Project

General

Profile

Trusted Platform Module 2.0 » History » Version 40

Version 39 (Andreas Steffen, 19.02.2017 16:31) → Version 40/87 (Andreas Steffen, 19.02.2017 16:42)

h1. Trusted Platform Module 2.0

{{>toc}}

h2. Connect to a TPM 2.0 device

In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 software stack developed by Intel is needed. Because the official Ubuntu *tpm2-tss* package is rather outdated (e.g. since version 0.98 the TCTI interface to the TPM 2.0 resource manager has changed several times), strongSwan is currently based on a recent version directly drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS. Avoid any TCTI interface incompatibilities by fetching the latest *tpm2-tools* version from https://github.com/01org/tpm2.0-tools as well.

Build and install both the *tpm2-tss* stack and the *tpm2.0-tools*, start the *tpm2-resourcemgr* as a service in the background and try to connect to the TPM 2.0 by listing e.g. the contents of the SHA-1 bank of PCR registers


tpm2_listpcrs -g 0x0004

<pre>
Bank/Algorithm: TPM_ALG_SHA1(0x0004)
PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_10: a9 45 e7 0f 42 a2 79 f0 78 ca d4 64 60 39 39 da 9d 6a d1 a5
PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
</pre>

A manual showing all *tpm2-tools* functions with their arguments can be found "here":https://github.com/01org/tpm2.0-tools/blob/master/manual.

h2. TPM 2.0 Algorithm IDs

h3. Hash Algorithms

|0x0004 |SHA-1 |
|0x000B |SHA-2_256 |
|0x000C |SHA-2_384 |
|0x000D |SHA-2_512 |

Currently available TPM 2.0 devices like the Infineon *Optiga SLB 9670 VQ2.0* hardware TPM or Intel's *PTT* firmware TPM integrated into the Management Engine starting with the 4th generation (Haswell) of the *Core* processor family, support the *SHA-1* and *SHA-2_256* algorithms.

h3. Public Key Types

|0x0001 |RSA |
|0x0023 |ECC |

Currently RSA keys have a modulus size of 2048 bits and ECC keys are based on the 256 bit NIST curve.

h3. Signature Schemes

|0x0014 |RSASSA |
|0x0016 |RSAPSS |
|0x0018 |ECDSA |

h2. Derive a Persistent RSA Endorsement Key

The following tpm2-tools command derives a 2048 bit RSA Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010001

tpm2_getpubek -H 0x81010001 -g 0x0001 -f ek_rsa.pub

The EK public key stored in the ek_rsa.pub file is encoded in a TPM 2.0 proprietary format but the key can be exported from the TPM in the regular PKCS#1 format using the *pki* tool

pki --pub --keyid 81010001 --outform pem > ek_rsa_pub.pem

The fingerprint of the RSA EK public key can be displayed with the command

pki --print --type pub --in ek_rsa_pub.pem
pubkey: RSA 2048 bits
keyid: d1:f1:49:84:36:44:e6:8c:d2:a6:69:ee:fd:b5:7d:56:2f:39:ff:58
subjkey: c1:1b:8e:f1:c7:f8:8a:1e:9a:dd:7e:82:2f:7a:a3:f5:c0:e2:4d:7d

h2. Generate a Persistent RSA Attestation Key

A 2048 bit RSA Attestation Key (AK) bound to the EK with handle 0x81010001 can be created and made persistent under the handle 0x81010002 with the following tpm2-tools command

tpm2_getpubak -E 0x81010001 -g 0x0001 -D 0x000B -s 0x0014 -k 0x81010002 -f ak_rsa2.pub -n ak_rsa2.name

The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool

pki --pub --keyid 81010002 --outform pem > ak_rsa_pub.pem

The fingerprint of the RSA AK public key can be displayed with the command

pki --print --type pub --in ak_rsa_pub.pem
pubkey: RSA 2048 bits
keyid: 71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
subjkey: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66

h2. Derive a Persistent ECC Endorsement Key

The following tpm2-tools command derives a 256 bit ECC Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010003:

tpm2_getpubek -H 0x81010003 -g 0x0023 -f ek_ecc.pub

The EK public key can be exported in PKCS#1 format from the TPM using the *pki* tool:

pki --pub --keyid 81010003 > ek_ecc_pub.der

The fingerprint of the ECC EK public key can be displayed with the command

pki --print --type pub --in ek_ecc_pub.der
pubkey: ECDSA 256 bits
keyid: 7f:39:ca:e6:83:9b:a9:06:97:40:27:6a:e1:bf:8f:f5:9f:d3:a5:31
subjkey: 8b:43:4d:5e:5e:7b:ff:c2:54:4d:ef:88:cb:0c:7c:47:75:28:4d:09

h2. Generate a Persistent ECC Attestation Key

A 256 bit ECC Attestation Key (AK) bound to the EK with handle 0x81010003 can be created and made persistent under the handle 0x81010004 with the following tpm2-tools command

tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010004 -f ak_ecc4.pub -n ak_ecc4.name

The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool

pki --pub --keyid 81010004 > ak_ecc_pub.der

The fingerprint of the RSA AK public key can be displayed with the command

pki --print --type pub --in ak_ecc_pub.der
pubkey: ECDSA 256 bits
keyid: 71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
subjkey: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13

h2. Generate Another ECC Attestation Key

Multiple AK keys bound to a common EK key can be generated

tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010005 -f ak_ecc5.pub -n ak_ecc5.name

The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool

pki --pub --keyid 81010005 > ak_ecc5_pub.der

The fingerprint of the second ECC AK public key can be displayed with the command

pki --print --type pub --in ak_ecc5_pub.der
pubkey: ECDSA 256 bits
keyid: c4:b4:9c:95:27:9e:ce:81:2f:98:42:c8:1b:f0:54:ff:d4:d1:24:34
subjkey: cf:44:f4:f7:9d:97:09:ad:b1:09:3a:8e:6f:23:eb:9f:2c:35:94:c9

h2. Remove a Persistent Key Object

Since the non-volatile memory of the TPM is limited any persistent key object can be removed to free storage space.
The following tpm2-tools command removes the ECC AK key with persistent handle 0x81010005

tpm2_evictcontrol -A o -H 0x81010005 -S 0x81010005

h2. List Persistent Objects

The following tpm2-tools command lists all persistent objects stored by the TPM in non-volatile memory

tpm2_listpersistent

<pre>
6 persistent objects defined.

0. Persistent handle: 0x81000001
{
Type: 0x23
Hash algorithm(nameAlg): 0xb
Attributes: 0x30072
}
1. Persistent handle: 0x81000002
{
Type: 0x23
Hash algorithm(nameAlg): 0xb
Attributes: 0x60072
}
2. Persistent handle: 0x81010001
{
Type: 0x1
Hash algorithm(nameAlg): 0xb
Attributes: 0x300b2
}
3. Persistent handle: 0x81010002
{
Type: 0x1
Hash algorithm(nameAlg): 0xb
Attributes: 0x50072
}
4. Persistent handle: 0x81010003
{
Type: 0x23
Hash algorithm(nameAlg): 0xb
Attributes: 0x300b2
}
5. Persistent handle: 0x81010004
{
Type: 0x23
Hash algorithm(nameAlg): 0xb
Attributes: 0x50072
}
</pre>

h2. Configure TPM Private Key Access via VICI Interface

Configuration of TPM private key access as tokens in the secrets section of *swanctl.conf*

secrets {
token_ak_rsa {
handle = 81010002
}
token_ak_ecc {
handle = 81010004
}
}

h2. Define IPsec Connection with RSA AK Client Key

This connection configuration in *swanctl.conf* uses the RSA AK certificate for client authentication
<pre>
connections {
rsa {
local_addrs = 10.10.0.105
remote_addrs = 10.10.0.104

local {
auth = pubkey
certs = raspi5_ak_rsa_Cert.der
}
remote {
auth = pubkey
id = raspi4.example.com
}
children {
rsa {
mode = transport
esp_proposals = aes128-sha256-curve25519
}
}
version = 2
proposals = aes128-sha256-curve25519
}
}
</pre>

h2. Define IPsec Connection with ECC AK Client Key

This connection configuration in *swanctl.conf* uses the ECC AK certificate for client authentication
<pre>
connections {
ecc {
local_addrs = 10.10.0.105
remote_addrs = 10.10.0.104

local {
auth = pubkey
certs = raspi5_ak_ecc_Cert.der
}
remote {
auth = pubkey
id = raspi4.example.com
}
children {
ecc {
mode = transport
esp_proposals = aes128-sha256-curve25519
}
}
version = 2
proposals = aes128-sha256-curve25519
}
}
</pre>

h2. Starting the strongSwan Daemon

<pre>
systemctl start strongswan-swanctl
</pre>

<pre>
Feb 19 09:35:14 raspi5 systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
</pre>

The RSA AK private key is attached via the TPM 2.0 resource manager
<pre>
Feb 19 09:35:14 raspi5 resourcemgr[531]: Accept socket: 0xc
Feb 19 09:35:14 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client
Feb 19 09:35:14 raspi5 resourcemgr[531]: Accept socket: 0xd
Feb 19 09:35:14 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client
Feb 19 09:35:14 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
Feb 19 09:35:15 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
Feb 19 09:35:15 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available
Feb 19 09:35:15 raspi5 charon-systemd[21165]: AIK signature algorithm is RSASSA with SHA256 hash
</pre>

The ECC AK private key is attached via the TPM 2.0 resource manager
<pre>
Feb 19 09:35:15 raspi5 resourcemgr[531]: Accept socket: 0x6
Feb 19 09:35:15 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client
Feb 19 09:35:15 raspi5 resourcemgr[531]: Accept socket: 0x7
Feb 19 09:35:15 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client
Feb 19 09:35:15 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
Feb 19 09:35:15 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
Feb 19 09:35:15 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available
Feb 19 09:35:15 raspi5 charon-systemd[21165]: AIK signature algorithm is ECDSA with SHA256 hash
</pre>

The *swanctl* command line tool loads the RSA and ECC AK certificates as well as the demoCA root certificate and connects to the RSA and ECC private keys residing in the TPM
<pre>
Feb 19 09:35:15 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_rsa_Cert.der'
Feb 19 09:35:15 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_ecc_Cert.der'
Feb 19 09:35:15 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509ca/demoCaCert.pem'
Feb 19 09:35:15 raspi5 swanctl[21183]: loaded key token_ak_rsa from token [keyid: f49e857dde4e67f5fb870398673f207cf33f2b66]
Feb 19 09:35:15 raspi5 swanctl[21183]: loaded key token_ak_ecc from token [keyid: c70e63f87f6ff65500e5057f5a3e6b6ce7d2d513]
Feb 19 09:35:15 raspi5 swanctl[21183]: loaded connection 'rsa'
Feb 19 09:35:15 raspi5 swanctl[21183]: loaded connection 'ecc'
Feb 19 09:35:15 raspi5 swanctl[21183]: successfully loaded 2 connections, 0 unloaded
</pre>

<pre>
Feb 19 09:35:15 raspi5 systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
</pre>

The following *swanctl* command shows the two loaded connections
<pre>
swanctl --list-conns
</pre>

<pre>
rsa: IKEv2, reauthentication every 10800s, no rekeying
local: 10.10.0.105
remote: 10.10.0.104
local public key authentication:
id: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
certs: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
remote public key authentication:
id: raspi4.example.com
rsa: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
local: dynamic
remote: dynamic
</pre>

<pre>
ecc: IKEv2, reauthentication every 10800s, no rekeying
local: 10.10.0.105
remote: 10.10.0.104
local public key authentication:
id: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
certs: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
remote public key authentication:
id: raspi4.example.com
ecc: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
local: dynamic
remote: dynamic
</pre>

The loaded certificates can also be displayed
<pre>
swanctl --list-certs
</pre>

You can clearly see that the connection between the AK certificates and their matching AK private key has been established (..., has private key)
<pre>
List of X.509 End Entity Certificates

subject: "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
issuer: "C=US, O=TNC Demo, CN=TNC Demo CA"
validity: not before Feb 19 09:33:43 2017, ok
not after Aug 29 10:33:43 2026, ok (expires in 3477 days)
serial: 11:57:33:3e:2a:8e:8a:32
altNames: raspi5.example.com
authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
subjkeyId: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
pubkey: RSA 2048 bits, has private key
keyid: 71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
subjkey: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66

subject: "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
issuer: "C=US, O=TNC Demo, CN=TNC Demo CA"
validity: not before Feb 17 23:17:19 2017, ok
not after Aug 30 00:17:19 2026, ok (expires in 3478 days)
serial: 52:9d:3e:42:6f:71:63:3d
altNames: raspi5.example.com
authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
subjkeyId: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
pubkey: ECDSA 256 bits, has private key
keyid: 71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
subjkey: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
</pre>

<pre>
List of X.509 CA Certificates

subject: "C=US, O=TNC Demo, CN=TNC Demo CA"
issuer: "C=US, O=TNC Demo, CN=TNC Demo CA"
validity: not before Aug 31 10:29:27 2016, ok
not after Aug 31 10:29:27 2026, ok (expires in 3479 days)
serial: 02:c8:85:e1:ef:fa:8f:20
flags: CA CRLSign self-signed
subjkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
pubkey: ECDSA 256 bits
keyid: a1:b5:e0:29:d0:4c:a7:62:bd:ca:a3:b4:af:18:42:2c:4a:01:55:9a
subjkey: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
</pre>

h2. IKEv2 Authentication with RSA AK Certificate

With the following *swanctl* command the "rsa" connection is established
<pre>
swanctl --initiate --child rsa
</pre>

<pre>
Feb 19 10:52:21 raspi5 charon-systemd[21165]: initiating IKE_SA rsa[1] to 10.10.0.104
Feb 19 10:52:21 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]
Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes)
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes)
Feb 19 10:52:21 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ]
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received strongSwan vendor ID
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
</pre>

The RSA AK private key stored in the TPM 2.0 is used to generate an *RSA_EMSA_PKCS1_SHA2_256* signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.

<pre>
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
</pre>
<pre>
Feb 19 10:52:24 raspi5 charon-systemd[21165]: establishing CHILD_SA rsa
Feb 19 10:52:24 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (1296 bytes)
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
Feb 19 10:52:24 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
Feb 19 10:52:24 raspi5 charon-systemd[21165]: using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
Feb 19 10:52:24 raspi5 charon-systemd[21165]: using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
Feb 19 10:52:24 raspi5 charon-systemd[21165]: reached self-signed root ca with a path length of 0
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
Feb 19 10:52:24 raspi5 charon-systemd[21165]: IKE_SA rsa[1] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
Feb 19 10:52:24 raspi5 charon-systemd[21165]: scheduling reauthentication in 10507s
Feb 19 10:52:24 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11587s
Feb 19 10:52:24 raspi5 charon-systemd[21165]: CHILD_SA rsa{1} established with SPIs c23deb9d_i ce48d08e_o and TS 10.10.0.105/32 === 10.10.0.104/32
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 10103s, scheduling reauthentication in 9023s
Feb 19 10:52:24 raspi5 charon-systemd[21165]: peer supports MOBIKE
</pre>

The following *swanctl* command shows the established IPsec connection
<pre>
swanctl --list-sas
</pre>
<pre>
rsa: #1, ESTABLISHED, IKEv2, 7ba3b4d06c051ecb_i* 14e1769a8aeb7f28_r
local 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' @ 10.10.0.105[4500]
remote 'raspi4.example.com' @ 10.10.0.104[4500]
AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
established 252s ago, reauth in 8771s
rsa: #1, reqid 1, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
installed 252s ago, rekeying in 3258s, expires in 3708s
in c23deb9d, 640 bytes, 10 packets, 3s ago
out ce48d08e, 640 bytes, 10 packets, 3s ago
local 10.10.0.105/32
remote 10.10.0.104/32
</pre>

With this *swanctl* command the "rsa" connection is terminated
<pre>
swanctl --terminate --ike rsa
</pre>

<pre>
Feb 19 10:59:16 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'rsa'
Feb 19 10:59:16 raspi5 charon-systemd[21165]: deleting IKE_SA rsa[1] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA rsa[1]
Feb 19 10:59:16 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ]
Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes)
Feb 19 10:59:16 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes)
Feb 19 10:59:16 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ]
Feb 19 10:59:16 raspi5 charon-systemd[21165]: IKE_SA deleted
</pre>

h2. IKEv2 Authentication with ECC AK Certificate

Next we initiate the "ecc" connection
<pre>
swanctl --initiate --child ecc
</pre>

<pre>
Feb 19 11:00:32 raspi5 charon-systemd[21165]: initiating IKE_SA ecc[2] to 10.10.0.104
Feb 19 11:00:32 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]
Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes)
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes)
Feb 19 11:00:32 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ]
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received strongSwan vendor ID
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
</pre>

The ECC AK private key stored in the TPM 2.0 is used to generate an *ECDSA_WITH_SHA256_DER* signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.

<pre>
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' (myself) with ECDSA_WITH_SHA256_DER successful
Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
</pre>
<pre>
Feb 19 11:00:34 raspi5 charon-systemd[21165]: establishing CHILD_SA ecc
Feb 19 11:00:34 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (912 bytes)
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
Feb 19 11:00:34 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
Feb 19 11:00:34 raspi5 charon-systemd[21165]: using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
Feb 19 11:00:34 raspi5 charon-systemd[21165]: using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
Feb 19 11:00:34 raspi5 charon-systemd[21165]: reached self-signed root ca with a path length of 0
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
Feb 19 11:00:34 raspi5 charon-systemd[21165]: IKE_SA ecc[2] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
Feb 19 11:00:34 raspi5 charon-systemd[21165]: scheduling reauthentication in 10180s
Feb 19 11:00:34 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11260s
Feb 19 11:00:34 raspi5 charon-systemd[21165]: CHILD_SA ecc{2} established with SPIs c2c16cd0_i c47ea6f6_o and TS 10.10.0.105/32 === 10.10.0.104/32
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 9880s, scheduling reauthentication in 8800s
Feb 19 11:00:34 raspi5 charon-systemd[21165]: peer supports MOBIKE
</pre>

The establed IKE and CHILD SAs are displayed
<pre>
swanctl --list-sas
</pre>
<pre>
ecc: #2, ESTABLISHED, IKEv2, b7f2652777b0996a_i* 12282b5964ff0658_r
local 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' @ 10.10.0.105[4500]
remote 'raspi4.example.com' @ 10.10.0.104[4500]
AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
established 126s ago, reauth in 8674s
ecc: #2, reqid 2, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
installed 126s ago, rekeying in 3252s, expires in 3834s
in c2c16cd0, 320 bytes, 5 packets, 2s ago
out c47ea6f6, 320 bytes, 5 packets, 2s ago
local 10.10.0.105/32
remote 10.10.0.104/32
</pre>

The IKE and CHILD SAs are terminated
<pre>
swanctl --terminate --ike ecc
</pre>

<pre>
Feb 19 11:04:32 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'ecc'
Feb 19 11:04:32 raspi5 charon-systemd[21165]: deleting IKE_SA ecc[2] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA ecc[2]
Feb 19 11:04:32 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ]
Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes)
Feb 19 11:04:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes)
Feb 19 11:04:32 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ]
Feb 19 11:04:32 raspi5 charon-systemd[21165]: IKE_SA deleted
</pre>

h2. Stopping the strongSwan Daemon

Stop the *strongswan-swanctl* systemd service
<pre>
systemctl stop strongswan-swanctl
</pre>

The strongSwan daemon is stopped
<pre>
Feb 19 11:06:02 raspi5 systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Feb 19 11:06:02 raspi5 charon-systemd[21165]: SIGTERM received, shutting down
Feb 19 11:06:02 raspi5 systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
</pre>

The two TPM sockets attaching the RSA and ECC AK private keys via the TPM 2.0 resource managers are released
<pre>
Feb 19 11:06:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x7.
Feb 19 11:06:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0x6.
Feb 19 11:06:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0xd.
Feb 19 11:06:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0xc.
</pre>