Re: [TrouSerS-users] Getting bad AES secret key blob from TCPA_IDENTITY_REQ

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On 8/20/06, Hon...@cs... <Hon...@cs...> wrote:
> Now assuming I am using 256-bit AES (32 byte length key), the total bytes for TCPA_SYMMETRIC_KEY, and hence decrypted `asymBlob` should be 40 bytes.
>
> So a few questions:
>
> (1) Am I getting the incorrect decrypted `asymBlob` because I have conversion problem between `unsigned char` and Java's byte. Or is it some other problem you can think of?
>
> (2) Can anyone confirm my understanding with outputs from a real TPM?  It'll be good if I can get my hands on TCPA_IDENTITY_REQ generated via a real TPM using TrouSers.

Hi, Hon - I think your understanding is correct. In fact, tihs data
structure is created by the Trousers code and not by the TPM. Probably
your problem is in how you are doing the RSA decryption. You need to
specify a padding mode, either PKCS-1 V1.5, or OAEP, depending on the
mode you told Trousers to use to encrypt to your public key (default
is OAEP I think).

For sample code to do the decryption and parsing, take a look at the
testsuite example in tcg/highlevel/tpm/Tspi_TPM_CreateIdentity.c.
Especially the call to RSA_private_decrypt and the padding parameter.

Hal