Project

General

Profile

Raspi 4 - Responding IoT Device » History » Version 24

Andreas Steffen, 16.08.2015 10:16

1 4 Andreas Steffen
{{>toc}}
2 4 Andreas Steffen
3 1 Andreas Steffen
h1. Raspi 4 - Responding IoT Device
4 1 Andreas Steffen
5 6 Andreas Steffen
h2. Configuration Files
6 6 Andreas Steffen
7 1 Andreas Steffen
strongSwan IPsec configuration file */etc/ipsec.conf*
8 1 Andreas Steffen
<pre>
9 1 Andreas Steffen
config setup
10 1 Andreas Steffen
     charondebug="tnc 2, imc 2, imv 2, pts 3"
11 1 Andreas Steffen
12 1 Andreas Steffen
conn %default
13 1 Andreas Steffen
     ike=aes128-sha256-ecp256!
14 1 Andreas Steffen
     esp=aes128-sha256-ecp256!
15 1 Andreas Steffen
     keyexchange=ikev2
16 1 Andreas Steffen
17 1 Andreas Steffen
conn peer
18 1 Andreas Steffen
     left=10.10.1.40
19 1 Andreas Steffen
     leftauth=eap-ttls
20 1 Andreas Steffen
     leftcert=raspi4Cert.pem
21 1 Andreas Steffen
     leftid=raspi4.example.com
22 1 Andreas Steffen
     leftfirewall=yes
23 1 Andreas Steffen
     right=10.10.1.39
24 1 Andreas Steffen
     rightauth=eap-ttls
25 1 Andreas Steffen
     rightid=raspi3.example.com
26 1 Andreas Steffen
     type=transport
27 1 Andreas Steffen
     auto=add
28 1 Andreas Steffen
</pre>
29 1 Andreas Steffen
30 1 Andreas Steffen
strongSwan IPsec secrets file */etc/ipsec.secrets*
31 1 Andreas Steffen
<pre>
32 1 Andreas Steffen
: RSA raspi4Key.pem
33 1 Andreas Steffen
</pre>
34 1 Andreas Steffen
35 1 Andreas Steffen
strongSwan configuration file */etc/strongswan.conf*
36 1 Andreas Steffen
<pre>
37 1 Andreas Steffen
charon {
38 1 Andreas Steffen
  load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
39 1 Andreas Steffen
40 1 Andreas Steffen
  half_open_timeout = 90
41 1 Andreas Steffen
42 1 Andreas Steffen
  plugins {
43 1 Andreas Steffen
    eap-ttls
44 1 Andreas Steffen
    {
45 1 Andreas Steffen
      max_message_count = 0
46 1 Andreas Steffen
      request_peer_auth = yes
47 1 Andreas Steffen
      phase2_piggyback = yes
48 1 Andreas Steffen
      phase2_tnc = yes
49 1 Andreas Steffen
    }
50 1 Andreas Steffen
    eap-tnc {
51 1 Andreas Steffen
      max_message_count = 0
52 1 Andreas Steffen
    }
53 1 Andreas Steffen
    tnccs-20 {
54 1 Andreas Steffen
      mutual = yes
55 1 Andreas Steffen
    }
56 1 Andreas Steffen
  }
57 1 Andreas Steffen
}
58 1 Andreas Steffen
59 1 Andreas Steffen
libimcv {
60 1 Andreas Steffen
  database = sqlite:///etc/pts/config.db
61 1 Andreas Steffen
  policy_script = ipsec imv_policy_manager
62 1 Andreas Steffen
63 1 Andreas Steffen
  plugins {
64 1 Andreas Steffen
    imc-os {
65 1 Andreas Steffen
      device_pubkey = /etc/pts/aik4Pub.der
66 1 Andreas Steffen
    }
67 1 Andreas Steffen
    imc-attestation {
68 1 Andreas Steffen
      aik_blob = /etc/pts/aik4Blob.bin
69 1 Andreas Steffen
      aik_cert = /etc/pts/aik4Cert.der
70 1 Andreas Steffen
    }
71 1 Andreas Steffen
    imv-attestation {
72 1 Andreas Steffen
      cadir = /etc/pts/cacerts
73 1 Andreas Steffen
      hash_algorithm = sha1
74 1 Andreas Steffen
    }
75 1 Andreas Steffen
  }
76 1 Andreas Steffen
}
77 1 Andreas Steffen
78 1 Andreas Steffen
libtls {
79 1 Andreas Steffen
  suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
80 1 Andreas Steffen
}
81 1 Andreas Steffen
82 1 Andreas Steffen
pt-tls-client {
83 1 Andreas Steffen
  load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl 
84 1 Andreas Steffen
}
85 1 Andreas Steffen
86 1 Andreas Steffen
attest {
87 1 Andreas Steffen
  database=sqlite:///etc/pts/config.db
88 1 Andreas Steffen
}
89 1 Andreas Steffen
</pre>
90 1 Andreas Steffen
91 6 Andreas Steffen
h2. Starting the IKEv2 Daemon
92 6 Andreas Steffen
93 6 Andreas Steffen
First the IKEv2 charon daemon is started in the background
94 1 Andreas Steffen
<pre>
95 6 Andreas Steffen
raspi4# ipsec start
96 6 Andreas Steffen
</pre>
97 6 Andreas Steffen
98 6 Andreas Steffen
<pre>
99 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l)
100 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] TNC recommendation policy is 'default'
101 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMVs from '/etc/tnc_config'
102 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] added IETF attributes
103 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] added ITA-HSR attributes
104 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] added TCG attributes
105 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added TCG functional component namespace
106 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component namespace
107 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'
108 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'
109 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'
110 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[LIB] libimcv initialized
111 6 Andreas Steffen
</pre>
112 6 Andreas Steffen
113 6 Andreas Steffen
Loading Attestation IMV
114 6 Andreas Steffen
<pre>
115 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMV] IMV 1 "Attestation" initialized
116 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts'
117 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem'
118 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[openssl] available
119 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
120 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
121 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_2048[openssl] available
122 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1536[openssl] available
123 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1024[openssl] available
124 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
125 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
126 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001
127 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so'
128 6 Andreas Steffen
</pre>
129 6 Andreas Steffen
130 6 Andreas Steffen
Loading OS IMC
131 6 Andreas Steffen
<pre>
132 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMCs from '/etc/tnc_config'
133 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 1 "OS" initialized
134 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] processing "/etc/debian_version" file
135 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system name is 'Debian'
136 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system version is '7.8 armv7l'
137 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
138 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so'
139 6 Andreas Steffen
</pre>
140 6 Andreas Steffen
141 6 Andreas Steffen
Loading Attestation IMC
142 6 Andreas Steffen
<pre>
143 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 2 "Attestation" initialized
144 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[openssl] available
145 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
146 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
147 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_2048[openssl] available
148 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1536[openssl] available
149 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group MODP_1024[openssl] available
150 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
151 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
152 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001
153 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'
154 6 Andreas Steffen
</pre>
155 6 Andreas Steffen
156 6 Andreas Steffen
Initializing IKE daemon
157 6 Andreas Steffen
<pre>
158 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
159 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG]   loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem'
160 6 Andreas Steffen
'/etc/ipsec.d/cacerts/MSE_CA_Cert.pem'
161 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
162 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
163 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
164 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
165 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
166 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/raspi4Key.pem'
167 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
168 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 00[JOB] spawning 16 worker threads
169 6 Andreas Steffen
</pre>
170 6 Andreas Steffen
171 6 Andreas Steffen
Loading *peer* IPsec connection
172 6 Andreas Steffen
<pre>
173 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 06[CFG] received stroke: add connection 'peer'
174 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 06[CFG]   loaded certificate "C=US, O=TNC Demo, CN=raspi4.example.com" from 'raspi4Cert.pem'
175 1 Andreas Steffen
Aug 15 14:45:49 raspi4 charon: 06[CFG] added configuration 'peer'
176 6 Andreas Steffen
</pre>
177 6 Andreas Steffen
178 6 Andreas Steffen
h2. Responding to IPsec Connection Setup
179 6 Andreas Steffen
180 6 Andreas Steffen
<pre>
181 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[NET] received packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes)
182 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
183 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[IKE] 10.10.1.39 is initiating an IKE_SA
184 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
185 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
186 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes)
187 6 Andreas Steffen
</pre>
188 6 Andreas Steffen
189 6 Andreas Steffen
<pre>
190 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes)
191 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
192 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
193 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[CFG] looking for peer configs matching 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
194 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[CFG] selected peer config 'peer'
195 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[IKE] initiating EAP_TTLS method (id 0xDB)
196 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[IKE] peer supports MOBIKE
197 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[ENC] generating IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]
198 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes)
199 6 Andreas Steffen
</pre>
200 6 Andreas Steffen
201 6 Andreas Steffen
<pre>
202 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes)
203 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TTLS ]
204 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
205 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com'
206 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
207 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA'
208 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TTLS ]
209 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
210 6 Andreas Steffen
</pre>
211 6 Andreas Steffen
212 6 Andreas Steffen
<pre>
213 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
214 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 10[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TTLS ]
215 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 10[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TTLS ]
216 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes)
217 6 Andreas Steffen
</pre>
218 6 Andreas Steffen
219 6 Andreas Steffen
<pre>
220 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
221 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 11[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TTLS ]
222 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 11[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TTLS ]
223 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
224 6 Andreas Steffen
</pre>
225 6 Andreas Steffen
226 6 Andreas Steffen
<pre>
227 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes)
228 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TTLS ]
229 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[TLS] received TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com'
230 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG]   using certificate "C=US, O=TNC Demo, CN=raspi3.example.com"
231 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG]   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
232 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi3.example.com"
233 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG] certificate status is not available
234 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[CFG]   reached self-signed root ca with a path length of 0
235 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/ID]
236 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TTLS ]
237 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
238 6 Andreas Steffen
</pre>
239 6 Andreas Steffen
240 6 Andreas Steffen
<pre>
241 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes)
242 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TTLS ]
243 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/RES/ID]
244 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[IKE] received EAP identity 'raspi3.example.com'
245 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[IKE] phase2 method EAP_PT_EAP selected
246 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
247 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TTLS ]
248 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
249 6 Andreas Steffen
</pre>
250 6 Andreas Steffen
251 6 Andreas Steffen
<pre>
252 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes)
253 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ]
254 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
255 6 Andreas Steffen
</pre>
256 6 Andreas Steffen
257 10 Andreas Steffen
h2. Start of Mutual Attestation
258 10 Andreas Steffen
259 21 Andreas Steffen
h3. Assigning Connection to TNC Server
260 21 Andreas Steffen
261 6 Andreas Steffen
<pre>
262 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] assigned TNCCS Connection ID 1
263 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
264 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
265 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV]   user AR identity 'raspi3.example.com' of type username authenticated by certificate
266 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV]   machine AR identity '10.10.1.39' of type IPv4 address authenticated by unknown method
267 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Handshake'
268 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] received TNCCS batch (283 bytes)
269 6 Andreas Steffen
</pre>
270 6 Andreas Steffen
271 6 Andreas Steffen
<pre>
272 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] TNC server is handling inbound connection
273 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PB-TNC CDATA batch for Connection ID 1
274 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] PB-TNC state transition from 'Init' to 'Server Working'
275 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes)
276 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-Language-Preference message (31 bytes)
277 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-PA message (228 bytes)
278 6 Andreas Steffen
</pre>
279 6 Andreas Steffen
280 6 Andreas Steffen
<pre>
281 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] activating mutual PB-TNC half duplex protocol
282 6 Andreas Steffen
</pre>
283 6 Andreas Steffen
284 7 Andreas Steffen
<pre>
285 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] setting language preference to 'en'
286 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
287 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 1
288 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC message with ID 0x83cf019d
289 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
290 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
291 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
292 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
293 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
294 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
295 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
296 6 Andreas Steffen
</pre>
297 6 Andreas Steffen
298 20 Andreas Steffen
h3. Receiving OS Information
299 20 Andreas Steffen
300 6 Andreas Steffen
<pre>
301 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system name is 'Debian' from vendor Debian Project
302 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system version is '7.8 armv7l'
303 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] device ID is 565feb9e8462870dba884ce540a0768d68829873
304 6 Andreas Steffen
</pre>
305 6 Andreas Steffen
306 22 Andreas Steffen
h3. Starting Session with Policy Manager
307 22 Andreas Steffen
308 6 Andreas Steffen
<pre>
309 1 Andreas Steffen
Aug 15 14:46:05 raspi4 charon: 14[IMV] assigned session ID 3 to Connection ID 1
310 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: imv_policy_manager start successful
311 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: skipping enforcment 6
312 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] FWDEN workitem 13
313 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] FMETA workitem 14
314 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] PCKGS workitem 15
315 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] TCPOP workitem 16
316 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] UDPOP workitem 17
317 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] TPMRA workitem 18
318 6 Andreas Steffen
</pre>
319 6 Andreas Steffen
320 6 Andreas Steffen
<pre>
321 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001
322 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
323 6 Andreas Steffen
</pre>
324 6 Andreas Steffen
325 6 Andreas Steffen
<pre>
326 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC message with ID 0x42501f74
327 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
328 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
329 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
330 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
331 6 Andreas Steffen
</pre>
332 6 Andreas Steffen
333 6 Andreas Steffen
<pre>
334 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] TNC server is handling outbound connection
335 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
336 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-TNC SDATA batch
337 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding ITA-HSR/PB-Mutual-Capability message
338 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding IETF/PB-PA message
339 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 1
340 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
341 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ]
342 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes)
343 6 Andreas Steffen
</pre>
344 6 Andreas Steffen
345 6 Andreas Steffen
<pre>
346 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
347 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ]
348 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
349 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] received TNCCS batch (8 bytes)
350 21 Andreas Steffen
</pre>
351 21 Andreas Steffen
352 21 Andreas Steffen
h3. Assigning Connection to TNC Client
353 21 Andreas Steffen
354 21 Andreas Steffen
<pre>
355 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] assigned TNCCS Connection ID 2
356 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
357 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
358 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK certificate from '/etc/pts/aik4Cert.der'
359 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK Blob from '/etc/pts/aik4Blob.bin'
360 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
361 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
362 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Handshake'
363 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Handshake'
364 6 Andreas Steffen
</pre>
365 20 Andreas Steffen
366 20 Andreas Steffen
h3. Sending OS Information
367 6 Andreas Steffen
368 6 Andreas Steffen
<pre>
369 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] operating system numeric version is 7.8
370 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] last boot: Aug 15 07:56:45 UTC 2015, 17363 s ago
371 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] IPv4 forwarding is disabled
372 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] factory default password is disabled
373 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] loaded device public key from '/etc/pts/aik4Pub.der'
374 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IMC] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c
375 6 Andreas Steffen
</pre>
376 6 Andreas Steffen
377 6 Andreas Steffen
<pre>
378 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC message with ID 0x366c28ea
379 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
380 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
381 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
382 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
383 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
384 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
385 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
386 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
387 6 Andreas Steffen
</pre>
388 6 Andreas Steffen
389 6 Andreas Steffen
<pre>
390 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling inbound connection
391 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] processing PB-TNC SDATA batch for Connection ID 2
392 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Init' to 'Client Working'
393 9 Andreas Steffen
</pre>
394 9 Andreas Steffen
395 9 Andreas Steffen
<pre>
396 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling outbound connection
397 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
398 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-TNC CDATA batch
399 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-Language-Preference message
400 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-PA message
401 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[TNC] sending PB-TNC CDATA batch (267 bytes) for Connection ID 2
402 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
403 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ]
404 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes)
405 6 Andreas Steffen
</pre>
406 6 Andreas Steffen
407 6 Andreas Steffen
<pre>
408 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
409 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ]
410 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
411 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] received TNCCS batch (92 bytes)
412 6 Andreas Steffen
</pre>
413 6 Andreas Steffen
414 6 Andreas Steffen
<pre>
415 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling inbound connection
416 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PB-TNC CDATA batch for Connection ID 1
417 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
418 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing IETF/PB-PA message (84 bytes)
419 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
420 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
421 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC message with ID 0x1d5fa63a
422 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
423 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
424 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
425 6 Andreas Steffen
</pre>
426 6 Andreas Steffen
427 6 Andreas Steffen
<pre>
428 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001
429 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
430 6 Andreas Steffen
</pre>
431 6 Andreas Steffen
432 23 Andreas Steffen
h3. Receiving PTS Protocol Capabilities
433 23 Andreas Steffen
434 6 Andreas Steffen
<pre>
435 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[PTS] supported PTS protocol capabilities: .VDT.
436 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[PTS] selected PTS measurement algorithm is HASH_SHA1
437 6 Andreas Steffen
</pre>
438 6 Andreas Steffen
439 6 Andreas Steffen
<pre>
440 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles FMETA workitem 14
441 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 requests metadata for file '/etc/tnc_config'
442 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested
443 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles TPMRA workitem 18
444 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC message with ID 0xaff3c130
445 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
446 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
447 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
448 6 Andreas Steffen
</pre>
449 6 Andreas Steffen
450 6 Andreas Steffen
<pre>
451 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling outbound connection
452 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
453 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-TNC SDATA batch
454 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] adding IETF/PB-PA message
455 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 1
456 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
457 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TTLS ]
458 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
459 11 Andreas Steffen
</pre>
460 11 Andreas Steffen
461 11 Andreas Steffen
<pre>
462 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
463 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[ENC] parsed IKE_AUTH request 10 [ EAP/RES/TTLS ]
464 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
465 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] received TNCCS batch (92 bytes)
466 9 Andreas Steffen
</pre>
467 9 Andreas Steffen
468 9 Andreas Steffen
<pre>
469 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling inbound connection
470 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 2
471 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
472 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing IETF/PB-PA message (84 bytes)
473 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
474 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
475 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC message with ID 0x918da8fe
476 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
477 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
478 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
479 11 Andreas Steffen
</pre>
480 11 Andreas Steffen
481 11 Andreas Steffen
<pre>
482 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001
483 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IMC]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
484 11 Andreas Steffen
</pre>
485 11 Andreas Steffen
486 23 Andreas Steffen
h3. Sending PTS Protocol Capabilities
487 23 Andreas Steffen
488 11 Andreas Steffen
<pre>
489 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[PTS] supported PTS protocol capabilities: .VDT.
490 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[PTS] selected PTS measurement algorithm is HASH_SHA1
491 11 Andreas Steffen
</pre>
492 11 Andreas Steffen
493 11 Andreas Steffen
<pre>
494 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC message with ID 0xf94741eb
495 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
496 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
497 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
498 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
499 9 Andreas Steffen
</pre>
500 9 Andreas Steffen
501 9 Andreas Steffen
<pre>
502 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling outbound connection
503 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
504 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-TNC CDATA batch
505 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] adding IETF/PB-PA message
506 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 2
507 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
508 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[ENC] generating IKE_AUTH response 10 [ EAP/REQ/TTLS ]
509 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
510 11 Andreas Steffen
</pre>
511 11 Andreas Steffen
512 11 Andreas Steffen
<pre>
513 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes)
514 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[ENC] parsed IKE_AUTH request 11 [ EAP/RES/TTLS ]
515 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
516 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] received TNCCS batch (226 bytes)
517 9 Andreas Steffen
</pre>
518 9 Andreas Steffen
519 9 Andreas Steffen
<pre>
520 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling inbound connection
521 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 1
522 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
523 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing IETF/PB-PA message (218 bytes)
524 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
525 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
526 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC message with ID 0x5e3ee705
527 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
528 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
529 11 Andreas Steffen
</pre>
530 11 Andreas Steffen
531 11 Andreas Steffen
<pre>
532 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IMV] metadata request returned 1 file:
533 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IMV]  'tnc_config' (177 bytes) owner 0, group 0, type Regular
534 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IMV]     created Jun 05 20:02:25 2015, modified Jun 05 20:02:25 2015, accessed Jun 05 20:02:25 2015
535 11 Andreas Steffen
</pre>
536 11 Andreas Steffen
537 11 Andreas Steffen
<pre>
538 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected DH hash algorithm is HASH_SHA1
539 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected PTS DH group is ECP_256
540 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] nonce length is 20
541 11 Andreas Steffen
</pre>
542 11 Andreas Steffen
543 11 Andreas Steffen
<pre>
544 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] initiator nonce: => 20 bytes @ 0x1ab4f40
545 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15  ......m...@..._.
546 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: FB 4E 28 AD                                      .N(.
547 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] responder nonce: => 20 bytes @ 0x1aafba0
548 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0  =.r9:....0..."..
549 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: B6 D1 2A 01                                      ..*.
550 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] shared DH secret: => 32 bytes @ 0x1ab3078
551 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA  _....9........:.
552 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE  .#...........QP.
553 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS] secret assessment value: => 20 bytes @ 0x1ab4f28
554 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]    0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C  ...p.x...y.]|..|
555 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[PTS]   16: E0 E0 83 77                                      ...w
556 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC message with ID 0xd27d5b33
557 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
558 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
559 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
560 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
561 9 Andreas Steffen
</pre>
562 9 Andreas Steffen
563 9 Andreas Steffen
<pre>
564 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling outbound connection
565 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
566 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-TNC SDATA batch
567 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] adding IETF/PB-PA message
568 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 1
569 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
570 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[ENC] generating IKE_AUTH response 11 [ EAP/REQ/TTLS ]
571 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes)
572 11 Andreas Steffen
</pre>
573 11 Andreas Steffen
574 11 Andreas Steffen
<pre>
575 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
576 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[ENC] parsed IKE_AUTH request 12 [ EAP/RES/TTLS ]
577 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
578 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] received TNCCS batch (87 bytes)
579 9 Andreas Steffen
</pre>
580 9 Andreas Steffen
581 9 Andreas Steffen
<pre>
582 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling inbound connection
583 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 2
584 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
585 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing IETF/PB-PA message (79 bytes)
586 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
587 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
588 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC message with ID 0xda2a70e9
589 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
590 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
591 11 Andreas Steffen
</pre>
592 11 Andreas Steffen
593 11 Andreas Steffen
<pre>
594 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[IMC] metadata request for file '/etc/tnc_config'
595 11 Andreas Steffen
</pre>
596 11 Andreas Steffen
597 11 Andreas Steffen
<pre>
598 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[PTS] selected PTS DH group is ECP_256
599 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[PTS] nonce length is 20
600 11 Andreas Steffen
</pre>
601 12 Andreas Steffen
602 12 Andreas Steffen
<pre>
603 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC message with ID 0x676268aa
604 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
605 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
606 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
607 9 Andreas Steffen
</pre>
608 9 Andreas Steffen
609 9 Andreas Steffen
<pre>
610 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling outbound connection
611 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
612 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-TNC CDATA batch
613 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] adding IETF/PB-PA message
614 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 2
615 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
616 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[ENC] generating IKE_AUTH response 12 [ EAP/REQ/TTLS ]
617 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes)
618 11 Andreas Steffen
</pre>
619 11 Andreas Steffen
620 11 Andreas Steffen
<pre>
621 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes)
622 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[ENC] parsed IKE_AUTH request 13 [ EAP/RES/TTLS ]
623 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
624 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] received TNCCS batch (902 bytes)
625 9 Andreas Steffen
</pre>
626 9 Andreas Steffen
627 9 Andreas Steffen
<pre>
628 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling inbound connection
629 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1
630 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
631 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing IETF/PB-PA message (894 bytes)
632 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
633 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
634 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x641bcea1
635 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
636 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
637 11 Andreas Steffen
</pre>
638 11 Andreas Steffen
639 23 Andreas Steffen
h3. Receiving TPM Version Information
640 23 Andreas Steffen
641 11 Andreas Steffen
<pre>
642 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
643 11 Andreas Steffen
</pre>
644 11 Andreas Steffen
645 11 Andreas Steffen
<pre>
646 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] verifying AIK with keyid 56:5f:eb:9e:84:62:87:0d:ba:88:4c:e5:40:a0:76:8d:68:82:98:73
647 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK public key is trusted
648 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[CFG]   using trusted certificate "C=US, O=TNC Demo, CN=AIK CA"
649 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK certificate is trusted
650 11 Andreas Steffen
</pre>
651 11 Andreas Steffen
652 11 Andreas Steffen
<pre>
653 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IMV] evidence request by
654 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[PTS]   ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
655 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0xed256fac
656 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
657 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
658 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
659 9 Andreas Steffen
</pre>
660 9 Andreas Steffen
661 9 Andreas Steffen
<pre>
662 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling outbound connection
663 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
664 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-TNC SDATA batch
665 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] adding IETF/PB-PA message
666 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 1
667 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
668 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[ENC] generating IKE_AUTH response 13 [ EAP/REQ/TTLS ]
669 1 Andreas Steffen
Aug 15 14:46:08 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
670 11 Andreas Steffen
</pre>
671 11 Andreas Steffen
672 11 Andreas Steffen
<pre>
673 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes)
674 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[ENC] parsed IKE_AUTH request 14 [ EAP/RES/TTLS ]
675 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
676 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] received TNCCS batch (172 bytes)
677 9 Andreas Steffen
</pre>
678 9 Andreas Steffen
679 9 Andreas Steffen
<pre>
680 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling inbound connection
681 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PB-TNC SDATA batch for Connection ID 2
682 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
683 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing IETF/PB-PA message (164 bytes)
684 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
685 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
686 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC message with ID 0xe1b84e91
687 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
688 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
689 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
690 11 Andreas Steffen
</pre>
691 11 Andreas Steffen
692 11 Andreas Steffen
<pre>
693 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] selected DH hash algorithm is HASH_SHA1
694 11 Andreas Steffen
</pre>
695 11 Andreas Steffen
696 13 Andreas Steffen
<pre>
697 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] initiator nonce: => 20 bytes @ 0x1ab0dc0
698 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A  '.Q..f.T.W.I.*}:
699 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: F1 38 81 26                                      .8.&
700 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] responder nonce: => 20 bytes @ 0x1ab2e48
701 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71  .H.R...n_..+..&q
702 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: 49 73 01 42                                      Is.B
703 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] shared DH secret: => 32 bytes @ 0x1aac378
704 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11  ......"..5..pA{.
705 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1  .<.2.=..s2... ..
706 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] secret assessment value: => 20 bytes @ 0x1ab0d20
707 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]    0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F  .........Q...;..
708 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS]   16: 68 50 6C DE                                      hPl.
709 11 Andreas Steffen
</pre>
710 23 Andreas Steffen
711 23 Andreas Steffen
h3. Sending TPM Version Information
712 11 Andreas Steffen
713 11 Andreas Steffen
<pre>
714 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
715 11 Andreas Steffen
</pre>
716 11 Andreas Steffen
717 11 Andreas Steffen
<pre>
718 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC message with ID 0x951e0284
719 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
720 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
721 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
722 9 Andreas Steffen
</pre>
723 9 Andreas Steffen
724 9 Andreas Steffen
<pre>
725 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling outbound connection
726 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
727 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-TNC CDATA batch
728 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] adding IETF/PB-PA message
729 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 2
730 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
731 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[ENC] generating IKE_AUTH response 14 [ EAP/REQ/TTLS ]
732 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes)
733 14 Andreas Steffen
</pre>
734 14 Andreas Steffen
735 14 Andreas Steffen
<pre>
736 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
737 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 10[ENC] parsed IKE_AUTH request 15 [ EAP/RES/TTLS ]
738 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 10[ENC] generating IKE_AUTH response 15 [ EAP/REQ/TTLS ]
739 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
740 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
741 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 11[ENC] parsed IKE_AUTH request 16 [ EAP/RES/TTLS ]
742 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 11[ENC] generating IKE_AUTH response 16 [ EAP/REQ/TTLS ]
743 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
744 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
745 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 12[ENC] parsed IKE_AUTH request 17 [ EAP/RES/TTLS ]
746 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 12[ENC] generating IKE_AUTH response 17 [ EAP/REQ/TTLS ]
747 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
748 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
749 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 13[ENC] parsed IKE_AUTH request 18 [ EAP/RES/TTLS ]
750 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 13[ENC] generating IKE_AUTH response 18 [ EAP/REQ/TTLS ]
751 1 Andreas Steffen
Aug 15 14:46:09 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
752 4 Andreas Steffen
...
753 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
754 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 07[ENC] parsed IKE_AUTH request 60 [ EAP/RES/TTLS ]
755 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 07[ENC] generating IKE_AUTH response 60 [ EAP/REQ/TTLS ]
756 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
757 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
758 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[ENC] parsed IKE_AUTH request 61 [ EAP/RES/TTLS ]
759 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
760 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] received TNCCS batch (47615 bytes)
761 9 Andreas Steffen
</pre>
762 9 Andreas Steffen
763 9 Andreas Steffen
<pre>
764 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] TNC server is handling inbound connection
765 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1
766 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
767 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing IETF/PB-PA message (47607 bytes)
768 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
769 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
770 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x2d059578
771 11 Andreas Steffen
</pre>
772 11 Andreas Steffen
773 15 Andreas Steffen
h3. Initiator Attestation Measurement Values
774 15 Andreas Steffen
775 11 Andreas Steffen
<pre>
776 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
777 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
778 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
779 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b
780 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:boot_aggregate'
781 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
782 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
783 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
784 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82
785 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/init'
786 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
787 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
788 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
789 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29
790 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/sh'
791 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
792 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
793 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
794 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e
795 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so'
796 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
797 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
798 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
799 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82
800 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/mkdir'
801 1 Andreas Steffen
...
802 2 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
803 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
804 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
805 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb
806 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/usr/sbin/service'
807 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
808 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
809 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970
810 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce
811 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/cp'
812 16 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
813 11 Andreas Steffen
</pre>
814 11 Andreas Steffen
815 16 Andreas Steffen
h3. Verifying Initiator Measurements
816 16 Andreas Steffen
817 1 Andreas Steffen
<pre>
818 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] checking boot aggregate evidence measurement
819 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 for '/init' not found
820 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 for '/bin/sh' is ok
821 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e for '/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' is ok
822 1 Andreas Steffen
Aug 15 14:46:10 raspi4 charon: 08[PTS] 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 for '/bin/mkdir' is ok
823 1 Andreas Steffen
...
824 3 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb for '/usr/sbin/service' is ok
825 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce for '/bin/cp' is ok
826 11 Andreas Steffen
</pre>
827 1 Andreas Steffen
828 16 Andreas Steffen
h3. Verifying Initiator TPM Quote Signature
829 16 Andreas Steffen
830 11 Andreas Steffen
<pre>
831 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite: => 29 bytes @ 0x1b27188
832 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]    0: 00 03 00 04 00 00 00 00 14 F7 5E 84 36 2B C2 83  ..........^.6+..
833 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]   16: 28 8E 90 7E B3 39 45 74 33 60 2E B7 8E           (..~.9Et3`...
834 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite hash: 58:f2:83:91:d6:a8:df:3d:3e:c6:33:c7:24:93:9f:9c:22:a2:01:20
835 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed TPM Quote Info: => 52 bytes @ 0x1b27e68
836 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]    0: 00 36 51 55 54 32 D8 9D 1E 70 CE 78 C3 13 F2 79  .6QUT2...p.x...y
837 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]   16: BA 5D 7C E5 05 7C E0 E0 83 77 00 03 00 04 00 01  .]|..|...w......
838 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]   32: 58 F2 83 91 D6 A8 DF 3D 3E C6 33 C7 24 93 9F 9C  X......=>.3.$...
839 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS]   48: 22 A2 01 20                                      ".. 
840 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] received PCR Composite matches constructed one
841 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] TPM Quote Info signature verification successful
842 11 Andreas Steffen
</pre>
843 11 Andreas Steffen
844 11 Andreas Steffen
<pre>
845 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[PTS] processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed
846 11 Andreas Steffen
</pre>
847 11 Andreas Steffen
848 11 Andreas Steffen
<pre>
849 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 handled TPMRA workitem 18: allow - processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed
850 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0x57254d62
851 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
852 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
853 19 Andreas Steffen
</pre>
854 19 Andreas Steffen
855 19 Andreas Steffen
h3. Sending Assessment Result
856 19 Andreas Steffen
857 19 Andreas Steffen
<pre>
858 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant'
859 9 Andreas Steffen
</pre>
860 9 Andreas Steffen
861 9 Andreas Steffen
<pre>
862 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] TNC server is handling outbound connection
863 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: recommendation for access requestor 10.10.1.39 is allow
864 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: imv_policy_manager stop successful
865 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Allowed'
866 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
867 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-TNC RESULT batch
868 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-PA message
869 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Assessment-Result message
870 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Access-Recommendation message
871 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
872 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
873 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[ENC] generating IKE_AUTH response 61 [ EAP/REQ/TTLS ]
874 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
875 11 Andreas Steffen
</pre>
876 11 Andreas Steffen
877 11 Andreas Steffen
<pre>
878 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
879 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[ENC] parsed IKE_AUTH request 62 [ EAP/RES/TTLS ]
880 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
881 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] received TNCCS batch (80 bytes)
882 9 Andreas Steffen
</pre>
883 9 Andreas Steffen
884 9 Andreas Steffen
<pre>
885 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] TNC client is handling inbound connection
886 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PB-TNC SDATA batch for Connection ID 2
887 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
888 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing IETF/PB-PA message (72 bytes)
889 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
890 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
891 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC message with ID 0xc8f4500b
892 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
893 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
894 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[IMC] evidence requested for 1 functional components
895 11 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
896 1 Andreas Steffen
</pre>
897 15 Andreas Steffen
898 16 Andreas Steffen
h3. Responder Attestation Measurement Values
899 11 Andreas Steffen
900 11 Andreas Steffen
<pre>
901 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (451 entries)
902 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
903 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
904 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b
905 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:boot_aggregate'
906 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
907 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
908 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82
909 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/init'
910 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
911 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
912 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29
913 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/sh'
914 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
915 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
916 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e
917 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so'
918 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
919 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
920 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82
921 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/mkdir'
922 4 Andreas Steffen
...
923 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
924 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
925 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2
926 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/bin/clear_console'
927 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
928 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970
929 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33
930 1 Andreas Steffen
Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/libexec/ipsec/stroke'
931 1 Andreas Steffen
</pre>
932 16 Andreas Steffen
933 17 Andreas Steffen
h3. Generating Responder TPM Quote Signature
934 11 Andreas Steffen
935 11 Andreas Steffen
<pre>
936 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS] Hash of PCR Composite: c4:6a:f4:fa:82:39:a6:7a:80:fe:4e:d2:7e:a5:05:b3:1e:60:4f:ff
937 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Info: => 52 bytes @ 0x1ae0580
938 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]    0: 00 36 51 55 54 32 B2 E0 AB DF 89 C5 1D B2 A3 51  .6QUT2.........Q
939 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   16: FD A9 C8 3B F8 7F 68 50 6C DE 00 03 00 04 00 01  ...;..hPl.......
940 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   32: C4 6A F4 FA 82 39 A6 7A 80 FE 4E D2 7E A5 05 B3  .j...9.z..N.~...
941 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   48: 1E 60 4F FF                                      .`O.
942 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Signature: => 256 bytes @ 0x1ae0c00
943 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]    0: 6C 25 B7 58 F9 5C CA CA 86 6F 9A BD 24 2E 32 D9  l%.X.\...o..$.2.
944 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   16: 36 DD 4F DF 37 09 1E 60 56 45 0E B4 32 52 A2 6A  6.O.7..`VE..2R.j
945 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   32: B4 A5 27 59 79 25 F2 DC A1 05 14 5C 0C 71 DD DC  ..'Yy%.....\.q..
946 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   48: 96 31 9C 69 DD 60 AC 51 70 95 47 48 62 FF 40 DC  .1.i.`.Qp.GHb.@.
947 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   64: FF FF C3 55 5D 1C DF E2 D6 4B 8E 4F BF 0A 47 CC  ...U]....K.O..G.
948 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   80: 1E C5 42 7D 3B 39 C4 4D 6A A0 A4 CD 3E E3 E6 C6  ..B};9.Mj...>...
949 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]   96: A1 DB F1 AF F3 2B 48 0D 74 60 A3 B3 E3 43 5E 22  .....+H.t`...C^"
950 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  112: 99 EC 5B 23 FD 57 D4 1F 97 32 28 DC 4A 38 36 15  ..[#.W...2(.J86.
951 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  128: 75 57 53 18 21 29 5C CD 8F C6 66 60 70 7C 47 0F  uWS.!)\...f`p|G.
952 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  144: 9B 7B FE BA 29 80 0C 87 11 41 81 95 6D 74 6B FA  .{..)....A..mtk.
953 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  160: 4D 5F F7 23 C4 60 D2 2A C2 16 08 EA AF 59 CC D2  M_.#.`.*.....Y..
954 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  176: 18 EC 20 18 5B 1D 42 72 E1 C8 33 02 A1 37 ED EA  .. .[.Br..3..7..
955 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  192: B8 CD CA 2B 83 D3 B2 77 1C 45 2D C7 36 FA E6 88  ...+...w.E-.6...
956 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  208: 93 C3 BE D9 26 31 A5 59 3D 20 24 B1 0F F3 04 5C  ....&1.Y= $....\
957 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  224: 93 FA 8C 09 3E C3 FF E0 A1 EB 03 58 0B AB 08 89  ....>......X....
958 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[PTS]  240: BA A4 22 ED AB D6 BA 7C 65 8D B6 75 5C 7C 67 28  .."....|e..u\|g(
959 18 Andreas Steffen
</pre>
960 18 Andreas Steffen
961 18 Andreas Steffen
<pre>
962 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC message with ID 0xed64f7ab
963 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
964 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
965 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
966 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
967 5 Andreas Steffen
...
968 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
969 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
970 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
971 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
972 9 Andreas Steffen
</pre>
973 9 Andreas Steffen
974 9 Andreas Steffen
<pre>
975 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] TNC client is handling outbound connection
976 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
977 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-TNC CDATA batch
978 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] adding IETF/PB-PA message
979 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[TNC] sending PB-TNC CDATA batch (49524 bytes) for Connection ID 2
980 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
981 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[ENC] generating IKE_AUTH response 62 [ EAP/REQ/TTLS ]
982 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
983 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
984 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 11[ENC] parsed IKE_AUTH request 63 [ EAP/RES/TTLS ]
985 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 11[ENC] generating IKE_AUTH response 63 [ EAP/REQ/TTLS ]
986 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
987 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
988 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 12[ENC] parsed IKE_AUTH request 64 [ EAP/RES/TTLS ]
989 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 12[ENC] generating IKE_AUTH response 64 [ EAP/REQ/TTLS ]
990 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
991 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
992 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 13[ENC] parsed IKE_AUTH request 65 [ EAP/RES/TTLS ]
993 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 13[ENC] generating IKE_AUTH response 65 [ EAP/REQ/TTLS ]
994 1 Andreas Steffen
Aug 15 14:46:17 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
995 5 Andreas Steffen
...
996 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
997 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 08[ENC] parsed IKE_AUTH request 109 [ EAP/RES/TTLS ]
998 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 08[ENC] generating IKE_AUTH response 109 [ EAP/REQ/TTLS ]
999 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
1000 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
1001 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 10[ENC] parsed IKE_AUTH request 110 [ EAP/RES/TTLS ]
1002 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 10[ENC] generating IKE_AUTH response 110 [ EAP/REQ/TTLS ]
1003 1 Andreas Steffen
Aug 15 14:46:18 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1040 bytes)
1004 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
1005 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[ENC] parsed IKE_AUTH request 111 [ EAP/RES/TTLS ]
1006 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
1007 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] received TNCCS batch (88 bytes)
1008 9 Andreas Steffen
</pre>
1009 9 Andreas Steffen
1010 9 Andreas Steffen
<pre>
1011 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling inbound connection
1012 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PB-TNC RESULT batch for Connection ID 2
1013 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
1014 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-PA message (48 bytes)
1015 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Assessment-Result message (16 bytes)
1016 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Access-Recommendation message (16 bytes)
1017 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
1018 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
1019 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC message with ID 0x4077e3ed
1020 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
1021 11 Andreas Steffen
</pre>
1022 19 Andreas Steffen
1023 19 Andreas Steffen
h3. Receiving Assessment Result
1024 11 Andreas Steffen
1025 11 Andreas Steffen
<pre>
1026 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 *****
1027 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] assessment result is 'compliant'
1028 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** end of assessment *****
1029 11 Andreas Steffen
</pre>
1030 11 Andreas Steffen
1031 11 Andreas Steffen
<pre>
1032 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC assessment result is 'compliant'
1033 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC access recommendation is 'Access Allowed'
1034 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Allowed'
1035 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Allowed'
1036 9 Andreas Steffen
</pre>
1037 9 Andreas Steffen
1038 9 Andreas Steffen
<pre>
1039 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling outbound connection
1040 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End'
1041 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] creating PB-TNC CLOSE batch
1042 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 2
1043 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
1044 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[ENC] generating IKE_AUTH response 111 [ EAP/REQ/TTLS ]
1045 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
1046 11 Andreas Steffen
</pre>
1047 11 Andreas Steffen
1048 11 Andreas Steffen
<pre>
1049 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
1050 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[ENC] parsed IKE_AUTH request 112 [ EAP/RES/TTLS ]
1051 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
1052 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] received TNCCS batch (8 bytes)
1053 9 Andreas Steffen
</pre>
1054 9 Andreas Steffen
1055 9 Andreas Steffen
<pre>
1056 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] TNC server is handling inbound connection
1057 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] processing PB-TNC CLOSE batch for Connection ID 1
1058 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] PB-TNC state transition from 'Decided' to 'End'
1059 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] final recommendation is 'allow' and evaluation is 'compliant'
1060 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforced on peer 'raspi3.example.com' is 'allow'
1061 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforcement point added group membership 'allow'
1062 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP_TTLS phase2 authentication of 'raspi3.example.com' with EAP_PT_EAP successful
1063 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IMV] IMV 1 "Attestation" deleted the state of Connection ID 1
1064 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 1
1065 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 1 "OS" deleted the state of Connection ID 2
1066 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 2 "Attestation" deleted the state of Connection ID 2
1067 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 2
1068 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP method EAP_TTLS succeeded, MSK established
1069 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[ENC] generating IKE_AUTH response 112 [ EAP/SUCC ]
1070 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
1071 11 Andreas Steffen
</pre>
1072 11 Andreas Steffen
1073 11 Andreas Steffen
<pre>
1074 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (112 bytes)
1075 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[ENC] parsed IKE_AUTH request 113 [ AUTH ]
1076 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi3.example.com' with EAP successful
1077 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi4.example.com' (myself) with EAP
1078 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] IKE_SA peer[1] established between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
1079 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] scheduling reauthentication in 10143s
1080 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] maximum IKE_SA lifetime 10683s
1081 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[IKE] CHILD_SA peer{1} established with SPIs ce21eedf_i c12c1aae_o and TS 10.10.1.40/32 === 10.10.1.39/32 
1082 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[ENC] generating IKE_AUTH response 113 [ AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
1083 1 Andreas Steffen
Aug 15 14:46:25 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (240 bytes)
1084 10 Andreas Steffen
</pre>
1085 10 Andreas Steffen
1086 24 Andreas Steffen
h2. strongTNC Policy Manager
1087 24 Andreas Steffen
1088 24 Andreas Steffen
!tnc4.png!
1089 24 Andreas Steffen
1090 24 Andreas Steffen
This screenshot of the strongTNC policy manager running on *raspi4* shows that the attestation of *raspi3* has been successful.
1091 24 Andreas Steffen
1092 24 Andreas Steffen
h2. IPsec Connection established
1093 24 Andreas Steffen
1094 24 Andreas Steffen
The command
1095 24 Andreas Steffen
<pre>
1096 24 Andreas Steffen
raspi4# ipsec statusall
1097 24 Andreas Steffen
</pre>
1098 24 Andreas Steffen
1099 24 Andreas Steffen
shows that the IPsec transport connection between *raspi4* and *raspi3* has been successfully established.
1100 24 Andreas Steffen
<pre>
1101 24 Andreas Steffen
Status of IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l):
1102 24 Andreas Steffen
  uptime: 2 minutes, since Aug 15 14:45:50 2015
1103 24 Andreas Steffen
  malloc: sbrk 1941504, mmap 0, used 1440680, free 500824
1104 24 Andreas Steffen
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
1105 24 Andreas Steffen
  loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
1106 24 Andreas Steffen
Listening IP addresses:
1107 24 Andreas Steffen
  10.10.1.40
1108 24 Andreas Steffen
Connections:
1109 24 Andreas Steffen
        peer:  10.10.1.40...10.10.1.39  IKEv2
1110 24 Andreas Steffen
        peer:   local:  [raspi4.example.com] uses EAP_TTLS authentication
1111 24 Andreas Steffen
        peer:    cert:  "C=US, O=TNC Demo, CN=raspi4.example.com"
1112 24 Andreas Steffen
        peer:   remote: [raspi3.example.com] uses EAP_TTLS authentication
1113 24 Andreas Steffen
        peer:   child:  dynamic === dynamic TRANSPORT
1114 24 Andreas Steffen
Security Associations (1 up, 0 connecting):
1115 24 Andreas Steffen
        peer[1]: ESTABLISHED 2 minutes ago, 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
1116 24 Andreas Steffen
        peer[1]: IKEv2 SPIs: 168d780b16692776_i 24a43cb75417ebe5_r*, EAP reauthentication in 2 hours
1117 24 Andreas Steffen
        peer[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
1118 24 Andreas Steffen
        peer{1}:  INSTALLED, TRANSPORT, reqid 1, ESP SPIs: ce21eedf_i c12c1aae_o
1119 24 Andreas Steffen
        peer{1}:  AES_CBC_128/HMAC_SHA2_256_128, 640 bytes_i (10 pkts, 48s ago), 640 bytes_o (10 pkts, 48s ago), rekeying in 46 minutes
1120 24 Andreas Steffen
        peer{1}:   10.10.1.40/32 === 10.10.1.39/32 
1121 24 Andreas Steffen
</pre>
1122 24 Andreas Steffen
1123 10 Andreas Steffen
h2. Terminating the IPsec Connection
1124 10 Andreas Steffen
1125 10 Andreas Steffen
<pre>
1126 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
1127 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[ENC] parsed INFORMATIONAL request 114 [ D ]
1128 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[IKE] received DELETE for IKE_SA peer[1]
1129 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[IKE] deleting IKE_SA peer[1] between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
1130 1 Andreas Steffen
Aug 15 14:49:04 raspi4 charon: 05[IKE] IKE_SA deleted
1131 1 Andreas Steffen
Aug 15 14:49:05 raspi4 charon: 05[ENC] generating INFORMATIONAL response 114 [ ]
1132 1 Andreas Steffen
Aug 15 14:49:05 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
1133 10 Andreas Steffen
</pre>
1134 10 Andreas Steffen
1135 10 Andreas Steffen
h2. Stopping the IKEv2 Daemon
1136 10 Andreas Steffen
1137 10 Andreas Steffen
<pre>
1138 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[DMN] signal of type SIGINT received. Shutting down
1139 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 2 "Attestation" terminated
1140 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 1 "OS" terminated
1141 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[IMV] IMV 1 "Attestation" terminated
1142 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[PTS] removed TCG functional component namespace
1143 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[PTS] removed ITA-HSR functional component namespace
1144 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[TNC] removed IETF attributes
1145 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[TNC] removed ITA-HSR attributes
1146 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[TNC] removed TCG attributes
1147 1 Andreas Steffen
Aug 15 14:49:13 raspi4 charon: 00[LIB] libimcv terminated
1148 1 Andreas Steffen
</pre>