1 (edited by Grizzy Kret 2021-05-03 03:13:00)

Topic: Identity attestation

Hello,
I am discovering the TPM and I am trying to implement some basic uses.
In my context, the PC hosting the TPM is a "client" discussing with a "server".
The server must be sure that the client actually the good one.
My actual way to perform this is by using an obfuscated crypto lib :
- at the very beginning of the client life, the client generates (& buries) a RSA key pair, and sends its public part to the server.
- during the client life time, when it's identity is to be proven:
    - the server sends some random data to the client
    - the client signs it using its buried private RSA key, and sends the signature to the server
    - the server verifies the signature using the public RSA key it received earlier
    ---> nothing really original...

My question is : how to do the same thing using your TPM lib ?

I read some documentation here : https://trustedcomputinggroup.org/resou … ification/
and I must admit I don't understand all the subtleties...
I download and compile your lib + examples, but I don't figure out how to proceed for my need.

Maybe it's not a good approach to reproduce what I do with my old school obfuscated crypto lib...
Then what is the proper way, for the client, to prove its own identity ?
Maybe using PCR, but I don't see how to use them...

Thanks in advance
Hadrien

Share

Re: Identity attestation

Hi Hadrien,

Have you seen our recent PR adding attestation support?
https://github.com/wolfSSL/wolfTPM/pull/161

We are also working on another example that uses TLS v1.3 between peers that should be posted in a few weeks.

If you are not familiar with it the tpm.dev website has some great discussions on this topic.

Thanks,
David Garske, wolfSSL

Share

Re: Identity attestation

Thank you David,
I will have a look on your pull...
But before that, I have another blocking point that I'll describe in another post.
(I'm afraid I have many more questions about the lib...)
Hadrien

Share