Project

General

Profile

Raspi 4 - Responding IoT Device » History » Version 23

Andreas Steffen, 15.08.2015 22:16

1 4 Andreas Steffen
{{>toc}}
2 4 Andreas Steffen
3 1 Andreas Steffen
h1. Raspi 4 - Responding IoT Device
4 1 Andreas Steffen
5 6 Andreas Steffen
h2. Configuration Files
6 6 Andreas Steffen
7 1 Andreas Steffen
strongSwan IPsec configuration file */etc/ipsec.conf*
8 1 Andreas Steffen
<pre>
9 1 Andreas Steffen
config setup
10 1 Andreas Steffen
     charondebug="tnc 2, imc 2, imv 2, pts 3"
11 1 Andreas Steffen
12 1 Andreas Steffen
conn %default
13 1 Andreas Steffen
     ike=aes128-sha256-ecp256!
14 1 Andreas Steffen
     esp=aes128-sha256-ecp256!
15 1 Andreas Steffen
     keyexchange=ikev2
16 1 Andreas Steffen
17 1 Andreas Steffen
conn peer
18 1 Andreas Steffen
     left=10.10.1.40
19 1 Andreas Steffen
     leftauth=eap-ttls
20 1 Andreas Steffen
     leftcert=raspi4Cert.pem
21 1 Andreas Steffen
     leftid=raspi4.example.com
22 1 Andreas Steffen
     leftfirewall=yes
23 1 Andreas Steffen
     right=10.10.1.39
24 1 Andreas Steffen
     rightauth=eap-ttls
25 1 Andreas Steffen
     rightid=raspi3.example.com
26 1 Andreas Steffen
     type=transport
27 1 Andreas Steffen
     auto=add
28 1 Andreas Steffen
</pre>
29 1 Andreas Steffen
30 1 Andreas Steffen
strongSwan IPsec secrets file */etc/ipsec.secrets*
31 1 Andreas Steffen
<pre>
32 1 Andreas Steffen
: RSA raspi4Key.pem
33 1 Andreas Steffen
</pre>
34 1 Andreas Steffen
35 1 Andreas Steffen
strongSwan configuration file */etc/strongswan.conf*
36 1 Andreas Steffen
<pre>
37 1 Andreas Steffen
charon {
38 1 Andreas Steffen
  load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
39 1 Andreas Steffen
40 1 Andreas Steffen
  half_open_timeout = 90
41 1 Andreas Steffen
42 1 Andreas Steffen
  plugins {
43 1 Andreas Steffen
    eap-ttls
44 1 Andreas Steffen
    {
45 1 Andreas Steffen
      max_message_count = 0
46 1 Andreas Steffen
      request_peer_auth = yes
47 1 Andreas Steffen
      phase2_piggyback = yes
48 1 Andreas Steffen
      phase2_tnc = yes
49 1 Andreas Steffen
    }
50 1 Andreas Steffen
    eap-tnc {
51 1 Andreas Steffen
      max_message_count = 0
52 1 Andreas Steffen
    }
53 1 Andreas Steffen
    tnccs-20 {
54 1 Andreas Steffen
      mutual = yes
55 1 Andreas Steffen
    }
56 1 Andreas Steffen
  }
57 1 Andreas Steffen
}
58 1 Andreas Steffen
59 1 Andreas Steffen
libimcv {
60 1 Andreas Steffen
  database = sqlite:///etc/pts/config.db
61 1 Andreas Steffen
  policy_script = ipsec imv_policy_manager
62 1 Andreas Steffen
63 1 Andreas Steffen
  plugins {
64 1 Andreas Steffen
    imc-os {
65 1 Andreas Steffen
      device_pubkey = /etc/pts/aik4Pub.der
66 1 Andreas Steffen
    }
67 1 Andreas Steffen
    imc-attestation {
68 1 Andreas Steffen
      aik_blob = /etc/pts/aik4Blob.bin
69 1 Andreas Steffen
      aik_cert = /etc/pts/aik4Cert.der
70 1 Andreas Steffen
    }
71 1 Andreas Steffen
    imv-attestation {
72 1 Andreas Steffen
      cadir = /etc/pts/cacerts
73 1 Andreas Steffen
      hash_algorithm = sha1
74 1 Andreas Steffen
    }
75 1 Andreas Steffen
  }
76 1 Andreas Steffen
}
77 1 Andreas Steffen
78 1 Andreas Steffen
libtls {
79 1 Andreas Steffen
  suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
80 1 Andreas Steffen
}
81 1 Andreas Steffen
82 1 Andreas Steffen
pt-tls-client {
83 1 Andreas Steffen
  load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl 
84 1 Andreas Steffen
}
85 1 Andreas Steffen
86 1 Andreas Steffen
attest {
87 1 Andreas Steffen
  database=sqlite:///etc/pts/config.db
88 1 Andreas Steffen
}
89 1 Andreas Steffen
</pre>
90 1 Andreas Steffen
91 6 Andreas Steffen
h2. Starting the IKEv2 Daemon
92 6 Andreas Steffen
93 6 Andreas Steffen
First the IKEv2 charon daemon is started in the background
94 1 Andreas Steffen
<pre>
95 6 Andreas Steffen
raspi4# ipsec start
96 6 Andreas Steffen
</pre>
97 6 Andreas Steffen
98 6 Andreas Steffen
<pre>
99 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l)
100 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] TNC recommendation policy is 'default'
101 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMVs from '/etc/tnc_config'
102 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] added IETF attributes
103 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] added ITA-HSR attributes
104 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] added TCG attributes
105 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added TCG functional component namespace
106 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component namespace
107 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'
108 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'
109 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'
110 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[LIB] libimcv initialized
111 6 Andreas Steffen
</pre>
112 6 Andreas Steffen
113 6 Andreas Steffen
Loading Attestation IMV
114 6 Andreas Steffen
<pre>
115 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMV] IMV 1 "Attestation" initialized
116 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts'
117 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem'
118 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[openssl] available
119 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
120 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
121 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_2048[openssl] available
122 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1536[openssl] available
123 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1024[openssl] available
124 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
125 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
126 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001
127 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so'
128 6 Andreas Steffen
</pre>
129 6 Andreas Steffen
130 6 Andreas Steffen
Loading OS IMC
131 6 Andreas Steffen
<pre>
132 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMCs from '/etc/tnc_config'
133 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 1 "OS" initialized
134 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] processing "/etc/debian_version" file
135 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system name is 'Debian'
136 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system version is '7.8 armv7l'
137 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
138 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so'
139 6 Andreas Steffen
</pre>
140 6 Andreas Steffen
141 6 Andreas Steffen
Loading Attestation IMC
142 6 Andreas Steffen
<pre>
143 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 2 "Attestation" initialized
144 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[openssl] available
145 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
146 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
147 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_2048[openssl] available
148 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1536[openssl] available
149 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1024[openssl] available
150 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
151 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
152 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001
153 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'
154 6 Andreas Steffen
</pre>
155 6 Andreas Steffen
156 6 Andreas Steffen
Initializing IKE daemon
157 6 Andreas Steffen
<pre>
158 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
159 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG]   loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem'
160 6 Andreas Steffen
'/etc/ipsec.d/cacerts/MSE_CA_Cert.pem'
161 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
162 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
163 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
164 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
165 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
166 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/raspi4Key.pem'
167 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
168 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[JOB] spawning 16 worker threads
169 6 Andreas Steffen
</pre>
170 6 Andreas Steffen
171 6 Andreas Steffen
Loading *peer* IPsec connection
172 6 Andreas Steffen
<pre>
173 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 06[CFG] received stroke: add connection 'peer'
174 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 06[CFG]   loaded certificate "C=US, O=TNC Demo, CN=raspi4.example.com" from 'raspi4Cert.pem'
175 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 06[CFG] added configuration 'peer'
176 6 Andreas Steffen
</pre>
177 6 Andreas Steffen
178 6 Andreas Steffen
h2. Responding to IPsec Connection Setup
179 6 Andreas Steffen
180 6 Andreas Steffen
<pre>
181 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[NET] received packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes)
182 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
183 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[IKE] 10.10.1.39 is initiating an IKE_SA
184 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
185 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
186 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes)
187 6 Andreas Steffen
</pre>
188 6 Andreas Steffen
189 6 Andreas Steffen
<pre>
190 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes)
191 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
192 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
193 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[CFG] looking for peer configs matching 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
194 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[CFG] selected peer config 'peer'
195 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[IKE] initiating EAP_TTLS method (id 0xDB)
196 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[IKE] peer supports MOBIKE
197 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[ENC] generating IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]
198 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes)
199 6 Andreas Steffen
</pre>
200 6 Andreas Steffen
201 6 Andreas Steffen
<pre>
202 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes)
203 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TTLS ]
204 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
205 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com'
206 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
207 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA'
208 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TTLS ]
209 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
210 6 Andreas Steffen
</pre>
211 6 Andreas Steffen
212 6 Andreas Steffen
<pre>
213 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
214 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 10[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TTLS ]
215 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 10[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TTLS ]
216 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes)
217 6 Andreas Steffen
</pre>
218 6 Andreas Steffen
219 6 Andreas Steffen
<pre>
220 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
221 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 11[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TTLS ]
222 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 11[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TTLS ]
223 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
224 6 Andreas Steffen
</pre>
225 6 Andreas Steffen
226 6 Andreas Steffen
<pre>
227 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes)
228 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TTLS ]
229 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[TLS] received TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com'
230 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG]   using certificate "C=US, O=TNC Demo, CN=raspi3.example.com"
231 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG]   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
232 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi3.example.com"
233 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG] certificate status is not available
234 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG]   reached self-signed root ca with a path length of 0
235 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/ID]
236 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TTLS ]
237 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
238 6 Andreas Steffen
</pre>
239 6 Andreas Steffen
240 6 Andreas Steffen
<pre>
241 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes)
242 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TTLS ]
243 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/RES/ID]
244 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[IKE] received EAP identity 'raspi3.example.com'
245 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[IKE] phase2 method EAP_PT_EAP selected
246 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
247 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TTLS ]
248 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
249 6 Andreas Steffen
</pre>
250 6 Andreas Steffen
251 6 Andreas Steffen
<pre>
252 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes)
253 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ]
254 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
255 6 Andreas Steffen
</pre>
256 6 Andreas Steffen
257 10 Andreas Steffen
h2. Start of Mutual Attestation
258 10 Andreas Steffen
259 21 Andreas Steffen
h3. Assigning Connection to TNC Server
260 21 Andreas Steffen
261 6 Andreas Steffen
<pre>
262 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] assigned TNCCS Connection ID 1
263 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
264 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
265 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV]   user AR identity 'raspi3.example.com' of type username authenticated by certificate
266 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV]   machine AR identity '10.10.1.39' of type IPv4 address authenticated by unknown method
267 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Handshake'
268 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] received TNCCS batch (283 bytes)
269 6 Andreas Steffen
</pre>
270 6 Andreas Steffen
271 6 Andreas Steffen
<pre>
272 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] TNC server is handling inbound connection
273 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PB-TNC CDATA batch for Connection ID 1
274 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] PB-TNC state transition from 'Init' to 'Server Working'
275 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes)
276 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-Language-Preference message (31 bytes)
277 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-PA message (228 bytes)
278 6 Andreas Steffen
</pre>
279 6 Andreas Steffen
280 6 Andreas Steffen
<pre>
281 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] activating mutual PB-TNC half duplex protocol
282 6 Andreas Steffen
</pre>
283 6 Andreas Steffen
284 7 Andreas Steffen
<pre>
285 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] setting language preference to 'en'
286 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
287 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 1
288 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC message with ID 0x83cf019d
289 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
290 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
291 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
292 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
293 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
294 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
295 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
296 6 Andreas Steffen
</pre>
297 6 Andreas Steffen
298 20 Andreas Steffen
h3. Receiving OS Information
299 20 Andreas Steffen
300 6 Andreas Steffen
<pre>
301 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system name is 'Debian' from vendor Debian Project
302 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system version is '7.8 armv7l'
303 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] device ID is 565feb9e8462870dba884ce540a0768d68829873
304 6 Andreas Steffen
</pre>
305 6 Andreas Steffen
306 22 Andreas Steffen
h3. Starting Session with Policy Manager
307 22 Andreas Steffen
308 6 Andreas Steffen
<pre>
309 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] assigned session ID 3 to Connection ID 1
310 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: imv_policy_manager start successful
311 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: skipping enforcment 6
312 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] FWDEN workitem 13
313 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] FMETA workitem 14
314 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] PCKGS workitem 15
315 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] TCPOP workitem 16
316 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] UDPOP workitem 17
317 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] TPMRA workitem 18
318 6 Andreas Steffen
</pre>
319 6 Andreas Steffen
320 6 Andreas Steffen
<pre>
321 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001
322 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
323 6 Andreas Steffen
</pre>
324 6 Andreas Steffen
325 6 Andreas Steffen
<pre>
326 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC message with ID 0x42501f74
327 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
328 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
329 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
330 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
331 6 Andreas Steffen
</pre>
332 6 Andreas Steffen
333 6 Andreas Steffen
<pre>
334 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] TNC server is handling outbound connection
335 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
336 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-TNC SDATA batch
337 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding ITA-HSR/PB-Mutual-Capability message
338 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding IETF/PB-PA message
339 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 1
340 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
341 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ]
342 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes)
343 6 Andreas Steffen
</pre>
344 6 Andreas Steffen
345 6 Andreas Steffen
<pre>
346 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
347 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ]
348 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
349 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] received TNCCS batch (8 bytes)
350 21 Andreas Steffen
</pre>
351 21 Andreas Steffen
352 21 Andreas Steffen
h3. Assigning Connection to TNC Client
353 21 Andreas Steffen
354 21 Andreas Steffen
<pre>
355 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] assigned TNCCS Connection ID 2
356 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
357 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
358 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK certificate from '/etc/pts/aik4Cert.der'
359 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK Blob from '/etc/pts/aik4Blob.bin'
360 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
361 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
362 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Handshake'
363 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Handshake'
364 6 Andreas Steffen
</pre>
365 20 Andreas Steffen
366 20 Andreas Steffen
h3. Sending OS Information
367 6 Andreas Steffen
368 6 Andreas Steffen
<pre>
369 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] operating system numeric version is 7.8
370 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] last boot: Aug 15 07:56:45 UTC 2015, 17363 s ago
371 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IPv4 forwarding is disabled
372 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] factory default password is disabled
373 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] loaded device public key from '/etc/pts/aik4Pub.der'
374 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c
375 6 Andreas Steffen
</pre>
376 6 Andreas Steffen
377 6 Andreas Steffen
<pre>
378 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC message with ID 0x366c28ea
379 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
380 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
381 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
382 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
383 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
384 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
385 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
386 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
387 6 Andreas Steffen
</pre>
388 6 Andreas Steffen
389 6 Andreas Steffen
<pre>
390 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling inbound connection
391 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] processing PB-TNC SDATA batch for Connection ID 2
392 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Init' to 'Client Working'
393 9 Andreas Steffen
</pre>
394 9 Andreas Steffen
395 9 Andreas Steffen
<pre>
396 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling outbound connection
397 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
398 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-TNC CDATA batch
399 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-Language-Preference message
400 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-PA message
401 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] sending PB-TNC CDATA batch (267 bytes) for Connection ID 2
402 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
403 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ]
404 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes)
405 6 Andreas Steffen
</pre>
406 6 Andreas Steffen
407 6 Andreas Steffen
<pre>
408 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
409 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ]
410 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
411 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] received TNCCS batch (92 bytes)
412 6 Andreas Steffen
</pre>
413 6 Andreas Steffen
414 6 Andreas Steffen
<pre>
415 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling inbound connection
416 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PB-TNC CDATA batch for Connection ID 1
417 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
418 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing IETF/PB-PA message (84 bytes)
419 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
420 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
421 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC message with ID 0x1d5fa63a
422 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
423 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
424 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
425 6 Andreas Steffen
</pre>
426 6 Andreas Steffen
427 6 Andreas Steffen
<pre>
428 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001
429 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
430 6 Andreas Steffen
</pre>
431 6 Andreas Steffen
432 23 Andreas Steffen
h3. Receiving PTS Protocol Capabilities
433 23 Andreas Steffen
434 6 Andreas Steffen
<pre>
435 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[PTS] supported PTS protocol capabilities: .VDT.
436 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[PTS] selected PTS measurement algorithm is HASH_SHA1
437 6 Andreas Steffen
</pre>
438 6 Andreas Steffen
439 6 Andreas Steffen
<pre>
440 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles FMETA workitem 14
441 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 requests metadata for file '/etc/tnc_config'
442 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested
443 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles TPMRA workitem 18
444 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC message with ID 0xaff3c130
445 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
446 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
447 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
448 6 Andreas Steffen
</pre>
449 6 Andreas Steffen
450 6 Andreas Steffen
<pre>
451 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling outbound connection
452 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
453 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-TNC SDATA batch
454 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] adding IETF/PB-PA message
455 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 1
456 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
457 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TTLS ]
458 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
459 11 Andreas Steffen
</pre>
460 11 Andreas Steffen
461 11 Andreas Steffen
<pre>
462 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
463 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[ENC] parsed IKE_AUTH request 10 [ EAP/RES/TTLS ]
464 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
465 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] received TNCCS batch (92 bytes)
466 9 Andreas Steffen
</pre>
467 9 Andreas Steffen
468 9 Andreas Steffen
<pre>
469 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling inbound connection
470 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 2
471 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
472 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing IETF/PB-PA message (84 bytes)
473 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
474 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
475 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC message with ID 0x918da8fe
476 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
477 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
478 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
479 11 Andreas Steffen
</pre>
480 11 Andreas Steffen
481 11 Andreas Steffen
<pre>
482 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001
483 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IMC]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
484 11 Andreas Steffen
</pre>
485 11 Andreas Steffen
486 23 Andreas Steffen
h3. Sending PTS Protocol Capabilities
487 23 Andreas Steffen
488 11 Andreas Steffen
<pre>
489 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[PTS] supported PTS protocol capabilities: .VDT.
490 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[PTS] selected PTS measurement algorithm is HASH_SHA1
491 11 Andreas Steffen
</pre>
492 11 Andreas Steffen
493 11 Andreas Steffen
<pre>
494 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC message with ID 0xf94741eb
495 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
496 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
497 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
498 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
499 9 Andreas Steffen
</pre>
500 9 Andreas Steffen
501 9 Andreas Steffen
<pre>
502 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling outbound connection
503 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
504 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-TNC CDATA batch
505 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] adding IETF/PB-PA message
506 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 2
507 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
508 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[ENC] generating IKE_AUTH response 10 [ EAP/REQ/TTLS ]
509 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
510 11 Andreas Steffen
</pre>
511 11 Andreas Steffen
512 11 Andreas Steffen
<pre>
513 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes)
514 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[ENC] parsed IKE_AUTH request 11 [ EAP/RES/TTLS ]
515 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
516 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] received TNCCS batch (226 bytes)
517 9 Andreas Steffen
</pre>
518 9 Andreas Steffen
519 9 Andreas Steffen
<pre>
520 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling inbound connection
521 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 1
522 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
523 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing IETF/PB-PA message (218 bytes)
524 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
525 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
526 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC message with ID 0x5e3ee705
527 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
528 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
529 11 Andreas Steffen
</pre>
530 11 Andreas Steffen
531 11 Andreas Steffen
<pre>
532 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IMV] metadata request returned 1 file:
533 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IMV]  'tnc_config' (177 bytes) owner 0, group 0, type Regular
534 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IMV]     created Jun 05 20:02:25 2015, modified Jun 05 20:02:25 2015, accessed Jun 05 20:02:25 2015
535 11 Andreas Steffen
</pre>
536 11 Andreas Steffen
537 11 Andreas Steffen
<pre>
538 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected DH hash algorithm is HASH_SHA1
539 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected PTS DH group is ECP_256
540 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] nonce length is 20
541 11 Andreas Steffen
</pre>
542 11 Andreas Steffen
543 11 Andreas Steffen
<pre>
544 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] initiator nonce: => 20 bytes @ 0x1ab4f40
545 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15  ......m...@..._.
546 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: FB 4E 28 AD                                      .N(.
547 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] responder nonce: => 20 bytes @ 0x1aafba0
548 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0  =.r9:....0..."..
549 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: B6 D1 2A 01                                      ..*.
550 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] shared DH secret: => 32 bytes @ 0x1ab3078
551 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA  _....9........:.
552 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE  .#...........QP.
553 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] secret assessment value: => 20 bytes @ 0x1ab4f28
554 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C  ...p.x...y.]|..|
555 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: E0 E0 83 77                                      ...w
556 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC message with ID 0xd27d5b33
557 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
558 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
559 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
560 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
561 9 Andreas Steffen
</pre>
562 9 Andreas Steffen
563 9 Andreas Steffen
<pre>
564 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling outbound connection
565 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
566 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-TNC SDATA batch
567 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] adding IETF/PB-PA message
568 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 1
569 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
570 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[ENC] generating IKE_AUTH response 11 [ EAP/REQ/TTLS ]
571 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes)
572 11 Andreas Steffen
</pre>
573 11 Andreas Steffen
574 11 Andreas Steffen
<pre>
575 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
576 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[ENC] parsed IKE_AUTH request 12 [ EAP/RES/TTLS ]
577 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
578 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] received TNCCS batch (87 bytes)
579 9 Andreas Steffen
</pre>
580 9 Andreas Steffen
581 9 Andreas Steffen
<pre>
582 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling inbound connection
583 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 2
584 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
585 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing IETF/PB-PA message (79 bytes)
586 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
587 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
588 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC message with ID 0xda2a70e9
589 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
590 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
591 11 Andreas Steffen
</pre>
592 11 Andreas Steffen
593 11 Andreas Steffen
<pre>
594 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[IMC] metadata request for file '/etc/tnc_config'
595 11 Andreas Steffen
</pre>
596 11 Andreas Steffen
597 11 Andreas Steffen
<pre>
598 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[PTS] selected PTS DH group is ECP_256
599 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[PTS] nonce length is 20
600 11 Andreas Steffen
</pre>
601 12 Andreas Steffen
602 12 Andreas Steffen
<pre>
603 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC message with ID 0x676268aa
604 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
605 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
606 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
607 9 Andreas Steffen
</pre>
608 9 Andreas Steffen
609 9 Andreas Steffen
<pre>
610 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling outbound connection
611 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
612 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-TNC CDATA batch
613 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] adding IETF/PB-PA message
614 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 2
615 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
616 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[ENC] generating IKE_AUTH response 12 [ EAP/REQ/TTLS ]
617 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes)
618 11 Andreas Steffen
</pre>
619 11 Andreas Steffen
620 11 Andreas Steffen
<pre>
621 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes)
622 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[ENC] parsed IKE_AUTH request 13 [ EAP/RES/TTLS ]
623 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
624 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] received TNCCS batch (902 bytes)
625 9 Andreas Steffen
</pre>
626 9 Andreas Steffen
627 9 Andreas Steffen
<pre>
628 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling inbound connection
629 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1
630 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
631 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing IETF/PB-PA message (894 bytes)
632 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
633 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
634 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x641bcea1
635 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
636 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
637 11 Andreas Steffen
</pre>
638 11 Andreas Steffen
639 23 Andreas Steffen
h3. Receiving TPM Version Information
640 23 Andreas Steffen
641 11 Andreas Steffen
<pre>
642 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
643 11 Andreas Steffen
</pre>
644 11 Andreas Steffen
645 11 Andreas Steffen
<pre>
646 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] verifying AIK with keyid 56:5f:eb:9e:84:62:87:0d:ba:88:4c:e5:40:a0:76:8d:68:82:98:73
647 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK public key is trusted
648 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[CFG]   using trusted certificate "C=US, O=TNC Demo, CN=AIK CA"
649 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK certificate is trusted
650 11 Andreas Steffen
</pre>
651 11 Andreas Steffen
652 11 Andreas Steffen
<pre>
653 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] evidence request by
654 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[PTS]   ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
655 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0xed256fac
656 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
657 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
658 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
659 9 Andreas Steffen
</pre>
660 9 Andreas Steffen
661 9 Andreas Steffen
<pre>
662 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling outbound connection
663 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
664 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-TNC SDATA batch
665 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] adding IETF/PB-PA message
666 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 1
667 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
668 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[ENC] generating IKE_AUTH response 13 [ EAP/REQ/TTLS ]
669 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
670 11 Andreas Steffen
</pre>
671 11 Andreas Steffen
672 11 Andreas Steffen
<pre>
673 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes)
674 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[ENC] parsed IKE_AUTH request 14 [ EAP/RES/TTLS ]
675 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
676 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] received TNCCS batch (172 bytes)
677 9 Andreas Steffen
</pre>
678 9 Andreas Steffen
679 9 Andreas Steffen
<pre>
680 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling inbound connection
681 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PB-TNC SDATA batch for Connection ID 2
682 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
683 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing IETF/PB-PA message (164 bytes)
684 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
685 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
686 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC message with ID 0xe1b84e91
687 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
688 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
689 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
690 11 Andreas Steffen
</pre>
691 11 Andreas Steffen
692 11 Andreas Steffen
<pre>
693 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] selected DH hash algorithm is HASH_SHA1
694 11 Andreas Steffen
</pre>
695 11 Andreas Steffen
696 13 Andreas Steffen
<pre>
697 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] initiator nonce: => 20 bytes @ 0x1ab0dc0
698 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A  '.Q..f.T.W.I.*}:
699 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: F1 38 81 26                                      .8.&
700 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] responder nonce: => 20 bytes @ 0x1ab2e48
701 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71  .H.R...n_..+..&q
702 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: 49 73 01 42                                      Is.B
703 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] shared DH secret: => 32 bytes @ 0x1aac378
704 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11  ......"..5..pA{.
705 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1  .<.2.=..s2... ..
706 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] secret assessment value: => 20 bytes @ 0x1ab0d20
707 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F  .........Q...;..
708 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: 68 50 6C DE                                      hPl.
709 11 Andreas Steffen
</pre>
710 23 Andreas Steffen
711 23 Andreas Steffen
h3. Sending TPM Version Information
712 11 Andreas Steffen
713 11 Andreas Steffen
<pre>
714 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
715 11 Andreas Steffen
</pre>
716 11 Andreas Steffen
717 11 Andreas Steffen
<pre>
718 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC message with ID 0x951e0284
719 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
720 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
721 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
722 9 Andreas Steffen
</pre>
723 9 Andreas Steffen
724 9 Andreas Steffen
<pre>
725 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling outbound connection
726 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
727 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-TNC CDATA batch
728 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] adding IETF/PB-PA message
729 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 2
730 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
731 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[ENC] generating IKE_AUTH response 14 [ EAP/REQ/TTLS ]
732 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes)
733 14 Andreas Steffen
</pre>
734 14 Andreas Steffen
735 14 Andreas Steffen
<pre>
736 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
737 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 10[ENC] parsed IKE_AUTH request 15 [ EAP/RES/TTLS ]
738 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 10[ENC] generating IKE_AUTH response 15 [ EAP/REQ/TTLS ]
739 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
740 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
741 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 11[ENC] parsed IKE_AUTH request 16 [ EAP/RES/TTLS ]
742 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 11[ENC] generating IKE_AUTH response 16 [ EAP/REQ/TTLS ]
743 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
744 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
745 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 12[ENC] parsed IKE_AUTH request 17 [ EAP/RES/TTLS ]
746 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 12[ENC] generating IKE_AUTH response 17 [ EAP/REQ/TTLS ]
747 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
748 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
749 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 13[ENC] parsed IKE_AUTH request 18 [ EAP/RES/TTLS ]
750 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 13[ENC] generating IKE_AUTH response 18 [ EAP/REQ/TTLS ]
751 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
752 4 Andreas Steffen
...
753 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
754 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 07[ENC] parsed IKE_AUTH request 60 [ EAP/RES/TTLS ]
755 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 07[ENC] generating IKE_AUTH response 60 [ EAP/REQ/TTLS ]
756 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
757 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
758 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[ENC] parsed IKE_AUTH request 61 [ EAP/RES/TTLS ]
759 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
760 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] received TNCCS batch (47615 bytes)
761 9 Andreas Steffen
</pre>
762 9 Andreas Steffen
763 9 Andreas Steffen
<pre>
764 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] TNC server is handling inbound connection
765 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1
766 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
767 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing IETF/PB-PA message (47607 bytes)
768 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
769 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
770 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x2d059578
771 11 Andreas Steffen
</pre>
772 11 Andreas Steffen
773 15 Andreas Steffen
h3. Initiator Attestation Measurement Values
774 15 Andreas Steffen
775 11 Andreas Steffen
<pre>
776 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
777 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
778 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
779 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b
780 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:boot_aggregate'
781 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
782 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
783 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
784 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82
785 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/init'
786 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
787 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
788 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
789 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29
790 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/sh'
791 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
792 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
793 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
794 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e
795 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so'
796 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
797 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
798 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
799 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82
800 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/mkdir'
801 1 Andreas Steffen
...
802 2 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
803 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
804 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
805 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb
806 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/usr/sbin/service'
807 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
808 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
809 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
810 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce
811 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/cp'
812 16 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
813 11 Andreas Steffen
</pre>
814 11 Andreas Steffen
815 16 Andreas Steffen
h3. Verifying Initiator Measurements
816 16 Andreas Steffen
817 1 Andreas Steffen
<pre>
818 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] checking boot aggregate evidence measurement
819 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 for '/init' not found
820 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 for '/bin/sh' is ok
821 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e for '/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' is ok
822 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 for '/bin/mkdir' is ok
823 1 Andreas Steffen
...
824 3 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb for '/usr/sbin/service' is ok
825 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce for '/bin/cp' is ok
826 11 Andreas Steffen
</pre>
827 1 Andreas Steffen
828 16 Andreas Steffen
h3. Verifying Initiator TPM Quote Signature
829 16 Andreas Steffen
830 11 Andreas Steffen
<pre>
831 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite: => 29 bytes @ 0x1b27188
832 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]    0: 00 03 00 04 00 00 00 00 14 F7 5E 84 36 2B C2 83  ..........^.6+..
833 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]   16: 28 8E 90 7E B3 39 45 74 33 60 2E B7 8E           (..~.9Et3`...
834 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite hash: 58:f2:83:91:d6:a8:df:3d:3e:c6:33:c7:24:93:9f:9c:22:a2:01:20
835 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed TPM Quote Info: => 52 bytes @ 0x1b27e68
836 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]    0: 00 36 51 55 54 32 D8 9D 1E 70 CE 78 C3 13 F2 79  .6QUT2...p.x...y
837 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]   16: BA 5D 7C E5 05 7C E0 E0 83 77 00 03 00 04 00 01  .]|..|...w......
838 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]   32: 58 F2 83 91 D6 A8 DF 3D 3E C6 33 C7 24 93 9F 9C  X......=>.3.$...
839 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]   48: 22 A2 01 20                                      ".. 
840 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] received PCR Composite matches constructed one
841 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] TPM Quote Info signature verification successful
842 11 Andreas Steffen
</pre>
843 11 Andreas Steffen
844 11 Andreas Steffen
<pre>
845 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed
846 11 Andreas Steffen
</pre>
847 11 Andreas Steffen
848 11 Andreas Steffen
<pre>
849 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 handled TPMRA workitem 18: allow - processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed
850 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0x57254d62
851 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
852 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
853 19 Andreas Steffen
</pre>
854 19 Andreas Steffen
855 19 Andreas Steffen
h3. Sending Assessment Result
856 19 Andreas Steffen
857 19 Andreas Steffen
<pre>
858 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant'
859 9 Andreas Steffen
</pre>
860 9 Andreas Steffen
861 9 Andreas Steffen
<pre>
862 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] TNC server is handling outbound connection
863 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: recommendation for access requestor 10.10.1.39 is allow
864 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: imv_policy_manager stop successful
865 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Allowed'
866 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
867 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-TNC RESULT batch
868 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-PA message
869 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Assessment-Result message
870 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Access-Recommendation message
871 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
872 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
873 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[ENC] generating IKE_AUTH response 61 [ EAP/REQ/TTLS ]
874 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
875 11 Andreas Steffen
</pre>
876 11 Andreas Steffen
877 11 Andreas Steffen
<pre>
878 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
879 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[ENC] parsed IKE_AUTH request 62 [ EAP/RES/TTLS ]
880 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
881 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] received TNCCS batch (80 bytes)
882 9 Andreas Steffen
</pre>
883 9 Andreas Steffen
884 9 Andreas Steffen
<pre>
885 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] TNC client is handling inbound connection
886 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PB-TNC SDATA batch for Connection ID 2
887 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
888 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing IETF/PB-PA message (72 bytes)
889 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
890 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
891 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC message with ID 0xc8f4500b
892 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
893 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
894 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[IMC] evidence requested for 1 functional components
895 11 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
896 1 Andreas Steffen
</pre>
897 15 Andreas Steffen
898 16 Andreas Steffen
h3. Responder Attestation Measurement Values
899 11 Andreas Steffen
900 11 Andreas Steffen
<pre>
901 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (451 entries)
902 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
903 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
904 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b
905 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:boot_aggregate'
906 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
907 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
908 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82
909 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/init'
910 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
911 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
912 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29
913 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/sh'
914 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
915 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
916 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e
917 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so'
918 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
919 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
920 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82
921 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/mkdir'
922 4 Andreas Steffen
...
923 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
924 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
925 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2
926 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/bin/clear_console'
927 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
928 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
929 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33
930 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/libexec/ipsec/stroke'
931 1 Andreas Steffen
</pre>
932 16 Andreas Steffen
933 17 Andreas Steffen
h3. Generating Responder TPM Quote Signature
934 11 Andreas Steffen
935 11 Andreas Steffen
<pre>
936 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS] Hash of PCR Composite: c4:6a:f4:fa:82:39:a6:7a:80:fe:4e:d2:7e:a5:05:b3:1e:60:4f:ff
937 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Info: => 52 bytes @ 0x1ae0580
938 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]    0: 00 36 51 55 54 32 B2 E0 AB DF 89 C5 1D B2 A3 51  .6QUT2.........Q
939 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   16: FD A9 C8 3B F8 7F 68 50 6C DE 00 03 00 04 00 01  ...;..hPl.......
940 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   32: C4 6A F4 FA 82 39 A6 7A 80 FE 4E D2 7E A5 05 B3  .j...9.z..N.~...
941 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   48: 1E 60 4F FF                                      .`O.
942 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Signature: => 256 bytes @ 0x1ae0c00
943 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]    0: 6C 25 B7 58 F9 5C CA CA 86 6F 9A BD 24 2E 32 D9  l%.X.\...o..$.2.
944 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   16: 36 DD 4F DF 37 09 1E 60 56 45 0E B4 32 52 A2 6A  6.O.7..`VE..2R.j
945 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   32: B4 A5 27 59 79 25 F2 DC A1 05 14 5C 0C 71 DD DC  ..'Yy%.....\.q..
946 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   48: 96 31 9C 69 DD 60 AC 51 70 95 47 48 62 FF 40 DC  .1.i.`.Qp.GHb.@.
947 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   64: FF FF C3 55 5D 1C DF E2 D6 4B 8E 4F BF 0A 47 CC  ...U]....K.O..G.
948 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   80: 1E C5 42 7D 3B 39 C4 4D 6A A0 A4 CD 3E E3 E6 C6  ..B};9.Mj...>...
949 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   96: A1 DB F1 AF F3 2B 48 0D 74 60 A3 B3 E3 43 5E 22  .....+H.t`...C^"
950 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  112: 99 EC 5B 23 FD 57 D4 1F 97 32 28 DC 4A 38 36 15  ..[#.W...2(.J86.
951 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  128: 75 57 53 18 21 29 5C CD 8F C6 66 60 70 7C 47 0F  uWS.!)\...f`p|G.
952 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  144: 9B 7B FE BA 29 80 0C 87 11 41 81 95 6D 74 6B FA  .{..)....A..mtk.
953 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  160: 4D 5F F7 23 C4 60 D2 2A C2 16 08 EA AF 59 CC D2  M_.#.`.*.....Y..
954 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  176: 18 EC 20 18 5B 1D 42 72 E1 C8 33 02 A1 37 ED EA  .. .[.Br..3..7..
955 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  192: B8 CD CA 2B 83 D3 B2 77 1C 45 2D C7 36 FA E6 88  ...+...w.E-.6...
956 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  208: 93 C3 BE D9 26 31 A5 59 3D 20 24 B1 0F F3 04 5C  ....&1.Y= $....\
957 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  224: 93 FA 8C 09 3E C3 FF E0 A1 EB 03 58 0B AB 08 89  ....>......X....
958 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  240: BA A4 22 ED AB D6 BA 7C 65 8D B6 75 5C 7C 67 28  .."....|e..u\|g(
959 18 Andreas Steffen
</pre>
960 18 Andreas Steffen
961 18 Andreas Steffen
<pre>
962 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC message with ID 0xed64f7ab
963 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
964 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
965 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
966 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
967 5 Andreas Steffen
...
968 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
969 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
970 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
971 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
972 9 Andreas Steffen
</pre>
973 9 Andreas Steffen
974 9 Andreas Steffen
<pre>
975 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] TNC client is handling outbound connection
976 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
977 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-TNC CDATA batch
978 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] adding IETF/PB-PA message
979 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] sending PB-TNC CDATA batch (49524 bytes) for Connection ID 2
980 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
981 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[ENC] generating IKE_AUTH response 62 [ EAP/REQ/TTLS ]
982 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
983 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
984 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 11[ENC] parsed IKE_AUTH request 63 [ EAP/RES/TTLS ]
985 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 11[ENC] generating IKE_AUTH response 63 [ EAP/REQ/TTLS ]
986 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
987 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
988 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 12[ENC] parsed IKE_AUTH request 64 [ EAP/RES/TTLS ]
989 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 12[ENC] generating IKE_AUTH response 64 [ EAP/REQ/TTLS ]
990 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
991 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
992 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 13[ENC] parsed IKE_AUTH request 65 [ EAP/RES/TTLS ]
993 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 13[ENC] generating IKE_AUTH response 65 [ EAP/REQ/TTLS ]
994 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
995 5 Andreas Steffen
...
996 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
997 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 08[ENC] parsed IKE_AUTH request 109 [ EAP/RES/TTLS ]
998 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 08[ENC] generating IKE_AUTH response 109 [ EAP/REQ/TTLS ]
999 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
1000 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
1001 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 10[ENC] parsed IKE_AUTH request 110 [ EAP/RES/TTLS ]
1002 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 10[ENC] generating IKE_AUTH response 110 [ EAP/REQ/TTLS ]
1003 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1040 bytes)
1004 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
1005 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[ENC] parsed IKE_AUTH request 111 [ EAP/RES/TTLS ]
1006 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
1007 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] received TNCCS batch (88 bytes)
1008 9 Andreas Steffen
</pre>
1009 9 Andreas Steffen
1010 9 Andreas Steffen
<pre>
1011 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling inbound connection
1012 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PB-TNC RESULT batch for Connection ID 2
1013 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
1014 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-PA message (48 bytes)
1015 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Assessment-Result message (16 bytes)
1016 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Access-Recommendation message (16 bytes)
1017 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
1018 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
1019 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC message with ID 0x4077e3ed
1020 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
1021 11 Andreas Steffen
</pre>
1022 19 Andreas Steffen
1023 19 Andreas Steffen
h3. Receiving Assessment Result
1024 11 Andreas Steffen
1025 11 Andreas Steffen
<pre>
1026 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 *****
1027 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] assessment result is 'compliant'
1028 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** end of assessment *****
1029 11 Andreas Steffen
</pre>
1030 11 Andreas Steffen
1031 11 Andreas Steffen
<pre>
1032 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC assessment result is 'compliant'
1033 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC access recommendation is 'Access Allowed'
1034 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Allowed'
1035 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Allowed'
1036 9 Andreas Steffen
</pre>
1037 9 Andreas Steffen
1038 9 Andreas Steffen
<pre>
1039 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling outbound connection
1040 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End'
1041 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] creating PB-TNC CLOSE batch
1042 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 2
1043 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
1044 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[ENC] generating IKE_AUTH response 111 [ EAP/REQ/TTLS ]
1045 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
1046 11 Andreas Steffen
</pre>
1047 11 Andreas Steffen
1048 11 Andreas Steffen
<pre>
1049 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
1050 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[ENC] parsed IKE_AUTH request 112 [ EAP/RES/TTLS ]
1051 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
1052 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] received TNCCS batch (8 bytes)
1053 9 Andreas Steffen
</pre>
1054 9 Andreas Steffen
1055 9 Andreas Steffen
<pre>
1056 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] TNC server is handling inbound connection
1057 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] processing PB-TNC CLOSE batch for Connection ID 1
1058 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] PB-TNC state transition from 'Decided' to 'End'
1059 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] final recommendation is 'allow' and evaluation is 'compliant'
1060 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforced on peer 'raspi3.example.com' is 'allow'
1061 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforcement point added group membership 'allow'
1062 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP_TTLS phase2 authentication of 'raspi3.example.com' with EAP_PT_EAP successful
1063 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IMV] IMV 1 "Attestation" deleted the state of Connection ID 1
1064 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 1
1065 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 1 "OS" deleted the state of Connection ID 2
1066 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 2 "Attestation" deleted the state of Connection ID 2
1067 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 2
1068 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP method EAP_TTLS succeeded, MSK established
1069 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[ENC] generating IKE_AUTH response 112 [ EAP/SUCC ]
1070 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
1071 11 Andreas Steffen
</pre>
1072 11 Andreas Steffen
1073 11 Andreas Steffen
<pre>
1074 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (112 bytes)
1075 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[ENC] parsed IKE_AUTH request 113 [ AUTH ]
1076 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi3.example.com' with EAP successful
1077 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi4.example.com' (myself) with EAP
1078 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] IKE_SA peer[1] established between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
1079 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] scheduling reauthentication in 10143s
1080 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] maximum IKE_SA lifetime 10683s
1081 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] CHILD_SA peer{1} established with SPIs ce21eedf_i c12c1aae_o and TS 10.10.1.40/32 === 10.10.1.39/32 
1082 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[ENC] generating IKE_AUTH response 113 [ AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
1083 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (240 bytes)
1084 10 Andreas Steffen
</pre>
1085 10 Andreas Steffen
1086 10 Andreas Steffen
h2. Terminating the IPsec Connection
1087 10 Andreas Steffen
1088 10 Andreas Steffen
<pre>
1089 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
1090 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[ENC] parsed INFORMATIONAL request 114 [ D ]
1091 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[IKE] received DELETE for IKE_SA peer[1]
1092 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[IKE] deleting IKE_SA peer[1] between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
1093 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[IKE] IKE_SA deleted
1094 1 Andreas Steffen
Aug 15 14:49:05 raspi4 charon: 05[ENC] generating INFORMATIONAL response 114 [ ]
1095 1 Andreas Steffen
Aug 15 14:49:05 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
1096 10 Andreas Steffen
</pre>
1097 10 Andreas Steffen
1098 10 Andreas Steffen
h2. Stopping the IKEv2 Daemon
1099 10 Andreas Steffen
1100 10 Andreas Steffen
<pre>
1101 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[DMN] signal of type SIGINT received. Shutting down
1102 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 2 "Attestation" terminated
1103 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 1 "OS" terminated
1104 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[IMV] IMV 1 "Attestation" terminated
1105 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[PTS] removed TCG functional component namespace
1106 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[PTS] removed ITA-HSR functional component namespace
1107 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[TNC] removed IETF attributes
1108 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[TNC] removed ITA-HSR attributes
1109 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[TNC] removed TCG attributes
1110 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[LIB] libimcv terminated
1111 1 Andreas Steffen
</pre>