Re: [Trustedjava-support] How to compute Hash over PCRs without TPM

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello Mudassar,

This is a code fragment on how to do quote validation. I guess it is 
pretty self-explanatory.
As of jTSS 0.6 you can also create the PCR CompositeInfo(Long|Short) 
objects offline from the implementation classes in package
iaik.tc.tss.impl.java.tsp.

hth, Ronald

     try {
             TcBlobData dataBlob = TcBlobData.newByteArray(dataToValidate
                     .getData());
             TcTpmQuoteInfo2 quoteInfo = new TcTpmQuoteInfo2(dataBlob);

             TcTpmPcrInfoShort pcrInfo = quoteInfo.getInfoShort();
             TcTpmCompositeHash compositeHash = 
pcrInfo.getDigestAtRelease();
             TcBlobData digestAtRelease = compositeHash.getDigest();

             TcIPcrComposite expectedComp = ((TPMContextImpl) context_)
                     .getTcIContext().createPcrCompositeObject(
                             TcTssConstants.TSS_PCRS_STRUCT_INFO_SHORT);

             int[] expectedIndices = expectedValues.getValueIndices();

             for (int i = 0; i < expectedIndices.length; i++) {
                 expectedComp.setPcrValue(expectedIndices[i], TcBlobData
                         .newByteArray(expectedValues.getPCRValue(
                                 expectedIndices[i]).getBytes()));
             }

             TcBlobData expectedDigestAtRelease = expectedComp
                     .getPcrCompositeHash();

             if (!Arrays.equals(digestAtRelease.asByteArray(),
                     expectedDigestAtRelease.asByteArray())) {
                 return false;
             }

             Signature sig = Signature.getInstance("SHA1withRSA");
             sig.initVerify(identityKey);
             sig.update(dataToValidate.getData());
             boolean valid = 
sig.verify(dataToValidate.getValidationData());

             return valid;

         } catch (TcTssException e) {

On 10/06/2010 04:04 PM, Account Info wrote:
> Hi,
> I have the same problem as listed in the following attached post by Till
> Bentz. The answer to this question refers to another post with
> Subject: "Re: Recompute PRC based on SML and TPM_Quote problem" and
> Message-ID:<469...@ia...>  posted on Date: Mon, 16 
> Jul 2007
> 09:28:06 +0200. But this message is blank.
>
> I could not find any code in tests which could compute the hash over the
> quoted PCRs WITHOUT USING TPM (i.e. TcIPcrComposite object). I guess 
> that I
> should do something as follows:
>
> TcTpmPcrInfoShort pcrInfo = new TcTpmPcrInfoShort(); // short because 
> PCR 16
> intended
>
> TcTpmPcrSelection pcrSelection = new TcTpmPcrSelection();
> // 1. how to say that PCR 16 should be selected ???????
>
> TcTpmPcrValue pcrValue = new TcTpmPcrValue();
> // 2. how to put some value at PCR 16 ??????
>
> pcrInfo.setPcrSelection(pcrSelection); // if done in step 1
> // 3. How to associate PCR value with pcrinfo ?????
>
> pcrInfo.getDigestAtRelease().getDigest();// It will give the required 
> digest
> having set the expected value in PCR 16
>
> Regards
>
> Mudassar.
>
>
> ---------------------------------------------------------------------------------------------- 
>
>
> Hello,
>
> I try to do a tpm_quote. I managed to set the relevant pPCRs, the 
> validation
> information and actually execute the
> quote call.
>
> My problem is now that i somehow want to check the quote. How can I do 
> that
> on a PC without a TPM. As far as I understood the quote process 
> computes a
> hash over the quoted PCRs and stores it in 
> TcTpmQuoteInfo.getDigestValue()
>
> I have the values of each quoted PCR, but how do I manually recompute 
> that
> value so I can check the quote?
>
> Thanks.