testing: added tnc/tnccs-20-mutual scenario

2025-10-06 00:00:47 -04:00 · 2015-03-23 23:01:13 +01:00 · 2015-03-23 23:01:13 +01:00 · be04f90815
commit be04f90815
parent 7b4a96b2f7
11 changed files with 151 additions and 0 deletions
--- a/testing/tests/tnc/tnccs-20-mutual/description.txt
+++ b/testing/tests/tnc/tnccs-20-mutual/description.txt
@ -0,0 +1,3 @@
 The hosts <b>moon</b> and <b>sun</b> do mutual TNC measurements using the 
 PA-TNC, PB-TNC and PT-EAP protocols. The authentication is based on X.509
 certificates.
--- a/testing/tests/tnc/tnccs-20-mutual/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual/evaltest.dat
@ -0,0 +1,9 @@
 moon::cat /var/log/daemon.log::PB-TNC access recommendation is.*Access Allowed::YES
 sun:: cat /var/log/daemon.log::PB-TNC access recommendation is.*Access Allowed::YES
 moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
 sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
 sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
 moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
--- a/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/ipsec.conf
@ -0,0 +1,23 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 config setup
 	charondebug="tnc 2, imc 2, imv 2"
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev2
 conn host-host
 	left=PH_IP_MOON
 	leftcert=moonCert.pem
 	leftid=moon.strongswan.org
 	leftauth=eap
 	leftfirewall=yes
 	right=PH_IP_SUN
 	rightid=sun.strongswan.org
 	rightsendcert=never
 	rightauth=any
 	auto=add
--- a/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/strongswan.conf
@ -0,0 +1,26 @@
 # /etc/strongswan.conf - strongSwan configuration file
 charon {
  load = openssl pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
  multiple_authentication = no
  plugins {
    eap-ttls {
      phase2_tnc =yes
    }
    tnccs-20 {
      mutual = yes
    }
  }
 }
 libimcv {
  plugins {
    imc-test {
      command = allow
    }
    imv-test {
      rounds = 1
    }   
  }
 }
--- a/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/tnc_config
@ -0,0 +1,4 @@
 #IMC/IMV configuration file for strongSwan endpoint 
 IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so
 IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so
--- a/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/ipsec.conf
@ -0,0 +1,23 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 config setup
 	charondebug="tnc 2, imc 2, imv 2"
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev2
 conn host-host
 	left=PH_IP_SUN
 	leftcert=sunCert.pem
 	leftid=sun.strongswan.org
 	leftauth=eap-ttls
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=moon.strongswan.org
 	rightauth=eap-ttls
 	rightsendcert=never
 	auto=add
--- a/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/strongswan.conf
@ -0,0 +1,28 @@
 # /etc/strongswan.conf - strongSwan configuration file
 charon {
  load = openssl pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
  multiple_authentication = no
  plugins {
    eap-ttls {
      request_peer_auth = yes
      phase2_piggyback = yes
      phase2_tnc =yes
    }
    tnccs-20 {
      mutual = yes
    }
  }
 }
 libimcv {
  plugins {
    imc-test {
      command = allow 
    }
    imv-test {
      rounds = 1 
    }   
  }
 }
--- a/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/tnc_config
@ -0,0 +1,4 @@
 #IMC/IMV configuration file for strongSwan endpoint 
 IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so
 IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so
--- a/testing/tests/tnc/tnccs-20-mutual/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual/posttest.dat
@ -0,0 +1,4 @@
 moon::ipsec stop
 sun::ipsec stop
 moon::iptables-restore < /etc/iptables.flush
 sun::iptables-restore < /etc/iptables.flush
--- a/testing/tests/tnc/tnccs-20-mutual/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual/pretest.dat
@ -0,0 +1,6 @@
 moon::iptables-restore < /etc/iptables.rules
 sun::iptables-restore < /etc/iptables.rules
 moon::ipsec start
 sun::ipsec start
 moon::sleep 1 
 moon::ipsec up host-host
--- a/testing/tests/tnc/tnccs-20-mutual/test.conf
+++ b/testing/tests/tnc/tnccs-20-mutual/test.conf
@ -0,0 +1,21 @@
 #!/bin/bash
 #
 # This configuration file provides information on the
 # guest instances used for this test
 # All guest instances that are required for this test
 #
 VIRTHOSTS="moon winnetou sun"
 # Corresponding block diagram
 #
 DIAGRAM="m-w-s.png"
 # Guest instances on which tcpdump is to be started
 #
 TCPDUMPHOSTS="sun"
 # Guest instances on which IPsec is started
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="moon sun"