[Trustedjava-support] Problems with AIK create cycle (both local and XMKS types)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello everyone,

I have been away from the OpenTC scene so it's good to be back :-)

I have recently updated my past efforts to the new jTSS 0.1 layer (not using
jTssWrapper anymore).
I believe I have installed everything right since I followed all
instructions and done it all twice to make sure.
I have generated and placed in the right locations all necessary credentials
using the TcCerts and PCA scripts (build_certs.sh).
Everything seems to be running properly except when I try to simulate an AIK
Cycle:
I have been trying to run the "aik_create" and "xkms_aik_create" options of
jTpmTools and I have problems with both.

When I run
./jtt.sh aik_create -a secret -l theAIKlabel -o theoldsecret

I get:

03:58:27:495 [INFO] AikUtil::createEKCertificate (123): created EK
certificate on-the-fly
03:58:27:584 [INFO] Client::overrideCertificates (113): overriding default
EK certificate used by TSS
03:58:28:698 [INFO] PrivacyCa::processRequest (180):    included EK
certificate size: 1065 bytes
03:58:28:703 [INFO] PrivacyCa::processRequest (181):    SubjAltName:
id:49465800,SLD9630TT1.1,id:0104
03:58:28:704 [INFO] PrivacyCa::processRequest (188):    PE: not included
03:58:28:704 [INFO] PrivacyCa::processRequest (196):    CC: not included
03:58:28:764 [INFO] AikUtil::createPECertificate (176): created PE
certificate on-the-fly
03:58:28:772 [INFO] AikUtil::createAIKCertificate (213):        created AIK
certificate on-the-fly
03:58:28:774 [INFO] PrivacyCa::processRequest (212):    AIK blob size: 1390
iaik.tc.tss.api.exceptions.tsp.TcTspException:

TSS Error:
error layer:                0x3000 (TSP)
error code (without layer): 0x0113
error code (full):          0x3113
error message: Authorization failed.

        at iaik.tc.tss.impl.java.tsp.internal.TcTspCommon.validateRespAuth(Unknown
Source)
        at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKeyByBlob_Internal(
TcTspInternal.java:105)
        at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(Unknown Source)
        at iaik.tc.apps.jtt.aik.Client.activateIdentity(Client.java:153)
        at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:322)
        at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69)
        at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:41)
        at iaik.tc.apps.JTpmTools.main(JTpmTools.java:110)

And when  I run:

./jtt.sh xkms_aik_create -a secret -l aikLabel -o theoldsecret

I get:

03:58:10:665 [INFO] AikUtil::createEKCertificate (123): created EK
certificate on-the-fly
03:58:10:673 [INFO] Client::overrideCertificates (113): overriding default
EK certificate used by TSS
sending RegisterRequest...
...result received

Validating XKMS message signature using certificate:
  CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing labs,O=Graz
University of Technology,C=AT
XKMS Result message signature is INVALID.

AIK create operation FAILED
===>http://www.w3.org/2002/03/xkms#Sender
===>http://www.w3.org/2002/03/xkms#Failure

I am almost certain that it is not a setup error but something theoretical I
am missing to see here.
Any ideas ?

Regards,

Nektarios