From: Martin P. <Mar...@ia...> - 2007-09-17 09:58:45
|
pat...@in... wrote: > i know that the server has to bring the list of measures and has to > reproduce the extend operations the client has done and compare with > the quote result. > i've seen that the log is an array of TcTssPcrEvent, but how is this > structure correleted with the TcTssValidation that is the result of > a quote operation? > How can i compare them? a quick rundown: system state = set of PCR registers with specific value PCR composite digest = one hash value, calculated from set of PCR register states(hashes) How to calculate a PCR composite digest (=current system state) from PCR states, see discussion on this mailing list ca. middle of July. How to calculate single PCR register extend operation, see ExtendPcrs.java example from JTpmTools. |TcTssValidation quoteResult = context.getTpm().quote(aikKey, pcrSelection, validation); pcrSelection contains the mask of PCRs to do the quote from |... = quoteResult.getData(); // plain data |... = quoteResult.getValidationData(); // signature TcTpmQuoteInfo qInfo = new TcTpmQuoteInfo(....plaindata...); TcTpmCompositeHash compHash = qInfo.getDigestValue(); // get compositeDigest hash and compare this with you own result on the server side. > Please, can you tell me the code i have to use to compare the log with the quote result? There is no standard/protocol (yet) on how to get a client log + quote to the server, you have to invent your own. Further, currently there is no helper code for helping you in replaying/recalculating the PCR log. HTH -- Martin Pirker IAIK, TU Graz |