Raspi 4 - Responding IoT Device » History » Version 25
Andreas Steffen, 16.08.2015 12:08
1 | 4 | Andreas Steffen | {{>toc}} |
---|---|---|---|
2 | 4 | Andreas Steffen | |
3 | 1 | Andreas Steffen | h1. Raspi 4 - Responding IoT Device |
4 | 1 | Andreas Steffen | |
5 | 6 | Andreas Steffen | h2. Configuration Files |
6 | 6 | Andreas Steffen | |
7 | 1 | Andreas Steffen | strongSwan IPsec configuration file */etc/ipsec.conf* |
8 | 1 | Andreas Steffen | <pre> |
9 | 1 | Andreas Steffen | config setup |
10 | 1 | Andreas Steffen | charondebug="tnc 2, imc 2, imv 2, pts 3" |
11 | 1 | Andreas Steffen | |
12 | 1 | Andreas Steffen | conn %default |
13 | 1 | Andreas Steffen | ike=aes128-sha256-ecp256! |
14 | 1 | Andreas Steffen | esp=aes128-sha256-ecp256! |
15 | 1 | Andreas Steffen | keyexchange=ikev2 |
16 | 1 | Andreas Steffen | |
17 | 1 | Andreas Steffen | conn peer |
18 | 1 | Andreas Steffen | left=10.10.1.40 |
19 | 1 | Andreas Steffen | leftauth=eap-ttls |
20 | 1 | Andreas Steffen | leftcert=raspi4Cert.pem |
21 | 1 | Andreas Steffen | leftid=raspi4.example.com |
22 | 1 | Andreas Steffen | leftfirewall=yes |
23 | 1 | Andreas Steffen | right=10.10.1.39 |
24 | 1 | Andreas Steffen | rightauth=eap-ttls |
25 | 1 | Andreas Steffen | rightid=raspi3.example.com |
26 | 1 | Andreas Steffen | type=transport |
27 | 1 | Andreas Steffen | auto=add |
28 | 1 | Andreas Steffen | </pre> |
29 | 1 | Andreas Steffen | |
30 | 1 | Andreas Steffen | strongSwan IPsec secrets file */etc/ipsec.secrets* |
31 | 1 | Andreas Steffen | <pre> |
32 | 1 | Andreas Steffen | : RSA raspi4Key.pem |
33 | 1 | Andreas Steffen | </pre> |
34 | 1 | Andreas Steffen | |
35 | 1 | Andreas Steffen | strongSwan configuration file */etc/strongswan.conf* |
36 | 1 | Andreas Steffen | <pre> |
37 | 1 | Andreas Steffen | charon { |
38 | 1 | Andreas Steffen | load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
39 | 1 | Andreas Steffen | |
40 | 1 | Andreas Steffen | half_open_timeout = 90 |
41 | 1 | Andreas Steffen | |
42 | 1 | Andreas Steffen | plugins { |
43 | 1 | Andreas Steffen | eap-ttls |
44 | 1 | Andreas Steffen | { |
45 | 1 | Andreas Steffen | max_message_count = 0 |
46 | 1 | Andreas Steffen | request_peer_auth = yes |
47 | 1 | Andreas Steffen | phase2_piggyback = yes |
48 | 1 | Andreas Steffen | phase2_tnc = yes |
49 | 1 | Andreas Steffen | } |
50 | 1 | Andreas Steffen | eap-tnc { |
51 | 1 | Andreas Steffen | max_message_count = 0 |
52 | 1 | Andreas Steffen | } |
53 | 1 | Andreas Steffen | tnccs-20 { |
54 | 1 | Andreas Steffen | mutual = yes |
55 | 1 | Andreas Steffen | } |
56 | 1 | Andreas Steffen | } |
57 | 1 | Andreas Steffen | } |
58 | 1 | Andreas Steffen | |
59 | 1 | Andreas Steffen | libimcv { |
60 | 1 | Andreas Steffen | database = sqlite:///etc/pts/config.db |
61 | 1 | Andreas Steffen | policy_script = ipsec imv_policy_manager |
62 | 1 | Andreas Steffen | |
63 | 1 | Andreas Steffen | plugins { |
64 | 1 | Andreas Steffen | imc-os { |
65 | 1 | Andreas Steffen | device_pubkey = /etc/pts/aik4Pub.der |
66 | 1 | Andreas Steffen | } |
67 | 1 | Andreas Steffen | imc-attestation { |
68 | 1 | Andreas Steffen | aik_blob = /etc/pts/aik4Blob.bin |
69 | 1 | Andreas Steffen | aik_cert = /etc/pts/aik4Cert.der |
70 | 1 | Andreas Steffen | } |
71 | 1 | Andreas Steffen | imv-attestation { |
72 | 1 | Andreas Steffen | cadir = /etc/pts/cacerts |
73 | 1 | Andreas Steffen | hash_algorithm = sha1 |
74 | 1 | Andreas Steffen | } |
75 | 1 | Andreas Steffen | } |
76 | 1 | Andreas Steffen | } |
77 | 1 | Andreas Steffen | |
78 | 1 | Andreas Steffen | libtls { |
79 | 1 | Andreas Steffen | suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
80 | 1 | Andreas Steffen | } |
81 | 1 | Andreas Steffen | |
82 | 1 | Andreas Steffen | pt-tls-client { |
83 | 1 | Andreas Steffen | load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl |
84 | 1 | Andreas Steffen | } |
85 | 1 | Andreas Steffen | |
86 | 1 | Andreas Steffen | attest { |
87 | 1 | Andreas Steffen | database=sqlite:///etc/pts/config.db |
88 | 1 | Andreas Steffen | } |
89 | 1 | Andreas Steffen | </pre> |
90 | 1 | Andreas Steffen | |
91 | 25 | Andreas Steffen | In order to do mutual attestation, both IMCs and IMVs are loaded via */etc/tnc_config*. |
92 | 25 | Andreas Steffen | <pre> |
93 | 25 | Andreas Steffen | IMC "OS" /usr/lib/ipsec/imcvs/imc-os.so |
94 | 25 | Andreas Steffen | IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so |
95 | 25 | Andreas Steffen | IMV "Attestation" /usr/lib/ipsec/imcvs/imv-attestation.so |
96 | 25 | Andreas Steffen | </pre> |
97 | 25 | Andreas Steffen | |
98 | 6 | Andreas Steffen | h2. Starting the IKEv2 Daemon |
99 | 6 | Andreas Steffen | |
100 | 6 | Andreas Steffen | First the IKEv2 charon daemon is started in the background |
101 | 1 | Andreas Steffen | <pre> |
102 | 6 | Andreas Steffen | raspi4# ipsec start |
103 | 6 | Andreas Steffen | </pre> |
104 | 6 | Andreas Steffen | |
105 | 6 | Andreas Steffen | <pre> |
106 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l) |
107 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] TNC recommendation policy is 'default' |
108 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMVs from '/etc/tnc_config' |
109 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] added IETF attributes |
110 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] added ITA-HSR attributes |
111 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] added TCG attributes |
112 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added TCG functional component namespace |
113 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component namespace |
114 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader' |
115 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot' |
116 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA' |
117 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[LIB] libimcv initialized |
118 | 6 | Andreas Steffen | </pre> |
119 | 6 | Andreas Steffen | |
120 | 6 | Andreas Steffen | Loading Attestation IMV |
121 | 6 | Andreas Steffen | <pre> |
122 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMV] IMV 1 "Attestation" initialized |
123 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts' |
124 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem' |
125 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available |
126 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available |
127 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available |
128 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available |
129 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available |
130 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available |
131 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available |
132 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available |
133 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001 |
134 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so' |
135 | 6 | Andreas Steffen | </pre> |
136 | 6 | Andreas Steffen | |
137 | 6 | Andreas Steffen | Loading OS IMC |
138 | 6 | Andreas Steffen | <pre> |
139 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMCs from '/etc/tnc_config' |
140 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 1 "OS" initialized |
141 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] processing "/etc/debian_version" file |
142 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system name is 'Debian' |
143 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system version is '7.8 armv7l' |
144 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001 |
145 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so' |
146 | 6 | Andreas Steffen | </pre> |
147 | 6 | Andreas Steffen | |
148 | 6 | Andreas Steffen | Loading Attestation IMC |
149 | 6 | Andreas Steffen | <pre> |
150 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 2 "Attestation" initialized |
151 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available |
152 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available |
153 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available |
154 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available |
155 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available |
156 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available |
157 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available |
158 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available |
159 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001 |
160 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so' |
161 | 6 | Andreas Steffen | </pre> |
162 | 6 | Andreas Steffen | |
163 | 6 | Andreas Steffen | Initializing IKE daemon |
164 | 6 | Andreas Steffen | <pre> |
165 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' |
166 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem' |
167 | 6 | Andreas Steffen | '/etc/ipsec.d/cacerts/MSE_CA_Cert.pem' |
168 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' |
169 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' |
170 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' |
171 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' |
172 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' |
173 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/raspi4Key.pem' |
174 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
175 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[JOB] spawning 16 worker threads |
176 | 6 | Andreas Steffen | </pre> |
177 | 6 | Andreas Steffen | |
178 | 6 | Andreas Steffen | Loading *peer* IPsec connection |
179 | 6 | Andreas Steffen | <pre> |
180 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 06[CFG] received stroke: add connection 'peer' |
181 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 06[CFG] loaded certificate "C=US, O=TNC Demo, CN=raspi4.example.com" from 'raspi4Cert.pem' |
182 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 06[CFG] added configuration 'peer' |
183 | 6 | Andreas Steffen | </pre> |
184 | 6 | Andreas Steffen | |
185 | 6 | Andreas Steffen | h2. Responding to IPsec Connection Setup |
186 | 6 | Andreas Steffen | |
187 | 6 | Andreas Steffen | <pre> |
188 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[NET] received packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes) |
189 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] |
190 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[IKE] 10.10.1.39 is initiating an IKE_SA |
191 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" |
192 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ] |
193 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes) |
194 | 6 | Andreas Steffen | </pre> |
195 | 6 | Andreas Steffen | |
196 | 6 | Andreas Steffen | <pre> |
197 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes) |
198 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] |
199 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" |
200 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[CFG] looking for peer configs matching 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
201 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[CFG] selected peer config 'peer' |
202 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[IKE] initiating EAP_TTLS method (id 0xDB) |
203 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[IKE] peer supports MOBIKE |
204 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[ENC] generating IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ] |
205 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes) |
206 | 6 | Andreas Steffen | </pre> |
207 | 6 | Andreas Steffen | |
208 | 6 | Andreas Steffen | <pre> |
209 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes) |
210 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TTLS ] |
211 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
212 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com' |
213 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA' |
214 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA' |
215 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TTLS ] |
216 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
217 | 6 | Andreas Steffen | </pre> |
218 | 6 | Andreas Steffen | |
219 | 6 | Andreas Steffen | <pre> |
220 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
221 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TTLS ] |
222 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TTLS ] |
223 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes) |
224 | 6 | Andreas Steffen | </pre> |
225 | 6 | Andreas Steffen | |
226 | 6 | Andreas Steffen | <pre> |
227 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
228 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TTLS ] |
229 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TTLS ] |
230 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
231 | 6 | Andreas Steffen | </pre> |
232 | 6 | Andreas Steffen | |
233 | 6 | Andreas Steffen | <pre> |
234 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes) |
235 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TTLS ] |
236 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[TLS] received TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com' |
237 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] using certificate "C=US, O=TNC Demo, CN=raspi3.example.com" |
238 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" |
239 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi3.example.com" |
240 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] certificate status is not available |
241 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] reached self-signed root ca with a path length of 0 |
242 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/ID] |
243 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TTLS ] |
244 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
245 | 6 | Andreas Steffen | </pre> |
246 | 6 | Andreas Steffen | |
247 | 6 | Andreas Steffen | <pre> |
248 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes) |
249 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TTLS ] |
250 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/RES/ID] |
251 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] received EAP identity 'raspi3.example.com' |
252 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] phase2 method EAP_PT_EAP selected |
253 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
254 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TTLS ] |
255 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) |
256 | 6 | Andreas Steffen | </pre> |
257 | 6 | Andreas Steffen | |
258 | 6 | Andreas Steffen | <pre> |
259 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes) |
260 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ] |
261 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
262 | 6 | Andreas Steffen | </pre> |
263 | 6 | Andreas Steffen | |
264 | 10 | Andreas Steffen | h2. Start of Mutual Attestation |
265 | 10 | Andreas Steffen | |
266 | 21 | Andreas Steffen | h3. Assigning Connection to TNC Server |
267 | 21 | Andreas Steffen | |
268 | 6 | Andreas Steffen | <pre> |
269 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] assigned TNCCS Connection ID 1 |
270 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh |
271 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes |
272 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] user AR identity 'raspi3.example.com' of type username authenticated by certificate |
273 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] machine AR identity '10.10.1.39' of type IPv4 address authenticated by unknown method |
274 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Handshake' |
275 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] received TNCCS batch (283 bytes) |
276 | 6 | Andreas Steffen | </pre> |
277 | 6 | Andreas Steffen | |
278 | 6 | Andreas Steffen | <pre> |
279 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] TNC server is handling inbound connection |
280 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
281 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] PB-TNC state transition from 'Init' to 'Server Working' |
282 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes) |
283 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-Language-Preference message (31 bytes) |
284 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-PA message (228 bytes) |
285 | 6 | Andreas Steffen | </pre> |
286 | 6 | Andreas Steffen | |
287 | 6 | Andreas Steffen | <pre> |
288 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] activating mutual PB-TNC half duplex protocol |
289 | 6 | Andreas Steffen | </pre> |
290 | 6 | Andreas Steffen | |
291 | 7 | Andreas Steffen | <pre> |
292 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] setting language preference to 'en' |
293 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 |
294 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 1 |
295 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC message with ID 0x83cf019d |
296 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 |
297 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 |
298 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 |
299 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 |
300 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b |
301 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c |
302 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 |
303 | 6 | Andreas Steffen | </pre> |
304 | 6 | Andreas Steffen | |
305 | 20 | Andreas Steffen | h3. Receiving OS Information |
306 | 20 | Andreas Steffen | |
307 | 6 | Andreas Steffen | <pre> |
308 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system name is 'Debian' from vendor Debian Project |
309 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system version is '7.8 armv7l' |
310 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] device ID is 565feb9e8462870dba884ce540a0768d68829873 |
311 | 6 | Andreas Steffen | </pre> |
312 | 6 | Andreas Steffen | |
313 | 22 | Andreas Steffen | h3. Starting Session with Policy Manager |
314 | 22 | Andreas Steffen | |
315 | 6 | Andreas Steffen | <pre> |
316 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] assigned session ID 3 to Connection ID 1 |
317 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: imv_policy_manager start successful |
318 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: skipping enforcment 6 |
319 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] FWDEN workitem 13 |
320 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] FMETA workitem 14 |
321 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] PCKGS workitem 15 |
322 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] TCPOP workitem 16 |
323 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] UDPOP workitem 17 |
324 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] TPMRA workitem 18 |
325 | 6 | Andreas Steffen | </pre> |
326 | 6 | Andreas Steffen | |
327 | 6 | Andreas Steffen | <pre> |
328 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001 |
329 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes |
330 | 6 | Andreas Steffen | </pre> |
331 | 6 | Andreas Steffen | |
332 | 6 | Andreas Steffen | <pre> |
333 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC message with ID 0x42501f74 |
334 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 |
335 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 |
336 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 |
337 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
338 | 6 | Andreas Steffen | </pre> |
339 | 6 | Andreas Steffen | |
340 | 6 | Andreas Steffen | <pre> |
341 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] TNC server is handling outbound connection |
342 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
343 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-TNC SDATA batch |
344 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] adding ITA-HSR/PB-Mutual-Capability message |
345 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] adding IETF/PB-PA message |
346 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 1 |
347 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
348 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ] |
349 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes) |
350 | 6 | Andreas Steffen | </pre> |
351 | 6 | Andreas Steffen | |
352 | 6 | Andreas Steffen | <pre> |
353 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes) |
354 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ] |
355 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
356 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] received TNCCS batch (8 bytes) |
357 | 21 | Andreas Steffen | </pre> |
358 | 21 | Andreas Steffen | |
359 | 21 | Andreas Steffen | h3. Assigning Connection to TNC Client |
360 | 21 | Andreas Steffen | |
361 | 21 | Andreas Steffen | <pre> |
362 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] assigned TNCCS Connection ID 2 |
363 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh |
364 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes |
365 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK certificate from '/etc/pts/aik4Cert.der' |
366 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK Blob from '/etc/pts/aik4Blob.bin' |
367 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh |
368 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes |
369 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Handshake' |
370 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Handshake' |
371 | 6 | Andreas Steffen | </pre> |
372 | 20 | Andreas Steffen | |
373 | 20 | Andreas Steffen | h3. Sending OS Information |
374 | 6 | Andreas Steffen | |
375 | 6 | Andreas Steffen | <pre> |
376 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] operating system numeric version is 7.8 |
377 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] last boot: Aug 15 07:56:45 UTC 2015, 17363 s ago |
378 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IPv4 forwarding is disabled |
379 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] factory default password is disabled |
380 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] loaded device public key from '/etc/pts/aik4Pub.der' |
381 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c |
382 | 6 | Andreas Steffen | </pre> |
383 | 6 | Andreas Steffen | |
384 | 6 | Andreas Steffen | <pre> |
385 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC message with ID 0x366c28ea |
386 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 |
387 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 |
388 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 |
389 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 |
390 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b |
391 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c |
392 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 |
393 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 |
394 | 6 | Andreas Steffen | </pre> |
395 | 6 | Andreas Steffen | |
396 | 6 | Andreas Steffen | <pre> |
397 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling inbound connection |
398 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
399 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Init' to 'Client Working' |
400 | 9 | Andreas Steffen | </pre> |
401 | 9 | Andreas Steffen | |
402 | 9 | Andreas Steffen | <pre> |
403 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling outbound connection |
404 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
405 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-TNC CDATA batch |
406 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-Language-Preference message |
407 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-PA message |
408 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] sending PB-TNC CDATA batch (267 bytes) for Connection ID 2 |
409 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
410 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ] |
411 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes) |
412 | 6 | Andreas Steffen | </pre> |
413 | 6 | Andreas Steffen | |
414 | 6 | Andreas Steffen | <pre> |
415 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
416 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ] |
417 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
418 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] received TNCCS batch (92 bytes) |
419 | 6 | Andreas Steffen | </pre> |
420 | 6 | Andreas Steffen | |
421 | 6 | Andreas Steffen | <pre> |
422 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling inbound connection |
423 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
424 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
425 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing IETF/PB-PA message (84 bytes) |
426 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
427 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
428 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC message with ID 0x1d5fa63a |
429 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 |
430 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 |
431 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 |
432 | 6 | Andreas Steffen | </pre> |
433 | 6 | Andreas Steffen | |
434 | 6 | Andreas Steffen | <pre> |
435 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001 |
436 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes |
437 | 6 | Andreas Steffen | </pre> |
438 | 6 | Andreas Steffen | |
439 | 23 | Andreas Steffen | h3. Receiving PTS Protocol Capabilities |
440 | 23 | Andreas Steffen | |
441 | 6 | Andreas Steffen | <pre> |
442 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[PTS] supported PTS protocol capabilities: .VDT. |
443 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[PTS] selected PTS measurement algorithm is HASH_SHA1 |
444 | 6 | Andreas Steffen | </pre> |
445 | 6 | Andreas Steffen | |
446 | 6 | Andreas Steffen | <pre> |
447 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles FMETA workitem 14 |
448 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 requests metadata for file '/etc/tnc_config' |
449 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested |
450 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles TPMRA workitem 18 |
451 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC message with ID 0xaff3c130 |
452 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 |
453 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000 |
454 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
455 | 6 | Andreas Steffen | </pre> |
456 | 6 | Andreas Steffen | |
457 | 6 | Andreas Steffen | <pre> |
458 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling outbound connection |
459 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
460 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-TNC SDATA batch |
461 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] adding IETF/PB-PA message |
462 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 1 |
463 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
464 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TTLS ] |
465 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
466 | 11 | Andreas Steffen | </pre> |
467 | 11 | Andreas Steffen | |
468 | 11 | Andreas Steffen | <pre> |
469 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
470 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[ENC] parsed IKE_AUTH request 10 [ EAP/RES/TTLS ] |
471 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
472 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] received TNCCS batch (92 bytes) |
473 | 9 | Andreas Steffen | </pre> |
474 | 9 | Andreas Steffen | |
475 | 9 | Andreas Steffen | <pre> |
476 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling inbound connection |
477 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
478 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
479 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing IETF/PB-PA message (84 bytes) |
480 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
481 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
482 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC message with ID 0x918da8fe |
483 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 |
484 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 |
485 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 |
486 | 11 | Andreas Steffen | </pre> |
487 | 11 | Andreas Steffen | |
488 | 11 | Andreas Steffen | <pre> |
489 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001 |
490 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IMC] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes |
491 | 11 | Andreas Steffen | </pre> |
492 | 11 | Andreas Steffen | |
493 | 23 | Andreas Steffen | h3. Sending PTS Protocol Capabilities |
494 | 23 | Andreas Steffen | |
495 | 11 | Andreas Steffen | <pre> |
496 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[PTS] supported PTS protocol capabilities: .VDT. |
497 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[PTS] selected PTS measurement algorithm is HASH_SHA1 |
498 | 11 | Andreas Steffen | </pre> |
499 | 11 | Andreas Steffen | |
500 | 11 | Andreas Steffen | <pre> |
501 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC message with ID 0xf94741eb |
502 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 |
503 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 |
504 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 |
505 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
506 | 9 | Andreas Steffen | </pre> |
507 | 9 | Andreas Steffen | |
508 | 9 | Andreas Steffen | <pre> |
509 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling outbound connection |
510 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
511 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-TNC CDATA batch |
512 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] adding IETF/PB-PA message |
513 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 2 |
514 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
515 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[ENC] generating IKE_AUTH response 10 [ EAP/REQ/TTLS ] |
516 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
517 | 11 | Andreas Steffen | </pre> |
518 | 11 | Andreas Steffen | |
519 | 11 | Andreas Steffen | <pre> |
520 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes) |
521 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[ENC] parsed IKE_AUTH request 11 [ EAP/RES/TTLS ] |
522 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
523 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] received TNCCS batch (226 bytes) |
524 | 9 | Andreas Steffen | </pre> |
525 | 9 | Andreas Steffen | |
526 | 9 | Andreas Steffen | <pre> |
527 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling inbound connection |
528 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
529 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
530 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing IETF/PB-PA message (218 bytes) |
531 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
532 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
533 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC message with ID 0x5e3ee705 |
534 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 |
535 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000 |
536 | 11 | Andreas Steffen | </pre> |
537 | 11 | Andreas Steffen | |
538 | 11 | Andreas Steffen | <pre> |
539 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] metadata request returned 1 file: |
540 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] 'tnc_config' (177 bytes) owner 0, group 0, type Regular |
541 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] created Jun 05 20:02:25 2015, modified Jun 05 20:02:25 2015, accessed Jun 05 20:02:25 2015 |
542 | 11 | Andreas Steffen | </pre> |
543 | 11 | Andreas Steffen | |
544 | 11 | Andreas Steffen | <pre> |
545 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] selected DH hash algorithm is HASH_SHA1 |
546 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] selected PTS DH group is ECP_256 |
547 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] nonce length is 20 |
548 | 11 | Andreas Steffen | </pre> |
549 | 11 | Andreas Steffen | |
550 | 11 | Andreas Steffen | <pre> |
551 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] initiator nonce: => 20 bytes @ 0x1ab4f40 |
552 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15 ......m...@..._. |
553 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: FB 4E 28 AD .N(. |
554 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] responder nonce: => 20 bytes @ 0x1aafba0 |
555 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0 =.r9:....0...".. |
556 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: B6 D1 2A 01 ..*. |
557 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] shared DH secret: => 32 bytes @ 0x1ab3078 |
558 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA _....9........:. |
559 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE .#...........QP. |
560 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] secret assessment value: => 20 bytes @ 0x1ab4f28 |
561 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C ...p.x...y.]|..| |
562 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: E0 E0 83 77 ...w |
563 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC message with ID 0xd27d5b33 |
564 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000 |
565 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000 |
566 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000 |
567 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
568 | 9 | Andreas Steffen | </pre> |
569 | 9 | Andreas Steffen | |
570 | 9 | Andreas Steffen | <pre> |
571 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling outbound connection |
572 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
573 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-TNC SDATA batch |
574 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] adding IETF/PB-PA message |
575 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 1 |
576 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
577 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[ENC] generating IKE_AUTH response 11 [ EAP/REQ/TTLS ] |
578 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes) |
579 | 11 | Andreas Steffen | </pre> |
580 | 11 | Andreas Steffen | |
581 | 11 | Andreas Steffen | <pre> |
582 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
583 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[ENC] parsed IKE_AUTH request 12 [ EAP/RES/TTLS ] |
584 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
585 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] received TNCCS batch (87 bytes) |
586 | 9 | Andreas Steffen | </pre> |
587 | 9 | Andreas Steffen | |
588 | 9 | Andreas Steffen | <pre> |
589 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling inbound connection |
590 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
591 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
592 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing IETF/PB-PA message (79 bytes) |
593 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
594 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
595 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC message with ID 0xda2a70e9 |
596 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 |
597 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000 |
598 | 11 | Andreas Steffen | </pre> |
599 | 11 | Andreas Steffen | |
600 | 11 | Andreas Steffen | <pre> |
601 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IMC] metadata request for file '/etc/tnc_config' |
602 | 11 | Andreas Steffen | </pre> |
603 | 11 | Andreas Steffen | |
604 | 11 | Andreas Steffen | <pre> |
605 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[PTS] selected PTS DH group is ECP_256 |
606 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[PTS] nonce length is 20 |
607 | 11 | Andreas Steffen | </pre> |
608 | 12 | Andreas Steffen | |
609 | 12 | Andreas Steffen | <pre> |
610 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC message with ID 0x676268aa |
611 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 |
612 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000 |
613 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
614 | 9 | Andreas Steffen | </pre> |
615 | 9 | Andreas Steffen | |
616 | 9 | Andreas Steffen | <pre> |
617 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling outbound connection |
618 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
619 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-TNC CDATA batch |
620 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] adding IETF/PB-PA message |
621 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 2 |
622 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
623 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[ENC] generating IKE_AUTH response 12 [ EAP/REQ/TTLS ] |
624 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes) |
625 | 11 | Andreas Steffen | </pre> |
626 | 11 | Andreas Steffen | |
627 | 11 | Andreas Steffen | <pre> |
628 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes) |
629 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[ENC] parsed IKE_AUTH request 13 [ EAP/RES/TTLS ] |
630 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
631 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] received TNCCS batch (902 bytes) |
632 | 9 | Andreas Steffen | </pre> |
633 | 9 | Andreas Steffen | |
634 | 9 | Andreas Steffen | <pre> |
635 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling inbound connection |
636 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
637 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
638 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing IETF/PB-PA message (894 bytes) |
639 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
640 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
641 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x641bcea1 |
642 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 |
643 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000 |
644 | 11 | Andreas Steffen | </pre> |
645 | 11 | Andreas Steffen | |
646 | 23 | Andreas Steffen | h3. Receiving TPM Version Information |
647 | 23 | Andreas Steffen | |
648 | 11 | Andreas Steffen | <pre> |
649 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX |
650 | 11 | Andreas Steffen | </pre> |
651 | 11 | Andreas Steffen | |
652 | 11 | Andreas Steffen | <pre> |
653 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] verifying AIK with keyid 56:5f:eb:9e:84:62:87:0d:ba:88:4c:e5:40:a0:76:8d:68:82:98:73 |
654 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK public key is trusted |
655 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[CFG] using trusted certificate "C=US, O=TNC Demo, CN=AIK CA" |
656 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK certificate is trusted |
657 | 11 | Andreas Steffen | </pre> |
658 | 11 | Andreas Steffen | |
659 | 11 | Andreas Steffen | <pre> |
660 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] evidence request by |
661 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
662 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0xed256fac |
663 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 |
664 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 |
665 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
666 | 9 | Andreas Steffen | </pre> |
667 | 9 | Andreas Steffen | |
668 | 9 | Andreas Steffen | <pre> |
669 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling outbound connection |
670 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
671 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-TNC SDATA batch |
672 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] adding IETF/PB-PA message |
673 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 1 |
674 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
675 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[ENC] generating IKE_AUTH response 13 [ EAP/REQ/TTLS ] |
676 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
677 | 11 | Andreas Steffen | </pre> |
678 | 11 | Andreas Steffen | |
679 | 11 | Andreas Steffen | <pre> |
680 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes) |
681 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[ENC] parsed IKE_AUTH request 14 [ EAP/RES/TTLS ] |
682 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
683 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] received TNCCS batch (172 bytes) |
684 | 9 | Andreas Steffen | </pre> |
685 | 9 | Andreas Steffen | |
686 | 9 | Andreas Steffen | <pre> |
687 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling inbound connection |
688 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
689 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
690 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing IETF/PB-PA message (164 bytes) |
691 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
692 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
693 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC message with ID 0xe1b84e91 |
694 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000 |
695 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000 |
696 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000 |
697 | 11 | Andreas Steffen | </pre> |
698 | 11 | Andreas Steffen | |
699 | 11 | Andreas Steffen | <pre> |
700 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] selected DH hash algorithm is HASH_SHA1 |
701 | 11 | Andreas Steffen | </pre> |
702 | 11 | Andreas Steffen | |
703 | 13 | Andreas Steffen | <pre> |
704 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] initiator nonce: => 20 bytes @ 0x1ab0dc0 |
705 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A '.Q..f.T.W.I.*}: |
706 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: F1 38 81 26 .8.& |
707 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] responder nonce: => 20 bytes @ 0x1ab2e48 |
708 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71 .H.R...n_..+..&q |
709 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 49 73 01 42 Is.B |
710 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] shared DH secret: => 32 bytes @ 0x1aac378 |
711 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11 ......"..5..pA{. |
712 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1 .<.2.=..s2... .. |
713 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] secret assessment value: => 20 bytes @ 0x1ab0d20 |
714 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F .........Q...;.. |
715 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 68 50 6C DE hPl. |
716 | 11 | Andreas Steffen | </pre> |
717 | 23 | Andreas Steffen | |
718 | 23 | Andreas Steffen | h3. Sending TPM Version Information |
719 | 11 | Andreas Steffen | |
720 | 11 | Andreas Steffen | <pre> |
721 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX |
722 | 11 | Andreas Steffen | </pre> |
723 | 11 | Andreas Steffen | |
724 | 11 | Andreas Steffen | <pre> |
725 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC message with ID 0x951e0284 |
726 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 |
727 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000 |
728 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
729 | 9 | Andreas Steffen | </pre> |
730 | 9 | Andreas Steffen | |
731 | 9 | Andreas Steffen | <pre> |
732 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling outbound connection |
733 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
734 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-TNC CDATA batch |
735 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] adding IETF/PB-PA message |
736 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 2 |
737 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
738 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[ENC] generating IKE_AUTH response 14 [ EAP/REQ/TTLS ] |
739 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes) |
740 | 14 | Andreas Steffen | </pre> |
741 | 14 | Andreas Steffen | |
742 | 14 | Andreas Steffen | <pre> |
743 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
744 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[ENC] parsed IKE_AUTH request 15 [ EAP/RES/TTLS ] |
745 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[ENC] generating IKE_AUTH response 15 [ EAP/REQ/TTLS ] |
746 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
747 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
748 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[ENC] parsed IKE_AUTH request 16 [ EAP/RES/TTLS ] |
749 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[ENC] generating IKE_AUTH response 16 [ EAP/REQ/TTLS ] |
750 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
751 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
752 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[ENC] parsed IKE_AUTH request 17 [ EAP/RES/TTLS ] |
753 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[ENC] generating IKE_AUTH response 17 [ EAP/REQ/TTLS ] |
754 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
755 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
756 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[ENC] parsed IKE_AUTH request 18 [ EAP/RES/TTLS ] |
757 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[ENC] generating IKE_AUTH response 18 [ EAP/REQ/TTLS ] |
758 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
759 | 4 | Andreas Steffen | ... |
760 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
761 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[ENC] parsed IKE_AUTH request 60 [ EAP/RES/TTLS ] |
762 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[ENC] generating IKE_AUTH response 60 [ EAP/REQ/TTLS ] |
763 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
764 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
765 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[ENC] parsed IKE_AUTH request 61 [ EAP/RES/TTLS ] |
766 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
767 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] received TNCCS batch (47615 bytes) |
768 | 9 | Andreas Steffen | </pre> |
769 | 9 | Andreas Steffen | |
770 | 9 | Andreas Steffen | <pre> |
771 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] TNC server is handling inbound connection |
772 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
773 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
774 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing IETF/PB-PA message (47607 bytes) |
775 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
776 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
777 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x2d059578 |
778 | 11 | Andreas Steffen | </pre> |
779 | 11 | Andreas Steffen | |
780 | 15 | Andreas Steffen | h3. Initiator Attestation Measurement Values |
781 | 15 | Andreas Steffen | |
782 | 11 | Andreas Steffen | <pre> |
783 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
784 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
785 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
786 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b |
787 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:boot_aggregate' |
788 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
789 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
790 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
791 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 |
792 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/init' |
793 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
794 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
795 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
796 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 |
797 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/sh' |
798 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
799 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
800 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
801 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e |
802 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' |
803 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
804 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
805 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
806 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 |
807 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/mkdir' |
808 | 1 | Andreas Steffen | ... |
809 | 2 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
810 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
811 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
812 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb |
813 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/usr/sbin/service' |
814 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
815 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
816 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
817 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce |
818 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/cp' |
819 | 16 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 |
820 | 11 | Andreas Steffen | </pre> |
821 | 11 | Andreas Steffen | |
822 | 16 | Andreas Steffen | h3. Verifying Initiator Measurements |
823 | 16 | Andreas Steffen | |
824 | 1 | Andreas Steffen | <pre> |
825 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] checking boot aggregate evidence measurement |
826 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 for '/init' not found |
827 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 for '/bin/sh' is ok |
828 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e for '/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' is ok |
829 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 for '/bin/mkdir' is ok |
830 | 1 | Andreas Steffen | ... |
831 | 3 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb for '/usr/sbin/service' is ok |
832 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce for '/bin/cp' is ok |
833 | 11 | Andreas Steffen | </pre> |
834 | 1 | Andreas Steffen | |
835 | 16 | Andreas Steffen | h3. Verifying Initiator TPM Quote Signature |
836 | 16 | Andreas Steffen | |
837 | 11 | Andreas Steffen | <pre> |
838 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite: => 29 bytes @ 0x1b27188 |
839 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 0: 00 03 00 04 00 00 00 00 14 F7 5E 84 36 2B C2 83 ..........^.6+.. |
840 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 16: 28 8E 90 7E B3 39 45 74 33 60 2E B7 8E (..~.9Et3`... |
841 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite hash: 58:f2:83:91:d6:a8:df:3d:3e:c6:33:c7:24:93:9f:9c:22:a2:01:20 |
842 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed TPM Quote Info: => 52 bytes @ 0x1b27e68 |
843 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 0: 00 36 51 55 54 32 D8 9D 1E 70 CE 78 C3 13 F2 79 .6QUT2...p.x...y |
844 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 16: BA 5D 7C E5 05 7C E0 E0 83 77 00 03 00 04 00 01 .]|..|...w...... |
845 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 32: 58 F2 83 91 D6 A8 DF 3D 3E C6 33 C7 24 93 9F 9C X......=>.3.$... |
846 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 48: 22 A2 01 20 ".. |
847 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] received PCR Composite matches constructed one |
848 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] TPM Quote Info signature verification successful |
849 | 11 | Andreas Steffen | </pre> |
850 | 11 | Andreas Steffen | |
851 | 11 | Andreas Steffen | <pre> |
852 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed |
853 | 11 | Andreas Steffen | </pre> |
854 | 11 | Andreas Steffen | |
855 | 11 | Andreas Steffen | <pre> |
856 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 handled TPMRA workitem 18: allow - processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed |
857 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0x57254d62 |
858 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 |
859 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
860 | 19 | Andreas Steffen | </pre> |
861 | 19 | Andreas Steffen | |
862 | 19 | Andreas Steffen | h3. Sending Assessment Result |
863 | 19 | Andreas Steffen | |
864 | 19 | Andreas Steffen | <pre> |
865 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant' |
866 | 9 | Andreas Steffen | </pre> |
867 | 9 | Andreas Steffen | |
868 | 9 | Andreas Steffen | <pre> |
869 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] TNC server is handling outbound connection |
870 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: recommendation for access requestor 10.10.1.39 is allow |
871 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: imv_policy_manager stop successful |
872 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Allowed' |
873 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Decided' |
874 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-TNC RESULT batch |
875 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-PA message |
876 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Assessment-Result message |
877 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Access-Recommendation message |
878 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 1 |
879 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
880 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[ENC] generating IKE_AUTH response 61 [ EAP/REQ/TTLS ] |
881 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
882 | 11 | Andreas Steffen | </pre> |
883 | 11 | Andreas Steffen | |
884 | 11 | Andreas Steffen | <pre> |
885 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
886 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[ENC] parsed IKE_AUTH request 62 [ EAP/RES/TTLS ] |
887 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
888 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] received TNCCS batch (80 bytes) |
889 | 9 | Andreas Steffen | </pre> |
890 | 9 | Andreas Steffen | |
891 | 9 | Andreas Steffen | <pre> |
892 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] TNC client is handling inbound connection |
893 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
894 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
895 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing IETF/PB-PA message (72 bytes) |
896 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
897 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
898 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC message with ID 0xc8f4500b |
899 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 |
900 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 |
901 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[IMC] evidence requested for 1 functional components |
902 | 11 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
903 | 1 | Andreas Steffen | </pre> |
904 | 15 | Andreas Steffen | |
905 | 16 | Andreas Steffen | h3. Responder Attestation Measurement Values |
906 | 11 | Andreas Steffen | |
907 | 11 | Andreas Steffen | <pre> |
908 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (451 entries) |
909 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
910 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
911 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b |
912 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:boot_aggregate' |
913 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
914 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
915 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 |
916 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/init' |
917 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
918 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
919 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 |
920 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/sh' |
921 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
922 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
923 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e |
924 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' |
925 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
926 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
927 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 |
928 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/mkdir' |
929 | 4 | Andreas Steffen | ... |
930 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
931 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
932 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2 |
933 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/bin/clear_console' |
934 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
935 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
936 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33 |
937 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/libexec/ipsec/stroke' |
938 | 1 | Andreas Steffen | </pre> |
939 | 16 | Andreas Steffen | |
940 | 17 | Andreas Steffen | h3. Generating Responder TPM Quote Signature |
941 | 11 | Andreas Steffen | |
942 | 11 | Andreas Steffen | <pre> |
943 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] Hash of PCR Composite: c4:6a:f4:fa:82:39:a6:7a:80:fe:4e:d2:7e:a5:05:b3:1e:60:4f:ff |
944 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Info: => 52 bytes @ 0x1ae0580 |
945 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 0: 00 36 51 55 54 32 B2 E0 AB DF 89 C5 1D B2 A3 51 .6QUT2.........Q |
946 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 16: FD A9 C8 3B F8 7F 68 50 6C DE 00 03 00 04 00 01 ...;..hPl....... |
947 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 32: C4 6A F4 FA 82 39 A6 7A 80 FE 4E D2 7E A5 05 B3 .j...9.z..N.~... |
948 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 48: 1E 60 4F FF .`O. |
949 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Signature: => 256 bytes @ 0x1ae0c00 |
950 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 0: 6C 25 B7 58 F9 5C CA CA 86 6F 9A BD 24 2E 32 D9 l%.X.\...o..$.2. |
951 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 16: 36 DD 4F DF 37 09 1E 60 56 45 0E B4 32 52 A2 6A 6.O.7..`VE..2R.j |
952 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 32: B4 A5 27 59 79 25 F2 DC A1 05 14 5C 0C 71 DD DC ..'Yy%.....\.q.. |
953 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 48: 96 31 9C 69 DD 60 AC 51 70 95 47 48 62 FF 40 DC .1.i.`.Qp.GHb.@. |
954 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 64: FF FF C3 55 5D 1C DF E2 D6 4B 8E 4F BF 0A 47 CC ...U]....K.O..G. |
955 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 80: 1E C5 42 7D 3B 39 C4 4D 6A A0 A4 CD 3E E3 E6 C6 ..B};9.Mj...>... |
956 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 96: A1 DB F1 AF F3 2B 48 0D 74 60 A3 B3 E3 43 5E 22 .....+H.t`...C^" |
957 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 112: 99 EC 5B 23 FD 57 D4 1F 97 32 28 DC 4A 38 36 15 ..[#.W...2(.J86. |
958 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 128: 75 57 53 18 21 29 5C CD 8F C6 66 60 70 7C 47 0F uWS.!)\...f`p|G. |
959 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 144: 9B 7B FE BA 29 80 0C 87 11 41 81 95 6D 74 6B FA .{..)....A..mtk. |
960 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 160: 4D 5F F7 23 C4 60 D2 2A C2 16 08 EA AF 59 CC D2 M_.#.`.*.....Y.. |
961 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 176: 18 EC 20 18 5B 1D 42 72 E1 C8 33 02 A1 37 ED EA .. .[.Br..3..7.. |
962 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 192: B8 CD CA 2B 83 D3 B2 77 1C 45 2D C7 36 FA E6 88 ...+...w.E-.6... |
963 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 208: 93 C3 BE D9 26 31 A5 59 3D 20 24 B1 0F F3 04 5C ....&1.Y= $....\ |
964 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 224: 93 FA 8C 09 3E C3 FF E0 A1 EB 03 58 0B AB 08 89 ....>......X.... |
965 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 240: BA A4 22 ED AB D6 BA 7C 65 8D B6 75 5C 7C 67 28 .."....|e..u\|g( |
966 | 18 | Andreas Steffen | </pre> |
967 | 18 | Andreas Steffen | |
968 | 18 | Andreas Steffen | <pre> |
969 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC message with ID 0xed64f7ab |
970 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
971 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
972 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
973 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
974 | 5 | Andreas Steffen | ... |
975 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
976 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
977 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 |
978 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
979 | 9 | Andreas Steffen | </pre> |
980 | 9 | Andreas Steffen | |
981 | 9 | Andreas Steffen | <pre> |
982 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] TNC client is handling outbound connection |
983 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
984 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-TNC CDATA batch |
985 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] adding IETF/PB-PA message |
986 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] sending PB-TNC CDATA batch (49524 bytes) for Connection ID 2 |
987 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
988 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[ENC] generating IKE_AUTH response 62 [ EAP/REQ/TTLS ] |
989 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
990 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
991 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[ENC] parsed IKE_AUTH request 63 [ EAP/RES/TTLS ] |
992 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[ENC] generating IKE_AUTH response 63 [ EAP/REQ/TTLS ] |
993 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
994 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
995 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[ENC] parsed IKE_AUTH request 64 [ EAP/RES/TTLS ] |
996 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[ENC] generating IKE_AUTH response 64 [ EAP/REQ/TTLS ] |
997 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
998 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
999 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[ENC] parsed IKE_AUTH request 65 [ EAP/RES/TTLS ] |
1000 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[ENC] generating IKE_AUTH response 65 [ EAP/REQ/TTLS ] |
1001 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
1002 | 5 | Andreas Steffen | ... |
1003 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
1004 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[ENC] parsed IKE_AUTH request 109 [ EAP/RES/TTLS ] |
1005 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[ENC] generating IKE_AUTH response 109 [ EAP/REQ/TTLS ] |
1006 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
1007 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
1008 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[ENC] parsed IKE_AUTH request 110 [ EAP/RES/TTLS ] |
1009 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[ENC] generating IKE_AUTH response 110 [ EAP/REQ/TTLS ] |
1010 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1040 bytes) |
1011 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
1012 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[ENC] parsed IKE_AUTH request 111 [ EAP/RES/TTLS ] |
1013 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
1014 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] received TNCCS batch (88 bytes) |
1015 | 9 | Andreas Steffen | </pre> |
1016 | 9 | Andreas Steffen | |
1017 | 9 | Andreas Steffen | <pre> |
1018 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling inbound connection |
1019 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PB-TNC RESULT batch for Connection ID 2 |
1020 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Decided' |
1021 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-PA message (48 bytes) |
1022 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Assessment-Result message (16 bytes) |
1023 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Access-Recommendation message (16 bytes) |
1024 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
1025 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
1026 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC message with ID 0x4077e3ed |
1027 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 |
1028 | 11 | Andreas Steffen | </pre> |
1029 | 19 | Andreas Steffen | |
1030 | 19 | Andreas Steffen | h3. Receiving Assessment Result |
1031 | 11 | Andreas Steffen | |
1032 | 11 | Andreas Steffen | <pre> |
1033 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 ***** |
1034 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] assessment result is 'compliant' |
1035 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** end of assessment ***** |
1036 | 11 | Andreas Steffen | </pre> |
1037 | 11 | Andreas Steffen | |
1038 | 11 | Andreas Steffen | <pre> |
1039 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC assessment result is 'compliant' |
1040 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC access recommendation is 'Access Allowed' |
1041 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Allowed' |
1042 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Allowed' |
1043 | 9 | Andreas Steffen | </pre> |
1044 | 9 | Andreas Steffen | |
1045 | 9 | Andreas Steffen | <pre> |
1046 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling outbound connection |
1047 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End' |
1048 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] creating PB-TNC CLOSE batch |
1049 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 2 |
1050 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
1051 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[ENC] generating IKE_AUTH response 111 [ EAP/REQ/TTLS ] |
1052 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) |
1053 | 11 | Andreas Steffen | </pre> |
1054 | 11 | Andreas Steffen | |
1055 | 11 | Andreas Steffen | <pre> |
1056 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes) |
1057 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[ENC] parsed IKE_AUTH request 112 [ EAP/RES/TTLS ] |
1058 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
1059 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] received TNCCS batch (8 bytes) |
1060 | 9 | Andreas Steffen | </pre> |
1061 | 9 | Andreas Steffen | |
1062 | 9 | Andreas Steffen | <pre> |
1063 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] TNC server is handling inbound connection |
1064 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] processing PB-TNC CLOSE batch for Connection ID 1 |
1065 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] PB-TNC state transition from 'Decided' to 'End' |
1066 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] final recommendation is 'allow' and evaluation is 'compliant' |
1067 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforced on peer 'raspi3.example.com' is 'allow' |
1068 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforcement point added group membership 'allow' |
1069 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP_TTLS phase2 authentication of 'raspi3.example.com' with EAP_PT_EAP successful |
1070 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IMV] IMV 1 "Attestation" deleted the state of Connection ID 1 |
1071 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 1 |
1072 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 1 "OS" deleted the state of Connection ID 2 |
1073 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 2 "Attestation" deleted the state of Connection ID 2 |
1074 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 2 |
1075 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP method EAP_TTLS succeeded, MSK established |
1076 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[ENC] generating IKE_AUTH response 112 [ EAP/SUCC ] |
1077 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
1078 | 11 | Andreas Steffen | </pre> |
1079 | 11 | Andreas Steffen | |
1080 | 11 | Andreas Steffen | <pre> |
1081 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (112 bytes) |
1082 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[ENC] parsed IKE_AUTH request 113 [ AUTH ] |
1083 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi3.example.com' with EAP successful |
1084 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi4.example.com' (myself) with EAP |
1085 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] IKE_SA peer[1] established between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
1086 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] scheduling reauthentication in 10143s |
1087 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] maximum IKE_SA lifetime 10683s |
1088 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] CHILD_SA peer{1} established with SPIs ce21eedf_i c12c1aae_o and TS 10.10.1.40/32 === 10.10.1.39/32 |
1089 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[ENC] generating IKE_AUTH response 113 [ AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ] |
1090 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (240 bytes) |
1091 | 10 | Andreas Steffen | </pre> |
1092 | 10 | Andreas Steffen | |
1093 | 24 | Andreas Steffen | h2. strongTNC Policy Manager |
1094 | 24 | Andreas Steffen | |
1095 | 24 | Andreas Steffen | !tnc4.png! |
1096 | 24 | Andreas Steffen | |
1097 | 24 | Andreas Steffen | This screenshot of the strongTNC policy manager running on *raspi4* shows that the attestation of *raspi3* has been successful. |
1098 | 24 | Andreas Steffen | |
1099 | 24 | Andreas Steffen | h2. IPsec Connection established |
1100 | 24 | Andreas Steffen | |
1101 | 24 | Andreas Steffen | The command |
1102 | 24 | Andreas Steffen | <pre> |
1103 | 24 | Andreas Steffen | raspi4# ipsec statusall |
1104 | 24 | Andreas Steffen | </pre> |
1105 | 24 | Andreas Steffen | |
1106 | 24 | Andreas Steffen | shows that the IPsec transport connection between *raspi4* and *raspi3* has been successfully established. |
1107 | 24 | Andreas Steffen | <pre> |
1108 | 24 | Andreas Steffen | Status of IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l): |
1109 | 24 | Andreas Steffen | uptime: 2 minutes, since Aug 15 14:45:50 2015 |
1110 | 24 | Andreas Steffen | malloc: sbrk 1941504, mmap 0, used 1440680, free 500824 |
1111 | 24 | Andreas Steffen | worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 |
1112 | 24 | Andreas Steffen | loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
1113 | 24 | Andreas Steffen | Listening IP addresses: |
1114 | 24 | Andreas Steffen | 10.10.1.40 |
1115 | 24 | Andreas Steffen | Connections: |
1116 | 24 | Andreas Steffen | peer: 10.10.1.40...10.10.1.39 IKEv2 |
1117 | 24 | Andreas Steffen | peer: local: [raspi4.example.com] uses EAP_TTLS authentication |
1118 | 24 | Andreas Steffen | peer: cert: "C=US, O=TNC Demo, CN=raspi4.example.com" |
1119 | 24 | Andreas Steffen | peer: remote: [raspi3.example.com] uses EAP_TTLS authentication |
1120 | 24 | Andreas Steffen | peer: child: dynamic === dynamic TRANSPORT |
1121 | 24 | Andreas Steffen | Security Associations (1 up, 0 connecting): |
1122 | 24 | Andreas Steffen | peer[1]: ESTABLISHED 2 minutes ago, 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
1123 | 24 | Andreas Steffen | peer[1]: IKEv2 SPIs: 168d780b16692776_i 24a43cb75417ebe5_r*, EAP reauthentication in 2 hours |
1124 | 24 | Andreas Steffen | peer[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 |
1125 | 24 | Andreas Steffen | peer{1}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: ce21eedf_i c12c1aae_o |
1126 | 24 | Andreas Steffen | peer{1}: AES_CBC_128/HMAC_SHA2_256_128, 640 bytes_i (10 pkts, 48s ago), 640 bytes_o (10 pkts, 48s ago), rekeying in 46 minutes |
1127 | 24 | Andreas Steffen | peer{1}: 10.10.1.40/32 === 10.10.1.39/32 |
1128 | 24 | Andreas Steffen | </pre> |
1129 | 24 | Andreas Steffen | |
1130 | 10 | Andreas Steffen | h2. Terminating the IPsec Connection |
1131 | 10 | Andreas Steffen | |
1132 | 10 | Andreas Steffen | <pre> |
1133 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
1134 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[ENC] parsed INFORMATIONAL request 114 [ D ] |
1135 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[IKE] received DELETE for IKE_SA peer[1] |
1136 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[IKE] deleting IKE_SA peer[1] between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
1137 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[IKE] IKE_SA deleted |
1138 | 1 | Andreas Steffen | Aug 15 14:49:05 raspi4 charon: 05[ENC] generating INFORMATIONAL response 114 [ ] |
1139 | 1 | Andreas Steffen | Aug 15 14:49:05 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
1140 | 10 | Andreas Steffen | </pre> |
1141 | 10 | Andreas Steffen | |
1142 | 10 | Andreas Steffen | h2. Stopping the IKEv2 Daemon |
1143 | 10 | Andreas Steffen | |
1144 | 10 | Andreas Steffen | <pre> |
1145 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[DMN] signal of type SIGINT received. Shutting down |
1146 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 2 "Attestation" terminated |
1147 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 1 "OS" terminated |
1148 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[IMV] IMV 1 "Attestation" terminated |
1149 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[PTS] removed TCG functional component namespace |
1150 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[PTS] removed ITA-HSR functional component namespace |
1151 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[TNC] removed IETF attributes |
1152 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[TNC] removed ITA-HSR attributes |
1153 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[TNC] removed TCG attributes |
1154 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[LIB] libimcv terminated |
1155 | 1 | Andreas Steffen | </pre> |