PTS-IMC » History » Version 46

« Previous - Version 46/69 (diff) - Next » - Current version
Andreas Steffen, 30.11.2011 16:06


TNC Client with PTS-IMC

This HOWTO explains in a step-for-step fashion how a strongSwan IPsec client with integrated TNC client functionality and an attached Platform Trust Service Integrity Measurement Collector (PTS-IMC) can provide remote attestation measurement data to a TNC server via the IKEv2 EAP-TTLS protocol.

Installation and Configuration

The following steps describe the installation of the strongSwan software

  wget http://download.strongswan.org/strongswan-4.6.2dr1.tar.bz2
  tar xjf strongswan-4.6.2dr1.tar.bz2
  cd strongswan-4.6.2dr1
  ./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-openssl --enable-curl
              --enable-eap-identity --enable-eap-md5 --enable-eap-ttls --enable-eap-tnc
              --enable-tnccs-20 --enable-tnc-imc --enable-imc-attestation
  make
  [sudo] make install 

The imc-attestation dynamic library depends on the TrouSerS library which has to be present, including the /usr/include/trousers/ header files needed during the building process.

The connection between IPsec client carol and IPsec gateway moon is defined in the /etc/ipsec.conf file:

# ipsec.conf - strongSwan IPsec configuration file

config setup
     charondebug="tnc 3, imc 3, pts 3" 

conn home
     left=%any
     leftid=carol@strongswan.org
     leftauth=eap
     right=192.168.0.1
     rightid=@moon.strongswan.org
     rightsendcert=never
     rightsubnet=10.1.0.0/16
     auto=start

The debug levels for the TNC, IMC, and PTS components are increased to 3, so that HEX dumps of PB-TNC (IF-TNCCS 2.0) messages and PA-TNC (IF-M) attributes will be included in the log file.

The IKEv2 client carol is going to use EAP-based authentication with the user credentials being stored in the /etc/ipsec.secrets file:

# /etc/ipsec.secrets - strongSwan IPsec secrets file

carol@strongswan.org : EAP "Ar3etTnp" 

The following IKEv2 charon and Attestation IMC options are defined in the /etc/strongswan.conf file

# strongswan.conf - strongSwan configuration file

charon {
  load = sha1 random gmp pkcs1 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke
  plugins {
    eap-tnc {
      protocol = tnccs-2.0
    }
    tnc-imc {
      preferred_language = en
    }
  }
}

libimcv {
  plugins {
    imc-attestation {
      aik_cert = /home/andi/privacyca/AIK_3_Cert.der
      aik_blob = /home/andi/privacyca/AIK_3_Blob.bin

      pcr17_meas   = d537d437f058136eb3d7be517dbe7647b623c619 
      pcr17_before = 1717171717171717171717171717171717171717 
      pcr17_after  = ffffffffffffffffffffffffffffffffffffffff 

      pcr18_meas   = 160d2b04d11eb225fb148615b699081869e15b6c 
      pcr18_before = 1818181818181818181818181818181818181818 
      pcr18_after  = ffffffffffffffffffffffffffffffffffffffff 
    }
  }
}

IKEv2 Negotiation

Startup and Initialization

The command

ipsec start

starts the TNC-enabled IPsec client:

Nov 29 07:39:21 merthyr charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.2dr1)
Nov 29 07:39:21 merthyr charon: 00[KNL] listening on interfaces:
Nov 29 07:39:21 merthyr charon: 00[KNL]   wlan0
Nov 29 07:39:21 merthyr charon: 00[KNL]     10.35.167.97
Nov 29 07:39:21 merthyr charon: 00[KNL]     fe80::221:6aff:fe06:cf4c
Nov 29 07:39:21 merthyr charon: 00[KNL]   umlbr0
Nov 29 07:39:21 merthyr charon: 00[KNL]     192.168.0.254
Nov 29 07:39:21 merthyr charon: 00[KNL]     fe80::103c:e8ff:fec0:db34

The file /etc/tnc_config

IMC configuration file for strongSwan client 

IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so

defines which IMCs are loaded by the TNC client:

Nov 29 07:39:21 merthyr charon: 00[TNC] loading IMCs from '/etc/tnc_config'
Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[sha1] available
Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_2048[gmp] available
Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_1536[gmp] available
Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_1024[gmp] available
Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
Nov 29 07:39:21 merthyr charon: 00[TNC] added IETF attributes
Nov 29 07:39:21 merthyr charon: 00[TNC] added ITA-HSR attributes
Nov 29 07:39:21 merthyr charon: 00[LIB] libimcv initialized
Nov 29 07:39:21 merthyr charon: 00[IMC] IMC 1 "Attestation" initialized
Nov 29 07:39:21 merthyr charon: 00[TNC] added TCG attributes
Nov 29 07:39:21 merthyr charon: 00[PTS] added TCG functional component namespace
Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component namespace
Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'
Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'
Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'
Nov 29 07:39:21 merthyr charon: 00[LIB] libpts initialized
Nov 29 07:39:21 merthyr charon: 00[IMC] IMC 1 "Attestation" provided with bind function
Nov 29 07:39:21 merthyr charon: 00[TNC] IMC 1 supports 1 message type: 0x00559701
Nov 29 07:39:21 merthyr charon: 00[TNC] IMC 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'

Next the IKEv2 credential,all necessary plugins and the IPsec connection definition are loaded

Nov 29 07:39:21 merthyr charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 29 07:39:21 merthyr charon: 00[CFG]   loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem'
Nov 29 07:39:21 merthyr charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 29 07:39:21 merthyr charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 29 07:39:21 merthyr charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 29 07:39:21 merthyr charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 29 07:39:21 merthyr charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 29 07:39:21 merthyr charon: 00[CFG]   loaded EAP secret for carol@strongswan.org
Nov 29 07:39:21 merthyr charon: 00[DMN] loaded plugins: sha1 random gmp pkcs1 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke 
Nov 29 07:39:21 merthyr charon: 00[JOB] spawning 16 worker threads
Nov 29 07:39:22 merthyr charon: 04[CFG] received stroke: add connection 'home'
Nov 29 07:39:22 merthyr charon: 04[CFG] left nor right host is our side, assuming left=local
Nov 29 07:39:22 merthyr charon: 04[CFG] added configuration 'home'

IKEv2 Exchanges

Due to auto=start the IKEv2 negotiation automatically initiates the IKE_SA_INIT exchange

Nov 29 07:39:22 merthyr charon: 04[CFG] received stroke: initiate 'home'
Nov 29 07:39:22 merthyr charon: 04[IKE] initiating IKE_SA home[1] to 192.168.0.1
Nov 29 07:39:22 merthyr charon: 04[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Nov 29 07:39:22 merthyr charon: 04[NET] sending packet: from 192.168.0.254[500] to 192.168.0.1[500]
Nov 29 07:39:22 merthyr charon: 06[NET] received packet: from 192.168.0.1[500] to 192.168.0.254[500]
Nov 29 07:39:22 merthyr charon: 06[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]

followed by the IKE_AUTH exchange where the IKEv2 gateway proposes a mutual IKEv2 EAP-TTLS only authentication:

Nov 29 07:39:22 merthyr charon: 06[IKE] establishing CHILD_SA home
Nov 29 07:39:22 merthyr charon: 06[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(EAP_ONLY) ]
Nov 29 07:39:22 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:22 merthyr charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:22 merthyr charon: 10[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]
Nov 29 07:39:22 merthyr charon: 10[IKE] server requested EAP_TTLS authentication (id 0xA8)
Nov 29 07:39:22 merthyr charon: 10[TLS] EAP_TTLS version is v0
Nov 29 07:39:22 merthyr charon: 10[IKE] allow mutual EAP-only authentication

IKEv2 EAP-TTLS Tunnel

The IKEv2 EAP-TTLS tunnel is set up with certificate-based server authentication

Nov 29 07:39:22 merthyr charon: 10[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ]
Nov 29 07:39:22 merthyr charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:22 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:22 merthyr charon: 05[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ]
Nov 29 07:39:22 merthyr charon: 05[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ]
Nov 29 07:39:22 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:22 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:22 merthyr charon: 15[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ]
Nov 29 07:39:22 merthyr charon: 15[TLS] negotiated TLS version TLS 1.2 with suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Nov 29 07:39:22 merthyr charon: 15[TLS] received TLS server certificate 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org'
Nov 29 07:39:22 merthyr charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" 
Nov 29 07:39:22 merthyr charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
Nov 29 07:39:22 merthyr charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" 
Nov 29 07:39:22 merthyr charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan.crl' ...
Nov 29 07:39:22 merthyr charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
Nov 29 07:39:22 merthyr charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
Nov 29 07:39:22 merthyr charon: 15[CFG]   crl is valid: until Dec 02 09:19:24 2011
Nov 29 07:39:22 merthyr charon: 15[CFG] certificate status is good
Nov 29 07:39:22 merthyr charon: 15[CFG]   reached self-signed root ca with a path length of 0
Nov 29 07:39:22 merthyr charon: 15[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ]
Nov 29 07:39:22 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Tunneled EAP-Identity

Via the IKEv2 EAP-TTLS tunnel the server requests the EAP client identity

Nov 29 07:39:23 merthyr charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:23 merthyr charon: 14[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ]
Nov 29 07:39:23 merthyr charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID]
Nov 29 07:39:23 merthyr charon: 14[IKE] server requested EAP_IDENTITY authentication (id 0x00)
Nov 29 07:39:23 merthyr charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID]
Nov 29 07:39:23 merthyr charon: 14[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ]
Nov 29 07:39:23 merthyr charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Tunneled EAP-MD5 Client Authentication

Next follows an EAP-MD5 client authentication

Nov 29 07:39:23 merthyr charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:23 merthyr charon: 03[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ]
Nov 29 07:39:23 merthyr charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/MD5]
Nov 29 07:39:23 merthyr charon: 03[IKE] server requested EAP_MD5 authentication (id 0x36)
Nov 29 07:39:23 merthyr charon: 03[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/MD5]
Nov 29 07:39:23 merthyr charon: 03[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ]
Nov 29 07:39:23 merthyr charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Tunneled EAP-TNC Transport

Now the EAP-TNC transport protocol connecting the TNC client with the TNC server is started:

Nov 29 07:39:23 merthyr charon: 02[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:23 merthyr charon: 02[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ]
Nov 29 07:39:23 merthyr charon: 02[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]
Nov 29 07:39:23 merthyr charon: 02[IKE] server requested EAP_TNC authentication (id 0x84)
Nov 29 07:39:23 merthyr charon: 02[TLS] EAP_TNC version is v1

PB-TNC/IF-TNCCS 2.0 Connection

A new TNCCS connection is instantiated on the TNC client and its IF-TNCCS 2.0 state machine is set to the Init state.

IF-TNCCS 2.0 State Diagram

A first PB-TNC CDATA (IF-TNCCS 2.0 ClientData) batch is prepared and a PB-Language-Preference message for Englisch (en) is added:

Nov 29 07:39:23 merthyr charon: 02[TNC] assigned TNCCS Connection ID 1
Nov 29 07:39:23 merthyr charon: 02[TNC] creating PB-TNC CDATA batch
Nov 29 07:39:23 merthyr charon: 02[TNC] adding PB-Language-Preference message

An instance of the Attestation PTS-IMC is created which in a first step determines the client operating systen

Nov 29 07:39:23 merthyr charon: 02[PTS] platform is 'Ubuntu 11.10 i686'

and then loads the AIK certificate and the matching AIK private key, the latter in the form of a TPM-encrypted binary blob

Nov 29 07:39:23 merthyr charon: 02[PTS] loaded AIK certificate from '/home/andi/privacyca/AIK_3_Cert.der'
Nov 29 07:39:23 merthyr charon: 02[PTS] loaded AIK Blob from '/home/andi/privacyca/AIK_3_Blob.bin'
Nov 29 07:39:23 merthyr charon: 02[PTS] AIK Blob: => 559 bytes @ 0x8266b24
Nov 29 07:39:23 merthyr charon: 02[PTS]    0: 01 01 00 00 00 12 00 00 00 04 00 00 00 00 01 00  ................
Nov 29 07:39:23 merthyr charon: 02[PTS]   16: 01 00 02 00 00 00 0C 00 00 08 00 00 00 00 02 00  ................
Nov 29 07:39:23 merthyr charon: 02[PTS]   32: 00 00 00 00 00 00 00 00 00 01 00 E9 1C 5F 57 5B  ............._W[
Nov 29 07:39:23 merthyr charon: 02[PTS]   48: 73 5F 35 15 BD AF 29 89 13 F1 F9 8D 83 62 6C 73  s_5...)......bls
Nov 29 07:39:23 merthyr charon: 02[PTS]   64: C0 5F 8B 90 5A B8 1A 72 B9 D2 51 F8 DC 24 CF 0D  ._..Z..r..Q..$..
Nov 29 07:39:23 merthyr charon: 02[PTS]   80: 9E E2 0B F8 8D 11 CD B2 E5 6B CB C2 AB FA BD F4  .........k......
Nov 29 07:39:23 merthyr charon: 02[PTS]   96: 74 D2 25 B3 AE CE 47 66 58 A6 65 A4 CA 36 24 1E  t.%...GfX.e..6$.
Nov 29 07:39:23 merthyr charon: 02[PTS]  112: 6E 22 A4 9F 88 C5 63 78 AD 53 33 90 22 91 6F 83  n"....cx.S3.".o.
Nov 29 07:39:23 merthyr charon: 02[PTS]  128: 8F 2A A8 98 0C 15 3E 89 19 48 63 BE 4C 35 02 F4  .*....>..Hc.L5..
Nov 29 07:39:23 merthyr charon: 02[PTS]  144: 03 7E 10 8E 4D DB 5A D1 63 9A 3C D9 63 F5 7B C6  .~..M.Z.c.<.c.{.
Nov 29 07:39:23 merthyr charon: 02[PTS]  160: 73 0F 23 05 B6 00 30 3B 34 6C 3C 10 A9 A5 4A 79  s.#...0;4l<...Jy
Nov 29 07:39:23 merthyr charon: 02[PTS]  176: 2E 62 88 E3 CC 7F 7B A7 5A E3 6F 13 7A BD BF 86  .b....{.Z.o.z...
Nov 29 07:39:23 merthyr charon: 02[PTS]  192: 1D 3C E3 12 3A 8C 0E 7D 47 55 C6 76 A9 D3 61 16  .<..:..}GU.v..a.
Nov 29 07:39:23 merthyr charon: 02[PTS]  208: 22 8A 32 C5 E7 CD 17 DB 5F A1 67 CC 1D F5 D9 25  ".2....._.g....%
Nov 29 07:39:23 merthyr charon: 02[PTS]  224: 51 01 33 1E 05 45 85 53 2E 2C 2B 1D 59 E5 FE C2  Q.3..E.S.,+.Y...
Nov 29 07:39:23 merthyr charon: 02[PTS]  240: 61 26 36 12 05 F2 5C 95 F8 70 E6 6A DB BF 30 1E  a&6...\..p.j..0.
Nov 29 07:39:23 merthyr charon: 02[PTS]  256: 46 05 E6 0E 94 3C 0C C6 1C 96 B4 59 AC 5C 63 15  F....<.....Y.\c.
Nov 29 07:39:23 merthyr charon: 02[PTS]  272: 8C 77 E8 45 91 6B 8B B1 0D DB 26 3C E5 34 1C E8  .w.E.k....&<.4..
Nov 29 07:39:23 merthyr charon: 02[PTS]  288: B9 B5 6E 7F 9B 6E 7D 24 82 6E 2B 00 00 01 00 22  ..n..n}$.n+...." 
Nov 29 07:39:23 merthyr charon: 02[PTS]  304: 35 22 CB 61 E6 28 B9 53 4A EB 52 10 A9 CD 5A 2A  5".a.(.SJ.R...Z*
Nov 29 07:39:23 merthyr charon: 02[PTS]  320: 23 3A DD 32 77 53 44 8D 94 40 7E 6A 28 83 9D 9D  #:.2wSD..@~j(...
Nov 29 07:39:23 merthyr charon: 02[PTS]  336: 1E 1B CE 7C CE D2 8A C9 04 BE 66 A5 A1 CA E3 03  ...|......f.....
Nov 29 07:39:23 merthyr charon: 02[PTS]  352: 7F 33 97 AD EF A8 E8 83 C9 65 CA 38 27 22 8A 26  .3.......e.8'".&
Nov 29 07:39:23 merthyr charon: 02[PTS]  368: 90 B1 1E B0 AE F6 B3 77 5E E3 C8 C2 C6 49 DC 74  .......w^....I.t
Nov 29 07:39:23 merthyr charon: 02[PTS]  384: EF 6E A4 31 DF 13 12 F0 4B 53 3D 85 5C 4F 98 C3  .n.1....KS=.\O..
Nov 29 07:39:23 merthyr charon: 02[PTS]  400: 32 7D 05 EB C1 D6 2A AC 6A 38 B8 C4 D4 B7 FE B7  2}....*.j8......
Nov 29 07:39:23 merthyr charon: 02[PTS]  416: 11 39 AD 14 39 EE C2 38 4D 31 86 D9 6F 10 85 90  .9..9..8M1..o...
Nov 29 07:39:23 merthyr charon: 02[PTS]  432: 07 43 AA DF AA 25 84 79 5D 01 7B 2B B1 DB 3D CA  .C...%.y].{+..=.
Nov 29 07:39:23 merthyr charon: 02[PTS]  448: 34 A5 94 B6 35 3B 87 EC 77 56 8E B4 13 DD 3F 25  4...5;..wV....?%
Nov 29 07:39:23 merthyr charon: 02[PTS]  464: 12 F9 97 CB 23 CF B8 AB D5 1C 2A D6 2D 13 85 3B  ....#.....*.-..;
Nov 29 07:39:23 merthyr charon: 02[PTS]  480: D3 77 48 B8 A4 C0 31 C6 68 C0 92 33 7C 5B AA 8E  .wH...1.h..3|[..
Nov 29 07:39:23 merthyr charon: 02[PTS]  496: A5 86 05 EF 99 0D CA 02 5F 96 9A 68 C3 DA A2 A8  ........_..h....
Nov 29 07:39:23 merthyr charon: 02[PTS]  512: B7 4C C6 EC 09 98 45 E7 E6 E5 DC A6 E3 B3 54 2A  .L....E.......T*
Nov 29 07:39:23 merthyr charon: 02[PTS]  528: F5 5A 94 78 3C 26 5B FD D0 01 4B A4 5D B2 C2 EC  .Z.x<&[...K.]...
Nov 29 07:39:23 merthyr charon: 02[PTS]  544: B6 56 A0 DB EC C8 BA 0D E9 56 EC F0 77 7A AB     .V.......V..wz.
Nov 29 07:39:23 merthyr charon: 02[IMC] IMC 1 "Attestation" created a state for Connection ID 1

Via the IF-IMC interface the PTS-IMC receives a 'Handshake' state change from the TNC client

Nov 29 07:39:23 merthyr charon: 02[IMC] IMC 1 "Attestation" changed state of Connection ID 1 to 'Handshake'

The PTS-IMC generates a PA-TNC message of type TCG/PTS targeted at the remote PTS-IMV, containing a single PA-TNC attribute of type 'IETF/Product Information' with the client operating system information:

Nov 29 07:39:23 merthyr charon: 02[TNC] creating PA-TNC message with ID 0x569e528e
Nov 29 07:39:23 merthyr charon: 02[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Nov 29 07:39:23 merthyr charon: 02[TNC] => 22 bytes @ 0x82452bc
Nov 29 07:39:23 merthyr charon: 02[TNC]    0: 00 00 00 00 00 55 62 75 6E 74 75 20 31 31 2E 31  .....Ubuntu 11.1
Nov 29 07:39:23 merthyr charon: 02[TNC]   16: 30 20 69 36 38 36                                0 i686
Nov 29 07:39:23 merthyr charon: 02[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01
Nov 29 07:39:23 merthyr charon: 02[TNC] adding PB-PA message

The PA-TNC message is received by the TNC client via the IF-IMC SendMessage call and is inserted together with the
PB-Language-Preference message into the PB-TNC CDATA batch which is then sent via the IKEv2 EAP-TTLS tunnel to the TNC server.

Nov 29 07:39:23 merthyr charon: 02[TNC] PB-TNC state transition from 'Init' to 'Server Working'
Nov 29 07:39:23 merthyr charon: 02[TNC] sending PB-TNC CDATA batch (105 bytes) for Connection ID 1
Nov 29 07:39:23 merthyr charon: 02[TNC] => 105 bytes @ 0x82669a4
Nov 29 07:39:23 merthyr charon: 02[TNC]    0: 02 00 00 01 00 00 00 69 00 00 00 00 00 00 00 06  .......i........
Nov 29 07:39:23 merthyr charon: 02[TNC]   16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75  ....Accept-Langu
Nov 29 07:39:23 merthyr charon: 02[TNC]   32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00  age: en.........
Nov 29 07:39:23 merthyr charon: 02[TNC]   48: 00 00 42 00 00 55 97 00 00 00 01 00 01 FF FF 01  ..B..U..........
Nov 29 07:39:23 merthyr charon: 02[TNC]   64: 00 00 00 56 9E 52 8E 00 00 00 00 00 00 00 02 00  ...V.R..........
Nov 29 07:39:23 merthyr charon: 02[TNC]   80: 00 00 22 00 00 00 00 00 55 62 75 6E 74 75 20 31  ..".....Ubuntu 1
Nov 29 07:39:23 merthyr charon: 02[TNC]   96: 31 2E 31 30 20 69 36 38 36                       1.10 i686
Nov 29 07:39:23 merthyr charon: 02[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Nov 29 07:39:23 merthyr charon: 02[ENC] generating IKE_AUTH request 7 [ EAP/RES/TTLS ]
Nov 29 07:39:23 merthyr charon: 02[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

PTS Capability Discovery

As a response a PB-TNC SDATA (IF-TNCCS 2.0 ServerData) batch is received from the TNC server

Nov 29 07:39:23 merthyr charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:23 merthyr charon: 13[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TTLS ]
Nov 29 07:39:23 merthyr charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]
Nov 29 07:39:23 merthyr charon: 13[TNC] received TNCCS batch (72 bytes) for Connection ID 1
Nov 29 07:39:23 merthyr charon: 13[TNC] => 72 bytes @ 0x826212e
Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 02 80 00 02 00 00 00 48 80 00 00 00 00 00 00 01  .......H........
Nov 29 07:39:23 merthyr charon: 13[TNC]   16: 00 00 00 40 00 00 55 97 00 00 00 01 FF FF 00 01  ...@..U.........
Nov 29 07:39:23 merthyr charon: 13[TNC]   32: 01 00 00 00 10 FB C9 31 80 00 55 97 01 00 00 00  .......1..U.....
Nov 29 07:39:23 merthyr charon: 13[TNC]   48: 00 00 00 10 00 00 00 0E 80 00 55 97 06 00 00 00  ..........U.....
Nov 29 07:39:23 merthyr charon: 13[TNC]   64: 00 00 00 10 00 00 80 00                          ........
Nov 29 07:39:23 merthyr charon: 13[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Nov 29 07:39:23 merthyr charon: 13[TNC] processing PB-TNC SDATA batch

containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PB-PA message (64 bytes)
Nov 29 07:39:23 merthyr charon: 13[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

The PA-TNC message transferred via the IF-IMC interface to the PTS-IMC contains two PA-TNC attributes from the TCG/PTS namespace:

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PA-TNC message with ID 0x10fbc931
Nov 29 07:39:23 merthyr charon: 13[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x8268da0
Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 00 0E                                      ....
Nov 29 07:39:23 merthyr charon: 13[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x8268db0
Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 80 00                                      ....

namely the requests 'Request PTS Protocol Capabilities' and 'PTS Measurement Algorithm Request'. The PTS-IMV supports the Verification (V), DH Nonce Negotiation (D) and Trusted Platform Evidence (T) PTS protocol capabilities and the PTS-IMC does as well.

Nov 29 07:39:23 merthyr charon: 13[PTS] supported PTS protocol capabilities: .VDT.
Nov 29 07:39:23 merthyr charon: 13[PTS] selected PTS measurement algorithm is HASH_SHA1

The PTS-IMV proposes SHA-1 only for the PTS measurement algorithm which is accepted by the PTS-IMC. These two selections are sent back to the PTS-IMV in a PA-TNC message containing the TCG attributes 'PTS Protocol Capabilities' and 'PTS Measurement Algorithm":

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PA-TNC message with ID 0x0ed3f1f3
Nov 29 07:39:23 merthyr charon: 13[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x8266b04
Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 00 0E                                      ....
Nov 29 07:39:23 merthyr charon: 13[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x825f17c
Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 80 00                                      ....

This PA-TNC message is sent as a PB-PA payload in a PB-TNC CDATA batch to the TNC server:

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01
Nov 29 07:39:23 merthyr charon: 13[TNC] creating PB-TNC CDATA batch
Nov 29 07:39:23 merthyr charon: 13[TNC] adding PB-PA message
Nov 29 07:39:23 merthyr charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Nov 29 07:39:23 merthyr charon: 13[TNC] sending PB-TNC CDATA batch (72 bytes) for Connection ID 1
Nov 29 07:39:23 merthyr charon: 13[TNC] => 72 bytes @ 0x82679fc
Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 02 00 00 01 00 00 00 48 80 00 00 00 00 00 00 01  .......H........
Nov 29 07:39:23 merthyr charon: 13[TNC]   16: 00 00 00 40 00 00 55 97 00 00 00 01 00 01 FF FF  ...@..U.........
Nov 29 07:39:23 merthyr charon: 13[TNC]   32: 01 00 00 00 0E D3 F1 F3 00 00 55 97 02 00 00 00  ..........U.....
Nov 29 07:39:23 merthyr charon: 13[TNC]   48: 00 00 00 10 00 00 00 0E 00 00 55 97 07 00 00 00  ..........U.....
Nov 29 07:39:23 merthyr charon: 13[TNC]   64: 00 00 00 10 00 00 80 00                          ........
Nov 29 07:39:23 merthyr charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Nov 29 07:39:23 merthyr charon: 13[ENC] generating IKE_AUTH request 8 [ EAP/RES/TTLS ]
Nov 29 07:39:23 merthyr charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

DH Nonce Parameters

The next PB-TNC SDATA batch is received:

Nov 29 07:39:23 merthyr charon: 01[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:23 merthyr charon: 01[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TTLS ]
Nov 29 07:39:23 merthyr charon: 01[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]
Nov 29 07:39:23 merthyr charon: 01[TNC] received TNCCS batch (56 bytes) for Connection ID 1
Nov 29 07:39:23 merthyr charon: 01[TNC] => 56 bytes @ 0x825e5b6
Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 02 80 00 02 00 00 00 38 80 00 00 00 00 00 00 01  .......8........
Nov 29 07:39:23 merthyr charon: 01[TNC]   16: 00 00 00 30 00 00 55 97 00 00 00 01 FF FF 00 01  ...0..U.........
Nov 29 07:39:23 merthyr charon: 01[TNC]   32: 01 00 00 00 C2 D1 8E F1 80 00 55 97 03 00 00 00  ..........U.....
Nov 29 07:39:23 merthyr charon: 01[TNC]   48: 00 00 00 10 00 00 F0 00                          ........
Nov 29 07:39:23 merthyr charon: 01[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Nov 29 07:39:23 merthyr charon: 01[TNC] processing PB-TNC SDATA batch

containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PB-PA message (48 bytes)
Nov 29 07:39:23 merthyr charon: 01[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

The PA-TNC message contains a 'DH Nonce Parameters Request' from the TCG namespace

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PA-TNC message with ID 0xc2d18ef1
Nov 29 07:39:23 merthyr charon: 01[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Nov 29 07:39:23 merthyr charon: 01[TNC] => 4 bytes @ 0x82452d0
Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 00 00 F0 00                                      ....

and offers the set of IKE DH groups {2, 5, 14, 19} from which the PTS-IMC selects ECP_256 (group 19).

Nov 29 07:39:23 merthyr charon: 01[PTS] selected PTS DH group is ECP_256
Nov 29 07:39:23 merthyr charon: 01[PTS] nonce length is 20

The PTS-IMC also returns a 20 byte DH responder nonce and the 32 byte ECP_256 DH responder public value:

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PA-TNC message with ID 0xa69f8b02
Nov 29 07:39:23 merthyr charon: 01[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Nov 29 07:39:23 merthyr charon: 01[TNC] => 92 bytes @ 0x826a53c
Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 00 00 00 14 10 00 E0 00 AA B1 9A 5C 9B 47 D0 0D  ...........\.G..
Nov 29 07:39:23 merthyr charon: 01[TNC]   16: EF 3B F4 48 7A 55 EF DA 89 55 D3 74 DF CE B2 FB  .;.HzU...U.t....
Nov 29 07:39:23 merthyr charon: 01[TNC]   32: 44 16 FD 98 44 1D 79 1F 36 7A A5 67 94 30 81 C8  D...D.y.6z.g.0..
Nov 29 07:39:23 merthyr charon: 01[TNC]   48: 38 A8 1A AD 99 55 0E 91 2F E4 36 62 FA C2 08 63  8....U../.6b...c
Nov 29 07:39:23 merthyr charon: 01[TNC]   64: 88 69 41 79 35 D4 64 8C 4C D4 CB E9 7B 5E CF 0A  .iAy5.d.L...{^..
Nov 29 07:39:23 merthyr charon: 01[TNC]   80: E0 E9 74 66 4C BB 06 3B F8 DE 96 2E              ..tfL..;....

This PA-TNC message is carried in a PB-PA message encapsulated in a PB-TNC CDATA batch:

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01
Nov 29 07:39:23 merthyr charon: 01[TNC] creating PB-TNC CDATA batch
Nov 29 07:39:23 merthyr charon: 01[TNC] adding PB-PA message
Nov 29 07:39:23 merthyr charon: 01[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Nov 29 07:39:23 merthyr charon: 01[TNC] sending PB-TNC CDATA batch (144 bytes) for Connection ID 1
Nov 29 07:39:23 merthyr charon: 01[TNC] => 144 bytes @ 0x826e85c
Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 02 00 00 01 00 00 00 90 80 00 00 00 00 00 00 01  ................
Nov 29 07:39:23 merthyr charon: 01[TNC]   16: 00 00 00 88 00 00 55 97 00 00 00 01 00 01 FF FF  ......U.........
Nov 29 07:39:23 merthyr charon: 01[TNC]   32: 01 00 00 00 A6 9F 8B 02 00 00 55 97 04 00 00 00  ..........U.....
Nov 29 07:39:23 merthyr charon: 01[TNC]   48: 00 00 00 68 00 00 00 14 10 00 E0 00 AA B1 9A 5C  ...h...........\
Nov 29 07:39:23 merthyr charon: 01[TNC]   64: 9B 47 D0 0D EF 3B F4 48 7A 55 EF DA 89 55 D3 74  .G...;.HzU...U.t
Nov 29 07:39:23 merthyr charon: 01[TNC]   80: DF CE B2 FB 44 16 FD 98 44 1D 79 1F 36 7A A5 67  ....D...D.y.6z.g
Nov 29 07:39:23 merthyr charon: 01[TNC]   96: 94 30 81 C8 38 A8 1A AD 99 55 0E 91 2F E4 36 62  .0..8....U../.6b
Nov 29 07:39:23 merthyr charon: 01[TNC]  112: FA C2 08 63 88 69 41 79 35 D4 64 8C 4C D4 CB E9  ...c.iAy5.d.L...
Nov 29 07:39:23 merthyr charon: 01[TNC]  128: 7B 5E CF 0A E0 E9 74 66 4C BB 06 3B F8 DE 96 2E  {^....tfL..;....
Nov 29 07:39:23 merthyr charon: 01[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Nov 29 07:39:23 merthyr charon: 01[ENC] generating IKE_AUTH request 9 [ EAP/RES/TTLS ]
Nov 29 07:39:23 merthyr charon: 01[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

DH Nonce Finish and TPM Version/AIK Info

The next PB-TNC SDATA batch is received:

Nov 29 07:39:23 merthyr charon: 04[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:23 merthyr charon: 04[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TTLS ]
Nov 29 07:39:23 merthyr charon: 04[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]
Nov 29 07:39:23 merthyr charon: 04[TNC] received TNCCS batch (172 bytes) for Connection ID 1
Nov 29 07:39:23 merthyr charon: 04[TNC] => 172 bytes @ 0x826e866
Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 02 80 00 02 00 00 00 AC 80 00 00 00 00 00 00 01  ................
Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 00 00 00 A4 00 00 55 97 00 00 00 01 FF FF 00 01  ......U.........
Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 01 00 00 00 83 45 BD D1 80 00 55 97 05 00 00 00  .....E....U.....
Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 00 00 00 64 00 14 80 00 B1 E2 2D 2D 11 80 E2 BC  ...d......--....
Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 83 5A 56 DC 1B 18 3F 91 3B 63 E0 E9 09 2A 67 0D  .ZV...?.;c...*g.
Nov 29 07:39:23 merthyr charon: 04[TNC]   80: AE FB D6 94 32 39 5A 2C D2 2C 58 2C 5F 3E B4 00  ....29Z,.,X,_>..
Nov 29 07:39:23 merthyr charon: 04[TNC]   96: 25 68 E8 EB 9E 46 93 B3 C7 AE 5C 57 26 92 D7 4E  %h...F....\W&..N
Nov 29 07:39:23 merthyr charon: 04[TNC]  112: F2 14 08 60 96 A4 74 78 46 C4 11 FB 33 64 F3 27  ...`..txF...3d.'
Nov 29 07:39:23 merthyr charon: 04[TNC]  128: 1D 62 3D C4 83 73 AE AE 8B 36 E4 F5 80 00 55 97  .b=..s...6....U.
Nov 29 07:39:23 merthyr charon: 04[TNC]  144: 08 00 00 00 00 00 00 10 00 00 00 00 80 00 55 97  ..............U.
Nov 29 07:39:23 merthyr charon: 04[TNC]  160: 0D 00 00 00 00 00 00 10 00 00 00 00              ............
Nov 29 07:39:23 merthyr charon: 04[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Nov 29 07:39:23 merthyr charon: 04[TNC] processing PB-TNC SDATA batch
Nov 29 07:39:23 merthyr charon: 04[TNC] processing PB-PA message (164 bytes)
Nov 29 07:39:23 merthyr charon: 04[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

containing a PA-TNC message with the 'DH Nonce Finish', 'Get TPM Version Information' and 'Get Attestation Identity Key'
attributes from the TCG namespace:

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC message with ID 0x8345bdd1
Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Nov 29 07:39:23 merthyr charon: 04[TNC] => 88 bytes @ 0x826a928
Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 14 80 00 B1 E2 2D 2D 11 80 E2 BC 83 5A 56 DC  ......--.....ZV.
Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 1B 18 3F 91 3B 63 E0 E9 09 2A 67 0D AE FB D6 94  ..?.;c...*g.....
Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 32 39 5A 2C D2 2C 58 2C 5F 3E B4 00 25 68 E8 EB  29Z,.,X,_>..%h..
Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 9E 46 93 B3 C7 AE 5C 57 26 92 D7 4E F2 14 08 60  .F....\W&..N...`
Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 96 A4 74 78 46 C4 11 FB 33 64 F3 27 1D 62 3D C4  ..txF...3d.'.b=.
Nov 29 07:39:23 merthyr charon: 04[TNC]   80: 83 73 AE AE 8B 36 E4 F5                          .s...6..
Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Nov 29 07:39:23 merthyr charon: 04[TNC] => 4 bytes @ 0x826a98c
Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 00 00 00                                      ....
Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Nov 29 07:39:23 merthyr charon: 04[TNC] => 4 bytes @ 0x826a99c
Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 00 00 00                                      ....

The PTS-IMV reports that it selected SHA-1 as the DH hash algorithm and provides its 20 byte nonce and 32 byte public DH factor
so that the share DH secret can be computed:

Nov 29 07:39:23 merthyr charon: 04[PTS] selected DH hash algorithm is HASH_SHA1
Nov 29 07:39:23 merthyr charon: 04[PTS] initiator nonce: => 20 bytes @ 0x82594a4
Nov 29 07:39:23 merthyr charon: 04[PTS]    0: 46 C4 11 FB 33 64 F3 27 1D 62 3D C4 83 73 AE AE  F...3d.'.b=..s..
Nov 29 07:39:23 merthyr charon: 04[PTS]   16: 8B 36 E4 F5                                      .6..
Nov 29 07:39:23 merthyr charon: 04[PTS] responder nonce: => 20 bytes @ 0x8266a7c
Nov 29 07:39:23 merthyr charon: 04[PTS]    0: AA B1 9A 5C 9B 47 D0 0D EF 3B F4 48 7A 55 EF DA  ...\.G...;.HzU..
Nov 29 07:39:23 merthyr charon: 04[PTS]   16: 89 55 D3 74                                      .U.t
Nov 29 07:39:23 merthyr charon: 04[PTS] shared DH secret: => 32 bytes @ 0x826c8e4
Nov 29 07:39:23 merthyr charon: 04[PTS]    0: 61 E8 7D D7 8C C8 DF 4E 5C 5A B7 48 75 38 0C B8  a.}....N\Z.Hu8..
Nov 29 07:39:23 merthyr charon: 04[PTS]   16: 2D 23 08 8E E2 D5 B9 25 04 F8 03 BA 35 9F 3A 52  -#.....%....5.:R
Nov 29 07:39:23 merthyr charon: 04[PTS] secret assessment value: => 20 bytes @ 0x8266ea4
Nov 29 07:39:23 merthyr charon: 04[PTS]    0: E1 1B 01 B4 FF 2B 56 83 24 AD AD AD 8B 7B 36 B7  .....+V.$....{6.
Nov 29 07:39:23 merthyr charon: 04[PTS]   16: FF CA D9 59                                      ...Y

Answering the 'Get TPM Version Information' request, the following TPM version info is returned in binary form:

Nov 29 07:39:23 merthyr charon: 04[PTS] TPM 1.2 Version Info: Chip Version: 1.2.1.2, Spec Level: 2, Errata Rev: 0, Vendor ID: IFX

Besides the 'TPM Version Information' attribute, also the 'Attestation Identity Key' is included in the PA-TNC message to be forwarded to the PTS-IMV:

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PA-TNC message with ID 0x1e82d806
Nov 29 07:39:23 merthyr charon: 04[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Nov 29 07:39:23 merthyr charon: 04[TNC] => 15 bytes @ 0x826a9ec
Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 30 01 02 01 02 00 02 00 49 46 58 00 00 00     .0.......IFX...
Nov 29 07:39:23 merthyr charon: 04[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Nov 29 07:39:23 merthyr charon: 04[TNC] => 1334 bytes @ 0x826e274
Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 30 82 05 31 30 82 04 19 A0 03 02 01 02 02 10  .0..10..........
Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 15 C8 E6 07 AD F7 B6 3C 0A F2 87 51 0C 34 F7 BA  .......<...Q.4..
Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30  0...*.H........0
Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 4D 31 16 30 14 06 03 55 04 0A 13 0D 70 72 69 76  M1.0...U....priv
Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 61 63 79 63 61 2E 63 6F 6D 31 33 30 31 06 03 55  acyca.com1301..U
Nov 29 07:39:23 merthyr charon: 04[TNC]   80: 04 03 13 2A 50 72 69 76 61 63 79 20 43 41 20 45  ...*Privacy CA E
Nov 29 07:39:23 merthyr charon: 04[TNC]   96: 4B 2D 43 65 72 74 2D 43 68 65 63 6B 65 64 20 41  K-Cert-Checked A
Nov 29 07:39:23 merthyr charon: 04[TNC]  112: 49 4B 20 43 65 72 74 69 66 69 63 61 74 65 30 1E  IK Certificate0.
Nov 29 07:39:23 merthyr charon: 04[TNC]  128: 17 0D 31 31 31 31 30 32 30 37 35 30 35 31 5A 17  ..111102075051Z.
Nov 29 07:39:23 merthyr charon: 04[TNC]  144: 0D 31 32 31 31 30 32 30 37 35 30 35 31 5A 30 00  .121102075051Z0.
Nov 29 07:39:23 merthyr charon: 04[TNC]  160: 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01  0.."0...*.H.....
Nov 29 07:39:23 merthyr charon: 04[TNC]  176: 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01  ........0.......
Nov 29 07:39:23 merthyr charon: 04[TNC]  192: 00 E9 1C 5F 57 5B 73 5F 35 15 BD AF 29 89 13 F1  ..._W[s_5...)...
Nov 29 07:39:23 merthyr charon: 04[TNC]  208: F9 8D 83 62 6C 73 C0 5F 8B 90 5A B8 1A 72 B9 D2  ...bls._..Z..r..
Nov 29 07:39:23 merthyr charon: 04[TNC]  224: 51 F8 DC 24 CF 0D 9E E2 0B F8 8D 11 CD B2 E5 6B  Q..$...........k
Nov 29 07:39:23 merthyr charon: 04[TNC]  240: CB C2 AB FA BD F4 74 D2 25 B3 AE CE 47 66 58 A6  ......t.%...GfX.
Nov 29 07:39:23 merthyr charon: 04[TNC]  256: 65 A4 CA 36 24 1E 6E 22 A4 9F 88 C5 63 78 AD 53  e..6$.n"....cx.S
Nov 29 07:39:23 merthyr charon: 04[TNC]  272: 33 90 22 91 6F 83 8F 2A A8 98 0C 15 3E 89 19 48  3.".o..*....>..H
Nov 29 07:39:23 merthyr charon: 04[TNC]  288: 63 BE 4C 35 02 F4 03 7E 10 8E 4D DB 5A D1 63 9A  c.L5...~..M.Z.c.
Nov 29 07:39:23 merthyr charon: 04[TNC]  304: 3C D9 63 F5 7B C6 73 0F 23 05 B6 00 30 3B 34 6C  <.c.{.s.#...0;4l
Nov 29 07:39:23 merthyr charon: 04[TNC]  320: 3C 10 A9 A5 4A 79 2E 62 88 E3 CC 7F 7B A7 5A E3  <...Jy.b....{.Z.
Nov 29 07:39:23 merthyr charon: 04[TNC]  336: 6F 13 7A BD BF 86 1D 3C E3 12 3A 8C 0E 7D 47 55  o.z....<..:..}GU
Nov 29 07:39:23 merthyr charon: 04[TNC]  352: C6 76 A9 D3 61 16 22 8A 32 C5 E7 CD 17 DB 5F A1  .v..a.".2....._.
Nov 29 07:39:23 merthyr charon: 04[TNC]  368: 67 CC 1D F5 D9 25 51 01 33 1E 05 45 85 53 2E 2C  g....%Q.3..E.S.,
Nov 29 07:39:23 merthyr charon: 04[TNC]  384: 2B 1D 59 E5 FE C2 61 26 36 12 05 F2 5C 95 F8 70  +.Y...a&6...\..p
Nov 29 07:39:23 merthyr charon: 04[TNC]  400: E6 6A DB BF 30 1E 46 05 E6 0E 94 3C 0C C6 1C 96  .j..0.F....<....
Nov 29 07:39:23 merthyr charon: 04[TNC]  416: B4 59 AC 5C 63 15 8C 77 E8 45 91 6B 8B B1 0D DB  .Y.\c..w.E.k....
Nov 29 07:39:23 merthyr charon: 04[TNC]  432: 26 3C E5 34 1C E8 B9 B5 6E 7F 9B 6E 7D 24 82 6E  &<.4....n..n}$.n
Nov 29 07:39:23 merthyr charon: 04[TNC]  448: 2B 02 03 01 00 01 A3 82 02 58 30 82 02 54 30 81  +........X0..T0.
Nov 29 07:39:23 merthyr charon: 04[TNC]  464: 93 06 03 55 1D 09 04 81 8B 30 81 88 30 3A 06 03  ...U.....0..0:..
Nov 29 07:39:23 merthyr charon: 04[TNC]  480: 55 04 34 31 33 30 0B 30 09 06 05 2B 0E 03 02 1A  U.4130.0...+....
Nov 29 07:39:23 merthyr charon: 04[TNC]  496: 05 00 30 24 30 22 06 09 2A 86 48 86 F7 0D 01 01  ..0$0"..*.H.....
Nov 29 07:39:23 merthyr charon: 04[TNC]  512: 07 30 15 A2 13 30 11 06 09 2A 86 48 86 F7 0D 01  .0...0...*.H....
Nov 29 07:39:23 merthyr charon: 04[TNC]  528: 01 09 04 04 54 43 50 41 30 16 06 05 67 81 05 02  ....TCPA0...g...
Nov 29 07:39:23 merthyr charon: 04[TNC]  544: 10 31 0D 30 0B 0C 03 31 2E 32 02 01 02 02 01 00  .1.0...1.2......
Nov 29 07:39:23 merthyr charon: 04[TNC]  560: 30 32 06 05 67 81 05 02 12 31 29 30 27 01 01 FF  02..g....1)0'...
Nov 29 07:39:23 merthyr charon: 04[TNC]  576: A0 03 0A 01 01 A1 03 0A 01 00 A2 03 0A 01 00 A3  ................
Nov 29 07:39:23 merthyr charon: 04[TNC]  592: 10 30 0E 16 03 33 2E 30 0A 01 04 0A 01 00 01 01  .0...3.0........
Nov 29 07:39:23 merthyr charon: 04[TNC]  608: FF 01 01 FF 30 62 06 03 55 1D 11 01 01 FF 04 58  ....0b..U......X
Nov 29 07:39:23 merthyr charon: 04[TNC]  624: 30 56 A4 47 30 45 31 16 30 14 06 05 67 81 05 02  0V.G0E1.0...g...
Nov 29 07:39:23 merthyr charon: 04[TNC]  640: 01 0C 0B 69 64 3A 34 39 34 36 35 38 30 30 31 17  ...id:494658001.
Nov 29 07:39:23 merthyr charon: 04[TNC]  656: 30 15 06 05 67 81 05 02 02 0C 0C 53 4C 42 39 36  0...g......SLB96
Nov 29 07:39:23 merthyr charon: 04[TNC]  672: 33 35 54 54 31 2E 32 31 12 30 10 06 05 67 81 05  35TT1.21.0...g..
Nov 29 07:39:23 merthyr charon: 04[TNC]  688: 02 03 0C 07 69 64 3A 30 31 30 32 A0 0B 06 05 67  ....id:0102....g
Nov 29 07:39:23 merthyr charon: 04[TNC]  704: 81 05 02 0F A0 02 0C 00 30 0C 06 03 55 1D 13 01  ........0...U...
Nov 29 07:39:23 merthyr charon: 04[TNC]  720: 01 FF 04 02 30 00 30 82 01 27 06 03 55 1D 20 01  ....0.0..'..U. .
Nov 29 07:39:23 merthyr charon: 04[TNC]  736: 01 FF 04 82 01 1B 30 82 01 17 30 67 06 0A 2B 06  ......0...0g..+.
Nov 29 07:39:23 merthyr charon: 04[TNC]  752: 01 04 01 81 E3 42 01 11 30 59 30 29 06 08 2B 06  .....B..0Y0)..+.
Nov 29 07:39:23 merthyr charon: 04[TNC]  768: 01 05 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 77  ........http://w
Nov 29 07:39:23 merthyr charon: 04[TNC]  784: 77 77 2E 70 72 69 76 61 63 79 63 61 2E 63 6F 6D  ww.privacyca.com
Nov 29 07:39:23 merthyr charon: 04[TNC]  800: 2F 63 70 73 2F 30 2C 06 08 2B 06 01 05 05 07 02  /cps/0,..+......
Nov 29 07:39:23 merthyr charon: 04[TNC]  816: 02 30 20 0C 1E 54 43 50 41 20 54 72 75 73 74 65  .0 ..TCPA Truste
Nov 29 07:39:23 merthyr charon: 04[TNC]  832: 64 20 50 6C 61 74 66 6F 72 6D 20 49 64 65 6E 74  d Platform Ident
Nov 29 07:39:23 merthyr charon: 04[TNC]  848: 69 74 79 30 81 AB 06 0B 60 86 48 01 86 F8 45 01  ity0....`.H...E.
Nov 29 07:39:23 merthyr charon: 04[TNC]  864: 07 2F 01 30 81 9B 30 39 06 08 2B 06 01 05 05 07  ./.0..09..+.....
Nov 29 07:39:23 merthyr charon: 04[TNC]  880: 02 01 16 2D 68 74 74 70 3A 2F 2F 77 77 77 2E 76  ...-http://www.v
Nov 29 07:39:23 merthyr charon: 04[TNC]  896: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 6F  erisign.com/repo
Nov 29 07:39:23 merthyr charon: 04[TNC]  912: 73 69 74 6F 72 79 2F 69 6E 64 65 78 2E 68 74 6D  sitory/index.htm
Nov 29 07:39:23 merthyr charon: 04[TNC]  928: 6C 30 5E 06 08 2B 06 01 05 05 07 02 02 30 52 1E  l0^..+.......0R.
Nov 29 07:39:23 merthyr charon: 04[TNC]  944: 50 00 54 00 43 00 50 00 41 00 20 00 54 00 72 00  P.T.C.P.A. .T.r.
Nov 29 07:39:23 merthyr charon: 04[TNC]  960: 75 00 73 00 74 00 65 00 64 00 20 00 50 00 6C 00  u.s.t.e.d. .P.l.
Nov 29 07:39:23 merthyr charon: 04[TNC]  976: 61 00 74 00 66 00 6F 00 72 00 6D 00 20 00 4D 00  a.t.f.o.r.m. .M.
Nov 29 07:39:23 merthyr charon: 04[TNC]  992: 6F 00 64 00 75 00 6C 00 65 00 20 00 45 00 6E 00  o.d.u.l.e. .E.n.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1008: 64 00 6F 00 72 00 73 00 65 00 6D 00 65 00 6E 00  d.o.r.s.e.m.e.n.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1024: 74 30 1F 06 03 55 1D 23 04 18 30 16 80 14 66 FF  t0...U.#..0...f.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1040: 3C C0 41 02 0A 60 27 4C BE 29 81 F0 58 DC B2 A3  <.A..`'L.)..X...
Nov 29 07:39:23 merthyr charon: 04[TNC] 1056: 3E A2 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05  >.0...*.H.......
Nov 29 07:39:23 merthyr charon: 04[TNC] 1072: 00 03 82 01 01 00 78 17 95 B0 D1 B5 99 AE 90 DF  ......x.........
Nov 29 07:39:23 merthyr charon: 04[TNC] 1088: 4A AA 02 38 60 9A 05 7A 53 08 00 E9 4B F8 0F 01  J..8`..zS...K...
Nov 29 07:39:23 merthyr charon: 04[TNC] 1104: A7 26 B7 54 B0 8E F8 9C 64 B1 CE 9B D1 F5 D6 C2  .&.T....d.......
Nov 29 07:39:23 merthyr charon: 04[TNC] 1120: 3C 4A 20 56 FC 64 B0 21 58 B9 7B 5B FB 65 0C 2A  <J V.d.!X.{[.e.*
Nov 29 07:39:23 merthyr charon: 04[TNC] 1136: BE 0A 64 92 DC 60 EE 3A 6F E9 89 E3 2C 59 D8 DB  ..d..`.:o...,Y..
Nov 29 07:39:23 merthyr charon: 04[TNC] 1152: E5 97 6B 97 EE D3 D5 E1 01 A8 80 2A 56 7A 4F 36  ..k........*VzO6
Nov 29 07:39:23 merthyr charon: 04[TNC] 1168: 2B F8 2B 84 91 A1 0A 16 00 B3 4E BE 1D BE 6F C3  +.+.......N...o.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1184: 6C 5F ED A9 61 43 54 84 8D E8 E2 9C 08 5D 01 D2  l_..aCT......]..
Nov 29 07:39:23 merthyr charon: 04[TNC] 1200: FC E0 0E CB 2B 00 BF CE 42 B2 68 B2 E2 79 9D 26  ....+...B.h..y.&
Nov 29 07:39:23 merthyr charon: 04[TNC] 1216: CC FE C4 25 D6 6A AB 16 CA 39 FE 55 E5 EA AC 43  ...%.j...9.U...C
Nov 29 07:39:23 merthyr charon: 04[TNC] 1232: D8 B1 C5 CE 94 03 FB 5F E9 88 A1 64 64 C1 53 8A  ......._...dd.S.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1248: 6C 80 D1 9C B6 AC 83 FA 6F E4 B6 67 55 85 06 D2  l.......o..gU...
Nov 29 07:39:23 merthyr charon: 04[TNC] 1264: 86 49 0E 97 7B 23 1D 8B 60 6B FD 98 29 47 99 D3  .I..{#..`k..)G..
Nov 29 07:39:23 merthyr charon: 04[TNC] 1280: A8 69 5D 71 E2 0E 3F 12 D4 82 FC 66 3B 72 24 06  .i]q..?....f;r$.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1296: 99 77 EF 28 92 FD E0 03 3B 95 21 C0 1C EF BA 75  .w.(....;.!....u
Nov 29 07:39:23 merthyr charon: 04[TNC] 1312: B1 04 B6 1B 4A CE 59 66 D9 DF BE 2B 03 4A CD BB  ....J.Yf...+.J..
Nov 29 07:39:23 merthyr charon: 04[TNC] 1328: 21 32 C4 E3 27 49                                !2..'I

The TNC client packs this large PA-TNC message into an outgoing PB-TNC CDATA batch:

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01
Nov 29 07:39:23 merthyr charon: 04[TNC] creating PB-TNC CDATA batch
Nov 29 07:39:23 merthyr charon: 04[TNC] adding PB-PA message
Nov 29 07:39:23 merthyr charon: 04[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Nov 29 07:39:23 merthyr charon: 04[TNC] sending PB-TNC CDATA batch (1413 bytes) for Connection ID 1
Nov 29 07:39:23 merthyr charon: 04[TNC] => 1413 bytes @ 0x826f1c4
Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 02 00 00 01 00 00 05 85 80 00 00 00 00 00 00 01  ................
Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 00 00 05 7D 00 00 55 97 00 00 00 01 00 01 FF FF  ...}..U.........
Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 01 00 00 00 1E 82 D8 06 00 00 55 97 09 00 00 00  ..........U.....
Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 00 00 00 1B 00 30 01 02 01 02 00 02 00 49 46 58  .....0.......IFX
Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 00 00 00 00 00 55 97 0E 00 00 00 00 00 05 42 00  .....U........B.
Nov 29 07:39:23 merthyr charon: 04[TNC]   80: 30 82 05 31 30 82 04 19 A0 03 02 01 02 02 10 15  0..10...........
Nov 29 07:39:23 merthyr charon: 04[TNC]   96: C8 E6 07 AD F7 B6 3C 0A F2 87 51 0C 34 F7 BA 30  ......<...Q.4..0
Nov 29 07:39:23 merthyr charon: 04[TNC]  112: 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 4D  ...*.H........0M
Nov 29 07:39:23 merthyr charon: 04[TNC]  128: 31 16 30 14 06 03 55 04 0A 13 0D 70 72 69 76 61  1.0...U....priva
Nov 29 07:39:23 merthyr charon: 04[TNC]  144: 63 79 63 61 2E 63 6F 6D 31 33 30 31 06 03 55 04  cyca.com1301..U.
Nov 29 07:39:23 merthyr charon: 04[TNC]  160: 03 13 2A 50 72 69 76 61 63 79 20 43 41 20 45 4B  ..*Privacy CA EK
Nov 29 07:39:23 merthyr charon: 04[TNC]  176: 2D 43 65 72 74 2D 43 68 65 63 6B 65 64 20 41 49  -Cert-Checked AI
Nov 29 07:39:23 merthyr charon: 04[TNC]  192: 4B 20 43 65 72 74 69 66 69 63 61 74 65 30 1E 17  K Certificate0..
Nov 29 07:39:23 merthyr charon: 04[TNC]  208: 0D 31 31 31 31 30 32 30 37 35 30 35 31 5A 17 0D  .111102075051Z..
Nov 29 07:39:23 merthyr charon: 04[TNC]  224: 31 32 31 31 30 32 30 37 35 30 35 31 5A 30 00 30  121102075051Z0.0
Nov 29 07:39:23 merthyr charon: 04[TNC]  240: 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01  .."0...*.H......
Nov 29 07:39:23 merthyr charon: 04[TNC]  256: 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00  .......0........
Nov 29 07:39:23 merthyr charon: 04[TNC]  272: E9 1C 5F 57 5B 73 5F 35 15 BD AF 29 89 13 F1 F9  .._W[s_5...)....
Nov 29 07:39:23 merthyr charon: 04[TNC]  288: 8D 83 62 6C 73 C0 5F 8B 90 5A B8 1A 72 B9 D2 51  ..bls._..Z..r..Q
Nov 29 07:39:23 merthyr charon: 04[TNC]  304: F8 DC 24 CF 0D 9E E2 0B F8 8D 11 CD B2 E5 6B CB  ..$...........k.
Nov 29 07:39:23 merthyr charon: 04[TNC]  320: C2 AB FA BD F4 74 D2 25 B3 AE CE 47 66 58 A6 65  .....t.%...GfX.e
Nov 29 07:39:23 merthyr charon: 04[TNC]  336: A4 CA 36 24 1E 6E 22 A4 9F 88 C5 63 78 AD 53 33  ..6$.n"....cx.S3
Nov 29 07:39:23 merthyr charon: 04[TNC]  352: 90 22 91 6F 83 8F 2A A8 98 0C 15 3E 89 19 48 63  .".o..*....>..Hc
Nov 29 07:39:23 merthyr charon: 04[TNC]  368: BE 4C 35 02 F4 03 7E 10 8E 4D DB 5A D1 63 9A 3C  .L5...~..M.Z.c.<
Nov 29 07:39:23 merthyr charon: 04[TNC]  384: D9 63 F5 7B C6 73 0F 23 05 B6 00 30 3B 34 6C 3C  .c.{.s.#...0;4l<
Nov 29 07:39:23 merthyr charon: 04[TNC]  400: 10 A9 A5 4A 79 2E 62 88 E3 CC 7F 7B A7 5A E3 6F  ...Jy.b....{.Z.o
Nov 29 07:39:23 merthyr charon: 04[TNC]  416: 13 7A BD BF 86 1D 3C E3 12 3A 8C 0E 7D 47 55 C6  .z....<..:..}GU.
Nov 29 07:39:23 merthyr charon: 04[TNC]  432: 76 A9 D3 61 16 22 8A 32 C5 E7 CD 17 DB 5F A1 67  v..a.".2....._.g
Nov 29 07:39:23 merthyr charon: 04[TNC]  448: CC 1D F5 D9 25 51 01 33 1E 05 45 85 53 2E 2C 2B  ....%Q.3..E.S.,+
Nov 29 07:39:23 merthyr charon: 04[TNC]  464: 1D 59 E5 FE C2 61 26 36 12 05 F2 5C 95 F8 70 E6  .Y...a&6...\..p.
Nov 29 07:39:23 merthyr charon: 04[TNC]  480: 6A DB BF 30 1E 46 05 E6 0E 94 3C 0C C6 1C 96 B4  j..0.F....<.....
Nov 29 07:39:23 merthyr charon: 04[TNC]  496: 59 AC 5C 63 15 8C 77 E8 45 91 6B 8B B1 0D DB 26  Y.\c..w.E.k....&
Nov 29 07:39:23 merthyr charon: 04[TNC]  512: 3C E5 34 1C E8 B9 B5 6E 7F 9B 6E 7D 24 82 6E 2B  <.4....n..n}$.n+
Nov 29 07:39:23 merthyr charon: 04[TNC]  528: 02 03 01 00 01 A3 82 02 58 30 82 02 54 30 81 93  ........X0..T0..
Nov 29 07:39:23 merthyr charon: 04[TNC]  544: 06 03 55 1D 09 04 81 8B 30 81 88 30 3A 06 03 55  ..U.....0..0:..U
Nov 29 07:39:23 merthyr charon: 04[TNC]  560: 04 34 31 33 30 0B 30 09 06 05 2B 0E 03 02 1A 05  .4130.0...+.....
Nov 29 07:39:23 merthyr charon: 04[TNC]  576: 00 30 24 30 22 06 09 2A 86 48 86 F7 0D 01 01 07  .0$0"..*.H......
Nov 29 07:39:23 merthyr charon: 04[TNC]  592: 30 15 A2 13 30 11 06 09 2A 86 48 86 F7 0D 01 01  0...0...*.H.....
Nov 29 07:39:23 merthyr charon: 04[TNC]  608: 09 04 04 54 43 50 41 30 16 06 05 67 81 05 02 10  ...TCPA0...g....
Nov 29 07:39:23 merthyr charon: 04[TNC]  624: 31 0D 30 0B 0C 03 31 2E 32 02 01 02 02 01 00 30  1.0...1.2......0
Nov 29 07:39:23 merthyr charon: 04[TNC]  640: 32 06 05 67 81 05 02 12 31 29 30 27 01 01 FF A0  2..g....1)0'....
Nov 29 07:39:23 merthyr charon: 04[TNC]  656: 03 0A 01 01 A1 03 0A 01 00 A2 03 0A 01 00 A3 10  ................
Nov 29 07:39:23 merthyr charon: 04[TNC]  672: 30 0E 16 03 33 2E 30 0A 01 04 0A 01 00 01 01 FF  0...3.0.........
Nov 29 07:39:23 merthyr charon: 04[TNC]  688: 01 01 FF 30 62 06 03 55 1D 11 01 01 FF 04 58 30  ...0b..U......X0
Nov 29 07:39:23 merthyr charon: 04[TNC]  704: 56 A4 47 30 45 31 16 30 14 06 05 67 81 05 02 01  V.G0E1.0...g....
Nov 29 07:39:23 merthyr charon: 04[TNC]  720: 0C 0B 69 64 3A 34 39 34 36 35 38 30 30 31 17 30  ..id:494658001.0
Nov 29 07:39:23 merthyr charon: 04[TNC]  736: 15 06 05 67 81 05 02 02 0C 0C 53 4C 42 39 36 33  ...g......SLB963
Nov 29 07:39:23 merthyr charon: 04[TNC]  752: 35 54 54 31 2E 32 31 12 30 10 06 05 67 81 05 02  5TT1.21.0...g...
Nov 29 07:39:23 merthyr charon: 04[TNC]  768: 03 0C 07 69 64 3A 30 31 30 32 A0 0B 06 05 67 81  ...id:0102....g.
Nov 29 07:39:23 merthyr charon: 04[TNC]  784: 05 02 0F A0 02 0C 00 30 0C 06 03 55 1D 13 01 01  .......0...U....
Nov 29 07:39:23 merthyr charon: 04[TNC]  800: FF 04 02 30 00 30 82 01 27 06 03 55 1D 20 01 01  ...0.0..'..U. ..
Nov 29 07:39:23 merthyr charon: 04[TNC]  816: FF 04 82 01 1B 30 82 01 17 30 67 06 0A 2B 06 01  .....0...0g..+..
Nov 29 07:39:23 merthyr charon: 04[TNC]  832: 04 01 81 E3 42 01 11 30 59 30 29 06 08 2B 06 01  ....B..0Y0)..+..
Nov 29 07:39:23 merthyr charon: 04[TNC]  848: 05 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 77 77  .......http://ww
Nov 29 07:39:23 merthyr charon: 04[TNC]  864: 77 2E 70 72 69 76 61 63 79 63 61 2E 63 6F 6D 2F  w.privacyca.com/
Nov 29 07:39:23 merthyr charon: 04[TNC]  880: 63 70 73 2F 30 2C 06 08 2B 06 01 05 05 07 02 02  cps/0,..+.......
Nov 29 07:39:23 merthyr charon: 04[TNC]  896: 30 20 0C 1E 54 43 50 41 20 54 72 75 73 74 65 64  0 ..TCPA Trusted
Nov 29 07:39:23 merthyr charon: 04[TNC]  912: 20 50 6C 61 74 66 6F 72 6D 20 49 64 65 6E 74 69   Platform Identi
Nov 29 07:39:23 merthyr charon: 04[TNC]  928: 74 79 30 81 AB 06 0B 60 86 48 01 86 F8 45 01 07  ty0....`.H...E..
Nov 29 07:39:23 merthyr charon: 04[TNC]  944: 2F 01 30 81 9B 30 39 06 08 2B 06 01 05 05 07 02  /.0..09..+......
Nov 29 07:39:23 merthyr charon: 04[TNC]  960: 01 16 2D 68 74 74 70 3A 2F 2F 77 77 77 2E 76 65  ..-http://www.ve
Nov 29 07:39:23 merthyr charon: 04[TNC]  976: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73  risign.com/repos
Nov 29 07:39:23 merthyr charon: 04[TNC]  992: 69 74 6F 72 79 2F 69 6E 64 65 78 2E 68 74 6D 6C  itory/index.html
Nov 29 07:39:23 merthyr charon: 04[TNC] 1008: 30 5E 06 08 2B 06 01 05 05 07 02 02 30 52 1E 50  0^..+.......0R.P
Nov 29 07:39:23 merthyr charon: 04[TNC] 1024: 00 54 00 43 00 50 00 41 00 20 00 54 00 72 00 75  .T.C.P.A. .T.r.u
Nov 29 07:39:23 merthyr charon: 04[TNC] 1040: 00 73 00 74 00 65 00 64 00 20 00 50 00 6C 00 61  .s.t.e.d. .P.l.a
Nov 29 07:39:23 merthyr charon: 04[TNC] 1056: 00 74 00 66 00 6F 00 72 00 6D 00 20 00 4D 00 6F  .t.f.o.r.m. .M.o
Nov 29 07:39:23 merthyr charon: 04[TNC] 1072: 00 64 00 75 00 6C 00 65 00 20 00 45 00 6E 00 64  .d.u.l.e. .E.n.d
Nov 29 07:39:23 merthyr charon: 04[TNC] 1088: 00 6F 00 72 00 73 00 65 00 6D 00 65 00 6E 00 74  .o.r.s.e.m.e.n.t
Nov 29 07:39:23 merthyr charon: 04[TNC] 1104: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 66 FF 3C  0...U.#..0...f.<
Nov 29 07:39:23 merthyr charon: 04[TNC] 1120: C0 41 02 0A 60 27 4C BE 29 81 F0 58 DC B2 A3 3E  .A..`'L.)..X...>
Nov 29 07:39:23 merthyr charon: 04[TNC] 1136: A2 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00  .0...*.H........
Nov 29 07:39:23 merthyr charon: 04[TNC] 1152: 03 82 01 01 00 78 17 95 B0 D1 B5 99 AE 90 DF 4A  .....x.........J
Nov 29 07:39:23 merthyr charon: 04[TNC] 1168: AA 02 38 60 9A 05 7A 53 08 00 E9 4B F8 0F 01 A7  ..8`..zS...K....
Nov 29 07:39:23 merthyr charon: 04[TNC] 1184: 26 B7 54 B0 8E F8 9C 64 B1 CE 9B D1 F5 D6 C2 3C  &.T....d.......<
Nov 29 07:39:23 merthyr charon: 04[TNC] 1200: 4A 20 56 FC 64 B0 21 58 B9 7B 5B FB 65 0C 2A BE  J V.d.!X.{[.e.*.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1216: 0A 64 92 DC 60 EE 3A 6F E9 89 E3 2C 59 D8 DB E5  .d..`.:o...,Y...
Nov 29 07:39:23 merthyr charon: 04[TNC] 1232: 97 6B 97 EE D3 D5 E1 01 A8 80 2A 56 7A 4F 36 2B  .k........*VzO6+
Nov 29 07:39:23 merthyr charon: 04[TNC] 1248: F8 2B 84 91 A1 0A 16 00 B3 4E BE 1D BE 6F C3 6C  .+.......N...o.l
Nov 29 07:39:23 merthyr charon: 04[TNC] 1264: 5F ED A9 61 43 54 84 8D E8 E2 9C 08 5D 01 D2 FC  _..aCT......]...
Nov 29 07:39:23 merthyr charon: 04[TNC] 1280: E0 0E CB 2B 00 BF CE 42 B2 68 B2 E2 79 9D 26 CC  ...+...B.h..y.&.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1296: FE C4 25 D6 6A AB 16 CA 39 FE 55 E5 EA AC 43 D8  ..%.j...9.U...C.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1312: B1 C5 CE 94 03 FB 5F E9 88 A1 64 64 C1 53 8A 6C  ......_...dd.S.l
Nov 29 07:39:23 merthyr charon: 04[TNC] 1328: 80 D1 9C B6 AC 83 FA 6F E4 B6 67 55 85 06 D2 86  .......o..gU....
Nov 29 07:39:23 merthyr charon: 04[TNC] 1344: 49 0E 97 7B 23 1D 8B 60 6B FD 98 29 47 99 D3 A8  I..{#..`k..)G...
Nov 29 07:39:23 merthyr charon: 04[TNC] 1360: 69 5D 71 E2 0E 3F 12 D4 82 FC 66 3B 72 24 06 99  i]q..?....f;r$..
Nov 29 07:39:23 merthyr charon: 04[TNC] 1376: 77 EF 28 92 FD E0 03 3B 95 21 C0 1C EF BA 75 B1  w.(....;.!....u.
Nov 29 07:39:23 merthyr charon: 04[TNC] 1392: 04 B6 1B 4A CE 59 66 D9 DF BE 2B 03 4A CD BB 21  ...J.Yf...+.J..!
Nov 29 07:39:23 merthyr charon: 04[TNC] 1408: 32 C4 E3 27 49                                   2..'I
Nov 29 07:39:23 merthyr charon: 04[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Nov 29 07:39:23 merthyr charon: 04[ENC] generating IKE_AUTH request 10 [ EAP/RES/TTLS ]
Nov 29 07:39:23 merthyr charon: 04[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

File Metadata and Measurement

This PB-TNC CDATA batch contains file metadata and measurement requests:

Nov 29 07:39:23 merthyr charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:23 merthyr charon: 06[ENC] parsed IKE_AUTH response 10 [ EAP/REQ/TTLS ]
Nov 29 07:39:23 merthyr charon: 06[ENC] generating IKE_AUTH request 11 [ EAP/RES/TTLS ]
Nov 29 07:39:23 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:24 merthyr charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:24 merthyr charon: 10[ENC] parsed IKE_AUTH response 11 [ EAP/REQ/TTLS ]
Nov 29 07:39:24 merthyr charon: 10[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]
Nov 29 07:39:24 merthyr charon: 10[TNC] received TNCCS batch (263 bytes) for Connection ID 1
Nov 29 07:39:24 merthyr charon: 10[TNC] => 263 bytes @ 0x82665f6
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 02 80 00 02 00 00 01 07 80 00 00 00 00 00 00 01  ................
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 00 00 00 FF 00 00 55 97 00 00 00 01 FF FF 00 01  ......U.........
Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 01 00 00 00 DF 70 5C F3 80 00 55 97 00 70 00 00  .....p\...U..p..
Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 00 00 00 1F 00 2F 00 00 2F 65 74 63 2F 74 6E 63  ...../../etc/tnc
Nov 29 07:39:24 merthyr charon: 10[TNC]   64: 5F 63 6F 6E 66 69 67 80 00 55 97 00 C0 00 00 00  _config..U......
Nov 29 07:39:24 merthyr charon: 10[TNC]   80: 00 00 32 00 00 00 01 00 00 00 2F 2F 6C 69 62 2F  ..2.......//lib/
Nov 29 07:39:24 merthyr charon: 10[TNC]   96: 69 33 38 36 2D 6C 69 6E 75 78 2D 67 6E 75 2F 6C  i386-linux-gnu/l
Nov 29 07:39:24 merthyr charon: 10[TNC]  112: 69 62 64 6C 2E 73 6F 2E 32 80 00 55 97 00 C0 00  ibdl.so.2..U....
Nov 29 07:39:24 merthyr charon: 10[TNC]  128: 00 00 00 00 22 00 00 00 02 00 00 00 2F 2F 73 62  ....".......//sb
Nov 29 07:39:24 merthyr charon: 10[TNC]  144: 69 6E 2F 69 70 74 61 62 6C 65 73 80 00 55 97 00  in/iptables..U..
Nov 29 07:39:24 merthyr charon: 10[TNC]  160: C0 00 00 00 00 00 28 00 00 00 03 00 00 00 2F 2F  ......(.......//
Nov 29 07:39:24 merthyr charon: 10[TNC]  176: 6C 69 62 2F 6C 69 62 78 74 61 62 6C 65 73 2E 73  lib/libxtables.s
Nov 29 07:39:24 merthyr charon: 10[TNC]  192: 6F 2E 35 80 00 55 97 00 C0 00 00 00 00 00 21 80  o.5..U........!.
Nov 29 07:39:24 merthyr charon: 10[TNC]  208: 00 00 04 00 00 00 2F 2F 6C 69 62 2F 78 74 61 62  ......//lib/xtab
Nov 29 07:39:24 merthyr charon: 10[TNC]  224: 6C 65 73 2F 80 00 55 97 00 C0 00 00 00 00 00 23  les/..U........#
Nov 29 07:39:24 merthyr charon: 10[TNC]  240: 00 00 00 05 00 00 00 2F 2F 73 62 69 6E 2F 69 70  .......//sbin/ip
Nov 29 07:39:24 merthyr charon: 10[TNC]  256: 36 74 61 62 6C 65 73                             6tables
Nov 29 07:39:24 merthyr charon: 10[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Nov 29 07:39:24 merthyr charon: 10[TNC] processing PB-TNC SDATA batch

Again the PTS-IMC is subscribed to this PB-PA message type:

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PB-PA message (255 bytes)
Nov 29 07:39:24 merthyr charon: 10[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

The PA-TNC message consists of one 'Request File Metadata' and five 'Request File Measurement' attributes:

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC message with ID 0xdf705cf3
Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 19 bytes @ 0x8268c20
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 2F 00 00 2F 65 74 63 2F 74 6E 63 5F 63 6F 6E  ./../etc/tnc_con
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 66 69 67                                         fig
Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 38 bytes @ 0x8268c3f
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 01 00 00 00 2F 2F 6C 69 62 2F 69 33 38  .......//lib/i38
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 36 2D 6C 69 6E 75 78 2D 67 6E 75 2F 6C 69 62 64  6-linux-gnu/libd
Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 6C 2E 73 6F 2E 32                                l.so.2
Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 22 bytes @ 0x8268c71
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 02 00 00 00 2F 2F 73 62 69 6E 2F 69 70  .......//sbin/ip
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 74 61 62 6C 65 73                                tables
Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 28 bytes @ 0x8268c93
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 03 00 00 00 2F 2F 6C 69 62 2F 6C 69 62  .......//lib/lib
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 78 74 61 62 6C 65 73 2E 73 6F 2E 35              xtables.so.5
Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 21 bytes @ 0x8268cbb
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 80 00 00 04 00 00 00 2F 2F 6C 69 62 2F 78 74 61  .......//lib/xta
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 62 6C 65 73 2F                                   bles/
Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 23 bytes @ 0x8268cdc
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 05 00 00 00 2F 2F 73 62 69 6E 2F 69 70  .......//sbin/ip
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 36 74 61 62 6C 65 73                             6tables

The metadata for /etc/tnc_config is retrieved and the SHA-1 hash values for the four file measurement requests are computed.
Measurement request 4 is for the contents of a directory which generates quite some work.

Nov 29 07:39:24 merthyr charon: 10[IMC] metadata request for file '/etc/tnc_config'
Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 1 for file '/lib/i386-linux-gnu/libdl.so.2'
Nov 29 07:39:24 merthyr charon: 10[PTS]   40:76:39:35:cd:ea:25:11:90:02:c4:2f:98:4b:99:4d:8d:2a:6d:75 for 'libdl.so.2'
Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 2 for file '/sbin/iptables'
Nov 29 07:39:24 merthyr charon: 10[PTS]   ff:6d:ec:a0:ee:b7:a2:57:20:5c:5f:0a:b5:f5:d8:21:ea:18:40:98 for 'iptables'
Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 3 for file '/lib/libxtables.so.5'
Nov 29 07:39:24 merthyr charon: 10[PTS]   7a:3c:a7:21:58:e6:0b:0c:91:e4:8a:42:08:48:f1:b6:93:ae:a2:6c for 'libxtables.so.5'
Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 4 for directory '/lib/xtables/'
Nov 29 07:39:24 merthyr charon: 10[PTS]   2d:0d:d5:0b:f5:10:78:05:b7:f9:35:c7:2f:94:c9:ba:a2:01:22:b0 for 'libxt_quota.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   33:9a:58:a1:b3:13:83:0c:3c:c7:4c:b3:fb:52:a5:b8:15:2f:44:e6 for 'libxt_esp.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   a3:45:6c:85:20:bf:0b:c3:f0:ee:0a:1c:80:03:21:c0:19:b4:a8:82 for 'libxt_standard.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   47:e0:cf:82:a1:21:16:d6:8a:a6:42:39:c4:9a:23:aa:b6:cb:35:f4 for 'libxt_string.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   3e:1c:20:2b:10:37:cc:24:54:fd:0d:cc:cc:40:e3:15:71:63:0d:9f for 'libxt_CONNMARK.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   3d:c5:69:0b:31:f0:69:93:3c:cc:14:e4:3f:7c:09:da:a3:e0:09:8d for 'libxt_mac.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   2b:07:68:91:49:e0:7c:ed:d6:d3:77:49:3d:17:68:ff:23:78:ac:b8 for 'libip6t_ipv6header.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   fd:d2:27:82:6f:c2:9d:b7:d1:b6:ed:2b:e4:14:52:14:f3:92:16:cd for 'libipt_TTL.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   1d:74:0a:bd:38:f9:f4:bc:81:ca:43:4a:0e:25:b6:e2:17:04:24:8b for 'libxt_tcp.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   18:36:41:80:9a:27:b0:8f:fe:59:c1:38:8c:da:6c:41:4b:dc:e6:d6 for 'libxt_tos.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   2d:32:ef:93:12:6a:bf:8c:66:0d:57:c6:7e:50:76:c6:39:4c:ab:e8 for 'libxt_policy.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   8f:d3:f5:95:98:1c:49:89:61:fc:94:67:83:0d:dd:37:20:08:c0:85 for 'libxt_physdev.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   34:3d:51:24:47:fc:02:22:63:19:9f:d2:3f:7b:21:6b:46:e0:1e:b3 for 'libxt_sctp.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   3b:1c:fb:8c:71:c9:04:be:b5:57:19:34:87:91:5f:f5:82:6a:33:47 for 'libipt_ecn.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   06:5d:f7:20:d2:c2:86:71:72:8a:96:33:53:0d:e5:94:cf:bf:e8:97 for 'libxt_recent.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   00:32:1b:d8:00:d7:08:2f:0d:ee:78:ef:a1:66:1e:24:6c:3d:aa:b4 for 'libxt_iprange.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   ac:87:0e:51:06:2d:69:a6:b1:9a:71:e5:1d:19:4b:9b:0c:29:51:cf for 'libip6t_dst.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   24:15:12:c0:4d:81:6c:c8:91:10:f1:c0:fd:ab:39:d4:97:ad:9f:1b for 'libxt_TPROXY.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   32:d4:43:76:1a:af:13:ef:8b:3c:d7:86:9a:f9:0b:57:a7:44:58:25 for 'libxt_connlimit.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   71:40:3f:f1:c6:ca:92:7a:ba:1d:c6:8c:8e:52:a6:76:ae:c1:c9:70 for 'libxt_RATEEST.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   c1:66:c2:84:d3:95:78:3a:48:d3:02:c9:61:cb:60:d7:ec:e7:68:ab for 'libxt_multiport.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   22:35:fe:d7:aa:6b:9a:8b:9b:db:7f:db:34:9a:35:9f:01:c1:b4:01 for 'libxt_u32.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   6c:f9:db:a7:25:ac:38:d3:be:ff:dc:d8:f6:65:5b:d5:f4:66:6d:25 for 'libipt_icmp.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   d6:c8:df:ba:ae:7a:b2:8b:5c:ef:26:26:a2:af:3f:99:a6:ea:43:65 for 'libipt_LOG.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   39:09:5f:23:c9:34:72:21:57:5d:a8:a1:30:41:cc:7b:dc:de:73:54 for 'libxt_cpu.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   23:29:6f:48:27:6e:16:0b:6d:99:b1:b4:2a:91:14:df:72:0b:b1:ab for 'libip6t_LOG.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   c9:16:92:db:c9:06:c0:de:e9:7c:b9:6e:ba:fd:6e:f1:ff:cc:4d:1b for 'libip6t_icmp6.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   2e:a8:67:ef:38:48:b8:a0:2d:a4:d3:99:4b:1f:0e:bc:db:5c:9e:80 for 'libxt_comment.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   b5:99:55:3b:bd:35:be:b4:f9:93:90:33:f4:4b:65:3d:ad:ba:5e:9c for 'libxt_statistic.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   18:fa:a3:14:df:37:fc:d0:1b:9f:1a:ea:6f:db:f0:70:c8:38:b6:a6 for 'libxt_state.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   aa:9a:5b:58:cb:d0:53:5b:ce:8d:d9:e4:f2:d8:d3:25:38:ce:24:72 for 'libxt_tcpmss.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   1c:b5:30:10:26:19:6e:d1:d2:6f:9c:7f:92:f3:6f:b1:ee:39:48:41 for 'libxt_time.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   7f:cd:3d:b6:df:87:13:c0:e7:c7:2d:ad:d7:04:55:99:a7:49:f2:a0 for 'libipt_REJECT.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   73:d7:5e:80:9f:53:fc:84:40:73:08:db:52:89:3f:3d:31:83:53:10 for 'libxt_limit.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   ee:9b:c9:37:a8:db:06:d4:ba:a2:14:7b:47:8e:ac:af:fe:8c:c8:f7 for 'libipt_realm.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   86:6c:55:30:ae:45:69:1b:3c:4e:08:ba:29:3b:33:26:e8:ff:1f:b3 for 'libip6t_frag.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   d0:27:a6:aa:de:8b:34:d2:72:d5:f2:23:5d:81:78:83:90:40:48:13 for 'libxt_DSCP.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   24:f6:13:0d:e2:e5:bb:94:30:b7:1a:aa:e5:c9:42:47:b3:b6:ea:91 for 'libip6t_hl.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   ab:78:0c:51:34:7b:ff:66:9c:97:1e:f2:c7:0b:06:d9:bd:78:7b:c9 for 'libxt_connmark.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   f2:b9:91:45:6c:6b:6e:55:04:03:d4:66:5c:13:d6:c2:3e:a9:f4:a3 for 'libxt_SET.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   a6:06:e1:bb:12:92:88:f1:90:0d:57:88:1c:3e:ac:ee:e7:27:ec:64 for 'libxt_socket.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   9d:96:65:a3:38:9e:3f:67:a8:15:3f:a1:c3:7b:59:68:85:a4:09:b9 for 'libipt_SAME.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   5c:3a:42:5d:c4:25:60:8c:21:f7:3a:58:de:45:90:43:3a:e4:19:ad for 'libipt_ULOG.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   c5:22:71:d3:8f:10:56:78:d4:cd:0c:3c:04:0a:21:cc:db:24:57:e3 for 'libxt_pkttype.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   38:e9:ff:af:cf:02:73:6d:6b:9c:5e:b4:03:c5:d5:26:12:a4:64:16 for 'libxt_SECMARK.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   28:e0:5c:e1:9a:52:ab:16:23:71:cb:5c:14:8f:b1:6e:c7:c3:4a:d6 for 'libxt_NFLOG.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   e2:db:af:67:88:9b:bd:1f:f0:fb:da:b8:4e:00:e2:87:53:9d:61:ed for 'libxt_helper.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   44:92:7e:1b:2d:34:c5:d9:45:b8:13:33:8c:ca:41:98:3c:be:20:f7 for 'libxt_dscp.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   d6:0e:93:16:f6:2d:46:bd:1d:6b:f9:b7:34:d3:ac:7e:40:2f:29:30 for 'libipt_ttl.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   5d:93:68:d5:e3:ea:c0:93:d6:dc:ba:d5:c0:24:ed:3d:56:66:68:c2 for 'libxt_length.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   3e:f8:a5:fd:8a:e2:28:77:84:ae:7e:dc:f8:4f:bf:b5:24:b4:97:bb for 'libxt_CONNSECMARK.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   42:4c:99:a6:21:e1:19:c8:8b:f7:0e:78:ff:b6:4c:6d:72:db:7b:51 for 'libxt_NFQUEUE.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   29:8a:18:85:82:22:26:dc:be:b2:e9:08:f2:b2:69:b7:a8:27:1a:66 for 'libxt_CLASSIFY.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   c6:3e:0e:cc:c2:03:94:f9:3d:49:25:3b:33:0d:f3:2c:47:ff:d9:96 for 'libxt_CT.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   95:3b:e7:07:c1:5b:15:80:a3:bb:ed:4c:7e:4c:22:1e:2d:58:44:ff for 'libxt_CHECKSUM.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   7f:f7:ef:5a:4e:01:de:31:18:5d:79:cc:d9:a3:14:a6:a1:2d:3a:65 for 'libxt_TCPMSS.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   5a:eb:2e:92:6c:bd:3c:95:fe:82:25:e0:b3:ef:87:3a:3d:19:42:4b for 'libipt_MIRROR.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   7a:b7:2f:5e:8e:54:89:e6:d3:aa:3d:4f:8b:ac:d0:f9:3a:71:4b:e2 for 'libxt_TRACE.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   af:75:74:c5:d6:74:4d:fa:2e:2d:8c:d0:c4:f4:cc:f7:06:42:20:30 for 'libipt_NETMAP.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   f8:93:2b:81:16:dd:d4:cf:0f:d5:f5:52:88:18:f2:1a:df:90:cb:74 for 'libxt_ipvs.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   69:47:c7:94:45:0c:04:df:1c:c8:e4:17:15:ce:3d:24:7f:c5:16:c9 for 'libxt_connbytes.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   5a:0d:07:ab:03:66:03:a7:67:59:e5:f6:1f:7d:04:f2:d3:c0:56:cc for 'libipt_MASQUERADE.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   56:7e:01:c5:09:23:ab:1c:19:03:b6:fb:84:9f:a6:8f:19:63:0c:a3 for 'libip6t_HL.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   32:7f:fa:63:fc:c0:8e:14:e5:64:6b:78:ac:e3:76:94:3a:95:12:7a for 'libip6t_mh.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   d5:37:d4:37:f0:58:13:6e:b3:d7:be:51:7d:be:76:47:b6:23:c6:19 for 'libxt_mark.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   5d:32:1b:a9:90:9d:a2:38:b6:de:15:0b:0d:10:33:7c:16:cf:4c:e4 for 'libxt_TCPOPTSTRIP.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   47:52:53:2c:b9:41:a1:fd:98:11:4c:2f:99:9e:b6:16:98:bd:df:35 for 'libip6t_eui64.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   a0:7e:a0:ae:3d:00:8f:37:97:c5:67:e6:29:cb:73:79:cb:15:02:ed for 'libipt_addrtype.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   2c:19:75:6c:4a:35:48:68:d0:50:a6:58:32:e7:c1:36:b4:a9:94:c3 for 'libxt_LED.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   0f:c1:21:24:64:f3:b1:b9:73:eb:c0:6c:19:90:bb:b9:88:fe:cc:8a for 'libipt_CLUSTERIP.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   e3:58:f5:3f:5c:4b:73:df:16:22:e8:16:41:d9:18:f9:23:ab:c6:2c for 'libxt_cluster.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   20:cf:56:e5:ce:52:11:72:29:f5:5e:1e:ad:52:31:a7:66:b2:dd:5c for 'libxt_hashlimit.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   51:f1:be:7e:59:08:62:a2:c2:5f:29:f4:c5:ef:01:f0:52:df:2a:c5 for 'libipt_REDIRECT.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   3e:f9:01:0e:e2:24:7c:f2:d7:64:1c:f0:4f:0c:a7:32:d0:fd:e8:68 for 'libxt_NOTRACK.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   fc:ca:5d:a6:7d:11:c7:ad:fd:f8:49:88:b0:96:b0:20:f9:0e:77:8a for 'libip6t_rt.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   53:0e:8c:15:15:4a:da:bc:f7:39:c5:e2:46:ba:15:36:6f:05:b3:6b for 'libipt_ah.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   aa:d3:68:ae:62:e7:d0:1d:a3:3e:a7:8e:1a:7c:1a:1f:18:2a:6a:d4 for 'libxt_dccp.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   f7:d6:a5:d8:5a:32:98:d2:1c:ec:71:37:d9:47:da:90:c4:55:e4:6b for 'libxt_rateest.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   4e:05:db:c9:87:2d:6c:6d:af:38:45:8b:35:b1:ba:6d:6a:94:d2:1f for 'libip6t_REJECT.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   9f:b6:70:dc:86:7c:58:b5:83:ef:59:a0:c8:1b:56:35:1d:6b:2c:4b for 'libxt_IDLETIMER.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   36:1d:6f:75:96:07:ad:c4:0d:6f:e0:af:7d:3f:91:57:94:a4:db:b0 for 'libipt_ECN.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   f9:e3:53:1a:bb:67:a0:20:cf:66:7d:46:ca:82:36:75:dd:0a:0d:d4 for 'libxt_MARK.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   9a:d0:87:53:a6:70:8e:1d:60:da:ce:3a:58:ef:44:00:27:70:a6:bd for 'libipt_unclean.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   45:8a:e7:fc:05:34:ef:2a:eb:d5:6f:ce:4d:26:db:10:bd:7f:63:a4 for 'libip6t_hbh.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   42:2c:14:1e:ab:57:e9:c9:a8:0a:3c:7b:31:c2:6a:d4:d0:b5:ed:07 for 'libip6t_ah.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   37:d6:ae:25:19:77:21:4d:7a:d1:c2:95:80:94:24:af:1e:8e:76:b1 for 'libxt_set.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   dd:7b:c0:9b:d9:94:25:a1:e3:6b:69:a1:19:60:a9:00:37:e2:98:79 for 'libxt_TOS.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   ca:1e:da:79:68:a9:0f:6c:c9:14:0a:bd:d1:d1:77:11:6b:69:97:e1 for 'libxt_osf.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   e2:f7:b9:2a:bd:a7:69:f8:27:96:f5:7a:29:80:18:70:58:5d:ce:a3 for 'libipt_SNAT.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   48:a5:5a:a0:dc:11:94:af:63:ba:01:62:00:1c:e1:e9:b3:77:b1:59 for 'libxt_TEE.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   11:ce:3b:45:fe:b3:e6:6a:75:49:0d:42:ba:95:07:1a:c6:f4:0a:7f for 'libxt_udp.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   16:0d:2b:04:d1:1e:b2:25:fb:14:86:15:b6:99:08:18:69:e1:5b:6c for 'libipt_DNAT.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   33:d0:40:bc:0c:64:d3:8b:99:7b:fa:ee:ae:04:59:07:c5:2b:e6:70 for 'libxt_owner.so'
Nov 29 07:39:24 merthyr charon: 10[PTS]   6c:0b:2d:f4:fc:4c:91:22:b5:76:2a:e1:40:d5:3f:dd:1c:f9:e8:9b for 'libxt_conntrack.so'
Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 5 for file '/sbin/ip6tables'
Nov 29 07:39:24 merthyr charon: 10[PTS]   8a:7c:41:16:7b:c0:fc:c1:de:c8:32:9a:86:8b:a2:65:c2:38:57:f5 for 'ip6tables'

Packed into one 'Unix-Style File Metadata' and four 'File Measurement' attributes the measured file data is returned to the TNC server:

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC message with ID 0xf30f6458
Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 70 bytes @ 0x826ba6c
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 3E 08 00 00 00 00 00  .........>......
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 00 00 00 98 00 00 00 00 4E 51 49 8D 00 00 00 00  ........NQI.....
Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 4E 51 49 8D 00 00 00 00 4E D3 FC 59 00 00 00 00  NQI.....N..Y....
Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 00 00 00 00 00 00 00 00 00 00 00 00 74 6E 63 5F  ............tnc_
Nov 29 07:39:24 merthyr charon: 10[TNC]   64: 63 6F 6E 66 69 67                                config
Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 44 bytes @ 0x82573ec
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 01 00 14 40 76 39 35  ............@v95
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: CD EA 25 11 90 02 C4 2F 98 4B 99 4D 8D 2A 6D 75  ..%..../.K.M.*mu
Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 0A 6C 69 62 64 6C 2E 73 6F 2E 32              ..libdl.so.2
Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 42 bytes @ 0x82646bc
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 02 00 14 FF 6D EC A0  .............m..
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: EE B7 A2 57 20 5C 5F 0A B5 F5 D8 21 EA 18 40 98  ...W \_....!..@.
Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 08 69 70 74 61 62 6C 65 73                    ..iptables
Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 49 bytes @ 0x826bc4c
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 03 00 14 7A 3C A7 21  ............z<.!
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 58 E6 0B 0C 91 E4 8A 42 08 48 F1 B6 93 AE A2 6C  X......B.H.....l
Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 0F 6C 69 62 78 74 61 62 6C 65 73 2E 73 6F 2E  ..libxtables.so.
Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 35                                               5
Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 3475 bytes @ 0x82713c4
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 5E 00 04 00 14 2D 0D D5 0B  .......^....-...
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: F5 10 78 05 B7 F9 35 C7 2F 94 C9 BA A2 01 22 B0  ..x...5./.....".
Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 0E 6C 69 62 78 74 5F 71 75 6F 74 61 2E 73 6F  ..libxt_quota.so
Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 33 9A 58 A1 B3 13 83 0C 3C C7 4C B3 FB 52 A5 B8  3.X.....<.L..R..
Nov 29 07:39:24 merthyr charon: 10[TNC]   64: 15 2F 44 E6 00 0C 6C 69 62 78 74 5F 65 73 70 2E  ./D...libxt_esp.
Nov 29 07:39:24 merthyr charon: 10[TNC]   80: 73 6F A3 45 6C 85 20 BF 0B C3 F0 EE 0A 1C 80 03  so.El. .........
Nov 29 07:39:24 merthyr charon: 10[TNC]   96: 21 C0 19 B4 A8 82 00 11 6C 69 62 78 74 5F 73 74  !.......libxt_st
Nov 29 07:39:24 merthyr charon: 10[TNC]  112: 61 6E 64 61 72 64 2E 73 6F 47 E0 CF 82 A1 21 16  andard.soG....!.
Nov 29 07:39:24 merthyr charon: 10[TNC]  128: D6 8A A6 42 39 C4 9A 23 AA B6 CB 35 F4 00 0F 6C  ...B9..#...5...l
                                         --------------- truncated attribute ----------------
Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Nov 29 07:39:24 merthyr charon: 10[TNC] => 43 bytes @ 0x8268bfc
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 05 00 14 8A 7C 41 16  .............|A.
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 7B C0 FC C1 DE C8 32 9A 86 8B A2 65 C2 38 57 F5  {.....2....e.8W.
Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 09 69 70 36 74 61 62 6C 65 73                 ..ip6tables

All data is packed into a huge PB-TNC CDATA batch spanning four IKEv2 UDP datagrams:

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01
Nov 29 07:39:24 merthyr charon: 10[TNC] creating PB-TNC CDATA batch
Nov 29 07:39:24 merthyr charon: 10[TNC] adding PB-PA message
Nov 29 07:39:24 merthyr charon: 10[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Nov 29 07:39:24 merthyr charon: 10[TNC] sending PB-TNC CDATA batch (3835 bytes) for Connection ID 1
Nov 29 07:39:24 merthyr charon: 10[TNC] => 3835 bytes @ 0x8270a3c
Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 02 00 00 01 00 00 0E FB 80 00 00 00 00 00 00 01  ................
Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 00 00 0E F3 00 00 55 97 00 00 00 01 00 01 FF FF  ......U.........
Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 01 00 00 00 F3 0F 64 58 80 00 55 97 00 90 00 00  ......dX..U.....
Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 00 00 00 52 00 00 00 00 00 00 00 01 00 3E 08 00  ...R.........>..
Nov 29 07:39:24 merthyr charon: 10[TNC]   64: 00 00 00 00 00 00 00 98 00 00 00 00 4E 51 49 8D  ............NQI.
Nov 29 07:39:24 merthyr charon: 10[TNC]   80: 00 00 00 00 4E 51 49 8D 00 00 00 00 4E D3 FC 59  ....NQI.....N..Y
Nov 29 07:39:24 merthyr charon: 10[TNC]   96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 29 07:39:24 merthyr charon: 10[TNC]  112: 74 6E 63 5F 63 6F 6E 66 69 67 80 00 55 97 00 D0  tnc_config..U...
Nov 29 07:39:24 merthyr charon: 10[TNC]  128: 00 00 00 00 00 38 00 00 00 00 00 00 00 01 00 01  .....8..........
Nov 29 07:39:24 merthyr charon: 10[TNC]  144: 00 14 40 76 39 35 CD EA 25 11 90 02 C4 2F 98 4B  ..@v95..%..../.K
Nov 29 07:39:24 merthyr charon: 10[TNC]  160: 99 4D 8D 2A 6D 75 00 0A 6C 69 62 64 6C 2E 73 6F  .M.*mu..libdl.so
Nov 29 07:39:24 merthyr charon: 10[TNC]  176: 2E 32 80 00 55 97 00 D0 00 00 00 00 00 36 00 00  .2..U........6..
Nov 29 07:39:24 merthyr charon: 10[TNC]  192: 00 00 00 00 00 01 00 02 00 14 FF 6D EC A0 EE B7  ...........m....
Nov 29 07:39:24 merthyr charon: 10[TNC]  208: A2 57 20 5C 5F 0A B5 F5 D8 21 EA 18 40 98 00 08  .W \_....!..@...
Nov 29 07:39:24 merthyr charon: 10[TNC]  224: 69 70 74 61 62 6C 65 73 80 00 55 97 00 D0 00 00  iptables..U.....
Nov 29 07:39:24 merthyr charon: 10[TNC]  240: 00 00 00 3D 00 00 00 00 00 00 00 01 00 03 00 14  ...=............
Nov 29 07:39:24 merthyr charon: 10[TNC]  256: 7A 3C A7 21 58 E6 0B 0C 91 E4 8A 42 08 48 F1 B6  z<.!X......B.H..
Nov 29 07:39:24 merthyr charon: 10[TNC]  272: 93 AE A2 6C 00 0F 6C 69 62 78 74 61 62 6C 65 73  ...l..libxtables
Nov 29 07:39:24 merthyr charon: 10[TNC]  288: 2E 73 6F 2E 35 80 00 55 97 00 D0 00 00 00 00 0D  .so.5..U........
Nov 29 07:39:24 merthyr charon: 10[TNC]  304: 9F 00 00 00 00 00 00 00 5E 00 04 00 14 2D 0D D5  ........^....-..
Nov 29 07:39:24 merthyr charon: 10[TNC]  320: 0B F5 10 78 05 B7 F9 35 C7 2F 94 C9 BA A2 01 22  ...x...5./....." 
Nov 29 07:39:24 merthyr charon: 10[TNC]  336: B0 00 0E 6C 69 62 78 74 5F 71 75 6F 74 61 2E 73  ...libxt_quota.s
Nov 29 07:39:24 merthyr charon: 10[TNC]  352: 6F 33 9A 58 A1 B3 13 83 0C 3C C7 4C B3 FB 52 A5  o3.X.....<.L..R.
Nov 29 07:39:24 merthyr charon: 10[TNC]  368: B8 15 2F 44 E6 00 0C 6C 69 62 78 74 5F 65 73 70  ../D...libxt_esp
Nov 29 07:39:24 merthyr charon: 10[TNC]  384: 2E 73 6F A3 45 6C 85 20 BF 0B C3 F0 EE 0A 1C 80  .so.El. ........
Nov 29 07:39:24 merthyr charon: 10[TNC]  400: 03 21 C0 19 B4 A8 82 00 11 6C 69 62 78 74 5F 73  .!.......libxt_s
Nov 29 07:39:24 merthyr charon: 10[TNC]  416: 74 61 6E 64 61 72 64 2E 73 6F 47 E0 CF 82 A1 21  tandard.soG....!
                                         ----------------- truncated batch ------------------
Nov 29 07:39:24 merthyr charon: 10[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Nov 29 07:39:24 merthyr charon: 10[ENC] generating IKE_AUTH request 12 [ EAP/RES/TTLS ]
Nov 29 07:39:24 merthyr charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:24 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:24 merthyr charon: 05[ENC] parsed IKE_AUTH response 12 [ EAP/REQ/TTLS ]
Nov 29 07:39:24 merthyr charon: 05[ENC] generating IKE_AUTH request 13 [ EAP/RES/TTLS ]
Nov 29 07:39:24 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:24 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:24 merthyr charon: 15[ENC] parsed IKE_AUTH response 13 [ EAP/REQ/TTLS ]
Nov 29 07:39:24 merthyr charon: 15[ENC] generating IKE_AUTH request 14 [ EAP/RES/TTLS ]
Nov 29 07:39:24 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:24 merthyr charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:24 merthyr charon: 14[ENC] parsed IKE_AUTH response 14 [ EAP/REQ/TTLS ]
Nov 29 07:39:24 merthyr charon: 14[ENC] generating IKE_AUTH request 15 [ EAP/RES/TTLS ]
Nov 29 07:39:24 merthyr charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Functional Component Evidence

The final PB-TNC SDATA batch arrives from the TNC server:

Nov 29 07:39:24 merthyr charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:24 merthyr charon: 03[ENC] parsed IKE_AUTH response 15 [ EAP/REQ/TTLS ]
Nov 29 07:39:24 merthyr charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]
Nov 29 07:39:24 merthyr charon: 03[TNC] received TNCCS batch (92 bytes) for Connection ID 1
Nov 29 07:39:24 merthyr charon: 03[TNC] => 92 bytes @ 0x826a546
Nov 29 07:39:24 merthyr charon: 03[TNC]    0: 02 80 00 02 00 00 00 5C 80 00 00 00 00 00 00 01  .......\........
Nov 29 07:39:24 merthyr charon: 03[TNC]   16: 00 00 00 54 00 00 55 97 00 00 00 01 FF FF 00 01  ...T..U.........
Nov 29 07:39:24 merthyr charon: 03[TNC]   32: 01 00 00 00 AA 37 58 07 80 00 55 97 00 10 00 00  .....7X...U.....
Nov 29 07:39:24 merthyr charon: 03[TNC]   48: 00 00 00 24 10 00 00 00 00 90 2A 21 00 00 00 03  ...$......*!....
Nov 29 07:39:24 merthyr charon: 03[TNC]   64: 10 00 00 00 00 90 2A 21 00 00 00 02 80 00 55 97  ......*!......U.
Nov 29 07:39:24 merthyr charon: 03[TNC]   80: 00 20 00 00 00 00 00 10 00 00 00 00              . ..........
Nov 29 07:39:24 merthyr charon: 03[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Nov 29 07:39:24 merthyr charon: 03[TNC] processing PB-TNC SDATA batch

Again the PTS-IMC is subscribed to this PB-PA message type:

Per subscription the PTS-IMC receives this PB-PA message type:
Nov 29 07:39:24 merthyr charon: 03[TNC] processing PB-PA message (84 bytes)
Nov 29 07:39:24 merthyr charon: 03[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

The PA-TNC message contains a 'Request Functional Component Evidence' and a final 'Generate Attestation Evidence' attribute from the TCG namespace:

Nov 29 07:39:24 merthyr charon: 03[TNC] processing PA-TNC message with ID 0xaa375807
Nov 29 07:39:24 merthyr charon: 03[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
Nov 29 07:39:24 merthyr charon: 03[TNC] => 24 bytes @ 0x826bc50
Nov 29 07:39:24 merthyr charon: 03[TNC]    0: 10 00 00 00 00 90 2A 21 00 00 00 03 10 00 00 00  ......*!........
Nov 29 07:39:24 merthyr charon: 03[TNC]   16: 00 90 2A 21 00 00 00 02                          ..*!....
Nov 29 07:39:24 merthyr charon: 03[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
Nov 29 07:39:24 merthyr charon: 03[TNC] => 4 bytes @ 0x826bc74
Nov 29 07:39:24 merthyr charon: 03[TNC]    0: 00 00 00 00

The first of the ordered evidence request is for the Linux IMA functional component defined in the ITA-HSR namespace which verifies the 126 measurements extended into PCRs 0..7 during the pre-boot process.

Nov 29 07:39:24 merthyr charon: 03[IMC] evidence requested for 2 functional components
Nov 29 07:39:24 merthyr charon: 03[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] loaded bios measurements '/sys/kernel/security/tpm0/binary_bios_measurements' (126 entries)
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 extended with: 4d:89:4e:ef:0a:e7:cb:12:47:40:df:4f:6c:5c:35:aa:0f:e7:da:e8
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 after value  : 53:2d:3c:15:48:a8:56:f0:68:a9:dd:63:8f:b2:ed:6a:f2:f3:c7:90
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 extended with: f2:c8:46:e7:f3:35:f7:b9:e9:dd:0a:44:f4:8c:48:e1:98:67:50:c7
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 before value : 53:2d:3c:15:48:a8:56:f0:68:a9:dd:63:8f:b2:ed:6a:f2:f3:c7:90
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 after value  : 9c:69:c6:4a:1b:13:fc:27:4b:45:1e:c1:b5:65:49:77:88:da:f4:7a
                                        --------------------- omitted another 54 PCR 0 measurements ---------------------
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 extended with: a2:3b:27:98:83:91:5b:0d:c3:31:30:81:92:43:66:ea:5e:75:bd:c1
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 before value : 69:f8:2a:f1:0a:82:a2:57:37:ed:b6:bd:29:19:a0:cc:89:7c:2b:2c
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 after value  : 83:2b:c0:fd:f5:cd:ab:86:fe:8f:c5:88:54:75:8f:40:0f:ff:58:f5
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: ef:75:11:b5:24:85:57:ae:63:7f:46:b5:52:f8:af:59:02:0f:2b:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : e9:6e:49:77:ac:62:c8:e9:1f:c2:83:23:36:02:b3:b4:55:09:f0:5e
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: 62:40:c5:88:a2:d7:74:0f:5c:2c:95:23:bf:f7:d9:83:34:99:8d:77
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : e9:6e:49:77:ac:62:c8:e9:1f:c2:83:23:36:02:b3:b4:55:09:f0:5e
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : a4:d1:b9:c6:e4:fa:28:96:1f:38:fa:1c:16:a6:8a:36:ec:9e:b3:f0
                                        --------------------- omitted another 8 PCR 2 measurements ----------------------
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: 64:61:d3:77:19:99:c3:a4:b3:c1:5b:f4:e3:8d:a3:0b:91:bc:1b:17
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : d7:e7:4d:8a:31:27:fe:7f:56:90:f5:32:87:93:dd:ce:d7:d8:8f:2b
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : dc:a3:35:e6:4e:b3:32:00:4f:7b:fd:52:37:3a:2e:66:8b:94:20:6d
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  6 extended with: fc:ad:78:7f:77:71:63:7d:65:96:38:d9:2b:5e:ee:93:85:b3:d7:b9
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  6 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  6 after value  : e9:ee:75:26:27:c1:99:88:cc:8b:3e:c7:58:8a:6d:80:f5:e9:d5:07
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 extended with: 4b:90:d9:17:8e:fc:5c:f9:a9:dd:f4:f8:bc:c4:90:08:78:5d:76:ec
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 before value : 83:2b:c0:fd:f5:cd:ab:86:fe:8f:c5:88:54:75:8f:40:0f:ff:58:f5
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 after value  : ea:7d:5a:f1:39:6d:a6:35:23:cf:5c:97:49:89:7d:e4:c5:49:ae:a1
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: e7:9e:46:8b:19:21:b2:29:3a:80:c5:91:7e:fa:6a:45:c3:79:e8:10
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : dc:a3:35:e6:4e:b3:32:00:4f:7b:fd:52:37:3a:2e:66:8b:94:20:6d
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : 7b:83:a8:ab:51:ce:93:7b:6a:ea:c9:ec:cc:82:18:36:eb:7b:d2:de
                                        --------------------- omitted another 5 PCR 2 measurements ----------------------
ov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: 0b:a6:11:dd:45:de:9a:cb:e3:d0:da:0d:2e:47:8e:4a:a7:7f:f5:15
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : c8:cd:82:14:ee:b8:9d:e7:e4:98:9d:4f:52:0f:b2:6c:8a:4a:bf:50
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : 05:21:91:68:2b:2d:00:ec:d9:33:44:8f:4a:08:bc:03:aa:86:55:8a
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  4 extended with: 9b:4d:80:cf:ef:c7:d5:57:6c:4d:9f:22:48:72:50:58:96:ef:27:98
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  4 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  4 after value  : da:6f:12:b6:2d:5c:71:56:5d:1b:5d:4d:88:82:db:51:76:25:18:56
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: e7:9e:46:8b:19:21:b2:29:3a:80:c5:91:7e:fa:6a:45:c3:79:e8:10
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : 05:21:91:68:2b:2d:00:ec:d9:33:44:8f:4a:08:bc:03:aa:86:55:8a
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : 20:4b:04:96:e8:ec:2a:9f:4e:c6:84:07:bd:ce:92:53:3b:24:1a:b3
                                        --------------------- omitted another 2 PCR 2 measurements ----------------------
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: be:1b:de:c0:aa:74:b4:dc:b0:79:94:3e:70:52:80:96:cc:a9:85:f8
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : b6:78:09:53:5b:5d:f5:bc:d0:7a:0a:8a:65:7f:30:45:0e:a1:53:0d
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : 67:96:0d:ff:44:36:09:47:39:fe:34:34:33:c6:b9:cb:03:3e:7b:83
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  1 extended with: 23:0b:3b:f1:3c:75:28:34:de:cf:47:f5:a8:6a:75:58:2a:be:e5:1c
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  1 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  1 after value  : 22:ac:e7:ca:d4:3d:e8:b8:1b:5f:e0:37:9f:87:24:20:66:ed:6d:20
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  1 extended with: 61:f5:9f:77:82:bb:39:61:0d:bb:6b:1f:57:03:3c:16:18:10:a2:67
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  1 before value : 22:ac:e7:ca:d4:3d:e8:b8:1b:5f:e0:37:9f:87:24:20:66:ed:6d:20
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  1 after value  : bb:3a:e5:9e:da:fd:3f:c8:be:a9:7c:ac:3a:6a:eb:49:18:bd:0c:b5
                                        --------------------- omitted another 4 PCR 1 measurements ----------------------
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  1 extended with: 67:47:61:98:f6:36:03:b8:4a:fa:23:59:70:61:1c:d6:14:56:0c:f2
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  1 before value : 84:e3:8f:0d:4e:f7:b0:f1:70:e8:5d:e0:0c:2d:56:1c:f4:56:5c:25
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  1 after value  : ba:27:80:ec:41:5b:28:ad:4f:12:f7:9b:ed:58:60:13:58:f9:0d:bd
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  2 extended with: cd:f4:d7:9a:c0:a1:0d:46:a1:d9:d7:ec:96:42:88:3c:71:f7:7f:c7
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  2 before value : 67:96:0d:ff:44:36:09:47:39:fe:34:34:33:c6:b9:cb:03:3e:7b:83
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  2 after value  : f6:2d:7c:34:73:dd:ad:25:36:18:40:99:10:d0:74:6e:4b:b9:59:5f
                                        --------------------- omitted another 22 PCR 2 measurements ---------------------
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  2 extended with: ac:25:4b:04:f2:77:ca:7e:88:7a:41:41:bf:5e:d0:cf:62:60:0d:10
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  2 before value : 33:e1:5c:ef:87:84:2c:4f:a7:ea:72:e9:db:ff:5d:0a:a3:d6:cc:30
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  2 after value  : b2:89:e6:e9:95:26:10:af:c8:9c:23:8e:e2:63:9c:84:d1:f4:5b:1c
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  1 extended with: 4f:13:5c:9e:e4:9c:a7:fb:fe:a0:79:e5:d6:71:48:02:f0:40:54:07
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  1 before value : ba:27:80:ec:41:5b:28:ad:4f:12:f7:9b:ed:58:60:13:58:f9:0d:bd
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  1 after value  : 7e:3e:f1:d5:8b:60:39:76:59:14:11:da:f1:32:ea:cc:dd:ff:bc:fe
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  0 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  0 before value : ea:7d:5a:f1:39:6d:a6:35:23:cf:5c:97:49:89:7d:e4:c5:49:ae:a1
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  0 after value  : 28:4a:e5:9c:73:7c:4d:1d:df:78:53:74:cb:b5:9a:4c:8d:63:55:90
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  1 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  1 before value : 7e:3e:f1:d5:8b:60:39:76:59:14:11:da:f1:32:ea:cc:dd:ff:bc:fe
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  1 after value  : 31:10:87:04:42:56:d9:c3:a0:b5:70:ba:31:24:cb:b4:d4:6f:11:97
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  2 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  2 before value : b2:89:e6:e9:95:26:10:af:c8:9c:23:8e:e2:63:9c:84:d1:f4:5b:1c
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  2 after value  : b1:f1:f6:75:42:76:40:aa:a7:7b:ef:93:f2:6a:33:3f:0d:57:c9:c5
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  3 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  3 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  3 after value  : b2:a8:3b:0e:bf:2f:83:74:29:9a:5b:2b:df:c3:1e:a9:55:ad:72:36
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 before value : da:6f:12:b6:2d:5c:71:56:5d:1b:5d:4d:88:82:db:51:76:25:18:56
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 after value  : c3:19:5b:15:56:22:b4:75:fd:ac:49:28:06:b8:0d:de:3c:fc:91:ad
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  5 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  5 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  5 after value  : b2:a8:3b:0e:bf:2f:83:74:29:9a:5b:2b:df:c3:1e:a9:55:ad:72:36
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  6 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  6 before value : e9:ee:75:26:27:c1:99:88:cc:8b:3e:c7:58:8a:6d:80:f5:e9:d5:07
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  6 after value  : ee:1b:0f:99:7d:75:17:b2:86:bc:9d:73:a4:cf:74:2c:65:a7:69:be
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  7 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  7 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  7 after value  : b2:a8:3b:0e:bf:2f:83:74:29:9a:5b:2b:df:c3:1e:a9:55:ad:72:36
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 extended with: c1:e2:5c:3f:6b:0d:c7:8d:57:29:6a:a2:87:0c:a6:f7:82:cc:f8:0f
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 before value : c3:19:5b:15:56:22:b4:75:fd:ac:49:28:06:b8:0d:de:3c:fc:91:ad
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 after value  : 03:c5:0f:7f:39:60:67:85:0d:84:2f:75:eb:40:f1:36:6f:08:05:25
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 extended with: 67:a0:a9:8b:c4:d6:32:11:42:89:5a:4d:93:8b:34:2f:69:59:c1:a9
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 before value : 03:c5:0f:7f:39:60:67:85:0d:84:2f:75:eb:40:f1:36:6f:08:05:25
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 after value  : 6b:49:da:a9:04:84:56:ad:00:87:47:4c:d4:33:7f:12:8c:1f:fe:4a
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 extended with: 06:d6:0b:3a:0d:ee:9b:b9:be:b2:f0:b0:4a:ff:2e:75:bd:1d:28:60
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 before value : 6b:49:da:a9:04:84:56:ad:00:87:47:4c:d4:33:7f:12:8c:1f:fe:4a
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  4 after value  : 78:1c:3c:ee:5c:34:68:a0:9f:5e:be:e8:e7:d5:34:ac:ea:0d:25:13
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  5 extended with: 1b:87:00:3b:6c:7d:90:48:37:13:c9:01:00:cc:a3:e6:23:92:b9:bc
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  5 before value : b2:a8:3b:0e:bf:2f:83:74:29:9a:5b:2b:df:c3:1e:a9:55:ad:72:36
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR  5 after value  : fe:c1:94:a9:d8:f3:af:2b:38:76:d4:bf:bb:eb:f9:80:e8:7e:36:e9

The second evidence request is for the Trusted Boot functional component also defined in the ITA-HSR namespace which verifies the MLE measurements extended into PCRs 17 and 18 by Intel's TXT instruction used by Trusted Boot. This component hasn't been fully implemented yet, so dummy measurements values defined in /etc/strongswan.conf are used.

Nov 29 07:39:25 merthyr charon: 03[PTS] * ITA-HSR functional component 'Trusted Boot' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Trusted Boot' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:39:25 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 17 extended with: d5:37:d4:37:f0:58:13:6e:b3:d7:be:51:7d:be:76:47:b6:23:c6:19
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 17 before value : 17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 17 after value  : ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Trusted Boot' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:39:25 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 18 extended with: 16:0d:2b:04:d1:1e:b2:25:fb:14:86:15:b6:99:08:18:69:e1:5b:6c
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 18 before value : 18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 18 after value  : ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff

TPM Quote Signature

The latest states of all PCRs involved in the previous functional component evidence measurements are put into a 'PCR Composite' structure, hashed and then signed by the TPM with a Quote Signature operation:

Nov 29 07:39:27 merthyr charon: 03[PTS] Hash of PCR Composite: 81:c9:e6:a1:c3:4f:d2:24:20:62:71:b0:69:38:a2:c4:63:4e:35:41
Nov 29 07:39:27 merthyr charon: 03[PTS] TPM Quote Info: => 52 bytes @ 0x829d4cc
Nov 29 07:39:27 merthyr charon: 03[PTS]    0: 00 36 51 55 54 32 E1 1B 01 B4 FF 2B 56 83 24 AD  .6QUT2.....+V.$.
Nov 29 07:39:27 merthyr charon: 03[PTS]   16: AD AD 8B 7B 36 B7 FF CA D9 59 00 03 FF 00 06 01  ...{6....Y......
Nov 29 07:39:27 merthyr charon: 03[PTS]   32: 81 C9 E6 A1 C3 4F D2 24 20 62 71 B0 69 38 A2 C4  .....O.$ bq.i8..
Nov 29 07:39:27 merthyr charon: 03[PTS]   48: 63 4E 35 41                                      cN5A
Nov 29 07:39:27 merthyr charon: 03[PTS] TPM Quote Signature: => 256 bytes @ 0x829d914
Nov 29 07:39:27 merthyr charon: 03[PTS]    0: 95 81 40 BE C2 5D D6 19 3E 1A 4C E5 71 86 C0 3A  ..@..]..>.L.q..:
Nov 29 07:39:27 merthyr charon: 03[PTS]   16: 89 EF 28 53 EC D9 40 21 83 9C F4 6E FD 51 AD 6D  ..(S..@!...n.Q.m
Nov 29 07:39:27 merthyr charon: 03[PTS]   32: 94 46 DF 0D 51 A5 71 A7 D8 CF FD 8E 0B CA 51 A7  .F..Q.q.......Q.
Nov 29 07:39:27 merthyr charon: 03[PTS]   48: 6A 2A C0 85 0F F5 28 0D A1 9A B9 F0 DC 34 AA 08  j*....(......4..
Nov 29 07:39:27 merthyr charon: 03[PTS]   64: 47 39 8A 2B 9A 19 0C 91 EB C6 99 CD 18 5D 66 CE  G9.+.........]f.
Nov 29 07:39:27 merthyr charon: 03[PTS]   80: CA C1 93 08 E3 46 9F 44 79 CB 1A F3 12 FC 9A 80  .....F.Dy.......
Nov 29 07:39:27 merthyr charon: 03[PTS]   96: A6 54 5F 5C 6C A0 DE F2 06 AA CD A0 E0 F5 35 52  .T_\l.........5R
Nov 29 07:39:27 merthyr charon: 03[PTS]  112: 2D 99 DD 9A 8C B5 E3 53 0E 32 1A DB 20 88 D3 16  -......S.2.. ...
Nov 29 07:39:27 merthyr charon: 03[PTS]  128: 80 6B 35 12 74 1E 9E 34 43 B9 1A E7 72 4C F4 09  .k5.t..4C...rL..
Nov 29 07:39:27 merthyr charon: 03[PTS]  144: 92 75 21 2C 00 9C AC 0D 97 0F 7A 01 E1 69 92 1C  .u!,......z..i..
Nov 29 07:39:27 merthyr charon: 03[PTS]  160: F9 D8 E2 06 DA 25 75 CA C5 59 FC D5 C0 EA 2D 85  .....%u..Y....-.
Nov 29 07:39:27 merthyr charon: 03[PTS]  176: 68 E5 AB 64 D7 65 33 57 9B 85 80 69 CE 2A C9 97  h..d.e3W...i.*..
Nov 29 07:39:27 merthyr charon: 03[PTS]  192: 65 47 9C 14 D1 05 D2 96 13 38 90 31 D6 CA E0 5A  eG.......8.1...Z
Nov 29 07:39:27 merthyr charon: 03[PTS]  208: 03 8D 9D A6 7D F9 5B 08 E5 AD 4B 1E 0A 59 A6 25  ....}.[...K..Y.%
Nov 29 07:39:27 merthyr charon: 03[PTS]  224: 80 27 1B BD 76 BD CE 1F 1F D5 80 AF 79 33 89 35  .'..v.......y3.5
Nov 29 07:39:27 merthyr charon: 03[PTS]  240: 23 EA 7F 96 C3 A1 A9 2D A5 96 E0 8D 3B 10 55 6F  #......-....;.Uo

The PA-TNC message created by the PTS-IMC contains 128 'Simple Component Evidence' attributes and one closing 'Simple Evidence Final' attribute both from the TCG namespace:

Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC message with ID 0x95f82a49
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x829fd5c
Nov 29 07:39:27 merthyr charon: 03[TNC]    0: 80 00 00 00 00 90 2A 21 00 00 00 03 80 00 00 00  ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC]   16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30  ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC]   32: 36 3A 32 33 3A 32 31 5A 00 14 00 00 00 00 00 00  6:23:21Z........
Nov 29 07:39:27 merthyr charon: 03[TNC]   48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 2D  ..............S-
Nov 29 07:39:27 merthyr charon: 03[TNC]   64: 3C 15 48 A8 56 F0 68 A9 DD 63 8F B2 ED 6A F2 F3  <.H.V.h..c...j..
Nov 29 07:39:27 merthyr charon: 03[TNC]   80: C7 90 4D 89 4E EF 0A E7 CB 12 47 40 DF 4F 6C 5C  ..M.N.....G@.Ol\
Nov 29 07:39:27 merthyr charon: 03[TNC]   96: 35 AA 0F E7 DA E8                                5.....
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x829ff74
Nov 29 07:39:27 merthyr charon: 03[TNC]    0: 80 00 00 00 00 90 2A 21 00 00 00 03 80 00 00 00  ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC]   16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30  ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC]   32: 36 3A 32 33 3A 32 31 5A 00 14 53 2D 3C 15 48 A8  6:23:21Z..S-<.H.
Nov 29 07:39:27 merthyr charon: 03[TNC]   48: 56 F0 68 A9 DD 63 8F B2 ED 6A F2 F3 C7 90 9C 69  V.h..c...j.....i
Nov 29 07:39:27 merthyr charon: 03[TNC]   64: C6 4A 1B 13 FC 27 4B 45 1E C1 B5 65 49 77 88 DA  .J...'KE...eIw..
Nov 29 07:39:27 merthyr charon: 03[TNC]   80: F4 7A F2 C8 46 E7 F3 35 F7 B9 E9 DD 0A 44 F4 8C  .z..F..5.....D..
Nov 29 07:39:27 merthyr charon: 03[TNC]   96: 48 E1 98 67 50 C7                                H..gP.
                                        ----- omitted another 122 'TCG/Simple Component Evidence' attributes --
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x82a7b6c
Nov 29 07:39:27 merthyr charon: 03[TNC]    0: 80 00 00 00 00 90 2A 21 00 00 00 03 80 00 00 04  ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC]   16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30  ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC]   32: 36 3A 32 33 3A 32 31 5A 00 14 6B 49 DA A9 04 84  6:23:21Z..kI....
Nov 29 07:39:27 merthyr charon: 03[TNC]   48: 56 AD 00 87 47 4C D4 33 7F 12 8C 1F FE 4A 78 1C  V...GL.3.....Jx.
Nov 29 07:39:27 merthyr charon: 03[TNC]   64: 3C EE 5C 34 68 A0 9F 5E BE E8 E7 D5 34 AC EA 0D  <.\4h..^....4...
Nov 29 07:39:27 merthyr charon: 03[TNC]   80: 25 13 06 D6 0B 3A 0D EE 9B B9 BE B2 F0 B0 4A FF  %....:........J.
Nov 29 07:39:27 merthyr charon: 03[TNC]   96: 2E 75 BD 1D 28 60                                .u..(`
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x82a7c6c
Nov 29 07:39:27 merthyr charon: 03[TNC]    0: 80 00 00 00 00 90 2A 21 00 00 00 03 80 00 00 05  ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC]   16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30  ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC]   32: 36 3A 32 33 3A 32 31 5A 00 14 B2 A8 3B 0E BF 2F  6:23:21Z....;../
Nov 29 07:39:27 merthyr charon: 03[TNC]   48: 83 74 29 9A 5B 2B DF C3 1E A9 55 AD 72 36 FE C1  .t).[+....U.r6..
Nov 29 07:39:27 merthyr charon: 03[TNC]   64: 94 A9 D8 F3 AF 2B 38 76 D4 BF BB EB F9 80 E8 7E  .....+8v.......~
Nov 29 07:39:27 merthyr charon: 03[TNC]   80: 36 E9 1B 87 00 3B 6C 7D 90 48 37 13 C9 01 00 CC  6....;l}.H7.....
Nov 29 07:39:27 merthyr charon: 03[TNC]   96: A3 E6 23 92 B9 BC                                ..#...
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x82a7d6c
Nov 29 07:39:27 merthyr charon: 03[TNC]    0: 80 00 00 00 00 90 2A 21 00 00 00 02 80 00 00 11  ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC]   16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30  ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC]   32: 36 3A 33 39 3A 32 35 5A 00 14 17 17 17 17 17 17  6:39:25Z........
Nov 29 07:39:27 merthyr charon: 03[TNC]   48: 17 17 17 17 17 17 17 17 17 17 17 17 17 17 FF FF  ................
Nov 29 07:39:27 merthyr charon: 03[TNC]   64: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
Nov 29 07:39:27 merthyr charon: 03[TNC]   80: FF FF D5 37 D4 37 F0 58 13 6E B3 D7 BE 51 7D BE  ...7.7.X.n...Q}.
Nov 29 07:39:27 merthyr charon: 03[TNC]   96: 76 47 B6 23 C6 19                                vG.#..
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x82a7e6c
Nov 29 07:39:27 merthyr charon: 03[TNC]    0: 80 00 00 00 00 90 2A 21 00 00 00 02 80 00 00 12  ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC]   16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30  ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC]   32: 36 3A 33 39 3A 32 35 5A 00 14 18 18 18 18 18 18  6:39:25Z........
Nov 29 07:39:27 merthyr charon: 03[TNC]   48: 18 18 18 18 18 18 18 18 18 18 18 18 18 18 FF FF  ................
Nov 29 07:39:27 merthyr charon: 03[TNC]   64: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ................
Nov 29 07:39:27 merthyr charon: 03[TNC]   80: FF FF 16 0D 2B 04 D1 1E B2 25 FB 14 86 15 B6 99  ....+....%......
Nov 29 07:39:27 merthyr charon: 03[TNC]   96: 08 18 69 E1 5B 6C                                ..i.[l
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 288 bytes @ 0x82a80ac
Nov 29 07:39:27 merthyr charon: 03[TNC]    0: 80 00 80 00 00 00 00 14 81 C9 E6 A1 C3 4F D2 24  .............O.$
Nov 29 07:39:27 merthyr charon: 03[TNC]   16: 20 62 71 B0 69 38 A2 C4 63 4E 35 41 00 00 01 00   bq.i8..cN5A....
Nov 29 07:39:27 merthyr charon: 03[TNC]   32: 95 81 40 BE C2 5D D6 19 3E 1A 4C E5 71 86 C0 3A  ..@..]..>.L.q..:
Nov 29 07:39:27 merthyr charon: 03[TNC]   48: 89 EF 28 53 EC D9 40 21 83 9C F4 6E FD 51 AD 6D  ..(S..@!...n.Q.m
Nov 29 07:39:27 merthyr charon: 03[TNC]   64: 94 46 DF 0D 51 A5 71 A7 D8 CF FD 8E 0B CA 51 A7  .F..Q.q.......Q.
Nov 29 07:39:27 merthyr charon: 03[TNC]   80: 6A 2A C0 85 0F F5 28 0D A1 9A B9 F0 DC 34 AA 08  j*....(......4..
Nov 29 07:39:27 merthyr charon: 03[TNC]   96: 47 39 8A 2B 9A 19 0C 91 EB C6 99 CD 18 5D 66 CE  G9.+.........]f.
Nov 29 07:39:27 merthyr charon: 03[TNC]  112: CA C1 93 08 E3 46 9F 44 79 CB 1A F3 12 FC 9A 80  .....F.Dy.......
Nov 29 07:39:27 merthyr charon: 03[TNC]  128: A6 54 5F 5C 6C A0 DE F2 06 AA CD A0 E0 F5 35 52  .T_\l.........5R
Nov 29 07:39:27 merthyr charon: 03[TNC]  144: 2D 99 DD 9A 8C B5 E3 53 0E 32 1A DB 20 88 D3 16  -......S.2.. ...
Nov 29 07:39:27 merthyr charon: 03[TNC]  160: 80 6B 35 12 74 1E 9E 34 43 B9 1A E7 72 4C F4 09  .k5.t..4C...rL..
Nov 29 07:39:27 merthyr charon: 03[TNC]  176: 92 75 21 2C 00 9C AC 0D 97 0F 7A 01 E1 69 92 1C  .u!,......z..i..
Nov 29 07:39:27 merthyr charon: 03[TNC]  192: F9 D8 E2 06 DA 25 75 CA C5 59 FC D5 C0 EA 2D 85  .....%u..Y....-.
Nov 29 07:39:27 merthyr charon: 03[TNC]  208: 68 E5 AB 64 D7 65 33 57 9B 85 80 69 CE 2A C9 97  h..d.e3W...i.*..
Nov 29 07:39:27 merthyr charon: 03[TNC]  224: 65 47 9C 14 D1 05 D2 96 13 38 90 31 D6 CA E0 5A  eG.......8.1...Z
Nov 29 07:39:27 merthyr charon: 03[TNC]  240: 03 8D 9D A6 7D F9 5B 08 E5 AD 4B 1E 0A 59 A6 25  ....}.[...K..Y.%
Nov 29 07:39:27 merthyr charon: 03[TNC]  256: 80 27 1B BD 76 BD CE 1F 1F D5 80 AF 79 33 89 35  .'..v.......y3.5
Nov 29 07:39:27 merthyr charon: 03[TNC]  272: 23 EA 7F 96 C3 A1 A9 2D A5 96 E0 8D 3B 10 55 6F  #......-....;.Uo

This is a huge PB-TNC CDATA batch comprising 14'932 bytes distributed over 15 IKEv2 EAP-TTLS messages:

Nov 29 07:39:27 merthyr charon: 03[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PB-TNC CDATA batch
Nov 29 07:39:27 merthyr charon: 03[TNC] adding PB-PA message
Nov 29 07:39:27 merthyr charon: 03[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Nov 29 07:39:27 merthyr charon: 03[TNC] sending PB-TNC CDATA batch (14932 bytes) for Connection ID 1
Nov 29 07:39:27 merthyr charon: 03[TNC] => 14932 bytes @ 0x827a0fc
Nov 29 07:39:27 merthyr charon: 03[TNC]    0: 02 00 00 01 00 00 3A 54 80 00 00 00 00 00 00 01  ......:T........
Nov 29 07:39:27 merthyr charon: 03[TNC]   16: 00 00 3A 4C 00 00 55 97 00 00 00 01 00 01 FF FF  ..:L..U.........
Nov 29 07:39:27 merthyr charon: 03[TNC]   32: 01 00 00 00 95 F8 2A 49 00 00 55 97 00 30 00 00  ......*I..U..0..
Nov 29 07:39:27 merthyr charon: 03[TNC]   48: 00 00 00 72 80 00 00 00 00 90 2A 21 00 00 00 03  ...r......*!....
Nov 29 07:39:27 merthyr charon: 03[TNC]   64: 80 00 00 00 80 00 01 00 32 30 31 31 2D 31 31 2D  ........2011-11-
Nov 29 07:39:27 merthyr charon: 03[TNC]   80: 32 39 54 30 36 3A 32 33 3A 32 31 5A 00 14 00 00  29T06:23:21Z....
Nov 29 07:39:27 merthyr charon: 03[TNC]   96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Nov 29 07:39:27 merthyr charon: 03[TNC]  112: 00 00 53 2D 3C 15 48 A8 56 F0 68 A9 DD 63 8F B2  ..S-<.H.V.h..c..
Nov 29 07:39:27 merthyr charon: 03[TNC]  128: ED 6A F2 F3 C7 90 4D 89 4E EF 0A E7 CB 12 47 40  .j....M.N.....G@
Nov 29 07:39:27 merthyr charon: 03[TNC]  144: DF 4F 6C 5C 35 AA 0F E7 DA E8 00 00 55 97 00 30  .Ol\5.......U..0
Nov 29 07:39:27 merthyr charon: 03[TNC]  160: 00 00 00 00 00 72 80 00 00 00 00 90 2A 21 00 00  .....r......*!..
Nov 29 07:39:27 merthyr charon: 03[TNC]  176: 00 03 80 00 00 00 80 00 01 00 32 30 31 31 2D 31  ..........2011-1
Nov 29 07:39:27 merthyr charon: 03[TNC]  192: 31 2D 32 39 54 30 36 3A 32 33 3A 32 31 5A 00 14  1-29T06:23:21Z..
Nov 29 07:39:27 merthyr charon: 03[TNC]  208: 53 2D 3C 15 48 A8 56 F0 68 A9 DD 63 8F B2 ED 6A  S-<.H.V.h..c...j
Nov 29 07:39:27 merthyr charon: 03[TNC]  224: F2 F3 C7 90 9C 69 C6 4A 1B 13 FC 27 4B 45 1E C1  .....i.J...'KE..
Nov 29 07:39:27 merthyr charon: 03[TNC]  240: B5 65 49 77 88 DA F4 7A F2 C8 46 E7 F3 35 F7 B9  .eIw...z..F..5..
Nov 29 07:39:27 merthyr charon: 03[TNC]  256: E9 DD 0A 44 F4 8C 48 E1 98 67 50 C7 00 00 55 97  ...D..H..gP...U.
                                         ----------------- truncated batch ------------------
Nov 29 07:39:27 merthyr charon: 03[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Nov 29 07:39:27 merthyr charon: 03[ENC] generating IKE_AUTH request 16 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 04[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 04[ENC] parsed IKE_AUTH response 16 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 04[ENC] generating IKE_AUTH request 17 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 04[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 15[ENC] parsed IKE_AUTH response 17 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 15[ENC] generating IKE_AUTH request 18 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 13[ENC] parsed IKE_AUTH response 18 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 13[ENC] generating IKE_AUTH request 19 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 05[ENC] parsed IKE_AUTH response 19 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 05[ENC] generating IKE_AUTH request 20 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 06[ENC] parsed IKE_AUTH response 20 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 06[ENC] generating IKE_AUTH request 21 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 02[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 02[ENC] parsed IKE_AUTH response 21 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 02[ENC] generating IKE_AUTH request 22 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 02[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 14[ENC] parsed IKE_AUTH response 22 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 14[ENC] generating IKE_AUTH request 23 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 01[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 01[ENC] parsed IKE_AUTH response 23 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 01[ENC] generating IKE_AUTH request 24 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 01[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 10[ENC] parsed IKE_AUTH response 24 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 10[ENC] generating IKE_AUTH request 25 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 03[ENC] parsed IKE_AUTH response 25 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 03[ENC] generating IKE_AUTH request 26 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 04[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 04[ENC] parsed IKE_AUTH response 26 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 04[ENC] generating IKE_AUTH request 27 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 04[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 15[ENC] parsed IKE_AUTH response 27 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 15[ENC] generating IKE_AUTH request 28 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:28 merthyr charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:28 merthyr charon: 13[ENC] parsed IKE_AUTH response 28 [ EAP/REQ/TTLS ]
Nov 29 07:39:28 merthyr charon: 13[ENC] generating IKE_AUTH request 29 [ EAP/RES/TTLS ]
Nov 29 07:39:28 merthyr charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:28 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:28 merthyr charon: 05[ENC] parsed IKE_AUTH response 29 [ EAP/REQ/TTLS ]
Nov 29 07:39:28 merthyr charon: 05[ENC] generating IKE_AUTH request 30 [ EAP/RES/TTLS ]
Nov 29 07:39:28 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Because the remote PTS-IMV is quite busy processing all measurements, the IKE_AUTH response 30 is
delayed and after 3 seconds the IKEv2 client starts a retransmission of IKE_AUTH request 30:

Nov 29 07:39:32 merthyr charon: 13[IKE] retransmit 1 of request with message ID 30
Nov 29 07:39:32 merthyr charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

TNC Assessment

A PB-TNC RESULT batch is received from the TNC server containing a 'PB-Assessment-Result' and a 'PB-Access-Recommendation' message
causing the IF-TNCCS 2.0 state machine to go into the 'Decided' state:

Nov 29 07:39:34 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:34 merthyr charon: 05[ENC] parsed IKE_AUTH response 30 [ EAP/REQ/TTLS ]
Nov 29 07:39:34 merthyr charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]
Nov 29 07:39:34 merthyr charon: 05[TNC] received TNCCS batch (40 bytes) for Connection ID 1
Nov 29 07:39:34 merthyr charon: 05[TNC] => 40 bytes @ 0x824a346
Nov 29 07:39:34 merthyr charon: 05[TNC]    0: 02 80 00 03 00 00 00 28 80 00 00 00 00 00 00 02  .......(........
Nov 29 07:39:34 merthyr charon: 05[TNC]   16: 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 03  ................
Nov 29 07:39:34 merthyr charon: 05[TNC]   32: 00 00 00 10 00 00 00 01                          ........
Nov 29 07:39:34 merthyr charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
Nov 29 07:39:34 merthyr charon: 05[TNC] processing PB-TNC RESULT batch
Nov 29 07:39:34 merthyr charon: 05[TNC] processing PB-Assessment-Result message (16 bytes)
Nov 29 07:39:34 merthyr charon: 05[TNC] processing PB-Access-Recommendation message (16 bytes)

The received TNC assessment result is 'compliant' and the access recommendation is 'Access Allowed':

Nov 29 07:39:34 merthyr charon: 05[TNC] PB-TNC assessment result is 'compliant'
Nov 29 07:39:34 merthyr charon: 05[TNC] PB-TNC access recommendation is 'Access Allowed'
Nov 29 07:39:34 merthyr charon: 05[IMC] IMC 1 "Attestation" changed state of Connection ID 1 to 'Allowed'

The IF-TNCCS 2.0 finite state machine goes into the final Close state and sends a PB-TNC CLOSE batch back to the TNC server:

Nov 29 07:39:34 merthyr charon: 05[TNC] creating PB-TNC CLOSE batch
Nov 29 07:39:34 merthyr charon: 05[TNC] PB-TNC state transition from 'Decided' to 'End'
Nov 29 07:39:34 merthyr charon: 05[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 1
Nov 29 07:39:34 merthyr charon: 05[TNC] => 8 bytes @ 0x82378ac
Nov 29 07:39:34 merthyr charon: 05[TNC]    0: 02 00 00 06 00 00 00 08                          ........
Nov 29 07:39:34 merthyr charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Nov 29 07:39:34 merthyr charon: 05[ENC] generating IKE_AUTH request 31 [ EAP/RES/TTLS ]
Nov 29 07:39:34 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Final Mutual IKEv2 EAP Authentication

Based on the positive TNC assessment the IPsec gateway acting as a Policy Enforcement Point (PEP) finalizes the EAP-TTLS authentication with an EAP SUCCESS message:

Nov 29 07:39:34 merthyr charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:34 merthyr charon: 06[ENC] parsed IKE_AUTH response 31 [ EAP/SUCC ]
Nov 29 07:39:34 merthyr charon: 06[IKE] EAP method EAP_TTLS succeeded, MSK established

The IPsec client generates its IKEv2 AUTH payload by binding it to the MSK from the EAP-TTLS tunnel:

Nov 29 07:39:34 merthyr charon: 06[IKE] authentication of 'carol@strongswan.org' (myself) with EAP
Nov 29 07:39:34 merthyr charon: 06[ENC] generating IKE_AUTH request 32 [ AUTH ]
Nov 29 07:39:34 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

The IKE_AUTH response received from the IPsec gateway finalizes the IKEv2 negotiation:

Nov 29 07:39:34 merthyr charon: 01[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:34 merthyr charon: 01[ENC] parsed IKE_AUTH response 32 [ AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
Nov 29 07:39:34 merthyr charon: 01[IKE] authentication of 'moon.strongswan.org' with EAP successful

The Attestation IMC instance deletes itself and the PB-TNC (IF-TNCCS 2.0) connection is closed:

Nov 29 07:39:34 merthyr charon: 01[IMC] IMC 1 "Attestation" deleted the state of Connection ID 1
Nov 29 07:39:34 merthyr charon: 01[TNC] removed TNCCS Connection ID 1

An IPsec Security Association is established between IPsec client and IPsec gateway and payload traffic can now be securely tunneled:

Nov 29 07:39:34 merthyr charon: 01[IKE] IKE_SA home[1] established between 192.168.0.254[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
Nov 29 07:39:34 merthyr charon: 01[IKE] scheduling reauthentication in 9867s
Nov 29 07:39:34 merthyr charon: 01[IKE] maximum IKE_SA lifetime 10407s
Nov 29 07:39:34 merthyr charon: 01[IKE] CHILD_SA home{1} established with SPIs cd7bf53a_i c102a9d4_o and TS 192.168.0.254/32 === 10.1.0.0/28 

IF-TNCCS-20-State-Diagram.png - IF-TNCCS 2.0 State Diagram (72.8 KB) Andreas Steffen, 29.11.2011 13:56