[email protected] wrote on 11/26/2011 07:36:49
PM:
> Date: Fri, 11 Nov 2011 00:33:27 -0800 (PST)
> From: Sansar Choinyambuu <[email protected]>
> Subject: [TrouSerS-users] TPM_PCR_INFO_SHORT returned by
> Tspi_TPM_Quote
>
> I'm trying to understand to the?PCR_Info_short structure returned
> within TPM_QUOTE_INFO2 from?Tspi_TPM_Quote() function.
> Can somebody tell me what is the?digestAtRelease hash computed from??
>
> TPM Structures spec says:?digestAtRelease :?This SHALL be the digest
> of the PCR indices and PCR values to verify when?revealing auth data.
>
> If I quoted over PCR17, then does that mean: ?digestAtRelease = sha1
> (17(index 1 byte) + pcr_value(20bytes)) ?? But this is obviously not
> correct, cause it doesn't match with the output I get from Quote
function.
Working backward:
Part 3 Action 6.c. digestAtRelease is H1
Part 3 Action 5 Hi is the hash of a TPM_PCR_COMPOSITE
Part 2 8.2 TPM_PCR_COMPOSITE is the TPM_PCR_SELECTION + valueSize + array
of PCRs
So for PCR17, it could be (should be checked)
00 03 sizeofselect
00 00 02 bitmap for PCR17
00 00 00 14 size is 20 bytes
nn ... nn PCR17
Shameless plug:
If you test against the software TPM from sourceforge, you can step
through the TPM_Quote2 in a debugger and see exactly how the calculation
occurs.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
