strongSwan

h1. Trusted Platform Module 2.0

{{>toc}}

h2. Connect to a TPM 2.0 device

In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 software stack developed by Intel is needed. Because the official Ubuntu *tpm2-tss* package is rather outdated (e.g. since version 0.98 the TCTI interface to the TPM 2.0 resource manager has changed several times), strongSwan is currently based on a recent version directly drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS. Avoid any TCTI interface incompatibilities by fetching the latest *tpm2-tools* version from https://github.com/01org/tpm2.0-tools as well.

Build and install both the *tpm2-tss* stack and the *tpm2.0-tools*, start the *tpm2-resourcemgr* as a service in the background and try to connect to the TPM 2.0 by listing e.g. the contents of the SHA-1 bank of PCR registers

 tpm2_listpcrs -g 0x0004

<pre>

Bank/Algorithm: TPM_ALG_SHA1(0x0004)

PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_10: a9 45 e7 0f 42 a2 79 f0 78 ca d4 64 60 39 39 da 9d 6a d1 a5

PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

</pre>

A manual showing all *tpm2-tools* functions with their arguments can be found "here":https://github.com/01org/tpm2.0-tools/blob/master/manual.

h2. TPM 2.0 Algorithm IDs

h3. Hash Algorithms

|0x0004 |SHA-1     |

|0x000B |SHA-2_256 |

|0x000C |SHA-2_384 |

|0x000D |SHA-2_512 |

Currently available TPM 2.0 devices like the Infineon *Optiga SLB 9670 VQ2.0* hardware TPM or Intel's *PTT* firmware TPM integrated into the Management Engine starting with the 4th generation (Haswell) of the *Core* processor family, support the *SHA-1* and *SHA-2_256* algorithms.

h3. Public Key Types

|0x0001 |RSA |

|0x0023 |ECC |

Currently RSA keys have a modulus size of 2048 bits and ECC keys are based on the 256 bit NIST curve.

h3. Signature Schemes

|0x0014 |RSASSA |

|0x0016 |RSAPSS |

|0x0018 |ECDSA  |

h2. Derive a Persistent RSA Endorsement Key

The following tpm2-tools command derives a 2048 bit RSA Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010001

 tpm2_getpubek -H 0x81010001 -g 0x0001 -f ek_rsa.pub

The EK public key stored in the ek_rsa.pub file is encoded in a TPM 2.0 proprietary format but the key can be exported from the TPM in the regular PKCS#1 format using the *pki* tool

 pki --pub --keyid 81010001 --outform pem > ek_rsa_pub.pem

The fingerprint of the RSA EK public key can be displayed with the command

 pki --print --type pub --in ek_rsa_pub.pem

  pubkey:    RSA 2048 bits

  keyid:     d1:f1:49:84:36:44:e6:8c:d2:a6:69:ee:fd:b5:7d:56:2f:39:ff:58

  subjkey:   c1:1b:8e:f1:c7:f8:8a:1e:9a:dd:7e:82:2f:7a:a3:f5:c0:e2:4d:7d

h2. Generate a Persistent RSA Attestation Key

A 2048 bit RSA Attestation Key (AK) bound to the EK with handle 0x81010001 can be created and made persistent under the handle 0x81010002 with the following tpm2-tools command

 tpm2_getpubak -E 0x81010001 -g 0x0001 -D 0x000B -s 0x0014 -k 0x81010002 -f ak_rsa2.pub -n ak_rsa2.name

The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool

 pki --pub --keyid 81010002 --outform pem > ak_rsa_pub.pem

The fingerprint of the RSA AK public key can be displayed with the command

 pki --print --type pub --in ak_rsa_pub.pem

  pubkey:    RSA 2048 bits

  keyid:     71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa

  subjkey:   f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66

h2. Derive a Persistent ECC Endorsement Key

The following tpm2-tools command derives a 256 bit ECC Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010003:

 tpm2_getpubek -H 0x81010003 -g 0x0023 -f ek_ecc.pub

The EK public key can be exported in PKCS#1 format from the TPM using the *pki* tool:

  pki --pub --keyid 81010003 > ek_ecc_pub.der

The fingerprint of the ECC EK public key can be displayed with the command

 pki --print --type pub --in ek_ecc_pub.der

  pubkey:    ECDSA 256 bits

  keyid:     7f:39:ca:e6:83:9b:a9:06:97:40:27:6a:e1:bf:8f:f5:9f:d3:a5:31

  subjkey:   8b:43:4d:5e:5e:7b:ff:c2:54:4d:ef:88:cb:0c:7c:47:75:28:4d:09

h2. Generate a Persistent ECC Attestation Key

A 256 bit ECC Attestation Key (AK) bound to the EK with handle 0x81010003 can be created and made persistent under the handle 0x81010004 with the following tpm2-tools command

 tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010004 -f ak_ecc4.pub -n ak_ecc4.name

The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool

 pki --pub --keyid 81010004 > ak_ecc_pub.der

The fingerprint of the RSA AK public key can be displayed with the command

 pki --print --type pub --in ak_ecc_pub.der

  pubkey:    ECDSA 256 bits

  keyid:     71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38

  subjkey:   c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13

h2. Generate Another ECC Attestation Key

Multiple AK keys bound to a common EK key can be generated

 tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010005 -f ak_ecc5.pub -n ak_ecc5.name

The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool

 pki --pub --keyid 81010005 > ak_ecc5_pub.der

The fingerprint of the second ECC AK public key can be displayed with the command

 pki --print --type pub --in ak_ecc5_pub.der

  pubkey:    ECDSA 256 bits

  keyid:     c4:b4:9c:95:27:9e:ce:81:2f:98:42:c8:1b:f0:54:ff:d4:d1:24:34

  subjkey:   cf:44:f4:f7:9d:97:09:ad:b1:09:3a:8e:6f:23:eb:9f:2c:35:94:c9

h2. Remove a Persistent Key Object

Since the non-volatile memory of the TPM is limited any persistent key object can be removed to free storage space.

The following tpm2-tools command removes the ECC AK key with persistent handle 0x81010005

 tpm2_evictcontrol -A o -H 0x81010005 -S 0x81010005

h2. List Persistent Objects

The following tpm2-tools command lists all persistent objects stored by the TPM in non-volatile memory

 tpm2_listpersistent

<pre>

6 persistent objects defined.

0. Persistent handle: 0x81000001

{

        Type: 0x23

        Hash algorithm(nameAlg): 0xb

        Attributes: 0x30072

}

1. Persistent handle: 0x81000002

{

        Type: 0x23

        Hash algorithm(nameAlg): 0xb

        Attributes: 0x60072

}

2. Persistent handle: 0x81010001

{

        Type: 0x1

        Hash algorithm(nameAlg): 0xb

        Attributes: 0x300b2

}

3. Persistent handle: 0x81010002

{

        Type: 0x1

        Hash algorithm(nameAlg): 0xb

        Attributes: 0x50072

}

4. Persistent handle: 0x81010003

{

        Type: 0x23

        Hash algorithm(nameAlg): 0xb

        Attributes: 0x300b2

}

5. Persistent handle: 0x81010004

{

        Type: 0x23

        Hash algorithm(nameAlg): 0xb

        Attributes: 0x50072

}

</pre>

h2. Configure TPM Private Key Access via VICI Interface

Configuration of TPM private key access as tokens in the secrets section of *swanctl.conf*

 secrets {

    token_ak_rsa {

       handle = 81010002

    }

    token_ak_ecc {

       handle = 81010004

    }

}

h2. Define IPsec Connection with RSA AK Client Key

This connection configuration in *swanctl.conf* uses the RSA AK certificate for client authentication

<pre>

connections {

   rsa {

      local_addrs  = 10.10.0.105

      remote_addrs = 10.10.0.104

      local {

         auth = pubkey 

         certs = raspi5_ak_rsa_Cert.der

      }

      remote {

         auth = pubkey 

         id = raspi4.example.com

      }

      children {

         rsa {

            mode = transport

            esp_proposals = aes128-sha256-curve25519

         }

      }

      version = 2

      proposals = aes128-sha256-curve25519

   }

}

</pre>

h2. Define IPsec Connection with ECC AK Client Key

This connection configuration in *swanctl.conf* uses the ECC AK certificate for client authentication

<pre>

connections {

   ecc {

      local_addrs  = 10.10.0.105

      remote_addrs = 10.10.0.104

      local {

         auth = pubkey

         certs = raspi5_ak_ecc_Cert.der

      }

      remote {

         auth = pubkey

         id = raspi4.example.com

      }

      children {

         ecc {

            mode = transport

            esp_proposals = aes128-sha256-curve25519

         }

      }

      version = 2

      proposals = aes128-sha256-curve25519

   }

}

</pre>

h2. Starting the strongSwan Daemon

<pre>

systemctl start strongswan-swanctl

</pre>

<pre>

Feb 19 09:35:14 raspi5 systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...

</pre>

The RSA AK private key is attached via the TPM 2.0 resource manager

<pre>

Feb 19 09:35:14 raspi5 resourcemgr[531]: Accept socket:  0xa

Feb 19 09:35:14 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client

Feb 19 09:35:14 raspi5 resourcemgr[531]: Accept socket:  0xb

Feb 19 09:35:14 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client

Feb 19 09:35:14 raspi5 charon-systemd[20831]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB

Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 - ECC curves: NIST_P256 BN_P256

Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 via TSS2 available

Feb 19 09:35:15 raspi5 charon-systemd[20831]: AIK signature algorithm is RSASSA with SHA256 hash

</pre>

The ECC AK private key is attached via the TPM 2.0 resource manager

<pre>

Feb 19 09:35:15 raspi5 resourcemgr[531]: Accept socket:  0x6

Feb 19 09:35:15 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client

Feb 19 09:35:15 raspi5 resourcemgr[531]: Accept socket:  0x7

Feb 19 09:35:15 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client

Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB

Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 - ECC curves: NIST_P256 BN_P256

Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 via TSS2 available

Feb 19 09:35:15 raspi5 charon-systemd[20831]: AIK signature algorithm is ECDSA with SHA256 hash

</pre>

The *swanctl* command line tool loads the RSA and ECC AK certificates as well as the demoCA root certificate and connects to the RSA and ECC private keys residing in the TPM

<pre>

Feb 19 09:35:15 raspi5 swanctl[20849]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_rsa_Cert.der'

Feb 19 09:35:15 raspi5 swanctl[20849]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_ecc_Cert.der'

Feb 19 09:35:15 raspi5 swanctl[20849]: loaded certificate from '/etc/swanctl/x509ca/demoCaCert.pem'

Feb 19 09:35:15 raspi5 swanctl[20849]: loaded key token_ak_rsa from token [keyid: f49e857dde4e67f5fb870398673f207cf33f2b66]

Feb 19 09:35:15 raspi5 swanctl[20849]: loaded key token_ak_ecc from token [keyid: c70e63f87f6ff65500e5057f5a3e6b6ce7d2d513]

Feb 19 09:35:15 raspi5 swanctl[20849]: loaded connection 'rsa'

Feb 19 09:35:15 raspi5 swanctl[20849]: loaded connection 'ecc'

Feb 19 09:35:15 raspi5 swanctl[20849]: successfully loaded 2 connections, 0 unloaded

</pre>

<pre>

Feb 19 09:35:15 raspi5 systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.

</pre>

The following *swanctl* command shows the two loaded connections

<pre>

swanctl --list-conns

</pre>

<pre>

rsa: IKEv2, reauthentication every 10800s, no rekeying

  local:  10.10.0.105

  remote: 10.10.0.104

  local public key authentication:

    id: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com

    certs: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com

  remote public key authentication:

    id: raspi4.example.com

  rsa: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets

    local:  dynamic

    remote: dynamic

</pre>

<pre>

ecc: IKEv2, reauthentication every 10800s, no rekeying

  local:  10.10.0.105

  remote: 10.10.0.104

  local public key authentication:

    id: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com

    certs: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com

  remote public key authentication:

    id: raspi4.example.com

  ecc: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets

    local:  dynamic

    remote: dynamic

</pre>

The loaded certificates can also be displayed

<pre>

swanctl --list-certs

</pre>

You can clearly see that the connection between the AK certificates and their matching AK private key has been established (..., has private key)

<pre>

List of X.509 End Entity Certificates

  subject:  "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"

  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"

  validity:  not before Feb 19 09:33:43 2017, ok

             not after  Aug 29 10:33:43 2026, ok (expires in 3477 days)

  serial:    11:57:33:3e:2a:8e:8a:32

  altNames:  raspi5.example.com

  authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2

  subjkeyId: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66

  pubkey:    RSA 2048 bits, has private key

  keyid:     71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa

  subjkey:   f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66

  subject:  "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"

  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"

  validity:  not before Feb 17 23:17:19 2017, ok

             not after  Aug 30 00:17:19 2026, ok (expires in 3478 days)

  serial:    52:9d:3e:42:6f:71:63:3d

  altNames:  raspi5.example.com

  authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2

  subjkeyId: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13

  pubkey:    ECDSA 256 bits, has private key

  keyid:     71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38

  subjkey:   c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13

</pre>

<pre>

List of X.509 CA Certificates

  subject:  "C=US, O=TNC Demo, CN=TNC Demo CA"

  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"

  validity:  not before Aug 31 10:29:27 2016, ok

             not after  Aug 31 10:29:27 2026, ok (expires in 3479 days)

  serial:    02:c8:85:e1:ef:fa:8f:20

  flags:     CA CRLSign self-signed 

  subjkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2

  pubkey:    ECDSA 256 bits

  keyid:     a1:b5:e0:29:d0:4c:a7:62:bd:ca:a3:b4:af:18:42:2c:4a:01:55:9a

  subjkey:   21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2

</pre>

h2. IKEv2 Authentication with RSA AK Certificate

<pre>

swanctl --initiate --child rsa

</pre>

<pre>

Feb 19 10:52:21 raspi5 charon-systemd[21165]: initiating IKE_SA rsa[1] to 10.10.0.104

Feb 19 10:52:21 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]

Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes)

Feb 19 10:52:21 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes)

Feb 19 10:52:21 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ]

Feb 19 10:52:21 raspi5 charon-systemd[21165]: received strongSwan vendor ID

Feb 19 10:52:21 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"

Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"

</pre>

<pre>

Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful

Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"

</pre>

<pre>

Feb 19 10:52:24 raspi5 charon-systemd[21165]: establishing CHILD_SA rsa

Feb 19 10:52:24 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]

Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (1296 bytes)

Feb 19 10:52:24 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)

Feb 19 10:52:24 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]

Feb 19 10:52:24 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"

Feb 19 10:52:24 raspi5 charon-systemd[21165]:   using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"

Feb 19 10:52:24 raspi5 charon-systemd[21165]:   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"

Feb 19 10:52:24 raspi5 charon-systemd[21165]:   reached self-signed root ca with a path length of 0

Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful

Feb 19 10:52:24 raspi5 charon-systemd[21165]: IKE_SA rsa[1] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]

Feb 19 10:52:24 raspi5 charon-systemd[21165]: scheduling reauthentication in 10507s

Feb 19 10:52:24 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11587s

Feb 19 10:52:24 raspi5 charon-systemd[21165]: CHILD_SA rsa{1} established with SPIs c23deb9d_i ce48d08e_o and TS 10.10.0.105/32 === 10.10.0.104/32

Feb 19 10:52:24 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 10103s, scheduling reauthentication in 9023s

Feb 19 10:52:24 raspi5 charon-systemd[21165]: peer supports MOBIKE

</pre>

<pre>

 swanctl --list-sas

</pre>

<pre>

rsa: #1, ESTABLISHED, IKEv2, 7ba3b4d06c051ecb_i* 14e1769a8aeb7f28_r

  local  'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' @ 10.10.0.105[4500]

  remote 'raspi4.example.com' @ 10.10.0.104[4500]

  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519

  established 252s ago, reauth in 8771s

  rsa: #1, reqid 1, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128

    installed 252s ago, rekeying in 3258s, expires in 3708s

    in  c23deb9d,    640 bytes,    10 packets,     3s ago

    out ce48d08e,    640 bytes,    10 packets,     3s ago

    local  10.10.0.105/32

    remote 10.10.0.104/32

</pre>

h2. IKEv2 Authentication with ECC AK Certificate

<pre>

swanctl --initiate --child ecc

</pre>