Project

General

Profile

Trusted Platform Module 2.0 » History » Version 64

Andreas Steffen, 11.12.2017 12:19

1 17 Andreas Steffen
h1. Trusted Platform Module 2.0
2 1 Andreas Steffen
3 6 Andreas Steffen
{{>toc}}
4 6 Andreas Steffen
5 51 Andreas Steffen
h2. Connect to a TPM 2.0 Device
6 1 Andreas Steffen
7 51 Andreas Steffen
h3. Install the TSS2 Software Stack and tpm2 Tools
8 51 Andreas Steffen
9 5 Andreas Steffen
In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 software stack developed by Intel is needed. Because the official Ubuntu *tpm2-tss* package is rather outdated (e.g. since version 0.98 the TCTI interface to the TPM 2.0 resource manager has changed several times), strongSwan is currently based on a recent version directly drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS. Avoid any TCTI interface incompatibilities by fetching the latest *tpm2-tools* version from https://github.com/01org/tpm2.0-tools as well.
10 1 Andreas Steffen
11 11 Andreas Steffen
Build and install both the *tpm2-tss* stack and the *tpm2.0-tools*, start the *tpm2-resourcemgr* as a service in the background and try to connect to the TPM 2.0 by listing e.g. the contents of the SHA-1 bank of PCR registers
12 1 Andreas Steffen
13 7 Andreas Steffen
   
14 7 Andreas Steffen
 tpm2_listpcrs -g 0x0004
15 3 Andreas Steffen
16 18 Andreas Steffen
<pre>
17 18 Andreas Steffen
Bank/Algorithm: TPM_ALG_SHA1(0x0004)
18 3 Andreas Steffen
PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
19 3 Andreas Steffen
PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
20 3 Andreas Steffen
PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
21 3 Andreas Steffen
PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
22 3 Andreas Steffen
PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
23 3 Andreas Steffen
PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
24 3 Andreas Steffen
PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
25 3 Andreas Steffen
PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
26 3 Andreas Steffen
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
27 3 Andreas Steffen
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
28 3 Andreas Steffen
PCR_10: a9 45 e7 0f 42 a2 79 f0 78 ca d4 64 60 39 39 da 9d 6a d1 a5
29 3 Andreas Steffen
PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
30 3 Andreas Steffen
PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
31 3 Andreas Steffen
PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
32 3 Andreas Steffen
PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
33 3 Andreas Steffen
PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
34 3 Andreas Steffen
PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
35 3 Andreas Steffen
PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
36 3 Andreas Steffen
PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
37 3 Andreas Steffen
PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
38 3 Andreas Steffen
PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
39 1 Andreas Steffen
PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
40 1 Andreas Steffen
PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
41 1 Andreas Steffen
PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
42 18 Andreas Steffen
</pre>
43 1 Andreas Steffen
44 1 Andreas Steffen
A manual showing all *tpm2-tools* functions with their arguments can be found "here":https://github.com/01org/tpm2.0-tools/blob/master/manual.
45 51 Andreas Steffen
46 51 Andreas Steffen
h3. Enable the strongSwan tpm Plugin
47 51 Andreas Steffen
48 51 Andreas Steffen
The strongSwan libtpmtss *tpm* plugin and the TSS2 interface are enabled and built with the following options
49 51 Andreas Steffen
50 51 Andreas Steffen
  ./configure --enable-tss-tss2 --enable tpm  ...
51 7 Andreas Steffen
52 7 Andreas Steffen
h2. TPM 2.0 Algorithm IDs
53 7 Andreas Steffen
54 8 Andreas Steffen
h3. Hash Algorithms
55 8 Andreas Steffen
56 7 Andreas Steffen
|0x0004 |SHA-1     |
57 7 Andreas Steffen
|0x000B |SHA-2_256 |
58 7 Andreas Steffen
|0x000C |SHA-2_384 |
59 1 Andreas Steffen
|0x000D |SHA-2_512 |
60 7 Andreas Steffen
61 28 Andreas Steffen
Currently available TPM 2.0 devices like the Infineon *Optiga SLB 9670 VQ2.0* hardware TPM or Intel's *PTT* firmware TPM integrated into the Management Engine starting with the 4th generation (Haswell) of the *Core* processor family, support the *SHA-1* and *SHA-2_256* algorithms.
62 1 Andreas Steffen
63 8 Andreas Steffen
h3. Public Key Types
64 8 Andreas Steffen
65 8 Andreas Steffen
|0x0001 |RSA |
66 8 Andreas Steffen
|0x0023 |ECC |
67 1 Andreas Steffen
68 22 Andreas Steffen
Currently RSA keys have a modulus size of 2048 bits and ECC keys are based on the 256 bit NIST curve.
69 22 Andreas Steffen
70 11 Andreas Steffen
h3. Signature Schemes
71 11 Andreas Steffen
72 11 Andreas Steffen
|0x0014 |RSASSA |
73 11 Andreas Steffen
|0x0016 |RSAPSS |
74 9 Andreas Steffen
|0x0018 |ECDSA  |
75 64 Andreas Steffen
76 64 Andreas Steffen
h3. Object Attributes
77 64 Andreas Steffen
78 64 Andreas Steffen
|0x00002 |fixedTPM             |
79 64 Andreas Steffen
|0x00004 |stClear              |
80 64 Andreas Steffen
|0x00010 |fixedParent          |
81 64 Andreas Steffen
|0x00020 |sensitiveDataOrigin  |
82 64 Andreas Steffen
|0x00040 |userWithAuth         |
83 64 Andreas Steffen
|0x00080 |adminWithPolicy      |
84 64 Andreas Steffen
|0x00400 |noDA                 |
85 64 Andreas Steffen
|0x00800 |encryptedDuplication |
86 64 Andreas Steffen
|0x10000 |restricted           |
87 64 Andreas Steffen
|0x20000 |decrypt              |
88 64 Andreas Steffen
|0x40000 |sign                 |
89 64 Andreas Steffen
90 64 Andreas Steffen
91 20 Andreas Steffen
h2. Derive a Persistent RSA Endorsement Key
92 1 Andreas Steffen
93 25 Andreas Steffen
The following tpm2-tools command derives a 2048 bit RSA Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010001
94 11 Andreas Steffen
95 24 Andreas Steffen
 tpm2_getpubek -H 0x81010001 -g 0x0001 -f ek_rsa.pub
96 9 Andreas Steffen
97 27 Andreas Steffen
The EK public key stored in the ek_rsa.pub file is encoded in a TPM 2.0 proprietary format but the key can be exported from the TPM in the regular PKCS#1 format using the *pki* tool
98 9 Andreas Steffen
99 50 Andreas Steffen
 pki --pub --keyid 0x81010001 --outform pem > ek_rsa_pub.pem
100 9 Andreas Steffen
101 9 Andreas Steffen
The fingerprint of the RSA EK public key can be displayed with the command
102 9 Andreas Steffen
103 9 Andreas Steffen
 pki --print --type pub --in ek_rsa_pub.pem
104 9 Andreas Steffen
  pubkey:    RSA 2048 bits
105 9 Andreas Steffen
  keyid:     d1:f1:49:84:36:44:e6:8c:d2:a6:69:ee:fd:b5:7d:56:2f:39:ff:58
106 1 Andreas Steffen
  subjkey:   c1:1b:8e:f1:c7:f8:8a:1e:9a:dd:7e:82:2f:7a:a3:f5:c0:e2:4d:7d
107 1 Andreas Steffen
108 20 Andreas Steffen
h2. Generate a Persistent RSA Attestation Key
109 11 Andreas Steffen
110 12 Andreas Steffen
A 2048 bit RSA Attestation Key (AK) bound to the EK with handle 0x81010001 can be created and made persistent under the handle 0x81010002 with the following tpm2-tools command
111 1 Andreas Steffen
112 46 Andreas Steffen
 tpm2_getpubak -E 0x81010001 -g 0x0001 -D 0x000B -s 0x0014 -k 0x81010002 -P 123456 -f ak_rsa2.pub -n ak_rsa2.name
113 12 Andreas Steffen
114 46 Andreas Steffen
This AK key is protected by the PIN (-P parameter) *123456*. The AK public key can now be exported in PKCS#1 format from the TPM using the *pki* tool
115 12 Andreas Steffen
116 50 Andreas Steffen
 pki --pub --keyid 0x81010002 --outform pem > ak_rsa_pub.pem
117 12 Andreas Steffen
118 12 Andreas Steffen
The fingerprint of the RSA AK public key can be displayed with the command
119 12 Andreas Steffen
120 12 Andreas Steffen
 pki --print --type pub --in ak_rsa_pub.pem
121 12 Andreas Steffen
  pubkey:    RSA 2048 bits
122 12 Andreas Steffen
  keyid:     71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
123 12 Andreas Steffen
  subjkey:   f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
124 11 Andreas Steffen
125 20 Andreas Steffen
h2. Derive a Persistent ECC Endorsement Key
126 1 Andreas Steffen
127 25 Andreas Steffen
The following tpm2-tools command derives a 256 bit ECC Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010003:
128 1 Andreas Steffen
129 24 Andreas Steffen
 tpm2_getpubek -H 0x81010003 -g 0x0023 -f ek_ecc.pub
130 9 Andreas Steffen
131 11 Andreas Steffen
The EK public key can be exported in PKCS#1 format from the TPM using the *pki* tool:
132 11 Andreas Steffen
133 50 Andreas Steffen
  pki --pub --keyid 0x81010003 > ek_ecc_pub.der
134 9 Andreas Steffen
135 9 Andreas Steffen
The fingerprint of the ECC EK public key can be displayed with the command
136 9 Andreas Steffen
137 10 Andreas Steffen
 pki --print --type pub --in ek_ecc_pub.der
138 9 Andreas Steffen
  pubkey:    ECDSA 256 bits
139 9 Andreas Steffen
  keyid:     7f:39:ca:e6:83:9b:a9:06:97:40:27:6a:e1:bf:8f:f5:9f:d3:a5:31
140 9 Andreas Steffen
  subjkey:   8b:43:4d:5e:5e:7b:ff:c2:54:4d:ef:88:cb:0c:7c:47:75:28:4d:09
141 9 Andreas Steffen
142 20 Andreas Steffen
h2. Generate a Persistent ECC Attestation Key
143 13 Andreas Steffen
144 13 Andreas Steffen
A 256 bit ECC Attestation Key (AK) bound to the EK with handle 0x81010003 can be created and made persistent under the handle 0x81010004 with the following tpm2-tools command
145 13 Andreas Steffen
146 15 Andreas Steffen
 tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010004 -f ak_ecc4.pub -n ak_ecc4.name
147 13 Andreas Steffen
148 13 Andreas Steffen
The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool
149 13 Andreas Steffen
150 50 Andreas Steffen
 pki --pub --keyid 0x81010004 > ak_ecc_pub.der
151 13 Andreas Steffen
152 52 Andreas Steffen
The fingerprint of the ECC AK public key can be displayed with the command
153 13 Andreas Steffen
154 14 Andreas Steffen
 pki --print --type pub --in ak_ecc_pub.der
155 1 Andreas Steffen
  pubkey:    ECDSA 256 bits
156 1 Andreas Steffen
  keyid:     71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
157 1 Andreas Steffen
  subjkey:   c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
158 15 Andreas Steffen
159 20 Andreas Steffen
h2. Generate Another ECC Attestation Key
160 15 Andreas Steffen
161 15 Andreas Steffen
Multiple AK keys bound to a common EK key can be generated
162 15 Andreas Steffen
163 15 Andreas Steffen
 tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010005 -f ak_ecc5.pub -n ak_ecc5.name
164 15 Andreas Steffen
165 15 Andreas Steffen
The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool
166 15 Andreas Steffen
167 50 Andreas Steffen
 pki --pub --keyid 0x81010005 > ak_ecc5_pub.der
168 15 Andreas Steffen
169 15 Andreas Steffen
The fingerprint of the second ECC AK public key can be displayed with the command
170 15 Andreas Steffen
171 15 Andreas Steffen
 pki --print --type pub --in ak_ecc5_pub.der
172 15 Andreas Steffen
  pubkey:    ECDSA 256 bits
173 15 Andreas Steffen
  keyid:     c4:b4:9c:95:27:9e:ce:81:2f:98:42:c8:1b:f0:54:ff:d4:d1:24:34
174 15 Andreas Steffen
  subjkey:   cf:44:f4:f7:9d:97:09:ad:b1:09:3a:8e:6f:23:eb:9f:2c:35:94:c9
175 15 Andreas Steffen
176 19 Andreas Steffen
h2. Remove a Persistent Key Object
177 15 Andreas Steffen
178 15 Andreas Steffen
Since the non-volatile memory of the TPM is limited any persistent key object can be removed to free storage space.
179 15 Andreas Steffen
The following tpm2-tools command removes the ECC AK key with persistent handle 0x81010005
180 15 Andreas Steffen
181 1 Andreas Steffen
 tpm2_evictcontrol -A o -H 0x81010005 -S 0x81010005
182 18 Andreas Steffen
183 18 Andreas Steffen
h2. List Persistent Objects
184 18 Andreas Steffen
185 18 Andreas Steffen
The following tpm2-tools command lists all persistent objects stored by the TPM in non-volatile memory
186 18 Andreas Steffen
187 18 Andreas Steffen
 tpm2_listpersistent
188 18 Andreas Steffen
189 18 Andreas Steffen
<pre>
190 18 Andreas Steffen
6 persistent objects defined.
191 18 Andreas Steffen
192 18 Andreas Steffen
0. Persistent handle: 0x81000001
193 18 Andreas Steffen
{
194 18 Andreas Steffen
        Type: 0x23
195 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
196 18 Andreas Steffen
        Attributes: 0x30072
197 18 Andreas Steffen
}
198 18 Andreas Steffen
1. Persistent handle: 0x81000002
199 18 Andreas Steffen
{
200 18 Andreas Steffen
        Type: 0x23
201 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
202 18 Andreas Steffen
        Attributes: 0x60072
203 18 Andreas Steffen
}
204 18 Andreas Steffen
2. Persistent handle: 0x81010001
205 18 Andreas Steffen
{
206 18 Andreas Steffen
        Type: 0x1
207 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
208 18 Andreas Steffen
        Attributes: 0x300b2
209 18 Andreas Steffen
}
210 18 Andreas Steffen
3. Persistent handle: 0x81010002
211 18 Andreas Steffen
{
212 18 Andreas Steffen
        Type: 0x1
213 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
214 18 Andreas Steffen
        Attributes: 0x50072
215 18 Andreas Steffen
}
216 18 Andreas Steffen
4. Persistent handle: 0x81010003
217 18 Andreas Steffen
{
218 18 Andreas Steffen
        Type: 0x23
219 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
220 18 Andreas Steffen
        Attributes: 0x300b2
221 18 Andreas Steffen
}
222 18 Andreas Steffen
5. Persistent handle: 0x81010004
223 18 Andreas Steffen
{
224 18 Andreas Steffen
        Type: 0x23
225 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
226 18 Andreas Steffen
        Attributes: 0x50072
227 18 Andreas Steffen
}
228 18 Andreas Steffen
</pre>
229 13 Andreas Steffen
230 41 Andreas Steffen
h2. Create a Demo Root CA
231 41 Andreas Steffen
232 41 Andreas Steffen
The following *pki* command creates a 256 bit ECDSA private key for the Demo CA
233 41 Andreas Steffen
<pre>
234 41 Andreas Steffen
pki --gen --type ecdsa --size 256 --outform pem > demoCaKey.pem
235 41 Andreas Steffen
</pre>
236 41 Andreas Steffen
237 41 Andreas Steffen
Next we create a self-signed Root CA certificate
238 41 Andreas Steffen
<pre>
239 41 Andreas Steffen
pki --self --ca --type ecdsa --in demoCaKey.pem --dn="C=US, O=TNC Demo, CN=TNC Demo CA" --lifetime 3652 --outform pem > demoCaCert.pem
240 41 Andreas Steffen
</pre>
241 41 Andreas Steffen
242 42 Andreas Steffen
h2. Issue an RSA AIK Certificate
243 41 Andreas Steffen
244 42 Andreas Steffen
Based on the RSA AK public key exported from the TPM, the following *pki* command generates an Attestation Identity Key (AIK) certificate signed by the Demo CA
245 41 Andreas Steffen
<pre>
246 41 Andreas Steffen
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pub --in ak_rsa_pub.der --dn "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com" --san raspi5.example.com --lifetime 3651 > raspi5_ak_rsa_Cert.der
247 41 Andreas Steffen
</pre>
248 41 Andreas Steffen
249 42 Andreas Steffen
h2. Issue an ECC AIK Certificate
250 41 Andreas Steffen
251 42 Andreas Steffen
Based on the ECC AK public key exported from the TPM, the following *pki* command generates an Attestation Identity Key (AIK) certificate signed by the Demo CA
252 41 Andreas Steffen
<pre>
253 41 Andreas Steffen
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pub --in ak_ecc_pub.der --dn "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com" --san raspi5.example.com --lifetime 3651 > raspi5_ak_ecc_Cert.der
254 41 Andreas Steffen
</pre>
255 47 Andreas Steffen
256 49 Andreas Steffen
Many certification authorities issue certificates based on PKCS#10 certificate requests. This approach is also possible. First a certificate request is generated on the host the TPM resides on
257 47 Andreas Steffen
<pre>
258 50 Andreas Steffen
 pki --req --keyid 0x81010004 --dn "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com" --san raspi5.example.com > ak_ecc_req.der
259 47 Andreas Steffen
</pre>
260 49 Andreas Steffen
When you are prompted for a smartcard PIN just press <enter> since this TPM private key is not protected by a PIN. In a second step the CA issues the AIK certificate based on the PKCS#10 certificate request
261 49 Andreas Steffen
<pre>
262 47 Andreas Steffen
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pkcs10 --in ak_ecc_req.der --lifetime 3651 > raspi5_ak_ecc_Cert.der
263 47 Andreas Steffen
</pre>
264 47 Andreas Steffen
265 54 Andreas Steffen
h2. Store the ECC AIK Certificate in the NV RAM of the TPM
266 54 Andreas Steffen
267 55 Andreas Steffen
A TPM 2.0 has a certain amount of Non Volatile Random Access Memory (NV RAM) that can be used to store arbitrary data, e.g. the X.509 certificates matching the persistent keys. IF both the certificates and keys are persisted in the TPM then the system disk of the host can be reformatted at any time without loosing the machine or user credentials.As with smartcards the needed amount of memory must be reserved first so we check the size of the X.509 ECC certificate
268 54 Andreas Steffen
<pre>
269 54 Andreas Steffen
ls -l raspi5_ak_ecc_Cert.der
270 63 Andreas Steffen
-rw-r--r-- 1 root root 449 Feb 17  2017 raspi5_ak_ecc_Cert.der
271 54 Andreas Steffen
</pre>
272 54 Andreas Steffen
273 54 Andreas Steffen
We then define a memory location with a size of 449 bytes that can be accessed via the handle 0x01800004 which is also called the NV index
274 54 Andreas Steffen
<pre>
275 54 Andreas Steffen
tpm2_nvdefine -x 0x01800004 -a 0x40000001 -s 449 -t 0x2000A
276 54 Andreas Steffen
</pre>
277 54 Andreas Steffen
278 54 Andreas Steffen
Then we write the certificate file to the NV RAM destination
279 54 Andreas Steffen
<pre>
280 54 Andreas Steffen
tpm2_nvwrite -x 0x01800004 -a 0x40000001 -f raspi5_ak_ecc_Cert.der
281 54 Andreas Steffen
</pre>
282 54 Andreas Steffen
283 62 Andreas Steffen
h2. List of NV Indexes
284 54 Andreas Steffen
285 62 Andreas Steffen
A list of all defined NV indexes can be obtained with
286 57 Andreas Steffen
287 57 Andreas Steffen
 tpm2_nvlist
288 57 Andreas Steffen
289 55 Andreas Steffen
<pre>
290 54 Andreas Steffen
2 NV indexes defined.
291 54 Andreas Steffen
292 54 Andreas Steffen
  0. NV Index: 0x1500015
293 54 Andreas Steffen
  {
294 54 Andreas Steffen
	Hash algorithm(nameAlg):4
295 54 Andreas Steffen
 	The Index attributes(attributes):0x44040004
296 54 Andreas Steffen
 	The size of the data area(dataSize):4
297 54 Andreas Steffen
   }
298 54 Andreas Steffen
  1. NV Index: 0x1800004
299 54 Andreas Steffen
  {
300 54 Andreas Steffen
	Hash algorithm(nameAlg):11
301 54 Andreas Steffen
 	The Index attributes(attributes):0x2002000a
302 1 Andreas Steffen
 	The size of the data area(dataSize):449
303 1 Andreas Steffen
   }
304 62 Andreas Steffen
</pre>
305 62 Andreas Steffen
306 62 Andreas Steffen
h2. Remove NV Index
307 62 Andreas Steffen
308 62 Andreas Steffen
The memory assigned to a given NV index can be released with the command
309 62 Andreas Steffen
<pre>
310 62 Andreas Steffen
tpm2_nvrelease -x 0x01800001 -a 0x40000001
311 54 Andreas Steffen
</pre>
312 54 Andreas Steffen
313 30 Andreas Steffen
h2. Configure TPM Private Key Access via VICI Interface
314 1 Andreas Steffen
315 23 Andreas Steffen
Configuration of TPM private key access as tokens in the secrets section of *swanctl.conf*
316 1 Andreas Steffen
317 7 Andreas Steffen
 secrets {
318 1 Andreas Steffen
    token_ak_rsa {
319 1 Andreas Steffen
       handle = 81010002
320 46 Andreas Steffen
       pin = 123456
321 1 Andreas Steffen
    }
322 1 Andreas Steffen
    token_ak_ecc {
323 7 Andreas Steffen
       handle = 81010004
324 1 Andreas Steffen
    }
325 1 Andreas Steffen
}
326 46 Andreas Steffen
Since the use of the RSA AK private key is password-protected, the PIN *123456* is added.
327 30 Andreas Steffen
328 30 Andreas Steffen
h2. Define IPsec Connection with RSA AK Client Key
329 30 Andreas Steffen
330 30 Andreas Steffen
This connection configuration in *swanctl.conf* uses the RSA AK certificate for client authentication
331 30 Andreas Steffen
<pre>
332 30 Andreas Steffen
connections {
333 30 Andreas Steffen
   rsa {
334 30 Andreas Steffen
      local_addrs  = 10.10.0.105
335 30 Andreas Steffen
      remote_addrs = 10.10.0.104
336 30 Andreas Steffen
337 30 Andreas Steffen
      local {
338 30 Andreas Steffen
         auth = pubkey 
339 30 Andreas Steffen
         certs = raspi5_ak_rsa_Cert.der
340 30 Andreas Steffen
      }
341 30 Andreas Steffen
      remote {
342 30 Andreas Steffen
         auth = pubkey 
343 30 Andreas Steffen
         id = raspi4.example.com
344 30 Andreas Steffen
      }
345 30 Andreas Steffen
      children {
346 30 Andreas Steffen
         rsa {
347 30 Andreas Steffen
            mode = transport
348 30 Andreas Steffen
            esp_proposals = aes128-sha256-curve25519
349 30 Andreas Steffen
         }
350 30 Andreas Steffen
      }
351 30 Andreas Steffen
      version = 2
352 30 Andreas Steffen
      proposals = aes128-sha256-curve25519
353 30 Andreas Steffen
   }
354 30 Andreas Steffen
}
355 30 Andreas Steffen
</pre>
356 30 Andreas Steffen
357 30 Andreas Steffen
h2. Define IPsec Connection with ECC AK Client Key
358 30 Andreas Steffen
359 58 Andreas Steffen
This connection configuration in *swanctl.conf* references the ECC AK certificate used for client authentication via its handle, i.e. the NV index
360 30 Andreas Steffen
<pre>
361 30 Andreas Steffen
connections {
362 30 Andreas Steffen
   ecc {
363 30 Andreas Steffen
      local_addrs  = 10.10.0.105
364 30 Andreas Steffen
      remote_addrs = 10.10.0.104
365 30 Andreas Steffen
366 30 Andreas Steffen
      local {
367 1 Andreas Steffen
         auth = pubkey
368 58 Andreas Steffen
         cert-tpm {
369 58 Andreas Steffen
            handle = 0x01800004
370 58 Andreas Steffen
         }
371 30 Andreas Steffen
      }
372 30 Andreas Steffen
      remote {
373 30 Andreas Steffen
         auth = pubkey
374 30 Andreas Steffen
         id = raspi4.example.com
375 30 Andreas Steffen
      }
376 30 Andreas Steffen
      children {
377 30 Andreas Steffen
         ecc {
378 30 Andreas Steffen
            mode = transport
379 30 Andreas Steffen
            esp_proposals = aes128-sha256-curve25519
380 30 Andreas Steffen
         }
381 30 Andreas Steffen
      }
382 30 Andreas Steffen
      version = 2
383 30 Andreas Steffen
      proposals = aes128-sha256-curve25519
384 30 Andreas Steffen
   }
385 30 Andreas Steffen
}
386 30 Andreas Steffen
</pre>
387 29 Andreas Steffen
388 29 Andreas Steffen
h2. Starting the strongSwan Daemon
389 29 Andreas Steffen
390 29 Andreas Steffen
<pre>
391 29 Andreas Steffen
systemctl start strongswan-swanctl
392 29 Andreas Steffen
</pre>
393 29 Andreas Steffen
394 29 Andreas Steffen
<pre>
395 44 Andreas Steffen
Feb 19 10:52:01 raspi5 systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
396 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded plugins: charon-systemd charon-systemd random nonce x509 constraints openssl pem pkcs1 pkcs8 pkcs12 pubkey mgf1 ntru curve25519 eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 socket-default kernel-netlink vici tpm
397 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: spawning 16 worker threads
398 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded certificate 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com'
399 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded certificate 'C=US, O=TNC Demo, CN=TNC Demo CA'
400 1 Andreas Steffen
</pre>
401 1 Andreas Steffen
402 59 Andreas Steffen
The RSA AK private key is attached to the *charon-systemd* daemon via the TPM 2.0 resource manager
403 1 Andreas Steffen
<pre>
404 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket:  0xc
405 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client
406 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket:  0xd
407 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client
408 53 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015
409 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
410 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
411 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available
412 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: AIK signature algorithm is RSASSA with SHA256 hash
413 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded RSA private key from token
414 1 Andreas Steffen
F</pre>
415 1 Andreas Steffen
416 59 Andreas Steffen
The ECC AK private key is attached to the *charon-systemd* daemon via the TPM 2.0 resource manager
417 29 Andreas Steffen
<pre>
418 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket:  0x6
419 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client
420 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Accept socket:  0x7
421 44 Andreas Steffen
Feb 19 10:52:01 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client
422 53 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015
423 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
424 44 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
425 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available
426 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: AIK signature algorithm is ECDSA with SHA256 hash
427 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: loaded ECDSA private key from token
428 59 Andreas Steffen
</pre>
429 1 Andreas Steffen
430 59 Andreas Steffen
The ECC AIK certificate is loaded by the *charon-systemd* daemon via the TPM 2.0 resource manager
431 1 Andreas Steffen
<pre>
432 59 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: Accept socket:  0x8
433 59 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client
434 59 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: Accept socket:  0x9
435 59 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client
436 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015
437 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
438 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
439 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 available
440 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: loaded certificate from TPM NV index 0x01800004
441 60 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0x8.
442 60 Andreas Steffen
Feb 19 10:52:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x9
443 59 Andreas Steffen
</pre>
444 59 Andreas Steffen
445 59 Andreas Steffen
The two connection definitions are received by the *charon-systemd* daemon from the *swanctl* command line tool via the VICI interface
446 59 Andreas Steffen
<pre>
447 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]:   id not specified, defaulting to cert subject 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com'
448 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: added vici connection: rsa
449 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]:   id not specified, defaulting to cert subject 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com'
450 44 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: added vici connection: ecc
451 59 Andreas Steffen
</pre>
452 59 Andreas Steffen
453 59 Andreas Steffen
The *swanctl* command line tool reports its actions
454 59 Andreas Steffen
<pre>
455 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_rsa_Cert.der'
456 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509ca/demoCaCert.pem'
457 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded key token_ak_rsa from token [keyid: f49e857dde4e67f5fb870398673f207cf33f2b66]
458 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded key token_ak_ecc from token [keyid: c70e63f87f6ff65500e5057f5a3e6b6ce7d2d513]
459 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded connection 'rsa'
460 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded connection 'ecc'
461 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: successfully loaded 2 connections, 0 unloaded
462 31 Andreas Steffen
</pre>
463 31 Andreas Steffen
464 31 Andreas Steffen
<pre>
465 44 Andreas Steffen
Feb 19 10:52:02 raspi5 systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
466 31 Andreas Steffen
</pre>
467 31 Andreas Steffen
468 31 Andreas Steffen
The following *swanctl* command shows the two loaded connections
469 31 Andreas Steffen
<pre>
470 31 Andreas Steffen
swanctl --list-conns
471 31 Andreas Steffen
</pre>
472 31 Andreas Steffen
473 31 Andreas Steffen
<pre>
474 31 Andreas Steffen
rsa: IKEv2, reauthentication every 10800s, no rekeying
475 31 Andreas Steffen
  local:  10.10.0.105
476 31 Andreas Steffen
  remote: 10.10.0.104
477 31 Andreas Steffen
  local public key authentication:
478 31 Andreas Steffen
    id: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
479 31 Andreas Steffen
    certs: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
480 31 Andreas Steffen
  remote public key authentication:
481 31 Andreas Steffen
    id: raspi4.example.com
482 31 Andreas Steffen
  rsa: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
483 31 Andreas Steffen
    local:  dynamic
484 31 Andreas Steffen
    remote: dynamic
485 31 Andreas Steffen
</pre>
486 31 Andreas Steffen
487 31 Andreas Steffen
<pre>
488 31 Andreas Steffen
ecc: IKEv2, reauthentication every 10800s, no rekeying
489 31 Andreas Steffen
  local:  10.10.0.105
490 31 Andreas Steffen
  remote: 10.10.0.104
491 31 Andreas Steffen
  local public key authentication:
492 31 Andreas Steffen
    id: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
493 31 Andreas Steffen
    certs: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
494 31 Andreas Steffen
  remote public key authentication:
495 31 Andreas Steffen
    id: raspi4.example.com
496 31 Andreas Steffen
  ecc: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
497 31 Andreas Steffen
    local:  dynamic
498 32 Andreas Steffen
    remote: dynamic
499 31 Andreas Steffen
</pre>
500 31 Andreas Steffen
501 31 Andreas Steffen
The loaded certificates can also be displayed
502 31 Andreas Steffen
<pre>
503 31 Andreas Steffen
swanctl --list-certs
504 31 Andreas Steffen
</pre>
505 31 Andreas Steffen
506 31 Andreas Steffen
You can clearly see that the connection between the AK certificates and their matching AK private key has been established (..., has private key)
507 31 Andreas Steffen
<pre>
508 31 Andreas Steffen
List of X.509 End Entity Certificates
509 31 Andreas Steffen
510 31 Andreas Steffen
  subject:  "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
511 31 Andreas Steffen
  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"
512 31 Andreas Steffen
  validity:  not before Feb 19 09:33:43 2017, ok
513 31 Andreas Steffen
             not after  Aug 29 10:33:43 2026, ok (expires in 3477 days)
514 31 Andreas Steffen
  serial:    11:57:33:3e:2a:8e:8a:32
515 31 Andreas Steffen
  altNames:  raspi5.example.com
516 31 Andreas Steffen
  authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
517 31 Andreas Steffen
  subjkeyId: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
518 31 Andreas Steffen
  pubkey:    RSA 2048 bits, has private key
519 31 Andreas Steffen
  keyid:     71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
520 31 Andreas Steffen
  subjkey:   f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
521 31 Andreas Steffen
522 31 Andreas Steffen
  subject:  "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
523 31 Andreas Steffen
  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"
524 31 Andreas Steffen
  validity:  not before Feb 17 23:17:19 2017, ok
525 31 Andreas Steffen
             not after  Aug 30 00:17:19 2026, ok (expires in 3478 days)
526 31 Andreas Steffen
  serial:    52:9d:3e:42:6f:71:63:3d
527 31 Andreas Steffen
  altNames:  raspi5.example.com
528 31 Andreas Steffen
  authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
529 31 Andreas Steffen
  subjkeyId: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
530 31 Andreas Steffen
  pubkey:    ECDSA 256 bits, has private key
531 31 Andreas Steffen
  keyid:     71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
532 31 Andreas Steffen
  subjkey:   c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
533 31 Andreas Steffen
</pre>
534 31 Andreas Steffen
535 31 Andreas Steffen
<pre>
536 31 Andreas Steffen
List of X.509 CA Certificates
537 31 Andreas Steffen
538 31 Andreas Steffen
  subject:  "C=US, O=TNC Demo, CN=TNC Demo CA"
539 1 Andreas Steffen
  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"
540 32 Andreas Steffen
  validity:  not before Aug 31 10:29:27 2016, ok
541 32 Andreas Steffen
             not after  Aug 31 10:29:27 2026, ok (expires in 3479 days)
542 43 Andreas Steffen
  serial:    02:c8:85:e1:ef:fa:8f:20
543 32 Andreas Steffen
  flags:     CA CRLSign self-signed 
544 38 Andreas Steffen
  subjkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
545 32 Andreas Steffen
  pubkey:    ECDSA 256 bits
546 32 Andreas Steffen
  keyid:     a1:b5:e0:29:d0:4c:a7:62:bd:ca:a3:b4:af:18:42:2c:4a:01:55:9a
547 32 Andreas Steffen
  subjkey:   21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
548 32 Andreas Steffen
</pre>
549 32 Andreas Steffen
550 32 Andreas Steffen
h2. IKEv2 Authentication with RSA AIK Certificate
551 32 Andreas Steffen
552 32 Andreas Steffen
With the following *swanctl* command the "rsa" connection is established
553 32 Andreas Steffen
<pre>
554 32 Andreas Steffen
swanctl --initiate --child rsa
555 32 Andreas Steffen
</pre>
556 32 Andreas Steffen
557 32 Andreas Steffen
<pre>
558 45 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: vici initiate 'rsa'
559 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: initiating IKE_SA rsa[1] to 10.10.0.104
560 40 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]
561 40 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes)
562 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes)
563 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ]
564 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received strongSwan vendor ID
565 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
566 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
567 32 Andreas Steffen
</pre>
568 32 Andreas Steffen
569 32 Andreas Steffen
The RSA AK private key stored in the TPM 2.0 is used to generate an *RSA_EMSA_PKCS1_SHA2_256* signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.
570 32 Andreas Steffen
<pre>
571 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
572 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
573 32 Andreas Steffen
</pre>
574 32 Andreas Steffen
<pre>
575 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: establishing CHILD_SA rsa
576 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
577 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (1296 bytes)
578 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
579 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
580 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
581 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]:   using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
582 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]:   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
583 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]:   reached self-signed root ca with a path length of 0
584 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
585 38 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: IKE_SA rsa[1] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
586 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: scheduling reauthentication in 10507s
587 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11587s
588 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: CHILD_SA rsa{1} established with SPIs c23deb9d_i ce48d08e_o and TS 10.10.0.105/32 === 10.10.0.104/32
589 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 10103s, scheduling reauthentication in 9023s
590 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: peer supports MOBIKE
591 32 Andreas Steffen
</pre>
592 32 Andreas Steffen
593 32 Andreas Steffen
The following *swanctl* command shows the established IPsec connection
594 32 Andreas Steffen
<pre>
595 32 Andreas Steffen
 swanctl --list-sas
596 32 Andreas Steffen
</pre>
597 32 Andreas Steffen
<pre>
598 32 Andreas Steffen
rsa: #1, ESTABLISHED, IKEv2, 7ba3b4d06c051ecb_i* 14e1769a8aeb7f28_r
599 32 Andreas Steffen
  local  'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' @ 10.10.0.105[4500]
600 32 Andreas Steffen
  remote 'raspi4.example.com' @ 10.10.0.104[4500]
601 32 Andreas Steffen
  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
602 32 Andreas Steffen
  established 252s ago, reauth in 8771s
603 38 Andreas Steffen
  rsa: #1, reqid 1, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
604 33 Andreas Steffen
    installed 252s ago, rekeying in 3258s, expires in 3708s
605 33 Andreas Steffen
    in  c23deb9d,    640 bytes,    10 packets,     3s ago
606 33 Andreas Steffen
    out ce48d08e,    640 bytes,    10 packets,     3s ago
607 33 Andreas Steffen
    local  10.10.0.105/32
608 33 Andreas Steffen
    remote 10.10.0.104/32
609 33 Andreas Steffen
</pre>
610 33 Andreas Steffen
611 33 Andreas Steffen
With this *swanctl* command the "rsa" connection is terminated
612 33 Andreas Steffen
<pre>
613 33 Andreas Steffen
swanctl --terminate --ike rsa
614 33 Andreas Steffen
</pre>
615 33 Andreas Steffen
616 33 Andreas Steffen
<pre>
617 33 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'rsa'
618 33 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: deleting IKE_SA rsa[1] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
619 43 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA rsa[1]
620 32 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ]
621 38 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes)
622 32 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes)
623 32 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ]
624 33 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: IKE_SA deleted
625 33 Andreas Steffen
</pre>
626 33 Andreas Steffen
627 33 Andreas Steffen
h2. IKEv2 Authentication with ECC AIK Certificate
628 33 Andreas Steffen
629 33 Andreas Steffen
Next we initiate the "ecc" connection
630 33 Andreas Steffen
<pre>
631 33 Andreas Steffen
swanctl --initiate --child ecc
632 33 Andreas Steffen
</pre>
633 33 Andreas Steffen
634 33 Andreas Steffen
<pre>
635 45 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: vici initiate 'ecc'
636 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: initiating IKE_SA ecc[2] to 10.10.0.104
637 40 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]
638 40 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes)
639 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes)
640 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ]
641 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received strongSwan vendor ID
642 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
643 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
644 33 Andreas Steffen
</pre>
645 33 Andreas Steffen
646 33 Andreas Steffen
The ECC AK private key stored in the TPM 2.0 is used to generate an *ECDSA_WITH_SHA256_DER* signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.
647 33 Andreas Steffen
<pre>
648 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' (myself) with ECDSA_WITH_SHA256_DER successful
649 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
650 33 Andreas Steffen
</pre>
651 33 Andreas Steffen
<pre>
652 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: establishing CHILD_SA ecc
653 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
654 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (912 bytes)
655 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
656 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
657 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
658 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]:   using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
659 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]:   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
660 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]:   reached self-signed root ca with a path length of 0
661 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
662 39 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: IKE_SA ecc[2] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
663 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: scheduling reauthentication in 10180s
664 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11260s
665 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: CHILD_SA ecc{2} established with SPIs c2c16cd0_i c47ea6f6_o and TS 10.10.0.105/32 === 10.10.0.104/32
666 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 9880s, scheduling reauthentication in 8800s
667 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: peer supports MOBIKE
668 33 Andreas Steffen
</pre>
669 33 Andreas Steffen
670 33 Andreas Steffen
The establed IKE and CHILD SAs are displayed
671 33 Andreas Steffen
<pre>
672 33 Andreas Steffen
 swanctl --list-sas
673 33 Andreas Steffen
</pre>
674 33 Andreas Steffen
<pre>
675 33 Andreas Steffen
ecc: #2, ESTABLISHED, IKEv2, b7f2652777b0996a_i* 12282b5964ff0658_r
676 1 Andreas Steffen
  local  'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' @ 10.10.0.105[4500]
677 1 Andreas Steffen
  remote 'raspi4.example.com' @ 10.10.0.104[4500]
678 34 Andreas Steffen
  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
679 34 Andreas Steffen
  established 126s ago, reauth in 8674s
680 39 Andreas Steffen
  ecc: #2, reqid 2, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
681 34 Andreas Steffen
    installed 126s ago, rekeying in 3252s, expires in 3834s
682 34 Andreas Steffen
    in  c2c16cd0,    320 bytes,     5 packets,     2s ago
683 34 Andreas Steffen
    out c47ea6f6,    320 bytes,     5 packets,     2s ago
684 34 Andreas Steffen
    local  10.10.0.105/32
685 34 Andreas Steffen
    remote 10.10.0.104/32
686 34 Andreas Steffen
</pre>
687 34 Andreas Steffen
688 34 Andreas Steffen
The IKE and CHILD SAs are terminated
689 34 Andreas Steffen
<pre>
690 34 Andreas Steffen
swanctl --terminate --ike ecc
691 34 Andreas Steffen
</pre>
692 34 Andreas Steffen
693 34 Andreas Steffen
<pre>
694 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'ecc'
695 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: deleting IKE_SA ecc[2] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
696 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA ecc[2]
697 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ]
698 39 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes)
699 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes)
700 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ]
701 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: IKE_SA deleted
702 1 Andreas Steffen
</pre>
703 39 Andreas Steffen
704 34 Andreas Steffen
h2. Stopping the strongSwan Daemon
705 34 Andreas Steffen
706 34 Andreas Steffen
Stop the *strongswan-swanctl* systemd service
707 34 Andreas Steffen
<pre>
708 1 Andreas Steffen
systemctl stop strongswan-swanctl
709 38 Andreas Steffen
</pre>
710 39 Andreas Steffen
711 34 Andreas Steffen
The strongSwan daemon is stopped
712 34 Andreas Steffen
<pre>
713 34 Andreas Steffen
Feb 19 11:06:02 raspi5 systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
714 34 Andreas Steffen
Feb 19 11:06:02 raspi5 charon-systemd[21165]: SIGTERM received, shutting down
715 34 Andreas Steffen
Feb 19 11:06:02 raspi5 systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
716 29 Andreas Steffen
</pre>
717 1 Andreas Steffen
718 1 Andreas Steffen
The two TPM sockets attaching the RSA and ECC AK private keys via the TPM 2.0 resource managers are released
719 1 Andreas Steffen
<pre>
720 1 Andreas Steffen
Feb 19 11:06:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0x7.
721 1 Andreas Steffen
Feb 19 11:06:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0x6.
722 1 Andreas Steffen
Feb 19 11:06:02 raspi5 resourcemgr[531]: TpmCmdServer died (TPM CMD), rval: 0x00000000, socket: 0xd.
723 1 Andreas Steffen
Feb 19 11:06:02 raspi5 resourcemgr[531]: OtherCmdServer died (Other CMD), socket: 0xc.
724 1 Andreas Steffen
</pre>