[Trustedjava-support] Problems with AIK create cycle (both local and XMKS types) [2]

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello again,

So the situation so far is as follows:

Becoming desperate I resorted to extreme measures like reverting back to
Java 1.5 JDK , updating my Linux kernel to 2.6.22.2-42,
re-installed everything (from emulator to TrouSerS etc etc) from scratch....

In the mean time, back to the TC scene...
* I have managed to create and validate correctly an "ek.cert" file and I am
using that with my AIK creation "attempts". (Many thanks to Martin ;-) )

* None of the AIK creation sub-commands work neither with jTSS nor TrouSerS.
However I do get different errors in each case:
==========
jTSS case
==========
xkms_aik_create -a theAIKsecret -l aikLabel -o theBIGsecret --ekfile
/root/workspace/certificates/ek.cert

gives

12:34:24:847 [INFO] Client::overrideCertificates (123):    overriding
default EK certificate used by TSS
sending RegisterRequest...
...result received

Validating XKMS message signature using certificate:
  CN=IAIK OpenTC XKMS Test Responder,OU=IAIK trusted computing labs,O=Graz
University of Technology,C=AT
XKMS Result message signature is VALID.

iaik.tc.tss.api.exceptions.tsp.TcTspException:

TSS Error:
error layer:                0x3000 (TSP)
error code (without layer): 0x0113
error code (full):          0x3113
error message: Authorization failed.

        at iaik.tc.tss.impl.java.tsp.internal.TcTspCommon.validateRespAuth(
TcTspCommon.java:144)
12:34:26:883 [ERROR] AikCreate::execute (360):    client: ActivateIdentity
failed
        at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKeyByBlob_Internal(
TcTspInternal.java:105)
        at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(TcRsaKey.java:494)
        at iaik.tc.apps.jtt.aik.Client.activateIdentity(Client.java:171)
        at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:356)
        at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:80)
        at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:52)
        at iaik.tc.apps.JTpmTools.main(JTpmTools.java:113)
        at com.test.CommandTool.main(CommandTool.java:31)

I have also print the two hashes that don't match in validateRespAuth():

outAuthValues hash:  06 9b 61 c5 21 2a ac 5a 02 fd 1f 11 1d f6 5e 04
 0b 97 da 60
resAuthDataExpected hash:  b6 99 29 09 ad 9f 82 1c 6c b7 d7 7f 2b 00 5b 9e
 fd 88 82 93

Does anyone know what these two are? Where do the derive from?

==============
TrouSerS case
==============

xkms_aik_create -a theAIKsecret -l aikLabel -o theBIGsecret --noek
(I have specified the "ek.cert" file in tcsd.conf of TrouSerS so I am using
the --noek option here.)

this gives:

iaik.tc.tss.api.exceptions.tcs.TcTpmException:

TSS Error:
error layer:                0x00 (TPM)
error code (without layer): 0x22
error code (full):          0x22
error message: An invalid handle was used.

        at iaik.tc.tss.impl.jni.tsp.TcBaseObject.handleRetCode(
TcBaseObject.java:104)
        at iaik.tc.tss.impl.jni.tsp.TcTpm.collateIdentityRequest(TcTpm.java
:1071)
        at iaik.tc.apps.jtt.aik.Client.collateIdentityReq(Client.java:110)
        at iaik.tc.apps.jtt.aik.AikCreate.execute(AikCreate.java:335)
        at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:80)
        at iaik.tc.utils.cmdline.SubCommandParser.parse(
SubCommandParser.java:52)
        at iaik.tc.apps.JTpmTools.main(JTpmTools.java:113)
        at com.test.CommandTool.main(CommandTool.java:31)
12:50:20:862 [ERROR] AikCreate::execute (339):    client:
CollateIdentityRequest failed

Any comments?

Regards,

Nektarios