summaryrefslogtreecommitdiff
path: root/testing/tests/tnc/tnccs-20-pdp-pt-tls
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/tnc/tnccs-20-pdp-pt-tls')
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt12
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat16
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config2
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config2
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf8
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config2
8 files changed, 41 insertions, 19 deletions
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
index 45a77e900..90e85485c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
@@ -1,9 +1,9 @@
The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision
-point (PDP) <b>alice</b>. <b>carol</b> uses password-based SASL PLAIN client authentication during the
-<b>PT-TLS negotiation phase</b> and <b>dave</b> uses certificate-based TLS client authentication during the
-<b>TLS setup phase</b>.
+point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the
+<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication
+during the <b>TLS setup phase</b>.
<p/>
-During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWID</b> IMC/IMV pairs
+During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs
loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages
-embedded in PB-TNC (RFC 5793) batches. The <b>SWID</b> IMC on <b>carol</b> is requested to deliver
-a concise <b>SWID Tag ID Inventory</b> whereas <b>dave</b> must send a full <b>SWID Tag Inventory</b>.
+embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver
+a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>.
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
index bf4191618..bded669da 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
@@ -1,23 +1,25 @@
dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES
-dave:: cat /var/log/auth.log::collected ... SWID tags::YES
+dave:: cat /var/log/auth.log::collected ... SW records::YES
carol::cat /var/log/auth.log::received SASL Success result::YES
-carol::cat /var/log/auth.log::collected ... SWID tag IDs::YES
-carol::cat /var/log/auth.log::collected 1 SWID tag::YES
+carol::cat /var/log/auth.log::collected ... SW ID records::YES
+carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES
+carol::cat /var/log/auth.log::collected 1 SW record::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES
alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES
alice::cat /var/log/daemon.log::certificate status is good::YES
alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
-alice::cat /var/log/daemon.log::received SWID tag inventory with ... items for request 3 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES
alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items for request 9 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES
+alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::1 SWID tag target::YES
-alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::strongswan.org__strongSwan-::YES
+alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ file:///usr/local/share/strongswan::YES
alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
index 944a5928d..04d7dbacc 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
@@ -17,6 +17,9 @@ charon-systemd {
secret = gv6URkSs
}
}
+ tnc-imv {
+ dlclose = no
+ }
}
}
@@ -29,8 +32,10 @@ libimcv {
policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
- imv-swid {
- rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+ imv-swima {
+ rest_api {
+ uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+ }
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
index ebe88bc99..1499dfc90 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
@@ -1,4 +1,4 @@
#IMV configuration file for strongSwan client
IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so
-IMV "SWID" /usr/local/lib/ipsec/imcvs/imv-swid.so
+IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
index c83805aae..5aad08905 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
@@ -4,6 +4,15 @@ libtls {
suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
}
+libimcv {
+ swid_gen {
+ tag_creator {
+ name = Debian Project
+ regid = debian.org
+ }
+ }
+}
+
pt-tls-client {
load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
index f40174e57..3975056ca 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
@@ -1,4 +1,4 @@
#IMC configuration file for strongSwan client
IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
index 2e2fccd10..cf08b969d 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,17 @@
# /etc/strongswan.conf - strongSwan configuration file
libimcv {
+ swid_gen {
+ tag_creator {
+ name = Debian Project
+ regid = debian.org
+ }
+ }
plugins {
imc-os {
push_info = no
}
- imc-swid {
+ imc-swima {
swid_directory = /usr/share
swid_pretty = yes
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
index f40174e57..3975056ca 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
@@ -1,4 +1,4 @@
#IMC configuration file for strongSwan client
IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so