[Trustedjava-support] Problem with CertifyKey on a TPM Emulator

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm having some problems using the Java TSS and the CertifyKey 
operation.  I'm not entirely sure where the problem lies (it may be with 
the JTSS or TPM Emulator) but I hoping you can help me to narrow it down.

I'm creating a key bound to certain PCR values.  My code (largely copied 
from the examples) is included at the end.  This works very well on a 
Infineon 1.2 TPM on a HP nc6320 laptop.  However, when using the exact 
same code with a tpm emulator, running on a vmware linux image on an 
iMac, it fails with a null pointer.

The error is normally about line 3252 in 
TcTspInternal.TspCertifyKey_Internal:

...
TcBlobData[] blob1Hout = { // 1H
  blobUINT32(resultCode), // 1S
  blobUINT32(ordinal), // 2S
  certifyInfoBlob, // 3S
  blobUINT32(outData.getLengthAsLong()), // 4S
  outData }; // 5S
...

Having debugged the code for a while and comparing with the working 
version, I've found the problem to be that the outData object is null.  
This seems to be because of the following lines:

TcTpmCmdCrypto.TpmCertifyKey(TcIStreamDest, long, long, TcTpmNonce, 
TcTcsAuth, TcTcsAuth) line: 422   
...
long outDataSize = outBlob.decodeUINT32();
TcBlobData outData = outBlob.decodeBytes(outDataSize);
...

In the above method the return from decodeUINT32() is an extremely large 
number, and so decodeBytes fails.  This isn't a problem with the laptop, 
where the return is always 256.  Going deeper, this seems to be a 
problem with:

TcBasicTypeDecoder.decodeUINT32() line 111:
...
short[] elements = blob_.getRangeAsShortArray(offset_, len);
...

Which is using the wrong offset.  On the laptop, where this works, the 
offset is always 134 and the elements returned tend to be [0, 0, 1, 0].  
This makes the decoding behave as expected.  Using the TPM Emulator on 
the Mac, the offset is 149, which returns an array filled with much 
larger elements.  The rest of the decodeUINT32 method then obviously 
calculates the wrong value.  Interestingly, the outData blob data 
lengths are also slightly different.

If you have any suggestions as to how this problem could be solved, that 
would be greatly appreciated.  Is this more likely to be a problem with 
the TPM emulator?

Many thanks,

John

My code:
----------------------------

// create a key
TcIRsaKey key1 = getContext().createRsaKeyObject(
       TcTssConstants.TSS_KEY_TYPE_LEGACY);

key1.setAttribUint32(TcTssConstants.TSS_TSPATTRIB_KEY_INFO,
       TcTssConstants.TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
       TcTssConstants.TSS_ES_RSAESPKCSV15);

// assign key usage policies
keyUsgPolicy.assignToObject(key1);
keyMigPolicy.assignToObject(key1);

// create a PcrComposite, connecting with all the PCR values.
TcIPcrComposite pcrComp = getContext().createPcrCompositeObject(0);
for (int pcr : pcrs) {
   pcrComp.setPcrValue(pcr, getContext().getTpmObject().pcrRead(pcr));
}

key1.createKey(srk, pcrComp);

key1.loadKey(srk);

TcTssValidation validation = key1.certifyKey(aik, null);

---------------------------