Project

General

Profile

Trusted Platform Module 2.0 » History » Version 61

Andreas Steffen, 06.12.2017 22:18

1 17 Andreas Steffen
h1. Trusted Platform Module 2.0
2 1 Andreas Steffen
3 6 Andreas Steffen
{{>toc}}
4 6 Andreas Steffen
5 51 Andreas Steffen
h2. Connect to a TPM 2.0 Device
6 1 Andreas Steffen
7 51 Andreas Steffen
h3. Install the TSS2 Software Stack and tpm2 Tools
8 51 Andreas Steffen
9 5 Andreas Steffen
In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 software stack developed by Intel is needed. Because the official Ubuntu *tpm2-tss* package is rather outdated (e.g. since version 0.98 the TCTI interface to the TPM 2.0 resource manager has changed several times), strongSwan is currently based on a recent version directly drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS. Avoid any TCTI interface incompatibilities by fetching the latest *tpm2-tools* version from https://github.com/01org/tpm2.0-tools as well.
10 1 Andreas Steffen
11 11 Andreas Steffen
Build and install both the *tpm2-tss* stack and the *tpm2.0-tools*, start the *tpm2-resourcemgr* as a service in the background and try to connect to the TPM 2.0 by listing e.g. the contents of the SHA-1 bank of PCR registers
12 1 Andreas Steffen
13 7 Andreas Steffen
   
14 7 Andreas Steffen
 tpm2_listpcrs -g 0x0004
15 3 Andreas Steffen
16 18 Andreas Steffen
<pre>
17 18 Andreas Steffen
Bank/Algorithm: TPM_ALG_SHA1(0x0004)
18 3 Andreas Steffen
PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
19 3 Andreas Steffen
PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
20 3 Andreas Steffen
PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
21 3 Andreas Steffen
PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
22 3 Andreas Steffen
PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
23 3 Andreas Steffen
PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
24 3 Andreas Steffen
PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
25 3 Andreas Steffen
PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
26 3 Andreas Steffen
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
27 3 Andreas Steffen
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
28 3 Andreas Steffen
PCR_10: a9 45 e7 0f 42 a2 79 f0 78 ca d4 64 60 39 39 da 9d 6a d1 a5
29 3 Andreas Steffen
PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
30 3 Andreas Steffen
PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
31 3 Andreas Steffen
PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
32 3 Andreas Steffen
PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
33 3 Andreas Steffen
PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
34 3 Andreas Steffen
PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
35 3 Andreas Steffen
PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
36 3 Andreas Steffen
PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
37 3 Andreas Steffen
PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
38 3 Andreas Steffen
PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
39 1 Andreas Steffen
PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
40 1 Andreas Steffen
PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
41 1 Andreas Steffen
PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
42 18 Andreas Steffen
</pre>
43 1 Andreas Steffen
44 1 Andreas Steffen
A manual showing all *tpm2-tools* functions with their arguments can be found "here":https://github.com/01org/tpm2.0-tools/blob/master/manual.
45 51 Andreas Steffen
46 51 Andreas Steffen
h3. Enable the strongSwan tpm Plugin
47 51 Andreas Steffen
48 51 Andreas Steffen
The strongSwan libtpmtss *tpm* plugin and the TSS2 interface are enabled and built with the following options
49 51 Andreas Steffen
50 51 Andreas Steffen
  ./configure --enable-tss-tss2 --enable tpm  ...
51 7 Andreas Steffen
52 7 Andreas Steffen
h2. TPM 2.0 Algorithm IDs
53 7 Andreas Steffen
54 8 Andreas Steffen
h3. Hash Algorithms
55 8 Andreas Steffen
56 7 Andreas Steffen
|0x0004 |SHA-1     |
57 7 Andreas Steffen
|0x000B |SHA-2_256 |
58 7 Andreas Steffen
|0x000C |SHA-2_384 |
59 1 Andreas Steffen
|0x000D |SHA-2_512 |
60 7 Andreas Steffen
61 28 Andreas Steffen
Currently available TPM 2.0 devices like the Infineon *Optiga SLB 9670 VQ2.0* hardware TPM or Intel's *PTT* firmware TPM integrated into the Management Engine starting with the 4th generation (Haswell) of the *Core* processor family, support the *SHA-1* and *SHA-2_256* algorithms.
62 1 Andreas Steffen
63 8 Andreas Steffen
h3. Public Key Types
64 8 Andreas Steffen
65 8 Andreas Steffen
|0x0001 |RSA |
66 8 Andreas Steffen
|0x0023 |ECC |
67 1 Andreas Steffen
68 22 Andreas Steffen
Currently RSA keys have a modulus size of 2048 bits and ECC keys are based on the 256 bit NIST curve.
69 22 Andreas Steffen
70 11 Andreas Steffen
h3. Signature Schemes
71 11 Andreas Steffen
72 11 Andreas Steffen
|0x0014 |RSASSA |
73 11 Andreas Steffen
|0x0016 |RSAPSS |
74 9 Andreas Steffen
|0x0018 |ECDSA  |
75 9 Andreas Steffen
                    
76 20 Andreas Steffen
h2. Derive a Persistent RSA Endorsement Key
77 1 Andreas Steffen
78 25 Andreas Steffen
The following tpm2-tools command derives a 2048 bit RSA Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010001
79 11 Andreas Steffen
80 24 Andreas Steffen
 tpm2_getpubek -H 0x81010001 -g 0x0001 -f ek_rsa.pub
81 9 Andreas Steffen
82 27 Andreas Steffen
The EK public key stored in the ek_rsa.pub file is encoded in a TPM 2.0 proprietary format but the key can be exported from the TPM in the regular PKCS#1 format using the *pki* tool
83 9 Andreas Steffen
84 50 Andreas Steffen
 pki --pub --keyid 0x81010001 --outform pem > ek_rsa_pub.pem
85 9 Andreas Steffen
86 9 Andreas Steffen
The fingerprint of the RSA EK public key can be displayed with the command
87 9 Andreas Steffen
88 9 Andreas Steffen
 pki --print --type pub --in ek_rsa_pub.pem
89 9 Andreas Steffen
  pubkey:    RSA 2048 bits
90 9 Andreas Steffen
  keyid:     d1:f1:49:84:36:44:e6:8c:d2:a6:69:ee:fd:b5:7d:56:2f:39:ff:58
91 1 Andreas Steffen
  subjkey:   c1:1b:8e:f1:c7:f8:8a:1e:9a:dd:7e:82:2f:7a:a3:f5:c0:e2:4d:7d
92 1 Andreas Steffen
93 20 Andreas Steffen
h2. Generate a Persistent RSA Attestation Key
94 11 Andreas Steffen
95 12 Andreas Steffen
A 2048 bit RSA Attestation Key (AK) bound to the EK with handle 0x81010001 can be created and made persistent under the handle 0x81010002 with the following tpm2-tools command
96 1 Andreas Steffen
97 46 Andreas Steffen
 tpm2_getpubak -E 0x81010001 -g 0x0001 -D 0x000B -s 0x0014 -k 0x81010002 -P 123456 -f ak_rsa2.pub -n ak_rsa2.name
98 12 Andreas Steffen
99 46 Andreas Steffen
This AK key is protected by the PIN (-P parameter) *123456*. The AK public key can now be exported in PKCS#1 format from the TPM using the *pki* tool
100 12 Andreas Steffen
101 50 Andreas Steffen
 pki --pub --keyid 0x81010002 --outform pem > ak_rsa_pub.pem
102 12 Andreas Steffen
103 12 Andreas Steffen
The fingerprint of the RSA AK public key can be displayed with the command
104 12 Andreas Steffen
105 12 Andreas Steffen
 pki --print --type pub --in ak_rsa_pub.pem
106 12 Andreas Steffen
  pubkey:    RSA 2048 bits
107 12 Andreas Steffen
  keyid:     71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
108 12 Andreas Steffen
  subjkey:   f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
109 11 Andreas Steffen
110 20 Andreas Steffen
h2. Derive a Persistent ECC Endorsement Key
111 1 Andreas Steffen
112 25 Andreas Steffen
The following tpm2-tools command derives a 256 bit ECC Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010003:
113 1 Andreas Steffen
114 24 Andreas Steffen
 tpm2_getpubek -H 0x81010003 -g 0x0023 -f ek_ecc.pub
115 9 Andreas Steffen
116 11 Andreas Steffen
The EK public key can be exported in PKCS#1 format from the TPM using the *pki* tool:
117 11 Andreas Steffen
118 50 Andreas Steffen
  pki --pub --keyid 0x81010003 > ek_ecc_pub.der
119 9 Andreas Steffen
120 9 Andreas Steffen
The fingerprint of the ECC EK public key can be displayed with the command
121 9 Andreas Steffen
122 10 Andreas Steffen
 pki --print --type pub --in ek_ecc_pub.der
123 9 Andreas Steffen
  pubkey:    ECDSA 256 bits
124 9 Andreas Steffen
  keyid:     7f:39:ca:e6:83:9b:a9:06:97:40:27:6a:e1:bf:8f:f5:9f:d3:a5:31
125 9 Andreas Steffen
  subjkey:   8b:43:4d:5e:5e:7b:ff:c2:54:4d:ef:88:cb:0c:7c:47:75:28:4d:09
126 9 Andreas Steffen
127 20 Andreas Steffen
h2. Generate a Persistent ECC Attestation Key
128 13 Andreas Steffen
129 13 Andreas Steffen
A 256 bit ECC Attestation Key (AK) bound to the EK with handle 0x81010003 can be created and made persistent under the handle 0x81010004 with the following tpm2-tools command
130 13 Andreas Steffen
131 15 Andreas Steffen
 tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010004 -f ak_ecc4.pub -n ak_ecc4.name
132 13 Andreas Steffen
133 13 Andreas Steffen
The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool
134 13 Andreas Steffen
135 50 Andreas Steffen
 pki --pub --keyid 0x81010004 > ak_ecc_pub.der
136 13 Andreas Steffen
137 52 Andreas Steffen
The fingerprint of the ECC AK public key can be displayed with the command
138 13 Andreas Steffen
139 14 Andreas Steffen
 pki --print --type pub --in ak_ecc_pub.der
140 1 Andreas Steffen
  pubkey:    ECDSA 256 bits
141 1 Andreas Steffen
  keyid:     71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
142 1 Andreas Steffen
  subjkey:   c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
143 15 Andreas Steffen
144 20 Andreas Steffen
h2. Generate Another ECC Attestation Key
145 15 Andreas Steffen
146 15 Andreas Steffen
Multiple AK keys bound to a common EK key can be generated
147 15 Andreas Steffen
148 15 Andreas Steffen
 tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010005 -f ak_ecc5.pub -n ak_ecc5.name
149 15 Andreas Steffen
150 15 Andreas Steffen
The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool
151 15 Andreas Steffen
152 50 Andreas Steffen
 pki --pub --keyid 0x81010005 > ak_ecc5_pub.der
153 15 Andreas Steffen
154 15 Andreas Steffen
The fingerprint of the second ECC AK public key can be displayed with the command
155 15 Andreas Steffen
156 15 Andreas Steffen
 pki --print --type pub --in ak_ecc5_pub.der
157 15 Andreas Steffen
  pubkey:    ECDSA 256 bits
158 15 Andreas Steffen
  keyid:     c4:b4:9c:95:27:9e:ce:81:2f:98:42:c8:1b:f0:54:ff:d4:d1:24:34
159 15 Andreas Steffen
  subjkey:   cf:44:f4:f7:9d:97:09:ad:b1:09:3a:8e:6f:23:eb:9f:2c:35:94:c9
160 15 Andreas Steffen
161 19 Andreas Steffen
h2. Remove a Persistent Key Object
162 15 Andreas Steffen
163 15 Andreas Steffen
Since the non-volatile memory of the TPM is limited any persistent key object can be removed to free storage space.
164 15 Andreas Steffen
The following tpm2-tools command removes the ECC AK key with persistent handle 0x81010005
165 15 Andreas Steffen
166 1 Andreas Steffen
 tpm2_evictcontrol -A o -H 0x81010005 -S 0x81010005
167 18 Andreas Steffen
168 18 Andreas Steffen
h2. List Persistent Objects
169 18 Andreas Steffen
170 18 Andreas Steffen
The following tpm2-tools command lists all persistent objects stored by the TPM in non-volatile memory
171 18 Andreas Steffen
172 18 Andreas Steffen
 tpm2_listpersistent
173 18 Andreas Steffen
174 18 Andreas Steffen
<pre>
175 18 Andreas Steffen
6 persistent objects defined.
176 18 Andreas Steffen
177 18 Andreas Steffen
0. Persistent handle: 0x81000001
178 18 Andreas Steffen
{
179 18 Andreas Steffen
        Type: 0x23
180 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
181 18 Andreas Steffen
        Attributes: 0x30072
182 18 Andreas Steffen
}
183 18 Andreas Steffen
1. Persistent handle: 0x81000002
184 18 Andreas Steffen
{
185 18 Andreas Steffen
        Type: 0x23
186 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
187 18 Andreas Steffen
        Attributes: 0x60072
188 18 Andreas Steffen
}
189 18 Andreas Steffen
2. Persistent handle: 0x81010001
190 18 Andreas Steffen
{
191 18 Andreas Steffen
        Type: 0x1
192 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
193 18 Andreas Steffen
        Attributes: 0x300b2
194 18 Andreas Steffen
}
195 18 Andreas Steffen
3. Persistent handle: 0x81010002
196 18 Andreas Steffen
{
197 18 Andreas Steffen
        Type: 0x1
198 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
199 18 Andreas Steffen
        Attributes: 0x50072
200 18 Andreas Steffen
}
201 18 Andreas Steffen
4. Persistent handle: 0x81010003
202 18 Andreas Steffen
{
203 18 Andreas Steffen
        Type: 0x23
204 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
205 18 Andreas Steffen
        Attributes: 0x300b2
206 18 Andreas Steffen
}
207 18 Andreas Steffen
5. Persistent handle: 0x81010004
208 18 Andreas Steffen
{
209 18 Andreas Steffen
        Type: 0x23
210 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
211 18 Andreas Steffen
        Attributes: 0x50072
212 18 Andreas Steffen
}
213 18 Andreas Steffen
</pre>
214 13 Andreas Steffen
215 41 Andreas Steffen
h2. Create a Demo Root CA
216 41 Andreas Steffen
217 41 Andreas Steffen
The following *pki* command creates a 256 bit ECDSA private key for the Demo CA
218 41 Andreas Steffen
<pre>
219 41 Andreas Steffen
pki --gen --type ecdsa --size 256 --outform pem > demoCaKey.pem
220 41 Andreas Steffen
</pre>
221 41 Andreas Steffen
222 41 Andreas Steffen
Next we create a self-signed Root CA certificate
223 41 Andreas Steffen
<pre>
224 41 Andreas Steffen
pki --self --ca --type ecdsa --in demoCaKey.pem --dn="C=US, O=TNC Demo, CN=TNC Demo CA" --lifetime 3652 --outform pem > demoCaCert.pem
225 41 Andreas Steffen
</pre>
226 41 Andreas Steffen
227 42 Andreas Steffen
h2. Issue an RSA AIK Certificate
228 41 Andreas Steffen
229 42 Andreas Steffen
Based on the RSA AK public key exported from the TPM, the following *pki* command generates an Attestation Identity Key (AIK) certificate signed by the Demo CA
230 41 Andreas Steffen
<pre>
231 41 Andreas Steffen
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pub --in ak_rsa_pub.der --dn "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com" --san raspi5.example.com --lifetime 3651 > raspi5_ak_rsa_Cert.der
232 41 Andreas Steffen
</pre>
233 41 Andreas Steffen
234 42 Andreas Steffen
h2. Issue an ECC AIK Certificate
235 41 Andreas Steffen
236 42 Andreas Steffen
Based on the ECC AK public key exported from the TPM, the following *pki* command generates an Attestation Identity Key (AIK) certificate signed by the Demo CA
237 41 Andreas Steffen
<pre>
238 41 Andreas Steffen
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pub --in ak_ecc_pub.der --dn "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com" --san raspi5.example.com --lifetime 3651 > raspi5_ak_ecc_Cert.der
239 41 Andreas Steffen
</pre>
240 47 Andreas Steffen
241 49 Andreas Steffen
Many certification authorities issue certificates based on PKCS#10 certificate requests. This approach is also possible. First a certificate request is generated on the host the TPM resides on
242 47 Andreas Steffen
<pre>
243 50 Andreas Steffen
 pki --req --keyid 0x81010004 --dn "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com" --san raspi5.example.com > ak_ecc_req.der
244 47 Andreas Steffen
</pre>
245 49 Andreas Steffen
When you are prompted for a smartcard PIN just press <enter> since this TPM private key is not protected by a PIN. In a second step the CA issues the AIK certificate based on the PKCS#10 certificate request
246 49 Andreas Steffen
<pre>
247 47 Andreas Steffen
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pkcs10 --in ak_ecc_req.der --lifetime 3651 > raspi5_ak_ecc_Cert.der
248 47 Andreas Steffen
</pre>
249 47 Andreas Steffen
250 54 Andreas Steffen
h2. Store the ECC AIK Certificate in the NV RAM of the TPM
251 54 Andreas Steffen
252 55 Andreas Steffen
A TPM 2.0 has a certain amount of Non Volatile Random Access Memory (NV RAM) that can be used to store arbitrary data, e.g. the X.509 certificates matching the persistent keys. IF both the certificates and keys are persisted in the TPM then the system disk of the host can be reformatted at any time without loosing the machine or user credentials.As with smartcards the needed amount of memory must be reserved first so we check the size of the X.509 ECC certificate
253 54 Andreas Steffen
<pre>
254 54 Andreas Steffen
ls -l raspi5_ak_ecc_Cert.der
255 54 Andreas Steffen
-rw-r--r-- 1 root root 449 Feb 17  2017 /etc/swanctl/x509/raspi5_ak_ecc_Cert.der
256 54 Andreas Steffen
</pre>
257 54 Andreas Steffen
258 54 Andreas Steffen
We then define a memory location with a size of 449 bytes that can be accessed via the handle 0x01800004 which is also called the NV index
259 54 Andreas Steffen
<pre>
260 54 Andreas Steffen
tpm2_nvdefine -x 0x01800004 -a 0x40000001 -s 449 -t 0x2000A
261 54 Andreas Steffen
</pre>
262 54 Andreas Steffen
263 54 Andreas Steffen
Then we write the certificate file to the NV RAM destination
264 54 Andreas Steffen
<pre>
265 54 Andreas Steffen
tpm2_nvwrite -x 0x01800004 -a 0x40000001 -f raspi5_ak_ecc_Cert.der
266 54 Andreas Steffen
</pre>
267 54 Andreas Steffen
268 61 Andreas Steffen
h2. List NV Indexes
269 54 Andreas Steffen
270 57 Andreas Steffen
A list of NV indexes can be obtained with
271 57 Andreas Steffen
272 57 Andreas Steffen
 tpm2_nvlist
273 57 Andreas Steffen
274 55 Andreas Steffen
<pre>
275 54 Andreas Steffen
2 NV indexes defined.
276 54 Andreas Steffen
277 54 Andreas Steffen
  0. NV Index: 0x1500015
278 54 Andreas Steffen
  {
279 54 Andreas Steffen
	Hash algorithm(nameAlg):4
280 54 Andreas Steffen
 	The Index attributes(attributes):0x44040004
281 54 Andreas Steffen
 	The size of the data area(dataSize):4
282 54 Andreas Steffen
   }
283 54 Andreas Steffen
  1. NV Index: 0x1800004
284 54 Andreas Steffen
  {
285 54 Andreas Steffen
	Hash algorithm(nameAlg):11
286 54 Andreas Steffen
 	The Index attributes(attributes):0x2002000a
287 54 Andreas Steffen
 	The size of the data area(dataSize):449
288 54 Andreas Steffen
   }
289 54 Andreas Steffen
</pre>
290 54 Andreas Steffen
291 30 Andreas Steffen
h2. Configure TPM Private Key Access via VICI Interface
292 1 Andreas Steffen
293 23 Andreas Steffen
Configuration of TPM private key access as tokens in the secrets section of *swanctl.conf*
294 1 Andreas Steffen
295 7 Andreas Steffen
 secrets {
296 1 Andreas Steffen
    token_ak_rsa {
297 1 Andreas Steffen
       handle = 81010002
298 46 Andreas Steffen
       pin = 123456
299 1 Andreas Steffen
    }
300 1 Andreas Steffen
    token_ak_ecc {
301 7 Andreas Steffen
       handle = 81010004
302 1 Andreas Steffen
    }
303 1 Andreas Steffen
}
304 46 Andreas Steffen
Since the use of the RSA AK private key is password-protected, the PIN *123456* is added.
305 30 Andreas Steffen
306 30 Andreas Steffen
h2. Define IPsec Connection with RSA AK Client Key
307 30 Andreas Steffen
308 30 Andreas Steffen
This connection configuration in *swanctl.conf* uses the RSA AK certificate for client authentication
309 30 Andreas Steffen
<pre>
310 30 Andreas Steffen
connections {
311 30 Andreas Steffen
   rsa {
312 30 Andreas Steffen
      local_addrs  = 10.10.0.105
313 30 Andreas Steffen
      remote_addrs = 10.10.0.104
314 30 Andreas Steffen
315 30 Andreas Steffen
      local {
316 30 Andreas Steffen
         auth = pubkey 
317 30 Andreas Steffen
         certs = raspi5_ak_rsa_Cert.der
318 30 Andreas Steffen
      }
319 30 Andreas Steffen
      remote {
320 30 Andreas Steffen
         auth = pubkey 
321 30 Andreas Steffen
         id = raspi4.example.com
322 30 Andreas Steffen
      }
323 30 Andreas Steffen
      children {
324 30 Andreas Steffen
         rsa {
325 30 Andreas Steffen
            mode = transport
326 30 Andreas Steffen
            esp_proposals = aes128-sha256-curve25519
327 30 Andreas Steffen
         }
328 30 Andreas Steffen
      }
329 30 Andreas Steffen
      version = 2
330 30 Andreas Steffen
      proposals = aes128-sha256-curve25519
331 30 Andreas Steffen
   }
332 30 Andreas Steffen
}
333 30 Andreas Steffen
</pre>
334 30 Andreas Steffen
335 30 Andreas Steffen
h2. Define IPsec Connection with ECC AK Client Key
336 30 Andreas Steffen
337 58 Andreas Steffen
This connection configuration in *swanctl.conf* references the ECC AK certificate used for client authentication via its handle, i.e. the NV index
338 30 Andreas Steffen
<pre>
339 30 Andreas Steffen
connections {
340 30 Andreas Steffen
   ecc {
341 30 Andreas Steffen
      local_addrs  = 10.10.0.105
342 30 Andreas Steffen
      remote_addrs = 10.10.0.104
343 30 Andreas Steffen
344 30 Andreas Steffen
      local {
345 1 Andreas Steffen
         auth = pubkey
346 58 Andreas Steffen
         cert-tpm {
347 58 Andreas Steffen
            handle = 0x01800004
348 58 Andreas Steffen
         }
349 30 Andreas Steffen
      }
350 30 Andreas Steffen
      remote {
351 30 Andreas Steffen
         auth = pubkey
352 30 Andreas Steffen
         id = raspi4.example.com
353 30 Andreas Steffen
      }
354 30 Andreas Steffen
      children {
355 30 Andreas Steffen
         ecc {
356 30 Andreas Steffen
            mode = transport
357 30 Andreas Steffen
            esp_proposals = aes128-sha256-curve25519
358 30 Andreas Steffen
         }
359 30 Andreas Steffen
      }
360 30 Andreas Steffen
      version = 2
361 30 Andreas Steffen
      proposals = aes128-sha256-curve25519
362 30 Andreas Steffen
   }
363 30 Andreas Steffen
}
364 30 Andreas Steffen
</pre>
365 29 Andreas Steffen
366 29 Andreas Steffen
h2. Starting the strongSwan Daemon
367 29 Andreas Steffen
368 29 Andreas Steffen
<pre>
369 29 Andreas Steffen
systemctl start strongswan-swanctl
370 29 Andreas Steffen
</pre>
371 29 Andreas Steffen
372 29 Andreas Steffen
<pre>
373 44 Andreas Steffen
Feb 19 10:52:01 raspi5 systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
374 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded plugins: charon-systemd charon-systemd random nonce x509 constraints openssl pem pkcs1 pkcs8 pkcs12 pubkey mgf1 ntru curve25519 eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 socket-default kernel-netlink vici tpm
375 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: spawning 16 worker threads
376 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded certificate 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com'
377 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded certificate 'C=US, O=TNC Demo, CN=TNC Demo CA'
378 1 Andreas Steffen
</pre>
379 1 Andreas Steffen
380 59 Andreas Steffen
The RSA AK private key is attached to the *charon-systemd* daemon via the TPM 2.0 resource manager
381 1 Andreas Steffen
<pre>
382 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket:  0xc
383 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client
384 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket:  0xd
385 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client
386 53 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015
387 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
388 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
389 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available
390 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: AIK signature algorithm is RSASSA with SHA256 hash
391 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded RSA private key from token
392 1 Andreas Steffen
F</pre>
393 1 Andreas Steffen
394 59 Andreas Steffen
The ECC AK private key is attached to the *charon-systemd* daemon via the TPM 2.0 resource manager
395 29 Andreas Steffen
<pre>
396 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket:  0x6
397 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client
398 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket:  0x7
399 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client
400 53 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015
401 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
402 44 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
403 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available
404 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: AIK signature algorithm is ECDSA with SHA256 hash
405 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: loaded ECDSA private key from token
406 59 Andreas Steffen
</pre>
407 1 Andreas Steffen
408 59 Andreas Steffen
The ECC AIK certificate is loaded by the *charon-systemd* daemon via the TPM 2.0 resource manager
409 1 Andreas Steffen
<pre>
410 59 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: Accept socket:  0x8
411 59 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client
412 59 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: Accept socket:  0x9
413 59 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client
414 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015
415 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
416 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
417 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available
418 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: loaded certificate from TPM NV index 0x01800004
419 60 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0x8.
420 60 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x9
421 59 Andreas Steffen
</pre>
422 59 Andreas Steffen
423 59 Andreas Steffen
The two connection definitions are received by the *charon-systemd* daemon from the *swanctl* command line tool via the VICI interface
424 59 Andreas Steffen
<pre>
425 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]:   id not specified, defaulting to cert subject 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com'
426 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: added vici connection: rsa
427 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]:   id not specified, defaulting to cert subject 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com'
428 44 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: added vici connection: ecc
429 59 Andreas Steffen
</pre>
430 59 Andreas Steffen
431 59 Andreas Steffen
The *swanctl* command line tool reports its actions
432 59 Andreas Steffen
<pre>
433 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_rsa_Cert.der'
434 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509ca/demoCaCert.pem'
435 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded key token_ak_rsa from token [keyid: f49e857dde4e67f5fb870398673f207cf33f2b66]
436 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded key token_ak_ecc from token [keyid: c70e63f87f6ff65500e5057f5a3e6b6ce7d2d513]
437 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded connection 'rsa'
438 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded connection 'ecc'
439 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: successfully loaded 2 connections, 0 unloaded
440 31 Andreas Steffen
</pre>
441 31 Andreas Steffen
442 31 Andreas Steffen
<pre>
443 44 Andreas Steffen
Feb 19 10:52:02 raspi5 systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
444 31 Andreas Steffen
</pre>
445 31 Andreas Steffen
446 31 Andreas Steffen
The following *swanctl* command shows the two loaded connections
447 31 Andreas Steffen
<pre>
448 31 Andreas Steffen
swanctl --list-conns
449 31 Andreas Steffen
</pre>
450 31 Andreas Steffen
451 31 Andreas Steffen
<pre>
452 31 Andreas Steffen
rsa: IKEv2, reauthentication every 10800s, no rekeying
453 31 Andreas Steffen
  local:  10.10.0.105
454 31 Andreas Steffen
  remote: 10.10.0.104
455 31 Andreas Steffen
  local public key authentication:
456 31 Andreas Steffen
    id: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
457 31 Andreas Steffen
    certs: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
458 31 Andreas Steffen
  remote public key authentication:
459 31 Andreas Steffen
    id: raspi4.example.com
460 31 Andreas Steffen
  rsa: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
461 31 Andreas Steffen
    local:  dynamic
462 31 Andreas Steffen
    remote: dynamic
463 31 Andreas Steffen
</pre>
464 31 Andreas Steffen
465 31 Andreas Steffen
<pre>
466 31 Andreas Steffen
ecc: IKEv2, reauthentication every 10800s, no rekeying
467 31 Andreas Steffen
  local:  10.10.0.105
468 31 Andreas Steffen
  remote: 10.10.0.104
469 31 Andreas Steffen
  local public key authentication:
470 31 Andreas Steffen
    id: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
471 31 Andreas Steffen
    certs: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
472 31 Andreas Steffen
  remote public key authentication:
473 31 Andreas Steffen
    id: raspi4.example.com
474 31 Andreas Steffen
  ecc: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
475 31 Andreas Steffen
    local:  dynamic
476 32 Andreas Steffen
    remote: dynamic
477 31 Andreas Steffen
</pre>
478 31 Andreas Steffen
479 31 Andreas Steffen
The loaded certificates can also be displayed
480 31 Andreas Steffen
<pre>
481 31 Andreas Steffen
swanctl --list-certs
482 31 Andreas Steffen
</pre>
483 31 Andreas Steffen
484 31 Andreas Steffen
You can clearly see that the connection between the AK certificates and their matching AK private key has been established (..., has private key)
485 31 Andreas Steffen
<pre>
486 31 Andreas Steffen
List of X.509 End Entity Certificates
487 31 Andreas Steffen
488 31 Andreas Steffen
  subject:  "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
489 31 Andreas Steffen
  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"
490 31 Andreas Steffen
  validity:  not before Feb 19 09:33:43 2017, ok
491 31 Andreas Steffen
             not after  Aug 29 10:33:43 2026, ok (expires in 3477 days)
492 31 Andreas Steffen
  serial:    11:57:33:3e:2a:8e:8a:32
493 31 Andreas Steffen
  altNames:  raspi5.example.com
494 31 Andreas Steffen
  authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
495 31 Andreas Steffen
  subjkeyId: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
496 31 Andreas Steffen
  pubkey:    RSA 2048 bits, has private key
497 31 Andreas Steffen
  keyid:     71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
498 31 Andreas Steffen
  subjkey:   f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
499 31 Andreas Steffen
500 31 Andreas Steffen
  subject:  "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
501 31 Andreas Steffen
  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"
502 31 Andreas Steffen
  validity:  not before Feb 17 23:17:19 2017, ok
503 31 Andreas Steffen
             not after  Aug 30 00:17:19 2026, ok (expires in 3478 days)
504 31 Andreas Steffen
  serial:    52:9d:3e:42:6f:71:63:3d
505 31 Andreas Steffen
  altNames:  raspi5.example.com
506 31 Andreas Steffen
  authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
507 31 Andreas Steffen
  subjkeyId: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
508 31 Andreas Steffen
  pubkey:    ECDSA 256 bits, has private key
509 31 Andreas Steffen
  keyid:     71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
510 31 Andreas Steffen
  subjkey:   c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
511 31 Andreas Steffen
</pre>
512 31 Andreas Steffen
513 31 Andreas Steffen
<pre>
514 31 Andreas Steffen
List of X.509 CA Certificates
515 31 Andreas Steffen
516 31 Andreas Steffen
  subject:  "C=US, O=TNC Demo, CN=TNC Demo CA"
517 1 Andreas Steffen
  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"
518 32 Andreas Steffen
  validity:  not before Aug 31 10:29:27 2016, ok
519 32 Andreas Steffen
             not after  Aug 31 10:29:27 2026, ok (expires in 3479 days)
520 43 Andreas Steffen
  serial:    02:c8:85:e1:ef:fa:8f:20
521 32 Andreas Steffen
  flags:     CA CRLSign self-signed 
522 38 Andreas Steffen
  subjkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
523 32 Andreas Steffen
  pubkey:    ECDSA 256 bits
524 32 Andreas Steffen
  keyid:     a1:b5:e0:29:d0:4c:a7:62:bd:ca:a3:b4:af:18:42:2c:4a:01:55:9a
525 32 Andreas Steffen
  subjkey:   21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
526 32 Andreas Steffen
</pre>
527 32 Andreas Steffen
528 32 Andreas Steffen
h2. IKEv2 Authentication with RSA AIK Certificate
529 32 Andreas Steffen
530 32 Andreas Steffen
With the following *swanctl* command the "rsa" connection is established
531 32 Andreas Steffen
<pre>
532 32 Andreas Steffen
swanctl --initiate --child rsa
533 32 Andreas Steffen
</pre>
534 32 Andreas Steffen
535 32 Andreas Steffen
<pre>
536 45 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: vici initiate 'rsa'
537 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: initiating IKE_SA rsa[1] to 10.10.0.104
538 40 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]
539 40 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes)
540 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes)
541 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ]
542 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received strongSwan vendor ID
543 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
544 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
545 32 Andreas Steffen
</pre>
546 32 Andreas Steffen
547 32 Andreas Steffen
The RSA AK private key stored in the TPM 2.0 is used to generate an *RSA_EMSA_PKCS1_SHA2_256* signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.
548 32 Andreas Steffen
<pre>
549 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
550 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
551 32 Andreas Steffen
</pre>
552 32 Andreas Steffen
<pre>
553 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: establishing CHILD_SA rsa
554 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
555 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (1296 bytes)
556 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
557 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
558 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
559 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]:   using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
560 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]:   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
561 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]:   reached self-signed root ca with a path length of 0
562 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
563 38 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: IKE_SA rsa[1] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
564 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: scheduling reauthentication in 10507s
565 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11587s
566 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: CHILD_SA rsa{1} established with SPIs c23deb9d_i ce48d08e_o and TS 10.10.0.105/32 === 10.10.0.104/32
567 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 10103s, scheduling reauthentication in 9023s
568 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: peer supports MOBIKE
569 32 Andreas Steffen
</pre>
570 32 Andreas Steffen
571 32 Andreas Steffen
The following *swanctl* command shows the established IPsec connection
572 32 Andreas Steffen
<pre>
573 32 Andreas Steffen
 swanctl --list-sas
574 32 Andreas Steffen
</pre>
575 32 Andreas Steffen
<pre>
576 32 Andreas Steffen
rsa: #1, ESTABLISHED, IKEv2, 7ba3b4d06c051ecb_i* 14e1769a8aeb7f28_r
577 32 Andreas Steffen
  local  'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' @ 10.10.0.105[4500]
578 32 Andreas Steffen
  remote 'raspi4.example.com' @ 10.10.0.104[4500]
579 32 Andreas Steffen
  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
580 32 Andreas Steffen
  established 252s ago, reauth in 8771s
581 38 Andreas Steffen
  rsa: #1, reqid 1, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
582 33 Andreas Steffen
    installed 252s ago, rekeying in 3258s, expires in 3708s
583 33 Andreas Steffen
    in  c23deb9d,    640 bytes,    10 packets,     3s ago
584 33 Andreas Steffen
    out ce48d08e,    640 bytes,    10 packets,     3s ago
585 33 Andreas Steffen
    local  10.10.0.105/32
586 33 Andreas Steffen
    remote 10.10.0.104/32
587 33 Andreas Steffen
</pre>
588 33 Andreas Steffen
589 33 Andreas Steffen
With this *swanctl* command the "rsa" connection is terminated
590 33 Andreas Steffen
<pre>
591 33 Andreas Steffen
swanctl --terminate --ike rsa
592 33 Andreas Steffen
</pre>
593 33 Andreas Steffen
594 33 Andreas Steffen
<pre>
595 33 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'rsa'
596 33 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: deleting IKE_SA rsa[1] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
597 43 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA rsa[1]
598 32 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ]
599 38 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes)
600 32 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes)
601 32 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ]
602 33 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: IKE_SA deleted
603 33 Andreas Steffen
</pre>
604 33 Andreas Steffen
605 33 Andreas Steffen
h2. IKEv2 Authentication with ECC AIK Certificate
606 33 Andreas Steffen
607 33 Andreas Steffen
Next we initiate the "ecc" connection
608 33 Andreas Steffen
<pre>
609 33 Andreas Steffen
swanctl --initiate --child ecc
610 33 Andreas Steffen
</pre>
611 33 Andreas Steffen
612 33 Andreas Steffen
<pre>
613 45 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: vici initiate 'ecc'
614 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: initiating IKE_SA ecc[2] to 10.10.0.104
615 40 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]
616 40 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes)
617 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes)
618 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ]
619 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received strongSwan vendor ID
620 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
621 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
622 33 Andreas Steffen
</pre>
623 33 Andreas Steffen
624 33 Andreas Steffen
The ECC AK private key stored in the TPM 2.0 is used to generate an *ECDSA_WITH_SHA256_DER* signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.
625 33 Andreas Steffen
<pre>
626 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' (myself) with ECDSA_WITH_SHA256_DER successful
627 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
628 33 Andreas Steffen
</pre>
629 33 Andreas Steffen
<pre>
630 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: establishing CHILD_SA ecc
631 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
632 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (912 bytes)
633 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
634 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
635 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
636 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]:   using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
637 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]:   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
638 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]:   reached self-signed root ca with a path length of 0
639 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
640 39 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: IKE_SA ecc[2] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
641 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: scheduling reauthentication in 10180s
642 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11260s
643 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: CHILD_SA ecc{2} established with SPIs c2c16cd0_i c47ea6f6_o and TS 10.10.0.105/32 === 10.10.0.104/32
644 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 9880s, scheduling reauthentication in 8800s
645 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: peer supports MOBIKE
646 33 Andreas Steffen
</pre>
647 33 Andreas Steffen
648 33 Andreas Steffen
The establed IKE and CHILD SAs are displayed
649 33 Andreas Steffen
<pre>
650 33 Andreas Steffen
 swanctl --list-sas
651 33 Andreas Steffen
</pre>
652 33 Andreas Steffen
<pre>
653 33 Andreas Steffen
ecc: #2, ESTABLISHED, IKEv2, b7f2652777b0996a_i* 12282b5964ff0658_r
654 1 Andreas Steffen
  local  'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' @ 10.10.0.105[4500]
655 1 Andreas Steffen
  remote 'raspi4.example.com' @ 10.10.0.104[4500]
656 34 Andreas Steffen
  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
657 34 Andreas Steffen
  established 126s ago, reauth in 8674s
658 39 Andreas Steffen
  ecc: #2, reqid 2, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
659 34 Andreas Steffen
    installed 126s ago, rekeying in 3252s, expires in 3834s
660 34 Andreas Steffen
    in  c2c16cd0,    320 bytes,     5 packets,     2s ago
661 34 Andreas Steffen
    out c47ea6f6,    320 bytes,     5 packets,     2s ago
662 34 Andreas Steffen
    local  10.10.0.105/32
663 34 Andreas Steffen
    remote 10.10.0.104/32
664 34 Andreas Steffen
</pre>
665 34 Andreas Steffen
666 34 Andreas Steffen
The IKE and CHILD SAs are terminated
667 34 Andreas Steffen
<pre>
668 34 Andreas Steffen
swanctl --terminate --ike ecc
669 34 Andreas Steffen
</pre>
670 34 Andreas Steffen
671 34 Andreas Steffen
<pre>
672 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'ecc'
673 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: deleting IKE_SA ecc[2] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
674 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA ecc[2]
675 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ]
676 39 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes)
677 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes)
678 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ]
679 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: IKE_SA deleted
680 1 Andreas Steffen
</pre>
681 39 Andreas Steffen
682 34 Andreas Steffen
h2. Stopping the strongSwan Daemon
683 34 Andreas Steffen
684 34 Andreas Steffen
Stop the *strongswan-swanctl* systemd service
685 34 Andreas Steffen
<pre>
686 1 Andreas Steffen
systemctl stop strongswan-swanctl
687 38 Andreas Steffen
</pre>
688 39 Andreas Steffen
689 34 Andreas Steffen
The strongSwan daemon is stopped
690 34 Andreas Steffen
<pre>
691 34 Andreas Steffen
Feb 19 11:06:02 raspi5 systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
692 34 Andreas Steffen
Feb 19 11:06:02 raspi5 charon-systemd[21165]: SIGTERM received, shutting down
693 34 Andreas Steffen
Feb 19 11:06:02 raspi5 systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
694 29 Andreas Steffen
</pre>
695 1 Andreas Steffen
696 1 Andreas Steffen
The two TPM sockets attaching the RSA and ECC AK private keys via the TPM 2.0 resource managers are released
697 1 Andreas Steffen
<pre>
698 1 Andreas Steffen
Feb 19 11:06:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x7.
699 1 Andreas Steffen
Feb 19 11:06:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0x6.
700 1 Andreas Steffen
Feb 19 11:06:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0xd.
701 1 Andreas Steffen
Feb 19 11:06:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0xc.
702 1 Andreas Steffen
</pre>