Re: [Trustedjava-support] TSS Authorization error (0x3113) when running "aik_create"

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Nektarios Ioannides wrote:
> As I mentioned in previous posts, I am using the TSS_WELL_KNOWN_SECRET for
> my SRK
> so there is is no reason for my SRK being the problem. (I have even tried
> altering various options
> in the source code where the SRK object is created but with no luck)

Yes, the SRK secret is currently hardwired in JTT to TSS_WELL_KNOWN_SECRET,
this should be a command line option. However, if the SRK secret is wrong the
error would come from the TPM layer during CollateIdentity (because loading
of the key fails)

> The above raise a number of questions:
> 
> Why are the LoadKey() and ActivateIdentity() key successful in the TPM
> emulator if
> I skip the TSS validation? Is this expected?
> 
> What exactly is the purpose of validateRespAuth() ? What are the
> 2 hashes that is comparing? hashes of the SRK?

These are two different things, the secret used for the key itself and
the hashing used for securing the communication with the TPM.

It is the duty of both communication endpoints, TPM and TSS to check
whether the exchange has been tampered with. If you just override
the check in the TSS, well, of course it always works.

There is still no hint why it fails for you.
TPMemu 0.5 + JTss 0.3, ok.
Java version?
32bit or 64bit Linux?
Which Linux? GCC version? ...
Maybe we can spot a difference...

HTH

-- 
Martin Pirker
IAIK, TU Graz