Raspi 3 - Initiating IoT Device » History » Version 32
« Previous -
Version 32/41
(diff) -
Next » -
Current version
Andreas Steffen, 15.08.2015 21:56
- Table of contents
- Raspi 3 - Initiating IoT Device
Raspi 3 - Initiating IoT Device¶
Configuration Files¶
strongSwan IPsec configuration file /etc/ipsec.conf
config setup
charondebug="tnc 2, imc 2, imv 2, pts 3"
conn %default
ike=aes128-sha256-ecp256!
esp=aes128-sha256-ecp256!
keyexchange=ikev2
conn peer
left=10.10.1.39
leftauth=eap-ttls
leftcert=raspi3Cert.pem
leftid=raspi3.example.com
leftfirewall=yes
right=10.10.1.40
rightauth=any
rightid=raspi4.example.com
type=transport
auto=add
strongSwan IPsec secrets file /etc/ipsec.secrets
: RSA raspi3Key.pem
strongSwan configuration file /etc/strongswan.conf
# strongswan.conf - strongSwan configuration file
charon {
load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
half_open_timeout = 90
plugins {
eap-ttls
{
max_message_count = 0
request_peer_auth = yes
phase2_piggyback = yes
phase2_tnc = yes
}
eap-tnc {
max_message_count = 0
}
tnccs-20 {
mutual = yes
}
}
}
libimcv {
database = sqlite:///etc/pts/config.db
policy_script = ipsec imv_policy_manager
plugins {
imc-os {
device_pubkey = /etc/pts/aik3Pub.der
}
imc-attestation {
aik_blob = /etc/pts/aik3Blob.bin
aik_cert = /etc/pts/aik3Cert.der
}
imv-attestation {
cadir = /etc/pts/cacerts
hash_algorithm = sha1
}
}
}
libtls {
suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
}
pt-tls-client {
load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl
}
attest {
database=sqlite:///etc/pts/config.db
}
Starting the IKEv2 Daemon¶
First the IKEv2 charon daemon is started in the background
raspi3# ipsec start
Aug 15 14:45:55 raspi3 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l) Aug 15 14:45:55 raspi3 charon: 00[TNC] TNC recommendation policy is 'default' Aug 15 14:45:55 raspi3 charon: 00[TNC] loading IMVs from '/etc/tnc_config' Aug 15 14:45:55 raspi3 charon: 00[TNC] added IETF attributes Aug 15 14:45:55 raspi3 charon: 00[TNC] added ITA-HSR attributes Aug 15 14:45:55 raspi3 charon: 00[TNC] added TCG attributes Aug 15 14:45:55 raspi3 charon: 00[PTS] added TCG functional component namespace Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component namespace Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader' Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot' Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA' Aug 15 14:45:55 raspi3 charon: 00[LIB] libimcv initialized
Loading Attestation IMV
Aug 15 14:45:55 raspi3 charon: 00[IMV] IMV 1 "Attestation" initialized Aug 15 14:45:55 raspi3 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts' Aug 15 14:45:55 raspi3 charon: 00[PTS] loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem' Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available Aug 15 14:45:55 raspi3 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001 Aug 15 14:45:55 raspi3 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so'
Loading OS IMC
Aug 15 14:45:55 raspi3 charon: 00[TNC] loading IMCs from '/etc/tnc_config' Aug 15 14:45:55 raspi3 charon: 00[IMC] IMC 1 "OS" initialized Aug 15 14:45:55 raspi3 charon: 00[IMC] processing "/etc/debian_version" file Aug 15 14:45:55 raspi3 charon: 00[IMC] operating system name is 'Debian' Aug 15 14:45:55 raspi3 charon: 00[IMC] operating system version is '7.8 armv7l' Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001 Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so'
Loading Attestation IMC
Aug 15 14:45:55 raspi3 charon: 00[IMC] IMC 2 "Attestation" initialized Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available Aug 15 14:45:55 raspi3 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'
Initializing IKE daemon
Aug 15 14:45:55 raspi3 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Aug 15 14:45:55 raspi3 charon: 00[CFG] loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Aug 15 14:45:55 raspi3 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Aug 15 14:45:55 raspi3 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/raspi3Key.pem' Aug 15 14:45:55 raspi3 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke Aug 15 14:45:55 raspi3 charon: 00[JOB] spawning 16 worker threads
Loading peer IPsec connection
Aug 15 14:45:55 raspi3 charon: 06[CFG] received stroke: add connection 'peer' Aug 15 14:45:55 raspi3 charon: 06[CFG] loaded certificate "C=US, O=TNC Demo, CN=raspi3.example.com" from 'raspi3Cert.pem' Aug 15 14:45:55 raspi3 charon: 06[CFG] added configuration 'peer'
Initiating IPsec Connection Setup¶
The peer IPsec connection to the IoT device raspi4 is initiated using the IKEv2 key exchange protocol
raspi3# ipsec up peer
Aug 15 14:46:05 raspi3 charon: 10[CFG] received stroke: initiate 'peer' Aug 15 14:46:05 raspi3 charon: 11[IKE] initiating IKE_SA peer[1] to 10.10.1.40 Aug 15 14:46:05 raspi3 charon: 11[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] Aug 15 14:46:05 raspi3 charon: 11[NET] sending packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes)
Aug 15 14:46:05 raspi3 charon: 12[NET] received packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes) Aug 15 14:46:05 raspi3 charon: 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ] Aug 15 14:46:05 raspi3 charon: 12[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" Aug 15 14:46:05 raspi3 charon: 12[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" Aug 15 14:46:05 raspi3 charon: 12[IKE] establishing CHILD_SA peer Aug 15 14:46:05 raspi3 charon: 12[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] Aug 15 14:46:05 raspi3 charon: 12[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes)
Aug 15 14:46:05 raspi3 charon: 13[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes) Aug 15 14:46:05 raspi3 charon: 13[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 13[IKE] server requested EAP_TTLS authentication (id 0xDB) Aug 15 14:46:05 raspi3 charon: 13[TLS] EAP_TTLS version is v0 Aug 15 14:46:05 raspi3 charon: 13[IKE] allow mutual EAP-only authentication Aug 15 14:46:05 raspi3 charon: 13[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes)
Aug 15 14:46:05 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:05 raspi3 charon: 14[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 14[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 14[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:05 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes) Aug 15 14:46:05 raspi3 charon: 15[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 15[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Aug 15 14:46:05 raspi3 charon: 15[TLS] received TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com' Aug 15 14:46:05 raspi3 charon: 15[CFG] using certificate "C=US, O=TNC Demo, CN=raspi4.example.com" Aug 15 14:46:05 raspi3 charon: 15[CFG] using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" Aug 15 14:46:05 raspi3 charon: 15[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi4.example.com" Aug 15 14:46:05 raspi3 charon: 15[CFG] certificate status is not available Aug 15 14:46:05 raspi3 charon: 15[CFG] reached self-signed root ca with a path length of 0 Aug 15 14:46:05 raspi3 charon: 15[TLS] received TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA Aug 15 14:46:05 raspi3 charon: 15[TLS] sending TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com' Aug 15 14:46:05 raspi3 charon: 15[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:05 raspi3 charon: 16[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:05 raspi3 charon: 16[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 16[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 16[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes)
Aug 15 14:46:05 raspi3 charon: 09[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:05 raspi3 charon: 09[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID] Aug 15 14:46:05 raspi3 charon: 09[IKE] server requested EAP_IDENTITY authentication (id 0x00) Aug 15 14:46:05 raspi3 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID] Aug 15 14:46:05 raspi3 charon: 09[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 09[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes)
Aug 15 14:46:05 raspi3 charon: 08[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) Aug 15 14:46:05 raspi3 charon: 08[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ] Aug 15 14:46:05 raspi3 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:05 raspi3 charon: 08[IKE] server requested EAP_PT_EAP authentication (id 0xB8) Aug 15 14:46:05 raspi3 charon: 08[TLS] EAP_PT_EAP version is v1
Start of Mutual Attestation¶
Aug 15 14:46:05 raspi3 charon: 08[TNC] TNC client is handling outbound connection Aug 15 14:46:05 raspi3 charon: 08[TNC] assigned TNCCS Connection ID 1 Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh Aug 15 14:46:05 raspi3 charon: 08[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes Aug 15 14:46:05 raspi3 charon: 08[PTS] loaded AIK certificate from '/etc/pts/aik3Cert.der' Aug 15 14:46:05 raspi3 charon: 08[PTS] loaded AIK Blob from '/etc/pts/aik3Blob.bin' Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh Aug 15 14:46:05 raspi3 charon: 08[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 1 "OS" changed state of Connection ID 1 to 'Handshake' Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 2 "Attestation" changed state of Connection ID 1 to 'Handshake'
Aug 15 14:46:05 raspi3 charon: 08[TNC] proposing PB-TNC mutual half duplex protocol
Sending OS Information¶
Aug 15 14:46:05 raspi3 charon: 08[IMC] operating system numeric version is 7.8 Aug 15 14:46:05 raspi3 charon: 08[IMC] last boot: Aug 15 07:56:52 UTC 2015, 17353 s ago Aug 15 14:46:05 raspi3 charon: 08[IMC] IPv4 forwarding is disabled Aug 15 14:46:05 raspi3 charon: 08[IMC] factory default password is disabled Aug 15 14:46:05 raspi3 charon: 08[IMC] loaded device public key from '/etc/pts/aik3Pub.der' Aug 15 14:46:05 raspi3 charon: 08[IMC] device ID is 565feb9e8462870dba884ce540a0768d68829873
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC message with ID 0x83cf019d Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 Aug 15 14:46:05 raspi3 charon: 08[TNC] PB-TNC state transition from 'Init' to 'Server Working' Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PB-TNC CDATA batch Aug 15 14:46:05 raspi3 charon: 08[TNC] adding ITA-HSR/PB-Mutual-Capability message Aug 15 14:46:05 raspi3 charon: 08[TNC] adding IETF/PB-Language-Preference message Aug 15 14:46:05 raspi3 charon: 08[TNC] adding IETF/PB-PA message Aug 15 14:46:05 raspi3 charon: 08[TNC] sending PB-TNC CDATA batch (283 bytes) for Connection ID 1 Aug 15 14:46:05 raspi3 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:05 raspi3 charon: 08[ENC] generating IKE_AUTH request 7 [ EAP/RES/TTLS ] Aug 15 14:46:05 raspi3 charon: 08[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes)
Aug 15 14:46:08 raspi3 charon: 07[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes) Aug 15 14:46:08 raspi3 charon: 07[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 07[TNC] received TNCCS batch (108 bytes)
Aug 15 14:46:08 raspi3 charon: 07[TNC] TNC client is handling inbound connection Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 07[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes) Aug 15 14:46:08 raspi3 charon: 07[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi3 charon: 07[TNC] activating mutual PB-TNC half duplex protocol
Aug 15 14:46:08 raspi3 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC message with ID 0x42501f74 Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi3 charon: 07[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 07[IMC] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi3 charon: 07[PTS] supported PTS protocol capabilities: .VDT. Aug 15 14:46:08 raspi3 charon: 07[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC message with ID 0x1d5fa63a Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 07[TNC] TNC server is handling outbound connection Aug 15 14:46:08 raspi3 charon: 07[TNC] assigned TNCCS Connection ID 2 Aug 15 14:46:08 raspi3 charon: 07[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh Aug 15 14:46:08 raspi3 charon: 07[IMV] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes Aug 15 14:46:08 raspi3 charon: 07[IMV] user AR identity 'raspi4.example.com' of type username authenticated by certificate Aug 15 14:46:08 raspi3 charon: 07[IMV] machine AR identity '10.10.1.40' of type IPv4 address authenticated by unknown method Aug 15 14:46:08 raspi3 charon: 07[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Handshake' Aug 15 14:46:08 raspi3 charon: 07[TNC] PB-TNC state transition from 'Init' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PB-TNC SDATA batch Aug 15 14:46:08 raspi3 charon: 07[TNC] sending PB-TNC SDATA batch (8 bytes) for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 07[ENC] generating IKE_AUTH request 8 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 07[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:08 raspi3 charon: 06[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes) Aug 15 14:46:08 raspi3 charon: 06[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 06[TNC] received TNCCS batch (267 bytes)
Aug 15 14:46:08 raspi3 charon: 06[TNC] TNC server is handling inbound connection Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 06[TNC] processing IETF/PB-Language-Preference message (31 bytes) Aug 15 14:46:08 raspi3 charon: 06[TNC] processing IETF/PB-PA message (228 bytes) Aug 15 14:46:08 raspi3 charon: 06[TNC] setting language preference to 'en' Aug 15 14:46:08 raspi3 charon: 06[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 Aug 15 14:46:08 raspi3 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 1 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC message with ID 0x366c28ea Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
Receiving OS Information¶
Aug 15 14:46:08 raspi3 charon: 06[IMV] operating system name is 'Debian' from vendor Debian Project Aug 15 14:46:08 raspi3 charon: 06[IMV] operating system version is '7.8 armv7l' Aug 15 14:46:08 raspi3 charon: 06[IMV] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c
Aug 15 14:46:08 raspi3 charon: 06[IMV] assigned session ID 3 to Connection ID 2 Aug 15 14:46:08 raspi3 charon: 06[IMV] policy: imv_policy_manager start successful Aug 15 14:46:08 raspi3 charon: 06[IMV] policy: skipping enforcment 6 Aug 15 14:46:08 raspi3 charon: 06[IMV] FWDEN workitem 13 Aug 15 14:46:08 raspi3 charon: 06[IMV] FMETA workitem 14 Aug 15 14:46:08 raspi3 charon: 06[IMV] PCKGS workitem 15 Aug 15 14:46:08 raspi3 charon: 06[IMV] TCPOP workitem 16 Aug 15 14:46:08 raspi3 charon: 06[IMV] UDPOP workitem 17 Aug 15 14:46:08 raspi3 charon: 06[IMV] TPMRA workitem 18
Aug 15 14:46:08 raspi3 charon: 06[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 06[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC message with ID 0x918da8fe Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 06[TNC] TNC client is handling outbound connection Aug 15 14:46:08 raspi3 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PB-TNC CDATA batch Aug 15 14:46:08 raspi3 charon: 06[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 06[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 06[ENC] generating IKE_AUTH request 9 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 06[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 05[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:08 raspi3 charon: 05[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 05[TNC] received TNCCS batch (87 bytes)
Aug 15 14:46:08 raspi3 charon: 05[TNC] TNC client is handling inbound connection Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 05[TNC] processing IETF/PB-PA message (79 bytes) Aug 15 14:46:08 raspi3 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PA-TNC message with ID 0xaff3c130 Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi3 charon: 05[IMC] metadata request for file '/etc/tnc_config' Aug 15 14:46:08 raspi3 charon: 05[PTS] selected PTS DH group is ECP_256 Aug 15 14:46:08 raspi3 charon: 05[PTS] nonce length is 20
Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PA-TNC message with ID 0x5e3ee705 Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000 Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 05[TNC] TNC server is handling outbound connection Aug 15 14:46:08 raspi3 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PB-TNC SDATA batch Aug 15 14:46:08 raspi3 charon: 05[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 05[TNC] sending PB-TNC SDATA batch (92 bytes) for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 05[ENC] generating IKE_AUTH request 10 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 05[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 11[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:08 raspi3 charon: 11[ENC] parsed IKE_AUTH response 10 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 11[TNC] received TNCCS batch (92 bytes)
Aug 15 14:46:08 raspi3 charon: 11[TNC] TNC server is handling inbound connection Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 11[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 11[TNC] processing IETF/PB-PA message (84 bytes) Aug 15 14:46:08 raspi3 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1 Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC message with ID 0xf94741eb Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 11[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi3 charon: 11[PTS] supported PTS protocol capabilities: .VDT. Aug 15 14:46:08 raspi3 charon: 11[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 handles FMETA workitem 14 Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 requests metadata for file '/etc/tnc_config' Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 handles TPMRA workitem 18 Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PA-TNC message with ID 0xda2a70e9 Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000 Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 11[TNC] TNC client is handling outbound connection Aug 15 14:46:08 raspi3 charon: 11[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PB-TNC CDATA batch Aug 15 14:46:08 raspi3 charon: 11[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 11[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 11[ENC] generating IKE_AUTH request 11 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 11[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes)
Aug 15 14:46:08 raspi3 charon: 12[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes) Aug 15 14:46:08 raspi3 charon: 12[ENC] parsed IKE_AUTH response 11 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 12[TNC] received TNCCS batch (172 bytes)
Aug 15 14:46:08 raspi3 charon: 12[TNC] TNC client is handling inbound connection Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PB-TNC SDATA batch for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 12[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 12[TNC] processing IETF/PB-PA message (164 bytes) Aug 15 14:46:08 raspi3 charon: 12[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 12[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC message with ID 0xd27d5b33 Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000 Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000 Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:08 raspi3 charon: 12[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 12[PTS] initiator nonce: => 20 bytes @ 0x11d940 Aug 15 14:46:08 raspi3 charon: 12[PTS] 0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15 ......m...@..._. Aug 15 14:46:08 raspi3 charon: 12[PTS] 16: FB 4E 28 AD .N(. Aug 15 14:46:08 raspi3 charon: 12[PTS] responder nonce: => 20 bytes @ 0x11d410 Aug 15 14:46:08 raspi3 charon: 12[PTS] 0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0 =.r9:....0...".. Aug 15 14:46:08 raspi3 charon: 12[PTS] 16: B6 D1 2A 01 ..*. Aug 15 14:46:08 raspi3 charon: 12[PTS] shared DH secret: => 32 bytes @ 0x11e038 Aug 15 14:46:08 raspi3 charon: 12[PTS] 0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA _....9........:. Aug 15 14:46:08 raspi3 charon: 12[PTS] 16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE .#...........QP. Aug 15 14:46:08 raspi3 charon: 12[PTS] secret assessment value: => 20 bytes @ 0x11c5e0 Aug 15 14:46:08 raspi3 charon: 12[PTS] 0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C ...p.x...y.]|..| Aug 15 14:46:08 raspi3 charon: 12[PTS] 16: E0 E0 83 77 ...w
Aug 15 14:46:08 raspi3 charon: 12[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PA-TNC message with ID 0x641bcea1 Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000 Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 12[TNC] TNC server is handling outbound connection Aug 15 14:46:08 raspi3 charon: 12[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PB-TNC SDATA batch Aug 15 14:46:08 raspi3 charon: 12[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 12[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 12[ENC] generating IKE_AUTH request 12 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 12[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 13[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes) Aug 15 14:46:08 raspi3 charon: 13[ENC] parsed IKE_AUTH response 12 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 13[TNC] received TNCCS batch (226 bytes)
Aug 15 14:46:08 raspi3 charon: 13[TNC] TNC server is handling inbound connection Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:08 raspi3 charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 13[TNC] processing IETF/PB-PA message (218 bytes) Aug 15 14:46:08 raspi3 charon: 13[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 13[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1 Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PA-TNC message with ID 0x676268aa Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi3 charon: 13[IMV] metadata request returned 1 file: Aug 15 14:46:08 raspi3 charon: 13[IMV] 'tnc_config' (177 bytes) owner 0, group 0, type Regular Aug 15 14:46:08 raspi3 charon: 13[IMV] created Jun 16 20:09:17 2015, modified Jun 16 20:09:17 2015, accessed Jun 16 20:09:17 2015
Aug 15 14:46:08 raspi3 charon: 13[PTS] selected DH hash algorithm is HASH_SHA1 Aug 15 14:46:08 raspi3 charon: 13[PTS] selected PTS DH group is ECP_256 Aug 15 14:46:08 raspi3 charon: 13[PTS] nonce length is 20
Aug 15 14:46:08 raspi3 charon: 13[PTS] initiator nonce: => 20 bytes @ 0x11d890
Aug 15 14:46:08 raspi3 charon: 13[PTS] 0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A '.Q..f.T.W.I.*}:
Aug 15 14:46:08 raspi3 charon: 13[PTS] 16: F1 38 81 26 .8.&
Aug 15 14:46:08 raspi3 charon: 13[PTS] responder nonce: => 20 bytes @ 0x11e418
Aug 15 14:46:08 raspi3 charon: 13[PTS] 0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71 .H.R...n_..+..&q
Aug 15 14:46:08 raspi3 charon: 13[PTS] 16: 49 73 01 42 Is.B
Aug 15 14:46:08 raspi3 charon: 13[PTS] shared DH secret: => 32 bytes @ 0x127170
Aug 15 14:46:08 raspi3 charon: 13[PTS] 0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11 ......"..5..pA{.
Aug 15 14:46:08 raspi3 charon: 13[PTS] 16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1 .<.2.=..s2... ..
Aug 15 14:46:08 raspi3 charon: 13[PTS] secret assessment value: => 20 bytes @ 0x11e9f0
Aug 15 14:46:08 raspi3 charon: 13[PTS] 0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F .........Q...;..
Aug 15 14:46:08 raspi3 charon: 13[PTS] 16: 68 50 6C DE hPl.
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC message with ID 0xe1b84e91
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 13[TNC] TNC client is handling outbound connection Aug 15 14:46:08 raspi3 charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PB-TNC CDATA batch Aug 15 14:46:08 raspi3 charon: 13[TNC] adding IETF/PB-PA message Aug 15 14:46:08 raspi3 charon: 13[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:08 raspi3 charon: 13[ENC] generating IKE_AUTH request 13 [ EAP/RES/TTLS ] Aug 15 14:46:08 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes)
Aug 15 14:46:08 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:08 raspi3 charon: 14[ENC] parsed IKE_AUTH response 13 [ EAP/REQ/TTLS ] Aug 15 14:46:08 raspi3 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:08 raspi3 charon: 14[TNC] received TNCCS batch (80 bytes)
Aug 15 14:46:08 raspi3 charon: 14[TNC] TNC client is handling inbound connection Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PB-TNC SDATA batch for Connection ID 1 Aug 15 14:46:08 raspi3 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:08 raspi3 charon: 14[TNC] processing IETF/PB-PA message (72 bytes) Aug 15 14:46:08 raspi3 charon: 14[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:08 raspi3 charon: 14[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PA-TNC message with ID 0xed256fac Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 Aug 15 14:46:08 raspi3 charon: 14[IMC] evidence requested for 1 functional components Aug 15 14:46:08 raspi3 charon: 14[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Initiator Attestation Measurements¶
Aug 15 14:46:08 raspi3 charon: 14[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (434 entries) Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:boot_aggregate' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/init' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/bin/sh' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/bin/mkdir' ... Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/usr/sbin/service' Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/bin/cp'
Generating Initiator TPM Quote Signature¶
Aug 15 14:46:09 raspi3 charon: 14[PTS] Hash of PCR Composite: 58:f2:83:91:d6:a8:df:3d:3e:c6:33:c7:24:93:9f:9c:22:a2:01:20 Aug 15 14:46:09 raspi3 charon: 14[PTS] TPM Quote Info: => 52 bytes @ 0x135360 Aug 15 14:46:09 raspi3 charon: 14[PTS] 0: 00 36 51 55 54 32 D8 9D 1E 70 CE 78 C3 13 F2 79 .6QUT2...p.x...y Aug 15 14:46:09 raspi3 charon: 14[PTS] 16: BA 5D 7C E5 05 7C E0 E0 83 77 00 03 00 04 00 01 .]|..|...w...... Aug 15 14:46:09 raspi3 charon: 14[PTS] 32: 58 F2 83 91 D6 A8 DF 3D 3E C6 33 C7 24 93 9F 9C X......=>.3.$... Aug 15 14:46:09 raspi3 charon: 14[PTS] 48: 22 A2 01 20 ".. Aug 15 14:46:09 raspi3 charon: 14[PTS] TPM Quote Signature: => 256 bytes @ 0x14b5d0 Aug 15 14:46:09 raspi3 charon: 14[PTS] 0: 88 6E 6B 2E 33 AC AD 94 E6 A1 38 3E CD EC 9F E9 .nk.3.....8>.... Aug 15 14:46:09 raspi3 charon: 14[PTS] 16: F0 92 E9 E4 4A 66 05 50 0B 30 F2 DF 50 DC 80 4E ....Jf.P.0..P..N Aug 15 14:46:09 raspi3 charon: 14[PTS] 32: F1 AC BE 93 99 06 DF 41 AD 49 F9 DE 09 F1 18 15 .......A.I...... Aug 15 14:46:09 raspi3 charon: 14[PTS] 48: 2B B9 97 D9 DD A9 E9 7F 3D ED B8 BF EB FF 7E C6 +.......=.....~. Aug 15 14:46:09 raspi3 charon: 14[PTS] 64: A1 1A 77 87 67 9B 24 78 46 AC C0 AA 25 FA 87 5F ..w.g.$xF...%.._ Aug 15 14:46:09 raspi3 charon: 14[PTS] 80: E3 F4 F8 33 35 30 C3 31 BE DE 77 A5 2E 4F 8D 3B ...350.1..w..O.; Aug 15 14:46:09 raspi3 charon: 14[PTS] 96: F5 52 36 F4 8E C4 FA D4 A1 61 1C 4B 71 A2 52 8B .R6......a.Kq.R. Aug 15 14:46:09 raspi3 charon: 14[PTS] 112: 80 AD A6 DD 8D E5 D8 47 4F 2B 9C 17 CF BF AC 10 .......GO+...... Aug 15 14:46:09 raspi3 charon: 14[PTS] 128: C6 31 4B 01 C3 59 C3 FD F7 D2 65 C1 F0 32 12 8B .1K..Y....e..2.. Aug 15 14:46:09 raspi3 charon: 14[PTS] 144: 8F 54 49 A7 40 F9 BD 43 86 79 A1 FD 51 05 DB 65 .TI.@..C.y..Q..e Aug 15 14:46:09 raspi3 charon: 14[PTS] 160: C8 A4 C1 67 44 96 89 4D F4 E7 DB D5 AE 67 35 17 ...gD..M.....g5. Aug 15 14:46:09 raspi3 charon: 14[PTS] 176: D7 D3 68 23 E9 1F 98 9E E6 7C 86 89 EE A4 31 68 ..h#.....|....1h Aug 15 14:46:09 raspi3 charon: 14[PTS] 192: 15 B6 F6 E3 10 86 F0 FE C3 9B C2 7D 5B FB 33 BA ...........}[.3. Aug 15 14:46:09 raspi3 charon: 14[PTS] 208: 88 BE 5C D9 71 54 7F BF 72 31 5F 8E 58 4A E9 A4 ..\.qT..r1_.XJ.. Aug 15 14:46:09 raspi3 charon: 14[PTS] 224: B0 8E 3B 55 03 90 AD E1 C8 A0 C7 9C 83 13 DE 0F ..;U............ Aug 15 14:46:09 raspi3 charon: 14[PTS] 240: 60 D8 A4 E2 4C CD E4 E2 A4 BA 11 BE 3D D4 A5 A7 `...L.......=...
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC message with ID 0x2d059578 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 ... Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi3 charon: 14[TNC] TNC server is handling outbound connection Aug 15 14:46:09 raspi3 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PB-TNC SDATA batch Aug 15 14:46:09 raspi3 charon: 14[TNC] adding IETF/PB-PA message Aug 15 14:46:09 raspi3 charon: 14[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 2 Aug 15 14:46:09 raspi3 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:09 raspi3 charon: 14[ENC] generating IKE_AUTH request 14 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 14[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes)
Aug 15 14:46:09 raspi3 charon: 12[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes) Aug 15 14:46:09 raspi3 charon: 12[ENC] parsed IKE_AUTH response 14 [ EAP/REQ/TTLS ] Aug 15 14:46:09 raspi3 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:09 raspi3 charon: 12[TNC] received TNCCS batch (902 bytes)
Aug 15 14:46:09 raspi3 charon: 12[TNC] TNC server is handling inbound connection Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:09 raspi3 charon: 12[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:09 raspi3 charon: 12[TNC] processing IETF/PB-PA message (894 bytes) Aug 15 14:46:09 raspi3 charon: 12[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:09 raspi3 charon: 12[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1 Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PA-TNC message with ID 0x951e0284 Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Aug 15 14:46:09 raspi3 charon: 12[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:09 raspi3 charon: 12[IMV] verifying AIK with keyid 76:28:72:c9:00:11:67:1e:f2:19:b6:a2:a0:c3:c7:dd:a8:75:b4:3c Aug 15 14:46:09 raspi3 charon: 12[IMV] AIK public key is trusted Aug 15 14:46:09 raspi3 charon: 12[CFG] using trusted certificate "C=US, O=TNC Demo, CN=AIK CA" Aug 15 14:46:09 raspi3 charon: 12[IMV] AIK certificate is trusted
Aug 15 14:46:09 raspi3 charon: 12[IMV] evidence request by Aug 15 14:46:09 raspi3 charon: 12[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PA-TNC message with ID 0xc8f4500b Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi3 charon: 12[TNC] TNC client is handling outbound connection Aug 15 14:46:09 raspi3 charon: 12[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PB-TNC CDATA batch Aug 15 14:46:09 raspi3 charon: 12[TNC] adding IETF/PB-PA message Aug 15 14:46:09 raspi3 charon: 12[TNC] sending PB-TNC CDATA batch (47615 bytes) for Connection ID 1 Aug 15 14:46:09 raspi3 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:09 raspi3 charon: 12[ENC] generating IKE_AUTH request 15 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 12[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:09 raspi3 charon: 13[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:09 raspi3 charon: 13[ENC] parsed IKE_AUTH response 15 [ EAP/REQ/TTLS ] Aug 15 14:46:09 raspi3 charon: 13[ENC] generating IKE_AUTH request 16 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:09 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:09 raspi3 charon: 15[ENC] parsed IKE_AUTH response 16 [ EAP/REQ/TTLS ] Aug 15 14:46:09 raspi3 charon: 15[ENC] generating IKE_AUTH request 17 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:09 raspi3 charon: 16[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:09 raspi3 charon: 16[ENC] parsed IKE_AUTH response 17 [ EAP/REQ/TTLS ] Aug 15 14:46:09 raspi3 charon: 16[ENC] generating IKE_AUTH request 18 [ EAP/RES/TTLS ] Aug 15 14:46:09 raspi3 charon: 16[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:09 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:09 raspi3 charon: 14[ENC] parsed IKE_AUTH response 18 [ EAP/REQ/TTLS ] ... Aug 15 14:46:10 raspi3 charon: 13[ENC] generating IKE_AUTH request 60 [ EAP/RES/TTLS ] Aug 15 14:46:10 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:10 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:10 raspi3 charon: 15[ENC] parsed IKE_AUTH response 60 [ EAP/REQ/TTLS ] Aug 15 14:46:10 raspi3 charon: 15[ENC] generating IKE_AUTH request 61 [ EAP/RES/TTLS ] Aug 15 14:46:10 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) Aug 15 14:46:14 raspi3 charon: 13[IKE] retransmit 1 of request with message ID 61 Aug 15 14:46:14 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:16 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) Aug 15 14:46:16 raspi3 charon: 15[ENC] parsed IKE_AUTH response 61 [ EAP/REQ/TTLS ] Aug 15 14:46:16 raspi3 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:16 raspi3 charon: 15[TNC] received TNCCS batch (88 bytes)
Aug 15 14:46:16 raspi3 charon: 15[TNC] TNC client is handling inbound connection Aug 15 14:46:16 raspi3 charon: 15[TNC] processing PB-TNC RESULT batch for Connection ID 1 Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC state transition from 'Server Working' to 'Decided' Aug 15 14:46:16 raspi3 charon: 15[TNC] processing IETF/PB-PA message (48 bytes) Aug 15 14:46:16 raspi3 charon: 15[TNC] processing IETF/PB-Assessment-Result message (16 bytes) Aug 15 14:46:16 raspi3 charon: 15[TNC] processing IETF/PB-Access-Recommendation message (16 bytes) Aug 15 14:46:16 raspi3 charon: 15[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:16 raspi3 charon: 15[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1 Aug 15 14:46:16 raspi3 charon: 15[TNC] processing PA-TNC message with ID 0x57254d62 Aug 15 14:46:16 raspi3 charon: 15[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Receiving Assessment Result¶
Aug 15 14:46:16 raspi3 charon: 15[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 ***** Aug 15 14:46:16 raspi3 charon: 15[IMC] assessment result is 'compliant' Aug 15 14:46:16 raspi3 charon: 15[IMC] ***** end of assessment *****
Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC assessment result is 'compliant' Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC access recommendation is 'Access Allowed' Aug 15 14:46:16 raspi3 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 1 to 'Allowed' Aug 15 14:46:16 raspi3 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 1 to 'Allowed'
Aug 15 14:46:16 raspi3 charon: 15[TNC] TNC server is handling outbound connection Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Aug 15 14:46:16 raspi3 charon: 15[TNC] creating PB-TNC SDATA batch Aug 15 14:46:16 raspi3 charon: 15[TNC] adding IETF/PB-PA message Aug 15 14:46:16 raspi3 charon: 15[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 2 Aug 15 14:46:16 raspi3 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:16 raspi3 charon: 15[ENC] generating IKE_AUTH request 62 [ EAP/RES/TTLS ] Aug 15 14:46:16 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:17 raspi3 charon: 16[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:17 raspi3 charon: 16[ENC] parsed IKE_AUTH response 62 [ EAP/REQ/TTLS ] Aug 15 14:46:17 raspi3 charon: 16[ENC] generating IKE_AUTH request 63 [ EAP/RES/TTLS ] Aug 15 14:46:17 raspi3 charon: 16[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) Aug 15 14:46:17 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:17 raspi3 charon: 14[ENC] parsed IKE_AUTH response 63 [ EAP/REQ/TTLS ] Aug 15 14:46:17 raspi3 charon: 14[ENC] generating IKE_AUTH request 64 [ EAP/RES/TTLS ] Aug 15 14:46:17 raspi3 charon: 14[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) Aug 15 14:46:17 raspi3 charon: 09[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:17 raspi3 charon: 09[ENC] parsed IKE_AUTH response 64 [ EAP/REQ/TTLS ] Aug 15 14:46:17 raspi3 charon: 09[ENC] generating IKE_AUTH request 65 [ EAP/RES/TTLS ] Aug 15 14:46:17 raspi3 charon: 09[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) ... Aug 15 14:46:18 raspi3 charon: 08[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) Aug 15 14:46:18 raspi3 charon: 08[ENC] parsed IKE_AUTH response 109 [ EAP/REQ/TTLS ] Aug 15 14:46:18 raspi3 charon: 08[ENC] generating IKE_AUTH request 110 [ EAP/RES/TTLS ] Aug 15 14:46:18 raspi3 charon: 08[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) Aug 15 14:46:18 raspi3 charon: 07[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1040 bytes) Aug 15 14:46:18 raspi3 charon: 07[ENC] parsed IKE_AUTH response 110 [ EAP/REQ/TTLS ] Aug 15 14:46:18 raspi3 charon: 07[IKE] need more AVP data Aug 15 14:46:18 raspi3 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:18 raspi3 charon: 07[TNC] received TNCCS batch (49524 bytes)
Aug 15 14:46:18 raspi3 charon: 07[TNC] TNC server is handling inbound connection Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PB-TNC CDATA batch for Connection ID 2 Aug 15 14:46:18 raspi3 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing IETF/PB-PA message (49516 bytes) Aug 15 14:46:18 raspi3 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Aug 15 14:46:18 raspi3 charon: 07[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1 Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC message with ID 0xed64f7ab
Responder Attestation Measurements¶
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:boot_aggregate' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/init' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/bin/sh' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/bin/mkdir' ... Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/usr/bin/clear_console' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970 Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33 Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/usr/libexec/ipsec/stroke' Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 Aug 15 14:46:18 raspi3 charon: 07[PTS] checking boot aggregate evidence measurement
Verifying Responder Attestation Measurements¶
Aug 15 14:46:18 raspi3 charon: 07[PTS] 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 for '/init' not found Aug 15 14:46:18 raspi3 charon: 07[PTS] 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 for '/bin/sh' is ok Aug 15 14:46:18 raspi3 charon: 07[PTS] 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e for '/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' is ok Aug 15 14:46:18 raspi3 charon: 07[PTS] 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 for '/bin/mkdir' is ok ... Aug 15 14:46:25 raspi3 charon: 07[PTS] 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2 for '/usr/bin/clear_console' is ok Aug 15 14:46:25 raspi3 charon: 07[PTS] 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33 for '/usr/libexec/ipsec/stroke' is ok
Verfiying Responder TPM Quote Signature¶
Aug 15 14:46:25 raspi3 charon: 07[PTS] constructed PCR Composite: => 29 bytes @ 0x125488 Aug 15 14:46:25 raspi3 charon: 07[PTS] 0: 00 03 00 04 00 00 00 00 14 7D C1 1B 87 CF 2E B8 .........}...... Aug 15 14:46:25 raspi3 charon: 07[PTS] 16: 5C 1B 52 99 B8 BD 11 D9 B9 8A 31 8E 61 \.R.......1.a Aug 15 14:46:25 raspi3 charon: 07[PTS] constructed PCR Composite hash: c4:6a:f4:fa:82:39:a6:7a:80:fe:4e:d2:7e:a5:05:b3:1e:60:4f:ff Aug 15 14:46:25 raspi3 charon: 07[PTS] constructed TPM Quote Info: => 52 bytes @ 0x1954c8 Aug 15 14:46:25 raspi3 charon: 07[PTS] 0: 00 36 51 55 54 32 B2 E0 AB DF 89 C5 1D B2 A3 51 .6QUT2.........Q Aug 15 14:46:25 raspi3 charon: 07[PTS] 16: FD A9 C8 3B F8 7F 68 50 6C DE 00 03 00 04 00 01 ...;..hPl....... Aug 15 14:46:25 raspi3 charon: 07[PTS] 32: C4 6A F4 FA 82 39 A6 7A 80 FE 4E D2 7E A5 05 B3 .j...9.z..N.~... Aug 15 14:46:25 raspi3 charon: 07[PTS] 48: 1E 60 4F FF .`O. Aug 15 14:46:25 raspi3 charon: 07[IMV] received PCR Composite matches constructed one Aug 15 14:46:25 raspi3 charon: 07[IMV] TPM Quote Info signature verification successful
Aug 15 14:46:25 raspi3 charon: 07[PTS] processed 450 IMA file evidence measurements: 385 ok, 65 unknown, 0 differ, 0 failed
Aug 15 14:46:25 raspi3 charon: 07[IMV] IMV 1 handled TPMRA workitem 18: allow - processed 450 IMA file evidence measurements: 385 ok, 65 unknown, 0 differ, 0 failed Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PA-TNC message with ID 0x4077e3ed Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Sending Assessment Result¶
Aug 15 14:46:25 raspi3 charon: 07[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant'
Aug 15 14:46:25 raspi3 charon: 07[TNC] TNC server is handling outbound connection Aug 15 14:46:25 raspi3 charon: 07[IMV] policy: recommendation for access requestor 10.10.1.40 is allow Aug 15 14:46:25 raspi3 charon: 07[IMV] policy: imv_policy_manager stop successful Aug 15 14:46:25 raspi3 charon: 07[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Allowed' Aug 15 14:46:25 raspi3 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Decided' Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PB-TNC RESULT batch Aug 15 14:46:25 raspi3 charon: 07[TNC] adding IETF/PB-PA message Aug 15 14:46:25 raspi3 charon: 07[TNC] adding IETF/PB-Assessment-Result message Aug 15 14:46:25 raspi3 charon: 07[TNC] adding IETF/PB-Access-Recommendation message Aug 15 14:46:25 raspi3 charon: 07[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 2 Aug 15 14:46:25 raspi3 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:25 raspi3 charon: 07[ENC] generating IKE_AUTH request 111 [ EAP/RES/TTLS ] Aug 15 14:46:25 raspi3 charon: 07[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:25 raspi3 charon: 11[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) Aug 15 14:46:25 raspi3 charon: 11[ENC] parsed IKE_AUTH response 111 [ EAP/REQ/TTLS ] Aug 15 14:46:25 raspi3 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT] Aug 15 14:46:25 raspi3 charon: 11[TNC] received TNCCS batch (8 bytes)
Aug 15 14:46:25 raspi3 charon: 11[TNC] TNC server is handling inbound connection Aug 15 14:46:25 raspi3 charon: 11[TNC] processing PB-TNC CLOSE batch for Connection ID 2 Aug 15 14:46:25 raspi3 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End'
Aug 15 14:46:25 raspi3 charon: 11[TNC] TNC client is handling outbound connection Aug 15 14:46:25 raspi3 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End' Aug 15 14:46:25 raspi3 charon: 11[TNC] creating PB-TNC CLOSE batch Aug 15 14:46:25 raspi3 charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 1 Aug 15 14:46:25 raspi3 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT] Aug 15 14:46:25 raspi3 charon: 11[ENC] generating IKE_AUTH request 112 [ EAP/RES/TTLS ] Aug 15 14:46:25 raspi3 charon: 11[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:25 raspi3 charon: 05[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:46:25 raspi3 charon: 05[ENC] parsed IKE_AUTH response 112 [ EAP/SUCC ] Aug 15 14:46:25 raspi3 charon: 05[IKE] EAP method EAP_TTLS succeeded, MSK established Aug 15 14:46:25 raspi3 charon: 05[IKE] authentication of 'raspi3.example.com' (myself) with EAP Aug 15 14:46:25 raspi3 charon: 05[ENC] generating IKE_AUTH request 113 [ AUTH ] Aug 15 14:46:25 raspi3 charon: 05[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (112 bytes)
Aug 15 14:46:25 raspi3 charon: 12[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (240 bytes) Aug 15 14:46:25 raspi3 charon: 12[ENC] parsed IKE_AUTH response 113 [ AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Aug 15 14:46:25 raspi3 charon: 12[IKE] authentication of 'raspi4.example.com' with EAP successful
Aug 15 14:46:25 raspi3 charon: 12[IMV] IMV 1 "Attestation" deleted the state of Connection ID 2 Aug 15 14:46:25 raspi3 charon: 12[TNC] removed TNCCS Connection ID 2 Aug 15 14:46:25 raspi3 charon: 12[IMC] IMC 1 "OS" deleted the state of Connection ID 1 Aug 15 14:46:25 raspi3 charon: 12[IMC] IMC 2 "Attestation" deleted the state of Connection ID 1 Aug 15 14:46:25 raspi3 charon: 12[TNC] removed TNCCS Connection ID 1
Aug 15 14:46:25 raspi3 charon: 12[IKE] IKE_SA peer[1] established between 10.10.1.39[raspi3.example.com]...10.10.1.40[raspi4.example.com]
Aug 15 14:46:25 raspi3 charon: 12[IKE] scheduling reauthentication in 10132s
Aug 15 14:46:25 raspi3 charon: 12[IKE] maximum IKE_SA lifetime 10672s
Aug 15 14:46:25 raspi3 charon: 12[IKE] CHILD_SA peer{1} established with SPIs c12c1aae_i ce21eedf_o and TS 10.10.1.39/32 === 10.10.1.40/32
Aug 15 14:46:25 raspi3 charon: 12[IKE] received AUTH_LIFETIME of 10143s, scheduling reauthentication in 9603s
Aug 15 14:46:25 raspi3 charon: 12[IKE] peer supports MOBIKE
Terminating the IPsec Connection¶
Aug 15 14:49:04 raspi3 charon: 13[CFG] received stroke: terminate 'peer' Aug 15 14:49:04 raspi3 charon: 15[IKE] deleting IKE_SA peer[1] between 10.10.1.39[raspi3.example.com]...10.10.1.40[raspi4.example.com] Aug 15 14:49:04 raspi3 charon: 15[IKE] sending DELETE for IKE_SA peer[1] Aug 15 14:49:04 raspi3 charon: 15[ENC] generating INFORMATIONAL request 114 [ D ] Aug 15 14:49:04 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) Aug 15 14:49:05 raspi3 charon: 09[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) Aug 15 14:49:05 raspi3 charon: 09[ENC] parsed INFORMATIONAL response 114 [ ] Aug 15 14:49:05 raspi3 charon: 09[IKE] IKE_SA deleted
Stopping the IKEv2 Daemon¶
Aug 15 14:49:08 raspi3 charon: 00[DMN] signal of type SIGINT received. Shutting down Aug 15 14:49:08 raspi3 charon: 00[IMC] IMC 2 "Attestation" terminated Aug 15 14:49:08 raspi3 charon: 00[IMC] IMC 1 "OS" terminated Aug 15 14:49:08 raspi3 charon: 00[IMV] IMV 1 "Attestation" terminated Aug 15 14:49:08 raspi3 charon: 00[PTS] removed TCG functional component namespace Aug 15 14:49:08 raspi3 charon: 00[PTS] removed ITA-HSR functional component namespace Aug 15 14:49:08 raspi3 charon: 00[TNC] removed IETF attributes Aug 15 14:49:08 raspi3 charon: 00[TNC] removed ITA-HSR attributes Aug 15 14:49:08 raspi3 charon: 00[TNC] removed TCG attributes Aug 15 14:49:08 raspi3 charon: 00[LIB] libimcv terminated