Ok. So I can use the public identy key to decrypt data in ValidationData.rgbValidationData but it will not match the current set of pcr values that are in the tpm since the signed pcr values were hashed before getting signed. This means that I need to look up the current pcr values in the tpm, do SHA-1 hash of each value and then compare that with the decrypted data in ValidationData.rgbValidationData to check if the pcr values getting signed are same as the pcr values in the tpm. Does that sound correct?
--Hardeep On Mon, Dec 7, 2009 at 10:47 PM, adrian golding <[email protected]>wrote: > hi, > > yeah, the ValidationData.rgbValidationData holds the hashed then signed pcr > values. > ValidationData.rgbExternalData holds the nonce i think. > ValidationData.rgbData is another struct that holds things such as version, > fixed bytes of "QUOT", the nonce (rgbExternalData) and the hash of your > PCR(s). note that the PCRs contained in the hash is never in plain. > > i think you can just put in some known value as the nonce and create a > quote to check if the above is correct. hope that helps! =] > > regards - adrian > > > > > On Tue, Dec 8, 2009 at 2:15 PM, Hardeep Uppal > <[email protected]>wrote: > >> Hi Adrian, >> >> Thanks for the reply. One thing I read on a forum was that the tpm will >> hash the current pcr values and then sign the hashed pcr value with a key. >> Is that true? Also which byte array holds the sign pcr values? Can you give >> me a description of what each byte array means. >> >> --Hardeep >> >> >> On Mon, Dec 7, 2009 at 10:02 PM, adrian golding >> <[email protected]>wrote: >> >>> hi, >>> >>> typedef struct tdTSS_VALIDATION >>> { >>> TSS_VERSION versionInfo; >>> UINT32 ulExternalDataLength; >>> #ifdef __midl >>> [size_is(ulExternalDataLength)] >>> #endif >>> BYTE* rgbExternalData; >>> UINT32 ulDataLength; >>> #ifdef __midl >>> [size_is(ulDataLength)] >>> #endif >>> BYTE* rgbData; >>> UINT32 ulValidationDataLength; >>> #ifdef __midl >>> [size_is(ulValidationDataLength)] >>> #endif >>> BYTE* rgbValidationData; >>> } TSS_VALIDATION; >>> >>> its in ~/src/includes/tss/tss_structs.h >>> >>> regards - adrian >>> >> >> >
------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev
_______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
