From e0e280b7669435b991b7e457abd8aa450930b3e8 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Mon, 24 Sep 2018 15:11:14 +0200
Subject: New upstream version 5.7.0

---
 testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt    | 12 ++++++------
 testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat       | 16 +++++++++-------
 .../tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf  |  9 +++++++--
 .../tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config   |  2 +-
 .../tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf  |  9 +++++++++
 .../tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config   |  2 +-
 .../tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf   |  8 +++++++-
 .../tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config    |  2 +-
 8 files changed, 41 insertions(+), 19 deletions(-)

(limited to 'testing/tests/tnc/tnccs-20-pdp-pt-tls')

diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
index 45a77e900..90e85485c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
@@ -1,9 +1,9 @@
 The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision 
-point (PDP) <b>alice</b>. <b>carol</b> uses password-based SASL PLAIN client authentication during the
-<b>PT-TLS negotiation phase</b> and <b>dave</b> uses certificate-based TLS client authentication during the
-<b>TLS setup phase</b>.
+point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the
+<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication
+during the <b>TLS setup phase</b>.
 <p/>
-During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWID</b> IMC/IMV pairs
+During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs
 loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages
-embedded in PB-TNC (RFC 5793) batches. The <b>SWID</b> IMC on <b>carol</b> is requested to deliver
-a concise <b>SWID Tag ID Inventory</b> whereas <b>dave</b> must send a full <b>SWID Tag Inventory</b>.
+embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver
+a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>.
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
index bf4191618..bded669da 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
@@ -1,23 +1,25 @@
 dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES
-dave:: cat /var/log/auth.log::collected ... SWID tags::YES
+dave:: cat /var/log/auth.log::collected ... SW records::YES
 carol::cat /var/log/auth.log::received SASL Success result::YES
-carol::cat /var/log/auth.log::collected ... SWID tag IDs::YES
-carol::cat /var/log/auth.log::collected 1 SWID tag::YES
+carol::cat /var/log/auth.log::collected ... SW ID records::YES
+carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES
+carol::cat /var/log/auth.log::collected 1 SW record::YES
 alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES
 alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES
 alice::cat /var/log/daemon.log::certificate status is good::YES
 alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
 alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
-alice::cat /var/log/daemon.log::received SWID tag inventory with ... items for request 3 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
 alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
 moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
 alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
 alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
 alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES
 alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items for request 9 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES
+alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES
 alice::cat /var/log/daemon.log::1 SWID tag target::YES
-alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::strongswan.org__strongSwan-::YES
+alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ file:///usr/local/share/strongswan::YES
 alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
 moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
index 944a5928d..04d7dbacc 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
@@ -17,6 +17,9 @@ charon-systemd {
         secret = gv6URkSs
       }
     }
+    tnc-imv {
+      dlclose = no
+    }
   }
 }
 
@@ -29,8 +32,10 @@ libimcv {
   policy_script = /usr/local/libexec/ipsec/imv_policy_manager
 
   plugins {
-    imv-swid {
-      rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+    imv-swima {
+      rest_api {
+        uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+      }
     }
   }
 }
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
index ebe88bc99..1499dfc90 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
@@ -1,4 +1,4 @@
 #IMV configuration file for strongSwan client 
 
 IMV "OS"	/usr/local/lib/ipsec/imcvs/imv-os.so
-IMV "SWID"	/usr/local/lib/ipsec/imcvs/imv-swid.so
+IMV "SWIMA"	/usr/local/lib/ipsec/imcvs/imv-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
index c83805aae..5aad08905 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
@@ -4,6 +4,15 @@ libtls {
   suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 }
 
+libimcv {
+  swid_gen {
+    tag_creator {
+      name = Debian Project
+      regid = debian.org
+    }
+  }
+}
+
 pt-tls-client {
   load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
 }
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
index f40174e57..3975056ca 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
@@ -1,4 +1,4 @@
 #IMC configuration file for strongSwan client 
 
 IMC "OS" 	/usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID"	/usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA"	/usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
index 2e2fccd10..cf08b969d 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,17 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 libimcv {
+  swid_gen {
+    tag_creator {
+      name = Debian Project
+      regid = debian.org
+    }
+  }
   plugins {
     imc-os {
       push_info = no
     }
-    imc-swid {
+    imc-swima {
       swid_directory = /usr/share
       swid_pretty = yes
     }
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
index f40174e57..3975056ca 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
@@ -1,4 +1,4 @@
 #IMC configuration file for strongSwan client 
 
 IMC "OS" 	/usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID"	/usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA"	/usr/local/lib/ipsec/imcvs/imc-swima.so
-- 
cgit v1.2.3