Hi,
This functionality is available in jTSS. Here's the code:
TcIRsaKey pubAik = Key;
TcBlobData pubAikBlob = pubAik.getAttribData(
TcTssConstants.TSS_TSPATTRIB_KEY_BLOB,
TcTssConstants.TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY);
TcTpmPubkey pubAikStruct = new TcTpmPubkey(pubAikBlob);
RSAPublicKey rsaPub = TcCrypto.pubTpmKeyToJava(pubAikStruct);
After that, you can simply perform signature validation using the RSA key as
usual.
Message: 1
> Date: Thu, 10 Apr 2008 17:08:14 +0100
> From: "Tiago Lopes" <tia...@gm...>
> Subject: [Trustedjava-support] How to extract modulus of public key to
> verify a tpm.quote()
> To: tru...@li..., " Ronald T?gl "
> <ron...@ia...>
> Message-ID:
> <564...@ma...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
> I'm using jTSS 0.2 and i'm experimenting the tpm.quote() method using an a
> normal singing key (TSS_KEY_TYPE_SIGNING) to quote instead of a AIK, just
> to
> experiment the basic principles.
> First problem: exporting the public key modulus of this key type to a
> remote
> verifier. I want to avoid the jTSS on the remote end, and just use plain
> java. I'm guessing to do that i need to invoke:
>
>
> //----------------------------------------------------------------------------------
> byte[] key_modulus =
> key.getAttribData(TcTssConstants.TSS_TSPATTRIB_RSAKEY_INFO,
>
> TcTssConstants.TSS_TSPATTRIB_KEYINFO_RSA_MODULUS).serializeToByteArray()
> TcTssValidation quoteResult = tpm.quote(key, pcrComp, nonce);
> byte[] data = quoteResult.getData().serializeToByteArray();
> // I think this returns the data blob that was quoted
> byte[] signature =
> quoteResult.getValidationData().serializeToByteArray();
> // I think this is the signature of that data using the created key
>
> //----------------------------------------------------------------------------------
>
> ... to get the key modulus and then serialize it to the quote verifier
> end.
> The verifier then creates a public RSA key with this modulus:
>
>
> //----------------------------------------------------------------------------------
> RSAPublicKeySpec pubEkSpec = new RSAPublicKeySpec(
> new BigInteger(key_modulus),
> new BigInteger("65537"));
> RSAPublicKey pubKey = (RSAPublicKey)
> KeyFactory.getInstance("RSA").generatePublic(pubEkSpec);
> Signature sig = Signature.getInstance("SHA1withRSA");
> sig.initVerify(pubKey);
> sig.update(data, 0, data.length);
> sig.verify(signature);
>
> //----------------------------------------------------------------------------------
> Is this correct? I think not, because the key modulus returns only 256
> bytes, and the above code fails the signature check.
>
>
> Second problem: I think there is a bug trying to get the key exponent
> using
> jTSS:
> invoking this code causes a SW fault:
>
> //----------------------------------------------------------------------------------
> key.getAttribData(
> TcTssConstants.TSS_TSPATTRIB_RSAKEY_INFO,
> TcTssConstants.TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT)
>
> //----------------------------------------------------------------------------------
> iaik.tc.tss.api.exceptions.tsp.TcTspException:
> TSS Error:
> error layer: 0x3000 (TSP)
> error code (without layer): 0x04
> error code (full): 0x3004
> error message: An internal SW error has been detected.
> additional info: Getter method did throw unknown exception (not a
> TcTssException).
> null
> at iaik.tc.tss.impl.java.tsp.TcAttributes.getAttribData(Unknown Source)
> (...)
>
> Is this a bug or i'm not understanding the docs?
>
> Tiago Lopes
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
>
> ------------------------------
>
> _______________________________________________
> Trustedjava-support mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedjava-support
>
>
> End of Trustedjava-support Digest, Vol 21, Issue 4
> **************************************************
>
--
Nauman
Security Engineering Research Group,
Institute of Management Sciences,
Peshawar, Pakistan.
Blog: http://recluze.wordpress.com
Group: http://serg.imsciences.edu.pk
Art gallery: http://recluse.gfxartist.com
Cell: 0321 90 66 275
|
