Project

General

Profile

Trusted Platform Module 2.0 » History » Version 79

Andreas Steffen, 01.07.2019 17:12

1 17 Andreas Steffen
h1. Trusted Platform Module 2.0
2 1 Andreas Steffen
3 6 Andreas Steffen
{{>toc}}
4 6 Andreas Steffen
5 51 Andreas Steffen
h2. Connect to a TPM 2.0 Device
6 1 Andreas Steffen
7 51 Andreas Steffen
h3. Install the TSS2 Software Stack and tpm2 Tools
8 51 Andreas Steffen
9 69 Andreas Steffen
In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 software stack developed by Intel is needed. Because the official Ubuntu *tpm2-tss* package is rather outdated (e.g. since version 0.98 the TCTI interface to the TPM 2.0 resource manager has changed several times), strongSwan is currently based on a recent stable version directly drawn from the git repository. Currently we recommend the following package combination:
10 1 Andreas Steffen
11 1 Andreas Steffen
*strongswan-5.7.0 and newer:*
12 1 Andreas Steffen
13 1 Andreas Steffen
* *tpm2-tss* version 2.1.0: https://github.com/tpm2-software/tpm2-tss/releases/tag/2.1.0
14 1 Andreas Steffen
15 1 Andreas Steffen
* *tpm2-tools* version 3.1.0: https://github.com/tpm2-software/tpm2-tools/releases/tag/3.1.0
16 1 Andreas Steffen
17 1 Andreas Steffen
* If the in-kernel */dev/tpmrm0* resource manager exists on your Linux platform (usually running a 4.12 kernel or newer) then the presence of the */dev/tpmrm0* device is automatically detected by strongSwan and no external TPM 2.0 access broker and resource manager is needed. Otherwise install *tpm2-abrmd* and start it as a systemd service in the background: 
18 1 Andreas Steffen
19 1 Andreas Steffen
* *tpm2-abrmd* version 2.0.0: https://github.com/tpm2-software/tpm2-abrmd/releases/tag/2.0.0
20 79 Andreas Steffen
21 79 Andreas Steffen
*strongswan-5.6.3 and earlier:*
22 79 Andreas Steffen
23 79 Andreas Steffen
* *tpm2-tss* version 1.3.0: https://github.com/tpm2-software/tpm2-tss/releases/tag/1.3.0
24 79 Andreas Steffen
25 79 Andreas Steffen
* *tpm2-abrmd* version 1.2.0: https://github.com/tpm2-software/tpm2-abrmd/releases/tag/1.2.0
26 79 Andreas Steffen
27 79 Andreas Steffen
* *tpm2-tools* version 3.0.2: https://github.com/tpm2-software/tpm2-tools/releases/tag/3.0.2
28 79 Andreas Steffen
29 79 Andreas Steffen
* Build and install the *tpm2-tss* TSS stack, the *tpm2-abrmd* access broker & resource management daemon, as well as the *tpm2.0-tools*. Start *tpm2-abrmd* as a systemd service in the background.
30 71 Andreas Steffen
31 71 Andreas Steffen
As a test to connect to the TPM 2.0 by listing e.g. the contents of the SHA-1 bank of PCR registers
32 7 Andreas Steffen
   
33 75 Andreas Steffen
 tpm2_pcrlist -g sha1
34 3 Andreas Steffen
35 18 Andreas Steffen
<pre>
36 18 Andreas Steffen
Bank/Algorithm: TPM_ALG_SHA1(0x0004)
37 3 Andreas Steffen
PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
38 3 Andreas Steffen
PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
39 3 Andreas Steffen
PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
40 3 Andreas Steffen
PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
41 3 Andreas Steffen
PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
42 3 Andreas Steffen
PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
43 3 Andreas Steffen
PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
44 3 Andreas Steffen
PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
45 3 Andreas Steffen
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
46 3 Andreas Steffen
PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
47 3 Andreas Steffen
PCR_10: a9 45 e7 0f 42 a2 79 f0 78 ca d4 64 60 39 39 da 9d 6a d1 a5
48 3 Andreas Steffen
PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
49 3 Andreas Steffen
PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
50 3 Andreas Steffen
PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
51 3 Andreas Steffen
PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
52 3 Andreas Steffen
PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
53 3 Andreas Steffen
PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
54 3 Andreas Steffen
PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
55 3 Andreas Steffen
PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
56 3 Andreas Steffen
PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
57 3 Andreas Steffen
PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
58 1 Andreas Steffen
PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
59 1 Andreas Steffen
PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
60 1 Andreas Steffen
PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
61 18 Andreas Steffen
</pre>
62 1 Andreas Steffen
63 76 Andreas Steffen
A manual showing all *tpm2-tools* functions with their arguments can be found "here":https://github.com/tpm2-software/tpm2-tools/tree/3.1.0/man.
64 51 Andreas Steffen
65 51 Andreas Steffen
h3. Enable the strongSwan tpm Plugin
66 51 Andreas Steffen
67 51 Andreas Steffen
The strongSwan libtpmtss *tpm* plugin and the TSS2 interface are enabled and built with the following options
68 51 Andreas Steffen
69 78 Jean-François Hren
  ./configure --enable-tss-tss2 --enable-tpm  ...
70 7 Andreas Steffen
71 7 Andreas Steffen
h2. TPM 2.0 Algorithm IDs
72 7 Andreas Steffen
73 8 Andreas Steffen
h3. Hash Algorithms
74 8 Andreas Steffen
75 7 Andreas Steffen
|0x0004 |SHA-1     |
76 7 Andreas Steffen
|0x000B |SHA-2_256 |
77 7 Andreas Steffen
|0x000C |SHA-2_384 |
78 1 Andreas Steffen
|0x000D |SHA-2_512 |
79 7 Andreas Steffen
80 28 Andreas Steffen
Currently available TPM 2.0 devices like the Infineon *Optiga SLB 9670 VQ2.0* hardware TPM or Intel's *PTT* firmware TPM integrated into the Management Engine starting with the 4th generation (Haswell) of the *Core* processor family, support the *SHA-1* and *SHA-2_256* algorithms.
81 1 Andreas Steffen
82 8 Andreas Steffen
h3. Public Key Types
83 8 Andreas Steffen
84 8 Andreas Steffen
|0x0001 |RSA |
85 8 Andreas Steffen
|0x0023 |ECC |
86 1 Andreas Steffen
87 22 Andreas Steffen
Currently RSA keys have a modulus size of 2048 bits and ECC keys are based on the 256 bit NIST curve.
88 22 Andreas Steffen
89 11 Andreas Steffen
h3. Signature Schemes
90 11 Andreas Steffen
91 11 Andreas Steffen
|0x0014 |RSASSA |
92 11 Andreas Steffen
|0x0016 |RSAPSS |
93 9 Andreas Steffen
|0x0018 |ECDSA  |
94 64 Andreas Steffen
95 66 Andreas Steffen
h2. TPM 2.0 Attributes
96 66 Andreas Steffen
97 64 Andreas Steffen
h3. Object Attributes
98 64 Andreas Steffen
99 64 Andreas Steffen
|0x00002 |fixedTPM             |
100 64 Andreas Steffen
|0x00004 |stClear              |
101 64 Andreas Steffen
|0x00010 |fixedParent          |
102 64 Andreas Steffen
|0x00020 |sensitiveDataOrigin  |
103 64 Andreas Steffen
|0x00040 |userWithAuth         |
104 64 Andreas Steffen
|0x00080 |adminWithPolicy      |
105 64 Andreas Steffen
|0x00400 |noDA                 |
106 64 Andreas Steffen
|0x00800 |encryptedDuplication |
107 64 Andreas Steffen
|0x10000 |restricted           |
108 64 Andreas Steffen
|0x20000 |decrypt              |
109 64 Andreas Steffen
|0x40000 |sign                 |
110 64 Andreas Steffen
111 65 Andreas Steffen
h3. NV Index Attributes
112 65 Andreas Steffen
113 65 Andreas Steffen
|0x00000001 |NV_PPWRITE        |
114 65 Andreas Steffen
|0x00000002 |NV_OWNERWRITE     |
115 65 Andreas Steffen
|0x00000004 |NV_AUTHWRITE      |
116 65 Andreas Steffen
|0x00000008 |NV_POLICYWRITE    |
117 65 Andreas Steffen
|0x000000F0 |NT                |
118 65 Andreas Steffen
|0x00000400 |NV_POLICY_DELETE  |
119 65 Andreas Steffen
|0x00000800 |NV_WRITELOCKED    |
120 65 Andreas Steffen
|0x00001000 |NV_WRITEALL       |
121 65 Andreas Steffen
|0x00002000 |NV_WRITEDEFINE    |
122 65 Andreas Steffen
|0x00004000 |NV_WRITE_STCLEAR  |
123 65 Andreas Steffen
|0x00008000 |NV_GLOBALLOCK     |
124 65 Andreas Steffen
|0x00010000 |NV_PPEREAD        |
125 65 Andreas Steffen
|0x00020000 |NV_OWNERREAD      |
126 65 Andreas Steffen
|0x00040000 |NV_AUTHREAD       |
127 65 Andreas Steffen
|0x00080000 |NV_POLICYREAD     |
128 65 Andreas Steffen
|0x02000000 |NV_NO_DA          |
129 65 Andreas Steffen
|0x04000000 |NV_ORDERLY        |
130 65 Andreas Steffen
|0x08000000 |NV_CLEAR_STCLEAR  |
131 65 Andreas Steffen
|0x10000000 |NV_READLOCKED     |
132 65 Andreas Steffen
|0x20000000 |NV_WRITTEN        |
133 65 Andreas Steffen
|0x40000000 |NV_PLATFORMCREATE |
134 65 Andreas Steffen
|0x80000000 |NV_READ_STCLEAR   |
135 64 Andreas Steffen
136 20 Andreas Steffen
h2. Derive a Persistent RSA Endorsement Key
137 1 Andreas Steffen
138 25 Andreas Steffen
The following tpm2-tools command derives a 2048 bit RSA Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010001
139 11 Andreas Steffen
140 24 Andreas Steffen
 tpm2_getpubek -H 0x81010001 -g 0x0001 -f ek_rsa.pub
141 9 Andreas Steffen
142 27 Andreas Steffen
The EK public key stored in the ek_rsa.pub file is encoded in a TPM 2.0 proprietary format but the key can be exported from the TPM in the regular PKCS#1 format using the *pki* tool
143 9 Andreas Steffen
144 50 Andreas Steffen
 pki --pub --keyid 0x81010001 --outform pem > ek_rsa_pub.pem
145 9 Andreas Steffen
146 9 Andreas Steffen
The fingerprint of the RSA EK public key can be displayed with the command
147 9 Andreas Steffen
148 9 Andreas Steffen
 pki --print --type pub --in ek_rsa_pub.pem
149 9 Andreas Steffen
  pubkey:    RSA 2048 bits
150 9 Andreas Steffen
  keyid:     d1:f1:49:84:36:44:e6:8c:d2:a6:69:ee:fd:b5:7d:56:2f:39:ff:58
151 1 Andreas Steffen
  subjkey:   c1:1b:8e:f1:c7:f8:8a:1e:9a:dd:7e:82:2f:7a:a3:f5:c0:e2:4d:7d
152 1 Andreas Steffen
153 20 Andreas Steffen
h2. Generate a Persistent RSA Attestation Key
154 11 Andreas Steffen
155 12 Andreas Steffen
A 2048 bit RSA Attestation Key (AK) bound to the EK with handle 0x81010001 can be created and made persistent under the handle 0x81010002 with the following tpm2-tools command
156 1 Andreas Steffen
157 46 Andreas Steffen
 tpm2_getpubak -E 0x81010001 -g 0x0001 -D 0x000B -s 0x0014 -k 0x81010002 -P 123456 -f ak_rsa2.pub -n ak_rsa2.name
158 12 Andreas Steffen
159 46 Andreas Steffen
This AK key is protected by the PIN (-P parameter) *123456*. The AK public key can now be exported in PKCS#1 format from the TPM using the *pki* tool
160 12 Andreas Steffen
161 50 Andreas Steffen
 pki --pub --keyid 0x81010002 --outform pem > ak_rsa_pub.pem
162 12 Andreas Steffen
163 12 Andreas Steffen
The fingerprint of the RSA AK public key can be displayed with the command
164 12 Andreas Steffen
165 12 Andreas Steffen
 pki --print --type pub --in ak_rsa_pub.pem
166 12 Andreas Steffen
  pubkey:    RSA 2048 bits
167 12 Andreas Steffen
  keyid:     71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
168 12 Andreas Steffen
  subjkey:   f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
169 11 Andreas Steffen
170 20 Andreas Steffen
h2. Derive a Persistent ECC Endorsement Key
171 1 Andreas Steffen
172 25 Andreas Steffen
The following tpm2-tools command derives a 256 bit ECC Endorsement Key (EK) in a deterministic way from the secret _Endorsement Primary Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010003:
173 1 Andreas Steffen
174 24 Andreas Steffen
 tpm2_getpubek -H 0x81010003 -g 0x0023 -f ek_ecc.pub
175 9 Andreas Steffen
176 67 Andreas Steffen
Without exporting the public key first the fingerprint of the ECC EK private key can be directly displayed with the command
177 9 Andreas Steffen
178 67 Andreas Steffen
 pki --print --type priv --keyid 0x81010003
179 9 Andreas Steffen
  pubkey:    ECDSA 256 bits
180 9 Andreas Steffen
  keyid:     7f:39:ca:e6:83:9b:a9:06:97:40:27:6a:e1:bf:8f:f5:9f:d3:a5:31
181 9 Andreas Steffen
  subjkey:   8b:43:4d:5e:5e:7b:ff:c2:54:4d:ef:88:cb:0c:7c:47:75:28:4d:09
182 9 Andreas Steffen
183 20 Andreas Steffen
h2. Generate a Persistent ECC Attestation Key
184 13 Andreas Steffen
185 13 Andreas Steffen
A 256 bit ECC Attestation Key (AK) bound to the EK with handle 0x81010003 can be created and made persistent under the handle 0x81010004 with the following tpm2-tools command
186 13 Andreas Steffen
187 15 Andreas Steffen
 tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010004 -f ak_ecc4.pub -n ak_ecc4.name
188 13 Andreas Steffen
189 13 Andreas Steffen
The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool
190 13 Andreas Steffen
191 50 Andreas Steffen
 pki --pub --keyid 0x81010004 > ak_ecc_pub.der
192 13 Andreas Steffen
193 52 Andreas Steffen
The fingerprint of the ECC AK public key can be displayed with the command
194 13 Andreas Steffen
195 14 Andreas Steffen
 pki --print --type pub --in ak_ecc_pub.der
196 1 Andreas Steffen
  pubkey:    ECDSA 256 bits
197 1 Andreas Steffen
  keyid:     71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
198 1 Andreas Steffen
  subjkey:   c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
199 15 Andreas Steffen
200 20 Andreas Steffen
h2. Generate Another ECC Attestation Key
201 15 Andreas Steffen
202 15 Andreas Steffen
Multiple AK keys bound to a common EK key can be generated
203 15 Andreas Steffen
204 15 Andreas Steffen
 tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010005 -f ak_ecc5.pub -n ak_ecc5.name
205 15 Andreas Steffen
206 68 Andreas Steffen
The fingerprint of the second ECC AK private key can be displayed with the command
207 15 Andreas Steffen
208 68 Andreas Steffen
 pki --print --type priv --in 0x81010005
209 15 Andreas Steffen
  pubkey:    ECDSA 256 bits
210 15 Andreas Steffen
  keyid:     c4:b4:9c:95:27:9e:ce:81:2f:98:42:c8:1b:f0:54:ff:d4:d1:24:34
211 15 Andreas Steffen
  subjkey:   cf:44:f4:f7:9d:97:09:ad:b1:09:3a:8e:6f:23:eb:9f:2c:35:94:c9
212 15 Andreas Steffen
213 19 Andreas Steffen
h2. Remove a Persistent Key Object
214 15 Andreas Steffen
215 15 Andreas Steffen
Since the non-volatile memory of the TPM is limited any persistent key object can be removed to free storage space.
216 15 Andreas Steffen
The following tpm2-tools command removes the ECC AK key with persistent handle 0x81010005
217 15 Andreas Steffen
218 1 Andreas Steffen
 tpm2_evictcontrol -A o -H 0x81010005 -S 0x81010005
219 18 Andreas Steffen
220 18 Andreas Steffen
h2. List Persistent Objects
221 18 Andreas Steffen
222 18 Andreas Steffen
The following tpm2-tools command lists all persistent objects stored by the TPM in non-volatile memory
223 18 Andreas Steffen
224 18 Andreas Steffen
 tpm2_listpersistent
225 18 Andreas Steffen
226 18 Andreas Steffen
<pre>
227 18 Andreas Steffen
6 persistent objects defined.
228 18 Andreas Steffen
229 18 Andreas Steffen
0. Persistent handle: 0x81000001
230 18 Andreas Steffen
{
231 18 Andreas Steffen
        Type: 0x23
232 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
233 18 Andreas Steffen
        Attributes: 0x30072
234 18 Andreas Steffen
}
235 18 Andreas Steffen
1. Persistent handle: 0x81000002
236 18 Andreas Steffen
{
237 18 Andreas Steffen
        Type: 0x23
238 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
239 18 Andreas Steffen
        Attributes: 0x60072
240 18 Andreas Steffen
}
241 18 Andreas Steffen
2. Persistent handle: 0x81010001
242 18 Andreas Steffen
{
243 18 Andreas Steffen
        Type: 0x1
244 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
245 18 Andreas Steffen
        Attributes: 0x300b2
246 18 Andreas Steffen
}
247 18 Andreas Steffen
3. Persistent handle: 0x81010002
248 18 Andreas Steffen
{
249 18 Andreas Steffen
        Type: 0x1
250 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
251 18 Andreas Steffen
        Attributes: 0x50072
252 18 Andreas Steffen
}
253 18 Andreas Steffen
4. Persistent handle: 0x81010003
254 18 Andreas Steffen
{
255 18 Andreas Steffen
        Type: 0x23
256 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
257 18 Andreas Steffen
        Attributes: 0x300b2
258 18 Andreas Steffen
}
259 18 Andreas Steffen
5. Persistent handle: 0x81010004
260 18 Andreas Steffen
{
261 18 Andreas Steffen
        Type: 0x23
262 18 Andreas Steffen
        Hash algorithm(nameAlg): 0xb
263 18 Andreas Steffen
        Attributes: 0x50072
264 18 Andreas Steffen
}
265 18 Andreas Steffen
</pre>
266 13 Andreas Steffen
267 41 Andreas Steffen
h2. Create a Demo Root CA
268 41 Andreas Steffen
269 41 Andreas Steffen
The following *pki* command creates a 256 bit ECDSA private key for the Demo CA
270 41 Andreas Steffen
<pre>
271 41 Andreas Steffen
pki --gen --type ecdsa --size 256 --outform pem > demoCaKey.pem
272 41 Andreas Steffen
</pre>
273 41 Andreas Steffen
274 41 Andreas Steffen
Next we create a self-signed Root CA certificate
275 41 Andreas Steffen
<pre>
276 41 Andreas Steffen
pki --self --ca --type ecdsa --in demoCaKey.pem --dn="C=US, O=TNC Demo, CN=TNC Demo CA" --lifetime 3652 --outform pem > demoCaCert.pem
277 41 Andreas Steffen
</pre>
278 41 Andreas Steffen
279 42 Andreas Steffen
h2. Issue an RSA AIK Certificate
280 41 Andreas Steffen
281 42 Andreas Steffen
Based on the RSA AK public key exported from the TPM, the following *pki* command generates an Attestation Identity Key (AIK) certificate signed by the Demo CA
282 41 Andreas Steffen
<pre>
283 41 Andreas Steffen
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pub --in ak_rsa_pub.der --dn "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com" --san raspi5.example.com --lifetime 3651 > raspi5_ak_rsa_Cert.der
284 41 Andreas Steffen
</pre>
285 41 Andreas Steffen
286 42 Andreas Steffen
h2. Issue an ECC AIK Certificate
287 41 Andreas Steffen
288 42 Andreas Steffen
Based on the ECC AK public key exported from the TPM, the following *pki* command generates an Attestation Identity Key (AIK) certificate signed by the Demo CA
289 41 Andreas Steffen
<pre>
290 41 Andreas Steffen
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pub --in ak_ecc_pub.der --dn "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com" --san raspi5.example.com --lifetime 3651 > raspi5_ak_ecc_Cert.der
291 41 Andreas Steffen
</pre>
292 47 Andreas Steffen
293 49 Andreas Steffen
Many certification authorities issue certificates based on PKCS#10 certificate requests. This approach is also possible. First a certificate request is generated on the host the TPM resides on
294 47 Andreas Steffen
<pre>
295 50 Andreas Steffen
 pki --req --keyid 0x81010004 --dn "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com" --san raspi5.example.com > ak_ecc_req.der
296 47 Andreas Steffen
</pre>
297 49 Andreas Steffen
When you are prompted for a smartcard PIN just press <enter> since this TPM private key is not protected by a PIN. In a second step the CA issues the AIK certificate based on the PKCS#10 certificate request
298 49 Andreas Steffen
<pre>
299 47 Andreas Steffen
pki --issue --cacert demoCaCert.pem --cakey demoCaKey.pem --type pkcs10 --in ak_ecc_req.der --lifetime 3651 > raspi5_ak_ecc_Cert.der
300 47 Andreas Steffen
</pre>
301 47 Andreas Steffen
302 54 Andreas Steffen
h2. Store the ECC AIK Certificate in the NV RAM of the TPM
303 54 Andreas Steffen
304 55 Andreas Steffen
A TPM 2.0 has a certain amount of Non Volatile Random Access Memory (NV RAM) that can be used to store arbitrary data, e.g. the X.509 certificates matching the persistent keys. IF both the certificates and keys are persisted in the TPM then the system disk of the host can be reformatted at any time without loosing the machine or user credentials.As with smartcards the needed amount of memory must be reserved first so we check the size of the X.509 ECC certificate
305 54 Andreas Steffen
<pre>
306 54 Andreas Steffen
ls -l raspi5_ak_ecc_Cert.der
307 63 Andreas Steffen
-rw-r--r-- 1 root root 449 Feb 17  2017 raspi5_ak_ecc_Cert.der
308 54 Andreas Steffen
</pre>
309 54 Andreas Steffen
310 54 Andreas Steffen
We then define a memory location with a size of 449 bytes that can be accessed via the handle 0x01800004 which is also called the NV index
311 54 Andreas Steffen
<pre>
312 54 Andreas Steffen
tpm2_nvdefine -x 0x01800004 -a 0x40000001 -s 449 -t 0x2000A
313 54 Andreas Steffen
</pre>
314 54 Andreas Steffen
315 54 Andreas Steffen
Then we write the certificate file to the NV RAM destination
316 54 Andreas Steffen
<pre>
317 70 Andreas Steffen
tpm2_nvwrite -x 0x01800004 -a 0x40000001 raspi5_ak_ecc_Cert.der
318 54 Andreas Steffen
</pre>
319 54 Andreas Steffen
320 62 Andreas Steffen
h2. List of NV Indexes
321 54 Andreas Steffen
322 62 Andreas Steffen
A list of all defined NV indexes can be obtained with
323 57 Andreas Steffen
324 57 Andreas Steffen
 tpm2_nvlist
325 57 Andreas Steffen
326 55 Andreas Steffen
<pre>
327 54 Andreas Steffen
2 NV indexes defined.
328 54 Andreas Steffen
329 54 Andreas Steffen
  0. NV Index: 0x1500015
330 54 Andreas Steffen
  {
331 54 Andreas Steffen
	Hash algorithm(nameAlg):4
332 54 Andreas Steffen
 	The Index attributes(attributes):0x44040004
333 54 Andreas Steffen
 	The size of the data area(dataSize):4
334 54 Andreas Steffen
   }
335 54 Andreas Steffen
  1. NV Index: 0x1800004
336 54 Andreas Steffen
  {
337 54 Andreas Steffen
	Hash algorithm(nameAlg):11
338 54 Andreas Steffen
 	The Index attributes(attributes):0x2002000a
339 1 Andreas Steffen
 	The size of the data area(dataSize):449
340 1 Andreas Steffen
   }
341 62 Andreas Steffen
</pre>
342 62 Andreas Steffen
343 62 Andreas Steffen
h2. Remove NV Index
344 62 Andreas Steffen
345 62 Andreas Steffen
The memory assigned to a given NV index can be released with the command
346 62 Andreas Steffen
<pre>
347 62 Andreas Steffen
tpm2_nvrelease -x 0x01800001 -a 0x40000001
348 54 Andreas Steffen
</pre>
349 54 Andreas Steffen
350 30 Andreas Steffen
h2. Configure TPM Private Key Access via VICI Interface
351 1 Andreas Steffen
352 23 Andreas Steffen
Configuration of TPM private key access as tokens in the secrets section of *swanctl.conf*
353 1 Andreas Steffen
354 7 Andreas Steffen
 secrets {
355 1 Andreas Steffen
    token_ak_rsa {
356 1 Andreas Steffen
       handle = 81010002
357 46 Andreas Steffen
       pin = 123456
358 1 Andreas Steffen
    }
359 1 Andreas Steffen
    token_ak_ecc {
360 7 Andreas Steffen
       handle = 81010004
361 1 Andreas Steffen
    }
362 1 Andreas Steffen
}
363 46 Andreas Steffen
Since the use of the RSA AK private key is password-protected, the PIN *123456* is added.
364 30 Andreas Steffen
365 30 Andreas Steffen
h2. Define IPsec Connection with RSA AK Client Key
366 30 Andreas Steffen
367 30 Andreas Steffen
This connection configuration in *swanctl.conf* uses the RSA AK certificate for client authentication
368 30 Andreas Steffen
<pre>
369 30 Andreas Steffen
connections {
370 30 Andreas Steffen
   rsa {
371 30 Andreas Steffen
      local_addrs  = 10.10.0.105
372 30 Andreas Steffen
      remote_addrs = 10.10.0.104
373 30 Andreas Steffen
374 30 Andreas Steffen
      local {
375 30 Andreas Steffen
         auth = pubkey 
376 30 Andreas Steffen
         certs = raspi5_ak_rsa_Cert.der
377 30 Andreas Steffen
      }
378 30 Andreas Steffen
      remote {
379 30 Andreas Steffen
         auth = pubkey 
380 30 Andreas Steffen
         id = raspi4.example.com
381 30 Andreas Steffen
      }
382 30 Andreas Steffen
      children {
383 30 Andreas Steffen
         rsa {
384 30 Andreas Steffen
            mode = transport
385 30 Andreas Steffen
            esp_proposals = aes128-sha256-curve25519
386 30 Andreas Steffen
         }
387 30 Andreas Steffen
      }
388 30 Andreas Steffen
      version = 2
389 30 Andreas Steffen
      proposals = aes128-sha256-curve25519
390 30 Andreas Steffen
   }
391 30 Andreas Steffen
}
392 30 Andreas Steffen
</pre>
393 30 Andreas Steffen
394 30 Andreas Steffen
h2. Define IPsec Connection with ECC AK Client Key
395 30 Andreas Steffen
396 58 Andreas Steffen
This connection configuration in *swanctl.conf* references the ECC AK certificate used for client authentication via its handle, i.e. the NV index
397 30 Andreas Steffen
<pre>
398 30 Andreas Steffen
connections {
399 30 Andreas Steffen
   ecc {
400 30 Andreas Steffen
      local_addrs  = 10.10.0.105
401 30 Andreas Steffen
      remote_addrs = 10.10.0.104
402 30 Andreas Steffen
403 30 Andreas Steffen
      local {
404 1 Andreas Steffen
         auth = pubkey
405 58 Andreas Steffen
         cert-tpm {
406 58 Andreas Steffen
            handle = 0x01800004
407 58 Andreas Steffen
         }
408 30 Andreas Steffen
      }
409 30 Andreas Steffen
      remote {
410 30 Andreas Steffen
         auth = pubkey
411 30 Andreas Steffen
         id = raspi4.example.com
412 30 Andreas Steffen
      }
413 30 Andreas Steffen
      children {
414 30 Andreas Steffen
         ecc {
415 30 Andreas Steffen
            mode = transport
416 30 Andreas Steffen
            esp_proposals = aes128-sha256-curve25519
417 30 Andreas Steffen
         }
418 30 Andreas Steffen
      }
419 30 Andreas Steffen
      version = 2
420 30 Andreas Steffen
      proposals = aes128-sha256-curve25519
421 30 Andreas Steffen
   }
422 30 Andreas Steffen
}
423 30 Andreas Steffen
</pre>
424 29 Andreas Steffen
425 29 Andreas Steffen
h2. Starting the strongSwan Daemon
426 29 Andreas Steffen
427 29 Andreas Steffen
<pre>
428 29 Andreas Steffen
systemctl start strongswan-swanctl
429 29 Andreas Steffen
</pre>
430 29 Andreas Steffen
431 29 Andreas Steffen
<pre>
432 44 Andreas Steffen
Feb 19 10:52:01 raspi5 systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
433 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded plugins: charon-systemd charon-systemd random nonce x509 constraints openssl pem pkcs1 pkcs8 pkcs12 pubkey mgf1 ntru curve25519 eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 socket-default kernel-netlink vici tpm
434 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: spawning 16 worker threads
435 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded certificate 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com'
436 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded certificate 'C=US, O=TNC Demo, CN=TNC Demo CA'
437 1 Andreas Steffen
</pre>
438 1 Andreas Steffen
439 59 Andreas Steffen
The RSA AK private key is attached to the *charon-systemd* daemon via the TPM 2.0 resource manager
440 1 Andreas Steffen
<pre>
441 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015
442 53 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
443 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
444 73 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 v2 available
445 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: AIK signature algorithm is RSASSA with SHA256 hash
446 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: loaded RSA private key from token
447 1 Andreas Steffen
F</pre>
448 1 Andreas Steffen
449 1 Andreas Steffen
The ECC AK private key is attached to the *charon-systemd* daemon via the TPM 2.0 resource manager
450 44 Andreas Steffen
<pre>
451 44 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015
452 53 Andreas Steffen
Feb 19 10:52:01 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
453 44 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
454 73 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 v2 available
455 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: AIK signature algorithm is ECDSA with SHA256 hash
456 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: loaded ECDSA private key from token
457 1 Andreas Steffen
</pre>
458 59 Andreas Steffen
459 59 Andreas Steffen
The ECC AIK certificate is loaded by the *charon-systemd* daemon via the TPM 2.0 resource manager
460 59 Andreas Steffen
<pre>
461 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - manufacturer: IFX (SLB9670) rev: 01.16 2015
462 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB
463 59 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
464 73 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: TPM 2.0 via TSS2 v2 available
465 60 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: loaded certificate from TPM NV index 0x01800004
466 59 Andreas Steffen
</pre>
467 59 Andreas Steffen
468 59 Andreas Steffen
The two connection definitions are received by the *charon-systemd* daemon from the *swanctl* command line tool via the VICI interface
469 59 Andreas Steffen
<pre>
470 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]:   id not specified, defaulting to cert subject 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com'
471 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: added vici connection: rsa
472 1 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]:   id not specified, defaulting to cert subject 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com'
473 44 Andreas Steffen
Feb 19 10:52:02 raspi5 charon-systemd[21165]: added vici connection: ecc
474 59 Andreas Steffen
</pre>
475 59 Andreas Steffen
476 59 Andreas Steffen
The *swanctl* command line tool reports its actions
477 59 Andreas Steffen
<pre>
478 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_rsa_Cert.der'
479 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded certificate from '/etc/swanctl/x509ca/demoCaCert.pem'
480 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded key token_ak_rsa from token [keyid: f49e857dde4e67f5fb870398673f207cf33f2b66]
481 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded key token_ak_ecc from token [keyid: c70e63f87f6ff65500e5057f5a3e6b6ce7d2d513]
482 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded connection 'rsa'
483 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: loaded connection 'ecc'
484 44 Andreas Steffen
Feb 19 10:52:02 raspi5 swanctl[21183]: successfully loaded 2 connections, 0 unloaded
485 31 Andreas Steffen
</pre>
486 31 Andreas Steffen
487 31 Andreas Steffen
<pre>
488 44 Andreas Steffen
Feb 19 10:52:02 raspi5 systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
489 31 Andreas Steffen
</pre>
490 31 Andreas Steffen
491 31 Andreas Steffen
The following *swanctl* command shows the two loaded connections
492 31 Andreas Steffen
<pre>
493 31 Andreas Steffen
swanctl --list-conns
494 31 Andreas Steffen
</pre>
495 31 Andreas Steffen
496 31 Andreas Steffen
<pre>
497 31 Andreas Steffen
rsa: IKEv2, reauthentication every 10800s, no rekeying
498 31 Andreas Steffen
  local:  10.10.0.105
499 31 Andreas Steffen
  remote: 10.10.0.104
500 31 Andreas Steffen
  local public key authentication:
501 31 Andreas Steffen
    id: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
502 31 Andreas Steffen
    certs: C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com
503 31 Andreas Steffen
  remote public key authentication:
504 31 Andreas Steffen
    id: raspi4.example.com
505 31 Andreas Steffen
  rsa: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
506 31 Andreas Steffen
    local:  dynamic
507 31 Andreas Steffen
    remote: dynamic
508 31 Andreas Steffen
</pre>
509 31 Andreas Steffen
510 31 Andreas Steffen
<pre>
511 31 Andreas Steffen
ecc: IKEv2, reauthentication every 10800s, no rekeying
512 31 Andreas Steffen
  local:  10.10.0.105
513 31 Andreas Steffen
  remote: 10.10.0.104
514 31 Andreas Steffen
  local public key authentication:
515 31 Andreas Steffen
    id: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
516 31 Andreas Steffen
    certs: C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com
517 31 Andreas Steffen
  remote public key authentication:
518 31 Andreas Steffen
    id: raspi4.example.com
519 31 Andreas Steffen
  ecc: TRANSPORT, rekeying every 3600s or 300000000 bytes or 500000 packets
520 31 Andreas Steffen
    local:  dynamic
521 32 Andreas Steffen
    remote: dynamic
522 31 Andreas Steffen
</pre>
523 31 Andreas Steffen
524 31 Andreas Steffen
The loaded certificates can also be displayed
525 31 Andreas Steffen
<pre>
526 31 Andreas Steffen
swanctl --list-certs
527 31 Andreas Steffen
</pre>
528 31 Andreas Steffen
529 31 Andreas Steffen
You can clearly see that the connection between the AK certificates and their matching AK private key has been established (..., has private key)
530 31 Andreas Steffen
<pre>
531 31 Andreas Steffen
List of X.509 End Entity Certificates
532 31 Andreas Steffen
533 31 Andreas Steffen
  subject:  "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
534 31 Andreas Steffen
  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"
535 31 Andreas Steffen
  validity:  not before Feb 19 09:33:43 2017, ok
536 31 Andreas Steffen
             not after  Aug 29 10:33:43 2026, ok (expires in 3477 days)
537 31 Andreas Steffen
  serial:    11:57:33:3e:2a:8e:8a:32
538 31 Andreas Steffen
  altNames:  raspi5.example.com
539 31 Andreas Steffen
  authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
540 31 Andreas Steffen
  subjkeyId: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
541 31 Andreas Steffen
  pubkey:    RSA 2048 bits, has private key
542 31 Andreas Steffen
  keyid:     71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
543 31 Andreas Steffen
  subjkey:   f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
544 31 Andreas Steffen
545 31 Andreas Steffen
  subject:  "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
546 31 Andreas Steffen
  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"
547 31 Andreas Steffen
  validity:  not before Feb 17 23:17:19 2017, ok
548 31 Andreas Steffen
             not after  Aug 30 00:17:19 2026, ok (expires in 3478 days)
549 31 Andreas Steffen
  serial:    52:9d:3e:42:6f:71:63:3d
550 31 Andreas Steffen
  altNames:  raspi5.example.com
551 31 Andreas Steffen
  authkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
552 31 Andreas Steffen
  subjkeyId: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
553 31 Andreas Steffen
  pubkey:    ECDSA 256 bits, has private key
554 31 Andreas Steffen
  keyid:     71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
555 31 Andreas Steffen
  subjkey:   c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
556 31 Andreas Steffen
</pre>
557 31 Andreas Steffen
558 31 Andreas Steffen
<pre>
559 31 Andreas Steffen
List of X.509 CA Certificates
560 31 Andreas Steffen
561 31 Andreas Steffen
  subject:  "C=US, O=TNC Demo, CN=TNC Demo CA"
562 1 Andreas Steffen
  issuer:   "C=US, O=TNC Demo, CN=TNC Demo CA"
563 32 Andreas Steffen
  validity:  not before Aug 31 10:29:27 2016, ok
564 32 Andreas Steffen
             not after  Aug 31 10:29:27 2026, ok (expires in 3479 days)
565 43 Andreas Steffen
  serial:    02:c8:85:e1:ef:fa:8f:20
566 32 Andreas Steffen
  flags:     CA CRLSign self-signed 
567 38 Andreas Steffen
  subjkeyId: 21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
568 32 Andreas Steffen
  pubkey:    ECDSA 256 bits
569 32 Andreas Steffen
  keyid:     a1:b5:e0:29:d0:4c:a7:62:bd:ca:a3:b4:af:18:42:2c:4a:01:55:9a
570 32 Andreas Steffen
  subjkey:   21:02:7e:2d:de:8b:77:48:75:de:56:2f:b5:d4:62:ec:c3:09:15:f2
571 32 Andreas Steffen
</pre>
572 32 Andreas Steffen
573 32 Andreas Steffen
h2. IKEv2 Authentication with RSA AIK Certificate
574 32 Andreas Steffen
575 32 Andreas Steffen
With the following *swanctl* command the "rsa" connection is established
576 32 Andreas Steffen
<pre>
577 32 Andreas Steffen
swanctl --initiate --child rsa
578 32 Andreas Steffen
</pre>
579 32 Andreas Steffen
580 32 Andreas Steffen
<pre>
581 45 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: vici initiate 'rsa'
582 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: initiating IKE_SA rsa[1] to 10.10.0.104
583 40 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]
584 40 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes)
585 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes)
586 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ]
587 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received strongSwan vendor ID
588 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
589 32 Andreas Steffen
Feb 19 10:52:21 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
590 32 Andreas Steffen
</pre>
591 32 Andreas Steffen
592 32 Andreas Steffen
The RSA AK private key stored in the TPM 2.0 is used to generate an *RSA_EMSA_PKCS1_SHA2_256* signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.
593 32 Andreas Steffen
<pre>
594 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
595 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com"
596 32 Andreas Steffen
</pre>
597 32 Andreas Steffen
<pre>
598 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: establishing CHILD_SA rsa
599 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
600 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (1296 bytes)
601 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
602 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
603 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
604 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]:   using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
605 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]:   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
606 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]:   reached self-signed root ca with a path length of 0
607 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
608 38 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: IKE_SA rsa[1] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
609 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: scheduling reauthentication in 10507s
610 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11587s
611 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: CHILD_SA rsa{1} established with SPIs c23deb9d_i ce48d08e_o and TS 10.10.0.105/32 === 10.10.0.104/32
612 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 10103s, scheduling reauthentication in 9023s
613 32 Andreas Steffen
Feb 19 10:52:24 raspi5 charon-systemd[21165]: peer supports MOBIKE
614 32 Andreas Steffen
</pre>
615 32 Andreas Steffen
616 32 Andreas Steffen
The following *swanctl* command shows the established IPsec connection
617 32 Andreas Steffen
<pre>
618 32 Andreas Steffen
 swanctl --list-sas
619 32 Andreas Steffen
</pre>
620 32 Andreas Steffen
<pre>
621 32 Andreas Steffen
rsa: #1, ESTABLISHED, IKEv2, 7ba3b4d06c051ecb_i* 14e1769a8aeb7f28_r
622 32 Andreas Steffen
  local  'C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com' @ 10.10.0.105[4500]
623 32 Andreas Steffen
  remote 'raspi4.example.com' @ 10.10.0.104[4500]
624 32 Andreas Steffen
  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
625 32 Andreas Steffen
  established 252s ago, reauth in 8771s
626 38 Andreas Steffen
  rsa: #1, reqid 1, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
627 33 Andreas Steffen
    installed 252s ago, rekeying in 3258s, expires in 3708s
628 33 Andreas Steffen
    in  c23deb9d,    640 bytes,    10 packets,     3s ago
629 33 Andreas Steffen
    out ce48d08e,    640 bytes,    10 packets,     3s ago
630 33 Andreas Steffen
    local  10.10.0.105/32
631 33 Andreas Steffen
    remote 10.10.0.104/32
632 33 Andreas Steffen
</pre>
633 33 Andreas Steffen
634 33 Andreas Steffen
With this *swanctl* command the "rsa" connection is terminated
635 33 Andreas Steffen
<pre>
636 33 Andreas Steffen
swanctl --terminate --ike rsa
637 33 Andreas Steffen
</pre>
638 33 Andreas Steffen
639 33 Andreas Steffen
<pre>
640 33 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'rsa'
641 33 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: deleting IKE_SA rsa[1] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK RSA, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
642 43 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA rsa[1]
643 32 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ]
644 38 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes)
645 32 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes)
646 32 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ]
647 33 Andreas Steffen
Feb 19 10:59:16 raspi5 charon-systemd[21165]: IKE_SA deleted
648 33 Andreas Steffen
</pre>
649 33 Andreas Steffen
650 33 Andreas Steffen
h2. IKEv2 Authentication with ECC AIK Certificate
651 33 Andreas Steffen
652 33 Andreas Steffen
Next we initiate the "ecc" connection
653 33 Andreas Steffen
<pre>
654 33 Andreas Steffen
swanctl --initiate --child ecc
655 33 Andreas Steffen
</pre>
656 33 Andreas Steffen
657 33 Andreas Steffen
<pre>
658 45 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: vici initiate 'ecc'
659 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: initiating IKE_SA ecc[2] to 10.10.0.104
660 40 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) V ]
661 40 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[500] to 10.10.0.104[500] (1257 bytes)
662 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[500] to 10.10.0.105[500] (1259 bytes)
663 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) V ]
664 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received strongSwan vendor ID
665 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
666 33 Andreas Steffen
Feb 19 11:00:32 raspi5 charon-systemd[21165]: sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA"
667 33 Andreas Steffen
</pre>
668 33 Andreas Steffen
669 33 Andreas Steffen
The ECC AK private key stored in the TPM 2.0 is used to generate an *ECDSA_WITH_SHA256_DER* signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent int the CERT payload.
670 33 Andreas Steffen
<pre>
671 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' (myself) with ECDSA_WITH_SHA256_DER successful
672 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending end entity cert "C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com"
673 33 Andreas Steffen
</pre>
674 33 Andreas Steffen
<pre>
675 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: establishing CHILD_SA ecc
676 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
677 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (912 bytes)
678 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (752 bytes)
679 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
680 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received end entity cert "C=US, O=TNC Demo, CN=raspi4.example.com"
681 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]:   using certificate "C=US, O=TNC Demo, CN=raspi4.example.com"
682 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]:   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA"
683 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]:   reached self-signed root ca with a path length of 0
684 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: authentication of 'raspi4.example.com' with ECDSA_WITH_SHA256_DER successful
685 39 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: IKE_SA ecc[2] established between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
686 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: scheduling reauthentication in 10180s
687 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: maximum IKE_SA lifetime 11260s
688 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: CHILD_SA ecc{2} established with SPIs c2c16cd0_i c47ea6f6_o and TS 10.10.0.105/32 === 10.10.0.104/32
689 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: received AUTH_LIFETIME of 9880s, scheduling reauthentication in 8800s
690 33 Andreas Steffen
Feb 19 11:00:34 raspi5 charon-systemd[21165]: peer supports MOBIKE
691 33 Andreas Steffen
</pre>
692 33 Andreas Steffen
693 33 Andreas Steffen
The establed IKE and CHILD SAs are displayed
694 33 Andreas Steffen
<pre>
695 33 Andreas Steffen
 swanctl --list-sas
696 33 Andreas Steffen
</pre>
697 33 Andreas Steffen
<pre>
698 33 Andreas Steffen
ecc: #2, ESTABLISHED, IKEv2, b7f2652777b0996a_i* 12282b5964ff0658_r
699 1 Andreas Steffen
  local  'C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com' @ 10.10.0.105[4500]
700 1 Andreas Steffen
  remote 'raspi4.example.com' @ 10.10.0.104[4500]
701 34 Andreas Steffen
  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
702 34 Andreas Steffen
  established 126s ago, reauth in 8674s
703 39 Andreas Steffen
  ecc: #2, reqid 2, INSTALLED, TRANSPORT, ESP:AES_CBC-128/HMAC_SHA2_256_128
704 34 Andreas Steffen
    installed 126s ago, rekeying in 3252s, expires in 3834s
705 34 Andreas Steffen
    in  c2c16cd0,    320 bytes,     5 packets,     2s ago
706 34 Andreas Steffen
    out c47ea6f6,    320 bytes,     5 packets,     2s ago
707 34 Andreas Steffen
    local  10.10.0.105/32
708 34 Andreas Steffen
    remote 10.10.0.104/32
709 34 Andreas Steffen
</pre>
710 34 Andreas Steffen
711 34 Andreas Steffen
The IKE and CHILD SAs are terminated
712 34 Andreas Steffen
<pre>
713 34 Andreas Steffen
swanctl --terminate --ike ecc
714 34 Andreas Steffen
</pre>
715 34 Andreas Steffen
716 34 Andreas Steffen
<pre>
717 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: vici terminate IKE_SA 'ecc'
718 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: deleting IKE_SA ecc[2] between 10.10.0.105[C=US, O=TNC Demo, OU=AIK ECC, CN=raspi5.example.com]...10.10.0.104[raspi4.example.com]
719 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending DELETE for IKE_SA ecc[2]
720 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: generating INFORMATIONAL request 2 [ D ]
721 39 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: sending packet: from 10.10.0.105[4500] to 10.10.0.104[4500] (80 bytes)
722 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: received packet: from 10.10.0.104[4500] to 10.10.0.105[4500] (80 bytes)
723 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: parsed INFORMATIONAL response 2 [ ]
724 34 Andreas Steffen
Feb 19 11:04:32 raspi5 charon-systemd[21165]: IKE_SA deleted
725 1 Andreas Steffen
</pre>