Re: [Linux-ima-user] TPM Quote: data signed is different from PcrRead

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Reiner,

Many thanks for the description of Quote operation and pointing to the TCG
document that describes it. I could understand and implement Quote operation
and it's verification. I am using trousers and the commands worked as per
TCG documents.

Kind Regards,
Lavina

On Wed, Jul 30, 2008 at 6:12 AM, Reiner Sailer <sa...@us...> wrote:

> In case you are using TrouSerS or another TSS stack to access the TPM
> (i.e., if you do not directly address the TPM driver) please refer to the
> mailing list and specs for your TSS stack. There might be variations from
> the TPM command parameters.
>
> E.g., TrouSerS on sourceforge has a separate web page:
> http://trousers.sourceforge.net/
>
> Reiner
>
>
>
>  From:       "Lavina Jain" <lav...@gm...>
>
>  To:         lin...@li...
>
>  Cc:         lav...@gm...
>
>  Date:       07/30/2008 02:52 AM
>
>  Subject:    [Linux-ima-user] TPM Quote: data signed is different from
> PcrRead
>
>
>
>
>
>
>
> Hi,
>
> It looks like the data signed by Tspi_TPM_Quote is not the same as PCR
> value. I wrote a small program that reads PCR 10, and then gets Quote of
> PCR
> Composite consisting of only PCR 10. The data signed differs from the
> output
> of Tspi_TPM_PcrRead.
>
> Following is the part of my code doing this:
>
> ---------------------------------------------------------------------------------
>
> // read PCR 10
> printf("Read PCR...");
> UINT32 len;
> BYTE *value = (BYTE *)malloc(sizeof(BYTE));
> int i;
> for(i = 10; i <= 10; i++) {
> retCode = Tspi_TPM_PcrRead(hTPM, i, &len, &value);
> PRINT_RETCODE(retCode);
> if(retCode == TSS_SUCCESS) {
> printf("PCR i: %d, len: %d\n", i, len);
> printf("value: ");
> // print in hex format
> printHex(value, len);
> }
> }
>
> // Create PCR composite object consisting PCR 10
> printf("Create PCR composite object...");
> TSS_HPCRS hPcrComposite;
> retCode = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, 0,
> &hPcrComposite);
> PRINT_RETCODE(retCode);
>
> UINT32 pcrIndex;
> for (pcrIndex = 10; pcrIndex <= 10; pcrIndex++) {
> Tspi_PcrComposite_SelectPcrIndex(hPcrComposite,pcrIndex);
> }
>
> // 20-byte input (challenge) to Quote command
> BYTE *buf = (BYTE *)malloc(20);
> TSS_VALIDATION validationData;
> validationData.rgbExternalData = (BYTE *)malloc(20 * sizeof(BYTE));
> memset(validationData.rgbExternalData, 1, 20);
> printf("20-byte hash input to Quote: ");
> printHex(validationData.rgbExternalData, 20);
>
> // Obtain Quote
> printf("Quote PCR...");
> retCode = Tspi_TPM_Quote(hTPM, hAIK, hPcrComposite, &validationData);
> printf("Data signed: \n");
> printHex(validationData.rgbData, validationData.ulDataLength);
>
> -----------------------------------------------------------------------------------------------------------------------------
>
>
> The results are as follows:
> Value of PCR 10 read by Tspi_TPM_PcrRead is:
> ce24d4cfe4d39e2da331326d44680a4946bb7486
>
> Data signed is:
> 0101000051554f54abbf4dd198d4df503f7a25291f332fa70a237bc601010101
> 01010101010101010101010101010101
>
> I know that first 4 bytes (01010000) is the version. Next 4 bytes
> (51554f54)
> is the ordinal. Last 20 bytes is the input that I had given to the Quote
> command.
> Can somebody please explain how is the remaining 20 bytes
> (abbf4dd198d4df503f7a25291f332fa70a237bc6) obtained from PCR registers?
>
> Kind Regards,
> Lavina
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Linux-ima-user mailing list
> Lin...@li...
> https://lists.sourceforge.net/lists/listinfo/linux-ima-user
>
>
>
>

-- 
"Unravelling life's mysteries and discovering life's secrets may take the
courage and determination found only in a self-motivated pursuit."
- Peter McWilliams