From: Nauman <re...@gm...> - 2008-04-11 05:16:13
|
Hi, This functionality is available in jTSS. Here's the code: TcIRsaKey pubAik = Key; TcBlobData pubAikBlob = pubAik.getAttribData( TcTssConstants.TSS_TSPATTRIB_KEY_BLOB, TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY); TcTpmPubkey pubAikStruct = new TcTpmPubkey(pubAikBlob); RSAPublicKey rsaPub = TcCrypto.pubTpmKeyToJava(pubAikStruct); After that, you can simply perform signature validation using the RSA key as usual. Message: 1 > Date: Thu, 10 Apr 2008 17:08:14 +0100 > From: "Tiago Lopes" <tia...@gm...> > Subject: [Trustedjava-support] How to extract modulus of public key to > verify a tpm.quote() > To: tru...@li..., " Ronald T?gl " > <ron...@ia...> > Message-ID: > <564...@ma...> > Content-Type: text/plain; charset="iso-8859-1" > > Hello, > > I'm using jTSS 0.2 and i'm experimenting the tpm.quote() method using an a > normal singing key (TSS_KEY_TYPE_SIGNING) to quote instead of a AIK, just > to > experiment the basic principles. > First problem: exporting the public key modulus of this key type to a > remote > verifier. I want to avoid the jTSS on the remote end, and just use plain > java. I'm guessing to do that i need to invoke: > > > //---------------------------------------------------------------------------------- > byte[] key_modulus = > key.getAttribData(TcTssConstants.TSS_TSPATTRIB_RSAKEY_INFO, > > TcTssConstants.TSS_TSPATTRIB_KEYINFO_RSA_MODULUS).serializeToByteArray() > TcTssValidation quoteResult = tpm.quote(key, pcrComp, nonce); > byte[] data = quoteResult.getData().serializeToByteArray(); > // I think this returns the data blob that was quoted > byte[] signature = > quoteResult.getValidationData().serializeToByteArray(); > // I think this is the signature of that data using the created key > > //---------------------------------------------------------------------------------- > > ... to get the key modulus and then serialize it to the quote verifier > end. > The verifier then creates a public RSA key with this modulus: > > > //---------------------------------------------------------------------------------- > RSAPublicKeySpec pubEkSpec = new RSAPublicKeySpec( > new BigInteger(key_modulus), > new BigInteger("65537")); > RSAPublicKey pubKey = (RSAPublicKey) > KeyFactory.getInstance("RSA").generatePublic(pubEkSpec); > Signature sig = Signature.getInstance("SHA1withRSA"); > sig.initVerify(pubKey); > sig.update(data, 0, data.length); > sig.verify(signature); > > //---------------------------------------------------------------------------------- > Is this correct? I think not, because the key modulus returns only 256 > bytes, and the above code fails the signature check. > > > Second problem: I think there is a bug trying to get the key exponent > using > jTSS: > invoking this code causes a SW fault: > > //---------------------------------------------------------------------------------- > key.getAttribData( > TcTssConstants.TSS_TSPATTRIB_RSAKEY_INFO, > TcTssConstants.TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT) > > //---------------------------------------------------------------------------------- > iaik.tc.tss.api.exceptions.tsp.TcTspException: > TSS Error: > error layer: 0x3000 (TSP) > error code (without layer): 0x04 > error code (full): 0x3004 > error message: An internal SW error has been detected. > additional info: Getter method did throw unknown exception (not a > TcTssException). > null > at iaik.tc.tss.impl.java.tsp.TcAttributes.getAttribData(Unknown Source) > (...) > > Is this a bug or i'm not understanding the docs? > > Tiago Lopes > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > > ------------------------------ > > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support > > > End of Trustedjava-support Digest, Vol 21, Issue 4 > ************************************************** > -- Nauman Security Engineering Research Group, Institute of Management Sciences, Peshawar, Pakistan. Blog: http://recluze.wordpress.com Group: http://serg.imsciences.edu.pk Art gallery: http://recluse.gfxartist.com Cell: 0321 90 66 275 |