Use python-based swidGenerator to generated SWID tags

conf/plugins/imc-swid.opt

@@ -1,2 +1,11 @@
 charon.plugins.imc-swid.swid_directory = ${prefix}/share
 	Directory where SWID tags are located.
+
+charon.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator
+	SWID generator command to be executed.
+
+charon.plugins.imc-swid.pretty = FALSE
+	Generate XML-encoded SWID tags with pretty indentation.
+
+charon.plugins.imc-swid.full = FALSE
+	Include file information in the XML-encoded SWID tags.

src/libimcv/ietf/ietf_attr_installed_packages.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -41,8 +41,6 @@ typedef struct package_entry_t package_entry_t;
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define INSTALLED_PACKAGES_MIN_SIZE		4
-
 /**
  * Private data of an ietf_attr_installed_packages_t object.
  */
@@ -132,7 +130,7 @@ METHOD(pa_tnc_attr_t, build, void,
 	{
 		return;
 	}
-	writer = bio_writer_create(INSTALLED_PACKAGES_MIN_SIZE);
+	writer = bio_writer_create(IETF_INSTALLED_PACKAGES_MIN_SIZE);
 	writer->write_uint16(writer, 0x0000);
 	writer->write_uint16(writer, this->packages->get_count(this->packages));
 
@@ -160,7 +158,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 
 	*offset = 0;
 
-	if (this->value.len < INSTALLED_PACKAGES_MIN_SIZE)
+	if (this->value.len < IETF_INSTALLED_PACKAGES_MIN_SIZE)
 	{
 		DBG1(DBG_TNC, "insufficient data for IETF installed packages");
 		return FAILED;
@@ -168,7 +166,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	reader = bio_reader_create(this->value);
 	reader->read_uint16(reader, &reserved);
 	reader->read_uint16(reader, &count);
-	*offset = INSTALLED_PACKAGES_MIN_SIZE;
+	*offset = IETF_INSTALLED_PACKAGES_MIN_SIZE;
 
 	while (reader->remaining(reader))
 	{

src/libimcv/ietf/ietf_attr_installed_packages.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@ typedef struct ietf_attr_installed_packages_t ietf_attr_installed_packages_t;
 #include "ietf_attr.h"
 #include "pa_tnc/pa_tnc_attr.h"
 
+#define IETF_INSTALLED_PACKAGES_MIN_SIZE	4
 
 /**
  * Class implementing the IETF PA-TNC Installed Packages attribute.

src/libimcv/imv/data.sql

@@ -216,6 +216,30 @@ INSERT INTO products (			/* 36 */
  'Ubuntu 14.04 x86_64'
 );
 
+INSERT INTO products (			/* 37 */
+  name
+) VALUES (
+ 'Debian 7.3 i686'
+);
+
+INSERT INTO products (			/* 38 */
+  name
+) VALUES (
+ 'Debian 7.3 x86_64'
+);
+
+INSERT INTO products (			/* 39 */
+  name
+) VALUES (
+ 'Debian 7.4 i686'
+);
+
+INSERT INTO products (			/* 40 */
+  name
+) VALUES (
+ 'Debian 7.4 x86_64'
+);
+
 /* Directories */
 
 INSERT INTO directories (		/*  1 */
@@ -666,6 +690,18 @@ INSERT INTO groups_product_defaults (
   4, 27
 );
 
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 37
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 39
+);
+
 INSERT INTO groups_product_defaults (
   group_id, product_id
 ) VALUES (
@@ -696,6 +732,18 @@ INSERT INTO groups_product_defaults (
   5, 28
 );
 
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 38
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 40
+);
+
 INSERT INTO groups_product_defaults (
   group_id, product_id
 ) VALUES (

src/libimcv/pa_tnc/pa_tnc_attr.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@ typedef struct pa_tnc_attr_t pa_tnc_attr_t;
 #include <library.h>
 #include <pen/pen.h>
 
+#define PA_TNC_ATTR_HEADER_SIZE		12
+
 /**
  * Interface for an RFC 5792 PA-TNC Posture Attribute.
  *
@@ -71,7 +73,7 @@ struct pa_tnc_attr_t {
 	 * @param					relative error offset within attribute body
 	 * @return					result status
 	 */
-	status_t (*process)(pa_tnc_attr_t *this, u_int32_t *offset);
+	status_t (*process)(pa_tnc_attr_t *this, uint32_t *offset);
 
 	/**
 	 * Get a new reference to the PA-TNC attribute

src/libimcv/pa_tnc/pa_tnc_msg.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -23,7 +23,6 @@
 #include <pen/pen.h>
 #include <utils/debug.h>
 
-
 typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
 
 /**
@@ -38,7 +37,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define PA_TNC_HEADER_SIZE	8
 #define PA_TNC_RESERVED		0x000000
 
 /**
@@ -59,7 +57,6 @@ typedef struct private_pa_tnc_msg_t private_pa_tnc_msg_t;
 
 #define PA_TNC_ATTR_FLAG_NONE			0x00
 #define PA_TNC_ATTR_FLAG_NOSKIP			(1<<7)
-#define PA_TNC_ATTR_HEADER_SIZE			12
 #define PA_TNC_ATTR_INFO_SIZE			8
 
 /**
@@ -86,7 +83,7 @@ struct private_pa_tnc_msg_t {
 	/**
 	 * Message identifier
 	 */
-	u_int32_t identifier;
+	uint32_t identifier;
 
 	/**
 	 * Current PA-TNC Message size
@@ -139,13 +136,13 @@ METHOD(pa_tnc_msg_t, build, bool,
 	pa_tnc_attr_t *attr;
 	enum_name_t *pa_attr_names;
 	pen_type_t type;
-	u_int8_t flags;
+	uint8_t flags;
 	chunk_t value;
 	nonce_gen_t *ng;
 
 	/* generate a nonce as a message identifier */
 	ng = lib->crypto->create_nonce_gen(lib->crypto);
-	if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&this->identifier))
+	if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&this->identifier))
 	{
 		DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier");
 		DESTROY_IF(ng);
@@ -205,8 +202,8 @@ METHOD(pa_tnc_msg_t, process, status_t,
 {
 	bio_reader_t *reader;
 	pa_tnc_attr_t *error;
-	u_int8_t version;
+	uint8_t version;
-	u_int32_t reserved, offset, attr_offset;
+	uint32_t reserved, offset, attr_offset;
 	pen_type_t error_code = { PEN_IETF, PA_ERROR_INVALID_PARAMETER };
 
 	/* process message header */
@@ -237,8 +234,8 @@ METHOD(pa_tnc_msg_t, process, status_t,
 	while (reader->remaining(reader) >= PA_TNC_ATTR_HEADER_SIZE)
 	{
 		pen_t vendor_id;
-		u_int8_t flags;
+		uint8_t flags;
-		u_int32_t type, length;
+		uint32_t type, length;
 		chunk_t value, attr_info;
 		pa_tnc_attr_t *attr;
 		enum_name_t *pa_attr_names;
@@ -372,7 +369,7 @@ METHOD(pa_tnc_msg_t, process_ietf_std_errors, bool,
 			ietf_attr_pa_tnc_error_t *error_attr;
 			pen_type_t error_code;
 			chunk_t msg_info, attr_info;
-			u_int32_t offset;
+			uint32_t offset;
 
 			error_attr = (ietf_attr_pa_tnc_error_t*)attr;
 			error_code = error_attr->get_error_code(error_attr);

src/libimcv/pa_tnc/pa_tnc_msg.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2012 Andreas Steffen
+ * Copyright (C) 2011-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
 typedef struct pa_tnc_msg_t pa_tnc_msg_t;
 
 #define PA_TNC_VERSION		0x01
+#define PA_TNC_HEADER_SIZE	8
 
 #include "pa_tnc_attr.h"
 

src/libimcv/plugins/imc_os/imc_os.c

@@ -353,11 +353,12 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
 	 * Compute the maximum IETF Installed Packages attribute size
 	 * leaving space for an additional ITA Angel attribute
 	 */
-	max_attr_size = state->get_max_msg_len(state) - 8 - 12;
+	max_attr_size = state->get_max_msg_len(state) -
+					PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
 
 	/* At least one IETF Installed Packages attribute is sent */
 	attr = ietf_attr_installed_packages_create();
-	attr_size = 12 + 4;
+	attr_size = PA_TNC_ATTR_HEADER_SIZE + IETF_INSTALLED_PACKAGES_MIN_SIZE;
 
 	enumerator = os->create_package_enumerator(os);
 	if (enumerator)
@@ -384,7 +385,8 @@ static void add_installed_packages(imc_state_t *state, imc_msg_t *msg)
 
 				/* create the next IETF Installed Packages attribute */
 				attr = ietf_attr_installed_packages_create();
-				attr_size = 12 + 4;
+				attr_size = PA_TNC_ATTR_HEADER_SIZE +
+							IETF_INSTALLED_PACKAGES_MIN_SIZE;
 			}
 			attr_cast = (ietf_attr_installed_packages_t*)attr;
 			attr_cast->add(attr_cast, name, version);

src/libpts/plugins/imc_swid/imc_swid.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -24,12 +24,15 @@
 
 #include <imc/imc_agent.h>
 #include <imc/imc_msg.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_angel.h>
 
 #include <tncif_pa_subtypes.h>
 
 #include <pen/pen.h>
 #include <utils/debug.h>
 
+#define SWID_GENERATOR	"/usr/local/bin/swid_generator"
 
 /* IMC definitions */
 
@@ -128,12 +131,156 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
 	return TNC_RESULT_SUCCESS;
 }
 
+/**
+ * Add one or multiple SWID Inventory attributes to the send queue
+ */
+static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
+							   uint32_t request_id, bool full_tags,
+							   swid_inventory_t *targets)
+{
+	pa_tnc_attr_t *attr, *attr_angel;
+	imc_swid_state_t *swid_state;
+	swid_inventory_t *swid_inventory;
+	char *swid_directory, *swid_generator;
+	uint32_t eid_epoch;
+	size_t max_attr_size, attr_size, entry_size;
+	bool first = TRUE, swid_pretty, swid_full;
+	enumerator_t *enumerator;
+
+	swid_directory = lib->settings->get_str(lib->settings,
+								"%s.plugins.imc-swid.swid_directory",
+								 SWID_DIRECTORY, lib->ns);
+	swid_generator = lib->settings->get_str(lib->settings,
+								"%s.plugins.imc-swid.swid_generator",
+								 SWID_GENERATOR, lib->ns);
+	swid_pretty = lib->settings->get_bool(lib->settings,
+								"%s.plugins.imc-swid.swid_pretty",
+								 FALSE, lib->ns);
+	swid_full = lib->settings->get_bool(lib->settings,
+								"%s.plugins.imc-swid.swid_full",
+								 FALSE, lib->ns);
+
+	swid_inventory = swid_inventory_create(full_tags);
+	if (!swid_inventory->collect(swid_inventory, swid_directory, swid_generator,
+								 targets, swid_pretty, swid_full))
+	{
+		swid_inventory->destroy(swid_inventory);
+		attr = swid_error_create(TCG_SWID_ERROR, request_id,
+								 0, "error in SWID tag collection");
+		msg->add_attribute(msg, attr);
+		return FALSE;
+	}
+	DBG1(DBG_IMC, "collected %d SWID tag%s%s",
+		 swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
+		 swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
+
+	swid_state = (imc_swid_state_t*)state;
+	eid_epoch = swid_state->get_eid_epoch(swid_state);
+
+	/**
+	 * Compute the maximum TCG Tag [ID] Inventory attribute size
+	 * leaving space for an additional ITA Angel attribute
+	 */
+	max_attr_size = state->get_max_msg_len(state) -
+					PA_TNC_HEADER_SIZE - PA_TNC_ATTR_HEADER_SIZE;
+
+	if (full_tags)
+	{
+		tcg_swid_attr_tag_inv_t *swid_attr;
+		swid_tag_t *tag;
+		chunk_t encoding, tag_file_path;
+
+		/* At least one TCG Tag Inventory attribute is sent */
+		attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE;
+		attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+
+		enumerator = swid_inventory->create_enumerator(swid_inventory);
+		while (enumerator->enumerate(enumerator, &tag))
+		{
+			tag_file_path = tag->get_tag_file_path(tag);
+			encoding = tag->get_encoding(tag);
+			entry_size = 2 + tag_file_path.len + 4 + encoding.len;
+
+			if (attr_size + entry_size > max_attr_size)
+			{
+				if (first)
+				{
+					/**
+					 * Send an ITA Start Angel attribute to the IMV signalling
+					 * that multiple TGC SWID Tag Inventory attributes follow
+					 */
+					attr_angel = ita_attr_angel_create(TRUE);
+					msg->add_attribute(msg, attr_angel);
+					first = FALSE;
+				}
+				msg->add_attribute(msg, attr);
+
+				/* create the next TCG SWID Tag Inventory attribute */
+				attr_size = PA_TNC_ATTR_HEADER_SIZE +
+							TCG_SWID_TAG_INV_MIN_SIZE;
+				attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
+			}
+			swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
+			swid_attr->add(swid_attr, tag->get_ref(tag));
+			attr_size += entry_size;
+		}
+		enumerator->destroy(enumerator);
+	}
+	else
+	{
+		tcg_swid_attr_tag_id_inv_t *swid_id_attr;
+		swid_tag_id_t *tag_id;
+		chunk_t tag_creator, unique_sw_id, tag_file_path;
+
+		/* At least one TCG Tag ID Inventory attribute is sent */
+		attr_size = PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_ID_INV_MIN_SIZE;
+		attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
+		swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
+
+		enumerator = swid_inventory->create_enumerator(swid_inventory);
+		while (enumerator->enumerate(enumerator, &tag_id))
+		{
+			tag_creator = tag_id->get_tag_creator(tag_id);
+			unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
+			entry_size = 2 + tag_creator.len + 2 + unique_sw_id.len +
+						 2 + tag_file_path.len;
+
+			if (attr_size + entry_size > max_attr_size)
+			{
+				if (first)
+				{
+					/**
+					 * Send an ITA Start Angel attribute to the IMV signalling
+					 * that multiple TGC SWID Tag ID Inventory attributes follow
+					 */
+					attr_angel = ita_attr_angel_create(TRUE);
+					msg->add_attribute(msg, attr_angel);
+					first = FALSE;
+				}
+				msg->add_attribute(msg, attr);
+
+				/* create the next TCG SWID Tag ID Inventory attribute */
+				attr_size = PA_TNC_ATTR_HEADER_SIZE +
+							TCG_SWID_TAG_ID_INV_MIN_SIZE;
+				attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
+			}
+			swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
+			swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
+			attr_size += entry_size;
+		}
+		enumerator->destroy(enumerator);
+	}
+	msg->add_attribute(msg, attr);
+	swid_inventory->destroy(swid_inventory);
+
+	return TRUE;
+}
+
 static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 {
 	imc_msg_t *out_msg;
-	imc_swid_state_t *swid_state;
-	enumerator_t *enumerator;
 	pa_tnc_attr_t *attr;
+	enumerator_t *enumerator;
 	pen_type_t type;
 	TNC_Result result;
 	bool fatal_error = FALSE;
@@ -145,18 +292,16 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 		return result;
 	}
 	out_msg = imc_msg_create_as_reply(in_msg);
-	swid_state = (imc_swid_state_t*)state;
 
 	/* analyze PA-TNC attributes */
 	enumerator = in_msg->create_attribute_enumerator(in_msg);
 	while (enumerator->enumerate(enumerator, &attr))
 	{
 		tcg_swid_attr_req_t *attr_req;
-		u_int8_t flags;
+		uint8_t flags;
-		u_int32_t request_id, eid_epoch;
+		uint32_t request_id;
-		swid_inventory_t *swid_inventory, *targets;
-		char *swid_directory;
 		bool full_tags;
+		swid_inventory_t *targets;
 
 		type = attr->get_type(attr);
 
@@ -169,7 +314,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 		flags = attr_req->get_flags(attr_req);
 		request_id = attr_req->get_request_id(attr_req);
 		targets = attr_req->get_targets(attr_req);
-		eid_epoch = swid_state->get_eid_epoch(swid_state);
 
 		if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
 		{
@@ -180,33 +324,10 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
 		}
 		full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
 
-		swid_directory = lib->settings->get_str(lib->settings,
+		if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets))
-								"%s.plugins.imc-swid.swid_directory",
-								 SWID_DIRECTORY, lib->ns);
-		swid_inventory = swid_inventory_create(full_tags);
-		if (!swid_inventory->collect(swid_inventory, swid_directory, targets))
 		{
-			swid_inventory->destroy(swid_inventory);
-			attr = swid_error_create(TCG_SWID_ERROR, request_id,
-									 0, "error in SWID tag collection");
-			out_msg->add_attribute(out_msg, attr);
 			break;
 		}
-		DBG1(DBG_IMC, "collected %d SWID tag%s%s",
-			 swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
-			 swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
-
-		if (full_tags)
-		{
-			attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1,
-												swid_inventory);
-		}
-		else
-		{
-			attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1,
-												swid_inventory);
-		}
-		out_msg->add_attribute(out_msg, attr);
 	}
 	enumerator->destroy(enumerator);
 

src/libpts/plugins/imv_swid/imv_swid_agent.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
 #include <ietf/ietf_attr_pa_tnc_error.h>
 #include <imv/imv_agent.h>
 #include <imv/imv_msg.h>
+#include <ita/ita_attr.h>
+#include <ita/ita_attr_angel.h>
 
 #include <tncif_names.h>
 #include <tncif_pa_subtypes.h>
@@ -89,6 +91,7 @@ METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
 static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 							  imv_state_t *state, imv_msg_t *in_msg)
 {
+	imv_swid_state_t *swid_state;
 	imv_msg_t *out_msg;
 	imv_session_t *session;
 	enumerator_t *enumerator;
@@ -103,6 +106,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 		return result;
 	}
 
+	swid_state = (imv_swid_state_t*)state;
 	session = state->get_session(state);
 
 	/* analyze PA-TNC attributes */
@@ -112,7 +116,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 		TNC_IMV_Evaluation_Result eval;
 		TNC_IMV_Action_Recommendation rec;
 		pen_type_t type;
-		u_int32_t request_id, last_eid, eid_epoch;
+		uint32_t request_id, last_eid, eid_epoch;
 		swid_inventory_t *inventory;
 		int tag_count;
 		char result_str[BUF_LEN], *tag_item;
@@ -127,7 +131,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 			pen_type_t error_code;
 			chunk_t msg_info, description;
 			bio_reader_t *reader;
-			u_int32_t request_id = 0, max_attr_size;
+			uint32_t request_id = 0, max_attr_size;
 			bool success;
 
 			error_attr = (ietf_attr_pa_tnc_error_t*)attr;
@@ -166,6 +170,20 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 				reader->destroy(reader);
 			}
 		}
+		else if (type.vendor_id == PEN_ITA)
+		{
+			switch (type.type)
+			{
+				case ITA_ATTR_START_ANGEL:
+					swid_state->set_angel_count(swid_state, TRUE);
+					break;
+				case ITA_ATTR_STOP_ANGEL:
+					swid_state->set_angel_count(swid_state, FALSE);
+					break;
+				default:
+					break;
+			}
+		}
 		else if (type.vendor_id != PEN_TCG)
 		{
 			continue;
@@ -193,7 +211,7 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 				{
 					tag_creator = tag_id->get_tag_creator(tag_id);
 					unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
-					DBG3(DBG_IMV, "  %.*s_%.*s.swidtag",
+					DBG3(DBG_IMV, "  %.*s_%.*s",
 						 tag_creator.len, tag_creator.ptr,
 						 unique_sw_id.len, unique_sw_id.ptr);
 				}
@@ -239,6 +257,8 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 			default:
 				continue;
 		 }
+		tag_count = inventory->get_count(inventory);
+		swid_state->set_count(swid_state, tag_count);
 
 		ew = session->create_workitem_enumerator(session);
 		while (ew->enumerate(ew, &workitem))
@@ -257,16 +277,20 @@ static TNC_Result receive_msg(private_imv_swid_agent_t *this,
 			continue;
 		}
 
-		eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
+		if (!swid_state->get_angel_count(swid_state))
-		tag_count = inventory->get_count(inventory);
+		{
-		snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
+			swid_state->get_count(swid_state, &tag_count);
-				 tag_count, tag_item, (tag_count == 1) ? "" : "s");
+			snprintf(result_str, BUF_LEN, "received inventory of %d SWID %s%s",
-		session->remove_workitem(session, ew);
+					 tag_count, tag_item, (tag_count == 1) ? "" : "s");
-		ew->destroy(ew);
+			session->remove_workitem(session, ew);
-		rec = found->set_result(found, result_str, eval);
+			ew->destroy(ew);
-		state->update_recommendation(state, rec, eval);
+
-		imcv_db->finalize_workitem(imcv_db, found);
+			eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
-		found->destroy(found);
+			rec = found->set_result(found, result_str, eval);
+			state->update_recommendation(state, rec, eval);
+			imcv_db->finalize_workitem(imcv_db, found);
+			found->destroy(found);
+		}
 	}
 	enumerator->destroy(enumerator);
 
@@ -342,8 +366,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 	TNC_IMVID imv_id;
 	TNC_Result result = TNC_RESULT_SUCCESS;
 	bool no_workitems = TRUE;
-	u_int32_t request_id;
+	uint32_t request_id;
-	u_int8_t flags;
+	uint8_t flags;
 	enumerator_t *enumerator;
 
 	if (!this->agent->get_state(this->agent, id, &state))

src/libpts/plugins/imv_swid/imv_swid_state.c

@@ -95,6 +95,16 @@ struct private_imv_swid_state_t {
 	 */
 	imv_remediation_string_t *remediation_string;
 
+	/**
+	 * Number of processed SWID Tags or SWID Tag IDs
+	 */
+	int count;
+
+	/**
+	 * Angel count
+	 */
+	int angel_count;
+
 };
 
 METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
@@ -223,6 +233,33 @@ METHOD(imv_swid_state_t, get_handshake_state, imv_swid_handshake_state_t,
 	return this->handshake_state;
 }
 
+METHOD(imv_swid_state_t, set_count, void,
+	private_imv_swid_state_t *this, int count)
+{
+	this->count           += count;
+}
+
+METHOD(imv_swid_state_t, get_count, void,
+	private_imv_swid_state_t *this, int *count)
+{
+	if (count)
+	{
+		*count = this->count;
+	}
+}
+
+METHOD(imv_swid_state_t, set_angel_count, void,
+	private_imv_swid_state_t *this, bool start)
+{
+	this->angel_count += start ? 1 : -1;
+}
+
+METHOD(imv_swid_state_t, get_angel_count, int,
+	private_imv_swid_state_t *this)
+{
+	return this->angel_count;
+}
+
 /**
  * Described in header.
  */
@@ -253,6 +290,10 @@ imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
 			},
 			.set_handshake_state = _set_handshake_state,
 			.get_handshake_state = _get_handshake_state,
+			.set_count = _set_count,
+			.get_count = _get_count,
+			.set_angel_count = _set_angel_count,
+			.get_angel_count = _get_angel_count,
 		},
 		.state = TNC_CONNECTION_STATE_CREATE,
 		.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,

src/libpts/plugins/imv_swid/imv_swid_state.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -64,6 +64,34 @@ struct imv_swid_state_t {
 	 */
 	imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
 
+	/**
+	 * Increase/Decrease the ITA Angel count
+	 *
+	 * @param start			TRUE increases and FALSE decreases count by one
+	 */
+	void (*set_angel_count)(imv_swid_state_t *this, bool start);
+
+	/**
+	 * Set [or with multiple attributes increment] SWID Tag [ID] counters
+	 *
+	 * @param count				Number of received SWID Tags or SWID Tag IDs
+	 */
+	void (*set_count)(imv_swid_state_t *this, int count);
+
+	/**
+	 * Set [or with multiple attributes increment] SWID Tag [ID] counters
+	 *
+	 * @param count				Number of received SWID Tags or SWID Tag IDs
+	 */
+	void (*get_count)(imv_swid_state_t *this, int *count);
+
+	/**
+	 * Get the ITA Angel count
+	 *
+	 * @return				ITA Angel count
+	 */
+	int (*get_angel_count)(imv_swid_state_t *this);
+
 };
 
 /**

src/libpts/swid/swid_inventory.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -18,6 +18,7 @@
 #include "swid_tag_id.h"
 
 #include <collections/linked_list.h>
+#include <bio/bio_writer.h>
 #include <utils/debug.h>
 
 #include <stdio.h>
@@ -51,6 +52,123 @@ struct private_swid_inventory_t {
 	linked_list_t *list;
 };
 
+static status_t generate_tags(private_swid_inventory_t *this, char *generator,
+							  swid_inventory_t *targets, bool pretty, bool full)
+{
+	FILE *file;
+	char command[512], line[2048];
+	chunk_t tag_creator, unique_sw_id, tag_file_path = chunk_empty;
+	swid_tag_id_t *tag_id;
+	swid_tag_t *tag;
+	status_t status = SUCCESS;
+
+	/* Assemble the SWID generator command */
+	snprintf(command, sizeof(command), "%s %s%s%s\n", generator,
+			(this->full_tags)           ? "swid" : "software-id",
+			(this->full_tags && pretty) ? " --pretty" : "",
+			(this->full_tags && full)   ? " --full" : "");
+
+	/* Open a pipe stream for reading the output of the dpkg-query commmand */
+	file = popen(command, "r");
+	if (!file)
+	{
+		DBG1(DBG_IMC, "failed to run swid_generator command");
+		return NOT_SUPPORTED;
+	}
+	if (this->full_tags)
+	{
+		bio_writer_t *writer;
+		chunk_t tag_encoding;
+		bool more_tags = TRUE, end_of_tag;
+
+		DBG2(DBG_IMC, "SWID tags generated by package manager:");
+		while (more_tags)
+		{
+			end_of_tag = FALSE;
+			writer = bio_writer_create(512);
+			do
+			{
+				if (fgets(line, sizeof(line), file) <= 0)
+				{
+					more_tags = FALSE;
+					end_of_tag = TRUE;
+					break;
+				}
+				if (line[0] == '\n')
+				{
+					end_of_tag = TRUE;
+					break;
+				}
+				else
+				{
+					writer->write_data(writer, chunk_from_str(line));
+				}
+			}
+			while (!end_of_tag);
+
+			tag_encoding = writer->get_buf(writer);
+
+			/* remove trailing newline if present */
+			if (tag_encoding.len > 0 &&
+				tag_encoding.ptr[tag_encoding.len - 1] == '\n')
+			{
+				tag_encoding.len--;
+			}
+			DBG2(DBG_IMC, "  %.*s", tag_encoding.len, tag_encoding.ptr);
+
+			tag = swid_tag_create(tag_encoding, tag_file_path);
+			this->list->insert_last(this->list, tag);
+			writer->destroy(writer);
+		}
+	}
+	else
+	{
+		DBG2(DBG_IMC, "SWID tag IDs generated by package manager:");
+		while (TRUE)
+		{
+			char *separator;
+			size_t len;
+
+			if (fgets(line, sizeof(line), file) <= 0)
+			{
+				goto end;
+			}
+			len = strlen(line);
+
+			/* remove trailing newline if present */
+			if (len > 0 && line[len - 1] == '\n')
+			{
+				len--;
+			}
+			DBG2(DBG_IMC, "  %.*s", len, line);
+
+			separator = strchr(line, '_');
+			if (!separator)
+			{
+				DBG1(DBG_IMC, "separatation of regid from unique software ID "
+							  "failed");
+				status = FAILED;
+				goto end;
+			}
+			tag_creator = chunk_create(line, separator - line);
+			separator++;
+
+			unique_sw_id = chunk_create(separator, len - (separator - line));
+			tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
+			this->list->insert_last(this->list, tag_id);
+
+			if (fgets(line, sizeof(line), file) <= 0)
+			{
+				goto end;
+			}
+		}
+	}
+
+end:
+	pclose(file);
+	return status;
+}
+
 static bool collect_tags(private_swid_inventory_t *this, char *pathname,
 						 swid_inventory_t *targets)
 {
@@ -72,7 +190,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
 	{
 		char * start, *stop;
 		chunk_t tag_creator;
-		chunk_t unique_sw_id = chunk_empty, unique_seq_id = chunk_empty;
+		chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty;
 		if (!strstr(rel_name, "regid."))
 		{
 			continue;
@@ -121,14 +239,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
 			goto end;
 		}
 		tag_creator = chunk_create(start, stop-start);
-
 		start = stop + 1;
-		stop = strchr(start, '_');
-		if (stop)
-		{
-			unique_sw_id = chunk_create(start, stop-start);
-			start = stop + 1;
-		}
 
 		stop = strstr(start, ".swidtag");
 		if (!stop)
@@ -137,14 +248,8 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
 			DBG1(DBG_IMC, "  swidtag postfix not found");
 			goto end;
 		}
-		if (unique_sw_id.ptr)
+		unique_sw_id = chunk_create(start, stop-start);
-		{
+		tag_file_path = chunk_from_str(abs_name);
-			unique_seq_id = chunk_create(start, stop-start);
-		}
-		else
-		{
-			unique_sw_id = chunk_create(start, stop-start);
-		}
 
 		/* In case of a targeted request */
 		if (targets->get_count(targets))
@@ -187,7 +292,7 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
 				goto end;
 			}
 
-			tag = swid_tag_create(*xml_tag, unique_seq_id);
+			tag = swid_tag_create(*xml_tag, tag_file_path);
 			this->list->insert_last(this->list, tag);
 			chunk_unmap(xml_tag);
 		}
@@ -195,10 +300,9 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname,
 		{
 			swid_tag_id_t *tag_id;
 
-			tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
+			tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
 			this->list->insert_last(this->list, tag_id);
 		}
-
 	}
 	success = TRUE;
 
@@ -210,8 +314,18 @@ end:
 }
 
 METHOD(swid_inventory_t, collect, bool,
-	private_swid_inventory_t *this, char *directory, swid_inventory_t *targets)
+	private_swid_inventory_t *this, char *directory, char *generator,
+	swid_inventory_t *targets, bool pretty, bool full)
 {
+	/**
+	 * Tags are generated by a package manager
+	 */
+	generate_tags(this, generator, targets, pretty, full);
+
+	/**
+	 * Collect swidtag files by iteratively entering all directories in
+	 * the tree under the "directory" path.
+	 */
 	return collect_tags(this, directory, targets);
 }
 

src/libpts/swid/swid_inventory.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -34,11 +34,14 @@ struct swid_inventory_t {
 	 * Collect the SWID tags stored on the endpoint
 	 *
 	 * @param directory		SWID directory path
+	 * @param generator		Path to SWID generator
 	 * @param targets		List of target tag IDs
+	 * @param pretty		Generate indented XML SWID tags
+	 * @param full			Include file information in SWID tags
 	 * @return				TRUE if successful
 	 */
-	bool (*collect)(swid_inventory_t *this, char *directory,
+	bool (*collect)(swid_inventory_t *this, char *directory, char *generator,
-					swid_inventory_t *targets);
+					swid_inventory_t *targets, bool pretty, bool full);
 
 	/**
 	 * Collect the SWID tags stored on the endpoint

src/libpts/swid/swid_tag.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -34,10 +34,14 @@ struct private_swid_tag_t {
 	chunk_t encoding;
 
 	/**
-	 * Optional Unique Sequence ID
+	 * Optional Tag File Path
 	 */
-	chunk_t unique_seq_id;
+	chunk_t tag_file_path;
 
+	/**
+	 * Reference count
+	 */
+	refcount_t ref;
 };
 
 METHOD(swid_tag_t, get_encoding, chunk_t,
@@ -46,39 +50,51 @@ METHOD(swid_tag_t, get_encoding, chunk_t,
 	return this->encoding;
 }
 
-METHOD(swid_tag_t, get_unique_seq_id, chunk_t,
+METHOD(swid_tag_t, get_tag_file_path, chunk_t,
 	private_swid_tag_t *this)
 {
-	return this->unique_seq_id;
+	return this->tag_file_path;
+}
+
+METHOD(swid_tag_t, get_ref, swid_tag_t*,
+	private_swid_tag_t *this)
+{
+	ref_get(&this->ref);
+	return &this->public;
 }
 
 METHOD(swid_tag_t, destroy, void,
 	private_swid_tag_t *this)
 {
-	free(this->encoding.ptr);
+	if (ref_put(&this->ref))
-	free(this->unique_seq_id.ptr);
+	{
-	free(this);
+		free(this->encoding.ptr);
+		free(this->tag_file_path.ptr);
+		free(this);
+	}
 }
 
 /**
  * See header
  */
-swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t unique_seq_id)
+swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t tag_file_path)
 {
 	private_swid_tag_t *this;
 
 	INIT(this,
 		.public = {
 			.get_encoding = _get_encoding,
-			.get_unique_seq_id = _get_unique_seq_id,
+			.get_tag_file_path = _get_tag_file_path,
+			.get_ref = _get_ref,
 			.destroy = _destroy,
 		},
 		.encoding = chunk_clone(encoding),
+		.ref = 1,
 	);
 
-	if (unique_seq_id.len > 0)
+	if (tag_file_path.len > 0)
 	{
-		this->unique_seq_id = chunk_clone(unique_seq_id);
+		this->tag_file_path = chunk_clone(tag_file_path);
 	}
 
 	return &this->public;

src/libpts/swid/swid_tag.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -39,11 +39,18 @@ struct swid_tag_t {
 	chunk_t (*get_encoding)(swid_tag_t *this);
 
 	/**
-	 * Get th Optional Unique Sequence ID
+	 * Get th Optional Tag File Path
 	 *
-	 * @return				Optional Unique Sequence ID
+	 * @return				Optional Tag File Path
 	 */
-	chunk_t (*get_unique_seq_id)(swid_tag_t *this);
+	chunk_t (*get_tag_file_path)(swid_tag_t *this);
+
+	/**
+	 * Get a new reference to the swid_tag object
+	 *
+	 * @return			this, with an increased refcount
+	 */
+	swid_tag_t* (*get_ref)(swid_tag_t *this);
 
 	/**
 	 * Destroys a swid_tag_t object.
@@ -56,8 +63,8 @@ struct swid_tag_t {
  * Creates a swid_tag_t object
  *
  * @param encoding			XML encoding of SWID tag
- * @param unique_seq_id		Unique Sequence ID or empty chunk 
+ * @param tag_file_path		Tag File Path or empty chunk
  */
-swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t unique_seq_id);
+swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t tag_file_path);
 
 #endif /** SWID_TAG_H_ @}*/

src/libpts/swid/swid_tag_id.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -39,10 +39,14 @@ struct private_swid_tag_id_t {
 	chunk_t unique_sw_id;
 
 	/**
-	 * Optional Unique Sequence ID
+	 * Tag File Path
 	 */
-	chunk_t unique_seq_id;
+	chunk_t tag_file_path;
 
+	/**
+	 * Reference count
+	 */
+	refcount_t ref;
 };
 
 METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
@@ -52,29 +56,39 @@ METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
 }
 
 METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
-	private_swid_tag_id_t *this, chunk_t *unique_seq_id)
+	private_swid_tag_id_t *this, chunk_t *tag_file_path)
 {
-	if (unique_seq_id)
+	if (tag_file_path)
 	{
-		*unique_seq_id = this->unique_seq_id;
+		*tag_file_path = this->tag_file_path;
 	}
 	return this->unique_sw_id;
 }
 
+METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*,
+	private_swid_tag_id_t *this)
+{
+	ref_get(&this->ref);
+	return &this->public;
+}
+
 METHOD(swid_tag_id_t, destroy, void,
 	private_swid_tag_id_t *this)
 {
-	free(this->tag_creator.ptr);
+	if (ref_put(&this->ref))
-	free(this->unique_sw_id.ptr);
+	{
-	free(this->unique_seq_id.ptr);
+		free(this->tag_creator.ptr);
-	free(this);
+		free(this->unique_sw_id.ptr);
+		free(this->tag_file_path.ptr);
+		free(this);
+	}
 }
 
 /**
  * See header
  */
 swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
-								  chunk_t unique_seq_id)
+								  chunk_t tag_file_path)
 {
 	private_swid_tag_id_t *this;
 
@@ -82,15 +96,17 @@ swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
 		.public = {
 			.get_tag_creator = _get_tag_creator,
 			.get_unique_sw_id = _get_unique_sw_id,
+			.get_ref = _get_ref,
 			.destroy = _destroy,
 		},
 		.tag_creator = chunk_clone(tag_creator),
 		.unique_sw_id = chunk_clone(unique_sw_id),
+		.ref = 1,
 	);
 
-	if (unique_seq_id.len > 0)
+	if (tag_file_path.len > 0)
 	{
-		this->unique_seq_id = chunk_clone(unique_seq_id);
+		this->tag_file_path = chunk_clone(tag_file_path);
 	}
 
 	return &this->public;

src/libpts/swid/swid_tag_id.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -39,12 +39,19 @@ struct swid_tag_id_t {
 	chunk_t (*get_tag_creator)(swid_tag_id_t *this);
 
 	/**
-	 * Get the Unique Software ID and optional Unique Sequence ID
+	 * Get the Unique Software ID and optional Tag File Path
 	 *
-	 * @param				Optional Unique Sequence ID
+	 * @param				Optional Tag File Path
 	 * @return				Unique Software ID
 	 */
-	chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *unique_seq_id);
+	chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *tag_file_path);
+
+	/**
+	 * Get a new reference to the swid_tag_id object
+	 *
+	 * @return			this, with an increased refcount
+	 */
+	swid_tag_id_t* (*get_ref)(swid_tag_id_t *this);
 
 	/**
 	 * Destroys a swid_tag_id_t object.
@@ -58,9 +65,9 @@ struct swid_tag_id_t {
  *
  * @param tag_creator		Tag Creator
  * @param unique_sw_id		Unique Software ID
- * @param unique_seq_id		Unique Sequence ID or empty chunk 
+ * @param tag_file_path		Tag File Path or empty chunk
  */
 swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
-								  chunk_t unique_seq_id);
+								  chunk_t tag_file_path);
 
 #endif /** SWID_TAG_ID_H_ @}*/

src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -42,12 +42,11 @@ typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_i
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  *  |    Unique Software ID Length  |Unique Software ID (var length)|
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *  |   Unique Sequence ID Length   |Unique Sequence ID (var length)|
+ *  |      Tag File Path Length     |  Tag File Path (var. length)  |
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define SWID_TAG_ID_INV_SIZE			16
+#define TCG_SWID_TAG_ID_INV_RESERVED	0x00
-#define SWID_TAG_ID_INV_RESERVED		0x00
 
 /**
  * Private data of an tcg_swid_attr_tag_id_inv_t object.
@@ -77,17 +76,17 @@ struct private_tcg_swid_attr_tag_id_inv_t {
 	/**
 	 * Request ID
 	 */
-	u_int32_t request_id;
+	uint32_t request_id;
 
 	/**
 	 * Event ID Epoch
 	 */
-	u_int32_t eid_epoch;
+	uint32_t eid_epoch;
 
 	/**
 	 * Last Event ID
 	 */
-	u_int32_t last_eid;
+	uint32_t last_eid;
 
 	/**
 	 * SWID Tag ID Inventory
@@ -129,7 +128,7 @@ METHOD(pa_tnc_attr_t, build, void,
 {
 	bio_writer_t *writer;
 	swid_tag_id_t *tag_id;
-	chunk_t tag_creator, unique_sw_id, unique_seq_id;
+	chunk_t tag_creator, unique_sw_id, tag_file_path;
 	enumerator_t *enumerator;
 
 	if (this->value.ptr)
@@ -137,8 +136,8 @@ METHOD(pa_tnc_attr_t, build, void,
 		return;
 	}
 
-	writer = bio_writer_create(SWID_TAG_ID_INV_SIZE);
+	writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE);
-	writer->write_uint8 (writer, SWID_TAG_ID_INV_RESERVED);
+	writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED);
 	writer->write_uint24(writer, this->inventory->get_count(this->inventory));
 	writer->write_uint32(writer, this->request_id);
 	writer->write_uint32(writer, this->eid_epoch);
@@ -148,10 +147,10 @@ METHOD(pa_tnc_attr_t, build, void,
 	while (enumerator->enumerate(enumerator, &tag_id))
 	{
 		tag_creator = tag_id->get_tag_creator(tag_id);
-		unique_sw_id = tag_id->get_unique_sw_id(tag_id, &unique_seq_id);
+		unique_sw_id = tag_id->get_unique_sw_id(tag_id, &tag_file_path);
 		writer->write_data16(writer, tag_creator);
 		writer->write_data16(writer, unique_sw_id);
-		writer->write_data16(writer, unique_seq_id);
+		writer->write_data16(writer, tag_file_path);
 	}
 	enumerator->destroy(enumerator);
 
@@ -160,15 +159,15 @@ METHOD(pa_tnc_attr_t, build, void,
 }
 
 METHOD(pa_tnc_attr_t, process, status_t,
-	private_tcg_swid_attr_tag_id_inv_t *this, u_int32_t *offset)
+	private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset)
 {
 	bio_reader_t *reader;
-	u_int32_t tag_id_count;
+	uint32_t tag_id_count;
-	u_int8_t reserved;
+	uint8_t reserved;
-	chunk_t tag_creator, unique_sw_id, unique_seq_id;
+	chunk_t tag_creator, unique_sw_id, tag_file_path;
 	swid_tag_id_t *tag_id;
 
-	if (this->value.len < SWID_TAG_ID_INV_SIZE)
+	if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
 	{
 		DBG1(DBG_TNC, "insufficient data for SWID Tag Identifier Inventory");
 		*offset = 0;
@@ -181,7 +180,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	reader->read_uint32(reader, &this->request_id);
 	reader->read_uint32(reader, &this->eid_epoch);
 	reader->read_uint32(reader, &this->last_eid);
-	*offset = SWID_TAG_ID_INV_SIZE;
+	*offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
 
 	while (tag_id_count--)
 	{
@@ -199,14 +198,14 @@ METHOD(pa_tnc_attr_t, process, status_t,
 		}
 		*offset += 2 + unique_sw_id.len;
 		
-		if (!reader->read_data16(reader, &unique_seq_id))
+		if (!reader->read_data16(reader, &tag_file_path))
 		{
-			DBG1(DBG_TNC, "insufficient data for Unique Sequence ID");
+			DBG1(DBG_TNC, "insufficient data for Tag File Path");
 			return FAILED;
 		}
-		*offset += 2 + unique_seq_id.len;
+		*offset += 2 + tag_file_path.len;
 
-		tag_id = swid_tag_id_create(tag_creator, unique_sw_id, unique_seq_id);
+		tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
 		this->inventory->add(this->inventory, tag_id);
 	}
 	reader->destroy(reader);
@@ -232,14 +231,20 @@ METHOD(pa_tnc_attr_t, destroy, void,
 	}
 }
 
-METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, u_int32_t,
+METHOD(tcg_swid_attr_tag_id_inv_t, add, void,
+	private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id)
+{
+	this->inventory->add(this->inventory, tag_id);
+}
+
+METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t,
 	private_tcg_swid_attr_tag_id_inv_t *this)
 {
 	return this->request_id;
 }
 
-METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, u_int32_t,
+METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t,
-	private_tcg_swid_attr_tag_id_inv_t *this, u_int32_t *eid_epoch)
+	private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch)
 {
 	if (eid_epoch)
 	{
@@ -257,10 +262,9 @@ METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*,
 /**
  * Described in header.
  */
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
+pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
-											   u_int32_t eid_epoch,
+											   uint32_t eid_epoch,
-											   u_int32_t eid,
+											   uint32_t eid)
-											   swid_inventory_t *inventory)
 {
 	private_tcg_swid_attr_tag_id_inv_t *this;
 
@@ -276,6 +280,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
 				.get_ref = _get_ref,
 				.destroy = _destroy,
 			},
+			.add = _add,
 			.get_request_id = _get_request_id,
 			.get_last_eid = _get_last_eid,
 			.get_inventory = _get_inventory,
@@ -284,7 +289,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
 		.request_id = request_id,
 		.eid_epoch = eid_epoch,
 		.last_eid = eid,
-		.inventory = inventory,
+		.inventory = swid_inventory_create(FALSE),
 		.ref = 1,
 	);
 
@@ -311,6 +316,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(chunk_t data)
 				.get_ref = _get_ref,
 				.destroy = _destroy,
 			},
+			.add = _add,
 			.get_request_id = _get_request_id,
 			.get_last_eid = _get_last_eid,
 			.get_inventory = _get_inventory,

src/libpts/tcg/swid/tcg_swid_attr_tag_id_inv.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -29,6 +29,8 @@ typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t;
 
 #include <pa_tnc/pa_tnc_attr.h>
 
+#define TCG_SWID_TAG_ID_INV_MIN_SIZE	16
+
 /**
  * Class implementing the TCG SWID Tag Identifier Inventory attribute
  *
@@ -40,12 +42,19 @@ struct tcg_swid_attr_tag_id_inv_t {
 	 */
 	pa_tnc_attr_t pa_tnc_attribute;
 
+	/**
+	 * Add a Tag ID to the attribute
+	 *
+	 * @tag_id					SWID Tag ID to be added
+	 */
+	void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id);
+
 	/**
 	 * Get Request ID
 	 *
 	 * @return					Request ID
 	 */
-	u_int32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
+	uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
 
 	/**
 	 * Get Last Event ID
@@ -53,8 +62,8 @@ struct tcg_swid_attr_tag_id_inv_t {
 	 * @param eid_epoch			Event ID Epoch
 	 * @return					Last Event ID
 	 */
-	u_int32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
+	uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
-							  u_int32_t *eid_epoch);
+							 uint32_t *eid_epoch);
 
 	/**
 	 * Get Inventory of SWID tag IDs
@@ -71,12 +80,10 @@ struct tcg_swid_attr_tag_id_inv_t {
  * @param request_id			Copy of the Request ID
  * @param eid_epoch				Event ID Epoch
  * @param eid					Last Event ID
- * @param inventory				SWID Tag Inventory
  */
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(u_int32_t request_id,
+pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
-											   u_int32_t eid_epoch,
+											   uint32_t eid_epoch,
-											   u_int32_t eid,
+											   uint32_t eid);
-											   swid_inventory_t *inventory);
 
 /**
  * Creates an tcg_swid_attr_tag_id_inv_t object from received data

src/libpts/tcg/swid/tcg_swid_attr_tag_inv.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@ typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  *  |                           Last EID                            |
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *  |   Unique Sequence ID Length   |Unique Sequence ID (var length)|
+ *  |    Tag File Path Length       |  Tag File Path (var length)   |
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  *  |                          Tag Length                           |
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -46,8 +46,7 @@ typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  */
 
-#define SWID_TAG_INV_SIZE			16
+#define TCG_SWID_TAG_INV_RESERVED	0x00
-#define SWID_TAG_INV_RESERVED		0x00
 
 /**
  * Private data of an tcg_swid_attr_tag_inv_t object.
@@ -77,17 +76,17 @@ struct private_tcg_swid_attr_tag_inv_t {
 	/**
 	 * Request ID
 	 */
-	u_int32_t request_id;
+	uint32_t request_id;
 
 	/**
 	 * Event ID Epoch
 	 */
-	u_int32_t eid_epoch;
+	uint32_t eid_epoch;
 
 	/**
 	 * Last Event ID
 	 */
-	u_int32_t last_eid;
+	uint32_t last_eid;
 
 	/**
 	 * SWID Tag Inventory
@@ -136,8 +135,8 @@ METHOD(pa_tnc_attr_t, build, void,
 		return;
 	}
 
-	writer = bio_writer_create(SWID_TAG_INV_SIZE);
+	writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE);
-	writer->write_uint8 (writer, SWID_TAG_INV_RESERVED);
+	writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED);
 	writer->write_uint24(writer, this->inventory->get_count(this->inventory));
 	writer->write_uint32(writer, this->request_id);
 	writer->write_uint32(writer, this->eid_epoch);
@@ -146,7 +145,7 @@ METHOD(pa_tnc_attr_t, build, void,
 	enumerator = this->inventory->create_enumerator(this->inventory);
 	while (enumerator->enumerate(enumerator, &tag))
 	{
-		writer->write_data16(writer, tag->get_unique_seq_id(tag));
+		writer->write_data16(writer, tag->get_tag_file_path(tag));
 		writer->write_data32(writer, tag->get_encoding(tag));
 	}
 	enumerator->destroy(enumerator);
@@ -156,15 +155,15 @@ METHOD(pa_tnc_attr_t, build, void,
 }
 
 METHOD(pa_tnc_attr_t, process, status_t,
-	private_tcg_swid_attr_tag_inv_t *this, u_int32_t *offset)
+	private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset)
 {
 	bio_reader_t *reader;
-	u_int32_t tag_count;
+	uint32_t tag_count;
-	u_int8_t reserved;
+	uint8_t reserved;
-	chunk_t tag_encoding, unique_seq_id;
+	chunk_t tag_encoding, tag_file_path;
 	swid_tag_t *tag;
 
-	if (this->value.len < SWID_TAG_INV_SIZE)
+	if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
 	{
 		DBG1(DBG_TNC, "insufficient data for SWID Tag Inventory");
 		*offset = 0;
@@ -177,16 +176,16 @@ METHOD(pa_tnc_attr_t, process, status_t,
 	reader->read_uint32(reader, &this->request_id);
 	reader->read_uint32(reader, &this->eid_epoch);
 	reader->read_uint32(reader, &this->last_eid);
-	*offset = SWID_TAG_INV_SIZE;
+	*offset = TCG_SWID_TAG_INV_MIN_SIZE;
 
 	while (tag_count--)
 	{
-		if (!reader->read_data16(reader, &unique_seq_id))
+		if (!reader->read_data16(reader, &tag_file_path))
 		{
-			DBG1(DBG_TNC, "insufficient data for Unique Sequence ID");
+			DBG1(DBG_TNC, "insufficient data for Tag File Path");
 			return FAILED;
 		}
-		*offset += 2 + unique_seq_id.len;
+		*offset += 2 + tag_file_path.len;
 
 		if (!reader->read_data32(reader, &tag_encoding))
 		{
@@ -195,7 +194,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
 		}
 		*offset += 4 + tag_encoding.len;
 
-		tag = swid_tag_create(tag_encoding, unique_seq_id);
+		tag = swid_tag_create(tag_encoding, tag_file_path);
 		this->inventory->add(this->inventory, tag);
 	}
 	reader->destroy(reader);
@@ -221,14 +220,20 @@ METHOD(pa_tnc_attr_t, destroy, void,
 	}
 }
 
-METHOD(tcg_swid_attr_tag_inv_t, get_request_id, u_int32_t,
+METHOD(tcg_swid_attr_tag_inv_t, add, void,
+	private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag)
+{
+	this->inventory->add(this->inventory, tag);
+}
+
+METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t,
 	private_tcg_swid_attr_tag_inv_t *this)
 {
 	return this->request_id;
 }
 
-METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, u_int32_t,
+METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t,
-	private_tcg_swid_attr_tag_inv_t *this, u_int32_t *eid_epoch)
+	private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch)
 {
 	if (eid_epoch)
 	{
@@ -246,9 +251,8 @@ METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*,
 /**
  * Described in header.
  */
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
+pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
-											u_int32_t eid_epoch, u_int32_t eid,
+											uint32_t eid_epoch, uint32_t eid)
-											swid_inventory_t *inventory)
 {
 	private_tcg_swid_attr_tag_inv_t *this;
 
@@ -264,6 +268,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
 				.get_ref = _get_ref,
 				.destroy = _destroy,
 			},
+			.add = _add,
 			.get_request_id = _get_request_id,
 			.get_last_eid = _get_last_eid,
 			.get_inventory = _get_inventory,
@@ -272,7 +277,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(u_int32_t request_id,
 		.request_id = request_id,
 		.eid_epoch = eid_epoch,
 		.last_eid = eid,
-		.inventory = inventory,
+		.inventory = swid_inventory_create(TRUE),
 		.ref = 1,
 	);
 
@@ -299,6 +304,7 @@ pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(chunk_t data)
 				.get_ref = _get_ref,
 				.destroy = _destroy,
 			},
+			.add = _add,
 			.get_request_id = _get_request_id,
 			.get_last_eid = _get_last_eid,
 			.get_inventory = _get_inventory,

src/libpts/tcg/swid/tcg_swid_attr_tag_inv.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -29,6 +29,8 @@ typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t;
 
 #include <pa_tnc/pa_tnc_attr.h>
 
+#define TCG_SWID_TAG_INV_MIN_SIZE	16
+
 /**
  * Class implementing the TCG SWID Tag Inventory attribute
  *
@@ -40,12 +42,18 @@ struct tcg_swid_attr_tag_inv_t {
 	 */
 	pa_tnc_attr_t pa_tnc_attribute;
 
+	/**
+	 * Add a Tag ID to the attribute
+	 *
+	 * @tag						SWID Tag to be added
+	 */
+	void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag);
 	/**
 	 * Get Request ID
 	 *
 	 * @return					Request ID
 	 */
-	u_int32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
+	uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
 
 	/**
 	 * Get Last Event ID
@@ -53,8 +61,8 @@ struct tcg_swid_attr_tag_inv_t {
 	 * @param eid_epoch			Event ID Epoch
 	 * @return					Last Event ID
 	 */
-	u_int32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
+	uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
-							  u_int32_t *eid_epoch);
+							  uint32_t *eid_epoch);
 
 	/**
 	 * Get Inventory of SWID tags
@@ -71,12 +79,10 @@ struct tcg_swid_attr_tag_inv_t {
  * @param request_id			Copy of the Request ID
  * @param eid_epoch				Event ID Epoch
  * @param eid					Last Event ID
- * @param inventory				SWID Tag Inventory
  */
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(u_int32_t request_id,
+pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id,
-											u_int32_t eid_epoch,
+											uint32_t eid_epoch,
-											u_int32_t eid,
+											uint32_t eid);
-											swid_inventory_t *inventory);
 
 /**
  * Creates an tcg_swid_attr_tag_inv_t object from received data

testing/scripts/build-baseimage

@@ -17,7 +17,8 @@ INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libxerces-c2-dev,libltdl-dev
 INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core
 INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils,screen
 INC=$INC,gnat,gprbuild,libahven3-dev,libxmlada4.1-dev,libgmpada3-dev
-INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev
+INC=$INC,libalog0.4.1-base-dev,hostapd,libsoup2.4-dev,ca-certificates,unzip
+INC=$INC,python,python-setuptools
 SERVICES="apache2 dbus isc-dhcp-server slapd bind9"
 INC=$INC,${SERVICES// /,}
 

testing/scripts/recipes/014_swid_generator.mk

@@ -0,0 +1,16 @@
+#!/usr/bin/make
+
+PKG = swidGenerator
+ZIP = $(PKG)-master.zip
+SRC = https://github.com/tnc-ba/$(PKG)/archive/master.zip
+
+all: install
+
+$(ZIP):
+	wget --ca-directory="/usr/share/ca-certificates/mozilla" $(SRC) -O $(ZIP)
+
+$(PKG)-master: $(ZIP)
+	unzip $(ZIP)
+
+install: $(PKG)-master
+	cd $(PKG)-master && python setup.py install

testing/testing.conf

@@ -24,14 +24,14 @@ fi
 : ${TESTDIR=/srv/strongswan-testing}
 
 # Kernel configuration
-: ${KERNELVERSION=3.13.2}
+: ${KERNELVERSION=3.13.5}
 : ${KERNEL=linux-$KERNELVERSION}
 : ${KERNELTARBALL=$KERNEL.tar.xz}
 : ${KERNELCONFIG=$DIR/../config/kernel/config-3.13}
 : ${KERNELPATCH=ha-3.13-abicompat.patch.bz2}
 
 # strongSwan version used in tests
-: ${SWANVERSION=5.1.2}
+: ${SWANVERSION=5.2.0}
 
 # Build directory where the guest kernel and images will be built
 : ${BUILDDIR=$TESTDIR/build}
@@ -54,7 +54,7 @@ fi
 : ${BASEIMGSUITE=wheezy}
 : ${BASEIMGARCH=amd64}
 : ${BASEIMG=$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT}
-: ${BASEIMGMIRROR=http://cdn.debian.net/debian}
+: ${BASEIMGMIRROR=http://http.debian.net/debian}
 
 # Root image settings
 # The root image is the origin of all guest images. It is a clone of the base

testing/tests/tnc/tnccs-11-radius-pts/hosts/alice/etc/pts/data1.sql

@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */

testing/tests/tnc/tnccs-20-os-pts/evaltest.dat

@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES

testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/pts/data1.sql

@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */

testing/tests/tnc/tnccs-20-os/evaltest.dat

@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --sessions 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --sessions 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES

testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data1.sql

@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */
@@ -27,7 +27,7 @@ INSERT INTO identities (
 INSERT INTO sessions (
   time, connection, identity, device, product, rec
 ) VALUES (
-  NOW, 1, 1, 1, 28, 0
+  NOW, 1, 1, 1, 40, 0
 );
 
 /* Results */

testing/tests/tnc/tnccs-20-os/pretest.dat

@@ -15,6 +15,6 @@ carol::sleep 1
 carol::ipsec up home
 dave::ipsec up home
 dave::sleep 1
-moon::ipsec attest --packages --product 'Debian 7.2 x86_64'
+moon::ipsec attest --packages --product 'Debian 7.4 x86_64'
 moon::ipsec attest --sessions
 moon::ipsec attest --devices

testing/tests/tnc/tnccs-20-pt-tls/hosts/alice/etc/pts/data1.sql

@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */
@@ -27,7 +27,7 @@ INSERT INTO identities (
 INSERT INTO sessions (
   time, connection, identity, device, product, rec
 ) VALUES (
-  NOW, 1, 1, 1, 28, 0
+  NOW, 1, 1, 1, 40, 0
 );
 
 /* Results */

testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/strongswan.conf

@@ -20,6 +20,10 @@ libtnccs {
   }
 }
 
+libtls {
+  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+}
+
 pt-tls-client {
   load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
 }

testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/strongswan.conf

@@ -17,6 +17,10 @@ libtnccs {
   }
 }
 
+libtls {
+  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+}
+
 pt-tls-client {
   load = curl revocation constraints pem openssl nonce tnc-tnccs tnc-imc tnccs-20
 }

testing/tests/tnc/tnccs-20-pts-no-ecc/evaltest.dat

@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - isolate::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES

testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/pts/data1.sql

@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */

testing/tests/tnc/tnccs-20-pts/evaltest.dat

@@ -6,10 +6,10 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/28::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*carol@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - allow::YES
+moon:: ipsec attest --session 2> /dev/null::Debian 7.4 x86_64.*dave@strongswan.org - allow::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
 moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES

testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/pts/data1.sql

@@ -3,7 +3,7 @@
 INSERT INTO devices (                  /*  1 */
   value, product, created  
 ) VALUES (
-  'aabbccddeeff11223344556677889900', 28, 1372330615
+  'aabbccddeeff11223344556677889900', 40, 1372330615
 );
 
 /* Groups Members */