Project

General

Profile

IMA Client Log

IKEv2 Negotiation

Startup and Initialization

The command

ipsec start

starts the TNC-enabled IPsec client which in turn loads its IMCs according to the list in /etc/tnc_config

Dec 15 12:23:06 carol charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, Linux 3.13.0-40-generic, x86_64)
Dec 15 12:23:06 carol charon: 00[TNC] loading IMCs from '/etc/tnc_config'
Dec 15 12:23:06 carol charon: 00[TNC] added IETF attributes
Dec 15 12:23:06 carol charon: 00[TNC] added ITA-HSR attributes
Dec 15 12:23:06 carol charon: 00[TNC] added TCG attributes
Dec 15 12:23:06 carol charon: 00[PTS] added TCG functional component namespace
Dec 15 12:23:06 carol charon: 00[PTS] added ITA-HSR functional component namespace
Dec 15 12:23:06 carol charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'
Dec 15 12:23:06 carol charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'
Dec 15 12:23:06 carol charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'
Dec 15 12:23:06 carol charon: 00[LIB] libimcv initialized

The OS IMC is initialized and determines the Operating System it is running on

Dec 15 12:23:06 carol charon: 00[IMC] IMC 1 "OS" initialized
Dec 15 12:23:06 carol charon: 00[IMC] processing "/etc/lsb-release" file
Dec 15 12:23:06 carol charon: 00[IMC] operating system name is 'Ubuntu'
Dec 15 12:23:06 carol charon: 00[IMC] operating system version is '14.04 x86_64'
Dec 15 12:23:06 carol charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
Dec 15 12:23:06 carol charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so'

The Attestation IMC is initialized and determines which PTS measurement algorithms are available

Dec 15 12:23:06 carol charon: 00[IMC] IMC 2 "Attestation" initialized
Dec 15 12:23:06 carol charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[openssl] available
Dec 15 12:23:06 carol charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Dec 15 12:23:06 carol charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
Dec 15 12:23:06 carol charon: 00[PTS]   optional  PTS DH group MODP_2048[openssl] available
Dec 15 12:23:06 carol charon: 00[PTS]   optional  PTS DH group MODP_1536[openssl] available
Dec 15 12:23:06 carol charon: 00[PTS]   optional  PTS DH group MODP_1024[openssl] available
Dec 15 12:23:06 carol charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
Dec 15 12:23:06 carol charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
Dec 15 12:23:06 carol charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:06 carol charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'

Next the IKEv2 credentials, all necessary plugins and the IPsec connection definition are loaded
Dec 15 12:23:06 carol charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Dec 15 12:23:06 carol charon: 00[CFG]   loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem'
Dec 15 12:23:06 carol charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Dec 15 12:23:06 carol charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Dec 15 12:23:06 carol charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Dec 15 12:23:06 carol charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Dec 15 12:23:06 carol charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Dec 15 12:23:06 carol charon: 00[CFG]   loaded EAP secret for carol@strongswan.org
Dec 15 12:23:06 carol charon: 00[LIB] loaded plugins: charon random nonce pkcs1 pkcs8 pem x509 pubkey openssl revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke
Dec 15 12:23:06 carol charon: 00[JOB] spawning 16 worker threads
Dec 15 12:23:06 carol charon: 05[CFG] received stroke: add connection 'home'
Dec 15 12:23:06 carol charon: 05[CFG] left nor right host is our side, assuming left=local
Dec 15 12:23:06 carol charon: 05[CFG] added configuration 'home'

IKEv2 Exchanges

Due to auto=start the IKEv2 negotiation automatically initiates the exchange with an IKE_SA_INIT request

Dec 15 12:23:06 carol charon: 08[CFG] received stroke: initiate 'home'
Dec 15 12:23:06 carol charon: 08[IKE] initiating IKE_SA home[1] to 192.168.0.1
Dec 15 12:23:06 carol charon: 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Dec 15 12:23:06 carol charon: 08[NET] sending packet: from 192.168.0.254[500] to 192.168.0.1[500] (284 bytes)

followed by the IKE_SA_INIT response from the responder. The initiator carol then sends an IKE_AUTH request without an AUTH payload thus indicating IKEv2 EAP authentication.

Dec 15 12:23:06 carol charon: 09[NET] received packet: from 192.168.0.1[500] to 192.168.0.254[500] (248 bytes)
Dec 15 12:23:06 carol charon: 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Dec 15 12:23:06 carol charon: 09[IKE] establishing CHILD_SA home
Dec 15 12:23:06 carol charon: 09[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Dec 15 12:23:06 carol charon: 09[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (320 bytes)

The IKE_AUTH response of the gateway does not contain an AUTH payload either thus proposing a mutual IKEv2 EAP-TTLS only authentication:

Dec 15 12:23:06 carol charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (112 bytes)
Dec 15 12:23:06 carol charon: 10[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]
Dec 15 12:23:06 carol charon: 10[IKE] server requested EAP_TTLS authentication (id 0x9E)
Dec 15 12:23:06 carol charon: 10[TLS] EAP_TTLS version is v0
Dec 15 12:23:06 carol charon: 10[IKE] allow mutual EAP-only authentication
Dec 15 12:23:06 carol charon: 10[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ]
Dec 15 12:23:06 carol charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (224 bytes)

IKEv2 EAP-TTLS Tunnel

The IKEv2 EAP-TTLS tunnel is set up with certificate-based server authentication using the TLS 1.2 cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Dec 15 12:23:06 carol charon: 04[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (1104 bytes)
Dec 15 12:23:06 carol charon: 04[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ]
Dec 15 12:23:06 carol charon: 04[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ]
Dec 15 12:23:06 carol charon: 04[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (80 bytes)
Dec 15 12:23:06 carol charon: 11[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (1104 bytes)
Dec 15 12:23:06 carol charon: 11[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ]
Dec 15 12:23:06 carol charon: 11[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ]
Dec 15 12:23:06 carol charon: 11[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (80 bytes)
Dec 15 12:23:06 carol charon: 12[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (336 bytes)
Dec 15 12:23:06 carol charon: 12[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ]
Dec 15 12:23:06 carol charon: 12[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Dec 15 12:23:06 carol charon: 12[TLS] received TLS server certificate 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org'
Dec 15 12:23:06 carol charon: 12[CFG]   using certificate "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" 
Dec 15 12:23:06 carol charon: 12[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
Dec 15 12:23:06 carol charon: 12[CFG] checking certificate status of "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" 
Dec 15 12:23:06 carol charon: 12[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan.crl' ...
Dec 15 12:23:06 carol charon: 12[LIB]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
Dec 15 12:23:06 carol charon: 12[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
Dec 15 12:23:06 carol charon: 12[CFG]   crl is valid: until Dec 17 11:59:25 2014
Dec 15 12:23:06 carol charon: 12[CFG] certificate status is good
Dec 15 12:23:06 carol charon: 12[CFG]   reached self-signed root ca with a path length of 0
Dec 15 12:23:06 carol charon: 12[TLS] received TLS cert request for 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA
Dec 15 12:23:06 carol charon: 12[TLS] no TLS peer certificate found for 'carol@strongswan.org', skipping client authentication
Dec 15 12:23:06 carol charon: 12[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ]
Dec 15 12:23:06 carol charon: 12[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (544 bytes)

Tunneled EAP-Identity

Via the IKEv2 EAP-TTLS tunnel the server requests the EAP client identity

Dec 15 12:23:06 carol charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (176 bytes)
Dec 15 12:23:06 carol charon: 13[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ]
Dec 15 12:23:06 carol charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID]
Dec 15 12:23:06 carol charon: 13[IKE] server requested EAP_IDENTITY authentication (id 0x00)
Dec 15 12:23:06 carol charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID]
Dec 15 12:23:06 carol charon: 13[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ]
Dec 15 12:23:06 carol charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (144 bytes)

Tunneled EAP-MD5 Client Authentication

Next follows an EAP-MD5 client authentication

Dec 15 12:23:06 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (144 bytes)
Dec 15 12:23:06 carol charon: 14[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ]
Dec 15 12:23:06 carol charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/MD5]
Dec 15 12:23:06 carol charon: 14[IKE] server requested EAP_MD5 authentication (id 0xA8)
Dec 15 12:23:06 carol charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/MD5]
Dec 15 12:23:06 carol charon: 14[ENC] generating IKE_AUTH request 7 [ EAP/RES/TTLS ]
Dec 15 12:23:06 carol charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (144 bytes)

Tunneled PT-EAP Posture Transport Protocol

Now the PT-EAP (RFC771) protocol connecting the TNC client with the TNC server is started:

Dec 15 12:23:06 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (128 bytes)
Dec 15 12:23:06 carol charon: 15[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TTLS ]
Dec 15 12:23:06 carol charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:06 carol charon: 15[IKE] server requested EAP_PT_EAP authentication (id 0xEA)
Dec 15 12:23:06 carol charon: 15[TLS] EAP_PT_EAP version is v1

PB-TNC/IF-TNCCS 2.0 Connection

A new IF-TNCCS connection is instantiated on the TNC client and its PB-TNC state machine is set to the Init state.

Dec 15 12:23:06 carol charon: 15[TNC] assigned TNCCS Connection ID 1

An instance of the OS IMC is created. Its IF-IMC 1.3 interface has the capability of querying various TNC network parameters

Dec 15 12:23:06 carol charon: 15[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Dec 15 12:23:06 carol charon: 15[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 32722 bytes

Also an instance of the Attestation IMC is created which loads the AIK public key and the matching AIK private key, the latter in the form of a TPM-encrypted binary blob

Dec 15 12:23:06 carol charon: 15[PTS] loaded AIK public key from '/etc/pts/aikPub.der'
Dec 15 12:23:06 carol charon: 15[PTS] loaded AIK Blob from '/etc/pts/aikBlob.bin'
Dec 15 12:23:06 carol charon: 15[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Dec 15 12:23:06 carol charon: 15[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 32722 bytes

Via the IF-IMC interface the IMCs receive a 'Handshake' state change from the TNC client

Dec 15 12:23:06 carol charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 1 to 'Handshake'
Dec 15 12:23:06 carol charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 1 to 'Handshake'

The OS IMC determines some additional operating system parameters, using the SHA-1 fingerprint of the AIK public as a hardware device ID

Dec 15 12:23:06 carol charon: 15[IMC] operating system numeric version is 14.4
Dec 15 12:23:06 carol charon: 15[IMC] last boot: Dec 15 10:45:10 UTC 2014, 2276 s ago
Dec 15 12:23:06 carol charon: 15[IMC] IPv4 forwarding is enabled
Dec 15 12:23:06 carol charon: 15[IMC] factory default password is disabled
Dec 15 12:23:06 carol charon: 15[IMC] loaded device public key from '/etc/pts/aikPub.der'
Dec 15 12:23:06 carol charon: 15[IMC] device ID is e61276cae552799c71cc84abae619ab14c8b0b8b

The OS IMC fills all this information into PA-TNC attributes and packs the attributes into a PA-TNC message of type 'IETF/Operating System'

Dec 15 12:23:06 carol charon: 15[TNC] creating PA-TNC message with ID 0x54936c39
Dec 15 12:23:06 carol charon: 15[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Dec 15 12:23:06 carol charon: 15[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Dec 15 12:23:06 carol charon: 15[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Dec 15 12:23:06 carol charon: 15[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Dec 15 12:23:06 carol charon: 15[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Dec 15 12:23:06 carol charon: 15[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Dec 15 12:23:06 carol charon: 15[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
Dec 15 12:23:06 carol charon: 15[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001

The TNC Client wraps the PA-TNC message into a PB-PA message and puts it together with a Language Preference message into a PB-TNC Client Data batch

Dec 15 12:23:06 carol charon: 15[TNC] PB-TNC state transition from 'Init' to 'Server Working'
Dec 15 12:23:06 carol charon: 15[TNC] creating PB-TNC CDATA batch
Dec 15 12:23:06 carol charon: 15[TNC] adding IETF/PB-Language-Preference message
Dec 15 12:23:06 carol charon: 15[TNC] adding IETF/PB-PA message
Dec 15 12:23:06 carol charon: 15[TNC] sending PB-TNC CDATA batch (269 bytes) for Connection ID 1
Dec 15 12:23:06 carol charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:06 carol charon: 15[ENC] generating IKE_AUTH request 8 [ EAP/RES/TTLS ]
Dec 15 12:23:06 carol charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (400 bytes)

PTS Capability Discovery

As a response a PB-TNC SDATA batch is received from the TNC server containing a PB-PA message of type TCG/PTS to which the Attestation IMC is subscribed:

Dec 15 12:23:07 carol charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (224 bytes)
Dec 15 12:23:07 carol charon: 06[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TTLS ]
Dec 15 12:23:07 carol charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:07 carol charon: 06[TNC] received TNCCS batch (92 bytes) for Connection ID 1
Dec 15 12:23:07 carol charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Dec 15 12:23:07 carol charon: 06[TNC] processing PB-TNC SDATA batch
Dec 15 12:23:07 carol charon: 06[TNC] processing IETF/PB-PA message (84 bytes)
Dec 15 12:23:07 carol charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:07 carol charon: 06[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Dec 15 12:23:07 carol charon: 06[TNC] processing PA-TNC message with ID 0x56d5c1ea
Dec 15 12:23:07 carol charon: 06[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Dec 15 12:23:07 carol charon: 06[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Dec 15 12:23:07 carol charon: 06[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000

Via the 'TCG/Max Attribute Size Request' the Attestation IMV signals the willingness to accept segmented PA-TNC attributes. This feature will not be needed in our use case since all TPM-based measurement attributes will be small in size.

Dec 15 12:23:07 carol charon: 06[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:07 carol charon: 06[IMC]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Dec 15 12:23:07 carol charon: 06[IMC]   lowered maximum segment size to 32678 bytes

The PTS-IMC supports the Verification (V), DH Nonce Negotiation (D) and Trusted Platform Evidence (T) PTS protocol capabilities.

Dec 15 12:23:07 carol charon: 06[PTS] supported PTS protocol capabilities: .VDT.
Dec 15 12:23:07 carol charon: 06[PTS] selected PTS measurement algorithm is HASH_SHA1
Dec 15 12:23:07 carol charon: 06[TNC] creating PA-TNC message with ID 0xc43c8c42
Dec 15 12:23:07 carol charon: 06[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Dec 15 12:23:07 carol charon: 06[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Dec 15 12:23:07 carol charon: 06[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Dec 15 12:23:07 carol charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:07 carol charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Dec 15 12:23:07 carol charon: 06[TNC] creating PB-TNC CDATA batch
Dec 15 12:23:07 carol charon: 06[TNC] adding IETF/PB-PA message
Dec 15 12:23:07 carol charon: 06[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 1
Dec 15 12:23:07 carol charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:07 carol charon: 06[ENC] generating IKE_AUTH request 9 [ EAP/RES/TTLS ]
Dec 15 12:23:07 carol charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (224 bytes)

DH Nonce Parameters

The PA-TNC message contains a 'Request File Metadata' and a 'DH Nonce Parameters Request' PA-TNC attribute from the TCG namespace:

Dec 15 12:23:07 carol charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (224 bytes)
Dec 15 12:23:07 carol charon: 05[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TTLS ]
Dec 15 12:23:07 carol charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:07 carol charon: 05[TNC] received TNCCS batch (87 bytes) for Connection ID 1
Dec 15 12:23:07 carol charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Dec 15 12:23:07 carol charon: 05[TNC] processing PB-TNC SDATA batch
Dec 15 12:23:07 carol charon: 05[TNC] processing IETF/PB-PA message (79 bytes)
Dec 15 12:23:07 carol charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:07 carol charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Dec 15 12:23:07 carol charon: 05[TNC] processing PA-TNC message with ID 0xcac35af3
Dec 15 12:23:07 carol charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Dec 15 12:23:07 carol charon: 05[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000

The metadata request is for the file '/etc/tnc_config'

Dec 15 12:23:07 carol charon: 05[IMC] metadata request for file '/etc/tnc_config'

and the IMC selects ECP_256 (group 14) and returns a 20 byte DH responder nonce and the 32 byte ECP_256 DH responder public value.

Dec 15 12:23:07 carol charon: 05[PTS] selected PTS DH group is ECP_256
Dec 15 12:23:07 carol charon: 05[PTS] nonce length is 20

Both response attributes are sent back to the IMV in a PA-TNC message carried in a PB-TNC Client Data batch

Dec 15 12:23:07 carol charon: 05[TNC] creating PA-TNC message with ID 0x6e2bb28d
Dec 15 12:23:07 carol charon: 05[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Dec 15 12:23:07 carol charon: 05[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Dec 15 12:23:07 carol charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:07 carol charon: 05[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Dec 15 12:23:07 carol charon: 05[TNC] creating PB-TNC CDATA batch
Dec 15 12:23:07 carol charon: 05[TNC] adding IETF/PB-PA message
Dec 15 12:23:07 carol charon: 05[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 1
Dec 15 12:23:07 carol charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:07 carol charon: 05[ENC] generating IKE_AUTH request 10 [ EAP/RES/TTLS ]
Dec 15 12:23:07 carol charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (352 bytes)

DH Nonce Finish, TPM Version Information and AIK Public Key

The PA-TNC message contains 'DH Nonce Finish', 'Get TPM Version Information' and 'Get Attestation Identity Key'
attributes from the TCG namespace:

Dec 15 12:23:07 carol charon: 07[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (304 bytes)
Dec 15 12:23:07 carol charon: 07[ENC] parsed IKE_AUTH response 10 [ EAP/REQ/TTLS ]
Dec 15 12:23:07 carol charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:07 carol charon: 07[TNC] received TNCCS batch (172 bytes) for Connection ID 1
Dec 15 12:23:07 carol charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Dec 15 12:23:07 carol charon: 07[TNC] processing PB-TNC SDATA batch
Dec 15 12:23:07 carol charon: 07[TNC] processing IETF/PB-PA message (164 bytes)
Dec 15 12:23:07 carol charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:07 carol charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Dec 15 12:23:07 carol charon: 07[TNC] processing PA-TNC message with ID 0xed635120
Dec 15 12:23:07 carol charon: 07[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Dec 15 12:23:07 carol charon: 07[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Dec 15 12:23:07 carol charon: 07[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000

The DH secret can be computed from the public DH factor and nonce received from the Attestation IMV

Dec 15 12:23:07 carol charon: 07[PTS] selected DH hash algorithm is HASH_SHA1
Dec 15 12:23:07 carol charon: 06[PTS] initiator nonce: => 20 bytes @ 0x7fb0f8003c20
Dec 15 12:23:07 carol charon: 06[PTS]    0: 60 8E 64 FD ED C3 DB 9E 90 77 B6 C6 B8 33 C6 DC  `.d......w...3..
Dec 15 12:23:07 carol charon: 06[PTS]   16: 77 84 65 95                                      w.e.
Dec 15 12:23:07 carol charon: 06[PTS] responder nonce: => 20 bytes @ 0x7fb104001a60
Dec 15 12:23:07 carol charon: 06[PTS]    0: ED 11 24 61 DD 12 EF B5 A1 E0 A5 1D 42 63 16 36  ..$a........Bc.6
Dec 15 12:23:07 carol charon: 06[PTS]   16: C3 2C 35 3F                                      .,5?
Dec 15 12:23:07 carol charon: 06[PTS] shared DH secret: => 32 bytes @ 0x7fb0f8000f30
Dec 15 12:23:07 carol charon: 06[PTS]    0: 4B 10 3D EE 57 C5 8C 69 EA EC A1 2A EB 90 07 DD  K.=.W..i...*....
Dec 15 12:23:07 carol charon: 06[PTS]   16: D0 6F 57 AA 1C 78 21 F1 51 37 FC 64 E4 81 53 5C  .oW..x!.Q7.d..S\
Dec 15 12:23:07 carol charon: 06[PTS] secret assessment value: => 20 bytes @ 0x7fb0f8003820
Dec 15 12:23:07 carol charon: 06[PTS]    0: 7F EA FB FC 53 58 3C BE FF 71 15 11 97 C0 6E 2B  ....SX<..q....n+
Dec 15 12:23:07 carol charon: 06[PTS]   16: E4 30 CB 30                                      .0.0  

The version info is extracted from the TPM

Dec 15 12:23:07 carol charon: 07[PTS] TPM Version Info: Chip Version: 1.2.3.19, Spec Level: 2, Errata Rev: 2, Vendor ID: IFX

Dec 15 12:23:07 carol charon: 07[TNC] creating PA-TNC message with ID 0x58674702
Dec 15 12:23:07 carol charon: 07[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Dec 15 12:23:07 carol charon: 07[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Dec 15 12:23:07 carol charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:07 carol charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Dec 15 12:23:07 carol charon: 07[TNC] creating PB-TNC CDATA batch
Dec 15 12:23:07 carol charon: 07[TNC] adding IETF/PB-PA message
Dec 15 12:23:07 carol charon: 07[TNC] sending PB-TNC CDATA batch (379 bytes) for Connection ID 1
Dec 15 12:23:07 carol charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:07 carol charon: 07[ENC] generating IKE_AUTH request 11 [ EAP/RES/TTLS ]
Dec 15 12:23:07 carol charon: 07[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (512 bytes)

Functional Component Evidence

Two functional component evidence requests are received

Dec 15 12:23:07 carol charon: 08[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (224 bytes)
Dec 15 12:23:07 carol charon: 08[ENC] parsed IKE_AUTH response 11 [ EAP/REQ/TTLS ]
Dec 15 12:23:07 carol charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:07 carol charon: 08[TNC] received TNCCS batch (92 bytes) for Connection ID 1
Dec 15 12:23:07 carol charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Dec 15 12:23:07 carol charon: 08[TNC] processing PB-TNC SDATA batch
Dec 15 12:23:07 carol charon: 08[TNC] processing IETF/PB-PA message (84 bytes)
Dec 15 12:23:07 carol charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:07 carol charon: 08[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Dec 15 12:23:07 carol charon: 08[TNC] processing PA-TNC message with ID 0xbc64fb3a
Dec 15 12:23:07 carol charon: 08[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
Dec 15 12:23:07 carol charon: 08[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
Dec 15 12:23:07 carol charon: 08[IMC] evidence requested for 2 functional components

The first functional component collects evidence on the BIOS-based pre-boot phase

Dec 15 12:23:07 carol charon: 08[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Dec 15 12:23:07 carol charon: 08[PTS] PCR Event Type  (Size)
Dec 15 12:23:07 carol charon: 08[PTS]  0  S-CRTM Version  (16 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  0  POST Code  (16 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  2  EFI Runtime Services Driver  (32 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  2  Event Tag  (32 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  2  Event Tag  (32 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  0  EFI Handoff Tables  (32 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  0  Separator  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  1  Separator  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  2  Separator  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  3  Separator  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  4  Separator  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  5  Separator  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  6  Separator  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  7  Separator  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  4  Action  (15 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]      'Calling INT 19h'
Dec 15 12:23:07 carol charon: 08[PTS]  4  Action  (16 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]      'Returned INT 19h'
Dec 15 12:23:07 carol charon: 08[PTS]  4  Action  (49 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]      'Booting Bcv Device P0: SAMSUNG MZ7TE128HMGR-00004'
Dec 15 12:23:07 carol charon: 08[PTS]  4  IPL  (0 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  5  IPL Partition Data  (0 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  8  Compact Hash  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS]  9  Compact Hash  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS] 10  Compact Hash  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS] 11  Compact Hash  (4 bytes)
Dec 15 12:23:07 carol charon: 08[PTS] loaded bios measurements '/sys/kernel/security/tpm0/binary_bios_measurements' (23 entries)
Dec 15 12:23:07 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Dec 15 12:23:07 carol charon: 08[PTS] measurement time: Dec 15 11:45:10 2014
Dec 15 12:23:07 carol charon: 08[PTS] PCR  0 extended with: c4:2f:ed:ad:26:82:00:cb:1d:15:f9:78:41:c3:44:e7:9d:ae:33:20
Dec 15 12:23:07 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Dec 15 12:23:07 carol charon: 08[PTS] measurement time: Dec 15 11:45:10 2014
Dec 15 12:23:07 carol charon: 08[PTS] PCR  0 extended with: 7a:f3:b9:60:7b:00:71:16:15:a2:3d:09:6a:70:2e:79:10:58:b5:6d
                                      ... 20 more measurements
Dec 15 12:23:07 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Dec 15 12:23:07 carol charon: 08[PTS] measurement time: Dec 15 11:45:10 2014
Dec 15 12:23:07 carol charon: 08[PTS] PCR 11 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73

The second functional component collects evidence on executed files, loaded libraries and loaded kernel modules using the Linux Integrity Measurement Architecture (IMA) mechanism

Dec 15 12:23:07 carol charon: 08[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Dec 15 12:23:07 carol charon: 08[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (1287 entries)
Dec 15 12:23:07 carol charon: 08[PTS] boot aggregate value is correct
Dec 15 12:23:07 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Dec 15 12:23:07 carol charon: 08[PTS] measurement time: Dec 15 11:45:11 2014
Dec 15 12:23:07 carol charon: 08[PTS] PCR 10 extended with: 80:6c:dd:d3:e0:b4:f0:88:ad:36:e7:2d:8a:6d:b0:54:9b:74:78:eb
Dec 15 12:23:07 carol charon: 08[PTS] 'sha1:boot_aggregate'
Dec 15 12:23:07 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Dec 15 12:23:07 carol charon: 08[PTS] measurement time: Dec 15 11:45:11 2014
Dec 15 12:23:07 carol charon: 08[PTS] PCR 10 extended with: ef:41:1b:ae:16:4f:d6:24:ea:94:fc:9e:f8:2f:89:2c:82:d7:8d:cd
Dec 15 12:23:07 carol charon: 08[PTS] 'sha1:/init'
Dec 15 12:23:07 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Dec 15 12:23:07 carol charon: 08[PTS] measurement time: Dec 15 11:45:11 2014
Dec 15 12:23:07 carol charon: 08[PTS] PCR 10 extended with: bd:32:e4:52:e1:4f:84:eb:22:d6:ac:9e:9e:1c:61:ee:ac:3c:d7:a4
Dec 15 12:23:07 carol charon: 08[PTS] 'sha1:/bin/sh'
Dec 15 12:23:07 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Dec 15 12:23:07 carol charon: 08[PTS] measurement time: Dec 15 11:45:11 2014
Dec 15 12:23:07 carol charon: 08[PTS] PCR 10 extended with: ee:fd:4a:6b:eb:d6:b0:01:ff:58:7c:23:35:a3:dd:03:53:5d:5a:17
Dec 15 12:23:07 carol charon: 08[PTS] 'sha1:/lib64/ld-linux-x86-64.so.2'
Dec 15 12:23:07 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Dec 15 12:23:07 carol charon: 08[PTS] measurement time: Dec 15 11:45:11 2014
Dec 15 12:23:07 carol charon: 08[PTS] PCR 10 extended with: e7:ff:45:66:4c:37:6e:50:ab:f4:24:8b:c7:c3:f3:b1:14:6b:3f:79
Dec 15 12:23:07 carol charon: 08[PTS] 'sha1:/etc/ld.so.cache'
Dec 15 12:23:07 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Dec 15 12:23:07 carol charon: 08[PTS] measurement time: Dec 15 11:45:11 2014
Dec 15 12:23:07 carol charon: 08[PTS] PCR 10 extended with: 24:7d:3e:b7:77:32:b6:ea:d5:79:21:7d:05:41:cc:8c:58:19:b8:a2
Dec 15 12:23:07 carol charon: 08[PTS] 'sha1:/lib/x86_64-linux-gnu/libc.so.6'
                                      ... 1279 more measurements 
Dec 15 12:23:09 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Dec 15 12:23:09 carol charon: 08[PTS] measurement time: Dec 15 11:45:11 2014
Dec 15 12:23:09 carol charon: 08[PTS] PCR 10 extended with: 8f:8e:51:cc:38:8c:37:88:71:33:2a:09:14:fe:e9:60:4e:4e:c9:4c
Dec 15 12:23:09 carol charon: 08[PTS]'sha1:/lib/modules/3.13.0-40-generic/kernel/crypto/seqiv.ko'
Dec 15 12:23:09 carol charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Dec 15 12:23:09 carol charon: 08[PTS] measurement time: Dec 15 11:45:11 2014
Dec 15 12:23:09 carol charon: 08[PTS] PCR 10 extended with: 78:93:67:8c:fd:a9:80:2a:82:97:51:f0:4e:c8:01:dd:38:ec:94:0a
Dec 15 12:23:06 carol charon: 08[PTS] 'sha1:/usr/bin/less'

TPM Quote Signature

The TPM signs the latest state of the PCR registers 00 to 11 using the AIK key

Dec 15 12:23:09 carol charon: 08[PTS] Hash of PCR Composite: 14:96:9d:81:5a:40:71:29:f5:24:75:40:a8:a5:0b:90:ff:e4:44:c6
Dec 15 12:23:09 carol charon: 08[PTS] TPM Quote Info: => 52 bytes @ 0x7f5e10045870
Dec 15 12:23:09 carol charon: 08[PTS]    0: 00 36 51 55 54 32 4F 3C 0A 83 A8 47 61 29 2E 47  .6QUT2O<...Ga).G
Dec 15 12:23:09 carol charon: 08[PTS]   16: C6 D9 87 77 E2 76 08 DC 99 9A 00 03 FF 0F 00 01  ...w.v..........
Dec 15 12:23:09 carol charon: 08[PTS]   32: 14 96 9D 81 5A 40 71 29 F5 24 75 40 A8 A5 0B 90  ....Z@q).$u@....
Dec 15 12:23:09 carol charon: 08[PTS]   48: FF E4 44 C6                                      ..D.
Dec 15 12:23:09 carol charon: 08[PTS] TPM Quote Signature: => 256 bytes @ 0x7f5e100c0a00
Dec 15 12:23:09 carol charon: 08[PTS]    0: 33 02 05 81 03 EB 32 58 67 63 8E 55 31 CA F9 79  3.....2Xgc.U1..y
Dec 15 12:23:09 carol charon: 08[PTS]   16: 89 8F 85 6C 3C D5 8A 86 1E 7F 07 E7 BC EE C7 75  ...l<..........u
Dec 15 12:23:09 carol charon: 08[PTS]   32: C4 05 77 D3 A3 13 3D 67 C3 08 71 DB 28 CB 0E 85  ..w...=g..q.(...
Dec 15 12:23:09 carol charon: 08[PTS]   48: 96 0B 88 C3 B7 DE 0B B3 FD FA 5B 2D 10 5F 43 4B  ..........[-._CK
Dec 15 12:23:09 carol charon: 08[PTS]   64: 6D 73 0B DD 0E 96 6C 22 9A B6 8C 90 3F 5A 14 CF  ms....l"....?Z..
Dec 15 12:23:09 carol charon: 08[PTS]   80: 59 57 55 6C C3 74 AA 4E A2 1F C9 08 AE 58 E5 E2  YWUl.t.N.....X..
Dec 15 12:23:09 carol charon: 08[PTS]   96: FF 49 86 D6 DC A1 2D 62 17 8E A9 B4 6C D8 62 A4  .I....-b....l.b.
Dec 15 12:23:09 carol charon: 08[PTS]  112: 80 6A C0 71 C3 B4 37 5C 9A 36 27 C0 7D 51 A2 F6  .j.q..7\.6'.}Q..
Dec 15 12:23:09 carol charon: 08[PTS]  128: CA A5 56 35 2D CC C9 1D 83 99 9E 90 AE 1C 3F 21  ..V5-.........?!
Dec 15 12:23:09 carol charon: 08[PTS]  144: 5A 5C 84 A1 58 E7 12 95 21 BC 40 AC 11 61 52 18  Z\..X...!.@..aR.
Dec 15 12:23:09 carol charon: 08[PTS]  160: A1 1D BD EB 76 29 E4 BC B7 B3 76 2B E9 3C 1B 4D  ....v)....v+.<.M
Dec 15 12:23:09 carol charon: 08[PTS]  176: 96 3D 61 64 38 B0 7E CF E1 07 0E B9 55 FB 07 CC  .=ad8.~.....U...
Dec 15 12:23:09 carol charon: 08[PTS]  192: DB A3 4A 7C CD 98 45 AB 0A 51 A6 16 A1 64 AC FA  ..J|..E..Q...d..
Dec 15 12:23:09 carol charon: 08[PTS]  208: A8 53 7C 7A 2C D7 DB DC A3 6D 3E 68 73 09 73 4B  .S|z,....m>hs.sK
Dec 15 12:23:09 carol charon: 08[PTS]  224: F7 ED DB CD 3D 69 0F 6F B8 8E 47 9E 08 09 31 4F  ....=i.o..G...1O
Dec 15 12:23:09 carol charon: 08[PTS]  240: D5 8F BB CD 8B 45 85 4D CD 19 27 14 63 0D 2E F4  .....E.M..'.c...

The collected simple component evidence attributes plus the simple evidenc final attribute containing the TPM Quote Info and TPM Quote Signature are transmitted in 5 PB-TNC batches.

Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC message with ID 0xf9b4669d
Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
                                      ... 293 more PA-TNC attributes
Dec 15 12:23:09 carol charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC message with ID 0x2d96885b
Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
                                      ... 276 more PA-TNC attributes
Dec 15 12:23:09 carol charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC message with ID 0x253850ae
Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
                                      ... 271 more PA-TNC attributes
Dec 15 12:23:09 carol charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC message with ID 0x211fab41
Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
                                      ... 263 more PA-TNC attributes
Dec 15 12:23:09 carol charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC message with ID 0x7fa041ec
Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
                                      ... 202 more PA-TNC attributes
Dec 15 12:23:09 carol charon: 08[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
Dec 15 12:23:09 carol charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:09 carol charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Dec 15 12:23:09 carol charon: 08[TNC] creating PB-TNC CDATA batch
Dec 15 12:23:09 carol charon: 08[TNC] adding IETF/PB-PA message
Dec 15 12:23:09 carol charon: 08[TNC] sending PB-TNC CDATA batch (32692 bytes) for Connection ID 1
Dec 15 12:23:09 carol charon: 08[TNC] queued 4 PB-TNC messages for next CDATA batch
Dec 15 12:23:09 carol charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:09 carol charon: 08[ENC] generating IKE_AUTH request 12 [ EAP/RES/TTLS ]
Dec 15 12:23:09 carol charon: 08[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:09 carol charon: 09[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:09 carol charon: 09[ENC] parsed IKE_AUTH response 12 [ EAP/REQ/TTLS ]
Dec 15 12:23:09 carol charon: 09[ENC] generating IKE_AUTH request 13 [ EAP/RES/TTLS ]
Dec 15 12:23:09 carol charon: 09[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:09 carol charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:09 carol charon: 10[ENC] parsed IKE_AUTH response 13 [ EAP/REQ/TTLS ]
                                      ... 30 more IKE_AUTH request/response pairs
Dec 15 12:23:09 carol charon: 15[ENC] generating IKE_AUTH request 44 [ EAP/RES/TTLS ]
Dec 15 12:23:09 carol charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (272 bytes)
Dec 15 12:23:11 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (144 bytes)
Dec 15 12:23:11 carol charon: 14[ENC] parsed IKE_AUTH response 44 [ EAP/REQ/TTLS ]
Dec 15 12:23:11 carol charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:11 carol charon: 14[TNC] received TNCCS batch (8 bytes) for Connection ID 1
Dec 15 12:23:11 carol charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Dec 15 12:23:11 carol charon: 14[TNC] processing PB-TNC SDATA batch
Dec 15 12:23:11 carol charon: 14[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Dec 15 12:23:11 carol charon: 14[TNC] creating PB-TNC CDATA batch
Dec 15 12:23:11 carol charon: 14[TNC] adding IETF/PB-PA message
Dec 15 12:23:11 carol charon: 14[TNC] sending PB-TNC CDATA batch (32658 bytes) for Connection ID 1
Dec 15 12:23:11 carol charon: 14[TNC] queued 3 PB-TNC messages for next CDATA batch
Dec 15 12:23:11 carol charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:11 carol charon: 14[ENC] generating IKE_AUTH request 45 [ EAP/RES/TTLS ]
Dec 15 12:23:11 carol charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:11 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:11 carol charon: 15[ENC] parsed IKE_AUTH response 45 [ EAP/REQ/TTLS ]
Dec 15 12:23:11 carol charon: 15[ENC] generating IKE_AUTH request 46 [ EAP/RES/TTLS ]
Dec 15 12:23:11 carol charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:11 carol charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:11 carol charon: 06[ENC] parsed IKE_AUTH response 46 [ EAP/REQ/TTLS ]
                                      ... 30 more IKE_AUTH request/response pairs
Dec 15 12:23:11 carol charon: 11[ENC] generating IKE_AUTH request 77 [ EAP/RES/TTLS ]
Dec 15 12:23:11 carol charon: 11[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (240 bytes)
Dec 15 12:23:12 carol charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (144 bytes)
Dec 15 12:23:12 carol charon: 13[ENC] parsed IKE_AUTH response 77 [ EAP/REQ/TTLS ]
Dec 15 12:23:12 carol charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:12 carol charon: 13[TNC] received TNCCS batch (8 bytes) for Connection ID 1
Dec 15 12:23:12 carol charon: 13[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Dec 15 12:23:12 carol charon: 13[TNC] processing PB-TNC SDATA batch
Dec 15 12:23:12 carol charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Dec 15 12:23:12 carol charon: 13[TNC] creating PB-TNC CDATA batch
Dec 15 12:23:12 carol charon: 13[TNC] adding IETF/PB-PA message
Dec 15 12:23:12 carol charon: 13[TNC] sending PB-TNC CDATA batch (32675 bytes) for Connection ID 1
Dec 15 12:23:12 carol charon: 13[TNC] queued 2 PB-TNC messages for next CDATA batch
Dec 15 12:23:12 carol charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:12 carol charon: 13[ENC] generating IKE_AUTH request 78 [ EAP/RES/TTLS ]
Dec 15 12:23:12 carol charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:12 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:12 carol charon: 14[ENC] parsed IKE_AUTH response 78 [ EAP/REQ/TTLS ]
Dec 15 12:23:12 carol charon: 14[ENC] generating IKE_AUTH request 79 [ EAP/RES/TTLS ]
Dec 15 12:23:12 carol charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:12 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:12 carol charon: 15[ENC] parsed IKE_AUTH response 79 [ EAP/REQ/TTLS ]
                                      ... 30 more IKE_AUTH request/response pairs
Dec 15 12:23:12 carol charon: 10[ENC] generating IKE_AUTH request 110 [ EAP/RES/TTLS ]
Dec 15 12:23:12 carol charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (256 bytes)
Dec 15 12:23:14 carol charon: 08[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (144 bytes)
Dec 15 12:23:14 carol charon: 08[ENC] parsed IKE_AUTH response 110 [ EAP/REQ/TTLS ]
Dec 15 12:23:14 carol charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:14 carol charon: 08[TNC] received TNCCS batch (8 bytes) for Connection ID 1
Dec 15 12:23:14 carol charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Dec 15 12:23:14 carol charon: 08[TNC] processing PB-TNC SDATA batch
Dec 15 12:23:14 carol charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Dec 15 12:23:14 carol charon: 08[TNC] creating PB-TNC CDATA batch
Dec 15 12:23:14 carol charon: 08[TNC] adding IETF/PB-PA message
Dec 15 12:23:14 carol charon: 08[TNC] sending PB-TNC CDATA batch (32683 bytes) for Connection ID 1
Dec 15 12:23:14 carol charon: 08[TNC] queued 1 PB-TNC message for next CDATA batch
Dec 15 12:23:14 carol charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:14 carol charon: 08[ENC] generating IKE_AUTH request 111 [ EAP/RES/TTLS ]
Dec 15 12:23:14 carol charon: 08[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:14 carol charon: 09[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:14 carol charon: 09[ENC] parsed IKE_AUTH response 111 [ EAP/REQ/TTLS ]
Dec 15 12:23:14 carol charon: 09[ENC] generating IKE_AUTH request 112 [ EAP/RES/TTLS ]
Dec 15 12:23:14 carol charon: 09[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:14 carol charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:14 carol charon: 10[ENC] parsed IKE_AUTH response 112 [ EAP/REQ/TTLS ]
                                      ... 30 more IKE_AUTH request/response pairs
Dec 15 12:23:14 carol charon: 15[ENC] generating IKE_AUTH request 143 [ EAP/RES/TTLS ]
Dec 15 12:23:14 carol charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (272 bytes)
Dec 15 12:23:15 carol charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (144 bytes)
Dec 15 12:23:15 carol charon: 13[ENC] parsed IKE_AUTH response 143 [ EAP/REQ/TTLS ]
Dec 15 12:23:15 carol charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:15 carol charon: 13[TNC] received TNCCS batch (8 bytes) for Connection ID 1
Dec 15 12:23:15 carol charon: 13[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Dec 15 12:23:15 carol charon: 13[TNC] processing PB-TNC SDATA batch
Dec 15 12:23:15 carol charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Dec 15 12:23:15 carol charon: 13[TNC] creating PB-TNC CDATA batch
Dec 15 12:23:15 carol charon: 13[TNC] adding IETF/PB-PA message
Dec 15 12:23:15 carol charon: 13[TNC] sending PB-TNC CDATA batch (24776 bytes) for Connection ID 1
Dec 15 12:23:15 carol charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:15 carol charon: 13[ENC] generating IKE_AUTH request 144 [ EAP/RES/TTLS ]
Dec 15 12:23:15 carol charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:15 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:15 carol charon: 14[ENC] parsed IKE_AUTH response 144 [ EAP/REQ/TTLS ]
Dec 15 12:23:15 carol charon: 14[ENC] generating IKE_AUTH request 145 [ EAP/RES/TTLS ]
Dec 15 12:23:15 carol charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:15 carol charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:15 carol charon: 15[ENC] parsed IKE_AUTH response 145 [ EAP/REQ/TTLS ]
                                      ... 21 more IKE_AUTH request/response pairs
Dec 15 12:23:15 carol charon: 12[ENC] generating IKE_AUTH request 167 [ EAP/RES/TTLS ]
Dec 15 12:23:15 carol charon: 12[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (1104 bytes)
Dec 15 12:23:15 carol charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:15 carol charon: 13[ENC] parsed IKE_AUTH response 167 [ EAP/REQ/TTLS ]
Dec 15 12:23:15 carol charon: 13[ENC] generating IKE_AUTH request 168 [ EAP/RES/TTLS ]
Dec 15 12:23:15 carol charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (512 bytes)

Assessment Result

The assessment result and access recommendation messages are received from the TNC Server

Dec 15 12:23:16 carol charon: 11[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (224 bytes)
Dec 15 12:23:16 carol charon: 11[ENC] parsed IKE_AUTH response 168 [ EAP/REQ/TTLS ]
Dec 15 12:23:16 carol charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Dec 15 12:23:16 carol charon: 11[TNC] received TNCCS batch (88 bytes) for Connection ID 1
Dec 15 12:23:16 carol charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
Dec 15 12:23:16 carol charon: 11[TNC] processing PB-TNC RESULT batch
Dec 15 12:23:16 carol charon: 11[TNC] processing IETF/PB-PA message (48 bytes)
Dec 15 12:23:16 carol charon: 11[TNC] processing IETF/PB-Assessment-Result message (16 bytes)
Dec 15 12:23:16 carol charon: 11[TNC] processing IETF/PB-Access-Recommendation message (16 bytes)
Dec 15 12:23:16 carol charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Dec 15 12:23:16 carol charon: 11[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Dec 15 12:23:16 carol charon: 11[TNC] processing PA-TNC message with ID 0xf20fb506
Dec 15 12:23:16 carol charon: 11[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009

Dec 15 12:23:16 carol charon: 11[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 *****
Dec 15 12:23:16 carol charon: 11[IMC] assessment result is 'compliant'
Dec 15 12:23:16 carol charon: 11[IMC] ***** end of assessment *****
Dec 15 12:23:16 carol charon: 11[TNC] PB-TNC assessment result is 'compliant'
Dec 15 12:23:16 carol charon: 11[TNC] PB-TNC access recommendation is 'Access Allowed'
Dec 15 12:23:16 carol charon: 11[IMC] IMC 1 "OS" changed state of Connection ID 1 to 'Allowed'
Dec 15 12:23:16 carol charon: 11[IMC] IMC 2 "Attestation" changed state of Connection ID 1 to 'Allowed'
Dec 15 12:23:16 carol charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End'
Dec 15 12:23:16 carol charon: 11[TNC] creating PB-TNC CLOSE batch
Dec 15 12:23:16 carol charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 1
Dec 15 12:23:16 carol charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Dec 15 12:23:16 carol charon: 11[ENC] generating IKE_AUTH request 169 [ EAP/RES/TTLS ]
Dec 15 12:23:16 carol charon: 11[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (144 bytes)
Dec 15 12:23:16 carol charon: 12[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (112 bytes)
Dec 15 12:23:16 carol charon: 12[ENC] parsed IKE_AUTH response 169 [ EAP/REQ/TTLS ]
Dec 15 12:23:16 carol charon: 12[TLS] received TLS close notify
Dec 15 12:23:16 carol charon: 12[TLS] sending TLS close notify
Dec 15 12:23:16 carol charon: 12[ENC] generating IKE_AUTH request 170 [ EAP/RES/TTLS ]
Dec 15 12:23:16 carol charon: 12[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (112 bytes)

IKEv2 Child SA Establishment

Dec 15 12:23:16 carol charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (80 bytes)
Dec 15 12:23:16 carol charon: 13[ENC] parsed IKE_AUTH response 170 [ EAP/SUCC ]
Dec 15 12:23:16 carol charon: 13[IKE] EAP method EAP_TTLS succeeded, MSK established
Dec 15 12:23:16 carol charon: 13[IKE] authentication of 'carol@strongswan.org' (myself) with EAP
Dec 15 12:23:16 carol charon: 13[ENC] generating IKE_AUTH request 171 [ AUTH ]
Dec 15 12:23:16 carol charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (112 bytes)
Dec 15 12:23:16 carol charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] (272 bytes)
Dec 15 12:23:16 carol charon: 14[ENC] parsed IKE_AUTH response 171 [ AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
Dec 15 12:23:16 carol charon: 14[IKE] authentication of 'moon.strongswan.org' with EAP successful
Dec 15 12:23:16 carol charon: 14[IMC] IMC 1 "OS" deleted the state of Connection ID 1
Dec 15 12:23:16 carol charon: 14[IMC] IMC 2 "Attestation" deleted the state of Connection ID 1
Dec 15 12:23:16 carol charon: 14[TNC] removed TNCCS Connection ID 1
Dec 15 12:23:16 carol charon: 14[IKE] IKE_SA home[1] established between 192.168.0.254[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
Dec 15 12:23:16 carol charon: 14[IKE] scheduling reauthentication in 10117s
Dec 15 12:23:16 carol charon: 14[IKE] maximum IKE_SA lifetime 10657s
Dec 15 12:23:16 carol charon: 14[IKE] CHILD_SA home{1} established with SPIs c1b95275_i cd43e24d_o and TS 192.168.0.254/32 === 10.1.0.0/28 
Dec 15 12:23:16 carol charon: 14[IKE] received AUTH_LIFETIME of 10219s, scheduling reauthentication in 9679s
Dec 15 12:23:16 carol charon: 14[IKE] peer supports MOBIKE

IKEv2 Connection Termination

Dec 15 12:39:54 carol charon: 00[DMN] signal of type SIGINT received. Shutting down
Dec 15 12:39:54 carol charon: 00[IKE] deleting IKE_SA home[1] between 192.168.0.254[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
Dec 15 12:39:54 carol charon: 00[IKE] sending DELETE for IKE_SA home[1]
Dec 15 12:39:54 carol charon: 00[ENC] generating INFORMATIONAL request 172 [ D ]
Dec 15 12:39:54 carol charon: 00[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] (80 bytes)
Dec 15 12:39:54 carol charon: 00[IMC] IMC 2 "Attestation" terminated
Dec 15 12:39:54 carol charon: 00[IMC] IMC 1 "OS" terminated
Dec 15 12:39:54 carol charon: 00[PTS] removed TCG functional component namespace
Dec 15 12:39:54 carol charon: 00[PTS] removed ITA-HSR functional component namespace
Dec 15 12:39:54 carol charon: 00[TNC] removed IETF attributes
Dec 15 12:39:54 carol charon: 00[TNC] removed ITA-HSR attributes
Dec 15 12:39:54 carol charon: 00[TNC] removed TCG attributes
Dec 15 12:39:54 carol charon: 00[LIB] libimcv terminated