Trusted Platform Module 2.0 » History » Version 62
« Previous -
Version 62/86
(diff) -
Next » -
Current version
Andreas Steffen, 06.12.2017 22:22
Trusted Platform Module 2.0¶
- Table of contents
- Trusted Platform Module 2.0
- Connect to a TPM 2.0 Device
- TPM 2.0 Algorithm IDs
- Derive a Persistent RSA Endorsement Key
- Generate a Persistent RSA Attestation Key
- Derive a Persistent ECC Endorsement Key
- Generate a Persistent ECC Attestation Key
- Generate Another ECC Attestation Key
- Remove a Persistent Key Object
- List Persistent Objects
- Create a Demo Root CA
- Issue an RSA AIK Certificate
- Issue an ECC AIK Certificate
- Store the ECC AIK Certificate in the NV RAM of the TPM
- List of NV Indexes
- Remove NV Index
- Configure TPM Private Key Access via VICI Interface
- Define IPsec Connection with RSA AK Client Key
- Define IPsec Connection with ECC AK Client Key
- Starting the strongSwan Daemon
- IKEv2 Authentication with RSA AIK Certificate
- IKEv2 Authentication with ECC AIK Certificate
- Stopping the strongSwan Daemon
Connect to a TPM 2.0 Device¶
Install the TSS2 Software Stack and tpm2 Tools¶
In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 software stack developed by Intel is needed. Because the official Ubuntu tpm2-tss package is rather outdated (e.g. since version 0.98 the TCTI interface to the TPM 2.0 resource manager has changed several times), strongSwan is currently based on a recent version directly drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS. Avoid any TCTI interface incompatibilities by fetching the latest tpm2-tools version from https://github.com/01org/tpm2.0-tools as well.
Build and install both the tpm2-tss stack and the tpm2.0-tools, start the tpm2-resourcemgr as a service in the background and try to connect to the TPM 2.0 by listing e.g. the contents of the SHA-1 bank of PCR registers
tpm2_listpcrs -g 0x0004Bank/Algorithm: TPM_ALG_SHA1(0x0004) PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_10: a9 45 e7 0f 42 a2 79 f0 78 ca d4 64 60 39 39 da 9d 6a d1 a5 PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
A manual showing all tpm2-tools functions with their arguments can be found here.
Enable the strongSwan tpm Plugin¶
The strongSwan libtpmtss tpm plugin and the TSS2 interface are enabled and built with the following options
./configure --enable-tss-tss2 --enable tpm ...TPM 2.0 Algorithm IDs¶
Hash Algorithms¶
| 0x0004 | SHA-1 |
| 0x000B | SHA-2_256 |
| 0x000C | SHA-2_384 |
| 0x000D | SHA-2_512 |
Currently available TPM 2.0 devices like the Infineon Optiga SLB 9670 VQ2.0 hardware TPM or Intel's PTT firmware TPM integrated into the Management Engine starting with the 4th generation (Haswell) of the Core processor family, support the SHA-1 and SHA-2_256 algorithms.
Public Key Types¶
| 0x0001 | RSA |
| 0x0023 | ECC |
Currently RSA keys have a modulus size of 2048 bits and ECC keys are based on the 256 bit NIST curve.
Signature Schemes¶
| 0x0014 | RSASSA |
| 0x0016 | RSAPSS |
| 0x0018 | ECDSA |
Derive a Persistent RSA Endorsement Key¶
The following tpm2-tools command derives a 2048 bit RSA Endorsement Key (EK) in a deterministic way from the secret Endorsement Primary Seed unique to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010001
tpm2_getpubek -H 0x81010001 -g 0x0001 -f ek_rsa.pubThe EK public key stored in the ek_rsa.pub file is encoded in a TPM 2.0 proprietary format but the key can be exported from the TPM in the regular PKCS#1 format using the pki tool
pki --pub --keyid 0x81010001 --outform pem > ek_rsa_pub.pemThe fingerprint of the RSA EK public key can be displayed with the command
pki --print --type pub --in ek_rsa_pub.pem
pubkey: RSA 2048 bits
keyid: d1:f1:49:84:36:44:e6:8c:d2:a6:69:ee:fd:b5:7d:56:2f:39:ff:58
subjkey: c1:1b:8e:f1:c7:f8:8a:1e:9a:dd:7e:82:2f:7a:a3:f5:c0:e2:4d:7dGenerate a Persistent RSA Attestation Key¶
A 2048 bit RSA Attestation Key (AK) bound to the EK with handle 0x81010001 can be created and made persistent under the handle 0x81010002 with the following tpm2-tools command
tpm2_getpubak -E 0x81010001 -g 0x0001 -D 0x000B -s 0x0014 -k 0x81010002 -P 123456 -f ak_rsa2.pub -n ak_rsa2.nameThis AK key is protected by the PIN (-P parameter) 123456. The AK public key can now be exported in PKCS#1 format from the TPM using the pki tool
pki --pub --keyid 0x81010002 --outform pem > ak_rsa_pub.pemThe fingerprint of the RSA AK public key can be displayed with the command
pki --print --type pub --in ak_rsa_pub.pem
pubkey: RSA 2048 bits
keyid: 71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
subjkey: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66Derive a Persistent ECC Endorsement Key¶
The following tpm2-tools command derives a 256 bit ECC Endorsement Key (EK) in a deterministic way from the secret Endorsement Primary Seed unique to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010003:
tpm2_getpubek -H 0x81010003 -g 0x0023 -f ek_ecc.pubThe EK public key can be exported in PKCS#1 format from the TPM using the pki tool:
pki --pub --keyid 0x81010003 > ek_ecc_pub.derThe fingerprint of the ECC EK public key can be displayed with the command
pki --print --type pub --in ek_ecc_pub.der
pubkey: ECDSA 256 bits
keyid: 7f:39:ca:e6:83:9b:a9:06:97:40:27:6a:e1:bf:8f:f5:9f:d3:a5:31
subjkey: 8b:43:4d:5e:5e:7b:ff:c2:54:4d:ef:88:cb:0c:7c:47:75:28:4d:09Generate a Persistent ECC Attestation Key¶
A 256 bit ECC Attestation Key (AK) bound to the EK with handle 0x81010003 can be created and made persistent under the handle 0x81010004 with the following tpm2-tools command
tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010004 -f ak_ecc4.pub -n ak_ecc4.nameThe AK public key can be exported in PKCS#1 format from the TPM using the pki tool
pki --pub --keyid 0x81010004 > ak_ecc_pub.derThe fingerprint of the ECC AK public key can be displayed with the command
pki --print --type pub --in ak_ecc_pub.der
pubkey: ECDSA 256 bits
keyid: 71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
subjkey: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13Generate Another ECC Attestation Key¶
Multiple AK keys bound to a common EK key can be generated
tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010005 -f ak_ecc5.pub -n ak_ecc5.nameThe AK public key can be exported in PKCS#1 format from the TPM using the pki tool
pki --pub --keyid 0x81010005 > ak_ecc5_pub.derThe fingerprint of the second ECC AK public key can be displayed with the command
pki --print --type pub --in ak_ecc5_pub.der
pubkey: ECDSA 256 bits
keyid: c4:b4:9c:95:27:9e:ce:81:2f:98:42:c8:1b:f0:54:ff:d4:d1:24:34
subjkey: cf:44:f4:f7:9d:97:09:ad:b1:09:3a:8e:6f:23:eb:9f:2c:35:94:c9Remove a Persistent Key Object¶
Since the non-volatile memory of the TPM is limited any persistent key object can be removed to free storage space.
The following tpm2-tools command removes the ECC AK key with persistent handle 0x81010005
tpm2_evictcontrol -A o -H 0x81010005 -S 0x81010005List Persistent Objects¶
The following tpm2-tools command lists all persistent objects stored by the TPM in non-volatile memory
tpm2_listpersistent
6 persistent objects defined.
0. Persistent handle: 0x81000001
{
Type: 0x23
Hash algorithm(nameAlg): 0xb
Attributes: 0x30072
}
1. Persistent handle: 0x81000002
{
Type: 0x23
Hash algorithm(nameAlg): 0xb
Attributes: 0x60072
}
2. Persistent handle: 0x81010001
{
Type: 0x1
Hash algorithm(nameAlg): 0xb
Attributes: 0x300b2
}
3. Persistent handle: 0x81010002
{
Type: 0x1
Hash algorithm(nameAlg): 0xb
Attributes: 0x50072
}
4. Persistent handle: 0x81010003
{
Type: 0x23
Hash algorithm(nameAlg): 0xb
Attributes: 0x300b2
}
5. Persistent handle: 0x81010004
{
Type: 0x23
Hash algorithm(nameAlg): 0xb
Attributes: 0x50072
}
Create a Demo Root CA¶
The following pki command creates a 256 bit ECDSA private key for the Demo CA
pki --gen --type ecdsa --size 256 --outform pem > demoCaKey.pem
Next we create a self-signed Root CA certificate
pki --self --ca --type ecdsa --in demoCaKey.pem --dn="C=US, O=TNC Demo, CN=TNC Demo CA" --lifetime 3652 --outform pem > demoCaCert.pem
Issue an RSA AIK Certificate¶
Based on the RSA AK public key exported from the TPM, the following pki command generates an Attestation Identity Key (AIK) certificate signed by the Demo CA
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pub --in ak_rsa_pub.der --dn "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com" --san raspi5.example.com --lifetime 3651 > raspi5_ak_rsa_Cert.der
Issue an ECC AIK Certificate¶
Based on the ECC AK public key exported from the TPM, the following pki command generates an Attestation Identity Key (AIK) certificate signed by the Demo CA
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pub --in ak_ecc_pub.der --dn "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com" --san raspi5.example.com --lifetime 3651 > raspi5_ak_ecc_Cert.der
Many certification authorities issue certificates based on PKCS#10 certificate requests. This approach is also possible. First a certificate request is generated on the host the TPM resides on
pki --req --keyid 0x81010004 --dn "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com" --san raspi5.example.com > ak_ecc_req.der
When you are prompted for a smartcard PIN just press <enter> since this TPM private key is not protected by a PIN. In a second step the CA issues the AIK certificate based on the PKCS#10 certificate request
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pkcs10 --in ak_ecc_req.der --lifetime 3651 > raspi5_ak_ecc_Cert.der
Store the ECC AIK Certificate in the NV RAM of the TPM¶
A TPM 2.0 has a certain amount of Non Volatile Random Access Memory (NV RAM) that can be used to store arbitrary data, e.g. the X.509 certificates matching the persistent keys. IF both the certificates and keys are persisted in the TPM then the system disk of the host can be reformatted at any time without loosing the machine or user credentials.As with smartcards the needed amount of memory must be reserved first so we check the size of the X.509 ECC certificate
ls -l raspi5_ak_ecc_Cert.der -rw-r--r-- 1 root root 449 Feb 17 2017 /etc/swanctl/x509/raspi5_ak_ecc_Cert.der
We then define a memory location with a size of 449 bytes that can be accessed via the handle 0x01800004 which is also called the NV index
tpm2_nvdefine -x 0x01800004 -a 0x40000001 -s 449 -t 0x2000A
Then we write the certificate file to the NV RAM destination
tpm2_nvwrite -x 0x01800004 -a 0x40000001 -f raspi5_ak_ecc_Cert.der
List of NV Indexes¶
A list of all defined NV indexes can be obtained with
tpm2_nvlist
2 NV indexes defined.
0. NV Index: 0x1500015
{
Hash algorithm(nameAlg):4
The Index attributes(attributes):0x44040004
The size of the data area(dataSize):4
}
1. NV Index: 0x1800004
{
Hash algorithm(nameAlg):11
The Index attributes(attributes):0x2002000a
The size of the data area(dataSize):449
}
Remove NV Index¶
The memory assigned to a given NV index can be released with the command
tpm2_nvrelease -x 0x01800001 -a 0x40000001
Configure TPM Private Key Access via VICI Interface¶
Configuration of TPM private key access as tokens in the secrets section of swanctl.conf
secrets {
token_ak_rsa {
handle = 81010002
pin = 123456
}
token_ak_ecc {
handle = 81010004
}
}
Since the use of the RSA AK private key is password-protected, the PIN 123456 is added.Define IPsec Connection with RSA AK Client Key¶
This connection configuration in swanctl.conf uses the RSA AK certificate for client authentication
connections {
rsa {
local_addrs = 10.10.0.105
remote_addrs = 10.10.0.104
local {
auth = pubkey
certs = raspi5_ak_rsa_Cert.der
}
remote {
auth = pubkey
id = raspi4.example.com
}
children {
rsa {
mode = transport
esp_proposals = aes128-sha256-curve25519
}
}
version = 2
proposals = aes128-sha256-curve25519
}
}
Define IPsec Connection with ECC AK Client Key¶
This connection configuration in swanctl.conf references the ECC AK certificate used for client authentication via its handle, i.e. the NV index
connections {
ecc {
local_addrs = 10.10.0.105
remote_addrs = 10.10.0.104
local {
auth = pubkey
cert-tpm {
handle = 0x01800004
}
}
remote {
auth = pubkey
id = raspi4.example.com
}
children {
ecc {
mode = transport
esp_proposals = aes128-sha256-curve25519
}
}
version = 2
proposals = aes128-sha256-curve25519
}
}
Starting the strongSwan Daemon¶
systemctl start strongswan-swanctl
Feb 19 10:52:01 raspi5 systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl... Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded plugins: charon-systemd charon-systemd random nonce x509 constraints openssl pem pkcs1 pkcs8 pkcs12 pubkey mgf1 ntru curve25519 eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 socket-default kernel-netlink vici tpm Feb 19 10:52:01 raspi5 charon-systemd[21165]: spawning 16 worker threads Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded certificate 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded certificate 'C=US, O=TNC Demo, CN=TNC Demo CA'
The RSA AK private key is attached to the charon-systemd daemon via the TPM 2.0 resource manager
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket: 0xc Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket: 0xd Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015 Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256 Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available Feb 19 10:52:01 raspi5 charon-systemd[21165]: AIK signature algorithm is RSASSA with SHA256 hash Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded RSA private key from token F
The ECC AK private key is attached to the charon-systemd daemon via the TPM 2.0 resource manager
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket: 0x6 Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket: 0x7 Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015 Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256 Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available Feb 19 10:52:02 raspi5 charon-systemd[21165]: AIK signature algorithm is ECDSA with SHA256 hash Feb 19 10:52:02 raspi5 charon-systemd[21165]: loaded ECDSA private key from token
The ECC AIK certificate is loaded by the charon-systemd daemon via the TPM 2.0 resource manager
Feb 19 10:52:02 raspi5 resourcemgr[531]: Accept socket: 0x8 Feb 19 10:52:02 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client Feb 19 10:52:02 raspi5 resourcemgr[531]: Accept socket: 0x9 Feb 19 10:52:02 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015 Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256 Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available Feb 19 10:52:02 raspi5 charon-systemd[21165]: loaded certificate from TPM NV index 0x01800004 Feb 19 10:52:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0x8. Feb 19 10:52:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x9
The two connection definitions are received by the charon-systemd daemon from the swanctl command line tool via the VICI interface
Feb 19 10:52:02 raspi5 charon-systemd[21165]: id not specified, defaulting to cert subject 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' Feb 19 10:52:02 raspi5 charon-systemd[21165]: added vici connection: rsa Feb 19 10:52:02 raspi5 charon-systemd[21165]: id not specified, defaulting to cert subject 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' Feb 19 10:52:02 raspi5 charon-systemd[21165]: added vici connection: ecc
The swanctl command line tool reports its actions
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_rsa_Cert.der' Feb 19 10:52:02 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509ca/demoCaCert.pem' Feb 19 10:52:02 raspi5 swanctl[21183]: loaded key token_ak_rsa from token [keyid: f49e857dde4e67f5fb870398673f207cf33f2b66] Feb 19 10:52:02 raspi5 swanctl[21183]: loaded key token_ak_ecc from token [keyid: c70e63f87f6ff65500e5057f5a3e6b6ce7d2d513] Feb 19 10:52:02 raspi5 swanctl[21183]: loaded connection 'rsa' Feb 19 10:52:02 raspi5 swanctl[21183]: loaded connection 'ecc' Feb 19 10:52:02 raspi5 swanctl[21183]: successfully loaded 2 connections, 0 unloaded
Feb 19 10:52:02 raspi5 systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
The following swanctl command shows the two loaded connections
swanctl --list-conns
rsa: IKEv2, reauthentication every 10800s, no rekeying
local: 10.10.0.105
remote: 10.10.0.104
local public key authentication:
id: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
certs: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
remote public key authentication:
id: raspi4.example.com
rsa: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
local: dynamic
remote: dynamic
ecc: IKEv2, reauthentication every 10800s, no rekeying
local: 10.10.0.105
remote: 10.10.0.104
local public key authentication:
id: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
certs: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
remote public key authentication:
id: raspi4.example.com
ecc: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
local: dynamic
remote: dynamic
The loaded certificates can also be displayed
swanctl --list-certs
You can clearly see that the connection between the AK certificates and their matching AK private key has been established (..., has private key)
List of X.509 End Entity Certificates
subject: "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
issuer: "C=US, O=TNC Demo, CN=TNC Demo CA"
validity: not before Feb 19 09:33:43 2017, ok
not after Aug 29 10:33:43 2026, ok (expires in 3477 days)
serial: 11:57:33:3e:2a:8e:8a:32
altNames: raspi5.example.com
authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
subjkeyId: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
pubkey: RSA 2048 bits, has private key
keyid: 71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
subjkey: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
subject: "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
issuer: "C=US, O=TNC Demo, CN=TNC Demo CA"
validity: not before Feb 17 23:17:19 2017, ok
not after Aug 30 00:17:19 2026, ok (expires in 3478 days)
serial: 52:9d:3e:42:6f:71:63:3d
altNames: raspi5.example.com
authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
subjkeyId: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
pubkey: ECDSA 256 bits, has private key
keyid: 71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
subjkey: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
List of X.509 CA Certificates
subject: "C=US, O=TNC Demo, CN=TNC Demo CA"
issuer: "C=US, O=TNC Demo, CN=TNC Demo CA"
validity: not before Aug 31 10:29:27 2016, ok
not after Aug 31 10:29:27 2026, ok (expires in 3479 days)
serial: 02:c8:85:e1:ef:fa:8f:20
flags: CA CRLSign self-signed
subjkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
pubkey: ECDSA 256 bits
keyid: a1:b5:e0:29:d0:4c:a7:62:bd:ca:a3:b4:af:18:42:2c:4a:01:55:9a
subjkey: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
IKEv2 Authentication with RSA AIK Certificate¶
With the following swanctl command the "rsa" connection is established
swanctl --initiate --child rsa
Feb 19 10:52:21 raspi5 charon-systemd[21165]: vici initiate 'rsa' Feb 19 10:52:21 raspi5 charon-systemd[21165]: initiating IKE_SA rsa[1] to 10.10.0.104 Feb 19 10:52:21 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ] Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes) Feb 19 10:52:21 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes) Feb 19 10:52:21 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ] Feb 19 10:52:21 raspi5 charon-systemd[21165]: received strongSwan vendor ID Feb 19 10:52:21 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
The RSA AK private key stored in the TPM 2.0 is used to generate an RSA_EMSA_PKCS1_SHA2_256 signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
Feb 19 10:52:24 raspi5 charon-systemd[21165]: establishing CHILD_SA rsa
Feb 19 10:52:24 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (1296 bytes)
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
Feb 19 10:52:24 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
Feb 19 10:52:24 raspi5 charon-systemd[21165]: using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
Feb 19 10:52:24 raspi5 charon-systemd[21165]: using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
Feb 19 10:52:24 raspi5 charon-systemd[21165]: reached self-signed root ca with a path length of 0
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
Feb 19 10:52:24 raspi5 charon-systemd[21165]: IKE_SA rsa[1] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
Feb 19 10:52:24 raspi5 charon-systemd[21165]: scheduling reauthentication in 10507s
Feb 19 10:52:24 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11587s
Feb 19 10:52:24 raspi5 charon-systemd[21165]: CHILD_SA rsa{1} established with SPIs c23deb9d_i ce48d08e_o and TS 10.10.0.105/32 === 10.10.0.104/32
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 10103s, scheduling reauthentication in 9023s
Feb 19 10:52:24 raspi5 charon-systemd[21165]: peer supports MOBIKE
The following swanctl command shows the established IPsec connection
swanctl --list-sas
rsa: #1, ESTABLISHED, IKEv2, 7ba3b4d06c051ecb_i* 14e1769a8aeb7f28_r
local 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' @ 10.10.0.105[4500]
remote 'raspi4.example.com' @ 10.10.0.104[4500]
AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
established 252s ago, reauth in 8771s
rsa: #1, reqid 1, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
installed 252s ago, rekeying in 3258s, expires in 3708s
in c23deb9d, 640 bytes, 10 packets, 3s ago
out ce48d08e, 640 bytes, 10 packets, 3s ago
local 10.10.0.105/32
remote 10.10.0.104/32
With this swanctl command the "rsa" connection is terminated
swanctl --terminate --ike rsa
Feb 19 10:59:16 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'rsa' Feb 19 10:59:16 raspi5 charon-systemd[21165]: deleting IKE_SA rsa[1] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com] Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA rsa[1] Feb 19 10:59:16 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ] Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes) Feb 19 10:59:16 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes) Feb 19 10:59:16 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ] Feb 19 10:59:16 raspi5 charon-systemd[21165]: IKE_SA deleted
IKEv2 Authentication with ECC AIK Certificate¶
Next we initiate the "ecc" connection
swanctl --initiate --child ecc
Feb 19 11:00:32 raspi5 charon-systemd[21165]: vici initiate 'ecc' Feb 19 11:00:32 raspi5 charon-systemd[21165]: initiating IKE_SA ecc[2] to 10.10.0.104 Feb 19 11:00:32 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ] Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes) Feb 19 11:00:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes) Feb 19 11:00:32 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ] Feb 19 11:00:32 raspi5 charon-systemd[21165]: received strongSwan vendor ID Feb 19 11:00:32 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
The ECC AK private key stored in the TPM 2.0 is used to generate an ECDSA_WITH_SHA256_DER signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' (myself) with ECDSA_WITH_SHA256_DER successful Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
Feb 19 11:00:34 raspi5 charon-systemd[21165]: establishing CHILD_SA ecc
Feb 19 11:00:34 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (912 bytes)
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
Feb 19 11:00:34 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
Feb 19 11:00:34 raspi5 charon-systemd[21165]: using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
Feb 19 11:00:34 raspi5 charon-systemd[21165]: using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
Feb 19 11:00:34 raspi5 charon-systemd[21165]: reached self-signed root ca with a path length of 0
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
Feb 19 11:00:34 raspi5 charon-systemd[21165]: IKE_SA ecc[2] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
Feb 19 11:00:34 raspi5 charon-systemd[21165]: scheduling reauthentication in 10180s
Feb 19 11:00:34 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11260s
Feb 19 11:00:34 raspi5 charon-systemd[21165]: CHILD_SA ecc{2} established with SPIs c2c16cd0_i c47ea6f6_o and TS 10.10.0.105/32 === 10.10.0.104/32
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 9880s, scheduling reauthentication in 8800s
Feb 19 11:00:34 raspi5 charon-systemd[21165]: peer supports MOBIKE
The establed IKE and CHILD SAs are displayed
swanctl --list-sas
ecc: #2, ESTABLISHED, IKEv2, b7f2652777b0996a_i* 12282b5964ff0658_r
local 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' @ 10.10.0.105[4500]
remote 'raspi4.example.com' @ 10.10.0.104[4500]
AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
established 126s ago, reauth in 8674s
ecc: #2, reqid 2, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
installed 126s ago, rekeying in 3252s, expires in 3834s
in c2c16cd0, 320 bytes, 5 packets, 2s ago
out c47ea6f6, 320 bytes, 5 packets, 2s ago
local 10.10.0.105/32
remote 10.10.0.104/32
The IKE and CHILD SAs are terminated
swanctl --terminate --ike ecc
Feb 19 11:04:32 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'ecc' Feb 19 11:04:32 raspi5 charon-systemd[21165]: deleting IKE_SA ecc[2] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com] Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA ecc[2] Feb 19 11:04:32 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ] Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes) Feb 19 11:04:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes) Feb 19 11:04:32 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ] Feb 19 11:04:32 raspi5 charon-systemd[21165]: IKE_SA deleted
Stopping the strongSwan Daemon¶
Stop the strongswan-swanctl systemd service
systemctl stop strongswan-swanctl
The strongSwan daemon is stopped
Feb 19 11:06:02 raspi5 systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl... Feb 19 11:06:02 raspi5 charon-systemd[21165]: SIGTERM received, shutting down Feb 19 11:06:02 raspi5 systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
The two TPM sockets attaching the RSA and ECC AK private keys via the TPM 2.0 resource managers are released
Feb 19 11:06:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x7. Feb 19 11:06:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0x6. Feb 19 11:06:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0xd. Feb 19 11:06:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0xc.