Re: [Trustedjava-support] Sign with TPM Key-Verify with SunJCE problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Thanks for the pointer, Ronald; that was the answer.  I can't
believe I forgot that fundamental mistake. :-)

Arshad Noor
StrongAuth, Inc.

Ronald Tögl wrote:
> Hi,
> 
> While in general, for some complex cryptographic operations, the TCG 
> specifications might require algorithms which are not supported by all 
> of Sun's crypto providers, I do not think that this is the case here.
> jTSS uses "SHA-1" in exactly the same way as you do. I tend to believe 
> that no incompatibilities between Sun and IAIK JCE implementations are 
> likely at such a basic level.
> 
> Rather check the string encodings of the text first. jTSS will, in 
> accordance with the TSS specifications, use "UTF-16LE" by default.
> Please try text.getBytes(stringEncoding) and make sure that actually 
> identical _byte_ arrays are hashed.
> 
> Hoping to help,
> Ronald
> 
> 
> Arshad Noor wrote:
>> Hi,
>>
>> I'm having another problem related to SunJCE-JTSS interoperability;
>> I'm beginning to suspect I'm doing something wrong and hope someone
>> on the list can point me in the correct direction.
>>
>> I've generated a non-migratable signing key and used it to sign some
>> text.  Upon using the JCE Signature object to verify the signature,
>> the verification always fails.  Looking through the TestHash.java
>> source, I realized that it does not use the JCE for verification.
>>
>> I later ran a simple hash comparison and found that I'm getting
>> different values for the same text.  That explains why the signature
>> never verifies with SunJCE; but why are the hashes different?  Am I
>> missing something?
>>
>> Thanks for any pointers.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>> Same configuration as for the bind-unbind problem from this morning:
>>
>> JDK: 6 U15 - 64-bit
>> OS: CentOS 5.3 (Kernel 2.6.18-128.7.1.el5)
>> JTSS: 0.41
>> TPM: STM 1.2.4.30
>>
>> Sample test code:
>> ------------------
>> String text = "The quick brown fox jumps over the lazy dog.";
>> TcBlobData tbs = TcBlobData.newString(text);
>> TcIHash sha1hash =
>>     tpmctx.createHashObject(TcTssConstants.TSS_HASH_SHA1);
>> sha1hash.updateHashValue(tbs);
>> System.out.println("Hash from TPM is: " + new
>>     String(Base64.encode(sha1hash.getHashValue().asByteArray())));
>> MessageDigest md = MessageDigest.getInstance("SHA1");
>> System.out.println("Hash from JCE is: " + new
>>     String(Base64.encode(md.digest(text.getBytes()))));
>> ------------------
>>
> 