Just to come full-circle, in case it helps others: >From the PCA side I do need to create a TPM_DIGEST in the ASYM_CA_CONTENTS structure; "This SHALL be the digest of the TPM_PUBKEY of the key that is being certified by the CA". So I still do need do understand how to hash the structure.
I assume I should look at Tspi_TPM_ActivateIdentity() to see what trousers expects for this digest. On Thu, Apr 7, 2016 at 12:55 PM Tadd Seiff <[email protected]> wrote: > OK thanks. So TPM doesn't care, Trousers does, or, Trousers does it a > specific and "correct" way for interoperability. > > I'm using Trousers, so as you point out, this is done for me. I am > actually working on the code for the PCA side right now, and got a little > confused; I don't have to generate this hash from that end, I don't think, > only use it to verify the TPM_ID_PROOF payload. > > Thanks, > -Tadd > > On Thu, Apr 7, 2016 at 12:27 PM Phil Lacroute <[email protected]> > wrote: > >> Tadd, >> >> The TPM doesn’t care what values are hashed into TPM_CHOSENID_HASH, but >> if you require interoperability with a TCG-compliant privacy CA then the >> privacyCA value should be a marshaled TPM_PUBKEY structure. Part 2 2.1 >> Representation of Information describes the basic rules for marshaling and >> Part 2 10.5 TPM_PUBKEY describes this structure. >> >> An easier reference for the marshaling code is the TrouSerS source ( >> https://sourceforge.net/projects/trousers/files/trousers/). See >> src/tspi/tspi_aik.c:Tspi_TPM_CollateIdentityRequest() which shows how to >> compute the ChosenID hash. >> >> Phil >> >> > On Apr 7, 2016, at 6:11 AM, Ken Goldman <[email protected]> wrote: >> > >> > On 4/6/2016 9:32 PM, Tadd Seiff wrote: >> >> Hi all, >> >> >> >> I need help understanding the TPM_CHOSENID_HASH structure in the TPM >> >> spec, section 12.4 in the structures document for 1.2. It says: >> >> >> >> TPM_CHOSENID_HASH = SHA(identityLabel || privacyCA) >> >> >> >> 1.) What does the || notation suggest here? Concatenation? Or'ing? >> > >> > From Part 1: >> > >> > "Throughout all parts of the specification the characters x1 || x2 imply >> > the concatenation of x1 and x2." >> > >> >> 2.) The privacyCA element is actually a structure, so, what do I do >> with >> >> that? Just use the whole structure as a byte array? >> > >> > The way I read Part 3 15.1 TPM_MakeIdentity, the TPM doesn't care. The >> > actual value is between you and the privacy CA. >> > >> > I'm not an expert at this section. Let's see what others say. >> > >> > >> > >> > >> ------------------------------------------------------------------------------ >> > _______________________________________________ >> > TrouSerS-users mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/trousers-users >> >>
------------------------------------------------------------------------------
_______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
