[Trustedjava-support] Problems with loading a custom RSA key with jTSS.

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I am running the following code:

// create new signing key container
        TcIRsaKey aikKey = tpmDevice.context.createRsaKeyObject( //
                TcTssConstants.TSS_KEY_SIZE_2048 | //
                TcTssConstants.TSS_KEY_TYPE_SIGNING | //
                TcTssConstants.TSS_KEY_NOT_MIGRATABLE);

        // create a key usage policy for this key
        TcIPolicy keyUsgPolicy = tpmDevice.context.createPolicyObject(
TcTssConstants.TSS_POLICY_USAGE);
        keyUsgPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
TcBlobData.newString("theAIKsecret"));
        keyUsgPolicy.assignToObject(aikKey);

        //create a key migration policy for this key
        TcIPolicy keyMigPolicy = tpmDevice.context.createPolicyObject(
TcTssConstants.TSS_POLICY_MIGRATION);
        keyMigPolicy.setSecret(TcTssConstants.TSS_SECRET_MODE_PLAIN,
TcBlobData.newString("theAIKsecret"));
        keyMigPolicy.assignToObject(aikKey);

        aikKey.createKey(tpmDevice.srk, null);
        aikKey.loadKey(tpmDevice.srk);

which completes without any error using TrouSerS and jTSSWrapper but running
it under jTSS causes this error:

========================================================================================
iaik.tc.tss.api.exceptions.tsp.TcTspException:

TSS Error:
error layer:                0x3000 (TSP)
error code (without layer): 0x0113
error code (full):          0x3113
error message: Authorization failed.

        at iaik.tc.tss.impl.java.tsp.internal.TcTspCommon.validateRespAuth(
TcTspCommon.java:142)
        at
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspLoadKeyByBlob_Internal(
TcTspInternal.java:105)
        at iaik.tc.tss.impl.java.tsp.TcRsaKey.loadKey(TcRsaKey.java:494)
        at com.test.AttestationProcedure.clientCreateSigningKey(
AttestationProcedure.java:828)
        at com.test.AttestationProcedure.step_1(AttestationProcedure.java
:241)
        at com.test.AttestationProcedure.access$100(
AttestationProcedure.java:58)
        at com.test.AttestationProcedure$1.run(AttestationProcedure.java
:442)

========================================================================================

Is this a jTSS limitation?
Btw.. this looks like the same exact error I get when I come across when I
run "xkms_aik_create" or "aik_create" with jTSS.
Any ideas on what can be similar in the two cases and thus causing the
error?

Nektarios