strongSwan

h1. TNC Client with PTS-IMC

This HOWTO explains in a step-for-step fashion how a strongSwan IPsec client with integrated TNC client functionality and an attached Platform Trust Service Integrity Measurement Collector (PTS-IMC) can provide remote attestation measurement data to a TNC server via the IKEv2 EAP-TTLS protocol. 

{{>toc}}

h2. Installation and Configuration

The following steps describe the installation of the strongSwan software

<pre>

  wget http://download.strongswan.org/strongswan-4.6.2dr1.tar.bz2

  tar xjf strongswan-4.6.2dr1.tar.bz2

  cd strongswan-4.6.2dr1

  ./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-openssl --enable-curl

              --enable-eap --enable-eap-identity --enable-eap-md5 --enable-eap-ttls

              --enable-eap-tnc  --enable-tnccs-20 --enable-tnc-imc --enable-imc-attestation

  make

  [sudo] make install 

</pre>

The connection between IPsec client *carol* and IPsec gateway *moon* is defined in the /etc/ipsec.conf file:

<pre>

# ipsec.conf - strongSwan IPsec configuration file

config setup

     charondebug="tnc 3, imc 3, pts 3"

conn home

     left=%any

     leftid=carol@strongswan.org

     leftauth=eap

     right=192.168.0.1

     rightid=@moon.strongswan.org

     rightsendcert=never

     rightsubnet=10.1.0.0/16

     auto=start

</pre>

The debug levels for the TNC, IMC, and PTS components are increased to 3, so that HEX dumps of PB-TNC (IF-TNCCS 2.0) messages and PA-TNC (IF-M) attributes will be included in the log file.

The IKEv2 client *carol* is going to use EAP-based authentication with the user credentials being stored in the /etc/ipsec.secrets file:

<pre>

# /etc/ipsec.secrets - strongSwan IPsec secrets file

carol@strongswan.org : EAP "Ar3etTnp"

</pre>

The following IKEv2 charon and Attestation IMC options are defined in the /etc/strongswan.conf file

<pre>

# strongswan.conf - strongSwan configuration file

charon {

  load = sha1 random gmp pkcs1 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke

  plugins {

    eap-tnc {

      protocol = tnccs-2.0

    }

    tnc-imc {

      preferred_language = en

    }

  }

}

libimcv {

  plugins {

    imc-attestation {

      aik_cert = /home/andi/privacyca/AIK_3_Cert.der

      aik_blob = /home/andi/privacyca/AIK_3_Blob.bin

      pcr17_meas   = d537d437f058136eb3d7be517dbe7647b623c619 

      pcr17_before = 1717171717171717171717171717171717171717 

      pcr17_after  = ffffffffffffffffffffffffffffffffffffffff 

      pcr18_meas   = 160d2b04d11eb225fb148615b699081869e15b6c 

      pcr18_before = 1818181818181818181818181818181818181818 

      pcr18_after  = ffffffffffffffffffffffffffffffffffffffff 

    }

  }

}

</pre>

h2. IKEv2 Negotiation

h3. Startup and Initialization

The command

<pre>

ipsec start

</pre>

starts the TNC-enabled IPsec client:

<pre>

Nov 29 07:39:21 merthyr charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.2dr1)

Nov 29 07:39:21 merthyr charon: 00[KNL] listening on interfaces:

Nov 29 07:39:21 merthyr charon: 00[KNL]   wlan0

Nov 29 07:39:21 merthyr charon: 00[KNL]     10.35.167.97

Nov 29 07:39:21 merthyr charon: 00[KNL]     fe80::221:6aff:fe06:cf4c

Nov 29 07:39:21 merthyr charon: 00[KNL]   umlbr0

Nov 29 07:39:21 merthyr charon: 00[KNL]     192.168.0.254

Nov 29 07:39:21 merthyr charon: 00[KNL]     fe80::103c:e8ff:fec0:db34

</pre>

The file /etc/tnc_config

<pre>

IMC configuration file for strongSwan client 

IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so

</pre>

defines which IMCs are loaded by the TNC client:

<pre>

Nov 29 07:39:21 merthyr charon: 00[TNC] loading IMCs from '/etc/tnc_config'

Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[sha1] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_2048[gmp] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_1536[gmp] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_1024[gmp] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available

Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available

Nov 29 07:39:21 merthyr charon: 00[TNC] added IETF attributes

Nov 29 07:39:21 merthyr charon: 00[TNC] added ITA-HSR attributes

Nov 29 07:39:21 merthyr charon: 00[LIB] libimcv initialized

Nov 29 07:39:21 merthyr charon: 00[IMC] IMC 1 "Attestation" initialized

Nov 29 07:39:21 merthyr charon: 00[TNC] added TCG attributes

Nov 29 07:39:21 merthyr charon: 00[PTS] added TCG functional component namespace

Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component namespace

Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'

Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'

Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'

Nov 29 07:39:21 merthyr charon: 00[LIB] libpts initialized

Nov 29 07:39:21 merthyr charon: 00[IMC] IMC 1 "Attestation" provided with bind function

Nov 29 07:39:21 merthyr charon: 00[TNC] IMC 1 supports 1 message type: 0x00559701

Nov 29 07:39:21 merthyr charon: 00[TNC] IMC 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'

</pre>

Next the IKEv2 credentials and all necessary plugins are loaded

<pre>

Nov 29 07:39:21 merthyr charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'

Nov 29 07:39:21 merthyr charon: 00[CFG]   loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'

Nov 29 07:39:21 merthyr charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'

Nov 29 07:39:21 merthyr charon: 00[CFG]   loaded EAP secret for carol@strongswan.org

Nov 29 07:39:21 merthyr charon: 00[DMN] loaded plugins: sha1 random gmp pkcs1 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke 

Nov 29 07:39:21 merthyr charon: 00[JOB] spawning 16 worker threads

</pre>

h3. IKEv2 Exchanges 

Due to auto=start the IKEv2 negotiation automatically starts with the IKE_SA_INIT exchange

<pre>

Nov 29 07:39:22 merthyr charon: 04[CFG] received stroke: add connection 'home'

Nov 29 07:39:22 merthyr charon: 04[CFG] left nor right host is our side, assuming left=local

Nov 29 07:39:22 merthyr charon: 04[CFG] added configuration 'home'

Nov 29 07:39:22 merthyr charon: 04[CFG] received stroke: initiate 'home'

Nov 29 07:39:22 merthyr charon: 04[IKE] initiating IKE_SA home[1] to 192.168.0.1

Nov 29 07:39:22 merthyr charon: 04[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]

Nov 29 07:39:22 merthyr charon: 04[NET] sending packet: from 192.168.0.254[500] to 192.168.0.1[500]

Nov 29 07:39:22 merthyr charon: 06[NET] received packet: from 192.168.0.1[500] to 192.168.0.254[500]

Nov 29 07:39:22 merthyr charon: 06[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]

</pre>

followed by the IKE_AUTH exchange where the IKEv2 gateway proposes a mutual IKEv2 EAP-TTLS only authentication:

<pre>

Nov 29 07:39:22 merthyr charon: 06[IKE] establishing CHILD_SA home

Nov 29 07:39:22 merthyr charon: 06[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(EAP_ONLY) ]

Nov 29 07:39:22 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:22 merthyr charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:22 merthyr charon: 10[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]

Nov 29 07:39:22 merthyr charon: 10[IKE] server requested EAP_TTLS authentication (id 0xA8)

Nov 29 07:39:22 merthyr charon: 10[TLS] EAP_TTLS version is v0

Nov 29 07:39:22 merthyr charon: 10[IKE] allow mutual EAP-only authentication

</pre>

h3. IKEv2 EAP-TTLS Tunnel

The IKEv2 EAP-TTLS tunnel is set up with certificate-based server authentication

<pre>

Nov 29 07:39:22 merthyr charon: 10[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ]

Nov 29 07:39:22 merthyr charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:22 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:22 merthyr charon: 05[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ]

Nov 29 07:39:22 merthyr charon: 05[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ]

Nov 29 07:39:22 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:22 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:22 merthyr charon: 15[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ]

Nov 29 07:39:22 merthyr charon: 15[TLS] negotiated TLS version TLS 1.2 with suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Nov 29 07:39:22 merthyr charon: 15[TLS] received TLS server certificate 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org'

Nov 29 07:39:22 merthyr charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"

Nov 29 07:39:22 merthyr charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

Nov 29 07:39:22 merthyr charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"

Nov 29 07:39:22 merthyr charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan.crl' ...

Nov 29 07:39:22 merthyr charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

Nov 29 07:39:22 merthyr charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

Nov 29 07:39:22 merthyr charon: 15[CFG]   crl is valid: until Dec 02 09:19:24 2011

Nov 29 07:39:22 merthyr charon: 15[CFG] certificate status is good

Nov 29 07:39:22 merthyr charon: 15[CFG]   reached self-signed root ca with a path length of 0

Nov 29 07:39:22 merthyr charon: 15[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ]

Nov 29 07:39:22 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Tunneled EAP-Identity

Via the IKEv2 EAP-TTLS tunnel the server requests the EAP client identity

<pre>

Nov 29 07:39:23 merthyr charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 14[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID]

Nov 29 07:39:23 merthyr charon: 14[IKE] server requested EAP_IDENTITY authentication (id 0x00)

Nov 29 07:39:23 merthyr charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID]

Nov 29 07:39:23 merthyr charon: 14[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Tunneled EAP-MD5 Client Authentication

Next follows an EAP-MD5 client authentication

<pre>

Nov 29 07:39:23 merthyr charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 03[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/MD5]

Nov 29 07:39:23 merthyr charon: 03[IKE] server requested EAP_MD5 authentication (id 0x36)

Nov 29 07:39:23 merthyr charon: 03[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/MD5]

Nov 29 07:39:23 merthyr charon: 03[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Tunneled EAP-TNC Transport

Now the EAP-TNC transport protocol connecting the TNC client with the TNC server is started:

<pre>

Nov 29 07:39:23 merthyr charon: 02[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 02[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 02[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:23 merthyr charon: 02[IKE] server requested EAP_TNC authentication (id 0x84)

Nov 29 07:39:23 merthyr charon: 02[TLS] EAP_TNC version is v1

</pre>

h2. PB-TNC/IF-TNCCS 2.0 Connection

A new TNCCS connection is instantiated on the TNC client and its IF-TNCCS 2.0 state machine is set to the Init state.

!IF-TNCCS-20-State-Diagram.png!

A first PB-TNC CDATA (IF-TNCCS 2.0 ClientData) batch is prepared and a PB-Language-Preference message for Englisch (en) is added: 

<pre>

Nov 29 07:39:23 merthyr charon: 02[TNC] assigned TNCCS Connection ID 1

Nov 29 07:39:23 merthyr charon: 02[TNC] creating PB-TNC CDATA batch

Nov 29 07:39:23 merthyr charon: 02[TNC] adding PB-Language-Preference message

</pre>

An instance of the Attestation PTS-IMC is created which in a first step determines the client operating systen

<pre>

Nov 29 07:39:23 merthyr charon: 02[PTS] platform is 'Ubuntu 11.10 i686'

</pre>

and then loads the AIK certificate and the matching AIK private key, the latter in the form of a TPM-encrypted binary blob

<pre>

Nov 29 07:39:23 merthyr charon: 02[PTS] loaded AIK certificate from '/home/andi/privacyca/AIK_3_Cert.der'

Nov 29 07:39:23 merthyr charon: 02[PTS] loaded AIK Blob from '/home/andi/privacyca/AIK_3_Blob.bin'

Nov 29 07:39:23 merthyr charon: 02[PTS] AIK Blob: => 559 bytes @ 0x8266b24

Nov 29 07:39:23 merthyr charon: 02[PTS]    0: 01 01 00 00 00 12 00 00 00 04 00 00 00 00 01 00  ................

Nov 29 07:39:23 merthyr charon: 02[PTS]   16: 01 00 02 00 00 00 0C 00 00 08 00 00 00 00 02 00  ................

Nov 29 07:39:23 merthyr charon: 02[PTS]   32: 00 00 00 00 00 00 00 00 00 01 00 E9 1C 5F 57 5B  ............._W[

Nov 29 07:39:23 merthyr charon: 02[PTS]   48: 73 5F 35 15 BD AF 29 89 13 F1 F9 8D 83 62 6C 73  s_5...)......bls

Nov 29 07:39:23 merthyr charon: 02[PTS]   64: C0 5F 8B 90 5A B8 1A 72 B9 D2 51 F8 DC 24 CF 0D  ._..Z..r..Q..$..

Nov 29 07:39:23 merthyr charon: 02[PTS]   80: 9E E2 0B F8 8D 11 CD B2 E5 6B CB C2 AB FA BD F4  .........k......

Nov 29 07:39:23 merthyr charon: 02[PTS]   96: 74 D2 25 B3 AE CE 47 66 58 A6 65 A4 CA 36 24 1E  t.%...GfX.e..6$.

Nov 29 07:39:23 merthyr charon: 02[PTS]  112: 6E 22 A4 9F 88 C5 63 78 AD 53 33 90 22 91 6F 83  n"....cx.S3.".o.

Nov 29 07:39:23 merthyr charon: 02[PTS]  128: 8F 2A A8 98 0C 15 3E 89 19 48 63 BE 4C 35 02 F4  .*....>..Hc.L5..

Nov 29 07:39:23 merthyr charon: 02[PTS]  144: 03 7E 10 8E 4D DB 5A D1 63 9A 3C D9 63 F5 7B C6  .~..M.Z.c.<.c.{.

Nov 29 07:39:23 merthyr charon: 02[PTS]  160: 73 0F 23 05 B6 00 30 3B 34 6C 3C 10 A9 A5 4A 79  s.#...0;4l<...Jy

Nov 29 07:39:23 merthyr charon: 02[PTS]  176: 2E 62 88 E3 CC 7F 7B A7 5A E3 6F 13 7A BD BF 86  .b....{.Z.o.z...

Nov 29 07:39:23 merthyr charon: 02[PTS]  192: 1D 3C E3 12 3A 8C 0E 7D 47 55 C6 76 A9 D3 61 16  .<..:..}GU.v..a.

Nov 29 07:39:23 merthyr charon: 02[PTS]  208: 22 8A 32 C5 E7 CD 17 DB 5F A1 67 CC 1D F5 D9 25  ".2....._.g....%

Nov 29 07:39:23 merthyr charon: 02[PTS]  224: 51 01 33 1E 05 45 85 53 2E 2C 2B 1D 59 E5 FE C2  Q.3..E.S.,+.Y...

Nov 29 07:39:23 merthyr charon: 02[PTS]  240: 61 26 36 12 05 F2 5C 95 F8 70 E6 6A DB BF 30 1E  a&6...\..p.j..0.

Nov 29 07:39:23 merthyr charon: 02[PTS]  256: 46 05 E6 0E 94 3C 0C C6 1C 96 B4 59 AC 5C 63 15  F....<.....Y.\c.

Nov 29 07:39:23 merthyr charon: 02[PTS]  272: 8C 77 E8 45 91 6B 8B B1 0D DB 26 3C E5 34 1C E8  .w.E.k....&<.4..

Nov 29 07:39:23 merthyr charon: 02[PTS]  288: B9 B5 6E 7F 9B 6E 7D 24 82 6E 2B 00 00 01 00 22  ..n..n}$.n+...."

Nov 29 07:39:23 merthyr charon: 02[PTS]  304: 35 22 CB 61 E6 28 B9 53 4A EB 52 10 A9 CD 5A 2A  5".a.(.SJ.R...Z*

Nov 29 07:39:23 merthyr charon: 02[PTS]  320: 23 3A DD 32 77 53 44 8D 94 40 7E 6A 28 83 9D 9D  #:.2wSD..@~j(...

Nov 29 07:39:23 merthyr charon: 02[PTS]  336: 1E 1B CE 7C CE D2 8A C9 04 BE 66 A5 A1 CA E3 03  ...|......f.....

Nov 29 07:39:23 merthyr charon: 02[PTS]  352: 7F 33 97 AD EF A8 E8 83 C9 65 CA 38 27 22 8A 26  .3.......e.8'".&

Nov 29 07:39:23 merthyr charon: 02[PTS]  368: 90 B1 1E B0 AE F6 B3 77 5E E3 C8 C2 C6 49 DC 74  .......w^....I.t

Nov 29 07:39:23 merthyr charon: 02[PTS]  384: EF 6E A4 31 DF 13 12 F0 4B 53 3D 85 5C 4F 98 C3  .n.1....KS=.\O..

Nov 29 07:39:23 merthyr charon: 02[PTS]  400: 32 7D 05 EB C1 D6 2A AC 6A 38 B8 C4 D4 B7 FE B7  2}....*.j8......

Nov 29 07:39:23 merthyr charon: 02[PTS]  416: 11 39 AD 14 39 EE C2 38 4D 31 86 D9 6F 10 85 90  .9..9..8M1..o...

Nov 29 07:39:23 merthyr charon: 02[PTS]  432: 07 43 AA DF AA 25 84 79 5D 01 7B 2B B1 DB 3D CA  .C...%.y].{+..=.

Nov 29 07:39:23 merthyr charon: 02[PTS]  448: 34 A5 94 B6 35 3B 87 EC 77 56 8E B4 13 DD 3F 25  4...5;..wV....?%

Nov 29 07:39:23 merthyr charon: 02[PTS]  464: 12 F9 97 CB 23 CF B8 AB D5 1C 2A D6 2D 13 85 3B  ....#.....*.-..;

Nov 29 07:39:23 merthyr charon: 02[PTS]  480: D3 77 48 B8 A4 C0 31 C6 68 C0 92 33 7C 5B AA 8E  .wH...1.h..3|[..

Nov 29 07:39:23 merthyr charon: 02[PTS]  496: A5 86 05 EF 99 0D CA 02 5F 96 9A 68 C3 DA A2 A8  ........_..h....

Nov 29 07:39:23 merthyr charon: 02[PTS]  512: B7 4C C6 EC 09 98 45 E7 E6 E5 DC A6 E3 B3 54 2A  .L....E.......T*

Nov 29 07:39:23 merthyr charon: 02[PTS]  528: F5 5A 94 78 3C 26 5B FD D0 01 4B A4 5D B2 C2 EC  .Z.x<&[...K.]...

Nov 29 07:39:23 merthyr charon: 02[PTS]  544: B6 56 A0 DB EC C8 BA 0D E9 56 EC F0 77 7A AB     .V.......V..wz.

Nov 29 07:39:23 merthyr charon: 02[IMC] IMC 1 "Attestation" created a state for Connection ID 1

</pre> 

Via the IF-IMC interface the PTS-IMC receives a 'Handshake' state change from the TNC client 

<pre>

Nov 29 07:39:23 merthyr charon: 02[IMC] IMC 1 "Attestation" changed state of Connection ID 1 to 'Handshake'

</pre>

The PTS-IMC generates a PA-TNC message of type TCG/PTS targeted at the remote PTS-IMV, containing a single PA-TNC attribute of type 'IETF/Product Information' with the client operating system information:

<pre>

Nov 29 07:39:23 merthyr charon: 02[TNC] creating PA-TNC message with ID 0x569e528e

Nov 29 07:39:23 merthyr charon: 02[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002

Nov 29 07:39:23 merthyr charon: 02[TNC] => 22 bytes @ 0x82452bc

Nov 29 07:39:23 merthyr charon: 02[TNC]    0: 00 00 00 00 00 55 62 75 6E 74 75 20 31 31 2E 31  .....Ubuntu 11.1

Nov 29 07:39:23 merthyr charon: 02[TNC]   16: 30 20 69 36 38 36                                0 i686

Nov 29 07:39:23 merthyr charon: 02[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01

Nov 29 07:39:23 merthyr charon: 02[TNC] adding PB-PA message

</pre>

The PA-TNC message is received by the TNC client via the IF-IMC SendMessage call and is inserted together with the

PB-Language-Preference message into the PB-TNC CDATA batch which is then sent via the IKEv2 EAP-TTLS tunnel to the TNC server.

<pre>

Nov 29 07:39:23 merthyr charon: 02[TNC] PB-TNC state transition from 'Init' to 'Server Working'

Nov 29 07:39:23 merthyr charon: 02[TNC] sending PB-TNC CDATA batch (105 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 02[TNC] => 105 bytes @ 0x82669a4

Nov 29 07:39:23 merthyr charon: 02[TNC]    0: 02 00 00 01 00 00 00 69 00 00 00 00 00 00 00 06  .......i........

Nov 29 07:39:23 merthyr charon: 02[TNC]   16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75  ....Accept-Langu

Nov 29 07:39:23 merthyr charon: 02[TNC]   32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00  age: en.........

Nov 29 07:39:23 merthyr charon: 02[TNC]   48: 00 00 42 00 00 55 97 00 00 00 01 00 01 FF FF 01  ..B..U..........

Nov 29 07:39:23 merthyr charon: 02[TNC]   64: 00 00 00 56 9E 52 8E 00 00 00 00 00 00 00 02 00  ...V.R..........

Nov 29 07:39:23 merthyr charon: 02[TNC]   80: 00 00 22 00 00 00 00 00 55 62 75 6E 74 75 20 31  ..".....Ubuntu 1

Nov 29 07:39:23 merthyr charon: 02[TNC]   96: 31 2E 31 30 20 69 36 38 36                       1.10 i686

Nov 29 07:39:23 merthyr charon: 02[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Nov 29 07:39:23 merthyr charon: 02[ENC] generating IKE_AUTH request 7 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 02[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. PTS Capability Discovery

As a response a PB-TNC SDATA (IF-TNCCS 2.0 ServerData) batch is received from the TNC server

<pre>

Nov 29 07:39:23 merthyr charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 13[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:23 merthyr charon: 13[TNC] received TNCCS batch (72 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 13[TNC] => 72 bytes @ 0x826212e

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 02 80 00 02 00 00 00 48 80 00 00 00 00 00 00 01  .......H........

Nov 29 07:39:23 merthyr charon: 13[TNC]   16: 00 00 00 40 00 00 55 97 00 00 00 01 FF FF 00 01  ...@..U.........

Nov 29 07:39:23 merthyr charon: 13[TNC]   32: 01 00 00 00 10 FB C9 31 80 00 55 97 01 00 00 00  .......1..U.....

Nov 29 07:39:23 merthyr charon: 13[TNC]   48: 00 00 00 10 00 00 00 0E 80 00 55 97 06 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 13[TNC]   64: 00 00 00 10 00 00 80 00                          ........

Nov 29 07:39:23 merthyr charon: 13[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PB-TNC SDATA batch

</pre>

containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:

<pre>

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PB-PA message (64 bytes)

Nov 29 07:39:23 merthyr charon: 13[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

</pre>

The PA-TNC message transferred via the IF-IMC interface to the PTS-IMC contains two PA-TNC attributes from the TCG/PTS namespace:

<pre>

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PA-TNC message with ID 0x10fbc931

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000

Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x8268da0

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 00 0E                                      ....

Nov 29 07:39:23 merthyr charon: 13[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000

Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x8268db0

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 80 00                                      ....

</pre>

namely the requests 'Request PTS Protocol Capabilities' and 'PTS Measurement Algorithm Request'. The PTS-IMV supports the Verification (V), DH Nonce Negotiation (D) and Trusted Platform Evidence (T) PTS protocol capabilities and the PTS-IMC does as well.

<pre>

Nov 29 07:39:23 merthyr charon: 13[PTS] supported PTS protocol capabilities: .VDT.

Nov 29 07:39:23 merthyr charon: 13[PTS] selected PTS measurement algorithm is HASH_SHA1

</pre>

The PTS-IMV proposes SHA-1 only for the PTS measurement algorithm which is accepted by the PTS-IMC. These two selections are sent back to the PTS-IMV in a PA-TNC message containing the TCG attributes 'PTS Protocol Capabilities' and 'PTS Measurement Algorithm":

<pre>

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PA-TNC message with ID 0x0ed3f1f3

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000

Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x8266b04

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 00 0E                                      ....

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000

Nov 29 07:39:23 merthyr charon: 13[TNC] => 4 bytes @ 0x825f17c

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 00 00 80 00                                      ....

</pre>

This PA-TNC message is sent as a PB-PA payload in a PB-TNC CDATA batch to the TNC server:

<pre>

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01

Nov 29 07:39:23 merthyr charon: 13[TNC] creating PB-TNC CDATA batch

Nov 29 07:39:23 merthyr charon: 13[TNC] adding PB-PA message

Nov 29 07:39:23 merthyr charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Nov 29 07:39:23 merthyr charon: 13[TNC] sending PB-TNC CDATA batch (72 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 13[TNC] => 72 bytes @ 0x82679fc

Nov 29 07:39:23 merthyr charon: 13[TNC]    0: 02 00 00 01 00 00 00 48 80 00 00 00 00 00 00 01  .......H........

Nov 29 07:39:23 merthyr charon: 13[TNC]   16: 00 00 00 40 00 00 55 97 00 00 00 01 00 01 FF FF  ...@..U.........

Nov 29 07:39:23 merthyr charon: 13[TNC]   32: 01 00 00 00 0E D3 F1 F3 00 00 55 97 02 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 13[TNC]   48: 00 00 00 10 00 00 00 0E 00 00 55 97 07 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 13[TNC]   64: 00 00 00 10 00 00 80 00                          ........

Nov 29 07:39:23 merthyr charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Nov 29 07:39:23 merthyr charon: 13[ENC] generating IKE_AUTH request 8 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. DH Nonce Parameters

The next PB-TNC SDATA batch is received:

<pre>

Nov 29 07:39:23 merthyr charon: 01[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 01[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 01[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:23 merthyr charon: 01[TNC] received TNCCS batch (56 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 01[TNC] => 56 bytes @ 0x825e5b6

Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 02 80 00 02 00 00 00 38 80 00 00 00 00 00 00 01  .......8........

Nov 29 07:39:23 merthyr charon: 01[TNC]   16: 00 00 00 30 00 00 55 97 00 00 00 01 FF FF 00 01  ...0..U.........

Nov 29 07:39:23 merthyr charon: 01[TNC]   32: 01 00 00 00 C2 D1 8E F1 80 00 55 97 03 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 01[TNC]   48: 00 00 00 10 00 00 F0 00                          ........

Nov 29 07:39:23 merthyr charon: 01[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PB-TNC SDATA batch

</pre>

containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:

<pre>

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PB-PA message (48 bytes)

Nov 29 07:39:23 merthyr charon: 01[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

</pre>

The PA-TNC message contains a 'DH Nonce Parameters Request' from the TCG namespace

<pre>

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PA-TNC message with ID 0xc2d18ef1

Nov 29 07:39:23 merthyr charon: 01[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000

Nov 29 07:39:23 merthyr charon: 01[TNC] => 4 bytes @ 0x82452d0

Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 00 00 F0 00                                      ....

</pre>

and offers the set of IKE DH groups {2, 5, 14, 19} from which the PTS-IMC selects ECP_256 (group 19).

<pre>

Nov 29 07:39:23 merthyr charon: 01[PTS] selected PTS DH group is ECP_256

Nov 29 07:39:23 merthyr charon: 01[PTS] nonce length is 20

</pre>

The PTS-IMC also returns a 20 byte DH responder nonce and the 32 byte ECP_256 DH responder public value:

<pre>

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PA-TNC message with ID 0xa69f8b02

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000

Nov 29 07:39:23 merthyr charon: 01[TNC] => 92 bytes @ 0x826a53c

Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 00 00 00 14 10 00 E0 00 AA B1 9A 5C 9B 47 D0 0D  ...........\.G..

Nov 29 07:39:23 merthyr charon: 01[TNC]   16: EF 3B F4 48 7A 55 EF DA 89 55 D3 74 DF CE B2 FB  .;.HzU...U.t....

Nov 29 07:39:23 merthyr charon: 01[TNC]   32: 44 16 FD 98 44 1D 79 1F 36 7A A5 67 94 30 81 C8  D...D.y.6z.g.0..

Nov 29 07:39:23 merthyr charon: 01[TNC]   48: 38 A8 1A AD 99 55 0E 91 2F E4 36 62 FA C2 08 63  8....U../.6b...c

Nov 29 07:39:23 merthyr charon: 01[TNC]   64: 88 69 41 79 35 D4 64 8C 4C D4 CB E9 7B 5E CF 0A  .iAy5.d.L...{^..

Nov 29 07:39:23 merthyr charon: 01[TNC]   80: E0 E9 74 66 4C BB 06 3B F8 DE 96 2E              ..tfL..;....

</pre>

This PA-TNC message is carried in a PB-PA message encapsulated in a PB-TNC CDATA batch:

<pre>

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01

Nov 29 07:39:23 merthyr charon: 01[TNC] creating PB-TNC CDATA batch

Nov 29 07:39:23 merthyr charon: 01[TNC] adding PB-PA message

Nov 29 07:39:23 merthyr charon: 01[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Nov 29 07:39:23 merthyr charon: 01[TNC] sending PB-TNC CDATA batch (144 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 01[TNC] => 144 bytes @ 0x826e85c

Nov 29 07:39:23 merthyr charon: 01[TNC]    0: 02 00 00 01 00 00 00 90 80 00 00 00 00 00 00 01  ................

Nov 29 07:39:23 merthyr charon: 01[TNC]   16: 00 00 00 88 00 00 55 97 00 00 00 01 00 01 FF FF  ......U.........

Nov 29 07:39:23 merthyr charon: 01[TNC]   32: 01 00 00 00 A6 9F 8B 02 00 00 55 97 04 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 01[TNC]   48: 00 00 00 68 00 00 00 14 10 00 E0 00 AA B1 9A 5C  ...h...........\

Nov 29 07:39:23 merthyr charon: 01[TNC]   64: 9B 47 D0 0D EF 3B F4 48 7A 55 EF DA 89 55 D3 74  .G...;.HzU...U.t

Nov 29 07:39:23 merthyr charon: 01[TNC]   80: DF CE B2 FB 44 16 FD 98 44 1D 79 1F 36 7A A5 67  ....D...D.y.6z.g

Nov 29 07:39:23 merthyr charon: 01[TNC]   96: 94 30 81 C8 38 A8 1A AD 99 55 0E 91 2F E4 36 62  .0..8....U../.6b

Nov 29 07:39:23 merthyr charon: 01[TNC]  112: FA C2 08 63 88 69 41 79 35 D4 64 8C 4C D4 CB E9  ...c.iAy5.d.L...

Nov 29 07:39:23 merthyr charon: 01[TNC]  128: 7B 5E CF 0A E0 E9 74 66 4C BB 06 3B F8 DE 96 2E  {^....tfL..;....

Nov 29 07:39:23 merthyr charon: 01[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Nov 29 07:39:23 merthyr charon: 01[ENC] generating IKE_AUTH request 9 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 01[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. DH Nonce Finish and TPM Version/AIK Info

The next PB-TNC SDATA batch is received:

<pre>

Nov 29 07:39:23 merthyr charon: 04[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 04[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 04[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:23 merthyr charon: 04[TNC] received TNCCS batch (172 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 04[TNC] => 172 bytes @ 0x826e866

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 02 80 00 02 00 00 00 AC 80 00 00 00 00 00 00 01  ................

Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 00 00 00 A4 00 00 55 97 00 00 00 01 FF FF 00 01  ......U.........

Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 01 00 00 00 83 45 BD D1 80 00 55 97 05 00 00 00  .....E....U.....

Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 00 00 00 64 00 14 80 00 B1 E2 2D 2D 11 80 E2 BC  ...d......--....

Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 83 5A 56 DC 1B 18 3F 91 3B 63 E0 E9 09 2A 67 0D  .ZV...?.;c...*g.

Nov 29 07:39:23 merthyr charon: 04[TNC]   80: AE FB D6 94 32 39 5A 2C D2 2C 58 2C 5F 3E B4 00  ....29Z,.,X,_>..

Nov 29 07:39:23 merthyr charon: 04[TNC]   96: 25 68 E8 EB 9E 46 93 B3 C7 AE 5C 57 26 92 D7 4E  %h...F....\W&..N

Nov 29 07:39:23 merthyr charon: 04[TNC]  112: F2 14 08 60 96 A4 74 78 46 C4 11 FB 33 64 F3 27  ...`..txF...3d.'

Nov 29 07:39:23 merthyr charon: 04[TNC]  128: 1D 62 3D C4 83 73 AE AE 8B 36 E4 F5 80 00 55 97  .b=..s...6....U.

Nov 29 07:39:23 merthyr charon: 04[TNC]  144: 08 00 00 00 00 00 00 10 00 00 00 00 80 00 55 97  ..............U.

Nov 29 07:39:23 merthyr charon: 04[TNC]  160: 0D 00 00 00 00 00 00 10 00 00 00 00              ............

Nov 29 07:39:23 merthyr charon: 04[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PB-TNC SDATA batch

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PB-PA message (164 bytes)

Nov 29 07:39:23 merthyr charon: 04[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

</pre>

containing a PA-TNC message with the 'DH Nonce Finish', 'Get TPM Version Information' and 'Get Attestation Identity Key'

attributes from the TCG namespace:

<pre>

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC message with ID 0x8345bdd1

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 88 bytes @ 0x826a928

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 14 80 00 B1 E2 2D 2D 11 80 E2 BC 83 5A 56 DC  ......--.....ZV.

Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 1B 18 3F 91 3B 63 E0 E9 09 2A 67 0D AE FB D6 94  ..?.;c...*g.....

Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 32 39 5A 2C D2 2C 58 2C 5F 3E B4 00 25 68 E8 EB  29Z,.,X,_>..%h..

Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 9E 46 93 B3 C7 AE 5C 57 26 92 D7 4E F2 14 08 60  .F....\W&..N...`

Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 96 A4 74 78 46 C4 11 FB 33 64 F3 27 1D 62 3D C4  ..txF...3d.'.b=.

Nov 29 07:39:23 merthyr charon: 04[TNC]   80: 83 73 AE AE 8B 36 E4 F5                          .s...6..

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 4 bytes @ 0x826a98c

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 00 00 00                                      ....

Nov 29 07:39:23 merthyr charon: 04[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 4 bytes @ 0x826a99c

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 00 00 00                                      ....

</pre>

The PTS-IMV reports that it selected SHA-1 as the DH hash algorithm and provides its 20 byte nonce and 32 byte public DH factor

so that the share DH secret can be computed:

<pre>

Nov 29 07:39:23 merthyr charon: 04[PTS] selected DH hash algorithm is HASH_SHA1

Nov 29 07:39:23 merthyr charon: 04[PTS] initiator nonce: => 20 bytes @ 0x82594a4

Nov 29 07:39:23 merthyr charon: 04[PTS]    0: 46 C4 11 FB 33 64 F3 27 1D 62 3D C4 83 73 AE AE  F...3d.'.b=..s..

Nov 29 07:39:23 merthyr charon: 04[PTS]   16: 8B 36 E4 F5                                      .6..

Nov 29 07:39:23 merthyr charon: 04[PTS] responder nonce: => 20 bytes @ 0x8266a7c

Nov 29 07:39:23 merthyr charon: 04[PTS]    0: AA B1 9A 5C 9B 47 D0 0D EF 3B F4 48 7A 55 EF DA  ...\.G...;.HzU..

Nov 29 07:39:23 merthyr charon: 04[PTS]   16: 89 55 D3 74                                      .U.t

Nov 29 07:39:23 merthyr charon: 04[PTS] shared DH secret: => 32 bytes @ 0x826c8e4

Nov 29 07:39:23 merthyr charon: 04[PTS]    0: 61 E8 7D D7 8C C8 DF 4E 5C 5A B7 48 75 38 0C B8  a.}....N\Z.Hu8..

Nov 29 07:39:23 merthyr charon: 04[PTS]   16: 2D 23 08 8E E2 D5 B9 25 04 F8 03 BA 35 9F 3A 52  -#.....%....5.:R

Nov 29 07:39:23 merthyr charon: 04[PTS] secret assessment value: => 20 bytes @ 0x8266ea4

Nov 29 07:39:23 merthyr charon: 04[PTS]    0: E1 1B 01 B4 FF 2B 56 83 24 AD AD AD 8B 7B 36 B7  .....+V.$....{6.

Nov 29 07:39:23 merthyr charon: 04[PTS]   16: FF CA D9 59                                      ...Y

</pre>

Answering the 'Get TPM Version Information' request, the following TPM version info is returned in binary form:

<pre>

Nov 29 07:39:23 merthyr charon: 04[PTS] TPM 1.2 Version Info: Chip Version: 1.2.1.2, Spec Level: 2, Errata Rev: 0, Vendor ID: IFX

</pre>

Besides the 'TPM Version Information' attribute, also the 'Attestation Identity Key' is included in the PA-TNC message to be forwarded to the PTS-IMV:

<pre>

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PA-TNC message with ID 0x1e82d806

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 15 bytes @ 0x826a9ec

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 30 01 02 01 02 00 02 00 49 46 58 00 00 00     .0.......IFX...

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000

Nov 29 07:39:23 merthyr charon: 04[TNC] => 1334 bytes @ 0x826e274

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 00 30 82 05 31 30 82 04 19 A0 03 02 01 02 02 10  .0..10..........

Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 15 C8 E6 07 AD F7 B6 3C 0A F2 87 51 0C 34 F7 BA  .......<...Q.4..

Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30  0...*.H........0

Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 4D 31 16 30 14 06 03 55 04 0A 13 0D 70 72 69 76  M1.0...U....priv

Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 61 63 79 63 61 2E 63 6F 6D 31 33 30 31 06 03 55  acyca.com1301..U

Nov 29 07:39:23 merthyr charon: 04[TNC]   80: 04 03 13 2A 50 72 69 76 61 63 79 20 43 41 20 45  ...*Privacy CA E

Nov 29 07:39:23 merthyr charon: 04[TNC]   96: 4B 2D 43 65 72 74 2D 43 68 65 63 6B 65 64 20 41  K-Cert-Checked A

Nov 29 07:39:23 merthyr charon: 04[TNC]  112: 49 4B 20 43 65 72 74 69 66 69 63 61 74 65 30 1E  IK Certificate0.

Nov 29 07:39:23 merthyr charon: 04[TNC]  128: 17 0D 31 31 31 31 30 32 30 37 35 30 35 31 5A 17  ..111102075051Z.

Nov 29 07:39:23 merthyr charon: 04[TNC]  144: 0D 31 32 31 31 30 32 30 37 35 30 35 31 5A 30 00  .121102075051Z0.

Nov 29 07:39:23 merthyr charon: 04[TNC]  160: 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01  0.."0...*.H.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  176: 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01  ........0.......

Nov 29 07:39:23 merthyr charon: 04[TNC]  192: 00 E9 1C 5F 57 5B 73 5F 35 15 BD AF 29 89 13 F1  ..._W[s_5...)...

Nov 29 07:39:23 merthyr charon: 04[TNC]  208: F9 8D 83 62 6C 73 C0 5F 8B 90 5A B8 1A 72 B9 D2  ...bls._..Z..r..

Nov 29 07:39:23 merthyr charon: 04[TNC]  224: 51 F8 DC 24 CF 0D 9E E2 0B F8 8D 11 CD B2 E5 6B  Q..$...........k

Nov 29 07:39:23 merthyr charon: 04[TNC]  240: CB C2 AB FA BD F4 74 D2 25 B3 AE CE 47 66 58 A6  ......t.%...GfX.

Nov 29 07:39:23 merthyr charon: 04[TNC]  256: 65 A4 CA 36 24 1E 6E 22 A4 9F 88 C5 63 78 AD 53  e..6$.n"....cx.S

Nov 29 07:39:23 merthyr charon: 04[TNC]  272: 33 90 22 91 6F 83 8F 2A A8 98 0C 15 3E 89 19 48  3.".o..*....>..H

Nov 29 07:39:23 merthyr charon: 04[TNC]  288: 63 BE 4C 35 02 F4 03 7E 10 8E 4D DB 5A D1 63 9A  c.L5...~..M.Z.c.

Nov 29 07:39:23 merthyr charon: 04[TNC]  304: 3C D9 63 F5 7B C6 73 0F 23 05 B6 00 30 3B 34 6C  <.c.{.s.#...0;4l

Nov 29 07:39:23 merthyr charon: 04[TNC]  320: 3C 10 A9 A5 4A 79 2E 62 88 E3 CC 7F 7B A7 5A E3  <...Jy.b....{.Z.

Nov 29 07:39:23 merthyr charon: 04[TNC]  336: 6F 13 7A BD BF 86 1D 3C E3 12 3A 8C 0E 7D 47 55  o.z....<..:..}GU

Nov 29 07:39:23 merthyr charon: 04[TNC]  352: C6 76 A9 D3 61 16 22 8A 32 C5 E7 CD 17 DB 5F A1  .v..a.".2....._.

Nov 29 07:39:23 merthyr charon: 04[TNC]  368: 67 CC 1D F5 D9 25 51 01 33 1E 05 45 85 53 2E 2C  g....%Q.3..E.S.,

Nov 29 07:39:23 merthyr charon: 04[TNC]  384: 2B 1D 59 E5 FE C2 61 26 36 12 05 F2 5C 95 F8 70  +.Y...a&6...\..p

Nov 29 07:39:23 merthyr charon: 04[TNC]  400: E6 6A DB BF 30 1E 46 05 E6 0E 94 3C 0C C6 1C 96  .j..0.F....<....

Nov 29 07:39:23 merthyr charon: 04[TNC]  416: B4 59 AC 5C 63 15 8C 77 E8 45 91 6B 8B B1 0D DB  .Y.\c..w.E.k....

Nov 29 07:39:23 merthyr charon: 04[TNC]  432: 26 3C E5 34 1C E8 B9 B5 6E 7F 9B 6E 7D 24 82 6E  &<.4....n..n}$.n

Nov 29 07:39:23 merthyr charon: 04[TNC]  448: 2B 02 03 01 00 01 A3 82 02 58 30 82 02 54 30 81  +........X0..T0.

Nov 29 07:39:23 merthyr charon: 04[TNC]  464: 93 06 03 55 1D 09 04 81 8B 30 81 88 30 3A 06 03  ...U.....0..0:..

Nov 29 07:39:23 merthyr charon: 04[TNC]  480: 55 04 34 31 33 30 0B 30 09 06 05 2B 0E 03 02 1A  U.4130.0...+....

Nov 29 07:39:23 merthyr charon: 04[TNC]  496: 05 00 30 24 30 22 06 09 2A 86 48 86 F7 0D 01 01  ..0$0"..*.H.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  512: 07 30 15 A2 13 30 11 06 09 2A 86 48 86 F7 0D 01  .0...0...*.H....

Nov 29 07:39:23 merthyr charon: 04[TNC]  528: 01 09 04 04 54 43 50 41 30 16 06 05 67 81 05 02  ....TCPA0...g...

Nov 29 07:39:23 merthyr charon: 04[TNC]  544: 10 31 0D 30 0B 0C 03 31 2E 32 02 01 02 02 01 00  .1.0...1.2......

Nov 29 07:39:23 merthyr charon: 04[TNC]  560: 30 32 06 05 67 81 05 02 12 31 29 30 27 01 01 FF  02..g....1)0'...

Nov 29 07:39:23 merthyr charon: 04[TNC]  576: A0 03 0A 01 01 A1 03 0A 01 00 A2 03 0A 01 00 A3  ................

Nov 29 07:39:23 merthyr charon: 04[TNC]  592: 10 30 0E 16 03 33 2E 30 0A 01 04 0A 01 00 01 01  .0...3.0........

Nov 29 07:39:23 merthyr charon: 04[TNC]  608: FF 01 01 FF 30 62 06 03 55 1D 11 01 01 FF 04 58  ....0b..U......X

Nov 29 07:39:23 merthyr charon: 04[TNC]  624: 30 56 A4 47 30 45 31 16 30 14 06 05 67 81 05 02  0V.G0E1.0...g...

Nov 29 07:39:23 merthyr charon: 04[TNC]  640: 01 0C 0B 69 64 3A 34 39 34 36 35 38 30 30 31 17  ...id:494658001.

Nov 29 07:39:23 merthyr charon: 04[TNC]  656: 30 15 06 05 67 81 05 02 02 0C 0C 53 4C 42 39 36  0...g......SLB96

Nov 29 07:39:23 merthyr charon: 04[TNC]  672: 33 35 54 54 31 2E 32 31 12 30 10 06 05 67 81 05  35TT1.21.0...g..

Nov 29 07:39:23 merthyr charon: 04[TNC]  688: 02 03 0C 07 69 64 3A 30 31 30 32 A0 0B 06 05 67  ....id:0102....g

Nov 29 07:39:23 merthyr charon: 04[TNC]  704: 81 05 02 0F A0 02 0C 00 30 0C 06 03 55 1D 13 01  ........0...U...

Nov 29 07:39:23 merthyr charon: 04[TNC]  720: 01 FF 04 02 30 00 30 82 01 27 06 03 55 1D 20 01  ....0.0..'..U. .

Nov 29 07:39:23 merthyr charon: 04[TNC]  736: 01 FF 04 82 01 1B 30 82 01 17 30 67 06 0A 2B 06  ......0...0g..+.

Nov 29 07:39:23 merthyr charon: 04[TNC]  752: 01 04 01 81 E3 42 01 11 30 59 30 29 06 08 2B 06  .....B..0Y0)..+.

Nov 29 07:39:23 merthyr charon: 04[TNC]  768: 01 05 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 77  ........http://w

Nov 29 07:39:23 merthyr charon: 04[TNC]  784: 77 77 2E 70 72 69 76 61 63 79 63 61 2E 63 6F 6D  ww.privacyca.com

Nov 29 07:39:23 merthyr charon: 04[TNC]  800: 2F 63 70 73 2F 30 2C 06 08 2B 06 01 05 05 07 02  /cps/0,..+......

Nov 29 07:39:23 merthyr charon: 04[TNC]  816: 02 30 20 0C 1E 54 43 50 41 20 54 72 75 73 74 65  .0 ..TCPA Truste

Nov 29 07:39:23 merthyr charon: 04[TNC]  832: 64 20 50 6C 61 74 66 6F 72 6D 20 49 64 65 6E 74  d Platform Ident

Nov 29 07:39:23 merthyr charon: 04[TNC]  848: 69 74 79 30 81 AB 06 0B 60 86 48 01 86 F8 45 01  ity0....`.H...E.

Nov 29 07:39:23 merthyr charon: 04[TNC]  864: 07 2F 01 30 81 9B 30 39 06 08 2B 06 01 05 05 07  ./.0..09..+.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  880: 02 01 16 2D 68 74 74 70 3A 2F 2F 77 77 77 2E 76  ...-http://www.v

Nov 29 07:39:23 merthyr charon: 04[TNC]  896: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 6F  erisign.com/repo

Nov 29 07:39:23 merthyr charon: 04[TNC]  912: 73 69 74 6F 72 79 2F 69 6E 64 65 78 2E 68 74 6D  sitory/index.htm

Nov 29 07:39:23 merthyr charon: 04[TNC]  928: 6C 30 5E 06 08 2B 06 01 05 05 07 02 02 30 52 1E  l0^..+.......0R.

Nov 29 07:39:23 merthyr charon: 04[TNC]  944: 50 00 54 00 43 00 50 00 41 00 20 00 54 00 72 00  P.T.C.P.A. .T.r.

Nov 29 07:39:23 merthyr charon: 04[TNC]  960: 75 00 73 00 74 00 65 00 64 00 20 00 50 00 6C 00  u.s.t.e.d. .P.l.

Nov 29 07:39:23 merthyr charon: 04[TNC]  976: 61 00 74 00 66 00 6F 00 72 00 6D 00 20 00 4D 00  a.t.f.o.r.m. .M.

Nov 29 07:39:23 merthyr charon: 04[TNC]  992: 6F 00 64 00 75 00 6C 00 65 00 20 00 45 00 6E 00  o.d.u.l.e. .E.n.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1008: 64 00 6F 00 72 00 73 00 65 00 6D 00 65 00 6E 00  d.o.r.s.e.m.e.n.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1024: 74 30 1F 06 03 55 1D 23 04 18 30 16 80 14 66 FF  t0...U.#..0...f.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1040: 3C C0 41 02 0A 60 27 4C BE 29 81 F0 58 DC B2 A3  <.A..`'L.)..X...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1056: 3E A2 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05  >.0...*.H.......

Nov 29 07:39:23 merthyr charon: 04[TNC] 1072: 00 03 82 01 01 00 78 17 95 B0 D1 B5 99 AE 90 DF  ......x.........

Nov 29 07:39:23 merthyr charon: 04[TNC] 1088: 4A AA 02 38 60 9A 05 7A 53 08 00 E9 4B F8 0F 01  J..8`..zS...K...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1104: A7 26 B7 54 B0 8E F8 9C 64 B1 CE 9B D1 F5 D6 C2  .&.T....d.......

Nov 29 07:39:23 merthyr charon: 04[TNC] 1120: 3C 4A 20 56 FC 64 B0 21 58 B9 7B 5B FB 65 0C 2A  <J V.d.!X.{[.e.*

Nov 29 07:39:23 merthyr charon: 04[TNC] 1136: BE 0A 64 92 DC 60 EE 3A 6F E9 89 E3 2C 59 D8 DB  ..d..`.:o...,Y..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1152: E5 97 6B 97 EE D3 D5 E1 01 A8 80 2A 56 7A 4F 36  ..k........*VzO6

Nov 29 07:39:23 merthyr charon: 04[TNC] 1168: 2B F8 2B 84 91 A1 0A 16 00 B3 4E BE 1D BE 6F C3  +.+.......N...o.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1184: 6C 5F ED A9 61 43 54 84 8D E8 E2 9C 08 5D 01 D2  l_..aCT......]..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1200: FC E0 0E CB 2B 00 BF CE 42 B2 68 B2 E2 79 9D 26  ....+...B.h..y.&

Nov 29 07:39:23 merthyr charon: 04[TNC] 1216: CC FE C4 25 D6 6A AB 16 CA 39 FE 55 E5 EA AC 43  ...%.j...9.U...C

Nov 29 07:39:23 merthyr charon: 04[TNC] 1232: D8 B1 C5 CE 94 03 FB 5F E9 88 A1 64 64 C1 53 8A  ......._...dd.S.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1248: 6C 80 D1 9C B6 AC 83 FA 6F E4 B6 67 55 85 06 D2  l.......o..gU...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1264: 86 49 0E 97 7B 23 1D 8B 60 6B FD 98 29 47 99 D3  .I..{#..`k..)G..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1280: A8 69 5D 71 E2 0E 3F 12 D4 82 FC 66 3B 72 24 06  .i]q..?....f;r$.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1296: 99 77 EF 28 92 FD E0 03 3B 95 21 C0 1C EF BA 75  .w.(....;.!....u

Nov 29 07:39:23 merthyr charon: 04[TNC] 1312: B1 04 B6 1B 4A CE 59 66 D9 DF BE 2B 03 4A CD BB  ....J.Yf...+.J..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1328: 21 32 C4 E3 27 49                                !2..'I

</pre>

The TNC client packs this large PA-TNC message into an outgoing PB-TNC CDATA batch:

<pre>

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01

Nov 29 07:39:23 merthyr charon: 04[TNC] creating PB-TNC CDATA batch

Nov 29 07:39:23 merthyr charon: 04[TNC] adding PB-PA message

Nov 29 07:39:23 merthyr charon: 04[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Nov 29 07:39:23 merthyr charon: 04[TNC] sending PB-TNC CDATA batch (1413 bytes) for Connection ID 1

Nov 29 07:39:23 merthyr charon: 04[TNC] => 1413 bytes @ 0x826f1c4

Nov 29 07:39:23 merthyr charon: 04[TNC]    0: 02 00 00 01 00 00 05 85 80 00 00 00 00 00 00 01  ................

Nov 29 07:39:23 merthyr charon: 04[TNC]   16: 00 00 05 7D 00 00 55 97 00 00 00 01 00 01 FF FF  ...}..U.........

Nov 29 07:39:23 merthyr charon: 04[TNC]   32: 01 00 00 00 1E 82 D8 06 00 00 55 97 09 00 00 00  ..........U.....

Nov 29 07:39:23 merthyr charon: 04[TNC]   48: 00 00 00 1B 00 30 01 02 01 02 00 02 00 49 46 58  .....0.......IFX

Nov 29 07:39:23 merthyr charon: 04[TNC]   64: 00 00 00 00 00 55 97 0E 00 00 00 00 00 05 42 00  .....U........B.

Nov 29 07:39:23 merthyr charon: 04[TNC]   80: 30 82 05 31 30 82 04 19 A0 03 02 01 02 02 10 15  0..10...........

Nov 29 07:39:23 merthyr charon: 04[TNC]   96: C8 E6 07 AD F7 B6 3C 0A F2 87 51 0C 34 F7 BA 30  ......<...Q.4..0

Nov 29 07:39:23 merthyr charon: 04[TNC]  112: 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 4D  ...*.H........0M

Nov 29 07:39:23 merthyr charon: 04[TNC]  128: 31 16 30 14 06 03 55 04 0A 13 0D 70 72 69 76 61  1.0...U....priva

Nov 29 07:39:23 merthyr charon: 04[TNC]  144: 63 79 63 61 2E 63 6F 6D 31 33 30 31 06 03 55 04  cyca.com1301..U.

Nov 29 07:39:23 merthyr charon: 04[TNC]  160: 03 13 2A 50 72 69 76 61 63 79 20 43 41 20 45 4B  ..*Privacy CA EK

Nov 29 07:39:23 merthyr charon: 04[TNC]  176: 2D 43 65 72 74 2D 43 68 65 63 6B 65 64 20 41 49  -Cert-Checked AI

Nov 29 07:39:23 merthyr charon: 04[TNC]  192: 4B 20 43 65 72 74 69 66 69 63 61 74 65 30 1E 17  K Certificate0..

Nov 29 07:39:23 merthyr charon: 04[TNC]  208: 0D 31 31 31 31 30 32 30 37 35 30 35 31 5A 17 0D  .111102075051Z..

Nov 29 07:39:23 merthyr charon: 04[TNC]  224: 31 32 31 31 30 32 30 37 35 30 35 31 5A 30 00 30  121102075051Z0.0

Nov 29 07:39:23 merthyr charon: 04[TNC]  240: 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01  .."0...*.H......

Nov 29 07:39:23 merthyr charon: 04[TNC]  256: 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00  .......0........

Nov 29 07:39:23 merthyr charon: 04[TNC]  272: E9 1C 5F 57 5B 73 5F 35 15 BD AF 29 89 13 F1 F9  .._W[s_5...)....

Nov 29 07:39:23 merthyr charon: 04[TNC]  288: 8D 83 62 6C 73 C0 5F 8B 90 5A B8 1A 72 B9 D2 51  ..bls._..Z..r..Q

Nov 29 07:39:23 merthyr charon: 04[TNC]  304: F8 DC 24 CF 0D 9E E2 0B F8 8D 11 CD B2 E5 6B CB  ..$...........k.

Nov 29 07:39:23 merthyr charon: 04[TNC]  320: C2 AB FA BD F4 74 D2 25 B3 AE CE 47 66 58 A6 65  .....t.%...GfX.e

Nov 29 07:39:23 merthyr charon: 04[TNC]  336: A4 CA 36 24 1E 6E 22 A4 9F 88 C5 63 78 AD 53 33  ..6$.n"....cx.S3

Nov 29 07:39:23 merthyr charon: 04[TNC]  352: 90 22 91 6F 83 8F 2A A8 98 0C 15 3E 89 19 48 63  .".o..*....>..Hc

Nov 29 07:39:23 merthyr charon: 04[TNC]  368: BE 4C 35 02 F4 03 7E 10 8E 4D DB 5A D1 63 9A 3C  .L5...~..M.Z.c.<

Nov 29 07:39:23 merthyr charon: 04[TNC]  384: D9 63 F5 7B C6 73 0F 23 05 B6 00 30 3B 34 6C 3C  .c.{.s.#...0;4l<

Nov 29 07:39:23 merthyr charon: 04[TNC]  400: 10 A9 A5 4A 79 2E 62 88 E3 CC 7F 7B A7 5A E3 6F  ...Jy.b....{.Z.o

Nov 29 07:39:23 merthyr charon: 04[TNC]  416: 13 7A BD BF 86 1D 3C E3 12 3A 8C 0E 7D 47 55 C6  .z....<..:..}GU.

Nov 29 07:39:23 merthyr charon: 04[TNC]  432: 76 A9 D3 61 16 22 8A 32 C5 E7 CD 17 DB 5F A1 67  v..a.".2....._.g

Nov 29 07:39:23 merthyr charon: 04[TNC]  448: CC 1D F5 D9 25 51 01 33 1E 05 45 85 53 2E 2C 2B  ....%Q.3..E.S.,+

Nov 29 07:39:23 merthyr charon: 04[TNC]  464: 1D 59 E5 FE C2 61 26 36 12 05 F2 5C 95 F8 70 E6  .Y...a&6...\..p.

Nov 29 07:39:23 merthyr charon: 04[TNC]  480: 6A DB BF 30 1E 46 05 E6 0E 94 3C 0C C6 1C 96 B4  j..0.F....<.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  496: 59 AC 5C 63 15 8C 77 E8 45 91 6B 8B B1 0D DB 26  Y.\c..w.E.k....&

Nov 29 07:39:23 merthyr charon: 04[TNC]  512: 3C E5 34 1C E8 B9 B5 6E 7F 9B 6E 7D 24 82 6E 2B  <.4....n..n}$.n+

Nov 29 07:39:23 merthyr charon: 04[TNC]  528: 02 03 01 00 01 A3 82 02 58 30 82 02 54 30 81 93  ........X0..T0..

Nov 29 07:39:23 merthyr charon: 04[TNC]  544: 06 03 55 1D 09 04 81 8B 30 81 88 30 3A 06 03 55  ..U.....0..0:..U

Nov 29 07:39:23 merthyr charon: 04[TNC]  560: 04 34 31 33 30 0B 30 09 06 05 2B 0E 03 02 1A 05  .4130.0...+.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  576: 00 30 24 30 22 06 09 2A 86 48 86 F7 0D 01 01 07  .0$0"..*.H......

Nov 29 07:39:23 merthyr charon: 04[TNC]  592: 30 15 A2 13 30 11 06 09 2A 86 48 86 F7 0D 01 01  0...0...*.H.....

Nov 29 07:39:23 merthyr charon: 04[TNC]  608: 09 04 04 54 43 50 41 30 16 06 05 67 81 05 02 10  ...TCPA0...g....

Nov 29 07:39:23 merthyr charon: 04[TNC]  624: 31 0D 30 0B 0C 03 31 2E 32 02 01 02 02 01 00 30  1.0...1.2......0

Nov 29 07:39:23 merthyr charon: 04[TNC]  640: 32 06 05 67 81 05 02 12 31 29 30 27 01 01 FF A0  2..g....1)0'....

Nov 29 07:39:23 merthyr charon: 04[TNC]  656: 03 0A 01 01 A1 03 0A 01 00 A2 03 0A 01 00 A3 10  ................

Nov 29 07:39:23 merthyr charon: 04[TNC]  672: 30 0E 16 03 33 2E 30 0A 01 04 0A 01 00 01 01 FF  0...3.0.........

Nov 29 07:39:23 merthyr charon: 04[TNC]  688: 01 01 FF 30 62 06 03 55 1D 11 01 01 FF 04 58 30  ...0b..U......X0

Nov 29 07:39:23 merthyr charon: 04[TNC]  704: 56 A4 47 30 45 31 16 30 14 06 05 67 81 05 02 01  V.G0E1.0...g....

Nov 29 07:39:23 merthyr charon: 04[TNC]  720: 0C 0B 69 64 3A 34 39 34 36 35 38 30 30 31 17 30  ..id:494658001.0

Nov 29 07:39:23 merthyr charon: 04[TNC]  736: 15 06 05 67 81 05 02 02 0C 0C 53 4C 42 39 36 33  ...g......SLB963

Nov 29 07:39:23 merthyr charon: 04[TNC]  752: 35 54 54 31 2E 32 31 12 30 10 06 05 67 81 05 02  5TT1.21.0...g...

Nov 29 07:39:23 merthyr charon: 04[TNC]  768: 03 0C 07 69 64 3A 30 31 30 32 A0 0B 06 05 67 81  ...id:0102....g.

Nov 29 07:39:23 merthyr charon: 04[TNC]  784: 05 02 0F A0 02 0C 00 30 0C 06 03 55 1D 13 01 01  .......0...U....

Nov 29 07:39:23 merthyr charon: 04[TNC]  800: FF 04 02 30 00 30 82 01 27 06 03 55 1D 20 01 01  ...0.0..'..U. ..

Nov 29 07:39:23 merthyr charon: 04[TNC]  816: FF 04 82 01 1B 30 82 01 17 30 67 06 0A 2B 06 01  .....0...0g..+..

Nov 29 07:39:23 merthyr charon: 04[TNC]  832: 04 01 81 E3 42 01 11 30 59 30 29 06 08 2B 06 01  ....B..0Y0)..+..

Nov 29 07:39:23 merthyr charon: 04[TNC]  848: 05 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 77 77  .......http://ww

Nov 29 07:39:23 merthyr charon: 04[TNC]  864: 77 2E 70 72 69 76 61 63 79 63 61 2E 63 6F 6D 2F  w.privacyca.com/

Nov 29 07:39:23 merthyr charon: 04[TNC]  880: 63 70 73 2F 30 2C 06 08 2B 06 01 05 05 07 02 02  cps/0,..+.......

Nov 29 07:39:23 merthyr charon: 04[TNC]  896: 30 20 0C 1E 54 43 50 41 20 54 72 75 73 74 65 64  0 ..TCPA Trusted

Nov 29 07:39:23 merthyr charon: 04[TNC]  912: 20 50 6C 61 74 66 6F 72 6D 20 49 64 65 6E 74 69   Platform Identi

Nov 29 07:39:23 merthyr charon: 04[TNC]  928: 74 79 30 81 AB 06 0B 60 86 48 01 86 F8 45 01 07  ty0....`.H...E..

Nov 29 07:39:23 merthyr charon: 04[TNC]  944: 2F 01 30 81 9B 30 39 06 08 2B 06 01 05 05 07 02  /.0..09..+......

Nov 29 07:39:23 merthyr charon: 04[TNC]  960: 01 16 2D 68 74 74 70 3A 2F 2F 77 77 77 2E 76 65  ..-http://www.ve

Nov 29 07:39:23 merthyr charon: 04[TNC]  976: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73  risign.com/repos

Nov 29 07:39:23 merthyr charon: 04[TNC]  992: 69 74 6F 72 79 2F 69 6E 64 65 78 2E 68 74 6D 6C  itory/index.html

Nov 29 07:39:23 merthyr charon: 04[TNC] 1008: 30 5E 06 08 2B 06 01 05 05 07 02 02 30 52 1E 50  0^..+.......0R.P

Nov 29 07:39:23 merthyr charon: 04[TNC] 1024: 00 54 00 43 00 50 00 41 00 20 00 54 00 72 00 75  .T.C.P.A. .T.r.u

Nov 29 07:39:23 merthyr charon: 04[TNC] 1040: 00 73 00 74 00 65 00 64 00 20 00 50 00 6C 00 61  .s.t.e.d. .P.l.a

Nov 29 07:39:23 merthyr charon: 04[TNC] 1056: 00 74 00 66 00 6F 00 72 00 6D 00 20 00 4D 00 6F  .t.f.o.r.m. .M.o

Nov 29 07:39:23 merthyr charon: 04[TNC] 1072: 00 64 00 75 00 6C 00 65 00 20 00 45 00 6E 00 64  .d.u.l.e. .E.n.d

Nov 29 07:39:23 merthyr charon: 04[TNC] 1088: 00 6F 00 72 00 73 00 65 00 6D 00 65 00 6E 00 74  .o.r.s.e.m.e.n.t

Nov 29 07:39:23 merthyr charon: 04[TNC] 1104: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 66 FF 3C  0...U.#..0...f.<

Nov 29 07:39:23 merthyr charon: 04[TNC] 1120: C0 41 02 0A 60 27 4C BE 29 81 F0 58 DC B2 A3 3E  .A..`'L.)..X...>

Nov 29 07:39:23 merthyr charon: 04[TNC] 1136: A2 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00  .0...*.H........

Nov 29 07:39:23 merthyr charon: 04[TNC] 1152: 03 82 01 01 00 78 17 95 B0 D1 B5 99 AE 90 DF 4A  .....x.........J

Nov 29 07:39:23 merthyr charon: 04[TNC] 1168: AA 02 38 60 9A 05 7A 53 08 00 E9 4B F8 0F 01 A7  ..8`..zS...K....

Nov 29 07:39:23 merthyr charon: 04[TNC] 1184: 26 B7 54 B0 8E F8 9C 64 B1 CE 9B D1 F5 D6 C2 3C  &.T....d.......<

Nov 29 07:39:23 merthyr charon: 04[TNC] 1200: 4A 20 56 FC 64 B0 21 58 B9 7B 5B FB 65 0C 2A BE  J V.d.!X.{[.e.*.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1216: 0A 64 92 DC 60 EE 3A 6F E9 89 E3 2C 59 D8 DB E5  .d..`.:o...,Y...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1232: 97 6B 97 EE D3 D5 E1 01 A8 80 2A 56 7A 4F 36 2B  .k........*VzO6+

Nov 29 07:39:23 merthyr charon: 04[TNC] 1248: F8 2B 84 91 A1 0A 16 00 B3 4E BE 1D BE 6F C3 6C  .+.......N...o.l

Nov 29 07:39:23 merthyr charon: 04[TNC] 1264: 5F ED A9 61 43 54 84 8D E8 E2 9C 08 5D 01 D2 FC  _..aCT......]...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1280: E0 0E CB 2B 00 BF CE 42 B2 68 B2 E2 79 9D 26 CC  ...+...B.h..y.&.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1296: FE C4 25 D6 6A AB 16 CA 39 FE 55 E5 EA AC 43 D8  ..%.j...9.U...C.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1312: B1 C5 CE 94 03 FB 5F E9 88 A1 64 64 C1 53 8A 6C  ......_...dd.S.l

Nov 29 07:39:23 merthyr charon: 04[TNC] 1328: 80 D1 9C B6 AC 83 FA 6F E4 B6 67 55 85 06 D2 86  .......o..gU....

Nov 29 07:39:23 merthyr charon: 04[TNC] 1344: 49 0E 97 7B 23 1D 8B 60 6B FD 98 29 47 99 D3 A8  I..{#..`k..)G...

Nov 29 07:39:23 merthyr charon: 04[TNC] 1360: 69 5D 71 E2 0E 3F 12 D4 82 FC 66 3B 72 24 06 99  i]q..?....f;r$..

Nov 29 07:39:23 merthyr charon: 04[TNC] 1376: 77 EF 28 92 FD E0 03 3B 95 21 C0 1C EF BA 75 B1  w.(....;.!....u.

Nov 29 07:39:23 merthyr charon: 04[TNC] 1392: 04 B6 1B 4A CE 59 66 D9 DF BE 2B 03 4A CD BB 21  ...J.Yf...+.J..!

Nov 29 07:39:23 merthyr charon: 04[TNC] 1408: 32 C4 E3 27 49                                   2..'I

Nov 29 07:39:23 merthyr charon: 04[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Nov 29 07:39:23 merthyr charon: 04[ENC] generating IKE_AUTH request 10 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 04[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. File Metadata and Measurement

This PB-TNC CDATA batch contains file metadata and measurement requests:

<pre>

Nov 29 07:39:23 merthyr charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:23 merthyr charon: 06[ENC] parsed IKE_AUTH response 10 [ EAP/REQ/TTLS ]

Nov 29 07:39:23 merthyr charon: 06[ENC] generating IKE_AUTH request 11 [ EAP/RES/TTLS ]

Nov 29 07:39:23 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:24 merthyr charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:24 merthyr charon: 10[ENC] parsed IKE_AUTH response 11 [ EAP/REQ/TTLS ]

Nov 29 07:39:24 merthyr charon: 10[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:24 merthyr charon: 10[TNC] received TNCCS batch (263 bytes) for Connection ID 1

Nov 29 07:39:24 merthyr charon: 10[TNC] => 263 bytes @ 0x82665f6

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 02 80 00 02 00 00 01 07 80 00 00 00 00 00 00 01  ................

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 00 00 00 FF 00 00 55 97 00 00 00 01 FF FF 00 01  ......U.........

Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 01 00 00 00 DF 70 5C F3 80 00 55 97 00 70 00 00  .....p\...U..p..

Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 00 00 00 1F 00 2F 00 00 2F 65 74 63 2F 74 6E 63  ...../../etc/tnc

Nov 29 07:39:24 merthyr charon: 10[TNC]   64: 5F 63 6F 6E 66 69 67 80 00 55 97 00 C0 00 00 00  _config..U......

Nov 29 07:39:24 merthyr charon: 10[TNC]   80: 00 00 32 00 00 00 01 00 00 00 2F 2F 6C 69 62 2F  ..2.......//lib/

Nov 29 07:39:24 merthyr charon: 10[TNC]   96: 69 33 38 36 2D 6C 69 6E 75 78 2D 67 6E 75 2F 6C  i386-linux-gnu/l

Nov 29 07:39:24 merthyr charon: 10[TNC]  112: 69 62 64 6C 2E 73 6F 2E 32 80 00 55 97 00 C0 00  ibdl.so.2..U....

Nov 29 07:39:24 merthyr charon: 10[TNC]  128: 00 00 00 00 22 00 00 00 02 00 00 00 2F 2F 73 62  ....".......//sb

Nov 29 07:39:24 merthyr charon: 10[TNC]  144: 69 6E 2F 69 70 74 61 62 6C 65 73 80 00 55 97 00  in/iptables..U..

Nov 29 07:39:24 merthyr charon: 10[TNC]  160: C0 00 00 00 00 00 28 00 00 00 03 00 00 00 2F 2F  ......(.......//

Nov 29 07:39:24 merthyr charon: 10[TNC]  176: 6C 69 62 2F 6C 69 62 78 74 61 62 6C 65 73 2E 73  lib/libxtables.s

Nov 29 07:39:24 merthyr charon: 10[TNC]  192: 6F 2E 35 80 00 55 97 00 C0 00 00 00 00 00 21 80  o.5..U........!.

Nov 29 07:39:24 merthyr charon: 10[TNC]  208: 00 00 04 00 00 00 2F 2F 6C 69 62 2F 78 74 61 62  ......//lib/xtab

Nov 29 07:39:24 merthyr charon: 10[TNC]  224: 6C 65 73 2F 80 00 55 97 00 C0 00 00 00 00 00 23  les/..U........#

Nov 29 07:39:24 merthyr charon: 10[TNC]  240: 00 00 00 05 00 00 00 2F 2F 73 62 69 6E 2F 69 70  .......//sbin/ip

Nov 29 07:39:24 merthyr charon: 10[TNC]  256: 36 74 61 62 6C 65 73                             6tables

Nov 29 07:39:24 merthyr charon: 10[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PB-TNC SDATA batch

</pre>

Again the PTS-IMC is subscribed to this PB-PA message type:

<pre>

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PB-PA message (255 bytes)

Nov 29 07:39:24 merthyr charon: 10[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

</pre>

The PA-TNC message consists of one 'Request File Metadata' and five 'Request File Measurement' attributes:

<pre>

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC message with ID 0xdf705cf3

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 19 bytes @ 0x8268c20

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 2F 00 00 2F 65 74 63 2F 74 6E 63 5F 63 6F 6E  ./../etc/tnc_con

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 66 69 67                                         fig

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 38 bytes @ 0x8268c3f

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 01 00 00 00 2F 2F 6C 69 62 2F 69 33 38  .......//lib/i38

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 36 2D 6C 69 6E 75 78 2D 67 6E 75 2F 6C 69 62 64  6-linux-gnu/libd

Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 6C 2E 73 6F 2E 32                                l.so.2

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 22 bytes @ 0x8268c71

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 02 00 00 00 2F 2F 73 62 69 6E 2F 69 70  .......//sbin/ip

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 74 61 62 6C 65 73                                tables

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 28 bytes @ 0x8268c93

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 03 00 00 00 2F 2F 6C 69 62 2F 6C 69 62  .......//lib/lib

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 78 74 61 62 6C 65 73 2E 73 6F 2E 35              xtables.so.5

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 21 bytes @ 0x8268cbb

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 80 00 00 04 00 00 00 2F 2F 6C 69 62 2F 78 74 61  .......//lib/xta

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 62 6C 65 73 2F                                   bles/

Nov 29 07:39:24 merthyr charon: 10[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 23 bytes @ 0x8268cdc

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 05 00 00 00 2F 2F 73 62 69 6E 2F 69 70  .......//sbin/ip

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 36 74 61 62 6C 65 73                             6tables

</pre>

The metadata for /etc/tnc_config is retrieved and the SHA-1 hash values for the four file measurement requests are computed.

Measurement request 4 is for the contents of a directory which generates quite some work.

<pre>

Nov 29 07:39:24 merthyr charon: 10[IMC] metadata request for file '/etc/tnc_config'

Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 1 for file '/lib/i386-linux-gnu/libdl.so.2'

Nov 29 07:39:24 merthyr charon: 10[PTS]   40:76:39:35:cd:ea:25:11:90:02:c4:2f:98:4b:99:4d:8d:2a:6d:75 for 'libdl.so.2'

Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 2 for file '/sbin/iptables'

Nov 29 07:39:24 merthyr charon: 10[PTS]   ff:6d:ec:a0:ee:b7:a2:57:20:5c:5f:0a:b5:f5:d8:21:ea:18:40:98 for 'iptables'

Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 3 for file '/lib/libxtables.so.5'

Nov 29 07:39:24 merthyr charon: 10[PTS]   7a:3c:a7:21:58:e6:0b:0c:91:e4:8a:42:08:48:f1:b6:93:ae:a2:6c for 'libxtables.so.5'

Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 4 for directory '/lib/xtables/'

Nov 29 07:39:24 merthyr charon: 10[PTS]   2d:0d:d5:0b:f5:10:78:05:b7:f9:35:c7:2f:94:c9:ba:a2:01:22:b0 for 'libxt_quota.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   33:9a:58:a1:b3:13:83:0c:3c:c7:4c:b3:fb:52:a5:b8:15:2f:44:e6 for 'libxt_esp.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   a3:45:6c:85:20:bf:0b:c3:f0:ee:0a:1c:80:03:21:c0:19:b4:a8:82 for 'libxt_standard.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   47:e0:cf:82:a1:21:16:d6:8a:a6:42:39:c4:9a:23:aa:b6:cb:35:f4 for 'libxt_string.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   3e:1c:20:2b:10:37:cc:24:54:fd:0d:cc:cc:40:e3:15:71:63:0d:9f for 'libxt_CONNMARK.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   3d:c5:69:0b:31:f0:69:93:3c:cc:14:e4:3f:7c:09:da:a3:e0:09:8d for 'libxt_mac.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   2b:07:68:91:49:e0:7c:ed:d6:d3:77:49:3d:17:68:ff:23:78:ac:b8 for 'libip6t_ipv6header.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   fd:d2:27:82:6f:c2:9d:b7:d1:b6:ed:2b:e4:14:52:14:f3:92:16:cd for 'libipt_TTL.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   1d:74:0a:bd:38:f9:f4:bc:81:ca:43:4a:0e:25:b6:e2:17:04:24:8b for 'libxt_tcp.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   18:36:41:80:9a:27:b0:8f:fe:59:c1:38:8c:da:6c:41:4b:dc:e6:d6 for 'libxt_tos.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   2d:32:ef:93:12:6a:bf:8c:66:0d:57:c6:7e:50:76:c6:39:4c:ab:e8 for 'libxt_policy.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   8f:d3:f5:95:98:1c:49:89:61:fc:94:67:83:0d:dd:37:20:08:c0:85 for 'libxt_physdev.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   34:3d:51:24:47:fc:02:22:63:19:9f:d2:3f:7b:21:6b:46:e0:1e:b3 for 'libxt_sctp.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   3b:1c:fb:8c:71:c9:04:be:b5:57:19:34:87:91:5f:f5:82:6a:33:47 for 'libipt_ecn.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   06:5d:f7:20:d2:c2:86:71:72:8a:96:33:53:0d:e5:94:cf:bf:e8:97 for 'libxt_recent.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   00:32:1b:d8:00:d7:08:2f:0d:ee:78:ef:a1:66:1e:24:6c:3d:aa:b4 for 'libxt_iprange.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   ac:87:0e:51:06:2d:69:a6:b1:9a:71:e5:1d:19:4b:9b:0c:29:51:cf for 'libip6t_dst.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   24:15:12:c0:4d:81:6c:c8:91:10:f1:c0:fd:ab:39:d4:97:ad:9f:1b for 'libxt_TPROXY.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   32:d4:43:76:1a:af:13:ef:8b:3c:d7:86:9a:f9:0b:57:a7:44:58:25 for 'libxt_connlimit.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   71:40:3f:f1:c6:ca:92:7a:ba:1d:c6:8c:8e:52:a6:76:ae:c1:c9:70 for 'libxt_RATEEST.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   c1:66:c2:84:d3:95:78:3a:48:d3:02:c9:61:cb:60:d7:ec:e7:68:ab for 'libxt_multiport.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   22:35:fe:d7:aa:6b:9a:8b:9b:db:7f:db:34:9a:35:9f:01:c1:b4:01 for 'libxt_u32.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   6c:f9:db:a7:25:ac:38:d3:be:ff:dc:d8:f6:65:5b:d5:f4:66:6d:25 for 'libipt_icmp.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   d6:c8:df:ba:ae:7a:b2:8b:5c:ef:26:26:a2:af:3f:99:a6:ea:43:65 for 'libipt_LOG.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   39:09:5f:23:c9:34:72:21:57:5d:a8:a1:30:41:cc:7b:dc:de:73:54 for 'libxt_cpu.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   23:29:6f:48:27:6e:16:0b:6d:99:b1:b4:2a:91:14:df:72:0b:b1:ab for 'libip6t_LOG.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   c9:16:92:db:c9:06:c0:de:e9:7c:b9:6e:ba:fd:6e:f1:ff:cc:4d:1b for 'libip6t_icmp6.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   2e:a8:67:ef:38:48:b8:a0:2d:a4:d3:99:4b:1f:0e:bc:db:5c:9e:80 for 'libxt_comment.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   b5:99:55:3b:bd:35:be:b4:f9:93:90:33:f4:4b:65:3d:ad:ba:5e:9c for 'libxt_statistic.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   18:fa:a3:14:df:37:fc:d0:1b:9f:1a:ea:6f:db:f0:70:c8:38:b6:a6 for 'libxt_state.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   aa:9a:5b:58:cb:d0:53:5b:ce:8d:d9:e4:f2:d8:d3:25:38:ce:24:72 for 'libxt_tcpmss.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   1c:b5:30:10:26:19:6e:d1:d2:6f:9c:7f:92:f3:6f:b1:ee:39:48:41 for 'libxt_time.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   7f:cd:3d:b6:df:87:13:c0:e7:c7:2d:ad:d7:04:55:99:a7:49:f2:a0 for 'libipt_REJECT.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   73:d7:5e:80:9f:53:fc:84:40:73:08:db:52:89:3f:3d:31:83:53:10 for 'libxt_limit.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   ee:9b:c9:37:a8:db:06:d4:ba:a2:14:7b:47:8e:ac:af:fe:8c:c8:f7 for 'libipt_realm.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   86:6c:55:30:ae:45:69:1b:3c:4e:08:ba:29:3b:33:26:e8:ff:1f:b3 for 'libip6t_frag.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   d0:27:a6:aa:de:8b:34:d2:72:d5:f2:23:5d:81:78:83:90:40:48:13 for 'libxt_DSCP.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   24:f6:13:0d:e2:e5:bb:94:30:b7:1a:aa:e5:c9:42:47:b3:b6:ea:91 for 'libip6t_hl.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   ab:78:0c:51:34:7b:ff:66:9c:97:1e:f2:c7:0b:06:d9:bd:78:7b:c9 for 'libxt_connmark.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   f2:b9:91:45:6c:6b:6e:55:04:03:d4:66:5c:13:d6:c2:3e:a9:f4:a3 for 'libxt_SET.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   a6:06:e1:bb:12:92:88:f1:90:0d:57:88:1c:3e:ac:ee:e7:27:ec:64 for 'libxt_socket.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   9d:96:65:a3:38:9e:3f:67:a8:15:3f:a1:c3:7b:59:68:85:a4:09:b9 for 'libipt_SAME.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   5c:3a:42:5d:c4:25:60:8c:21:f7:3a:58:de:45:90:43:3a:e4:19:ad for 'libipt_ULOG.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   c5:22:71:d3:8f:10:56:78:d4:cd:0c:3c:04:0a:21:cc:db:24:57:e3 for 'libxt_pkttype.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   38:e9:ff:af:cf:02:73:6d:6b:9c:5e:b4:03:c5:d5:26:12:a4:64:16 for 'libxt_SECMARK.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   28:e0:5c:e1:9a:52:ab:16:23:71:cb:5c:14:8f:b1:6e:c7:c3:4a:d6 for 'libxt_NFLOG.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   e2:db:af:67:88:9b:bd:1f:f0:fb:da:b8:4e:00:e2:87:53:9d:61:ed for 'libxt_helper.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   44:92:7e:1b:2d:34:c5:d9:45:b8:13:33:8c:ca:41:98:3c:be:20:f7 for 'libxt_dscp.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   d6:0e:93:16:f6:2d:46:bd:1d:6b:f9:b7:34:d3:ac:7e:40:2f:29:30 for 'libipt_ttl.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   5d:93:68:d5:e3:ea:c0:93:d6:dc:ba:d5:c0:24:ed:3d:56:66:68:c2 for 'libxt_length.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   3e:f8:a5:fd:8a:e2:28:77:84:ae:7e:dc:f8:4f:bf:b5:24:b4:97:bb for 'libxt_CONNSECMARK.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   42:4c:99:a6:21:e1:19:c8:8b:f7:0e:78:ff:b6:4c:6d:72:db:7b:51 for 'libxt_NFQUEUE.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   29:8a:18:85:82:22:26:dc:be:b2:e9:08:f2:b2:69:b7:a8:27:1a:66 for 'libxt_CLASSIFY.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   c6:3e:0e:cc:c2:03:94:f9:3d:49:25:3b:33:0d:f3:2c:47:ff:d9:96 for 'libxt_CT.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   95:3b:e7:07:c1:5b:15:80:a3:bb:ed:4c:7e:4c:22:1e:2d:58:44:ff for 'libxt_CHECKSUM.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   7f:f7:ef:5a:4e:01:de:31:18:5d:79:cc:d9:a3:14:a6:a1:2d:3a:65 for 'libxt_TCPMSS.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   5a:eb:2e:92:6c:bd:3c:95:fe:82:25:e0:b3:ef:87:3a:3d:19:42:4b for 'libipt_MIRROR.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   7a:b7:2f:5e:8e:54:89:e6:d3:aa:3d:4f:8b:ac:d0:f9:3a:71:4b:e2 for 'libxt_TRACE.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   af:75:74:c5:d6:74:4d:fa:2e:2d:8c:d0:c4:f4:cc:f7:06:42:20:30 for 'libipt_NETMAP.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   f8:93:2b:81:16:dd:d4:cf:0f:d5:f5:52:88:18:f2:1a:df:90:cb:74 for 'libxt_ipvs.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   69:47:c7:94:45:0c:04:df:1c:c8:e4:17:15:ce:3d:24:7f:c5:16:c9 for 'libxt_connbytes.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   5a:0d:07:ab:03:66:03:a7:67:59:e5:f6:1f:7d:04:f2:d3:c0:56:cc for 'libipt_MASQUERADE.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   56:7e:01:c5:09:23:ab:1c:19:03:b6:fb:84:9f:a6:8f:19:63:0c:a3 for 'libip6t_HL.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   32:7f:fa:63:fc:c0:8e:14:e5:64:6b:78:ac:e3:76:94:3a:95:12:7a for 'libip6t_mh.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   d5:37:d4:37:f0:58:13:6e:b3:d7:be:51:7d:be:76:47:b6:23:c6:19 for 'libxt_mark.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   5d:32:1b:a9:90:9d:a2:38:b6:de:15:0b:0d:10:33:7c:16:cf:4c:e4 for 'libxt_TCPOPTSTRIP.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   47:52:53:2c:b9:41:a1:fd:98:11:4c:2f:99:9e:b6:16:98:bd:df:35 for 'libip6t_eui64.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   a0:7e:a0:ae:3d:00:8f:37:97:c5:67:e6:29:cb:73:79:cb:15:02:ed for 'libipt_addrtype.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   2c:19:75:6c:4a:35:48:68:d0:50:a6:58:32:e7:c1:36:b4:a9:94:c3 for 'libxt_LED.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   0f:c1:21:24:64:f3:b1:b9:73:eb:c0:6c:19:90:bb:b9:88:fe:cc:8a for 'libipt_CLUSTERIP.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   e3:58:f5:3f:5c:4b:73:df:16:22:e8:16:41:d9:18:f9:23:ab:c6:2c for 'libxt_cluster.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   20:cf:56:e5:ce:52:11:72:29:f5:5e:1e:ad:52:31:a7:66:b2:dd:5c for 'libxt_hashlimit.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   51:f1:be:7e:59:08:62:a2:c2:5f:29:f4:c5:ef:01:f0:52:df:2a:c5 for 'libipt_REDIRECT.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   3e:f9:01:0e:e2:24:7c:f2:d7:64:1c:f0:4f:0c:a7:32:d0:fd:e8:68 for 'libxt_NOTRACK.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   fc:ca:5d:a6:7d:11:c7:ad:fd:f8:49:88:b0:96:b0:20:f9:0e:77:8a for 'libip6t_rt.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   53:0e:8c:15:15:4a:da:bc:f7:39:c5:e2:46:ba:15:36:6f:05:b3:6b for 'libipt_ah.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   aa:d3:68:ae:62:e7:d0:1d:a3:3e:a7:8e:1a:7c:1a:1f:18:2a:6a:d4 for 'libxt_dccp.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   f7:d6:a5:d8:5a:32:98:d2:1c:ec:71:37:d9:47:da:90:c4:55:e4:6b for 'libxt_rateest.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   4e:05:db:c9:87:2d:6c:6d:af:38:45:8b:35:b1:ba:6d:6a:94:d2:1f for 'libip6t_REJECT.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   9f:b6:70:dc:86:7c:58:b5:83:ef:59:a0:c8:1b:56:35:1d:6b:2c:4b for 'libxt_IDLETIMER.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   36:1d:6f:75:96:07:ad:c4:0d:6f:e0:af:7d:3f:91:57:94:a4:db:b0 for 'libipt_ECN.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   f9:e3:53:1a:bb:67:a0:20:cf:66:7d:46:ca:82:36:75:dd:0a:0d:d4 for 'libxt_MARK.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   9a:d0:87:53:a6:70:8e:1d:60:da:ce:3a:58:ef:44:00:27:70:a6:bd for 'libipt_unclean.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   45:8a:e7:fc:05:34:ef:2a:eb:d5:6f:ce:4d:26:db:10:bd:7f:63:a4 for 'libip6t_hbh.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   42:2c:14:1e:ab:57:e9:c9:a8:0a:3c:7b:31:c2:6a:d4:d0:b5:ed:07 for 'libip6t_ah.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   37:d6:ae:25:19:77:21:4d:7a:d1:c2:95:80:94:24:af:1e:8e:76:b1 for 'libxt_set.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   dd:7b:c0:9b:d9:94:25:a1:e3:6b:69:a1:19:60:a9:00:37:e2:98:79 for 'libxt_TOS.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   ca:1e:da:79:68:a9:0f:6c:c9:14:0a:bd:d1:d1:77:11:6b:69:97:e1 for 'libxt_osf.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   e2:f7:b9:2a:bd:a7:69:f8:27:96:f5:7a:29:80:18:70:58:5d:ce:a3 for 'libipt_SNAT.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   48:a5:5a:a0:dc:11:94:af:63:ba:01:62:00:1c:e1:e9:b3:77:b1:59 for 'libxt_TEE.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   11:ce:3b:45:fe:b3:e6:6a:75:49:0d:42:ba:95:07:1a:c6:f4:0a:7f for 'libxt_udp.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   16:0d:2b:04:d1:1e:b2:25:fb:14:86:15:b6:99:08:18:69:e1:5b:6c for 'libipt_DNAT.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   33:d0:40:bc:0c:64:d3:8b:99:7b:fa:ee:ae:04:59:07:c5:2b:e6:70 for 'libxt_owner.so'

Nov 29 07:39:24 merthyr charon: 10[PTS]   6c:0b:2d:f4:fc:4c:91:22:b5:76:2a:e1:40:d5:3f:dd:1c:f9:e8:9b for 'libxt_conntrack.so'

Nov 29 07:39:24 merthyr charon: 10[IMC] measurement request 5 for file '/sbin/ip6tables'

Nov 29 07:39:24 merthyr charon: 10[PTS]   8a:7c:41:16:7b:c0:fc:c1:de:c8:32:9a:86:8b:a2:65:c2:38:57:f5 for 'ip6tables'

</pre>

Packed into one 'Unix-Style File Metadata' and four 'File Measurement' attributes the measured file data is returned to the TNC server:

<pre>

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC message with ID 0xf30f6458

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 70 bytes @ 0x826ba6c

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 3E 08 00 00 00 00 00  .........>......

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 00 00 00 98 00 00 00 00 4E 51 49 8D 00 00 00 00  ........NQI.....

Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 4E 51 49 8D 00 00 00 00 4E D3 FC 59 00 00 00 00  NQI.....N..Y....

Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 00 00 00 00 00 00 00 00 00 00 00 00 74 6E 63 5F  ............tnc_

Nov 29 07:39:24 merthyr charon: 10[TNC]   64: 63 6F 6E 66 69 67                                config

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 44 bytes @ 0x82573ec

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 01 00 14 40 76 39 35  ............@v95

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: CD EA 25 11 90 02 C4 2F 98 4B 99 4D 8D 2A 6D 75  ..%..../.K.M.*mu

Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 0A 6C 69 62 64 6C 2E 73 6F 2E 32              ..libdl.so.2

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 42 bytes @ 0x82646bc

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 02 00 14 FF 6D EC A0  .............m..

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: EE B7 A2 57 20 5C 5F 0A B5 F5 D8 21 EA 18 40 98  ...W \_....!..@.

Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 08 69 70 74 61 62 6C 65 73                    ..iptables

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 49 bytes @ 0x826bc4c

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 03 00 14 7A 3C A7 21  ............z<.!

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 58 E6 0B 0C 91 E4 8A 42 08 48 F1 B6 93 AE A2 6C  X......B.H.....l

Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 0F 6C 69 62 78 74 61 62 6C 65 73 2E 73 6F 2E  ..libxtables.so.

Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 35                                               5

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 3475 bytes @ 0x82713c4

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 5E 00 04 00 14 2D 0D D5 0B  .......^....-...

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: F5 10 78 05 B7 F9 35 C7 2F 94 C9 BA A2 01 22 B0  ..x...5./.....".

Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 0E 6C 69 62 78 74 5F 71 75 6F 74 61 2E 73 6F  ..libxt_quota.so

Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 33 9A 58 A1 B3 13 83 0C 3C C7 4C B3 FB 52 A5 B8  3.X.....<.L..R..

Nov 29 07:39:24 merthyr charon: 10[TNC]   64: 15 2F 44 E6 00 0C 6C 69 62 78 74 5F 65 73 70 2E  ./D...libxt_esp.

Nov 29 07:39:24 merthyr charon: 10[TNC]   80: 73 6F A3 45 6C 85 20 BF 0B C3 F0 EE 0A 1C 80 03  so.El. .........

Nov 29 07:39:24 merthyr charon: 10[TNC]   96: 21 C0 19 B4 A8 82 00 11 6C 69 62 78 74 5F 73 74  !.......libxt_st

Nov 29 07:39:24 merthyr charon: 10[TNC]  112: 61 6E 64 61 72 64 2E 73 6F 47 E0 CF 82 A1 21 16  andard.soG....!.

Nov 29 07:39:24 merthyr charon: 10[TNC]  128: D6 8A A6 42 39 C4 9A 23 AA B6 CB 35 F4 00 0F 6C  ...B9..#...5...l

                                         --------------- truncated attribute ----------------

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Nov 29 07:39:24 merthyr charon: 10[TNC] => 43 bytes @ 0x8268bfc

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 00 00 00 00 00 00 00 01 00 05 00 14 8A 7C 41 16  .............|A.

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 7B C0 FC C1 DE C8 32 9A 86 8B A2 65 C2 38 57 F5  {.....2....e.8W.

Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 00 09 69 70 36 74 61 62 6C 65 73                 ..ip6tables

</pre>

All data is packed into a huge PB-TNC CDATA batch spanning four IKEv2 UDP datagrams:

<pre>

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01

Nov 29 07:39:24 merthyr charon: 10[TNC] creating PB-TNC CDATA batch

Nov 29 07:39:24 merthyr charon: 10[TNC] adding PB-PA message

Nov 29 07:39:24 merthyr charon: 10[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Nov 29 07:39:24 merthyr charon: 10[TNC] sending PB-TNC CDATA batch (3835 bytes) for Connection ID 1

Nov 29 07:39:24 merthyr charon: 10[TNC] => 3835 bytes @ 0x8270a3c

Nov 29 07:39:24 merthyr charon: 10[TNC]    0: 02 00 00 01 00 00 0E FB 80 00 00 00 00 00 00 01  ................

Nov 29 07:39:24 merthyr charon: 10[TNC]   16: 00 00 0E F3 00 00 55 97 00 00 00 01 00 01 FF FF  ......U.........

Nov 29 07:39:24 merthyr charon: 10[TNC]   32: 01 00 00 00 F3 0F 64 58 80 00 55 97 00 90 00 00  ......dX..U.....

Nov 29 07:39:24 merthyr charon: 10[TNC]   48: 00 00 00 52 00 00 00 00 00 00 00 01 00 3E 08 00  ...R.........>..

Nov 29 07:39:24 merthyr charon: 10[TNC]   64: 00 00 00 00 00 00 00 98 00 00 00 00 4E 51 49 8D  ............NQI.

Nov 29 07:39:24 merthyr charon: 10[TNC]   80: 00 00 00 00 4E 51 49 8D 00 00 00 00 4E D3 FC 59  ....NQI.....N..Y

Nov 29 07:39:24 merthyr charon: 10[TNC]   96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Nov 29 07:39:24 merthyr charon: 10[TNC]  112: 74 6E 63 5F 63 6F 6E 66 69 67 80 00 55 97 00 D0  tnc_config..U...

Nov 29 07:39:24 merthyr charon: 10[TNC]  128: 00 00 00 00 00 38 00 00 00 00 00 00 00 01 00 01  .....8..........

Nov 29 07:39:24 merthyr charon: 10[TNC]  144: 00 14 40 76 39 35 CD EA 25 11 90 02 C4 2F 98 4B  ..@v95..%..../.K

Nov 29 07:39:24 merthyr charon: 10[TNC]  160: 99 4D 8D 2A 6D 75 00 0A 6C 69 62 64 6C 2E 73 6F  .M.*mu..libdl.so

Nov 29 07:39:24 merthyr charon: 10[TNC]  176: 2E 32 80 00 55 97 00 D0 00 00 00 00 00 36 00 00  .2..U........6..

Nov 29 07:39:24 merthyr charon: 10[TNC]  192: 00 00 00 00 00 01 00 02 00 14 FF 6D EC A0 EE B7  ...........m....

Nov 29 07:39:24 merthyr charon: 10[TNC]  208: A2 57 20 5C 5F 0A B5 F5 D8 21 EA 18 40 98 00 08  .W \_....!..@...

Nov 29 07:39:24 merthyr charon: 10[TNC]  224: 69 70 74 61 62 6C 65 73 80 00 55 97 00 D0 00 00  iptables..U.....

Nov 29 07:39:24 merthyr charon: 10[TNC]  240: 00 00 00 3D 00 00 00 00 00 00 00 01 00 03 00 14  ...=............

Nov 29 07:39:24 merthyr charon: 10[TNC]  256: 7A 3C A7 21 58 E6 0B 0C 91 E4 8A 42 08 48 F1 B6  z<.!X......B.H..

Nov 29 07:39:24 merthyr charon: 10[TNC]  272: 93 AE A2 6C 00 0F 6C 69 62 78 74 61 62 6C 65 73  ...l..libxtables

Nov 29 07:39:24 merthyr charon: 10[TNC]  288: 2E 73 6F 2E 35 80 00 55 97 00 D0 00 00 00 00 0D  .so.5..U........

Nov 29 07:39:24 merthyr charon: 10[TNC]  304: 9F 00 00 00 00 00 00 00 5E 00 04 00 14 2D 0D D5  ........^....-..

Nov 29 07:39:24 merthyr charon: 10[TNC]  320: 0B F5 10 78 05 B7 F9 35 C7 2F 94 C9 BA A2 01 22  ...x...5./....."

Nov 29 07:39:24 merthyr charon: 10[TNC]  336: B0 00 0E 6C 69 62 78 74 5F 71 75 6F 74 61 2E 73  ...libxt_quota.s

Nov 29 07:39:24 merthyr charon: 10[TNC]  352: 6F 33 9A 58 A1 B3 13 83 0C 3C C7 4C B3 FB 52 A5  o3.X.....<.L..R.

Nov 29 07:39:24 merthyr charon: 10[TNC]  368: B8 15 2F 44 E6 00 0C 6C 69 62 78 74 5F 65 73 70  ../D...libxt_esp

Nov 29 07:39:24 merthyr charon: 10[TNC]  384: 2E 73 6F A3 45 6C 85 20 BF 0B C3 F0 EE 0A 1C 80  .so.El. ........

Nov 29 07:39:24 merthyr charon: 10[TNC]  400: 03 21 C0 19 B4 A8 82 00 11 6C 69 62 78 74 5F 73  .!.......libxt_s

Nov 29 07:39:24 merthyr charon: 10[TNC]  416: 74 61 6E 64 61 72 64 2E 73 6F 47 E0 CF 82 A1 21  tandard.soG....!

                                         ----------------- truncated batch ------------------

Nov 29 07:39:24 merthyr charon: 10[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Nov 29 07:39:24 merthyr charon: 10[ENC] generating IKE_AUTH request 12 [ EAP/RES/TTLS ]

Nov 29 07:39:24 merthyr charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:24 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:24 merthyr charon: 05[ENC] parsed IKE_AUTH response 12 [ EAP/REQ/TTLS ]

Nov 29 07:39:24 merthyr charon: 05[ENC] generating IKE_AUTH request 13 [ EAP/RES/TTLS ]

Nov 29 07:39:24 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:24 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:24 merthyr charon: 15[ENC] parsed IKE_AUTH response 13 [ EAP/REQ/TTLS ]

Nov 29 07:39:24 merthyr charon: 15[ENC] generating IKE_AUTH request 14 [ EAP/RES/TTLS ]

Nov 29 07:39:24 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Nov 29 07:39:24 merthyr charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:24 merthyr charon: 14[ENC] parsed IKE_AUTH response 14 [ EAP/REQ/TTLS ]

Nov 29 07:39:24 merthyr charon: 14[ENC] generating IKE_AUTH request 15 [ EAP/RES/TTLS ]

Nov 29 07:39:24 merthyr charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Functional Component Evidence

The final PB-TNC SDATA batch arrives from the TNC server:

<pre>

Nov 29 07:39:24 merthyr charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Nov 29 07:39:24 merthyr charon: 03[ENC] parsed IKE_AUTH response 15 [ EAP/REQ/TTLS ]

Nov 29 07:39:24 merthyr charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Nov 29 07:39:24 merthyr charon: 03[TNC] received TNCCS batch (92 bytes) for Connection ID 1

Nov 29 07:39:24 merthyr charon: 03[TNC] => 92 bytes @ 0x826a546

Nov 29 07:39:24 merthyr charon: 03[TNC]    0: 02 80 00 02 00 00 00 5C 80 00 00 00 00 00 00 01  .......\........

Nov 29 07:39:24 merthyr charon: 03[TNC]   16: 00 00 00 54 00 00 55 97 00 00 00 01 FF FF 00 01  ...T..U.........

Nov 29 07:39:24 merthyr charon: 03[TNC]   32: 01 00 00 00 AA 37 58 07 80 00 55 97 00 10 00 00  .....7X...U.....

Nov 29 07:39:24 merthyr charon: 03[TNC]   48: 00 00 00 24 10 00 00 00 00 90 2A 21 00 00 00 03  ...$......*!....

Nov 29 07:39:24 merthyr charon: 03[TNC]   64: 10 00 00 00 00 90 2A 21 00 00 00 02 80 00 55 97  ......*!......U.

Nov 29 07:39:24 merthyr charon: 03[TNC]   80: 00 20 00 00 00 00 00 10 00 00 00 00              . ..........

Nov 29 07:39:24 merthyr charon: 03[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Nov 29 07:39:24 merthyr charon: 03[TNC] processing PB-TNC SDATA batch

</pre>

Again the PTS-IMC is subscribed to this PB-PA message type:

<pre>

Per subscription the PTS-IMC receives this PB-PA message type:

Nov 29 07:39:24 merthyr charon: 03[TNC] processing PB-PA message (84 bytes)

Nov 29 07:39:24 merthyr charon: 03[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01

</pre>

The PA-TNC message contains a 'Request Functional Component Evidence' and a final 'Generate Attestation Evidence' attribute from the TCG namespace:<pre>

Nov 29 07:39:24 merthyr charon: 03[TNC] processing PA-TNC message with ID 0xaa375807

Nov 29 07:39:24 merthyr charon: 03[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000

Nov 29 07:39:24 merthyr charon: 03[TNC] => 24 bytes @ 0x826bc50

Nov 29 07:39:24 merthyr charon: 03[TNC]    0: 10 00 00 00 00 90 2A 21 00 00 00 03 10 00 00 00  ......*!........

Nov 29 07:39:24 merthyr charon: 03[TNC]   16: 00 90 2A 21 00 00 00 02                          ..*!....

Nov 29 07:39:24 merthyr charon: 03[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000

Nov 29 07:39:24 merthyr charon: 03[TNC] => 4 bytes @ 0x826bc74

Nov 29 07:39:24 merthyr charon: 03[TNC]    0: 00 00 00 00

</pre>

The first evidence request is for the "Linux IMA":http://linux-ima.sourceforge.net/ functional component defined in the ITA-HSR namespace which verifies the 126 measurements extended into PCRs 0..7 during pre-boot process.

<pre>

Nov 29 07:39:24 merthyr charon: 03[IMC] evidence requested for 2 functional components

Nov 29 07:39:24 merthyr charon: 03[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] loaded bios measurements '/sys/kernel/security/tpm0/binary_bios_measurements' (126 entries)

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 extended with: 4d:89:4e:ef:0a:e7:cb:12:47:40:df:4f:6c:5c:35:aa:0f:e7:da:e8

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 after value  : 53:2d:3c:15:48:a8:56:f0:68:a9:dd:63:8f:b2:ed:6a:f2:f3:c7:90

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 extended with: f2:c8:46:e7:f3:35:f7:b9:e9:dd:0a:44:f4:8c:48:e1:98:67:50:c7

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 before value : 53:2d:3c:15:48:a8:56:f0:68:a9:dd:63:8f:b2:ed:6a:f2:f3:c7:90

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 after value  : 9c:69:c6:4a:1b:13:fc:27:4b:45:1e:c1:b5:65:49:77:88:da:f4:7a

                                        --------------------- omitted another 54 PCR 0 measurements ---------------------

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 extended with: a2:3b:27:98:83:91:5b:0d:c3:31:30:81:92:43:66:ea:5e:75:bd:c1

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 before value : 69:f8:2a:f1:0a:82:a2:57:37:ed:b6:bd:29:19:a0:cc:89:7c:2b:2c

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 after value  : 83:2b:c0:fd:f5:cd:ab:86:fe:8f:c5:88:54:75:8f:40:0f:ff:58:f5

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: ef:75:11:b5:24:85:57:ae:63:7f:46:b5:52:f8:af:59:02:0f:2b:00

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : e9:6e:49:77:ac:62:c8:e9:1f:c2:83:23:36:02:b3:b4:55:09:f0:5e

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: 62:40:c5:88:a2:d7:74:0f:5c:2c:95:23:bf:f7:d9:83:34:99:8d:77

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : e9:6e:49:77:ac:62:c8:e9:1f:c2:83:23:36:02:b3:b4:55:09:f0:5e

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : a4:d1:b9:c6:e4:fa:28:96:1f:38:fa:1c:16:a6:8a:36:ec:9e:b3:f0

                                        --------------------- omitted another 8 PCR 2 measurements ----------------------

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: 64:61:d3:77:19:99:c3:a4:b3:c1:5b:f4:e3:8d:a3:0b:91:bc:1b:17

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : d7:e7:4d:8a:31:27:fe:7f:56:90:f5:32:87:93:dd:ce:d7:d8:8f:2b

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : dc:a3:35:e6:4e:b3:32:00:4f:7b:fd:52:37:3a:2e:66:8b:94:20:6d

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  6 extended with: fc:ad:78:7f:77:71:63:7d:65:96:38:d9:2b:5e:ee:93:85:b3:d7:b9

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  6 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  6 after value  : e9:ee:75:26:27:c1:99:88:cc:8b:3e:c7:58:8a:6d:80:f5:e9:d5:07

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 extended with: 4b:90:d9:17:8e:fc:5c:f9:a9:dd:f4:f8:bc:c4:90:08:78:5d:76:ec

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 before value : 83:2b:c0:fd:f5:cd:ab:86:fe:8f:c5:88:54:75:8f:40:0f:ff:58:f5

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  0 after value  : ea:7d:5a:f1:39:6d:a6:35:23:cf:5c:97:49:89:7d:e4:c5:49:ae:a1

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: e7:9e:46:8b:19:21:b2:29:3a:80:c5:91:7e:fa:6a:45:c3:79:e8:10

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : dc:a3:35:e6:4e:b3:32:00:4f:7b:fd:52:37:3a:2e:66:8b:94:20:6d

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : 7b:83:a8:ab:51:ce:93:7b:6a:ea:c9:ec:cc:82:18:36:eb:7b:d2:de

                                        --------------------- omitted another 5 PCR 2 measurements ----------------------

ov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: 0b:a6:11:dd:45:de:9a:cb:e3:d0:da:0d:2e:47:8e:4a:a7:7f:f5:15

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : c8:cd:82:14:ee:b8:9d:e7:e4:98:9d:4f:52:0f:b2:6c:8a:4a:bf:50

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : 05:21:91:68:2b:2d:00:ec:d9:33:44:8f:4a:08:bc:03:aa:86:55:8a

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  4 extended with: 9b:4d:80:cf:ef:c7:d5:57:6c:4d:9f:22:48:72:50:58:96:ef:27:98

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  4 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  4 after value  : da:6f:12:b6:2d:5c:71:56:5d:1b:5d:4d:88:82:db:51:76:25:18:56

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: e7:9e:46:8b:19:21:b2:29:3a:80:c5:91:7e:fa:6a:45:c3:79:e8:10

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 before value : 05:21:91:68:2b:2d:00:ec:d9:33:44:8f:4a:08:bc:03:aa:86:55:8a

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 after value  : 20:4b:04:96:e8:ec:2a:9f:4e:c6:84:07:bd:ce:92:53:3b:24:1a:b3

                                        --------------------- omitted another 2 PCR 2 measurements ----------------------

Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011

Nov 29 07:39:24 merthyr charon: 03[PTS] PCR  2 extended with: be:1b:de:c0:aa:74:b4:dc:b0:79:94:3e:70:52:80:96:cc:a9:85:f8