trustedjava-support

[Trustedjava-support] How to extract modulus of public key to verify a tpm.quote()

[Tiago L. <tia...@gm...>]

Hello,

I'm using jTSS 0.2 and i'm experimenting the tpm.quote() method using an a
normal singing key (TSS_KEY_TYPE_SIGNING) to quote instead of a AIK, just to
experiment the basic principles.
First problem: exporting the public key modulus of this key type to a remote
verifier. I want to avoid the jTSS on the remote end, and just use plain
java. I'm guessing to do that i need to invoke:

//----------------------------------------------------------------------------------
byte[]  key_modulus =
key.getAttribData(TcTssConstants.TSS_TSPATTRIB_RSAKEY_INFO,

TcTssConstants.TSS_TSPATTRIB_KEYINFO_RSA_MODULUS).serializeToByteArray()
TcTssValidation quoteResult = tpm.quote(key, pcrComp, nonce);
byte[]  data = quoteResult.getData().serializeToByteArray();
             // I think this returns the data blob that was quoted
byte[]  signature = quoteResult.getValidationData().serializeToByteArray();
// I think this is the signature of that data using the created key
//----------------------------------------------------------------------------------

... to get the key modulus and then serialize it to the quote verifier end.
The verifier then creates a public RSA key with this modulus:

//----------------------------------------------------------------------------------
RSAPublicKeySpec pubEkSpec = new RSAPublicKeySpec(
                new BigInteger(key_modulus),
                new BigInteger("65537"));
RSAPublicKey pubKey = (RSAPublicKey)
KeyFactory.getInstance("RSA").generatePublic(pubEkSpec);
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(pubKey);
sig.update(data, 0, data.length);
sig.verify(signature);
//----------------------------------------------------------------------------------
Is this correct? I think not, because the key modulus returns only 256
bytes, and the above code fails the signature check.


Second problem: I think there is a bug trying to get the key exponent using
jTSS:
invoking this code causes a SW fault:
//----------------------------------------------------------------------------------
key.getAttribData(
                    TcTssConstants.TSS_TSPATTRIB_RSAKEY_INFO,
                    TcTssConstants.TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT)
//----------------------------------------------------------------------------------
iaik.tc.tss.api.exceptions.tsp.TcTspException:
TSS Error:
error layer:                0x3000 (TSP)
error code (without layer): 0x04
error code (full):          0x3004
error message: An internal SW error has been detected.
additional info: Getter method did throw unknown exception (not a
TcTssException).
null
at iaik.tc.tss.impl.java.tsp.TcAttributes.getAttribData(Unknown Source)
(...)

Is this a bug or i'm not understanding the docs?

Tiago Lopes

Re: [Trustedjava-support] How to extract modulus of public key to verify a tpm.quote()

[Ronald T. <ron...@ia...>]

Hello Taigo,

Tiago Lopes wrote:

As Nauman pointed out (Thank you!) this functionality is already 
implemented in jTSS.

> Is this a bug or i'm not understanding the docs?
Regarding the exception at reading the exponent: I don't know. The 
corresponding jTSS code seems to be ok.
Runtime tests are needed to analyse the issue. But your source example 
is incomplete, so I cannot reprodce the original code/bug with it.

> Tiago Lopes
Ronald

-- 
Dipl.-Ing. Ronald Tögl          phone +43 316/873-5502
Trusted Computing Labs          fax   +43 316/873-5520
IAIK                            ron...@ia...
Graz University of Technology   http://www.iaik.tugraz.at