Re: [Trustedjava-support] Certification of the public keys with the TcIRsaKey.certifyKey() method

[Maksim D. <dk...@bf...>]

Thanks a lot. Basically to paraphrase my question:

- How can I verify the result of TcIRsaKey.certifyKey() (certify the 
BIND public key with the AIK private key) command on the other machine, 
given the AIK public key and the BIND public key?

Basically, from your answer I have understood that I must use the Java 
software to do the verification, extracting needed data fields from the 
validation result of certifyKey() command. I have to check then what 
algorthims the certifyKey uses and recreate the command flow. If I am 
wrong, please, correct me.

However, I have another question now as well. This is regarding using 
the public portion of the key created in the TPM to encrypt information 
on another machine and decrypt information later on the TPM where the 
key was created using the private portion of the key.

My steps are:

1) Create and load the non-migratable bind type key (this is my custom 
functions, but you will get the idea):

TcIRsaKey bindKey =    
TPMClientInstance.createLoadKeyWithoutPcr(TcTssConstants.TSS_KEY_SIZE_2048 
| TcTssConstants.TSS_KEY_TYPE_BIND);

2) Get the public portion of the key and send it to other machine:

TcTpmPubkey pubKeyBind = new 
TcTpmPubkey(TPMClientInstance.getPubKeyBlob(bindKey));


3) Encrypt the string using the public key:

String plainString = "BAC encoded (The client is okay!)";              
TcBlobData encData = TPMClientInstance.encryptMessage(pubKeyBind, 
TcBlobData.newString(plainString));

Where the encryptMessage() is:

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    public TcBlobData encryptMessage(TcTpmPubkey pubKey, TcBlobData 
plainData){
       
        TcBlobData encData = null;

        try {
           
            encData = TcCrypto.pubEncryptRsaEcbPkcs1Padding(pubKey, 
plainData);
           
        }  catch (TcTssException e) {
           
            System.out.println("Unable to encrypt the blob.");
            e.printStackTrace();
        }
       
        return encData;
       
    }
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

4) Send the message back and decrypt it using the bind private key:

TcBlobData decData = TPMClientInstance.decryptMessage(bindKey, encData);

Where decryptMessage is:

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    public TcBlobData decryptMessage(TcIRsaKey bindKey, TcBlobData 
encDataBlob){
       
        TcBlobData decDataBlob = null;
       
        try {
           
            TcIEncData encData = 
commonInstance.context_.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND);
            
encData.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB, 
TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB,
                    encDataBlob);
           
            decDataBlob = encData.unbind(bindKey);

        }  catch (TcTssException e) {
           
            System.out.println("Unable to decrypt the blob.");
            e.printStackTrace();
        }
       
        return decDataBlob;
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////


So you can see that I get a blob after encryption with the help of 
pubEncryptRsaEcbPkcs1Padding() and decrypt the blob using 
setAttribData() and unbind().

And I get:

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
iaik.tc.tss.api.exceptions.tcs.TcTpmException:

TSS Error:
error layer:                0x00 (TPM)
error code (without layer): 0x21
error code (full):          0x21
error message: The decryption process did not complete.

    at 
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(Unknown Source)
    at iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(Unknown 
Source)
    at iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(Unknown Source)
    at 
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(Unknown 
Source)
    at 
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(Unknown 
Source)
    at iaik.tc.tss.impl.java.tsp.TcEncData.unbind(Unknown Source)
    at TPMClient.decryptMessage(TPMClient.java:300)
    at TPMClientTest.main(TPMClientTest.java:104)
Exception in thread "main" java.lang.NullPointerException
    at TPMClientTest.main(TPMClientTest.java:108)
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

I don't know if the process I use is make sense at all, but since I do 
encryption on the other machine using the Java software stack (no TPM), 
I obviously can't use the bind() method.

I am really sorry for this _really long_ email, but I hope you will find 
some time to review it and point out my mistake!

Regards,

Maksim.



Martin Pirker wrote:
> Hi...
>
> I'm not quite sure what you want to archive, but I'll try to give
> some help. You do not seem to be sure which key you want to use
> for which application.
>
> Maksim Djackov wrote:
>   
>> why using the TcIRsaKey.certifyKey() method at all?
>>     
>
> For certifying a non-migratable key with an identity key.
>
> Quoting TPM specification, command TPM_CertifyKey:
>
> "A TPM identity key may be used to certify non-migratable keys but is not
>  permitted to certify migratory keys or certified migration keys. As such,
>  it allows the TPM to make the statement “this key is held in a TPM-shielded
>  location, and it will never be revealed.” For this statement to have veracity,
>  the Challenger must trust the policies used by the entity that issued the
>  identity and the maintenance policy of the TPM manufacturer."
>
>  "When this command is run to certify [...] it will return and sign
>   a TPM_CERTIFY_INFO(2) structure"
>
>   
>> I can sign the public BIND key with the private AIK key using sign 
>> method of the TSS.
>>     
>
> I don't think so. Quoting TPM specification, command TPM_Sign:
>
> "The Sign command signs data and returns the resulting digital signature"
> "Validate that keyHandle->keyUsage is TPM_KEY_SIGNING or TPM_KEY_LEGACY,
>  if not return the error code TPM_INVALID_KEYUSAGE"
>
>
> The TCG specs are rather cryptic reading, but if you want an
> authorative source, you'll have to bite through.
>
>
>   
>> - I have the non-migratable BIND type key on the client
>> - I have created and activated TPM identity key
>> - I have certified the BIND public key with the private portion of the
>>   TPM AIK using the TcIRsaKey.certifyKey() method
>> - I have received the TcTssValidation structure that contains the signature
>>
>> Now I need to transfer the AIK public key and BIND key signature to the
>> server and verify the signature of the BIND key using the AIK public key.
>>     
>
> A validator requires 3 data packages
> * an AIK certificate with the AIK public key
> * the CERTIFY_INFO_STRUCTURE plain data of the certified key
>   (if he is not able to reconstruct it by other means)
> * the signature resulting from the certification
>
> So you
> * check correctness of AIK certificate
> * use AIK public key from certificate to verify signature on raw data block
> * check raw data if key fields etc. are as expected
>
>
>   
>> How can I do it assuming the server has the TPM chip as well?
>>     
>
> There is no need for a TPM for verifying a signature on a block of data.
>
>
> HTH,
> Martin
>
>