From 81c63b0eed39432878f78727f60a1e7499645199 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 11 Jul 2014 07:23:31 +0200
Subject: Imported Upstream version 5.2.0

---
 testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt     | 15 ++++++++-------
 testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat        |  4 ++--
 .../tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf   |  8 ++------
 .../tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf    |  7 +++----
 .../tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql  |  2 +-
 .../tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf    |  7 +++----
 6 files changed, 19 insertions(+), 24 deletions(-)

(limited to 'testing/tests/tnc/tnccs-20-pts-no-ecc')

diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt b/testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt
index 29976509a..febf07401 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt
@@ -1,12 +1,13 @@
 The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
 using EAP-TTLS authentication only with the gateway presenting a server certificate and
 the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>TNCCS 2.0 </b>
-client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC and OS IMV pair
-is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b> to
-exchange PA-TNC attributes.
-<p>
+<p/>
+In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS 
+tunnel to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the 
+<b>TNCCS 2.0 </b> client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC 
+and OS IMV pair is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b> 
+to exchange PA-TNC attributes.
+<p/>
 <b>carol</b> sends information on her operating system consisting of the PA-TNC attributes
 <em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front
 to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so via an
@@ -14,7 +15,7 @@ to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so
 measurement on all files in the <b>/bin</b> directory. <b>carol</b> is then prompted to
 measure a couple of individual files and the files in the <b>/bin</b> directory as
 well as to get metadata on the <b>/etc/tnc_confg</b> configuration file.
-<p>
+<p/>
 Since the Attestation IMV negotiates a Diffie-Hellman group for TPM-based measurements,
 the mandatory default being <b>ecp256</b>, with the strongswan.conf option
 <b>mandatory_dh_groups = no</b> no ECC support is required.
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
index 5eb944055..f9bb03357 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.5 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.5 x86_64.*dave@strongswan.org - isolate::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
index 72bf2c7c9..53bb9dfaa 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
@@ -2,12 +2,8 @@
 
 charon {
   load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
+
+  multiple_authentication = no
 }
 
 libimcv {
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
index 6f71994ae..25c27be8b 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
@@ -2,11 +2,10 @@
 
 charon {
   load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
-  multiple_authentication=no
+
+  multiple_authentication = no
+
   plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
     tnc-imc {
       preferred_language = de
     }
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql
index 2bb7e7924..8b36df5e3 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql
@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 42, 1372330615
 );
 
 /* Groups Members */
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
index e76598b9a..07d620c0e 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
@@ -2,16 +2,15 @@
 
 charon {
   load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
-  multiple_authentication=no
+
+  multiple_authentication = no
+
   plugins {
     eap-ttls {
       phase2_method = md5
       phase2_piggyback = yes
       phase2_tnc = yes
     }
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
   }
 }
 
-- 
cgit v1.2.3