Raspi 4 - Responding IoT Device » History » Version 3
Version 2 (Andreas Steffen, 15.08.2015 19:56) → Version 3/25 (Andreas Steffen, 15.08.2015 19:58)
h1. Raspi 4 - Responding IoT Device
strongSwan IPsec configuration file */etc/ipsec.conf*
<pre>
config setup
charondebug="tnc 2, imc 2, imv 2, pts 3"
conn %default
ike=aes128-sha256-ecp256!
esp=aes128-sha256-ecp256!
keyexchange=ikev2
conn peer
left=10.10.1.40
leftauth=eap-ttls
leftcert=raspi4Cert.pem
leftid=raspi4.example.com
leftfirewall=yes
right=10.10.1.39
rightauth=eap-ttls
rightid=raspi3.example.com
type=transport
auto=add
</pre>
strongSwan IPsec secrets file */etc/ipsec.secrets*
<pre>
: RSA raspi4Key.pem
</pre>
strongSwan configuration file */etc/strongswan.conf*
<pre>
charon {
load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
half_open_timeout = 90
plugins {
eap-ttls
{
max_message_count = 0
request_peer_auth = yes
phase2_piggyback = yes
phase2_tnc = yes
}
eap-tnc {
max_message_count = 0
}
tnccs-20 {
mutual = yes
}
}
}
libimcv {
database = sqlite:///etc/pts/config.db
policy_script = ipsec imv_policy_manager
plugins {
imc-os {
device_pubkey = /etc/pts/aik4Pub.der
}
imc-attestation {
aik_blob = /etc/pts/aik4Blob.bin
aik_cert = /etc/pts/aik4Cert.der
}
imv-attestation {
cadir = /etc/pts/cacerts
hash_algorithm = sha1
}
}
}
libtls {
suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
}
pt-tls-client {
load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl
}
attest {
database=sqlite:///etc/pts/config.db
}
</pre>
<pre>
Aug 15 14:45:49 raspi4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l)
Aug 15 14:45:49 raspi4 charon: 00[NET] could not open socket: Address family not supported by protocol
Aug 15 14:45:49 raspi4 charon: 00[NET] could not open IPv6 socket, IPv6 disabled
Aug 15 14:45:49 raspi4 charon: 00[KNL] received netlink error: Address family not supported by protocol (97)
Aug 15 14:45:49 raspi4 charon: 00[KNL] unable to create IPv6 routing table rule
Aug 15 14:45:49 raspi4 charon: 00[TNC] TNC recommendation policy is 'default'
Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMVs from '/etc/tnc_config'
Aug 15 14:45:49 raspi4 charon: 00[TNC] added IETF attributes
Aug 15 14:45:49 raspi4 charon: 00[TNC] added ITA-HSR attributes
Aug 15 14:45:49 raspi4 charon: 00[TNC] added TCG attributes
Aug 15 14:45:49 raspi4 charon: 00[PTS] added TCG functional component namespace
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component namespace
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'
Aug 15 14:45:49 raspi4 charon: 00[LIB] libimcv initialized
Aug 15 14:45:49 raspi4 charon: 00[IMV] IMV 1 "Attestation" initialized
Aug 15 14:45:49 raspi4 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts'
Aug 15 14:45:49 raspi4 charon: 00[PTS] loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem'
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so'
Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMCs from '/etc/tnc_config'
Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 1 "OS" initialized
Aug 15 14:45:49 raspi4 charon: 00[IMC] processing "/etc/debian_version" file
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system name is 'Debian'
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system version is '7.8 armv7l'
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so'
Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 2 "Attestation" initialized
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded ca certificate "C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA" from '/etc/ipsec.d/cacerts/MSE_CA_Cert.pem'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/raspi4Key.pem'
Aug 15 14:45:49 raspi4 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
Aug 15 14:45:49 raspi4 charon: 00[JOB] spawning 16 worker threads
Aug 15 14:45:49 raspi4 charon: 06[CFG] received stroke: add connection 'peer'
Aug 15 14:45:49 raspi4 charon: 06[CFG] loaded certificate "C=US, O=TNC Demo, CN=raspi4.example.com" from 'raspi4Cert.pem'
Aug 15 14:45:49 raspi4 charon: 06[CFG] added configuration 'peer'
Aug 15 14:46:05 raspi4 charon: 07[NET] received packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes)
Aug 15 14:46:05 raspi4 charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Aug 15 14:46:05 raspi4 charon: 07[IKE] 10.10.1.39 is initiating an IKE_SA
Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA"
Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
Aug 15 14:46:05 raspi4 charon: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
Aug 15 14:46:05 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes)
Aug 15 14:46:05 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes)
Aug 15 14:46:05 raspi4 charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA"
Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
Aug 15 14:46:05 raspi4 charon: 08[CFG] looking for peer configs matching 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
Aug 15 14:46:05 raspi4 charon: 08[CFG] selected peer config 'peer'
Aug 15 14:46:05 raspi4 charon: 08[IKE] initiating EAP_TTLS method (id 0xDB)
Aug 15 14:46:05 raspi4 charon: 08[IKE] peer supports MOBIKE
Aug 15 14:46:05 raspi4 charon: 08[ENC] generating IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes)
Aug 15 14:46:05 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes)
Aug 15 14:46:05 raspi4 charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 09[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com'
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA'
Aug 15 14:46:05 raspi4 charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:05 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:05 raspi4 charon: 10[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 10[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes)
Aug 15 14:46:05 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:05 raspi4 charon: 11[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 11[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:05 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes)
Aug 15 14:46:05 raspi4 charon: 12[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 12[TLS] received TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com'
Aug 15 14:46:05 raspi4 charon: 12[CFG] using certificate "C=US, O=TNC Demo, CN=raspi3.example.com"
Aug 15 14:46:05 raspi4 charon: 12[CFG] using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
Aug 15 14:46:05 raspi4 charon: 12[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi3.example.com"
Aug 15 14:46:05 raspi4 charon: 12[CFG] certificate status is not available
Aug 15 14:46:05 raspi4 charon: 12[CFG] reached self-signed root ca with a path length of 0
Aug 15 14:46:05 raspi4 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/ID]
Aug 15 14:46:05 raspi4 charon: 12[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:05 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes)
Aug 15 14:46:05 raspi4 charon: 13[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/RES/ID]
Aug 15 14:46:05 raspi4 charon: 13[IKE] received EAP identity 'raspi3.example.com'
Aug 15 14:46:05 raspi4 charon: 13[IKE] phase2 method EAP_PT_EAP selected
Aug 15 14:46:05 raspi4 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:05 raspi4 charon: 13[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
Aug 15 14:46:05 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes)
Aug 15 14:46:05 raspi4 charon: 14[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:05 raspi4 charon: 14[TNC] assigned TNCCS Connection ID 1
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Aug 15 14:46:05 raspi4 charon: 14[IMV] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:05 raspi4 charon: 14[IMV] user AR identity 'raspi3.example.com' of type username authenticated by certificate
Aug 15 14:46:05 raspi4 charon: 14[IMV] machine AR identity '10.10.1.39' of type IPv4 address authenticated by unknown method
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Handshake'
Aug 15 14:46:05 raspi4 charon: 14[TNC] received TNCCS batch (283 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] TNC server is handling inbound connection
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:05 raspi4 charon: 14[TNC] PB-TNC state transition from 'Init' to 'Server Working'
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-Language-Preference message (31 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-PA message (228 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] activating mutual PB-TNC half duplex protocol
Aug 15 14:46:05 raspi4 charon: 14[TNC] setting language preference to 'en'
Aug 15 14:46:05 raspi4 charon: 14[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 1
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC message with ID 0x83cf019d
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system name is 'Debian' from vendor Debian Project
Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system version is '7.8 armv7l'
Aug 15 14:46:05 raspi4 charon: 14[IMV] device ID is 565feb9e8462870dba884ce540a0768d68829873
Aug 15 14:46:05 raspi4 charon: 14[IMV] assigned session ID 3 to Connection ID 1
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: imv_policy_manager start successful
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: skipping enforcment 6
Aug 15 14:46:08 raspi4 charon: 14[IMV] FWDEN workitem 13
Aug 15 14:46:08 raspi4 charon: 14[IMV] FMETA workitem 14
Aug 15 14:46:08 raspi4 charon: 14[IMV] PCKGS workitem 15
Aug 15 14:46:08 raspi4 charon: 14[IMV] TCPOP workitem 16
Aug 15 14:46:08 raspi4 charon: 14[IMV] UDPOP workitem 17
Aug 15 14:46:08 raspi4 charon: 14[IMV] TPMRA workitem 18
Aug 15 14:46:08 raspi4 charon: 14[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 14[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC message with ID 0x42501f74
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 14[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding ITA-HSR/PB-Mutual-Capability message
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 14[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 14[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes)
Aug 15 14:46:08 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:08 raspi4 charon: 15[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 15[TNC] received TNCCS batch (8 bytes)
Aug 15 14:46:08 raspi4 charon: 15[TNC] assigned TNCCS Connection ID 2
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK certificate from '/etc/pts/aik4Cert.der'
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK Blob from '/etc/pts/aik4Blob.bin'
Aug 15 14:46:08 raspi4 charon: 15[PTS] AIK Blob: => 559 bytes @ 0x76f63000
Aug 15 14:46:08 raspi4 charon: 15[PTS] 0: 01 01 00 00 00 12 00 00 00 04 00 00 00 00 01 00 ................
Aug 15 14:46:08 raspi4 charon: 15[PTS] 16: 01 00 02 00 00 00 0C 00 00 08 00 00 00 00 02 00 ................
Aug 15 14:46:08 raspi4 charon: 15[PTS] 32: 00 00 00 00 00 00 00 00 00 01 00 93 3D 37 13 CE ............=7..
Aug 15 14:46:08 raspi4 charon: 15[PTS] 48: 29 34 86 C1 28 CE FC EB DA 46 98 4A 87 20 34 68 )4..(....F.J. 4h
Aug 15 14:46:08 raspi4 charon: 15[PTS] 64: 3E 62 4F 88 2D AC CC 70 03 33 41 6E 3B 31 D5 32 >bO.-..p.3An;1.2
Aug 15 14:46:08 raspi4 charon: 15[PTS] 80: 86 0E B2 D2 3D 6C 13 24 2E 66 80 D1 21 57 A8 B5 ....=l.$.f..!W..
Aug 15 14:46:08 raspi4 charon: 15[PTS] 96: EC 5E 2B FA 73 CE 25 3A 29 19 B6 37 5F 6A 40 48 .^+.s.%:)..7_j@H
Aug 15 14:46:08 raspi4 charon: 15[PTS] 112: D7 D4 94 41 20 28 69 63 D6 A1 62 7D 31 DF 73 80 ...A (ic..b}1.s.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 128: 75 2A 97 41 9C E7 F3 31 C6 82 04 61 27 D7 B4 CC u*.A...1...a'...
Aug 15 14:46:08 raspi4 charon: 15[PTS] 144: 41 1C BE CE AB 3C F7 EB 70 8A 1A 44 C6 4D 59 6D A....<..p..D.MYm
Aug 15 14:46:08 raspi4 charon: 15[PTS] 160: 05 74 11 54 FC 64 5E 21 42 B3 3C 9D 5E 77 A1 40 .t.T.d^!B.<.^w.@
Aug 15 14:46:08 raspi4 charon: 15[PTS] 176: AA 95 D3 27 66 00 46 9E AF F7 5E 75 A9 E0 16 BE ...'f.F...^u....
Aug 15 14:46:08 raspi4 charon: 15[PTS] 192: AA 2E 01 8E 63 EA FF 99 55 0F 5C 0C AE 7C AE 09 ....c...U.\..|..
Aug 15 14:46:08 raspi4 charon: 15[PTS] 208: 39 20 6D 8C 61 1F FC 83 DD E3 77 1C 26 CA 8E AB 9 m.a.....w.&...
Aug 15 14:46:08 raspi4 charon: 15[PTS] 224: 61 DF 57 7A 19 D5 99 70 19 DD 57 88 F1 D7 A5 D7 a.Wz...p..W.....
Aug 15 14:46:08 raspi4 charon: 15[PTS] 240: 90 10 50 4F D0 46 F8 69 9E FF AC 99 72 84 71 6F ..PO.F.i....r.qo
Aug 15 14:46:08 raspi4 charon: 15[PTS] 256: E7 37 9B D1 BF C1 39 C3 BE 69 C7 2B B2 59 51 4F .7....9..i.+.YQO
Aug 15 14:46:08 raspi4 charon: 15[PTS] 272: 49 57 6F E2 0F D2 9B 41 A3 E8 A7 28 4D 16 DD 64 IWo....A...(M..d
Aug 15 14:46:08 raspi4 charon: 15[PTS] 288: D5 96 6D 89 9E 67 96 BB 58 06 21 00 00 01 00 66 ..m..g..X.!....f
Aug 15 14:46:08 raspi4 charon: 15[PTS] 304: D6 7B F4 3B 7F 36 B6 82 25 E4 EA 20 E8 BD A0 4D .{.;.6..%.. ...M
Aug 15 14:46:08 raspi4 charon: 15[PTS] 320: 98 7B 96 7A 7D 05 8E 7C BB FD 3A CB 71 C6 F6 8C .{.z}..|..:.q...
Aug 15 14:46:08 raspi4 charon: 15[PTS] 336: A6 CE 59 A1 45 1F 8C DD B4 2F C4 3E 00 54 4E CA ..Y.E..../.>.TN.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 352: 73 AD A6 A5 7E 8E 0A 9D 95 80 C2 FF 0A 5C F4 EF s...~........\..
Aug 15 14:46:08 raspi4 charon: 15[PTS] 368: 3C 17 9F D4 57 DF 7B AA 40 B1 03 11 8B 25 17 3C <...W.{.@....%.<
Aug 15 14:46:08 raspi4 charon: 15[PTS] 384: BE 34 EC F2 E3 E6 8B F5 C6 57 62 F9 0A B9 50 39 .4.......Wb...P9
Aug 15 14:46:08 raspi4 charon: 15[PTS] 400: 73 ED 6D F3 64 E7 C9 C0 36 6F 2B 9C 25 CB A3 4D s.m.d...6o+.%..M
Aug 15 14:46:08 raspi4 charon: 15[PTS] 416: 99 E1 75 62 4B 3D 12 59 33 07 0D 67 7A 8D 67 50 ..ubK=.Y3..gz.gP
Aug 15 14:46:08 raspi4 charon: 15[PTS] 432: CC E8 CB 12 BD 20 6B 73 C3 5B D6 31 A9 9C 5A E5 ..... ks.[.1..Z.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 448: 41 E5 6D F4 69 A6 07 46 71 81 F5 3A 02 83 36 D1 A.m.i..Fq..:..6.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 464: 9E E8 9B 6B 72 B3 70 98 48 36 31 8C 21 99 A3 99 ...kr.p.H61.!...
Aug 15 14:46:08 raspi4 charon: 15[PTS] 480: 80 D9 83 A5 52 0D F7 83 6A 56 04 64 7E 7E C5 4B ....R...jV.d~~.K
Aug 15 14:46:08 raspi4 charon: 15[PTS] 496: 02 1F 5E 45 AC F9 28 3D 4C 10 2E CB 58 99 72 73 ..^E..(=L...X.rs
Aug 15 14:46:08 raspi4 charon: 15[PTS] 512: 99 43 4D 69 90 A7 47 E2 EF 51 F0 A0 14 C5 11 9F .CMi..G..Q......
Aug 15 14:46:08 raspi4 charon: 15[PTS] 528: 11 B0 3C FB 8E C2 31 F2 94 E3 53 77 15 31 57 C9 ..<...1...Sw.1W.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 544: 7E DD FB 5E 6B DF 2D D9 0A B0 9C BA E8 22 9B ~..^k.-......".
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Handshake'
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Handshake'
Aug 15 14:46:08 raspi4 charon: 15[IMC] operating system numeric version is 7.8
Aug 15 14:46:08 raspi4 charon: 15[IMC] last boot: Aug 15 07:56:45 UTC 2015, 17363 s ago
Aug 15 14:46:08 raspi4 charon: 15[IMC] IPv4 forwarding is disabled
Aug 15 14:46:08 raspi4 charon: 15[IMC] factory default password is disabled
Aug 15 14:46:08 raspi4 charon: 15[IMC] loaded device public key from '/etc/pts/aik4Pub.der'
Aug 15 14:46:08 raspi4 charon: 15[IMC] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC message with ID 0x366c28ea
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 15[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Init' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-Language-Preference message
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 15[TNC] sending PB-TNC CDATA batch (267 bytes) for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 15[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes)
Aug 15 14:46:08 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 16[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 16[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 16[TNC] received TNCCS batch (92 bytes)
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi4 charon: 16[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC message with ID 0x1d5fa63a
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 16[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi4 charon: 16[PTS] supported PTS protocol capabilities: .VDT.
Aug 15 14:46:08 raspi4 charon: 16[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles FMETA workitem 14
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 requests metadata for file '/etc/tnc_config'
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles TPMRA workitem 18
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC message with ID 0xaff3c130
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 16[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 16[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 16[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 16[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 05[ENC] parsed IKE_AUTH request 10 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 05[TNC] received TNCCS batch (92 bytes)
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi4 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC message with ID 0x918da8fe
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 05[IMC] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi4 charon: 05[PTS] supported PTS protocol capabilities: .VDT.
Aug 15 14:46:08 raspi4 charon: 05[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC message with ID 0xf94741eb
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi4 charon: 05[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 05[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 05[ENC] generating IKE_AUTH response 10 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes)
Aug 15 14:46:08 raspi4 charon: 06[ENC] parsed IKE_AUTH request 11 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 06[TNC] received TNCCS batch (226 bytes)
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing IETF/PB-PA message (218 bytes)
Aug 15 14:46:08 raspi4 charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC message with ID 0x5e3ee705
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi4 charon: 06[IMV] metadata request returned 1 file:
Aug 15 14:46:08 raspi4 charon: 06[IMV] 'tnc_config' (177 bytes) owner 0, group 0, type Regular
Aug 15 14:46:08 raspi4 charon: 06[IMV] created Jun 05 20:02:25 2015, modified Jun 05 20:02:25 2015, accessed Jun 05 20:02:25 2015
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected PTS DH group is ECP_256
Aug 15 14:46:08 raspi4 charon: 06[PTS] nonce length is 20
Aug 15 14:46:08 raspi4 charon: 06[PTS] initiator nonce: => 20 bytes @ 0x1ab4f40
Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15 ......m...@..._.
Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: FB 4E 28 AD .N(.
Aug 15 14:46:08 raspi4 charon: 06[PTS] responder nonce: => 20 bytes @ 0x1aafba0
Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0 =.r9:....0..."..
Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: B6 D1 2A 01 ..*.
Aug 15 14:46:08 raspi4 charon: 06[PTS] shared DH secret: => 32 bytes @ 0x1ab3078
Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA _....9........:.
Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE .#...........QP.
Aug 15 14:46:08 raspi4 charon: 06[PTS] secret assessment value: => 20 bytes @ 0x1ab4f28
Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C ...p.x...y.]|..|
Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: E0 E0 83 77 ...w
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC message with ID 0xd27d5b33
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 06[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 06[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 06[ENC] generating IKE_AUTH response 11 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes)
Aug 15 14:46:08 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 07[ENC] parsed IKE_AUTH request 12 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 07[TNC] received TNCCS batch (87 bytes)
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing IETF/PB-PA message (79 bytes)
Aug 15 14:46:08 raspi4 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC message with ID 0xda2a70e9
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi4 charon: 07[IMC] metadata request for file '/etc/tnc_config'
Aug 15 14:46:08 raspi4 charon: 07[PTS] selected PTS DH group is ECP_256
Aug 15 14:46:08 raspi4 charon: 07[PTS] nonce length is 20
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC message with ID 0x676268aa
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi4 charon: 07[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 07[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 07[ENC] generating IKE_AUTH response 12 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes)
Aug 15 14:46:08 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes)
Aug 15 14:46:08 raspi4 charon: 08[ENC] parsed IKE_AUTH request 13 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 08[TNC] received TNCCS batch (902 bytes)
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing IETF/PB-PA message (894 bytes)
Aug 15 14:46:08 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x641bcea1
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Aug 15 14:46:08 raspi4 charon: 08[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:08 raspi4 charon: 08[IMV] verifying AIK with keyid 56:5f:eb:9e:84:62:87:0d:ba:88:4c:e5:40:a0:76:8d:68:82:98:73
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK public key is trusted
Aug 15 14:46:08 raspi4 charon: 08[CFG] using trusted certificate "C=US, O=TNC Demo, CN=AIK CA"
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK certificate is trusted
Aug 15 14:46:08 raspi4 charon: 08[IMV] evidence request by
Aug 15 14:46:08 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0xed256fac
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 08[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 08[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 08[ENC] generating IKE_AUTH response 13 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:09 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes)
Aug 15 14:46:09 raspi4 charon: 09[ENC] parsed IKE_AUTH request 14 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:09 raspi4 charon: 09[TNC] received TNCCS batch (172 bytes)
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling inbound connection
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing IETF/PB-PA message (164 bytes)
Aug 15 14:46:09 raspi4 charon: 09[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi4 charon: 09[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC message with ID 0xe1b84e91
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:09 raspi4 charon: 09[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:09 raspi4 charon: 09[PTS] initiator nonce: => 20 bytes @ 0x1ab0dc0
Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A '.Q..f.T.W.I.*}:
Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: F1 38 81 26 .8.&
Aug 15 14:46:09 raspi4 charon: 09[PTS] responder nonce: => 20 bytes @ 0x1ab2e48
Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71 .H.R...n_..+..&q
Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 49 73 01 42 Is.B
Aug 15 14:46:09 raspi4 charon: 09[PTS] shared DH secret: => 32 bytes @ 0x1aac378
Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11 ......"..5..pA{.
Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1 .<.2.=..s2... ..
Aug 15 14:46:09 raspi4 charon: 09[PTS] secret assessment value: => 20 bytes @ 0x1ab0d20
Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F .........Q...;..
Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 68 50 6C DE hPl.
Aug 15 14:46:09 raspi4 charon: 09[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC message with ID 0x951e0284
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling outbound connection
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:09 raspi4 charon: 09[TNC] adding IETF/PB-PA message
Aug 15 14:46:09 raspi4 charon: 09[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 2
Aug 15 14:46:09 raspi4 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:09 raspi4 charon: 09[ENC] generating IKE_AUTH response 14 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes)
Aug 15 14:46:09 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 10[ENC] parsed IKE_AUTH request 15 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 10[ENC] generating IKE_AUTH response 15 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 11[ENC] parsed IKE_AUTH request 16 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 11[ENC] generating IKE_AUTH response 16 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 12[ENC] parsed IKE_AUTH request 17 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 12[ENC] generating IKE_AUTH response 17 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 13[ENC] parsed IKE_AUTH request 18 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 13[ENC] generating IKE_AUTH response 18 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 14[ENC] parsed IKE_AUTH request 19 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 14[ENC] generating IKE_AUTH response 19 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 15[ENC] parsed IKE_AUTH request 20 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 15[ENC] generating IKE_AUTH response 20 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 16[ENC] parsed IKE_AUTH request 21 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 16[ENC] generating IKE_AUTH response 21 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 05[ENC] parsed IKE_AUTH request 22 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 05[ENC] generating IKE_AUTH response 22 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 06[ENC] parsed IKE_AUTH request 23 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 06[ENC] generating IKE_AUTH response 23 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 07[ENC] parsed IKE_AUTH request 24 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 07[ENC] generating IKE_AUTH response 24 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 08[ENC] parsed IKE_AUTH request 25 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 08[ENC] generating IKE_AUTH response 25 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 09[ENC] parsed IKE_AUTH request 26 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 09[ENC] generating IKE_AUTH response 26 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 09[NET] sending packet: [ Incomplete diff, document too large... ]
strongSwan IPsec configuration file */etc/ipsec.conf*
<pre>
config setup
charondebug="tnc 2, imc 2, imv 2, pts 3"
conn %default
ike=aes128-sha256-ecp256!
esp=aes128-sha256-ecp256!
keyexchange=ikev2
conn peer
left=10.10.1.40
leftauth=eap-ttls
leftcert=raspi4Cert.pem
leftid=raspi4.example.com
leftfirewall=yes
right=10.10.1.39
rightauth=eap-ttls
rightid=raspi3.example.com
type=transport
auto=add
</pre>
strongSwan IPsec secrets file */etc/ipsec.secrets*
<pre>
: RSA raspi4Key.pem
</pre>
strongSwan configuration file */etc/strongswan.conf*
<pre>
charon {
load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
half_open_timeout = 90
plugins {
eap-ttls
{
max_message_count = 0
request_peer_auth = yes
phase2_piggyback = yes
phase2_tnc = yes
}
eap-tnc {
max_message_count = 0
}
tnccs-20 {
mutual = yes
}
}
}
libimcv {
database = sqlite:///etc/pts/config.db
policy_script = ipsec imv_policy_manager
plugins {
imc-os {
device_pubkey = /etc/pts/aik4Pub.der
}
imc-attestation {
aik_blob = /etc/pts/aik4Blob.bin
aik_cert = /etc/pts/aik4Cert.der
}
imv-attestation {
cadir = /etc/pts/cacerts
hash_algorithm = sha1
}
}
}
libtls {
suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
}
pt-tls-client {
load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl
}
attest {
database=sqlite:///etc/pts/config.db
}
</pre>
<pre>
Aug 15 14:45:49 raspi4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l)
Aug 15 14:45:49 raspi4 charon: 00[NET] could not open socket: Address family not supported by protocol
Aug 15 14:45:49 raspi4 charon: 00[NET] could not open IPv6 socket, IPv6 disabled
Aug 15 14:45:49 raspi4 charon: 00[KNL] received netlink error: Address family not supported by protocol (97)
Aug 15 14:45:49 raspi4 charon: 00[KNL] unable to create IPv6 routing table rule
Aug 15 14:45:49 raspi4 charon: 00[TNC] TNC recommendation policy is 'default'
Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMVs from '/etc/tnc_config'
Aug 15 14:45:49 raspi4 charon: 00[TNC] added IETF attributes
Aug 15 14:45:49 raspi4 charon: 00[TNC] added ITA-HSR attributes
Aug 15 14:45:49 raspi4 charon: 00[TNC] added TCG attributes
Aug 15 14:45:49 raspi4 charon: 00[PTS] added TCG functional component namespace
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component namespace
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'
Aug 15 14:45:49 raspi4 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'
Aug 15 14:45:49 raspi4 charon: 00[LIB] libimcv initialized
Aug 15 14:45:49 raspi4 charon: 00[IMV] IMV 1 "Attestation" initialized
Aug 15 14:45:49 raspi4 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts'
Aug 15 14:45:49 raspi4 charon: 00[PTS] loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem'
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so'
Aug 15 14:45:49 raspi4 charon: 00[TNC] loading IMCs from '/etc/tnc_config'
Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 1 "OS" initialized
Aug 15 14:45:49 raspi4 charon: 00[IMC] processing "/etc/debian_version" file
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system name is 'Debian'
Aug 15 14:45:49 raspi4 charon: 00[IMC] operating system version is '7.8 armv7l'
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so'
Aug 15 14:45:49 raspi4 charon: 00[IMC] IMC 2 "Attestation" initialized
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_2048[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1536[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group MODP_1024[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:45:49 raspi4 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded ca certificate "C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA" from '/etc/ipsec.d/cacerts/MSE_CA_Cert.pem'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 15 14:45:49 raspi4 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/raspi4Key.pem'
Aug 15 14:45:49 raspi4 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
Aug 15 14:45:49 raspi4 charon: 00[JOB] spawning 16 worker threads
Aug 15 14:45:49 raspi4 charon: 06[CFG] received stroke: add connection 'peer'
Aug 15 14:45:49 raspi4 charon: 06[CFG] loaded certificate "C=US, O=TNC Demo, CN=raspi4.example.com" from 'raspi4Cert.pem'
Aug 15 14:45:49 raspi4 charon: 06[CFG] added configuration 'peer'
Aug 15 14:46:05 raspi4 charon: 07[NET] received packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes)
Aug 15 14:46:05 raspi4 charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Aug 15 14:46:05 raspi4 charon: 07[IKE] 10.10.1.39 is initiating an IKE_SA
Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA"
Aug 15 14:46:05 raspi4 charon: 07[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
Aug 15 14:46:05 raspi4 charon: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
Aug 15 14:46:05 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes)
Aug 15 14:46:05 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes)
Aug 15 14:46:05 raspi4 charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA"
Aug 15 14:46:05 raspi4 charon: 08[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
Aug 15 14:46:05 raspi4 charon: 08[CFG] looking for peer configs matching 10.10.1.40[raspi4.example.com]...10.10.1.39[raspi3.example.com]
Aug 15 14:46:05 raspi4 charon: 08[CFG] selected peer config 'peer'
Aug 15 14:46:05 raspi4 charon: 08[IKE] initiating EAP_TTLS method (id 0xDB)
Aug 15 14:46:05 raspi4 charon: 08[IKE] peer supports MOBIKE
Aug 15 14:46:05 raspi4 charon: 08[ENC] generating IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes)
Aug 15 14:46:05 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes)
Aug 15 14:46:05 raspi4 charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 09[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com'
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
Aug 15 14:46:05 raspi4 charon: 09[TLS] sending TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA'
Aug 15 14:46:05 raspi4 charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:05 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:05 raspi4 charon: 10[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 10[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes)
Aug 15 14:46:05 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:05 raspi4 charon: 11[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 11[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:05 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes)
Aug 15 14:46:05 raspi4 charon: 12[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 12[TLS] received TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com'
Aug 15 14:46:05 raspi4 charon: 12[CFG] using certificate "C=US, O=TNC Demo, CN=raspi3.example.com"
Aug 15 14:46:05 raspi4 charon: 12[CFG] using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
Aug 15 14:46:05 raspi4 charon: 12[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi3.example.com"
Aug 15 14:46:05 raspi4 charon: 12[CFG] certificate status is not available
Aug 15 14:46:05 raspi4 charon: 12[CFG] reached self-signed root ca with a path length of 0
Aug 15 14:46:05 raspi4 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/ID]
Aug 15 14:46:05 raspi4 charon: 12[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:05 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes)
Aug 15 14:46:05 raspi4 charon: 13[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/RES/ID]
Aug 15 14:46:05 raspi4 charon: 13[IKE] received EAP identity 'raspi3.example.com'
Aug 15 14:46:05 raspi4 charon: 13[IKE] phase2 method EAP_PT_EAP selected
Aug 15 14:46:05 raspi4 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:05 raspi4 charon: 13[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
Aug 15 14:46:05 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes)
Aug 15 14:46:05 raspi4 charon: 14[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi4 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:05 raspi4 charon: 14[TNC] assigned TNCCS Connection ID 1
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Aug 15 14:46:05 raspi4 charon: 14[IMV] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:05 raspi4 charon: 14[IMV] user AR identity 'raspi3.example.com' of type username authenticated by certificate
Aug 15 14:46:05 raspi4 charon: 14[IMV] machine AR identity '10.10.1.39' of type IPv4 address authenticated by unknown method
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" changed state of Connection ID 1 to 'Handshake'
Aug 15 14:46:05 raspi4 charon: 14[TNC] received TNCCS batch (283 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] TNC server is handling inbound connection
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:05 raspi4 charon: 14[TNC] PB-TNC state transition from 'Init' to 'Server Working'
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-Language-Preference message (31 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing IETF/PB-PA message (228 bytes)
Aug 15 14:46:05 raspi4 charon: 14[TNC] activating mutual PB-TNC half duplex protocol
Aug 15 14:46:05 raspi4 charon: 14[TNC] setting language preference to 'en'
Aug 15 14:46:05 raspi4 charon: 14[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:46:05 raspi4 charon: 14[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 1
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC message with ID 0x83cf019d
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Aug 15 14:46:05 raspi4 charon: 14[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system name is 'Debian' from vendor Debian Project
Aug 15 14:46:05 raspi4 charon: 14[IMV] operating system version is '7.8 armv7l'
Aug 15 14:46:05 raspi4 charon: 14[IMV] device ID is 565feb9e8462870dba884ce540a0768d68829873
Aug 15 14:46:05 raspi4 charon: 14[IMV] assigned session ID 3 to Connection ID 1
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: imv_policy_manager start successful
Aug 15 14:46:08 raspi4 charon: 14[IMV] policy: skipping enforcment 6
Aug 15 14:46:08 raspi4 charon: 14[IMV] FWDEN workitem 13
Aug 15 14:46:08 raspi4 charon: 14[IMV] FMETA workitem 14
Aug 15 14:46:08 raspi4 charon: 14[IMV] PCKGS workitem 15
Aug 15 14:46:08 raspi4 charon: 14[IMV] TCPOP workitem 16
Aug 15 14:46:08 raspi4 charon: 14[IMV] UDPOP workitem 17
Aug 15 14:46:08 raspi4 charon: 14[IMV] TPMRA workitem 18
Aug 15 14:46:08 raspi4 charon: 14[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 14[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC message with ID 0x42501f74
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 14[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 14[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding ITA-HSR/PB-Mutual-Capability message
Aug 15 14:46:08 raspi4 charon: 14[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 14[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 14[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes)
Aug 15 14:46:08 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:08 raspi4 charon: 15[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 15[TNC] received TNCCS batch (8 bytes)
Aug 15 14:46:08 raspi4 charon: 15[TNC] assigned TNCCS Connection ID 2
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK certificate from '/etc/pts/aik4Cert.der'
Aug 15 14:46:08 raspi4 charon: 15[PTS] loaded AIK Blob from '/etc/pts/aik4Blob.bin'
Aug 15 14:46:08 raspi4 charon: 15[PTS] AIK Blob: => 559 bytes @ 0x76f63000
Aug 15 14:46:08 raspi4 charon: 15[PTS] 0: 01 01 00 00 00 12 00 00 00 04 00 00 00 00 01 00 ................
Aug 15 14:46:08 raspi4 charon: 15[PTS] 16: 01 00 02 00 00 00 0C 00 00 08 00 00 00 00 02 00 ................
Aug 15 14:46:08 raspi4 charon: 15[PTS] 32: 00 00 00 00 00 00 00 00 00 01 00 93 3D 37 13 CE ............=7..
Aug 15 14:46:08 raspi4 charon: 15[PTS] 48: 29 34 86 C1 28 CE FC EB DA 46 98 4A 87 20 34 68 )4..(....F.J. 4h
Aug 15 14:46:08 raspi4 charon: 15[PTS] 64: 3E 62 4F 88 2D AC CC 70 03 33 41 6E 3B 31 D5 32 >bO.-..p.3An;1.2
Aug 15 14:46:08 raspi4 charon: 15[PTS] 80: 86 0E B2 D2 3D 6C 13 24 2E 66 80 D1 21 57 A8 B5 ....=l.$.f..!W..
Aug 15 14:46:08 raspi4 charon: 15[PTS] 96: EC 5E 2B FA 73 CE 25 3A 29 19 B6 37 5F 6A 40 48 .^+.s.%:)..7_j@H
Aug 15 14:46:08 raspi4 charon: 15[PTS] 112: D7 D4 94 41 20 28 69 63 D6 A1 62 7D 31 DF 73 80 ...A (ic..b}1.s.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 128: 75 2A 97 41 9C E7 F3 31 C6 82 04 61 27 D7 B4 CC u*.A...1...a'...
Aug 15 14:46:08 raspi4 charon: 15[PTS] 144: 41 1C BE CE AB 3C F7 EB 70 8A 1A 44 C6 4D 59 6D A....<..p..D.MYm
Aug 15 14:46:08 raspi4 charon: 15[PTS] 160: 05 74 11 54 FC 64 5E 21 42 B3 3C 9D 5E 77 A1 40 .t.T.d^!B.<.^w.@
Aug 15 14:46:08 raspi4 charon: 15[PTS] 176: AA 95 D3 27 66 00 46 9E AF F7 5E 75 A9 E0 16 BE ...'f.F...^u....
Aug 15 14:46:08 raspi4 charon: 15[PTS] 192: AA 2E 01 8E 63 EA FF 99 55 0F 5C 0C AE 7C AE 09 ....c...U.\..|..
Aug 15 14:46:08 raspi4 charon: 15[PTS] 208: 39 20 6D 8C 61 1F FC 83 DD E3 77 1C 26 CA 8E AB 9 m.a.....w.&...
Aug 15 14:46:08 raspi4 charon: 15[PTS] 224: 61 DF 57 7A 19 D5 99 70 19 DD 57 88 F1 D7 A5 D7 a.Wz...p..W.....
Aug 15 14:46:08 raspi4 charon: 15[PTS] 240: 90 10 50 4F D0 46 F8 69 9E FF AC 99 72 84 71 6F ..PO.F.i....r.qo
Aug 15 14:46:08 raspi4 charon: 15[PTS] 256: E7 37 9B D1 BF C1 39 C3 BE 69 C7 2B B2 59 51 4F .7....9..i.+.YQO
Aug 15 14:46:08 raspi4 charon: 15[PTS] 272: 49 57 6F E2 0F D2 9B 41 A3 E8 A7 28 4D 16 DD 64 IWo....A...(M..d
Aug 15 14:46:08 raspi4 charon: 15[PTS] 288: D5 96 6D 89 9E 67 96 BB 58 06 21 00 00 01 00 66 ..m..g..X.!....f
Aug 15 14:46:08 raspi4 charon: 15[PTS] 304: D6 7B F4 3B 7F 36 B6 82 25 E4 EA 20 E8 BD A0 4D .{.;.6..%.. ...M
Aug 15 14:46:08 raspi4 charon: 15[PTS] 320: 98 7B 96 7A 7D 05 8E 7C BB FD 3A CB 71 C6 F6 8C .{.z}..|..:.q...
Aug 15 14:46:08 raspi4 charon: 15[PTS] 336: A6 CE 59 A1 45 1F 8C DD B4 2F C4 3E 00 54 4E CA ..Y.E..../.>.TN.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 352: 73 AD A6 A5 7E 8E 0A 9D 95 80 C2 FF 0A 5C F4 EF s...~........\..
Aug 15 14:46:08 raspi4 charon: 15[PTS] 368: 3C 17 9F D4 57 DF 7B AA 40 B1 03 11 8B 25 17 3C <...W.{.@....%.<
Aug 15 14:46:08 raspi4 charon: 15[PTS] 384: BE 34 EC F2 E3 E6 8B F5 C6 57 62 F9 0A B9 50 39 .4.......Wb...P9
Aug 15 14:46:08 raspi4 charon: 15[PTS] 400: 73 ED 6D F3 64 E7 C9 C0 36 6F 2B 9C 25 CB A3 4D s.m.d...6o+.%..M
Aug 15 14:46:08 raspi4 charon: 15[PTS] 416: 99 E1 75 62 4B 3D 12 59 33 07 0D 67 7A 8D 67 50 ..ubK=.Y3..gz.gP
Aug 15 14:46:08 raspi4 charon: 15[PTS] 432: CC E8 CB 12 BD 20 6B 73 C3 5B D6 31 A9 9C 5A E5 ..... ks.[.1..Z.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 448: 41 E5 6D F4 69 A6 07 46 71 81 F5 3A 02 83 36 D1 A.m.i..Fq..:..6.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 464: 9E E8 9B 6B 72 B3 70 98 48 36 31 8C 21 99 A3 99 ...kr.p.H61.!...
Aug 15 14:46:08 raspi4 charon: 15[PTS] 480: 80 D9 83 A5 52 0D F7 83 6A 56 04 64 7E 7E C5 4B ....R...jV.d~~.K
Aug 15 14:46:08 raspi4 charon: 15[PTS] 496: 02 1F 5E 45 AC F9 28 3D 4C 10 2E CB 58 99 72 73 ..^E..(=L...X.rs
Aug 15 14:46:08 raspi4 charon: 15[PTS] 512: 99 43 4D 69 90 A7 47 E2 EF 51 F0 A0 14 C5 11 9F .CMi..G..Q......
Aug 15 14:46:08 raspi4 charon: 15[PTS] 528: 11 B0 3C FB 8E C2 31 F2 94 E3 53 77 15 31 57 C9 ..<...1...Sw.1W.
Aug 15 14:46:08 raspi4 charon: 15[PTS] 544: 7E DD FB 5E 6B DF 2D D9 0A B0 9C BA E8 22 9B ~..^k.-......".
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
Aug 15 14:46:08 raspi4 charon: 15[IMC] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 2 to 'Handshake'
Aug 15 14:46:08 raspi4 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 2 to 'Handshake'
Aug 15 14:46:08 raspi4 charon: 15[IMC] operating system numeric version is 7.8
Aug 15 14:46:08 raspi4 charon: 15[IMC] last boot: Aug 15 07:56:45 UTC 2015, 17363 s ago
Aug 15 14:46:08 raspi4 charon: 15[IMC] IPv4 forwarding is disabled
Aug 15 14:46:08 raspi4 charon: 15[IMC] factory default password is disabled
Aug 15 14:46:08 raspi4 charon: 15[IMC] loaded device public key from '/etc/pts/aik4Pub.der'
Aug 15 14:46:08 raspi4 charon: 15[IMC] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC message with ID 0x366c28ea
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 15[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Init' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 15[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 15[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 15[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-Language-Preference message
Aug 15 14:46:08 raspi4 charon: 15[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 15[TNC] sending PB-TNC CDATA batch (267 bytes) for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 15[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes)
Aug 15 14:46:08 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 16[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 16[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 16[TNC] received TNCCS batch (92 bytes)
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi4 charon: 16[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC message with ID 0x1d5fa63a
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Aug 15 14:46:08 raspi4 charon: 16[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 16[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi4 charon: 16[PTS] supported PTS protocol capabilities: .VDT.
Aug 15 14:46:08 raspi4 charon: 16[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles FMETA workitem 14
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 requests metadata for file '/etc/tnc_config'
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested
Aug 15 14:46:08 raspi4 charon: 16[IMV] IMV 1 handles TPMRA workitem 18
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC message with ID 0xaff3c130
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 16[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 16[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 16[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 16[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 16[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 16[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 16[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 05[ENC] parsed IKE_AUTH request 10 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 05[TNC] received TNCCS batch (92 bytes)
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi4 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC message with ID 0x918da8fe
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Aug 15 14:46:08 raspi4 charon: 05[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi4 charon: 05[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 05[IMC] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi4 charon: 05[PTS] supported PTS protocol capabilities: .VDT.
Aug 15 14:46:08 raspi4 charon: 05[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC message with ID 0xf94741eb
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 05[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 05[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 05[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi4 charon: 05[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 05[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 05[ENC] generating IKE_AUTH response 10 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes)
Aug 15 14:46:08 raspi4 charon: 06[ENC] parsed IKE_AUTH request 11 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 06[TNC] received TNCCS batch (226 bytes)
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing IETF/PB-PA message (218 bytes)
Aug 15 14:46:08 raspi4 charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC message with ID 0x5e3ee705
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Aug 15 14:46:08 raspi4 charon: 06[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi4 charon: 06[IMV] metadata request returned 1 file:
Aug 15 14:46:08 raspi4 charon: 06[IMV] 'tnc_config' (177 bytes) owner 0, group 0, type Regular
Aug 15 14:46:08 raspi4 charon: 06[IMV] created Jun 05 20:02:25 2015, modified Jun 05 20:02:25 2015, accessed Jun 05 20:02:25 2015
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:08 raspi4 charon: 06[PTS] selected PTS DH group is ECP_256
Aug 15 14:46:08 raspi4 charon: 06[PTS] nonce length is 20
Aug 15 14:46:08 raspi4 charon: 06[PTS] initiator nonce: => 20 bytes @ 0x1ab4f40
Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15 ......m...@..._.
Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: FB 4E 28 AD .N(.
Aug 15 14:46:08 raspi4 charon: 06[PTS] responder nonce: => 20 bytes @ 0x1aafba0
Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0 =.r9:....0..."..
Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: B6 D1 2A 01 ..*.
Aug 15 14:46:08 raspi4 charon: 06[PTS] shared DH secret: => 32 bytes @ 0x1ab3078
Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA _....9........:.
Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE .#...........QP.
Aug 15 14:46:08 raspi4 charon: 06[PTS] secret assessment value: => 20 bytes @ 0x1ab4f28
Aug 15 14:46:08 raspi4 charon: 06[PTS] 0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C ...p.x...y.]|..|
Aug 15 14:46:08 raspi4 charon: 06[PTS] 16: E0 E0 83 77 ...w
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC message with ID 0xd27d5b33
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 06[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 06[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 06[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 06[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 06[ENC] generating IKE_AUTH response 11 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes)
Aug 15 14:46:08 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi4 charon: 07[ENC] parsed IKE_AUTH request 12 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 07[TNC] received TNCCS batch (87 bytes)
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing IETF/PB-PA message (79 bytes)
Aug 15 14:46:08 raspi4 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC message with ID 0xda2a70e9
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Aug 15 14:46:08 raspi4 charon: 07[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi4 charon: 07[IMC] metadata request for file '/etc/tnc_config'
Aug 15 14:46:08 raspi4 charon: 07[PTS] selected PTS DH group is ECP_256
Aug 15 14:46:08 raspi4 charon: 07[PTS] nonce length is 20
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC message with ID 0x676268aa
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 07[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 07[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi4 charon: 07[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 07[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 2
Aug 15 14:46:08 raspi4 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 07[ENC] generating IKE_AUTH response 12 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes)
Aug 15 14:46:08 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes)
Aug 15 14:46:08 raspi4 charon: 08[ENC] parsed IKE_AUTH request 13 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi4 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi4 charon: 08[TNC] received TNCCS batch (902 bytes)
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PB-TNC CDATA batch for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing IETF/PB-PA message (894 bytes)
Aug 15 14:46:08 raspi4 charon: 08[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 08[IMV] IMV 1 "Attestation" received message for Connection ID 1 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC message with ID 0x641bcea1
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Aug 15 14:46:08 raspi4 charon: 08[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Aug 15 14:46:08 raspi4 charon: 08[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:08 raspi4 charon: 08[IMV] verifying AIK with keyid 56:5f:eb:9e:84:62:87:0d:ba:88:4c:e5:40:a0:76:8d:68:82:98:73
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK public key is trusted
Aug 15 14:46:08 raspi4 charon: 08[CFG] using trusted certificate "C=US, O=TNC Demo, CN=AIK CA"
Aug 15 14:46:08 raspi4 charon: 08[IMV] AIK certificate is trusted
Aug 15 14:46:08 raspi4 charon: 08[IMV] evidence request by
Aug 15 14:46:08 raspi4 charon: 08[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC message with ID 0xed256fac
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi4 charon: 08[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi4 charon: 08[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi4 charon: 08[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi4 charon: 08[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi4 charon: 08[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 1
Aug 15 14:46:08 raspi4 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi4 charon: 08[ENC] generating IKE_AUTH response 13 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:09 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes)
Aug 15 14:46:09 raspi4 charon: 09[ENC] parsed IKE_AUTH request 14 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:09 raspi4 charon: 09[TNC] received TNCCS batch (172 bytes)
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling inbound connection
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PB-TNC SDATA batch for Connection ID 2
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing IETF/PB-PA message (164 bytes)
Aug 15 14:46:09 raspi4 charon: 09[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi4 charon: 09[IMC] IMC 2 "Attestation" received message for Connection ID 2 from IMV 1
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC message with ID 0xe1b84e91
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:09 raspi4 charon: 09[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:09 raspi4 charon: 09[PTS] initiator nonce: => 20 bytes @ 0x1ab0dc0
Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A '.Q..f.T.W.I.*}:
Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: F1 38 81 26 .8.&
Aug 15 14:46:09 raspi4 charon: 09[PTS] responder nonce: => 20 bytes @ 0x1ab2e48
Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71 .H.R...n_..+..&q
Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 49 73 01 42 Is.B
Aug 15 14:46:09 raspi4 charon: 09[PTS] shared DH secret: => 32 bytes @ 0x1aac378
Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11 ......"..5..pA{.
Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1 .<.2.=..s2... ..
Aug 15 14:46:09 raspi4 charon: 09[PTS] secret assessment value: => 20 bytes @ 0x1ab0d20
Aug 15 14:46:09 raspi4 charon: 09[PTS] 0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F .........Q...;..
Aug 15 14:46:09 raspi4 charon: 09[PTS] 16: 68 50 6C DE hPl.
Aug 15 14:46:09 raspi4 charon: 09[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC message with ID 0x951e0284
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi4 charon: 09[TNC] TNC client is handling outbound connection
Aug 15 14:46:09 raspi4 charon: 09[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:09 raspi4 charon: 09[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:09 raspi4 charon: 09[TNC] adding IETF/PB-PA message
Aug 15 14:46:09 raspi4 charon: 09[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 2
Aug 15 14:46:09 raspi4 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:09 raspi4 charon: 09[ENC] generating IKE_AUTH response 14 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 09[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes)
Aug 15 14:46:09 raspi4 charon: 10[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 10[ENC] parsed IKE_AUTH request 15 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 10[ENC] generating IKE_AUTH response 15 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 10[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 11[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 11[ENC] parsed IKE_AUTH request 16 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 11[ENC] generating IKE_AUTH response 16 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 11[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 12[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 12[ENC] parsed IKE_AUTH request 17 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 12[ENC] generating IKE_AUTH response 17 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 12[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 13[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 13[ENC] parsed IKE_AUTH request 18 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 13[ENC] generating IKE_AUTH response 18 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 13[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi4 charon: 14[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi4 charon: 14[ENC] parsed IKE_AUTH request 19 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi4 charon: 14[ENC] generating IKE_AUTH response 19 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi4 charon: 14[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 15[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 15[ENC] parsed IKE_AUTH request 20 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 15[ENC] generating IKE_AUTH response 20 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 15[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 16[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 16[ENC] parsed IKE_AUTH request 21 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 16[ENC] generating IKE_AUTH response 21 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 16[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 05[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 05[ENC] parsed IKE_AUTH request 22 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 05[ENC] generating IKE_AUTH response 22 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 05[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 06[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 06[ENC] parsed IKE_AUTH request 23 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 06[ENC] generating IKE_AUTH response 23 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 06[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 07[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 07[ENC] parsed IKE_AUTH request 24 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 07[ENC] generating IKE_AUTH response 24 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 07[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 08[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 08[ENC] parsed IKE_AUTH request 25 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 08[ENC] generating IKE_AUTH response 25 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 08[NET] sending packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi4 charon: 09[NET] received packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi4 charon: 09[ENC] parsed IKE_AUTH request 26 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi4 charon: 09[ENC] generating IKE_AUTH response 26 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi4 charon: 09[NET] sending packet: [ Incomplete diff, document too large... ]