- Raspi 3 - Initiating IoT Device
- Configuration Files
- Starting the IKEv2 Daemon
- Initiating IPsec Connection Setup
- Start of Mutual Attestation
- Sending OS Information
- Sending PTS Protocol Capabilites
- Receiving OS Information
- Starting Session with Policy Manager
- Receiving PTS Protocol Capabilities
- Sending TPM Version Information
- Initiator Attestation Measurements
- Generating Initiator TPM Quote Signature
- Receiving TPM Version Information
- Receiving Assessment Result
- Responder Attestation Measurements
- Verifying Responder Attestation Measurements
- Verfiying Responder TPM Quote Signature
- Sending Assessment Result
- strongTNC Policy Manager
- IPsec Connection established
- Terminating the IPsec Connection
- Stopping the IKEv2 Daemon
Raspi 3 - Initiating IoT Device¶
Configuration Files¶
strongSwan IPsec configuration file /etc/ipsec.conf
config setup
charondebug="tnc 2, imc 2, imv 2, pts 3"
conn %default
ike=aes128-sha256-ecp256!
esp=aes128-sha256-ecp256!
keyexchange=ikev2
conn peer
left=10.10.1.39
leftauth=eap-ttls
leftcert=raspi3Cert.pem
leftid=raspi3.example.com
leftfirewall=yes
right=10.10.1.40
rightauth=eap-ttls
rightid=raspi4.example.com
type=transport
auto=add
strongSwan IPsec secrets file /etc/ipsec.secrets
: RSA raspi3Key.pem
strongSwan configuration file /etc/strongswan.conf
# strongswan.conf - strongSwan configuration file
charon {
load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
half_open_timeout = 90
plugins {
eap-ttls
{
max_message_count = 0
request_peer_auth = yes
phase2_piggyback = yes
phase2_tnc = yes
}
eap-tnc {
max_message_count = 0
}
tnccs-20 {
mutual = yes
}
}
}
libimcv {
database = sqlite:///etc/pts/config.db
policy_script = ipsec imv_policy_manager
plugins {
imc-os {
device_pubkey = /etc/pts/aik3Pub.der
}
imc-attestation {
aik_blob = /etc/pts/aik3Blob.bin
aik_cert = /etc/pts/aik3Cert.der
}
imv-attestation {
cadir = /etc/pts/cacerts
hash_algorithm = sha1
}
}
}
libtls {
suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
}
pt-tls-client {
load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl
}
attest {
database=sqlite:///etc/pts/config.db
}
In order to do mutual attestation, both IMCs and IMVs are loaded via /etc/tnc_config.
IMC "OS" /usr/lib/ipsec/imcvs/imc-os.so IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so IMV "Attestation" /usr/lib/ipsec/imcvs/imv-attestation.so
Starting the IKEv2 Daemon¶
First the IKEv2 charon daemon is started in the background
raspi3# ipsec start
Aug 15 14:45:55 raspi3 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l) Aug 15 14:45:55 raspi3 charon: 00[TNC] TNC recommendation policy is 'default' Aug 15 14:45:55 raspi3 charon: 00[TNC] loading IMVs from '/etc/tnc_config' Aug 15 14:45:55 raspi3 charon: 00[TNC] added IETF attributes Aug 15 14:45:55 raspi3 charon: 00[TNC] added ITA-HSR attributes Aug 15 14:45:55 raspi3 charon: 00[TNC] added TCG attributes Aug 15 14:45:55 raspi3 charon: 00[PTS] added TCG functional component namespace Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component namespace Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader' Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot' Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA' Aug 15 14:45:55 raspi3 charon: 00[LIB] libimcv initialized
Loading Attestation IMV
Aug 15 14:45:55 raspi3 charon: 00[IMV] IMV 1 "Attestation" initialized Aug 15 14:45:55 raspi3 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts' Aug 15 14:45:55 raspi3 charon: 00[PTS] loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem' Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available Aug 15 14:45:55 raspi3 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001 Aug 15 14:45:55 raspi3 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so'
Loading OS IMC
Aug 15 14:45:55 raspi3 charon: 00[TNC] loading IMCs from '/etc/tnc_config' Aug 15 14:45:55 raspi3 charon: 00[IMC] IMC 1 "OS" initialized Aug 15 14:45:55 raspi3 charon: 00[IMC] processing "/etc/debian_version" file Aug 15 14:45:55 raspi3 charon: 00[IMC] operating system name is 'Debian' Aug 15 14:45:55 raspi3 charon: 00[IMC] operating system version is '7.8 armv7l' Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001 Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so'
Loading Attestation IMC
Aug 15 14:45:55 raspi3 charon: 00[IMC] IMC 2 "Attestation" initialized Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'
Initializing IKE daemon
Aug 15 14:45:55 raspi3 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Aug 15 14:45:55 raspi3 charon: 00[CFG] loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Aug 15 14:45:55 raspi3 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/raspi3Key.pem' Aug 15 14:45:55 raspi3 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke Aug 15 14:45:55 raspi3 charon: 00[JOB] spawning 16 worker threads
Loading peer IPsec connection
Aug 15 14:45:55 raspi3 charon: 06[CFG] received stroke: add connection 'peer' Aug 15 14:45:55 raspi3 charon: 06[CFG] loaded certificate "C=US, O=TNC Demo, CN=raspi3.example.com" from 'raspi3Cert.pem' Aug 15 14:45:55 raspi3 charon: 06[CFG] added configuration 'peer'
Initiating IPsec Connection Setup¶
The peer IPsec connection to the IoT device raspi4 is initiated using the IKEv2 key exchange protocol
raspi3# ipsec up peer
Aug 15 14:46:05 raspi3 charon: 10[CFG] received stroke: initiate 'peer' Aug 15 14:46:05 raspi3 charon: 11[IKE] initiating IKE_SA peer[1] to 10.10.1.40 Aug 15 14:46:05 raspi3 charon: 11[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] Aug 15 14:46:05 raspi3 charon: 11[NET] sending packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes)
Aug 15 14:46:05 raspi3 charon: 12[NET] received packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes) Aug 15 14:46:05 raspi3 charon: 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ] Aug 15 14:46:05 raspi3 charon: 12[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" Aug 15 14:46:05 raspi3 charon: 12[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" Aug 15 14:46:05 raspi3 charon: 12[IKE] establishing CHILD_SA peer Aug 15 14:46:05 raspi3 charon: 12[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] Aug 15 14:46:05 raspi3 charon: 12[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes)
Aug 15 14:46:05 raspi3 charon: 13[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes) Aug 15 14:46:05 raspi3 charon: 13[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 13[IKE] server requested EAP_TTLS authentication (id 0xDB) Aug 15 14:46:05 raspi3 charon: 13[TLS] EAP_TTLS version is v0 Aug 15 14:46:05 raspi3 charon: 13[IKE] allow mutual EAP-only authentication Aug 15 14:46:05 raspi3 charon: 13[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes)
Aug 15 14:46:05 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:05 raspi3 charon: 14[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 14[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 14[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:05 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes) Aug 15 14:46:05 raspi3 charon: 15[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 15[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Aug 15 14:46:05 raspi3 charon: 15[TLS] received TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com' Aug 15 14:46:05 raspi3 charon: 15[CFG] using certificate "C=US, O=TNC Demo, CN=raspi4.example.com" Aug 15 14:46:05 raspi3 charon: 15[CFG] using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" Aug 15 14:46:05 raspi3 charon: 15[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi4.example.com" Aug 15 14:46:05 raspi3 charon: 15[CFG] certificate status is not available Aug 15 14:46:05 raspi3 charon: 15[CFG] reached self-signed root ca with a path length of 0 Aug 15 14:46:05 raspi3 charon: 15[TLS] received TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA Aug 15 14:46:05 raspi3 charon: 15[TLS] sending TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com' Aug 15 14:46:05 raspi3 charon: 15[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:05 raspi3 charon: 16[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:05 raspi3 charon: 16[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 16[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 16[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes)
Aug 15 14:46:05 raspi3 charon: 09[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:05 raspi3 charon: 09[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID] Aug 15 14:46:05 raspi3 charon: 09[IKE] server requested EAP_IDENTITY authentication (id 0x00) Aug 15 14:46:05 raspi3 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID] Aug 15 14:46:05 raspi3 charon: 09[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 09[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes)
Aug 15 14:46:05 raspi3 charon: 08[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) Aug 15 14:46:05 raspi3 charon: 08[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:05 raspi3 charon: 08[IKE] server requested EAP_PT_EAP authentication (id 0xB8) Aug 15 14:46:05 raspi3 charon: 08[TLS] EAP_PT_EAP version is v1
Start of Mutual Attestation¶
Aug 15 14:46:05 raspi3 charon: 08[TNC] TNC client is handling outbound connection Aug 15 14:46:05 raspi3 charon: 08[TNC] assigned TNCCS Connection ID 1 Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh Aug 15 14:46:05 raspi3 charon: 08[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes Aug 15 14:46:05 raspi3 charon: 08[PTS] loaded AIK certificate from '/etc/pts/aik3Cert.der' Aug 15 14:46:05 raspi3 charon: 08[PTS] loaded AIK Blob from '/etc/pts/aik3Blob.bin' Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh Aug 15 14:46:05 raspi3 charon: 08[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 1 "OS" changed state of Connection ID 1 to 'Handshake' Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 2 "Attestation" changed state of Connection ID 1 to 'Handshake'
Aug 15 14:46:05 raspi3 charon: 08[TNC] proposing PB-TNC mutual half duplex protocol
Sending OS Information¶
Aug 15 14:46:05 raspi3 charon: 08[IMC] operating system numeric version is 7.8 Aug 15 14:46:05 raspi3 charon: 08[IMC] last boot: Aug 15 07:56:52 UTC 2015, 17353 s ago Aug 15 14:46:05 raspi3 charon: 08[IMC] IPv4 forwarding is disabled Aug 15 14:46:05 raspi3 charon: 08[IMC] factory default password is disabled Aug 15 14:46:05 raspi3 charon: 08[IMC] loaded device public key from '/etc/pts/aik3Pub.der' Aug 15 14:46:05 raspi3 charon: 08[IMC] device ID is 565feb9e8462870dba884ce540a0768d68829873
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC message with ID 0x83cf019d Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 Aug 15 14:46:05 raspi3 charon: 08[TNC] PB-TNC state transition from 'Init' to 'Server Working' Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PB-TNC CDATA batch Aug 15 14:46:05 raspi3 charon: 08[TNC] adding ITA-HSR/PB-Mutual-Capability message Aug 15 14:46:05 raspi3 charon: 08[TNC] adding IETF/PB-Language-Preference message Aug 15 14:46:05 raspi3 charon: 08[TNC] adding IETF/PB-PA message Aug 15 14:46:05 raspi3 charon: 08[TNC] sending PB-TNC CDATA batch (283 bytes) for Connection ID 1 Aug 15 14:46:05 raspi3 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:05 raspi3 charon: 08[ENC] generating IKE_AUTH request 7 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 08[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes)
Aug 15 14:46:08 raspi3 charon: 07[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes) Aug 15 14:46:08 raspi3 charon: 07[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 07[TNC] received TNCCS batch (108 bytes)
Aug 15 14:46:08 raspi3 charon: 07[TNC] TNC client is handling inbound connection Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 07[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes) Aug 15 14:46:08 raspi3 charon: 07[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi3 charon: 07[TNC] activating mutual PB-TNC half duplex protocol
Aug 15 14:46:08 raspi3 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC message with ID 0x42501f74 Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi3 charon: 07[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 07[IMC] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Sending PTS Protocol Capabilites¶
Aug 15 14:46:08 raspi3 charon: 07[PTS] supported PTS protocol capabilities: .VDT. Aug 15 14:46:08 raspi3 charon: 07[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC message with ID 0x1d5fa63a Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 07[TNC] TNC server is handling outbound connection Aug 15 14:46:08 raspi3 charon: 07[TNC] assigned TNCCS Connection ID 2 Aug 15 14:46:08 raspi3 charon: 07[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh Aug 15 14:46:08 raspi3 charon: 07[IMV] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes Aug 15 14:46:08 raspi3 charon: 07[IMV] user AR identity 'raspi4.example.com' of type username authenticated by certificate Aug 15 14:46:08 raspi3 charon: 07[IMV] machine AR identity '10.10.1.40' of type IPv4 address authenticated by unknown method Aug 15 14:46:08 raspi3 charon: 07[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Handshake' Aug 15 14:46:08 raspi3 charon: 07[TNC] PB-TNC state transition from 'Init' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PB-TNC SDATA batch Aug 15 14:46:08 raspi3 charon: 07[TNC] sending PB-TNC SDATA batch (8 bytes) for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 07[ENC] generating IKE_AUTH request 8 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 07[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:08 raspi3 charon: 06[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes) Aug 15 14:46:08 raspi3 charon: 06[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 06[TNC] received TNCCS batch (267 bytes)
Aug 15 14:46:08 raspi3 charon: 06[TNC] TNC server is handling inbound connection Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 06[TNC] processing IETF/PB-Language-Preference message (31 bytes) Aug 15 14:46:08 raspi3 charon: 06[TNC] processing IETF/PB-PA message (228 bytes) Aug 15 14:46:08 raspi3 charon: 06[TNC] setting language preference to 'en' Aug 15 14:46:08 raspi3 charon: 06[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 Aug 15 14:46:08 raspi3 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 1 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC message with ID 0x366c28ea Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
Receiving OS Information¶
Aug 15 14:46:08 raspi3 charon: 06[IMV] operating system name is 'Debian' from vendor Debian Project Aug 15 14:46:08 raspi3 charon: 06[IMV] operating system version is '7.8 armv7l' Aug 15 14:46:08 raspi3 charon: 06[IMV] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c
Starting Session with Policy Manager¶
Aug 15 14:46:08 raspi3 charon: 06[IMV] assigned session ID 3 to Connection ID 2 Aug 15 14:46:08 raspi3 charon: 06[IMV] policy: imv_policy_manager start successful Aug 15 14:46:08 raspi3 charon: 06[IMV] policy: skipping enforcment 6 Aug 15 14:46:08 raspi3 charon: 06[IMV] FWDEN workitem 13 Aug 15 14:46:08 raspi3 charon: 06[IMV] FMETA workitem 14 Aug 15 14:46:08 raspi3 charon: 06[IMV] PCKGS workitem 15 Aug 15 14:46:08 raspi3 charon: 06[IMV] TCPOP workitem 16 Aug 15 14:46:08 raspi3 charon: 06[IMV] UDPOP workitem 17 Aug 15 14:46:08 raspi3 charon: 06[IMV] TPMRA workitem 18
Aug 15 14:46:08 raspi3 charon: 06[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 06[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC message with ID 0x918da8fe Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 06[TNC] TNC client is handling outbound connection Aug 15 14:46:08 raspi3 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PB-TNC CDATA batch Aug 15 14:46:08 raspi3 charon: 06[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 06[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 06[ENC] generating IKE_AUTH request 9 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 06[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 05[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:08 raspi3 charon: 05[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 05[TNC] received TNCCS batch (87 bytes)
Aug 15 14:46:08 raspi3 charon: 05[TNC] TNC client is handling inbound connection Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 05[TNC] processing IETF/PB-PA message (79 bytes) Aug 15 14:46:08 raspi3 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PA-TNC message with ID 0xaff3c130 Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi3 charon: 05[IMC] metadata request for file '/etc/tnc_config' Aug 15 14:46:08 raspi3 charon: 05[PTS] selected PTS DH group is ECP_256 Aug 15 14:46:08 raspi3 charon: 05[PTS] nonce length is 20
Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PA-TNC message with ID 0x5e3ee705 Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000 Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 05[TNC] TNC server is handling outbound connection Aug 15 14:46:08 raspi3 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PB-TNC SDATA batch Aug 15 14:46:08 raspi3 charon: 05[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 05[TNC] sending PB-TNC SDATA batch (92 bytes) for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 05[ENC] generating IKE_AUTH request 10 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 05[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 11[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:08 raspi3 charon: 11[ENC] parsed IKE_AUTH response 10 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 11[TNC] received TNCCS batch (92 bytes)
Aug 15 14:46:08 raspi3 charon: 11[TNC] TNC server is handling inbound connection Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 11[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 11[TNC] processing IETF/PB-PA message (84 bytes) Aug 15 14:46:08 raspi3 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1 Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC message with ID 0xf94741eb Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 11[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Receiving PTS Protocol Capabilities¶
Aug 15 14:46:08 raspi3 charon: 11[PTS] supported PTS protocol capabilities: .VDT. Aug 15 14:46:08 raspi3 charon: 11[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 handles FMETA workitem 14 Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 requests metadata for file '/etc/tnc_config' Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 handles TPMRA workitem 18 Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PA-TNC message with ID 0xda2a70e9 Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000 Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 11[TNC] TNC client is handling outbound connection Aug 15 14:46:08 raspi3 charon: 11[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PB-TNC CDATA batch Aug 15 14:46:08 raspi3 charon: 11[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 11[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 11[ENC] generating IKE_AUTH request 11 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 11[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes)
Aug 15 14:46:08 raspi3 charon: 12[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes) Aug 15 14:46:08 raspi3 charon: 12[ENC] parsed IKE_AUTH response 11 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 12[TNC] received TNCCS batch (172 bytes)
Aug 15 14:46:08 raspi3 charon: 12[TNC] TNC client is handling inbound connection Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PB-TNC SDATA batch for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 12[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 12[TNC] processing IETF/PB-PA message (164 bytes) Aug 15 14:46:08 raspi3 charon: 12[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 12[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC message with ID 0xd27d5b33 Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000 Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000 Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:08 raspi3 charon: 12[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 12[PTS] initiator nonce: => 20 bytes @ 0x11d940 Aug 15 14:46:08 raspi3 charon: 12[PTS] 0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15 ......m...@..._. Aug 15 14:46:08 raspi3 charon: 12[PTS] 16: FB 4E 28 AD .N(. Aug 15 14:46:08 raspi3 charon: 12[PTS] responder nonce: => 20 bytes @ 0x11d410 Aug 15 14:46:08 raspi3 charon: 12[PTS] 0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0 =.r9:....0...".. Aug 15 14:46:08 raspi3 charon: 12[PTS] 16: B6 D1 2A 01 ..*. Aug 15 14:46:08 raspi3 charon: 12[PTS] shared DH secret: => 32 bytes @ 0x11e038 Aug 15 14:46:08 raspi3 charon: 12[PTS] 0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA _....9........:. Aug 15 14:46:08 raspi3 charon: 12[PTS] 16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE .#...........QP. Aug 15 14:46:08 raspi3 charon: 12[PTS] secret assessment value: => 20 bytes @ 0x11c5e0 Aug 15 14:46:08 raspi3 charon: 12[PTS] 0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C ...p.x...y.]|..| Aug 15 14:46:08 raspi3 charon: 12[PTS] 16: E0 E0 83 77 ...w
Sending TPM Version Information¶
Aug 15 14:46:08 raspi3 charon: 12[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PA-TNC message with ID 0x641bcea1 Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000 Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 12[TNC] TNC server is handling outbound connection Aug 15 14:46:08 raspi3 charon: 12[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PB-TNC SDATA batch Aug 15 14:46:08 raspi3 charon: 12[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 12[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 12[ENC] generating IKE_AUTH request 12 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 12[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 13[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes) Aug 15 14:46:08 raspi3 charon: 13[ENC] parsed IKE_AUTH response 12 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 13[TNC] received TNCCS batch (226 bytes)
Aug 15 14:46:08 raspi3 charon: 13[TNC] TNC server is handling inbound connection Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 13[TNC] processing IETF/PB-PA message (218 bytes) Aug 15 14:46:08 raspi3 charon: 13[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 13[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1 Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PA-TNC message with ID 0x676268aa Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi3 charon: 13[IMV] metadata request returned 1 file: Aug 15 14:46:08 raspi3 charon: 13[IMV] 'tnc_config' (177 bytes) owner 0, group 0, type Regular Aug 15 14:46:08 raspi3 charon: 13[IMV] created Jun 16 20:09:17 2015, modified Jun 16 20:09:17 2015, accessed Jun 16 20:09:17 2015
Aug 15 14:46:08 raspi3 charon: 13[PTS] selected DH hash algorithm is HASH_SHA1 Aug 15 14:46:08 raspi3 charon: 13[PTS] selected PTS DH group is ECP_256 Aug 15 14:46:08 raspi3 charon: 13[PTS] nonce length is 20
Aug 15 14:46:08 raspi3 charon: 13[PTS] initiator nonce: => 20 bytes @ 0x11d890
Aug 15 14:46:08 raspi3 charon: 13[PTS] 0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A '.Q..f.T.W.I.*}:
Aug 15 14:46:08 raspi3 charon: 13[PTS] 16: F1 38 81 26 .8.&
Aug 15 14:46:08 raspi3 charon: 13[PTS] responder nonce: => 20 bytes @ 0x11e418
Aug 15 14:46:08 raspi3 charon: 13[PTS] 0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71 .H.R...n_..+..&q
Aug 15 14:46:08 raspi3 charon: 13[PTS] 16: 49 73 01 42 Is.B
Aug 15 14:46:08 raspi3 charon: 13[PTS] shared DH secret: => 32 bytes @ 0x127170
Aug 15 14:46:08 raspi3 charon: 13[PTS] 0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11 ......"..5..pA{.
Aug 15 14:46:08 raspi3 charon: 13[PTS] 16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1 .<.2.=..s2... ..
Aug 15 14:46:08 raspi3 charon: 13[PTS] secret assessment value: => 20 bytes @ 0x11e9f0
Aug 15 14:46:08 raspi3 charon: 13[PTS] 0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F .........Q...;..
Aug 15 14:46:08 raspi3 charon: 13[PTS] 16: 68 50 6C DE hPl.
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC message with ID 0xe1b84e91
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 13[TNC] TNC client is handling outbound connection Aug 15 14:46:08 raspi3 charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PB-TNC CDATA batch Aug 15 14:46:08 raspi3 charon: 13[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 13[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 13[ENC] generating IKE_AUTH request 13 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes)
Aug 15 14:46:08 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:08 raspi3 charon: 14[ENC] parsed IKE_AUTH response 13 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 14[TNC] received TNCCS batch (80 bytes)
Aug 15 14:46:08 raspi3 charon: 14[TNC] TNC client is handling inbound connection Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PB-TNC SDATA batch for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 14[TNC] processing IETF/PB-PA message (72 bytes) Aug 15 14:46:08 raspi3 charon: 14[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 14[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PA-TNC message with ID 0xed256fac Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 Aug 15 14:46:08 raspi3 charon: 14[IMC] evidence requested for 1 functional components Aug 15 14:46:08 raspi3 charon: 14[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Initiator Attestation Measurements¶
Aug 15 14:46:08 raspi3 charon: 14[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (434 entries) Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:boot_aggregate' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/init' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/bin/sh' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/bin/mkdir' ... Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/usr/sbin/service' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/bin/cp'
Generating Initiator TPM Quote Signature¶
Aug 15 14:46:09 raspi3 charon: 14[PTS] Hash of PCR Composite: 58:f2:83:91:d6:a8:df:3d:3e:c6:33:c7:24:93:9f:9c:22:a2:01:20 Aug 15 14:46:09 raspi3 charon: 14[PTS] TPM Quote Info: => 52 bytes @ 0x135360 Aug 15 14:46:09 raspi3 charon: 14[PTS] 0: 00 36 51 55 54 32 D8 9D 1E 70 CE 78 C3 13 F2 79 .6QUT2...p.x...y Aug 15 14:46:09 raspi3 charon: 14[PTS] 16: BA 5D 7C E5 05 7C E0 E0 83 77 00 03 00 04 00 01 .]|..|...w...... Aug 15 14:46:09 raspi3 charon: 14[PTS] 32: 58 F2 83 91 D6 A8 DF 3D 3E C6 33 C7 24 93 9F 9C X......=>.3.$... Aug 15 14:46:09 raspi3 charon: 14[PTS] 48: 22 A2 01 20 ".. Aug 15 14:46:09 raspi3 charon: 14[PTS] TPM Quote Signature: => 256 bytes @ 0x14b5d0 Aug 15 14:46:09 raspi3 charon: 14[PTS] 0: 88 6E 6B 2E 33 AC AD 94 E6 A1 38 3E CD EC 9F E9 .nk.3.....8>.... Aug 15 14:46:09 raspi3 charon: 14[PTS] 16: F0 92 E9 E4 4A 66 05 50 0B 30 F2 DF 50 DC 80 4E ....Jf.P.0..P..N Aug 15 14:46:09 raspi3 charon: 14[PTS] 32: F1 AC BE 93 99 06 DF 41 AD 49 F9 DE 09 F1 18 15 .......A.I...... Aug 15 14:46:09 raspi3 charon: 14[PTS] 48: 2B B9 97 D9 DD A9 E9 7F 3D ED B8 BF EB FF 7E C6 +.......=.....~. Aug 15 14:46:09 raspi3 charon: 14[PTS] 64: A1 1A 77 87 67 9B 24 78 46 AC C0 AA 25 FA 87 5F ..w.g.$xF...%.._ Aug 15 14:46:09 raspi3 charon: 14[PTS] 80: E3 F4 F8 33 35 30 C3 31 BE DE 77 A5 2E 4F 8D 3B ...350.1..w..O.; Aug 15 14:46:09 raspi3 charon: 14[PTS] 96: F5 52 36 F4 8E C4 FA D4 A1 61 1C 4B 71 A2 52 8B .R6......a.Kq.R. Aug 15 14:46:09 raspi3 charon: 14[PTS] 112: 80 AD A6 DD 8D E5 D8 47 4F 2B 9C 17 CF BF AC 10 .......GO+...... Aug 15 14:46:09 raspi3 charon: 14[PTS] 128: C6 31 4B 01 C3 59 C3 FD F7 D2 65 C1 F0 32 12 8B .1K..Y....e..2.. Aug 15 14:46:09 raspi3 charon: 14[PTS] 144: 8F 54 49 A7 40 F9 BD 43 86 79 A1 FD 51 05 DB 65 .TI.@..C.y..Q..e Aug 15 14:46:09 raspi3 charon: 14[PTS] 160: C8 A4 C1 67 44 96 89 4D F4 E7 DB D5 AE 67 35 17 ...gD..M.....g5. Aug 15 14:46:09 raspi3 charon: 14[PTS] 176: D7 D3 68 23 E9 1F 98 9E E6 7C 86 89 EE A4 31 68 ..h#.....|....1h Aug 15 14:46:09 raspi3 charon: 14[PTS] 192: 15 B6 F6 E3 10 86 F0 FE C3 9B C2 7D 5B FB 33 BA ...........}[.3. Aug 15 14:46:09 raspi3 charon: 14[PTS] 208: 88 BE 5C D9 71 54 7F BF 72 31 5F 8E 58 4A E9 A4 ..\.qT..r1_.XJ.. Aug 15 14:46:09 raspi3 charon: 14[PTS] 224: B0 8E 3B 55 03 90 AD E1 C8 A0 C7 9C 83 13 DE 0F ..;U............ Aug 15 14:46:09 raspi3 charon: 14[PTS] 240: 60 D8 A4 E2 4C CD E4 E2 A4 BA 11 BE 3D D4 A5 A7 `...L.......=...
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC message with ID 0x2d059578 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 ... Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi3 charon: 14[TNC] TNC server is handling outbound connection Aug 15 14:46:09 raspi3 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PB-TNC SDATA batch Aug 15 14:46:09 raspi3 charon: 14[TNC] adding IETF/PB-PA message Aug 15 14:46:09 raspi3 charon: 14[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 2 Aug 15 14:46:09 raspi3 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:09 raspi3 charon: 14[ENC] generating IKE_AUTH request 14 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 14[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes)
Aug 15 14:46:09 raspi3 charon: 12[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes) Aug 15 14:46:09 raspi3 charon: 12[ENC] parsed IKE_AUTH response 14 [ EAP/REQ/TTLS ] Aug 15 14:46:09 raspi3 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:09 raspi3 charon: 12[TNC] received TNCCS batch (902 bytes)
Aug 15 14:46:09 raspi3 charon: 12[TNC] TNC server is handling inbound connection Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:09 raspi3 charon: 12[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:09 raspi3 charon: 12[TNC] processing IETF/PB-PA message (894 bytes) Aug 15 14:46:09 raspi3 charon: 12[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:09 raspi3 charon: 12[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1 Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PA-TNC message with ID 0x951e0284 Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Receiving TPM Version Information¶
Aug 15 14:46:09 raspi3 charon: 12[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:09 raspi3 charon: 12[IMV] verifying AIK with keyid 76:28:72:c9:00:11:67:1e:f2:19:b6:a2:a0:c3:c7:dd:a8:75:b4:3c Aug 15 14:46:09 raspi3 charon: 12[IMV] AIK public key is trusted Aug 15 14:46:09 raspi3 charon: 12[CFG] using trusted certificate "C=US, O=TNC Demo, CN=AIK CA" Aug 15 14:46:09 raspi3 charon: 12[IMV] AIK certificate is trusted
Aug 15 14:46:09 raspi3 charon: 12[IMV] evidence request by Aug 15 14:46:09 raspi3 charon: 12[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PA-TNC message with ID 0xc8f4500b Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi3 charon: 12[TNC] TNC client is handling outbound connection Aug 15 14:46:09 raspi3 charon: 12[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PB-TNC CDATA batch Aug 15 14:46:09 raspi3 charon: 12[TNC] adding IETF/PB-PA message Aug 15 14:46:09 raspi3 charon: 12[TNC] sending PB-TNC CDATA batch (47615 bytes) for Connection ID 1 Aug 15 14:46:09 raspi3 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:09 raspi3 charon: 12[ENC] generating IKE_AUTH request 15 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 12[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:09 raspi3 charon: 13[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:09 raspi3 charon: 13[ENC] parsed IKE_AUTH response 15 [ EAP/REQ/TTLS ] Aug 15 14:46:09 raspi3 charon: 13[ENC] generating IKE_AUTH request 16 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:09 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:09 raspi3 charon: 15[ENC] parsed IKE_AUTH response 16 [ EAP/REQ/TTLS ] Aug 15 14:46:09 raspi3 charon: 15[ENC] generating IKE_AUTH request 17 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:09 raspi3 charon: 16[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:09 raspi3 charon: 16[ENC] parsed IKE_AUTH response 17 [ EAP/REQ/TTLS ] Aug 15 14:46:09 raspi3 charon: 16[ENC] generating IKE_AUTH request 18 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 16[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:09 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:09 raspi3 charon: 14[ENC] parsed IKE_AUTH response 18 [ EAP/REQ/TTLS ] ... Aug 15 14:46:10 raspi3 charon: 13[ENC] generating IKE_AUTH request 60 [ EAP/RES/TTLS ] Aug 15 14:46:10 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:10 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:10 raspi3 charon: 15[ENC] parsed IKE_AUTH response 60 [ EAP/REQ/TTLS ] Aug 15 14:46:10 raspi3 charon: 15[ENC] generating IKE_AUTH request 61 [ EAP/RES/TTLS ] Aug 15 14:46:10 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:14 raspi3 charon: 13[IKE] retransmit 1 of request with message ID 61 Aug 15 14:46:14 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:16 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:16 raspi3 charon: 15[ENC] parsed IKE_AUTH response 61 [ EAP/REQ/TTLS ] Aug 15 14:46:16 raspi3 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:16 raspi3 charon: 15[TNC] received TNCCS batch (88 bytes)
Aug 15 14:46:16 raspi3 charon: 15[TNC] TNC client is handling inbound connection Aug 15 14:46:16 raspi3 charon: 15[TNC] processing PB-TNC RESULT batch for Connection ID 1 Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC state transition from 'Server Working' to 'Decided' Aug 15 14:46:16 raspi3 charon: 15[TNC] processing IETF/PB-PA message (48 bytes) Aug 15 14:46:16 raspi3 charon: 15[TNC] processing IETF/PB-Assessment-Result message (16 bytes) Aug 15 14:46:16 raspi3 charon: 15[TNC] processing IETF/PB-Access-Recommendation message (16 bytes) Aug 15 14:46:16 raspi3 charon: 15[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:16 raspi3 charon: 15[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:16 raspi3 charon: 15[TNC] processing PA-TNC message with ID 0x57254d62 Aug 15 14:46:16 raspi3 charon: 15[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Receiving Assessment Result¶
Aug 15 14:46:16 raspi3 charon: 15[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 ***** Aug 15 14:46:16 raspi3 charon: 15[IMC] assessment result is 'compliant' Aug 15 14:46:16 raspi3 charon: 15[IMC] ***** end of assessment *****
Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC assessment result is 'compliant' Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC access recommendation is 'Access Allowed' Aug 15 14:46:16 raspi3 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 1 to 'Allowed' Aug 15 14:46:16 raspi3 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 1 to 'Allowed'
Aug 15 14:46:16 raspi3 charon: 15[TNC] TNC server is handling outbound connection Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:16 raspi3 charon: 15[TNC] creating PB-TNC SDATA batch Aug 15 14:46:16 raspi3 charon: 15[TNC] adding IETF/PB-PA message Aug 15 14:46:16 raspi3 charon: 15[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 2 Aug 15 14:46:16 raspi3 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:16 raspi3 charon: 15[ENC] generating IKE_AUTH request 62 [ EAP/RES/TTLS ] Aug 15 14:46:16 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:17 raspi3 charon: 16[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:17 raspi3 charon: 16[ENC] parsed IKE_AUTH response 62 [ EAP/REQ/TTLS ] Aug 15 14:46:17 raspi3 charon: 16[ENC] generating IKE_AUTH request 63 [ EAP/RES/TTLS ] Aug 15 14:46:17 raspi3 charon: 16[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) Aug 15 14:46:17 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:17 raspi3 charon: 14[ENC] parsed IKE_AUTH response 63 [ EAP/REQ/TTLS ] Aug 15 14:46:17 raspi3 charon: 14[ENC] generating IKE_AUTH request 64 [ EAP/RES/TTLS ] Aug 15 14:46:17 raspi3 charon: 14[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) Aug 15 14:46:17 raspi3 charon: 09[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:17 raspi3 charon: 09[ENC] parsed IKE_AUTH response 64 [ EAP/REQ/TTLS ] Aug 15 14:46:17 raspi3 charon: 09[ENC] generating IKE_AUTH request 65 [ EAP/RES/TTLS ] Aug 15 14:46:17 raspi3 charon: 09[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) ... Aug 15 14:46:18 raspi3 charon: 08[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:18 raspi3 charon: 08[ENC] parsed IKE_AUTH response 109 [ EAP/REQ/TTLS ] Aug 15 14:46:18 raspi3 charon: 08[ENC] generating IKE_AUTH request 110 [ EAP/RES/TTLS ] Aug 15 14:46:18 raspi3 charon: 08[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) Aug 15 14:46:18 raspi3 charon: 07[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1040 bytes) Aug 15 14:46:18 raspi3 charon: 07[ENC] parsed IKE_AUTH response 110 [ EAP/REQ/TTLS ] Aug 15 14:46:18 raspi3 charon: 07[IKE] need more AVP data Aug 15 14:46:18 raspi3 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:18 raspi3 charon: 07[TNC] received TNCCS batch (49524 bytes)
Aug 15 14:46:18 raspi3 charon: 07[TNC] TNC server is handling inbound connection Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:18 raspi3 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing IETF/PB-PA message (49516 bytes) Aug 15 14:46:18 raspi3 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:18 raspi3 charon: 07[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1 Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC message with ID 0xed64f7ab
Responder Attestation Measurements¶
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:boot_aggregate' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/init' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/bin/sh' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/bin/mkdir' ... Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/usr/bin/clear_console' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/usr/libexec/ipsec/stroke' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 Aug 15 14:46:18 raspi3 charon: 07[PTS] checking boot aggregate evidence measurement
Verifying Responder Attestation Measurements¶
Aug 15 14:46:18 raspi3 charon: 07[PTS] 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 for '/init' not found Aug 15 14:46:18 raspi3 charon: 07[PTS] 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 for '/bin/sh' is ok Aug 15 14:46:18 raspi3 charon: 07[PTS] 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e for '/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' is ok Aug 15 14:46:18 raspi3 charon: 07[PTS] 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 for '/bin/mkdir' is ok ... Aug 15 14:46:25 raspi3 charon: 07[PTS] 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2 for '/usr/bin/clear_console' is ok Aug 15 14:46:25 raspi3 charon: 07[PTS] 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33 for '/usr/libexec/ipsec/stroke' is ok
Verfiying Responder TPM Quote Signature¶
Aug 15 14:46:25 raspi3 charon: 07[PTS] constructed PCR Composite: => 29 bytes @ 0x125488 Aug 15 14:46:25 raspi3 charon: 07[PTS] 0: 00 03 00 04 00 00 00 00 14 7D C1 1B 87 CF 2E B8 .........}...... Aug 15 14:46:25 raspi3 charon: 07[PTS] 16: 5C 1B 52 99 B8 BD 11 D9 B9 8A 31 8E 61 \.R.......1.a Aug 15 14:46:25 raspi3 charon: 07[PTS] constructed PCR Composite hash: c4:6a:f4:fa:82:39:a6:7a:80:fe:4e:d2:7e:a5:05:b3:1e:60:4f:ff Aug 15 14:46:25 raspi3 charon: 07[PTS] constructed TPM Quote Info: => 52 bytes @ 0x1954c8 Aug 15 14:46:25 raspi3 charon: 07[PTS] 0: 00 36 51 55 54 32 B2 E0 AB DF 89 C5 1D B2 A3 51 .6QUT2.........Q Aug 15 14:46:25 raspi3 charon: 07[PTS] 16: FD A9 C8 3B F8 7F 68 50 6C DE 00 03 00 04 00 01 ...;..hPl....... Aug 15 14:46:25 raspi3 charon: 07[PTS] 32: C4 6A F4 FA 82 39 A6 7A 80 FE 4E D2 7E A5 05 B3 .j...9.z..N.~... Aug 15 14:46:25 raspi3 charon: 07[PTS] 48: 1E 60 4F FF .`O. Aug 15 14:46:25 raspi3 charon: 07[IMV] received PCR Composite matches constructed one Aug 15 14:46:25 raspi3 charon: 07[IMV] TPM Quote Info signature verification successful
Aug 15 14:46:25 raspi3 charon: 07[PTS] processed 450 IMA file evidence measurements: 385 ok, 65 unknown, 0 differ, 0 failed
Aug 15 14:46:25 raspi3 charon: 07[IMV] IMV 1 handled TPMRA workitem 18: allow - processed 450 IMA file evidence measurements: 385 ok, 65 unknown, 0 differ, 0 failed Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PA-TNC message with ID 0x4077e3ed Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Sending Assessment Result¶
Aug 15 14:46:25 raspi3 charon: 07[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant'
Aug 15 14:46:25 raspi3 charon: 07[TNC] TNC server is handling outbound connection Aug 15 14:46:25 raspi3 charon: 07[IMV] policy: recommendation for access requestor 10.10.1.40 is allow Aug 15 14:46:25 raspi3 charon: 07[IMV] policy: imv_policy_manager stop successful Aug 15 14:46:25 raspi3 charon: 07[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Allowed' Aug 15 14:46:25 raspi3 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Decided' Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PB-TNC RESULT batch Aug 15 14:46:25 raspi3 charon: 07[TNC] adding IETF/PB-PA message Aug 15 14:46:25 raspi3 charon: 07[TNC] adding IETF/PB-Assessment-Result message Aug 15 14:46:25 raspi3 charon: 07[TNC] adding IETF/PB-Access-Recommendation message Aug 15 14:46:25 raspi3 charon: 07[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 2 Aug 15 14:46:25 raspi3 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:25 raspi3 charon: 07[ENC] generating IKE_AUTH request 111 [ EAP/RES/TTLS ] Aug 15 14:46:25 raspi3 charon: 07[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:25 raspi3 charon: 11[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) Aug 15 14:46:25 raspi3 charon: 11[ENC] parsed IKE_AUTH response 111 [ EAP/REQ/TTLS ] Aug 15 14:46:25 raspi3 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:25 raspi3 charon: 11[TNC] received TNCCS batch (8 bytes)
Aug 15 14:46:25 raspi3 charon: 11[TNC] TNC server is handling inbound connection Aug 15 14:46:25 raspi3 charon: 11[TNC] processing PB-TNC CLOSE batch for Connection ID 2 Aug 15 14:46:25 raspi3 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End'
Aug 15 14:46:25 raspi3 charon: 11[TNC] TNC client is handling outbound connection Aug 15 14:46:25 raspi3 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End' Aug 15 14:46:25 raspi3 charon: 11[TNC] creating PB-TNC CLOSE batch Aug 15 14:46:25 raspi3 charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 1 Aug 15 14:46:25 raspi3 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:25 raspi3 charon: 11[ENC] generating IKE_AUTH request 112 [ EAP/RES/TTLS ] Aug 15 14:46:25 raspi3 charon: 11[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:25 raspi3 charon: 05[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:25 raspi3 charon: 05[ENC] parsed IKE_AUTH response 112 [ EAP/SUCC ] Aug 15 14:46:25 raspi3 charon: 05[IKE] EAP method EAP_TTLS succeeded, MSK established Aug 15 14:46:25 raspi3 charon: 05[IKE] authentication of 'raspi3.example.com' (myself) with EAP Aug 15 14:46:25 raspi3 charon: 05[ENC] generating IKE_AUTH request 113 [ AUTH ] Aug 15 14:46:25 raspi3 charon: 05[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (112 bytes)
Aug 15 14:46:25 raspi3 charon: 12[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (240 bytes) Aug 15 14:46:25 raspi3 charon: 12[ENC] parsed IKE_AUTH response 113 [ AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Aug 15 14:46:25 raspi3 charon: 12[IKE] authentication of 'raspi4.example.com' with EAP successful
Aug 15 14:46:25 raspi3 charon: 12[IMV] IMV 1 "Attestation" deleted the state of Connection ID 2 Aug 15 14:46:25 raspi3 charon: 12[TNC] removed TNCCS Connection ID 2 Aug 15 14:46:25 raspi3 charon: 12[IMC] IMC 1 "OS" deleted the state of Connection ID 1 Aug 15 14:46:25 raspi3 charon: 12[IMC] IMC 2 "Attestation" deleted the state of Connection ID 1 Aug 15 14:46:25 raspi3 charon: 12[TNC] removed TNCCS Connection ID 1
Aug 15 14:46:25 raspi3 charon: 12[IKE] IKE_SA peer[1] established between 10.10.1.39[raspi3.example.com]...10.10.1.40[raspi4.example.com]
Aug 15 14:46:25 raspi3 charon: 12[IKE] scheduling reauthentication in 10132s
Aug 15 14:46:25 raspi3 charon: 12[IKE] maximum IKE_SA lifetime 10672s
Aug 15 14:46:25 raspi3 charon: 12[IKE] CHILD_SA peer{1} established with SPIs c12c1aae_i ce21eedf_o and TS 10.10.1.39/32 === 10.10.1.40/32
Aug 15 14:46:25 raspi3 charon: 12[IKE] received AUTH_LIFETIME of 10143s, scheduling reauthentication in 9603s
Aug 15 14:46:25 raspi3 charon: 12[IKE] peer supports MOBIKE
strongTNC Policy Manager¶
This screenshot of the strongTNC policy manager running on raspi3 shows that the attestation of raspi4 has been successful.
IPsec Connection established¶
The command
raspi3# ipsec statusall
shows that the IPsec transport connection between raspi3 and raspi4 has been successfully established.
Status of IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l):
uptime: 2 minutes, since Aug 15 14:45:56 2015
malloc: sbrk 1961984, mmap 0, used 1441224, free 520760
worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
Listening IP addresses:
10.10.1.39
Connections:
peer: 10.10.1.39...10.10.1.40 IKEv2
peer: local: [raspi3.example.com] uses EAP_TTLS authentication
peer: cert: "C=US, O=TNC Demo, CN=raspi3.example.com"
peer: remote: [raspi4.example.com] uses EAP_TTLS authentication
peer: child: dynamic === dynamic TRANSPORT
Security Associations (1 up, 0 connecting):
peer[1]: ESTABLISHED 2 minutes ago, 10.10.1.39[raspi3.example.com]...10.10.1.40[raspi4.example.com]
peer[1]: IKEv2 SPIs: 168d780b16692776_i* 24a43cb75417ebe5_r, EAP reauthentication in 2 hours
peer[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
peer{1}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c12c1aae_i ce21eedf_o
peer{1}: AES_CBC_128/HMAC_SHA2_256_128, 640 bytes_i (10 pkts, 36s ago), 640 bytes_o (10 pkts, 36s ago), rekeying in 43 minutes
peer{1}: 10.10.1.39/32 === 10.10.1.40/32
Terminating the IPsec Connection¶
Aug 15 14:49:04 raspi3 charon: 13[CFG] received stroke: terminate 'peer' Aug 15 14:49:04 raspi3 charon: 15[IKE] deleting IKE_SA peer[1] between 10.10.1.39[raspi3.example.com]...10.10.1.40[raspi4.example.com] Aug 15 14:49:04 raspi3 charon: 15[IKE] sending DELETE for IKE_SA peer[1] Aug 15 14:49:04 raspi3 charon: 15[ENC] generating INFORMATIONAL request 114 [ D ] Aug 15 14:49:04 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) Aug 15 14:49:05 raspi3 charon: 09[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:49:05 raspi3 charon: 09[ENC] parsed INFORMATIONAL response 114 [ ] Aug 15 14:49:05 raspi3 charon: 09[IKE] IKE_SA deleted
Stopping the IKEv2 Daemon¶
Aug 15 14:49:08 raspi3 charon: 00[DMN] signal of type SIGINT received. Shutting down Aug 15 14:49:08 raspi3 charon: 00[IMC] IMC 2 "Attestation" terminated Aug 15 14:49:08 raspi3 charon: 00[IMC] IMC 1 "OS" terminated Aug 15 14:49:08 raspi3 charon: 00[IMV] IMV 1 "Attestation" terminated Aug 15 14:49:08 raspi3 charon: 00[PTS] removed TCG functional component namespace Aug 15 14:49:08 raspi3 charon: 00[PTS] removed ITA-HSR functional component namespace Aug 15 14:49:08 raspi3 charon: 00[TNC] removed IETF attributes Aug 15 14:49:08 raspi3 charon: 00[TNC] removed ITA-HSR attributes Aug 15 14:49:08 raspi3 charon: 00[TNC] removed TCG attributes Aug 15 14:49:08 raspi3 charon: 00[LIB] libimcv terminated
