Hello everyone,
I have not found an post with similar problem to mine on this mailing list.
I am trying to create distributed client/server application that will uses
TPM for a remote attestation and integrity check. Instead of Jtss wrapper
and TrouSerS C stack, I am using Jtss_0.1. So the idea is that client will
execute TPM_Quete command on the platform and the result of this operation
together with SML values will be sent to Server over Internet. On the server
site, based on the SML I am going to recalculate values of PCR in order to
check if these values match.
So fare I have managed to execute TPM_Quote and also to read value of SML
log. I have two problems at the moment. First I am not sure how the
PRCExtend is implemented. Please correct me if I am wrong, in order to
compute value of new PCR we take old concatenate it with a measured hash of
some data and then apply SHA-1 algorithm to this concatenated message.
Unfortunately it did work in my application(below is code). I have simply
tried to connect two strings(old PRC+new Hash) and calculate its hash(it
would be to easy):
TcBlobData newMeasurement = (TcBlobData.newString("foobar").sha1()) ;
TcBlobData pcrOld = tpm.pcrRead(16) ;
TcBlobData pcrNew = TcBlobData.newString((pcrOld.toHexString() +
newMeasurement.toHexString())).sha1();
The second problem which I have not solved yet is related to TPM_Quote. The
result of this operation consists of validation data (2048 bits), signed
value of chosen PRCs and External supplied data. Unfortunately I do not know
how in TPM_Quote operation the value of PCRs is calculated(if we choose e.g.
PCR[0], PCR[1] and PCR[2] their values are somehow connected and then hash
value calculated). In order to validate value of PCR sent by client, I need
to recompute it based on SML. Since I do not know how TPM_Quote creates
signed PCRs' value I am unable to check it.
Maybe somebody have had similar problem in the past, I would be glad for any
sort of advice.
Thanks a lot,
Krzysztof
|
