Re: [Trustedjava-support] Bind with SunJCE RSAPublicKey-Unbind with JTSS problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

The data you bind must be encrypted in a tdTPM_BOUND_DATA structure, the 
definition of which can be found in the TPM specifications.

Ronald

Arshad Noor wrote:
> Hi,
>
> Recently started testing native JTSS 0.41.  All tests pass on my
> system (JDK6U15 64-bit on CentOS 5.3; TPM is an STM 1.2.4.30).
>
> When I try to encrypt data or a symmetric key (using SunJCE) with
> an RSAPublicKey (whose Bind Key was generated in the TPM) and
> decrypt the ciphertext with the Bind Key in the TPM, I run into
> the following exception consistently:
>
> ---------------------
> iaik.tc.tss.api.exceptions.tcs.TcTpmException:
>
> TSS Error:
> error layer:                0x00 (TPM)
> error code (without layer): 0x21
> error code (full):          0x21
> error message: The decryption process did not complete.
>
>          at 
> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73)
>          at 
> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244)
>          at 
> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638)
>          at 
> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442)
>          at 
> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766)
>          at iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:221)
>          at 
> jtss.BindDataWithJCEUnbindWithTPM.main(BindDataWithJCEUnbindWithTPM.java:97)
> ---------------------
>
> I presume that it should be possible to do what I'm doing; I
> didn't see anything that might otherwise indicate that it was
> not possible.  Here is the relevant section of the code that
> I'm using; it is the unbind() method that causes the problem:
>
> ------------------------
> String plaintext = "To be....or not to be; that is the question!";
> Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
> cipher.init(Cipher.ENCRYPT_MODE, rsabindkey);
> byte[] ciphertext = cipher.doFinal(plaintext.getBytes());
> TcIEncData encdataobject =
> 	tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND);
> encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB,
> 	TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB,
> 	TcBlobData.newByteArray(ciphertext));
> bindkey.loadKey(srk);
> TcBlobData ptobject = encdataobject.unbind(bindkey);
> ------------------------
>
> I get the same exception even if I use "NoPadding" in my
> cipher's transform.
>
> Thanks for your help.
>
> Arshad Noor
> StrongAuth, Inc.
>
>   

-- 
Dipl.-Ing. Ronald Tögl          phone +43 316/873-5502
Trusted Computing Labs          fax   +43 316/873-5520
IAIK                            ron...@ia...
Graz University of Technology   http://www.iaik.tugraz.at