From: Account I. <mud...@ho...> - 2010-10-07 13:44:34
|
Hi Ronald, Thanks for your reply. I used jTSS 0.6 to get it done quite simply. TcPcrCompositeInfoLong expectedPcrComposite = new TcPcrCompositeInfoLong(24); expectedPcrComposite.selectPcrIndexEx(16, TcTssConstants.TSS_PCRS_DIRECTION_RELEASE); expectedPcrComposite.setPcrValue(16, expectedPCR); TcBlobData expectedCompositeDigest = expectedPcrComposite.getPcrCompositeHash(); And a question for my understanding: Conceptually, is it allowed/possible to create context object on a machine which does not have TPM? Regards. Mudassar. -------------------------------------------------- From: "Ronald Tögl" <ron...@ia...> Sent: Wednesday, October 06, 2010 4:20 PM To: "Account Info" <mud...@ho...> Subject: Re: [Trustedjava-support] How to compute Hash over PCRs without TPM > Hello Mudassar, > > This is a code fragment on how to do quote validation. I guess it is > pretty self-explanatory. > As of jTSS 0.6 you can also create the PCR CompositeInfo(Long|Short) > objects offline from the implementation classes in package > iaik.tc.tss.impl.java.tsp. > > hth, Ronald > > > try { > TcBlobData dataBlob = TcBlobData.newByteArray(dataToValidate > .getData()); > TcTpmQuoteInfo2 quoteInfo = new TcTpmQuoteInfo2(dataBlob); > > TcTpmPcrInfoShort pcrInfo = quoteInfo.getInfoShort(); > TcTpmCompositeHash compositeHash = > pcrInfo.getDigestAtRelease(); > TcBlobData digestAtRelease = compositeHash.getDigest(); > > TcIPcrComposite expectedComp = ((TPMContextImpl) context_) > .getTcIContext().createPcrCompositeObject( > TcTssConstants.TSS_PCRS_STRUCT_INFO_SHORT); > > int[] expectedIndices = expectedValues.getValueIndices(); > > for (int i = 0; i < expectedIndices.length; i++) { > expectedComp.setPcrValue(expectedIndices[i], TcBlobData > .newByteArray(expectedValues.getPCRValue( > expectedIndices[i]).getBytes())); > } > > TcBlobData expectedDigestAtRelease = expectedComp > .getPcrCompositeHash(); > > if (!Arrays.equals(digestAtRelease.asByteArray(), > expectedDigestAtRelease.asByteArray())) { > return false; > } > > Signature sig = Signature.getInstance("SHA1withRSA"); > sig.initVerify(identityKey); > sig.update(dataToValidate.getData()); > boolean valid = > sig.verify(dataToValidate.getValidationData()); > > return valid; > > } catch (TcTssException e) { > > > On 10/06/2010 04:04 PM, Account Info wrote: >> Hi, >> I have the same problem as listed in the following attached post by Till >> Bentz. The answer to this question refers to another post with >> Subject: "Re: Recompute PRC based on SML and TPM_Quote problem" and >> Message-ID:<469...@ia...> posted on Date: Mon, 16 Jul >> 2007 >> 09:28:06 +0200. But this message is blank. >> >> I could not find any code in tests which could compute the hash over the >> quoted PCRs WITHOUT USING TPM (i.e. TcIPcrComposite object). I guess that >> I >> should do something as follows: >> >> TcTpmPcrInfoShort pcrInfo = new TcTpmPcrInfoShort(); // short because PCR >> 16 >> intended >> >> TcTpmPcrSelection pcrSelection = new TcTpmPcrSelection(); >> // 1. how to say that PCR 16 should be selected ??????? >> >> TcTpmPcrValue pcrValue = new TcTpmPcrValue(); >> // 2. how to put some value at PCR 16 ?????? >> >> pcrInfo.setPcrSelection(pcrSelection); // if done in step 1 >> // 3. How to associate PCR value with pcrinfo ????? >> >> pcrInfo.getDigestAtRelease().getDigest();// It will give the required >> digest >> having set the expected value in PCR 16 >> >> Regards >> >> Mudassar. >> >> >> ---------------------------------------------------------------------------------------------- >> >> Hello, >> >> I try to do a tpm_quote. I managed to set the relevant pPCRs, the >> validation >> information and actually execute the >> quote call. >> >> My problem is now that i somehow want to check the quote. How can I do >> that >> on a PC without a TPM. As far as I understood the quote process computes >> a >> hash over the quoted PCRs and stores it in >> TcTpmQuoteInfo.getDigestValue() >> >> I have the values of each quoted PCR, but how do I manually recompute >> that >> value so I can check the quote? >> >> Thanks. >> > > |