[Trustedjava-support] TSS Authorization error (0x3113) when running "aik_create"

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

 Hello,

>Yes, the SRK secret is currently hardwired in JTT to TSS_WELL_KNOWN_SECRET,
>this should be a command line option. However, if the SRK secret is wrong
the
>error would come from the TPM layer during CollateIdentity (because loading
>of the key fails)

Yes this is true. In fact, in some attempts I specified my own SRK secret
and intentionally
gave it wrong to jtt during "aik_create" and CollateIdentity complained
before ActivateIdentity
as expected.

>> What exactly is the purpose of validateRespAuth() ? What are the
>> 2 hashes that is comparing? hashes of the SRK?
>
>These are two different things, the secret used for the key itself and
>the hashing used for securing the communication with the TPM.

Hm.. from what I understand, validateRespAuth() compares two hash values
in the end. I have been printing the Hex strings of these two out and I can
see
the two hashes do not match, hence the exception given.

So what values affect the outcome of these two hashes? Can you give me more
details
on how the validateRespAuth works? (i.e what affects the two compared values

outAuthValues and resAuthDataExpected etc...). If  I'm not mistaken,
resAuthDataExpected is the re-calculated hash and outAuthValues is what is
collected
from the TPM ???

>It is the duty of both communication endpoints, TPM and TSS to check
> whether the exchange has been tampered with. If you just override
> the check in the TSS, well, of course it always works.
>Exactly.
>One way to debug this problem is to add debut statements to the
>TcTspInternal.TspLoadKeyByBlob_Internal method. You could do hexdumps of
the
>data being sent to the TPM and received from the TPM and compare this data
to
>the TPM spec.

OK I will try that as well.

>There is still no hint why it fails for you.
>TPMemu 0.5 + JTss 0.3, ok.
>Java version?
>32bit or 64bit Linux?
>Which Linux? GCC version? ...
>Maybe we can spot a difference...

My configuration is this:

* Tpm-emulator 0.5
* jTSS_0.1
* Java version:
    java version "1.6.0"
    Java(TM) SE Runtime Environment (build 1.6.0-b105)
    Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)
* 32-bit Fedora Core 6 Linux, Kernel 2.6.18-1.2798.fc6.i586
* GCC version: 4.1.2-13

If there are any other relevant info let me know and I will look it up.