strongSwan

h1. TNC Client with PTS-IMC

This HOWTO explains in a step-for-step fashion how a strongSwan IPsec client with integrated TNC client functionality and an attached Platform Trust Service Integrity Measurement Collector (PTS-IMC) can provide remote attestation measurement data to a TNC server via the IKEv2 EAP-TTLS protocol. 

{{>toc}}

h2. Installation and Configuration

The following steps describe the installation of the strongSwan software

<pre>

  wget http://download.strongswan.org/strongswan-4.6.2.tar.bz2

  tar xjf strongswan-4.6.2.tar.bz2

  cd strongswan-4.6.2

  ./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-openssl --enable-curl

              --enable-eap-identity --enable-eap-md5 --enable-eap-ttls --enable-eap-tnc

              --enable-tnccs-20 --enable-tnc-imc --enable-imc-attestation

  make

  [sudo] make install 

</pre>

The strongSwan *imc-attestation.so* dynamic PTS-IMC library depends on the "TrouSerS":http://sourceforge.net/projects/trousers/ libtspi library. For compilation additionally the /usr/include/trousers/ header files are required.

The connection between IPsec client *carol* and IPsec gateway *moon* is defined in the /etc/ipsec.conf file:

<pre>

# ipsec.conf - strongSwan IPsec configuration file

config setup

     charondebug="tnc 3, imc 3, pts 3"

conn home

     left=%any

     leftid=carol@strongswan.org

     leftauth=eap

     right=192.168.0.1

     rightid=@moon.strongswan.org

     rightauth=any

     rightsendcert=never

     rightsubnet=10.1.0.0/16

     auto=start

</pre>

The debug levels for the TNC, IMC, and PTS components are increased to 3, so that HEX dumps of PB-TNC (IF-TNCCS 2.0) messages and PA-TNC (IF-M) attributes will be included in the log file.

The IKEv2 client *carol* is going to use EAP-based authentication with the user credentials being stored in the /etc/ipsec.secrets file:

<pre>

# /etc/ipsec.secrets - strongSwan IPsec secrets file

carol@strongswan.org : EAP "Ar3etTnp"

</pre>

The following IKEv2 charon and Attestation IMC options are defined in the /etc/strongswan.conf file

<pre>

# strongswan.conf - strongSwan configuration file

charon {

  load = sha1 random gmp pkcs1 pkcs8 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke

  plugins {

    eap-tnc {

      protocol = tnccs-2.0

    }

    tnc-imc {

      preferred_language = en

    }

  }

}

libimcv {

  plugins {

    imc-attestation {

      aik_cert = /home/andi/privacyca/AIK_3_Cert.der

      aik_blob = /home/andi/privacyca/AIK_3_Blob.bin

      pcr17_meas   = d537d437f058136eb3d7be517dbe7647b623c619 

      pcr17_before = 1717171717171717171717171717171717171717 

      pcr17_after  = ffffffffffffffffffffffffffffffffffffffff 

      pcr18_meas   = 160d2b04d11eb225fb148615b699081869e15b6c 

      pcr18_before = 1818181818181818181818181818181818181818 

      pcr18_after  = ffffffffffffffffffffffffffffffffffffffff 

    }

  }

}

</pre>

h2. IKEv2 Negotiation

h3. Startup and Initialization

The command

<pre>

ipsec start

</pre>

starts the TNC-enabled IPsec client:

<pre>

FFeb 10 09:05:16 pin1212a00 charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.2)

Feb 10 09:05:16 pin1212a00 charon: 00[KNL] listening on interfaces:

Feb 10 09:05:16 pin1212a00 charon: 00[KNL]   eth0

Feb 10 09:05:16 pin1212a00 charon: 00[KNL]     152.96.31.100

Feb 10 09:05:16 pin1212a00 charon: 00[KNL]     fe80::219:99ff:feb3:92c3

Feb 10 09:05:16 pin1212a00 charon: 00[KNL]   umlbr0

Feb 10 09:05:16 pin1212a00 charon: 00[KNL]     192.168.0.254

Feb 10 09:05:16 pin1212a00 charon: 00[KNL]     fe80::9cb8:adff:fe5a:270a

</pre>

The file /etc/tnc_config

<pre>

# IMC configuration file for strongSwan client 

IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so

</pre>

defines which IMCs are loaded by the TNC client:

<pre>

Feb 10 09:05:16 pin1212a00 charon: 00[TNC] loading IMCs from '/etc/tnc_config'

Feb 10 09:05:16 pin1212a00 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[sha1] available

Feb 10 09:05:16 pin1212a00 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available

Feb 10 09:05:16 pin1212a00 charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available

Feb 10 09:05:16 pin1212a00 charon: 00[PTS]   optional  PTS DH group MODP_2048[gmp] available

Feb 10 09:05:16 pin1212a00 charon: 00[PTS]   optional  PTS DH group MODP_1536[gmp] available

Feb 10 09:05:16 pin1212a00 charon: 00[PTS]   optional  PTS DH group MODP_1024[gmp] available

Feb 10 09:05:16 pin1212a00 charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available

Feb 10 09:05:16 pin1212a00 charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available

Feb 10 09:05:16 pin1212a00 charon: 00[TNC] added IETF attributes

Feb 10 09:05:16 pin1212a00 charon: 00[TNC] added ITA-HSR attributes

Feb 10 09:05:16 pin1212a00 charon: 00[LIB] libimcv initialized

Feb 10 09:05:16 pin1212a00 charon: 00[IMC] IMC 1 "Attestation" initialized

Feb 10 09:05:16 pin1212a00 charon: 00[TNC] added TCG attributes

Feb 10 09:05:16 pin1212a00 charon: 00[PTS] added TCG functional component namespace

Feb 10 09:05:16 pin1212a00 charon: 00[PTS] added ITA-HSR functional component namespace

Feb 10 09:05:16 pin1212a00 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'

Feb 10 09:05:16 pin1212a00 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'

Feb 10 09:05:16 pin1212a00 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'

Feb 10 09:05:16 pin1212a00 charon: 00[LIB] libpts initialized

Feb 10 09:05:16 pin1212a00 charon: 00[IMC] IMC 1 "Attestation" provided with bind function

Feb 10 09:05:16 pin1212a00 charon: 00[TNC] IMC 1 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001

Feb 10 09:05:16 pin1212a00 charon: 00[TNC] IMC 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'

</pre>

Next the IKEv2 credential,all necessary plugins and the IPsec connection definition are loaded

<pre>

Feb 10 09:05:16 pin1212a00 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'

Feb 10 09:05:16 pin1212a00 charon: 00[CFG]   loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem'

Feb 10 09:05:16 pin1212a00 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'

Feb 10 09:05:16 pin1212a00 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

Feb 10 09:05:16 pin1212a00 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'

Feb 10 09:05:16 pin1212a00 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'

Feb 10 09:05:16 pin1212a00 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'

Feb 10 09:05:16 pin1212a00 charon: 00[CFG]   loaded EAP secret for carol@strongswan.org

Feb 10 09:05:16 pin1212a00 charon: 00[DMN] loaded plugins: sha1 random gmp pkcs1 pkcs8 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke

Feb 10 09:05:16 pin1212a00 charon: 00[JOB] spawning 16 worker threads

Feb 10 09:05:16 pin1212a00 charon: 08[CFG] received stroke: add connection 'home'

Feb 10 09:05:16 pin1212a00 charon: 08[CFG] left nor right host is our side, assuming left=local

Feb 10 09:05:16 pin1212a00 charon: 08[CFG] added configuration 'home'

</pre>

h3. IKEv2 Exchanges 

Due to auto=start the IKEv2 negotiation automatically initiates the IKE_SA_INIT exchange

<pre>

Feb 10 09:05:24 pin1212a00 charon: 10[CFG] received stroke: initiate 'home'

Feb 10 09:05:24 pin1212a00 charon: 11[IKE] initiating IKE_SA home[1] to 192.168.0.1

Feb 10 09:05:24 pin1212a00 charon: 11[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]

Feb 10 09:05:24 pin1212a00 charon: 11[NET] sending packet: from 192.168.0.254[500] to 192.168.0.1[500]

Feb 10 09:05:24 pin1212a00 charon: 12[NET] received packet: from 192.168.0.1[500] to 192.168.0.254[500]

Feb 10 09:05:24 pin1212a00 charon: 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]

</pre>

followed by the IKE_AUTH exchange where the IKEv2 gateway proposes a mutual IKEv2 EAP-TTLS only authentication:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 12[IKE] establishing CHILD_SA home

Feb 10 09:05:24 pin1212a00 charon: 12[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]

Feb 10 09:05:24 pin1212a00 charon: 12[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Feb 10 09:05:24 pin1212a00 charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 06[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 06[IKE] server requested EAP_TTLS authentication (id 0x16)

Feb 10 09:05:24 pin1212a00 charon: 06[TLS] EAP_TTLS version is v0

Feb 10 09:05:24 pin1212a00 charon: 06[IKE] allow mutual EAP-only authentication

</pre>

h3. IKEv2 EAP-TTLS Tunnel

The IKEv2 EAP-TTLS tunnel is set up with certificate-based server authentication

<pre>

Feb 10 09:05:24 pin1212a00 charon: 06[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Feb 10 09:05:24 pin1212a00 charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 13[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 13[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Feb 10 09:05:24 pin1212a00 charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 14[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 14[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Feb 10 09:05:24 pin1212a00 charon: 14[TLS] received TLS server certificate 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org'

Feb 10 09:05:24 pin1212a00 charon: 14[CFG]   using certificate "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"

Feb 10 09:05:24 pin1212a00 charon: 14[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

Feb 10 09:05:24 pin1212a00 charon: 14[CFG] checking certificate status of "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"

Feb 10 09:05:24 pin1212a00 charon: 14[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan.crl' ...

Feb 10 09:05:24 pin1212a00 charon: 14[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

Feb 10 09:05:24 pin1212a00 charon: 14[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"

Feb 10 09:05:24 pin1212a00 charon: 14[CFG]   crl is valid: until Mar 09 10:28:34 2012

Feb 10 09:05:24 pin1212a00 charon: 14[CFG] certificate status is good

Feb 10 09:05:24 pin1212a00 charon: 14[CFG]   reached self-signed root ca with a path length of 0

Feb 10 09:05:24 pin1212a00 charon: 14[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Tunneled EAP-Identity

Via the IKEv2 EAP-TTLS tunnel the server requests the EAP client identity

<pre>

Feb 10 09:05:24 pin1212a00 charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 03[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID]

Feb 10 09:05:24 pin1212a00 charon: 03[IKE] server requested EAP_IDENTITY authentication (id 0x00)

Feb 10 09:05:24 pin1212a00 charon: 03[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID]

Feb 10 09:05:24 pin1212a00 charon: 03[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Tunneled EAP-MD5 Client Authentication

Next follows an EAP-MD5 client authentication

<pre>

Feb 10 09:05:24 pin1212a00 charon: 08[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 08[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/MD5]

Feb 10 09:05:24 pin1212a00 charon: 08[IKE] server requested EAP_MD5 authentication (id 0x45)

Feb 10 09:05:24 pin1212a00 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/MD5]

Feb 10 09:05:24 pin1212a00 charon: 08[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 08[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Tunneled EAP-TNC Transport

Now the EAP-TNC transport protocol connecting the TNC client with the TNC server is started:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 09[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 09[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Feb 10 09:05:24 pin1212a00 charon: 09[IKE] server requested EAP_TNC authentication (id 0x1B)

Feb 10 09:05:24 pin1212a00 charon: 09[TLS] EAP_TNC version is v1

</pre>

h2. PB-TNC/IF-TNCCS 2.0 Connection

A new TNCCS connection is instantiated on the TNC client and its IF-TNCCS 2.0 state machine is set to the Init state.

!IF-TNCCS-20-State-Diagram.png!

A first PB-TNC CDATA (IF-TNCCS 2.0 ClientData) batch is prepared and a PB-Language-Preference message for Englisch (en) is added: 

<pre>

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] assigned TNCCS Connection ID 1

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] creating PB-TNC CDATA batch

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] adding PB-Language-Preference message

</pre>

An instance of the Attestation PTS-IMC is created which in a first step determines the client operating systen

<pre>

Feb 10 09:05:24 pin1212a00 charon: 09[PTS] platform is 'Ubuntu 11.04 i686'

</pre>

and then loads the AIK certificate and the matching AIK private key, the latter in the form of a TPM-encrypted binary blob

<pre>

Feb 10 09:05:24 pin1212a00 charon: 09[PTS] loaded AIK certificate from '/home/seclab/privacyca/AIK_Cert.der'

Feb 10 09:05:24 pin1212a00 charon: 09[PTS] loaded AIK Blob from '/home/seclab/privacyca/AIK_Blob.bin'

Feb 10 09:05:24 pin1212a00 charon: 09[PTS] AIK Blob: => 559 bytes @ 0x9b5be20

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]    0: 01 01 00 00 00 12 00 00 00 04 00 00 00 00 01 00  ................

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]   16: 01 00 02 00 00 00 0C 00 00 08 00 00 00 00 02 00  ................

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]   32: 00 00 00 00 00 00 00 00 00 01 00 81 E3 38 7C 4D  .............8|M

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]   48: 46 70 CB D5 33 62 38 50 AD 98 D1 28 56 D3 6E 71  Fp..3b8P...(V.nq

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]   64: CF AA E3 C8 31 BD F6 FE 53 6A ED C8 54 0E 7C FB  ....1...Sj..T.|.

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]   80: 00 98 80 D6 7D C7 57 D4 EC 24 93 59 48 1F DA 67  ....}.W..$.YH..g

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]   96: 30 87 4F D3 59 B2 CA A8 9D CE C9 27 9A 03 57 C0  0.O.Y......'..W.

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  112: FE 1F AB EE E5 C2 A8 C6 D5 DC C7 1E 81 74 4D 3D  .............tM=

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  128: B5 98 6D 57 22 74 02 F1 41 7C E3 68 C1 1C 1C 2F  ..mW"t..A|.h.../

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  144: 57 54 CA 4A FB D6 3D 33 37 A9 BC FF 6F 50 13 CC  WT.J..=37...oP..

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  160: C2 D3 83 F1 4B 01 FD 66 A6 EE 7A D3 E0 E2 C0 51  ....K..f..z....Q

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  176: 55 A2 8A AB F4 85 09 74 24 64 03 DD 65 1C 26 2F  U......t$d..e.&/

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  192: 35 08 BF 57 D9 28 DA D3 D7 5B ED C8 C6 6C 43 7E  5..W.(...[...lC~

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  208: DE D3 93 F4 D5 D7 36 1E 31 9A A8 42 10 7A F5 94  ......6.1..B.z..

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  224: 93 9C 8F BD 6D BC 66 1D 30 A5 B3 B3 44 4D DA 6D  ....m.f.0...DM.m

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  240: 35 64 A6 08 EB D2 A6 99 18 56 01 28 3B 26 94 FD  5d.......V.(;&..

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  256: 6F 7F AD 45 68 3C 8A 7D 38 8C DB D8 5F 76 16 F5  o..Eh<.}8..._v..

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  272: 5E 8A 4B C2 2B 19 8A 27 D9 80 3C C8 13 01 11 70  ^.K.+..'..<....p

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  288: CC D6 EF 57 F3 EF 37 A2 E6 B5 49 00 00 01 00 4C  ...W..7...I....L

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  304: DA 76 65 D0 54 8C F9 E8 B6 C4 9E 26 37 70 B4 45  .ve.T......&7p.E

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  320: C0 42 E0 A3 7A 3E 9D 57 96 B0 C8 68 DE 6A 84 76  .B..z>.W...h.j.v

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  336: 9A 9A E3 F9 D7 44 AB E0 A2 4B D2 3E 44 BD D9 92  .....D...K.>D...

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  352: 53 AF 6A 04 26 56 04 FC F9 43 D0 68 E3 63 AD 7B  S.j.&V...C.h.c.{

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  368: 5C A2 50 B8 BA A2 F0 53 8C 8B 3A 67 35 49 CA E4  \.P....S..:g5I..

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  384: 35 A3 35 4B E7 31 D0 25 10 D4 6A B9 17 32 F9 53  5.5K.1.%..j..2.S

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  400: 22 E9 13 9D 13 E9 0D F0 59 55 33 36 5C A5 28 FB  ".......YU36\.(.

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  416: 86 88 69 69 F0 93 6F 4B 62 76 B0 0E 64 E9 69 2D  ..ii..oKbv..d.i-

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  432: 7D 9E 9E ED E1 1E 62 4C 63 AA D8 FD 87 86 77 3C  }.....bLc.....w<

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  448: C1 04 E8 63 81 54 FE 75 82 D8 36 96 67 6A D1 18  ...c.T.u..6.gj..

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  464: 78 6C 7D 7B 8C BB 28 A0 AC 84 D8 7B 7E D0 55 38  xl}{..(....{~.U8

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  480: 80 64 4C 3A 38 E0 B0 1A FE A7 C8 C3 A1 F9 21 A5  .dL:8.........!.

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  496: D1 6F DE C4 CE 0B 62 D6 39 DA A4 35 45 B3 B6 D2  .o....b.9..5E...

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  512: D4 73 0B 82 28 B5 C1 79 88 85 D8 7D 54 38 E0 DA  .s..(..y...}T8..

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  528: 57 2C 57 C1 34 4D 26 B8 9F A3 81 5B 4A 98 E5 E6  W,W.4M&....[J...

Feb 10 09:05:24 pin1212a00 charon: 09[PTS]  544: 89 94 25 A0 3F 9F 5A 3E CF A3 9A 0B 55 74 02     ..%.?.Z>....Ut.

Feb 10 09:05:24 pin1212a00 charon: 09[IMC] IMC 1 "Attestation" created a state for Connection ID 1: IF-TNCCS 2.0 with +long +excl -soh over IF-T for Tunneled EAP 1.1

</pre> 

Via the IF-IMC interface the PTS-IMC receives a 'Handshake' state change from the TNC client 

<pre>

Feb 10 09:05:24 pin1212a00 charon: 09[IMC] IMC 1 "Attestation" changed state of Connection ID 1 to 'Handshake'

</pre>

The PTS-IMC generates a PA-TNC message of type TCG/PTS targeted at the remote PTS-IMV, containing a single PA-TNC attribute of type 'IETF/Product Information' with the client operating system information:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] creating PA-TNC message with ID 0x35c9dc7b

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] => 22 bytes @ 0x9b5c120

Feb 10 09:05:24 pin1212a00 charon: 09[TNC]    0: 00 00 00 00 00 55 62 75 6E 74 75 20 31 31 2E 30  .....Ubuntu 11.0

Feb 10 09:05:24 pin1212a00 charon: 09[TNC]   16: 34 20 69 36 38 36                                4 i686

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] adding PB-PA message

</pre>

The PA-TNC message is received by the TNC client via the IF-IMC SendMessage call and is inserted together with the

PB-Language-Preference message into the PB-TNC CDATA batch which is then sent via the IKEv2 EAP-TTLS tunnel to the TNC server.

<pre>

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] PB-TNC state transition from 'Init' to 'Server Working'

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] sending PB-TNC CDATA batch (105 bytes) for Connection ID 1

Feb 10 09:05:24 pin1212a00 charon: 09[TNC] => 105 bytes @ 0x9b5c890

Feb 10 09:05:24 pin1212a00 charon: 09[TNC]    0: 02 00 00 01 00 00 00 69 00 00 00 00 00 00 00 06  .......i........

Feb 10 09:05:24 pin1212a00 charon: 09[TNC]   16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75  ....Accept-Langu

Feb 10 09:05:24 pin1212a00 charon: 09[TNC]   32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00  age: en.........

Feb 10 09:05:24 pin1212a00 charon: 09[TNC]   48: 00 00 42 00 00 55 97 00 00 00 01 00 01 FF FF 01  ..B..U..........

Feb 10 09:05:24 pin1212a00 charon: 09[TNC]   64: 00 00 00 35 C9 DC 7B 00 00 00 00 00 00 00 02 00  ...5..{.........

Feb 10 09:05:24 pin1212a00 charon: 09[TNC]   80: 00 00 22 00 00 00 00 00 55 62 75 6E 74 75 20 31  ..".....Ubuntu 1

Feb 10 09:05:24 pin1212a00 charon: 09[TNC]   96: 31 2E 30 34 20 69 36 38 36                       1.04 i686

Feb 10 09:05:24 pin1212a00 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Feb 10 09:05:24 pin1212a00 charon: 09[ENC] generating IKE_AUTH request 7 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 09[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. PTS Capability Discovery

As a response a PB-TNC SDATA (IF-TNCCS 2.0 ServerData) batch is received from the TNC server

<pre>

Feb 10 09:05:24 pin1212a00 charon: 11[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 11[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] received TNCCS batch (72 bytes) for Connection ID 1

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] => 72 bytes @ 0x9b56e82

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]    0: 02 80 00 02 00 00 00 48 80 00 00 00 00 00 00 01  .......H........

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]   16: 00 00 00 40 00 00 55 97 00 00 00 01 FF FF 00 01  ...@..U.........

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]   32: 01 00 00 00 8B 08 8D AB 80 00 55 97 01 00 00 00  ..........U.....

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]   48: 00 00 00 10 00 00 00 0E 80 00 55 97 06 00 00 00  ..........U.....

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]   64: 00 00 00 10 00 00 80 00                          ........

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] processing PB-TNC SDATA batch

</pre>

containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] processing PB-PA message (64 bytes)

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001

</pre>

The PA-TNC message transferred via the IF-IMC interface to the PTS-IMC contains two PA-TNC attributes from the TCG/PTS namespace:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 11[IMC] IMC 1 "Attestation" received message for Connection ID 1 from IMV 1

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] processing PA-TNC message with ID 0x8b088dab

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] => 4 bytes @ 0x9b57b5c

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]    0: 00 00 00 0E                                      ....

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] => 4 bytes @ 0x9b57b6c

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]    0: 00 00 80 00                                      ....

</pre>

namely the requests 'Request PTS Protocol Capabilities' and 'PTS Measurement Algorithm Request'. The PTS-IMV supports the Verification (V), DH Nonce Negotiation (D) and Trusted Platform Evidence (T) PTS protocol capabilities and the PTS-IMC does as well.

<pre>

Feb 10 09:05:24 pin1212a00 charon: 11[PTS] supported PTS protocol capabilities: .VDT.

Feb 10 09:05:24 pin1212a00 charon: 11[PTS] selected PTS measurement algorithm is HASH_SHA1

</pre>

The PTS-IMV proposes SHA-1 only for the PTS measurement algorithm which is accepted by the PTS-IMC. These two selections are sent back to the PTS-IMV in a PA-TNC message containing the TCG attributes 'PTS Protocol Capabilities' and 'PTS Measurement Algorithm":

<pre>

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] creating PA-TNC message with ID 0xace91f02

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] => 4 bytes @ 0x9b5bdd8

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]    0: 00 00 00 0E                                      ....

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] => 4 bytes @ 0x9b5ac98

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]    0: 00 00 80 00                                      ....

</pre>

This PA-TNC message is sent as a PB-PA payload in a PB-TNC CDATA batch to the TNC server:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] creating PB-TNC CDATA batch

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] adding PB-PA message

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] sending PB-TNC CDATA batch (72 bytes) for Connection ID 1

Feb 10 09:05:24 pin1212a00 charon: 11[TNC] => 72 bytes @ 0x9b5ce70

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]    0: 02 00 00 01 00 00 00 48 80 00 00 00 00 00 00 01  .......H........

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]   16: 00 00 00 40 00 00 55 97 00 00 00 01 00 01 FF FF  ...@..U.........

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]   32: 01 00 00 00 AC E9 1F 02 00 00 55 97 02 00 00 00  ..........U.....

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]   48: 00 00 00 10 00 00 00 0E 00 00 55 97 07 00 00 00  ..........U.....

Feb 10 09:05:24 pin1212a00 charon: 11[TNC]   64: 00 00 00 10 00 00 80 00                          ........

Feb 10 09:05:24 pin1212a00 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Feb 10 09:05:24 pin1212a00 charon: 11[ENC] generating IKE_AUTH request 8 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 11[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. DH Nonce Parameters

The next PB-TNC SDATA batch is received:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 12[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 12[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] received TNCCS batch (56 bytes) for Connection ID 1

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] => 56 bytes @ 0x9b56e82

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]    0: 02 80 00 02 00 00 00 38 80 00 00 00 00 00 00 01  .......8........

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   16: 00 00 00 30 00 00 55 97 00 00 00 01 FF FF 00 01  ...0..U.........

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   32: 01 00 00 00 D5 D8 B7 F7 80 00 55 97 03 00 00 00  ..........U.....

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   48: 00 00 00 10 00 00 F0 00                          ........

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] processing PB-TNC SDATA batch

</pre>

containing a PB-PA message of type TCG/PTS to which the PTS-IMC is subscribed:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] processing PB-PA message (48 bytes)

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001

</pre>

The PA-TNC message contains a 'DH Nonce Parameters Request' from the TCG namespace

<pre>

Feb 10 09:05:24 pin1212a00 charon: 12[IMC] IMC 1 "Attestation" received message for Connection ID 1 from IMV 1

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] processing PA-TNC message with ID 0xd5d8b7f7

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] => 4 bytes @ 0x9b5ce8c

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]    0: 00 00 F0 00                                      ....

</pre>

and offers the set of IKE DH groups {2, 5, 14, 19} from which the PTS-IMC selects ECP_256 (group 14).

<pre>

Feb 10 09:05:24 pin1212a00 charon: 12[PTS] selected PTS DH group is ECP_256

Feb 10 09:05:24 pin1212a00 charon: 12[PTS] nonce length is 20

</pre>

The PTS-IMC also returns a 20 byte DH responder nonce and the 32 byte ECP_256 DH responder public value:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] creating PA-TNC message with ID 0x4a9b2c31

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] => 92 bytes @ 0x9b5d478

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]    0: 00 00 00 14 10 00 E0 00 1D 14 23 06 97 7D E7 E3  ..........#..}..

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   16: AF AE B6 57 FB A3 58 DA 59 6A 4C D3 77 49 6B 4B  ...W..X.YjL.wIkK

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   32: 36 35 DF BB 27 3F 62 E7 EA 5B 6E 7C 5E 55 C4 04  65..'?b..[n|^U..

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   48: 04 89 B4 98 66 31 6A A2 A2 4E 5E AC DE 57 B7 3B  ....f1j..N^..W.;

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   64: 97 72 08 A6 90 7C 3C FB FD B3 45 05 C5 4D 21 10  .r...|<...E..M!.

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   80: 0E 07 CE 94 B0 61 14 9F C1 22 10 93              .....a..."..

</pre>

This PA-TNC message is carried in a PB-PA message encapsulated in a PB-TNC CDATA batch:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] creating PB-TNC CDATA batch

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] adding PB-PA message

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] sending PB-TNC CDATA batch (144 bytes) for Connection ID 1

Feb 10 09:05:24 pin1212a00 charon: 12[TNC] => 144 bytes @ 0x9b5d410

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]    0: 02 00 00 01 00 00 00 90 80 00 00 00 00 00 00 01  ................

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   16: 00 00 00 88 00 00 55 97 00 00 00 01 00 01 FF FF  ......U.........

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   32: 01 00 00 00 4A 9B 2C 31 00 00 55 97 04 00 00 00  ....J.,1..U.....

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   48: 00 00 00 68 00 00 00 14 10 00 E0 00 1D 14 23 06  ...h..........#.

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   64: 97 7D E7 E3 AF AE B6 57 FB A3 58 DA 59 6A 4C D3  .}.....W..X.YjL.

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   80: 77 49 6B 4B 36 35 DF BB 27 3F 62 E7 EA 5B 6E 7C  wIkK65..'?b..[n|

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]   96: 5E 55 C4 04 04 89 B4 98 66 31 6A A2 A2 4E 5E AC  ^U......f1j..N^.

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]  112: DE 57 B7 3B 97 72 08 A6 90 7C 3C FB FD B3 45 05  .W.;.r...|<...E.

Feb 10 09:05:24 pin1212a00 charon: 12[TNC]  128: C5 4D 21 10 0E 07 CE 94 B0 61 14 9F C1 22 10 93  .M!......a..."..

Feb 10 09:05:24 pin1212a00 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Feb 10 09:05:24 pin1212a00 charon: 12[ENC] generating IKE_AUTH request 9 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 12[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. DH Nonce Finish and TPM Version/AIK Info

The next PB-TNC SDATA batch is received:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 06[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] received TNCCS batch (172 bytes) for Connection ID 1

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] => 172 bytes @ 0x9b5bd52

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]    0: 02 80 00 02 00 00 00 AC 80 00 00 00 00 00 00 01  ................

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   16: 00 00 00 A4 00 00 55 97 00 00 00 01 FF FF 00 01  ......U.........

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   32: 01 00 00 00 C7 5A 89 5F 80 00 55 97 05 00 00 00  .....Z._..U.....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   48: 00 00 00 64 00 14 80 00 19 14 23 2B 46 C9 C4 56  ...d......#+F..V

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   64: B5 F6 9C 18 58 A2 78 B0 E4 A7 4A C7 20 21 32 CD  ....X.x...J. !2.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   80: B2 60 7F DB 0F 7B 35 53 AE FA 23 C0 65 A5 48 35  .`...{5S..#.e.H5

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   96: FE DF DF B9 72 C4 DD 16 8B 55 E9 84 AE 45 E0 07  ....r....U...E..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  112: 05 AF D6 60 32 95 58 81 A6 CA 36 F6 A1 CC 25 1A  ...`2.X...6...%.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  128: EF 13 9C AC 84 1F F6 9B F1 31 95 A3 80 00 55 97  .........1....U.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  144: 08 00 00 00 00 00 00 10 00 00 00 00 80 00 55 97  ..............U.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  160: 0D 00 00 00 00 00 00 10 00 00 00 00              ............

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] processing PB-TNC SDATA batch

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] processing PB-PA message (164 bytes)

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001

</pre>

containing a PA-TNC message with the 'DH Nonce Finish', 'Get TPM Version Information' and 'Get Attestation Identity Key'

attributes from the TCG namespace:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 06[IMC] IMC 1 "Attestation" received message for Connection ID 1 from IMV 1

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] processing PA-TNC message with ID 0xc75a895f

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] => 88 bytes @ 0x9b58114

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]    0: 00 14 80 00 19 14 23 2B 46 C9 C4 56 B5 F6 9C 18  ......#+F..V....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   16: 58 A2 78 B0 E4 A7 4A C7 20 21 32 CD B2 60 7F DB  X.x...J. !2..`..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   32: 0F 7B 35 53 AE FA 23 C0 65 A5 48 35 FE DF DF B9  .{5S..#.e.H5....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   48: 72 C4 DD 16 8B 55 E9 84 AE 45 E0 07 05 AF D6 60  r....U...E.....`

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   64: 32 95 58 81 A6 CA 36 F6 A1 CC 25 1A EF 13 9C AC  2.X...6...%.....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   80: 84 1F F6 9B F1 31 95 A3                          .....1..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] => 4 bytes @ 0x9b58178

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]    0: 00 00 00 00                                      ....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] => 4 bytes @ 0x9b58188

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]    0: 00 00 00 00                                      ....

</pre>

The PTS-IMV reports that it selected SHA-1 as the DH hash algorithm and provides its 20 byte nonce and 32 byte public DH factor

so that the share DH secret can be computed:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 06[PTS] selected DH hash algorithm is HASH_SHA1

Feb 10 09:05:24 pin1212a00 charon: 06[PTS] initiator nonce: => 20 bytes @ 0x9b5d848

Feb 10 09:05:24 pin1212a00 charon: 06[PTS]    0: A6 CA 36 F6 A1 CC 25 1A EF 13 9C AC 84 1F F6 9B  ..6...%.........

Feb 10 09:05:24 pin1212a00 charon: 06[PTS]   16: F1 31 95 A3                                      .1..

Feb 10 09:05:24 pin1212a00 charon: 06[PTS] responder nonce: => 20 bytes @ 0x9b5bd30

Feb 10 09:05:24 pin1212a00 charon: 06[PTS]    0: 1D 14 23 06 97 7D E7 E3 AF AE B6 57 FB A3 58 DA  ..#..}.....W..X.

Feb 10 09:05:24 pin1212a00 charon: 06[PTS]   16: 59 6A 4C D3                                      YjL.

Feb 10 09:05:24 pin1212a00 charon: 06[PTS] shared DH secret: => 32 bytes @ 0x9b5ce70

Feb 10 09:05:24 pin1212a00 charon: 06[PTS]    0: F1 6A 3B 1C 72 03 B0 18 EA 3C B6 74 D6 AD 33 E9  .j;.r....<.t..3.

Feb 10 09:05:24 pin1212a00 charon: 06[PTS]   16: 23 0B 3C 1C A9 5C 77 12 FE FF FF 67 E5 7F CB 04  #.<..\w....g....

Feb 10 09:05:24 pin1212a00 charon: 06[PTS] secret assessment value: => 20 bytes @ 0x9b5d208

Feb 10 09:05:24 pin1212a00 charon: 06[PTS]    0: 5F A0 83 5D 35 DF 3C 94 28 8B 79 6F AB 35 86 6C  _..]5.<.(.yo.5.l

Feb 10 09:05:24 pin1212a00 charon: 06[PTS]   16: E2 23 4C CF                                      .#L.

</pre>

Answering the 'Get TPM Version Information' request, the following TPM version info is returned in binary form:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 06[PTS] TPM 1.2 Version Info: Chip Version: 1.2.3.17, Spec Level: 2, Errata Rev: 2, Vendor ID: IFX

</pre>

Besides the 'TPM Version Information' attribute, also the 'Attestation Identity Key' is included in the PA-TNC message to be forwarded to the PTS-IMV:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] creating PA-TNC message with ID 0x9eb3b685

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] => 20 bytes @ 0x9b57ac8

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]    0: 00 30 01 02 03 11 00 02 02 49 46 58 00 00 05 03  .0.......IFX....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   16: 11 00 08 00                                      ....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] => 1167 bytes @ 0x9b5e950

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]    0: 00 30 82 04 8A 30 82 03 72 A0 03 02 01 02 02 10  .0...0..r.......

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   16: 33 55 8F BC AE 0F D9 47 78 74 D6 E5 C9 1B 24 28  3U.....Gxt....$(

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   32: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30  0...*.H........0

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   48: 50 31 16 30 14 06 03 55 04 0A 13 0D 70 72 69 76  P1.0...U....priv

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   64: 61 63 79 63 61 2E 63 6F 6D 31 36 30 34 06 03 55  acyca.com1604..U

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   80: 04 03 13 2D 50 72 69 76 61 63 79 20 43 41 20 49  ...-Privacy CA I

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   96: 6E 73 65 63 75 72 65 2F 55 6E 63 68 65 63 6B 65  nsecure/Unchecke

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  112: 64 20 41 49 4B 20 43 65 72 74 69 66 69 63 61 74  d AIK Certificat

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  128: 65 30 1E 17 0D 31 32 30 32 30 38 31 30 34 31 32  e0...12020810412

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  144: 30 5A 17 0D 31 33 30 32 30 38 31 30 34 31 32 30  0Z..130208104120

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  160: 5A 30 00 30 82 01 22 30 0D 06 09 2A 86 48 86 F7  Z0.0.."0...*.H..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  176: 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02  ...........0....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  192: 82 01 01 00 81 E3 38 7C 4D 46 70 CB D5 33 62 38  ......8|MFp..3b8

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  208: 50 AD 98 D1 28 56 D3 6E 71 CF AA E3 C8 31 BD F6  P...(V.nq....1..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  224: FE 53 6A ED C8 54 0E 7C FB 00 98 80 D6 7D C7 57  .Sj..T.|.....}.W

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  240: D4 EC 24 93 59 48 1F DA 67 30 87 4F D3 59 B2 CA  ..$.YH..g0.O.Y..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  256: A8 9D CE C9 27 9A 03 57 C0 FE 1F AB EE E5 C2 A8  ....'..W........

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  272: C6 D5 DC C7 1E 81 74 4D 3D B5 98 6D 57 22 74 02  ......tM=..mW"t.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  288: F1 41 7C E3 68 C1 1C 1C 2F 57 54 CA 4A FB D6 3D  .A|.h.../WT.J..=

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  304: 33 37 A9 BC FF 6F 50 13 CC C2 D3 83 F1 4B 01 FD  37...oP......K..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  320: 66 A6 EE 7A D3 E0 E2 C0 51 55 A2 8A AB F4 85 09  f..z....QU......

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  336: 74 24 64 03 DD 65 1C 26 2F 35 08 BF 57 D9 28 DA  t$d..e.&/5..W.(.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  352: D3 D7 5B ED C8 C6 6C 43 7E DE D3 93 F4 D5 D7 36  ..[...lC~......6

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  368: 1E 31 9A A8 42 10 7A F5 94 93 9C 8F BD 6D BC 66  .1..B.z......m.f

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  384: 1D 30 A5 B3 B3 44 4D DA 6D 35 64 A6 08 EB D2 A6  .0...DM.m5d.....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  400: 99 18 56 01 28 3B 26 94 FD 6F 7F AD 45 68 3C 8A  ..V.(;&..o..Eh<.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  416: 7D 38 8C DB D8 5F 76 16 F5 5E 8A 4B C2 2B 19 8A  }8..._v..^.K.+..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  432: 27 D9 80 3C C8 13 01 11 70 CC D6 EF 57 F3 EF 37  '..<....p...W..7

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  448: A2 E6 B5 49 02 03 01 00 01 A3 82 01 AE 30 82 01  ...I.........0..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  464: AA 30 37 06 03 55 1D 09 04 30 30 2E 30 16 06 05  .07..U...00.0...

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  480: 67 81 05 02 10 31 0D 30 0B 0C 03 31 2E 31 02 01  g....1.0...1.1..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  496: 02 02 01 01 30 14 06 05 67 81 05 02 12 31 0B 30  ....0...g....1.0

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  512: 09 80 01 00 81 01 00 82 01 02 30 5D 06 03 55 1D  ..........0]..U.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  528: 11 01 01 FF 04 53 30 51 A4 42 30 40 31 16 30 14  .....S0Q.B0@1.0.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  544: 06 05 67 81 05 02 01 0C 0B 69 64 3A 30 30 30 30  ..g......id:0000

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  560: 30 30 30 30 31 12 30 10 06 05 67 81 05 02 02 0C  00001.0...g.....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  576: 07 55 6E 6B 6E 6F 77 6E 31 12 30 10 06 05 67 81  .Unknown1.0...g.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  592: 05 02 03 0C 07 69 64 3A 30 30 30 30 A0 0B 06 05  .....id:0000....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  608: 67 81 05 02 0F A0 02 0C 00 30 0C 06 03 55 1D 13  g........0...U..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  624: 01 01 FF 04 02 30 00 30 81 E0 06 03 55 1D 20 01  .....0.0....U. .

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  640: 01 FF 04 81 D5 30 81 D2 30 67 06 0A 2B 06 01 04  .....0..0g..+...

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  656: 01 81 E3 42 01 10 30 59 30 29 06 08 2B 06 01 05  ...B..0Y0)..+...

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  672: 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 77 77 77  ......http://www

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  688: 2E 70 72 69 76 61 63 79 63 61 2E 63 6F 6D 2F 63  .privacyca.com/c

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  704: 70 73 2F 30 2C 06 08 2B 06 01 05 05 07 02 02 30  ps/0,..+.......0

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  720: 20 0C 1E 54 43 50 41 20 54 72 75 73 74 65 64 20   ..TCPA Trusted 

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  736: 50 6C 61 74 66 6F 72 6D 20 49 64 65 6E 74 69 74  Platform Identit

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  752: 79 30 67 06 04 55 1D 20 00 30 5F 30 25 06 08 2B  y0g..U. .0_0%..+

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  768: 06 01 05 05 07 02 01 16 19 68 74 74 70 3A 2F 2F  .........http://

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  784: 77 77 77 2E 70 72 69 76 61 63 79 63 61 2E 63 6F  www.privacyca.co

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  800: 6D 2F 30 36 06 08 2B 06 01 05 05 07 02 02 30 2A  m/06..+.......0*

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  816: 0C 28 54 43 50 41 20 54 72 75 73 74 65 64 20 50  .(TCPA Trusted P

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  832: 6C 61 74 66 6F 72 6D 20 4D 6F 64 75 6C 65 20 45  latform Module E

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  848: 6E 64 6F 72 73 65 6D 65 6E 74 30 1F 06 03 55 1D  ndorsement0...U.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  864: 23 04 18 30 16 80 14 B0 E5 97 E0 9B 23 75 B1 FD  #..0........#u..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  880: BF 01 5E 72 BA 36 D4 48 32 A0 33 30 0D 06 09 2A  ..^r.6.H2.30...*

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  896: 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 1D  .H..............

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  912: 78 37 95 C3 37 C6 09 C4 1C 3D C3 0A 01 7F 59 8D  x7..7....=....Y.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  928: 24 A8 74 81 C9 79 A2 63 45 2C 04 0C B4 CD 7F B9  $.t..y.cE,......

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  944: 42 DC FE 67 67 E7 45 C9 F6 CB 7E 42 B7 2A 8A 74  B..gg.E...~B.*.t

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  960: 14 B7 BE FF EB 77 0E 99 E7 ED 9D EA 49 8C 7B 12  .....w......I.{.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  976: 60 55 0B 1D 1A 03 0E BA AF 9E 3B 74 20 F9 17 8A  `U........;t ...

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  992: 0F 47 2D 3C DB C4 05 67 3C F0 E0 33 A6 3C C5 0E  .G-<...g<..3.<..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1008: C6 0B DB 6E 08 6A 09 3B C6 3B 75 1A 7A 6B 84 BA  ...n.j.;.;u.zk..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1024: 4A 69 6E AF 59 54 89 4A E5 07 D7 51 33 B9 9E AE  Jin.YT.J...Q3...

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1040: F2 4C 0D 81 36 14 FD 82 52 C3 BF 6A DC 8D 55 46  .L..6...R..j..UF

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1056: E0 DE B9 A6 A0 49 BB 43 0A F3 45 EA 26 58 2F D2  .....I.C..E.&X/.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1072: E4 6C 87 F3 B7 F7 E9 16 E5 0B 5D DC CE 75 EA 92  .l........]..u..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1088: 3D 9C CF 35 C1 F2 3C 87 D6 D5 04 99 0B C5 9F 45  =..5..<........E

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1104: 75 00 23 5F C5 B9 AB 73 D8 57 39 80 AE 6D 58 98  u.#_...s.W9..mX.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1120: CE F3 29 6B 1B 8A A2 0B 78 71 C3 B0 6C 8F 25 23  ..)k....xq..l.%#

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1136: AD A4 C5 FB 70 56 46 84 39 45 01 E9 F9 83 7D DC  ....pVF.9E....}.

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] 1152: 5F D9 BB BF B1 08 2A 55 94 D6 0F 76 BD 73 EE     _.....*U...v.s.

</pre>

The TNC client packs this large PA-TNC message into an outgoing PB-TNC CDATA batch:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] creating PB-TNC CDATA batch

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] adding PB-PA message

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] sending PB-TNC CDATA batch (1251 bytes) for Connection ID 1

Feb 10 09:05:24 pin1212a00 charon: 06[TNC] => 1251 bytes @ 0x9b5eea8

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]    0: 02 00 00 01 00 00 04 E3 80 00 00 00 00 00 00 01  ................

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   16: 00 00 04 DB 00 00 55 97 00 00 00 01 00 01 FF FF  ......U.........

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   32: 01 00 00 00 9E B3 B6 85 00 00 55 97 09 00 00 00  ..........U.....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   48: 00 00 00 20 00 30 01 02 03 11 00 02 02 49 46 58  ... .0.......IFX

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   64: 00 00 05 03 11 00 08 00 00 00 55 97 0E 00 00 00  ..........U.....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   80: 00 00 04 9B 00 30 82 04 8A 30 82 03 72 A0 03 02  .....0...0..r...

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]   96: 01 02 02 10 33 55 8F BC AE 0F D9 47 78 74 D6 E5  ....3U.....Gxt..

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  112: C9 1B 24 28 30 0D 06 09 2A 86 48 86 F7 0D 01 01  ..$(0...*.H.....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  128: 05 05 00 30 50 31 16 30 14 06 03 55 04 0A 13 0D  ...0P1.0...U....

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  144: 70 72 69 76 61 63 79 63 61 2E 63 6F 6D 31 36 30  privacyca.com160

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  160: 34 06 03 55 04 03 13 2D 50 72 69 76 61 63 79 20  4..U...-Privacy 

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  176: 43 41 20 49 6E 73 65 63 75 72 65 2F 55 6E 63 68  CA Insecure/Unch

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  192: 65 63 6B 65 64 20 41 49 4B 20 43 65 72 74 69 66  ecked AIK Certif

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  208: 69 63 61 74 65 30 1E 17 0D 31 32 30 32 30 38 31  icate0...1202081

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  224: 30 34 31 32 30 5A 17 0D 31 33 30 32 30 38 31 30  04120Z..13020810

Feb 10 09:05:24 pin1212a00 charon: 06[TNC]  240: 34 31 32 30 5A 30 00 30 82 01 22 30 0D 06 09 2A  4120Z0.0.."0...*

                                         ----------------- truncated batch ------------------

Feb 10 09:05:24 pin1212a00 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Feb 10 09:05:24 pin1212a00 charon: 06[ENC] generating IKE_AUTH request 10 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Feb 10 09:05:24 pin1212a00 charon: 13[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 13[ENC] parsed IKE_AUTH response 10 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 13[ENC] generating IKE_AUTH request 11 [ EAP/RES/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 13[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. File Metadata and Measurement

This PB-TNC CDATA batch contains file metadata and measurement requests:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:24 pin1212a00 charon: 14[ENC] parsed IKE_AUTH response 11 [ EAP/REQ/TTLS ]

Feb 10 09:05:24 pin1212a00 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] received TNCCS batch (263 bytes) for Connection ID 1

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] => 263 bytes @ 0x9b5cd7a

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]    0: 02 80 00 02 00 00 01 07 80 00 00 00 00 00 00 01  ................

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   16: 00 00 00 FF 00 00 55 97 00 00 00 01 FF FF 00 01  ......U.........

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   32: 01 00 00 00 12 1C C0 C5 80 00 55 97 00 70 00 00  ..........U..p..

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   48: 00 00 00 1F 00 2F 00 00 2F 65 74 63 2F 74 6E 63  ...../../etc/tnc

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   64: 5F 63 6F 6E 66 69 67 80 00 55 97 00 C0 00 00 00  _config..U......

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   80: 00 00 32 00 00 00 01 00 00 00 2F 2F 6C 69 62 2F  ..2.......//lib/

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   96: 69 33 38 36 2D 6C 69 6E 75 78 2D 67 6E 75 2F 6C  i386-linux-gnu/l

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  112: 69 62 64 6C 2E 73 6F 2E 32 80 00 55 97 00 C0 00  ibdl.so.2..U....

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  128: 00 00 00 00 22 00 00 00 02 00 00 00 2F 2F 73 62  ....".......//sb

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  144: 69 6E 2F 69 70 74 61 62 6C 65 73 80 00 55 97 00  in/iptables..U..

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  160: C0 00 00 00 00 00 28 00 00 00 03 00 00 00 2F 2F  ......(.......//

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  176: 6C 69 62 2F 6C 69 62 78 74 61 62 6C 65 73 2E 73  lib/libxtables.s

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  192: 6F 2E 35 80 00 55 97 00 C0 00 00 00 00 00 21 80  o.5..U........!.

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  208: 00 00 04 00 00 00 2F 2F 6C 69 62 2F 78 74 61 62  ......//lib/xtab

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  224: 6C 65 73 2F 80 00 55 97 00 C0 00 00 00 00 00 23  les/..U........#

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  240: 00 00 00 05 00 00 00 2F 2F 73 62 69 6E 2F 69 70  .......//sbin/ip

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]  256: 36 74 61 62 6C 65 73                             6tables

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] processing PB-TNC SDATA batch

</pre>

Again the PTS-IMC is subscribed to this PB-PA message type:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] processing PB-PA message (255 bytes)

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001

</pre>

The PA-TNC message consists of one 'Request File Metadata' and five 'Request File Measurement' attributes:

<pre>

Feb 10 09:05:24 pin1212a00 charon: 14[IMC] IMC 1 "Attestation" received message for Connection ID 1 from IMV 1

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] processing PA-TNC message with ID 0x121cc0c5

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] => 19 bytes @ 0x9b5de6c

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]    0: 00 2F 00 00 2F 65 74 63 2F 74 6E 63 5F 63 6F 6E  ./../etc/tnc_con

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   16: 66 69 67                                         fig

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] => 38 bytes @ 0x9b5de8b

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]    0: 00 00 00 01 00 00 00 2F 2F 6C 69 62 2F 69 33 38  .......//lib/i38

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   16: 36 2D 6C 69 6E 75 78 2D 67 6E 75 2F 6C 69 62 64  6-linux-gnu/libd

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   32: 6C 2E 73 6F 2E 32                                l.so.2

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] => 22 bytes @ 0x9b5debd

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]    0: 00 00 00 02 00 00 00 2F 2F 73 62 69 6E 2F 69 70  .......//sbin/ip

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   16: 74 61 62 6C 65 73                                tables

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] => 28 bytes @ 0x9b5dedf

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]    0: 00 00 00 03 00 00 00 2F 2F 6C 69 62 2F 6C 69 62  .......//lib/lib

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   16: 78 74 61 62 6C 65 73 2E 73 6F 2E 35              xtables.so.5

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] => 21 bytes @ 0x9b5df07

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]    0: 80 00 00 04 00 00 00 2F 2F 6C 69 62 2F 78 74 61  .......//lib/xta

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   16: 62 6C 65 73 2F                                   bles/

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Request File Measurement' 0x005597/0x00c00000

Feb 10 09:05:24 pin1212a00 charon: 14[TNC] => 23 bytes @ 0x9b5df28

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]    0: 00 00 00 05 00 00 00 2F 2F 73 62 69 6E 2F 69 70  .......//sbin/ip

Feb 10 09:05:24 pin1212a00 charon: 14[TNC]   16: 36 74 61 62 6C 65 73                             6tables

</pre>

The metadata for /etc/tnc_config is retrieved and the SHA-1 hash values for the four file measurement requests are computed.

Measurement request 4 is for the contents of a directory which generates quite some work.

<pre>

Feb 10 09:05:24 pin1212a00 charon: 14[IMC] metadata request for file '/etc/tnc_config'

Feb 10 09:05:24 pin1212a00 charon: 14[IMC] measurement request 1 for file '/lib/i386-linux-gnu/libdl.so.2'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   40:9b:b1:a9:7e:26:ea:11:44:cd:d6:80:1b:81:59:f1:7f:37:6b:8f for 'libdl.so.2'

Feb 10 09:05:24 pin1212a00 charon: 14[IMC] measurement request 2 for file '/sbin/iptables'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   ff:6d:ec:a0:ee:b7:a2:57:20:5c:5f:0a:b5:f5:d8:21:ea:18:40:98 for 'iptables'

Feb 10 09:05:24 pin1212a00 charon: 14[IMC] measurement request 3 for file '/lib/libxtables.so.5'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   7a:3c:a7:21:58:e6:0b:0c:91:e4:8a:42:08:48:f1:b6:93:ae:a2:6c for 'libxtables.so.5'

Feb 10 09:05:24 pin1212a00 charon: 14[IMC] measurement request 4 for directory '/lib/xtables/'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   18:36:41:80:9a:27:b0:8f:fe:59:c1:38:8c:da:6c:41:4b:dc:e6:d6 for 'libxt_tos.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   47:52:53:2c:b9:41:a1:fd:98:11:4c:2f:99:9e:b6:16:98:bd:df:35 for 'libip6t_eui64.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   ee:9b:c9:37:a8:db:06:d4:ba:a2:14:7b:47:8e:ac:af:fe:8c:c8:f7 for 'libipt_realm.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   32:d4:43:76:1a:af:13:ef:8b:3c:d7:86:9a:f9:0b:57:a7:44:58:25 for 'libxt_connlimit.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   20:cf:56:e5:ce:52:11:72:29:f5:5e:1e:ad:52:31:a7:66:b2:dd:5c for 'libxt_hashlimit.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   d5:37:d4:37:f0:58:13:6e:b3:d7:be:51:7d:be:76:47:b6:23:c6:19 for 'libxt_mark.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   dd:7b:c0:9b:d9:94:25:a1:e3:6b:69:a1:19:60:a9:00:37:e2:98:79 for 'libxt_TOS.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   fc:ca:5d:a6:7d:11:c7:ad:fd:f8:49:88:b0:96:b0:20:f9:0e:77:8a for 'libip6t_rt.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   24:15:12:c0:4d:81:6c:c8:91:10:f1:c0:fd:ab:39:d4:97:ad:9f:1b for 'libxt_TPROXY.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   44:92:7e:1b:2d:34:c5:d9:45:b8:13:33:8c:ca:41:98:3c:be:20:f7 for 'libxt_dscp.so'

Feb 10 09:05:24 pin1212a00 charon: 14[PTS]   f2:b9:91:45:6c:6b:6e:55:04:03:d4:66:5c:13:d6:c2:3e:a9:f4:a3 for 'libxt_SET.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   2d:0d:d5:0b:f5:10:78:05:b7:f9:35:c7:2f:94:c9:ba:a2:01:22:b0 for 'libxt_quota.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   b5:99:55:3b:bd:35:be:b4:f9:93:90:33:f4:4b:65:3d:ad:ba:5e:9c for 'libxt_statistic.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   9f:b6:70:dc:86:7c:58:b5:83:ef:59:a0:c8:1b:56:35:1d:6b:2c:4b for 'libxt_IDLETIMER.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   6c:0b:2d:f4:fc:4c:91:22:b5:76:2a:e1:40:d5:3f:dd:1c:f9:e8:9b for 'libxt_conntrack.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   3d:c5:69:0b:31:f0:69:93:3c:cc:14:e4:3f:7c:09:da:a3:e0:09:8d for 'libxt_mac.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   f7:d6:a5:d8:5a:32:98:d2:1c:ec:71:37:d9:47:da:90:c4:55:e4:6b for 'libxt_rateest.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   d0:27:a6:aa:de:8b:34:d2:72:d5:f2:23:5d:81:78:83:90:40:48:13 for 'libxt_DSCP.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   af:75:74:c5:d6:74:4d:fa:2e:2d:8c:d0:c4:f4:cc:f7:06:42:20:30 for 'libipt_NETMAP.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   2c:19:75:6c:4a:35:48:68:d0:50:a6:58:32:e7:c1:36:b4:a9:94:c3 for 'libxt_LED.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   e2:f7:b9:2a:bd:a7:69:f8:27:96:f5:7a:29:80:18:70:58:5d:ce:a3 for 'libipt_SNAT.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   0f:c1:21:24:64:f3:b1:b9:73:eb:c0:6c:19:90:bb:b9:88:fe:cc:8a for 'libipt_CLUSTERIP.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   2e:a8:67:ef:38:48:b8:a0:2d:a4:d3:99:4b:1f:0e:bc:db:5c:9e:80 for 'libxt_comment.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   f9:e3:53:1a:bb:67:a0:20:cf:66:7d:46:ca:82:36:75:dd:0a:0d:d4 for 'libxt_MARK.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   5a:eb:2e:92:6c:bd:3c:95:fe:82:25:e0:b3:ef:87:3a:3d:19:42:4b for 'libipt_MIRROR.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   33:9a:58:a1:b3:13:83:0c:3c:c7:4c:b3:fb:52:a5:b8:15:2f:44:e6 for 'libxt_esp.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   3e:f9:01:0e:e2:24:7c:f2:d7:64:1c:f0:4f:0c:a7:32:d0:fd:e8:68 for 'libxt_NOTRACK.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   d6:c8:df:ba:ae:7a:b2:8b:5c:ef:26:26:a2:af:3f:99:a6:ea:43:65 for 'libipt_LOG.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   06:5d:f7:20:d2:c2:86:71:72:8a:96:33:53:0d:e5:94:cf:bf:e8:97 for 'libxt_recent.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   2d:32:ef:93:12:6a:bf:8c:66:0d:57:c6:7e:50:76:c6:39:4c:ab:e8 for 'libxt_policy.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   71:40:3f:f1:c6:ca:92:7a:ba:1d:c6:8c:8e:52:a6:76:ae:c1:c9:70 for 'libxt_RATEEST.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   22:35:fe:d7:aa:6b:9a:8b:9b:db:7f:db:34:9a:35:9f:01:c1:b4:01 for 'libxt_u32.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   53:0e:8c:15:15:4a:da:bc:f7:39:c5:e2:46:ba:15:36:6f:05:b3:6b for 'libipt_ah.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   9a:d0:87:53:a6:70:8e:1d:60:da:ce:3a:58:ef:44:00:27:70:a6:bd for 'libipt_unclean.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   aa:d3:68:ae:62:e7:d0:1d:a3:3e:a7:8e:1a:7c:1a:1f:18:2a:6a:d4 for 'libxt_dccp.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   ab:78:0c:51:34:7b:ff:66:9c:97:1e:f2:c7:0b:06:d9:bd:78:7b:c9 for 'libxt_connmark.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   36:1d:6f:75:96:07:ad:c4:0d:6f:e0:af:7d:3f:91:57:94:a4:db:b0 for 'libipt_ECN.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   42:4c:99:a6:21:e1:19:c8:8b:f7:0e:78:ff:b6:4c:6d:72:db:7b:51 for 'libxt_NFQUEUE.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   8f:d3:f5:95:98:1c:49:89:61:fc:94:67:83:0d:dd:37:20:08:c0:85 for 'libxt_physdev.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   38:e9:ff:af:cf:02:73:6d:6b:9c:5e:b4:03:c5:d5:26:12:a4:64:16 for 'libxt_SECMARK.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   5d:93:68:d5:e3:ea:c0:93:d6:dc:ba:d5:c0:24:ed:3d:56:66:68:c2 for 'libxt_length.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   7a:b7:2f:5e:8e:54:89:e6:d3:aa:3d:4f:8b:ac:d0:f9:3a:71:4b:e2 for 'libxt_TRACE.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   5c:3a:42:5d:c4:25:60:8c:21:f7:3a:58:de:45:90:43:3a:e4:19:ad for 'libipt_ULOG.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   d6:0e:93:16:f6:2d:46:bd:1d:6b:f9:b7:34:d3:ac:7e:40:2f:29:30 for 'libipt_ttl.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   73:d7:5e:80:9f:53:fc:84:40:73:08:db:52:89:3f:3d:31:83:53:10 for 'libxt_limit.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   16:0d:2b:04:d1:1e:b2:25:fb:14:86:15:b6:99:08:18:69:e1:5b:6c for 'libipt_DNAT.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   aa:9a:5b:58:cb:d0:53:5b:ce:8d:d9:e4:f2:d8:d3:25:38:ce:24:72 for 'libxt_tcpmss.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   51:f1:be:7e:59:08:62:a2:c2:5f:29:f4:c5:ef:01:f0:52:df:2a:c5 for 'libipt_REDIRECT.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   a0:7e:a0:ae:3d:00:8f:37:97:c5:67:e6:29:cb:73:79:cb:15:02:ed for 'libipt_addrtype.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   3e:1c:20:2b:10:37:cc:24:54:fd:0d:cc:cc:40:e3:15:71:63:0d:9f for 'libxt_CONNMARK.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   c5:22:71:d3:8f:10:56:78:d4:cd:0c:3c:04:0a:21:cc:db:24:57:e3 for 'libxt_pkttype.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   6c:f9:db:a7:25:ac:38:d3:be:ff:dc:d8:f6:65:5b:d5:f4:66:6d:25 for 'libipt_icmp.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   37:d6:ae:25:19:77:21:4d:7a:d1:c2:95:80:94:24:af:1e:8e:76:b1 for 'libxt_set.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   e3:58:f5:3f:5c:4b:73:df:16:22:e8:16:41:d9:18:f9:23:ab:c6:2c for 'libxt_cluster.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   11:ce:3b:45:fe:b3:e6:6a:75:49:0d:42:ba:95:07:1a:c6:f4:0a:7f for 'libxt_udp.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   c1:66:c2:84:d3:95:78:3a:48:d3:02:c9:61:cb:60:d7:ec:e7:68:ab for 'libxt_multiport.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   29:8a:18:85:82:22:26:dc:be:b2:e9:08:f2:b2:69:b7:a8:27:1a:66 for 'libxt_CLASSIFY.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   c6:3e:0e:cc:c2:03:94:f9:3d:49:25:3b:33:0d:f3:2c:47:ff:d9:96 for 'libxt_CT.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   23:29:6f:48:27:6e:16:0b:6d:99:b1:b4:2a:91:14:df:72:0b:b1:ab for 'libip6t_LOG.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   48:a5:5a:a0:dc:11:94:af:63:ba:01:62:00:1c:e1:e9:b3:77:b1:59 for 'libxt_TEE.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   86:6c:55:30:ae:45:69:1b:3c:4e:08:ba:29:3b:33:26:e8:ff:1f:b3 for 'libip6t_frag.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   39:09:5f:23:c9:34:72:21:57:5d:a8:a1:30:41:cc:7b:dc:de:73:54 for 'libxt_cpu.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   00:32:1b:d8:00:d7:08:2f:0d:ee:78:ef:a1:66:1e:24:6c:3d:aa:b4 for 'libxt_iprange.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   a3:45:6c:85:20:bf:0b:c3:f0:ee:0a:1c:80:03:21:c0:19:b4:a8:82 for 'libxt_standard.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   24:f6:13:0d:e2:e5:bb:94:30:b7:1a:aa:e5:c9:42:47:b3:b6:ea:91 for 'libip6t_hl.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   56:7e:01:c5:09:23:ab:1c:19:03:b6:fb:84:9f:a6:8f:19:63:0c:a3 for 'libip6t_HL.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   fd:d2:27:82:6f:c2:9d:b7:d1:b6:ed:2b:e4:14:52:14:f3:92:16:cd for 'libipt_TTL.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   69:47:c7:94:45:0c:04:df:1c:c8:e4:17:15:ce:3d:24:7f:c5:16:c9 for 'libxt_connbytes.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   f8:93:2b:81:16:dd:d4:cf:0f:d5:f5:52:88:18:f2:1a:df:90:cb:74 for 'libxt_ipvs.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   3e:f8:a5:fd:8a:e2:28:77:84:ae:7e:dc:f8:4f:bf:b5:24:b4:97:bb for 'libxt_CONNSECMARK.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   18:fa:a3:14:df:37:fc:d0:1b:9f:1a:ea:6f:db:f0:70:c8:38:b6:a6 for 'libxt_state.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   4e:05:db:c9:87:2d:6c:6d:af:38:45:8b:35:b1:ba:6d:6a:94:d2:1f for 'libip6t_REJECT.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   47:e0:cf:82:a1:21:16:d6:8a:a6:42:39:c4:9a:23:aa:b6:cb:35:f4 for 'libxt_string.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   33:d0:40:bc:0c:64:d3:8b:99:7b:fa:ee:ae:04:59:07:c5:2b:e6:70 for 'libxt_owner.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   2b:07:68:91:49:e0:7c:ed:d6:d3:77:49:3d:17:68:ff:23:78:ac:b8 for 'libip6t_ipv6header.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   7f:cd:3d:b6:df:87:13:c0:e7:c7:2d:ad:d7:04:55:99:a7:49:f2:a0 for 'libipt_REJECT.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   95:3b:e7:07:c1:5b:15:80:a3:bb:ed:4c:7e:4c:22:1e:2d:58:44:ff for 'libxt_CHECKSUM.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   5d:32:1b:a9:90:9d:a2:38:b6:de:15:0b:0d:10:33:7c:16:cf:4c:e4 for 'libxt_TCPOPTSTRIP.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   e2:db:af:67:88:9b:bd:1f:f0:fb:da:b8:4e:00:e2:87:53:9d:61:ed for 'libxt_helper.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   9d:96:65:a3:38:9e:3f:67:a8:15:3f:a1:c3:7b:59:68:85:a4:09:b9 for 'libipt_SAME.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   a6:06:e1:bb:12:92:88:f1:90:0d:57:88:1c:3e:ac:ee:e7:27:ec:64 for 'libxt_socket.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   3b:1c:fb:8c:71:c9:04:be:b5:57:19:34:87:91:5f:f5:82:6a:33:47 for 'libipt_ecn.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   1d:74:0a:bd:38:f9:f4:bc:81:ca:43:4a:0e:25:b6:e2:17:04:24:8b for 'libxt_tcp.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   5a:0d:07:ab:03:66:03:a7:67:59:e5:f6:1f:7d:04:f2:d3:c0:56:cc for 'libipt_MASQUERADE.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   45:8a:e7:fc:05:34:ef:2a:eb:d5:6f:ce:4d:26:db:10:bd:7f:63:a4 for 'libip6t_hbh.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   1c:b5:30:10:26:19:6e:d1:d2:6f:9c:7f:92:f3:6f:b1:ee:39:48:41 for 'libxt_time.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   42:2c:14:1e:ab:57:e9:c9:a8:0a:3c:7b:31:c2:6a:d4:d0:b5:ed:07 for 'libip6t_ah.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   c9:16:92:db:c9:06:c0:de:e9:7c:b9:6e:ba:fd:6e:f1:ff:cc:4d:1b for 'libip6t_icmp6.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   28:e0:5c:e1:9a:52:ab:16:23:71:cb:5c:14:8f:b1:6e:c7:c3:4a:d6 for 'libxt_NFLOG.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   ac:87:0e:51:06:2d:69:a6:b1:9a:71:e5:1d:19:4b:9b:0c:29:51:cf for 'libip6t_dst.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   34:3d:51:24:47:fc:02:22:63:19:9f:d2:3f:7b:21:6b:46:e0:1e:b3 for 'libxt_sctp.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   7f:f7:ef:5a:4e:01:de:31:18:5d:79:cc:d9:a3:14:a6:a1:2d:3a:65 for 'libxt_TCPMSS.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   ca:1e:da:79:68:a9:0f:6c:c9:14:0a:bd:d1:d1:77:11:6b:69:97:e1 for 'libxt_osf.so'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   32:7f:fa:63:fc:c0:8e:14:e5:64:6b:78:ac:e3:76:94:3a:95:12:7a for 'libip6t_mh.so'

Feb 10 09:05:25 pin1212a00 charon: 14[IMC] measurement request 5 for file '/sbin/ip6tables'

Feb 10 09:05:25 pin1212a00 charon: 14[PTS]   8a:7c:41:16:7b:c0:fc:c1:de:c8:32:9a:86:8b:a2:65:c2:38:57:f5 for 'ip6tables'

</pre>

Packed into one 'Unix-Style File Metadata' and four 'File Measurement' attributes the measured file data is returned to the TNC server:

<pre>

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] creating PA-TNC message with ID 0x76759cfc

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] => 70 bytes @ 0x9b5d4c8

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]    0: 00 00 00 00 00 00 00 01 00 3E 08 00 00 00 00 00  .........>......

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   16: 00 00 00 6C 00 00 00 00 4F 2F F3 66 00 00 00 00  ...l....O/.f....

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   32: 4F 2F F3 66 00 00 00 00 4F 33 BD 1C 00 00 00 00  O/.f....O3......

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   48: 00 00 00 00 00 00 00 00 00 00 00 00 74 6E 63 5F  ............tnc_

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   64: 63 6F 6E 66 69 67                                config

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] => 44 bytes @ 0x9b55388

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]    0: 00 00 00 00 00 00 00 01 00 01 00 14 40 9B B1 A9  ............@...

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   16: 7E 26 EA 11 44 CD D6 80 1B 81 59 F1 7F 37 6B 8F  ~&..D.....Y..7k.

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   32: 00 0A 6C 69 62 64 6C 2E 73 6F 2E 32              ..libdl.so.2

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] => 42 bytes @ 0x9b5d8b0

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]    0: 00 00 00 00 00 00 00 01 00 02 00 14 FF 6D EC A0  .............m..

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   16: EE B7 A2 57 20 5C 5F 0A B5 F5 D8 21 EA 18 40 98  ...W \_....!..@.

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   32: 00 08 69 70 74 61 62 6C 65 73                    ..iptables

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] => 49 bytes @ 0x9b5ac48

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]    0: 00 00 00 00 00 00 00 01 00 03 00 14 7A 3C A7 21  ............z<.!

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   16: 58 E6 0B 0C 91 E4 8A 42 08 48 F1 B6 93 AE A2 6C  X......B.H.....l

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   32: 00 0F 6C 69 62 78 74 61 62 6C 65 73 2E 73 6F 2E  ..libxtables.so.

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   48: 35                                               5

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] => 3475 bytes @ 0x9b61048

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]    0: 00 00 00 00 00 00 00 5E 00 04 00 14 18 36 41 80  .......^.....6A.

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   16: 9A 27 B0 8F FE 59 C1 38 8C DA 6C 41 4B DC E6 D6  .'...Y.8..lAK...

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   32: 00 0C 6C 69 62 78 74 5F 74 6F 73 2E 73 6F 47 52  ..libxt_tos.soGR

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   48: 53 2C B9 41 A1 FD 98 11 4C 2F 99 9E B6 16 98 BD  S,.A....L/......

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   64: DF 35 00 10 6C 69 62 69 70 36 74 5F 65 75 69 36  .5..libip6t_eui6

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   80: 34 2E 73 6F EE 9B C9 37 A8 DB 06 D4 BA A2 14 7B  4.so...7.......{

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   96: 47 8E AC AF FE 8C C8 F7 00 0F 6C 69 62 69 70 74  G.........libipt

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  112: 5F 72 65 61 6C 6D 2E 73 6F 32 D4 43 76 1A AF 13  _realm.so2.Cv...

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  128: EF 8B 3C D7 86 9A F9 0B 57 A7 44 58 25 00 12 6C  ..<.....W.DX%..l

                                         --------------- truncated attribute ----------------

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] creating PA-TNC attribute type 'TCG/File Measurement' 0x005597/0x00d00000

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] => 43 bytes @ 0x9b55d88

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]    0: 00 00 00 00 00 00 00 01 00 05 00 14 8A 7C 41 16  .............|A.

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   16: 7B C0 FC C1 DE C8 32 9A 86 8B A2 65 C2 38 57 F5  {.....2....e.8W.

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   32: 00 09 69 70 36 74 61 62 6C 65 73                 ..ip6tables

</pre>

All data is packed into a huge PB-TNC CDATA batch spanning four IKEv2 UDP datagrams:

<pre>

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] creating PB-TNC CDATA batch

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] adding PB-PA message

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] sending PB-TNC CDATA batch (3835 bytes) for Connection ID 1

Feb 10 09:05:25 pin1212a00 charon: 14[TNC] => 3835 bytes @ 0x9b5fe10

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]    0: 02 00 00 01 00 00 0E FB 80 00 00 00 00 00 00 01  ................

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   16: 00 00 0E F3 00 00 55 97 00 00 00 01 00 01 FF FF  ......U.........

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   32: 01 00 00 00 76 75 9C FC 80 00 55 97 00 90 00 00  ....vu....U.....

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   48: 00 00 00 52 00 00 00 00 00 00 00 01 00 3E 08 00  ...R.........>..

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   64: 00 00 00 00 00 00 00 6C 00 00 00 00 4F 2F F3 66  .......l....O/.f

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   80: 00 00 00 00 4F 2F F3 66 00 00 00 00 4F 33 BD 1C  ....O/.f....O3..

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]   96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  112: 74 6E 63 5F 63 6F 6E 66 69 67 80 00 55 97 00 D0  tnc_config..U...

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  128: 00 00 00 00 00 38 00 00 00 00 00 00 00 01 00 01  .....8..........

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  144: 00 14 40 9B B1 A9 7E 26 EA 11 44 CD D6 80 1B 81  ..@...~&..D.....

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  160: 59 F1 7F 37 6B 8F 00 0A 6C 69 62 64 6C 2E 73 6F  Y..7k...libdl.so

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  176: 2E 32 80 00 55 97 00 D0 00 00 00 00 00 36 00 00  .2..U........6..

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  192: 00 00 00 00 00 01 00 02 00 14 FF 6D EC A0 EE B7  ...........m....

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  208: A2 57 20 5C 5F 0A B5 F5 D8 21 EA 18 40 98 00 08  .W \_....!..@...

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  224: 69 70 74 61 62 6C 65 73 80 00 55 97 00 D0 00 00  iptables..U.....

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  240: 00 00 00 3D 00 00 00 00 00 00 00 01 00 03 00 14  ...=............

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  256: 7A 3C A7 21 58 E6 0B 0C 91 E4 8A 42 08 48 F1 B6  z<.!X......B.H..

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  272: 93 AE A2 6C 00 0F 6C 69 62 78 74 61 62 6C 65 73  ...l..libxtables

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  288: 2E 73 6F 2E 35 80 00 55 97 00 D0 00 00 00 00 0D  .so.5..U........

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  304: 9F 00 00 00 00 00 00 00 5E 00 04 00 14 18 36 41  ........^.....6A

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  320: 80 9A 27 B0 8F FE 59 C1 38 8C DA 6C 41 4B DC E6  ..'...Y.8..lAK..

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  336: D6 00 0C 6C 69 62 78 74 5F 74 6F 73 2E 73 6F 47  ...libxt_tos.soG

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  352: 52 53 2C B9 41 A1 FD 98 11 4C 2F 99 9E B6 16 98  RS,.A....L/.....

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  368: BD DF 35 00 10 6C 69 62 69 70 36 74 5F 65 75 69  ..5..libip6t_eui

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  384: 36 34 2E 73 6F EE 9B C9 37 A8 DB 06 D4 BA A2 14  64.so...7.......

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  400: 7B 47 8E AC AF FE 8C C8 F7 00 0F 6C 69 62 69 70  {G.........libip

Feb 10 09:05:25 pin1212a00 charon: 14[TNC]  416: 74 5F 72 65 61 6C 6D 2E 73 6F 32 D4 43 76 1A AF  t_realm.so2.Cv..

                                         ----------------- truncated batch ------------------

Feb 10 09:05:25 pin1212a00 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/TNC]

Feb 10 09:05:25 pin1212a00 charon: 14[ENC] generating IKE_AUTH request 12 [ EAP/RES/TTLS ]

Feb 10 09:05:25 pin1212a00 charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Feb 10 09:05:25 pin1212a00 charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:25 pin1212a00 charon: 03[ENC] parsed IKE_AUTH response 12 [ EAP/REQ/TTLS ]

Feb 10 09:05:25 pin1212a00 charon: 03[ENC] generating IKE_AUTH request 13 [ EAP/RES/TTLS ]

Feb 10 09:05:25 pin1212a00 charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Feb 10 09:05:25 pin1212a00 charon: 08[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:25 pin1212a00 charon: 08[ENC] parsed IKE_AUTH response 13 [ EAP/REQ/TTLS ]

Feb 10 09:05:25 pin1212a00 charon: 08[ENC] generating IKE_AUTH request 14 [ EAP/RES/TTLS ]

Feb 10 09:05:25 pin1212a00 charon: 08[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

Feb 10 09:05:25 pin1212a00 charon: 09[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:25 pin1212a00 charon: 09[ENC] parsed IKE_AUTH response 14 [ EAP/REQ/TTLS ]

Feb 10 09:05:25 pin1212a00 charon: 09[ENC] generating IKE_AUTH request 15 [ EAP/RES/TTLS ]

Feb 10 09:05:25 pin1212a00 charon: 09[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]

</pre>

h3. Functional Component Evidence

The final PB-TNC SDATA batch arrives from the TNC server:

<pre>

Feb 10 09:05:25 pin1212a00 charon: 11[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]

Feb 10 09:05:25 pin1212a00 charon: 11[ENC] parsed IKE_AUTH response 15 [ EAP/REQ/TTLS ]

Feb 10 09:05:25 pin1212a00 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] received TNCCS batch (92 bytes) for Connection ID 1

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] => 92 bytes @ 0x9b5c89a

Feb 10 09:05:25 pin1212a00 charon: 11[TNC]    0: 02 80 00 02 00 00 00 5C 80 00 00 00 00 00 00 01  .......\........

Feb 10 09:05:25 pin1212a00 charon: 11[TNC]   16: 00 00 00 54 00 00 55 97 00 00 00 01 FF FF 00 01  ...T..U.........

Feb 10 09:05:25 pin1212a00 charon: 11[TNC]   32: 01 00 00 00 B6 99 BC 94 80 00 55 97 00 10 00 00  ..........U.....

Feb 10 09:05:25 pin1212a00 charon: 11[TNC]   48: 00 00 00 24 10 00 00 00 00 90 2A 21 00 00 00 03  ...$......*!....

Feb 10 09:05:25 pin1212a00 charon: 11[TNC]   64: 10 00 00 00 00 90 2A 21 00 00 00 02 80 00 55 97  ......*!......U.

Feb 10 09:05:25 pin1212a00 charon: 11[TNC]   80: 00 20 00 00 00 00 00 10 00 00 00 00              . ..........

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] processing PB-TNC SDATA batch

</pre>

Again the PTS-IMC is subscribed to this PB-PA message type:

<pre>

Per subscription the PTS-IMC receives this PB-PA message type:

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] processing PB-PA message (84 bytes)

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001

</pre>

The PA-TNC message contains a 'Request Functional Component Evidence' and a final 'Generate Attestation Evidence' attribute from the TCG namespace:<pre>

Feb 10 09:05:25 pin1212a00 charon: 11[IMC] IMC 1 "Attestation" received message for Connection ID 1 from IMV 1

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] processing PA-TNC message with ID 0xb699bc94

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] => 24 bytes @ 0x9b5abec

Feb 10 09:05:25 pin1212a00 charon: 11[TNC]    0: 10 00 00 00 00 90 2A 21 00 00 00 03 10 00 00 00  ......*!........

Feb 10 09:05:25 pin1212a00 charon: 11[TNC]   16: 00 90 2A 21 00 00 00 02                          ..*!....

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000

Feb 10 09:05:25 pin1212a00 charon: 11[TNC] => 4 bytes @ 0x9b5ac10

Feb 10 09:05:25 pin1212a00 charon: 11[TNC]    0: 00 00 00 00                                      ....

</pre>

The first of the ordered evidence request is for the "Linux IMA":http://linux-ima.sourceforge.net/ functional component defined in the ITA-HSR namespace which verifies the 27 measurements extended into PCRs 0..11 during the pre-boot process.

<pre>

Feb 10 09:05:25 pin1212a00 charon: 11[IMC] evidence requested for 2 functional components

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] loaded bios measurements '/sys/kernel/security/tpm0/binary_bios_measurements' (27 entries)

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  0 extended with: c4:2f:ed:ad:26:82:00:cb:1d:15:f9:78:41:c3:44:e7:9d:ae:33:20

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  0 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  0 after value  : 98:72:96:4b:9b:40:cd:d0:36:3f:cd:6a:f8:c2:67:c9:cb:34:20:0b

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  0 extended with: e4:73:a3:20:09:19:84:8c:04:f5:cb:4b:32:d3:9a:55:7e:8f:87:09

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  0 before value : 98:72:96:4b:9b:40:cd:d0:36:3f:cd:6a:f8:c2:67:c9:cb:34:20:0b

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  0 after value  : 26:14:c8:bd:2d:1b:59:c7:6a:58:51:ac:a4:39:14:7b:ee:5b:f7:7d

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  1 extended with: 5f:62:1b:65:d8:dc:5c:10:05:e9:ef:e2:71:42:c3:01:4a:c1:74:20

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  1 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  1 after value  : ba:15:bb:86:8e:1f:18:a7:ee:2a:3c:57:02:81:0e:bc:c3:09:a2:46

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 extended with: c4:44:e3:23:0e:0b:f1:f5:21:b1:b2:b3:56:fe:3e:a0:05:38:7f:f7

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 after value  : 5d:42:68:fb:80:bf:1e:31:8d:67:b4:d0:8d:49:a1:3c:6f:3a:fe:93

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 extended with: 13:87:18:5a:92:ca:4f:ba:8a:31:fb:b7:a4:6a:c4:57:76:0a:19:35

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 before value : 5d:42:68:fb:80:bf:1e:31:8d:67:b4:d0:8d:49:a1:3c:6f:3a:fe:93

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 after value  : 7f:d4:dd:1b:15:3f:d1:e9:28:b1:19:f3:7c:b3:7a:0c:f5:02:f4:34

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 extended with: 86:ac:7f:d5:c5:12:8c:3e:d6:bb:16:38:7e:53:08:ae:b5:26:18:4e

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 before value : 7f:d4:dd:1b:15:3f:d1:e9:28:b1:19:f3:7c:b3:7a:0c:f5:02:f4:34

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 after value  : 57:23:71:2b:e6:b6:50:ff:5a:0c:2a:44:ab:03:5c:58:5a:8f:bc:57

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 extended with: 26:d0:e4:c7:cf:a9:20:e2:ce:26:7d:ba:86:c9:70:6e:d9:a8:6c:8d

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 before value : 57:23:71:2b:e6:b6:50:ff:5a:0c:2a:44:ab:03:5c:58:5a:8f:bc:57

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 after value  : 7b:ad:15:ce:ed:57:ad:26:98:19:d0:72:0a:5b:89:e9:5f:3a:1e:29

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  6 extended with: 05:d4:2f:27:12:07:af:f9:7d:e1:f3:12:77:4d:ac:da:95:74:74:7a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  6 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  6 after value  : b0:5b:cd:50:47:bf:36:0c:2d:bb:a2:7a:5d:a5:ee:66:17:72:a2:0c

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  1 extended with: c1:8b:03:f7:c7:b5:d6:8b:82:56:61:21:72:e8:60:df:34:cb:4d:6d

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  1 before value : ba:15:bb:86:8e:1f:18:a7:ee:2a:3c:57:02:81:0e:bc:c3:09:a2:46

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  1 after value  : 88:31:7b:60:dd:25:58:40:d5:36:3b:b3:98:41:18:95:c6:45:90:2a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  5 extended with: cd:0f:db:45:31:a6:ec:41:be:27:53:ba:04:26:37:d6:e5:f7:f2:56

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  5 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  5 after value  : ee:01:a0:35:29:a6:b3:8b:5d:ed:18:ab:6a:e8:d7:71:aa:ac:19:25

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  0 extended with: d9:be:65:24:a5:f5:04:7d:b5:86:68:13:ac:f3:27:78:92:a7:a3:0a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  0 before value : 26:14:c8:bd:2d:1b:59:c7:6a:58:51:ac:a4:39:14:7b:ee:5b:f7:7d

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  0 after value  : 61:d7:c2:06:bd:93:7c:91:82:0f:76:18:c6:17:97:c2:1c:cd:13:13

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  1 extended with: d9:be:65:24:a5:f5:04:7d:b5:86:68:13:ac:f3:27:78:92:a7:a3:0a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  1 before value : 88:31:7b:60:dd:25:58:40:d5:36:3b:b3:98:41:18:95:c6:45:90:2a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  1 after value  : 50:0b:2f:05:3d:65:11:23:d4:bd:42:91:a6:9b:99:f3:19:c5:79:c9

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 extended with: d9:be:65:24:a5:f5:04:7d:b5:86:68:13:ac:f3:27:78:92:a7:a3:0a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 before value : 7b:ad:15:ce:ed:57:ad:26:98:19:d0:72:0a:5b:89:e9:5f:3a:1e:29

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  2 after value  : de:eb:6e:c1:78:fc:05:ad:c9:a7:fa:d8:ca:63:3a:34:a4:7e:04:da

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  3 extended with: d9:be:65:24:a5:f5:04:7d:b5:86:68:13:ac:f3:27:78:92:a7:a3:0a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  3 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  3 after value  : 3a:3f:78:0f:11:a4:b4:99:69:fc:aa:80:cd:6e:39:57:c3:3b:22:75

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 extended with: d9:be:65:24:a5:f5:04:7d:b5:86:68:13:ac:f3:27:78:92:a7:a3:0a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 after value  : 3a:3f:78:0f:11:a4:b4:99:69:fc:aa:80:cd:6e:39:57:c3:3b:22:75

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  5 extended with: d9:be:65:24:a5:f5:04:7d:b5:86:68:13:ac:f3:27:78:92:a7:a3:0a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  5 before value : ee:01:a0:35:29:a6:b3:8b:5d:ed:18:ab:6a:e8:d7:71:aa:ac:19:25

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  5 after value  : 60:4f:c6:60:10:07:dd:33:ff:5f:30:ab:6d:33:d0:c3:2c:c6:af:af

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  6 extended with: d9:be:65:24:a5:f5:04:7d:b5:86:68:13:ac:f3:27:78:92:a7:a3:0a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  6 before value : b0:5b:cd:50:47:bf:36:0c:2d:bb:a2:7a:5d:a5:ee:66:17:72:a2:0c

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  6 after value  : 78:cd:77:59:86:6a:77:d0:31:03:c2:03:5b:f7:dc:7e:61:dc:19:2e

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  7 extended with: d9:be:65:24:a5:f5:04:7d:b5:86:68:13:ac:f3:27:78:92:a7:a3:0a

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  7 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  7 after value  : 3a:3f:78:0f:11:a4:b4:99:69:fc:aa:80:cd:6e:39:57:c3:3b:22:75

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 extended with: c1:e2:5c:3f:6b:0d:c7:8d:57:29:6a:a2:87:0c:a6:f7:82:cc:f8:0f

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 before value : 3a:3f:78:0f:11:a4:b4:99:69:fc:aa:80:cd:6e:39:57:c3:3b:22:75

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 after value  : a4:95:bd:4b:42:a1:fa:26:c3:9f:3f:24:94:08:2b:9f:e1:71:07:ab

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 extended with: 38:f3:0a:0a:96:7f:cf:2b:fe:e1:e3:b2:97:1d:e5:40:11:50:48:c8

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 before value : a4:95:bd:4b:42:a1:fa:26:c3:9f:3f:24:94:08:2b:9f:e1:71:07:ab

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 after value  : 54:09:48:d7:c0:27:e8:cc:e2:51:66:68:28:05:52:c3:92:bb:50:8b

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 extended with: 4f:41:2e:ce:7c:55:d6:ae:55:b5:a6:4f:66:01:18:7e:25:b9:af:fc

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 before value : 54:09:48:d7:c0:27:e8:cc:e2:51:66:68:28:05:52:c3:92:bb:50:8b

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 after value  : 9b:66:c2:3e:b2:e3:8b:ae:0d:ad:be:4b:fa:bc:e8:62:9e:33:6e:48

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 extended with: 43:79:a3:d4:30:19:b4:6f:a3:57:f7:dd:6a:53:b4:5a:3c:a8:fb:79

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 before value : 9b:66:c2:3e:b2:e3:8b:ae:0d:ad:be:4b:fa:bc:e8:62:9e:33:6e:48

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  4 after value  : cf:a3:54:3c:7f:39:22:69:bd:c0:d5:bf:29:05:f1:be:8b:b2:dd:7d

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  5 extended with: 88:55:13:eb:0e:f1:a5:0b:09:33:40:0e:4a:10:35:74:97:3b:e8:5c

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  5 before value : 60:4f:c6:60:10:07:dd:33:ff:5f:30:ab:6d:33:d0:c3:2c:c6:af:af

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  5 after value  : cd:eb:78:a0:cc:80:28:ba:b5:78:f2:f8:5f:3a:f9:1f:03:57:78:a4

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  8 extended with: 1a:84:80:3d:29:14:e0:3a:12:c8:33:ff:80:bc:ca:1f:b6:72:90:53

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  8 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  8 after value  : 1d:2f:36:17:44:32:ec:df:99:e8:4d:ae:e2:bc:c7:d3:13:1c:0f:bf

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  9 extended with: ee:d2:09:89:f6:f6:53:9c:d6:57:cf:a8:df:a5:d6:67:23:c4:e2:b4

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  9 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR  9 after value  : 03:c2:d5:f2:25:d1:cc:e2:38:25:ee:4d:42:37:9c:85:b8:55:a5:49

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR 10 extended with: cc:db:51:f8:01:b3:39:cd:5c:b3:6b:54:19:9a:36:b0:98:d2:45:f1

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR 10 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR 10 after value  : c8:34:e9:1e:6c:d2:9d:77:a0:bb:d8:85:e7:70:6a:da:56:00:a6:ee

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Trusted Platform'

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] measurement time: Feb 06 09:55:33 2012

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR 11 extended with: 90:69:ca:78:e7:45:0a:28:51:73:43:1b:3e:52:c5:c2:52:99:e4:73

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR 11 before value : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] PCR 11 after value  : b2:a8:3b:0e:bf:2f:83:74:29:9a:5b:2b:df:c3:1e:a9:55:ad:72:36

</pre>

The second evidence request is for the "Trusted Boot":http://sourceforge.net/projects/tboot/ functional component also defined in the ITA-HSR namespace which verifies the MLE measurements extended into PCRs 17 and 18 by Intel's TXT instruction used by Trusted Boot. This component hasn't been fully implemented yet, so dummy measurements values defined in /etc/strongswan.conf are used. 

<pre>

Feb 10 09:05:25 pin1212a00 charon: 11[PTS] * ITA-HSR functional component 'Trusted Boot' [K.] 'Trusted Platform'