugins { - eap-tnc { - protocol = tnccs-2.0 - } tnc-imc { preferred_language = de } diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf index e76598b9ab..07d620c0e4 100644 --- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf @@ -2,16 +2,15 @@ charon { load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } } } diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf index e6046833cb..f64fe6a0c7 100644 --- a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf @@ -2,12 +2,8 @@ charon { load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } libimcv { diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf index 3236a18fad..79c79b87f4 100644 --- a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf @@ -2,11 +2,9 @@ charon { load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no plugins { - eap-tnc { - protocol = tnccs-2.0 - } tnc-imc { preferred_language = de } diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf index 0298a51516..e81908f31d 100644 --- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf @@ -2,16 +2,15 @@ charon { load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } } } diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf index 6f145ab0b8..5e661c36e4 100644 --- a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf @@ -2,12 +2,8 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } libimcv { diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf index fce9499011..6b86fe8976 100644 --- a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no + plugins { - eap-tnc { - protocol = tnccs-2.0 - } tnc-imc { preferred_language = ru , de, en } diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf index 3e6bc65a67..46c7367005 100644 --- a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf @@ -2,16 +2,15 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } } } diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf index ada13a3250..1cf2f0e72b 100644 --- a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf @@ -2,12 +2,8 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } libimcv { diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf index 0870ca6675..0e63eaba47 100644 --- a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf @@ -2,12 +2,8 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } libimcv { diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf index bc1d421c17..1a4dc85210 100644 --- a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf @@ -2,25 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { request_peer_auth = yes phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } - } -} - -libimcv { - plugins { - imv-scanner { - closed_port_policy = no - tcp_ports = 80 443 - udp_ports = - } } } diff --git a/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf index 6d8c10eab5..292bfa53fd 100644 --- a/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf @@ -2,12 +2,8 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - multiple_authentication=no - plugins { - eap-tnc { - protocol = tnccs-2.0 - } - } + + multiple_authentication = no } libimcv { diff --git a/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf index 1e5f50b05e..75f6d73dae 100644 --- a/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no + plugins { - eap-tnc { - protocol = tnccs-2.0 - } tnc-imc { preferred_language = ru, pl , de } diff --git a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf index 1a0cc202e1..94e1ee9267 100644 --- a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf @@ -2,16 +2,15 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown - multiple_authentication=no + + multiple_authentication = no + plugins { eap-ttls { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes } - eap-tnc { - protocol = tnccs-2.0 - } } } diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf index 0b1cf10eb3..0d547cbe0d 100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf @@ -11,6 +11,7 @@ charon { phase2_method = md5 phase2_piggyback = yes phase2_tnc = yes + phase2_tnc_method = tnc } eap-tnc { protocol = tnccs-dynamic