Re: [Trustedjava-support] how to control log

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

pat...@in... wrote:
> i know that the server has to bring the list of measures and has to
> reproduce the extend operations the client has done and compare with
> the quote result.
> i've seen that the log is an array of TcTssPcrEvent, but how is this
> structure correleted with the TcTssValidation  that is the result of
> a quote operation?
> How can i compare them?

a quick rundown:

system state = set of PCR registers with specific value

PCR composite digest = one hash value, calculated from set of PCR register states(hashes)

How to calculate a PCR composite digest (=current system state) from PCR states,
see discussion on this mailing list ca. middle of July.

How to calculate single PCR register extend operation,
see ExtendPcrs.java example from JTpmTools.

|TcTssValidation quoteResult = context.getTpm().quote(aikKey, pcrSelection, validation);

pcrSelection contains the mask of PCRs to do the quote from

|... = quoteResult.getData();            // plain data
|... = quoteResult.getValidationData();  // signature

TcTpmQuoteInfo qInfo = new TcTpmQuoteInfo(....plaindata...);
TcTpmCompositeHash compHash = qInfo.getDigestValue();    // get compositeDigest hash

and compare this with you own result on the server side.

> Please, can you tell me the code i have to use to compare the log with the quote result?

There is no standard/protocol (yet) on how to get a client log + quote to the
server, you have to invent your own. Further, currently there is no helper
code for helping you in replaying/recalculating the PCR log.

HTH

-- 
Martin Pirker
IAIK, TU Graz