testing: Switched PTS measurements to /usr/sbin

Due to Debian 10 linking /bin to /usr/bin which drastically
increased the number of files in /bin, the PTS measurement
was switched to /usr/sbin with a lesser number of files.

src/libimcv/imv/data.sql

@@ -1731,7 +1731,7 @@ INSERT INTO policies (			/* 10 */
 INSERT INTO policies (			/* 11 */
   type, name, dir, rec_fail, rec_noresult
 ) VALUES (
-  8, 'Get /bin', 1, 0, 0
+  8, 'Get /usr/sbin', 12, 0, 0
 );
 
 INSERT INTO policies (			/*  12 */
@@ -1761,7 +1761,7 @@ INSERT INTO policies (			/* 15 */
 INSERT INTO policies (          /* 16 */
   type, name, dir, rec_fail, rec_noresult
 ) VALUES (
-  9, 'Measure /bin', 1, 2, 2
+  9, 'Measure /usr/sbin', 12, 2, 2
 );
 
 INSERT INTO policies (			/* 17 */

testing/tests/tnc/tnccs-20-os-pts/description.txt

@@ -11,8 +11,8 @@ protocol defined by <b>RFC 5792 PA-TNC</b>.
 <em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front
 to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so via an
 <em>Attribute Request</em> PA-TNC attribute. <b>dave</b> is instructed to do a reference
-measurement on all files in the <b>/bin</b> directory. <b>carol</b> is then prompted to
-measure a couple of individual files and the files in the <b>/bin</b> directory as
+measurement on all files in the <b>/usr/sbin</b> directory. <b>carol</b> is then prompted to
+measure a couple of individual files and the files in the <b>/usr/sbin</b> directory as
 well as to get metadata on the <b>/etc/tnc_confg</b> configuration file.
 <p>
 <b>carol</b> passes the health test and <b>dave</b> fails because IP forwarding is

testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf

@@ -12,6 +12,11 @@ charon-systemd {
       pts = 3
     }
   }
+  plugins {
+    eap-ttls {
+      max_message_count = 0
+    }
+  }
 }
 
 libtls {

testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf

@@ -14,6 +14,9 @@ charon-systemd {
     }
   }
   plugins {
+    eap-ttls {
+      max_message_count = 0
+    }
     tnc-imc {
       preferred_language = de
     }

testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf

@@ -14,6 +14,7 @@ charon-systemd {
   }
   plugins {
     eap-ttls {
+      max_message_count = 0
       phase2_method = md5
       phase2_piggyback = yes
       phase2_tnc = yes

testing/tests/tnc/tnccs-20-pts-no-ecc/description.txt

@@ -2,18 +2,18 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gatewa
 using EAP-TTLS authentication only with the gateway presenting a server certificate and
 the clients doing EAP-MD5 password-based authentication.
 <p/>
-In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS 
-tunnel to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the 
-<b>TNCCS 2.0 </b> client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC 
-and OS IMV pair is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b> 
+In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS
+tunnel to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the
+<b>TNCCS 2.0 </b> client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC
+and OS IMV pair is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b>
 to exchange PA-TNC attributes.
 <p/>
 <b>carol</b> sends information on her operating system consisting of the PA-TNC attributes
 <em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front
 to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so via an
 <em>Attribute Request</em> PA-TNC attribute. <b>dave</b> is instructed to do a reference
-measurement on all files in the <b>/bin</b> directory. <b>carol</b> is then prompted to
-measure a couple of individual files and the files in the <b>/bin</b> directory as
+measurement on all files in the <b>/usr/sbin</b> directory. <b>carol</b> is then prompted to
+measure a couple of individual files and the files in the <b>/usr/sbin</b> directory as
 well as to get metadata on the <b>/etc/tnc_confg</b> configuration file.
 <p/>
 Since the Attestation IMV negotiates a Diffie-Hellman group for TPM-based measurements,

testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf

@@ -12,6 +12,11 @@ charon-systemd {
       pts = 3
     }
   }
+  plugins {
+    eap-ttls {
+      max_message_count = 0
+    }
+  }
 }
 
 libtls {

testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf

@@ -13,6 +13,9 @@ charon-systemd {
     }
   }
   plugins {
+    eap-ttls {
+      max_message_count = 0
+    }
     tnc-imc {
       preferred_language = de
     }

testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf

@@ -14,6 +14,7 @@ charon-systemd {
   }
   plugins {
     eap-ttls {
+      max_message_count = 0
       phase2_method = md5
       phase2_piggyback = yes
       phase2_tnc = yes

testing/tests/tnc/tnccs-20-pts/description.txt

@@ -2,7 +2,7 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gatewa
 using EAP-TTLS authentication only with the gateway presenting a server certificate and
 the clients doing EAP-MD5 password-based authentication.
 <p/>
-In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS tunnel 
+In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS tunnel
 to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>TNCCS 2.0</b>
 client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS and Attestation IMCs
 exchange PA-TNC attributes with the OS IMV via the <b>IF-M 1.0</b> measurement protocol
@@ -12,8 +12,8 @@ defined by <b>RFC 5792 PA-TNC</b>.
 <em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front
 to the Attestation IMV, whereas <b>dave</b> must be prompted by the IMV to do so via an
 <em>Attribute Request</em> PA-TNC attribute. <b>dave</b> is instructed to do a reference
-measurement on all files in the <b>/bin</b> directory. <b>carol</b> is then prompted to
-measure a couple of individual files and the files in the <b>/bin</b> directory as
+measurement on all files in the <b>/usr/sbin</b> directory. <b>carol</b> is then prompted to
+measure a couple of individual files and the files in the <b>/usr/sbin</b> directory as
 well as to get metadata on the <b>/etc/tnc_confg</b> configuration file.
 <p>
 <b>carol</b> passes the health test and <b>dave</b> fails because IP forwarding is

testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf

@@ -12,6 +12,11 @@ charon-systemd {
       pts = 3
     }
   }
+  plugins {
+    eap-ttls {
+      max_message_count = 0
+    }
+  }
 }
 
 libtls {

testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf

@@ -13,6 +13,9 @@ charon-systemd {
     }
   }
   plugins {
+    eap-ttls {
+      max_message_count = 0
+    }
     tnc-imc {
       preferred_language = de
     }

testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf

@@ -14,6 +14,7 @@ charon-systemd {
   }
   plugins {
     eap-ttls {
+      max_message_count = 0
       phase2_method = md5
       phase2_piggyback = yes
       phase2_tnc = yes