ibmtss icon indicating copy to clipboard operation
ibmtss copied to clipboard

Published 20 hours ago verified publisher icon kgoldman

Questions about Remote Attestation, looking forward to a reply

Open sw1128 opened this issue 1 year ago • 1 comments

Hello,

I am conducting an experiment based on "AttestProv.doc" from your other repository "acs". I have read the EK certificate(sm2_ek_cert.pem) using "nvread" and generate an attestation public attestation key(sm2_ak.pub) on the client and sent them to the server. I would like to know how to complete the "The server extracts the EK public key from the EK certificate" in section 3.2 "Server Challenge", and how to load the public attestation key using "loadexternal" correctly. I have tried many times, but all have failed.

Can you help me solve these problems , thank you!

sw1128 avatar May 20 '24 09:05 sw1128

server.c has sample code for RSA and ECC but not SM2. It may be similar.

The overall flow is processEnrollRequest(). Adapt it for SM2. validateEkCertificate() uses X509_get_pubkey() to extract the EK public key from the certificate. The function also converts the EK to a TPMT_PUBLIC.

generateCredentialBlob shows how to use loadexternal.

kgoldman avatar May 20 '24 14:05 kgoldman

Thank you, I already know how to use it.

sw1128 avatar May 22 '24 06:05 sw1128