Version 12 - History - Endpoint Compliance via PT-TLS Protocol - strongSwan

Endpoint Compliance via PT-TLS Protocol » History » Version 12

Andreas Steffen, 16.08.2013 21:06

-Andreas Steffen
+h1. Endpoint Compliance via PT-TLS Protocol
 Andreas Steffen
-Andreas Steffen
+{{>toc}}
 Andreas Steffen
-Andreas Steffen
+h2. Starting the strongSwan Policy Decision Point (PDP)
 Andreas Steffen
-Andreas Steffen
+The strongSwan PDP starts and loads its server certificate and the client credentials
-Andreas Steffen
+<pre>
-Andreas Steffen
+[DMN] Starting IKE charon daemon (strongSwan 5.1.0, Linux 3.10.5, x86_64)
-Andreas Steffen
+[LIB] openssl FIPS mode(0) - disabled
-Andreas Steffen
+[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
-Andreas Steffen
+[CFG]   loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem'
-Andreas Steffen
+[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
-Andreas Steffen
+[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
-Andreas Steffen
+[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
-Andreas Steffen
+[CFG] loading crls from '/etc/ipsec.d/crls'
-Andreas Steffen
+[CFG] loading secrets from '/etc/ipsec.secrets'
-Andreas Steffen
+[CFG]   loaded RSA private key from '/etc/ipsec.d/private/aaaKey.pem'
-Andreas Steffen
+[CFG]   loaded EAP secret for carol
-Andreas Steffen
+[CFG]   loaded EAP secret for dave
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Next the OS and SWID IMVs are loaded
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] TNC recommendation policy is 'default'
-Andreas Steffen
+[TNC] loading IMVs from '/etc/tnc_config'
-Andreas Steffen
+[TNC] added IETF attributes
-Andreas Steffen
+[TNC] added ITA-HSR attributes
-Andreas Steffen
+[LIB] libimcv initialized
-Andreas Steffen
+[IMV] IMV 1 "OS" initialized
-Andreas Steffen
+[TNC] IMV 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[TNC] IMV 1 "OS" loaded from '/usr/local/lib/ipsec/imcvs/imv-os.so'
-Andreas Steffen
+[IMV] IMV 2 "SWID" initialized
-Andreas Steffen
+[TNC] added TCG attributes
-Andreas Steffen
+[LIB] libpts initialized
-Andreas Steffen
+[TNC] IMV 2 supports 1 message type: 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[TNC] IMV 2 "SWID" loaded from '/usr/local/lib/ipsec/imcvs/imv-swid.so'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PDP loads all plugins needed to communicate via its EAP-RADIUS and PT-TLS interfaces and spawns 16 worker threads
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IKE] eap method EAP_TTLS selected
-Andreas Steffen
+[LIB] loaded plugins: charon curl pem pkcs1 nonce x509 revocation openssl socket-default kernel-netlink stroke tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
-Andreas Steffen
+[JOB] spawning 16 worker threads
-Andreas Steffen
+[CFG] received stroke: add connection 'aaa'
-Andreas Steffen
+[CFG]   loaded certificate "C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" from 'aaaCert.pem'
-Andreas Steffen
+[CFG] added configuration 'aaa'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. PT-TLS Connection by Access Requestor "carol"
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] accepting PT-TLS stream from 192.168.0.100
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. TLS Connection Setup
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] entering PT-TLS negotiation phase
-Andreas Steffen
+[TLS] processing TLS Handshake record (176 bytes)
-Andreas Steffen
+[TLS] received TLS ClientHello handshake (172 bytes)
-Andreas Steffen
+[TLS] received TLS 'signature algorithms' extension
-Andreas Steffen
+[TLS] received TLS 'elliptic curves' extension
-Andreas Steffen
+[TLS] received TLS 'ec point formats' extension
-Andreas Steffen
+[TLS] received TLS 'server name' extension
-Andreas Steffen
+[TLS] received 28 TLS cipher suites:
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS] sending TLS ServerHello handshake (54 bytes)
-Andreas Steffen
+[TLS] sending TLS server certificate 'C=CH, O=Linux strongSwan, CN=aaa.strongswan.org'
-Andreas Steffen
+[TLS] sending TLS Certificate handshake (1066 bytes)
-Andreas Steffen
+[TLS] selected ECDH group SECP256R1
-Andreas Steffen
+[TLS] created signature with MD5/RSA
-Andreas Steffen
+[TLS] sending TLS ServerKeyExchange handshake (329 bytes)
-Andreas Steffen
+[TLS] sending TLS cert request for 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA'
-Andreas Steffen
+[TLS] sending TLS CertificateRequest handshake (102 bytes)
-Andreas Steffen
+[TLS] sending TLS ServerHelloDone handshake (0 bytes)
-Andreas Steffen
+[TLS] sending TLS Handshake record (1571 bytes)
-Andreas Steffen
+[TLS] processing TLS Handshake record (77 bytes)
-Andreas Steffen
+[TLS] received TLS Certificate handshake (3 bytes)
-Andreas Steffen
+[TLS] received TLS ClientKeyExchange handshake (66 bytes)
-Andreas Steffen
+[TLS] processing TLS ChangeCipherSpec record (1 bytes)
-Andreas Steffen
+[TLS] processing TLS Handshake record (64 bytes)
-Andreas Steffen
+[TLS] received TLS Finished handshake (12 bytes)
-Andreas Steffen
+[TLS] sending TLS ChangeCipherSpec record (1 bytes)
-Andreas Steffen
+[TLS] sending TLS Finished handshake (12 bytes)
-Andreas Steffen
+[TLS] sending TLS Handshake record (64 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. PT-TLS Negotiation
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #0 of type 'Version Request' (20 bytes)
-Andreas Steffen
+[TNC] sending PT-TLS message #0 of type 'Version Response' (20 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] negotiated PT-TLS version 1
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. SASL Password-based Client Authentication
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] doing SASL client authentication
-Andreas Steffen
+[TNC] offering SASL PLAIN
-Andreas Steffen
+[TNC] sending PT-TLS message #1 of type 'SASL Mechanisms' (22 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (80 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #1 of type 'SASL Mechanism Selection' (37 bytes)
-Andreas Steffen
+[TNC] client starts SASL PLAIN authentication
-Andreas Steffen
+[TNC] SASL PLAIN authentication successful
-Andreas Steffen
+[TNC] SASL client identity is 'carol'
-Andreas Steffen
+[TNC] sending PT-TLS message #2 of type 'SASL Result' (17 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] sending PT-TLS message #3 of type 'SASL Mechanisms' (16 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. IF-IMV 1.4 AR Identity
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] entering PT-TLS data transport phase
-Andreas Steffen
+[TNC] no PB-TNC batch to send
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (320 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #2 of type 'PB-TNC Batch' (275 bytes)
-Andreas Steffen
+[TNC] assigned TNCCS Connection ID 1
-Andreas Steffen
+[IMV] IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
-Andreas Steffen
+[IMV]   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+[IMV]   user AR identity 'carol' authenticated by password
-Andreas Steffen
+[IMV]   assigned session ID 2
-Andreas Steffen
+[IMV] IMV 2 "SWID" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
-Andreas Steffen
+[IMV]   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+[IMV]   user AR identity 'carol' authenticated by password
-Andreas Steffen
+[IMV]   assigned session ID 2
-Andreas Steffen
+[IMV] IMV 1 "OS" changed state of Connection ID 1 to 'Handshake'
-Andreas Steffen
+[IMV] IMV 2 "SWID" changed state of Connection ID 1 to 'Handshake'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] received TNCCS batch (259 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 259 bytes @ 0x6dcd80
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 01 03 00 00 00 00 00 00 00 06  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75  ....Accept-Langu
-Andreas Steffen
+[TNC]   32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00  age: en.........
-Andreas Steffen
+[TNC]   48: 00 00 DC 00 00 00 00 00 00 00 01 00 01 FF FF 01  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 B6 BB C4 99 00 00 00 00 00 00 00 02 00  ................
-Andreas Steffen
+[TNC]   80: 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00 00  ....%r..Debian..
-Andreas Steffen
+[TNC]   96: 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20 78  ...........7.0 x
-Andreas Steffen
+[TNC]  112: 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03 00  86_64...........
-Andreas Steffen
+[TNC]  128: 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[TNC]  144: 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24 03  ..............$.
-Andreas Steffen
+[TNC]  160: 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32 30  ...2013-08-15T20
-Andreas Steffen
+[TNC]  176: 3A 34 35 3A 30 36 5A 00 00 00 00 00 00 00 0B 00  :45:06Z.........
-Andreas Steffen
+[TNC]  192: 00 00 10 00 00 00 00 00 00 00 00 00 00 00 0C 00  ................
-Andreas Steffen
+[TNC]  208: 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08 00  ..........*.....
-Andreas Steffen
+[TNC]  224: 00 00 2C 37 37 38 31 62 33 38 39 34 66 30 31 66  ..,7781b3894f01f
-Andreas Steffen
+[TNC]  240: 34 30 62 38 36 35 64 33 38 36 36 35 31 37 30 32  40b865d386651702
-Andreas Steffen
+[TNC]  256: 65 30 62                                         e0b
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Init' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-Language-Preference message (31 bytes)
-Andreas Steffen
+[TNC] processing PB-PA message (220 bytes)
-Andreas Steffen
+[TNC] setting language preference to 'en'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[IMV] IMV 1 "OS" received message for Connection ID 1 from IMC 1
-Andreas Steffen
+[IMV] => 196 bytes @ 0x6ee790
-Andreas Steffen
+[IMV]    0: 01 00 00 00 B6 BB C4 99 00 00 00 00 00 00 00 02  ................
-Andreas Steffen
+[IMV]   16: 00 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00  .....%r..Debian.
-Andreas Steffen
+[IMV]   32: 00 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20  ............7.0
-Andreas Steffen
+[IMV]   48: 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03  x86_64..........
-Andreas Steffen
+[IMV]   64: 00 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[IMV]   80: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24  ...............$
-Andreas Steffen
+[IMV]   96: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[IMV]  112: 30 3A 34 35 3A 30 36 5A 00 00 00 00 00 00 00 0B  0:45:06Z........
-Andreas Steffen
+[IMV]  128: 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 0C  ................
-Andreas Steffen
+[IMV]  144: 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08  ...........*....
-Andreas Steffen
+[IMV]  160: 00 00 00 2C 37 37 38 31 62 33 38 39 34 66 30 31  ...,7781b3894f01
-Andreas Steffen
+[IMV]  176: 66 34 30 62 38 36 35 64 33 38 36 36 35 31 37 30  f40b865d38665170
-Andreas Steffen
+[IMV]  192: 32 65 30 62                                      2e0b
-Andreas Steffen
+[TNC] processing PA-TNC message with ID 0xb6bbc499
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
-Andreas Steffen
+[TNC] => 11 bytes @ 0x6ee7a4
-Andreas Steffen
+[TNC]    0: 00 25 72 00 00 44 65 62 69 61 6E                 .%r..Debian
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
-Andreas Steffen
+[TNC] => 13 bytes @ 0x6ee7bb
-Andreas Steffen
+[TNC]    0: 0A 37 2E 30 20 78 38 36 5F 36 34 00 00           .7.0 x86_64..
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
-Andreas Steffen
+[TNC] => 16 bytes @ 0x6ee7d4
-Andreas Steffen
+[TNC]    0: 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
-Andreas Steffen
+[TNC] => 24 bytes @ 0x6ee7f0
-Andreas Steffen
+[TNC]    0: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[TNC]   16: 30 3A 34 35 3A 30 36 5A                          0:45:06Z
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6ee814
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6ee824
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
-Andreas Steffen
+[TNC] => 32 bytes @ 0x6ee834
-Andreas Steffen
+[TNC]    0: 37 37 38 31 62 33 38 39 34 66 30 31 66 34 30 62  7781b3894f01f40b
-Andreas Steffen
+[TNC]   16: 38 36 35 64 33 38 36 36 35 31 37 30 32 65 30 62  865d386651702e0b
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Operating System Information
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] operating system name is 'Debian' from vendor Debian Project
-Andreas Steffen
+[IMV] operating system version is '7.0 x86_64'
-Andreas Steffen
+[IMV] operating system numeric version is 7.0
-Andreas Steffen
+[IMV] operational status: operational, result: successful
-Andreas Steffen
+[IMV] last boot: Aug 15 20:45:06 UTC 2013
-Andreas Steffen
+[IMV] IPv4 forwarding is disabled
-Andreas Steffen
+[IMV] factory default password is disabled
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Device Identity
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] device ID is 7781b3894f01f40b865d386651702e0b
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Policy Manager generating Workitem List
 Andreas Steffen
-Andreas Steffen
+This is strongSwan's proprietary Configuration Management Database (CMDB) interface. Based on historical client measurement data and a set of group policies the start script generates a list of measurement workitems. In our scenario only IPv4 forwarding and SWID tags are checked.
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] running policy script: 2>&1 TNC_SESSION_ID='2' ipsec imv_policy_manager start
-Andreas Steffen
+[IMV] policy: imv_policy_manager start successful
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 1 handles FWDEN workitem 3
-Andreas Steffen
+[IMV] IMV 1 handled FWDEN workitem 3: allow - forwarding not enabled
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0x13044192
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6e35f0
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[IMV] created PA-TNC message: => 24 bytes @ 0x6fba00
-Andreas Steffen
+[IMV]    0: 01 00 00 00 13 04 41 92 00 00 00 00 00 00 00 09  ......A.........
-Andreas Steffen
+[IMV]   16: 00 00 00 10 00 00 00 00                          ........
-Andreas Steffen
+[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Sending SWID Request
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 2 handles SWIDT workitem 6
-Andreas Steffen
+[IMV] IMV 2 issues SWID request 6
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0x6bc52772
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'TCG/SWID Request' 0x005597/0x00000011
-Andreas Steffen
+[TNC] => 12 bytes @ 0x7150a0
-Andreas Steffen
+[TNC]    0: 01 00 00 00 00 00 00 06 00 00 00 00              ............
-Andreas Steffen
+[IMV] created PA-TNC message: => 32 bytes @ 0x6ebcc0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 6B C5 27 72 00 00 55 97 00 00 00 11  ....k.'r..U.....
-Andreas Steffen
+[IMV]   16: 00 00 00 18 01 00 00 00 00 00 00 06 00 00 00 00  ................
-Andreas Steffen
+[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+[TNC] creating PB-TNC SDATA batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] sending PB-TNC SDATA batch (112 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 112 bytes @ 0x6fc950
-Andreas Steffen
+[TNC]    0: 02 80 00 02 00 00 00 70 80 00 00 00 00 00 00 01  .......p........
-Andreas Steffen
+[TNC]   16: 00 00 00 30 00 00 00 00 00 00 00 01 FF FF 00 01  ...0............
-Andreas Steffen
+[TNC]   32: 01 00 00 00 13 04 41 92 00 00 00 00 00 00 00 09  ......A.........
-Andreas Steffen
+[TNC]   48: 00 00 00 10 00 00 00 00 80 00 00 00 00 00 00 01  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 38 00 00 55 97 00 00 00 03 FF FF 00 02  ...8..U.........
-Andreas Steffen
+[TNC]   80: 01 00 00 00 6B C5 27 72 00 00 55 97 00 00 00 11  ....k.'r..U.....
-Andreas Steffen
+[TNC]   96: 00 00 00 18 01 00 00 00 00 00 00 06 00 00 00 00  ................
-Andreas Steffen
+[TNC] sending PT-TLS message #4 of type 'PB-TNC Batch' (128 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (176 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Receiving SWID Tag Identifier Inventory
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (176 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #3 of type 'PB-TNC Batch' (134 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (118 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 118 bytes @ 0x714f30
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 00 76 80 00 00 00 00 00 00 01  .......v........
-Andreas Steffen
+[TNC]   16: 00 00 00 6E 80 00 55 97 00 00 00 03 00 02 00 02  ...n..U.........
-Andreas Steffen
+[TNC]   32: 01 00 00 00 0C 84 EC 82 00 00 55 97 00 00 00 12  ..........U.....
-Andreas Steffen
+[TNC]   48: 00 00 00 4E 00 00 00 01 00 00 00 06 12 31 7A 21  ...N.........1z!
-Andreas Steffen
+[TNC]   64: 00 00 00 01 00 1C 72 65 67 69 64 2E 32 30 30 34  ......regid.2004
-Andreas Steffen
+[TNC]   80: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[TNC]   96: 61 6E 00 10 73 74 72 6F 6E 67 53 77 61 6E 2D 35  an..strongSwan-5
-Andreas Steffen
+[TNC]  112: 2D 31 2D 30 00 00                                -1-0..
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-PA message (110 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] handling PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[IMV] IMV 2 "SWID" received message for Connection ID 1 from IMC 2 to IMV 2
-Andreas Steffen
+[IMV] => 86 bytes @ 0x6fbdc0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 0C 84 EC 82 00 00 55 97 00 00 00 12  ..........U.....
-Andreas Steffen
+[IMV]   16: 00 00 00 4E 00 00 00 01 00 00 00 06 12 31 7A 21  ...N.........1z!
-Andreas Steffen
+[IMV]   32: 00 00 00 01 00 1C 72 65 67 69 64 2E 32 30 30 34  ......regid.2004
-Andreas Steffen
+[IMV]   48: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[IMV]   64: 61 6E 00 10 73 74 72 6F 6E 67 53 77 61 6E 2D 35  an..strongSwan-5
-Andreas Steffen
+[IMV]   80: 2D 31 2D 30 00 00                                -1-0..
-Andreas Steffen
+[TNC] processing PA-TNC message with ID 0x0c84ec82
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'TCG/SWID Tag Identifier Inventory' 0x005597/0x00000012
-Andreas Steffen
+[TNC] => 66 bytes @ 0x6fbdd4
-Andreas Steffen
+[TNC]    0: 00 00 00 01 00 00 00 06 12 31 7A 21 00 00 00 01  .........1z!....
-Andreas Steffen
+[TNC]   16: 00 1C 72 65 67 69 64 2E 32 30 30 34 2D 30 33 2E  ..regid.2004-03.
-Andreas Steffen
+[TNC]   32: 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 00 10  org.strongswan..
-Andreas Steffen
+[TNC]   48: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 31 2D 30  strongSwan-5-1-0
-Andreas Steffen
+[TNC]   64: 00 00                                            ..
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Human-Readable SWID Tag Identifiers
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] received SWID tag ID inventory for request 6 at eid 1 of epoch 0x12317a21
-Andreas Steffen
+[IMV]   regid.2004-03.org.strongswan_strongSwan-5-1-0.swidtag
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 2 handled SWIDT workitem 6: allow - received inventory of 1 SWID tag ID
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0x51257e2e
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+[TNC] => 4 bytes @ 0x6e9e50
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[IMV] created PA-TNC message: => 24 bytes @ 0x6ed440
-Andreas Steffen
+[IMV]    0: 01 00 00 00 51 25 7E 2E 00 00 00 00 00 00 00 09  ....Q%~.........
-Andreas Steffen
+[IMV]   16: 00 00 00 10 00 00 00 00                          ........
-Andreas Steffen
+[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[TNC] IMV 2 provides recommendation 'allow' and evaluation 'compliant'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Policy Manager integrating Measurement Results
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] running policy script: 2>&1 TNC_SESSION_ID='2' ipsec imv_policy_manager stop
-Andreas Steffen
+[IMV] policy: imv_policy_manager stop successful
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 1 "OS" changed state of Connection ID 1 to 'Allowed'
-Andreas Steffen
+[IMV] IMV 2 "SWID" changed state of Connection ID 1 to 'Allowed'
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
-Andreas Steffen
+[TNC] creating PB-TNC RESULT batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] adding PB-Assessment-Result message
-Andreas Steffen
+[TNC] adding PB-Access-Recommendation message
-Andreas Steffen
+[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 88 bytes @ 0x6ea730
-Andreas Steffen
+[TNC]    0: 02 80 00 03 00 00 00 58 80 00 00 00 00 00 00 01  .......X........
-Andreas Steffen
+[TNC]   16: 00 00 00 30 00 00 55 97 00 00 00 03 FF FF 00 02  ...0..U.........
-Andreas Steffen
+[TNC]   32: 01 00 00 00 51 25 7E 2E 00 00 00 00 00 00 00 09  ....Q%~.........
-Andreas Steffen
+[TNC]   48: 00 00 00 10 00 00 00 00 80 00 00 00 00 00 00 02  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 03  ................
-Andreas Steffen
+[TNC]   80: 00 00 00 10 00 00 00 01                          ........
-Andreas Steffen
+[TNC] sending PT-TLS message #5 of type 'PB-TNC Batch' (104 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (144 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3.  Closing PT-TLS Connection
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #4 of type 'PB-TNC Batch' (24 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (8 bytes) for Connection ID 1
-Andreas Steffen
+[TNC] => 8 bytes @ 0x7150a0
-Andreas Steffen
+[TNC]    0: 02 00 00 06 00 00 00 08                          ........
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Decided' to 'End'
-Andreas Steffen
+[TNC] processing PB-TNC CLOSE batch
-Andreas Steffen
+[TNC] final recommendation is 'allow' and evaluation is 'compliant'
-Andreas Steffen
+[TNC] PT-TLS connection terminates
-Andreas Steffen
+[IMV] IMV 1 "OS" deleted the state of Connection ID 1
-Andreas Steffen
+[IMV] IMV 2 "SWID" deleted the state of Connection ID 1
-Andreas Steffen
+[TNC] removed TNCCS Connection ID 1
-Andreas Steffen
+[TLS] sending TLS close notify
-Andreas Steffen
+[TLS] sending TLS Alert record (48 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. PT-TLS Connection by Access Requestor "dave"
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] accepting PT-TLS stream from 192.168.0.200
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. TLS Connection Setup
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] entering PT-TLS negotiation phase
-Andreas Steffen
+[TLS] processing TLS Handshake record (176 bytes)
-Andreas Steffen
+[TLS] received TLS ClientHello handshake (172 bytes)
-Andreas Steffen
+[TLS] received TLS 'signature algorithms' extension
-Andreas Steffen
+[TLS] received TLS 'elliptic curves' extension
-Andreas Steffen
+[TLS] received TLS 'ec point formats' extension
-Andreas Steffen
+[TLS] received TLS 'server name' extension
-Andreas Steffen
+[TLS] received 28 TLS cipher suites:
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_AES_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
-Andreas Steffen
+[TLS]   TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS]   TLS_RSA_WITH_3DES_EDE_CBC_SHA
-Andreas Steffen
+[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+[TLS] sending TLS ServerHello handshake (54 bytes)
-Andreas Steffen
+[TLS] sending TLS server certificate 'C=CH, O=Linux strongSwan, CN=aaa.strongswan.org'
-Andreas Steffen
+[TLS] sending TLS Certificate handshake (1066 bytes)
-Andreas Steffen
+[TLS] selected ECDH group SECP256R1
-Andreas Steffen
+[TLS] created signature with MD5/RSA
-Andreas Steffen
+[TLS] sending TLS ServerKeyExchange handshake (329 bytes)
-Andreas Steffen
+[TLS] sending TLS cert request for 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA'
-Andreas Steffen
+[TLS] sending TLS CertificateRequest handshake (102 bytes)
-Andreas Steffen
+[TLS] sending TLS ServerHelloDone handshake (0 bytes)
-Andreas Steffen
+[TLS] sending TLS Handshake record (1571 bytes)
-Andreas Steffen
+[TLS] processing TLS Handshake record (1406 bytes)
-Andreas Steffen
+[TLS] received TLS Certificate handshake (1068 bytes)
-Andreas Steffen
+[TLS] received TLS peer certificate 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org'
-Andreas Steffen
+[TLS] received TLS ClientKeyExchange handshake (66 bytes)
-Andreas Steffen
+[TLS] received TLS CertificateVerify handshake (260 bytes)
-Andreas Steffen
+[CFG]   using certificate "C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org"
-Andreas Steffen
+[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
-Andreas Steffen
+[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org"
-Andreas Steffen
+[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan.crl' ...
-Andreas Steffen
+[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
-Andreas Steffen
+[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
-Andreas Steffen
+[CFG]   crl is valid: until Sep 14 20:44:55 2013
-Andreas Steffen
+[CFG] certificate status is good
-Andreas Steffen
+[CFG]   reached self-signed root ca with a path length of 0
-Andreas Steffen
+[TLS] verified signature with SHA1/RSA
-Andreas Steffen
+[TLS] processing TLS ChangeCipherSpec record (1 bytes)
-Andreas Steffen
+[TLS] processing TLS Handshake record (64 bytes)
-Andreas Steffen
+[TLS] received TLS Finished handshake (12 bytes)
-Andreas Steffen
+[TLS] sending TLS ChangeCipherSpec record (1 bytes)
-Andreas Steffen
+[TLS] sending TLS Finished handshake (12 bytes)
-Andreas Steffen
+[TLS] sending TLS Handshake record (64 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. PT-TLS Negotiation
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #0 of type 'Version Request' (20 bytes)
-Andreas Steffen
+[TNC] sending PT-TLS message #0 of type 'Version Response' (20 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] negotiated PT-TLS version 1
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. TLS Certificate-based Client Authentication
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] doing SASL client authentication
-Andreas Steffen
+[TNC] skipping SASL, client already authenticated by TLS certificate
-Andreas Steffen
+[TNC] sending PT-TLS message #1 of type 'SASL Mechanisms' (16 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (64 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
 Andreas Steffen
-Andreas Steffen
+h3. IF-IMV 1.4 AR Identity
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] entering PT-TLS data transport phase
-Andreas Steffen
+[TNC] no PB-TNC batch to send
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (96 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #1 of type 'PB-TNC Batch' (55 bytes)
-Andreas Steffen
+[TNC] assigned TNCCS Connection ID 2
-Andreas Steffen
+[IMV] IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
-Andreas Steffen
+[IMV]   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+[IMV]   user AR identity 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' authenticated by certificate
-Andreas Steffen
+[IMV]   assigned session ID 3
-Andreas Steffen
+[IMV] IMV 2 "SWID" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
-Andreas Steffen
+[IMV]   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+[IMV]   user AR identity 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' authenticated by certificate
-Andreas Steffen
+[IMV]   assigned session ID 3
-Andreas Steffen
+[IMV] IMV 1 "OS" changed state of Connection ID 2 to 'Handshake'
-Andreas Steffen
+[IMV] IMV 2 "SWID" changed state of Connection ID 2 to 'Handshake'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] received TNCCS batch (39 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 39 bytes @ 0x6e87f0
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 00 27 00 00 00 00 00 00 00 06  .......'........
-Andreas Steffen
+[TNC]   16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75  ....Accept-Langu
-Andreas Steffen
+[TNC]   32: 61 67 65 3A 20 65 6E                             age: en
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Init' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-Language-Preference message (31 bytes)
-Andreas Steffen
+[TNC] setting language preference to 'en'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0xdf43848c
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Attribute Request' 0x000000/0x00000001
-Andreas Steffen
+[TNC] => 56 bytes @ 0x6ec8d0
-Andreas Steffen
+[TNC]    0: 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 04  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 05  ................
-Andreas Steffen
+[TNC]   32: 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 0C  ................
-Andreas Steffen
+[TNC]   48: 00 00 90 2A 00 00 00 08                          ...*....
-Andreas Steffen
+[IMV] created PA-TNC message: => 76 bytes @ 0x739a80
-Andreas Steffen
+[IMV]    0: 01 00 00 00 DF 43 84 8C 00 00 00 00 00 00 00 01  .....C..........
-Andreas Steffen
+[IMV]   16: 00 00 00 44 00 00 00 00 00 00 00 02 00 00 00 00  ...D............
-Andreas Steffen
+[IMV]   32: 00 00 00 04 00 00 00 00 00 00 00 03 00 00 00 00  ................
-Andreas Steffen
+[IMV]   48: 00 00 00 05 00 00 00 00 00 00 00 0B 00 00 00 00  ................
-Andreas Steffen
+[IMV]   64: 00 00 00 0C 00 00 90 2A 00 00 00 08              .......*....
-Andreas Steffen
+[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+[TNC] creating PB-TNC SDATA batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] sending PB-TNC SDATA batch (108 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 108 bytes @ 0x6e7820
-Andreas Steffen
+[TNC]    0: 02 80 00 02 00 00 00 6C 80 00 00 00 00 00 00 01  .......l........
-Andreas Steffen
+[TNC]   16: 00 00 00 64 00 00 00 00 00 00 00 01 FF FF 00 01  ...d............
-Andreas Steffen
+[TNC]   32: 01 00 00 00 DF 43 84 8C 00 00 00 00 00 00 00 01  .....C..........
-Andreas Steffen
+[TNC]   48: 00 00 00 44 00 00 00 00 00 00 00 02 00 00 00 00  ...D............
-Andreas Steffen
+[TNC]   64: 00 00 00 04 00 00 00 00 00 00 00 03 00 00 00 00  ................
-Andreas Steffen
+[TNC]   80: 00 00 00 05 00 00 00 00 00 00 00 0B 00 00 00 00  ................
-Andreas Steffen
+[TNC]   96: 00 00 00 0C 00 00 90 2A 00 00 00 08              .......*....
-Andreas Steffen
+[TNC] sending PT-TLS message #2 of type 'PB-TNC Batch' (124 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (176 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (288 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #2 of type 'PB-TNC Batch' (244 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (228 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 228 bytes @ 0x714a00
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 00 E4 80 00 00 00 00 00 00 01  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 DC 80 00 00 00 00 00 00 01 00 01 00 01  ................
-Andreas Steffen
+[TNC]   32: 01 00 00 00 D5 CA 70 3D 00 00 00 00 00 00 00 02  ......p=........
-Andreas Steffen
+[TNC]   48: 00 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00  .....%r..Debian.
-Andreas Steffen
+[TNC]   64: 00 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20  ............7.0
-Andreas Steffen
+[TNC]   80: 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03  x86_64..........
-Andreas Steffen
+[TNC]   96: 00 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[TNC]  112: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24  ...............$
-Andreas Steffen
+[TNC]  128: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[TNC]  144: 30 3A 34 35 3A 30 37 5A 00 00 00 00 00 00 00 0B  0:45:07Z........
-Andreas Steffen
+[TNC]  160: 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 0C  ................
-Andreas Steffen
+[TNC]  176: 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08  ...........*....
-Andreas Steffen
+[TNC]  192: 00 00 00 2C 61 61 62 62 63 63 64 64 65 65 66 66  ...,aabbccddeeff
-Andreas Steffen
+[TNC]  208: 31 31 32 32 33 33 34 34 35 35 36 36 37 37 38 38  1122334455667788
-Andreas Steffen
+[TNC]  224: 39 39 30 30                                      9900
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-PA message (220 bytes)
-Andreas Steffen
+[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[IMV] IMV 1 "OS" received message for Connection ID 2 from IMC 1 to IMV 1
-Andreas Steffen
+[IMV] => 196 bytes @ 0x738ac0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 D5 CA 70 3D 00 00 00 00 00 00 00 02  ......p=........
-Andreas Steffen
+[IMV]   16: 00 00 00 17 00 25 72 00 00 44 65 62 69 61 6E 00  .....%r..Debian.
-Andreas Steffen
+[IMV]   32: 00 00 00 00 00 00 04 00 00 00 19 0A 37 2E 30 20  ............7.0
-Andreas Steffen
+[IMV]   48: 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 00 03  x86_64..........
-Andreas Steffen
+[IMV]   64: 00 00 00 1C 00 00 00 07 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[IMV]   80: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 24  ...............$
-Andreas Steffen
+[IMV]   96: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[IMV]  112: 30 3A 34 35 3A 30 37 5A 00 00 00 00 00 00 00 0B  0:45:07Z........
-Andreas Steffen
+[IMV]  128: 00 00 00 10 00 00 00 01 00 00 00 00 00 00 00 0C  ................
-Andreas Steffen
+[IMV]  144: 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 00 08  ...........*....
-Andreas Steffen
+[IMV]  160: 00 00 00 2C 61 61 62 62 63 63 64 64 65 65 66 66  ...,aabbccddeeff
-Andreas Steffen
+[IMV]  176: 31 31 32 32 33 33 34 34 35 35 36 36 37 37 38 38  1122334455667788
-Andreas Steffen
+[IMV]  192: 39 39 30 30                                      9900
-Andreas Steffen
+[TNC] processing PA-TNC message with ID 0xd5ca703d
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
-Andreas Steffen
+[TNC] => 11 bytes @ 0x738ad4
-Andreas Steffen
+[TNC]    0: 00 25 72 00 00 44 65 62 69 61 6E                 .%r..Debian
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
-Andreas Steffen
+[TNC] => 13 bytes @ 0x738aeb
-Andreas Steffen
+[TNC]    0: 0A 37 2E 30 20 78 38 36 5F 36 34 00 00           .7.0 x86_64..
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
-Andreas Steffen
+[TNC] => 16 bytes @ 0x738b04
-Andreas Steffen
+[TNC]    0: 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00  ................
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
-Andreas Steffen
+[TNC] => 24 bytes @ 0x738b20
-Andreas Steffen
+[TNC]    0: 03 01 00 00 32 30 31 33 2D 30 38 2D 31 35 54 32  ....2013-08-15T2
-Andreas Steffen
+[TNC]   16: 30 3A 34 35 3A 30 37 5A                          0:45:07Z
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
-Andreas Steffen
+[TNC] => 4 bytes @ 0x738b44
-Andreas Steffen
+[TNC]    0: 00 00 00 01                                      ....
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
-Andreas Steffen
+[TNC] => 4 bytes @ 0x738b54
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
-Andreas Steffen
+[TNC] => 32 bytes @ 0x738b64
-Andreas Steffen
+[TNC]    0: 61 61 62 62 63 63 64 64 65 65 66 66 31 31 32 32  aabbccddeeff1122
-Andreas Steffen
+[TNC]   16: 33 33 34 34 35 35 36 36 37 37 38 38 39 39 30 30  3344556677889900
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Operating System Information
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] operating system name is 'Debian' from vendor Debian Project
-Andreas Steffen
+[IMV] operating system version is '7.0 x86_64'
-Andreas Steffen
+[IMV] operating system numeric version is 7.0
-Andreas Steffen
+[IMV] operational status: operational, result: successful
-Andreas Steffen
+[IMV] last boot: Aug 15 20:45:07 UTC 2013
-Andreas Steffen
+[IMV] IPv4 forwarding is enabled
-Andreas Steffen
+[IMV] factory default password is disabled
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Device Identity
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] device ID is aabbccddeeff11223344556677889900
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Policy Manager generating Workitem List
 Andreas Steffen
-Andreas Steffen
+This is strongSwan's proprietary Configuration Management Database (CMDB) interface. Based on historical client measurement data and a set of group policies the start script generates a list of measurement workitems. In our scenario only IPv4 forwarding and SWID tags are checked.
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] running policy script: 2>&1 TNC_SESSION_ID='3' ipsec imv_policy_manager start
-Andreas Steffen
+[IMV] policy: imv_policy_manager start successful
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 1 handles FWDEN workitem 9
-Andreas Steffen
+[IMV] IMV 1 handled FWDEN workitem 9: isolate - forwarding enabled
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0xa039bf34
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+[TNC] => 4 bytes @ 0x653880
-Andreas Steffen
+[TNC]    0: 00 00 00 02                                      ....
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Remediation Instructions' 0x000000/0x0000000a
-Andreas Steffen
+[TNC] => 81 bytes @ 0x73fad0
-Andreas Steffen
+[TNC]    0: 00 00 00 00 00 00 00 02 00 00 00 42 49 50 20 50  ...........BIP P
-Andreas Steffen
+[TNC]   16: 61 63 6B 65 74 20 46 6F 72 77 61 72 64 69 6E 67  acket Forwarding
-Andreas Steffen
+[TNC]   32: 0A 20 20 50 6C 65 61 73 65 20 64 69 73 61 62 6C  .  Please disabl
-Andreas Steffen
+[TNC]   48: 65 20 74 68 65 20 66 6F 72 77 61 72 64 69 6E 67  e the forwarding
-Andreas Steffen
+[TNC]   64: 20 6F 66 20 49 50 20 70 61 63 6B 65 74 73 02 65   of IP packets.e
-Andreas Steffen
+[TNC]   80: 6E                                               n
-Andreas Steffen
+[IMV] created PA-TNC message: => 117 bytes @ 0x73b730
-Andreas Steffen
+[IMV]    0: 01 00 00 00 A0 39 BF 34 00 00 00 00 00 00 00 09  .....9.4........
-Andreas Steffen
+[IMV]   16: 00 00 00 10 00 00 00 02 00 00 00 00 00 00 00 0A  ................
-Andreas Steffen
+[IMV]   32: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42  ...]...........B
-Andreas Steffen
+[IMV]   48: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72  IP Packet Forwar
-Andreas Steffen
+[IMV]   64: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69  ding.  Please di
-Andreas Steffen
+[IMV]   80: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72  sable the forwar
-Andreas Steffen
+[IMV]   96: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65  ding of IP packe
-Andreas Steffen
+[IMV]  112: 74 73 02 65 6E                                   ts.en
-Andreas Steffen
+[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+[TNC] IMV 1 is setting reason string to 'Improper OS settings were detected'
-Andreas Steffen
+[TNC] IMV 1 is setting reason language to 'en'
-Andreas Steffen
+[TNC] IMV 1 provides recommendation 'isolate' and evaluation 'non-compliant major'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Sending SWID Request
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 2 handles SWIDT workitem 11
-Andreas Steffen
+[IMV] IMV 2 issues SWID request 11
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0x0d065bfe
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'TCG/SWID Request' 0x005597/0x00000011
-Andreas Steffen
+[TNC] => 12 bytes @ 0x736d60
-Andreas Steffen
+[TNC]    0: 00 00 00 00 00 00 00 0B 00 00 00 00              ............
-Andreas Steffen
+[IMV] created PA-TNC message: => 32 bytes @ 0x6dcfe0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 0D 06 5B FE 00 00 55 97 00 00 00 11  ......[...U.....
-Andreas Steffen
+[IMV]   16: 00 00 00 18 00 00 00 00 00 00 00 0B 00 00 00 00  ................
-Andreas Steffen
+[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+[TNC] creating PB-TNC SDATA batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] sending PB-TNC SDATA batch (205 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 205 bytes @ 0x6eb0d0
-Andreas Steffen
+[TNC]    0: 02 80 00 02 00 00 00 CD 80 00 00 00 00 00 00 01  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 8D 00 00 00 00 00 00 00 01 FF FF 00 01  ................
-Andreas Steffen
+[TNC]   32: 01 00 00 00 A0 39 BF 34 00 00 00 00 00 00 00 09  .....9.4........
-Andreas Steffen
+[TNC]   48: 00 00 00 10 00 00 00 02 00 00 00 00 00 00 00 0A  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42  ...]...........B
-Andreas Steffen
+[TNC]   80: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72  IP Packet Forwar
-Andreas Steffen
+[TNC]   96: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69  ding.  Please di
-Andreas Steffen
+[TNC]  112: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72  sable the forwar
-Andreas Steffen
+[TNC]  128: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65  ding of IP packe
-Andreas Steffen
+[TNC]  144: 74 73 02 65 6E 80 00 00 00 00 00 00 01 00 00 00  ts.en...........
-Andreas Steffen
+[TNC]  160: 38 00 00 55 97 00 00 00 03 FF FF 00 02 01 00 00  8..U............
-Andreas Steffen
+[TNC]  176: 00 0D 06 5B FE 00 00 55 97 00 00 00 11 00 00 00  ...[...U........
-Andreas Steffen
+[TNC]  192: 18 00 00 00 00 00 00 00 0B 00 00 00 00           .............
-Andreas Steffen
+[TNC] sending PT-TLS message #3 of type 'PB-TNC Batch' (221 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (272 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (1056 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #3 of type 'PB-TNC Batch' (1017 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (1001 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 1001 bytes @ 0x7375e0
-Andreas Steffen
+[TNC]    0: 02 00 00 01 00 00 03 E9 80 00 00 00 00 00 00 01  ................
-Andreas Steffen
+[TNC]   16: 00 00 03 E1 80 00 55 97 00 00 00 03 00 02 00 02  ......U.........
-Andreas Steffen
+[TNC]   32: 01 00 00 00 8B B5 06 A6 00 00 55 97 00 00 00 14  ..........U.....
-Andreas Steffen
+[TNC]   48: 00 00 03 C1 00 00 00 01 00 00 00 0B C2 7A D3 9D  .............z..
-Andreas Steffen
+[TNC]   64: 00 00 00 01 00 00 00 00 03 9F 3C 3F 78 6D 6C 20  ..........<?xml
-Andreas Steffen
+[TNC]   80: 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65 6E  version="1.0" en
-Andreas Steffen
+[TNC]   96: 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F 3E  coding="utf-8"?>
-Andreas Steffen
+[TNC]  112: 0A 3C 73 6F 66 74 77 61 72 65 5F 69 64 65 6E 74  .<software_ident
-Andreas Steffen
+[TNC]  128: 69 66 69 63 61 74 69 6F 6E 5F 74 61 67 20 78 6D  ification_tag xm
-Andreas Steffen
+[TNC]  144: 6C 6E 73 3D 22 68 74 74 70 3A 2F 2F 73 74 61 6E  lns="http://stan
-Andreas Steffen
+[TNC]  160: 64 61 72 64 73 2E 69 73 6F 2E 6F 72 67 2F 69 73  dards.iso.org/is
-Andreas Steffen
+[TNC]  176: 6F 2F 31 39 37 37 30 2F 2D 32 2F 32 30 30 39 2F  o/19770/-2/2009/
-Andreas Steffen
+[TNC]  192: 73 63 68 65 6D 61 2E 78 73 64 22 3E 0A 3C 65 6E  schema.xsd">.<en
-Andreas Steffen
+[TNC]  208: 74 69 74 6C 65 6D 65 6E 74 5F 72 65 71 75 69 72  titlement_requir
-Andreas Steffen
+[TNC]  224: 65 64 5F 69 6E 64 69 63 61 74 6F 72 3E 74 72 75  ed_indicator>tru
-Andreas Steffen
+[TNC]  240: 65 3C 2F 65 6E 74 69 74 6C 65 6D 65 6E 74 5F 72  e</entitlement_r
-Andreas Steffen
+[TNC]  256: 65 71 75 69 72 65 64 5F 69 6E 64 69 63 61 74 6F  equired_indicato
-Andreas Steffen
+[TNC]  272: 72 3E 0A 3C 70 72 6F 64 75 63 74 5F 74 69 74 6C  r>.<product_titl
-Andreas Steffen
+[TNC]  288: 65 3E 73 74 72 6F 6E 67 53 77 61 6E 3C 2F 70 72  e>strongSwan</pr
-Andreas Steffen
+[TNC]  304: 6F 64 75 63 74 5F 74 69 74 6C 65 3E 0A 3C 70 72  oduct_title>.<pr
-Andreas Steffen
+[TNC]  320: 6F 64 75 63 74 5F 76 65 72 73 69 6F 6E 3E 0A 20  oduct_version>.
-Andreas Steffen
+[TNC]  336: 20 3C 6E 61 6D 65 3E 35 2E 31 2E 31 64 72 31 3C   <name>5.1.1dr1<
-Andreas Steffen
+[TNC]  352: 2F 6E 61 6D 65 3E 0A 20 20 3C 6E 75 6D 65 72 69  /name>.  <numeri
-Andreas Steffen
+[TNC]  368: 63 3E 0A 20 20 20 20 3C 6D 61 6A 6F 72 3E 35 3C  c>.    <major>5<
-Andreas Steffen
+[TNC]  384: 2F 6D 61 6A 6F 72 3E 0A 20 20 20 20 3C 6D 69 6E  /major>.    <min
-Andreas Steffen
+[TNC]  400: 6F 72 3E 31 3C 2F 6D 69 6E 6F 72 3E 0A 20 20 20  or>1</minor>.
-Andreas Steffen
+[TNC]  416: 20 3C 62 75 69 6C 64 3E 30 3C 2F 62 75 69 6C 64   <build>0</build
-Andreas Steffen
+[TNC]  432: 3E 0A 20 20 20 20 3C 72 65 76 69 65 77 3E 3C 2F  >.    <review></
-Andreas Steffen
+[TNC]  448: 72 65 76 69 65 77 3E 0A 20 20 3C 2F 6E 75 6D 65  review>.  </nume
-Andreas Steffen
+[TNC]  464: 72 69 63 3E 0A 3C 2F 70 72 6F 64 75 63 74 5F 76  ric>.</product_v
-Andreas Steffen
+[TNC]  480: 65 72 73 69 6F 6E 3E 0A 3C 73 6F 66 74 77 61 72  ersion>.<softwar
-Andreas Steffen
+[TNC]  496: 65 5F 63 72 65 61 74 6F 72 3E 0A 20 20 3C 6E 61  e_creator>.  <na
-Andreas Steffen
+[TNC]  512: 6D 65 3E 73 74 72 6F 6E 67 53 77 61 6E 20 50 72  me>strongSwan Pr
-Andreas Steffen
+[TNC]  528: 6F 6A 65 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 3C  oject</name>.  <
-Andreas Steffen
+[TNC]  544: 72 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34  regid>regid.2004
-Andreas Steffen
+[TNC]  560: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[TNC]  576: 61 6E 3C 2F 72 65 67 69 64 3E 0A 3C 2F 73 6F 66  an</regid>.</sof
-Andreas Steffen
+[TNC]  592: 74 77 61 72 65 5F 63 72 65 61 74 6F 72 3E 0A 3C  tware_creator>.<
-Andreas Steffen
+[TNC]  608: 73 6F 66 74 77 61 72 65 5F 6C 69 63 65 6E 73 6F  software_licenso
-Andreas Steffen
+[TNC]  624: 72 3E 0A 20 20 3C 6E 61 6D 65 3E 73 74 72 6F 6E  r>.  <name>stron
-Andreas Steffen
+[TNC]  640: 67 53 77 61 6E 20 50 72 6F 6A 65 63 74 3C 2F 6E  gSwan Project</n
-Andreas Steffen
+[TNC]  656: 61 6D 65 3E 0A 20 20 3C 72 65 67 69 64 3E 72 65  ame>.  <regid>re
-Andreas Steffen
+[TNC]  672: 67 69 64 2E 32 30 30 34 2D 30 33 2E 6F 72 67 2E  gid.2004-03.org.
-Andreas Steffen
+[TNC]  688: 73 74 72 6F 6E 67 73 77 61 6E 3C 2F 72 65 67 69  strongswan</regi
-Andreas Steffen
+[TNC]  704: 64 3E 0A 3C 2F 73 6F 66 74 77 61 72 65 5F 6C 69  d>.</software_li
-Andreas Steffen
+[TNC]  720: 63 65 6E 73 6F 72 3E 0A 3C 73 6F 66 74 77 61 72  censor>.<softwar
-Andreas Steffen
+[TNC]  736: 65 5F 69 64 3E 0A 20 20 3C 75 6E 69 71 75 65 5F  e_id>.  <unique_
-Andreas Steffen
+[TNC]  752: 69 64 3E 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D  id>strongSwan-5-
-Andreas Steffen
+[TNC]  768: 31 2D 30 3C 2F 75 6E 69 71 75 65 5F 69 64 3E 0A  1-0</unique_id>.
-Andreas Steffen
+[TNC]  784: 20 20 3C 74 61 67 5F 63 72 65 61 74 6F 72 5F 72    <tag_creator_r
-Andreas Steffen
+[TNC]  800: 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34 2D  egid>regid.2004-
-Andreas Steffen
+[TNC]  816: 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61  03.org.strongswa
-Andreas Steffen
+[TNC]  832: 6E 3C 2F 74 61 67 5F 63 72 65 61 74 6F 72 5F 72  n</tag_creator_r
-Andreas Steffen
+[TNC]  848: 65 67 69 64 3E 0A 3C 2F 73 6F 66 74 77 61 72 65  egid>.</software
-Andreas Steffen
+[TNC]  864: 5F 69 64 3E 0A 3C 74 61 67 5F 63 72 65 61 74 6F  _id>.<tag_creato
-Andreas Steffen
+[TNC]  880: 72 3E 0A 20 20 3C 6E 61 6D 65 3E 73 74 72 6F 6E  r>.  <name>stron
-Andreas Steffen
+[TNC]  896: 67 53 77 61 6E 3C 2F 6E 61 6D 65 3E 0A 20 20 3C  gSwan</name>.  <
-Andreas Steffen
+[TNC]  912: 72 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34  regid>regid.2004
-Andreas Steffen
+[TNC]  928: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[TNC]  944: 61 6E 3C 2F 72 65 67 69 64 3E 0A 3C 2F 74 61 67  an</regid>.</tag
-Andreas Steffen
+[TNC]  960: 5F 63 72 65 61 74 6F 72 3E 0A 3C 2F 73 6F 66 74  _creator>.</soft
-Andreas Steffen
+[TNC]  976: 77 61 72 65 5F 69 64 65 6E 74 69 66 69 63 61 74  ware_identificat
-Andreas Steffen
+[TNC]  992: 69 6F 6E 5F 74 61 67 3E 0A                       ion_tag>.
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+[TNC] processing PB-TNC CDATA batch
-Andreas Steffen
+[TNC] processing PB-PA message (993 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Receiving SWID Tag Inventory
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] handling PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[IMV] IMV 2 "SWID" received message for Connection ID 2 from IMC 2 to IMV 2
-Andreas Steffen
+[IMV] => 969 bytes @ 0x6ef040
-Andreas Steffen
+[IMV]    0: 01 00 00 00 8B B5 06 A6 00 00 55 97 00 00 00 14  ..........U.....
-Andreas Steffen
+[IMV]   16: 00 00 03 C1 00 00 00 01 00 00 00 0B C2 7A D3 9D  .............z..
-Andreas Steffen
+[IMV]   32: 00 00 00 01 00 00 00 00 03 9F 3C 3F 78 6D 6C 20  ..........<?xml
-Andreas Steffen
+[IMV]   48: 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65 6E  version="1.0" en
-Andreas Steffen
+[IMV]   64: 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F 3E  coding="utf-8"?>
-Andreas Steffen
+[IMV]   80: 0A 3C 73 6F 66 74 77 61 72 65 5F 69 64 65 6E 74  .<software_ident
-Andreas Steffen
+[IMV]   96: 69 66 69 63 61 74 69 6F 6E 5F 74 61 67 20 78 6D  ification_tag xm
-Andreas Steffen
+[IMV]  112: 6C 6E 73 3D 22 68 74 74 70 3A 2F 2F 73 74 61 6E  lns="http://stan
-Andreas Steffen
+[IMV]  128: 64 61 72 64 73 2E 69 73 6F 2E 6F 72 67 2F 69 73  dards.iso.org/is
-Andreas Steffen
+[IMV]  144: 6F 2F 31 39 37 37 30 2F 2D 32 2F 32 30 30 39 2F  o/19770/-2/2009/
-Andreas Steffen
+[IMV]  160: 73 63 68 65 6D 61 2E 78 73 64 22 3E 0A 3C 65 6E  schema.xsd">.<en
-Andreas Steffen
+[IMV]  176: 74 69 74 6C 65 6D 65 6E 74 5F 72 65 71 75 69 72  titlement_requir
-Andreas Steffen
+[IMV]  192: 65 64 5F 69 6E 64 69 63 61 74 6F 72 3E 74 72 75  ed_indicator>tru
-Andreas Steffen
+[IMV]  208: 65 3C 2F 65 6E 74 69 74 6C 65 6D 65 6E 74 5F 72  e</entitlement_r
-Andreas Steffen
+[IMV]  224: 65 71 75 69 72 65 64 5F 69 6E 64 69 63 61 74 6F  equired_indicato
-Andreas Steffen
+[IMV]  240: 72 3E 0A 3C 70 72 6F 64 75 63 74 5F 74 69 74 6C  r>.<product_titl
-Andreas Steffen
+[IMV]  256: 65 3E 73 74 72 6F 6E 67 53 77 61 6E 3C 2F 70 72  e>strongSwan</pr
-Andreas Steffen
+[IMV]  272: 6F 64 75 63 74 5F 74 69 74 6C 65 3E 0A 3C 70 72  oduct_title>.<pr
-Andreas Steffen
+[IMV]  288: 6F 64 75 63 74 5F 76 65 72 73 69 6F 6E 3E 0A 20  oduct_version>.
-Andreas Steffen
+[IMV]  304: 20 3C 6E 61 6D 65 3E 35 2E 31 2E 31 64 72 31 3C   <name>5.1.1dr1<
-Andreas Steffen
+[IMV]  320: 2F 6E 61 6D 65 3E 0A 20 20 3C 6E 75 6D 65 72 69  /name>.  <numeri
-Andreas Steffen
+[IMV]  336: 63 3E 0A 20 20 20 20 3C 6D 61 6A 6F 72 3E 35 3C  c>.    <major>5<
-Andreas Steffen
+[IMV]  352: 2F 6D 61 6A 6F 72 3E 0A 20 20 20 20 3C 6D 69 6E  /major>.    <min
-Andreas Steffen
+[IMV]  368: 6F 72 3E 31 3C 2F 6D 69 6E 6F 72 3E 0A 20 20 20  or>1</minor>.
-Andreas Steffen
+[IMV]  384: 20 3C 62 75 69 6C 64 3E 30 3C 2F 62 75 69 6C 64   <build>0</build
-Andreas Steffen
+[IMV]  400: 3E 0A 20 20 20 20 3C 72 65 76 69 65 77 3E 3C 2F  >.    <review></
-Andreas Steffen
+[IMV]  416: 72 65 76 69 65 77 3E 0A 20 20 3C 2F 6E 75 6D 65  review>.  </nume
-Andreas Steffen
+[IMV]  432: 72 69 63 3E 0A 3C 2F 70 72 6F 64 75 63 74 5F 76  ric>.</product_v
-Andreas Steffen
+[IMV]  448: 65 72 73 69 6F 6E 3E 0A 3C 73 6F 66 74 77 61 72  ersion>.<softwar
-Andreas Steffen
+[IMV]  464: 65 5F 63 72 65 61 74 6F 72 3E 0A 20 20 3C 6E 61  e_creator>.  <na
-Andreas Steffen
+[IMV]  480: 6D 65 3E 73 74 72 6F 6E 67 53 77 61 6E 20 50 72  me>strongSwan Pr
-Andreas Steffen
+[IMV]  496: 6F 6A 65 63 74 3C 2F 6E 61 6D 65 3E 0A 20 20 3C  oject</name>.  <
-Andreas Steffen
+[IMV]  512: 72 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34  regid>regid.2004
-Andreas Steffen
+[IMV]  528: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[IMV]  544: 61 6E 3C 2F 72 65 67 69 64 3E 0A 3C 2F 73 6F 66  an</regid>.</sof
-Andreas Steffen
+[IMV]  560: 74 77 61 72 65 5F 63 72 65 61 74 6F 72 3E 0A 3C  tware_creator>.<
-Andreas Steffen
+[IMV]  576: 73 6F 66 74 77 61 72 65 5F 6C 69 63 65 6E 73 6F  software_licenso
-Andreas Steffen
+[IMV]  592: 72 3E 0A 20 20 3C 6E 61 6D 65 3E 73 74 72 6F 6E  r>.  <name>stron
-Andreas Steffen
+[IMV]  608: 67 53 77 61 6E 20 50 72 6F 6A 65 63 74 3C 2F 6E  gSwan Project</n
-Andreas Steffen
+[IMV]  624: 61 6D 65 3E 0A 20 20 3C 72 65 67 69 64 3E 72 65  ame>.  <regid>re
-Andreas Steffen
+[IMV]  640: 67 69 64 2E 32 30 30 34 2D 30 33 2E 6F 72 67 2E  gid.2004-03.org.
-Andreas Steffen
+[IMV]  656: 73 74 72 6F 6E 67 73 77 61 6E 3C 2F 72 65 67 69  strongswan</regi
-Andreas Steffen
+[IMV]  672: 64 3E 0A 3C 2F 73 6F 66 74 77 61 72 65 5F 6C 69  d>.</software_li
-Andreas Steffen
+[IMV]  688: 63 65 6E 73 6F 72 3E 0A 3C 73 6F 66 74 77 61 72  censor>.<softwar
-Andreas Steffen
+[IMV]  704: 65 5F 69 64 3E 0A 20 20 3C 75 6E 69 71 75 65 5F  e_id>.  <unique_
-Andreas Steffen
+[IMV]  720: 69 64 3E 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D  id>strongSwan-5-
-Andreas Steffen
+[IMV]  736: 31 2D 30 3C 2F 75 6E 69 71 75 65 5F 69 64 3E 0A  1-0</unique_id>.
-Andreas Steffen
+[IMV]  752: 20 20 3C 74 61 67 5F 63 72 65 61 74 6F 72 5F 72    <tag_creator_r
-Andreas Steffen
+[IMV]  768: 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34 2D  egid>regid.2004-
-Andreas Steffen
+[IMV]  784: 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61  03.org.strongswa
-Andreas Steffen
+[IMV]  800: 6E 3C 2F 74 61 67 5F 63 72 65 61 74 6F 72 5F 72  n</tag_creator_r
-Andreas Steffen
+[IMV]  816: 65 67 69 64 3E 0A 3C 2F 73 6F 66 74 77 61 72 65  egid>.</software
-Andreas Steffen
+[IMV]  832: 5F 69 64 3E 0A 3C 74 61 67 5F 63 72 65 61 74 6F  _id>.<tag_creato
-Andreas Steffen
+[IMV]  848: 72 3E 0A 20 20 3C 6E 61 6D 65 3E 73 74 72 6F 6E  r>.  <name>stron
-Andreas Steffen
+[IMV]  864: 67 53 77 61 6E 3C 2F 6E 61 6D 65 3E 0A 20 20 3C  gSwan</name>.  <
-Andreas Steffen
+[IMV]  880: 72 65 67 69 64 3E 72 65 67 69 64 2E 32 30 30 34  regid>regid.2004
-Andreas Steffen
+[IMV]  896: 2D 30 33 2E 6F 72 67 2E 73 74 72 6F 6E 67 73 77  -03.org.strongsw
-Andreas Steffen
+[IMV]  912: 61 6E 3C 2F 72 65 67 69 64 3E 0A 3C 2F 74 61 67  an</regid>.</tag
-Andreas Steffen
+[IMV]  928: 5F 63 72 65 61 74 6F 72 3E 0A 3C 2F 73 6F 66 74  _creator>.</soft
-Andreas Steffen
+[IMV]  944: 77 61 72 65 5F 69 64 65 6E 74 69 66 69 63 61 74  ware_identificat
-Andreas Steffen
+[IMV]  960: 69 6F 6E 5F 74 61 67 3E 0A                       ion_tag>.
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TNC] processing PA-TNC message with ID 0x8bb506a6
-Andreas Steffen
+[TNC] processing PA-TNC attribute type 'TCG/SWID Tag Inventory' 0x005597/0x00000014
-Andreas Steffen
+[TNC] => 949 bytes @ 0x6ef054
-Andreas Steffen
+[TNC]    0: 00 00 00 01 00 00 00 0B C2 7A D3 9D 00 00 00 01  .........z......
-Andreas Steffen
+[TNC]   16: 00 00 00 00 03 9F 3C 3F 78 6D 6C 20 76 65 72 73  ......<?xml vers
-Andreas Steffen
+[TNC]   32: 69 6F 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69  ion="1.0" encodi
-Andreas Steffen
+[TNC]   48: 6E 67 3D 22 75 74 66 2D 38 22 3F 3E 0A 3C 73 6F  ng="utf-8"?>.<so
-Andreas Steffen
+[TNC]   64: 66 74 77 61 72 65 5F 69 64 65 6E 74 69 66 69 63  ftware_identific
-Andreas Steffen
+[TNC]   80: 61 74 69 6F 6E 5F 74 61 67 20 78 6D 6C 6E 73 3D  ation_tag xmlns=
-Andreas Steffen
+[TNC]   96: 22 68 74 74 70 3A 2F 2F 73 74 61 6E 64 61 72 64  "http://standard
-Andreas Steffen
+[TNC]  112: 73 2E 69 73 6F 2E 6F 72 67 2F 69 73 6F 2F 31 39  s.iso.org/iso/19
-Andreas Steffen
+[TNC]  128: 37 37 30 2F 2D 32 2F 32 30 30 39 2F 73 63 68 65  770/-2/2009/sche
-Andreas Steffen
+[TNC]  144: 6D 61 2E 78 73 64 22 3E 0A 3C 65 6E 74 69 74 6C  ma.xsd">.<entitl
-Andreas Steffen
+[TNC]  160: 65 6D 65 6E 74 5F 72 65 71 75 69 72 65 64 5F 69  ement_required_i
-Andreas Steffen
+[TNC]  176: 6E 64 69 63 61 74 6F 72 3E 74 72 75 65 3C 2F 65  ndicator>true</e
-Andreas Steffen
+[TNC]  192: 6E 74 69 74 6C 65 6D 65 6E 74 5F 72 65 71 75 69  ntitlement_requi
-Andreas Steffen
+[TNC]  208: 72 65 64 5F 69 6E 64 69 63 61 74 6F 72 3E 0A 3C  red_indicator>.<
-Andreas Steffen
+[TNC]  224: 70 72 6F 64 75 63 74 5F 74 69 74 6C 65 3E 73 74  product_title>st
-Andreas Steffen
+[TNC]  240: 72 6F 6E 67 53 77 61 6E 3C 2F 70 72 6F 64 75 63  rongSwan</produc
-Andreas Steffen
+[TNC]  256: 74 5F 74 69 74 6C 65 3E 0A 3C 70 72 6F 64 75 63  t_title>.<produc
-Andreas Steffen
+[TNC]  272: 74 5F 76 65 72 73 69 6F 6E 3E 0A 20 20 3C 6E 61  t_version>.  <na
-Andreas Steffen
+[TNC]  288: 6D 65 3E 35 2E 31 2E 31 64 72 31 3C 2F 6E 61 6D  me>5.1.1dr1</nam
-Andreas Steffen
+[TNC]  304: 65 3E 0A 20 20 3C 6E 75 6D 65 72 69 63 3E 0A 20  e>.  <numeric>.
-Andreas Steffen
+[TNC]  320: 20 20 20 3C 6D 61 6A 6F 72 3E 35 3C 2F 6D 61 6A     <major>5</maj
-Andreas Steffen
+[TNC]  336: 6F 72 3E 0A 20 20 20 20 3C 6D 69 6E 6F 72 3E 31  or>.    <minor>1
-Andreas Steffen
+[TNC]  352: 3C 2F 6D 69 6E 6F 72 3E 0A 20 20 20 20 3C 62 75  </minor>.    <bu
-Andreas Steffen
+[TNC]  368: 69 6C 64 3E 30 3C 2F 62 75 69 6C 64 3E 0A 20 20  ild>0</build>.
-Andreas Steffen
+[TNC]  384: 20 20 3C 72 65 76 69 65 77 3E 3C 2F 72 65 76 69    <review></revi
-Andreas Steffen
+[TNC]  400: 65 77 3E 0A 20 20 3C 2F 6E 75 6D 65 72 69 63 3E  ew>.  </numeric>
-Andreas Steffen
+[TNC]  416: 0A 3C 2F 70 72 6F 64 75 63 74 5F 76 65 72 73 69  .</product_versi
-Andreas Steffen
+[TNC]  432: 6F 6E 3E 0A 3C 73 6F 66 74 77 61 72 65 5F 63 72  on>.<software_cr
-Andreas Steffen
+[TNC]  448: 65 61 74 6F 72 3E 0A 20 20 3C 6E 61 6D 65 3E 73  eator>.  <name>s
-Andreas Steffen
+[TNC]  464: 74 72 6F 6E 67 53 77 61 6E 20 50 72 6F 6A 65 63  trongSwan Projec
-Andreas Steffen
+[TNC]  480: 74 3C 2F 6E 61 6D 65 3E 0A 20 20 3C 72 65 67 69  t</name>.  <regi
-Andreas Steffen
+[TNC]  496: 64 3E 72 65 67 69 64 2E 32 30 30 34 2D 30 33 2E  d>regid.2004-03.
-Andreas Steffen
+[TNC]  512: 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 3C 2F  org.strongswan</
-Andreas Steffen
+[TNC]  528: 72 65 67 69 64 3E 0A 3C 2F 73 6F 66 74 77 61 72  regid>.</softwar
-Andreas Steffen
+[TNC]  544: 65 5F 63 72 65 61 74 6F 72 3E 0A 3C 73 6F 66 74  e_creator>.<soft
-Andreas Steffen
+[TNC]  560: 77 61 72 65 5F 6C 69 63 65 6E 73 6F 72 3E 0A 20  ware_licensor>.
-Andreas Steffen
+[TNC]  576: 20 3C 6E 61 6D 65 3E 73 74 72 6F 6E 67 53 77 61   <name>strongSwa
-Andreas Steffen
+[TNC]  592: 6E 20 50 72 6F 6A 65 63 74 3C 2F 6E 61 6D 65 3E  n Project</name>
-Andreas Steffen
+[TNC]  608: 0A 20 20 3C 72 65 67 69 64 3E 72 65 67 69 64 2E  .  <regid>regid.
-Andreas Steffen
+[TNC]  624: 32 30 30 34 2D 30 33 2E 6F 72 67 2E 73 74 72 6F  2004-03.org.stro
-Andreas Steffen
+[TNC]  640: 6E 67 73 77 61 6E 3C 2F 72 65 67 69 64 3E 0A 3C  ngswan</regid>.<
-Andreas Steffen
+[TNC]  656: 2F 73 6F 66 74 77 61 72 65 5F 6C 69 63 65 6E 73  /software_licens
-Andreas Steffen
+[TNC]  672: 6F 72 3E 0A 3C 73 6F 66 74 77 61 72 65 5F 69 64  or>.<software_id
-Andreas Steffen
+[TNC]  688: 3E 0A 20 20 3C 75 6E 69 71 75 65 5F 69 64 3E 73  >.  <unique_id>s
-Andreas Steffen
+[TNC]  704: 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 31 2D 30 3C  trongSwan-5-1-0<
-Andreas Steffen
+[TNC]  720: 2F 75 6E 69 71 75 65 5F 69 64 3E 0A 20 20 3C 74  /unique_id>.  <t
-Andreas Steffen
+[TNC]  736: 61 67 5F 63 72 65 61 74 6F 72 5F 72 65 67 69 64  ag_creator_regid
-Andreas Steffen
+[TNC]  752: 3E 72 65 67 69 64 2E 32 30 30 34 2D 30 33 2E 6F  >regid.2004-03.o
-Andreas Steffen
+[TNC]  768: 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 3C 2F 74  rg.strongswan</t
-Andreas Steffen
+[TNC]  784: 61 67 5F 63 72 65 61 74 6F 72 5F 72 65 67 69 64  ag_creator_regid
-Andreas Steffen
+[TNC]  800: 3E 0A 3C 2F 73 6F 66 74 77 61 72 65 5F 69 64 3E  >.</software_id>
-Andreas Steffen
+[TNC]  816: 0A 3C 74 61 67 5F 63 72 65 61 74 6F 72 3E 0A 20  .<tag_creator>.
-Andreas Steffen
+[TNC]  832: 20 3C 6E 61 6D 65 3E 73 74 72 6F 6E 67 53 77 61   <name>strongSwa
-Andreas Steffen
+[TNC]  848: 6E 3C 2F 6E 61 6D 65 3E 0A 20 20 3C 72 65 67 69  n</name>.  <regi
-Andreas Steffen
+[TNC]  864: 64 3E 72 65 67 69 64 2E 32 30 30 34 2D 30 33 2E  d>regid.2004-03.
-Andreas Steffen
+[TNC]  880: 6F 72 67 2E 73 74 72 6F 6E 67 73 77 61 6E 3C 2F  org.strongswan</
-Andreas Steffen
+[TNC]  896: 72 65 67 69 64 3E 0A 3C 2F 74 61 67 5F 63 72 65  regid>.</tag_cre
-Andreas Steffen
+[TNC]  912: 61 74 6F 72 3E 0A 3C 2F 73 6F 66 74 77 61 72 65  ator>.</software
-Andreas Steffen
+[TNC]  928: 5F 69 64 65 6E 74 69 66 69 63 61 74 69 6F 6E 5F  _identification_
-Andreas Steffen
+[TNC]  944: 74 61 67 3E 0A                                   tag>.
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Human-Readable SWID Tags
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] received SWID tag inventory for request 11 at eid 1 of epoch 0xc27ad39d
-Andreas Steffen
+[IMV] <?xml version="1.0" encoding="utf-8"?>
-Andreas Steffen
+[IMV] <software_identification_tag xmlns="http://standards.iso.org/iso/19770/-2/2009/schema.xsd">
-Andreas Steffen
+[IMV] <entitlement_required_indicator>true</entitlement_required_indicator>
-Andreas Steffen
+[IMV] <product_title>strongSwan</product_title>
-Andreas Steffen
+[IMV] <product_version>
-Andreas Steffen
+[IMV]   <name>5.1.1dr1</name>
-Andreas Steffen
+[IMV]   <numeric>
-Andreas Steffen
+[IMV]     <major>5</major>
-Andreas Steffen
+[IMV]     <minor>1</minor>
-Andreas Steffen
+[IMV]     <build>0</build>
-Andreas Steffen
+[IMV]     <review></review>
-Andreas Steffen
+[IMV]   </numeric>
-Andreas Steffen
+[IMV] </product_version>
-Andreas Steffen
+[IMV] <software_creator>
-Andreas Steffen
+[IMV]   <name>strongSwan Project</name>
-Andreas Steffen
+[IMV]   <regid>regid.2004-03.org.strongswan</regid>
-Andreas Steffen
+[IMV] </software_creator>
-Andreas Steffen
+[IMV] <software_licensor>
-Andreas Steffen
+[IMV]   <name>strongSwan Project</name>
-Andreas Steffen
+[IMV]   <regid>regid.2004-03.org.strongswan</regid>
-Andreas Steffen
+[IMV] </software_licensor>
-Andreas Steffen
+[IMV] <software_id>
-Andreas Steffen
+[IMV]   <unique_id>strongSwan-5-1-0</unique_id>
-Andreas Steffen
+[IMV]   <tag_creator_regid>regid.2004-03.org.strongswan</tag_creator_regid>
-Andreas Steffen
+[IMV] </software_id>
-Andreas Steffen
+[IMV] <tag_creator>
-Andreas Steffen
+[IMV]   <name>strongSwan</name>
-Andreas Steffen
+[IMV]   <regid>regid.2004-03.org.strongswan</regid>
-Andreas Steffen
+[IMV] </tag_creator>
-Andreas Steffen
+[IMV] </software_identification_tag>
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 2 handled SWIDT workitem 11: allow - received inventory of 1 SWID tag
-Andreas Steffen
+[TNC] creating PA-TNC message with ID 0x4389bba0
-Andreas Steffen
+[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+[TNC] => 4 bytes @ 0x701a80
-Andreas Steffen
+[TNC]    0: 00 00 00 00                                      ....
-Andreas Steffen
+[IMV] created PA-TNC message: => 24 bytes @ 0x6e84c0
-Andreas Steffen
+[IMV]    0: 01 00 00 00 43 89 BB A0 00 00 00 00 00 00 00 09  ....C...........
-Andreas Steffen
+[IMV]   16: 00 00 00 10 00 00 00 00                          ........
-Andreas Steffen
+[TNC] creating PB-PA message type 'TCG/SWID' 0x005597/0x00000003
-Andreas Steffen
+[TNC] IMV 2 provides recommendation 'allow' and evaluation 'compliant'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Policy Manager integrating Measurement Results
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] running policy script: 2>&1 TNC_SESSION_ID='3' ipsec imv_policy_manager stop
-Andreas Steffen
+[IMV] policy: imv_policy_manager stop successful
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[IMV] IMV 1 "OS" changed state of Connection ID 2 to 'Isolated'
-Andreas Steffen
+[IMV] IMV 2 "SWID" changed state of Connection ID 2 to 'Isolated'
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
-Andreas Steffen
+[TNC] creating PB-TNC RESULT batch
-Andreas Steffen
+[TNC] adding PB-PA message
-Andreas Steffen
+[TNC] adding PB-Assessment-Result message
-Andreas Steffen
+[TNC] adding PB-Access-Recommendation message
-Andreas Steffen
+[TNC] adding PB-Reason-String message
-Andreas Steffen
+[TNC] sending PB-TNC RESULT batch (141 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 141 bytes @ 0x709e40
-Andreas Steffen
+[TNC]    0: 02 80 00 03 00 00 00 8D 80 00 00 00 00 00 00 01  ................
-Andreas Steffen
+[TNC]   16: 00 00 00 30 00 00 55 97 00 00 00 03 FF FF 00 02  ...0..U.........
-Andreas Steffen
+[TNC]   32: 01 00 00 00 43 89 BB A0 00 00 00 00 00 00 00 09  ....C...........
-Andreas Steffen
+[TNC]   48: 00 00 00 10 00 00 00 00 80 00 00 00 00 00 00 02  ................
-Andreas Steffen
+[TNC]   64: 00 00 00 10 00 00 00 02 00 00 00 00 00 00 00 03  ................
-Andreas Steffen
+[TNC]   80: 00 00 00 10 00 00 00 03 00 00 00 00 00 00 00 07  ................
-Andreas Steffen
+[TNC]   96: 00 00 00 35 00 00 00 22 49 6D 70 72 6F 70 65 72  ...5..."Improper
-Andreas Steffen
+[TNC]  112: 20 4F 53 20 73 65 74 74 69 6E 67 73 20 77 65 72   OS settings wer
-Andreas Steffen
+[TNC]  128: 65 20 64 65 74 65 63 74 65 64 02 65 6E           e detected.en
-Andreas Steffen
+[TNC] sending PT-TLS message #4 of type 'PB-TNC Batch' (157 bytes)
-Andreas Steffen
+[TLS] sending TLS ApplicationData record (208 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h3. Closing PT-TLS Connection
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[TLS] processing TLS ApplicationData record (64 bytes)
-Andreas Steffen
+[TNC] received PT-TLS message #4 of type 'PB-TNC Batch' (24 bytes)
-Andreas Steffen
+[TNC] received TNCCS batch (8 bytes) for Connection ID 2
-Andreas Steffen
+[TNC] => 8 bytes @ 0x6f7e40
-Andreas Steffen
+[TNC]    0: 02 00 00 06 00 00 00 08                          ........
-Andreas Steffen
+[TNC] PB-TNC state transition from 'Decided' to 'End'
-Andreas Steffen
+[TNC] processing PB-TNC CLOSE batch
-Andreas Steffen
+[TNC] final recommendation is 'isolate' and evaluation is 'non-compliant major'
-Andreas Steffen
+[TNC] PT-TLS connection terminates
-Andreas Steffen
+[IMV] IMV 1 "OS" deleted the state of Connection ID 2
-Andreas Steffen
+[IMV] IMV 2 "SWID" deleted the state of Connection ID 2
-Andreas Steffen
+[TNC] removed TNCCS Connection ID 2
-Andreas Steffen
+[TLS] sending TLS close notify
-Andreas Steffen
+[TLS] sending TLS Alert record (48 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Terminating the strongSwan Policy Decision Point
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+[DMN] signal of type SIGINT received. Shutting down
-Andreas Steffen
+[IMV] IMV 2 "SWID" terminated
-Andreas Steffen
+[TNC] removed TCG attributes
-Andreas Steffen
+[LIB] libpts terminated
-Andreas Steffen
+[IMV] IMV 1 "OS" terminated
-Andreas Steffen
+[TNC] removed IETF attributes
-Andreas Steffen
+[TNC] removed ITA-HSR attributes
-Andreas Steffen
+[LIB] libimcv terminated
-Andreas Steffen
+</pre>

Project

General

Profile

strongSwan

Endpoint Compliance via PT-TLS Protocol » History » Version 12