strongSwan

h1. TNC Client with PTS-IMC

This HOWTO explains in a step-for-step fashion how a strongSwan IPsec client with integrated TNC client functionality and an attached Platform Trust Service Integrity Measurement Collector (PTS-IMC) can provide remote attestation measurement data to a TNC server via the IKEv2 EAP-TTLS protocol. 

{{>toc}}

h2. Installation and Configuration

The following steps describe the installation of the strongSwan software

<pre>

  tar xjf strongswan-4.6.2dr1.tar.bz2

  cd strongswan-4.6.2dr1

  ./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-openssl --enable-curl

              --enable-eap --enable-eap-identity --enable-eap-md5 --enable-eap-ttls

              --enable-eap-tnc  --enable-tnccs-20 --enable-tnc-imc --enable-imc-attestation

  make

  [sudo] make install 

</pre>

The connection between IPsec client *carol* and IPsec gateway *moon* is defined in the /etc/ipsec.conf file:

<pre>

# ipsec.conf - strongSwan IPsec configuration file

config setup

     charondebug="tnc 3, imc 3, pts 3"

conn home

     left=%any

     leftid=carol@strongswan.org

     leftauth=eap

     right=192.168.0.1

     rightid=@moon.strongswan.org

     rightsendcert=never

     rightsubnet=10.1.0.0/16

     auto=start

</pre>

The debug levels for the TNC, IMC, and PTS components are increased to 3, so that HEX dumps of PB-TNC (IF-TNCCS 2.0) messages and PA-TNC (IF-M) attributes will be included in the log file.

The IKEv2 client *carol* is going to use EAP-based authentication with the user credentials being stored in the /etc/ipsec.secrets file:

<pre>

# /etc/ipsec.secrets - strongSwan IPsec secrets file

carol@strongswan.org : EAP "Ar3etTnp"

</pre>

The following IKEv2 charon and Attestation IMC options are defined in the /etc/strongswan.conf file

<pre>

# strongswan.conf - strongSwan configuration file

charon {

  load = sha1 random gmp pkcs1 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke

  plugins {

    eap-tnc {

      protocol = tnccs-2.0

    }

    tnc-imc {

      preferred_language = en

    }

  }

}

libimcv {

  plugins {

    imc-attestation {

      aik_cert = /home/andi/privacyca/AIK_3_Cert.der

      aik_blob = /home/andi/privacyca/AIK_3_Blob.bin

      pcr17_meas   = d537d437f058136eb3d7be517dbe7647b623c619 

      pcr17_before = 1717171717171717171717171717171717171717 

      pcr17_after  = ffffffffffffffffffffffffffffffffffffffff 

      pcr18_meas   = 160d2b04d11eb225fb148615b699081869e15b6c 

      pcr18_before = 1818181818181818181818181818181818181818 

      pcr18_after  = ffffffffffffffffffffffffffffffffffffffff 

    }

  }

}

</pre>

h2. IKEv2 Negotiation

h3. Startup and Initialization

The command

<pre>

ipsec start

</pre>

starts the TNC-enabled IPsec client:

<pre>

Nov 29 07:39:21 merthyr charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.2dr1)

Nov 29 07:39:21 merthyr charon: 00[KNL] listening on interfaces:

Nov 29 07:39:21 merthyr charon: 00[KNL]   wlan0

Nov 29 07:39:21 merthyr charon: 00[KNL]     10.35.167.97

Nov 29 07:39:21 merthyr charon: 00[KNL]     fe80::221:6aff:fe06:cf4c

Nov 29 07:39:21 merthyr charon: 00[KNL]   umlbr0

Nov 29 07:39:21 merthyr charon: 00[KNL]     192.168.0.254

Nov 29 07:39:21 merthyr charon: 00[KNL]     fe80::103c:e8ff:fec0:db34

</pre>

The file /etc/tnc_config

<pre>

IMC configuration file for strongSwan client 

IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so

</pre>

defines which IMCs are loaded by the TNC client:

<pre>

Nov 29 07:39:21 merthyr charon: 00[TNC] loading IMCs from '/etc/tnc_config'

Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[sha1] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_2048[gmp] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_1536[gmp] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_1024[gmp] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available

Nov 29 07:39:21 merthyr charon: 00[TNC] added IETF attributes

Nov 29 07:39:21 merthyr charon: 00[TNC] added ITA-HSR attributes

Nov 29 07:39:21 merthyr charon: 00[LIB] libimcv initialized

Nov 29 07:39:21 merthyr charon: 00[IMC] IMC 1 "Attestation" initialized

Nov 29 07:39:21 merthyr charon: 00[TNC] added TCG attributes

Nov 29 07:39:21 merthyr charon: 00[PTS] added TCG functional component namespace

Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component namespace

Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'

Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'

Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'

Nov 29 07:39:21 merthyr charon: 00[LIB] libpts initialized

Nov 29 07:39:21 merthyr charon: 00[IMC] IMC 1 "Attestation" provided with bind function

Nov 29 07:39:21 merthyr charon: 00[TNC] IMC 1 supports 1 message type: 0x00559701

Nov 29 07:39:21 merthyr charon: 00[TNC] IMC 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'

</pre>

Next the IKEv2 credentials and all necessary plugins are loaded

<pre>

Nov 29 07:39:21 merthyr charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'

Nov 29 07:39:21 merthyr charon: 00[CFG]   loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'

Nov 29 07:39:21 merthyr charon: 00[CFG]   loaded EAP secret for carol@strongswan.org

Nov 29 07:39:21 merthyr charon: 00[DMN] loaded plugins: sha1 random gmp pkcs1 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke 

Nov 29 07:39:21 merthyr charon: 00[JOB] spawning 16 worker threads

</pre>

h3. IKEv2 Exchanges 

Due to auto=start the IKEv2 negotiation automatically starts with the IKE_SA_INIT exchange

<pre>

Nov 29 07:39:22 merthyr charon: 04[CFG] received stroke: add connection 'home'

Nov 29 07:39:22 merthyr charon: 04[CFG] left nor right host is our side, assuming left=local

Nov 29 07:39:22 merthyr charon: 04[CFG] added configuration 'home'

Nov 29 07:39:22 merthyr charon: 04[CFG] received stroke: initiate 'home'

Nov 29 07:39:22 merthyr charon: 04[IKE] initiating IKE_SA home[1] to 192.168.0.1

Nov 29 07:39:22 merthyr charon: 04[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]

Nov 29 07:39:22 merthyr charon: 04[NET] sending packet: from 192.168.0.254[500] to 192.168.0.1[500]

Nov 29 07:39:22 merthyr charon: 06[NET] received packet: from 192.168.0.1[500] to 192.168.0.254[500]

Nov 29 07:39:22 merthyr charon: 06[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]

</pre>

followed by the IKE_AUTH exchange where the IKEv2 gateway proposes a mutual IKEv2 EAP-TTLS only authentication:

<pre>

Nov 29 07:39:22 merthyr charon: 06[IKE] establishing CHILD_SA home

Nov 29 07:39:22 merthyr charon: 06[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(EAP_ONLY) ]

Nov 29 07:39:22 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:22 merthyr charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:22 merthyr charon: 10[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]

Nov 29 07:39:22 merthyr charon: 10[IKE] server requested EAP_TTLS authentication (id 0xA8)

Nov 29 07:39:22 merthyr charon: 10[TLS] EAP_TTLS version is v0

Nov 29 07:39:22 merthyr charon: 10[IKE] allow mutual EAP-only authentication

</pre>

h3. IKEv2 EAP-TTLS Tunnel

The IKEv2 EAP-TTLS tunnel is set up with certificate-based server authentication

<pre>

Nov 29 07:39:22 merthyr charon: 10[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ]

Nov 29 07:39:22 merthyr charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:22 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:22 merthyr charon: 05[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ]

Nov 29 07:39:22 merthyr charon: 05[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ]

Nov 29 07:39:22 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:22 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:22 merthyr charon: 15[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ]

Nov 29 07:39:22 merthyr charon: 15[TLS] negotiated TLS version TLS 1.2 with suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Nov 29 07:39:22 merthyr charon: 15[TLS] received TLS server certificate 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org'

Nov 29 07:39:22 merthyr charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"

Nov 29 07:39:22 merthyr charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

Nov 29 07:39:22 merthyr charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"

Nov 29 07:39:22 merthyr charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan.crl' ...

Nov 29 07:39:22 merthyr charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

Nov 29 07:39:22 merthyr charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

Nov 29 07:39:22 merthyr charon: 15[CFG]   crl is valid: until Dec 02 09:19:24 2011

Nov 29 07:39:22 merthyr charon: 15[CFG] certificate status is good

Nov 29 07:39:22 merthyr charon: 15[CFG]   reached self-signed root ca with a path length of 0

Nov 29 07:39:22 merthyr charon: 15[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ]

Nov 29 07:39:22 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Tunneled EAP-Identity

Via the IKEv2 EAP-TTLS tunnel the server requests the EAP client identity

<pre>

Nov 29 07:39:23 merthyr charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 14[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID]

Nov 29 07:39:23 merthyr charon: 14[IKE] server requested EAP_IDENTITY authentication (id 0x00)

Nov 29 07:39:23 merthyr charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID]

Nov 29 07:39:23 merthyr charon: 14[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Tunneled EAP-MD5 Client Authentication

Next follows an EAP-MD5 client authentication

<pre>

Nov 29 07:39:23 merthyr charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 03[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/MD5]

Nov 29 07:39:23 merthyr charon: 03[IKE] server requested EAP_MD5 authentication (id 0x36)

Nov 29 07:39:23 merthyr charon: 03[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/MD5]

Nov 29 07:39:23 merthyr charon: 03[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Tunneled EAP-TNC Transport

Now the EAP-TNC transport protocol connecting the TNC client with the TNC server is started:

<pre>

Nov 29 07:39:23 merthyr charon: 02[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 02[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 02[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:23 merthyr charon: 02[IKE] server requested EAP_TNC authentication (id 0x84)

Nov 29 07:39:23 merthyr charon: 02[TLS] EAP_TNC version is v1

</pre>

h2. PB-TNC/IF-TNCCS 2.0 Connection

A new TNCCS connection is instantiated on the TNC client and its IF-TNCCS 2.0 state machine is set to the Init state.

!IF-TNCCS-20-State-Diagram.png!

A first PB-TNC CDATA (IF-TNCCS 2.0 ClientData) batch is prepared and a PB-Language-Preference message for Englisch (en) is added: 

<pre>

Nov 29 07:39:23 merthyr charon: 02[TNC] assigned TNCCS Connection ID 1

Nov 29 07:39:23 merthyr charon: 02[TNC] creating PB-TNC CDATA batch

Nov 29 07:39:23 merthyr charon: 02[TNC] adding PB-Language-Preference message

</pre>

An instance of the Attestation PTS-IMC is created which in a first step determines the client operating systen

<pre>

Nov 29 07:39:23 merthyr charon: 02[PTS] platform is 'Ubuntu 11.10 i686'

</pre>

and then loads the AIK certificate and the matching AIK private key, the latter in the form of a TPM-encrypted binary blob

<pre>

Nov 29 07:39:23 merthyr charon: 02[PTS] loaded AIK certificate from '/home/andi/privacyca/AIK_3_Cert.der'

Nov 29 07:39:23 merthyr charon: 02[PTS] loaded AIK Blob from '/home/andi/privacyca/AIK_3_Blob.bin'

Nov 29 07:39:23 merthyr charon: 02[PTS] AIK Blob: => 559 bytes @ 0x8266b24

Nov 29 07:39:23 merthyr charon: 02[PTS]    0: 01 01 00 00 00 12 00 00 00 04 00 00 00 00 01 00  ................

Nov 29 07:39:23 merthyr charon: 02[PTS]   16: 01 00 02 00 00 00 0C 00 00 08 00 00 00 00 02 00  ................

Nov 29 07:39:23 merthyr charon: 02[PTS]   32: 00 00 00 00 00 00 00 00 00 01 00 E9 1C 5F 57 5B  ............._W[

Nov 29 07:39:23 merthyr charon: 02[PTS]   48: 73 5F 35 15 BD AF 29 89 13 F1 F9 8D 83 62 6C 73  s_5...)......bls

Nov 29 07:39:23 merthyr charon: 02[PTS]   64: C0 5F 8B 90 5A B8 1A 72 B9 D2 51 F8 DC 24 CF 0D  ._..Z..r..Q..$..

Nov 29 07:39:23 merthyr charon: 02[PTS]   80: 9E E2 0B F8 8D 11 CD B2 E5 6B CB C2 AB FA BD F4  .........k......

Nov 29 07:39:23 merthyr charon: 02[PTS]   96: 74 D2 25 B3 AE CE 47 66 58 A6 65 A4 CA 36 24 1E  t.%...GfX.e..6$.

Nov 29 07:39:23 merthyr charon: 02[PTS]  112: 6E 22 A4 9F 88 C5 63 78 AD 53 33 90 22 91 6F 83  n"....cx.S3.".o.

Nov 29 07:39:23 merthyr charon: 02[PTS]  128: 8F 2A A8 98 0C 15 3E 89 19 48 63 BE 4C 35 02 F4  .*....>..Hc.L5..

Nov 29 07:39:23 merthyr charon: 02[PTS]  144: 03 7E 10 8E 4D DB 5A D1 63 9A 3C D9 63 F5 7B C6  .~..M.Z.c.<.c.{.

Nov 29 07:39:23 merthyr charon: 02[PTS]  160: 73 0F 23 05 B6 00 30 3B 34 6C 3C 10 A9 A5 4A 79  s.#...0;4l<...Jy

Nov 29 07:39:23 merthyr charon: 02[PTS]  176: 2E 62 88 E3 CC 7F 7B A7 5A E3 6F 13 7A BD BF 86  .b....{.Z.o.z...

Nov 29 07:39:23 merthyr charon: 02[PTS]  192: 1D 3C E3 12 3A 8C 0E 7D 47 55 C6 76 A9 D3 61 16  .<..:..}GU.v..a.

Nov 29 07:39:23 merthyr charon: 02[PTS]  208: 22 8A 32 C5 E7 CD 17 DB 5F A1 67 CC 1D F5 D9 25  ".2....._.g....%

Nov 29 07:39:23 merthyr charon: 02[PTS]  224: 51 01 33 1E 05 45 85 53 2E 2C 2B 1D 59 E5 FE C2  Q.3..E.S.,+.Y...

Nov 29 07:39:23 merthyr charon: 02[PTS]  240: 61 26 36 12 05 F2 5C 95 F8 70 E6 6A DB BF 30 1E  a&6...\..p.j..0.

Nov 29 07:39:23 merthyr charon: 02[PTS]  256: 46 05 E6 0E 94 3C 0C C6 1C 96 B4 59 AC 5C 63 15  F....<.....Y.\c.

Nov 29 07:39:23 merthyr charon: 02[PTS]  272: 8C 77 E8 45 91 6B 8B B1 0D DB 26 3C E5 34 1C E8  .w.E.k....&<.4..

Nov 29 07:39:23 merthyr charon: 02[PTS]  288: B9 B5 6E 7F 9B 6E 7D 24 82 6E 2B 00 00 01 00 22  ..n..n}$.n+...."

Nov 29 07:39:23 merthyr charon: 02[PTS]  304: 35 22 CB 61 E6 28 B9 53 4A EB 52 10 A9 CD 5A 2A  5".a.(.SJ.R...Z*

Nov 29 07:39:23 merthyr charon: 02[PTS]  320: 23 3A DD 32 77 53 44 8D 94 40 7E 6A 28 83 9D 9D  #:.2wSD..@~j(...

Nov 29 07:39:23 merthyr charon: 02[PTS]  336: 1E 1B CE 7C CE D2 8A C9 04 BE 66 A5 A1 CA E3 03  ...|......f.....

Nov 29 07:39:23 merthyr charon: 02[PTS]  352: 7F 33 97 AD EF A8 E8 83 C9 65 CA 38 27 22 8A 26  .3.......e.8'".&

Nov 29 07:39:23 merthyr charon: 02[PTS]  368: 90 B1 1E B0 AE F6 B3 77 5E E3 C8 C2 C6 49 DC 74  .......w^....I.t

Nov 29 07:39:23 merthyr charon: 02[PTS]  384: EF 6E A4 31 DF 13 12 F0 4B 53 3D 85 5C 4F 98 C3  .n.1....KS=.\O..

Nov 29 07:39:23 merthyr charon: 02[PTS]  400: 32 7D 05 EB C1 D6 2A AC 6A 38 B8 C4 D4 B7 FE B7  2}....*.j8......

Nov 29 07:39:23 merthyr charon: 02[PTS]  416: 11 39 AD 14 39 EE C2 38 4D 31 86 D9 6F 10 85 90  .9..9..8M1..o...

Nov 29 07:39:23 merthyr charon: 02[PTS]  432: 07 43 AA DF AA 25 84 79 5D 01 7B 2B B1 DB 3D CA  .C...%.y].{+..=.

Nov 29 07:39:23 merthyr charon: 02[PTS]  448: 34 A5 94 B6 35 3B 87 EC 77 56 8E B4 13 DD 3F 25  4...5;..wV....?%

Nov 29 07:39:23 merthyr charon: 02[PTS]  464: 12 F9 97 CB 23 CF B8 AB D5 1C 2A D6 2D 13 85 3B  ....#.....*.-..;

Nov 29 07:39:23 merthyr charon: 02[PTS]  480: D3 77 48 B8 A4 C0 31 C6 68 C0 92 33 7C 5B AA 8E  .wH...1.h..3|[..

Nov 29 07:39:23 merthyr charon: 02[PTS]  496: A5 86 05 EF 99 0D CA 02 5F 96 9A 68 C3 DA A2 A8  ........_..h....

Nov 29 07:39:23 merthyr charon: 02[PTS]  512: B7 4C C6 EC 09 98 45 E7 E6 E5 DC A6 E3 B3 54 2A  .L....E.......T*

Nov 29 07:39:23 merthyr charon: 02[PTS]  528: F5 5A 94 78 3C 26 5B FD D0 01 4B A4 5D B2 C2 EC  .Z.x<&[...K.]...

Nov 29 07:39:23 merthyr charon: 02[PTS]  544: B6 56 A0 DB EC C8 BA 0D E9 56 EC F0 77 7A AB     .V.......V..wz.

Nov 29 07:39:23 merthyr charon: 02[IMC] IMC 1 "Attestation" created a state for Connection ID 1

</pre> 

Via the IF-IMC interface the PTS-IMC receives a 'Handshake' state change from the TNC client 

<pre>

Nov 29 07:39:23 merthyr charon: 02[IMC] IMC 1 "Attestation" changed state of Connection ID 1 to 'Handshake'

</pre>

The PTS-IMC generates a PA-TNC message of type TCG/PTS targeted at the remote PTS-IMV, containing a single PA-TNC attribute of type 'IETF/Product Information' with the client operating system information:

<pre>

Nov 29 07:39:23 merthyr charon: 02[TNC] creating PA-TNC message with ID 0x569e528e

Nov 29 07:39:23 merthyr charon: 02[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002

Nov 29 07:39:23 merthyr charon: 02[TNC] => 22 bytes @ 0x82452bc

Nov 29 07:39:23 merthyr charon: 02[TNC]    0: 00 00 00 00 00 55 62 75 6E 74 75 20 31 31 2E 31  .....Ubuntu 11.1

Nov 29 07:39:23 merthyr charon: 02[TNC]   16: 30 20 69 36 38 36                                0 i686

Nov 29 07:39:23 merthyr charon: 02[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01

Nov 29 07:39:23 merthyr charon: 02[TNC] adding PB-PA message

</pre>

The PA-TNC message is received by the TNC client via the IF-IMC SendMessage call and is inserted together with the

PB-Language-Preference message into the PB-TNC CDATA batch which is then sent via the IKEv2 EAP-TTLS tunnel to the TNC server.

<pre>

Nov 29 07:39:23 merthyr charon: 02[TNC] PB-TNC state transition from 'Init' to 'Server Working'

Nov 29 07:39:23 merthyr charon: 02[TNC] sending PB-TNC CDATA batch (105 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 02[TNC] => 105 bytes @ 0x82669a4

Nov 29 07:39:23 merthyr charon: 02[TNC]    0: 02 00 00 01 00 00 00 69 00 00 00 00 00 00 00 06  .......i........

Nov 29 07:39:23 merthyr charon: 02[TNC]   16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75  ....Accept-Langu

Nov 29 07:39:23 merthyr charon: 02[TNC]   32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00  age: en.........

Nov 29 07:39:23 merthyr charon: 02[TNC]   48: 00 00 42 00 00 55 97 00 00 00 01 00 01 FF FF 01  ..B..U..........

Nov 29 07:39:23 merthyr charon: 02[TNC]   64: 00 00 00 56 9E 52 8E 00 00 00 00 00 00 00 02 00  ...V.R..........

Nov 29 07:39:23 merthyr charon: 02[TNC]   80: 00 00 22 00 00 00 00 00 55 62 75 6E 74 75 20 31  ..".....Ubuntu 1

Nov 29 07:39:23 merthyr charon: 02[TNC]   96: 31 2E 31 30 20 69 36 38 36                       1.10 i686

Nov 29 07:39:23 merthyr charon: 02[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Nov 29 07:39:23 merthyr charon: 02[ENC] generating IKE_AUTH request 7 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 02[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. PTS Capability Discovery

As a response a PB-TNC SDATA (IF-TNCCS 2.0 ServerData) batch is received from the TNC server

<pre>

Nov 29 07:39:23 merthyr charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 13[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:23 merthyr charon: 13[TNC] received TNCCS batch (72 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 13[TNC] => 72 bytes @ 0x826212e

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 02 80 00 02 00 00 00 48 80 00 00 00 00 00 00 01  .......H........

Nov 29 07:39:23 merthyr charon: 13[TNC]   16: 00 00 00 40 00 00 55 97 00 00 00 01 FF FF 00 01  ...@..U.........

Nov 29 07:39:23 merthyr charon: 13[TNC]   32: 01 00 00 00 10 FB C9 31 80 00 55 97 01 00 00 00  .......1..U.....

Nov 29 07:39:23 merthyr charon: 13[TNC]   48: 00 00 00 10 00 00 00 0E 80 00 55 97 06 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 13[TNC]   64: 00 00 00 10 00 00 80 00                          ........

Nov 29 07:39:23 merthyr charon: 13[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PB-TNC SDATA batch

</pre>

containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:

<pre>

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PB-PA message (64 bytes)

Nov 29 07:39:23 merthyr charon: 13[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

</pre>

The PA-TNC message transferred via the IF-IMC interface to the PTS-IMC contains two PA-TNC attributes from the TCG/PTS namespace:

<pre>

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PA-TNC message with ID 0x10fbc931

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000

Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x8268da0

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 00 0E                                      ....

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000

Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x8268db0

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 80 00                                      ....

</pre>

namely the requests 'Request PTS Protocol Capabilities' and 'PTS Measurement Algorithm Request'. The PTS-IMV supports the Verification (V), DH Nonce Negotiation (D) and Trusted Platform Evidence (T) PTS protocol capabilities and the PTS-IMC does as well.

<pre>

Nov 29 07:39:23 merthyr charon: 13[PTS] supported PTS protocol capabilities: .VDT.

Nov 29 07:39:23 merthyr charon: 13[PTS] selected PTS measurement algorithm is HASH_SHA1

</pre>

The PTS-IMV proposes SHA-1 only for the PTS measurement algorithm which is accepted by the PTS-IMC. These two selections are sent back to the PTS-IMV in a PA-TNC message containing the TCG attributes 'PTS Protocol Capabilities' and 'PTS Measurement Algorithm":

<pre>

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PA-TNC message with ID 0x0ed3f1f3

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000

Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x8266b04

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 00 0E                                      ....

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000

Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x825f17c

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 80 00                                      ....

</pre>

This PA-TNC message is sent as a PB-PA payload in a PB-TNC CDATA batch to the TNC server:

<pre>

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PB-TNC CDATA batch

Nov 29 07:39:23 merthyr charon: 13[TNC] adding PB-PA message

Nov 29 07:39:23 merthyr charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Nov 29 07:39:23 merthyr charon: 13[TNC] sending PB-TNC CDATA batch (72 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 13[TNC] => 72 bytes @ 0x82679fc

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 02 00 00 01 00 00 00 48 80 00 00 00 00 00 00 01  .......H........

Nov 29 07:39:23 merthyr charon: 13[TNC]   16: 00 00 00 40 00 00 55 97 00 00 00 01 00 01 FF FF  ...@..U.........

Nov 29 07:39:23 merthyr charon: 13[TNC]   32: 01 00 00 00 0E D3 F1 F3 00 00 55 97 02 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 13[TNC]   48: 00 00 00 10 00 00 00 0E 00 00 55 97 07 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 13[TNC]   64: 00 00 00 10 00 00 80 00                          ........

Nov 29 07:39:23 merthyr charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Nov 29 07:39:23 merthyr charon: 13[ENC] generating IKE_AUTH request 8 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. DH Nonce Parameters

The next PB-TNC SDATA batch arrives

<pre>

Nov 29 07:39:23 merthyr charon: 01[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 01[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 01[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:23 merthyr charon: 01[TNC] received TNCCS batch (56 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 01[TNC] => 56 bytes @ 0x825e5b6

Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 02 80 00 02 00 00 00 38 80 00 00 00 00 00 00 01  .......8........

Nov 29 07:39:23 merthyr charon: 01[TNC]   16: 00 00 00 30 00 00 55 97 00 00 00 01 FF FF 00 01  ...0..U.........

Nov 29 07:39:23 merthyr charon: 01[TNC]   32: 01 00 00 00 C2 D1 8E F1 80 00 55 97 03 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 01[TNC]   48: 00 00 00 10 00 00 F0 00                          ........

Nov 29 07:39:23 merthyr charon: 01[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PB-TNC SDATA batch

</pre>

containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:

<pre>

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PB-PA message (48 bytes)

Nov 29 07:39:23 merthyr charon: 01[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

</pre>

The PA-TNC message contains a 'DH Nonce Parameters Request' from the TCG namespace

<pre>

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PA-TNC message with ID 0xc2d18ef1

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000

Nov 29 07:39:23 merthyr charon: 01[TNC] => 4 bytes @ 0x82452d0

Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 00 00 F0 00                                      ....

</pre>

and offers the set of IKE DH groups {2, 5, 14, 19} from which the PTS-IMC selects ECP_256 (group 19).

<pre>

Nov 29 07:39:23 merthyr charon: 01[PTS] selected PTS DH group is ECP_256

Nov 29 07:39:23 merthyr charon: 01[PTS] nonce length is 20

</pre>

The PTS-IMC also returns a 20 byte DH responder nonce and the 32 byte ECP_256 DH responder public value:

<pre>

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PA-TNC message with ID 0xa69f8b02

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000

Nov 29 07:39:23 merthyr charon: 01[TNC] => 92 bytes @ 0x826a53c

Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 00 00 00 14 10 00 E0 00 AA B1 9A 5C 9B 47 D0 0D  ...........\.G..

Nov 29 07:39:23 merthyr charon: 01[TNC]   16: EF 3B F4 48 7A 55 EF DA 89 55 D3 74 DF CE B2 FB  .;.HzU...U.t....

Nov 29 07:39:23 merthyr charon: 01[TNC]   32: 44 16 FD 98 44 1D 79 1F 36 7A A5 67 94 30 81 C8  D...D.y.6z.g.0..

Nov 29 07:39:23 merthyr charon: 01[TNC]   48: 38 A8 1A AD 99 55 0E 91 2F E4 36 62 FA C2 08 63  8....U../.6b...c

Nov 29 07:39:23 merthyr charon: 01[TNC]   64: 88 69 41 79 35 D4 64 8C 4C D4 CB E9 7B 5E CF 0A  .iAy5.d.L...{^..

Nov 29 07:39:23 merthyr charon: 01[TNC]   80: E0 E9 74 66 4C BB 06 3B F8 DE 96 2E              ..tfL..;....

</pre>

This PA-TNC message is carried in a PB-PA message encapsulated in a PB-TNC CDATA batch:

<pre>

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PB-TNC CDATA batch

Nov 29 07:39:23 merthyr charon: 01[TNC] adding PB-PA message

Nov 29 07:39:23 merthyr charon: 01[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Nov 29 07:39:23 merthyr charon: 01[TNC] sending PB-TNC CDATA batch (144 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 01[TNC] => 144 bytes @ 0x826e85c

Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 02 00 00 01 00 00 00 90 80 00 00 00 00 00 00 01  ................

Nov 29 07:39:23 merthyr charon: 01[TNC]   16: 00 00 00 88 00 00 55 97 00 00 00 01 00 01 FF FF  ......U.........

Nov 29 07:39:23 merthyr charon: 01[TNC]   32: 01 00 00 00 A6 9F 8B 02 00 00 55 97 04 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 01[TNC]   48: 00 00 00 68 00 00 00 14 10 00 E0 00 AA B1 9A 5C  ...h...........\

Nov 29 07:39:23 merthyr charon: 01[TNC]   64: 9B 47 D0 0D EF 3B F4 48 7A 55 EF DA 89 55 D3 74  .G...;.HzU...U.t

Nov 29 07:39:23 merthyr charon: 01[TNC]   80: DF CE B2 FB 44 16 FD 98 44 1D 79 1F 36 7A A5 67  ....D...D.y.6z.g

Nov 29 07:39:23 merthyr charon: 01[TNC]   96: 94 30 81 C8 38 A8 1A AD 99 55 0E 91 2F E4 36 62  .0..8....U../.6b

Nov 29 07:39:23 merthyr charon: 01[TNC]  112: FA C2 08 63 88 69 41 79 35 D4 64 8C 4C D4 CB E9  ...c.iAy5.d.L...

Nov 29 07:39:23 merthyr charon: 01[TNC]  128: 7B 5E CF 0A E0 E9 74 66 4C BB 06 3B F8 DE 96 2E  {^....tfL..;....

Nov 29 07:39:23 merthyr charon: 01[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Nov 29 07:39:23 merthyr charon: 01[ENC] generating IKE_AUTH request 9 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 01[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. DH Nonce Finish and Get TPM Version Info / AIK

<pre>

Nov 29 07:39:23 merthyr charon: 04[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 04[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 04[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:23 merthyr charon: 04[TNC] received TNCCS batch (172 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 04[TNC] => 172 bytes @ 0x826e866

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 02 80 00 02 00 00 00 AC 80 00 00 00 00 00 00 01  ................

Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 00 00 00 A4 00 00 55 97 00 00 00 01 FF FF 00 01  ......U.........

Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 01 00 00 00 83 45 BD D1 80 00 55 97 05 00 00 00  .....E....U.....

Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 00 00 00 64 00 14 80 00 B1 E2 2D 2D 11 80 E2 BC  ...d......--....

Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 83 5A 56 DC 1B 18 3F 91 3B 63 E0 E9 09 2A 67 0D  .ZV...?.;c...*g.

Nov 29 07:39:23 merthyr charon: 04[TNC]   80: AE FB D6 94 32 39 5A 2C D2 2C 58 2C 5F 3E B4 00  ....29Z,.,X,_>..

Nov 29 07:39:23 merthyr charon: 04[TNC]   96: 25 68 E8 EB 9E 46 93 B3 C7 AE 5C 57 26 92 D7 4E  %h...F....\W&..N

Nov 29 07:39:23 merthyr charon: 04[TNC]  112: F2 14 08 60 96 A4 74 78 46 C4 11 FB 33 64 F3 27  ...`..txF...3d.'

Nov 29 07:39:23 merthyr charon: 04[TNC]  128: 1D 62 3D C4 83 73 AE AE 8B 36 E4 F5 80 00 55 97  .b=..s...6....U.

Nov 29 07:39:23 merthyr charon: 04[TNC]  144: 08 00 00 00 00 00 00 10 00 00 00 00 80 00 55 97  ..............U.

Nov 29 07:39:23 merthyr charon: 04[TNC]  160: 0D 00 00 00 00 00 00 10 00 00 00 00              ............

Nov 29 07:39:23 merthyr charon: 04[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PB-TNC SDATA batch

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PB-PA message (164 bytes)

Nov 29 07:39:23 merthyr charon: 04[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

</pre

<pre>

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC message with ID 0x8345bdd1

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 88 bytes @ 0x826a928

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 14 80 00 B1 E2 2D 2D 11 80 E2 BC 83 5A 56 DC  ......--.....ZV.

Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 1B 18 3F 91 3B 63 E0 E9 09 2A 67 0D AE FB D6 94  ..?.;c...*g.....

Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 32 39 5A 2C D2 2C 58 2C 5F 3E B4 00 25 68 E8 EB  29Z,.,X,_>..%h..

Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 9E 46 93 B3 C7 AE 5C 57 26 92 D7 4E F2 14 08 60  .F....\W&..N...`

Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 96 A4 74 78 46 C4 11 FB 33 64 F3 27 1D 62 3D C4  ..txF...3d.'.b=.

Nov 29 07:39:23 merthyr charon: 04[TNC]   80: 83 73 AE AE 8B 36 E4 F5                          .s...6..

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 4 bytes @ 0x826a98c

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 00 00 00                                      ....

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 4 bytes @ 0x826a99c

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 00 00 00                                      ....

</pre>

<pre>

Nov 29 07:39:23 merthyr charon: 04[PTS] selected DH hash algorithm is HASH_SHA1

Nov 29 07:39:23 merthyr charon: 04[PTS] initiator nonce: => 20 bytes @ 0x82594a4

Nov 29 07:39:23 merthyr charon: 04[PTS]    0: 46 C4 11 FB 33 64 F3 27 1D 62 3D C4 83 73 AE AE  F...3d.'.b=..s..

Nov 29 07:39:23 merthyr charon: 04[PTS]   16: 8B 36 E4 F5                                      .6..

Nov 29 07:39:23 merthyr charon: 04[PTS] responder nonce: => 20 bytes @ 0x8266a7c

Nov 29 07:39:23 merthyr charon: 04[PTS]    0: AA B1 9A 5C 9B 47 D0 0D EF 3B F4 48 7A 55 EF DA  ...\.G...;.HzU..

Nov 29 07:39:23 merthyr charon: 04[PTS]   16: 89 55 D3 74                                      .U.t

Nov 29 07:39:23 merthyr charon: 04[PTS] shared DH secret: => 32 bytes @ 0x826c8e4

Nov 29 07:39:23 merthyr charon: 04[PTS]    0: 61 E8 7D D7 8C C8 DF 4E 5C 5A B7 48 75 38 0C B8  a.}....N\Z.Hu8..

Nov 29 07:39:23 merthyr charon: 04[PTS]   16: 2D 23 08 8E E2 D5 B9 25 04 F8 03 BA 35 9F 3A 52  -#.....%....5.:R

Nov 29 07:39:23 merthyr charon: 04[PTS] secret assessment value: => 20 bytes @ 0x8266ea4

Nov 29 07:39:23 merthyr charon: 04[PTS]    0: E1 1B 01 B4 FF 2B 56 83 24 AD AD AD 8B 7B 36 B7  .....+V.$....{6.

Nov 29 07:39:23 merthyr charon: 04[PTS]   16: FF CA D9 59                                      ...Y

</pre>

<pre>

Nov 29 07:39:23 merthyr charon: 04[PTS] TPM 1.2 Version Info: Chip Version: 1.2.1.2, Spec Level: 2, Errata Rev: 0, Vendor ID: IFX

</pre>

<pre>

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PA-TNC message with ID 0x1e82d806

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 15 bytes @ 0x826a9ec

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 30 01 02 01 02 00 02 00 49 46 58 00 00 00     .0.......IFX...

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 1334 bytes @ 0x826e274

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 30 82 05 31 30 82 04 19 A0 03 02 01 02 02 10  .0..10..........

Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 15 C8 E6 07 AD F7 B6 3C 0A F2 87 51 0C 34 F7 BA  .......<...Q.4..

Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30  0...*.H........0

Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 4D 31 16 30 14 06 03 55 04 0A 13 0D 70 72 69 76  M1.0...U....priv

Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 61 63 79 63 61 2E 63 6F 6D 31 33 30 31 06 03 55  acyca.com1301..U

Nov 29 07:39:23 merthyr charon: 04[TNC]   80: 04 03 13 2A 50 72 69 76 61 63 79 20 43 41 20 45  ...*Privacy CA E

Nov 29 07:39:23 merthyr charon: 04[TNC]   96: 4B 2D 43 65 72 74 2D 43 68 65 63 6B 65 64 20 41  K-Cert-Checked A

Nov 29 07:39:23 merthyr charon: 04[TNC]  112: 49 4B 20 43 65 72 74 69 66 69 63 61 74 65 30 1E  IK Certificate0.

Nov 29 07:39:23 merthyr charon: 04[TNC]  128: 17 0D 31 31 31 31 30 32 30 37 35 30 35 31 5A 17  ..111102075051Z.

Nov 29 07:39:23 merthyr charon: 04[TNC]  144: 0D 31 32 31 31 30 32 30 37 35 30 35 31 5A 30 00  .121102075051Z0.

Nov 29 07:39:23 merthyr charon: 04[TNC]  160: 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01  0.."0...*.H.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  176: 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01  ........0.......

Nov 29 07:39:23 merthyr charon: 04[TNC]  192: 00 E9 1C 5F 57 5B 73 5F 35 15 BD AF 29 89 13 F1  ..._W[s_5...)...

Nov 29 07:39:23 merthyr charon: 04[TNC]  208: F9 8D 83 62 6C 73 C0 5F 8B 90 5A B8 1A 72 B9 D2  ...bls._..Z..r..

Nov 29 07:39:23 merthyr charon: 04[TNC]  224: 51 F8 DC 24 CF 0D 9E E2 0B F8 8D 11 CD B2 E5 6B  Q..$...........k

Nov 29 07:39:23 merthyr charon: 04[TNC]  240: CB C2 AB FA BD F4 74 D2 25 B3 AE CE 47 66 58 A6  ......t.%...GfX.

Nov 29 07:39:23 merthyr charon: 04[TNC]  256: 65 A4 CA 36 24 1E 6E 22 A4 9F 88 C5 63 78 AD 53  e..6$.n"....cx.S

Nov 29 07:39:23 merthyr charon: 04[TNC]  272: 33 90 22 91 6F 83 8F 2A A8 98 0C 15 3E 89 19 48  3.".o..*....>..H

Nov 29 07:39:23 merthyr charon: 04[TNC]  288: 63 BE 4C 35 02 F4 03 7E 10 8E 4D DB 5A D1 63 9A  c.L5...~..M.Z.c.

Nov 29 07:39:23 merthyr charon: 04[TNC]  304: 3C D9 63 F5 7B C6 73 0F 23 05 B6 00 30 3B 34 6C  <.c.{.s.#...0;4l

Nov 29 07:39:23 merthyr charon: 04[TNC]  320: 3C 10 A9 A5 4A 79 2E 62 88 E3 CC 7F 7B A7 5A E3  <...Jy.b....{.Z.

Nov 29 07:39:23 merthyr charon: 04[TNC]  336: 6F 13 7A BD BF 86 1D 3C E3 12 3A 8C 0E 7D 47 55  o.z....<..:..}GU

Nov 29 07:39:23 merthyr charon: 04[TNC]  352: C6 76 A9 D3 61 16 22 8A 32 C5 E7 CD 17 DB 5F A1  .v..a.".2....._.

Nov 29 07:39:23 merthyr charon: 04[TNC]  368: 67 CC 1D F5 D9 25 51 01 33 1E 05 45 85 53 2E 2C  g....%Q.3..E.S.,

Nov 29 07:39:23 merthyr charon: 04[TNC]  384: 2B 1D 59 E5 FE C2 61 26 36 12 05 F2 5C 95 F8 70  +.Y...a&6...\..p

Nov 29 07:39:23 merthyr charon: 04[TNC]  400: E6 6A DB BF 30 1E 46 05 E6 0E 94 3C 0C C6 1C 96  .j..0.F....<....

Nov 29 07:39:23 merthyr charon: 04[TNC]  416: B4 59 AC 5C 63 15 8C 77 E8 45 91 6B 8B B1 0D DB  .Y.\c..w.E.k....

Nov 29 07:39:23 merthyr charon: 04[TNC]  432: 26 3C E5 34 1C E8 B9 B5 6E 7F 9B 6E 7D 24 82 6E  &<.4....n..n}$.n

Nov 29 07:39:23 merthyr charon: 04[TNC]  448: 2B 02 03 01 00 01 A3 82 02 58 30 82 02 54 30 81  +........X0..T0.

Nov 29 07:39:23 merthyr charon: 04[TNC]  464: 93 06 03 55 1D 09 04 81 8B 30 81 88 30 3A 06 03  ...U.....0..0:..

Nov 29 07:39:23 merthyr charon: 04[TNC]  480: 55 04 34 31 33 30 0B 30 09 06 05 2B 0E 03 02 1A  U.4130.0...+....

Nov 29 07:39:23 merthyr charon: 04[TNC]  496: 05 00 30 24 30 22 06 09 2A 86 48 86 F7 0D 01 01  ..0$0"..*.H.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  512: 07 30 15 A2 13 30 11 06 09 2A 86 48 86 F7 0D 01  .0...0...*.H....

Nov 29 07:39:23 merthyr charon: 04[TNC]  528: 01 09 04 04 54 43 50 41 30 16 06 05 67 81 05 02  ....TCPA0...g...

Nov 29 07:39:23 merthyr charon: 04[TNC]  544: 10 31 0D 30 0B 0C 03 31 2E 32 02 01 02 02 01 00  .1.0...1.2......

Nov 29 07:39:23 merthyr charon: 04[TNC]  560: 30 32 06 05 67 81 05 02 12 31 29 30 27 01 01 FF  02..g....1)0'...

Nov 29 07:39:23 merthyr charon: 04[TNC]  576: A0 03 0A 01 01 A1 03 0A 01 00 A2 03 0A 01 00 A3  ................

Nov 29 07:39:23 merthyr charon: 04[TNC]  592: 10 30 0E 16 03 33 2E 30 0A 01 04 0A 01 00 01 01  .0...3.0........

Nov 29 07:39:23 merthyr charon: 04[TNC]  608: FF 01 01 FF 30 62 06 03 55 1D 11 01 01 FF 04 58  ....0b..U......X

Nov 29 07:39:23 merthyr charon: 04[TNC]  624: 30 56 A4 47 30 45 31 16 30 14 06 05 67 81 05 02  0V.G0E1.0...g...

Nov 29 07:39:23 merthyr charon: 04[TNC]  640: 01 0C 0B 69 64 3A 34 39 34 36 35 38 30 30 31 17  ...id:494658001.

Nov 29 07:39:23 merthyr charon: 04[TNC]  656: 30 15 06 05 67 81 05 02 02 0C 0C 53 4C 42 39 36  0...g......SLB96

Nov 29 07:39:23 merthyr charon: 04[TNC]  672: 33 35 54 54 31 2E 32 31 12 30 10 06 05 67 81 05  35TT1.21.0...g..

Nov 29 07:39:23 merthyr charon: 04[TNC]  688: 02 03 0C 07 69 64 3A 30 31 30 32 A0 0B 06 05 67  ....id:0102....g

Nov 29 07:39:23 merthyr charon: 04[TNC]  704: 81 05 02 0F A0 02 0C 00 30 0C 06 03 55 1D 13 01  ........0...U...

Nov 29 07:39:23 merthyr charon: 04[TNC]  720: 01 FF 04 02 30 00 30 82 01 27 06 03 55 1D 20 01  ....0.0..'..U. .

Nov 29 07:39:23 merthyr charon: 04[TNC]  736: 01 FF 04 82 01 1B 30 82 01 17 30 67 06 0A 2B 06  ......0...0g..+.

Nov 29 07:39:23 merthyr charon: 04[TNC]  752: 01 04 01 81 E3 42 01 11 30 59 30 29 06 08 2B 06  .....B..0Y0)..+.

Nov 29 07:39:23 merthyr charon: 04[TNC]  768: 01 05 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 77  ........http://w

Nov 29 07:39:23 merthyr charon: 04[TNC]  784: 77 77 2E 70 72 69 76 61 63 79 63 61 2E 63 6F 6D  ww.privacyca.com

Nov 29 07:39:23 merthyr charon: 04[TNC]  800: 2F 63 70 73 2F 30 2C 06 08 2B 06 01 05 05 07 02  /cps/0,..+......

Nov 29 07:39:23 merthyr charon: 04[TNC]  816: 02 30 20 0C 1E 54 43 50 41 20 54 72 75 73 74 65  .0 ..TCPA Truste

Nov 29 07:39:23 merthyr charon: 04[TNC]  832: 64 20 50 6C 61 74 66 6F 72 6D 20 49 64 65 6E 74  d Platform Ident

Nov 29 07:39:23 merthyr charon: 04[TNC]  848: 69 74 79 30 81 AB 06 0B 60 86 48 01 86 F8 45 01  ity0....`.H...E.

Nov 29 07:39:23 merthyr charon: 04[TNC]  864: 07 2F 01 30 81 9B 30 39 06 08 2B 06 01 05 05 07  ./.0..09..+.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  880: 02 01 16 2D 68 74 74 70 3A 2F 2F 77 77 77 2E 76  ...-http://www.v

Nov 29 07:39:23 merthyr charon: 04[TNC]  896: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 6F  erisign.com/repo

Nov 29 07:39:23 merthyr charon: 04[TNC]  912: 73 69 74 6F 72 79 2F 69 6E 64 65 78 2E 68 74 6D  sitory/index.htm

Nov 29 07:39:23 merthyr charon: 04[TNC]  928: 6C 30 5E 06 08 2B 06 01 05 05 07 02 02 30 52 1E  l0^..+.......0R.

Nov 29 07:39:23 merthyr charon: 04[TNC]  944: 50 00 54 00 43 00 50 00 41 00 20 00 54 00 72 00  P.T.C.P.A. .T.r.

Nov 29 07:39:23 merthyr charon: 04[TNC]  960: 75 00 73 00 74 00 65 00 64 00 20 00 50 00 6C 00  u.s.t.e.d. .P.l.

Nov 29 07:39:23 merthyr charon: 04[TNC]  976: 61 00 74 00 66 00 6F 00 72 00 6D 00 20 00 4D 00  a.t.f.o.r.m. .M.

Nov 29 07:39:23 merthyr charon: 04[TNC]  992: 6F 00 64 00 75 00 6C 00 65 00 20 00 45 00 6E 00  o.d.u.l.e. .E.n.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1008: 64 00 6F 00 72 00 73 00 65 00 6D 00 65 00 6E 00  d.o.r.s.e.m.e.n.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1024: 74 30 1F 06 03 55 1D 23 04 18 30 16 80 14 66 FF  t0...U.#..0...f.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1040: 3C C0 41 02 0A 60 27 4C BE 29 81 F0 58 DC B2 A3  <.A..`'L.)..X...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1056: 3E A2 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05  >.0...*.H.......

Nov 29 07:39:23 merthyr charon: 04[TNC] 1072: 00 03 82 01 01 00 78 17 95 B0 D1 B5 99 AE 90 DF  ......x.........

Nov 29 07:39:23 merthyr charon: 04[TNC] 1088: 4A AA 02 38 60 9A 05 7A 53 08 00 E9 4B F8 0F 01  J..8`..zS...K...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1104: A7 26 B7 54 B0 8E F8 9C 64 B1 CE 9B D1 F5 D6 C2  .&.T....d.......

Nov 29 07:39:23 merthyr charon: 04[TNC] 1120: 3C 4A 20 56 FC 64 B0 21 58 B9 7B 5B FB 65 0C 2A  <J V.d.!X.{[.e.*

Nov 29 07:39:23 merthyr charon: 04[TNC] 1136: BE 0A 64 92 DC 60 EE 3A 6F E9 89 E3 2C 59 D8 DB  ..d..`.:o...,Y..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1152: E5 97 6B 97 EE D3 D5 E1 01 A8 80 2A 56 7A 4F 36  ..k........*VzO6

Nov 29 07:39:23 merthyr charon: 04[TNC] 1168: 2B F8 2B 84 91 A1 0A 16 00 B3 4E BE 1D BE 6F C3  +.+.......N...o.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1184: 6C 5F ED A9 61 43 54 84 8D E8 E2 9C 08 5D 01 D2  l_..aCT......]..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1200: FC E0 0E CB 2B 00 BF CE 42 B2 68 B2 E2 79 9D 26  ....+...B.h..y.&

Nov 29 07:39:23 merthyr charon: 04[TNC] 1216: CC FE C4 25 D6 6A AB 16 CA 39 FE 55 E5 EA AC 43  ...%.j...9.U...C

Nov 29 07:39:23 merthyr charon: 04[TNC] 1232: D8 B1 C5 CE 94 03 FB 5F E9 88 A1 64 64 C1 53 8A  ......._...dd.S.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1248: 6C 80 D1 9C B6 AC 83 FA 6F E4 B6 67 55 85 06 D2  l.......o..gU...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1264: 86 49 0E 97 7B 23 1D 8B 60 6B FD 98 29 47 99 D3  .I..{#..`k..)G..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1280: A8 69 5D 71 E2 0E 3F 12 D4 82 FC 66 3B 72 24 06  .i]q..?....f;r$.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1296: 99 77 EF 28 92 FD E0 03 3B 95 21 C0 1C EF BA 75  .w.(....;.!....u

Nov 29 07:39:23 merthyr charon: 04[TNC] 1312: B1 04 B6 1B 4A CE 59 66 D9 DF BE 2B 03 4A CD BB  ....J.Yf...+.J..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1328: 21 32 C4 E3 27 49                                !2..'I

</pre>

<pre>

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PB-TNC CDATA batch

Nov 29 07:39:23 merthyr charon: 04[TNC] adding PB-PA message

Nov 29 07:39:23 merthyr charon: 04[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Nov 29 07:39:23 merthyr charon: 04[TNC] sending PB-TNC CDATA batch (1413 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 04[TNC] => 1413 bytes @ 0x826f1c4

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 02 00 00 01 00 00 05 85 80 00 00 00 00 00 00 01  ................

Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 00 00 05 7D 00 00 55 97 00 00 00 01 00 01 FF FF  ...}..U.........

Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 01 00 00 00 1E 82 D8 06 00 00 55 97 09 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 00 00 00 1B 00 30 01 02 01 02 00 02 00 49 46 58  .....0.......IFX

Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 00 00 00 00 00 55 97 0E 00 00 00 00 00 05 42 00  .....U........B.

Nov 29 07:39:23 merthyr charon: 04[TNC]   80: 30 82 05 31 30 82 04 19 A0 03 02 01 02 02 10 15  0..10...........

Nov 29 07:39:23 merthyr charon: 04[TNC]   96: C8 E6 07 AD F7 B6 3C 0A F2 87 51 0C 34 F7 BA 30  ......<...Q.4..0

Nov 29 07:39:23 merthyr charon: 04[TNC]  112: 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 4D  ...*.H........0M

Nov 29 07:39:23 merthyr charon: 04[TNC]  128: 31 16 30 14 06 03 55 04 0A 13 0D 70 72 69 76 61  1.0...U....priva

Nov 29 07:39:23 merthyr charon: 04[TNC]  144: 63 79 63 61 2E 63 6F 6D 31 33 30 31 06 03 55 04  cyca.com1301..U.

Nov 29 07:39:23 merthyr charon: 04[TNC]  160: 03 13 2A 50 72 69 76 61 63 79 20 43 41 20 45 4B  ..*Privacy CA EK

Nov 29 07:39:23 merthyr charon: 04[TNC]  176: 2D 43 65 72 74 2D 43 68 65 63 6B 65 64 20 41 49  -Cert-Checked AI

Nov 29 07:39:23 merthyr charon: 04[TNC]  192: 4B 20 43 65 72 74 69 66 69 63 61 74 65 30 1E 17  K Certificate0..

Nov 29 07:39:23 merthyr charon: 04[TNC]  208: 0D 31 31 31 31 30 32 30 37 35 30 35 31 5A 17 0D  .111102075051Z..

Nov 29 07:39:23 merthyr charon: 04[TNC]  224: 31 32 31 31 30 32 30 37 35 30 35 31 5A 30 00 30  121102075051Z0.0

Nov 29 07:39:23 merthyr charon: 04[TNC]  240: 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01  .."0...*.H......

Nov 29 07:39:23 merthyr charon: 04[TNC]  256: 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00  .......0........

Nov 29 07:39:23 merthyr charon: 04[TNC]  272: E9 1C 5F 57 5B 73 5F 35 15 BD AF 29 89 13 F1 F9  .._W[s_5...)....

Nov 29 07:39:23 merthyr charon: 04[TNC]  288: 8D 83 62 6C 73 C0 5F 8B 90 5A B8 1A 72 B9 D2 51  ..bls._..Z..r..Q

Nov 29 07:39:23 merthyr charon: 04[TNC]  304: F8 DC 24 CF 0D 9E E2 0B F8 8D 11 CD B2 E5 6B CB  ..$...........k.

Nov 29 07:39:23 merthyr charon: 04[TNC]  320: C2 AB FA BD F4 74 D2 25 B3 AE CE 47 66 58 A6 65  .....t.%...GfX.e

Nov 29 07:39:23 merthyr charon: 04[TNC]  336: A4 CA 36 24 1E 6E 22 A4 9F 88 C5 63 78 AD 53 33  ..6$.n"....cx.S3

Nov 29 07:39:23 merthyr charon: 04[TNC]  352: 90 22 91 6F 83 8F 2A A8 98 0C 15 3E 89 19 48 63  .".o..*....>..Hc

Nov 29 07:39:23 merthyr charon: 04[TNC]  368: BE 4C 35 02 F4 03 7E 10 8E 4D DB 5A D1 63 9A 3C  .L5...~..M.Z.c.<

Nov 29 07:39:23 merthyr charon: 04[TNC]  384: D9 63 F5 7B C6 73 0F 23 05 B6 00 30 3B 34 6C 3C  .c.{.s.#...0;4l<

Nov 29 07:39:23 merthyr charon: 04[TNC]  400: 10 A9 A5 4A 79 2E 62 88 E3 CC 7F 7B A7 5A E3 6F  ...Jy.b....{.Z.o

Nov 29 07:39:23 merthyr charon: 04[TNC]  416: 13 7A BD BF 86 1D 3C E3 12 3A 8C 0E 7D 47 55 C6  .z....<..:..}GU.

Nov 29 07:39:23 merthyr charon: 04[TNC]  432: 76 A9 D3 61 16 22 8A 32 C5 E7 CD 17 DB 5F A1 67  v..a.".2....._.g

Nov 29 07:39:23 merthyr charon: 04[TNC]  448: CC 1D F5 D9 25 51 01 33 1E 05 45 85 53 2E 2C 2B  ....%Q.3..E.S.,+

Nov 29 07:39:23 merthyr charon: 04[TNC]  464: 1D 59 E5 FE C2 61 26 36 12 05 F2 5C 95 F8 70 E6  .Y...a&6...\..p.

Nov 29 07:39:23 merthyr charon: 04[TNC]  480: 6A DB BF 30 1E 46 05 E6 0E 94 3C 0C C6 1C 96 B4  j..0.F....<.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  496: 59 AC 5C 63 15 8C 77 E8 45 91 6B 8B B1 0D DB 26  Y.\c..w.E.k....&

Nov 29 07:39:23 merthyr charon: 04[TNC]  512: 3C E5 34 1C E8 B9 B5 6E 7F 9B 6E 7D 24 82 6E 2B  <.4....n..n}$.n+

Nov 29 07:39:23 merthyr charon: 04[TNC]  528: 02 03 01 00 01 A3 82 02 58 30 82 02 54 30 81 93  ........X0..T0..

Nov 29 07:39:23 merthyr charon: 04[TNC]  544: 06 03 55 1D 09 04 81 8B 30 81 88 30 3A 06 03 55  ..U.....0..0:..U

Nov 29 07:39:23 merthyr charon: 04[TNC]  560: 04 34 31 33 30 0B 30 09 06 05 2B 0E 03 02 1A 05  .4130.0...+.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  576: 00 30 24 30 22 06 09 2A 86 48 86 F7 0D 01 01 07  .0$0"..*.H......

Nov 29 07:39:23 merthyr charon: 04[TNC]  592: 30 15 A2 13 30 11 06 09 2A 86 48 86 F7 0D 01 01  0...0...*.H.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  608: 09 04 04 54 43 50 41 30 16 06 05 67 81 05 02 10  ...TCPA0...g....

Nov 29 07:39:23 merthyr charon: 04[TNC]  624: 31 0D 30 0B 0C 03 31 2E 32 02 01 02 02 01 00 30  1.0...1.2......0

Nov 29 07:39:23 merthyr charon: 04[TNC]  640: 32 06 05 67 81 05 02 12 31 29 30 27 01 01 FF A0  2..g....1)0'....

Nov 29 07:39:23 merthyr charon: 04[TNC]  656: 03 0A 01 01 A1 03 0A 01 00 A2 03 0A 01 00 A3 10  ................

Nov 29 07:39:23 merthyr charon: 04[TNC]  672: 30 0E 16 03 33 2E 30 0A 01 04 0A 01 00 01 01 FF  0...3.0.........

Nov 29 07:39:23 merthyr charon: 04[TNC]  688: 01 01 FF 30 62 06 03 55 1D 11 01 01 FF 04 58 30  ...0b..U......X0

Nov 29 07:39:23 merthyr charon: 04[TNC]  704: 56 A4 47 30 45 31 16 30 14 06 05 67 81 05 02 01  V.G0E1.0...g....

Nov 29 07:39:23 merthyr charon: 04[TNC]  720: 0C 0B 69 64 3A 34 39 34 36 35 38 30 30 31 17 30  ..id:494658001.0

Nov 29 07:39:23 merthyr charon: 04[TNC]  736: 15 06 05 67 81 05 02 02 0C 0C 53 4C 42 39 36 33  ...g......SLB963

Nov 29 07:39:23 merthyr charon: 04[TNC]  752: 35 54 54 31 2E 32 31 12 30 10 06 05 67 81 05 02  5TT1.21.0...g...

Nov 29 07:39:23 merthyr charon: 04[TNC]  768: 03 0C 07 69 64 3A 30 31 30 32 A0 0B 06 05 67 81  ...id:0102....g.

Nov 29 07:39:23 merthyr charon: 04[TNC]  784: 05 02 0F A0 02 0C 00 30 0C 06 03 55 1D 13 01 01  .......0...U....

Nov 29 07:39:23 merthyr charon: 04[TNC]  800: FF 04 02 30 00 30 82 01 27 06 03 55 1D 20 01 01  ...0.0..'..U. ..

Nov 29 07:39:23 merthyr charon: 04[TNC]  816: FF 04 82 01 1B 30 82 01 17 30 67 06 0A 2B 06 01  .....0...0g..+..

Nov 29 07:39:23 merthyr charon: 04[TNC]  832: 04 01 81 E3 42 01 11 30 59 30 29 06 08 2B 06 01  ....B..0Y0)..+..

Nov 29 07:39:23 merthyr charon: 04[TNC]  848: 05 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 77 77  .......http://ww

Nov 29 07:39:23 merthyr charon: 04[TNC]  864: 77 2E 70 72 69 76 61 63 79 63 61 2E 63 6F 6D 2F  w.privacyca.com/

Nov 29 07:39:23 merthyr charon: 04[TNC]  880: 63 70 73 2F 30 2C 06 08 2B 06 01 05 05 07 02 02  cps/0,..+.......

Nov 29 07:39:23 merthyr charon: 04[TNC]  896: 30 20 0C 1E 54 43 50 41 20 54 72 75 73 74 65 64  0 ..TCPA Trusted

Nov 29 07:39:23 merthyr charon: 04[TNC]  912: 20 50 6C 61 74 66 6F 72 6D 20 49 64 65 6E 74 69   Platform Identi

Nov 29 07:39:23 merthyr charon: 04[TNC]  928: 74 79 30 81 AB 06 0B 60 86 48 01 86 F8 45 01 07  ty0....`.H...E..

Nov 29 07:39:23 merthyr charon: 04[TNC]  944: 2F 01 30 81 9B 30 39 06 08 2B 06 01 05 05 07 02  /.0..09..+......

Nov 29 07:39:23 merthyr charon: 04[TNC]  960: 01 16 2D 68 74 74 70 3A 2F 2F 77 77 77 2E 76 65  ..-http://www.ve

Nov 29 07:39:23 merthyr charon: 04[TNC]  976: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73  risign.com/repos

Nov 29 07:39:23 merthyr charon: 04[TNC]  992: 69 74 6F 72 79 2F 69 6E 64 65 78 2E 68 74 6D 6C  itory/index.html

Nov 29 07:39:23 merthyr charon: 04[TNC] 1008: 30 5E 06 08 2B 06 01 05 05 07 02 02 30 52 1E 50  0^..+.......0R.P

Nov 29 07:39:23 merthyr charon: 04[TNC] 1024: 00 54 00 43 00 50 00 41 00 20 00 54 00 72 00 75  .T.C.P.A. .T.r.u

Nov 29 07:39:23 merthyr charon: 04[TNC] 1040: 00 73 00 74 00 65 00 64 00 20 00 50 00 6C 00 61  .s.t.e.d. .P.l.a

Nov 29 07:39:23 merthyr charon: 04[TNC] 1056: 00 74 00 66 00 6F 00 72 00 6D 00 20 00 4D 00 6F  .t.f.o.r.m. .M.o

Nov 29 07:39:23 merthyr charon: 04[TNC] 1072: 00 64 00 75 00 6C 00 65 00 20 00 45 00 6E 00 64  .d.u.l.e. .E.n.d

Nov 29 07:39:23 merthyr charon: 04[TNC] 1088: 00 6F 00 72 00 73 00 65 00 6D 00 65 00 6E 00 74  .o.r.s.e.m.e.n.t

Nov 29 07:39:23 merthyr charon: 04[TNC] 1104: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 66 FF 3C  0...U.#..0...f.<

Nov 29 07:39:23 merthyr charon: 04[TNC] 1120: C0 41 02 0A 60 27 4C BE 29 81 F0 58 DC B2 A3 3E  .A..`'L.)..X...>

Nov 29 07:39:23 merthyr charon: 04[TNC] 1136: A2 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00  .0...*.H........

Nov 29 07:39:23 merthyr charon: 04[TNC] 1152: 03 82 01 01 00 78 17 95 B0 D1 B5 99 AE 90 DF 4A  .....x.........J

Nov 29 07:39:23 merthyr charon: 04[TNC] 1168: AA 02 38 60 9A 05 7A 53 08 00 E9 4B F8 0F 01 A7  ..8`..zS...K....

Nov 29 07:39:23 merthyr charon: 04[TNC] 1184: 26 B7 54 B0 8E F8 9C 64 B1 CE 9B D1 F5 D6 C2 3C  &.T....d.......<

Nov 29 07:39:23 merthyr charon: 04[TNC] 1200: 4A 20 56 FC 64 B0 21 58 B9 7B 5B FB 65 0C 2A BE  J V.d.!X.{[.e.*.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1216: 0A 64 92 DC 60 EE 3A 6F E9 89 E3 2C 59 D8 DB E5  .d..`.:o...,Y...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1232: 97 6B 97 EE D3 D5 E1 01 A8 80 2A 56 7A 4F 36 2B  .k........*VzO6+

Nov 29 07:39:23 merthyr charon: 04[TNC] 1248: F8 2B 84 91 A1 0A 16 00 B3 4E BE 1D BE 6F C3 6C  .+.......N...o.l

Nov 29 07:39:23 merthyr charon: 04[TNC] 1264: 5F ED A9 61 43 54 84 8D E8 E2 9C 08 5D 01 D2 FC  _..aCT......]...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1280: E0 0E CB 2B 00 BF CE 42 B2 68 B2 E2 79 9D 26 CC  ...+...B.h..y.&.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1296: FE C4 25 D6 6A AB 16 CA 39 FE 55 E5 EA AC 43 D8  ..%.j...9.U...C.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1312: B1 C5 CE 94 03 FB 5F E9 88 A1 64 64 C1 53 8A 6C  ......_...dd.S.l

Nov 29 07:39:23 merthyr charon: 04[TNC] 1328: 80 D1 9C B6 AC 83 FA 6F E4 B6 67 55 85 06 D2 86  .......o..gU....

Nov 29 07:39:23 merthyr charon: 04[TNC] 1344: 49 0E 97 7B 23 1D 8B 60 6B FD 98 29 47 99 D3 A8  I..{#..`k..)G...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1360: 69 5D 71 E2 0E 3F 12 D4 82 FC 66 3B 72 24 06 99  i]q..?....f;r$..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1376: 77 EF 28 92 FD E0 03 3B 95 21 C0 1C EF BA 75 B1  w.(....;.!....u.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1392: 04 B6 1B 4A CE 59 66 D9 DF BE 2B 03 4A CD BB 21  ...J.Yf...+.J..!

Nov 29 07:39:23 merthyr charon: 04[TNC] 1408: 32 C4 E3 27 49                                   2..'I

Nov 29 07:39:23 merthyr charon: 04[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Nov 29 07:39:23 merthyr charon: 04[ENC] generating IKE_AUTH request 10 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 04[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>