stackoom
  简体   繁体   中英

Connecting to Azure Iot Hub using TPM

 原文  2020-01-17 18:53:35       java/ azure-iot-hub

Question

I have successfully provisioned a device in Azure IoT using TPM authentication by following this sample and the following guide: https://docs.microsoft.com/en-us/azure/iot-dps/quick-enroll-device-tpm-java

Now that my device is provisioned I'm trying to figure out the simplest way to connect to the IoT Hub using the keys stored on the TPM chip. I've tried the following code snippet:

SecurityProviderTpm securityClientTPM = new SecurityProviderTPMHsm();
DeviceClient client  = DeviceClient.createFromSecurityProvider("myhub.azure-devices.net", "my-device", securityClientTPM, IotHubClientProtocol.HTTPS);

but this fails with:

Exception in thread "main" java.io.IOException: com.microsoft.azure.sdk.iot.provisioning.security.exceptions.SecurityProviderException: activateIdentityKey first before signing
        at com.microsoft.azure.sdk.iot.device.auth.IotHubSasTokenHardwareAuthenticationProvider.generateSasTokenSignatureFromSecurityProvider(IotHubSasTokenHardwareAuthenticationProvider.java:169)
        at com.microsoft.azure.sdk.iot.device.auth.IotHubSasTokenHardwareAuthenticationProvider.<init>(IotHubSasTokenHardwareAuthenticationProvider.java:51)
        at com.microsoft.azure.sdk.iot.device.DeviceClientConfig.<init>(DeviceClientConfig.java:192)
        at com.microsoft.azure.sdk.iot.device.InternalClient.<init>(InternalClient.java:109)
        at com.microsoft.azure.sdk.iot.device.DeviceClient.<init>(DeviceClient.java:284)
        at com.microsoft.azure.sdk.iot.device.DeviceClient.createFromSecurityProvider(DeviceClient.java:250)
        at samples.com.microsoft.azure.sdk.iot.SendEvent.main(SendEvent.java:88)
Caused by: com.microsoft.azure.sdk.iot.provisioning.security.exceptions.SecurityProviderException: activateIdentityKey first before signing
        at com.microsoft.azure.sdk.iot.provisioning.security.hsm.SecurityProviderTPMHsm.signWithIdentity(SecurityProviderTPMHsm.java:371)
        at com.microsoft.azure.sdk.iot.device.auth.IotHubSasTokenHardwareAuthenticationProvider.generateSasTokenSignatureFromSecurityProvider(IotHubSasTokenHardwareAuthenticationProvider.java:155)
        ... 6 more

Searching the SDK code shows that activateIdentityKey is only called during the provisioning process though.

Re-invoking the provisioning proceedure everytime I want to connect the client doesn't seem right. Is there a better way to connect the device to the IoT Hub once it's been provisioned?

1 answers

solution1
 0  2020-02-25 13:30:48

I was able to work around this by removing the check in the signWithIdentity function and removing the need to pass the publicArea to the signData function.

The publicArea is only used to derive the hash algorithm which can be set to a constant given that we know how the key was created.

My updated signData function looks like:

private byte[] signData(Tpm tpm, byte[] tokenData) throws SecurityProviderException {
    TPM_ALG_ID  idKeyHashAlg = TPM_ALG_ID.SHA256;
    ...

This has been working well for us so far, but it would be nice to get some feedback from the library authors :)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure IoT Hub - Downloading file from Azure blob using IoT Hub to an IoT device Shared Access Policy Creation in Azure IoT Hub using Rest API Accses to data from IoT Hub Azure with Java Connect to Azure IoT Hub with Java Paho Java Azure Function with IoT Hub trigger is not starting Azure IoT Hub and TTN (The Things Network) Java Connecting to azure event hub: SunCertPathBuilderException MQTT on Azure IOT Hub : Error initializing MQTT connection:Not authorized to connect Error while making Azure IoT Hub Device Identities in bulk How to read device-to-cloud from Azure IoT hub with android?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM