TNC Client with PTS-IMC » History » Version 60
« Previous -
Version 60/69
(diff) -
Next » -
Current version
Andreas Steffen, 09.02.2012 15:30
TNC Client with PTS-IMC¶
This HOWTO explains in a step-for-step fashion how a strongSwan IPsec client with integrated TNC client functionality and an attached Platform Trust Service Integrity Measurement Collector (PTS-IMC) can provide remote attestation measurement data to a TNC server via the IKEv2 EAP-TTLS protocol.
- Table of contents
- TNC Client with PTS-IMC
Installation and Configuration¶
The following steps describe the installation of the strongSwan software
wget http://download.strongswan.org/strongswan-4.6.2rc1.tar.bz2
tar xjf strongswan-4.6.2rc1.tar.bz2
cd strongswan-4.6.2rc1
./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-openssl --enable-curl
--enable-eap-identity --enable-eap-md5 --enable-eap-ttls --enable-eap-tnc
--enable-tnccs-20 --enable-tnc-imc --enable-imc-attestation
make
[sudo] make install
The strongSwan imc-attestation.so dynamic PTS-IMC library depends on the TrouSerS libtspi library. For compilation additionally the /usr/include/trousers/ header files are required.
The connection between IPsec client carol and IPsec gateway moon is defined in the /etc/ipsec.conf file:
# ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="tnc 3, imc 3, pts 3"
conn home
left=%any
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsendcert=never
rightsubnet=10.1.0.0/16
auto=start
The debug levels for the TNC, IMC, and PTS components are increased to 3, so that HEX dumps of PB-TNC (IF-TNCCS 2.0) messages and PA-TNC (IF-M) attributes will be included in the log file.
The IKEv2 client carol is going to use EAP-based authentication with the user credentials being stored in the /etc/ipsec.secrets file:
# /etc/ipsec.secrets - strongSwan IPsec secrets file carol@strongswan.org : EAP "Ar3etTnp"
The following IKEv2 charon and Attestation IMC options are defined in the /etc/strongswan.conf file
# strongswan.conf - strongSwan configuration file
charon {
load = sha1 random gmp pkcs1 pkcs8 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke
plugins {
eap-tnc {
protocol = tnccs-2.0
}
tnc-imc {
preferred_language = en
}
}
}
libimcv {
plugins {
imc-attestation {
aik_cert = /home/andi/privacyca/AIK_3_Cert.der
aik_blob = /home/andi/privacyca/AIK_3_Blob.bin
pcr17_meas = d537d437f058136eb3d7be517dbe7647b623c619
pcr17_before = 1717171717171717171717171717171717171717
pcr17_after = ffffffffffffffffffffffffffffffffffffffff
pcr18_meas = 160d2b04d11eb225fb148615b699081869e15b6c
pcr18_before = 1818181818181818181818181818181818181818
pcr18_after = ffffffffffffffffffffffffffffffffffffffff
}
}
}
IKEv2 Negotiation¶
Startup and Initialization¶
The command
ipsec start
starts the TNC-enabled IPsec client:
Feb 9 14:53:42 pin1212a00 charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.2rc1) Feb 9 14:53:42 pin1212a00 charon: 00[KNL] listening on interfaces: Feb 9 14:53:42 pin1212a00 charon: 00[KNL] eth0 Feb 9 14:53:42 pin1212a00 charon: 00[KNL] 152.96.31.100 Feb 9 14:53:42 pin1212a00 charon: 00[KNL] fe80::219:99ff:feb3:92c3 Feb 9 14:53:42 pin1212a00 charon: 00[KNL] umlbr0 Feb 9 14:53:42 pin1212a00 charon: 00[KNL] 192.168.0.254 Feb 9 14:53:42 pin1212a00 charon: 00[KNL] fe80::9cb8:adff:fe5a:270a
The file /etc/tnc_config
# IMC configuration file for strongSwan client IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so
defines which IMCs are loaded by the TNC client:
Feb 9 14:53:42 pin1212a00 charon: 00[TNC] loading IMCs from '/etc/tnc_config' Feb 9 14:53:42 pin1212a00 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA1[sha1] available Feb 9 14:53:42 pin1212a00 charon: 00[PTS] mandatory PTS measurement algorithm HASH_SHA256[openssl] available Feb 9 14:53:42 pin1212a00 charon: 00[PTS] optional PTS measurement algorithm HASH_SHA384[openssl] available Feb 9 14:53:42 pin1212a00 charon: 00[PTS] optional PTS DH group MODP_2048[gmp] available Feb 9 14:53:42 pin1212a00 charon: 00[PTS] optional PTS DH group MODP_1536[gmp] available Feb 9 14:53:42 pin1212a00 charon: 00[PTS] optional PTS DH group MODP_1024[gmp] available Feb 9 14:53:42 pin1212a00 charon: 00[PTS] mandatory PTS DH group ECP_256[openssl] available Feb 9 14:53:42 pin1212a00 charon: 00[PTS] optional PTS DH group ECP_384[openssl] available Feb 9 14:53:42 pin1212a00 charon: 00[TNC] added IETF attributes Feb 9 14:53:42 pin1212a00 charon: 00[TNC] added ITA-HSR attributes Feb 9 14:53:42 pin1212a00 charon: 00[LIB] libimcv initialized Feb 9 14:53:42 pin1212a00 charon: 00[IMC] IMC 1 "Attestation" initialized Feb 9 14:53:42 pin1212a00 charon: 00[TNC] added TCG attributes Feb 9 14:53:42 pin1212a00 charon: 00[PTS] added TCG functional component namespace Feb 9 14:53:42 pin1212a00 charon: 00[PTS] added ITA-HSR functional component namespace Feb 9 14:53:42 pin1212a00 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader' Feb 9 14:53:42 pin1212a00 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot' Feb 9 14:53:42 pin1212a00 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA' Feb 9 14:53:42 pin1212a00 charon: 00[LIB] libpts initialized Feb 9 14:53:42 pin1212a00 charon: 00[IMC] IMC 1 "Attestation" provided with bind function Feb 9 14:53:42 pin1212a00 charon: 00[TNC] IMC 1 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001 Feb 9 14:53:42 pin1212a00 charon: 00[TNC] IMC 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'
Next the IKEv2 credential,all necessary plugins and the IPsec connection definition are loaded
Feb 9 14:53:42 pin1212a00 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Feb 9 14:53:42 pin1212a00 charon: 00[CFG] loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem' Feb 9 14:53:42 pin1212a00 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Feb 9 14:53:42 pin1212a00 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Feb 9 14:53:42 pin1212a00 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Feb 9 14:53:42 pin1212a00 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Feb 9 14:53:42 pin1212a00 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Feb 9 14:53:42 pin1212a00 charon: 00[CFG] loaded EAP secret for carol@strongswan.org Feb 9 14:53:42 pin1212a00 charon: 00[DMN] loaded plugins: sha1 random gmp pkcs1 pkcs8 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke Feb 9 14:53:42 pin1212a00 charon: 00[JOB] spawning 16 worker threads Feb 9 14:53:42 pin1212a00 charon: 09[CFG] received stroke: add connection 'home' Feb 9 14:53:42 pin1212a00 charon: 09[CFG] left nor right host is our side, assuming left=local Feb 9 14:53:42 pin1212a00 charon: 09[CFG] added configuration 'home'
IKEv2 Exchanges¶
Due to auto=start the IKEv2 negotiation automatically initiates the IKE_SA_INIT exchange
Feb 9 14:53:48 pin1212a00 charon: 07[CFG] received stroke: initiate 'home' Feb 9 14:53:48 pin1212a00 charon: 12[IKE] initiating IKE_SA home[1] to 192.168.0.1 Feb 9 14:53:48 pin1212a00 charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Feb 9 14:53:48 pin1212a00 charon: 12[NET] sending packet: from 192.168.0.254[500] to 192.168.0.1[500] Feb 9 14:53:48 pin1212a00 charon: 13[NET] received packet: from 192.168.0.1[500] to 192.168.0.254[500] Feb 9 14:53:48 pin1212a00 charon: 13[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
followed by the IKE_AUTH exchange where the IKEv2 gateway proposes a mutual IKEv2 EAP-TTLS only authentication:
Feb 9 14:53:48 pin1212a00 charon: 13[IKE] establishing CHILD_SA home Feb 9 14:53:48 pin1212a00 charon: 13[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] Feb 9 14:53:48 pin1212a00 charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] Feb 9 14:53:48 pin1212a00 charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 14[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 14[IKE] server requested EAP_TTLS authentication (id 0x0A) Feb 9 14:53:48 pin1212a00 charon: 14[TLS] EAP_TTLS version is v0 Feb 9 14:53:48 pin1212a00 charon: 14[IKE] allow mutual EAP-only authentication
IKEv2 EAP-TTLS Tunnel¶
The IKEv2 EAP-TTLS tunnel is set up with certificate-based server authentication
Feb 9 14:53:48 pin1212a00 charon: 14[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] Feb 9 14:53:48 pin1212a00 charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 15[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 15[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] Feb 9 14:53:48 pin1212a00 charon: 11[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 11[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 11[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Feb 9 14:53:48 pin1212a00 charon: 11[TLS] received TLS server certificate 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' Feb 9 14:53:48 pin1212a00 charon: 11[CFG] using certificate "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" Feb 9 14:53:48 pin1212a00 charon: 11[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Feb 9 14:53:48 pin1212a00 charon: 11[CFG] checking certificate status of "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" Feb 9 14:53:48 pin1212a00 charon: 11[CFG] fetching crl from 'http://crl.strongswan.org/strongswan.crl' ... Feb 9 14:53:48 pin1212a00 charon: 11[CFG] using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Feb 9 14:53:48 pin1212a00 charon: 11[CFG] crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Feb 9 14:53:48 pin1212a00 charon: 11[CFG] crl is valid: until Mar 09 10:28:34 2012 Feb 9 14:53:48 pin1212a00 charon: 11[CFG] certificate status is good Feb 9 14:53:48 pin1212a00 charon: 11[CFG] reached self-signed root ca with a path length of 0 Feb 9 14:53:48 pin1212a00 charon: 11[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 11[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Tunneled EAP-Identity¶
Via the IKEv2 EAP-TTLS tunnel the server requests the EAP client identity
Feb 9 14:53:48 pin1212a00 charon: 08[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 08[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID] Feb 9 14:53:48 pin1212a00 charon: 08[IKE] server requested EAP_IDENTITY authentication (id 0x00) Feb 9 14:53:48 pin1212a00 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID] Feb 9 14:53:48 pin1212a00 charon: 08[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 08[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Tunneled EAP-MD5 Client Authentication¶
Next follows an EAP-MD5 client authentication
Feb 9 14:53:48 pin1212a00 charon: 09[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 09[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/MD5] Feb 9 14:53:48 pin1212a00 charon: 09[IKE] server requested EAP_MD5 authentication (id 0x29) Feb 9 14:53:48 pin1212a00 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/MD5] Feb 9 14:53:48 pin1212a00 charon: 09[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 09[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Tunneled EAP-TNC Transport¶
Now the EAP-TNC transport protocol connecting the TNC client with the TNC server is started:
Feb 9 14:53:48 pin1212a00 charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 10[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 10[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC] Feb 9 14:53:48 pin1212a00 charon: 10[IKE] server requested EAP_TNC authentication (id 0xC5) Feb 9 14:53:48 pin1212a00 charon: 10[TLS] EAP_TNC version is v1
PB-TNC/IF-TNCCS 2.0 Connection¶
A new TNCCS connection is instantiated on the TNC client and its IF-TNCCS 2.0 state machine is set to the Init state.
A first PB-TNC CDATA (IF-TNCCS 2.0 ClientData) batch is prepared and a PB-Language-Preference message for Englisch (en) is added:
Feb 9 14:53:48 pin1212a00 charon: 10[TNC] assigned TNCCS Connection ID 1 Feb 9 14:53:48 pin1212a00 charon: 10[TNC] creating PB-TNC CDATA batch Feb 9 14:53:48 pin1212a00 charon: 10[TNC] adding PB-Language-Preference message
An instance of the Attestation PTS-IMC is created which in a first step determines the client operating systen
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] platform is 'Ubuntu 11.04 i686'
and then loads the AIK certificate and the matching AIK private key, the latter in the form of a TPM-encrypted binary blob
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] loaded AIK certificate from '/home/seclab/privacyca/AIK_Cert.der'
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] loaded AIK Blob from '/home/seclab/privacyca/AIK_Blob.bin'
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] AIK Blob: => 559 bytes @ 0x9136e08
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 0: 01 01 00 00 00 12 00 00 00 04 00 00 00 00 01 00 ................
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 16: 01 00 02 00 00 00 0C 00 00 08 00 00 00 00 02 00 ................
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 32: 00 00 00 00 00 00 00 00 00 01 00 81 E3 38 7C 4D .............8|M
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 48: 46 70 CB D5 33 62 38 50 AD 98 D1 28 56 D3 6E 71 Fp..3b8P...(V.nq
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 64: CF AA E3 C8 31 BD F6 FE 53 6A ED C8 54 0E 7C FB ....1...Sj..T.|.
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 80: 00 98 80 D6 7D C7 57 D4 EC 24 93 59 48 1F DA 67 ....}.W..$.YH..g
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 96: 30 87 4F D3 59 B2 CA A8 9D CE C9 27 9A 03 57 C0 0.O.Y......'..W.
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 112: FE 1F AB EE E5 C2 A8 C6 D5 DC C7 1E 81 74 4D 3D .............tM=
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 128: B5 98 6D 57 22 74 02 F1 41 7C E3 68 C1 1C 1C 2F ..mW"t..A|.h.../
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 144: 57 54 CA 4A FB D6 3D 33 37 A9 BC FF 6F 50 13 CC WT.J..=37...oP..
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 160: C2 D3 83 F1 4B 01 FD 66 A6 EE 7A D3 E0 E2 C0 51 ....K..f..z....Q
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 176: 55 A2 8A AB F4 85 09 74 24 64 03 DD 65 1C 26 2F U......t$d..e.&/
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 192: 35 08 BF 57 D9 28 DA D3 D7 5B ED C8 C6 6C 43 7E 5..W.(...[...lC~
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 208: DE D3 93 F4 D5 D7 36 1E 31 9A A8 42 10 7A F5 94 ......6.1..B.z..
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 224: 93 9C 8F BD 6D BC 66 1D 30 A5 B3 B3 44 4D DA 6D ....m.f.0...DM.m
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 240: 35 64 A6 08 EB D2 A6 99 18 56 01 28 3B 26 94 FD 5d.......V.(;&..
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 256: 6F 7F AD 45 68 3C 8A 7D 38 8C DB D8 5F 76 16 F5 o..Eh<.}8..._v..
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 272: 5E 8A 4B C2 2B 19 8A 27 D9 80 3C C8 13 01 11 70 ^.K.+..'..<....p
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 288: CC D6 EF 57 F3 EF 37 A2 E6 B5 49 00 00 01 00 4C ...W..7...I....L
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 304: DA 76 65 D0 54 8C F9 E8 B6 C4 9E 26 37 70 B4 45 .ve.T......&7p.E
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 320: C0 42 E0 A3 7A 3E 9D 57 96 B0 C8 68 DE 6A 84 76 .B..z>.W...h.j.v
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 336: 9A 9A E3 F9 D7 44 AB E0 A2 4B D2 3E 44 BD D9 92 .....D...K.>D...
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 352: 53 AF 6A 04 26 56 04 FC F9 43 D0 68 E3 63 AD 7B S.j.&V...C.h.c.{
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 368: 5C A2 50 B8 BA A2 F0 53 8C 8B 3A 67 35 49 CA E4 \.P....S..:g5I..
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 384: 35 A3 35 4B E7 31 D0 25 10 D4 6A B9 17 32 F9 53 5.5K.1.%..j..2.S
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 400: 22 E9 13 9D 13 E9 0D F0 59 55 33 36 5C A5 28 FB ".......YU36\.(.
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 416: 86 88 69 69 F0 93 6F 4B 62 76 B0 0E 64 E9 69 2D ..ii..oKbv..d.i-
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 432: 7D 9E 9E ED E1 1E 62 4C 63 AA D8 FD 87 86 77 3C }.....bLc.....w<
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 448: C1 04 E8 63 81 54 FE 75 82 D8 36 96 67 6A D1 18 ...c.T.u..6.gj..
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 464: 78 6C 7D 7B 8C BB 28 A0 AC 84 D8 7B 7E D0 55 38 xl}{..(....{~.U8
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 480: 80 64 4C 3A 38 E0 B0 1A FE A7 C8 C3 A1 F9 21 A5 .dL:8.........!.
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 496: D1 6F DE C4 CE 0B 62 D6 39 DA A4 35 45 B3 B6 D2 .o....b.9..5E...
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 512: D4 73 0B 82 28 B5 C1 79 88 85 D8 7D 54 38 E0 DA .s..(..y...}T8..
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 528: 57 2C 57 C1 34 4D 26 B8 9F A3 81 5B 4A 98 E5 E6 W,W.4M&....[J...
Feb 9 14:53:48 pin1212a00 charon: 10[PTS] 544: 89 94 25 A0 3F 9F 5A 3E CF A3 9A 0B 55 74 02 ..%.?.Z>....Ut.
Feb 9 14:53:48 pin1212a00 charon: 10[IMC] IMC 1 "Attestation" created a state for Connection ID 1: IF-TNCCS 2.0 with +long +excl -soh over IF-T for Tunneled EAP 1.1
Via the IF-IMC interface the PTS-IMC receives a 'Handshake' state change from the TNC client
Feb 9 14:53:48 pin1212a00 charon: 10[IMC] IMC 1 "Attestation" changed state of Connection ID 1 to 'Handshake'
The PTS-IMC generates a PA-TNC message of type TCG/PTS targeted at the remote PTS-IMV, containing a single PA-TNC attribute of type 'IETF/Product Information' with the client operating system information:
Feb 9 14:53:48 pin1212a00 charon: 10[TNC] creating PA-TNC message with ID 0xf6c4bd2b Feb 9 14:53:48 pin1212a00 charon: 10[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 Feb 9 14:53:48 pin1212a00 charon: 10[TNC] => 22 bytes @ 0x91322a0 Feb 9 14:53:48 pin1212a00 charon: 10[TNC] 0: 00 00 00 00 00 55 62 75 6E 74 75 20 31 31 2E 30 .....Ubuntu 11.0 Feb 9 14:53:48 pin1212a00 charon: 10[TNC] 16: 34 20 69 36 38 36 4 i686 Feb 9 14:53:48 pin1212a00 charon: 10[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Feb 9 14:53:48 pin1212a00 charon: 10[TNC] adding PB-PA message
The PA-TNC message is received by the TNC client via the IF-IMC SendMessage call and is inserted together with the
PB-Language-Preference message into the PB-TNC CDATA batch which is then sent via the IKEv2 EAP-TTLS tunnel to the TNC server.
Feb 9 14:53:48 pin1212a00 charon: 10[TNC] PB-TNC state transition from 'Init' to 'Server Working' Feb 9 14:53:48 pin1212a00 charon: 10[TNC] sending PB-TNC CDATA batch (105 bytes) for Connection ID 1 Feb 9 14:53:48 pin1212a00 charon: 10[TNC] => 105 bytes @ 0x9137040 Feb 9 14:53:48 pin1212a00 charon: 10[TNC] 0: 02 00 00 01 00 00 00 69 00 00 00 00 00 00 00 06 .......i........ Feb 9 14:53:48 pin1212a00 charon: 10[TNC] 16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75 ....Accept-Langu Feb 9 14:53:48 pin1212a00 charon: 10[TNC] 32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00 age: en......... Feb 9 14:53:48 pin1212a00 charon: 10[TNC] 48: 00 00 42 00 00 55 97 00 00 00 01 00 01 FF FF 01 ..B..U.......... Feb 9 14:53:48 pin1212a00 charon: 10[TNC] 64: 00 00 00 F6 C4 BD 2B 00 00 00 00 00 00 00 02 00 ......+......... Feb 9 14:53:48 pin1212a00 charon: 10[TNC] 80: 00 00 22 00 00 00 00 00 55 62 75 6E 74 75 20 31 ..".....Ubuntu 1 Feb 9 14:53:48 pin1212a00 charon: 10[TNC] 96: 31 2E 30 34 20 69 36 38 36 1.04 i686 Feb 9 14:53:48 pin1212a00 charon: 10[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC] Feb 9 14:53:48 pin1212a00 charon: 10[ENC] generating IKE_AUTH request 7 [ EAP/RES/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
PTS Capability Discovery¶
As a response a PB-TNC SDATA (IF-TNCCS 2.0 ServerData) batch is received from the TNC server
Feb 9 14:53:48 pin1212a00 charon: 12[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 12[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC] Feb 9 14:53:48 pin1212a00 charon: 12[TNC] received TNCCS batch (72 bytes) for Connection ID 1 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] => 72 bytes @ 0x9131442 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 0: 02 80 00 02 00 00 00 48 80 00 00 00 00 00 00 01 .......H........ Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 16: 00 00 00 40 00 00 55 97 00 00 00 01 FF FF 00 01 ...@..U......... Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 32: 01 00 00 00 4B 21 AF FF 80 00 55 97 01 00 00 00 ....K!....U..... Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 48: 00 00 00 10 00 00 00 0E 80 00 55 97 06 00 00 00 ..........U..... Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 64: 00 00 00 10 00 00 80 00 ........ Feb 9 14:53:48 pin1212a00 charon: 12[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Feb 9 14:53:48 pin1212a00 charon: 12[TNC] processing PB-TNC SDATA batch
containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:
Feb 9 14:53:48 pin1212a00 charon: 12[TNC] processing PB-PA message (64 bytes) Feb 9 14:53:48 pin1212a00 charon: 12[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
The PA-TNC message transferred via the IF-IMC interface to the PTS-IMC contains two PA-TNC attributes from the TCG/PTS namespace:
Feb 9 14:53:48 pin1212a00 charon: 12[IMC] IMC 1 "Attestation" received message for Connection ID 1 from IMV 1 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] processing PA-TNC message with ID 0x4b21afff Feb 9 14:53:48 pin1212a00 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] => 4 bytes @ 0x9135bdc Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 0: 00 00 00 0E .... Feb 9 14:53:48 pin1212a00 charon: 12[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] => 4 bytes @ 0x9135bec Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 0: 00 00 80 00 ....
namely the requests 'Request PTS Protocol Capabilities' and 'PTS Measurement Algorithm Request'. The PTS-IMV supports the Verification (V), DH Nonce Negotiation (D) and Trusted Platform Evidence (T) PTS protocol capabilities and the PTS-IMC does as well.
Feb 9 14:53:48 pin1212a00 charon: 12[PTS] supported PTS protocol capabilities: .VDT. Feb 9 14:53:48 pin1212a00 charon: 12[PTS] selected PTS measurement algorithm is HASH_SHA1
The PTS-IMV proposes SHA-1 only for the PTS measurement algorithm which is accepted by the PTS-IMC. These two selections are sent back to the PTS-IMV in a PA-TNC message containing the TCG attributes 'PTS Protocol Capabilities' and 'PTS Measurement Algorithm":
Feb 9 14:53:48 pin1212a00 charon: 12[TNC] creating PA-TNC message with ID 0x349421bb Feb 9 14:53:48 pin1212a00 charon: 12[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] => 4 bytes @ 0x9136df8 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 0: 00 00 00 0E .... Feb 9 14:53:48 pin1212a00 charon: 12[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] => 4 bytes @ 0x91314e0 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 0: 00 00 80 00 ....
This PA-TNC message is sent as a PB-PA payload in a PB-TNC CDATA batch to the TNC server:
Feb 9 14:53:48 pin1212a00 charon: 12[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] creating PB-TNC CDATA batch Feb 9 14:53:48 pin1212a00 charon: 12[TNC] adding PB-PA message Feb 9 14:53:48 pin1212a00 charon: 12[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Feb 9 14:53:48 pin1212a00 charon: 12[TNC] sending PB-TNC CDATA batch (72 bytes) for Connection ID 1 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] => 72 bytes @ 0x9135b58 Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 0: 02 00 00 01 00 00 00 48 80 00 00 00 00 00 00 01 .......H........ Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 16: 00 00 00 40 00 00 55 97 00 00 00 01 00 01 FF FF ...@..U......... Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 32: 01 00 00 00 34 94 21 BB 00 00 55 97 02 00 00 00 ....4.!...U..... Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 48: 00 00 00 10 00 00 00 0E 00 00 55 97 07 00 00 00 ..........U..... Feb 9 14:53:48 pin1212a00 charon: 12[TNC] 64: 00 00 00 10 00 00 80 00 ........ Feb 9 14:53:48 pin1212a00 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC] Feb 9 14:53:48 pin1212a00 charon: 12[ENC] generating IKE_AUTH request 8 [ EAP/RES/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 12[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
DH Nonce Parameters¶
The next PB-TNC SDATA batch is received:
Feb 9 14:53:48 pin1212a00 charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 13[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC] Feb 9 14:53:48 pin1212a00 charon: 13[TNC] received TNCCS batch (56 bytes) for Connection ID 1 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] => 56 bytes @ 0x9135bd2 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 0: 02 80 00 02 00 00 00 38 80 00 00 00 00 00 00 01 .......8........ Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 16: 00 00 00 30 00 00 55 97 00 00 00 01 FF FF 00 01 ...0..U......... Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 32: 01 00 00 00 BD 1F 9F 28 80 00 55 97 03 00 00 00 .......(..U..... Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 48: 00 00 00 10 00 00 F0 00 ........ Feb 9 14:53:48 pin1212a00 charon: 13[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Feb 9 14:53:48 pin1212a00 charon: 13[TNC] processing PB-TNC SDATA batch
containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:
Feb 9 14:53:48 pin1212a00 charon: 13[TNC] processing PB-PA message (48 bytes) Feb 9 14:53:48 pin1212a00 charon: 13[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
The PA-TNC message contains a 'DH Nonce Parameters Request' from the TCG namespace
Feb 9 14:53:48 pin1212a00 charon: 13[IMC] IMC 1 "Attestation" received message for Connection ID 1 from IMV 1 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] processing PA-TNC message with ID 0xbd1f9f28 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] => 4 bytes @ 0x9135fc4 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 0: 00 00 F0 00 ....
and offers the set of IKE DH groups {2, 5, 14, 19} from which the PTS-IMC selects ECP_256 (group 14).
Feb 9 14:53:48 pin1212a00 charon: 13[PTS] selected PTS DH group is ECP_256 Feb 9 14:53:48 pin1212a00 charon: 13[PTS] nonce length is 20
The PTS-IMC also returns a 20 byte DH responder nonce and the 32 byte ECP_256 DH responder public value:
Feb 9 14:53:48 pin1212a00 charon: 13[TNC] creating PA-TNC message with ID 0x144b8472 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] => 92 bytes @ 0x9132b50 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 0: 00 00 00 14 10 00 E0 00 B9 FD DB 13 D2 BE 4E BA ..............N. Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 16: E2 FF 33 25 CD A0 C8 79 AE 1A 51 D8 91 D3 11 77 ..3%...y..Q....w Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 32: 82 E6 F0 31 67 A7 5C EB 76 E5 BD 3E E8 62 A8 F6 ...1g.\.v..>.b.. Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 48: D7 2B 58 3B 1F F4 79 9D E9 DB 99 6A F0 A8 3E 0C .+X;..y....j..>. Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 64: 83 1B 6E 36 F7 93 7C CE 75 04 90 D7 DB 73 5F C8 ..n6..|.u....s_. Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 80: 74 F4 FF B3 64 CF 82 90 2A 32 EA C8 t...d...*2..
This PA-TNC message is carried in a PB-PA message encapsulated in a PB-TNC CDATA batch:
Feb 9 14:53:48 pin1212a00 charon: 13[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] creating PB-TNC CDATA batch Feb 9 14:53:48 pin1212a00 charon: 13[TNC] adding PB-PA message Feb 9 14:53:48 pin1212a00 charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' Feb 9 14:53:48 pin1212a00 charon: 13[TNC] sending PB-TNC CDATA batch (144 bytes) for Connection ID 1 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] => 144 bytes @ 0x9132de0 Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 0: 02 00 00 01 00 00 00 90 80 00 00 00 00 00 00 01 ................ Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 16: 00 00 00 88 00 00 55 97 00 00 00 01 00 01 FF FF ......U......... Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 32: 01 00 00 00 14 4B 84 72 00 00 55 97 04 00 00 00 .....K.r..U..... Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 48: 00 00 00 68 00 00 00 14 10 00 E0 00 B9 FD DB 13 ...h............ Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 64: D2 BE 4E BA E2 FF 33 25 CD A0 C8 79 AE 1A 51 D8 ..N...3%...y..Q. Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 80: 91 D3 11 77 82 E6 F0 31 67 A7 5C EB 76 E5 BD 3E ...w...1g.\.v..> Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 96: E8 62 A8 F6 D7 2B 58 3B 1F F4 79 9D E9 DB 99 6A .b...+X;..y....j Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 112: F0 A8 3E 0C 83 1B 6E 36 F7 93 7C CE 75 04 90 D7 ..>...n6..|.u... Feb 9 14:53:48 pin1212a00 charon: 13[TNC] 128: DB 73 5F C8 74 F4 FF B3 64 CF 82 90 2A 32 EA C8 .s_.t...d...*2.. Feb 9 14:53:48 pin1212a00 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC] Feb 9 14:53:48 pin1212a00 charon: 13[ENC] generating IKE_AUTH request 9 [ EAP/RES/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
DH Nonce Finish and TPM Version/AIK Info¶
The next PB-TNC SDATA batch is received:
Feb 9 14:53:48 pin1212a00 charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Feb 9 14:53:48 pin1212a00 charon: 14[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TTLS ]
Feb 9 14:53:48 pin1212a00 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] received TNCCS batch (172 bytes) for Connection ID 1
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] => 172 bytes @ 0x9138a1a
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 0: 02 80 00 02 00 00 00 AC 80 00 00 00 00 00 00 01 ................
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 16: 00 00 00 A4 00 00 55 97 00 00 00 01 FF FF 00 01 ......U.........
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 32: 01 00 00 00 7B 50 C7 13 80 00 55 97 05 00 00 00 ....{P....U.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 48: 00 00 00 64 00 14 80 00 3B FF C4 8E 14 94 F3 24 ...d....;......$
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 64: 19 1B A7 7B 7D FB 99 CE 06 96 CD AC 23 D3 17 57 ...{}.......#..W
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 80: 50 20 20 22 85 9C BA 47 CF C6 F0 13 AD 40 38 4B P "...G.....@8K
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 96: AA 99 1D 6B 2A C0 0E 20 93 49 29 86 FE 22 FC B9 ...k*.. .I).."..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 112: 10 B3 87 97 53 AD 1A 9E 7D 9E 5C A0 75 4E D5 9E ....S...}.\.uN..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 128: 92 FE A4 8D 4F 34 D3 1B 4D 04 9D 12 80 00 55 97 ....O4..M.....U.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 144: 08 00 00 00 00 00 00 10 00 00 00 00 80 00 55 97 ..............U.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 160: 0D 00 00 00 00 00 00 10 00 00 00 00 ............
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] processing PB-TNC SDATA batch
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] processing PB-PA message (164 bytes)
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
containing a PA-TNC message with the 'DH Nonce Finish', 'Get TPM Version Information' and 'Get Attestation Identity Key'
attributes from the TCG namespace:
Feb 9 14:53:48 pin1212a00 charon: 14[IMC] IMC 1 "Attestation" received message for Connection ID 1 from IMV 1
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] processing PA-TNC message with ID 0x7b50c713
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] => 88 bytes @ 0x9137fdc
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 0: 00 14 80 00 3B FF C4 8E 14 94 F3 24 19 1B A7 7B ....;......$...{
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 16: 7D FB 99 CE 06 96 CD AC 23 D3 17 57 50 20 20 22 }.......#..WP "
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 32: 85 9C BA 47 CF C6 F0 13 AD 40 38 4B AA 99 1D 6B ...G.....@8K...k
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 48: 2A C0 0E 20 93 49 29 86 FE 22 FC B9 10 B3 87 97 *.. .I).."......
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 64: 53 AD 1A 9E 7D 9E 5C A0 75 4E D5 9E 92 FE A4 8D S...}.\.uN......
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 80: 4F 34 D3 1B 4D 04 9D 12 O4..M...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] => 4 bytes @ 0x9138040
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 0: 00 00 00 00 ....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] => 4 bytes @ 0x9138050
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 0: 00 00 00 00 ....
The PTS-IMV reports that it selected SHA-1 as the DH hash algorithm and provides its 20 byte nonce and 32 byte public DH factor
so that the share DH secret can be computed:
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] selected DH hash algorithm is HASH_SHA1
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] initiator nonce: => 20 bytes @ 0x9138668
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] 0: 7D 9E 5C A0 75 4E D5 9E 92 FE A4 8D 4F 34 D3 1B }.\.uN......O4..
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] 16: 4D 04 9D 12 M...
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] responder nonce: => 20 bytes @ 0x91370d8
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] 0: B9 FD DB 13 D2 BE 4E BA E2 FF 33 25 CD A0 C8 79 ......N...3%...y
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] 16: AE 1A 51 D8 ..Q.
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] shared DH secret: => 32 bytes @ 0x9138ad0
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] 0: 17 DE 46 03 F0 0F 07 4F E4 E5 07 1B A5 0C 35 36 ..F....O......56
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] 16: F6 6B 7B EA A4 AF 4A E8 E2 BD 5E 19 C6 F5 AA 73 .k{...J...^....s
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] secret assessment value: => 20 bytes @ 0x9138250
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] 0: CE 50 79 31 50 D6 FC 62 0F 99 D3 B8 C6 42 D0 B1 .Py1P..b.....B..
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] 16: 6E 06 C0 FB n...
Answering the 'Get TPM Version Information' request, the following TPM version info is returned in binary form:
Feb 9 14:53:48 pin1212a00 charon: 14[PTS] TPM 1.2 Version Info: Chip Version: 1.2.3.17, Spec Level: 2, Errata Rev: 2, Vendor ID: IFX
Besides the 'TPM Version Information' attribute, also the 'Attestation Identity Key' is included in the PA-TNC message to be forwarded to the PTS-IMV:
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] creating PA-TNC message with ID 0x9a1a8df2
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] => 20 bytes @ 0x9138038
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 0: 00 30 01 02 03 11 00 02 02 49 46 58 00 00 05 03 .0.......IFX....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 16: 11 00 08 00 ....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] => 1167 bytes @ 0x91398c8
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 0: 00 30 82 04 8A 30 82 03 72 A0 03 02 01 02 02 10 .0...0..r.......
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 16: 33 55 8F BC AE 0F D9 47 78 74 D6 E5 C9 1B 24 28 3U.....Gxt....$(
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 32: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 0...*.H........0
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 48: 50 31 16 30 14 06 03 55 04 0A 13 0D 70 72 69 76 P1.0...U....priv
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 64: 61 63 79 63 61 2E 63 6F 6D 31 36 30 34 06 03 55 acyca.com1604..U
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 80: 04 03 13 2D 50 72 69 76 61 63 79 20 43 41 20 49 ...-Privacy CA I
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 96: 6E 73 65 63 75 72 65 2F 55 6E 63 68 65 63 6B 65 nsecure/Unchecke
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 112: 64 20 41 49 4B 20 43 65 72 74 69 66 69 63 61 74 d AIK Certificat
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 128: 65 30 1E 17 0D 31 32 30 32 30 38 31 30 34 31 32 e0...12020810412
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 144: 30 5A 17 0D 31 33 30 32 30 38 31 30 34 31 32 30 0Z..130208104120
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 160: 5A 30 00 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 Z0.0.."0...*.H..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 176: 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 ...........0....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 192: 82 01 01 00 81 E3 38 7C 4D 46 70 CB D5 33 62 38 ......8|MFp..3b8
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 208: 50 AD 98 D1 28 56 D3 6E 71 CF AA E3 C8 31 BD F6 P...(V.nq....1..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 224: FE 53 6A ED C8 54 0E 7C FB 00 98 80 D6 7D C7 57 .Sj..T.|.....}.W
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 240: D4 EC 24 93 59 48 1F DA 67 30 87 4F D3 59 B2 CA ..$.YH..g0.O.Y..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 256: A8 9D CE C9 27 9A 03 57 C0 FE 1F AB EE E5 C2 A8 ....'..W........
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 272: C6 D5 DC C7 1E 81 74 4D 3D B5 98 6D 57 22 74 02 ......tM=..mW"t.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 288: F1 41 7C E3 68 C1 1C 1C 2F 57 54 CA 4A FB D6 3D .A|.h.../WT.J..=
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 304: 33 37 A9 BC FF 6F 50 13 CC C2 D3 83 F1 4B 01 FD 37...oP......K..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 320: 66 A6 EE 7A D3 E0 E2 C0 51 55 A2 8A AB F4 85 09 f..z....QU......
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 336: 74 24 64 03 DD 65 1C 26 2F 35 08 BF 57 D9 28 DA t$d..e.&/5..W.(.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 352: D3 D7 5B ED C8 C6 6C 43 7E DE D3 93 F4 D5 D7 36 ..[...lC~......6
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 368: 1E 31 9A A8 42 10 7A F5 94 93 9C 8F BD 6D BC 66 .1..B.z......m.f
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 384: 1D 30 A5 B3 B3 44 4D DA 6D 35 64 A6 08 EB D2 A6 .0...DM.m5d.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 400: 99 18 56 01 28 3B 26 94 FD 6F 7F AD 45 68 3C 8A ..V.(;&..o..Eh<.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 416: 7D 38 8C DB D8 5F 76 16 F5 5E 8A 4B C2 2B 19 8A }8..._v..^.K.+..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 432: 27 D9 80 3C C8 13 01 11 70 CC D6 EF 57 F3 EF 37 '..<....p...W..7
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 448: A2 E6 B5 49 02 03 01 00 01 A3 82 01 AE 30 82 01 ...I.........0..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 464: AA 30 37 06 03 55 1D 09 04 30 30 2E 30 16 06 05 .07..U...00.0...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 480: 67 81 05 02 10 31 0D 30 0B 0C 03 31 2E 31 02 01 g....1.0...1.1..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 496: 02 02 01 01 30 14 06 05 67 81 05 02 12 31 0B 30 ....0...g....1.0
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 512: 09 80 01 00 81 01 00 82 01 02 30 5D 06 03 55 1D ..........0]..U.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 528: 11 01 01 FF 04 53 30 51 A4 42 30 40 31 16 30 14 .....S0Q.B0@1.0.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 544: 06 05 67 81 05 02 01 0C 0B 69 64 3A 30 30 30 30 ..g......id:0000
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 560: 30 30 30 30 31 12 30 10 06 05 67 81 05 02 02 0C 00001.0...g.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 576: 07 55 6E 6B 6E 6F 77 6E 31 12 30 10 06 05 67 81 .Unknown1.0...g.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 592: 05 02 03 0C 07 69 64 3A 30 30 30 30 A0 0B 06 05 .....id:0000....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 608: 67 81 05 02 0F A0 02 0C 00 30 0C 06 03 55 1D 13 g........0...U..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 624: 01 01 FF 04 02 30 00 30 81 E0 06 03 55 1D 20 01 .....0.0....U. .
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 640: 01 FF 04 81 D5 30 81 D2 30 67 06 0A 2B 06 01 04 .....0..0g..+...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 656: 01 81 E3 42 01 10 30 59 30 29 06 08 2B 06 01 05 ...B..0Y0)..+...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 672: 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 77 77 77 ......http://www
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 688: 2E 70 72 69 76 61 63 79 63 61 2E 63 6F 6D 2F 63 .privacyca.com/c
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 704: 70 73 2F 30 2C 06 08 2B 06 01 05 05 07 02 02 30 ps/0,..+.......0
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 720: 20 0C 1E 54 43 50 41 20 54 72 75 73 74 65 64 20 ..TCPA Trusted
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 736: 50 6C 61 74 66 6F 72 6D 20 49 64 65 6E 74 69 74 Platform Identit
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 752: 79 30 67 06 04 55 1D 20 00 30 5F 30 25 06 08 2B y0g..U. .0_0%..+
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 768: 06 01 05 05 07 02 01 16 19 68 74 74 70 3A 2F 2F .........http://
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 784: 77 77 77 2E 70 72 69 76 61 63 79 63 61 2E 63 6F www.privacyca.co
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 800: 6D 2F 30 36 06 08 2B 06 01 05 05 07 02 02 30 2A m/06..+.......0*
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 816: 0C 28 54 43 50 41 20 54 72 75 73 74 65 64 20 50 .(TCPA Trusted P
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 832: 6C 61 74 66 6F 72 6D 20 4D 6F 64 75 6C 65 20 45 latform Module E
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 848: 6E 64 6F 72 73 65 6D 65 6E 74 30 1F 06 03 55 1D ndorsement0...U.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 864: 23 04 18 30 16 80 14 B0 E5 97 E0 9B 23 75 B1 FD #..0........#u..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 880: BF 01 5E 72 BA 36 D4 48 32 A0 33 30 0D 06 09 2A ..^r.6.H2.30...*
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 896: 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 1D .H..............
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 912: 78 37 95 C3 37 C6 09 C4 1C 3D C3 0A 01 7F 59 8D x7..7....=....Y.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 928: 24 A8 74 81 C9 79 A2 63 45 2C 04 0C B4 CD 7F B9 $.t..y.cE,......
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 944: 42 DC FE 67 67 E7 45 C9 F6 CB 7E 42 B7 2A 8A 74 B..gg.E...~B.*.t
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 960: 14 B7 BE FF EB 77 0E 99 E7 ED 9D EA 49 8C 7B 12 .....w......I.{.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 976: 60 55 0B 1D 1A 03 0E BA AF 9E 3B 74 20 F9 17 8A `U........;t ...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 992: 0F 47 2D 3C DB C4 05 67 3C F0 E0 33 A6 3C C5 0E .G-<...g<..3.<..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1008: C6 0B DB 6E 08 6A 09 3B C6 3B 75 1A 7A 6B 84 BA ...n.j.;.;u.zk..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1024: 4A 69 6E AF 59 54 89 4A E5 07 D7 51 33 B9 9E AE Jin.YT.J...Q3...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1040: F2 4C 0D 81 36 14 FD 82 52 C3 BF 6A DC 8D 55 46 .L..6...R..j..UF
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1056: E0 DE B9 A6 A0 49 BB 43 0A F3 45 EA 26 58 2F D2 .....I.C..E.&X/.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1072: E4 6C 87 F3 B7 F7 E9 16 E5 0B 5D DC CE 75 EA 92 .l........]..u..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1088: 3D 9C CF 35 C1 F2 3C 87 D6 D5 04 99 0B C5 9F 45 =..5..<........E
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1104: 75 00 23 5F C5 B9 AB 73 D8 57 39 80 AE 6D 58 98 u.#_...s.W9..mX.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1120: CE F3 29 6B 1B 8A A2 0B 78 71 C3 B0 6C 8F 25 23 ..)k....xq..l.%#
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1136: AD A4 C5 FB 70 56 46 84 39 45 01 E9 F9 83 7D DC ....pVF.9E....}.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1152: 5F D9 BB BF B1 08 2A 55 94 D6 0F 76 BD 73 EE _.....*U...v.s.
The TNC client packs this large PA-TNC message into an outgoing PB-TNC CDATA batch:
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] creating PB-TNC CDATA batch
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] adding PB-PA message
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] sending PB-TNC CDATA batch (1251 bytes) for Connection ID 1
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] => 1251 bytes @ 0x9139e20
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 0: 02 00 00 01 00 00 04 E3 80 00 00 00 00 00 00 01 ................
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 16: 00 00 04 DB 00 00 55 97 00 00 00 01 00 01 FF FF ......U.........
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 32: 01 00 00 00 9A 1A 8D F2 00 00 55 97 09 00 00 00 ..........U.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 48: 00 00 00 20 00 30 01 02 03 11 00 02 02 49 46 58 ... .0.......IFX
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 64: 00 00 05 03 11 00 08 00 00 00 55 97 0E 00 00 00 ..........U.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 80: 00 00 04 9B 00 30 82 04 8A 30 82 03 72 A0 03 02 .....0...0..r...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 96: 01 02 02 10 33 55 8F BC AE 0F D9 47 78 74 D6 E5 ....3U.....Gxt..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 112: C9 1B 24 28 30 0D 06 09 2A 86 48 86 F7 0D 01 01 ..$(0...*.H.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 128: 05 05 00 30 50 31 16 30 14 06 03 55 04 0A 13 0D ...0P1.0...U....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 144: 70 72 69 76 61 63 79 63 61 2E 63 6F 6D 31 36 30 privacyca.com160
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 160: 34 06 03 55 04 03 13 2D 50 72 69 76 61 63 79 20 4..U...-Privacy
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 176: 43 41 20 49 6E 73 65 63 75 72 65 2F 55 6E 63 68 CA Insecure/Unch
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 192: 65 63 6B 65 64 20 41 49 4B 20 43 65 72 74 69 66 ecked AIK Certif
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 208: 69 63 61 74 65 30 1E 17 0D 31 32 30 32 30 38 31 icate0...1202081
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 224: 30 34 31 32 30 5A 17 0D 31 33 30 32 30 38 31 30 04120Z..13020810
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 240: 34 31 32 30 5A 30 00 30 82 01 22 30 0D 06 09 2A 4120Z0.0.."0...*
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 256: 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 .H.............0
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 272: 82 01 0A 02 82 01 01 00 81 E3 38 7C 4D 46 70 CB ..........8|MFp.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 288: D5 33 62 38 50 AD 98 D1 28 56 D3 6E 71 CF AA E3 .3b8P...(V.nq...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 304: C8 31 BD F6 FE 53 6A ED C8 54 0E 7C FB 00 98 80 .1...Sj..T.|....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 320: D6 7D C7 57 D4 EC 24 93 59 48 1F DA 67 30 87 4F .}.W..$.YH..g0.O
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 336: D3 59 B2 CA A8 9D CE C9 27 9A 03 57 C0 FE 1F AB .Y......'..W....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 352: EE E5 C2 A8 C6 D5 DC C7 1E 81 74 4D 3D B5 98 6D ..........tM=..m
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 368: 57 22 74 02 F1 41 7C E3 68 C1 1C 1C 2F 57 54 CA W"t..A|.h.../WT.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 384: 4A FB D6 3D 33 37 A9 BC FF 6F 50 13 CC C2 D3 83 J..=37...oP.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 400: F1 4B 01 FD 66 A6 EE 7A D3 E0 E2 C0 51 55 A2 8A .K..f..z....QU..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 416: AB F4 85 09 74 24 64 03 DD 65 1C 26 2F 35 08 BF ....t$d..e.&/5..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 432: 57 D9 28 DA D3 D7 5B ED C8 C6 6C 43 7E DE D3 93 W.(...[...lC~...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 448: F4 D5 D7 36 1E 31 9A A8 42 10 7A F5 94 93 9C 8F ...6.1..B.z.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 464: BD 6D BC 66 1D 30 A5 B3 B3 44 4D DA 6D 35 64 A6 .m.f.0...DM.m5d.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 480: 08 EB D2 A6 99 18 56 01 28 3B 26 94 FD 6F 7F AD ......V.(;&..o..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 496: 45 68 3C 8A 7D 38 8C DB D8 5F 76 16 F5 5E 8A 4B Eh<.}8..._v..^.K
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 512: C2 2B 19 8A 27 D9 80 3C C8 13 01 11 70 CC D6 EF .+..'..<....p...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 528: 57 F3 EF 37 A2 E6 B5 49 02 03 01 00 01 A3 82 01 W..7...I........
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 544: AE 30 82 01 AA 30 37 06 03 55 1D 09 04 30 30 2E .0...07..U...00.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 560: 30 16 06 05 67 81 05 02 10 31 0D 30 0B 0C 03 31 0...g....1.0...1
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 576: 2E 31 02 01 02 02 01 01 30 14 06 05 67 81 05 02 .1......0...g...
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 592: 12 31 0B 30 09 80 01 00 81 01 00 82 01 02 30 5D .1.0..........0]
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 608: 06 03 55 1D 11 01 01 FF 04 53 30 51 A4 42 30 40 ..U......S0Q.B0@
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 624: 31 16 30 14 06 05 67 81 05 02 01 0C 0B 69 64 3A 1.0...g......id:
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 640: 30 30 30 30 30 30 30 30 31 12 30 10 06 05 67 81 000000001.0...g.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 656: 05 02 02 0C 07 55 6E 6B 6E 6F 77 6E 31 12 30 10 .....Unknown1.0.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 672: 06 05 67 81 05 02 03 0C 07 69 64 3A 30 30 30 30 ..g......id:0000
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 688: A0 0B 06 05 67 81 05 02 0F A0 02 0C 00 30 0C 06 ....g........0..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 704: 03 55 1D 13 01 01 FF 04 02 30 00 30 81 E0 06 03 .U.......0.0....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 720: 55 1D 20 01 01 FF 04 81 D5 30 81 D2 30 67 06 0A U. ......0..0g..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 736: 2B 06 01 04 01 81 E3 42 01 10 30 59 30 29 06 08 +......B..0Y0)..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 752: 2B 06 01 05 05 07 02 01 16 1D 68 74 74 70 3A 2F +.........http:/
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 768: 2F 77 77 77 2E 70 72 69 76 61 63 79 63 61 2E 63 /www.privacyca.c
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 784: 6F 6D 2F 63 70 73 2F 30 2C 06 08 2B 06 01 05 05 om/cps/0,..+....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 800: 07 02 02 30 20 0C 1E 54 43 50 41 20 54 72 75 73 ...0 ..TCPA Trus
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 816: 74 65 64 20 50 6C 61 74 66 6F 72 6D 20 49 64 65 ted Platform Ide
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 832: 6E 74 69 74 79 30 67 06 04 55 1D 20 00 30 5F 30 ntity0g..U. .0_0
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 848: 25 06 08 2B 06 01 05 05 07 02 01 16 19 68 74 74 %..+.........htt
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 864: 70 3A 2F 2F 77 77 77 2E 70 72 69 76 61 63 79 63 p://www.privacyc
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 880: 61 2E 63 6F 6D 2F 30 36 06 08 2B 06 01 05 05 07 a.com/06..+.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 896: 02 02 30 2A 0C 28 54 43 50 41 20 54 72 75 73 74 ..0*.(TCPA Trust
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 912: 65 64 20 50 6C 61 74 66 6F 72 6D 20 4D 6F 64 75 ed Platform Modu
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 928: 6C 65 20 45 6E 64 6F 72 73 65 6D 65 6E 74 30 1F le Endorsement0.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 944: 06 03 55 1D 23 04 18 30 16 80 14 B0 E5 97 E0 9B ..U.#..0........
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 960: 23 75 B1 FD BF 01 5E 72 BA 36 D4 48 32 A0 33 30 #u....^r.6.H2.30
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 976: 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 ...*.H..........
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 992: 01 01 00 1D 78 37 95 C3 37 C6 09 C4 1C 3D C3 0A ....x7..7....=..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1008: 01 7F 59 8D 24 A8 74 81 C9 79 A2 63 45 2C 04 0C ..Y.$.t..y.cE,..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1024: B4 CD 7F B9 42 DC FE 67 67 E7 45 C9 F6 CB 7E 42 ....B..gg.E...~B
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1040: B7 2A 8A 74 14 B7 BE FF EB 77 0E 99 E7 ED 9D EA .*.t.....w......
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1056: 49 8C 7B 12 60 55 0B 1D 1A 03 0E BA AF 9E 3B 74 I.{.`U........;t
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1072: 20 F9 17 8A 0F 47 2D 3C DB C4 05 67 3C F0 E0 33 ....G-<...g<..3
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1088: A6 3C C5 0E C6 0B DB 6E 08 6A 09 3B C6 3B 75 1A .<.....n.j.;.;u.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1104: 7A 6B 84 BA 4A 69 6E AF 59 54 89 4A E5 07 D7 51 zk..Jin.YT.J...Q
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1120: 33 B9 9E AE F2 4C 0D 81 36 14 FD 82 52 C3 BF 6A 3....L..6...R..j
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1136: DC 8D 55 46 E0 DE B9 A6 A0 49 BB 43 0A F3 45 EA ..UF.....I.C..E.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1152: 26 58 2F D2 E4 6C 87 F3 B7 F7 E9 16 E5 0B 5D DC &X/..l........].
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1168: CE 75 EA 92 3D 9C CF 35 C1 F2 3C 87 D6 D5 04 99 .u..=..5..<.....
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1184: 0B C5 9F 45 75 00 23 5F C5 B9 AB 73 D8 57 39 80 ...Eu.#_...s.W9.
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1200: AE 6D 58 98 CE F3 29 6B 1B 8A A2 0B 78 71 C3 B0 .mX...)k....xq..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1216: 6C 8F 25 23 AD A4 C5 FB 70 56 46 84 39 45 01 E9 l.%#....pVF.9E..
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1232: F9 83 7D DC 5F D9 BB BF B1 08 2A 55 94 D6 0F 76 ..}._.....*U...v
Feb 9 14:53:48 pin1212a00 charon: 14[TNC] 1248: BD 73 EE .s.
Feb 9 14:53:48 pin1212a00 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Feb 9 14:53:48 pin1212a00 charon: 14[ENC] generating IKE_AUTH request 10 [ EAP/RES/TTLS ]
Feb 9 14:53:48 pin1212a00 charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
File Metadata and Measurement¶
This PB-TNC CDATA batch contains file metadata and measurement requests:
Feb 9 14:53:48 pin1212a00 charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 15[ENC] parsed IKE_AUTH response 10 [ EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 15[ENC] generating IKE_AUTH request 11 [ EAP/RES/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500] Feb 9 14:53:48 pin1212a00 charon: 11[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Feb 9 14:53:48 pin1212a00 charon: 11[ENC] parsed IKE_AUTH response 11 [ EAP/REQ/TTLS ] Feb 9 14:53:48 pin1212a00 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC] Feb 9 14:53:48 pin1212a00 charon: 11[TNC] received TNCCS batch (263 bytes) for Connection ID 1 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 263 bytes @ 0x9137b82 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 02 80 00 02 00 00 01 07 80 00 00 00 00 00 00 01 ................ Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 00 00 00 FF 00 00 55 97 00 00 00 01 FF FF 00 01 ......U......... Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 32: 01 00 00 00 BE 57 A3 36 80 00 55 97 00 70 00 00 .....W.6..U..p.. Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 48: 00 00 00 1F 00 2F 00 00 2F 65 74 63 2F 74 6E 63 ...../../etc/tnc Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 64: 5F 63 6F 6E 66 69 67 80 00 55 97 00 C0 00 00 00 _config..U...... Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 80: 00 00 32 00 00 00 01 00 00 00 2F 2F 6C 69 62 2F ..2.......//lib/ Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 96: 69 33 38 36 2D 6C 69 6E 75 78 2D 67 6E 75 2F 6C i386-linux-gnu/l Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 112: 69 62 64 6C 2E 73 6F 2E 32 80 00 55 97 00 C0 00 ibdl.so.2..U.... Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 128: 00 00 00 00 22 00 00 00 02 00 00 00 2F 2F 73 62 ....".......//sb Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 144: 69 6E 2F 69 70 74 61 62 6C 65 73 80 00 55 97 00 in/iptables..U.. Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 160: C0 00 00 00 00 00 28 00 00 00 03 00 00 00 2F 2F ......(.......// Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 176: 6C 69 62 2F 6C 69 62 78 74 61 62 6C 65 73 2E 73 lib/libxtables.s Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 192: 6F 2E 35 80 00 55 97 00 C0 00 00 00 00 00 21 80 o.5..U........!. Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 208: 00 00 04 00 00 00 2F 2F 6C 69 62 2F 78 74 61 62 ......//lib/xtab Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 224: 6C 65 73 2F 80 00 55 97 00 C0 00 00 00 00 00 23 les/..U........# Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 240: 00 00 00 05 00 00 00 2F 2F 73 62 69 6E 2F 69 70 .......//sbin/ip Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 256: 36 74 61 62 6C 65 73 6tables Feb 9 14:53:48 pin1212a00 charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Feb 9 14:53:48 pin1212a00 charon: 11[TNC] processing PB-TNC SDATA batch
Again the PTS-IMC is subscribed to this PB-PA message type:
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] processing PB-PA message (255 bytes) Feb 9 14:53:48 pin1212a00 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
The PA-TNC message consists of one 'Request File Metadata' and five 'Request File Measurement' attributes:
Feb 9 14:53:48 pin1212a00 charon: 11[IMC] IMC 1 "Attestation" received message for Connection ID 1 from IMV 1 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] processing PA-TNC message with ID 0xbe57a336 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 19 bytes @ 0x9138714 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 2F 00 00 2F 65 74 63 2F 74 6E 63 5F 63 6F 6E ./../etc/tnc_con Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 66 69 67 fig Feb 9 14:53:48 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 38 bytes @ 0x9138733 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 01 00 00 00 2F 2F 6C 69 62 2F 69 33 38 .......//lib/i38 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 36 2D 6C 69 6E 75 78 2D 67 6E 75 2F 6C 69 62 64 6-linux-gnu/libd Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 32: 6C 2E 73 6F 2E 32 l.so.2 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 22 bytes @ 0x9138765 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 02 00 00 00 2F 2F 73 62 69 6E 2F 69 70 .......//sbin/ip Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 74 61 62 6C 65 73 tables Feb 9 14:53:48 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 28 bytes @ 0x9138787 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 03 00 00 00 2F 2F 6C 69 62 2F 6C 69 62 .......//lib/lib Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 78 74 61 62 6C 65 73 2E 73 6F 2E 35 xtables.so.5 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 21 bytes @ 0x91387af Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 80 00 00 04 00 00 00 2F 2F 6C 69 62 2F 78 74 61 .......//lib/xta Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 62 6C 65 73 2F bles/ Feb 9 14:53:48 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 23 bytes @ 0x91387d0 Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 05 00 00 00 2F 2F 73 62 69 6E 2F 69 70 .......//sbin/ip Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 36 74 61 62 6C 65 73 6tables
The metadata for /etc/tnc_config is retrieved and the SHA-1 hash values for the four file measurement requests are computed.
Measurement request 4 is for the contents of a directory which generates quite some work.
Feb 9 14:53:48 pin1212a00 charon: 11[IMC] metadata request for file '/etc/tnc_config' Feb 9 14:53:48 pin1212a00 charon: 11[IMC] measurement request 1 for file '/lib/i386-linux-gnu/libdl.so.2' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 40:9b:b1:a9:7e:26:ea:11:44:cd:d6:80:1b:81:59:f1:7f:37:6b:8f for 'libdl.so.2' Feb 9 14:53:48 pin1212a00 charon: 11[IMC] measurement request 2 for file '/sbin/iptables' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] ff:6d:ec:a0:ee:b7:a2:57:20:5c:5f:0a:b5:f5:d8:21:ea:18:40:98 for 'iptables' Feb 9 14:53:48 pin1212a00 charon: 11[IMC] measurement request 3 for file '/lib/libxtables.so.5' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 7a:3c:a7:21:58:e6:0b:0c:91:e4:8a:42:08:48:f1:b6:93:ae:a2:6c for 'libxtables.so.5' Feb 9 14:53:48 pin1212a00 charon: 11[IMC] measurement request 4 for directory '/lib/xtables/' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 18:36:41:80:9a:27:b0:8f:fe:59:c1:38:8c:da:6c:41:4b:dc:e6:d6 for 'libxt_tos.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 47:52:53:2c:b9:41:a1:fd:98:11:4c:2f:99:9e:b6:16:98:bd:df:35 for 'libip6t_eui64.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] ee:9b:c9:37:a8:db:06:d4:ba:a2:14:7b:47:8e:ac:af:fe:8c:c8:f7 for 'libipt_realm.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 32:d4:43:76:1a:af:13:ef:8b:3c:d7:86:9a:f9:0b:57:a7:44:58:25 for 'libxt_connlimit.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 20:cf:56:e5:ce:52:11:72:29:f5:5e:1e:ad:52:31:a7:66:b2:dd:5c for 'libxt_hashlimit.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] d5:37:d4:37:f0:58:13:6e:b3:d7:be:51:7d:be:76:47:b6:23:c6:19 for 'libxt_mark.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] dd:7b:c0:9b:d9:94:25:a1:e3:6b:69:a1:19:60:a9:00:37:e2:98:79 for 'libxt_TOS.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] fc:ca:5d:a6:7d:11:c7:ad:fd:f8:49:88:b0:96:b0:20:f9:0e:77:8a for 'libip6t_rt.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 24:15:12:c0:4d:81:6c:c8:91:10:f1:c0:fd:ab:39:d4:97:ad:9f:1b for 'libxt_TPROXY.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 44:92:7e:1b:2d:34:c5:d9:45:b8:13:33:8c:ca:41:98:3c:be:20:f7 for 'libxt_dscp.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] f2:b9:91:45:6c:6b:6e:55:04:03:d4:66:5c:13:d6:c2:3e:a9:f4:a3 for 'libxt_SET.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 2d:0d:d5:0b:f5:10:78:05:b7:f9:35:c7:2f:94:c9:ba:a2:01:22:b0 for 'libxt_quota.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] b5:99:55:3b:bd:35:be:b4:f9:93:90:33:f4:4b:65:3d:ad:ba:5e:9c for 'libxt_statistic.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 9f:b6:70:dc:86:7c:58:b5:83:ef:59:a0:c8:1b:56:35:1d:6b:2c:4b for 'libxt_IDLETIMER.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 6c:0b:2d:f4:fc:4c:91:22:b5:76:2a:e1:40:d5:3f:dd:1c:f9:e8:9b for 'libxt_conntrack.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 3d:c5:69:0b:31:f0:69:93:3c:cc:14:e4:3f:7c:09:da:a3:e0:09:8d for 'libxt_mac.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] f7:d6:a5:d8:5a:32:98:d2:1c:ec:71:37:d9:47:da:90:c4:55:e4:6b for 'libxt_rateest.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] d0:27:a6:aa:de:8b:34:d2:72:d5:f2:23:5d:81:78:83:90:40:48:13 for 'libxt_DSCP.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] af:75:74:c5:d6:74:4d:fa:2e:2d:8c:d0:c4:f4:cc:f7:06:42:20:30 for 'libipt_NETMAP.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 2c:19:75:6c:4a:35:48:68:d0:50:a6:58:32:e7:c1:36:b4:a9:94:c3 for 'libxt_LED.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] e2:f7:b9:2a:bd:a7:69:f8:27:96:f5:7a:29:80:18:70:58:5d:ce:a3 for 'libipt_SNAT.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 0f:c1:21:24:64:f3:b1:b9:73:eb:c0:6c:19:90:bb:b9:88:fe:cc:8a for 'libipt_CLUSTERIP.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 2e:a8:67:ef:38:48:b8:a0:2d:a4:d3:99:4b:1f:0e:bc:db:5c:9e:80 for 'libxt_comment.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] f9:e3:53:1a:bb:67:a0:20:cf:66:7d:46:ca:82:36:75:dd:0a:0d:d4 for 'libxt_MARK.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 5a:eb:2e:92:6c:bd:3c:95:fe:82:25:e0:b3:ef:87:3a:3d:19:42:4b for 'libipt_MIRROR.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 33:9a:58:a1:b3:13:83:0c:3c:c7:4c:b3:fb:52:a5:b8:15:2f:44:e6 for 'libxt_esp.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 3e:f9:01:0e:e2:24:7c:f2:d7:64:1c:f0:4f:0c:a7:32:d0:fd:e8:68 for 'libxt_NOTRACK.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] d6:c8:df:ba:ae:7a:b2:8b:5c:ef:26:26:a2:af:3f:99:a6:ea:43:65 for 'libipt_LOG.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 06:5d:f7:20:d2:c2:86:71:72:8a:96:33:53:0d:e5:94:cf:bf:e8:97 for 'libxt_recent.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 2d:32:ef:93:12:6a:bf:8c:66:0d:57:c6:7e:50:76:c6:39:4c:ab:e8 for 'libxt_policy.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 71:40:3f:f1:c6:ca:92:7a:ba:1d:c6:8c:8e:52:a6:76:ae:c1:c9:70 for 'libxt_RATEEST.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 22:35:fe:d7:aa:6b:9a:8b:9b:db:7f:db:34:9a:35:9f:01:c1:b4:01 for 'libxt_u32.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 53:0e:8c:15:15:4a:da:bc:f7:39:c5:e2:46:ba:15:36:6f:05:b3:6b for 'libipt_ah.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 9a:d0:87:53:a6:70:8e:1d:60:da:ce:3a:58:ef:44:00:27:70:a6:bd for 'libipt_unclean.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] aa:d3:68:ae:62:e7:d0:1d:a3:3e:a7:8e:1a:7c:1a:1f:18:2a:6a:d4 for 'libxt_dccp.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] ab:78:0c:51:34:7b:ff:66:9c:97:1e:f2:c7:0b:06:d9:bd:78:7b:c9 for 'libxt_connmark.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 36:1d:6f:75:96:07:ad:c4:0d:6f:e0:af:7d:3f:91:57:94:a4:db:b0 for 'libipt_ECN.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 42:4c:99:a6:21:e1:19:c8:8b:f7:0e:78:ff:b6:4c:6d:72:db:7b:51 for 'libxt_NFQUEUE.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 8f:d3:f5:95:98:1c:49:89:61:fc:94:67:83:0d:dd:37:20:08:c0:85 for 'libxt_physdev.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 38:e9:ff:af:cf:02:73:6d:6b:9c:5e:b4:03:c5:d5:26:12:a4:64:16 for 'libxt_SECMARK.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 5d:93:68:d5:e3:ea:c0:93:d6:dc:ba:d5:c0:24:ed:3d:56:66:68:c2 for 'libxt_length.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 7a:b7:2f:5e:8e:54:89:e6:d3:aa:3d:4f:8b:ac:d0:f9:3a:71:4b:e2 for 'libxt_TRACE.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 5c:3a:42:5d:c4:25:60:8c:21:f7:3a:58:de:45:90:43:3a:e4:19:ad for 'libipt_ULOG.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] d6:0e:93:16:f6:2d:46:bd:1d:6b:f9:b7:34:d3:ac:7e:40:2f:29:30 for 'libipt_ttl.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 73:d7:5e:80:9f:53:fc:84:40:73:08:db:52:89:3f:3d:31:83:53:10 for 'libxt_limit.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 16:0d:2b:04:d1:1e:b2:25:fb:14:86:15:b6:99:08:18:69:e1:5b:6c for 'libipt_DNAT.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] aa:9a:5b:58:cb:d0:53:5b:ce:8d:d9:e4:f2:d8:d3:25:38:ce:24:72 for 'libxt_tcpmss.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 51:f1:be:7e:59:08:62:a2:c2:5f:29:f4:c5:ef:01:f0:52:df:2a:c5 for 'libipt_REDIRECT.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] a0:7e:a0:ae:3d:00:8f:37:97:c5:67:e6:29:cb:73:79:cb:15:02:ed for 'libipt_addrtype.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 3e:1c:20:2b:10:37:cc:24:54:fd:0d:cc:cc:40:e3:15:71:63:0d:9f for 'libxt_CONNMARK.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] c5:22:71:d3:8f:10:56:78:d4:cd:0c:3c:04:0a:21:cc:db:24:57:e3 for 'libxt_pkttype.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 6c:f9:db:a7:25:ac:38:d3:be:ff:dc:d8:f6:65:5b:d5:f4:66:6d:25 for 'libipt_icmp.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 37:d6:ae:25:19:77:21:4d:7a:d1:c2:95:80:94:24:af:1e:8e:76:b1 for 'libxt_set.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] e3:58:f5:3f:5c:4b:73:df:16:22:e8:16:41:d9:18:f9:23:ab:c6:2c for 'libxt_cluster.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 11:ce:3b:45:fe:b3:e6:6a:75:49:0d:42:ba:95:07:1a:c6:f4:0a:7f for 'libxt_udp.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] c1:66:c2:84:d3:95:78:3a:48:d3:02:c9:61:cb:60:d7:ec:e7:68:ab for 'libxt_multiport.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 29:8a:18:85:82:22:26:dc:be:b2:e9:08:f2:b2:69:b7:a8:27:1a:66 for 'libxt_CLASSIFY.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] c6:3e:0e:cc:c2:03:94:f9:3d:49:25:3b:33:0d:f3:2c:47:ff:d9:96 for 'libxt_CT.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 23:29:6f:48:27:6e:16:0b:6d:99:b1:b4:2a:91:14:df:72:0b:b1:ab for 'libip6t_LOG.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 48:a5:5a:a0:dc:11:94:af:63:ba:01:62:00:1c:e1:e9:b3:77:b1:59 for 'libxt_TEE.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 86:6c:55:30:ae:45:69:1b:3c:4e:08:ba:29:3b:33:26:e8:ff:1f:b3 for 'libip6t_frag.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 39:09:5f:23:c9:34:72:21:57:5d:a8:a1:30:41:cc:7b:dc:de:73:54 for 'libxt_cpu.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 00:32:1b:d8:00:d7:08:2f:0d:ee:78:ef:a1:66:1e:24:6c:3d:aa:b4 for 'libxt_iprange.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] a3:45:6c:85:20:bf:0b:c3:f0:ee:0a:1c:80:03:21:c0:19:b4:a8:82 for 'libxt_standard.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 24:f6:13:0d:e2:e5:bb:94:30:b7:1a:aa:e5:c9:42:47:b3:b6:ea:91 for 'libip6t_hl.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 56:7e:01:c5:09:23:ab:1c:19:03:b6:fb:84:9f:a6:8f:19:63:0c:a3 for 'libip6t_HL.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] fd:d2:27:82:6f:c2:9d:b7:d1:b6:ed:2b:e4:14:52:14:f3:92:16:cd for 'libipt_TTL.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 69:47:c7:94:45:0c:04:df:1c:c8:e4:17:15:ce:3d:24:7f:c5:16:c9 for 'libxt_connbytes.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] f8:93:2b:81:16:dd:d4:cf:0f:d5:f5:52:88:18:f2:1a:df:90:cb:74 for 'libxt_ipvs.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 3e:f8:a5:fd:8a:e2:28:77:84:ae:7e:dc:f8:4f:bf:b5:24:b4:97:bb for 'libxt_CONNSECMARK.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 18:fa:a3:14:df:37:fc:d0:1b:9f:1a:ea:6f:db:f0:70:c8:38:b6:a6 for 'libxt_state.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 4e:05:db:c9:87:2d:6c:6d:af:38:45:8b:35:b1:ba:6d:6a:94:d2:1f for 'libip6t_REJECT.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 47:e0:cf:82:a1:21:16:d6:8a:a6:42:39:c4:9a:23:aa:b6:cb:35:f4 for 'libxt_string.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 33:d0:40:bc:0c:64:d3:8b:99:7b:fa:ee:ae:04:59:07:c5:2b:e6:70 for 'libxt_owner.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 2b:07:68:91:49:e0:7c:ed:d6:d3:77:49:3d:17:68:ff:23:78:ac:b8 for 'libip6t_ipv6header.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 7f:cd:3d:b6:df:87:13:c0:e7:c7:2d:ad:d7:04:55:99:a7:49:f2:a0 for 'libipt_REJECT.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 95:3b:e7:07:c1:5b:15:80:a3:bb:ed:4c:7e:4c:22:1e:2d:58:44:ff for 'libxt_CHECKSUM.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 5d:32:1b:a9:90:9d:a2:38:b6:de:15:0b:0d:10:33:7c:16:cf:4c:e4 for 'libxt_TCPOPTSTRIP.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] e2:db:af:67:88:9b:bd:1f:f0:fb:da:b8:4e:00:e2:87:53:9d:61:ed for 'libxt_helper.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 9d:96:65:a3:38:9e:3f:67:a8:15:3f:a1:c3:7b:59:68:85:a4:09:b9 for 'libipt_SAME.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] a6:06:e1:bb:12:92:88:f1:90:0d:57:88:1c:3e:ac:ee:e7:27:ec:64 for 'libxt_socket.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 3b:1c:fb:8c:71:c9:04:be:b5:57:19:34:87:91:5f:f5:82:6a:33:47 for 'libipt_ecn.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 1d:74:0a:bd:38:f9:f4:bc:81:ca:43:4a:0e:25:b6:e2:17:04:24:8b for 'libxt_tcp.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 5a:0d:07:ab:03:66:03:a7:67:59:e5:f6:1f:7d:04:f2:d3:c0:56:cc for 'libipt_MASQUERADE.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 45:8a:e7:fc:05:34:ef:2a:eb:d5:6f:ce:4d:26:db:10:bd:7f:63:a4 for 'libip6t_hbh.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 1c:b5:30:10:26:19:6e:d1:d2:6f:9c:7f:92:f3:6f:b1:ee:39:48:41 for 'libxt_time.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 42:2c:14:1e:ab:57:e9:c9:a8:0a:3c:7b:31:c2:6a:d4:d0:b5:ed:07 for 'libip6t_ah.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] c9:16:92:db:c9:06:c0:de:e9:7c:b9:6e:ba:fd:6e:f1:ff:cc:4d:1b for 'libip6t_icmp6.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 28:e0:5c:e1:9a:52:ab:16:23:71:cb:5c:14:8f:b1:6e:c7:c3:4a:d6 for 'libxt_NFLOG.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] ac:87:0e:51:06:2d:69:a6:b1:9a:71:e5:1d:19:4b:9b:0c:29:51:cf for 'libip6t_dst.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 34:3d:51:24:47:fc:02:22:63:19:9f:d2:3f:7b:21:6b:46:e0:1e:b3 for 'libxt_sctp.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 7f:f7:ef:5a:4e:01:de:31:18:5d:79:cc:d9:a3:14:a6:a1:2d:3a:65 for 'libxt_TCPMSS.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] ca:1e:da:79:68:a9:0f:6c:c9:14:0a:bd:d1:d1:77:11:6b:69:97:e1 for 'libxt_osf.so' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 32:7f:fa:63:fc:c0:8e:14:e5:64:6b:78:ac:e3:76:94:3a:95:12:7a for 'libip6t_mh.so' Feb 9 14:53:48 pin1212a00 charon: 11[IMC] measurement request 5 for file '/sbin/ip6tables' Feb 9 14:53:48 pin1212a00 charon: 11[PTS] 8a:7c:41:16:7b:c0:fc:c1:de:c8:32:9a:86:8b:a2:65:c2:38:57:f5 for 'ip6tables'
Packed into one 'Unix-Style File Metadata' and four 'File Measurement' attributes the measured file data is returned to the TNC server:
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] creating PA-TNC message with ID 0x9fbf7882
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 70 bytes @ 0x9132e30
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 00 00 00 00 01 00 3E 08 00 00 00 00 00 .........>......
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 00 00 00 6C 00 00 00 00 4F 2F F3 66 00 00 00 00 ...l....O/.f....
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 32: 4F 2F F3 66 00 00 00 00 4F 33 BD 1C 00 00 00 00 O/.f....O3......
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 48: 00 00 00 00 00 00 00 00 00 00 00 00 74 6E 63 5F ............tnc_
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 64: 63 6F 6E 66 69 67 config
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 44 bytes @ 0x9138680
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 00 00 00 00 01 00 01 00 14 40 9B B1 A9 ............@...
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 7E 26 EA 11 44 CD D6 80 1B 81 59 F1 7F 37 6B 8F ~&..D.....Y..7k.
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 32: 00 0A 6C 69 62 64 6C 2E 73 6F 2E 32 ..libdl.so.2
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 42 bytes @ 0x91323d0
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 00 00 00 00 01 00 02 00 14 FF 6D EC A0 .............m..
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: EE B7 A2 57 20 5C 5F 0A B5 F5 D8 21 EA 18 40 98 ...W \_....!..@.
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 32: 00 08 69 70 74 61 62 6C 65 73 ..iptables
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 49 bytes @ 0x91387b8
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 00 00 00 00 01 00 03 00 14 7A 3C A7 21 ............z<.!
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 58 E6 0B 0C 91 E4 8A 42 08 48 F1 B6 93 AE A2 6C X......B.H.....l
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 32: 00 0F 6C 69 62 78 74 61 62 6C 65 73 2E 73 6F 2E ..libxtables.so.
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 48: 35 5
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 3475 bytes @ 0x9139510
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 00 00 00 00 5E 00 04 00 14 18 36 41 80 .......^.....6A.
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 9A 27 B0 8F FE 59 C1 38 8C DA 6C 41 4B DC E6 D6 .'...Y.8..lAK...
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 32: 00 0C 6C 69 62 78 74 5F 74 6F 73 2E 73 6F 47 52 ..libxt_tos.soGR
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 48: 53 2C B9 41 A1 FD 98 11 4C 2F 99 9E B6 16 98 BD S,.A....L/......
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 64: DF 35 00 10 6C 69 62 69 70 36 74 5F 65 75 69 36 .5..libip6t_eui6
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 80: 34 2E 73 6F EE 9B C9 37 A8 DB 06 D4 BA A2 14 7B 4.so...7.......{
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 96: 47 8E AC AF FE 8C C8 F7 00 0F 6C 69 62 69 70 74 G.........libipt
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 112: 5F 72 65 61 6C 6D 2E 73 6F 32 D4 43 76 1A AF 13 _realm.so2.Cv...
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 128: EF 8B 3C D7 86 9A F9 0B 57 A7 44 58 25 00 12 6C ..<.....W.DX%..l
--------------- truncated attribute ----------------
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 43 bytes @ 0x913a2a8
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 00 00 00 00 00 00 00 01 00 05 00 14 8A 7C 41 16 .............|A.
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 7B C0 FC C1 DE C8 32 9A 86 8B A2 65 C2 38 57 F5 {.....2....e.8W.
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 32: 00 09 69 70 36 74 61 62 6C 65 73 ..ip6tables
All data is packed into a huge PB-TNC CDATA batch spanning four IKEv2 UDP datagrams:
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] creating PB-TNC CDATA batch
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] adding PB-PA message
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] sending PB-TNC CDATA batch (3835 bytes) for Connection ID 1
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] => 3835 bytes @ 0x9139e98
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 0: 02 00 00 01 00 00 0E FB 80 00 00 00 00 00 00 01 ................
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 16: 00 00 0E F3 00 00 55 97 00 00 00 01 00 01 FF FF ......U.........
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 32: 01 00 00 00 9F BF 78 82 80 00 55 97 00 90 00 00 ......x...U.....
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 48: 00 00 00 52 00 00 00 00 00 00 00 01 00 3E 08 00 ...R.........>..
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 64: 00 00 00 00 00 00 00 6C 00 00 00 00 4F 2F F3 66 .......l....O/.f
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 80: 00 00 00 00 4F 2F F3 66 00 00 00 00 4F 33 BD 1C ....O/.f....O3..
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 112: 74 6E 63 5F 63 6F 6E 66 69 67 80 00 55 97 00 D0 tnc_config..U...
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 128: 00 00 00 00 00 38 00 00 00 00 00 00 00 01 00 01 .....8..........
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 144: 00 14 40 9B B1 A9 7E 26 EA 11 44 CD D6 80 1B 81 ..@...~&..D.....
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 160: 59 F1 7F 37 6B 8F 00 0A 6C 69 62 64 6C 2E 73 6F Y..7k...libdl.so
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 176: 2E 32 80 00 55 97 00 D0 00 00 00 00 00 36 00 00 .2..U........6..
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 192: 00 00 00 00 00 01 00 02 00 14 FF 6D EC A0 EE B7 ...........m....
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 208: A2 57 20 5C 5F 0A B5 F5 D8 21 EA 18 40 98 00 08 .W \_....!..@...
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 224: 69 70 74 61 62 6C 65 73 80 00 55 97 00 D0 00 00 iptables..U.....
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 240: 00 00 00 3D 00 00 00 00 00 00 00 01 00 03 00 14 ...=............
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 256: 7A 3C A7 21 58 E6 0B 0C 91 E4 8A 42 08 48 F1 B6 z<.!X......B.H..
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 272: 93 AE A2 6C 00 0F 6C 69 62 78 74 61 62 6C 65 73 ...l..libxtables
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 288: 2E 73 6F 2E 35 80 00 55 97 00 D0 00 00 00 00 0D .so.5..U........
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 304: 9F 00 00 00 00 00 00 00 5E 00 04 00 14 18 36 41 ........^.....6A
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 320: 80 9A 27 B0 8F FE 59 C1 38 8C DA 6C 41 4B DC E6 ..'...Y.8..lAK..
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 336: D6 00 0C 6C 69 62 78 74 5F 74 6F 73 2E 73 6F 47 ...libxt_tos.soG
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 352: 52 53 2C B9 41 A1 FD 98 11 4C 2F 99 9E B6 16 98 RS,.A....L/.....
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 368: BD DF 35 00 10 6C 69 62 69 70 36 74 5F 65 75 69 ..5..libip6t_eui
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 384: 36 34 2E 73 6F EE 9B C9 37 A8 DB 06 D4 BA A2 14 64.so...7.......
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 400: 7B 47 8E AC AF FE 8C C8 F7 00 0F 6C 69 62 69 70 {G.........libip
Feb 9 14:53:48 pin1212a00 charon: 11[TNC] 416: 74 5F 72 65 61 6C 6D 2E 73 6F 32 D4 43 76 1A AF t_realm.so2.Cv..
----------------- truncated batch ------------------
Feb 9 14:53:48 pin1212a00 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Feb 9 14:53:48 pin1212a00 charon: 11[ENC] generating IKE_AUTH request 12 [ EAP/RES/TTLS ]
Feb 9 14:53:48 pin1212a00 charon: 11[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Feb 9 14:53:48 pin1212a00 charon: 08[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Feb 9 14:53:48 pin1212a00 charon: 08[ENC] parsed IKE_AUTH response 12 [ EAP/REQ/TTLS ]
Feb 9 14:53:48 pin1212a00 charon: 08[ENC] generating IKE_AUTH request 13 [ EAP/RES/TTLS ]
Feb 9 14:53:48 pin1212a00 charon: 08[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Feb 9 14:53:48 pin1212a00 charon: 09[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Feb 9 14:53:48 pin1212a00 charon: 09[ENC] parsed IKE_AUTH response 13 [ EAP/REQ/TTLS ]
Feb 9 14:53:48 pin1212a00 charon: 09[ENC] generating IKE_AUTH request 14 [ EAP/RES/TTLS ]
Feb 9 14:53:48 pin1212a00 charon: 09[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Feb 9 14:53:48 pin1212a00 charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Feb 9 14:53:48 pin1212a00 charon: 10[ENC] parsed IKE_AUTH response 14 [ EAP/REQ/TTLS ]
Feb 9 14:53:48 pin1212a00 charon: 10[ENC] generating IKE_AUTH request 15 [ EAP/RES/TTLS ]
Feb 9 14:53:48 pin1212a00 charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Functional Component Evidence¶
The final PB-TNC SDATA batch arrives from the TNC server:
Nov 29 07:39:24 merthyr charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Nov 29 07:39:24 merthyr charon: 03[ENC] parsed IKE_AUTH response 15 [ EAP/REQ/TTLS ] Nov 29 07:39:24 merthyr charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC] Nov 29 07:39:24 merthyr charon: 03[TNC] received TNCCS batch (92 bytes) for Connection ID 1 Nov 29 07:39:24 merthyr charon: 03[TNC] => 92 bytes @ 0x826a546 Nov 29 07:39:24 merthyr charon: 03[TNC] 0: 02 80 00 02 00 00 00 5C 80 00 00 00 00 00 00 01 .......\........ Nov 29 07:39:24 merthyr charon: 03[TNC] 16: 00 00 00 54 00 00 55 97 00 00 00 01 FF FF 00 01 ...T..U......... Nov 29 07:39:24 merthyr charon: 03[TNC] 32: 01 00 00 00 AA 37 58 07 80 00 55 97 00 10 00 00 .....7X...U..... Nov 29 07:39:24 merthyr charon: 03[TNC] 48: 00 00 00 24 10 00 00 00 00 90 2A 21 00 00 00 03 ...$......*!.... Nov 29 07:39:24 merthyr charon: 03[TNC] 64: 10 00 00 00 00 90 2A 21 00 00 00 02 80 00 55 97 ......*!......U. Nov 29 07:39:24 merthyr charon: 03[TNC] 80: 00 20 00 00 00 00 00 10 00 00 00 00 . .......... Nov 29 07:39:24 merthyr charon: 03[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' Nov 29 07:39:24 merthyr charon: 03[TNC] processing PB-TNC SDATA batch
Again the PTS-IMC is subscribed to this PB-PA message type:
Per subscription the PTS-IMC receives this PB-PA message type: Nov 29 07:39:24 merthyr charon: 03[TNC] processing PB-PA message (84 bytes) Nov 29 07:39:24 merthyr charon: 03[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x01
The PA-TNC message contains a 'Request Functional Component Evidence' and a final 'Generate Attestation Evidence' attribute from the TCG namespace:
Nov 29 07:39:24 merthyr charon: 03[TNC] processing PA-TNC message with ID 0xaa375807 Nov 29 07:39:24 merthyr charon: 03[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000 Nov 29 07:39:24 merthyr charon: 03[TNC] => 24 bytes @ 0x826bc50 Nov 29 07:39:24 merthyr charon: 03[TNC] 0: 10 00 00 00 00 90 2A 21 00 00 00 03 10 00 00 00 ......*!........ Nov 29 07:39:24 merthyr charon: 03[TNC] 16: 00 90 2A 21 00 00 00 02 ..*!.... Nov 29 07:39:24 merthyr charon: 03[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000 Nov 29 07:39:24 merthyr charon: 03[TNC] => 4 bytes @ 0x826bc74 Nov 29 07:39:24 merthyr charon: 03[TNC] 0: 00 00 00 00
The first of the ordered evidence request is for the Linux IMA functional component defined in the ITA-HSR namespace which verifies the 126 measurements extended into PCRs 0..7 during the pre-boot process.
Nov 29 07:39:24 merthyr charon: 03[IMC] evidence requested for 2 functional components
Nov 29 07:39:24 merthyr charon: 03[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] loaded bios measurements '/sys/kernel/security/tpm0/binary_bios_measurements' (126 entries)
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 extended with: 4d:89:4e:ef:0a:e7:cb:12:47:40:df:4f:6c:5c:35:aa:0f:e7:da:e8
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 after value : 53:2d:3c:15:48:a8:56:f0:68:a9:dd:63:8f:b2:ed:6a:f2:f3:c7:90
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 extended with: f2:c8:46:e7:f3:35:f7:b9:e9:dd:0a:44:f4:8c:48:e1:98:67:50:c7
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 before value : 53:2d:3c:15:48:a8:56:f0:68:a9:dd:63:8f:b2:ed:6a:f2:f3:c7:90
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 after value : 9c:69:c6:4a:1b:13:fc:27:4b:45:1e:c1:b5:65:49:77:88:da:f4:7a
--------------------- omitted another 54 PCR 0 measurements ---------------------
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 extended with: a2:3b:27:98:83:91:5b:0d:c3:31:30:81:92:43:66:ea:5e:75:bd:c1
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 before value : 69:f8:2a:f1:0a:82:a2:57:37:ed:b6:bd:29:19:a0:cc:89:7c:2b:2c
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 after value : 83:2b:c0:fd:f5:cd:ab:86:fe:8f:c5:88:54:75:8f:40:0f:ff:58:f5
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 extended with: ef:75:11:b5:24:85:57:ae:63:7f:46:b5:52:f8:af:59:02:0f:2b:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 after value : e9:6e:49:77:ac:62:c8:e9:1f:c2:83:23:36:02:b3:b4:55:09:f0:5e
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 extended with: 62:40:c5:88:a2:d7:74:0f:5c:2c:95:23:bf:f7:d9:83:34:99:8d:77
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 before value : e9:6e:49:77:ac:62:c8:e9:1f:c2:83:23:36:02:b3:b4:55:09:f0:5e
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 after value : a4:d1:b9:c6:e4:fa:28:96:1f:38:fa:1c:16:a6:8a:36:ec:9e:b3:f0
--------------------- omitted another 8 PCR 2 measurements ----------------------
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 extended with: 64:61:d3:77:19:99:c3:a4:b3:c1:5b:f4:e3:8d:a3:0b:91:bc:1b:17
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 before value : d7:e7:4d:8a:31:27:fe:7f:56:90:f5:32:87:93:dd:ce:d7:d8:8f:2b
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 after value : dc:a3:35:e6:4e:b3:32:00:4f:7b:fd:52:37:3a:2e:66:8b:94:20:6d
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 6 extended with: fc:ad:78:7f:77:71:63:7d:65:96:38:d9:2b:5e:ee:93:85:b3:d7:b9
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 6 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 6 after value : e9:ee:75:26:27:c1:99:88:cc:8b:3e:c7:58:8a:6d:80:f5:e9:d5:07
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 extended with: 4b:90:d9:17:8e:fc:5c:f9:a9:dd:f4:f8:bc:c4:90:08:78:5d:76:ec
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 before value : 83:2b:c0:fd:f5:cd:ab:86:fe:8f:c5:88:54:75:8f:40:0f:ff:58:f5
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 0 after value : ea:7d:5a:f1:39:6d:a6:35:23:cf:5c:97:49:89:7d:e4:c5:49:ae:a1
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 extended with: e7:9e:46:8b:19:21:b2:29:3a:80:c5:91:7e:fa:6a:45:c3:79:e8:10
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 before value : dc:a3:35:e6:4e:b3:32:00:4f:7b:fd:52:37:3a:2e:66:8b:94:20:6d
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 after value : 7b:83:a8:ab:51:ce:93:7b:6a:ea:c9:ec:cc:82:18:36:eb:7b:d2:de
--------------------- omitted another 5 PCR 2 measurements ----------------------
ov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 extended with: 0b:a6:11:dd:45:de:9a:cb:e3:d0:da:0d:2e:47:8e:4a:a7:7f:f5:15
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 before value : c8:cd:82:14:ee:b8:9d:e7:e4:98:9d:4f:52:0f:b2:6c:8a:4a:bf:50
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 after value : 05:21:91:68:2b:2d:00:ec:d9:33:44:8f:4a:08:bc:03:aa:86:55:8a
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 4 extended with: 9b:4d:80:cf:ef:c7:d5:57:6c:4d:9f:22:48:72:50:58:96:ef:27:98
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 4 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 4 after value : da:6f:12:b6:2d:5c:71:56:5d:1b:5d:4d:88:82:db:51:76:25:18:56
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 extended with: e7:9e:46:8b:19:21:b2:29:3a:80:c5:91:7e:fa:6a:45:c3:79:e8:10
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 before value : 05:21:91:68:2b:2d:00:ec:d9:33:44:8f:4a:08:bc:03:aa:86:55:8a
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 after value : 20:4b:04:96:e8:ec:2a:9f:4e:c6:84:07:bd:ce:92:53:3b:24:1a:b3
--------------------- omitted another 2 PCR 2 measurements ----------------------
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 extended with: be:1b:de:c0:aa:74:b4:dc:b0:79:94:3e:70:52:80:96:cc:a9:85:f8
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 before value : b6:78:09:53:5b:5d:f5:bc:d0:7a:0a:8a:65:7f:30:45:0e:a1:53:0d
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 2 after value : 67:96:0d:ff:44:36:09:47:39:fe:34:34:33:c6:b9:cb:03:3e:7b:83
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 1 extended with: 23:0b:3b:f1:3c:75:28:34:de:cf:47:f5:a8:6a:75:58:2a:be:e5:1c
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 1 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 1 after value : 22:ac:e7:ca:d4:3d:e8:b8:1b:5f:e0:37:9f:87:24:20:66:ed:6d:20
Nov 29 07:39:24 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:24 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 1 extended with: 61:f5:9f:77:82:bb:39:61:0d:bb:6b:1f:57:03:3c:16:18:10:a2:67
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 1 before value : 22:ac:e7:ca:d4:3d:e8:b8:1b:5f:e0:37:9f:87:24:20:66:ed:6d:20
Nov 29 07:39:24 merthyr charon: 03[PTS] PCR 1 after value : bb:3a:e5:9e:da:fd:3f:c8:be:a9:7c:ac:3a:6a:eb:49:18:bd:0c:b5
--------------------- omitted another 4 PCR 1 measurements ----------------------
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 1 extended with: 67:47:61:98:f6:36:03:b8:4a:fa:23:59:70:61:1c:d6:14:56:0c:f2
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 1 before value : 84:e3:8f:0d:4e:f7:b0:f1:70:e8:5d:e0:0c:2d:56:1c:f4:56:5c:25
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 1 after value : ba:27:80:ec:41:5b:28:ad:4f:12:f7:9b:ed:58:60:13:58:f9:0d:bd
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 2 extended with: cd:f4:d7:9a:c0:a1:0d:46:a1:d9:d7:ec:96:42:88:3c:71:f7:7f:c7
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 2 before value : 67:96:0d:ff:44:36:09:47:39:fe:34:34:33:c6:b9:cb:03:3e:7b:83
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 2 after value : f6:2d:7c:34:73:dd:ad:25:36:18:40:99:10:d0:74:6e:4b:b9:59:5f
--------------------- omitted another 22 PCR 2 measurements ---------------------
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 2 extended with: ac:25:4b:04:f2:77:ca:7e:88:7a:41:41:bf:5e:d0:cf:62:60:0d:10
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 2 before value : 33:e1:5c:ef:87:84:2c:4f:a7:ea:72:e9:db:ff:5d:0a:a3:d6:cc:30
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 2 after value : b2:89:e6:e9:95:26:10:af:c8:9c:23:8e:e2:63:9c:84:d1:f4:5b:1c
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 1 extended with: 4f:13:5c:9e:e4:9c:a7:fb:fe:a0:79:e5:d6:71:48:02:f0:40:54:07
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 1 before value : ba:27:80:ec:41:5b:28:ad:4f:12:f7:9b:ed:58:60:13:58:f9:0d:bd
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 1 after value : 7e:3e:f1:d5:8b:60:39:76:59:14:11:da:f1:32:ea:cc:dd:ff:bc:fe
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 0 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 0 before value : ea:7d:5a:f1:39:6d:a6:35:23:cf:5c:97:49:89:7d:e4:c5:49:ae:a1
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 0 after value : 28:4a:e5:9c:73:7c:4d:1d:df:78:53:74:cb:b5:9a:4c:8d:63:55:90
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 1 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 1 before value : 7e:3e:f1:d5:8b:60:39:76:59:14:11:da:f1:32:ea:cc:dd:ff:bc:fe
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 1 after value : 31:10:87:04:42:56:d9:c3:a0:b5:70:ba:31:24:cb:b4:d4:6f:11:97
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 2 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 2 before value : b2:89:e6:e9:95:26:10:af:c8:9c:23:8e:e2:63:9c:84:d1:f4:5b:1c
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 2 after value : b1:f1:f6:75:42:76:40:aa:a7:7b:ef:93:f2:6a:33:3f:0d:57:c9:c5
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 3 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 3 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 3 after value : b2:a8:3b:0e:bf:2f:83:74:29:9a:5b:2b:df:c3:1e:a9:55:ad:72:36
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 before value : da:6f:12:b6:2d:5c:71:56:5d:1b:5d:4d:88:82:db:51:76:25:18:56
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 after value : c3:19:5b:15:56:22:b4:75:fd:ac:49:28:06:b8:0d:de:3c:fc:91:ad
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 5 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 5 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 5 after value : b2:a8:3b:0e:bf:2f:83:74:29:9a:5b:2b:df:c3:1e:a9:55:ad:72:36
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 6 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 6 before value : e9:ee:75:26:27:c1:99:88:cc:8b:3e:c7:58:8a:6d:80:f5:e9:d5:07
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 6 after value : ee:1b:0f:99:7d:75:17:b2:86:bc:9d:73:a4:cf:74:2c:65:a7:69:be
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 7 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 7 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 7 after value : b2:a8:3b:0e:bf:2f:83:74:29:9a:5b:2b:df:c3:1e:a9:55:ad:72:36
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 extended with: c1:e2:5c:3f:6b:0d:c7:8d:57:29:6a:a2:87:0c:a6:f7:82:cc:f8:0f
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 before value : c3:19:5b:15:56:22:b4:75:fd:ac:49:28:06:b8:0d:de:3c:fc:91:ad
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 after value : 03:c5:0f:7f:39:60:67:85:0d:84:2f:75:eb:40:f1:36:6f:08:05:25
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 extended with: 67:a0:a9:8b:c4:d6:32:11:42:89:5a:4d:93:8b:34:2f:69:59:c1:a9
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 before value : 03:c5:0f:7f:39:60:67:85:0d:84:2f:75:eb:40:f1:36:6f:08:05:25
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 after value : 6b:49:da:a9:04:84:56:ad:00:87:47:4c:d4:33:7f:12:8c:1f:fe:4a
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 extended with: 06:d6:0b:3a:0d:ee:9b:b9:be:b2:f0:b0:4a:ff:2e:75:bd:1d:28:60
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 before value : 6b:49:da:a9:04:84:56:ad:00:87:47:4c:d4:33:7f:12:8c:1f:fe:4a
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 4 after value : 78:1c:3c:ee:5c:34:68:a0:9f:5e:be:e8:e7:d5:34:ac:ea:0d:25:13
Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'
Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:23:21 2011
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 5 extended with: 1b:87:00:3b:6c:7d:90:48:37:13:c9:01:00:cc:a3:e6:23:92:b9:bc
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 5 before value : b2:a8:3b:0e:bf:2f:83:74:29:9a:5b:2b:df:c3:1e:a9:55:ad:72:36
Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 5 after value : fe:c1:94:a9:d8:f3:af:2b:38:76:d4:bf:bb:eb:f9:80:e8:7e:36:e9
The second evidence request is for the Trusted Boot functional component also defined in the ITA-HSR namespace which verifies the MLE measurements extended into PCRs 17 and 18 by Intel's TXT instruction used by Trusted Boot. This component hasn't been fully implemented yet, so dummy measurements values defined in /etc/strongswan.conf are used.
Nov 29 07:39:25 merthyr charon: 03[PTS] * ITA-HSR functional component 'Trusted Boot' [K.] 'Trusted Platform' Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Trusted Boot' [K.] 'Trusted Platform' Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:39:25 2011 Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 17 extended with: d5:37:d4:37:f0:58:13:6e:b3:d7:be:51:7d:be:76:47:b6:23:c6:19 Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 17 before value : 17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17:17 Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 17 after value : ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff Nov 29 07:39:25 merthyr charon: 03[PTS] ITA-HSR functional component 'Trusted Boot' [K.] 'Trusted Platform' Nov 29 07:39:25 merthyr charon: 03[PTS] measurement time: Nov 29 07:39:25 2011 Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 18 extended with: 16:0d:2b:04:d1:1e:b2:25:fb:14:86:15:b6:99:08:18:69:e1:5b:6c Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 18 before value : 18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18:18 Nov 29 07:39:25 merthyr charon: 03[PTS] PCR 18 after value : ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff
TPM Quote Signature¶
The latest states of all PCRs involved in the previous functional component evidence measurements are put into a 'PCR Composite' structure, hashed and then signed by the TPM with a Quote Signature operation:
Nov 29 07:39:27 merthyr charon: 03[PTS] Hash of PCR Composite: 81:c9:e6:a1:c3:4f:d2:24:20:62:71:b0:69:38:a2:c4:63:4e:35:41
Nov 29 07:39:27 merthyr charon: 03[PTS] TPM Quote Info: => 52 bytes @ 0x829d4cc
Nov 29 07:39:27 merthyr charon: 03[PTS] 0: 00 36 51 55 54 32 E1 1B 01 B4 FF 2B 56 83 24 AD .6QUT2.....+V.$.
Nov 29 07:39:27 merthyr charon: 03[PTS] 16: AD AD 8B 7B 36 B7 FF CA D9 59 00 03 FF 00 06 01 ...{6....Y......
Nov 29 07:39:27 merthyr charon: 03[PTS] 32: 81 C9 E6 A1 C3 4F D2 24 20 62 71 B0 69 38 A2 C4 .....O.$ bq.i8..
Nov 29 07:39:27 merthyr charon: 03[PTS] 48: 63 4E 35 41 cN5A
Nov 29 07:39:27 merthyr charon: 03[PTS] TPM Quote Signature: => 256 bytes @ 0x829d914
Nov 29 07:39:27 merthyr charon: 03[PTS] 0: 95 81 40 BE C2 5D D6 19 3E 1A 4C E5 71 86 C0 3A ..@..]..>.L.q..:
Nov 29 07:39:27 merthyr charon: 03[PTS] 16: 89 EF 28 53 EC D9 40 21 83 9C F4 6E FD 51 AD 6D ..(S..@!...n.Q.m
Nov 29 07:39:27 merthyr charon: 03[PTS] 32: 94 46 DF 0D 51 A5 71 A7 D8 CF FD 8E 0B CA 51 A7 .F..Q.q.......Q.
Nov 29 07:39:27 merthyr charon: 03[PTS] 48: 6A 2A C0 85 0F F5 28 0D A1 9A B9 F0 DC 34 AA 08 j*....(......4..
Nov 29 07:39:27 merthyr charon: 03[PTS] 64: 47 39 8A 2B 9A 19 0C 91 EB C6 99 CD 18 5D 66 CE G9.+.........]f.
Nov 29 07:39:27 merthyr charon: 03[PTS] 80: CA C1 93 08 E3 46 9F 44 79 CB 1A F3 12 FC 9A 80 .....F.Dy.......
Nov 29 07:39:27 merthyr charon: 03[PTS] 96: A6 54 5F 5C 6C A0 DE F2 06 AA CD A0 E0 F5 35 52 .T_\l.........5R
Nov 29 07:39:27 merthyr charon: 03[PTS] 112: 2D 99 DD 9A 8C B5 E3 53 0E 32 1A DB 20 88 D3 16 -......S.2.. ...
Nov 29 07:39:27 merthyr charon: 03[PTS] 128: 80 6B 35 12 74 1E 9E 34 43 B9 1A E7 72 4C F4 09 .k5.t..4C...rL..
Nov 29 07:39:27 merthyr charon: 03[PTS] 144: 92 75 21 2C 00 9C AC 0D 97 0F 7A 01 E1 69 92 1C .u!,......z..i..
Nov 29 07:39:27 merthyr charon: 03[PTS] 160: F9 D8 E2 06 DA 25 75 CA C5 59 FC D5 C0 EA 2D 85 .....%u..Y....-.
Nov 29 07:39:27 merthyr charon: 03[PTS] 176: 68 E5 AB 64 D7 65 33 57 9B 85 80 69 CE 2A C9 97 h..d.e3W...i.*..
Nov 29 07:39:27 merthyr charon: 03[PTS] 192: 65 47 9C 14 D1 05 D2 96 13 38 90 31 D6 CA E0 5A eG.......8.1...Z
Nov 29 07:39:27 merthyr charon: 03[PTS] 208: 03 8D 9D A6 7D F9 5B 08 E5 AD 4B 1E 0A 59 A6 25 ....}.[...K..Y.%
Nov 29 07:39:27 merthyr charon: 03[PTS] 224: 80 27 1B BD 76 BD CE 1F 1F D5 80 AF 79 33 89 35 .'..v.......y3.5
Nov 29 07:39:27 merthyr charon: 03[PTS] 240: 23 EA 7F 96 C3 A1 A9 2D A5 96 E0 8D 3B 10 55 6F #......-....;.Uo
The PA-TNC message created by the PTS-IMC contains 128 'Simple Component Evidence' attributes and one closing 'Simple Evidence Final' attribute both from the TCG namespace:
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC message with ID 0x95f82a49
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x829fd5c
Nov 29 07:39:27 merthyr charon: 03[TNC] 0: 80 00 00 00 00 90 2A 21 00 00 00 03 80 00 00 00 ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC] 16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30 ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC] 32: 36 3A 32 33 3A 32 31 5A 00 14 00 00 00 00 00 00 6:23:21Z........
Nov 29 07:39:27 merthyr charon: 03[TNC] 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 2D ..............S-
Nov 29 07:39:27 merthyr charon: 03[TNC] 64: 3C 15 48 A8 56 F0 68 A9 DD 63 8F B2 ED 6A F2 F3 <.H.V.h..c...j..
Nov 29 07:39:27 merthyr charon: 03[TNC] 80: C7 90 4D 89 4E EF 0A E7 CB 12 47 40 DF 4F 6C 5C ..M.N.....G@.Ol\
Nov 29 07:39:27 merthyr charon: 03[TNC] 96: 35 AA 0F E7 DA E8 5.....
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x829ff74
Nov 29 07:39:27 merthyr charon: 03[TNC] 0: 80 00 00 00 00 90 2A 21 00 00 00 03 80 00 00 00 ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC] 16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30 ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC] 32: 36 3A 32 33 3A 32 31 5A 00 14 53 2D 3C 15 48 A8 6:23:21Z..S-<.H.
Nov 29 07:39:27 merthyr charon: 03[TNC] 48: 56 F0 68 A9 DD 63 8F B2 ED 6A F2 F3 C7 90 9C 69 V.h..c...j.....i
Nov 29 07:39:27 merthyr charon: 03[TNC] 64: C6 4A 1B 13 FC 27 4B 45 1E C1 B5 65 49 77 88 DA .J...'KE...eIw..
Nov 29 07:39:27 merthyr charon: 03[TNC] 80: F4 7A F2 C8 46 E7 F3 35 F7 B9 E9 DD 0A 44 F4 8C .z..F..5.....D..
Nov 29 07:39:27 merthyr charon: 03[TNC] 96: 48 E1 98 67 50 C7 H..gP.
----- omitted another 122 'TCG/Simple Component Evidence' attributes --
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x82a7b6c
Nov 29 07:39:27 merthyr charon: 03[TNC] 0: 80 00 00 00 00 90 2A 21 00 00 00 03 80 00 00 04 ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC] 16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30 ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC] 32: 36 3A 32 33 3A 32 31 5A 00 14 6B 49 DA A9 04 84 6:23:21Z..kI....
Nov 29 07:39:27 merthyr charon: 03[TNC] 48: 56 AD 00 87 47 4C D4 33 7F 12 8C 1F FE 4A 78 1C V...GL.3.....Jx.
Nov 29 07:39:27 merthyr charon: 03[TNC] 64: 3C EE 5C 34 68 A0 9F 5E BE E8 E7 D5 34 AC EA 0D <.\4h..^....4...
Nov 29 07:39:27 merthyr charon: 03[TNC] 80: 25 13 06 D6 0B 3A 0D EE 9B B9 BE B2 F0 B0 4A FF %....:........J.
Nov 29 07:39:27 merthyr charon: 03[TNC] 96: 2E 75 BD 1D 28 60 .u..(`
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x82a7c6c
Nov 29 07:39:27 merthyr charon: 03[TNC] 0: 80 00 00 00 00 90 2A 21 00 00 00 03 80 00 00 05 ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC] 16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30 ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC] 32: 36 3A 32 33 3A 32 31 5A 00 14 B2 A8 3B 0E BF 2F 6:23:21Z....;../
Nov 29 07:39:27 merthyr charon: 03[TNC] 48: 83 74 29 9A 5B 2B DF C3 1E A9 55 AD 72 36 FE C1 .t).[+....U.r6..
Nov 29 07:39:27 merthyr charon: 03[TNC] 64: 94 A9 D8 F3 AF 2B 38 76 D4 BF BB EB F9 80 E8 7E .....+8v.......~
Nov 29 07:39:27 merthyr charon: 03[TNC] 80: 36 E9 1B 87 00 3B 6C 7D 90 48 37 13 C9 01 00 CC 6....;l}.H7.....
Nov 29 07:39:27 merthyr charon: 03[TNC] 96: A3 E6 23 92 B9 BC ..#...
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x82a7d6c
Nov 29 07:39:27 merthyr charon: 03[TNC] 0: 80 00 00 00 00 90 2A 21 00 00 00 02 80 00 00 11 ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC] 16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30 ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC] 32: 36 3A 33 39 3A 32 35 5A 00 14 17 17 17 17 17 17 6:39:25Z........
Nov 29 07:39:27 merthyr charon: 03[TNC] 48: 17 17 17 17 17 17 17 17 17 17 17 17 17 17 FF FF ................
Nov 29 07:39:27 merthyr charon: 03[TNC] 64: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Nov 29 07:39:27 merthyr charon: 03[TNC] 80: FF FF D5 37 D4 37 F0 58 13 6E B3 D7 BE 51 7D BE ...7.7.X.n...Q}.
Nov 29 07:39:27 merthyr charon: 03[TNC] 96: 76 47 B6 23 C6 19 vG.#..
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 102 bytes @ 0x82a7e6c
Nov 29 07:39:27 merthyr charon: 03[TNC] 0: 80 00 00 00 00 90 2A 21 00 00 00 02 80 00 00 12 ......*!........
Nov 29 07:39:27 merthyr charon: 03[TNC] 16: 80 00 01 00 32 30 31 31 2D 31 31 2D 32 39 54 30 ....2011-11-29T0
Nov 29 07:39:27 merthyr charon: 03[TNC] 32: 36 3A 33 39 3A 32 35 5A 00 14 18 18 18 18 18 18 6:39:25Z........
Nov 29 07:39:27 merthyr charon: 03[TNC] 48: 18 18 18 18 18 18 18 18 18 18 18 18 18 18 FF FF ................
Nov 29 07:39:27 merthyr charon: 03[TNC] 64: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Nov 29 07:39:27 merthyr charon: 03[TNC] 80: FF FF 16 0D 2B 04 D1 1E B2 25 FB 14 86 15 B6 99 ....+....%......
Nov 29 07:39:27 merthyr charon: 03[TNC] 96: 08 18 69 E1 5B 6C ..i.[l
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
Nov 29 07:39:27 merthyr charon: 03[TNC] => 288 bytes @ 0x82a80ac
Nov 29 07:39:27 merthyr charon: 03[TNC] 0: 80 00 80 00 00 00 00 14 81 C9 E6 A1 C3 4F D2 24 .............O.$
Nov 29 07:39:27 merthyr charon: 03[TNC] 16: 20 62 71 B0 69 38 A2 C4 63 4E 35 41 00 00 01 00 bq.i8..cN5A....
Nov 29 07:39:27 merthyr charon: 03[TNC] 32: 95 81 40 BE C2 5D D6 19 3E 1A 4C E5 71 86 C0 3A ..@..]..>.L.q..:
Nov 29 07:39:27 merthyr charon: 03[TNC] 48: 89 EF 28 53 EC D9 40 21 83 9C F4 6E FD 51 AD 6D ..(S..@!...n.Q.m
Nov 29 07:39:27 merthyr charon: 03[TNC] 64: 94 46 DF 0D 51 A5 71 A7 D8 CF FD 8E 0B CA 51 A7 .F..Q.q.......Q.
Nov 29 07:39:27 merthyr charon: 03[TNC] 80: 6A 2A C0 85 0F F5 28 0D A1 9A B9 F0 DC 34 AA 08 j*....(......4..
Nov 29 07:39:27 merthyr charon: 03[TNC] 96: 47 39 8A 2B 9A 19 0C 91 EB C6 99 CD 18 5D 66 CE G9.+.........]f.
Nov 29 07:39:27 merthyr charon: 03[TNC] 112: CA C1 93 08 E3 46 9F 44 79 CB 1A F3 12 FC 9A 80 .....F.Dy.......
Nov 29 07:39:27 merthyr charon: 03[TNC] 128: A6 54 5F 5C 6C A0 DE F2 06 AA CD A0 E0 F5 35 52 .T_\l.........5R
Nov 29 07:39:27 merthyr charon: 03[TNC] 144: 2D 99 DD 9A 8C B5 E3 53 0E 32 1A DB 20 88 D3 16 -......S.2.. ...
Nov 29 07:39:27 merthyr charon: 03[TNC] 160: 80 6B 35 12 74 1E 9E 34 43 B9 1A E7 72 4C F4 09 .k5.t..4C...rL..
Nov 29 07:39:27 merthyr charon: 03[TNC] 176: 92 75 21 2C 00 9C AC 0D 97 0F 7A 01 E1 69 92 1C .u!,......z..i..
Nov 29 07:39:27 merthyr charon: 03[TNC] 192: F9 D8 E2 06 DA 25 75 CA C5 59 FC D5 C0 EA 2D 85 .....%u..Y....-.
Nov 29 07:39:27 merthyr charon: 03[TNC] 208: 68 E5 AB 64 D7 65 33 57 9B 85 80 69 CE 2A C9 97 h..d.e3W...i.*..
Nov 29 07:39:27 merthyr charon: 03[TNC] 224: 65 47 9C 14 D1 05 D2 96 13 38 90 31 D6 CA E0 5A eG.......8.1...Z
Nov 29 07:39:27 merthyr charon: 03[TNC] 240: 03 8D 9D A6 7D F9 5B 08 E5 AD 4B 1E 0A 59 A6 25 ....}.[...K..Y.%
Nov 29 07:39:27 merthyr charon: 03[TNC] 256: 80 27 1B BD 76 BD CE 1F 1F D5 80 AF 79 33 89 35 .'..v.......y3.5
Nov 29 07:39:27 merthyr charon: 03[TNC] 272: 23 EA 7F 96 C3 A1 A9 2D A5 96 E0 8D 3B 10 55 6F #......-....;.Uo
This is a huge PB-TNC CDATA batch comprising 14'932 bytes distributed over 15 IKEv2 EAP-TTLS messages:
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x01
Nov 29 07:39:27 merthyr charon: 03[TNC] creating PB-TNC CDATA batch
Nov 29 07:39:27 merthyr charon: 03[TNC] adding PB-PA message
Nov 29 07:39:27 merthyr charon: 03[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Nov 29 07:39:27 merthyr charon: 03[TNC] sending PB-TNC CDATA batch (14932 bytes) for Connection ID 1
Nov 29 07:39:27 merthyr charon: 03[TNC] => 14932 bytes @ 0x827a0fc
Nov 29 07:39:27 merthyr charon: 03[TNC] 0: 02 00 00 01 00 00 3A 54 80 00 00 00 00 00 00 01 ......:T........
Nov 29 07:39:27 merthyr charon: 03[TNC] 16: 00 00 3A 4C 00 00 55 97 00 00 00 01 00 01 FF FF ..:L..U.........
Nov 29 07:39:27 merthyr charon: 03[TNC] 32: 01 00 00 00 95 F8 2A 49 00 00 55 97 00 30 00 00 ......*I..U..0..
Nov 29 07:39:27 merthyr charon: 03[TNC] 48: 00 00 00 72 80 00 00 00 00 90 2A 21 00 00 00 03 ...r......*!....
Nov 29 07:39:27 merthyr charon: 03[TNC] 64: 80 00 00 00 80 00 01 00 32 30 31 31 2D 31 31 2D ........2011-11-
Nov 29 07:39:27 merthyr charon: 03[TNC] 80: 32 39 54 30 36 3A 32 33 3A 32 31 5A 00 14 00 00 29T06:23:21Z....
Nov 29 07:39:27 merthyr charon: 03[TNC] 96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 29 07:39:27 merthyr charon: 03[TNC] 112: 00 00 53 2D 3C 15 48 A8 56 F0 68 A9 DD 63 8F B2 ..S-<.H.V.h..c..
Nov 29 07:39:27 merthyr charon: 03[TNC] 128: ED 6A F2 F3 C7 90 4D 89 4E EF 0A E7 CB 12 47 40 .j....M.N.....G@
Nov 29 07:39:27 merthyr charon: 03[TNC] 144: DF 4F 6C 5C 35 AA 0F E7 DA E8 00 00 55 97 00 30 .Ol\5.......U..0
Nov 29 07:39:27 merthyr charon: 03[TNC] 160: 00 00 00 00 00 72 80 00 00 00 00 90 2A 21 00 00 .....r......*!..
Nov 29 07:39:27 merthyr charon: 03[TNC] 176: 00 03 80 00 00 00 80 00 01 00 32 30 31 31 2D 31 ..........2011-1
Nov 29 07:39:27 merthyr charon: 03[TNC] 192: 31 2D 32 39 54 30 36 3A 32 33 3A 32 31 5A 00 14 1-29T06:23:21Z..
Nov 29 07:39:27 merthyr charon: 03[TNC] 208: 53 2D 3C 15 48 A8 56 F0 68 A9 DD 63 8F B2 ED 6A S-<.H.V.h..c...j
Nov 29 07:39:27 merthyr charon: 03[TNC] 224: F2 F3 C7 90 9C 69 C6 4A 1B 13 FC 27 4B 45 1E C1 .....i.J...'KE..
Nov 29 07:39:27 merthyr charon: 03[TNC] 240: B5 65 49 77 88 DA F4 7A F2 C8 46 E7 F3 35 F7 B9 .eIw...z..F..5..
Nov 29 07:39:27 merthyr charon: 03[TNC] 256: E9 DD 0A 44 F4 8C 48 E1 98 67 50 C7 00 00 55 97 ...D..H..gP...U.
----------------- truncated batch ------------------
Nov 29 07:39:27 merthyr charon: 03[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]
Nov 29 07:39:27 merthyr charon: 03[ENC] generating IKE_AUTH request 16 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 04[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 04[ENC] parsed IKE_AUTH response 16 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 04[ENC] generating IKE_AUTH request 17 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 04[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 15[ENC] parsed IKE_AUTH response 17 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 15[ENC] generating IKE_AUTH request 18 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 13[ENC] parsed IKE_AUTH response 18 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 13[ENC] generating IKE_AUTH request 19 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 05[ENC] parsed IKE_AUTH response 19 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 05[ENC] generating IKE_AUTH request 20 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 06[ENC] parsed IKE_AUTH response 20 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 06[ENC] generating IKE_AUTH request 21 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 02[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 02[ENC] parsed IKE_AUTH response 21 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 02[ENC] generating IKE_AUTH request 22 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 02[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 14[ENC] parsed IKE_AUTH response 22 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 14[ENC] generating IKE_AUTH request 23 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 01[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 01[ENC] parsed IKE_AUTH response 23 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 01[ENC] generating IKE_AUTH request 24 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 01[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 10[ENC] parsed IKE_AUTH response 24 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 10[ENC] generating IKE_AUTH request 25 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 03[ENC] parsed IKE_AUTH response 25 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 03[ENC] generating IKE_AUTH request 26 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 04[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 04[ENC] parsed IKE_AUTH response 26 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 04[ENC] generating IKE_AUTH request 27 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 04[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:27 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:27 merthyr charon: 15[ENC] parsed IKE_AUTH response 27 [ EAP/REQ/TTLS ]
Nov 29 07:39:27 merthyr charon: 15[ENC] generating IKE_AUTH request 28 [ EAP/RES/TTLS ]
Nov 29 07:39:27 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:28 merthyr charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:28 merthyr charon: 13[ENC] parsed IKE_AUTH response 28 [ EAP/REQ/TTLS ]
Nov 29 07:39:28 merthyr charon: 13[ENC] generating IKE_AUTH request 29 [ EAP/RES/TTLS ]
Nov 29 07:39:28 merthyr charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Nov 29 07:39:28 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
Nov 29 07:39:28 merthyr charon: 05[ENC] parsed IKE_AUTH response 29 [ EAP/REQ/TTLS ]
Nov 29 07:39:28 merthyr charon: 05[ENC] generating IKE_AUTH request 30 [ EAP/RES/TTLS ]
Nov 29 07:39:28 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Because the remote PTS-IMV is quite busy processing all measurements, the IKE_AUTH response 30 is
delayed and after 3 seconds the IKEv2 client starts a retransmission of IKE_AUTH request 30:
Nov 29 07:39:32 merthyr charon: 13[IKE] retransmit 1 of request with message ID 30 Nov 29 07:39:32 merthyr charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
TNC Assessment¶
A PB-TNC RESULT batch is received from the TNC server containing a 'PB-Assessment-Result' and a 'PB-Access-Recommendation' message
causing the IF-TNCCS 2.0 state machine to go into the 'Decided' state:
Nov 29 07:39:34 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Nov 29 07:39:34 merthyr charon: 05[ENC] parsed IKE_AUTH response 30 [ EAP/REQ/TTLS ] Nov 29 07:39:34 merthyr charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC] Nov 29 07:39:34 merthyr charon: 05[TNC] received TNCCS batch (40 bytes) for Connection ID 1 Nov 29 07:39:34 merthyr charon: 05[TNC] => 40 bytes @ 0x824a346 Nov 29 07:39:34 merthyr charon: 05[TNC] 0: 02 80 00 03 00 00 00 28 80 00 00 00 00 00 00 02 .......(........ Nov 29 07:39:34 merthyr charon: 05[TNC] 16: 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 03 ................ Nov 29 07:39:34 merthyr charon: 05[TNC] 32: 00 00 00 10 00 00 00 01 ........ Nov 29 07:39:34 merthyr charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Decided' Nov 29 07:39:34 merthyr charon: 05[TNC] processing PB-TNC RESULT batch Nov 29 07:39:34 merthyr charon: 05[TNC] processing PB-Assessment-Result message (16 bytes) Nov 29 07:39:34 merthyr charon: 05[TNC] processing PB-Access-Recommendation message (16 bytes)
The received TNC assessment result is 'compliant' and the access recommendation is 'Access Allowed':
Nov 29 07:39:34 merthyr charon: 05[TNC] PB-TNC assessment result is 'compliant' Nov 29 07:39:34 merthyr charon: 05[TNC] PB-TNC access recommendation is 'Access Allowed' Nov 29 07:39:34 merthyr charon: 05[IMC] IMC 1 "Attestation" changed state of Connection ID 1 to 'Allowed'
The IF-TNCCS 2.0 finite state machine goes into the final Close state and sends a PB-TNC CLOSE batch back to the TNC server:
Nov 29 07:39:34 merthyr charon: 05[TNC] creating PB-TNC CLOSE batch Nov 29 07:39:34 merthyr charon: 05[TNC] PB-TNC state transition from 'Decided' to 'End' Nov 29 07:39:34 merthyr charon: 05[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 1 Nov 29 07:39:34 merthyr charon: 05[TNC] => 8 bytes @ 0x82378ac Nov 29 07:39:34 merthyr charon: 05[TNC] 0: 02 00 00 06 00 00 00 08 ........ Nov 29 07:39:34 merthyr charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC] Nov 29 07:39:34 merthyr charon: 05[ENC] generating IKE_AUTH request 31 [ EAP/RES/TTLS ] Nov 29 07:39:34 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
Final Mutual IKEv2 EAP Authentication¶
Based on the positive TNC assessment the IPsec gateway acting as a Policy Enforcement Point (PEP) finalizes the EAP-TTLS authentication with an EAP SUCCESS message:
Nov 29 07:39:34 merthyr charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Nov 29 07:39:34 merthyr charon: 06[ENC] parsed IKE_AUTH response 31 [ EAP/SUCC ] Nov 29 07:39:34 merthyr charon: 06[IKE] EAP method EAP_TTLS succeeded, MSK established
The IPsec client generates its IKEv2 AUTH payload by binding it to the MSK from the EAP-TTLS tunnel:
Nov 29 07:39:34 merthyr charon: 06[IKE] authentication of 'carol@strongswan.org' (myself) with EAP Nov 29 07:39:34 merthyr charon: 06[ENC] generating IKE_AUTH request 32 [ AUTH ] Nov 29 07:39:34 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
The IKE_AUTH response received from the IPsec gateway finalizes the IKEv2 negotiation:
Nov 29 07:39:34 merthyr charon: 01[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500] Nov 29 07:39:34 merthyr charon: 01[ENC] parsed IKE_AUTH response 32 [ AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ] Nov 29 07:39:34 merthyr charon: 01[IKE] authentication of 'moon.strongswan.org' with EAP successful
The Attestation IMC instance deletes itself and the PB-TNC (IF-TNCCS 2.0) connection is closed:
Nov 29 07:39:34 merthyr charon: 01[IMC] IMC 1 "Attestation" deleted the state of Connection ID 1 Nov 29 07:39:34 merthyr charon: 01[TNC] removed TNCCS Connection ID 1
An IPsec Security Association is established between IPsec client and IPsec gateway and payload traffic can now be securely tunneled:
Nov 29 07:39:34 merthyr charon: 01[IKE] IKE_SA home[1] established between 192.168.0.254[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
Nov 29 07:39:34 merthyr charon: 01[IKE] scheduling reauthentication in 9867s
Nov 29 07:39:34 merthyr charon: 01[IKE] maximum IKE_SA lifetime 10407s
Nov 29 07:39:34 merthyr charon: 01[IKE] CHILD_SA home{1} established with SPIs cd7bf53a_i c102a9d4_o and TS 192.168.0.254/32 === 10.1.0.0/28
Go to UserDocumentation->TNC->PTS-IMV