Raspi 4 - Responding IoT Device » History » Version 24
Andreas Steffen, 16.08.2015 10:16
1 | 4 | Andreas Steffen | {{>toc}} |
---|---|---|---|
2 | 4 | Andreas Steffen | |
3 | 1 | Andreas Steffen | h1. Raspi 4 - Responding IoT Device |
4 | 1 | Andreas Steffen | |
5 | 6 | Andreas Steffen | h2. Configuration Files |
6 | 6 | Andreas Steffen | |
7 | 1 | Andreas Steffen | strongSwan IPsec configuration file */etc/ipsec.conf* |
8 | 1 | Andreas Steffen | <pre> |
9 | 1 | Andreas Steffen | config setup |
10 | 1 | Andreas Steffen | charondebug="tnc 2, imc 2, imv 2, pts 3" |
11 | 1 | Andreas Steffen | |
12 | 1 | Andreas Steffen | conn %default |
13 | 1 | Andreas Steffen | ike=aes128-sha256-ecp256! |
14 | 1 | Andreas Steffen | esp=aes128-sha256-ecp256! |
15 | 1 | Andreas Steffen | keyexchange=ikev2 |
16 | 1 | Andreas Steffen | |
17 | 1 | Andreas Steffen | conn peer |
18 | 1 | Andreas Steffen | left=10.10.1.40 |
19 | 1 | Andreas Steffen | leftauth=eap-ttls |
20 | 1 | Andreas Steffen | leftcert=raspi4Cert.pem |
21 | 1 | Andreas Steffen | leftid=raspi4.example.com |
22 | 1 | Andreas Steffen | leftfirewall=yes |
23 | 1 | Andreas Steffen | right=10.10.1.39 |
24 | 1 | Andreas Steffen | rightauth=eap-ttls |
25 | 1 | Andreas Steffen | rightid=raspi3.example.com |
26 | 1 | Andreas Steffen | type=transport |
27 | 1 | Andreas Steffen | auto=add |
28 | 1 | Andreas Steffen | </pre> |
29 | 1 | Andreas Steffen | |
30 | 1 | Andreas Steffen | strongSwan IPsec secrets file */etc/ipsec.secrets* |
31 | 1 | Andreas Steffen | <pre> |
32 | 1 | Andreas Steffen | : RSA raspi4Key.pem |
33 | 1 | Andreas Steffen | </pre> |
34 | 1 | Andreas Steffen | |
35 | 1 | Andreas Steffen | strongSwan configuration file */etc/strongswan.conf* |
36 | 1 | Andreas Steffen | <pre> |
37 | 1 | Andreas Steffen | charon { |
38 | 1 | Andreas Steffen | load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
39 | 1 | Andreas Steffen | |
40 | 1 | Andreas Steffen | half_open_timeout = 90 |
41 | 1 | Andreas Steffen | |
42 | 1 | Andreas Steffen | plugins { |
43 | 1 | Andreas Steffen | eap-ttls |
44 | 1 | Andreas Steffen | { |
45 | 1 | Andreas Steffen | max_message_count = 0 |
46 | 1 | Andreas Steffen | request_peer_auth = yes |
47 | 1 | Andreas Steffen | phase2_piggyback = yes |
48 | 1 | Andreas Steffen | phase2_tnc = yes |
49 | 1 | Andreas Steffen | } |
50 | 1 | Andreas Steffen | eap-tnc { |
51 | 1 | Andreas Steffen | max_message_count = 0 |
52 | 1 | Andreas Steffen | } |
53 | 1 | Andreas Steffen | tnccs-20 { |
54 | 1 | Andreas Steffen | mutual = yes |
55 | 1 | Andreas Steffen | } |
56 | 1 | Andreas Steffen | } |
57 | 1 | Andreas Steffen | } |
58 | 1 | Andreas Steffen | |
59 | 1 | Andreas Steffen | libimcv { |
60 | 1 | Andreas Steffen | database = sqlite:///etc/pts/config.db |
61 | 1 | Andreas Steffen | policy_script = ipsec imv_policy_manager |
62 | 1 | Andreas Steffen | |
63 | 1 | Andreas Steffen | plugins { |
64 | 1 | Andreas Steffen | imc-os { |
65 | 1 | Andreas Steffen | device_pubkey = /etc/pts/aik4Pub.der |
66 | 1 | Andreas Steffen | } |
67 | 1 | Andreas Steffen | imc-attestation { |
68 | 1 | Andreas Steffen | aik_blob = /etc/pts/aik4Blob.bin |
69 | 1 | Andreas Steffen | aik_cert = /etc/pts/aik4Cert.der |
70 | 1 | Andreas Steffen | } |
71 | 1 | Andreas Steffen | imv-attestation { |
72 | 1 | Andreas Steffen | cadir = /etc/pts/cacerts |
73 | 1 | Andreas Steffen | hash_algorithm = sha1 |
74 | 1 | Andreas Steffen | } |
75 | 1 | Andreas Steffen | } |
76 | 1 | Andreas Steffen | } |
77 | 1 | Andreas Steffen | |
78 | 1 | Andreas Steffen | libtls { |
79 | 1 | Andreas Steffen | suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
80 | 1 | Andreas Steffen | } |
81 | 1 | Andreas Steffen | |
82 | 1 | Andreas Steffen | pt-tls-client { |
83 | 1 | Andreas Steffen | load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl |
84 | 1 | Andreas Steffen | } |
85 | 1 | Andreas Steffen | |
86 | 1 | Andreas Steffen | attest { |
87 | 1 | Andreas Steffen | database=sqlite:///etc/pts/config.db |
88 | 1 | Andreas Steffen | } |
89 | 1 | Andreas Steffen | </pre> |
90 | 1 | Andreas Steffen | |
91 | 6 | Andreas Steffen | h2. Starting the IKEv2 Daemon |
92 | 6 | Andreas Steffen | |
93 | 6 | Andreas Steffen | First the IKEv2 charon daemon is started in the background |
94 | 1 | Andreas Steffen | <pre> |
95 | 6 | Andreas Steffen | raspi4# ipsec start |
96 | 6 | Andreas Steffen | </pre> |
97 | 6 | Andreas Steffen | |
98 | 6 | Andreas Steffen | <pre> |
99 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l) |
100 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] TNC recommendation policy is 'default' |
101 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMVs from '/etc/tnc_config' |
102 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] added IETF attributes |
103 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] added ITA-HSR attributes |
104 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] added TCG attributes |
105 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added TCG functional component namespace |
106 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component namespace |
107 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader' |
108 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot' |
109 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA' |
110 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[LIB] libimcv initialized |
111 | 6 | Andreas Steffen | </pre> |
112 | 6 | Andreas Steffen | |
113 | 6 | Andreas Steffen | Loading Attestation IMV |
114 | 6 | Andreas Steffen | <pre> |
115 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMV] IMV 1 "Attestation" initialized |
116 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts' |
117 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem' |
118 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available |
119 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available |
120 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available |
121 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available |
122 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available |
123 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available |
124 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available |
125 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available |
126 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001 |
127 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so' |
128 | 6 | Andreas Steffen | </pre> |
129 | 6 | Andreas Steffen | |
130 | 6 | Andreas Steffen | Loading OS IMC |
131 | 6 | Andreas Steffen | <pre> |
132 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMCs from '/etc/tnc_config' |
133 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 1 "OS" initialized |
134 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] processing "/etc/debian_version" file |
135 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system name is 'Debian' |
136 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system version is '7.8 armv7l' |
137 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001 |
138 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so' |
139 | 6 | Andreas Steffen | </pre> |
140 | 6 | Andreas Steffen | |
141 | 6 | Andreas Steffen | Loading Attestation IMC |
142 | 6 | Andreas Steffen | <pre> |
143 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 2 "Attestation" initialized |
144 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available |
145 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available |
146 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available |
147 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available |
148 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available |
149 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available |
150 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available |
151 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available |
152 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001 |
153 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so' |
154 | 6 | Andreas Steffen | </pre> |
155 | 6 | Andreas Steffen | |
156 | 6 | Andreas Steffen | Initializing IKE daemon |
157 | 6 | Andreas Steffen | <pre> |
158 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' |
159 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem' |
160 | 6 | Andreas Steffen | '/etc/ipsec.d/cacerts/MSE_CA_Cert.pem' |
161 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' |
162 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' |
163 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' |
164 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' |
165 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' |
166 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/raspi4Key.pem' |
167 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
168 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[JOB] spawning 16 worker threads |
169 | 6 | Andreas Steffen | </pre> |
170 | 6 | Andreas Steffen | |
171 | 6 | Andreas Steffen | Loading *peer* IPsec connection |
172 | 6 | Andreas Steffen | <pre> |
173 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 06[CFG] received stroke: add connection 'peer' |
174 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 06[CFG] loaded certificate "C=US, O=TNC Demo, CN=raspi4.example.com" from 'raspi4Cert.pem' |
175 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 06[CFG] added configuration 'peer' |
176 | 6 | Andreas Steffen | </pre> |
177 | 6 | Andreas Steffen | |
178 | 6 | Andreas Steffen | h2. Responding to IPsec Connection Setup |
179 | 6 | Andreas Steffen | |
180 | 6 | Andreas Steffen | <pre> |
181 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[NET] received packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes) |
182 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] |
183 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[IKE] 10.10.1.39 is initiating an IKE_SA |
184 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" |
185 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ] |
186 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes) |
187 | 6 | Andreas Steffen | </pre> |
188 | 6 | Andreas Steffen | |
189 | 6 | Andreas Steffen | <pre> |
190 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes) |
191 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] |
192 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" |
193 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[CFG] looking for peer configs matching 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
194 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[CFG] selected peer config 'peer' |
195 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[IKE] initiating EAP_TTLS method (id 0xDB) |
196 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[IKE] peer supports MOBIKE |
197 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[ENC] generating IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ] |
198 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes) |
199 | 6 | Andreas Steffen | </pre> |
200 | 6 | Andreas Steffen | |
201 | 6 | Andreas Steffen | <pre> |
202 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes) |
203 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TTLS ] |
204 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
205 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com' |
206 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA' |
207 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA' |
208 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TTLS ] |
209 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
210 | 6 | Andreas Steffen | </pre> |
211 | 6 | Andreas Steffen | |
212 | 6 | Andreas Steffen | <pre> |
213 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
214 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TTLS ] |
215 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TTLS ] |
216 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes) |
217 | 6 | Andreas Steffen | </pre> |
218 | 6 | Andreas Steffen | |
219 | 6 | Andreas Steffen | <pre> |
220 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
221 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TTLS ] |
222 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TTLS ] |
223 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
224 | 6 | Andreas Steffen | </pre> |
225 | 6 | Andreas Steffen | |
226 | 6 | Andreas Steffen | <pre> |
227 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes) |
228 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TTLS ] |
229 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[TLS] received TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com' |
230 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] using certificate "C=US, O=TNC Demo, CN=raspi3.example.com" |
231 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" |
232 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi3.example.com" |
233 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] certificate status is not available |
234 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] reached self-signed root ca with a path length of 0 |
235 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/ID] |
236 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TTLS ] |
237 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
238 | 6 | Andreas Steffen | </pre> |
239 | 6 | Andreas Steffen | |
240 | 6 | Andreas Steffen | <pre> |
241 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes) |
242 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TTLS ] |
243 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/RES/ID] |
244 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] received EAP identity 'raspi3.example.com' |
245 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] phase2 method EAP_PT_EAP selected |
246 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
247 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TTLS ] |
248 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) |
249 | 6 | Andreas Steffen | </pre> |
250 | 6 | Andreas Steffen | |
251 | 6 | Andreas Steffen | <pre> |
252 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes) |
253 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ] |
254 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
255 | 6 | Andreas Steffen | </pre> |
256 | 6 | Andreas Steffen | |
257 | 10 | Andreas Steffen | h2. Start of Mutual Attestation |
258 | 10 | Andreas Steffen | |
259 | 21 | Andreas Steffen | h3. Assigning Connection to TNC Server |
260 | 21 | Andreas Steffen | |
261 | 6 | Andreas Steffen | <pre> |
262 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] assigned TNCCS Connection ID 1 |
263 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh |
264 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes |
265 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] user AR identity 'raspi3.example.com' of type username authenticated by certificate |
266 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] machine AR identity '10.10.1.39' of type IPv4 address authenticated by unknown method |
267 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Handshake' |
268 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] received TNCCS batch (283 bytes) |
269 | 6 | Andreas Steffen | </pre> |
270 | 6 | Andreas Steffen | |
271 | 6 | Andreas Steffen | <pre> |
272 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] TNC server is handling inbound connection |
273 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
274 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] PB-TNC state transition from 'Init' to 'Server Working' |
275 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes) |
276 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-Language-Preference message (31 bytes) |
277 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-PA message (228 bytes) |
278 | 6 | Andreas Steffen | </pre> |
279 | 6 | Andreas Steffen | |
280 | 6 | Andreas Steffen | <pre> |
281 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] activating mutual PB-TNC half duplex protocol |
282 | 6 | Andreas Steffen | </pre> |
283 | 6 | Andreas Steffen | |
284 | 7 | Andreas Steffen | <pre> |
285 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] setting language preference to 'en' |
286 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 |
287 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 1 |
288 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC message with ID 0x83cf019d |
289 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 |
290 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 |
291 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 |
292 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 |
293 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b |
294 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c |
295 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 |
296 | 6 | Andreas Steffen | </pre> |
297 | 6 | Andreas Steffen | |
298 | 20 | Andreas Steffen | h3. Receiving OS Information |
299 | 20 | Andreas Steffen | |
300 | 6 | Andreas Steffen | <pre> |
301 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system name is 'Debian' from vendor Debian Project |
302 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system version is '7.8 armv7l' |
303 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] device ID is 565feb9e8462870dba884ce540a0768d68829873 |
304 | 6 | Andreas Steffen | </pre> |
305 | 6 | Andreas Steffen | |
306 | 22 | Andreas Steffen | h3. Starting Session with Policy Manager |
307 | 22 | Andreas Steffen | |
308 | 6 | Andreas Steffen | <pre> |
309 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] assigned session ID 3 to Connection ID 1 |
310 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: imv_policy_manager start successful |
311 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: skipping enforcment 6 |
312 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] FWDEN workitem 13 |
313 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] FMETA workitem 14 |
314 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] PCKGS workitem 15 |
315 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] TCPOP workitem 16 |
316 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] UDPOP workitem 17 |
317 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] TPMRA workitem 18 |
318 | 6 | Andreas Steffen | </pre> |
319 | 6 | Andreas Steffen | |
320 | 6 | Andreas Steffen | <pre> |
321 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001 |
322 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes |
323 | 6 | Andreas Steffen | </pre> |
324 | 6 | Andreas Steffen | |
325 | 6 | Andreas Steffen | <pre> |
326 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC message with ID 0x42501f74 |
327 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 |
328 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 |
329 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 |
330 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
331 | 6 | Andreas Steffen | </pre> |
332 | 6 | Andreas Steffen | |
333 | 6 | Andreas Steffen | <pre> |
334 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] TNC server is handling outbound connection |
335 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
336 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-TNC SDATA batch |
337 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] adding ITA-HSR/PB-Mutual-Capability message |
338 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] adding IETF/PB-PA message |
339 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 1 |
340 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
341 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ] |
342 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes) |
343 | 6 | Andreas Steffen | </pre> |
344 | 6 | Andreas Steffen | |
345 | 6 | Andreas Steffen | <pre> |
346 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes) |
347 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ] |
348 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
349 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] received TNCCS batch (8 bytes) |
350 | 21 | Andreas Steffen | </pre> |
351 | 21 | Andreas Steffen | |
352 | 21 | Andreas Steffen | h3. Assigning Connection to TNC Client |
353 | 21 | Andreas Steffen | |
354 | 21 | Andreas Steffen | <pre> |
355 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] assigned TNCCS Connection ID 2 |
356 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh |
357 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes |
358 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK certificate from '/etc/pts/aik4Cert.der' |
359 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK Blob from '/etc/pts/aik4Blob.bin' |
360 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh |
361 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes |
362 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Handshake' |
363 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Handshake' |
364 | 6 | Andreas Steffen | </pre> |
365 | 20 | Andreas Steffen | |
366 | 20 | Andreas Steffen | h3. Sending OS Information |
367 | 6 | Andreas Steffen | |
368 | 6 | Andreas Steffen | <pre> |
369 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] operating system numeric version is 7.8 |
370 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] last boot: Aug 15 07:56:45 UTC 2015, 17363 s ago |
371 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IPv4 forwarding is disabled |
372 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] factory default password is disabled |
373 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] loaded device public key from '/etc/pts/aik4Pub.der' |
374 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c |
375 | 6 | Andreas Steffen | </pre> |
376 | 6 | Andreas Steffen | |
377 | 6 | Andreas Steffen | <pre> |
378 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC message with ID 0x366c28ea |
379 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 |
380 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 |
381 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 |
382 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 |
383 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b |
384 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c |
385 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 |
386 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 |
387 | 6 | Andreas Steffen | </pre> |
388 | 6 | Andreas Steffen | |
389 | 6 | Andreas Steffen | <pre> |
390 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling inbound connection |
391 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
392 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Init' to 'Client Working' |
393 | 9 | Andreas Steffen | </pre> |
394 | 9 | Andreas Steffen | |
395 | 9 | Andreas Steffen | <pre> |
396 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling outbound connection |
397 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
398 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-TNC CDATA batch |
399 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-Language-Preference message |
400 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-PA message |
401 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] sending PB-TNC CDATA batch (267 bytes) for Connection ID 2 |
402 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
403 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ] |
404 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes) |
405 | 6 | Andreas Steffen | </pre> |
406 | 6 | Andreas Steffen | |
407 | 6 | Andreas Steffen | <pre> |
408 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
409 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ] |
410 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
411 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] received TNCCS batch (92 bytes) |
412 | 6 | Andreas Steffen | </pre> |
413 | 6 | Andreas Steffen | |
414 | 6 | Andreas Steffen | <pre> |
415 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling inbound connection |
416 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
417 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
418 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing IETF/PB-PA message (84 bytes) |
419 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
420 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
421 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC message with ID 0x1d5fa63a |
422 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 |
423 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 |
424 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 |
425 | 6 | Andreas Steffen | </pre> |
426 | 6 | Andreas Steffen | |
427 | 6 | Andreas Steffen | <pre> |
428 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001 |
429 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes |
430 | 6 | Andreas Steffen | </pre> |
431 | 6 | Andreas Steffen | |
432 | 23 | Andreas Steffen | h3. Receiving PTS Protocol Capabilities |
433 | 23 | Andreas Steffen | |
434 | 6 | Andreas Steffen | <pre> |
435 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[PTS] supported PTS protocol capabilities: .VDT. |
436 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[PTS] selected PTS measurement algorithm is HASH_SHA1 |
437 | 6 | Andreas Steffen | </pre> |
438 | 6 | Andreas Steffen | |
439 | 6 | Andreas Steffen | <pre> |
440 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles FMETA workitem 14 |
441 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 requests metadata for file '/etc/tnc_config' |
442 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested |
443 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles TPMRA workitem 18 |
444 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC message with ID 0xaff3c130 |
445 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 |
446 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000 |
447 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
448 | 6 | Andreas Steffen | </pre> |
449 | 6 | Andreas Steffen | |
450 | 6 | Andreas Steffen | <pre> |
451 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling outbound connection |
452 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
453 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-TNC SDATA batch |
454 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] adding IETF/PB-PA message |
455 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 1 |
456 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
457 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TTLS ] |
458 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
459 | 11 | Andreas Steffen | </pre> |
460 | 11 | Andreas Steffen | |
461 | 11 | Andreas Steffen | <pre> |
462 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
463 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[ENC] parsed IKE_AUTH request 10 [ EAP/RES/TTLS ] |
464 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
465 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] received TNCCS batch (92 bytes) |
466 | 9 | Andreas Steffen | </pre> |
467 | 9 | Andreas Steffen | |
468 | 9 | Andreas Steffen | <pre> |
469 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling inbound connection |
470 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
471 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
472 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing IETF/PB-PA message (84 bytes) |
473 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
474 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
475 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC message with ID 0x918da8fe |
476 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 |
477 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 |
478 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 |
479 | 11 | Andreas Steffen | </pre> |
480 | 11 | Andreas Steffen | |
481 | 11 | Andreas Steffen | <pre> |
482 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001 |
483 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IMC] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes |
484 | 11 | Andreas Steffen | </pre> |
485 | 11 | Andreas Steffen | |
486 | 23 | Andreas Steffen | h3. Sending PTS Protocol Capabilities |
487 | 23 | Andreas Steffen | |
488 | 11 | Andreas Steffen | <pre> |
489 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[PTS] supported PTS protocol capabilities: .VDT. |
490 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[PTS] selected PTS measurement algorithm is HASH_SHA1 |
491 | 11 | Andreas Steffen | </pre> |
492 | 11 | Andreas Steffen | |
493 | 11 | Andreas Steffen | <pre> |
494 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC message with ID 0xf94741eb |
495 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 |
496 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 |
497 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 |
498 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
499 | 9 | Andreas Steffen | </pre> |
500 | 9 | Andreas Steffen | |
501 | 9 | Andreas Steffen | <pre> |
502 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling outbound connection |
503 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
504 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-TNC CDATA batch |
505 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] adding IETF/PB-PA message |
506 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 2 |
507 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
508 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[ENC] generating IKE_AUTH response 10 [ EAP/REQ/TTLS ] |
509 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
510 | 11 | Andreas Steffen | </pre> |
511 | 11 | Andreas Steffen | |
512 | 11 | Andreas Steffen | <pre> |
513 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes) |
514 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[ENC] parsed IKE_AUTH request 11 [ EAP/RES/TTLS ] |
515 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
516 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] received TNCCS batch (226 bytes) |
517 | 9 | Andreas Steffen | </pre> |
518 | 9 | Andreas Steffen | |
519 | 9 | Andreas Steffen | <pre> |
520 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling inbound connection |
521 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
522 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
523 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing IETF/PB-PA message (218 bytes) |
524 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
525 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
526 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC message with ID 0x5e3ee705 |
527 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 |
528 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000 |
529 | 11 | Andreas Steffen | </pre> |
530 | 11 | Andreas Steffen | |
531 | 11 | Andreas Steffen | <pre> |
532 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] metadata request returned 1 file: |
533 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] 'tnc_config' (177 bytes) owner 0, group 0, type Regular |
534 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] created Jun 05 20:02:25 2015, modified Jun 05 20:02:25 2015, accessed Jun 05 20:02:25 2015 |
535 | 11 | Andreas Steffen | </pre> |
536 | 11 | Andreas Steffen | |
537 | 11 | Andreas Steffen | <pre> |
538 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] selected DH hash algorithm is HASH_SHA1 |
539 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] selected PTS DH group is ECP_256 |
540 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] nonce length is 20 |
541 | 11 | Andreas Steffen | </pre> |
542 | 11 | Andreas Steffen | |
543 | 11 | Andreas Steffen | <pre> |
544 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] initiator nonce: => 20 bytes @ 0x1ab4f40 |
545 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15 ......m...@..._. |
546 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: FB 4E 28 AD .N(. |
547 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] responder nonce: => 20 bytes @ 0x1aafba0 |
548 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0 =.r9:....0...".. |
549 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: B6 D1 2A 01 ..*. |
550 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] shared DH secret: => 32 bytes @ 0x1ab3078 |
551 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA _....9........:. |
552 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE .#...........QP. |
553 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] secret assessment value: => 20 bytes @ 0x1ab4f28 |
554 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C ...p.x...y.]|..| |
555 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: E0 E0 83 77 ...w |
556 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC message with ID 0xd27d5b33 |
557 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000 |
558 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000 |
559 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000 |
560 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
561 | 9 | Andreas Steffen | </pre> |
562 | 9 | Andreas Steffen | |
563 | 9 | Andreas Steffen | <pre> |
564 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling outbound connection |
565 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
566 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-TNC SDATA batch |
567 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] adding IETF/PB-PA message |
568 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 1 |
569 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
570 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[ENC] generating IKE_AUTH response 11 [ EAP/REQ/TTLS ] |
571 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes) |
572 | 11 | Andreas Steffen | </pre> |
573 | 11 | Andreas Steffen | |
574 | 11 | Andreas Steffen | <pre> |
575 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
576 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[ENC] parsed IKE_AUTH request 12 [ EAP/RES/TTLS ] |
577 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
578 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] received TNCCS batch (87 bytes) |
579 | 9 | Andreas Steffen | </pre> |
580 | 9 | Andreas Steffen | |
581 | 9 | Andreas Steffen | <pre> |
582 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling inbound connection |
583 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
584 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
585 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing IETF/PB-PA message (79 bytes) |
586 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
587 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
588 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC message with ID 0xda2a70e9 |
589 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 |
590 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000 |
591 | 11 | Andreas Steffen | </pre> |
592 | 11 | Andreas Steffen | |
593 | 11 | Andreas Steffen | <pre> |
594 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IMC] metadata request for file '/etc/tnc_config' |
595 | 11 | Andreas Steffen | </pre> |
596 | 11 | Andreas Steffen | |
597 | 11 | Andreas Steffen | <pre> |
598 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[PTS] selected PTS DH group is ECP_256 |
599 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[PTS] nonce length is 20 |
600 | 11 | Andreas Steffen | </pre> |
601 | 12 | Andreas Steffen | |
602 | 12 | Andreas Steffen | <pre> |
603 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC message with ID 0x676268aa |
604 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 |
605 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000 |
606 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
607 | 9 | Andreas Steffen | </pre> |
608 | 9 | Andreas Steffen | |
609 | 9 | Andreas Steffen | <pre> |
610 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling outbound connection |
611 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
612 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-TNC CDATA batch |
613 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] adding IETF/PB-PA message |
614 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 2 |
615 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
616 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[ENC] generating IKE_AUTH response 12 [ EAP/REQ/TTLS ] |
617 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes) |
618 | 11 | Andreas Steffen | </pre> |
619 | 11 | Andreas Steffen | |
620 | 11 | Andreas Steffen | <pre> |
621 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes) |
622 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[ENC] parsed IKE_AUTH request 13 [ EAP/RES/TTLS ] |
623 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
624 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] received TNCCS batch (902 bytes) |
625 | 9 | Andreas Steffen | </pre> |
626 | 9 | Andreas Steffen | |
627 | 9 | Andreas Steffen | <pre> |
628 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling inbound connection |
629 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
630 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
631 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing IETF/PB-PA message (894 bytes) |
632 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
633 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
634 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x641bcea1 |
635 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 |
636 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000 |
637 | 11 | Andreas Steffen | </pre> |
638 | 11 | Andreas Steffen | |
639 | 23 | Andreas Steffen | h3. Receiving TPM Version Information |
640 | 23 | Andreas Steffen | |
641 | 11 | Andreas Steffen | <pre> |
642 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX |
643 | 11 | Andreas Steffen | </pre> |
644 | 11 | Andreas Steffen | |
645 | 11 | Andreas Steffen | <pre> |
646 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] verifying AIK with keyid 56:5f:eb:9e:84:62:87:0d:ba:88:4c:e5:40:a0:76:8d:68:82:98:73 |
647 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK public key is trusted |
648 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[CFG] using trusted certificate "C=US, O=TNC Demo, CN=AIK CA" |
649 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK certificate is trusted |
650 | 11 | Andreas Steffen | </pre> |
651 | 11 | Andreas Steffen | |
652 | 11 | Andreas Steffen | <pre> |
653 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] evidence request by |
654 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
655 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0xed256fac |
656 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 |
657 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 |
658 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
659 | 9 | Andreas Steffen | </pre> |
660 | 9 | Andreas Steffen | |
661 | 9 | Andreas Steffen | <pre> |
662 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling outbound connection |
663 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
664 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-TNC SDATA batch |
665 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] adding IETF/PB-PA message |
666 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 1 |
667 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
668 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[ENC] generating IKE_AUTH response 13 [ EAP/REQ/TTLS ] |
669 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
670 | 11 | Andreas Steffen | </pre> |
671 | 11 | Andreas Steffen | |
672 | 11 | Andreas Steffen | <pre> |
673 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes) |
674 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[ENC] parsed IKE_AUTH request 14 [ EAP/RES/TTLS ] |
675 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
676 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] received TNCCS batch (172 bytes) |
677 | 9 | Andreas Steffen | </pre> |
678 | 9 | Andreas Steffen | |
679 | 9 | Andreas Steffen | <pre> |
680 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling inbound connection |
681 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
682 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
683 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing IETF/PB-PA message (164 bytes) |
684 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
685 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
686 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC message with ID 0xe1b84e91 |
687 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000 |
688 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000 |
689 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000 |
690 | 11 | Andreas Steffen | </pre> |
691 | 11 | Andreas Steffen | |
692 | 11 | Andreas Steffen | <pre> |
693 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] selected DH hash algorithm is HASH_SHA1 |
694 | 11 | Andreas Steffen | </pre> |
695 | 11 | Andreas Steffen | |
696 | 13 | Andreas Steffen | <pre> |
697 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] initiator nonce: => 20 bytes @ 0x1ab0dc0 |
698 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A '.Q..f.T.W.I.*}: |
699 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: F1 38 81 26 .8.& |
700 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] responder nonce: => 20 bytes @ 0x1ab2e48 |
701 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71 .H.R...n_..+..&q |
702 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 49 73 01 42 Is.B |
703 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] shared DH secret: => 32 bytes @ 0x1aac378 |
704 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11 ......"..5..pA{. |
705 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1 .<.2.=..s2... .. |
706 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] secret assessment value: => 20 bytes @ 0x1ab0d20 |
707 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F .........Q...;.. |
708 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 68 50 6C DE hPl. |
709 | 11 | Andreas Steffen | </pre> |
710 | 23 | Andreas Steffen | |
711 | 23 | Andreas Steffen | h3. Sending TPM Version Information |
712 | 11 | Andreas Steffen | |
713 | 11 | Andreas Steffen | <pre> |
714 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX |
715 | 11 | Andreas Steffen | </pre> |
716 | 11 | Andreas Steffen | |
717 | 11 | Andreas Steffen | <pre> |
718 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC message with ID 0x951e0284 |
719 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 |
720 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000 |
721 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
722 | 9 | Andreas Steffen | </pre> |
723 | 9 | Andreas Steffen | |
724 | 9 | Andreas Steffen | <pre> |
725 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling outbound connection |
726 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
727 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-TNC CDATA batch |
728 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] adding IETF/PB-PA message |
729 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 2 |
730 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
731 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[ENC] generating IKE_AUTH response 14 [ EAP/REQ/TTLS ] |
732 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes) |
733 | 14 | Andreas Steffen | </pre> |
734 | 14 | Andreas Steffen | |
735 | 14 | Andreas Steffen | <pre> |
736 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
737 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[ENC] parsed IKE_AUTH request 15 [ EAP/RES/TTLS ] |
738 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[ENC] generating IKE_AUTH response 15 [ EAP/REQ/TTLS ] |
739 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
740 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
741 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[ENC] parsed IKE_AUTH request 16 [ EAP/RES/TTLS ] |
742 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[ENC] generating IKE_AUTH response 16 [ EAP/REQ/TTLS ] |
743 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
744 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
745 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[ENC] parsed IKE_AUTH request 17 [ EAP/RES/TTLS ] |
746 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[ENC] generating IKE_AUTH response 17 [ EAP/REQ/TTLS ] |
747 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
748 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
749 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[ENC] parsed IKE_AUTH request 18 [ EAP/RES/TTLS ] |
750 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[ENC] generating IKE_AUTH response 18 [ EAP/REQ/TTLS ] |
751 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
752 | 4 | Andreas Steffen | ... |
753 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
754 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[ENC] parsed IKE_AUTH request 60 [ EAP/RES/TTLS ] |
755 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[ENC] generating IKE_AUTH response 60 [ EAP/REQ/TTLS ] |
756 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
757 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
758 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[ENC] parsed IKE_AUTH request 61 [ EAP/RES/TTLS ] |
759 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
760 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] received TNCCS batch (47615 bytes) |
761 | 9 | Andreas Steffen | </pre> |
762 | 9 | Andreas Steffen | |
763 | 9 | Andreas Steffen | <pre> |
764 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] TNC server is handling inbound connection |
765 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
766 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
767 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing IETF/PB-PA message (47607 bytes) |
768 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
769 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
770 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x2d059578 |
771 | 11 | Andreas Steffen | </pre> |
772 | 11 | Andreas Steffen | |
773 | 15 | Andreas Steffen | h3. Initiator Attestation Measurement Values |
774 | 15 | Andreas Steffen | |
775 | 11 | Andreas Steffen | <pre> |
776 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
777 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
778 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
779 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b |
780 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:boot_aggregate' |
781 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
782 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
783 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
784 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 |
785 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/init' |
786 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
787 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
788 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
789 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 |
790 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/sh' |
791 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
792 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
793 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
794 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e |
795 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' |
796 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
797 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
798 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
799 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 |
800 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/mkdir' |
801 | 1 | Andreas Steffen | ... |
802 | 2 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
803 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
804 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
805 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb |
806 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/usr/sbin/service' |
807 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
808 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
809 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
810 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce |
811 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/cp' |
812 | 16 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 |
813 | 11 | Andreas Steffen | </pre> |
814 | 11 | Andreas Steffen | |
815 | 16 | Andreas Steffen | h3. Verifying Initiator Measurements |
816 | 16 | Andreas Steffen | |
817 | 1 | Andreas Steffen | <pre> |
818 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] checking boot aggregate evidence measurement |
819 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 for '/init' not found |
820 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 for '/bin/sh' is ok |
821 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e for '/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' is ok |
822 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 for '/bin/mkdir' is ok |
823 | 1 | Andreas Steffen | ... |
824 | 3 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb for '/usr/sbin/service' is ok |
825 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce for '/bin/cp' is ok |
826 | 11 | Andreas Steffen | </pre> |
827 | 1 | Andreas Steffen | |
828 | 16 | Andreas Steffen | h3. Verifying Initiator TPM Quote Signature |
829 | 16 | Andreas Steffen | |
830 | 11 | Andreas Steffen | <pre> |
831 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite: => 29 bytes @ 0x1b27188 |
832 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 0: 00 03 00 04 00 00 00 00 14 F7 5E 84 36 2B C2 83 ..........^.6+.. |
833 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 16: 28 8E 90 7E B3 39 45 74 33 60 2E B7 8E (..~.9Et3`... |
834 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite hash: 58:f2:83:91:d6:a8:df:3d:3e:c6:33:c7:24:93:9f:9c:22:a2:01:20 |
835 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed TPM Quote Info: => 52 bytes @ 0x1b27e68 |
836 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 0: 00 36 51 55 54 32 D8 9D 1E 70 CE 78 C3 13 F2 79 .6QUT2...p.x...y |
837 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 16: BA 5D 7C E5 05 7C E0 E0 83 77 00 03 00 04 00 01 .]|..|...w...... |
838 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 32: 58 F2 83 91 D6 A8 DF 3D 3E C6 33 C7 24 93 9F 9C X......=>.3.$... |
839 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 48: 22 A2 01 20 ".. |
840 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] received PCR Composite matches constructed one |
841 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] TPM Quote Info signature verification successful |
842 | 11 | Andreas Steffen | </pre> |
843 | 11 | Andreas Steffen | |
844 | 11 | Andreas Steffen | <pre> |
845 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed |
846 | 11 | Andreas Steffen | </pre> |
847 | 11 | Andreas Steffen | |
848 | 11 | Andreas Steffen | <pre> |
849 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 handled TPMRA workitem 18: allow - processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed |
850 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0x57254d62 |
851 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 |
852 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
853 | 19 | Andreas Steffen | </pre> |
854 | 19 | Andreas Steffen | |
855 | 19 | Andreas Steffen | h3. Sending Assessment Result |
856 | 19 | Andreas Steffen | |
857 | 19 | Andreas Steffen | <pre> |
858 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant' |
859 | 9 | Andreas Steffen | </pre> |
860 | 9 | Andreas Steffen | |
861 | 9 | Andreas Steffen | <pre> |
862 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] TNC server is handling outbound connection |
863 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: recommendation for access requestor 10.10.1.39 is allow |
864 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: imv_policy_manager stop successful |
865 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Allowed' |
866 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Decided' |
867 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-TNC RESULT batch |
868 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-PA message |
869 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Assessment-Result message |
870 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Access-Recommendation message |
871 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 1 |
872 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
873 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[ENC] generating IKE_AUTH response 61 [ EAP/REQ/TTLS ] |
874 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
875 | 11 | Andreas Steffen | </pre> |
876 | 11 | Andreas Steffen | |
877 | 11 | Andreas Steffen | <pre> |
878 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
879 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[ENC] parsed IKE_AUTH request 62 [ EAP/RES/TTLS ] |
880 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
881 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] received TNCCS batch (80 bytes) |
882 | 9 | Andreas Steffen | </pre> |
883 | 9 | Andreas Steffen | |
884 | 9 | Andreas Steffen | <pre> |
885 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] TNC client is handling inbound connection |
886 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
887 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
888 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing IETF/PB-PA message (72 bytes) |
889 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
890 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
891 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC message with ID 0xc8f4500b |
892 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 |
893 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 |
894 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[IMC] evidence requested for 1 functional components |
895 | 11 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
896 | 1 | Andreas Steffen | </pre> |
897 | 15 | Andreas Steffen | |
898 | 16 | Andreas Steffen | h3. Responder Attestation Measurement Values |
899 | 11 | Andreas Steffen | |
900 | 11 | Andreas Steffen | <pre> |
901 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (451 entries) |
902 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
903 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
904 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b |
905 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:boot_aggregate' |
906 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
907 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
908 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 |
909 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/init' |
910 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
911 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
912 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 |
913 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/sh' |
914 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
915 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
916 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e |
917 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' |
918 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
919 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
920 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 |
921 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/mkdir' |
922 | 4 | Andreas Steffen | ... |
923 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
924 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
925 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2 |
926 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/bin/clear_console' |
927 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
928 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
929 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33 |
930 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/libexec/ipsec/stroke' |
931 | 1 | Andreas Steffen | </pre> |
932 | 16 | Andreas Steffen | |
933 | 17 | Andreas Steffen | h3. Generating Responder TPM Quote Signature |
934 | 11 | Andreas Steffen | |
935 | 11 | Andreas Steffen | <pre> |
936 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] Hash of PCR Composite: c4:6a:f4:fa:82:39:a6:7a:80:fe:4e:d2:7e:a5:05:b3:1e:60:4f:ff |
937 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Info: => 52 bytes @ 0x1ae0580 |
938 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 0: 00 36 51 55 54 32 B2 E0 AB DF 89 C5 1D B2 A3 51 .6QUT2.........Q |
939 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 16: FD A9 C8 3B F8 7F 68 50 6C DE 00 03 00 04 00 01 ...;..hPl....... |
940 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 32: C4 6A F4 FA 82 39 A6 7A 80 FE 4E D2 7E A5 05 B3 .j...9.z..N.~... |
941 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 48: 1E 60 4F FF .`O. |
942 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Signature: => 256 bytes @ 0x1ae0c00 |
943 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 0: 6C 25 B7 58 F9 5C CA CA 86 6F 9A BD 24 2E 32 D9 l%.X.\...o..$.2. |
944 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 16: 36 DD 4F DF 37 09 1E 60 56 45 0E B4 32 52 A2 6A 6.O.7..`VE..2R.j |
945 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 32: B4 A5 27 59 79 25 F2 DC A1 05 14 5C 0C 71 DD DC ..'Yy%.....\.q.. |
946 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 48: 96 31 9C 69 DD 60 AC 51 70 95 47 48 62 FF 40 DC .1.i.`.Qp.GHb.@. |
947 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 64: FF FF C3 55 5D 1C DF E2 D6 4B 8E 4F BF 0A 47 CC ...U]....K.O..G. |
948 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 80: 1E C5 42 7D 3B 39 C4 4D 6A A0 A4 CD 3E E3 E6 C6 ..B};9.Mj...>... |
949 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 96: A1 DB F1 AF F3 2B 48 0D 74 60 A3 B3 E3 43 5E 22 .....+H.t`...C^" |
950 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 112: 99 EC 5B 23 FD 57 D4 1F 97 32 28 DC 4A 38 36 15 ..[#.W...2(.J86. |
951 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 128: 75 57 53 18 21 29 5C CD 8F C6 66 60 70 7C 47 0F uWS.!)\...f`p|G. |
952 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 144: 9B 7B FE BA 29 80 0C 87 11 41 81 95 6D 74 6B FA .{..)....A..mtk. |
953 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 160: 4D 5F F7 23 C4 60 D2 2A C2 16 08 EA AF 59 CC D2 M_.#.`.*.....Y.. |
954 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 176: 18 EC 20 18 5B 1D 42 72 E1 C8 33 02 A1 37 ED EA .. .[.Br..3..7.. |
955 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 192: B8 CD CA 2B 83 D3 B2 77 1C 45 2D C7 36 FA E6 88 ...+...w.E-.6... |
956 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 208: 93 C3 BE D9 26 31 A5 59 3D 20 24 B1 0F F3 04 5C ....&1.Y= $....\ |
957 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 224: 93 FA 8C 09 3E C3 FF E0 A1 EB 03 58 0B AB 08 89 ....>......X.... |
958 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 240: BA A4 22 ED AB D6 BA 7C 65 8D B6 75 5C 7C 67 28 .."....|e..u\|g( |
959 | 18 | Andreas Steffen | </pre> |
960 | 18 | Andreas Steffen | |
961 | 18 | Andreas Steffen | <pre> |
962 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC message with ID 0xed64f7ab |
963 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
964 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
965 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
966 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
967 | 5 | Andreas Steffen | ... |
968 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
969 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
970 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 |
971 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
972 | 9 | Andreas Steffen | </pre> |
973 | 9 | Andreas Steffen | |
974 | 9 | Andreas Steffen | <pre> |
975 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] TNC client is handling outbound connection |
976 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
977 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-TNC CDATA batch |
978 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] adding IETF/PB-PA message |
979 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] sending PB-TNC CDATA batch (49524 bytes) for Connection ID 2 |
980 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
981 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[ENC] generating IKE_AUTH response 62 [ EAP/REQ/TTLS ] |
982 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
983 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
984 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[ENC] parsed IKE_AUTH request 63 [ EAP/RES/TTLS ] |
985 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[ENC] generating IKE_AUTH response 63 [ EAP/REQ/TTLS ] |
986 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
987 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
988 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[ENC] parsed IKE_AUTH request 64 [ EAP/RES/TTLS ] |
989 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[ENC] generating IKE_AUTH response 64 [ EAP/REQ/TTLS ] |
990 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
991 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
992 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[ENC] parsed IKE_AUTH request 65 [ EAP/RES/TTLS ] |
993 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[ENC] generating IKE_AUTH response 65 [ EAP/REQ/TTLS ] |
994 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
995 | 5 | Andreas Steffen | ... |
996 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
997 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[ENC] parsed IKE_AUTH request 109 [ EAP/RES/TTLS ] |
998 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[ENC] generating IKE_AUTH response 109 [ EAP/REQ/TTLS ] |
999 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
1000 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
1001 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[ENC] parsed IKE_AUTH request 110 [ EAP/RES/TTLS ] |
1002 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[ENC] generating IKE_AUTH response 110 [ EAP/REQ/TTLS ] |
1003 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1040 bytes) |
1004 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
1005 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[ENC] parsed IKE_AUTH request 111 [ EAP/RES/TTLS ] |
1006 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
1007 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] received TNCCS batch (88 bytes) |
1008 | 9 | Andreas Steffen | </pre> |
1009 | 9 | Andreas Steffen | |
1010 | 9 | Andreas Steffen | <pre> |
1011 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling inbound connection |
1012 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PB-TNC RESULT batch for Connection ID 2 |
1013 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Decided' |
1014 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-PA message (48 bytes) |
1015 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Assessment-Result message (16 bytes) |
1016 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Access-Recommendation message (16 bytes) |
1017 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
1018 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
1019 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC message with ID 0x4077e3ed |
1020 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 |
1021 | 11 | Andreas Steffen | </pre> |
1022 | 19 | Andreas Steffen | |
1023 | 19 | Andreas Steffen | h3. Receiving Assessment Result |
1024 | 11 | Andreas Steffen | |
1025 | 11 | Andreas Steffen | <pre> |
1026 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 ***** |
1027 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] assessment result is 'compliant' |
1028 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** end of assessment ***** |
1029 | 11 | Andreas Steffen | </pre> |
1030 | 11 | Andreas Steffen | |
1031 | 11 | Andreas Steffen | <pre> |
1032 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC assessment result is 'compliant' |
1033 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC access recommendation is 'Access Allowed' |
1034 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Allowed' |
1035 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Allowed' |
1036 | 9 | Andreas Steffen | </pre> |
1037 | 9 | Andreas Steffen | |
1038 | 9 | Andreas Steffen | <pre> |
1039 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling outbound connection |
1040 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End' |
1041 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] creating PB-TNC CLOSE batch |
1042 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 2 |
1043 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
1044 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[ENC] generating IKE_AUTH response 111 [ EAP/REQ/TTLS ] |
1045 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) |
1046 | 11 | Andreas Steffen | </pre> |
1047 | 11 | Andreas Steffen | |
1048 | 11 | Andreas Steffen | <pre> |
1049 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes) |
1050 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[ENC] parsed IKE_AUTH request 112 [ EAP/RES/TTLS ] |
1051 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
1052 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] received TNCCS batch (8 bytes) |
1053 | 9 | Andreas Steffen | </pre> |
1054 | 9 | Andreas Steffen | |
1055 | 9 | Andreas Steffen | <pre> |
1056 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] TNC server is handling inbound connection |
1057 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] processing PB-TNC CLOSE batch for Connection ID 1 |
1058 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] PB-TNC state transition from 'Decided' to 'End' |
1059 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] final recommendation is 'allow' and evaluation is 'compliant' |
1060 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforced on peer 'raspi3.example.com' is 'allow' |
1061 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforcement point added group membership 'allow' |
1062 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP_TTLS phase2 authentication of 'raspi3.example.com' with EAP_PT_EAP successful |
1063 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IMV] IMV 1 "Attestation" deleted the state of Connection ID 1 |
1064 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 1 |
1065 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 1 "OS" deleted the state of Connection ID 2 |
1066 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 2 "Attestation" deleted the state of Connection ID 2 |
1067 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 2 |
1068 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP method EAP_TTLS succeeded, MSK established |
1069 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[ENC] generating IKE_AUTH response 112 [ EAP/SUCC ] |
1070 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
1071 | 11 | Andreas Steffen | </pre> |
1072 | 11 | Andreas Steffen | |
1073 | 11 | Andreas Steffen | <pre> |
1074 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (112 bytes) |
1075 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[ENC] parsed IKE_AUTH request 113 [ AUTH ] |
1076 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi3.example.com' with EAP successful |
1077 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi4.example.com' (myself) with EAP |
1078 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] IKE_SA peer[1] established between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
1079 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] scheduling reauthentication in 10143s |
1080 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] maximum IKE_SA lifetime 10683s |
1081 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] CHILD_SA peer{1} established with SPIs ce21eedf_i c12c1aae_o and TS 10.10.1.40/32 === 10.10.1.39/32 |
1082 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[ENC] generating IKE_AUTH response 113 [ AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ] |
1083 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (240 bytes) |
1084 | 10 | Andreas Steffen | </pre> |
1085 | 10 | Andreas Steffen | |
1086 | 24 | Andreas Steffen | h2. strongTNC Policy Manager |
1087 | 24 | Andreas Steffen | |
1088 | 24 | Andreas Steffen | !tnc4.png! |
1089 | 24 | Andreas Steffen | |
1090 | 24 | Andreas Steffen | This screenshot of the strongTNC policy manager running on *raspi4* shows that the attestation of *raspi3* has been successful. |
1091 | 24 | Andreas Steffen | |
1092 | 24 | Andreas Steffen | h2. IPsec Connection established |
1093 | 24 | Andreas Steffen | |
1094 | 24 | Andreas Steffen | The command |
1095 | 24 | Andreas Steffen | <pre> |
1096 | 24 | Andreas Steffen | raspi4# ipsec statusall |
1097 | 24 | Andreas Steffen | </pre> |
1098 | 24 | Andreas Steffen | |
1099 | 24 | Andreas Steffen | shows that the IPsec transport connection between *raspi4* and *raspi3* has been successfully established. |
1100 | 24 | Andreas Steffen | <pre> |
1101 | 24 | Andreas Steffen | Status of IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l): |
1102 | 24 | Andreas Steffen | uptime: 2 minutes, since Aug 15 14:45:50 2015 |
1103 | 24 | Andreas Steffen | malloc: sbrk 1941504, mmap 0, used 1440680, free 500824 |
1104 | 24 | Andreas Steffen | worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 |
1105 | 24 | Andreas Steffen | loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
1106 | 24 | Andreas Steffen | Listening IP addresses: |
1107 | 24 | Andreas Steffen | 10.10.1.40 |
1108 | 24 | Andreas Steffen | Connections: |
1109 | 24 | Andreas Steffen | peer: 10.10.1.40...10.10.1.39 IKEv2 |
1110 | 24 | Andreas Steffen | peer: local: [raspi4.example.com] uses EAP_TTLS authentication |
1111 | 24 | Andreas Steffen | peer: cert: "C=US, O=TNC Demo, CN=raspi4.example.com" |
1112 | 24 | Andreas Steffen | peer: remote: [raspi3.example.com] uses EAP_TTLS authentication |
1113 | 24 | Andreas Steffen | peer: child: dynamic === dynamic TRANSPORT |
1114 | 24 | Andreas Steffen | Security Associations (1 up, 0 connecting): |
1115 | 24 | Andreas Steffen | peer[1]: ESTABLISHED 2 minutes ago, 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
1116 | 24 | Andreas Steffen | peer[1]: IKEv2 SPIs: 168d780b16692776_i 24a43cb75417ebe5_r*, EAP reauthentication in 2 hours |
1117 | 24 | Andreas Steffen | peer[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 |
1118 | 24 | Andreas Steffen | peer{1}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: ce21eedf_i c12c1aae_o |
1119 | 24 | Andreas Steffen | peer{1}: AES_CBC_128/HMAC_SHA2_256_128, 640 bytes_i (10 pkts, 48s ago), 640 bytes_o (10 pkts, 48s ago), rekeying in 46 minutes |
1120 | 24 | Andreas Steffen | peer{1}: 10.10.1.40/32 === 10.10.1.39/32 |
1121 | 24 | Andreas Steffen | </pre> |
1122 | 24 | Andreas Steffen | |
1123 | 10 | Andreas Steffen | h2. Terminating the IPsec Connection |
1124 | 10 | Andreas Steffen | |
1125 | 10 | Andreas Steffen | <pre> |
1126 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
1127 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[ENC] parsed INFORMATIONAL request 114 [ D ] |
1128 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[IKE] received DELETE for IKE_SA peer[1] |
1129 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[IKE] deleting IKE_SA peer[1] between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
1130 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[IKE] IKE_SA deleted |
1131 | 1 | Andreas Steffen | Aug 15 14:49:05 raspi4 charon: 05[ENC] generating INFORMATIONAL response 114 [ ] |
1132 | 1 | Andreas Steffen | Aug 15 14:49:05 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
1133 | 10 | Andreas Steffen | </pre> |
1134 | 10 | Andreas Steffen | |
1135 | 10 | Andreas Steffen | h2. Stopping the IKEv2 Daemon |
1136 | 10 | Andreas Steffen | |
1137 | 10 | Andreas Steffen | <pre> |
1138 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[DMN] signal of type SIGINT received. Shutting down |
1139 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 2 "Attestation" terminated |
1140 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 1 "OS" terminated |
1141 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[IMV] IMV 1 "Attestation" terminated |
1142 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[PTS] removed TCG functional component namespace |
1143 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[PTS] removed ITA-HSR functional component namespace |
1144 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[TNC] removed IETF attributes |
1145 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[TNC] removed ITA-HSR attributes |
1146 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[TNC] removed TCG attributes |
1147 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[LIB] libimcv terminated |
1148 | 1 | Andreas Steffen | </pre> |