From: Arshad N. <ars...@st...> - 2009-09-09 17:48:04
|
Hi Ronald, Thanks for the pointer, but I'm afraid I'm missing the connection. I've reviewed the TCG Sec on tdTPM_BOUND_DATA and understand what the 1-pager says; but what I'm missing is how does the TcIEncData's unbind(TcIRsakey) method use it. Your examples in the JUnit source do not use the TcTpmBoundData structure, so I'm missing the link. While I understand that the bind() operation in TcIEncData probably creates the BoundData object internally and can therefore unbind it, I'm not sure how to pass the TcTpmBoundData structure to the TcIEncData object for the unbind() operation. Perhaps a few lines of code will illuminate this better. Thanks. Arshad Noor StrongAuth, Inc. Ronald Tögl wrote: > Hi, > > The data you bind must be encrypted in a tdTPM_BOUND_DATA structure, the > definition of which can be found in the TPM specifications. > > Ronald > > Arshad Noor wrote: >> Hi, >> >> Recently started testing native JTSS 0.41. All tests pass on my >> system (JDK6U15 64-bit on CentOS 5.3; TPM is an STM 1.2.4.30). >> >> When I try to encrypt data or a symmetric key (using SunJCE) with >> an RSAPublicKey (whose Bind Key was generated in the TPM) and >> decrypt the ciphertext with the Bind Key in the TPM, I run into >> the following exception consistently: >> >> --------------------- >> iaik.tc.tss.api.exceptions.tcs.TcTpmException: >> >> TSS Error: >> error layer: 0x00 (TPM) >> error code (without layer): 0x21 >> error code (full): 0x21 >> error message: The decryption process did not complete. >> >> at >> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdCommon.handleRetCode(TcTpmCmdCommon.java:73) >> >> at >> iaik.tc.tss.impl.java.tcs.pbg.TcTpmCmdStorage.TpmUnBind(TcTpmCmdStorage.java:244) >> >> at >> iaik.tc.tss.impl.java.tcs.tcsi.TcTcsi.TcsipUnBind(TcTcsi.java:1638) >> at >> iaik.tc.tss.impl.java.tsp.tcsbinding.local.TcTcsBindingLocal.TcsipUnBind(TcTcsBindingLocal.java:442) >> >> at >> iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspUnBind_Internal(TcTspInternal.java:1766) >> >> at >> iaik.tc.tss.impl.java.tsp.TcEncData.unbind(TcEncData.java:221) >> at >> jtss.BindDataWithJCEUnbindWithTPM.main(BindDataWithJCEUnbindWithTPM.java:97) >> >> --------------------- >> >> I presume that it should be possible to do what I'm doing; I >> didn't see anything that might otherwise indicate that it was >> not possible. Here is the relevant section of the code that >> I'm using; it is the unbind() method that causes the problem: >> >> ------------------------ >> String plaintext = "To be....or not to be; that is the question!"; >> Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); >> cipher.init(Cipher.ENCRYPT_MODE, rsabindkey); >> byte[] ciphertext = cipher.doFinal(plaintext.getBytes()); >> TcIEncData encdataobject = >> tpmctx.createEncDataObject(TcTssConstants.TSS_ENCDATA_BIND); >> encdataobject.setAttribData(TcTssConstants.TSS_TSPATTRIB_ENCDATA_BLOB, >> TcTssConstants.TSS_TSPATTRIB_ENCDATABLOB_BLOB, >> TcBlobData.newByteArray(ciphertext)); >> bindkey.loadKey(srk); >> TcBlobData ptobject = encdataobject.unbind(bindkey); >> ------------------------ >> >> I get the same exception even if I use "NoPadding" in my >> cipher's transform. >> >> Thanks for your help. >> >> Arshad Noor >> StrongAuth, Inc. >> >> > > |