Raspi 4 - Responding IoT Device » History » Version 25
Andreas Steffen, 16.08.2015 12:08
| 1 | 4 | Andreas Steffen | {{>toc}} |
|---|---|---|---|
| 2 | 4 | Andreas Steffen | |
| 3 | 1 | Andreas Steffen | h1. Raspi 4 - Responding IoT Device |
| 4 | 1 | Andreas Steffen | |
| 5 | 6 | Andreas Steffen | h2. Configuration Files |
| 6 | 6 | Andreas Steffen | |
| 7 | 1 | Andreas Steffen | strongSwan IPsec configuration file */etc/ipsec.conf* |
| 8 | 1 | Andreas Steffen | <pre> |
| 9 | 1 | Andreas Steffen | config setup |
| 10 | 1 | Andreas Steffen | charondebug="tnc 2, imc 2, imv 2, pts 3" |
| 11 | 1 | Andreas Steffen | |
| 12 | 1 | Andreas Steffen | conn %default |
| 13 | 1 | Andreas Steffen | ike=aes128-sha256-ecp256! |
| 14 | 1 | Andreas Steffen | esp=aes128-sha256-ecp256! |
| 15 | 1 | Andreas Steffen | keyexchange=ikev2 |
| 16 | 1 | Andreas Steffen | |
| 17 | 1 | Andreas Steffen | conn peer |
| 18 | 1 | Andreas Steffen | left=10.10.1.40 |
| 19 | 1 | Andreas Steffen | leftauth=eap-ttls |
| 20 | 1 | Andreas Steffen | leftcert=raspi4Cert.pem |
| 21 | 1 | Andreas Steffen | leftid=raspi4.example.com |
| 22 | 1 | Andreas Steffen | leftfirewall=yes |
| 23 | 1 | Andreas Steffen | right=10.10.1.39 |
| 24 | 1 | Andreas Steffen | rightauth=eap-ttls |
| 25 | 1 | Andreas Steffen | rightid=raspi3.example.com |
| 26 | 1 | Andreas Steffen | type=transport |
| 27 | 1 | Andreas Steffen | auto=add |
| 28 | 1 | Andreas Steffen | </pre> |
| 29 | 1 | Andreas Steffen | |
| 30 | 1 | Andreas Steffen | strongSwan IPsec secrets file */etc/ipsec.secrets* |
| 31 | 1 | Andreas Steffen | <pre> |
| 32 | 1 | Andreas Steffen | : RSA raspi4Key.pem |
| 33 | 1 | Andreas Steffen | </pre> |
| 34 | 1 | Andreas Steffen | |
| 35 | 1 | Andreas Steffen | strongSwan configuration file */etc/strongswan.conf* |
| 36 | 1 | Andreas Steffen | <pre> |
| 37 | 1 | Andreas Steffen | charon { |
| 38 | 1 | Andreas Steffen | load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
| 39 | 1 | Andreas Steffen | |
| 40 | 1 | Andreas Steffen | half_open_timeout = 90 |
| 41 | 1 | Andreas Steffen | |
| 42 | 1 | Andreas Steffen | plugins { |
| 43 | 1 | Andreas Steffen | eap-ttls |
| 44 | 1 | Andreas Steffen | { |
| 45 | 1 | Andreas Steffen | max_message_count = 0 |
| 46 | 1 | Andreas Steffen | request_peer_auth = yes |
| 47 | 1 | Andreas Steffen | phase2_piggyback = yes |
| 48 | 1 | Andreas Steffen | phase2_tnc = yes |
| 49 | 1 | Andreas Steffen | } |
| 50 | 1 | Andreas Steffen | eap-tnc { |
| 51 | 1 | Andreas Steffen | max_message_count = 0 |
| 52 | 1 | Andreas Steffen | } |
| 53 | 1 | Andreas Steffen | tnccs-20 { |
| 54 | 1 | Andreas Steffen | mutual = yes |
| 55 | 1 | Andreas Steffen | } |
| 56 | 1 | Andreas Steffen | } |
| 57 | 1 | Andreas Steffen | } |
| 58 | 1 | Andreas Steffen | |
| 59 | 1 | Andreas Steffen | libimcv { |
| 60 | 1 | Andreas Steffen | database = sqlite:///etc/pts/config.db |
| 61 | 1 | Andreas Steffen | policy_script = ipsec imv_policy_manager |
| 62 | 1 | Andreas Steffen | |
| 63 | 1 | Andreas Steffen | plugins { |
| 64 | 1 | Andreas Steffen | imc-os { |
| 65 | 1 | Andreas Steffen | device_pubkey = /etc/pts/aik4Pub.der |
| 66 | 1 | Andreas Steffen | } |
| 67 | 1 | Andreas Steffen | imc-attestation { |
| 68 | 1 | Andreas Steffen | aik_blob = /etc/pts/aik4Blob.bin |
| 69 | 1 | Andreas Steffen | aik_cert = /etc/pts/aik4Cert.der |
| 70 | 1 | Andreas Steffen | } |
| 71 | 1 | Andreas Steffen | imv-attestation { |
| 72 | 1 | Andreas Steffen | cadir = /etc/pts/cacerts |
| 73 | 1 | Andreas Steffen | hash_algorithm = sha1 |
| 74 | 1 | Andreas Steffen | } |
| 75 | 1 | Andreas Steffen | } |
| 76 | 1 | Andreas Steffen | } |
| 77 | 1 | Andreas Steffen | |
| 78 | 1 | Andreas Steffen | libtls { |
| 79 | 1 | Andreas Steffen | suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| 80 | 1 | Andreas Steffen | } |
| 81 | 1 | Andreas Steffen | |
| 82 | 1 | Andreas Steffen | pt-tls-client { |
| 83 | 1 | Andreas Steffen | load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl |
| 84 | 1 | Andreas Steffen | } |
| 85 | 1 | Andreas Steffen | |
| 86 | 1 | Andreas Steffen | attest { |
| 87 | 1 | Andreas Steffen | database=sqlite:///etc/pts/config.db |
| 88 | 1 | Andreas Steffen | } |
| 89 | 1 | Andreas Steffen | </pre> |
| 90 | 1 | Andreas Steffen | |
| 91 | 25 | Andreas Steffen | In order to do mutual attestation, both IMCs and IMVs are loaded via */etc/tnc_config*. |
| 92 | 25 | Andreas Steffen | <pre> |
| 93 | 25 | Andreas Steffen | IMC "OS" /usr/lib/ipsec/imcvs/imc-os.so |
| 94 | 25 | Andreas Steffen | IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so |
| 95 | 25 | Andreas Steffen | IMV "Attestation" /usr/lib/ipsec/imcvs/imv-attestation.so |
| 96 | 25 | Andreas Steffen | </pre> |
| 97 | 25 | Andreas Steffen | |
| 98 | 6 | Andreas Steffen | h2. Starting the IKEv2 Daemon |
| 99 | 6 | Andreas Steffen | |
| 100 | 6 | Andreas Steffen | First the IKEv2 charon daemon is started in the background |
| 101 | 1 | Andreas Steffen | <pre> |
| 102 | 6 | Andreas Steffen | raspi4# ipsec start |
| 103 | 6 | Andreas Steffen | </pre> |
| 104 | 6 | Andreas Steffen | |
| 105 | 6 | Andreas Steffen | <pre> |
| 106 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l) |
| 107 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] TNC recommendation policy is 'default' |
| 108 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMVs from '/etc/tnc_config' |
| 109 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] added IETF attributes |
| 110 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] added ITA-HSR attributes |
| 111 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] added TCG attributes |
| 112 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added TCG functional component namespace |
| 113 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component namespace |
| 114 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader' |
| 115 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot' |
| 116 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA' |
| 117 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[LIB] libimcv initialized |
| 118 | 6 | Andreas Steffen | </pre> |
| 119 | 6 | Andreas Steffen | |
| 120 | 6 | Andreas Steffen | Loading Attestation IMV |
| 121 | 6 | Andreas Steffen | <pre> |
| 122 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMV] IMV 1 "Attestation" initialized |
| 123 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts' |
| 124 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem' |
| 125 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available |
| 126 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available |
| 127 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available |
| 128 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available |
| 129 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available |
| 130 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available |
| 131 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available |
| 132 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available |
| 133 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001 |
| 134 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so' |
| 135 | 6 | Andreas Steffen | </pre> |
| 136 | 6 | Andreas Steffen | |
| 137 | 6 | Andreas Steffen | Loading OS IMC |
| 138 | 6 | Andreas Steffen | <pre> |
| 139 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMCs from '/etc/tnc_config' |
| 140 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 1 "OS" initialized |
| 141 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] processing "/etc/debian_version" file |
| 142 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system name is 'Debian' |
| 143 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system version is '7.8 armv7l' |
| 144 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001 |
| 145 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so' |
| 146 | 6 | Andreas Steffen | </pre> |
| 147 | 6 | Andreas Steffen | |
| 148 | 6 | Andreas Steffen | Loading Attestation IMC |
| 149 | 6 | Andreas Steffen | <pre> |
| 150 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 2 "Attestation" initialized |
| 151 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available |
| 152 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available |
| 153 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available |
| 154 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available |
| 155 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available |
| 156 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available |
| 157 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available |
| 158 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available |
| 159 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001 |
| 160 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so' |
| 161 | 6 | Andreas Steffen | </pre> |
| 162 | 6 | Andreas Steffen | |
| 163 | 6 | Andreas Steffen | Initializing IKE daemon |
| 164 | 6 | Andreas Steffen | <pre> |
| 165 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' |
| 166 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem' |
| 167 | 6 | Andreas Steffen | '/etc/ipsec.d/cacerts/MSE_CA_Cert.pem' |
| 168 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' |
| 169 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' |
| 170 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' |
| 171 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' |
| 172 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' |
| 173 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/raspi4Key.pem' |
| 174 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
| 175 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 00[JOB] spawning 16 worker threads |
| 176 | 6 | Andreas Steffen | </pre> |
| 177 | 6 | Andreas Steffen | |
| 178 | 6 | Andreas Steffen | Loading *peer* IPsec connection |
| 179 | 6 | Andreas Steffen | <pre> |
| 180 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 06[CFG] received stroke: add connection 'peer' |
| 181 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 06[CFG] loaded certificate "C=US, O=TNC Demo, CN=raspi4.example.com" from 'raspi4Cert.pem' |
| 182 | 1 | Andreas Steffen | Aug 15 14:45:49 raspi4 charon: 06[CFG] added configuration 'peer' |
| 183 | 6 | Andreas Steffen | </pre> |
| 184 | 6 | Andreas Steffen | |
| 185 | 6 | Andreas Steffen | h2. Responding to IPsec Connection Setup |
| 186 | 6 | Andreas Steffen | |
| 187 | 6 | Andreas Steffen | <pre> |
| 188 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[NET] received packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes) |
| 189 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] |
| 190 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[IKE] 10.10.1.39 is initiating an IKE_SA |
| 191 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" |
| 192 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ] |
| 193 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes) |
| 194 | 6 | Andreas Steffen | </pre> |
| 195 | 6 | Andreas Steffen | |
| 196 | 6 | Andreas Steffen | <pre> |
| 197 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes) |
| 198 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] |
| 199 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" |
| 200 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[CFG] looking for peer configs matching 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
| 201 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[CFG] selected peer config 'peer' |
| 202 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[IKE] initiating EAP_TTLS method (id 0xDB) |
| 203 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[IKE] peer supports MOBIKE |
| 204 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[ENC] generating IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ] |
| 205 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes) |
| 206 | 6 | Andreas Steffen | </pre> |
| 207 | 6 | Andreas Steffen | |
| 208 | 6 | Andreas Steffen | <pre> |
| 209 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes) |
| 210 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TTLS ] |
| 211 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| 212 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com' |
| 213 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA' |
| 214 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA' |
| 215 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TTLS ] |
| 216 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
| 217 | 6 | Andreas Steffen | </pre> |
| 218 | 6 | Andreas Steffen | |
| 219 | 6 | Andreas Steffen | <pre> |
| 220 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
| 221 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TTLS ] |
| 222 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TTLS ] |
| 223 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes) |
| 224 | 6 | Andreas Steffen | </pre> |
| 225 | 6 | Andreas Steffen | |
| 226 | 6 | Andreas Steffen | <pre> |
| 227 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
| 228 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TTLS ] |
| 229 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TTLS ] |
| 230 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
| 231 | 6 | Andreas Steffen | </pre> |
| 232 | 6 | Andreas Steffen | |
| 233 | 6 | Andreas Steffen | <pre> |
| 234 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes) |
| 235 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TTLS ] |
| 236 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[TLS] received TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com' |
| 237 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] using certificate "C=US, O=TNC Demo, CN=raspi3.example.com" |
| 238 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" |
| 239 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi3.example.com" |
| 240 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] certificate status is not available |
| 241 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[CFG] reached self-signed root ca with a path length of 0 |
| 242 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/ID] |
| 243 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TTLS ] |
| 244 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
| 245 | 6 | Andreas Steffen | </pre> |
| 246 | 6 | Andreas Steffen | |
| 247 | 6 | Andreas Steffen | <pre> |
| 248 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes) |
| 249 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TTLS ] |
| 250 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/RES/ID] |
| 251 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] received EAP identity 'raspi3.example.com' |
| 252 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] phase2 method EAP_PT_EAP selected |
| 253 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 254 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TTLS ] |
| 255 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) |
| 256 | 6 | Andreas Steffen | </pre> |
| 257 | 6 | Andreas Steffen | |
| 258 | 6 | Andreas Steffen | <pre> |
| 259 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes) |
| 260 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ] |
| 261 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 262 | 6 | Andreas Steffen | </pre> |
| 263 | 6 | Andreas Steffen | |
| 264 | 10 | Andreas Steffen | h2. Start of Mutual Attestation |
| 265 | 10 | Andreas Steffen | |
| 266 | 21 | Andreas Steffen | h3. Assigning Connection to TNC Server |
| 267 | 21 | Andreas Steffen | |
| 268 | 6 | Andreas Steffen | <pre> |
| 269 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] assigned TNCCS Connection ID 1 |
| 270 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh |
| 271 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes |
| 272 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] user AR identity 'raspi3.example.com' of type username authenticated by certificate |
| 273 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] machine AR identity '10.10.1.39' of type IPv4 address authenticated by unknown method |
| 274 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Handshake' |
| 275 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] received TNCCS batch (283 bytes) |
| 276 | 6 | Andreas Steffen | </pre> |
| 277 | 6 | Andreas Steffen | |
| 278 | 6 | Andreas Steffen | <pre> |
| 279 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] TNC server is handling inbound connection |
| 280 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
| 281 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] PB-TNC state transition from 'Init' to 'Server Working' |
| 282 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes) |
| 283 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-Language-Preference message (31 bytes) |
| 284 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-PA message (228 bytes) |
| 285 | 6 | Andreas Steffen | </pre> |
| 286 | 6 | Andreas Steffen | |
| 287 | 6 | Andreas Steffen | <pre> |
| 288 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] activating mutual PB-TNC half duplex protocol |
| 289 | 6 | Andreas Steffen | </pre> |
| 290 | 6 | Andreas Steffen | |
| 291 | 7 | Andreas Steffen | <pre> |
| 292 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] setting language preference to 'en' |
| 293 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 |
| 294 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 1 |
| 295 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC message with ID 0x83cf019d |
| 296 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 |
| 297 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 |
| 298 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 |
| 299 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 |
| 300 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b |
| 301 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c |
| 302 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 |
| 303 | 6 | Andreas Steffen | </pre> |
| 304 | 6 | Andreas Steffen | |
| 305 | 20 | Andreas Steffen | h3. Receiving OS Information |
| 306 | 20 | Andreas Steffen | |
| 307 | 6 | Andreas Steffen | <pre> |
| 308 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system name is 'Debian' from vendor Debian Project |
| 309 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system version is '7.8 armv7l' |
| 310 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] device ID is 565feb9e8462870dba884ce540a0768d68829873 |
| 311 | 6 | Andreas Steffen | </pre> |
| 312 | 6 | Andreas Steffen | |
| 313 | 22 | Andreas Steffen | h3. Starting Session with Policy Manager |
| 314 | 22 | Andreas Steffen | |
| 315 | 6 | Andreas Steffen | <pre> |
| 316 | 1 | Andreas Steffen | Aug 15 14:46:05 raspi4 charon: 14[IMV] assigned session ID 3 to Connection ID 1 |
| 317 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: imv_policy_manager start successful |
| 318 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: skipping enforcment 6 |
| 319 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] FWDEN workitem 13 |
| 320 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] FMETA workitem 14 |
| 321 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] PCKGS workitem 15 |
| 322 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] TCPOP workitem 16 |
| 323 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] UDPOP workitem 17 |
| 324 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] TPMRA workitem 18 |
| 325 | 6 | Andreas Steffen | </pre> |
| 326 | 6 | Andreas Steffen | |
| 327 | 6 | Andreas Steffen | <pre> |
| 328 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 329 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes |
| 330 | 6 | Andreas Steffen | </pre> |
| 331 | 6 | Andreas Steffen | |
| 332 | 6 | Andreas Steffen | <pre> |
| 333 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC message with ID 0x42501f74 |
| 334 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 |
| 335 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 |
| 336 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 |
| 337 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 338 | 6 | Andreas Steffen | </pre> |
| 339 | 6 | Andreas Steffen | |
| 340 | 6 | Andreas Steffen | <pre> |
| 341 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] TNC server is handling outbound connection |
| 342 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
| 343 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-TNC SDATA batch |
| 344 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] adding ITA-HSR/PB-Mutual-Capability message |
| 345 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] adding IETF/PB-PA message |
| 346 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 1 |
| 347 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 348 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ] |
| 349 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes) |
| 350 | 6 | Andreas Steffen | </pre> |
| 351 | 6 | Andreas Steffen | |
| 352 | 6 | Andreas Steffen | <pre> |
| 353 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes) |
| 354 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ] |
| 355 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 356 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] received TNCCS batch (8 bytes) |
| 357 | 21 | Andreas Steffen | </pre> |
| 358 | 21 | Andreas Steffen | |
| 359 | 21 | Andreas Steffen | h3. Assigning Connection to TNC Client |
| 360 | 21 | Andreas Steffen | |
| 361 | 21 | Andreas Steffen | <pre> |
| 362 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] assigned TNCCS Connection ID 2 |
| 363 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh |
| 364 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes |
| 365 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK certificate from '/etc/pts/aik4Cert.der' |
| 366 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK Blob from '/etc/pts/aik4Blob.bin' |
| 367 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh |
| 368 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes |
| 369 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Handshake' |
| 370 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Handshake' |
| 371 | 6 | Andreas Steffen | </pre> |
| 372 | 20 | Andreas Steffen | |
| 373 | 20 | Andreas Steffen | h3. Sending OS Information |
| 374 | 6 | Andreas Steffen | |
| 375 | 6 | Andreas Steffen | <pre> |
| 376 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] operating system numeric version is 7.8 |
| 377 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] last boot: Aug 15 07:56:45 UTC 2015, 17363 s ago |
| 378 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] IPv4 forwarding is disabled |
| 379 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] factory default password is disabled |
| 380 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] loaded device public key from '/etc/pts/aik4Pub.der' |
| 381 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IMC] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c |
| 382 | 6 | Andreas Steffen | </pre> |
| 383 | 6 | Andreas Steffen | |
| 384 | 6 | Andreas Steffen | <pre> |
| 385 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC message with ID 0x366c28ea |
| 386 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 |
| 387 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 |
| 388 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 |
| 389 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 |
| 390 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b |
| 391 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c |
| 392 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 |
| 393 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 |
| 394 | 6 | Andreas Steffen | </pre> |
| 395 | 6 | Andreas Steffen | |
| 396 | 6 | Andreas Steffen | <pre> |
| 397 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling inbound connection |
| 398 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
| 399 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Init' to 'Client Working' |
| 400 | 9 | Andreas Steffen | </pre> |
| 401 | 9 | Andreas Steffen | |
| 402 | 9 | Andreas Steffen | <pre> |
| 403 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling outbound connection |
| 404 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
| 405 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-TNC CDATA batch |
| 406 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-Language-Preference message |
| 407 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-PA message |
| 408 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[TNC] sending PB-TNC CDATA batch (267 bytes) for Connection ID 2 |
| 409 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 410 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ] |
| 411 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes) |
| 412 | 6 | Andreas Steffen | </pre> |
| 413 | 6 | Andreas Steffen | |
| 414 | 6 | Andreas Steffen | <pre> |
| 415 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
| 416 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ] |
| 417 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 418 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] received TNCCS batch (92 bytes) |
| 419 | 6 | Andreas Steffen | </pre> |
| 420 | 6 | Andreas Steffen | |
| 421 | 6 | Andreas Steffen | <pre> |
| 422 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling inbound connection |
| 423 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
| 424 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
| 425 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing IETF/PB-PA message (84 bytes) |
| 426 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 427 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
| 428 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC message with ID 0x1d5fa63a |
| 429 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 |
| 430 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 |
| 431 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 |
| 432 | 6 | Andreas Steffen | </pre> |
| 433 | 6 | Andreas Steffen | |
| 434 | 6 | Andreas Steffen | <pre> |
| 435 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 436 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes |
| 437 | 6 | Andreas Steffen | </pre> |
| 438 | 6 | Andreas Steffen | |
| 439 | 23 | Andreas Steffen | h3. Receiving PTS Protocol Capabilities |
| 440 | 23 | Andreas Steffen | |
| 441 | 6 | Andreas Steffen | <pre> |
| 442 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[PTS] supported PTS protocol capabilities: .VDT. |
| 443 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[PTS] selected PTS measurement algorithm is HASH_SHA1 |
| 444 | 6 | Andreas Steffen | </pre> |
| 445 | 6 | Andreas Steffen | |
| 446 | 6 | Andreas Steffen | <pre> |
| 447 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles FMETA workitem 14 |
| 448 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 requests metadata for file '/etc/tnc_config' |
| 449 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested |
| 450 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles TPMRA workitem 18 |
| 451 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC message with ID 0xaff3c130 |
| 452 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 |
| 453 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000 |
| 454 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 455 | 6 | Andreas Steffen | </pre> |
| 456 | 6 | Andreas Steffen | |
| 457 | 6 | Andreas Steffen | <pre> |
| 458 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling outbound connection |
| 459 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
| 460 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-TNC SDATA batch |
| 461 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] adding IETF/PB-PA message |
| 462 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 1 |
| 463 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 464 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TTLS ] |
| 465 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
| 466 | 11 | Andreas Steffen | </pre> |
| 467 | 11 | Andreas Steffen | |
| 468 | 11 | Andreas Steffen | <pre> |
| 469 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
| 470 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[ENC] parsed IKE_AUTH request 10 [ EAP/RES/TTLS ] |
| 471 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 472 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] received TNCCS batch (92 bytes) |
| 473 | 9 | Andreas Steffen | </pre> |
| 474 | 9 | Andreas Steffen | |
| 475 | 9 | Andreas Steffen | <pre> |
| 476 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling inbound connection |
| 477 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
| 478 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
| 479 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing IETF/PB-PA message (84 bytes) |
| 480 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 481 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
| 482 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC message with ID 0x918da8fe |
| 483 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 |
| 484 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 |
| 485 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 |
| 486 | 11 | Andreas Steffen | </pre> |
| 487 | 11 | Andreas Steffen | |
| 488 | 11 | Andreas Steffen | <pre> |
| 489 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 490 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IMC] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes |
| 491 | 11 | Andreas Steffen | </pre> |
| 492 | 11 | Andreas Steffen | |
| 493 | 23 | Andreas Steffen | h3. Sending PTS Protocol Capabilities |
| 494 | 23 | Andreas Steffen | |
| 495 | 11 | Andreas Steffen | <pre> |
| 496 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[PTS] supported PTS protocol capabilities: .VDT. |
| 497 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[PTS] selected PTS measurement algorithm is HASH_SHA1 |
| 498 | 11 | Andreas Steffen | </pre> |
| 499 | 11 | Andreas Steffen | |
| 500 | 11 | Andreas Steffen | <pre> |
| 501 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC message with ID 0xf94741eb |
| 502 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 |
| 503 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 |
| 504 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 |
| 505 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 506 | 9 | Andreas Steffen | </pre> |
| 507 | 9 | Andreas Steffen | |
| 508 | 9 | Andreas Steffen | <pre> |
| 509 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling outbound connection |
| 510 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
| 511 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-TNC CDATA batch |
| 512 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] adding IETF/PB-PA message |
| 513 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 2 |
| 514 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 515 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[ENC] generating IKE_AUTH response 10 [ EAP/REQ/TTLS ] |
| 516 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
| 517 | 11 | Andreas Steffen | </pre> |
| 518 | 11 | Andreas Steffen | |
| 519 | 11 | Andreas Steffen | <pre> |
| 520 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes) |
| 521 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[ENC] parsed IKE_AUTH request 11 [ EAP/RES/TTLS ] |
| 522 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 523 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] received TNCCS batch (226 bytes) |
| 524 | 9 | Andreas Steffen | </pre> |
| 525 | 9 | Andreas Steffen | |
| 526 | 9 | Andreas Steffen | <pre> |
| 527 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling inbound connection |
| 528 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
| 529 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
| 530 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing IETF/PB-PA message (218 bytes) |
| 531 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 532 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
| 533 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC message with ID 0x5e3ee705 |
| 534 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 |
| 535 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000 |
| 536 | 11 | Andreas Steffen | </pre> |
| 537 | 11 | Andreas Steffen | |
| 538 | 11 | Andreas Steffen | <pre> |
| 539 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] metadata request returned 1 file: |
| 540 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] 'tnc_config' (177 bytes) owner 0, group 0, type Regular |
| 541 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IMV] created Jun 05 20:02:25 2015, modified Jun 05 20:02:25 2015, accessed Jun 05 20:02:25 2015 |
| 542 | 11 | Andreas Steffen | </pre> |
| 543 | 11 | Andreas Steffen | |
| 544 | 11 | Andreas Steffen | <pre> |
| 545 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] selected DH hash algorithm is HASH_SHA1 |
| 546 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] selected PTS DH group is ECP_256 |
| 547 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] nonce length is 20 |
| 548 | 11 | Andreas Steffen | </pre> |
| 549 | 11 | Andreas Steffen | |
| 550 | 11 | Andreas Steffen | <pre> |
| 551 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] initiator nonce: => 20 bytes @ 0x1ab4f40 |
| 552 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15 ......m...@..._. |
| 553 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: FB 4E 28 AD .N(. |
| 554 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] responder nonce: => 20 bytes @ 0x1aafba0 |
| 555 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0 =.r9:....0...".. |
| 556 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: B6 D1 2A 01 ..*. |
| 557 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] shared DH secret: => 32 bytes @ 0x1ab3078 |
| 558 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA _....9........:. |
| 559 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE .#...........QP. |
| 560 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] secret assessment value: => 20 bytes @ 0x1ab4f28 |
| 561 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C ...p.x...y.]|..| |
| 562 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: E0 E0 83 77 ...w |
| 563 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC message with ID 0xd27d5b33 |
| 564 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000 |
| 565 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000 |
| 566 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000 |
| 567 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 568 | 9 | Andreas Steffen | </pre> |
| 569 | 9 | Andreas Steffen | |
| 570 | 9 | Andreas Steffen | <pre> |
| 571 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling outbound connection |
| 572 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
| 573 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-TNC SDATA batch |
| 574 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] adding IETF/PB-PA message |
| 575 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 1 |
| 576 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 577 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[ENC] generating IKE_AUTH response 11 [ EAP/REQ/TTLS ] |
| 578 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes) |
| 579 | 11 | Andreas Steffen | </pre> |
| 580 | 11 | Andreas Steffen | |
| 581 | 11 | Andreas Steffen | <pre> |
| 582 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
| 583 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[ENC] parsed IKE_AUTH request 12 [ EAP/RES/TTLS ] |
| 584 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 585 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] received TNCCS batch (87 bytes) |
| 586 | 9 | Andreas Steffen | </pre> |
| 587 | 9 | Andreas Steffen | |
| 588 | 9 | Andreas Steffen | <pre> |
| 589 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling inbound connection |
| 590 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
| 591 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
| 592 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing IETF/PB-PA message (79 bytes) |
| 593 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 594 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
| 595 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC message with ID 0xda2a70e9 |
| 596 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 |
| 597 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000 |
| 598 | 11 | Andreas Steffen | </pre> |
| 599 | 11 | Andreas Steffen | |
| 600 | 11 | Andreas Steffen | <pre> |
| 601 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IMC] metadata request for file '/etc/tnc_config' |
| 602 | 11 | Andreas Steffen | </pre> |
| 603 | 11 | Andreas Steffen | |
| 604 | 11 | Andreas Steffen | <pre> |
| 605 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[PTS] selected PTS DH group is ECP_256 |
| 606 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[PTS] nonce length is 20 |
| 607 | 11 | Andreas Steffen | </pre> |
| 608 | 12 | Andreas Steffen | |
| 609 | 12 | Andreas Steffen | <pre> |
| 610 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC message with ID 0x676268aa |
| 611 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000 |
| 612 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000 |
| 613 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 614 | 9 | Andreas Steffen | </pre> |
| 615 | 9 | Andreas Steffen | |
| 616 | 9 | Andreas Steffen | <pre> |
| 617 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling outbound connection |
| 618 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
| 619 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-TNC CDATA batch |
| 620 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] adding IETF/PB-PA message |
| 621 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 2 |
| 622 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 623 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[ENC] generating IKE_AUTH response 12 [ EAP/REQ/TTLS ] |
| 624 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes) |
| 625 | 11 | Andreas Steffen | </pre> |
| 626 | 11 | Andreas Steffen | |
| 627 | 11 | Andreas Steffen | <pre> |
| 628 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes) |
| 629 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[ENC] parsed IKE_AUTH request 13 [ EAP/RES/TTLS ] |
| 630 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 631 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] received TNCCS batch (902 bytes) |
| 632 | 9 | Andreas Steffen | </pre> |
| 633 | 9 | Andreas Steffen | |
| 634 | 9 | Andreas Steffen | <pre> |
| 635 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling inbound connection |
| 636 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
| 637 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
| 638 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing IETF/PB-PA message (894 bytes) |
| 639 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 640 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
| 641 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x641bcea1 |
| 642 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 |
| 643 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000 |
| 644 | 11 | Andreas Steffen | </pre> |
| 645 | 11 | Andreas Steffen | |
| 646 | 23 | Andreas Steffen | h3. Receiving TPM Version Information |
| 647 | 23 | Andreas Steffen | |
| 648 | 11 | Andreas Steffen | <pre> |
| 649 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX |
| 650 | 11 | Andreas Steffen | </pre> |
| 651 | 11 | Andreas Steffen | |
| 652 | 11 | Andreas Steffen | <pre> |
| 653 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] verifying AIK with keyid 56:5f:eb:9e:84:62:87:0d:ba:88:4c:e5:40:a0:76:8d:68:82:98:73 |
| 654 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK public key is trusted |
| 655 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[CFG] using trusted certificate "C=US, O=TNC Demo, CN=AIK CA" |
| 656 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK certificate is trusted |
| 657 | 11 | Andreas Steffen | </pre> |
| 658 | 11 | Andreas Steffen | |
| 659 | 11 | Andreas Steffen | <pre> |
| 660 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IMV] evidence request by |
| 661 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 662 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0xed256fac |
| 663 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 |
| 664 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 |
| 665 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 666 | 9 | Andreas Steffen | </pre> |
| 667 | 9 | Andreas Steffen | |
| 668 | 9 | Andreas Steffen | <pre> |
| 669 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling outbound connection |
| 670 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
| 671 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-TNC SDATA batch |
| 672 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] adding IETF/PB-PA message |
| 673 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 1 |
| 674 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 675 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[ENC] generating IKE_AUTH response 13 [ EAP/REQ/TTLS ] |
| 676 | 1 | Andreas Steffen | Aug 15 14:46:08 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
| 677 | 11 | Andreas Steffen | </pre> |
| 678 | 11 | Andreas Steffen | |
| 679 | 11 | Andreas Steffen | <pre> |
| 680 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes) |
| 681 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[ENC] parsed IKE_AUTH request 14 [ EAP/RES/TTLS ] |
| 682 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 683 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] received TNCCS batch (172 bytes) |
| 684 | 9 | Andreas Steffen | </pre> |
| 685 | 9 | Andreas Steffen | |
| 686 | 9 | Andreas Steffen | <pre> |
| 687 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling inbound connection |
| 688 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
| 689 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
| 690 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing IETF/PB-PA message (164 bytes) |
| 691 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 692 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
| 693 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC message with ID 0xe1b84e91 |
| 694 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000 |
| 695 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000 |
| 696 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000 |
| 697 | 11 | Andreas Steffen | </pre> |
| 698 | 11 | Andreas Steffen | |
| 699 | 11 | Andreas Steffen | <pre> |
| 700 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] selected DH hash algorithm is HASH_SHA1 |
| 701 | 11 | Andreas Steffen | </pre> |
| 702 | 11 | Andreas Steffen | |
| 703 | 13 | Andreas Steffen | <pre> |
| 704 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] initiator nonce: => 20 bytes @ 0x1ab0dc0 |
| 705 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A '.Q..f.T.W.I.*}: |
| 706 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: F1 38 81 26 .8.& |
| 707 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] responder nonce: => 20 bytes @ 0x1ab2e48 |
| 708 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71 .H.R...n_..+..&q |
| 709 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 49 73 01 42 Is.B |
| 710 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] shared DH secret: => 32 bytes @ 0x1aac378 |
| 711 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11 ......"..5..pA{. |
| 712 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1 .<.2.=..s2... .. |
| 713 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] secret assessment value: => 20 bytes @ 0x1ab0d20 |
| 714 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F .........Q...;.. |
| 715 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 68 50 6C DE hPl. |
| 716 | 11 | Andreas Steffen | </pre> |
| 717 | 23 | Andreas Steffen | |
| 718 | 23 | Andreas Steffen | h3. Sending TPM Version Information |
| 719 | 11 | Andreas Steffen | |
| 720 | 11 | Andreas Steffen | <pre> |
| 721 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX |
| 722 | 11 | Andreas Steffen | </pre> |
| 723 | 11 | Andreas Steffen | |
| 724 | 11 | Andreas Steffen | <pre> |
| 725 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC message with ID 0x951e0284 |
| 726 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000 |
| 727 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000 |
| 728 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 729 | 9 | Andreas Steffen | </pre> |
| 730 | 9 | Andreas Steffen | |
| 731 | 9 | Andreas Steffen | <pre> |
| 732 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling outbound connection |
| 733 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
| 734 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-TNC CDATA batch |
| 735 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] adding IETF/PB-PA message |
| 736 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 2 |
| 737 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 738 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[ENC] generating IKE_AUTH response 14 [ EAP/REQ/TTLS ] |
| 739 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes) |
| 740 | 14 | Andreas Steffen | </pre> |
| 741 | 14 | Andreas Steffen | |
| 742 | 14 | Andreas Steffen | <pre> |
| 743 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
| 744 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[ENC] parsed IKE_AUTH request 15 [ EAP/RES/TTLS ] |
| 745 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[ENC] generating IKE_AUTH response 15 [ EAP/REQ/TTLS ] |
| 746 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
| 747 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
| 748 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[ENC] parsed IKE_AUTH request 16 [ EAP/RES/TTLS ] |
| 749 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[ENC] generating IKE_AUTH response 16 [ EAP/REQ/TTLS ] |
| 750 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
| 751 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
| 752 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[ENC] parsed IKE_AUTH request 17 [ EAP/RES/TTLS ] |
| 753 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[ENC] generating IKE_AUTH response 17 [ EAP/REQ/TTLS ] |
| 754 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
| 755 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
| 756 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[ENC] parsed IKE_AUTH request 18 [ EAP/RES/TTLS ] |
| 757 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[ENC] generating IKE_AUTH response 18 [ EAP/REQ/TTLS ] |
| 758 | 1 | Andreas Steffen | Aug 15 14:46:09 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
| 759 | 4 | Andreas Steffen | ... |
| 760 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
| 761 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[ENC] parsed IKE_AUTH request 60 [ EAP/RES/TTLS ] |
| 762 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[ENC] generating IKE_AUTH response 60 [ EAP/REQ/TTLS ] |
| 763 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
| 764 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes) |
| 765 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[ENC] parsed IKE_AUTH request 61 [ EAP/RES/TTLS ] |
| 766 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 767 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] received TNCCS batch (47615 bytes) |
| 768 | 9 | Andreas Steffen | </pre> |
| 769 | 9 | Andreas Steffen | |
| 770 | 9 | Andreas Steffen | <pre> |
| 771 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] TNC server is handling inbound connection |
| 772 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1 |
| 773 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
| 774 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing IETF/PB-PA message (47607 bytes) |
| 775 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 776 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1 |
| 777 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x2d059578 |
| 778 | 11 | Andreas Steffen | </pre> |
| 779 | 11 | Andreas Steffen | |
| 780 | 15 | Andreas Steffen | h3. Initiator Attestation Measurement Values |
| 781 | 15 | Andreas Steffen | |
| 782 | 11 | Andreas Steffen | <pre> |
| 783 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 784 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 785 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
| 786 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b |
| 787 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:boot_aggregate' |
| 788 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 789 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 790 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
| 791 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 |
| 792 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/init' |
| 793 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 794 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 795 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
| 796 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 |
| 797 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/sh' |
| 798 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 799 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 800 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
| 801 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e |
| 802 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' |
| 803 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 804 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 805 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
| 806 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 |
| 807 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/mkdir' |
| 808 | 1 | Andreas Steffen | ... |
| 809 | 2 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 810 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 811 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
| 812 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb |
| 813 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/usr/sbin/service' |
| 814 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 815 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 816 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] measurement time: Jan 01 01:00:04 1970 |
| 817 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] PCR 10 extended with: e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce |
| 818 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 'sha1:/bin/cp' |
| 819 | 16 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 |
| 820 | 11 | Andreas Steffen | </pre> |
| 821 | 11 | Andreas Steffen | |
| 822 | 16 | Andreas Steffen | h3. Verifying Initiator Measurements |
| 823 | 16 | Andreas Steffen | |
| 824 | 1 | Andreas Steffen | <pre> |
| 825 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] checking boot aggregate evidence measurement |
| 826 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 for '/init' not found |
| 827 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 for '/bin/sh' is ok |
| 828 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e for '/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' is ok |
| 829 | 1 | Andreas Steffen | Aug 15 14:46:10 raspi4 charon: 08[PTS] 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 for '/bin/mkdir' is ok |
| 830 | 1 | Andreas Steffen | ... |
| 831 | 3 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb for '/usr/sbin/service' is ok |
| 832 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce for '/bin/cp' is ok |
| 833 | 11 | Andreas Steffen | </pre> |
| 834 | 1 | Andreas Steffen | |
| 835 | 16 | Andreas Steffen | h3. Verifying Initiator TPM Quote Signature |
| 836 | 16 | Andreas Steffen | |
| 837 | 11 | Andreas Steffen | <pre> |
| 838 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite: => 29 bytes @ 0x1b27188 |
| 839 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 0: 00 03 00 04 00 00 00 00 14 F7 5E 84 36 2B C2 83 ..........^.6+.. |
| 840 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 16: 28 8E 90 7E B3 39 45 74 33 60 2E B7 8E (..~.9Et3`... |
| 841 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed PCR Composite hash: 58:f2:83:91:d6:a8:df:3d:3e:c6:33:c7:24:93:9f:9c:22:a2:01:20 |
| 842 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] constructed TPM Quote Info: => 52 bytes @ 0x1b27e68 |
| 843 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 0: 00 36 51 55 54 32 D8 9D 1E 70 CE 78 C3 13 F2 79 .6QUT2...p.x...y |
| 844 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 16: BA 5D 7C E5 05 7C E0 E0 83 77 00 03 00 04 00 01 .]|..|...w...... |
| 845 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 32: 58 F2 83 91 D6 A8 DF 3D 3E C6 33 C7 24 93 9F 9C X......=>.3.$... |
| 846 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] 48: 22 A2 01 20 ".. |
| 847 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] received PCR Composite matches constructed one |
| 848 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] TPM Quote Info signature verification successful |
| 849 | 11 | Andreas Steffen | </pre> |
| 850 | 11 | Andreas Steffen | |
| 851 | 11 | Andreas Steffen | <pre> |
| 852 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[PTS] processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed |
| 853 | 11 | Andreas Steffen | </pre> |
| 854 | 11 | Andreas Steffen | |
| 855 | 11 | Andreas Steffen | <pre> |
| 856 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 handled TPMRA workitem 18: allow - processed 433 IMA file evidence measurements: 377 ok, 56 unknown, 0 differ, 0 failed |
| 857 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0x57254d62 |
| 858 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 |
| 859 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 860 | 19 | Andreas Steffen | </pre> |
| 861 | 19 | Andreas Steffen | |
| 862 | 19 | Andreas Steffen | h3. Sending Assessment Result |
| 863 | 19 | Andreas Steffen | |
| 864 | 19 | Andreas Steffen | <pre> |
| 865 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant' |
| 866 | 9 | Andreas Steffen | </pre> |
| 867 | 9 | Andreas Steffen | |
| 868 | 9 | Andreas Steffen | <pre> |
| 869 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] TNC server is handling outbound connection |
| 870 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: recommendation for access requestor 10.10.1.39 is allow |
| 871 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] policy: imv_policy_manager stop successful |
| 872 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Allowed' |
| 873 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Decided' |
| 874 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] creating PB-TNC RESULT batch |
| 875 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-PA message |
| 876 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Assessment-Result message |
| 877 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] adding IETF/PB-Access-Recommendation message |
| 878 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 1 |
| 879 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 880 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[ENC] generating IKE_AUTH response 61 [ EAP/REQ/TTLS ] |
| 881 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes) |
| 882 | 11 | Andreas Steffen | </pre> |
| 883 | 11 | Andreas Steffen | |
| 884 | 11 | Andreas Steffen | <pre> |
| 885 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
| 886 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[ENC] parsed IKE_AUTH request 62 [ EAP/RES/TTLS ] |
| 887 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 888 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] received TNCCS batch (80 bytes) |
| 889 | 9 | Andreas Steffen | </pre> |
| 890 | 9 | Andreas Steffen | |
| 891 | 9 | Andreas Steffen | <pre> |
| 892 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] TNC client is handling inbound connection |
| 893 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PB-TNC SDATA batch for Connection ID 2 |
| 894 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' |
| 895 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing IETF/PB-PA message (72 bytes) |
| 896 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 897 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
| 898 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC message with ID 0xc8f4500b |
| 899 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 |
| 900 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 |
| 901 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[IMC] evidence requested for 1 functional components |
| 902 | 11 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 903 | 1 | Andreas Steffen | </pre> |
| 904 | 15 | Andreas Steffen | |
| 905 | 16 | Andreas Steffen | h3. Responder Attestation Measurement Values |
| 906 | 11 | Andreas Steffen | |
| 907 | 11 | Andreas Steffen | <pre> |
| 908 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (451 entries) |
| 909 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 910 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
| 911 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b |
| 912 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:boot_aggregate' |
| 913 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 914 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
| 915 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 |
| 916 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/init' |
| 917 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 918 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
| 919 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 |
| 920 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/sh' |
| 921 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 922 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
| 923 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e |
| 924 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' |
| 925 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 926 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
| 927 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 |
| 928 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/bin/mkdir' |
| 929 | 4 | Andreas Steffen | ... |
| 930 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 931 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
| 932 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2 |
| 933 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/bin/clear_console' |
| 934 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System' |
| 935 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] measurement time: Jan 01 01:00:04 1970 |
| 936 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] PCR 10 extended with: 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33 |
| 937 | 1 | Andreas Steffen | Aug 15 14:46:16 raspi4 charon: 10[PTS] 'sha1:/usr/libexec/ipsec/stroke' |
| 938 | 1 | Andreas Steffen | </pre> |
| 939 | 16 | Andreas Steffen | |
| 940 | 17 | Andreas Steffen | h3. Generating Responder TPM Quote Signature |
| 941 | 11 | Andreas Steffen | |
| 942 | 11 | Andreas Steffen | <pre> |
| 943 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] Hash of PCR Composite: c4:6a:f4:fa:82:39:a6:7a:80:fe:4e:d2:7e:a5:05:b3:1e:60:4f:ff |
| 944 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Info: => 52 bytes @ 0x1ae0580 |
| 945 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 0: 00 36 51 55 54 32 B2 E0 AB DF 89 C5 1D B2 A3 51 .6QUT2.........Q |
| 946 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 16: FD A9 C8 3B F8 7F 68 50 6C DE 00 03 00 04 00 01 ...;..hPl....... |
| 947 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 32: C4 6A F4 FA 82 39 A6 7A 80 FE 4E D2 7E A5 05 B3 .j...9.z..N.~... |
| 948 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 48: 1E 60 4F FF .`O. |
| 949 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] TPM Quote Signature: => 256 bytes @ 0x1ae0c00 |
| 950 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 0: 6C 25 B7 58 F9 5C CA CA 86 6F 9A BD 24 2E 32 D9 l%.X.\...o..$.2. |
| 951 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 16: 36 DD 4F DF 37 09 1E 60 56 45 0E B4 32 52 A2 6A 6.O.7..`VE..2R.j |
| 952 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 32: B4 A5 27 59 79 25 F2 DC A1 05 14 5C 0C 71 DD DC ..'Yy%.....\.q.. |
| 953 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 48: 96 31 9C 69 DD 60 AC 51 70 95 47 48 62 FF 40 DC .1.i.`.Qp.GHb.@. |
| 954 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 64: FF FF C3 55 5D 1C DF E2 D6 4B 8E 4F BF 0A 47 CC ...U]....K.O..G. |
| 955 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 80: 1E C5 42 7D 3B 39 C4 4D 6A A0 A4 CD 3E E3 E6 C6 ..B};9.Mj...>... |
| 956 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 96: A1 DB F1 AF F3 2B 48 0D 74 60 A3 B3 E3 43 5E 22 .....+H.t`...C^" |
| 957 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 112: 99 EC 5B 23 FD 57 D4 1F 97 32 28 DC 4A 38 36 15 ..[#.W...2(.J86. |
| 958 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 128: 75 57 53 18 21 29 5C CD 8F C6 66 60 70 7C 47 0F uWS.!)\...f`p|G. |
| 959 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 144: 9B 7B FE BA 29 80 0C 87 11 41 81 95 6D 74 6B FA .{..)....A..mtk. |
| 960 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 160: 4D 5F F7 23 C4 60 D2 2A C2 16 08 EA AF 59 CC D2 M_.#.`.*.....Y.. |
| 961 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 176: 18 EC 20 18 5B 1D 42 72 E1 C8 33 02 A1 37 ED EA .. .[.Br..3..7.. |
| 962 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 192: B8 CD CA 2B 83 D3 B2 77 1C 45 2D C7 36 FA E6 88 ...+...w.E-.6... |
| 963 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 208: 93 C3 BE D9 26 31 A5 59 3D 20 24 B1 0F F3 04 5C ....&1.Y= $....\ |
| 964 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 224: 93 FA 8C 09 3E C3 FF E0 A1 EB 03 58 0B AB 08 89 ....>......X.... |
| 965 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[PTS] 240: BA A4 22 ED AB D6 BA 7C 65 8D B6 75 5C 7C 67 28 .."....|e..u\|g( |
| 966 | 18 | Andreas Steffen | </pre> |
| 967 | 18 | Andreas Steffen | |
| 968 | 18 | Andreas Steffen | <pre> |
| 969 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC message with ID 0xed64f7ab |
| 970 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 971 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 972 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 973 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 974 | 5 | Andreas Steffen | ... |
| 975 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 976 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000 |
| 977 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000 |
| 978 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 979 | 9 | Andreas Steffen | </pre> |
| 980 | 9 | Andreas Steffen | |
| 981 | 9 | Andreas Steffen | <pre> |
| 982 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] TNC client is handling outbound connection |
| 983 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' |
| 984 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] creating PB-TNC CDATA batch |
| 985 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] adding IETF/PB-PA message |
| 986 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[TNC] sending PB-TNC CDATA batch (49524 bytes) for Connection ID 2 |
| 987 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 988 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[ENC] generating IKE_AUTH response 62 [ EAP/REQ/TTLS ] |
| 989 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
| 990 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
| 991 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[ENC] parsed IKE_AUTH request 63 [ EAP/RES/TTLS ] |
| 992 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[ENC] generating IKE_AUTH response 63 [ EAP/REQ/TTLS ] |
| 993 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
| 994 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
| 995 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[ENC] parsed IKE_AUTH request 64 [ EAP/RES/TTLS ] |
| 996 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[ENC] generating IKE_AUTH response 64 [ EAP/REQ/TTLS ] |
| 997 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
| 998 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
| 999 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[ENC] parsed IKE_AUTH request 65 [ EAP/RES/TTLS ] |
| 1000 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[ENC] generating IKE_AUTH response 65 [ EAP/REQ/TTLS ] |
| 1001 | 1 | Andreas Steffen | Aug 15 14:46:17 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
| 1002 | 5 | Andreas Steffen | ... |
| 1003 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
| 1004 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[ENC] parsed IKE_AUTH request 109 [ EAP/RES/TTLS ] |
| 1005 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[ENC] generating IKE_AUTH response 109 [ EAP/REQ/TTLS ] |
| 1006 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes) |
| 1007 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
| 1008 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[ENC] parsed IKE_AUTH request 110 [ EAP/RES/TTLS ] |
| 1009 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[ENC] generating IKE_AUTH response 110 [ EAP/REQ/TTLS ] |
| 1010 | 1 | Andreas Steffen | Aug 15 14:46:18 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1040 bytes) |
| 1011 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes) |
| 1012 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[ENC] parsed IKE_AUTH request 111 [ EAP/RES/TTLS ] |
| 1013 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 1014 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] received TNCCS batch (88 bytes) |
| 1015 | 9 | Andreas Steffen | </pre> |
| 1016 | 9 | Andreas Steffen | |
| 1017 | 9 | Andreas Steffen | <pre> |
| 1018 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling inbound connection |
| 1019 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PB-TNC RESULT batch for Connection ID 2 |
| 1020 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Decided' |
| 1021 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-PA message (48 bytes) |
| 1022 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Assessment-Result message (16 bytes) |
| 1023 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing IETF/PB-Access-Recommendation message (16 bytes) |
| 1024 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 |
| 1025 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1 |
| 1026 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC message with ID 0x4077e3ed |
| 1027 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 |
| 1028 | 11 | Andreas Steffen | </pre> |
| 1029 | 19 | Andreas Steffen | |
| 1030 | 19 | Andreas Steffen | h3. Receiving Assessment Result |
| 1031 | 11 | Andreas Steffen | |
| 1032 | 11 | Andreas Steffen | <pre> |
| 1033 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 ***** |
| 1034 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] assessment result is 'compliant' |
| 1035 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] ***** end of assessment ***** |
| 1036 | 11 | Andreas Steffen | </pre> |
| 1037 | 11 | Andreas Steffen | |
| 1038 | 11 | Andreas Steffen | <pre> |
| 1039 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC assessment result is 'compliant' |
| 1040 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC access recommendation is 'Access Allowed' |
| 1041 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Allowed' |
| 1042 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Allowed' |
| 1043 | 9 | Andreas Steffen | </pre> |
| 1044 | 9 | Andreas Steffen | |
| 1045 | 9 | Andreas Steffen | <pre> |
| 1046 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] TNC client is handling outbound connection |
| 1047 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End' |
| 1048 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] creating PB-TNC CLOSE batch |
| 1049 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 2 |
| 1050 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] |
| 1051 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[ENC] generating IKE_AUTH response 111 [ EAP/REQ/TTLS ] |
| 1052 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes) |
| 1053 | 11 | Andreas Steffen | </pre> |
| 1054 | 11 | Andreas Steffen | |
| 1055 | 11 | Andreas Steffen | <pre> |
| 1056 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes) |
| 1057 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[ENC] parsed IKE_AUTH request 112 [ EAP/RES/TTLS ] |
| 1058 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] |
| 1059 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] received TNCCS batch (8 bytes) |
| 1060 | 9 | Andreas Steffen | </pre> |
| 1061 | 9 | Andreas Steffen | |
| 1062 | 9 | Andreas Steffen | <pre> |
| 1063 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] TNC server is handling inbound connection |
| 1064 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] processing PB-TNC CLOSE batch for Connection ID 1 |
| 1065 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] PB-TNC state transition from 'Decided' to 'End' |
| 1066 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] final recommendation is 'allow' and evaluation is 'compliant' |
| 1067 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforced on peer 'raspi3.example.com' is 'allow' |
| 1068 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] policy enforcement point added group membership 'allow' |
| 1069 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP_TTLS phase2 authentication of 'raspi3.example.com' with EAP_PT_EAP successful |
| 1070 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IMV] IMV 1 "Attestation" deleted the state of Connection ID 1 |
| 1071 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 1 |
| 1072 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 1 "OS" deleted the state of Connection ID 2 |
| 1073 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IMC] IMC 2 "Attestation" deleted the state of Connection ID 2 |
| 1074 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[TNC] removed TNCCS Connection ID 2 |
| 1075 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[IKE] EAP method EAP_TTLS succeeded, MSK established |
| 1076 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[ENC] generating IKE_AUTH response 112 [ EAP/SUCC ] |
| 1077 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
| 1078 | 11 | Andreas Steffen | </pre> |
| 1079 | 11 | Andreas Steffen | |
| 1080 | 11 | Andreas Steffen | <pre> |
| 1081 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (112 bytes) |
| 1082 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[ENC] parsed IKE_AUTH request 113 [ AUTH ] |
| 1083 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi3.example.com' with EAP successful |
| 1084 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] authentication of 'raspi4.example.com' (myself) with EAP |
| 1085 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] IKE_SA peer[1] established between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
| 1086 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] scheduling reauthentication in 10143s |
| 1087 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] maximum IKE_SA lifetime 10683s |
| 1088 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[IKE] CHILD_SA peer{1} established with SPIs ce21eedf_i c12c1aae_o and TS 10.10.1.40/32 === 10.10.1.39/32 |
| 1089 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[ENC] generating IKE_AUTH response 113 [ AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ] |
| 1090 | 1 | Andreas Steffen | Aug 15 14:46:25 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (240 bytes) |
| 1091 | 10 | Andreas Steffen | </pre> |
| 1092 | 10 | Andreas Steffen | |
| 1093 | 24 | Andreas Steffen | h2. strongTNC Policy Manager |
| 1094 | 24 | Andreas Steffen | |
| 1095 | 24 | Andreas Steffen | !tnc4.png! |
| 1096 | 24 | Andreas Steffen | |
| 1097 | 24 | Andreas Steffen | This screenshot of the strongTNC policy manager running on *raspi4* shows that the attestation of *raspi3* has been successful. |
| 1098 | 24 | Andreas Steffen | |
| 1099 | 24 | Andreas Steffen | h2. IPsec Connection established |
| 1100 | 24 | Andreas Steffen | |
| 1101 | 24 | Andreas Steffen | The command |
| 1102 | 24 | Andreas Steffen | <pre> |
| 1103 | 24 | Andreas Steffen | raspi4# ipsec statusall |
| 1104 | 24 | Andreas Steffen | </pre> |
| 1105 | 24 | Andreas Steffen | |
| 1106 | 24 | Andreas Steffen | shows that the IPsec transport connection between *raspi4* and *raspi3* has been successfully established. |
| 1107 | 24 | Andreas Steffen | <pre> |
| 1108 | 24 | Andreas Steffen | Status of IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l): |
| 1109 | 24 | Andreas Steffen | uptime: 2 minutes, since Aug 15 14:45:50 2015 |
| 1110 | 24 | Andreas Steffen | malloc: sbrk 1941504, mmap 0, used 1440680, free 500824 |
| 1111 | 24 | Andreas Steffen | worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 |
| 1112 | 24 | Andreas Steffen | loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
| 1113 | 24 | Andreas Steffen | Listening IP addresses: |
| 1114 | 24 | Andreas Steffen | 10.10.1.40 |
| 1115 | 24 | Andreas Steffen | Connections: |
| 1116 | 24 | Andreas Steffen | peer: 10.10.1.40...10.10.1.39 IKEv2 |
| 1117 | 24 | Andreas Steffen | peer: local: [raspi4.example.com] uses EAP_TTLS authentication |
| 1118 | 24 | Andreas Steffen | peer: cert: "C=US, O=TNC Demo, CN=raspi4.example.com" |
| 1119 | 24 | Andreas Steffen | peer: remote: [raspi3.example.com] uses EAP_TTLS authentication |
| 1120 | 24 | Andreas Steffen | peer: child: dynamic === dynamic TRANSPORT |
| 1121 | 24 | Andreas Steffen | Security Associations (1 up, 0 connecting): |
| 1122 | 24 | Andreas Steffen | peer[1]: ESTABLISHED 2 minutes ago, 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
| 1123 | 24 | Andreas Steffen | peer[1]: IKEv2 SPIs: 168d780b16692776_i 24a43cb75417ebe5_r*, EAP reauthentication in 2 hours |
| 1124 | 24 | Andreas Steffen | peer[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 |
| 1125 | 24 | Andreas Steffen | peer{1}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: ce21eedf_i c12c1aae_o |
| 1126 | 24 | Andreas Steffen | peer{1}: AES_CBC_128/HMAC_SHA2_256_128, 640 bytes_i (10 pkts, 48s ago), 640 bytes_o (10 pkts, 48s ago), rekeying in 46 minutes |
| 1127 | 24 | Andreas Steffen | peer{1}: 10.10.1.40/32 === 10.10.1.39/32 |
| 1128 | 24 | Andreas Steffen | </pre> |
| 1129 | 24 | Andreas Steffen | |
| 1130 | 10 | Andreas Steffen | h2. Terminating the IPsec Connection |
| 1131 | 10 | Andreas Steffen | |
| 1132 | 10 | Andreas Steffen | <pre> |
| 1133 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes) |
| 1134 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[ENC] parsed INFORMATIONAL request 114 [ D ] |
| 1135 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[IKE] received DELETE for IKE_SA peer[1] |
| 1136 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[IKE] deleting IKE_SA peer[1] between 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com] |
| 1137 | 1 | Andreas Steffen | Aug 15 14:49:04 raspi4 charon: 05[IKE] IKE_SA deleted |
| 1138 | 1 | Andreas Steffen | Aug 15 14:49:05 raspi4 charon: 05[ENC] generating INFORMATIONAL response 114 [ ] |
| 1139 | 1 | Andreas Steffen | Aug 15 14:49:05 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes) |
| 1140 | 10 | Andreas Steffen | </pre> |
| 1141 | 10 | Andreas Steffen | |
| 1142 | 10 | Andreas Steffen | h2. Stopping the IKEv2 Daemon |
| 1143 | 10 | Andreas Steffen | |
| 1144 | 10 | Andreas Steffen | <pre> |
| 1145 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[DMN] signal of type SIGINT received. Shutting down |
| 1146 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 2 "Attestation" terminated |
| 1147 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[IMC] IMC 1 "OS" terminated |
| 1148 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[IMV] IMV 1 "Attestation" terminated |
| 1149 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[PTS] removed TCG functional component namespace |
| 1150 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[PTS] removed ITA-HSR functional component namespace |
| 1151 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[TNC] removed IETF attributes |
| 1152 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[TNC] removed ITA-HSR attributes |
| 1153 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[TNC] removed TCG attributes |
| 1154 | 1 | Andreas Steffen | Aug 15 14:49:13 raspi4 charon: 00[LIB] libimcv terminated |
| 1155 | 1 | Andreas Steffen | </pre> |