<div dir="ltr"><div><div><div><div>Hello,<br><br></div>I followed these wikis to setup strongswan IPsec client and server with integrated TNC client and server respectively for TPM based remote attestation withh PTS-IMC and PTS-IMV. <br>
<br><a href="http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC">http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC</a><br><br><a href="http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV">http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV</a><br>
<br></div>Everything works as described above with TNCCS2.0 and TPM based remote attestation is successful. However when I change protocol to tnccs1.1 in strongswan.conf, strongswan ipsec gateway crashes and the back trace is here:<br>
<br>Program received signal SIGSEGV, Segmentation fault.<br>[Switching to Thread 0x7fbc0bbe4700 (LWP 22551)]<br>0x00007fbc1300b48e in get_my_public_value (this=0x7fbbc40020b0, value=0x7fbc0bbe3550, nonce=0x7fbc0bbe3560) at pts/pts.c:221<br>
221 this->dh->get_my_public_value(this->dh, value);<br>(gdb) bt<br>#0 0x00007fbc1300b48e in get_my_public_value (this=0x7fbbc40020b0, value=0x7fbc0bbe3550, nonce=0x7fbc0bbe3560) at pts/pts.c:221<br>#1 0x00007fbc1343b80e in imv_attestation_build (out_msg=out_msg@entry=0x7fbbc8001850, <br>
attestation_state=attestation_state@entry=0x7fbbc4001820, supported_algorithms=PTS_MEAS_ALGO_SHA1, <br> supported_dh_groups=<optimized out>, pts_db=0x2071460) at imv_attestation_build.c:115<br>#2 0x00007fbc13439da2 in send_message (out_msg=0x7fbbc8001850, state=0x7fbbc4001820) at imv_attestation.c:179<br>
#3 receive_message (state=0x7fbbc4001820, in_msg=in_msg@entry=0x7fbbc8005110) at imv_attestation.c:310<br>#4 0x00007fbc1343a197 in TNC_IMV_ReceiveMessage (imv_id=<optimized out>, connection_id=<optimized out>, msg=0x7fbbc80055f0 "\001", <br>
msg_len=70, msg_type=1) at imv_attestation.c:385<br>#5 0x00007fbc13a5e08f in receive_message (this=0x205f930, connection_id=1, excl=false, msg=0x7fbbc80055f0 "\001", msg_len=70, msg_vid=0, <br> msg_subtype=1, src_imc_id=0, dst_imv_id=65535) at tnc_imv_manager.c:433<br>
#6 0x00007fbc1406df96 in handle_message (msg=<optimized out>, this=0x7fbbc4000a70) at tnccs_11.c:214<br>#7 process (this=0x7fbbc4000a70, buf=0x7fbbc80012e6, buflen=675) at tnccs_11.c:364<br>#8 0x00007fbc14c97202 in process_pkt (this=0x7fbbd0000e20, this=0x7fbbd0000e20, pkt=0x7fbbc80012e0) at tls_eap.c:180<br>
#9 process (this=0x7fbbd0000e20, in=..., out=0x7fbc0bbe38c0) at tls_eap.c:377<br>#10 0x00007fbc14888b78 in process (this=0x7fbbd0000900, in=<optimized out>, out=0x7fbbd8003588) at eap_tnc.c:110<br>#11 0x00007fbc14ea6420 in process (this=0x7fbbd8003550, reader=<optimized out>) at eap_ttls_server.c:262<br>
#12 0x00007fbc14c930a0 in process_application (reader=0x7fbbc80009b0, this=0x7fbbd8004940) at tls_fragmentation.c:219<br>#13 process (this=0x7fbbd8004940, type=TLS_APPLICATION_DATA, data=...) at tls_fragmentation.c:270<br>
#14 0x00007fbc14c9c2e8 in process (this=0x7fbbd8003fb0, buf=0x7fbbc8000fca, buflen=741) at tls.c:242<br>#15 0x00007fbc14c97202 in process_pkt (this=0x7fbbd8004a60, this=0x7fbbd8004a60, pkt=0x7fbbc8000fc0) at tls_eap.c:180<br>
#16 process (this=0x7fbbd8004a60, in=..., out=0x7fbc0bbe3ae0) at tls_eap.c:377<br>#17 0x00007fbc14ea5588 in process (this=0x7fbbd8003f60, in=<optimized out>, out=0x7fbc0bbe3b48) at eap_ttls.c:69<br>#18 0x00007fbc17bf8528 in server_process_eap (in=0x7fbbc8000f10, this=0x7fbbd8003d80) at sa/ikev2/authenticators/eap_authenticator.c:278<br>
#19 process_server (this=0x7fbbd8003d80, message=<optimized out>) at sa/ikev2/authenticators/eap_authenticator.c:540<br>#20 0x00007fbc17bffb14 in process_r (this=0x7fbbd4006de0, message=0x7fbbf4000f10) at sa/ikev2/tasks/ike_auth.c:627<br>
#21 0x00007fbc17bf7117 in process_request (message=<optimized out>, this=0x7fbbd4001a10) at sa/ikev2/task_manager_v2.c:905<br>#22 process_message (msg=<optimized out>, this=0x7fbbd4001a10) at sa/ikev2/task_manager_v2.c:1153<br>
#23 process_message (this=0x7fbbd4001a10, msg=<optimized out>) at sa/ikev2/task_manager_v2.c:1075<br>#24 0x00007fbc17bec90f in process_message (message=0x7fbbf4000f10, this=0x7fbbd4000a50) at sa/ike_sa.c:1268<br>#25 process_message (this=0x7fbbd4000a50, message=0x7fbbf4000f10) at sa/ike_sa.c:1249<br>
#26 0x00007fbc17be7434 in execute (this=0x7fbbf4000900) at processing/jobs/process_message_job.c:74<br>#27 0x00007fbc18064433 in process_jobs (worker=0x206a8a0) at processing/processor.c:219<br>#28 0x00007fbc180668d9 in thread_main (this=0x20816b0) at threading/thread.c:309<br>
#29 0x0000003743c07d15 in start_thread () from /lib64/libpthread.so.0<br>#30 0x00000037434f248d in clone () from /lib64/libc.so.6<br><br></div>I am not sure if this is due to configuration error or a bug in strongswan. Any help is appreciated. <br>
<br></div>Thanks and Regards<br>Avesh<br></div>