summaryrefslogtreecommitdiff
path: root/conf/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'conf/plugins')
-rw-r--r--conf/plugins/eap-tnc.conf2
-rw-r--r--conf/plugins/eap-tnc.opt2
-rw-r--r--conf/plugins/eap-ttls.conf3
-rw-r--r--conf/plugins/eap-ttls.opt3
-rw-r--r--conf/plugins/imc-attestation.conf21
-rw-r--r--conf/plugins/imc-attestation.opt14
-rw-r--r--conf/plugins/imc-os.conf3
-rw-r--r--conf/plugins/imc-os.opt14
-rw-r--r--conf/plugins/imc-scanner.conf3
-rw-r--r--conf/plugins/imc-scanner.opt2
-rw-r--r--conf/plugins/imc-swid.conf3
-rw-r--r--conf/plugins/imc-swid.opt11
-rw-r--r--conf/plugins/imc-test.conf15
-rw-r--r--conf/plugins/imc-test.opt10
-rw-r--r--conf/plugins/imv-attestation.conf37
-rw-r--r--conf/plugins/imv-attestation.opt22
-rw-r--r--conf/plugins/imv-os.conf3
-rw-r--r--conf/plugins/imv-os.opt2
-rw-r--r--conf/plugins/imv-scanner.conf3
-rw-r--r--conf/plugins/imv-scanner.opt2
-rw-r--r--conf/plugins/imv-swid.conf8
-rw-r--r--conf/plugins/imv-swid.opt5
-rw-r--r--conf/plugins/imv-test.conf3
-rw-r--r--conf/plugins/imv-test.opt2
-rw-r--r--conf/plugins/kernel-klips.conf14
-rw-r--r--conf/plugins/kernel-klips.opt5
-rw-r--r--conf/plugins/load-tester.conf4
-rw-r--r--conf/plugins/load-tester.opt4
-rw-r--r--conf/plugins/vici.conf11
-rw-r--r--conf/plugins/vici.opt2
30 files changed, 92 insertions, 141 deletions
diff --git a/conf/plugins/eap-tnc.conf b/conf/plugins/eap-tnc.conf
index aca72f1ed..27ef1366d 100644
--- a/conf/plugins/eap-tnc.conf
+++ b/conf/plugins/eap-tnc.conf
@@ -9,7 +9,7 @@ eap-tnc {
# IF-TNCCS protocol version to be used (tnccs-1.1, tnccs-2.0,
# tnccs-dynamic).
- # protocol = tnccs-1.1
+ # protocol = tnccs-2.0
}
diff --git a/conf/plugins/eap-tnc.opt b/conf/plugins/eap-tnc.opt
index 8e060ceda..559315240 100644
--- a/conf/plugins/eap-tnc.opt
+++ b/conf/plugins/eap-tnc.opt
@@ -1,6 +1,6 @@
charon.plugins.eap-tnc.max_message_count = 10
Maximum number of processed EAP-TNC packets (0 = no limit).
-charon.plugins.eap-tnc.protocol = tnccs-1.1
+charon.plugins.eap-tnc.protocol = tnccs-2.0
IF-TNCCS protocol version to be used (_tnccs-1.1_, _tnccs-2.0_,
_tnccs-dynamic_).
diff --git a/conf/plugins/eap-ttls.conf b/conf/plugins/eap-ttls.conf
index 5229625e0..0614dcb3c 100644
--- a/conf/plugins/eap-ttls.conf
+++ b/conf/plugins/eap-ttls.conf
@@ -23,6 +23,9 @@ eap-ttls {
# Start phase2 EAP TNC protocol after successful client authentication.
# phase2_tnc = no
+ # Phase2 EAP TNC transport protocol (pt as IETF standard or legacy tnc)
+ # phase2_tnc_method = pt
+
# Request peer authentication based on a client certificate.
# request_peer_auth = no
diff --git a/conf/plugins/eap-ttls.opt b/conf/plugins/eap-ttls.opt
index 21a6cb674..7dcee82b2 100644
--- a/conf/plugins/eap-ttls.opt
+++ b/conf/plugins/eap-ttls.opt
@@ -16,5 +16,8 @@ charon.plugins.eap-ttls.phase2_piggyback = no
charon.plugins.eap-ttls.phase2_tnc = no
Start phase2 EAP TNC protocol after successful client authentication.
+charon.plugins.eap-ttls.phase2_tnc_method = pt
+ Phase2 EAP TNC transport protocol (_pt_ as IETF standard or legacy _tnc_)
+
charon.plugins.eap-ttls.request_peer_auth = no
Request peer authentication based on a client certificate.
diff --git a/conf/plugins/imc-attestation.conf b/conf/plugins/imc-attestation.conf
index 2d8deaa8e..eed706fb8 100644
--- a/conf/plugins/imc-attestation.conf
+++ b/conf/plugins/imc-attestation.conf
@@ -1,29 +1,8 @@
imc-attestation {
- # AIK encrypted private key blob file.
- # aik_blob =
-
- # AIK certificate file.
- # aik_cert =
-
- # AIK public key file.
- # aik_key =
-
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
- # Enforce mandatory Diffie-Hellman groups.
- # mandatory_dh_groups = yes
-
- # DH nonce length.
- # nonce_len = 20
-
- # Whether to send pcr_before and pcr_after info.
- # pcr_info = yes
-
- # Use Quote2 AIK signature instead of Quote signature.
- # use_quote2 = yes
-
}
diff --git a/conf/plugins/imc-attestation.opt b/conf/plugins/imc-attestation.opt
index aaac4c2c1..9b60b9ede 100644
--- a/conf/plugins/imc-attestation.opt
+++ b/conf/plugins/imc-attestation.opt
@@ -1,20 +1,20 @@
-charon.plugins.imc-attestation.aik_blob =
+libimcv.plugins.imc-attestation.aik_blob =
AIK encrypted private key blob file.
-charon.plugins.imc-attestation.aik_cert =
+libimcv.plugins.imc-attestation.aik_cert =
AIK certificate file.
-charon.plugins.imc-attestation.aik_key =
+libimcv.plugins.imc-attestation.aik_pubkey =
AIK public key file.
-charon.plugins.imc-attestation.mandatory_dh_groups = yes
+libimcv.plugins.imc-attestation.mandatory_dh_groups = yes
Enforce mandatory Diffie-Hellman groups.
-charon.plugins.imc-attestation.nonce_len = 20
+libimcv.plugins.imc-attestation.nonce_len = 20
DH nonce length.
-charon.plugins.imc-attestation.use_quote2 = yes
+libimcv.plugins.imc-attestation.use_quote2 = yes
Use Quote2 AIK signature instead of Quote signature.
-charon.plugins.imc-attestation.pcr_info = yes
+libimcv.plugins.imc-attestation.pcr_info = no
Whether to send pcr_before and pcr_after info.
diff --git a/conf/plugins/imc-os.conf b/conf/plugins/imc-os.conf
index 1d245d3f3..56b218228 100644
--- a/conf/plugins/imc-os.conf
+++ b/conf/plugins/imc-os.conf
@@ -4,8 +4,5 @@ imc-os {
# priority of this plugin.
load = yes
- # Send operating system info without being prompted.
- # push_info = yes
-
}
diff --git a/conf/plugins/imc-os.opt b/conf/plugins/imc-os.opt
index 2a6333f93..4f559f2b9 100644
--- a/conf/plugins/imc-os.opt
+++ b/conf/plugins/imc-os.opt
@@ -1,2 +1,14 @@
-charon.plugins.imc-os.push_info = yes
+libimcv.plugins.imc-os.device_cert =
+ Manually set the path to the client device certificate
+ (e.g. /etc/pts/aikCert.der)
+
+libimcv.plugins.imc-os.device_id =
+ Manually set the client device ID in hexadecimal format
+ (e.g. 1083f03988c9762703b1c1080c2e46f72b99cc31)
+
+libimcv.plugins.imc-os.device_pubkey =
+ Manually set the path to the client device public key
+ (e.g. /etc/pts/aikPub.der)
+
+libimcv.plugins.imc-os.push_info = yes
Send operating system info without being prompted.
diff --git a/conf/plugins/imc-scanner.conf b/conf/plugins/imc-scanner.conf
index 7f2f53106..fb05a0823 100644
--- a/conf/plugins/imc-scanner.conf
+++ b/conf/plugins/imc-scanner.conf
@@ -4,8 +4,5 @@ imc-scanner {
# priority of this plugin.
load = yes
- # Send open listening ports without being prompted.
- # push_info = yes
-
}
diff --git a/conf/plugins/imc-scanner.opt b/conf/plugins/imc-scanner.opt
index 84e6dfa2f..9cc12b91d 100644
--- a/conf/plugins/imc-scanner.opt
+++ b/conf/plugins/imc-scanner.opt
@@ -1,2 +1,2 @@
-charon.plugins.imc-scanner.push_info = yes
+libimcv.plugins.imc-scanner.push_info = yes
Send open listening ports without being prompted.
diff --git a/conf/plugins/imc-swid.conf b/conf/plugins/imc-swid.conf
index 8b3317163..4893703ad 100644
--- a/conf/plugins/imc-swid.conf
+++ b/conf/plugins/imc-swid.conf
@@ -4,8 +4,5 @@ imc-swid {
# priority of this plugin.
load = yes
- # Directory where SWID tags are located.
- # swid_directory = ${prefix}/share
-
}
diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt
index 67f7c79c4..74490c179 100644
--- a/conf/plugins/imc-swid.opt
+++ b/conf/plugins/imc-swid.opt
@@ -1,2 +1,11 @@
-charon.plugins.imc-swid.swid_directory = ${prefix}/share
+libimcv.plugins.imc-swid.swid_directory = ${prefix}/share
Directory where SWID tags are located.
+
+libimcv.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator
+ SWID generator command to be executed.
+
+libimcv.plugins.imc-swid.swid_pretty = FALSE
+ Generate XML-encoded SWID tags with pretty indentation.
+
+libimcv.plugins.imc-swid.swid_full = FALSE
+ Include file information in the XML-encoded SWID tags.
diff --git a/conf/plugins/imc-test.conf b/conf/plugins/imc-test.conf
index 0d66e3d0c..4deac7641 100644
--- a/conf/plugins/imc-test.conf
+++ b/conf/plugins/imc-test.conf
@@ -1,23 +1,8 @@
imc-test {
- # Number of additional IMC IDs.
- # additional_ids = 0
-
- # Command to be sent to the Test IMV.
- # command = none
-
- # Size of dummy attribute to be sent to the Test IMV (0 = disabled).
- # dummy_size = 0
-
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
- # Do a handshake retry.
- # retry = no
-
- # Command to be sent to the Test IMV in the handshake retry.
- # retry_command =
-
}
diff --git a/conf/plugins/imc-test.opt b/conf/plugins/imc-test.opt
index c3169b5af..e15b069e8 100644
--- a/conf/plugins/imc-test.opt
+++ b/conf/plugins/imc-test.opt
@@ -1,14 +1,14 @@
-charon.plugins.imc-test.additional_ids = 0
+libimcv.plugins.imc-test.additional_ids = 0
Number of additional IMC IDs.
-charon.plugins.imc-test.command = none
+libimcv.plugins.imc-test.command = none
Command to be sent to the Test IMV.
-charon.plugins.imc-test.dummy_size = 0
+libimcv.plugins.imc-test.dummy_size = 0
Size of dummy attribute to be sent to the Test IMV (0 = disabled).
-charon.plugins.imc-test.retry = no
+libimcv.plugins.imc-test.retry = no
Do a handshake retry.
-charon.plugins.imc-test.retry_command =
+libimcv.plugins.imc-test.retry_command =
Command to be sent to the Test IMV in the handshake retry.
diff --git a/conf/plugins/imv-attestation.conf b/conf/plugins/imv-attestation.conf
index 3a1a7f225..29a42090b 100644
--- a/conf/plugins/imv-attestation.conf
+++ b/conf/plugins/imv-attestation.conf
@@ -1,45 +1,8 @@
-imc-attestation {
-
- # Dummy data if the TBOOT log is not retrieved.
- # pcr17_after =
-
- # Dummy data if the TBOOT log is not retrieved.
- # pcr17_before =
-
- # Dummy data if the TBOOT log is not retrieved.
- # pcr17_meas =
-
- # Dummy data if the TBOOT log is not retrieved.
- # pcr18_after =
-
- # Dummy data if the TBOOT log is not retrieved.
- # pcr18_before =
-
- # Dummy data if the TBOOT log is not retrieved.
- # pcr18_meas =
-
-}
-
imv-attestation {
- # Path to directory with AIK cacerts.
- # cadir =
-
- # Preferred Diffie-Hellman group.
- # dh_group = ecp256
-
- # Preferred measurement hash algorithm.
- # hash_algorithm = sha256
-
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
- # Enforce mandatory Diffie-Hellman groups.
- # mandatory_dh_groups = yes
-
- # DH minimum nonce length.
- # min_nonce_len = 0
-
}
diff --git a/conf/plugins/imv-attestation.opt b/conf/plugins/imv-attestation.opt
index f266281e6..3ad51625d 100644
--- a/conf/plugins/imv-attestation.opt
+++ b/conf/plugins/imv-attestation.opt
@@ -1,32 +1,32 @@
-charon.plugins.imv-attestation.cadir =
+libimcv.plugins.imv-attestation.cadir =
Path to directory with AIK cacerts.
-charon.plugins.imv-attestation.mandatory_dh_groups = yes
+libimcv.plugins.imv-attestation.mandatory_dh_groups = yes
Enforce mandatory Diffie-Hellman groups.
-charon.plugins.imv-attestation.dh_group = ecp256
+libimcv.plugins.imv-attestation.dh_group = ecp256
Preferred Diffie-Hellman group.
-charon.plugins.imv-attestation.hash_algorithm = sha256
+libimcv.plugins.imv-attestation.hash_algorithm = sha256
Preferred measurement hash algorithm.
-charon.plugins.imv-attestation.min_nonce_len = 0
+libimcv.plugins.imv-attestation.min_nonce_len = 0
DH minimum nonce length.
-charon.plugins.imc-attestation.pcr17_after
+libimcv.plugins.imc-attestation.pcr17_after
Dummy data if the TBOOT log is not retrieved.
-charon.plugins.imc-attestation.pcr17_before
+libimcv.plugins.imc-attestation.pcr17_before
Dummy data if the TBOOT log is not retrieved.
-charon.plugins.imc-attestation.pcr17_meas
+libimcv.plugins.imc-attestation.pcr17_meas
Dummy data if the TBOOT log is not retrieved.
-charon.plugins.imc-attestation.pcr18_after
+libimcv.plugins.imc-attestation.pcr18_after
Dummy data if the TBOOT log is not retrieved.
-charon.plugins.imc-attestation.pcr18_before
+libimcv.plugins.imc-attestation.pcr18_before
Dummy data if the TBOOT log is not retrieved.
-charon.plugins.imc-attestation.pcr18_meas
+libimcv.plugins.imc-attestation.pcr18_meas
Dummy data if the TBOOT log is not retrieved.
diff --git a/conf/plugins/imv-os.conf b/conf/plugins/imv-os.conf
index 8f0da3760..f2786cc3f 100644
--- a/conf/plugins/imv-os.conf
+++ b/conf/plugins/imv-os.conf
@@ -4,8 +4,5 @@ imv-os {
# priority of this plugin.
load = yes
- # URI pointing to operating system remediation instructions.
- # remediation_uri =
-
}
diff --git a/conf/plugins/imv-os.opt b/conf/plugins/imv-os.opt
index eab926201..fe83bb66f 100644
--- a/conf/plugins/imv-os.opt
+++ b/conf/plugins/imv-os.opt
@@ -1,2 +1,2 @@
-charon.plugins.imv-os.remediation_uri =
+libimcv.plugins.imv-os.remediation_uri =
URI pointing to operating system remediation instructions.
diff --git a/conf/plugins/imv-scanner.conf b/conf/plugins/imv-scanner.conf
index 25719d0ef..4b9da8f08 100644
--- a/conf/plugins/imv-scanner.conf
+++ b/conf/plugins/imv-scanner.conf
@@ -4,8 +4,5 @@ imv-scanner {
# priority of this plugin.
load = yes
- # URI pointing to scanner remediation instructions.
- # remediation_uri =
-
}
diff --git a/conf/plugins/imv-scanner.opt b/conf/plugins/imv-scanner.opt
index 7af87493b..d23c6bab9 100644
--- a/conf/plugins/imv-scanner.opt
+++ b/conf/plugins/imv-scanner.opt
@@ -1,2 +1,2 @@
-charon.plugins.imv-scanner.remediation_uri =
+libimcv.plugins.imv-scanner.remediation_uri =
URI pointing to scanner remediation instructions.
diff --git a/conf/plugins/imv-swid.conf b/conf/plugins/imv-swid.conf
new file mode 100644
index 000000000..bfd49bd1c
--- /dev/null
+++ b/conf/plugins/imv-swid.conf
@@ -0,0 +1,8 @@
+imv-swid {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
diff --git a/conf/plugins/imv-swid.opt b/conf/plugins/imv-swid.opt
new file mode 100644
index 000000000..d451c78ce
--- /dev/null
+++ b/conf/plugins/imv-swid.opt
@@ -0,0 +1,5 @@
+libimcv.plugins.imv-swid.rest_api_uri =
+ HTTP URI of the SWID REST API.
+
+libimcv.plugins.imv-swid.rest_api_timeout = 120
+ Timeout of SWID REST API HTTP POST transaction.
diff --git a/conf/plugins/imv-test.conf b/conf/plugins/imv-test.conf
index 9bd248792..b268765bc 100644
--- a/conf/plugins/imv-test.conf
+++ b/conf/plugins/imv-test.conf
@@ -4,8 +4,5 @@ imv-test {
# priority of this plugin.
load = yes
- # Number of IMC-IMV retry rounds.
- # rounds = 0
-
}
diff --git a/conf/plugins/imv-test.opt b/conf/plugins/imv-test.opt
index 2cbddc8f6..196559ed7 100644
--- a/conf/plugins/imv-test.opt
+++ b/conf/plugins/imv-test.opt
@@ -1,2 +1,2 @@
-charon.plugins.imv-test.rounds = 0
+libimcv.plugins.imv-test.rounds = 0
Number of IMC-IMV retry rounds.
diff --git a/conf/plugins/kernel-klips.conf b/conf/plugins/kernel-klips.conf
deleted file mode 100644
index 10ca30839..000000000
--- a/conf/plugins/kernel-klips.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-kernel-klips {
-
- # Number of ipsecN devices.
- # ipsec_dev_count = 4
-
- # Set MTU of ipsecN device.
- # ipsec_dev_mtu = 0
-
- # Whether to load the plugin. Can also be an integer to increase the
- # priority of this plugin.
- load = yes
-
-}
-
diff --git a/conf/plugins/kernel-klips.opt b/conf/plugins/kernel-klips.opt
deleted file mode 100644
index ad9806e71..000000000
--- a/conf/plugins/kernel-klips.opt
+++ /dev/null
@@ -1,5 +0,0 @@
-charon.plugins.kernel-klips.ipsec_dev_count = 4
- Number of ipsecN devices.
-
-charon.plugins.kernel-klips.ipsec_dev_mtu = 0
- Set MTU of ipsecN device.
diff --git a/conf/plugins/load-tester.conf b/conf/plugins/load-tester.conf
index e69c029d6..17281ba73 100644
--- a/conf/plugins/load-tester.conf
+++ b/conf/plugins/load-tester.conf
@@ -16,6 +16,10 @@ load-tester {
# Seconds to start CHILD_SA rekeying after setup.
# child_rekey = 600
+ # URI to a CRL to include as certificate distribution point in generated
+ # certificates.
+ # crl =
+
# Delay between initiatons for each thread.
# delay = 0
diff --git a/conf/plugins/load-tester.opt b/conf/plugins/load-tester.opt
index 7afe32618..e68adecc6 100644
--- a/conf/plugins/load-tester.opt
+++ b/conf/plugins/load-tester.opt
@@ -20,6 +20,10 @@ charon.plugins.load-tester.ca_dir =
charon.plugins.load-tester.child_rekey = 600
Seconds to start CHILD_SA rekeying after setup.
+charon.plugins.load-tester.crl
+ URI to a CRL to include as certificate distribution point in generated
+ certificates.
+
charon.plugins.load-tester.delay = 0
Delay between initiatons for each thread.
diff --git a/conf/plugins/vici.conf b/conf/plugins/vici.conf
new file mode 100644
index 000000000..08fa586b4
--- /dev/null
+++ b/conf/plugins/vici.conf
@@ -0,0 +1,11 @@
+vici {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Socket the vici plugin serves clients.
+ # socket = unix://${piddir}/charon.vici
+
+}
+
diff --git a/conf/plugins/vici.opt b/conf/plugins/vici.opt
new file mode 100644
index 000000000..0fca8739b
--- /dev/null
+++ b/conf/plugins/vici.opt
@@ -0,0 +1,2 @@
+charon.plugins.vici.socket = unix://${piddir}/charon.vici
+ Socket the vici plugin serves clients.