
	Home \| IBM Research \| IBM Switzerland \| Zurich Research Laboratory

Overview

IBM Direct Anonymous Attestation Tools - TPM Test Suite 1.2.20

A test suite that verifies the Direct Anonymous Attestation (DAA) commands of the Trusted Platform Module (TPM) 1.2 specified by the Trusted Computing Group (TCG).

December 7th 2005

Download from IBM alphaWorks

Introduction

This release provides a stand-alone tool for verifying the Direct Anonymous Attestation (DAA) commands of a TPM 1.2 implementation. The tool can verify a TPM implementation in two ways:

It can verify if a TPM follows the DAA protocol. Thereby, it verifies if the involved parties of a DAA protocol (TSS of the platform, the DAA Issuer and the DAA Verifier) accept the output returned by the TPM.
The tests are conducted with different protocol parameters, such as different DAA counters, different lengths of the authentication key chain of the DAA Issuer, different base names of both DAA Issuer and DAA Verifier, and different signature input (message or generated AIK). Further, the TPM capability to save and load a context between DAA command stages is examined. Apart form the normal behavior, over 160 error cases of the DAA commands are verified by triggering its TPM error codes, such as TPM_DAA_INPUT_DATA0 or TPM_DAA_WRONG_W.
With commercial license
It can compare the input and output behavior of a TPM in compliance mode to the output that was generated by the provided TPM implementation. In other words, it verifies if the output for a given input is the same as computed by the provided TPM implementation. (The provided implementation was used to generate the DAA test vectors that were published in the TPM Working Group of the Trusted Computing Group.)

Release Contents

This release consists of:

A variety of tests implemented in Java as Junit test cases to verify the DAA commands of a TPM implementation as described above.
Java implementations of the following DAA components: TSS of Platform, DAA Issuer, DAA Verifier and TPM (with commercial license).
With commercial license
Fixed test vectors for verifying input/output behavior of the DAA commands of a TPM implementation.

Components

Test suites

For verification of the TPM implementation Junit test cases are used. These tests can be directly run from the command line with the provided Ant scripts or from within an integrated development environment such as Eclipse. The provided test cases can be modified and extended to fit ones need. For general information on Junit, refer to http://www.junit.org

TPM Simulator

With commercial license
A reference implementation of the TPM DAA commands is provided in order to verify the test suites and to compare its output to another TPM implementation when both are in compliance mode. There exist two TPM instances:

Normal (production) instance.
Compliance instance (test vector mode), uses the keys and randomization specified in document "TPM Specification - Part 4 Compliance".

The simulator, in contrary to a real implementation, allows access to its internal state and structures. This can be useful when debugging a TPM implementation. The internal computations can be compared.

TSS

The DAA scheme knows five parties: The TPM, the software part on the platform, the DAA Issuer, the DAA Verifier and DAA Anonymity Revocation Authority. The latter four parties are specified by TSS 1.2 document.

Class diagram

Simplified class diagram

The class diagram shows the previously described components such as TSS (TSSPlatform, TSSIssuer, TSSVerifier and TSSAnonymityRevocation - blue) and TPM Simulator (green). Further there are 2 TPM interfaces TPMInterface and TPMSerializedInterface with different levels of abstraction. Depending on how the interaction with the TPM to be tested is realized, one can optionally implement the TPMSerializedInterface, which is depicted by the TPMAdapter (grey) class. The classes TCGApplication and TPMSocketAdapter complement the test suite. They handle the interactions between different components.

Interacting with a TPM

Interacting with our Test suite is simple. It can either be done via socket communications or via a simple Java TPM interface (TPMSerializedInterface). The first solution is realized by listening at a configurable address/port for incoming TPM commands to which one responds. For the second solution, one implements a Java TPM interface which contains one method that receives a byte array and responds with a byte array. Authorization is handled by the test suite as well. Note, that the following TPM commands are utilized by the test suite:

TPM_ORD_DAA_JOIN
TPM_ORD_DAA_SIGN
TPM_ORD_OIAP
TPM_ORD_OSAP
TPM_ORD_OwnerReadInternalPub
TPM_ORD_MakeIdentity
TPM_ORD_LoadKey2
TPM_ORD_GetPubKey
TPM_ORD_FlushSpecific
TPM_ORD_SaveContext
TPM_ORD_LoadContext

TPM socket adapter

Using the provided TPM socket adapter, TPM commands can be sent to a configurable socket address. The command input is encoded as a byte stream. The adapter will then wait for a response and the closing of the socket.

The Java TPM interface

Alternatively one can directly interact with the test suite by implementing the following simple Java interface:

 public interface
TPMSerializedInterface { 
       public byte[]
execute(byte[] commandInput); 
 }

Executing the Test Cases

The provided Junit Test Cases can be executed using the provided Ant scripts or within an Integrated Development Environment (IDE) for Java, e.g. Eclipse. It is recommended to execute the tests within an IDE.

Executing within Eclipse

The Junit Test Cases can easily be executed within Eclipse:

Logging

Errors and various data are logged using standard Java logging mechanism, which can be configured. For each test run a log file is generated.

Requirements

At least a Java 2 Runtime Environment (JRE) version 5.0 (or JDK 1.5) is required.

Document References

Trusted Computing Group, TPM Specifications v1.2, Revision 94 (Errata 1), November 2005. To be published in 2005
Trusted Computing Group, TSS Working group, DAA functions for TSS, Revision 14, July 2005. Unpublished. TCG internal.
(The TSS DAA functions will be published as part of the TSS specification v1.2)
E. Brickell, J. Camenisch, L. Chen, Direct Anonymous Attestation, ACM CCS 2004. Submitted to TCG, August 2003.
J. Camenisch, Better Privacy for Trusted Computing Platforms, ESORICS 2004. Submitted to TCG, 2003

Client Reference

Infineon Technologies AG
"Infineon cooperated with the IBM Zurich Research Laboratory to validate the correctness of Infineon's DAA Implementation. Infineon was the first TPM supplier to use the DAA test suite developed by IBM as test environment, consisting of TPM simulator, TSS and TCG application. The intensive cooperation during the testing of Infineon's DAA implementation also effected the further optimization of IBM's DAA test environment. The result of the test phase, which was executed in only 6 weeks, is a error-free DAA implementation by Infineon."

Project Website

http://www.zurich.ibm.com/security/daa/

An evaluation version can be downloaded from IBM alphaWorks:
http://www.alphaworks.ibm.com/tech/daa

Contact

daa-implementation (at) zurich.ibm.com

© Copyright by IBM Corp. 2003, 2005. All rights reserved.

IBM is a trademark or registered trademark of IBM Corporation in the United States and/or other countries.

Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States and/or other countries.

Other company, product, and service names may be trademarks or service marks of others.

IBM HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES OR CONDITIONS, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTY OF NON-INFRINGEMENT.

IBM ZRL TCG DAA, Roger Zimmermann