5.1.0 changes for test cases
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 28 Jun 2013 22:07:15 +0000 (00:07 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 28 Jun 2013 22:07:15 +0000 (00:07 +0200)
205 files changed:
testing/hosts/winnetou/etc/openssl/ecdsa/index.txt
testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/08.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/09.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0A.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0B.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0C.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0D.pem [new file with mode: 0644]
testing/hosts/winnetou/etc/openssl/ecdsa/serial
testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf
testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf
testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/ipsec.conf
testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/ipsec.conf
testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf
testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf
testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
testing/tests/ipv6/rw-ikev1/hosts/carol/etc/ipsec.conf
testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
testing/tests/ipv6/rw-ikev1/hosts/dave/etc/ipsec.conf
testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
testing/tests/ipv6/rw-ikev1/hosts/moon/etc/ipsec.conf
testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
testing/tests/ipv6/transport-ikev1/hosts/moon/etc/ipsec.conf
testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
testing/tests/ipv6/transport-ikev1/hosts/sun/etc/ipsec.conf
testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem
testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem
testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem
testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem
testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem
testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem
testing/tests/openssl-ikev2/rw-cpa/description.txt [deleted file]
testing/tests/openssl-ikev2/rw-cpa/evaltest.dat [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.d/certs/carolCert.pem [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.d/private/carolKey.pem [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/iptables.flush [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/iptables.rules [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.d/certs/daveCert.pem [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.d/private/daveKey.pem [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/iptables.flush [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/iptables.rules [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.d/certs/moonCert.pem [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.d/private/moonKey.pem [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/iptables.flush [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/iptables.rules [deleted file]
testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/openssl-ikev2/rw-cpa/posttest.dat [deleted file]
testing/tests/openssl-ikev2/rw-cpa/pretest.dat [deleted file]
testing/tests/openssl-ikev2/rw-cpa/test.conf [deleted file]
testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat
testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem
testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem
testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem
testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem
testing/tests/openssl-ikev2/rw-suite-b-128/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/iptables.flush [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/iptables.rules [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/iptables.flush [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/iptables.rules [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/iptables.flush [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/iptables.rules [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-128/test.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/iptables.flush [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/iptables.rules [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/iptables.flush [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/iptables.rules [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.flush [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.rules [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-suite-b-192/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-11-radius-pts/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data.sql [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/iptables.rules [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-pts/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf
testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20-os/evaltest.dat
testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql [new file with mode: 0644]
testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
testing/tests/tnc/tnccs-20-os/pretest.dat
testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf
testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20-pts/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data.sql [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pts/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
testing/tests/tnc/tnccs-20/hosts/moon/etc/pts/data.sql [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf

index 358e0fd..ee05700 100644 (file)
@@ -1,6 +1,13 @@
-V      130621144307Z           01      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
+R      130621144307Z   130627211828Z   01      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
 R      130621161252Z   080622162459Z   02      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
-V      130621161359Z           03      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
-V      130621162918Z           04      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+R      130621161359Z   130627211849Z   03      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
+R      130621162918Z   130627211852Z   04      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
 V      140611160633Z           05      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
 V      140611160706Z           06      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
+V      180602071743Z           07      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
+V      180602072050Z           08      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
+V      180602072738Z           09      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+V      180602073154Z           0A      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org
+V      180602073328Z           0B      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org
+V      180602073519Z           0C      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
+V      180602100216Z           0D      unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/08.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/08.pem
new file mode 100644 (file)
index 0000000..7bf96cd
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICdzCCAdqgAwIBAgIBCDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjA1MFoXDTE4MDYwMjA3MjA1MFowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQh4YOVBbRxtdaM7uJvDrZqt6a1jJo+rijEV5Nw1OqU5jlk
+srCtZwcZXrR67MlqzFNyvkHtbcWRuBjL55xjQE+YavKnltuKu42COUhWXh760M/c
+2SNzsjvsJgGXAsiPwiajgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
+7o/Y0jAeBgNVHREEFzAVghNtb29uLnN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
+MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
+cmwwCgYIKoZIzj0EAwQDgYoAMIGGAkE35mfDj/fFUXGsetoU9l9Kt3jbIKYugJgE
+2gmv/MW8jwrqoP7y6ATHXJkonA6AvEK+o0ZMrae55lIKPkBh5xk3XQJBfp5Eqg6Y
+efRIXUeLksM56fRjVwJS6es7qb8l1q6+c1wC1A3lEHQvAs+kJxFfFyni2oxA923F
+h2eoaYy9vSqET5Q=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/09.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/09.pem
new file mode 100644 (file)
index 0000000..a85635f
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
+BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
+GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
+nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
+Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
+hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0A.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0A.pem
new file mode 100644 (file)
index 0000000..f439571
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfDCCAd2gAwIBAgIBCjAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzE1NFoXDTE4MDYwMjA3MzE1NFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMHYwEAYHKoZI
+zj0CAQYFK4EEACIDYgAERiDlh/bOFDq6bSRdDq2ivOcNcxWSGlO5dy5yBRvAhTWl
+NJcy93jxhDIzF5mxPpmgNXpdmSBRKbm3ydkw8LbWI+5/lje06Yl6nOLBO6Zb7GqH
+XFO+BqJrUxzbdHXwxWqto4GDMIGAMB8GA1UdIwQYMBaAFLpd+XG2E7Vq0d26Nreq
+0sHuj9jSMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIA8mbKzo+mp8umjvpoQUo5pIvR1CQQ
+lvBGCUWv7mtq1CVBXzv7Z+HQqPsrL388RymEErA7BzDMkPKTa5E3ZV5LL38CQgDx
++v/cIcJdYngOOF0IgVSDzcGgSvOmMlPF/D97eC4Od7XwdYl5p9Sxi4SjmDZZi4r/
+EArN3teDfoc7CZcRxWcDhQ==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0B.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0B.pem
new file mode 100644 (file)
index 0000000..c83be14
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICXDCCAb2gAwIBAgIBCzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzMyOFoXDTE4MDYwMjA3MzMyOFowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAAQ0aUuue3BcBvF6aEISID4c+mVBJyvSm2fPVRRkAQqh
+RktTHMYDWY6B8e/iGr4GDeF5bjr46vMB5eEtVx3chWbQo4GBMH8wHwYDVR0jBBgw
+FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
+d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAd5ols9c
+CP6HPtfMXbPlSpUDKSRyB3c5Ix2Yn3z5ogMM1QSoS88FW8D7KKsb0qTY5TnlAls3
+45PmauVwEbI2cV6qAkIBphvsmhYWMnt/QMOij7DinihEL9Ib1vxOS2boUos6sHWi
+gj3wfHyfgHM3Pgt0YYoZxELDIxcLVJeoa1TmNey7IaI=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0C.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0C.pem
new file mode 100644 (file)
index 0000000..e97709a
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
+DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
+3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
+7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
+MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
+cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
+d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
+iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
+ZEmeb0/mRB56osgppA==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0D.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0D.pem
new file mode 100644 (file)
index 0000000..25f0538
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
+NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
+PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
+ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
+Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
+tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
+BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
+Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
+BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
+vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
+9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
+2A==
+-----END CERTIFICATE-----
index 7daa37c..9e68eb6 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn net-net
        also=host-host
index 5ef523e..7f26bc4 100644 (file)
@@ -3,4 +3,6 @@
 charon {
   hash_and_url = yes
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index bbaa09b..23bc5c6 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn net-net
        also=host-host
index 5ef523e..7f26bc4 100644 (file)
@@ -3,4 +3,6 @@
 charon {
   hash_and_url = yes
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index d074864..4821989 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn net-net
        also=host-host
index ca23c69..5ffc1a2 100644 (file)
@@ -2,4 +2,6 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index bbaa09b..23bc5c6 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn net-net
        also=host-host
index ca23c69..5ffc1a2 100644 (file)
@@ -2,4 +2,6 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index 6ecd05c..c43086f 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn net-net
        also=host-host
index ca23c69..5ffc1a2 100644 (file)
@@ -2,4 +2,6 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index be4c0d8..8e6478c 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn net-net
        also=host-host
index ca23c69..d4b9a55 100644 (file)
@@ -2,4 +2,6 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size=1024
 }
index 5393623..4bcfd19 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn home
        left=PH_IP6_CAROL
index ca23c69..5ffc1a2 100644 (file)
@@ -2,4 +2,6 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index f897cfd..1253036 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn home
        left=PH_IP6_DAVE
index ca23c69..5ffc1a2 100644 (file)
@@ -2,4 +2,6 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index 6a7ae67..880b1b2 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn rw
        left=PH_IP6_MOON
index ca23c69..5ffc1a2 100644 (file)
@@ -2,4 +2,6 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index 1633083..f2938f3 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn host-host
        left=PH_IP6_MOON
index ca23c69..5ffc1a2 100644 (file)
@@ -2,4 +2,6 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index 48d4890..9af8aa8 100644 (file)
@@ -14,6 +14,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
+       fragmentation=yes
 
 conn host-host
        left=PH_IP6_SUN
index ca23c69..5ffc1a2 100644 (file)
@@ -2,4 +2,6 @@
 
 charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  fragment_size = 1024
 }
index 2970992..a85635f 100644 (file)
@@ -1,18 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIIC7zCCAlGgAwIBAgIBBDAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYyOTE4WhcNMTMwNjIxMTYyOTE4WjBfMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-MjU2IGJpdDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQgp/Z/GgzvVCDdVcIYqERml0KroZEaVqiF8uy8dlTS
-4mxNs6snDdEWh/LzXTd3NVnCihT2XgHxOk8NrX4hBMMYo4IBFDCCARAwCQYDVR0T
-BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFLdhGhurno1dU2SMx7UGXpa/lgJ9
-MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
-b25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdz
-d2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAJBgcqhkjOPQQBA4GMADCBiAJCATa+
-sBFW3vCx/JgLyxU85F2QuLO0/zdNBhIU0kN7kr1cYBBr8mpbhuNKm6iFe2DsFJZx
-ii3DQjwvG46is2Njzi4vAkIA72lPodCDtAFpD/2PUxjzo6xTAFazUejobkdDTUXn
-s0f8qIzzeQuTwLbp6pDmR/JGzhAeRvQT82njCo0PJ8Hbz1c=
+MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
+BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
+GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
+nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
+Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
+hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
 -----END CERTIFICATE-----
index 5f21c10..0a0b838 100644 (file)
@@ -1,8 +1,8 @@
 -----BEGIN EC PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,F36088B0517117B50C1A436E5C84526E
+DEK-Info: DES-EDE3-CBC,0F93D8FBCA4CAA40
 
-Zulq4O8x8i4P2I8+Ewe2pPJT8K2kzX9JjGhquFKaZdEG1YmXqIdMz41DA1b9cQjt
-KJstY10Gzc/C6Hv9v/ljfplcnumYBFdFsqvQ/Z0xh/G9u/J1gXjghhrQCUXbFble
-RVSwozA9IcCC9yQdhYyazF+85DR+p8AyQ5w2unOvuOk=
+jyvWqe7yjLux30mLeMsjlEjWu1A7u4xdRUg/R+JzsUxnFDpJKOEd5LgXSExrgVwD
+RMlH6vVkZPboxmveOH8lXDVUyscYLLLTianw9R+Vj3zm6x7kT1CaNryLKfQSCVE8
+QGsF+LrF7/uIS+4RePGQyGv4C3pbBCB168+e362WnjQ=
 -----END EC PRIVATE KEY-----
index 075d8f1..e97709a 100644 (file)
@@ -1,19 +1,16 @@
 -----BEGIN CERTIFICATE-----
-MIIDCTCCAmygAwIBAgIBAzAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYxMzU5WhcNMTMwNjIxMTYxMzU5WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-Mzg0IGJpdDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzB2MBAGByqGSM49
-AgEGBSuBBAAiA2IABPxEg8AaVNAwCXqg0p21Zc7YzPLA3voAWf233CZJpsjb1w3y
-IeTUeIeGU7aLWAyuXgeBsx+lKzWy00LzPELOgK+3ulTHzBZg7s8kMGhwPWfV4JLA
-zrso5+i64+Y4wvRCBaOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0G
-A1UdDgQWBBQxJAy8gaP3RNBt1WTD27/IMzANmTB4BgNVHSMEcTBvgBS6XflxthO1
-atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4
-IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPai
-dX4i76aJMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUw
-MzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2Vj
-LmNybDAJBgcqhkjOPQQBA4GLADCBhwJCAZaqaroyGwqd7nb5dVVWjTK8glVzDFJH
-ru4F6R+7fDCGEOaFlxf4GRkSrvQQA8vfgo6Md9XjBwq0r+9s3xt5xJjJAkElSo1/
-wyn8KQ3XN07UIaMvPctipq2OgpfteQK/F81CtZ+YCLEQt3xT7NQpriaKwGQxJAQv
-g+Z+grJzTppAqpwRpg==
+MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
+DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
+3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
+7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
+MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
+cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
+d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
+iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
+ZEmeb0/mRB56osgppA==
 -----END CERTIFICATE-----
index f628f88..574c86a 100644 (file)
@@ -1,6 +1,6 @@
 -----BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCF8kl4ftfgcvWH2myFxhc22CUT63uPy28fqUMibnpRS/wf/pfxIrVX
-+BhxpUhWS2agBwYFK4EEACKhZANiAAT8RIPAGlTQMAl6oNKdtWXO2MzywN76AFn9
-t9wmSabI29cN8iHk1HiHhlO2i1gMrl4HgbMfpSs1stNC8zxCzoCvt7pUx8wWYO7P
-JDBocD1n1eCSwM67KOfouuPmOML0QgU=
+MIGkAgEBBDCFbFPkGF4ez8EzHm6pTVCr17Q1+GACxn7m0EE4UVoq7RQBNk4NOxhE
+hJZpquwjgqegBwYFK4EEACKhZANiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwp
+nPP1dWQl4DprDokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6Qq
+Qt/AtuPjCL7r3k3F0Nsj/TGSjRmcMr4=
 -----END EC PRIVATE KEY-----
index 5178c7f..25f0538 100644 (file)
@@ -1,20 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIIDMDCCApKgAwIBAgIBATAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTQ0MzA3WhcNMTMwNjIxMTQ0MzA3WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
+MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
 NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEALmnl/PUy9v7Qsc914kdzY+TQ6VY2192oRoa9SkpxXrs
-5GnWSJoz3yinpPHdchH0UknKt/C2Ik2k7izDH/Zau5gNAD1PqBrYWtcP+sLnH1G9
-BTibraniAUSpSaDhiWrfTteRNWqkzZI37a6YfKcBZozQcvYMW1co15EwZTptqykX
-Eepuo4IBEzCCAQ8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDVU
-Hzs47lOG0dHsezm6aFqdwJwfMHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHu
-j9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
-bjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYD
-VR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6Athito
-dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAkGByqG
-SM49BAEDgYwAMIGIAkIBDgZs1pXvm8SwT9S1m6nIHwuZsJDsDri/PWM6NXdMUXEt
-l0p8cfq8PbJlK/0+eLz8Ec1zpWuF5vasFHkVhauHdnECQgEVuYTrlry9gAx7G4kH
-mne2yDxTclEDziWxPG4UkZbkGttf9eZlsXmNoX/Z/fojXxMYZaPqM3eOT2h6ezMD
-CI9WpQ==
+PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
+ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
+Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
+tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
+BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
+Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
+BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
+vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
+9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
+2A==
 -----END CERTIFICATE-----
index beab048..a1ba4c9 100644 (file)
@@ -1,7 +1,7 @@
 -----BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBrBxHEGICJRNkhm0HWfARp+dIzm6Lw7eCbQXNM6jSGL4DVNDVCV42
-yOKQqifWEcNWxO+wWtBaz91IF5hz/m4TbOGgBwYFK4EEACOhgYkDgYYABAC5p5fz
-1Mvb+0LHPdeJHc2Pk0OlWNtfdqEaGvUpKcV67ORp1kiaM98op6Tx3XIR9FJJyrfw
-tiJNpO4swx/2WruYDQA9T6ga2FrXD/rC5x9RvQU4m62p4gFEqUmg4Ylq307XkTVq
-pM2SN+2umHynAWaM0HL2DFtXKNeRMGU6baspFxHqbg==
+MIHcAgEBBEIB2FqpGVb6Q8oGdL/boMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix
++G8ZaNPJ7fLC3NU4uxW3Y9wo1K6yMDfqZhugBwYFK4EEACOhgYkDgYYABABlnLak
+OG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4vTemT194qTZVQIugGEuzF1mQg
+Yk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2X45I1D2iihIZsNH8treYFIT2
+lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUgNg==
 -----END EC PRIVATE KEY-----
index 2970992..a85635f 100644 (file)
@@ -1,18 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIIC7zCCAlGgAwIBAgIBBDAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYyOTE4WhcNMTMwNjIxMTYyOTE4WjBfMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-MjU2IGJpdDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQgp/Z/GgzvVCDdVcIYqERml0KroZEaVqiF8uy8dlTS
-4mxNs6snDdEWh/LzXTd3NVnCihT2XgHxOk8NrX4hBMMYo4IBFDCCARAwCQYDVR0T
-BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFLdhGhurno1dU2SMx7UGXpa/lgJ9
-MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
-b25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdz
-d2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAJBgcqhkjOPQQBA4GMADCBiAJCATa+
-sBFW3vCx/JgLyxU85F2QuLO0/zdNBhIU0kN7kr1cYBBr8mpbhuNKm6iFe2DsFJZx
-ii3DQjwvG46is2Njzi4vAkIA72lPodCDtAFpD/2PUxjzo6xTAFazUejobkdDTUXn
-s0f8qIzzeQuTwLbp6pDmR/JGzhAeRvQT82njCo0PJ8Hbz1c=
+MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
+BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
+GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
+nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
+Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
+hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
 -----END CERTIFICATE-----
index 5f21c10..d2f97f8 100644 (file)
@@ -1,8 +1,8 @@
 -----BEGIN EC PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,F36088B0517117B50C1A436E5C84526E
+DEK-Info: AES-128-CBC,0C53E74E6B5AC2D7475EFF30478B9D5F
 
-Zulq4O8x8i4P2I8+Ewe2pPJT8K2kzX9JjGhquFKaZdEG1YmXqIdMz41DA1b9cQjt
-KJstY10Gzc/C6Hv9v/ljfplcnumYBFdFsqvQ/Z0xh/G9u/J1gXjghhrQCUXbFble
-RVSwozA9IcCC9yQdhYyazF+85DR+p8AyQ5w2unOvuOk=
+eHLtgaAjHt0sWRnBnRAt8CEPjak58pCwVbH+7Vfz2dy//GRvZviPA/TEQDtznPde
+v5yIDGUe6vvtoY4oXemGi5SQiP8KAuaKylMQEjm2FHYwT/SgIwk5EZZjI4CcFBnK
+NWV3z5oPiW6hZebwUHWaioSAYK1awOtFcp0l4UGA31U=
 -----END EC PRIVATE KEY-----
index 075d8f1..e97709a 100644 (file)
@@ -1,19 +1,16 @@
 -----BEGIN CERTIFICATE-----
-MIIDCTCCAmygAwIBAgIBAzAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYxMzU5WhcNMTMwNjIxMTYxMzU5WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-Mzg0IGJpdDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzB2MBAGByqGSM49
-AgEGBSuBBAAiA2IABPxEg8AaVNAwCXqg0p21Zc7YzPLA3voAWf233CZJpsjb1w3y
-IeTUeIeGU7aLWAyuXgeBsx+lKzWy00LzPELOgK+3ulTHzBZg7s8kMGhwPWfV4JLA
-zrso5+i64+Y4wvRCBaOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0G
-A1UdDgQWBBQxJAy8gaP3RNBt1WTD27/IMzANmTB4BgNVHSMEcTBvgBS6XflxthO1
-atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4
-IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPai
-dX4i76aJMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUw
-MzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2Vj
-LmNybDAJBgcqhkjOPQQBA4GLADCBhwJCAZaqaroyGwqd7nb5dVVWjTK8glVzDFJH
-ru4F6R+7fDCGEOaFlxf4GRkSrvQQA8vfgo6Md9XjBwq0r+9s3xt5xJjJAkElSo1/
-wyn8KQ3XN07UIaMvPctipq2OgpfteQK/F81CtZ+YCLEQt3xT7NQpriaKwGQxJAQv
-g+Z+grJzTppAqpwRpg==
+MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
+DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
+3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
+7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
+MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
+cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
+d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
+iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
+ZEmeb0/mRB56osgppA==
 -----END CERTIFICATE-----
index f628f88..574c86a 100644 (file)
@@ -1,6 +1,6 @@
 -----BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCF8kl4ftfgcvWH2myFxhc22CUT63uPy28fqUMibnpRS/wf/pfxIrVX
-+BhxpUhWS2agBwYFK4EEACKhZANiAAT8RIPAGlTQMAl6oNKdtWXO2MzywN76AFn9
-t9wmSabI29cN8iHk1HiHhlO2i1gMrl4HgbMfpSs1stNC8zxCzoCvt7pUx8wWYO7P
-JDBocD1n1eCSwM67KOfouuPmOML0QgU=
+MIGkAgEBBDCFbFPkGF4ez8EzHm6pTVCr17Q1+GACxn7m0EE4UVoq7RQBNk4NOxhE
+hJZpquwjgqegBwYFK4EEACKhZANiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwp
+nPP1dWQl4DprDokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6Qq
+Qt/AtuPjCL7r3k3F0Nsj/TGSjRmcMr4=
 -----END EC PRIVATE KEY-----
index 5178c7f..25f0538 100644 (file)
@@ -1,20 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIIDMDCCApKgAwIBAgIBATAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTQ0MzA3WhcNMTMwNjIxMTQ0MzA3WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
+MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
 NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEALmnl/PUy9v7Qsc914kdzY+TQ6VY2192oRoa9SkpxXrs
-5GnWSJoz3yinpPHdchH0UknKt/C2Ik2k7izDH/Zau5gNAD1PqBrYWtcP+sLnH1G9
-BTibraniAUSpSaDhiWrfTteRNWqkzZI37a6YfKcBZozQcvYMW1co15EwZTptqykX
-Eepuo4IBEzCCAQ8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDVU
-Hzs47lOG0dHsezm6aFqdwJwfMHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHu
-j9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
-bjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYD
-VR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6Athito
-dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAkGByqG
-SM49BAEDgYwAMIGIAkIBDgZs1pXvm8SwT9S1m6nIHwuZsJDsDri/PWM6NXdMUXEt
-l0p8cfq8PbJlK/0+eLz8Ec1zpWuF5vasFHkVhauHdnECQgEVuYTrlry9gAx7G4kH
-mne2yDxTclEDziWxPG4UkZbkGttf9eZlsXmNoX/Z/fojXxMYZaPqM3eOT2h6ezMD
-CI9WpQ==
+PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
+ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
+Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
+tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
+BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
+Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
+BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
+vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
+9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
+2A==
 -----END CERTIFICATE-----
index beab048..a1ba4c9 100644 (file)
@@ -1,7 +1,7 @@
 -----BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBrBxHEGICJRNkhm0HWfARp+dIzm6Lw7eCbQXNM6jSGL4DVNDVCV42
-yOKQqifWEcNWxO+wWtBaz91IF5hz/m4TbOGgBwYFK4EEACOhgYkDgYYABAC5p5fz
-1Mvb+0LHPdeJHc2Pk0OlWNtfdqEaGvUpKcV67ORp1kiaM98op6Tx3XIR9FJJyrfw
-tiJNpO4swx/2WruYDQA9T6ga2FrXD/rC5x9RvQU4m62p4gFEqUmg4Ylq307XkTVq
-pM2SN+2umHynAWaM0HL2DFtXKNeRMGU6baspFxHqbg==
+MIHcAgEBBEIB2FqpGVb6Q8oGdL/boMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix
++G8ZaNPJ7fLC3NU4uxW3Y9wo1K6yMDfqZhugBwYFK4EEACOhgYkDgYYABABlnLak
+OG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4vTemT194qTZVQIugGEuzF1mQg
+Yk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2X45I1D2iihIZsNH8treYFIT2
+lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUgNg==
 -----END EC PRIVATE KEY-----
index 2970992..a85635f 100644 (file)
@@ -1,18 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIIC7zCCAlGgAwIBAgIBBDAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYyOTE4WhcNMTMwNjIxMTYyOTE4WjBfMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-MjU2IGJpdDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQgp/Z/GgzvVCDdVcIYqERml0KroZEaVqiF8uy8dlTS
-4mxNs6snDdEWh/LzXTd3NVnCihT2XgHxOk8NrX4hBMMYo4IBFDCCARAwCQYDVR0T
-BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFLdhGhurno1dU2SMx7UGXpa/lgJ9
-MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
-b25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdz
-d2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAJBgcqhkjOPQQBA4GMADCBiAJCATa+
-sBFW3vCx/JgLyxU85F2QuLO0/zdNBhIU0kN7kr1cYBBr8mpbhuNKm6iFe2DsFJZx
-ii3DQjwvG46is2Njzi4vAkIA72lPodCDtAFpD/2PUxjzo6xTAFazUejobkdDTUXn
-s0f8qIzzeQuTwLbp6pDmR/JGzhAeRvQT82njCo0PJ8Hbz1c=
+MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
+BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
+GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
+nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
+Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
+hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
 -----END CERTIFICATE-----
index 5151408..681c1ee 100644 (file)
@@ -1,6 +1,6 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIGwMBsGCSqGSIb3DQEFAzAOBAgzSp1guD3Y3wICCAAEgZD3lUKsfeQ6rwQA2Q2U
-VIyw2+53Z6kfn2vs9I8M197o4AtunwMJ7N6XY441fzcCbstmZ4HoubcuqCXsw5BA
-liVtV0+vnMY6ViJ5OKgzBNGYW39Bu1A5/2NHh0Hsaoop6VPEY67KyhxHBrBrX6fk
-Hn5eZyUKHa6NNGK9bWLqR8CjRNYQpg8NlwUIIxuFFTBw9oc=
+MIGwMBsGCSqGSIb3DQEFAzAOBAhvrv2j+DAo4AICCAAEgZAkhslW1CuYRZ7SKigR
+p/5suJU4xR6scHyS1yVYtrTC99Ha287MuS1/KUf0DZasx89AxoYcOgr+YvuIrUYw
+/f8cNmkcw3E2EvGwy7VVtqf12M+j4B2eUSNjaQvw4sQvxFPlbETocWYaLOOZrgr1
+/+b5n4o4VZ/MYDyfxmgNNluXaVGz9xP5pTvHI7ocDJzh5d4=
 -----END ENCRYPTED PRIVATE KEY-----
index 075d8f1..e97709a 100644 (file)
@@ -1,19 +1,16 @@
 -----BEGIN CERTIFICATE-----
-MIIDCTCCAmygAwIBAgIBAzAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYxMzU5WhcNMTMwNjIxMTYxMzU5WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-Mzg0IGJpdDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzB2MBAGByqGSM49
-AgEGBSuBBAAiA2IABPxEg8AaVNAwCXqg0p21Zc7YzPLA3voAWf233CZJpsjb1w3y
-IeTUeIeGU7aLWAyuXgeBsx+lKzWy00LzPELOgK+3ulTHzBZg7s8kMGhwPWfV4JLA
-zrso5+i64+Y4wvRCBaOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0G
-A1UdDgQWBBQxJAy8gaP3RNBt1WTD27/IMzANmTB4BgNVHSMEcTBvgBS6XflxthO1
-atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4
-IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPai
-dX4i76aJMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUw
-MzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2Vj
-LmNybDAJBgcqhkjOPQQBA4GLADCBhwJCAZaqaroyGwqd7nb5dVVWjTK8glVzDFJH
-ru4F6R+7fDCGEOaFlxf4GRkSrvQQA8vfgo6Md9XjBwq0r+9s3xt5xJjJAkElSo1/
-wyn8KQ3XN07UIaMvPctipq2OgpfteQK/F81CtZ+YCLEQt3xT7NQpriaKwGQxJAQv
-g+Z+grJzTppAqpwRpg==
+MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
+DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
+3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
+7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
+MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
+cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
+d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
+iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
+ZEmeb0/mRB56osgppA==
 -----END CERTIFICATE-----
index 6555ada..6dca1f2 100644 (file)
@@ -1,8 +1,8 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBBTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIYdanoOIx6X4CAggA
-MBQGCCqGSIb3DQMHBAjoXTbsYeKpJwSBwBRbP2I3UOHWIrQhM7OqdWGt1+phdNy8
-5Xbus6e/DUp8xalohZD/QTZT3QpMEDuqJ0U3OIB01RWUmlPeUBx+NaPvLb/tQCZg
-iLwdq5E9otbO9nK9G7NDeV22VigMZhZgtpdKqw7TAqgkzqpGfyM+mcUygiGxWwWC
-UyC4G3rxyZVL2zRS/iDpJCIn2kceQk+mu+or3oX5rzzH82b69RQt36gEvd2rX/WU
-gHH/XkNXhL0y0yRkVhowKHE2ZwMNTDbM3g==
+MIIBBTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9Dxjbv7bnuoCAggA
+MBQGCCqGSIb3DQMHBAjONh5rePJ/owSBwG8qgvCeUae7yZQRM1iEa90zq1yrS71z
+l5dEFzeFnYcu25qVK6IkYRHUFZIDGep+2Ep33+IrCYadV69AjCdM3Lnl+cjp+vVn
+o1ZvXoNKMor0AHyuTbHI/xdOrd2ZFjkWITnXX2qHTKViFFBoMGo7Jb9XI2eAT4hF
+0Z2EaAzl383eBQ/Wb/Jr0c+cwi5lvRLW5OKp48mQ5++8wJlaw+7W1MxPVhggG6U3
+lVzl9N+aLEFOSr0b8EMTDywJNBJZcNOQZw==
 -----END ENCRYPTED PRIVATE KEY-----
index 5178c7f..25f0538 100644 (file)
@@ -1,20 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIIDMDCCApKgAwIBAgIBATAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTQ0MzA3WhcNMTMwNjIxMTQ0MzA3WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
+MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
 NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEALmnl/PUy9v7Qsc914kdzY+TQ6VY2192oRoa9SkpxXrs
-5GnWSJoz3yinpPHdchH0UknKt/C2Ik2k7izDH/Zau5gNAD1PqBrYWtcP+sLnH1G9
-BTibraniAUSpSaDhiWrfTteRNWqkzZI37a6YfKcBZozQcvYMW1co15EwZTptqykX
-Eepuo4IBEzCCAQ8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDVU
-Hzs47lOG0dHsezm6aFqdwJwfMHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHu
-j9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
-bjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYD
-VR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6Athito
-dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAkGByqG
-SM49BAEDgYwAMIGIAkIBDgZs1pXvm8SwT9S1m6nIHwuZsJDsDri/PWM6NXdMUXEt
-l0p8cfq8PbJlK/0+eLz8Ec1zpWuF5vasFHkVhauHdnECQgEVuYTrlry9gAx7G4kH
-mne2yDxTclEDziWxPG4UkZbkGttf9eZlsXmNoX/Z/fojXxMYZaPqM3eOT2h6ezMD
-CI9WpQ==
+PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
+ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
+Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
+tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
+BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
+Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
+BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
+vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
+9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
+2A==
 -----END CERTIFICATE-----
index 5c31d67..04db7f7 100644 (file)
@@ -1,8 +1,8 @@
 -----BEGIN PRIVATE KEY-----
-MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBrBxHEGICJRNkhm0H
-WfARp+dIzm6Lw7eCbQXNM6jSGL4DVNDVCV42yOKQqifWEcNWxO+wWtBaz91IF5hz
-/m4TbOGhgYkDgYYABAC5p5fz1Mvb+0LHPdeJHc2Pk0OlWNtfdqEaGvUpKcV67ORp
-1kiaM98op6Tx3XIR9FJJyrfwtiJNpO4swx/2WruYDQA9T6ga2FrXD/rC5x9RvQU4
-m62p4gFEqUmg4Ylq307XkTVqpM2SN+2umHynAWaM0HL2DFtXKNeRMGU6baspFxHq
-bg==
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB2FqpGVb6Q8oGdL/b
+oMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix+G8ZaNPJ7fLC3NU4uxW3Y9wo1K6y
+MDfqZhuhgYkDgYYABABlnLakOG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4v
+TemT194qTZVQIugGEuzF1mQgYk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2
+X45I1D2iihIZsNH8treYFIT2lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUg
+Ng==
 -----END PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/description.txt b/testing/tests/openssl-ikev2/rw-cpa/description.txt
deleted file mode 100644 (file)
index aaebb18..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-The roadwarrior <b>dave</b> tries to set up a connection to roadwarrior <b>carol</b>
-but because <b>carol</b> has set the strongswan.conf option <b>initiator_only = yes</b>
-she ignores the repeated IKE requests sent by <b>dave</b>.
-<p/>
-After the failed connection attempt by <b>dave</b>, roadwarrior <b>carol</b> sets up a
-connection to gateway <b>moon</b>. The authentication is based on <b>X.509 ECDSA certificates</b>.
-Upon the successful establishment of the IPsec tunnel, the static IPsec policy rules of
-an iptables-based firewall let pass the tunneled traffic. In order to test both tunnel and firewall,
-<b>carol</b> pings the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/openssl-ikev2/rw-cpa/evaltest.dat b/testing/tests/openssl-ikev2/rw-cpa/evaltest.dat
deleted file mode 100644 (file)
index 7169a09..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-dave:: cat /var/log/daemon.log::establishing IKE_SA failed, peer not responding::YES
-carol::cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
-moon:: cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
-moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA-256 signature successful::YES
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.conf
deleted file mode 100644 (file)
index 61e13df..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes128gcm128-prfsha256-ecp256!
-       esp=aes128gcm128-ecp256!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644 (file)
index 3480a43..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644 (file)
index 2970992..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC7zCCAlGgAwIBAgIBBDAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYyOTE4WhcNMTMwNjIxMTYyOTE4WjBfMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-MjU2IGJpdDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQgp/Z/GgzvVCDdVcIYqERml0KroZEaVqiF8uy8dlTS
-4mxNs6snDdEWh/LzXTd3NVnCihT2XgHxOk8NrX4hBMMYo4IBFDCCARAwCQYDVR0T
-BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFLdhGhurno1dU2SMx7UGXpa/lgJ9
-MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
-b25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdz
-d2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAJBgcqhkjOPQQBA4GMADCBiAJCATa+
-sBFW3vCx/JgLyxU85F2QuLO0/zdNBhIU0kN7kr1cYBBr8mpbhuNKm6iFe2DsFJZx
-ii3DQjwvG46is2Njzi4vAkIA72lPodCDtAFpD/2PUxjzo6xTAFazUejobkdDTUXn
-s0f8qIzzeQuTwLbp6pDmR/JGzhAeRvQT82njCo0PJ8Hbz1c=
------END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644 (file)
index 43621f7..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIK+8T+EmoyNMwjq+GDC7UnYrx4TR8hu7h85IgNiTOQUNoAoGCCqGSM49
-AwEHoUQDQgAEIKf2fxoM71Qg3VXCGKhEZpdCq6GRGlaohfLsvHZU0uJsTbOrJw3R
-Fofy8103dzVZwooU9l4B8TpPDa1+IQTDGA==
------END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.secrets b/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 3d67251..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA carolKey.pem
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/iptables.flush b/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/iptables.flush
deleted file mode 100644 (file)
index b3ab63c..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-*filter
-
--F
-
--P INPUT ACCEPT
--P OUTPUT ACCEPT
--P FORWARD ACCEPT
-
-COMMIT
-
-*nat
-
--F
-
-COMMIT
-
-*mangle
-
--F
-
-COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/iptables.rules
deleted file mode 100644 (file)
index 3d99c01..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow esp
--A INPUT  -i eth0 -p 50 -j ACCEPT
--A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-# allow IKE
--A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-# allow MobIKE
--A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-# allow ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-# allow traffic tunnelled via IPsec
--A INPUT  -i eth0 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
--A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cpa/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 128d4f2..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
-
-  initiator_only = yes
-}
-
-libstrongswan {
-  integrity_test = yes
-  crypto_test {
-    required = yes
-    on_add = yes
-  }
-  plugins {
-    openssl {
-      fips_mode = 2
-    }
-  }
-}
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.conf
deleted file mode 100644 (file)
index 22fcb3e..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes128gcm128-prfsha256-ecp256!
-       esp=aes128gcm128-ecp256!
-
-conn peer
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_CAROL
-       rightid=carol@strongswan.org
-       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644 (file)
index 3480a43..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.d/certs/daveCert.pem
deleted file mode 100644 (file)
index 075d8f1..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDCTCCAmygAwIBAgIBAzAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYxMzU5WhcNMTMwNjIxMTYxMzU5WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-Mzg0IGJpdDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzB2MBAGByqGSM49
-AgEGBSuBBAAiA2IABPxEg8AaVNAwCXqg0p21Zc7YzPLA3voAWf233CZJpsjb1w3y
-IeTUeIeGU7aLWAyuXgeBsx+lKzWy00LzPELOgK+3ulTHzBZg7s8kMGhwPWfV4JLA
-zrso5+i64+Y4wvRCBaOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0G
-A1UdDgQWBBQxJAy8gaP3RNBt1WTD27/IMzANmTB4BgNVHSMEcTBvgBS6XflxthO1
-atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4
-IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPai
-dX4i76aJMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUw
-MzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2Vj
-LmNybDAJBgcqhkjOPQQBA4GLADCBhwJCAZaqaroyGwqd7nb5dVVWjTK8glVzDFJH
-ru4F6R+7fDCGEOaFlxf4GRkSrvQQA8vfgo6Md9XjBwq0r+9s3xt5xJjJAkElSo1/
-wyn8KQ3XN07UIaMvPctipq2OgpfteQK/F81CtZ+YCLEQt3xT7NQpriaKwGQxJAQv
-g+Z+grJzTppAqpwRpg==
------END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.d/private/daveKey.pem
deleted file mode 100644 (file)
index f628f88..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCF8kl4ftfgcvWH2myFxhc22CUT63uPy28fqUMibnpRS/wf/pfxIrVX
-+BhxpUhWS2agBwYFK4EEACKhZANiAAT8RIPAGlTQMAl6oNKdtWXO2MzywN76AFn9
-t9wmSabI29cN8iHk1HiHhlO2i1gMrl4HgbMfpSs1stNC8zxCzoCvt7pUx8wWYO7P
-JDBocD1n1eCSwM67KOfouuPmOML0QgU=
------END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.secrets b/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index ebd3a28..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA daveKey.pem
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/iptables.flush b/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/iptables.flush
deleted file mode 100644 (file)
index b3ab63c..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-*filter
-
--F
-
--P INPUT ACCEPT
--P OUTPUT ACCEPT
--P FORWARD ACCEPT
-
-COMMIT
-
-*nat
-
--F
-
-COMMIT
-
-*mangle
-
--F
-
-COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/iptables.rules
deleted file mode 100644 (file)
index 3d99c01..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow esp
--A INPUT  -i eth0 -p 50 -j ACCEPT
--A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-# allow IKE
--A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-# allow MobIKE
--A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-# allow ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-# allow traffic tunnelled via IPsec
--A INPUT  -i eth0 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
--A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cpa/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index 958a502..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
-
-  retransmit_timeout = 2
-  retransmit_base = 1.5
-  retransmit_tries = 3 
-  initiator_only = yes
-}
-
-libstrongswan {
-  integrity_test = yes
-  crypto_test {
-    required = yes
-    on_add = yes
-  }
-  plugins {
-    openssl {
-      fips_mode = 2
-    }
-  }
-}
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index f7044e5..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekey=no
-       reauth=no
-       keyexchange=ikev2
-       ike=aes128gcm128-prfsha256-ecp256!
-       esp=aes128gcm128-ecp256!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644 (file)
index 3480a43..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.d/certs/moonCert.pem
deleted file mode 100644 (file)
index 5178c7f..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDMDCCApKgAwIBAgIBATAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTQ0MzA3WhcNMTMwNjIxMTQ0MzA3WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEALmnl/PUy9v7Qsc914kdzY+TQ6VY2192oRoa9SkpxXrs
-5GnWSJoz3yinpPHdchH0UknKt/C2Ik2k7izDH/Zau5gNAD1PqBrYWtcP+sLnH1G9
-BTibraniAUSpSaDhiWrfTteRNWqkzZI37a6YfKcBZozQcvYMW1co15EwZTptqykX
-Eepuo4IBEzCCAQ8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDVU
-Hzs47lOG0dHsezm6aFqdwJwfMHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHu
-j9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
-bjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYD
-VR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6Athito
-dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAkGByqG
-SM49BAEDgYwAMIGIAkIBDgZs1pXvm8SwT9S1m6nIHwuZsJDsDri/PWM6NXdMUXEt
-l0p8cfq8PbJlK/0+eLz8Ec1zpWuF5vasFHkVhauHdnECQgEVuYTrlry9gAx7G4kH
-mne2yDxTclEDziWxPG4UkZbkGttf9eZlsXmNoX/Z/fojXxMYZaPqM3eOT2h6ezMD
-CI9WpQ==
------END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.d/private/moonKey.pem
deleted file mode 100644 (file)
index beab048..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBrBxHEGICJRNkhm0HWfARp+dIzm6Lw7eCbQXNM6jSGL4DVNDVCV42
-yOKQqifWEcNWxO+wWtBaz91IF5hz/m4TbOGgBwYFK4EEACOhgYkDgYYABAC5p5fz
-1Mvb+0LHPdeJHc2Pk0OlWNtfdqEaGvUpKcV67ORp1kiaM98op6Tx3XIR9FJJyrfw
-tiJNpO4swx/2WruYDQA9T6ga2FrXD/rC5x9RvQU4m62p4gFEqUmg4Ylq307XkTVq
-pM2SN+2umHynAWaM0HL2DFtXKNeRMGU6baspFxHqbg==
------END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.secrets b/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 1ef3ecc..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA moonKey.pem
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/iptables.flush b/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/iptables.flush
deleted file mode 100644 (file)
index b3ab63c..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-*filter
-
--F
-
--P INPUT ACCEPT
--P OUTPUT ACCEPT
--P FORWARD ACCEPT
-
-COMMIT
-
-*nat
-
--F
-
-COMMIT
-
-*mangle
-
--F
-
-COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/iptables.rules
deleted file mode 100644 (file)
index cc12d16..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow esp
--A INPUT  -i eth0 -p 50 -j ACCEPT
--A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-# allow IKE
--A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-# allow MobIKE
--A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-# allow ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-# allow traffic tunnelled via IPsec
--A FORWARD -i eth0 -o eth1 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
--A FORWARD -o eth0 -i eth1 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cpa/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index fc49f9f..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
-}
-
-libstrongswan {
-  integrity_test = yes
-  crypto_test {
-    required = yes
-    on_add = yes
-  }
-  plugins {
-    openssl {
-      fips_mode = 2 
-    }
-  }
-}
diff --git a/testing/tests/openssl-ikev2/rw-cpa/posttest.dat b/testing/tests/openssl-ikev2/rw-cpa/posttest.dat
deleted file mode 100644 (file)
index 1865a1c..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::iptables-restore < /etc/iptables.flush
-carol::iptables-restore < /etc/iptables.flush
-dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/openssl-ikev2/rw-cpa/pretest.dat b/testing/tests/openssl-ikev2/rw-cpa/pretest.dat
deleted file mode 100644 (file)
index fc71734..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::iptables-restore < /etc/iptables.rules
-carol::iptables-restore < /etc/iptables.rules
-dave::iptables-restore < /etc/iptables.rules
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-dave::ipsec up peer
-carol::ipsec up home
diff --git a/testing/tests/openssl-ikev2/rw-cpa/test.conf b/testing/tests/openssl-ikev2/rw-cpa/test.conf
deleted file mode 100644 (file)
index f292988..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# guest instances used for this test
-
-# All guest instances that are required for this test
-#
-VIRTHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# Guest instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# Guest instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
index 1ae780e..a2c02f6 100644 (file)
@@ -3,7 +3,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
 carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
 carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::YES
 carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES
 moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol@strongswan.org' with EAP successful::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
index 2d061c6..c8f63bc 100644 (file)
@@ -18,7 +18,7 @@ conn home
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
-       rightid="C=CH, O=Linux strongSwan, OU=ECDSA 521 bit, CN=moon.strongswan.org"
+       rightid="C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org"
        rightauth=any
        rightsubnet=10.1.0.0/16
        rightsendcert=never
index 2970992..a85635f 100644 (file)
@@ -1,18 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIIC7zCCAlGgAwIBAgIBBDAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYyOTE4WhcNMTMwNjIxMTYyOTE4WjBfMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-MjU2IGJpdDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQgp/Z/GgzvVCDdVcIYqERml0KroZEaVqiF8uy8dlTS
-4mxNs6snDdEWh/LzXTd3NVnCihT2XgHxOk8NrX4hBMMYo4IBFDCCARAwCQYDVR0T
-BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFLdhGhurno1dU2SMx7UGXpa/lgJ9
-MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
-b25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdz
-d2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAJBgcqhkjOPQQBA4GMADCBiAJCATa+
-sBFW3vCx/JgLyxU85F2QuLO0/zdNBhIU0kN7kr1cYBBr8mpbhuNKm6iFe2DsFJZx
-ii3DQjwvG46is2Njzi4vAkIA72lPodCDtAFpD/2PUxjzo6xTAFazUejobkdDTUXn
-s0f8qIzzeQuTwLbp6pDmR/JGzhAeRvQT82njCo0PJ8Hbz1c=
+MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
+BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
+GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
+nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
+Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
+hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
 -----END CERTIFICATE-----
index 5f21c10..d2f97f8 100644 (file)
@@ -1,8 +1,8 @@
 -----BEGIN EC PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,F36088B0517117B50C1A436E5C84526E
+DEK-Info: AES-128-CBC,0C53E74E6B5AC2D7475EFF30478B9D5F
 
-Zulq4O8x8i4P2I8+Ewe2pPJT8K2kzX9JjGhquFKaZdEG1YmXqIdMz41DA1b9cQjt
-KJstY10Gzc/C6Hv9v/ljfplcnumYBFdFsqvQ/Z0xh/G9u/J1gXjghhrQCUXbFble
-RVSwozA9IcCC9yQdhYyazF+85DR+p8AyQ5w2unOvuOk=
+eHLtgaAjHt0sWRnBnRAt8CEPjak58pCwVbH+7Vfz2dy//GRvZviPA/TEQDtznPde
+v5yIDGUe6vvtoY4oXemGi5SQiP8KAuaKylMQEjm2FHYwT/SgIwk5EZZjI4CcFBnK
+NWV3z5oPiW6hZebwUHWaioSAYK1awOtFcp0l4UGA31U=
 -----END EC PRIVATE KEY-----
index 5178c7f..25f0538 100644 (file)
@@ -1,20 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIIDMDCCApKgAwIBAgIBATAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTQ0MzA3WhcNMTMwNjIxMTQ0MzA3WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
+MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
 NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEALmnl/PUy9v7Qsc914kdzY+TQ6VY2192oRoa9SkpxXrs
-5GnWSJoz3yinpPHdchH0UknKt/C2Ik2k7izDH/Zau5gNAD1PqBrYWtcP+sLnH1G9
-BTibraniAUSpSaDhiWrfTteRNWqkzZI37a6YfKcBZozQcvYMW1co15EwZTptqykX
-Eepuo4IBEzCCAQ8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDVU
-Hzs47lOG0dHsezm6aFqdwJwfMHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHu
-j9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
-bjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYD
-VR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6Athito
-dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAkGByqG
-SM49BAEDgYwAMIGIAkIBDgZs1pXvm8SwT9S1m6nIHwuZsJDsDri/PWM6NXdMUXEt
-l0p8cfq8PbJlK/0+eLz8Ec1zpWuF5vasFHkVhauHdnECQgEVuYTrlry9gAx7G4kH
-mne2yDxTclEDziWxPG4UkZbkGttf9eZlsXmNoX/Z/fojXxMYZaPqM3eOT2h6ezMD
-CI9WpQ==
+PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
+ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
+Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
+tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
+BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
+Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
+BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
+vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
+9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
+2A==
 -----END CERTIFICATE-----
index beab048..a1ba4c9 100644 (file)
@@ -1,7 +1,7 @@
 -----BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBrBxHEGICJRNkhm0HWfARp+dIzm6Lw7eCbQXNM6jSGL4DVNDVCV42
-yOKQqifWEcNWxO+wWtBaz91IF5hz/m4TbOGgBwYFK4EEACOhgYkDgYYABAC5p5fz
-1Mvb+0LHPdeJHc2Pk0OlWNtfdqEaGvUpKcV67ORp1kiaM98op6Tx3XIR9FJJyrfw
-tiJNpO4swx/2WruYDQA9T6ga2FrXD/rC5x9RvQU4m62p4gFEqUmg4Ylq307XkTVq
-pM2SN+2umHynAWaM0HL2DFtXKNeRMGU6baspFxHqbg==
+MIHcAgEBBEIB2FqpGVb6Q8oGdL/boMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix
++G8ZaNPJ7fLC3NU4uxW3Y9wo1K6yMDfqZhugBwYFK4EEACOhgYkDgYYABABlnLak
+OG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4vTemT194qTZVQIugGEuzF1mQg
+Yk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2X45I1D2iihIZsNH8treYFIT2
+lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUgNg==
 -----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/description.txt b/testing/tests/openssl-ikev2/rw-suite-b-128/description.txt
new file mode 100644 (file)
index 0000000..c1a3da8
--- /dev/null
@@ -0,0 +1,12 @@
+The roadwarrior <b>dave</b> tries to set up a connection to roadwarrior <b>carol</b>
+but because <b>carol</b> has set the strongswan.conf option <b>initiator_only = yes</b>
+she ignores the repeated IKE requests sent by <b>dave</b>.
+<p/>
+After the failed connection attempt by <b>dave</b>, roadwarrior <b>carol</b> sets up a
+connection to gateway <b>moon</b>. The authentication is based on Suite B with 128 bit 
+security based on <b>X.509 ECDSA</b> certificates, <b>ECP Diffie-Hellman</b> groups and <b>AES-GCM</b>
+authenticated encryption.
+<p/>
+Upon the successful establishment of the IPsec tunnel, the static IPsec policy rules of
+an iptables-based firewall let pass the tunneled traffic. In order to test both tunnel and firewall,
+<b>carol</b> pings the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat b/testing/tests/openssl-ikev2/rw-suite-b-128/evaltest.dat
new file mode 100644 (file)
index 0000000..7169a09
--- /dev/null
@@ -0,0 +1,11 @@
+dave:: cat /var/log/daemon.log::establishing IKE_SA failed, peer not responding::YES
+carol::cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
+moon:: cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
+moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA-256 signature successful::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..61e13df
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes128gcm128-prfsha256-ecp256!
+       esp=aes128gcm128-ecp256!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644 (file)
index 0000000..3480a43
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
+Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
+YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
+BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
+/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
+h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
+t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
+ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
+cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
+3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem
new file mode 100644 (file)
index 0000000..a85635f
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
+BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
+GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
+nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
+Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
+hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem
new file mode 100644 (file)
index 0000000..d29ddb9
--- /dev/null
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIMDstKxdv/vNBPfM8iHvn5g5/8T5aRSnlh27HHt6iTfGoAoGCCqGSM49
+AwEHoUQDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAjBuX3bs5ZIn7B
+rRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2nw==
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.secrets b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..3d67251
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: ECDSA carolKey.pem
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/iptables.flush b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/iptables.flush
new file mode 100644 (file)
index 0000000..b3ab63c
--- /dev/null
@@ -0,0 +1,21 @@
+*filter
+
+-F
+
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+COMMIT
+
+*nat
+
+-F
+
+COMMIT
+
+*mangle
+
+-F
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/iptables.rules
new file mode 100644 (file)
index 0000000..3d99c01
--- /dev/null
@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
+
+# allow traffic tunnelled via IPsec
+-A INPUT  -i eth0 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
+-A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..128d4f2
--- /dev/null
@@ -0,0 +1,20 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+
+  initiator_only = yes
+}
+
+libstrongswan {
+  integrity_test = yes
+  crypto_test {
+    required = yes
+    on_add = yes
+  }
+  plugins {
+    openssl {
+      fips_mode = 2
+    }
+  }
+}
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..22fcb3e
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes128gcm128-prfsha256-ecp256!
+       esp=aes128gcm128-ecp256!
+
+conn peer
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_CAROL
+       rightid=carol@strongswan.org
+       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644 (file)
index 0000000..3480a43
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
+Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
+YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
+BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
+/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
+h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
+t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
+ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
+cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
+3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem
new file mode 100644 (file)
index 0000000..c83be14
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICXDCCAb2gAwIBAgIBCzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzMyOFoXDTE4MDYwMjA3MzMyOFowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAAQ0aUuue3BcBvF6aEISID4c+mVBJyvSm2fPVRRkAQqh
+RktTHMYDWY6B8e/iGr4GDeF5bjr46vMB5eEtVx3chWbQo4GBMH8wHwYDVR0jBBgw
+FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
+d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAd5ols9c
+CP6HPtfMXbPlSpUDKSRyB3c5Ix2Yn3z5ogMM1QSoS88FW8D7KKsb0qTY5TnlAls3
+45PmauVwEbI2cV6qAkIBphvsmhYWMnt/QMOij7DinihEL9Ib1vxOS2boUos6sHWi
+gj3wfHyfgHM3Pgt0YYoZxELDIxcLVJeoa1TmNey7IaI=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem
new file mode 100644 (file)
index 0000000..17e9402
--- /dev/null
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEICwxFtCsSqIAzwZDyxHclTRdz/tGzAY7fP/vPoxqr8vuoAoGCCqGSM49
+AwEHoUQDQgAENGlLrntwXAbxemhCEiA+HPplQScr0ptnz1UUZAEKoUZLUxzGA1mO
+gfHv4hq+Bg3heW46+OrzAeXhLVcd3IVm0A==
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.secrets b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..ebd3a28
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: ECDSA daveKey.pem
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/iptables.flush b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/iptables.flush
new file mode 100644 (file)
index 0000000..b3ab63c
--- /dev/null
@@ -0,0 +1,21 @@
+*filter
+
+-F
+
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+COMMIT
+
+*nat
+
+-F
+
+COMMIT
+
+*mangle
+
+-F
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/iptables.rules
new file mode 100644 (file)
index 0000000..3d99c01
--- /dev/null
@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
+
+# allow traffic tunnelled via IPsec
+-A INPUT  -i eth0 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
+-A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..958a502
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+
+  retransmit_timeout = 2
+  retransmit_base = 1.5
+  retransmit_tries = 3 
+  initiator_only = yes
+}
+
+libstrongswan {
+  integrity_test = yes
+  crypto_test {
+    required = yes
+    on_add = yes
+  }
+  plugins {
+    openssl {
+      fips_mode = 2
+    }
+  }
+}
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..f7044e5
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekey=no
+       reauth=no
+       keyexchange=ikev2
+       ike=aes128gcm128-prfsha256-ecp256!
+       esp=aes128gcm128-ecp256!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644 (file)
index 0000000..3480a43
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
+Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
+YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
+BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
+/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
+h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
+t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
+ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
+cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
+3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem
new file mode 100644 (file)
index 0000000..a3b043e
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICXDCCAb2gAwIBAgIBBzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MTc0M1oXDTE4MDYwMjA3MTc0M1owXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAATf97+pfDnyPIA9gf6bYTZiIjNBAbCjCIqxxWou/oMq
+/9V1O20vyI/dg2g3yzTdzESUa+X81fop+i2n9ymBqI1No4GBMH8wHwYDVR0jBBgw
+FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
+d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCALNndw3C
+DDWCb0f+6P6hxkqiYmUpv39XrioZrLbw+MjMD2WAchbj60KibBep1cVwIq3kWIJ6
+Jj0tYXG+f6yjmImqAkIBGOGRm+MQZxPFdYZoJZq5QXwIN0w2hJxmLIxBASW4PLdl
+RLIlvW/XTJObdb0VVYmClg0HTSvuuYOJrzwdyd8D1w0=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem
new file mode 100644 (file)
index 0000000..5bd2778
--- /dev/null
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHWBnv6tDi/CTTWOQi/0XME7r8Wd5GRPaXx3wNTElpSvoAoGCCqGSM49
+AwEHoUQDQgAE3/e/qXw58jyAPYH+m2E2YiIzQQGwowiKscVqLv6DKv/VdTttL8iP
+3YNoN8s03cxElGvl/NX6Kfotp/cpgaiNTQ==
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.secrets b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..1ef3ecc
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: ECDSA moonKey.pem
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/iptables.flush b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/iptables.flush
new file mode 100644 (file)
index 0000000..b3ab63c
--- /dev/null
@@ -0,0 +1,21 @@
+*filter
+
+-F
+
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+COMMIT
+
+*nat
+
+-F
+
+COMMIT
+
+*mangle
+
+-F
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/iptables.rules
new file mode 100644 (file)
index 0000000..cc12d16
--- /dev/null
@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
+
+# allow traffic tunnelled via IPsec
+-A FORWARD -i eth0 -o eth1 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
+-A FORWARD -o eth0 -i eth1 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..fc49f9f
--- /dev/null
@@ -0,0 +1,18 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+}
+
+libstrongswan {
+  integrity_test = yes
+  crypto_test {
+    required = yes
+    on_add = yes
+  }
+  plugins {
+    openssl {
+      fips_mode = 2 
+    }
+  }
+}
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/posttest.dat b/testing/tests/openssl-ikev2/rw-suite-b-128/posttest.dat
new file mode 100644 (file)
index 0000000..1865a1c
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/pretest.dat b/testing/tests/openssl-ikev2/rw-suite-b-128/pretest.dat
new file mode 100644 (file)
index 0000000..fc71734
--- /dev/null
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+dave::ipsec up peer
+carol::ipsec up home
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/test.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/test.conf
new file mode 100644 (file)
index 0000000..f292988
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/description.txt b/testing/tests/openssl-ikev2/rw-suite-b-192/description.txt
new file mode 100644 (file)
index 0000000..24bb2b3
--- /dev/null
@@ -0,0 +1,12 @@
+The roadwarrior <b>dave</b> tries to set up a connection to roadwarrior <b>carol</b>
+but because <b>carol</b> has set the strongswan.conf option <b>initiator_only = yes</b>
+she ignores the repeated IKE requests sent by <b>dave</b>.
+<p/>
+After the failed connection attempt by <b>dave</b>, roadwarrior <b>carol</b> sets up a
+connection to gateway <b>moon</b>. The authentication is based on Suite B with 192 bit 
+security based on <b>X.509 ECDSA</b> certificates, <b>ECP Diffie-Hellman</b> groups and <b>AES-GCM</b>
+authenticated encryption.
+<p/>
+Upon the successful establishment of the IPsec tunnel, the static IPsec policy rules of
+an iptables-based firewall let pass the tunneled traffic. In order to test both tunnel and firewall,
+<b>carol</b> pings the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat b/testing/tests/openssl-ikev2/rw-suite-b-192/evaltest.dat
new file mode 100644 (file)
index 0000000..57cbee1
--- /dev/null
@@ -0,0 +1,11 @@
+dave:: cat /var/log/daemon.log::establishing IKE_SA failed, peer not responding::YES
+carol::cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
+moon:: cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
+moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA-384 signature successful::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..14146ef
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes256gcm128-prfsha384-ecp384!
+       esp=aes256gcm128-ecp384!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644 (file)
index 0000000..3480a43
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
+Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
+YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
+BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
+/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
+h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
+t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
+ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
+cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
+3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem
new file mode 100644 (file)
index 0000000..f439571
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfDCCAd2gAwIBAgIBCjAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzE1NFoXDTE4MDYwMjA3MzE1NFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMHYwEAYHKoZI
+zj0CAQYFK4EEACIDYgAERiDlh/bOFDq6bSRdDq2ivOcNcxWSGlO5dy5yBRvAhTWl
+NJcy93jxhDIzF5mxPpmgNXpdmSBRKbm3ydkw8LbWI+5/lje06Yl6nOLBO6Zb7GqH
+XFO+BqJrUxzbdHXwxWqto4GDMIGAMB8GA1UdIwQYMBaAFLpd+XG2E7Vq0d26Nreq
+0sHuj9jSMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIA8mbKzo+mp8umjvpoQUo5pIvR1CQQ
+lvBGCUWv7mtq1CVBXzv7Z+HQqPsrL388RymEErA7BzDMkPKTa5E3ZV5LL38CQgDx
++v/cIcJdYngOOF0IgVSDzcGgSvOmMlPF/D97eC4Od7XwdYl5p9Sxi4SjmDZZi4r/
+EArN3teDfoc7CZcRxWcDhQ==
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem
new file mode 100644 (file)
index 0000000..b946257
--- /dev/null
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDCkhn8iMx3xfYLzonabc5FVG700UU6WKdke251F8ncgj1sGd5HZCV+N
+6pHODLMII96gBwYFK4EEACKhZANiAARGIOWH9s4UOrptJF0OraK85w1zFZIaU7l3
+LnIFG8CFNaU0lzL3ePGEMjMXmbE+maA1el2ZIFEpubfJ2TDwttYj7n+WN7TpiXqc
+4sE7plvsaodcU74GomtTHNt0dfDFaq0=
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.secrets b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..3d67251
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: ECDSA carolKey.pem
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/iptables.flush b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/iptables.flush
new file mode 100644 (file)
index 0000000..b3ab63c
--- /dev/null
@@ -0,0 +1,21 @@
+*filter
+
+-F
+
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+COMMIT
+
+*nat
+
+-F
+
+COMMIT
+
+*mangle
+
+-F
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/iptables.rules
new file mode 100644 (file)
index 0000000..3d99c01
--- /dev/null
@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
+
+# allow traffic tunnelled via IPsec
+-A INPUT  -i eth0 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
+-A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..128d4f2
--- /dev/null
@@ -0,0 +1,20 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+
+  initiator_only = yes
+}
+
+libstrongswan {
+  integrity_test = yes
+  crypto_test {
+    required = yes
+    on_add = yes
+  }
+  plugins {
+    openssl {
+      fips_mode = 2
+    }
+  }
+}
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..f6feda0
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes256gcm128-prfsha384-ecp384!
+       esp=aes256cm128-ecp384!
+
+conn peer
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_CAROL
+       rightid=carol@strongswan.org
+       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644 (file)
index 0000000..3480a43
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
+Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
+YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
+BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
+/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
+h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
+t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
+ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
+cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
+3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem
new file mode 100644 (file)
index 0000000..e97709a
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
+DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
+3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
+7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
+MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
+cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
+d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
+iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
+ZEmeb0/mRB56osgppA==
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem
new file mode 100644 (file)
index 0000000..574c86a
--- /dev/null
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDCFbFPkGF4ez8EzHm6pTVCr17Q1+GACxn7m0EE4UVoq7RQBNk4NOxhE
+hJZpquwjgqegBwYFK4EEACKhZANiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwp
+nPP1dWQl4DprDokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6Qq
+Qt/AtuPjCL7r3k3F0Nsj/TGSjRmcMr4=
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.secrets b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..ebd3a28
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: ECDSA daveKey.pem
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/iptables.flush b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/iptables.flush
new file mode 100644 (file)
index 0000000..b3ab63c
--- /dev/null
@@ -0,0 +1,21 @@
+*filter
+
+-F
+
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+COMMIT
+
+*nat
+
+-F
+
+COMMIT
+
+*mangle
+
+-F
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/iptables.rules
new file mode 100644 (file)
index 0000000..3d99c01
--- /dev/null
@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
+
+# allow traffic tunnelled via IPsec
+-A INPUT  -i eth0 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
+-A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..958a502
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+
+  retransmit_timeout = 2
+  retransmit_base = 1.5
+  retransmit_tries = 3 
+  initiator_only = yes
+}
+
+libstrongswan {
+  integrity_test = yes
+  crypto_test {
+    required = yes
+    on_add = yes
+  }
+  plugins {
+    openssl {
+      fips_mode = 2
+    }
+  }
+}
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..f37dae9
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekey=no
+       reauth=no
+       keyexchange=ikev2
+       ike=aes256gcm128-prfsha384-ecp384!
+       esp=aes256gcm128-ecp384!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644 (file)
index 0000000..3480a43
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
+Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
+YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
+BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
+/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
+h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
+t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
+ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
+cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
+3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem
new file mode 100644 (file)
index 0000000..7bf96cd
--- /dev/null
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICdzCCAdqgAwIBAgIBCDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjA1MFoXDTE4MDYwMjA3MjA1MFowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQh4YOVBbRxtdaM7uJvDrZqt6a1jJo+rijEV5Nw1OqU5jlk
+srCtZwcZXrR67MlqzFNyvkHtbcWRuBjL55xjQE+YavKnltuKu42COUhWXh760M/c
+2SNzsjvsJgGXAsiPwiajgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
+7o/Y0jAeBgNVHREEFzAVghNtb29uLnN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
+MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
+cmwwCgYIKoZIzj0EAwQDgYoAMIGGAkE35mfDj/fFUXGsetoU9l9Kt3jbIKYugJgE
+2gmv/MW8jwrqoP7y6ATHXJkonA6AvEK+o0ZMrae55lIKPkBh5xk3XQJBfp5Eqg6Y
+efRIXUeLksM56fRjVwJS6es7qb8l1q6+c1wC1A3lEHQvAs+kJxFfFyni2oxA923F
+h2eoaYy9vSqET5Q=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem
new file mode 100644 (file)
index 0000000..231aa3b
--- /dev/null
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDDlpnLnnwL+nIt/+e+cY2PoTtyHPM10qgck9nYj/f3bPd3ZfiraSBhZ
+KttBZfw5xQKgBwYFK4EEACKhZANiAAQh4YOVBbRxtdaM7uJvDrZqt6a1jJo+rijE
+V5Nw1OqU5jlksrCtZwcZXrR67MlqzFNyvkHtbcWRuBjL55xjQE+YavKnltuKu42C
+OUhWXh760M/c2SNzsjvsJgGXAsiPwiY=
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.secrets b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..1ef3ecc
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: ECDSA moonKey.pem
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.flush b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.flush
new file mode 100644 (file)
index 0000000..b3ab63c
--- /dev/null
@@ -0,0 +1,21 @@
+*filter
+
+-F
+
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+COMMIT
+
+*nat
+
+-F
+
+COMMIT
+
+*mangle
+
+-F
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.rules b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/iptables.rules
new file mode 100644 (file)
index 0000000..cc12d16
--- /dev/null
@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
+
+# allow traffic tunnelled via IPsec
+-A FORWARD -i eth0 -o eth1 -m policy --dir in  --pol ipsec --proto esp -j ACCEPT
+-A FORWARD -o eth0 -i eth1 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..fc49f9f
--- /dev/null
@@ -0,0 +1,18 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default
+}
+
+libstrongswan {
+  integrity_test = yes
+  crypto_test {
+    required = yes
+    on_add = yes
+  }
+  plugins {
+    openssl {
+      fips_mode = 2 
+    }
+  }
+}
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/posttest.dat b/testing/tests/openssl-ikev2/rw-suite-b-192/posttest.dat
new file mode 100644 (file)
index 0000000..1865a1c
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/pretest.dat b/testing/tests/openssl-ikev2/rw-suite-b-192/pretest.dat
new file mode 100644 (file)
index 0000000..fc71734
--- /dev/null
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+dave::ipsec up peer
+carol::ipsec up home
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/test.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/test.conf
new file mode 100644 (file)
index 0000000..f292988
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
index 73646f8..ac46959 100644 (file)
@@ -4,3 +4,11 @@ charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
   multiple_authentication=no
 }
+
+libimcv {
+  plugins {
+    imc-scanner {
+      push_info = no
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/description.txt b/testing/tests/tnc/tnccs-11-radius-pts/description.txt
new file mode 100644 (file)
index 0000000..83e5b96
--- /dev/null
@@ -0,0 +1,13 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+At the outset the gateway authenticates itself to the clients by sending an IKEv2
+<b>RSA signature</b> accompanied by a certificate.
+<b>carol</b> and <b>dave</b> then set up an <b>EAP-TTLS</b> tunnel each via <b>moon</b> to the
+<a href="http://trust.inform.fh-hannover.de/joomla/index.php/projects/tncfhh" target="popup">
+<b>TNC@FHH</b></a>-enhanced FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate.
+The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>.
+In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
+health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
+The communication between IMCs and IMVs is based on the  <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
+<p>
+<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the clients
+are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-pts/evaltest.dat
new file mode 100644 (file)
index 0000000..e22b767
--- /dev/null
@@ -0,0 +1,19 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
+carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+dave:: cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
+dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
+dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
+moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
+moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
+moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
+moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO
+
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/eap.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/eap.conf
new file mode 100644 (file)
index 0000000..3155636
--- /dev/null
@@ -0,0 +1,25 @@
+eap {
+  md5 {
+  }
+  default_eap_type = ttls
+  tls {
+    private_key_file = /etc/raddb/certs/aaaKey.pem
+    certificate_file = /etc/raddb/certs/aaaCert.pem
+    CA_file = /etc/raddb/certs/strongswanCert.pem
+    cipher_list = "DEFAULT"
+    dh_file = /etc/raddb/certs/dh
+    random_file = /etc/raddb/certs/random
+  }
+  ttls {
+    default_eap_type = md5
+    use_tunneled_reply = yes
+    virtual_server = "inner-tunnel"
+    tnc_virtual_server = "inner-tunnel-second"
+  }
+}
+
+eap eap_tnc {
+      default_eap_type = tnc
+      tnc {
+      }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/proxy.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/proxy.conf
new file mode 100644 (file)
index 0000000..23cba8d
--- /dev/null
@@ -0,0 +1,5 @@
+realm strongswan.org {
+  type     = radius
+  authhost = LOCAL
+  accthost = LOCAL
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/default
new file mode 100644 (file)
index 0000000..dd08258
--- /dev/null
@@ -0,0 +1,43 @@
+authorize {
+  suffix
+  eap {
+    ok = return
+  }
+  files
+}
+
+authenticate {
+  eap
+}
+
+preacct {
+  preprocess
+  acct_unique
+  suffix
+  files
+}
+
+accounting {
+  detail
+  unix
+  radutmp
+  attr_filter.accounting_response
+}
+
+session {
+  radutmp
+}
+
+post-auth {
+  exec
+  Post-Auth-Type REJECT {
+    attr_filter.access_reject
+  }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+  eap
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel
new file mode 100644 (file)
index 0000000..e088fae
--- /dev/null
@@ -0,0 +1,32 @@
+server inner-tunnel {
+
+authorize {
+       suffix
+       eap {
+               ok = return
+       }
+       files
+}
+
+authenticate {
+       eap
+}
+
+session {
+       radutmp
+}
+
+post-auth {
+       Post-Auth-Type REJECT {
+               attr_filter.access_reject
+       }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+       eap
+}
+
+} # inner-tunnel server block
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second
new file mode 100644 (file)
index 0000000..c5bde6a
--- /dev/null
@@ -0,0 +1,36 @@
+server inner-tunnel-second {
+
+authorize {
+       eap_tnc {
+               ok = return
+       }
+}
+
+authenticate {
+       eap_tnc
+}
+
+session {
+       radutmp
+}
+
+post-auth {
+       if (control:TNC-Status == "Access") {
+               update reply {
+                       Tunnel-Type := ESP
+                       Filter-Id := "allow"
+               }
+       }
+       elsif (control:TNC-Status == "Isolate") {
+               update reply {
+                       Tunnel-Type := ESP
+                       Filter-Id := "isolate"
+               }
+       }
+
+       Post-Auth-Type REJECT {
+               attr_filter.access_reject
+       }
+}
+
+} # inner-tunnel-second block
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/users b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/freeradius/users
new file mode 100644 (file)
index 0000000..50ccf3e
--- /dev/null
@@ -0,0 +1,2 @@
+carol  Cleartext-Password := "Ar3etTnp"
+dave   Cleartext-Password := "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data.sql b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data.sql
new file mode 100644 (file)
index 0000000..07dc7dc
--- /dev/null
@@ -0,0 +1,873 @@
+/* Products */
+
+INSERT INTO products (                 /*  1 */
+  name
+) VALUES (
+ 'Debian 6.0 i686'
+);
+
+INSERT INTO products (                 /*  2 */
+  name
+) VALUES (
+ 'Debian 6.0 x86_64'
+);
+
+INSERT INTO products (                 /*  3 */
+  name
+) VALUES (
+ 'Debian 7.0 i686'
+);
+
+INSERT INTO products (                 /*  4 */
+  name
+) VALUES (
+ 'Debian 7.0 x86_64'
+);
+
+INSERT INTO products (                 /*  5 */
+  name
+) VALUES (
+ 'Debian 8.0 i686'
+);
+
+INSERT INTO products (                 /*  6 */
+  name
+) VALUES (
+ 'Debian 8.0 x86_64'
+);
+
+INSERT INTO products (                 /*  7 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 i686'
+);
+
+INSERT INTO products (                 /*  8 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 x86_64'
+);
+
+INSERT INTO products (                 /*  9 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 i686'
+);
+
+INSERT INTO products (                 /* 10 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 x86_64'
+);
+
+INSERT INTO products (                 /* 11 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 i686'
+);
+
+INSERT INTO products (                 /* 12 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 x86_64'
+);
+
+INSERT INTO products (                 /* 13 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 i686'
+);
+
+INSERT INTO products (                 /* 14 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 x86_64'
+);
+
+INSERT INTO products (                 /* 15 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 i686'
+);
+
+INSERT INTO products (                 /* 16 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 x86_64'
+);
+
+INSERT INTO products (                 /* 17 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 i686'
+);
+
+INSERT INTO products (                 /* 18 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 x86_64'
+);
+
+INSERT INTO products (                 /* 19 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 i686'
+);
+
+INSERT INTO products (                 /* 20 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 x86_64'
+);
+
+INSERT INTO products (                 /* 21 */
+  name
+) VALUES (
+ 'Android 4.1.1'
+);
+
+INSERT INTO products (                 /* 22 */
+  name
+) VALUES (
+ 'Android 4.2.1'
+);
+
+/* Directories */
+
+INSERT INTO directories (              /*  1 */
+  path
+) VALUES (
+ '/bin'
+);
+
+INSERT INTO directories (              /*  2 */
+  path
+) VALUES (
+ '/etc'
+);
+
+INSERT INTO directories (              /*  3 */
+  path
+) VALUES (
+ '/lib'
+);
+
+INSERT INTO directories (              /*  4 */
+  path
+) VALUES (
+ '/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (              /*  5 */
+  path
+) VALUES (
+ '/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (              /*  6 */
+  path
+) VALUES (
+ '/lib/xtables'
+);
+
+INSERT INTO directories (              /*  7 */
+  path
+) VALUES (
+ '/sbin'
+);
+
+INSERT INTO directories (              /*  8 */
+  path
+) VALUES (
+ '/usr/bin'
+);
+
+INSERT INTO directories (              /*  9 */
+  path
+) VALUES (
+ '/usr/lib'
+);
+
+INSERT INTO directories (              /* 10 */
+  path
+) VALUES (
+ '/usr/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (              /* 11 */
+  path
+) VALUES (
+ '/usr/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (              /* 12 */
+  path
+) VALUES (
+ '/usr/sbin'
+);
+
+INSERT INTO directories (              /* 13 */
+  path
+) VALUES (
+ '/system/bin'
+);
+
+INSERT INTO directories (              /* 14 */
+  path
+) VALUES (
+ '/system/lib'
+);
+
+/* Files */
+
+INSERT INTO files (                            /*  1 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 5
+);
+
+INSERT INTO files (                            /*  2 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 11
+);
+
+INSERT INTO files (                            /*  3 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 5
+);
+
+INSERT INTO files (                            /*  4 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 11
+);
+
+INSERT INTO files (                            /*  5 */
+  name, dir
+) VALUES (
+  'openssl', 8
+);
+
+INSERT INTO files (                            /*  6 */
+  name, dir
+) VALUES (
+  'tnc_config', 2
+);
+
+/* Algorithms */
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  65536, 'SHA1-IMA' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  32768, 'SHA1' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  16384, 'SHA256' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  8192, 'SHA384' 
+);
+
+/* File Hashes */
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' 
+);
+
+/* Packages */
+
+INSERT INTO packages (                 /*  1 */
+  name
+) VALUES (
+ 'libssl-dev'
+);
+
+INSERT INTO packages (                 /*  2 */
+  name
+) VALUES (
+ 'libssl1.0.0'
+);
+
+INSERT INTO packages (                 /*  3 */
+  name
+) VALUES (
+ 'libssl1.0.0-dbg'
+);
+
+INSERT INTO packages (                 /*  4 */
+  name
+) VALUES (
+ 'openssl'
+);
+
+/* Versions */
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  1, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  2, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  3, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  4, 1, '1.0.1e-2', 1366531494
+);
+
+/* Components */
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 1, 33  /* ITA TGRUB */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 2, 33  /* ITA TBOOT */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 33  /* ITA IMA - Trusted Platform */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 34  /* ITA IMA - Operating System */
+);
+
+/* Groups */
+
+INSERT INTO groups (                   /*  1 */
+  name
+) VALUES (
+  'Default'
+);
+
+INSERT INTO groups (                   /*  2 */
+  name, parent
+) VALUES (
+  'Linux', 1
+);
+
+INSERT INTO groups (                   /*  3 */
+  name, parent
+) VALUES (
+  'Android', 1
+);
+
+INSERT INTO groups (                   /*  4 */
+  name, parent
+) VALUES (
+  'Debian i686', 2
+);
+
+INSERT INTO groups (                   /*  5 */
+  name, parent
+) VALUES (
+  'Debian x86_64', 2
+);
+
+INSERT INTO groups (                   /*  6 */
+  name, parent
+) VALUES (
+  'Ubuntu i686', 2
+);
+
+INSERT INTO groups (                   /*  7 */
+  name, parent
+) VALUES (
+  'Ubuntu x86_64', 2
+);
+
+INSERT INTO groups (                   /*  8 */
+  name
+) VALUES (
+  'Reference'
+);
+
+INSERT INTO groups (                   /*  9 */
+  name, parent
+) VALUES (
+  'Ref. Android', 8
+);
+
+INSERT INTO groups (                   /* 10 */
+  name, parent
+) VALUES (
+  'Ref. Linux', 8
+);
+
+/* Default Product Groups */
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 1
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 3
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 5
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 2
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 4
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 6
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 7
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 9
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 11
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 13
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 15
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 17
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 19
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 8
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 10
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 12
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 14
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 16
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 18
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 20
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 21
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 22
+);
+
+/* Devices */
+
+INSERT INTO devices (                  /*  1 */
+  value, product, created  
+) VALUES (
+  'aabbccddeeff11223344556677889900', 4, 1372330615
+);
+
+/* Groups Members */
+
+INSERT INTO groups_members (
+  group_id, device_id
+) VALUES (
+  10, 1
+);
+
+/* Policies */
+
+INSERT INTO policies (                 /*  1 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  1, 'Installed Packages', 2, 2
+);
+
+INSERT INTO policies (                 /*  2 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  2, 'Unknown Source', 2, 2
+);
+
+INSERT INTO policies (                 /*  3 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  3, 'IP Forwarding Enabled',  2, 2 
+);
+
+INSERT INTO policies (                 /*  4 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  4, 'Default Factory Password Enabled', 1, 1
+);
+
+INSERT INTO policies (                 /*  5 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2
+);
+
+INSERT INTO policies (                 /*  6 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2
+);
+
+INSERT INTO policies (                 /*  7 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/bin/openssl', 5, 2, 2
+);
+
+INSERT INTO policies (                 /*  8 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  11, 'No Open TCP Ports', 1, 1
+);
+
+INSERT INTO policies (                 /*  9 */
+  type, name, argument, rec_fail, rec_noresult
+) VALUES (
+  13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1
+);
+
+INSERT INTO policies (                 /* 10 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  7, 'Metadata of /etc/tnc_config', 6, 0, 0
+);
+
+INSERT INTO policies (                 /* 11 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /bin', 1, 0, 0
+);
+
+INSERT INTO policies (                 /*  12 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2
+);
+
+INSERT INTO policies (                 /* 13 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2
+);
+
+INSERT INTO policies (                 /* 14 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /system/bin', 13, 0, 0
+);
+
+INSERT INTO policies (                 /* 15 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /system/lib', 14, 0, 0
+);
+
+INSERT INTO policies (                  /* 16 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  9, 'Measure /bin', 1, 2, 2
+);
+
+/* Enforcements */
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  2, 3, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  3, 2, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  3, 10, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  5, 7, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  6, 7, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  7, 2, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  8, 1, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  9, 1, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  10, 2, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  11, 10, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  12, 5, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  13, 5, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  14, 9, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  15, 9, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  16, 2, 0
+);
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..23f840f
--- /dev/null
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+libimcv {
+  load = random nonce openssl pubkey sqlite
+  debug_level = 3 
+  database = sqlite:///etc/pts/config.db
+  policy_script = ipsec imv_policy_manager
+  assessment_result = no
+}
+
+attest {
+  database = sqlite:///etc/pts/config.db
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc/log4cxx.properties
new file mode 100644 (file)
index 0000000..2bdc6e4
--- /dev/null
@@ -0,0 +1,15 @@
+# Set root logger level to DEBUG and its appenders to A1 and A2.
+log4j.rootLogger=DEBUG, A1, A2
+
+# A1 is set to be a ConsoleAppender.
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n
+
+# A2 is set to be a SyslogAppender
+log4j.appender.A2=org.apache.log4j.net.SyslogAppender
+log4j.appender.A2.Facility=DAEMON
+log4j.appender.A2.SyslogHost=localhost
+log4j.appender.A2.Threshold=DEBUG
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/tnc_config
new file mode 100644 (file)
index 0000000..b5ac8c1
--- /dev/null
@@ -0,0 +1,4 @@
+#IMV configuration file for strongSwan client 
+
+IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so
+IMV "Attestation" /usr/local/lib/ipsec/imcvs/imv-attestation.so
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..e9152e0
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charondebug="tnc 3, imc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       rightauth=pubkey
+       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..74942af
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..56c6b9f
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+  multiple_authentication=no
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = allow
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/tnc_config
new file mode 100644 (file)
index 0000000..15dc93a
--- /dev/null
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client 
+
+IMC "OS"          /usr/local/lib/ipsec/imcvs/imc-os.so
+IMC "Attestation" /usr/local/lib/ipsec/imcvs/imc-attestation.so
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..25589bc
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charondebug="tnc 3, imc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_DAVE
+       leftid=dave@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       rightauth=pubkey
+       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..5496df7
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..145ad9d
--- /dev/null
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+  multiple_authentication=no
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = allow
+    }
+    imc-scanner {
+      push_info = no
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/tnc_config
new file mode 100644 (file)
index 0000000..15dc93a
--- /dev/null
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client 
+
+IMC "OS"          /usr/local/lib/ipsec/imcvs/imc-os.so
+IMC "Attestation" /usr/local/lib/ipsec/imcvs/imc-attestation.so
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..294964f
--- /dev/null
@@ -0,0 +1,33 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn rw-allow
+       rightgroups=allow
+       leftsubnet=10.1.0.0/28
+       also=rw-eap
+       auto=add
+
+conn rw-isolate
+       rightgroups=isolate
+       leftsubnet=10.1.0.16/28
+       also=rw-eap
+       auto=add
+
+conn rw-eap
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftauth=pubkey
+       leftfirewall=yes
+       rightauth=eap-radius
+       rightid=*@strongswan.org
+       rightsendcert=never
+       right=%any
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..e86d6aa
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/iptables.rules
new file mode 100644 (file)
index 0000000..1eb7553
--- /dev/null
@@ -0,0 +1,32 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+# allow RADIUS protocol with alice
+-A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+-A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+COMMIT
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..390c42c
--- /dev/null
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+  multiple_authentication=no
+  plugins {
+    eap-radius {
+      secret = gv6URkSs 
+      server = PH_IP_ALICE
+      filter_id = yes
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat b/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat
new file mode 100644 (file)
index 0000000..dc8507d
--- /dev/null
@@ -0,0 +1,10 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+alice::killall radiusd
+alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second
+alice::rm /etc/pts/config.db
+carol::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
new file mode 100644 (file)
index 0000000..5f94f8d
--- /dev/null
@@ -0,0 +1,21 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+carol::echo 0 > /proc/sys/net/ipv4/ip_forward
+dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
+alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second
+alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second
+alice::cd /etc/pts; cat tables.sql data.sql | sqlite3 config.db
+alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd
+alice::cat /etc/tnc_config
+carol::cat /etc/tnc_config
+dave::cat /etc/tnc_config
+moon::ipsec start
+dave::ipsec start
+carol::ipsec start
+dave::sleep 1
+dave::ipsec up home
+carol::ipsec up home
+carol::sleep 1
+alice::ipsec attest --sessions
+alice::ipsec attest --devices
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/test.conf b/testing/tests/tnc/tnccs-11-radius-pts/test.conf
new file mode 100644 (file)
index 0000000..f23a193
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# Guest instances on which FreeRadius is started
+#
+RADIUSHOSTS="alice"
+
index 3d7f6c6..45050f7 100644 (file)
@@ -7,10 +7,5 @@ libimcv {
     imv-test {
       rounds = 1 
     }
-    imv-scanner {
-      closed_port_policy = yes
-      tcp_ports = 22
-      udp_ports = 500 4500
-    }
   }
 }
index 06b9201..5dbee55 100644 (file)
@@ -10,5 +10,8 @@ libimcv {
     imc-test {
       command = isolate
     }
+    imc-scanner {
+      push_info = no
+    }
   }
 }
index 06b9201..5dbee55 100644 (file)
@@ -10,5 +10,8 @@ libimcv {
     imc-test {
       command = isolate
     }
+    imc-scanner {
+      push_info = no
+    }
   }
 }
index 14865e3..2fe4cf0 100644 (file)
@@ -17,10 +17,5 @@ libimcv {
     imv-test {
       rounds = 1
     }
-    imv-scanner {
-      closed_port_policy = yes
-      tcp_ports = 22
-      udp_ports = 500 4500
-    }
   }
 }
index 9522fd2..70a1b07 100644 (file)
@@ -12,3 +12,11 @@ charon {
     }
   }
 }
+
+libimcv {
+  plugins {
+    imc-scanner {
+      push_info = no
+    }
+  }
+}
index 3435344..996169a 100644 (file)
@@ -19,5 +19,8 @@ libimcv {
       command = isolate
       retry = yes
     }
+    imc-scanner {
+      push_info = no
+    }
   }
 }
index c780c4a..0d3f55b 100644 (file)
@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --devices 2> /dev/null::Debian 7.0 x86_64.*carol@strongswan.org::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian 7.0 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --devices 2> /dev/null::Windows 1.2.3.*dave@strongswan.org::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian 7.0 x86_64.*dave@strongswan.org - isolate::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
index 149f51d..49f778f 100644 (file)
@@ -14,10 +14,6 @@ charon {
 }
 
 libimcv {
-  os_info {
-    name = Windows
-    version = 1.2.3
-  }
   plugins {
     imc-os {
       push_info = no
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql
new file mode 100644 (file)
index 0000000..42fc8f8
--- /dev/null
@@ -0,0 +1,852 @@
+/* Products */
+
+INSERT INTO products (                 /*  1 */
+  name
+) VALUES (
+ 'Debian 6.0 i686'
+);
+
+INSERT INTO products (                 /*  2 */
+  name
+) VALUES (
+ 'Debian 6.0 x86_64'
+);
+
+INSERT INTO products (                 /*  3 */
+  name
+) VALUES (
+ 'Debian 7.0 i686'
+);
+
+INSERT INTO products (                 /*  4 */
+  name
+) VALUES (
+ 'Debian 7.0 x86_64'
+);
+
+INSERT INTO products (                 /*  5 */
+  name
+) VALUES (
+ 'Debian 8.0 i686'
+);
+
+INSERT INTO products (                 /*  6 */
+  name
+) VALUES (
+ 'Debian 8.0 x86_64'
+);
+
+INSERT INTO products (                 /*  7 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 i686'
+);
+
+INSERT INTO products (                 /*  8 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 x86_64'
+);
+
+INSERT INTO products (                 /*  9 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 i686'
+);
+
+INSERT INTO products (                 /* 10 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 x86_64'
+);
+
+INSERT INTO products (                 /* 11 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 i686'
+);
+
+INSERT INTO products (                 /* 12 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 x86_64'
+);
+
+INSERT INTO products (                 /* 13 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 i686'
+);
+
+INSERT INTO products (                 /* 14 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 x86_64'
+);
+
+INSERT INTO products (                 /* 15 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 i686'
+);
+
+INSERT INTO products (                 /* 16 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 x86_64'
+);
+
+INSERT INTO products (                 /* 17 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 i686'
+);
+
+INSERT INTO products (                 /* 18 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 x86_64'
+);
+
+INSERT INTO products (                 /* 19 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 i686'
+);
+
+INSERT INTO products (                 /* 20 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 x86_64'
+);
+
+INSERT INTO products (                 /* 21 */
+  name
+) VALUES (
+ 'Android 4.1.1'
+);
+
+INSERT INTO products (                 /* 22 */
+  name
+) VALUES (
+ 'Android 4.2.1'
+);
+
+/* Directories */
+
+INSERT INTO directories (              /*  1 */
+  path
+) VALUES (
+ '/bin'
+);
+
+INSERT INTO directories (              /*  2 */
+  path
+) VALUES (
+ '/etc'
+);
+
+INSERT INTO directories (              /*  3 */
+  path
+) VALUES (
+ '/lib'
+);
+
+INSERT INTO directories (              /*  4 */
+  path
+) VALUES (
+ '/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (              /*  5 */
+  path
+) VALUES (
+ '/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (              /*  6 */
+  path
+) VALUES (
+ '/lib/xtables'
+);
+
+INSERT INTO directories (              /*  7 */
+  path
+) VALUES (
+ '/sbin'
+);
+
+INSERT INTO directories (              /*  8 */
+  path
+) VALUES (
+ '/usr/bin'
+);
+
+INSERT INTO directories (              /*  9 */
+  path
+) VALUES (
+ '/usr/lib'
+);
+
+INSERT INTO directories (              /* 10 */
+  path
+) VALUES (
+ '/usr/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (              /* 11 */
+  path
+) VALUES (
+ '/usr/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (              /* 12 */
+  path
+) VALUES (
+ '/usr/sbin'
+);
+
+INSERT INTO directories (              /* 13 */
+  path
+) VALUES (
+ '/system/bin'
+);
+
+INSERT INTO directories (              /* 14 */
+  path
+) VALUES (
+ '/system/lib'
+);
+
+/* Files */
+
+INSERT INTO files (                            /*  1 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 5
+);
+
+INSERT INTO files (                            /*  2 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 11
+);
+
+INSERT INTO files (                            /*  3 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 5
+);
+
+INSERT INTO files (                            /*  4 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 11
+);
+
+INSERT INTO files (                            /*  5 */
+  name, dir
+) VALUES (
+  'openssl', 8
+);
+
+INSERT INTO files (                            /*  6 */
+  name, dir
+) VALUES (
+  'tnc_config', 2
+);
+
+/* Algorithms */
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  65536, 'SHA1-IMA' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  32768, 'SHA1' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  16384, 'SHA256' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  8192, 'SHA384' 
+);
+
+/* File Hashes */
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' 
+);
+
+/* Packages */
+
+INSERT INTO packages (                 /*  1 */
+  name
+) VALUES (
+ 'libssl-dev'
+);
+
+INSERT INTO packages (                 /*  2 */
+  name
+) VALUES (
+ 'libssl1.0.0'
+);
+
+INSERT INTO packages (                 /*  3 */
+  name
+) VALUES (
+ 'libssl1.0.0-dbg'
+);
+
+INSERT INTO packages (                 /*  4 */
+  name
+) VALUES (
+ 'openssl'
+);
+
+/* Versions */
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  1, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  2, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  3, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  4, 1, '1.0.1e-2', 1366531494
+);
+
+/* Components */
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 1, 33  /* ITA TGRUB */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 2, 33  /* ITA TBOOT */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 33  /* ITA IMA - Trusted Platform */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 34  /* ITA IMA - Operating System */
+);
+
+/* Groups */
+
+INSERT INTO groups (                   /*  1 */
+  name
+) VALUES (
+  'Default'
+);
+
+INSERT INTO groups (                   /*  2 */
+  name, parent
+) VALUES (
+  'Linux', 1
+);
+
+INSERT INTO groups (                   /*  3 */
+  name, parent
+) VALUES (
+  'Android', 1
+);
+
+INSERT INTO groups (                   /*  4 */
+  name, parent
+) VALUES (
+  'Debian i686', 2
+);
+
+INSERT INTO groups (                   /*  5 */
+  name, parent
+) VALUES (
+  'Debian x86_64', 2
+);
+
+INSERT INTO groups (                   /*  6 */
+  name, parent
+) VALUES (
+  'Ubuntu i686', 2
+);
+
+INSERT INTO groups (                   /*  7 */
+  name, parent
+) VALUES (
+  'Ubuntu x86_64', 2
+);
+
+INSERT INTO groups (                   /*  8 */
+  name
+) VALUES (
+  'Reference'
+);
+
+INSERT INTO groups (                   /*  9 */
+  name, parent
+) VALUES (
+  'Ref. Android', 8
+);
+
+INSERT INTO groups (                   /* 10 */
+  name, parent
+) VALUES (
+  'Ref. Linux', 8
+);
+
+/* Default Product Groups */
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 1
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 3
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 5
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 2
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 4
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 6
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 7
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 9
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 11
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 13
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 15
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 17
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 19
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 8
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 10
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 12
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 14
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 16
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 18
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 20
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 21
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 22
+);
+
+/* Policies */
+
+INSERT INTO policies (                 /*  1 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  1, 'Installed Packages', 2, 2
+);
+
+INSERT INTO policies (                 /*  2 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  2, 'Unknown Source', 2, 2
+);
+
+INSERT INTO policies (                 /*  3 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  3, 'IP Forwarding Enabled',  2, 2 
+);
+
+INSERT INTO policies (                 /*  4 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  4, 'Default Factory Password Enabled', 1, 1
+);
+
+INSERT INTO policies (                 /*  5 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2
+);
+
+INSERT INTO policies (                 /*  6 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2
+);
+
+INSERT INTO policies (                 /*  7 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/bin/openssl', 5, 2, 2
+);
+
+INSERT INTO policies (                 /*  8 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  11, 'No Open TCP Ports', 1, 1
+);
+
+INSERT INTO policies (                 /*  9 */
+  type, name, argument, rec_fail, rec_noresult
+) VALUES (
+  13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1
+);
+
+INSERT INTO policies (                 /* 10 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  7, 'Metadata of /etc/tnc_config', 6, 0, 0
+);
+
+INSERT INTO policies (                 /* 11 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /bin', 1, 0, 0
+);
+
+INSERT INTO policies (                 /*  12 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2
+);
+
+INSERT INTO policies (                 /* 13 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2
+);
+
+INSERT INTO policies (                 /* 14 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /system/bin', 13, 0, 0
+);
+
+INSERT INTO policies (                 /* 15 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /system/lib', 14, 0, 0
+);
+
+INSERT INTO policies (                  /* 16 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  9, 'Measure /bin', 1, 2, 2
+);
+
+/* Enforcements */
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  1, 1, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  2, 3, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  3, 2, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  5, 7, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  6, 7, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  7, 2, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  8, 1, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  9, 1, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  10, 2, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  11, 10, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  12, 5, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  13, 5, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  14, 9, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  15, 9, 0
+);
+
index 0927c88..3e017e9 100644 (file)
@@ -16,16 +16,11 @@ charon {
 }
 
 libimcv {
-  plugins {
-    imv-os {
-      database = sqlite:///etc/pts/config.db
-      request_installed_packages = yes 
-    }
-  }
+  database = sqlite:///etc/pts/config.db
+  policy_script = ipsec imv_policy_manager
 }
 
 attest {
   load = random nonce openssl sqlite
   database = sqlite:///etc/pts/config.db
 }
-
index 28f2f33..691b1e9 100644 (file)
@@ -15,4 +15,5 @@ carol::ipsec up home
 dave::ipsec up home
 dave::sleep 1
 moon::ipsec attest --packages --product 'Debian 7.0'
+moon::ipsec attest --sessions
 moon::ipsec attest --devices
index 7d7dc7b..70da776 100644 (file)
@@ -24,10 +24,5 @@ libimcv {
     imv-test {
       rounds = 1 
     }
-    imv-scanner {
-      closed_port_policy = yes
-      tcp_ports = 22
-      udp_ports = 500 4500
-    }
   }
 }
index b2cdc21..96ff63a 100644 (file)
@@ -14,5 +14,8 @@ libimcv {
     imc-test {
       command = isolate
     }
+    imc-scannner {
+      push_info = no
+    }
   }
 }
diff --git a/testing/tests/tnc/tnccs-20-pts/description.txt b/testing/tests/tnc/tnccs-20-pts/description.txt
new file mode 100644 (file)
index 0000000..b5d12fc
--- /dev/null
@@ -0,0 +1,23 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+using EAP-TTLS authentication only with the gateway presenting a server certificate and
+the clients doing EAP-MD5 password-based authentication.
+In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
+state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>TNCCS 2.0 </b>
+client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC and OS IMV pair
+is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b> to
+exchange PA-TNC attributes.
+<p>
+<b>carol</b> sends information on her operating system consisting of the PA-TNC attributes
+<em>Product Information</em>, <em>String Version</em>, <em>Numeric Version</em>,
+<em>Operational Status</em>, <em>Forwarding Enabled</em>, and
+<em>Factory Default Password Enabled</em> up-front, whereas <b>dave</b> must be prompted
+by the IMV to do so via an <em>Attribute Request</em> PA-TNC attribute. <b>carol</b> is
+then prompted to send a list of installed packages using the <em>Installed Packages</em>
+PA-TNC attribute whereas <b>dave</b>'s "Windows 1.2.3" operating system is not supported
+and thus <b>dave</b> receives a <em>Remediation Instructions</em> PA-TNC attribute.
+<p>
+<b>carol</b> passes the health test and <b>dave</b> fails. Based on these assessments
+which are communicated to the IMCs using the <em>Assessment Result</em> PA-TNC attribute,
+the clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate"
+subnets, respectively.
+</p>
diff --git a/testing/tests/tnc/tnccs-20-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-pts/evaltest.dat
new file mode 100644 (file)
index 0000000..1007543
--- /dev/null
@@ -0,0 +1,20 @@
+carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
+dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
+dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.0 x86_64.*carol@strongswan.org - allow::YES
+moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.0 x86_64.*dave@strongswan.org - isolate::YES
+moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
+moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
+moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
+moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..d17473d
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charondebug="tnc 3, imc 3, pts 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightauth=any
+       rightsendcert=never
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..74942af
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e604683
--- /dev/null
@@ -0,0 +1,19 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+  multiple_authentication=no
+  plugins {
+    eap-tnc {
+      protocol = tnccs-2.0
+    }
+  }
+}
+
+libimcv {
+  plugins {
+    imc-os {
+      push_info = yes
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/tnc_config
new file mode 100644 (file)
index 0000000..15dc93a
--- /dev/null
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client 
+
+IMC "OS"          /usr/local/lib/ipsec/imcvs/imc-os.so
+IMC "Attestation" /usr/local/lib/ipsec/imcvs/imc-attestation.so
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..d459bfc
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charondebug="tnc 3, imc 3, pts 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_DAVE
+       leftid=dave@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightauth=any
+       rightsendcert=never
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..5496df7
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..3236a18
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+  multiple_authentication=no
+  plugins {
+    eap-tnc {
+      protocol = tnccs-2.0
+    }
+    tnc-imc {
+      preferred_language = de
+    }
+  }
+}
+
+libimcv {
+  plugins {
+    imc-os {
+      push_info = no
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/tnc_config
new file mode 100644 (file)
index 0000000..15dc93a
--- /dev/null
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client 
+
+IMC "OS"          /usr/local/lib/ipsec/imcvs/imc-os.so
+IMC "Attestation" /usr/local/lib/ipsec/imcvs/imc-attestation.so
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..bc8b2d8
--- /dev/null
@@ -0,0 +1,34 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charondebug="tnc 3, imv 3, pts 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn rw-allow
+       rightgroups=allow
+       leftsubnet=10.1.0.0/28
+       also=rw-eap
+       auto=add
+
+conn rw-isolate
+       rightgroups=isolate
+       leftsubnet=10.1.0.16/28
+       also=rw-eap
+       auto=add
+
+conn rw-eap
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftauth=eap-ttls
+       leftfirewall=yes
+       rightauth=eap-ttls
+       rightid=*@strongswan.org
+       rightsendcert=never
+       right=%any
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..2e277cc
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : EAP "Ar3etTnp"
+dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data.sql b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data.sql
new file mode 100644 (file)
index 0000000..07dc7dc
--- /dev/null
@@ -0,0 +1,873 @@
+/* Products */
+
+INSERT INTO products (                 /*  1 */
+  name
+) VALUES (
+ 'Debian 6.0 i686'
+);
+
+INSERT INTO products (                 /*  2 */
+  name
+) VALUES (
+ 'Debian 6.0 x86_64'
+);
+
+INSERT INTO products (                 /*  3 */
+  name
+) VALUES (
+ 'Debian 7.0 i686'
+);
+
+INSERT INTO products (                 /*  4 */
+  name
+) VALUES (
+ 'Debian 7.0 x86_64'
+);
+
+INSERT INTO products (                 /*  5 */
+  name
+) VALUES (
+ 'Debian 8.0 i686'
+);
+
+INSERT INTO products (                 /*  6 */
+  name
+) VALUES (
+ 'Debian 8.0 x86_64'
+);
+
+INSERT INTO products (                 /*  7 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 i686'
+);
+
+INSERT INTO products (                 /*  8 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 x86_64'
+);
+
+INSERT INTO products (                 /*  9 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 i686'
+);
+
+INSERT INTO products (                 /* 10 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 x86_64'
+);
+
+INSERT INTO products (                 /* 11 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 i686'
+);
+
+INSERT INTO products (                 /* 12 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 x86_64'
+);
+
+INSERT INTO products (                 /* 13 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 i686'
+);
+
+INSERT INTO products (                 /* 14 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 x86_64'
+);
+
+INSERT INTO products (                 /* 15 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 i686'
+);
+
+INSERT INTO products (                 /* 16 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 x86_64'
+);
+
+INSERT INTO products (                 /* 17 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 i686'
+);
+
+INSERT INTO products (                 /* 18 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 x86_64'
+);
+
+INSERT INTO products (                 /* 19 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 i686'
+);
+
+INSERT INTO products (                 /* 20 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 x86_64'
+);
+
+INSERT INTO products (                 /* 21 */
+  name
+) VALUES (
+ 'Android 4.1.1'
+);
+
+INSERT INTO products (                 /* 22 */
+  name
+) VALUES (
+ 'Android 4.2.1'
+);
+
+/* Directories */
+
+INSERT INTO directories (              /*  1 */
+  path
+) VALUES (
+ '/bin'
+);
+
+INSERT INTO directories (              /*  2 */
+  path
+) VALUES (
+ '/etc'
+);
+
+INSERT INTO directories (              /*  3 */
+  path
+) VALUES (
+ '/lib'
+);
+
+INSERT INTO directories (              /*  4 */
+  path
+) VALUES (
+ '/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (              /*  5 */
+  path
+) VALUES (
+ '/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (              /*  6 */
+  path
+) VALUES (
+ '/lib/xtables'
+);
+
+INSERT INTO directories (              /*  7 */
+  path
+) VALUES (
+ '/sbin'
+);
+
+INSERT INTO directories (              /*  8 */
+  path
+) VALUES (
+ '/usr/bin'
+);
+
+INSERT INTO directories (              /*  9 */
+  path
+) VALUES (
+ '/usr/lib'
+);
+
+INSERT INTO directories (              /* 10 */
+  path
+) VALUES (
+ '/usr/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (              /* 11 */
+  path
+) VALUES (
+ '/usr/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (              /* 12 */
+  path
+) VALUES (
+ '/usr/sbin'
+);
+
+INSERT INTO directories (              /* 13 */
+  path
+) VALUES (
+ '/system/bin'
+);
+
+INSERT INTO directories (              /* 14 */
+  path
+) VALUES (
+ '/system/lib'
+);
+
+/* Files */
+
+INSERT INTO files (                            /*  1 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 5
+);
+
+INSERT INTO files (                            /*  2 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 11
+);
+
+INSERT INTO files (                            /*  3 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 5
+);
+
+INSERT INTO files (                            /*  4 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 11
+);
+
+INSERT INTO files (                            /*  5 */
+  name, dir
+) VALUES (
+  'openssl', 8
+);
+
+INSERT INTO files (                            /*  6 */
+  name, dir
+) VALUES (
+  'tnc_config', 2
+);
+
+/* Algorithms */
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  65536, 'SHA1-IMA' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  32768, 'SHA1' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  16384, 'SHA256' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  8192, 'SHA384' 
+);
+
+/* File Hashes */
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' 
+);
+
+/* Packages */
+
+INSERT INTO packages (                 /*  1 */
+  name
+) VALUES (
+ 'libssl-dev'
+);
+
+INSERT INTO packages (                 /*  2 */
+  name
+) VALUES (
+ 'libssl1.0.0'
+);
+
+INSERT INTO packages (                 /*  3 */
+  name
+) VALUES (
+ 'libssl1.0.0-dbg'
+);
+
+INSERT INTO packages (                 /*  4 */
+  name
+) VALUES (
+ 'openssl'
+);
+
+/* Versions */
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  1, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  2, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  3, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  4, 1, '1.0.1e-2', 1366531494
+);
+
+/* Components */
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 1, 33  /* ITA TGRUB */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 2, 33  /* ITA TBOOT */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 33  /* ITA IMA - Trusted Platform */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 34  /* ITA IMA - Operating System */
+);
+
+/* Groups */
+
+INSERT INTO groups (                   /*  1 */
+  name
+) VALUES (
+  'Default'
+);
+
+INSERT INTO groups (                   /*  2 */
+  name, parent
+) VALUES (
+  'Linux', 1
+);
+
+INSERT INTO groups (                   /*  3 */
+  name, parent
+) VALUES (
+  'Android', 1
+);
+
+INSERT INTO groups (                   /*  4 */
+  name, parent
+) VALUES (
+  'Debian i686', 2
+);
+
+INSERT INTO groups (                   /*  5 */
+  name, parent
+) VALUES (
+  'Debian x86_64', 2
+);
+
+INSERT INTO groups (                   /*  6 */
+  name, parent
+) VALUES (
+  'Ubuntu i686', 2
+);
+
+INSERT INTO groups (                   /*  7 */
+  name, parent
+) VALUES (
+  'Ubuntu x86_64', 2
+);
+
+INSERT INTO groups (                   /*  8 */
+  name
+) VALUES (
+  'Reference'
+);
+
+INSERT INTO groups (                   /*  9 */
+  name, parent
+) VALUES (
+  'Ref. Android', 8
+);
+
+INSERT INTO groups (                   /* 10 */
+  name, parent
+) VALUES (
+  'Ref. Linux', 8
+);
+
+/* Default Product Groups */
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 1
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 3
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 5
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 2
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 4
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 6
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 7
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 9
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 11
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 13
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 15
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 17
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 19
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 8
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 10
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 12
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 14
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 16
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 18
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 20
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 21
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 22
+);
+
+/* Devices */
+
+INSERT INTO devices (                  /*  1 */
+  value, product, created  
+) VALUES (
+  'aabbccddeeff11223344556677889900', 4, 1372330615
+);
+
+/* Groups Members */
+
+INSERT INTO groups_members (
+  group_id, device_id
+) VALUES (
+  10, 1
+);
+
+/* Policies */
+
+INSERT INTO policies (                 /*  1 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  1, 'Installed Packages', 2, 2
+);
+
+INSERT INTO policies (                 /*  2 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  2, 'Unknown Source', 2, 2
+);
+
+INSERT INTO policies (                 /*  3 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  3, 'IP Forwarding Enabled',  2, 2 
+);
+
+INSERT INTO policies (                 /*  4 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  4, 'Default Factory Password Enabled', 1, 1
+);
+
+INSERT INTO policies (                 /*  5 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2
+);
+
+INSERT INTO policies (                 /*  6 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2
+);
+
+INSERT INTO policies (                 /*  7 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/bin/openssl', 5, 2, 2
+);
+
+INSERT INTO policies (                 /*  8 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  11, 'No Open TCP Ports', 1, 1
+);
+
+INSERT INTO policies (                 /*  9 */
+  type, name, argument, rec_fail, rec_noresult
+) VALUES (
+  13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1
+);
+
+INSERT INTO policies (                 /* 10 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  7, 'Metadata of /etc/tnc_config', 6, 0, 0
+);
+
+INSERT INTO policies (                 /* 11 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /bin', 1, 0, 0
+);
+
+INSERT INTO policies (                 /*  12 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2
+);
+
+INSERT INTO policies (                 /* 13 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2
+);
+
+INSERT INTO policies (                 /* 14 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /system/bin', 13, 0, 0
+);
+
+INSERT INTO policies (                 /* 15 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /system/lib', 14, 0, 0
+);
+
+INSERT INTO policies (                  /* 16 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  9, 'Measure /bin', 1, 2, 2
+);
+
+/* Enforcements */
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  2, 3, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  3, 2, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  3, 10, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  5, 7, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  6, 7, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  7, 2, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  8, 1, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  9, 1, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  10, 2, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  11, 10, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  12, 5, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  13, 5, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  14, 9, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  15, 9, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  16, 2, 0
+);
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..0298a51
--- /dev/null
@@ -0,0 +1,32 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
+  multiple_authentication=no
+  plugins {
+    eap-ttls {
+      phase2_method = md5
+      phase2_piggyback = yes
+      phase2_tnc = yes
+    }
+    eap-tnc {
+      protocol = tnccs-2.0
+    }
+  }
+}
+
+libimcv {
+  database = sqlite:///etc/pts/config.db
+  policy_script = ipsec imv_policy_manager
+  plugins {
+    imv-attestation {
+      hash_algorithm = sha1
+    }
+  }
+}
+
+attest {
+  load = random nonce openssl sqlite
+  database = sqlite:///etc/pts/config.db
+}
+
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/tnc_config
new file mode 100644 (file)
index 0000000..6507baa
--- /dev/null
@@ -0,0 +1,4 @@
+#IMV configuration file for strongSwan client 
+
+IMV "OS"          /usr/local/lib/ipsec/imcvs/imv-os.so
+IMV "Attestation" /usr/local/lib/ipsec/imcvs/imv-attestation.so
diff --git a/testing/tests/tnc/tnccs-20-pts/posttest.dat b/testing/tests/tnc/tnccs-20-pts/posttest.dat
new file mode 100644 (file)
index 0000000..48514d6
--- /dev/null
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+carol::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::rm /etc/pts/config.db
diff --git a/testing/tests/tnc/tnccs-20-pts/pretest.dat b/testing/tests/tnc/tnccs-20-pts/pretest.dat
new file mode 100644 (file)
index 0000000..cb6c131
--- /dev/null
@@ -0,0 +1,18 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+carol::echo 0 > /proc/sys/net/ipv4/ip_forward
+dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
+moon::cd /etc/pts; cat tables.sql data.sql | sqlite3 config.db
+moon::cat /etc/tnc_config
+carol::cat /etc/tnc_config
+dave::cat /etc/tnc_config
+moon::ipsec start
+dave::ipsec start 
+carol::ipsec start 
+dave::sleep 1
+dave::ipsec up home
+carol::ipsec up home
+carol::sleep 1
+moon::ipsec attest --sessions
+moon::ipsec attest --devices
diff --git a/testing/tests/tnc/tnccs-20-pts/test.conf b/testing/tests/tnc/tnccs-20-pts/test.conf
new file mode 100644 (file)
index 0000000..a8a05af
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# Guest instances on which FreeRadius is started
+#
+RADIUSHOSTS=
+
index 5fdeead..fce9499 100644 (file)
@@ -19,5 +19,8 @@ libimcv {
       command = retry 
       retry_command = isolate
     }
+    imc-scanner {
+      push_info = no
+    }
   }
 }
index 0418a4a..0870ca6 100644 (file)
@@ -15,5 +15,8 @@ libimcv {
     imc-test {
       command = isolate
     }
+    imc-scanner {
+      push_info = no
+    }
   }
 }
index 3a3c2a0..1e5f50b 100644 (file)
@@ -19,5 +19,8 @@ libimcv {
       command = isolate
       additional_ids = 1
     }
+    imc-scanner {
+      push_info = no
+   }
   }
 }
diff --git a/testing/tests/tnc/tnccs-20/hosts/moon/etc/pts/data.sql b/testing/tests/tnc/tnccs-20/hosts/moon/etc/pts/data.sql
new file mode 100644 (file)
index 0000000..dcc4e75
--- /dev/null
@@ -0,0 +1,793 @@
+/* Products */
+
+INSERT INTO products (                 /*  1 */
+  name
+) VALUES (
+ 'Debian 7.0'
+);
+
+INSERT INTO products (                 /*  2 */
+  name
+) VALUES (
+ 'Debian 7.0 i686'
+);
+
+INSERT INTO products (                 /*  3 */
+  name
+) VALUES (
+ 'Debian 7.0 x86_64'
+);
+
+INSERT INTO products (                 /*  4 */
+  name
+) VALUES (
+ 'Ubuntu 10.04'
+);
+
+INSERT INTO products (                 /*  5 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 i686'
+);
+
+INSERT INTO products (                 /*  6 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 x86_64'
+);
+
+INSERT INTO products (                 /*  7 */
+  name
+) VALUES (
+ 'Ubuntu 10.10'
+);
+
+INSERT INTO products (                 /*  8 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 i686'
+);
+
+INSERT INTO products (                 /*  9 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 x86_64'
+);
+
+INSERT INTO products (                 /* 10 */
+  name
+) VALUES (
+ 'Ubuntu 11.04'
+);
+
+INSERT INTO products (                 /* 11 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 i686'
+);
+
+INSERT INTO products (                 /* 12 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 x86_64'
+);
+
+INSERT INTO products (                 /* 13 */
+  name
+) VALUES (
+ 'Ubuntu 11.10'
+);
+
+INSERT INTO products (                 /* 14 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 i686'
+);
+
+INSERT INTO products (                 /* 15 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 x86_64'
+);
+
+INSERT INTO products (                 /* 16 */
+  name
+) VALUES (
+ 'Ubuntu 12.04'
+);
+
+INSERT INTO products (                 /* 17 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 i686'
+);
+
+INSERT INTO products (                 /* 18 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 x86_64'
+);
+
+INSERT INTO products (                 /* 19 */
+  name
+) VALUES (
+ 'Ubuntu 12.10'
+);
+
+INSERT INTO products (                 /* 20 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 i686'
+);
+
+INSERT INTO products (                 /* 21 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 x86_64'
+);
+
+INSERT INTO products (                 /* 22 */
+  name
+) VALUES (
+ 'Ubuntu 13.04'
+);
+
+INSERT INTO products (                 /* 23 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 i686'
+);
+
+INSERT INTO products (                 /* 24 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 x86_64'
+);
+
+INSERT INTO products (                 /* 25 */
+  name
+) VALUES (
+ 'Android 4.1.1'
+);
+
+INSERT INTO products (                 /* 26 */
+  name
+) VALUES (
+ 'Android 4.2.1'
+);
+
+/* Directories */
+
+INSERT INTO directories (              /*  1 */
+  path
+) VALUES (
+ '/bin'
+);
+
+INSERT INTO directories (              /*  2 */
+  path
+) VALUES (
+ '/etc'
+);
+
+INSERT INTO directories (              /*  3 */
+  path
+) VALUES (
+ '/lib'
+);
+
+INSERT INTO directories (              /*  4 */
+  path
+) VALUES (
+ '/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (              /*  5 */
+  path
+) VALUES (
+ '/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (              /*  6 */
+  path
+) VALUES (
+ '/lib/xtables'
+);
+
+INSERT INTO directories (              /*  7 */
+  path
+) VALUES (
+ '/sbin'
+);
+
+INSERT INTO directories (              /*  8 */
+  path
+) VALUES (
+ '/usr/bin'
+);
+
+INSERT INTO directories (              /*  9 */
+  path
+) VALUES (
+ '/usr/lib'
+);
+
+INSERT INTO directories (              /* 10 */
+  path
+) VALUES (
+ '/usr/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (              /* 11 */
+  path
+) VALUES (
+ '/usr/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (              /* 12 */
+  path
+) VALUES (
+ '/usr/sbin'
+);
+
+/* Files */
+
+INSERT INTO files (                            /*  1 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 5
+);
+
+INSERT INTO files (                            /*  2 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 11
+);
+
+INSERT INTO files (                            /*  3 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 5
+);
+
+INSERT INTO files (                            /*  4 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 11
+);
+
+INSERT INTO files (                            /*  5 */
+  name, dir
+) VALUES (
+  'openssl', 8
+);
+
+INSERT INTO files (                            /*  6 */
+  name, dir
+) VALUES (
+  'tnc_config', 2
+);
+
+/* Algorithms */
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  65536, 'SHA1-IMA' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  32768, 'SHA1' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  16384, 'SHA256' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  8192, 'SHA384' 
+);
+
+/* File Hashes */
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  3, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  3, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  3, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  3, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  3, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  3, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  3, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  3, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  3, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  21, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  21, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  21, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  21, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  21, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  21, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  21, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  21, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  21, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' 
+);
+
+/* Packages */
+
+INSERT INTO packages (                 /*  1 */
+  name
+) VALUES (
+ 'libssl-dev'
+);
+
+INSERT INTO packages (                 /*  2 */
+  name
+) VALUES (
+ 'libssl1.0.0'
+);
+
+INSERT INTO packages (                 /*  3 */
+  name
+) VALUES (
+ 'libssl1.0.0-dbg'
+);
+
+INSERT INTO packages (                 /*  4 */
+  name
+) VALUES (
+ 'openssl'
+);
+
+/* Versions */
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  1, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  2, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  3, 1, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  4, 1, '1.0.1e-2', 1366531494
+);
+
+/* Components */
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 1, 33  /* ITA TGRUB */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 2, 33  /* ITA TBOOT */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 33  /* ITA IMA - Trusted Platform */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 34  /* ITA IMA - Operating System */
+);
+
+/* Groups */
+
+INSERT INTO groups (                   /*  1 */
+  name, parent
+) VALUES (
+  'Debian i686', 6
+);
+
+INSERT INTO groups (                   /*  2 */
+  name, parent
+) VALUES (
+  'Debian x86_64', 6
+);
+
+INSERT INTO groups (                   /*  3 */
+  name, parent
+) VALUES (
+  'Ubuntu i686', 6
+);
+
+INSERT INTO groups (                   /*  4 */
+  name, parent
+) VALUES (
+  'Ubuntu x86_64', 6
+);
+
+INSERT INTO groups (                   /*  5 */
+  name, parent
+) VALUES (
+  'Android', 7
+);
+
+INSERT INTO groups (                   /*  6 */
+  name, parent
+) VALUES (
+  'Linux', 7
+);
+
+INSERT INTO groups (                   /*  7 */
+  name
+) VALUES (
+  'Default'
+);
+
+/* Default Product Groups */
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  1, 2
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  2, 3
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 5
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 8
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 11
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 14
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 17
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 20
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 23
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 6
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 9
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 12
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 15
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 18
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 21
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 24
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 25
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 26
+);
+
+/* Policies */
+
+INSERT INTO policies (                 /*  1 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  1, 'Installed Packages', 2, 2
+);
+
+INSERT INTO policies (                 /*  2 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  2, 'Unknown Source', 2, 2
+);
+
+INSERT INTO policies (                 /*  3 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  3, 'IP Forwarding Enabled',  1, 1
+);
+
+INSERT INTO policies (                 /*  4 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  4, 'Default Factory Password Enabled', 1, 1
+);
+
+INSERT INTO policies (                 /*  5 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2
+);
+
+INSERT INTO policies (                 /*  6 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2
+);
+
+INSERT INTO policies (                 /*  7 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/bin/openssl', 5, 2, 2
+);
+
+INSERT INTO policies (                 /*  8 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  11, 'No Open TCP Ports', 1, 1
+);
+
+INSERT INTO policies (                 /*  9 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  13, 'No Open UDP Ports', 1, 1
+);
+
+INSERT INTO policies (                 /* 10 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  7, 'Metadata of /etc/tnc_config', 6, 0, 0
+);
+
+INSERT INTO policies (                 /* 11 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Measure as reference /bin', 1, 0, 0
+);
+
+INSERT INTO policies (                 /*  12 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2
+);
+
+INSERT INTO policies (                 /* 13 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2
+);
+
+
+/* Enforcements */
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  1, 7, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  2, 5, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  3, 6, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  5, 4, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  6, 4, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  7, 6, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  8, 7, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  9, 7, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  10, 6, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  11, 6, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  12, 2, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  13, 2, 86400
+);
+
index 2918c8a..db91eac 100644 (file)
@@ -19,5 +19,8 @@ libimcv {
     imc-test {
       command = isolate
     }
+    imc-scanner {
+      push_info = no
+    }
   }
 }