pat...@in... wrote:
> i know that the server has to bring the list of measures and has to
> reproduce the extend operations the client has done and compare with
> the quote result.
> i've seen that the log is an array of TcTssPcrEvent, but how is this
> structure correleted with the TcTssValidation that is the result of
> a quote operation?
> How can i compare them?
a quick rundown:
system state = set of PCR registers with specific value
PCR composite digest = one hash value, calculated from set of PCR register states(hashes)
How to calculate a PCR composite digest (=current system state) from PCR states,
see discussion on this mailing list ca. middle of July.
How to calculate single PCR register extend operation,
see ExtendPcrs.java example from JTpmTools.
|TcTssValidation quoteResult = context.getTpm().quote(aikKey, pcrSelection, validation);
pcrSelection contains the mask of PCRs to do the quote from
|... = quoteResult.getData(); // plain data
|... = quoteResult.getValidationData(); // signature
TcTpmQuoteInfo qInfo = new TcTpmQuoteInfo(....plaindata...);
TcTpmCompositeHash compHash = qInfo.getDigestValue(); // get compositeDigest hash
and compare this with you own result on the server side.
> Please, can you tell me the code i have to use to compare the log with the quote result?
There is no standard/protocol (yet) on how to get a client log + quote to the
server, you have to invent your own. Further, currently there is no helper
code for helping you in replaying/recalculating the PCR log.
HTH
--
Martin Pirker
IAIK, TU Graz
|
