Re: [Trustedjava-support] How to use the Wrapper + IDE

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello Tiago,

Tiago Lopes wrote:
 > On 8/9/07, *Ronald T=F6gl* <ron...@ia...=20
<mailto:ron...@ia...>> wrote:
 >
 >     You will have to add the two created jars (as external jars) to yo=
ur
 >     project to compile.
 >
 >     iaik_jtss_wrapper.jar
 >     iaik_jtss_wrapper_swig.jar
 >
 >
 > Ok, now I've managed to compile and run fine. I've added these two=20
new Jar's plus iaik_jtss_tsp.jar to the referenced libraries, otherwise=20
all the top TSP interfaces wouldn't be found by eclipse (ex. TcIContext).=

Sorry, I missed that one.

 > I've having some issues: the first is that if I use the=20
=2E/take_ownership (included in the trousers tpm-tools package) and a nul=
l=20
(press enter) SRK key, I have to use on my code:
 >
 > TcBlobData TPM_SRK_SECRET =3D TcBlobData.newString("");
 > SRK_SECRET_MODE =3D TcTssConstants.TSS_SECRET_MODE_PLAIN;
 >
 > otherwise auth will fail!

This is not a bug, but a feature. :-)

With the TrouSerS tools, the SRK is given an authorisation secret, which =

is a 160-bit SHA-1 hash.
So you don't have a "null" secret for the key, but a complex 160-bit=20
value, which just happens to have an extremely simple pre-image to type i=
n.
With the TSS_SECRET_MODE_PLAIN setting in the Wrapper, the secret string =

will first be hashed and then applied to the key, thus creating the=20
identical authorisation secret.

 > The second issue is that
 > "context.getRegisteredKeysByUuidSystem (null);"
 > Returns exactly the same output as
 > "context.getRegisteredKeysByUuidUser(null);"
 >
 > and I'm registering different USER and SYSTEM keys using something=20
like this:
 >
 > context.registerKey (key,
 >                 TcTssConstants.TSS_PS_TYPE_USER,
 >                 keyUuid,
 >                 TcTssConstants.TSS_PS_TYPE_USER,
 >                 TcUuidFactory.getInstance().getUuidSRK());
 >
 > Is this the expected behavior or I'm not reading the javadoc's right?

This is unexpected behavior.

However, the wrapper just accesses the TrouSerS for this functionality.=20
The Java part provides the correct function call, passing the right=20
parameters for both different cases. Apparently, TrouSerS does not=20
implement (or is not correctly configured) two persistent storages (user =

and system).

Feel free to look at the TrouSerS C source code to find out what is=20
implemented there and what not.

Regards, Ronald

--=20
Ronald Toegl
IAIK, TU Graz