[Trustedjava-support] Bind with SunJCE RSAPublicKey-Unbind with JTSS problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Recently started testing native JTSS 0.41.  All tests pass on my
system (JDK6U15 64-bit on CentOS 5.3; TPM is an STM 1.2.4.30).

When I try to encrypt data or a symmetric key (using SunJCE) with
an RSAPublicKey (whose Bind Key was generated in the TPM) and
decrypt the ciphertext with the Bind Key in the TPM, I run into
the following exception consistently:

---------------------
iaik.tc.tss.api.exceptions.tcs.TcTpmException:

TSS Error:
error layer:                0x00 (TPM)
error code (without layer): 0x21
error code (full):          0x21
error message: The decryption process did not complete.

         at 
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
         at 
iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244)
         at 
iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638)
         at 
iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442)
         at 
iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766)
         at iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:221)
         at 
jtss.BindDataWithJCEUnbindWithTPM.main(BindDataWithJCEUnbindWithTPM.java:97)
---------------------

I presume that it should be possible to do what I'm doing; I
didn't see anything that might otherwise indicate that it was
not possible.  Here is the relevant section of the code that
I'm using; it is the unbind() method that causes the problem:

------------------------
String plaintext = "To be....or not to be; that is the question!";
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, rsabindkey);
byte[] ciphertext = cipher.doFinal(plaintext.getBytes());
TcIEncData encdataobject =
	tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND);
encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB,
	TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB,
	TcBlobData.newByteArray(ciphertext));
bindkey.loadKey(srk);
TcBlobData ptobject = encdataobject.unbind(bindkey);
------------------------

I get the same exception even if I use "NoPadding" in my
cipher's transform.

Thanks for your help.

Arshad Noor
StrongAuth, Inc.