Project

General

Profile

Raspi 4 - Responding IoT Device

Configuration Files

strongSwan IPsec configuration file /etc/ipsec.conf

config setup
     charondebug="tnc 2, imc 2, imv 2, pts 3" 

conn %default
     ike=aes128-sha256-ecp256!
     esp=aes128-sha256-ecp256!
     keyexchange=ikev2

conn peer
     left=10.10.1.40
     leftauth=eap-ttls
     leftcert=raspi4Cert.pem
     leftid=raspi4.example.com
     leftfirewall=yes
     right=10.10.1.39
     rightauth=eap-ttls
     rightid=raspi3.example.com
     type=transport
     auto=add

strongSwan IPsec secrets file /etc/ipsec.secrets

: RSA raspi4Key.pem

strongSwan configuration file /etc/strongswan.conf

charon {
  load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke

  half_open_timeout = 90

  plugins {
    eap-ttls
    {
      max_message_count = 0
      request_peer_auth = yes
      phase2_piggyback = yes
      phase2_tnc = yes
    }
    eap-tnc {
      max_message_count = 0
    }
    tnccs-20 {
      mutual = yes
    }
  }
}

libimcv {
  database = sqlite:///etc/pts/config.db
  policy_script = ipsec imv_policy_manager

  plugins {
    imc-os {
      device_pubkey = /etc/pts/aik4Pub.der
    }
    imc-attestation {
      aik_blob = /etc/pts/aik4Blob.bin
      aik_cert = /etc/pts/aik4Cert.der
    }
    imv-attestation {
      cadir = /etc/pts/cacerts
      hash_algorithm = sha1
    }
  }
}

libtls {
  suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
}

pt-tls-client {
  load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl 
}

attest {
  database=sqlite:///etc/pts/config.db
}

In order to do mutual attestation, both IMCs and IMVs are loaded via /etc/tnc_config.

IMC "OS"                /usr/lib/ipsec/imcvs/imc-os.so
IMC "Attestation"       /usr/lib/ipsec/imcvs/imc-attestation.so
IMV "Attestation"       /usr/lib/ipsec/imcvs/imv-attestation.so

Starting the IKEv2 Daemon

First the IKEv2 charon daemon is started in the background

raspi4# ipsec start

Aug 15 14:45:49 raspi4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l)
Aug 15 14:45:49 raspi4 charon: 00[TNC] TNC recommendation policy is 'default'
Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMVs from '/etc/tnc_config'
Aug 15 14:45:49 raspi4 charon: 00[TNC] added IETF attributes
Aug 15 14:45:49 raspi4 charon: 00[TNC] added ITA-HSR attributes
Aug 15 14:45:49 raspi4 charon: 00[TNC] added TCG attributes
Aug 15 14:45:49 raspi4 charon: 00[PTS] added TCG functional component namespace
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component namespace
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'
Aug 15 14:45:49 raspi4 charon: 00[LIB] libimcv initialized

Loading Attestation IMV

Aug 15 14:45:49 raspi4 charon: 00[IMV] IMV 1 "Attestation" initialized
Aug 15 14:45:49 raspi4 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts'
Aug 15 14:45:49 raspi4 charon: 00[PTS]   loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem'
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_2048[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1536[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1024[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so'

Loading OS IMC

Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMCs from '/etc/tnc_config'
Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 1 "OS" initialized
Aug 15 14:45:49 raspi4 charon: 00[IMC] processing "/etc/debian_version" file
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system name is 'Debian'
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system version is '7.8 armv7l'
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so'

Loading Attestation IMC

Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 2 "Attestation" initialized
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_2048[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1536[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1024[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'

Initializing IKE daemon

Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG]   loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem'
'/etc/ipsec.d/cacerts/MSE_CA_Cert.pem'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 15 14:45:49 raspi4 charon: 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/raspi4Key.pem'
Aug 15 14:45:49 raspi4 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
Aug 15 14:45:49 raspi4 charon: 00[JOB] spawning 16 worker threads

Loading peer IPsec connection

Aug 15 14:45:49 raspi4 charon: 06[CFG] received stroke: add connection 'peer'
Aug 15 14:45:49 raspi4 charon: 06[CFG]   loaded certificate "C=US, O=TNC Demo, CN=raspi4.example.com" from 'raspi4Cert.pem'
Aug 15 14:45:49 raspi4 charon: 06[CFG] added configuration 'peer'

Responding to IPsec Connection Setup

Aug 15 14:46:05 raspi4 charon: 07[NET] received packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes)
Aug 15 14:46:05 raspi4 charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Aug 15 14:46:05 raspi4 charon: 07[IKE] 10.10.1.39 is initiating an IKE_SA
Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" 
Aug 15 14:46:05 raspi4 charon: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
Aug 15 14:46:05 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes)
Aug 15 14:46:05 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes)
Aug 15 14:46:05 raspi4 charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" 
Aug 15 14:46:05 raspi4 charon: 08[CFG] looking for peer configs matching 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
Aug 15 14:46:05 raspi4 charon: 08[CFG] selected peer config 'peer'
Aug 15 14:46:05 raspi4 charon: 08[IKE] initiating EAP_TTLS method (id 0xDB)
Aug 15 14:46:05 raspi4 charon: 08[IKE] peer supports MOBIKE
Aug 15 14:46:05 raspi4 charon: 08[ENC] generating IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes)
Aug 15 14:46:05 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes)
Aug 15 14:46:05 raspi4 charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 09[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com'
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA'
Aug 15 14:46:05 raspi4 charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:05 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:05 raspi4 charon: 10[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 10[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes)
Aug 15 14:46:05 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:05 raspi4 charon: 11[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 11[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:05 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes)
Aug 15 14:46:05 raspi4 charon: 12[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 12[TLS] received TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com'
Aug 15 14:46:05 raspi4 charon: 12[CFG]   using certificate "C=US, O=TNC Demo, CN=raspi3.example.com" 
Aug 15 14:46:05 raspi4 charon: 12[CFG]   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" 
Aug 15 14:46:05 raspi4 charon: 12[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi3.example.com" 
Aug 15 14:46:05 raspi4 charon: 12[CFG] certificate status is not available
Aug 15 14:46:05 raspi4 charon: 12[CFG]   reached self-signed root ca with a path length of 0
Aug 15 14:46:05 raspi4 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/ID]
Aug 15 14:46:05 raspi4 charon: 12[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:05 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes)
Aug 15 14:46:05 raspi4 charon: 13[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/RES/ID]
Aug 15 14:46:05 raspi4 charon: 13[IKE] received EAP identity 'raspi3.example.com'
Aug 15 14:46:05 raspi4 charon: 13[IKE] phase2 method EAP_PT_EAP selected
Aug 15 14:46:05 raspi4 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:05 raspi4 charon: 13[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
Aug 15 14:46:05 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes)
Aug 15 14:46:05 raspi4 charon: 14[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]

Start of Mutual Attestation

Assigning Connection to TNC Server

Aug 15 14:46:05 raspi4 charon: 14[TNC] assigned TNCCS Connection ID 1
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Aug 15 14:46:05 raspi4 charon: 14[IMV]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:05 raspi4 charon: 14[IMV]   user AR identity 'raspi3.example.com' of type username authenticated by certificate
Aug 15 14:46:05 raspi4 charon: 14[IMV]   machine AR identity '10.10.1.39' of type IPv4 address authenticated by unknown method
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Handshake'
Aug 15 14:46:05 raspi4 charon: 14[TNC] received TNCCS batch (283 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] TNC server is handling inbound connection
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:05 raspi4 charon: 14[TNC] PB-TNC state transition from 'Init' to 'Server Working'
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-Language-Preference message (31 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-PA message (228 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] activating mutual PB-TNC half duplex protocol
Aug 15 14:46:05 raspi4 charon: 14[TNC] setting language preference to 'en'
Aug 15 14:46:05 raspi4 charon: 14[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 1
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC message with ID 0x83cf019d
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008

Receiving OS Information

Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system name is 'Debian' from vendor Debian Project
Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system version is '7.8 armv7l'
Aug 15 14:46:05 raspi4 charon: 14[IMV] device ID is 565feb9e8462870dba884ce540a0768d68829873

Starting Session with Policy Manager

Aug 15 14:46:05 raspi4 charon: 14[IMV] assigned session ID 3 to Connection ID 1
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: imv_policy_manager start successful
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: skipping enforcment 6
Aug 15 14:46:08 raspi4 charon: 14[IMV] FWDEN workitem 13
Aug 15 14:46:08 raspi4 charon: 14[IMV] FMETA workitem 14
Aug 15 14:46:08 raspi4 charon: 14[IMV] PCKGS workitem 15
Aug 15 14:46:08 raspi4 charon: 14[IMV] TCPOP workitem 16
Aug 15 14:46:08 raspi4 charon: 14[IMV] UDPOP workitem 17
Aug 15 14:46:08 raspi4 charon: 14[IMV] TPMRA workitem 18
Aug 15 14:46:08 raspi4 charon: 14[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 14[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC message with ID 0x42501f74
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 14[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding ITA-HSR/PB-Mutual-Capability message
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 14[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 14[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes)
Aug 15 14:46:08 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:08 raspi4 charon: 15[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 15[TNC] received TNCCS batch (8 bytes)

Assigning Connection to TNC Client

Aug 15 14:46:08 raspi4 charon: 15[TNC] assigned TNCCS Connection ID 2
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
Aug 15 14:46:08 raspi4 charon: 15[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK certificate from '/etc/pts/aik4Cert.der'
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK Blob from '/etc/pts/aik4Blob.bin'
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
Aug 15 14:46:08 raspi4 charon: 15[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Handshake'
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Handshake'

Sending OS Information

Aug 15 14:46:08 raspi4 charon: 15[IMC] operating system numeric version is 7.8
Aug 15 14:46:08 raspi4 charon: 15[IMC] last boot: Aug 15 07:56:45 UTC 2015, 17363 s ago
Aug 15 14:46:08 raspi4 charon: 15[IMC] IPv4 forwarding is disabled
Aug 15 14:46:08 raspi4 charon: 15[IMC] factory default password is disabled
Aug 15 14:46:08 raspi4 charon: 15[IMC] loaded device public key from '/etc/pts/aik4Pub.der'
Aug 15 14:46:08 raspi4 charon: 15[IMC] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC message with ID 0x366c28ea
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 15[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Init' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-Language-Preference message
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 15[TNC] sending PB-TNC CDATA batch (267 bytes) for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 15[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes)
Aug 15 14:46:08 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 16[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 16[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 16[TNC] received TNCCS batch (92 bytes)
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi4 charon: 16[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC message with ID 0x1d5fa63a
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 16[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes

Receiving PTS Protocol Capabilities

Aug 15 14:46:08 raspi4 charon: 16[PTS] supported PTS protocol capabilities: .VDT.
Aug 15 14:46:08 raspi4 charon: 16[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles FMETA workitem 14
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 requests metadata for file '/etc/tnc_config'
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles TPMRA workitem 18
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC message with ID 0xaff3c130
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 16[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 16[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 16[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 16[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 05[ENC] parsed IKE_AUTH request 10 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 05[TNC] received TNCCS batch (92 bytes)
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi4 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC message with ID 0x918da8fe
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 05[IMC]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes

Sending PTS Protocol Capabilities

Aug 15 14:46:08 raspi4 charon: 05[PTS] supported PTS protocol capabilities: .VDT.
Aug 15 14:46:08 raspi4 charon: 05[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC message with ID 0xf94741eb
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi4 charon: 05[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 05[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 05[ENC] generating IKE_AUTH response 10 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes)
Aug 15 14:46:08 raspi4 charon: 06[ENC] parsed IKE_AUTH request 11 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 06[TNC] received TNCCS batch (226 bytes)
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing IETF/PB-PA message (218 bytes)
Aug 15 14:46:08 raspi4 charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC message with ID 0x5e3ee705
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi4 charon: 06[IMV] metadata request returned 1 file:
Aug 15 14:46:08 raspi4 charon: 06[IMV]  'tnc_config' (177 bytes) owner 0, group 0, type Regular
Aug 15 14:46:08 raspi4 charon: 06[IMV]     created Jun 05 20:02:25 2015, modified Jun 05 20:02:25 2015, accessed Jun 05 20:02:25 2015
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected PTS DH group is ECP_256
Aug 15 14:46:08 raspi4 charon: 06[PTS] nonce length is 20
Aug 15 14:46:08 raspi4 charon: 06[PTS] initiator nonce: => 20 bytes @ 0x1ab4f40
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15  ......m...@..._.
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: FB 4E 28 AD                                      .N(.
Aug 15 14:46:08 raspi4 charon: 06[PTS] responder nonce: => 20 bytes @ 0x1aafba0
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0  =.r9:....0..."..
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: B6 D1 2A 01                                      ..*.
Aug 15 14:46:08 raspi4 charon: 06[PTS] shared DH secret: => 32 bytes @ 0x1ab3078
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA  _....9........:.
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE  .#...........QP.
Aug 15 14:46:08 raspi4 charon: 06[PTS] secret assessment value: => 20 bytes @ 0x1ab4f28
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C  ...p.x...y.]|..|
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: E0 E0 83 77                                      ...w
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC message with ID 0xd27d5b33
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 06[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 06[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 06[ENC] generating IKE_AUTH response 11 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes)
Aug 15 14:46:08 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 07[ENC] parsed IKE_AUTH request 12 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 07[TNC] received TNCCS batch (87 bytes)
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing IETF/PB-PA message (79 bytes)
Aug 15 14:46:08 raspi4 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC message with ID 0xda2a70e9
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi4 charon: 07[IMC] metadata request for file '/etc/tnc_config'
Aug 15 14:46:08 raspi4 charon: 07[PTS] selected PTS DH group is ECP_256
Aug 15 14:46:08 raspi4 charon: 07[PTS] nonce length is 20
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC message with ID 0x676268aa
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi4 charon: 07[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 07[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 07[ENC] generating IKE_AUTH response 12 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes)
Aug 15 14:46:08 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes)
Aug 15 14:46:08 raspi4 charon: 08[ENC] parsed IKE_AUTH request 13 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 08[TNC] received TNCCS batch (902 bytes)
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing IETF/PB-PA message (894 bytes)
Aug 15 14:46:08 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x641bcea1
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000

Receiving TPM Version Information

Aug 15 14:46:08 raspi4 charon: 08[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:08 raspi4 charon: 08[IMV] verifying AIK with keyid 56:5f:eb:9e:84:62:87:0d:ba:88:4c:e5:40:a0:76:8d:68:82:98:73
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK public key is trusted
Aug 15 14:46:08 raspi4 charon: 08[CFG]   using trusted certificate "C=US, O=TNC Demo, CN=AIK CA" 
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK certificate is trusted
Aug 15 14:46:08 raspi4 charon: 08[IMV] evidence request by
Aug 15 14:46:08 raspi4 charon: 08[PTS]   ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0xed256fac
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 08[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 08[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 08[ENC] generating IKE_AUTH response 13 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:09 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes)
Aug 15 14:46:09 raspi4 charon: 09[ENC] parsed IKE_AUTH request 14 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:09 raspi4 charon: 09[TNC] received TNCCS batch (172 bytes)
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling inbound connection
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing IETF/PB-PA message (164 bytes)
Aug 15 14:46:09 raspi4 charon: 09[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi4 charon: 09[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC message with ID 0xe1b84e91
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:09 raspi4 charon: 09[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:09 raspi4 charon: 09[PTS] initiator nonce: => 20 bytes @ 0x1ab0dc0
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A  '.Q..f.T.W.I.*}:
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: F1 38 81 26                                      .8.&
Aug 15 14:46:09 raspi4 charon: 09[PTS] responder nonce: => 20 bytes @ 0x1ab2e48
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71  .H.R...n_..+..&q
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: 49 73 01 42                                      Is.B
Aug 15 14:46:09 raspi4 charon: 09[PTS] shared DH secret: => 32 bytes @ 0x1aac378
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11  ......"..5..pA{.
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1  .<.2.=..s2... ..
Aug 15 14:46:09 raspi4 charon: 09[PTS] secret assessment value: => 20 bytes @ 0x1ab0d20
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F  .........Q...;..
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: 68 50 6C DE                                      hPl.

Sending TPM Version Information

Aug 15 14:46:09 raspi4 charon: 09[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC message with ID 0x951e0284
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling outbound connection
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:09 raspi4 charon: 09[TNC] adding IETF/PB-PA message
Aug 15 14:46:09 raspi4 charon: 09[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 2
Aug 15 14:46:09 raspi4 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:09 raspi4 charon: 09[ENC] generating IKE_AUTH response 14 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes)
Aug 15 14:46:09 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 10[ENC] parsed IKE_AUTH request 15 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 10[ENC] generating IKE_AUTH response 15 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 11[ENC] parsed IKE_AUTH request 16 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 11[ENC] generating IKE_AUTH response 16 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 12[ENC] parsed IKE_AUTH request 17 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 12[ENC] generating IKE_AUTH response 17 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 13[ENC] parsed IKE_AUTH request 18 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 13[ENC] generating IKE_AUTH response 18 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
...
Aug 15 14:46:10 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 07[ENC] parsed IKE_AUTH request 60 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 07[ENC] generating IKE_AUTH response 60 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 08[ENC] parsed IKE_AUTH request 61 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:10 raspi4 charon: 08[TNC] received TNCCS batch (47615 bytes)
Aug 15 14:46:10 raspi4 charon: 08[TNC] TNC server is handling inbound connection
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:10 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing IETF/PB-PA message (47607 bytes)
Aug 15 14:46:10 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:10 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x2d059578

Initiator Attestation Measurement Values

Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:boot_aggregate'
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/init'
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/sh'
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so'
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/mkdir'
...
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/usr/sbin/service'
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/cp'
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000

Verifying Initiator Measurements

Aug 15 14:46:10 raspi4 charon: 08[PTS] checking boot aggregate evidence measurement
Aug 15 14:46:10 raspi4 charon: 08[PTS] 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 for '/init' not found
Aug 15 14:46:10 raspi4 charon: 08[PTS] 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 for '/bin/sh' is ok
Aug 15 14:46:10 raspi4 charon: 08[PTS] 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e for '/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' is ok
Aug 15 14:46:10 raspi4 charon: 08[PTS] 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 for '/bin/mkdir' is ok
...
Aug 15 14:46:16 raspi4 charon: 08[PTS] 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb for '/usr/sbin/service' is ok
Aug 15 14:46:16 raspi4 charon: 08[PTS] e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce for '/bin/cp' is ok

Verifying Initiator TPM Quote Signature

Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite: => 29 bytes @ 0x1b27188
Aug 15 14:46:16 raspi4 charon: 08[PTS]    0: 00 03 00 04 00 00 00 00 14 F7 5E 84 36 2B C2 83  ..........^.6+..
Aug 15 14:46:16 raspi4 charon: 08[PTS]   16: 28 8E 90 7E B3 39 45 74 33 60 2E B7 8E           (..~.9Et3`...
Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite hash: 58:f2:83:91:d6:a8:df:3d:3e:c6:33:c7:24:93:9f:9c:22:a2:01:20
Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed TPM Quote Info: => 52 bytes @ 0x1b27e68
Aug 15 14:46:16 raspi4 charon: 08[PTS]    0: 00 36 51 55 54 32 D8 9D 1E 70 CE 78 C3 13 F2 79  .6QUT2...p.x...y
Aug 15 14:46:16 raspi4 charon: 08[PTS]   16: BA 5D 7C E5 05 7C E0 E0 83 77 00 03 00 04 00 01  .]|..|...w......
Aug 15 14:46:16 raspi4 charon: 08[PTS]   32: 58 F2 83 91 D6 A8 DF 3D 3E C6 33 C7 24 93 9F 9C  X......=>.3.$...
Aug 15 14:46:16 raspi4 charon: 08[PTS]   48: 22 A2 01 20                                      ".. 
Aug 15 14:46:16 raspi4 charon: 08[IMV] received PCR Composite matches constructed one
Aug 15 14:46:16 raspi4 charon: 08[IMV] TPM Quote Info signature verification successful
Aug 15 14:46:16 raspi4 charon: 08[PTS] processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed
Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 handled TPMRA workitem 18: allow - processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0x57254d62
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

Sending Assessment Result

Aug 15 14:46:16 raspi4 charon: 08[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant'
Aug 15 14:46:16 raspi4 charon: 08[TNC] TNC server is handling outbound connection
Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: recommendation for access requestor 10.10.1.39 is allow
Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: imv_policy_manager stop successful
Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Allowed'
Aug 15 14:46:16 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-TNC RESULT batch
Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-PA message
Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Assessment-Result message
Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Access-Recommendation message
Aug 15 14:46:16 raspi4 charon: 08[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
Aug 15 14:46:16 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:16 raspi4 charon: 08[ENC] generating IKE_AUTH response 61 [ EAP/REQ/TTLS ]
Aug 15 14:46:16 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:16 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:16 raspi4 charon: 10[ENC] parsed IKE_AUTH request 62 [ EAP/RES/TTLS ]
Aug 15 14:46:16 raspi4 charon: 10[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:16 raspi4 charon: 10[TNC] received TNCCS batch (80 bytes)
Aug 15 14:46:16 raspi4 charon: 10[TNC] TNC client is handling inbound connection
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:16 raspi4 charon: 10[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing IETF/PB-PA message (72 bytes)
Aug 15 14:46:16 raspi4 charon: 10[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:16 raspi4 charon: 10[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC message with ID 0xc8f4500b
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
Aug 15 14:46:16 raspi4 charon: 10[IMC] evidence requested for 1 functional components
Aug 15 14:46:16 raspi4 charon: 10[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'

Responder Attestation Measurement Values

Aug 15 14:46:16 raspi4 charon: 10[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (451 entries)
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:boot_aggregate'
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/init'
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/sh'
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so'
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/mkdir'
...
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/bin/clear_console'
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/libexec/ipsec/stroke'

Generating Responder TPM Quote Signature

Aug 15 14:46:17 raspi4 charon: 10[PTS] Hash of PCR Composite: c4:6a:f4:fa:82:39:a6:7a:80:fe:4e:d2:7e:a5:05:b3:1e:60:4f:ff
Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Info: => 52 bytes @ 0x1ae0580
Aug 15 14:46:17 raspi4 charon: 10[PTS]    0: 00 36 51 55 54 32 B2 E0 AB DF 89 C5 1D B2 A3 51  .6QUT2.........Q
Aug 15 14:46:17 raspi4 charon: 10[PTS]   16: FD A9 C8 3B F8 7F 68 50 6C DE 00 03 00 04 00 01  ...;..hPl.......
Aug 15 14:46:17 raspi4 charon: 10[PTS]   32: C4 6A F4 FA 82 39 A6 7A 80 FE 4E D2 7E A5 05 B3  .j...9.z..N.~...
Aug 15 14:46:17 raspi4 charon: 10[PTS]   48: 1E 60 4F FF                                      .`O.
Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Signature: => 256 bytes @ 0x1ae0c00
Aug 15 14:46:17 raspi4 charon: 10[PTS]    0: 6C 25 B7 58 F9 5C CA CA 86 6F 9A BD 24 2E 32 D9  l%.X.\...o..$.2.
Aug 15 14:46:17 raspi4 charon: 10[PTS]   16: 36 DD 4F DF 37 09 1E 60 56 45 0E B4 32 52 A2 6A  6.O.7..`VE..2R.j
Aug 15 14:46:17 raspi4 charon: 10[PTS]   32: B4 A5 27 59 79 25 F2 DC A1 05 14 5C 0C 71 DD DC  ..'Yy%.....\.q..
Aug 15 14:46:17 raspi4 charon: 10[PTS]   48: 96 31 9C 69 DD 60 AC 51 70 95 47 48 62 FF 40 DC  .1.i.`.Qp.GHb.@.
Aug 15 14:46:17 raspi4 charon: 10[PTS]   64: FF FF C3 55 5D 1C DF E2 D6 4B 8E 4F BF 0A 47 CC  ...U]....K.O..G.
Aug 15 14:46:17 raspi4 charon: 10[PTS]   80: 1E C5 42 7D 3B 39 C4 4D 6A A0 A4 CD 3E E3 E6 C6  ..B};9.Mj...>...
Aug 15 14:46:17 raspi4 charon: 10[PTS]   96: A1 DB F1 AF F3 2B 48 0D 74 60 A3 B3 E3 43 5E 22  .....+H.t`...C^" 
Aug 15 14:46:17 raspi4 charon: 10[PTS]  112: 99 EC 5B 23 FD 57 D4 1F 97 32 28 DC 4A 38 36 15  ..[#.W...2(.J86.
Aug 15 14:46:17 raspi4 charon: 10[PTS]  128: 75 57 53 18 21 29 5C CD 8F C6 66 60 70 7C 47 0F  uWS.!)\...f`p|G.
Aug 15 14:46:17 raspi4 charon: 10[PTS]  144: 9B 7B FE BA 29 80 0C 87 11 41 81 95 6D 74 6B FA  .{..)....A..mtk.
Aug 15 14:46:17 raspi4 charon: 10[PTS]  160: 4D 5F F7 23 C4 60 D2 2A C2 16 08 EA AF 59 CC D2  M_.#.`.*.....Y..
Aug 15 14:46:17 raspi4 charon: 10[PTS]  176: 18 EC 20 18 5B 1D 42 72 E1 C8 33 02 A1 37 ED EA  .. .[.Br..3..7..
Aug 15 14:46:17 raspi4 charon: 10[PTS]  192: B8 CD CA 2B 83 D3 B2 77 1C 45 2D C7 36 FA E6 88  ...+...w.E-.6...
Aug 15 14:46:17 raspi4 charon: 10[PTS]  208: 93 C3 BE D9 26 31 A5 59 3D 20 24 B1 0F F3 04 5C  ....&1.Y= $....\
Aug 15 14:46:17 raspi4 charon: 10[PTS]  224: 93 FA 8C 09 3E C3 FF E0 A1 EB 03 58 0B AB 08 89  ....>......X....
Aug 15 14:46:17 raspi4 charon: 10[PTS]  240: BA A4 22 ED AB D6 BA 7C 65 8D B6 75 5C 7C 67 28  .."....|e..u\|g(
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC message with ID 0xed64f7ab
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
...
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:17 raspi4 charon: 10[TNC] TNC client is handling outbound connection
Aug 15 14:46:17 raspi4 charon: 10[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:17 raspi4 charon: 10[TNC] adding IETF/PB-PA message
Aug 15 14:46:17 raspi4 charon: 10[TNC] sending PB-TNC CDATA batch (49524 bytes) for Connection ID 2
Aug 15 14:46:17 raspi4 charon: 10[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:17 raspi4 charon: 10[ENC] generating IKE_AUTH response 62 [ EAP/REQ/TTLS ]
Aug 15 14:46:17 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:17 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:17 raspi4 charon: 11[ENC] parsed IKE_AUTH request 63 [ EAP/RES/TTLS ]
Aug 15 14:46:17 raspi4 charon: 11[ENC] generating IKE_AUTH response 63 [ EAP/REQ/TTLS ]
Aug 15 14:46:17 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:17 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:17 raspi4 charon: 12[ENC] parsed IKE_AUTH request 64 [ EAP/RES/TTLS ]
Aug 15 14:46:17 raspi4 charon: 12[ENC] generating IKE_AUTH response 64 [ EAP/REQ/TTLS ]
Aug 15 14:46:17 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:17 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:17 raspi4 charon: 13[ENC] parsed IKE_AUTH request 65 [ EAP/RES/TTLS ]
Aug 15 14:46:17 raspi4 charon: 13[ENC] generating IKE_AUTH response 65 [ EAP/REQ/TTLS ]
Aug 15 14:46:17 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
...
Aug 15 14:46:18 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:18 raspi4 charon: 08[ENC] parsed IKE_AUTH request 109 [ EAP/RES/TTLS ]
Aug 15 14:46:18 raspi4 charon: 08[ENC] generating IKE_AUTH response 109 [ EAP/REQ/TTLS ]
Aug 15 14:46:18 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:18 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:18 raspi4 charon: 10[ENC] parsed IKE_AUTH request 110 [ EAP/RES/TTLS ]
Aug 15 14:46:18 raspi4 charon: 10[ENC] generating IKE_AUTH response 110 [ EAP/REQ/TTLS ]
Aug 15 14:46:18 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1040 bytes)
Aug 15 14:46:25 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:25 raspi4 charon: 11[ENC] parsed IKE_AUTH request 111 [ EAP/RES/TTLS ]
Aug 15 14:46:25 raspi4 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:25 raspi4 charon: 11[TNC] received TNCCS batch (88 bytes)
Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling inbound connection
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PB-TNC RESULT batch for Connection ID 2
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-PA message (48 bytes)
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Assessment-Result message (16 bytes)
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Access-Recommendation message (16 bytes)
Aug 15 14:46:25 raspi4 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC message with ID 0x4077e3ed
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009

Receiving Assessment Result

Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 *****
Aug 15 14:46:25 raspi4 charon: 11[IMC] assessment result is 'compliant'
Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** end of assessment *****
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC assessment result is 'compliant'
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC access recommendation is 'Access Allowed'
Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Allowed'
Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Allowed'
Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling outbound connection
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End'
Aug 15 14:46:25 raspi4 charon: 11[TNC] creating PB-TNC CLOSE batch
Aug 15 14:46:25 raspi4 charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 2
Aug 15 14:46:25 raspi4 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:25 raspi4 charon: 11[ENC] generating IKE_AUTH response 111 [ EAP/REQ/TTLS ]
Aug 15 14:46:25 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
Aug 15 14:46:25 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:25 raspi4 charon: 12[ENC] parsed IKE_AUTH request 112 [ EAP/RES/TTLS ]
Aug 15 14:46:25 raspi4 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:25 raspi4 charon: 12[TNC] received TNCCS batch (8 bytes)
Aug 15 14:46:25 raspi4 charon: 12[TNC] TNC server is handling inbound connection
Aug 15 14:46:25 raspi4 charon: 12[TNC] processing PB-TNC CLOSE batch for Connection ID 1
Aug 15 14:46:25 raspi4 charon: 12[TNC] PB-TNC state transition from 'Decided' to 'End'
Aug 15 14:46:25 raspi4 charon: 12[TNC] final recommendation is 'allow' and evaluation is 'compliant'
Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforced on peer 'raspi3.example.com' is 'allow'
Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforcement point added group membership 'allow'
Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP_TTLS phase2 authentication of 'raspi3.example.com' with EAP_PT_EAP successful
Aug 15 14:46:25 raspi4 charon: 12[IMV] IMV 1 "Attestation" deleted the state of Connection ID 1
Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 1
Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 1 "OS" deleted the state of Connection ID 2
Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 2 "Attestation" deleted the state of Connection ID 2
Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 2
Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP method EAP_TTLS succeeded, MSK established
Aug 15 14:46:25 raspi4 charon: 12[ENC] generating IKE_AUTH response 112 [ EAP/SUCC ]
Aug 15 14:46:25 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:25 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (112 bytes)
Aug 15 14:46:25 raspi4 charon: 13[ENC] parsed IKE_AUTH request 113 [ AUTH ]
Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi3.example.com' with EAP successful
Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi4.example.com' (myself) with EAP
Aug 15 14:46:25 raspi4 charon: 13[IKE] IKE_SA peer[1] established between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
Aug 15 14:46:25 raspi4 charon: 13[IKE] scheduling reauthentication in 10143s
Aug 15 14:46:25 raspi4 charon: 13[IKE] maximum IKE_SA lifetime 10683s
Aug 15 14:46:25 raspi4 charon: 13[IKE] CHILD_SA peer{1} established with SPIs ce21eedf_i c12c1aae_o and TS 10.10.1.40/32 === 10.10.1.39/32 
Aug 15 14:46:25 raspi4 charon: 13[ENC] generating IKE_AUTH response 113 [ AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Aug 15 14:46:25 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (240 bytes)

strongTNC Policy Manager

strongTNC Policy Manager

This screenshot of the strongTNC policy manager running on raspi4 shows that the attestation of raspi3 has been successful.

IPsec Connection established

The command

raspi4# ipsec statusall

shows that the IPsec transport connection between raspi4 and raspi3 has been successfully established.

Status of IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l):
  uptime: 2 minutes, since Aug 15 14:45:50 2015
  malloc: sbrk 1941504, mmap 0, used 1440680, free 500824
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
  loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
Listening IP addresses:
  10.10.1.40
Connections:
        peer:  10.10.1.40...10.10.1.39  IKEv2
        peer:   local:  [raspi4.example.com] uses EAP_TTLS authentication
        peer:    cert:  "C=US, O=TNC Demo, CN=raspi4.example.com" 
        peer:   remote: [raspi3.example.com] uses EAP_TTLS authentication
        peer:   child:  dynamic === dynamic TRANSPORT
Security Associations (1 up, 0 connecting):
        peer[1]: ESTABLISHED 2 minutes ago, 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
        peer[1]: IKEv2 SPIs: 168d780b16692776_i 24a43cb75417ebe5_r*, EAP reauthentication in 2 hours
        peer[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
        peer{1}:  INSTALLED, TRANSPORT, reqid 1, ESP SPIs: ce21eedf_i c12c1aae_o
        peer{1}:  AES_CBC_128/HMAC_SHA2_256_128, 640 bytes_i (10 pkts, 48s ago), 640 bytes_o (10 pkts, 48s ago), rekeying in 46 minutes
        peer{1}:   10.10.1.40/32 === 10.10.1.39/32 

Terminating the IPsec Connection

Aug 15 14:49:04 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:49:04 raspi4 charon: 05[ENC] parsed INFORMATIONAL request 114 [ D ]
Aug 15 14:49:04 raspi4 charon: 05[IKE] received DELETE for IKE_SA peer[1]
Aug 15 14:49:04 raspi4 charon: 05[IKE] deleting IKE_SA peer[1] between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
Aug 15 14:49:04 raspi4 charon: 05[IKE] IKE_SA deleted
Aug 15 14:49:05 raspi4 charon: 05[ENC] generating INFORMATIONAL response 114 [ ]
Aug 15 14:49:05 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)

Stopping the IKEv2 Daemon

Aug 15 14:49:13 raspi4 charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 2 "Attestation" terminated
Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 1 "OS" terminated
Aug 15 14:49:13 raspi4 charon: 00[IMV] IMV 1 "Attestation" terminated
Aug 15 14:49:13 raspi4 charon: 00[PTS] removed TCG functional component namespace
Aug 15 14:49:13 raspi4 charon: 00[PTS] removed ITA-HSR functional component namespace
Aug 15 14:49:13 raspi4 charon: 00[TNC] removed IETF attributes
Aug 15 14:49:13 raspi4 charon: 00[TNC] removed ITA-HSR attributes
Aug 15 14:49:13 raspi4 charon: 00[TNC] removed TCG attributes
Aug 15 14:49:13 raspi4 charon: 00[LIB] libimcv terminated

tnc4.png View - strongTNC Policy Manager (104 KB) Andreas Steffen, 16.08.2015 10:14