Re: [Trustedjava-support] Certification of the public keys with the TcIRsaKey.certifyKey() method

[Maksim D. <dk...@bf...>]

Thanks a lot!

The example you provided is not so obvious, but after simple 
modifications I had it working. Here is the my version of the source code:


public boolean certificateValidate(TcTssValidation 
certifyValidationData, TcIRsaKey aikKey, TcIRsaKey bindKey, TcBlobData 
nonceBlob){
       
        boolean validationSuccesfull = true;
       
        try {
           
            TcBlobData pubBlob = 
aikKey.getAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB, 
TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY);
            TcTpmPubkey pubStruct = new TcTpmPubkey(pubBlob);
       
            TcBlobData pubKeyBlob = pubStruct.getPubKey().getKey();
           
        //Since we do not actually transfer the values use the local 
variables
        //TcBlobData pubKeyBlob = aikPubKey;
            TcBlobData plainData = certifyValidationData.getData();
            TcBlobData certifySignature = 
certifyValidationData.getValidationData();
       
            pubKeyBlob.prepend(TcBlobData.newBYTE(((byte) 0)));  // 
BigInteger requires a leading sign-byte
            RSAPublicKeySpec pubEkSpec = new RSAPublicKeySpec(new 
BigInteger(pubKeyBlob.asByteArray()),new BigInteger("65537")); // 65537 
is TPM default
       
            RSAPublicKey pubKeyJava = (RSAPublicKey) 
KeyFactory.getInstance("RSA").generatePublic(pubEkSpec);
           
            TcIContext context = new 
TcTssLocalCallFactory().newContextObject();
            //do not connect context, we need no TPM (only possible with 
IAIK stack)
           
            TcTpmPubkey pubAikStruct = TcCrypto.pubJavaToTpmKey(pubKeyJava);
            TcIRsaKey pubAik = 
context.createRsaKeyObject(TcTssConstants.TSS_KEY_EMPTY_KEY);
            pubAik.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB, 
TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pubAikStruct.getEncoded());
           
            
pubAik.setAttribUint32(TcTssConstants.TSS_TSPATTRIB_KEY_INFO, 
TcTssConstants.TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TcTssConstants.TSS_ES_NONE);
            
pubAik.setAttribUint32(TcTssConstants.TSS_TSPATTRIB_KEY_INFO, 
TcTssConstants.TSS_TSPATTRIB_KEYINFO_SIGSCHEME, 
TcTssConstants.TSS_SS_RSASSAPKCS1V15_SHA1);
           
            TcIHash hash = 
context.createHashObject(TcTssConstants.TSS_HASH_SHA1);
           

             // This way is obviously wrong
            //hash.setHashValue(certifySignature.sha1());
            //hash.verifySignature(plainData, pubAik);

            hash.setHashValue(plainData.sha1());
            hash.verifySignature(certifySignature, pubAik);
           
            /********
             * Verify CERTIFY_INFO as expected
             */
           
            TcTpmCertifyInfo certifiedData =  new 
TcTpmCertifyInfo(plainData);
          
            System.out.println (" Certified data: "+ 
certifiedData.toString());
           
            //Verify the bind public key digests
           
            TcBlobData CIKeyDigest = 
certifiedData.getPubKeyDigest().getDigest();
            System.out.println ("Ceritified data public key digest : "+ 
CIKeyDigest.toHexString());
           
            TcTpmPubkey bindPubKey = new TcTpmPubkey(bindKey.getPubKey());
            TcBlobData bindPubKeyDigest = 
bindPubKey.getPubKey().getKey().sha1();
           
            //System.out.println ("Bind public key : "+ 
bindPubKey.getPubKey().toString());
            System.out.println ("Bind public key digest : "+ 
bindPubKeyDigest.toHexString());
           
            if (!CIKeyDigest.equals(bindPubKeyDigest)) 
validationSuccesfull = false;
           
            //Verify the nonce
           
            TcBlobData CInonce = certifiedData.getData().getNonce();
            System.out.println ("Ceritified nonce : "+ 
CInonce.toHexString());
           
            if (!CInonce.equals(nonceBlob)) validationSuccesfull = false;
           
        } catch (TcTssException e) {
           
            validationSuccesfull = false;
           
            e.printStackTrace();
        } catch (InvalidKeySpecException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
       
        return validationSuccesfull;
Martin Pirker wrote:
> Hi...
>
> Maksim Djackov wrote:
>   
>> - How can I verify the result of TcIRsaKey.certifyKey() (certify the
>> BIND public key with the AIK private key) command on the other machine,
>> given the AIK public key and the BIND public key?
>>     
>
>
> The signature verification stuff works about like this...
> (from memory, not tested, may be buggy)
>
>
> TPM machine:
>
>  TcTssValidation certifyResult = bindKey.certifyKey(identityKey, ....);
>
>  ... = certifyResult.getData();            // plain data
>  ... = certifyResult.getValidationData();  // signature
>
>
>  TcBlobData pubBlob = identitykey.getAttribData(TcTssDefines.TSS_TSPATTRIB_KEY_BLOB, TcTssDefines.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY);
>  TcTcpaPubkey pubStruct = new TcTcpaPubkey(pubBlob);
>  ... = pubStruct.getPubKey().getKey();     // public key
>
>
> Verifier side:
>
>  byte[] aikPubBytes,
>  byte[] signatureBytes,
>  byte[] plainDataBytes,
>
>  TcBlobData pubKeyBlob = TcBlobData.newByteArray(aikPubBytes);
>  TcBlobData certifySignature = TcBlobData.newByteArray(signatureBytes);
>  TcBlobData plainData = TcBlobData.newByteArray(plainDataBytes);
>
>  pubKeyBlob.prepend(TcBlobData.newBYTE(((byte) 0)));  // BigInteger requires a leading sign-byte
>  RSAPublicKeySpec pubEkSpec = new RSAPublicKeySpec(new BigInteger(pubKeyBlob.asByteArray()),new BigInteger("65537")); // 65537 is TPM default
>  RSAPublicKey pubKeyJava = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(pubEkSpec);
>
>
>  TcIContext context = new TcTssLocalCallFactory().newContextObject();
>  // do not connect context, we need no TPM (only possible with IAIK stack)
>
>  TcTpmPubkey pubAikStruct = TcCrypto.pubJavaToTpmKey(pubKeyJava);
>  TcIRsaKey pubAik = context.createRsaKeyObject(TcTssConstants.TSS_KEY_EMPTY_KEY);
>  pubAik.setAttribData(TcTssConstants.TSS_TSPATTRIB_KEY_BLOB, TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pubAikStruct.getEncoded());
>
>  // hmmm... maybe not needed, already set by pubJavaToTpmKey?
>  pubAik.setAttribUint32(TcTssConstants.TSS_TSPATTRIB_KEY_INFO, TcTssConstants.TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TcTssConstants.TSS_ES_NONE);
>  pubAik.setAttribUint32(TcTssConstants.TSS_TSPATTRIB_KEY_INFO, TcTssConstants.TSS_TSPATTRIB_KEYINFO_SIGSCHEME, TcTssConstants.TSS_SS_RSASSAPKCS1V15_SHA1);
>
>  // do signature verify
>  TcIHash hash = context.createHashObject(TcTssConstants.TSS_HASH_SHA1);
>  hash.setHashValue(certifySignature.sha1());
>  hash.verifySignature(plainData, pubAik);
>
>
> TODO: check actual content CERTIFY_INFO if as expected
>
>
>   
>> However, I have another question now as well. This is regarding using
>> the public portion of the key created in the TPM to encrypt information
>> on another machine and decrypt information later on the TPM where the
>> key was created using the private portion of the key.
>>     
>
> Errr... I don't think I've ever thought about that...
>
> HTH,
> Martin
>